From c7ba41797dccfddce2b92f2aab52d8835015ddf8 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 Jul 2020 16:25:45 -0700 Subject: [PATCH 001/210] Updates per TASK 4260123 --- .../customize-controlled-folders.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md index 6a0da83f4f..0b34ad2183 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md @@ -37,7 +37,7 @@ This topic describes how to customize the following settings of the controlled f ## Protect additional folders -Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, Movies, and Desktop. +Controlled folder access applies to a number of system folders and default locations, including folders such as Documents, Pictures, and Movies. You can add additional folders to be protected, but you cannot remove the default folders in the default list. @@ -51,11 +51,15 @@ You can use the Windows Security app or Group Policy to add and remove additiona 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**: +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then scroll down to the **Ransomware protection** section. -3. Under the **Controlled folder access** section, click **Protected folders** +3. Click the **Manage ransomware protection** link to open the **Ransomware protection** pane. -4. Click **Add a protected folder** and follow the prompts to add apps. +4. Under the **Controlled folder access** section, click the **Protected folders** link. + +5. Click **Yes** on the **User Access Control** prompt. The **Protected folders** pane displays. + +4. Click **Add a protected folder** and follow the prompts to add folders. ### Use Group Policy to protect additional folders From 13fea9536330b5cdbdcd80b279a494b920059c7f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 9 Jul 2020 16:19:19 -0700 Subject: [PATCH 002/210] Added a section for default protected folders --- .../controlled-folders.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 6efcb63fd5..91950a7343 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -82,6 +82,34 @@ Event ID | Description 1124 | Audited controlled folder access event 1123 | Blocked controlled folder access event +## Default folders protected by controlled folder access +Windows system folders are protected by default. In addition, there are several folders that are protected by controlled folder access by default. You can configure additional folders as protected, but cannot remove the default folders from the controlled folder access protection. See [Protect additional folders](customize-controlled-folders.md#protect-additional-folders) for more information. + +Here's the list of default protected folders: +- %USERPROFILE%\Documents +- %USERPROFILE%\Favorites +- %USERPROFILE%\Music +- %USERPROFILE%\Pictures +- %USERPROFILE%\Videos +- %PUBLIC%\Documents +- %PUBLIC%\Music +- %PUBLIC%\Pictures +- %PUBLIC%\Videos + +You can use the Windows Security app to display the list of default folders protected by controlled folder access: + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. + +2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then scroll down to the **Ransomware protection** section. + +3. Click the **Manage ransomware protection** link to open the **Ransomware protection** pane. + +4. Under the **Controlled folder access** section, click the **Protected folders** link. + +5. Click **Yes** on the **User Access Control** prompt. + + The **Protected folders** pane displays the folders that are protected by default. + ## In this section Topic | Description From 0ee539afc1f57886181f6cfd08907396cefdb164 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 10 Jul 2020 08:42:36 -0700 Subject: [PATCH 003/210] minor update --- .../microsoft-defender-atp/controlled-folders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 91950a7343..9fd138309e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -96,7 +96,7 @@ Here's the list of default protected folders: - %PUBLIC%\Pictures - %PUBLIC%\Videos -You can use the Windows Security app to display the list of default folders protected by controlled folder access: +You can use the Windows Security app to view the list of default folders protected by controlled folder access: 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. From 08ac68cecac9780d19b7268366b720b65ef6b859 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 27 Aug 2020 11:27:27 -0700 Subject: [PATCH 004/210] Update indicator-ip-domain.md adding note about CIDR --- .../microsoft-defender-atp/indicator-ip-domain.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 90e188b28e..3b0bfb0cab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -33,6 +33,9 @@ The threat intelligence data set for this has been managed by Microsoft. By creating indicators for IPs and URLs or domains, you can now allow or block IPs, URLs, or domains based on your own threat intelligence. You can do this through the settings page or by machine groups if you deem certain groups to be more or less at risk than others. +> [!NOTE] +> Classless Inter-Domain Routing (CIDR) notation for IP addresses is not supported. + ### Before you begin It's important to understand the following prerequisites prior to creating indicators for IPS, URLs, or domains: - URL/IP allow and block relies on the Microsoft Defender ATP component Network Protection to be enabled in block mode. For more information on Network Protection and configuration instructions, see [Enable network protection](enable-network-protection.md). @@ -72,4 +75,4 @@ It's important to understand the following prerequisites prior to creating indic - [Create indicators](manage-indicators.md) - [Create indicators for files](indicator-file.md) - [Create indicators based on certificates](indicator-certificates.md) -- [Manage indicators](indicator-manage.md) \ No newline at end of file +- [Manage indicators](indicator-manage.md) From bc81ed8bd926c5b37735cb44d16afff15b38887a Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 15 Oct 2020 22:13:19 +0500 Subject: [PATCH 005/210] Note addition As suggested by the user, I have added a note for the user to route to a relevant information page. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8264 --- .../microsoft-defender-atp/mac-install-with-jamf.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index b02fdd72d5..543ff95c79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -30,6 +30,9 @@ ms.topic: conceptual Learn how to deploy Microsoft Defender ATP for macOS with Jamf Pro. +> [!NOTE] +> If you are using macOS Catalina (10.15.4) and newer versions of macOS see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies). + This is a multi step process. You'll need to complete all of the following steps: - [Login to the Jamf Portal](mac-install-jamfpro-login.md) From 7044abeed904b35d670678a53ad9eb086de01118 Mon Sep 17 00:00:00 2001 From: Thomas Garrity <31856350+poortom1004@users.noreply.github.com> Date: Thu, 15 Oct 2020 13:56:19 -0500 Subject: [PATCH 006/210] Case sensitivity, re-ordering and other small corrections -Normalized the casing from BuiltIn Local to Builtin Local for group types -Corrected some other group types -Corrected typo for references of Group Policy Creators Owners to Group Policy Creator Owners -Re-ordered the Read-Only Domain Controllers group to be higher in the list to be correctly alphabetized so that it matches the order in the first table -Corrected Guests group membership details -Added missing SID info on a few groups -Changed group types from Domain Global to Global -Replaced "No" with "None" for default membership to be consistent with other groups -RDS Endpoint Servers had an incorrect reference to the domain SID -Users group incorrectly said it's a member of Domain users via primary group membership. This is incorrect because groups do not have primary groups, only users have primary groups. --- .../active-directory-security-groups.md | 235 +++++++++--------- 1 file changed, 117 insertions(+), 118 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 61198672fc..6522607d9d 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -576,7 +576,7 @@ This security group has not changed since Windows Server 2008.

Type

-

BuiltIn Local

+

Builtin Local

Default container

@@ -645,7 +645,7 @@ This security group has not changed since Windows Server 2008.

Type

-

BuiltIn Local

+

Builtin Local

Default container

@@ -717,7 +717,7 @@ This security group includes the following changes since Windows Server 2008:

Type

-

BuiltIn Local

+

Builtin Local

Default container

@@ -865,7 +865,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -987,7 +987,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-517

+

S-1-5-21-<domain>-517

Type

@@ -1113,7 +1113,7 @@ This security group was introduced in Windows Vista Service Pack 1, and it h

Type

-

Builtin local

+

Builtin Local

Default container

@@ -1241,7 +1241,7 @@ The Device Owners group applies to versions of the Windows Server operating syst

Type

-

BuiltIn Local

+

Builtin Local

Default container

@@ -1430,7 +1430,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Domain local

+

Builtin Local

Default container

@@ -1493,7 +1493,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Domain Global

+

Global

Default container

@@ -1552,7 +1552,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-515

+

S-1-5-21-<domain>-515

Type

@@ -1613,7 +1613,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-516

+

S-1-5-21-<domain>-516

Type

@@ -1674,7 +1674,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-514

+

S-1-5-21-<domain>-514

Type

@@ -1737,11 +1737,11 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-513

+

S-1-5-21-<domain>-513

Type

-

Domain Global

+

Global

Default container

@@ -1950,7 +1950,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Domain local

Default container

@@ -1985,13 +1985,13 @@ This security group has not changed since Windows Server 2008. -### Group Policy Creators Owners +### Group Policy Creator Owners This group is authorized to create, edit, or delete Group Policy Objects in the domain. By default, the only member of the group is Administrator. For information about other features you can use with this security group, see [Group Policy Overview](https://technet.microsoft.com/library/hh831791.aspx). -The Group Policy Creators Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). +The Group Policy Creator Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). This security group has not changed since Windows Server 2008. @@ -2009,7 +2009,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-520

+

S-1-5-21-<domain>-520

Type

@@ -2093,12 +2093,11 @@ This security group has not changed since Windows Server 2008.

Default members

-

Guest

+

Domain Guests

Guest

Default member of

-

Domain Guests

-

Guest

+

None

Protected by ADMINSDHOLDER?

@@ -2150,7 +2149,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2162,7 +2161,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Default member of

-

No

+

None

Protected by ADMINSDHOLDER?

@@ -2211,7 +2210,7 @@ This security group has not changed since Windows Server 2008.

Type

-

BuiltIn Local

+

Builtin Local

Default container

@@ -2286,7 +2285,7 @@ This security group has not changed since Windows Server 2008.

Type

-

BuiltIn local

+

Builtin Local

Default container

@@ -2389,7 +2388,7 @@ This security group has not changed since Windows Server 2008.

Type

-

BuiltIn local

+

Builtin Local

Default container

@@ -2470,7 +2469,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2551,7 +2550,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2615,7 +2614,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2679,7 +2678,7 @@ This security group has not changed since Windows Server 2008. However, in Windo

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2758,7 +2757,7 @@ The following table specifies the properties of the Protected Users group.

Type

-

Domain Global

+

Global

Default container

@@ -2819,7 +2818,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Domain local

+

Builtin Local

Default container

@@ -2876,11 +2875,11 @@ This security group was introduced in Windows Server 2012, and it has not chang

Well-Known SID/RID

-

S-1-5-32-<domain>-576

+

S-1-5-32-576

Type

-

Builtin local

+

Builtin Local

Default container

@@ -2939,7 +2938,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3000,7 +2999,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3035,6 +3034,78 @@ This security group was introduced in Windows Server 2012, and it has not chang +### Read-Only Domain Controllers + +This group is comprised of the Read-only domain controllers in the domain. A Read-only domain controller makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role. + +Because administration of a Read-only domain controller can be delegated to a domain user or security group, an Read-only domain controller is well suited for a site that should not have a user who is a member of the Domain Admins group. A Read-only domain controller encompasses the following functionality: + +- Read-only AD DS database + +- Unidirectional replication + +- Credential caching + +- Administrator role separation + +- Read-only Domain Name System (DNS) + +For information about deploying a Read-only domain controller, see [Understanding Planning and Deployment for Read-Only Domain Controllers](https://technet.microsoft.com/library/cc754719(v=ws.10).aspx). + +This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AttributeValue

Well-Known SID/RID

S-1-5-21-<domain>-521

Type

Global

Default container

CN=Users, DC=<domain>, DC=

Default members

None

Default member of

Denied RODC Password Replication Group

Protected by ADMINSDHOLDER?

Yes

Safe to move out of default container?

Yes

Safe to delegate management of this group to non-Service admins?

Default User Rights

See Denied RODC Password Replication Group

+ + ### Remote Desktop Users The Remote Desktop Users group on an RD Session Host server is used to grant users and groups permissions to remotely connect to an RD Session Host server. This group cannot be renamed, deleted, or moved. It appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). @@ -3094,78 +3165,6 @@ This security group has not changed since Windows Server 2008. - - -### Read-Only Domain Controllers - -This group is comprised of the Read-only domain controllers in the domain. A Read-only domain controller makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role. - -Because administration of a Read-only domain controller can be delegated to a domain user or security group, an Read-only domain controller is well suited for a site that should not have a user who is a member of the Domain Admins group. A Read-only domain controller encompasses the following functionality: - -- Read-only AD DS database - -- Unidirectional replication - -- Credential caching - -- Administrator role separation - -- Read-only Domain Name System (DNS) - -For information about deploying a Read-only domain controller, see [Understanding Planning and Deployment for Read-Only Domain Controllers](https://technet.microsoft.com/library/cc754719(v=ws.10).aspx). - -This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-21-<domain>-521

Type

Default container

CN=Users, DC=<domain>, DC=

Default members

None

Default member of

Denied RODC Password Replication Group

Protected by ADMINSDHOLDER?

Yes

Safe to move out of default container?

Yes

Safe to delegate management of this group to non-Service admins?

Default User Rights

See Denied RODC Password Replication Group

@@ -3197,7 +3196,7 @@ This security group was introduced in Windows Server 2012, and it has not chang

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3264,7 +3263,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3327,7 +3326,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<root domain>-518

+

S-1-5-21-<root domain>-518

Type

@@ -3394,7 +3393,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3442,7 +3441,7 @@ The Storage Replica Administrators group applies to versions of the Windows Serv | Attribute | Value | |-----------|-------| | Well-Known SID/RID | S-1-5-32-582 | -| Type | BuiltIn Local | +| Type | Builtin Local | | Default container | CN=BuiltIn, DC=<domain>, DC= | | Default members | None | | Default member of | None | @@ -3463,7 +3462,7 @@ The System Managed Accounts group applies to versions of the Windows Server oper | Attribute | Value | |-----------|-------| | Well-Known SID/RID | S-1-5-32-581 | -| Type | BuiltIn Local | +| Type | Builtin Local | | Default container | CN=BuiltIn, DC=<domain>, DC= | | Default members | Users | | Default member of | None | @@ -3507,7 +3506,7 @@ This security group only applies to Windows Server 2003 and Windows Server 200

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3574,7 +3573,7 @@ This security group includes the following changes since Windows Server 2008:

Type

-

Builtin local

+

Builtin Local

Default container

@@ -3588,7 +3587,7 @@ This security group includes the following changes since Windows Server 2008:

Default member of

-

Domain Users (this membership is due to the fact that the Primary Group ID of all user accounts is Domain Users.)

+

None

Protected by ADMINSDHOLDER?

@@ -3641,7 +3640,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Builtin local

+

Builtin Local

Default container

From 98e827f73c24da46e172350d420c28db74ec80ad Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 16 Oct 2020 11:33:20 +0500 Subject: [PATCH 007/210] Update windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-install-with-jamf.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 543ff95c79..da3ebf8271 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -31,7 +31,7 @@ ms.topic: conceptual Learn how to deploy Microsoft Defender ATP for macOS with Jamf Pro. > [!NOTE] -> If you are using macOS Catalina (10.15.4) and newer versions of macOS see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies). +> If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies). This is a multi step process. You'll need to complete all of the following steps: @@ -43,4 +43,3 @@ This is a multi step process. You'll need to complete all of the following steps - From 9a2cacd47140a93a2449cb638002d0cdf017b35d Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Mon, 9 Nov 2020 09:39:50 -0800 Subject: [PATCH 008/210] 0x801C03F2-Delta update Primary SMTP and Email address mismatch -0x801C03F2 --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 01f18214de..b58170ab29 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -68,7 +68,7 @@ If the error occurs again, check the error code against the following table to s | 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

-or-

Token was not found in the Authorization header.

-or-

Failed to read one or more objects.

-or-

The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin. | 0x801C03EE | Attestation failed. | Sign out and then sign in again. | | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. | -| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). +| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also if no sync conflict. Please verify the "Mail /Email address" in AAD and the Primary SMTP address in the proxy address is the same. | 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. | | | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. | | 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. | From eba9bf94cde48291d87122376b42a63f2ce38e79 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 11 Nov 2020 07:52:20 -0800 Subject: [PATCH 009/210] Update windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index b58170ab29..a4ca968d29 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -68,7 +68,7 @@ If the error occurs again, check the error code against the following table to s | 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

-or-

Token was not found in the Authorization header.

-or-

Failed to read one or more objects.

-or-

The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin. | 0x801C03EE | Attestation failed. | Sign out and then sign in again. | | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. | -| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also if no sync conflict. Please verify the "Mail /Email address" in AAD and the Primary SMTP address in the proxy address is the same. +| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address is the same in the proxy address. | 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. | | | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. | | 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. | From a16ec0f709295939de0352c440ace6d7a1f26e29 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 12 Nov 2020 16:13:56 -0800 Subject: [PATCH 010/210] Added Kerberos and CredSsp policies --- windows/client-management/mdm/TOC.md | 2 + .../mdm/policies-in-policy-csp-admx-backed.md | 19 + .../policy-configuration-service-provider.md | 66 ++ .../mdm/policy-csp-admx-credssp.md | 964 ++++++++++++++++++ .../mdm/policy-csp-admx-kerberos.md | 641 ++++++++++++ 5 files changed, 1692 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-credssp.md create mode 100644 windows/client-management/mdm/policy-csp-admx-kerberos.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index e875d5d3a7..a9c36e49a0 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -179,6 +179,7 @@ #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md) #### [ADMX_COM](policy-csp-admx-com.md) #### [ADMX_Cpls](policy-csp-admx-cpls.md) +#### [ADMX_CredSsp](policy-csp-admx-credssp.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) @@ -191,6 +192,7 @@ #### [ADMX_Help](policy-csp-admx-help.md) #### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md) #### [ADMX_kdc](policy-csp-admx-kdc.md) +#### [ADMX_Kerberos](policy-csp-admx-kerberos.md) #### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) #### [ADMX_MMC](policy-csp-admx-mmc.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 8ede74a7a6..8604b2c6e6 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -61,6 +61,17 @@ ms.date: 10/08/2020 - [ADMX_COM/AppMgmt_COM_SearchForCLSID_1](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-1) - [ADMX_COM/AppMgmt_COM_SearchForCLSID_2](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-2) - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile) +- [ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowdefcredentialswhenntlmonly) +- [ADMX_CredSsp/AllowDefaultCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowdefaultcredentials) +- [ADMX_CredSsp/AllowEncryptionOracle](./policy-csp-admx-credssp.md#admx-credssp-allowencryptionoracle) +- [ADMX_CredSsp/AllowFreshCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowfreshcredentials) +- [ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowfreshcredentialswhenntlmonly) +- [ADMX_CredSsp/AllowSavedCredentials](./policy-csp-admx-credssp.md#admx-credssp-allowsavedcredentials) +- [ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly](./policy-csp-admx-credssp.md#admx-credssp-allowsavedcredentialswhenntlmonly) +- [ADMX_CredSsp/DenyDefaultCredentials](./policy-csp-admx-credssp.md#admx-credssp-denydefaultcredentials) +- [ADMX_CredSsp/DenyFreshCredentials](./policy-csp-admx-credssp.md#admx-credssp-denyfreshcredentials) +- [ADMX_CredSsp/DenySavedCredentials](./policy-csp-admx-credssp.md#admx-credssp-denysavedcredentials) +- [ADMX_CredSsp/RestrictedRemoteAdministration](./policy-csp-admx-credssp.md#admx-credssp-restrictedremoteadministration) - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword) - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) @@ -128,6 +139,14 @@ ms.date: 10/08/2020 - [ADMX_kdc/RequestCompoundId](./policy-csp-admx-kdc.md#admx-kdc-requestcompoundid) - [ADMX_kdc/TicketSizeThreshold](./policy-csp-admx-kdc.md#admx-kdc-ticketsizethreshold) - [ADMX_kdc/emitlili](./policy-csp-admx-kdc.md#admx-kdc-emitlili) +- [ADMX_Kerberos/AlwaysSendCompoundId](./policy-csp-admx-kerberos.md#admx-kerberos-alwayssendcompoundid) +- [ADMX_Kerberos/DevicePKInitEnabled](./policy-csp-admx-kerberos.md#admx-kerberos-devicepkinitenabled) +- [ADMX_Kerberos/HostToRealm](./policy-csp-admx-kerberos.md#admx-kerberos-hosttorealm) +- [ADMX_Kerberos/KdcProxyDisableServerRevocationCheck](./policy-csp-admx-kerberos.md#admx-kerberos-kdcproxydisableserverrevocationcheck) +- [ADMX_Kerberos/KdcProxyServer](./policy-csp-admx-kerberos.md#admx-kerberos-kdcproxyserver) +- [ADMX_Kerberos/MitRealms](./policy-csp-admx-kerberos.md#admx-kerberos-mitrealms) +- [ADMX_Kerberos/ServerAcceptsCompound](./policy-csp-admx-kerberos.md#admx-kerberos-serveracceptscompound) +- [ADMX_Kerberos/StrictTarget](./policy-csp-admx-kerberos.md#admx-kerberos-stricttarget) - [ADMX_LanmanServer/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-ciphersuiteorder) - [ADMX_LanmanServer/Pol_HashPublication](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashpublication) - [ADMX_LanmanServer/Pol_HashSupportVersion](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashsupportversion) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a1a8db3a83..570858dd4b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -332,6 +332,43 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_CredSsp policies + +
+
+ ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/AllowDefaultCredentials +
+
+ ADMX_CredSsp/AllowEncryptionOracle +
+
+ ADMX_CredSsp/AllowFreshCredentials +
+
+ ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/AllowSavedCredentials +
+
+ ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/DenyDefaultCredentials +
+
+ ADMX_CredSsp/DenyFreshCredentials +
+
+ ADMX_CredSsp/DenySavedCredentials +
+
+ ADMX_CredSsp/RestrictedRemoteAdministration +
+
### ADMX_CtrlAltDel policies
@@ -576,6 +613,35 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Kerberos policies + +
+
+ ADMX_Kerberos/AlwaysSendCompoundId +
+
+ ADMX_Kerberos/DevicePKInitEnabled +
+
+ ADMX_Kerberos/HostToRealm +
+
+ ADMX_Kerberos/KdcProxyDisableServerRevocationCheck +
+
+ ADMX_Kerberos/KdcProxyServer +
+
+ ADMX_Kerberos/MitRealms +
+
+ ADMX_Kerberos/ServerAcceptsCompound +
+
+ ADMX_Kerberos/StrictTarget +
+
+ ### ADMX_LanmanServer policies
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md new file mode 100644 index 0000000000..12d2fd54c1 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -0,0 +1,964 @@ +--- +title: Policy CSP - ADMX_CredSsp +description: Policy CSP - ADMX_CredSsp +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/12/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_CredSsp +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_CredSsp policies + +
+
+ ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/AllowDefaultCredentials +
+
+ ADMX_CredSsp/AllowEncryptionOracle +
+
+ ADMX_CredSsp/AllowFreshCredentials +
+
+ ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/AllowSavedCredentials +
+
+ ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly +
+
+ ADMX_CredSsp/DenyDefaultCredentials +
+
+ ADMX_CredSsp/DenyFreshCredentials +
+
+ ADMX_CredSsp/DenySavedCredentials +
+
+ ADMX_CredSsp/RestrictedRemoteAdministration +
+
+ + +
+ + +**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved via NTLM. + +If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). + +If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. + +Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating default credentials with NTLM-only server authentication* +- GP name: *AllowDefCredentialsWhenNTLMOnly* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowDefaultCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos. + +If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). + +The policy becomes effective the next time the user signs on to a computer running Windows. + +If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. + +FWlink for KB: +http://go.microsoft.com/fwlink/?LinkId=301508 + +Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating default credentials* +- GP name: *AllowDefaultCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowEncryptionOracle** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). + +Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable clients and servers. This policy allows you to set the level of protection desired for the encryption oracle vulnerability. + +If you enable this policy setting, CredSSP version support will be selected based on the following options: + +Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version. + +Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. + +Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients. + +For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660 + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Encryption Oracle Remediation* +- GP name: *AllowEncryptionOracle* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowFreshCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos. + +If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). + +If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). + +If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. + +> [!NOTE] +> The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating fresh credentials* +- GP name: *AllowFreshCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved via NTLM. + +If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). + +If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). + +If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. + +> [!NOTE] +> The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating fresh credentials with NTLM-only server authentication* +- GP name: *AllowFreshCredentialsWhenNTLMOnly* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowSavedCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos. + +If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). + +If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). + +If you disable this policy setting, delegation of saved credentials is not permitted to any machine. + +> [!NOTE] +> The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating saved credentials* +- GP name: *AllowSavedCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +This policy setting applies when server authentication was achieved via NTLM. + +If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). + +If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine. + +If you disable this policy setting, delegation of saved credentials is not permitted to any machine. + +> [!NOTE] +> The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow delegating saved credentials with NTLM-only server authentication* +- GP name: *AllowSavedCredentialsWhenNTLMOnly* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/DenyDefaultCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows). + +If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. + +> [!NOTE] +> The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Deny delegating default credentials* +- GP name: *DenyDefaultCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/DenyFreshCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application). + +If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. + +> [!NOTE] +> The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Deny delegating fresh credentials* +- GP name: *DenyFreshCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/DenySavedCredentials** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). + +If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager). + +If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. + +> [!NOTE] +> The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. + +For Example: + +- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +- TERMSRV/* Remote Desktop Session Host running on all machines. +- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com + +This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Deny delegating saved credentials* +- GP name: *DenySavedCredentials* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ + +**ADMX_CredSsp/RestrictedRemoteAdministration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device. + +Participating apps: +Remote Desktop Client + +If you enable this policy setting, the following options are supported: + +- Restrict credential delegation: Participating applications must use Restricted Admin or Remote Credential Guard to connect to remote hosts. +- Require Remote Credential Guard: Participating applications must use Remote Credential Guard to connect to remote hosts. +- Require Restricted Admin: Participating applications must use Restricted Admin to connect to remote hosts. + +If you disable or do not configure this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials to remote devices. + +> [!NOTE] +> To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation). +> +> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict delegation of credentials to remote servers* +- GP name: *RestrictedRemoteAdministration* +- GP path: *System\Credentials Delegation* +- GP ADMX file name: *CredSsp.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md new file mode 100644 index 0000000000..594a97bf72 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -0,0 +1,641 @@ +--- +title: Policy CSP - ADMX_Kerberos +description: Policy CSP - ADMX_Kerberos +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/12/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Kerberos +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Kerberos policies + +
+
+ ADMX_Kerberos/AlwaysSendCompoundId +
+
+ ADMX_Kerberos/DevicePKInitEnabled +
+
+ ADMX_Kerberos/HostToRealm +
+
+ ADMX_Kerberos/KdcProxyDisableServerRevocationCheck +
+
+ ADMX_Kerberos/KdcProxyServer +
+
+ ADMX_Kerberos/MitRealms +
+
+ ADMX_Kerberos/ServerAcceptsCompound +
+
+ ADMX_Kerberos/StrictTarget +
+
+ + +
+ + +**ADMX_Kerberos/AlwaysSendCompoundId** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity. + +> [!NOTE] +> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain. + +If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request. + +If you disable or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Always send compound authentication first* +- GP name: *AlwaysSendCompoundId* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/DevicePKInitEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts. + +This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the device to the domain. + +If you enable this policy setting, the device's credentials will be selected based on the following options: + +- Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using certificates then authentication with password will be attempted. +- Force: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certificates then authentication will fail. + +If you disable this policy setting, certificates will never be used. + +If you do not configure this policy setting, Automatic will be used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Support device authentication using certificate* +- GP name: *DevicePKInitEnabled* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/HostToRealm** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm. + +If you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappings, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. + +If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted. + +If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined in the local registry, if they exist. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define host name-to-Kerberos realm mappings* +- GP name: *HostToRealm* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server. + +If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. +Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid. + +If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable revocation checking for the SSL certificate of KDC proxy servers* +- GP name: *KdcProxyDisableServerRevocationCheck* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/KdcProxyServer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names. + +If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. + +If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers settings defined by Group Policy. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify KDC proxy servers for Kerberos clients* +- GP name: *KdcProxyServer* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/MitRealms** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting. + +If you enable this policy setting, you can view and change the list of interoperable Kerberos V5 realms and their settings. To view the list of interoperable Kerberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. + +If you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted. + +If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in the local registry, if they exist. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define interoperable Kerberos V5 realm settings* +- GP name: *MitRealms* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/ServerAcceptsCompound** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls configuring the device's Active Directory account for compound authentication. + +Support for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this policy. + +If you enable this policy setting, the device's Active Directory account will be configured for compound authentication by the following options: + +- Never: Compound authentication is never provided for this computer account. +- Automatic: Compound authentication is provided for this computer account when one or more applications are configured for Dynamic Access Control. +- Always: Compound authentication is always provided for this computer account. + +If you disable this policy setting, Never will be used. + +If you do not configure this policy setting, Automatic will be used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Support compound authentication* +- GP name: *ServerAcceptsCompound* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ + +**ADMX_Kerberos/StrictTarget** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN. + +If you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate. + +If you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Require strict target SPN match on remote procedure calls* +- GP name: *StrictTarget* +- GP path: *System\Kerberos* +- GP ADMX file name: *Kerberos.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From beddf8c3beab9bde045f8e0c5f16de59f4421772 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 12 Nov 2020 16:18:26 -0800 Subject: [PATCH 011/210] Fixed build warning --- windows/client-management/mdm/policy-csp-admx-credssp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 12d2fd54c1..d7b0960bb2 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -194,7 +194,7 @@ The policy becomes effective the next time the user signs on to a computer runni If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB. FWlink for KB: -http://go.microsoft.com/fwlink/?LinkId=301508 +https://go.microsoft.com/fwlink/?LinkId=301508 Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. From 5953293f7b571410871ea6e32729f2620bd1fa8b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 12 Nov 2020 16:28:37 -0800 Subject: [PATCH 012/210] Formatting --- .../mdm/policy-csp-admx-credssp.md | 121 +++++++++--------- 1 file changed, 63 insertions(+), 58 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index d7b0960bb2..264813691b 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -112,13 +112,14 @@ If you enable this policy setting, you can specify the servers to which the user If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. -Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> [!NOTE] +> The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com > [!TIP] @@ -196,13 +197,14 @@ If you disable or do not configure (by default) this policy setting, delegation FWlink for KB: https://go.microsoft.com/fwlink/?LinkId=301508 -Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> [!NOTE] +> The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com > [!TIP] @@ -273,11 +275,14 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att If you enable this policy setting, CredSSP version support will be selected based on the following options: -Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. Note: this setting should not be deployed until all remote hosts support the newest version. +- Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. -Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. +> [!NOTE] +> This setting should not be deployed until all remote hosts support the newest version. -Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients. +- Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. + +- Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients. For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660 @@ -356,12 +361,12 @@ If you disable this policy setting, delegation of fresh credentials is not permi > [!NOTE] > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. +> +> For Example: -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com > [!TIP] @@ -438,12 +443,12 @@ If you disable this policy setting, delegation of fresh credentials is not permi > [!NOTE] > The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com > [!TIP] @@ -520,12 +525,12 @@ If you disable this policy setting, delegation of saved credentials is not permi > [!NOTE] > The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com > [!TIP] @@ -602,12 +607,12 @@ If you disable this policy setting, delegation of saved credentials is not permi > [!NOTE] > The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com > [!TIP] @@ -680,12 +685,12 @@ If you disable or do not configure (by default) this policy setting, this policy > [!NOTE] > The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list. @@ -760,12 +765,12 @@ If you disable or do not configure (by default) this policy setting, this policy > [!NOTE] > The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list. @@ -840,12 +845,12 @@ If you disable or do not configure (by default) this policy setting, this policy > [!NOTE] > The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. - -For Example: - -- TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine -- TERMSRV/* Remote Desktop Session Host running on all machines. -- TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com +> +> For Example: +> +> - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine +> - TERMSRV/* Remote Desktop Session Host running on all machines. +> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list. From 26468ce82ecf0593685955f7874a2308ac4596e6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 12 Nov 2020 16:33:57 -0800 Subject: [PATCH 013/210] Formatting --- windows/client-management/mdm/policy-csp-admx-credssp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md index 264813691b..4b830deeb7 100644 --- a/windows/client-management/mdm/policy-csp-admx-credssp.md +++ b/windows/client-management/mdm/policy-csp-admx-credssp.md @@ -277,8 +277,8 @@ If you enable this policy setting, CredSSP version support will be selected base - Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. -> [!NOTE] -> This setting should not be deployed until all remote hosts support the newest version. + > [!NOTE] + > This setting should not be deployed until all remote hosts support the newest version. - Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients. @@ -363,7 +363,7 @@ If you disable this policy setting, delegation of fresh credentials is not permi > The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN. > > For Example: - +> > - TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine > - TERMSRV/* Remote Desktop Session Host running on all machines. > - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com From c2cebed14d7fa6d77ca39585c18f5ed41997d0a1 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 13 Nov 2020 11:07:23 -0800 Subject: [PATCH 014/210] Added WPN policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 8 +- .../policy-configuration-service-provider.md | 23 + .../mdm/policy-csp-admx-wpn.md | 489 ++++++++++++++++++ 4 files changed, 520 insertions(+), 1 deletion(-) create mode 100644 windows/client-management/mdm/policy-csp-admx-wpn.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index a9c36e49a0..e35b1817cc 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -234,6 +234,7 @@ #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md) #### [ADMX_WinInit](policy-csp-admx-wininit.md) #### [ADMX_wlansvc](policy-csp-admx-wlansvc.md) +#### [ADMX_WPN](policy-csp-admx-wpn.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 8604b2c6e6..d85775baec 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -812,7 +812,13 @@ ms.date: 10/08/2020 - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription) - [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost) - [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced) -- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) +- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) +- [ADMX_WPN/NoCallsDuringQuietHours](./policy-csp-admx-wpn.md#admx-wpn-nocallsduringquiethours) +- [ADMX_WPN/NoLockScreenToastNotification](./policy-csp-admx-wpn.md#admx-wpn-nolockscreentoastnotification) +- [ADMX_WPN/NoQuietHours](./policy-csp-admx-wpn.md#admx-wpn-noquiethours) +- [ADMX_WPN/NoToastNotification](./policy-csp-admx-wpn.md#admx-wpn-notoastnotification) +- [ADMX_WPN/QuietHoursDailyBeginMinute](./policy-csp-admx-wpn.md#admx-wpn-quiethoursdailybeginminute) +- [ADMX_WPN/QuietHoursDailyEndMinute](./policy-csp-admx-wpn.md#admx-wpn-quiethoursdailyendminute) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 570858dd4b..ef13b92e7e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2839,6 +2839,29 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WPN policies + +
+
+ ADMX_WPN/NoCallsDuringQuietHours +
+
+ ADMX_WPN/NoLockScreenToastNotification +
+
+ ADMX_WPN/NoQuietHours +
+
+ ADMX_WPN/NoToastNotification +
+
+ ADMX_WPN/QuietHoursDailyBeginMinute +
+
+ ADMX_WPN/QuietHoursDailyEndMinute +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md new file mode 100644 index 0000000000..863f094564 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -0,0 +1,489 @@ +--- +title: Policy CSP - ADMX_WPN +description: Policy CSP - ADMX_WPN +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WPN +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WPN policies + +
+
+ ADMX_WPN/NoCallsDuringQuietHours +
+
+ ADMX_WPN/NoLockScreenToastNotification +
+
+ ADMX_WPN/NoQuietHours +
+
+ ADMX_WPN/NoToastNotification +
+
+ ADMX_WPN/QuietHoursDailyBeginMinute +
+
+ ADMX_WPN/QuietHoursDailyEndMinute +
+
+ + +
+ + +**ADMX_WPN/NoCallsDuringQuietHours** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting blocks voice and video calls during Quiet Hours. + +If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings. + +If you disable this policy setting, voice and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings. + +If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Administrators and users will be able to modify this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off calls during Quiet Hours* +- GP name: *NoCallsDuringQuietHours* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ + +**ADMX_WPN/NoLockScreenToastNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications on the lock screen. + +If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen. + +If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user. + +No reboots or service restarts are required for this policy setting to take effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off toast notifications on the lock screen* +- GP name: *NoLockScreenToastNotification* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ + +**ADMX_WPN/NoQuietHours** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Quiet Hours functionality. + +If you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day. + +If you disable this policy setting, toast notifications will be suppressed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any other Quiet Hours settings. + +If you do not configure this policy setting, Quiet Hours are enabled by default but can be turned off or by the administrator or user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Quiet Hours* +- GP name: *NoQuietHours* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ + +**ADMX_WPN/NoToastNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off toast notifications for applications. + +If you enable this policy setting, applications will not be able to raise toast notifications. + +Note that this policy does not affect taskbar notification balloons. + +Note that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. + +If you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. + +No reboots or service restarts are required for this policy setting to take effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off toast notifications* +- GP name: *NoToastNotification* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ + +**ADMX_WPN/QuietHoursDailyBeginMinute** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day. + +If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings. + +If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting. + +If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set the time Quiet Hours begins each day* +- GP name: *QuietHoursDailyBeginMinute* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ + +**ADMX_WPN/QuietHoursDailyEndMinute** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day. + +If you enable this policy setting, the specified time will be used, and users will not be able to customize any Quiet Hours settings. + +If you disable this policy setting, a default value will be used, and users will not be able to change it or any other Quiet Hours setting. + +If you do not configure this policy setting, a default value will be used, which administrators and users will be able to modify. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set the time Quiet Hours ends each day* +- GP name: *QuietHoursDailyEndMinute* +- GP path: *Start Menu and Taskbar\Notifications* +- GP ADMX file name: *WPN.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + \ No newline at end of file From d25dda17b076ba546fec6ee2f78655299c0c5c4f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 13 Nov 2020 11:31:35 -0800 Subject: [PATCH 015/210] Added SystemRestore policy --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 1 + .../policy-configuration-service-provider.md | 8 ++ .../mdm/policy-csp-admx-systemrestore.md | 120 ++++++++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-systemrestore.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index e35b1817cc..98251b87fe 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -218,6 +218,7 @@ #### [ADMX_Smartcard](policy-csp-admx-smartcard.md) #### [ADMX_Snmp](policy-csp-admx-snmp.md) #### [ADMX_StartMenu](policy-csp-admx-startmenu.md) +#### [ADMX_SystemRestore](policy-csp-admx-systemrestore.md) #### [ADMX_Taskbar](policy-csp-admx-taskbar.md) #### [ADMX_tcpip](policy-csp-admx-tcpip.md) #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index d85775baec..365e5a94e6 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -522,6 +522,7 @@ ms.date: 10/08/2020 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey) - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff) - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled) +- [ADMX_SystemRestore/SR_DisableConfig](./policy-csp-admx-systemrestore.md#admx-systemrestore-sr-disableconfig) - [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter) - [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications) - [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index ef13b92e7e..6431d07b97 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1885,6 +1885,14 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_SystemRestore policies + +
+
+ ADMX_SystemRestore/SR_DisableConfig +
+
+ ### ADMX_Taskbar policies
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md new file mode 100644 index 0000000000..8e49043225 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -0,0 +1,120 @@ +--- +title: Policy CSP - ADMX_SystemRestore +description: Policy CSP - ADMX_SystemRestore +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_SystemRestore +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_SystemRestore policies + +
+
+ ADMX_SystemRestore/SR_DisableConfig +
+
+ + +
+ + +**ADMX_SystemRestore/SR_DisableConfig** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Allows you to disable System Restore configuration through System Protection. + +This policy setting allows you to turn off System Restore configuration through System Protection. + +System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting. + +If you enable this policy setting, the option to configure System Restore through System Protection is disabled. + +If you disable or do not configure this policy setting, users can change the System Restore settings through System Protection. + +Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Configuration* +- GP name: *SR_DisableConfig* +- GP path: *System\System Restore* +- GP ADMX file name: *SystemRestore.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 81b2787d1132155b27fc95ea7efc32b99615c5b9 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 16 Nov 2020 17:03:34 -0800 Subject: [PATCH 016/210] Added new policies --- .../mdm/policy-csp-admx-windowsdefender.md | 434 ++++++++++++++++++ 1 file changed, 434 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsdefender.md diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md new file mode 100644 index 0000000000..36fb917d07 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -0,0 +1,434 @@ +--- +title: Policy CSP - ADMX_WindowsDefender +description: Policy CSP - ADMX_WindowsDefender +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WindowsDefender +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WindowsDefender policies + +
+
+ ADMX_WindowsDefender/AllowFastServiceStartup +
+
+ ADMX_WindowsDefender/CheckForSignaturesBeforeRunningScan +
+
+ ADMX_WindowsDefender/DisableAntiSpywareDefender +
+
+ ADMX_WindowsDefender/DisableAutoExclusions +
+
+ ADMX_WindowsDefender/DisableBlockAtFirstSeen +
+
+ ADMX_WindowsDefender/DisableLocalAdminMerge +
+
+ ADMX_WindowsDefender/DisableRealtimeMonitoring +
+
+ ADMX_WindowsDefender/DisableRoutinelyTakingAction +
+
+ ADMX_WindowsDefender/Exclusions_Extensions +
+
+ ADMX_WindowsDefender/Exclusions_Paths +
+
+ ADMX_WindowsDefender/Exclusions_Processes +
+
+ ADMX_WindowsDefender/ExploitGuard_ASR_ASROnlyExclusions +
+
+ ADMX_WindowsDefender/ExploitGuard_ASR_Rules +
+
+ ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_AllowedApplications +
+
+ ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess +
+
+ ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_ProtectedFolders +
+
+ ADMX_WindowsDefender/ExploitGuard_EnableNetworkProtection +
+
+ ADMX_WindowsDefender/MpEngine_EnableFileHashComputation +
+
+ ADMX_WindowsDefender/Nis_Consumers_IPS_DisableSignatureRetirement +
+
+ ADMX_WindowsDefender/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid +
+
+ ADMX_WindowsDefender/Nis_DisableProtocolRecognition +
+
+ ADMX_WindowsDefender/ProxyBypass +
+
+ ADMX_WindowsDefender/ProxyPacUrl +
+
+ ADMX_WindowsDefender/ProxyServer +
+
+ ADMX_WindowsDefender/Quarantine_LocalSettingOverridePurgeItemsAfterDelay +
+
+ ADMX_WindowsDefender/Quarantine_PurgeItemsAfterDelay +
+
+ ADMX_WindowsDefender/RandomizeScheduleTaskTimes +
+
+ ADMX_WindowsDefender/RealtimeProtection_DisableBehaviorMonitoring +
+
+ ADMX_WindowsDefender/RealtimeProtection_DisableIOAVProtection +
+
+ ADMX_WindowsDefender/RealtimeProtection_DisableOnAccessProtection +
+
+ ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification +
+
+ ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable +
+
+ ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize +
+
+ ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring +
+
+ ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection +
+
+ ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection +
+
+ ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring +
+
+ ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection +
+
+ ADMX_WindowsDefender/RealtimeProtection_RealtimeScanDirection +
+
+ ADMX_WindowsDefender/Remediation_LocalSettingOverrideScan_ScheduleTime +
+
+ ADMX_WindowsDefender/Remediation_Scan_ScheduleDay +
+
+ ADMX_WindowsDefender/Remediation_Scan_ScheduleTime +
+
+ ADMX_WindowsDefender/Reporting_AdditionalActionTimeout +
+
+ ADMX_WindowsDefender/Reporting_CriticalFailureTimeout +
+
+ ADMX_WindowsDefender/Reporting_DisableEnhancedNotifications +
+
+ ADMX_WindowsDefender/Reporting_DisablegenericrePorts +
+
+ ADMX_WindowsDefender/Reporting_NonCriticalTimeout +
+
+ ADMX_WindowsDefender/Reporting_RecentlyCleanedTimeout +
+
+ ADMX_WindowsDefender/Reporting_WppTracingComponents +
+
+ ADMX_WindowsDefender/Reporting_WppTracingLevel +
+
+ ADMX_WindowsDefender/Root_PUAProtection +
+
+ ADMX_WindowsDefender/Scan_AllowPause +
+
+ ADMX_WindowsDefender/Scan_ArchiveMaxDepth +
+
+ ADMX_WindowsDefender/Scan_ArchiveMaxSize +
+
+ ADMX_WindowsDefender/Scan_AvgCPULoadFactor +
+
+ ADMX_WindowsDefender/Scan_DisableArchiveScanning +
+
+ ADMX_WindowsDefender/Scan_DisableCatchupFullScan +
+
+ Scan_DisableCatchupQuickScan/ProxyBypass +
+
+ ADMX_WindowsDefender/Scan_DisableEmailScanning +
+
+ ADMX_WindowsDefender/Scan_DisableHeuristics +
+
+ ADMX_WindowsDefender/Scan_DisablePackedExeScanning +
+
+ ADMX_WindowsDefender/Scan_DisableRemovableDriveScanning +
+
+ ADMX_WindowsDefender/Scan_DisableReparsePointScanning +
+
+ ADMX_WindowsDefender/Scan_DisableRestorePoint +
+
+ ADMX_WindowsDefender/Scan_DisableScanningMappedNetworkDrivesForFullScan +
+
+ ADMX_WindowsDefender/Scan_DisableScanningNetworkFiles +
+
+ ADMX_WindowsDefender/Scan_LocalSettingOverrideAvgCPULoadFactor +
+
+ ADMX_WindowsDefender/Scan_LocalSettingOverrideScanParameters +
+
+ ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleDay +
+
+ ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleQuickScantime +
+
+ ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleTime +
+
+ ADMX_WindowsDefender/Scan_LowCpuPriority +
+
+ ADMX_WindowsDefender/Scan_MissedScheduledScanCountBeforeCatchup +
+
+ ADMX_WindowsDefender/Scan_PurgeItemsAfterDelay +
+
+ ADMX_WindowsDefender/Scan_QuickScanInterval +
+
+ ADMX_WindowsDefender/Scan_ScanOnlyIfIdle +
+
+ ADMX_WindowsDefender/Scan_ScanParameters +
+
+ ADMX_WindowsDefender/Scan_ScheduleDay +
+
+ ADMX_WindowsDefender/Scan_ScheduleQuickScantime +
+
+ ADMX_WindowsDefender/Scan_ScheduleTime +
+
+ ADMX_WindowsDefender/ServiceKeepAlive +
+
+ ADMX_WindowsDefender/SignatureUpdate_ASSignatureDue +
+
+ ADMX_WindowsDefender/SignatureUpdate_AVSignatureDue +
+
+ ADMX_WindowsDefender/SignatureUpdate_DefinitionUpdateFileSharesSources +
+
+ ADMX_WindowsDefender/SignatureUpdate_DisableScanOnUpdate +
+
+ ADMX_WindowsDefender/SignatureUpdate_DisableScheduledSignatureUpdateonBattery +
+
+ ADMX_WindowsDefender/SignatureUpdate_DisableUpdateOnStartupWithoutEngine +
+
+ ADMX_WindowsDefender/SignatureUpdate_FallbackOrder +
+
+ ADMX_WindowsDefender/SignatureUpdate_ForceUpdateFromMU +
+
+ ADMX_WindowsDefender/SignatureUpdate_RealtimeSignatureDelivery +
+
+ ADMX_WindowsDefender/SignatureUpdate_ScheduleDay +
+
+ ADMX_WindowsDefender/SignatureUpdate_ScheduleTime +
+
+ ADMX_WindowsDefender/SignatureUpdate_SharedSignaturesLocation +
+
+ ADMX_WindowsDefender/SignatureUpdate_SignatureDisableNotification +
+
+ ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateCatchupInterval +
+
+ ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateInterval +
+
+ ADMX_WindowsDefender/SignatureUpdate_UpdateOnStartup +
+
+ ADMX_WindowsDefender/SpynetReporting +
+
+ ADMX_WindowsDefender/Spynet_LocalSettingOverrideSpynetReporting +
+
+ ADMX_WindowsDefender/SubmitSamplesConsent +
+
+ ADMX_WindowsDefender/Threats_ThreatIdDefaultAction +
+
+ ADMX_WindowsDefender/Threats_ThreatSeverityDefaultAction +
+
+ ADMX_WindowsDefender/UX_Configuration_CustomDefaultActionToastString +
+
+ ADMX_WindowsDefender/UX_Configuration_Notification_Suppress +
+
+ ADMX_WindowsDefender/UX_Configuration_SuppressRebootNotification +
+
+ ADMX_WindowsDefender/UX_Configuration_UILockdown +
+
+ + +
+ + +**ADMX_AuditSettings/IncludeCmdLine** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. + +If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. + +If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. + +Default is Not configured. + +> [!NOTE] +> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Include command line in process creation events* +- GP name: *IncludeCmdLine* +- GP path: *System/Audit Process Creation* +- GP ADMX file name: *AuditSettings.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From c1bba1fc63b8a05db9897dafc8fa5f634bd39412 Mon Sep 17 00:00:00 2001 From: Rafal Sosnowski <51166236+rafals2@users.noreply.github.com> Date: Tue, 17 Nov 2020 10:44:22 -0800 Subject: [PATCH 017/210] Update bitlocker-overview.md added more clarity for active partitions --- .../information-protection/bitlocker/bitlocker-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 551b239d72..ca3e14c35a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -74,7 +74,7 @@ The hard disk must be partitioned with at least two drives: - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space. -A fixed data volume or removable data volume cannot be marked as an active partition. +Partition subject to encryption cannot be marked as an active partition (this applies to OS, fixed data and removable data drives). When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker. From f374aa2abb88c2cd73a27a237219a6b144832664 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 17 Nov 2020 12:03:45 -0800 Subject: [PATCH 018/210] Added WindowsDefender policies --- .../mdm/policy-csp-admx-windowsdefender.md | 2068 ++++++++++++++++- 1 file changed, 2055 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md index 36fb917d07..70f168574e 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -346,7 +346,7 @@ manager: dansimp
-**ADMX_AuditSettings/IncludeCmdLine** +**ADMX_WindowsDefender/AllowFastServiceStartup** @@ -389,16 +389,11 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. -If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. -If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. - -Default is Not configured. - -> [!NOTE] -> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. +If you disable this setting, the antimalware service will load as a low priority task. > [!TIP] @@ -410,15 +405,2062 @@ Default is Not configured. ADMX Info: -- GP English name: *Include command line in process creation events* -- GP name: *IncludeCmdLine* -- GP path: *System/Audit Process Creation* -- GP ADMX file name: *AuditSettings.admx* +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx*
+ +**ADMX_WindowsDefender/CheckForSignaturesBeforeRunningScan** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur before running a scan. + +This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface. + +If you enable this setting, a check for new security intelligence will occur before running a scan. + +If you disable this setting or do not configure this setting, the scan will start using the existing security intelligence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Check for the latest virus and spyware security intelligence before running a scheduled scan* +- GP name: *CheckForSignaturesBeforeRunningScan* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableAntiSpywareDefender** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Microsoft Defender Antivirus. + +If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software. + +If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product. + +If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software. + +Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Microsoft Defender Antivirus* +- GP name: *DisableAntiSpywareDefender* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableAutoExclusions** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off. + +Disabled (Default): +Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance. + +Enabled: +Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Auto Exclusions* +- GP name: *DisableAutoExclusions* +- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableBlockAtFirstSeen** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device. + +Enabled – The Block at First Sight setting is turned on. +Disabled – The Block at First Sight setting is turned off. + +This feature requires these Group Policy settings to be set as follows: + +- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function. +- MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature will not function. +- Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature will not function. +- Real-time Protection -> Do not enable the “Turn off real-time protection” policy or the “Block at First Sight” feature will not function. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the 'Block at First Sight' feature* +- GP name: *DisableBlockAtFirstSeen* +- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableLocalAdminMerge** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions. + +If you enable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings. + +If you disable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local administrator merge behavior for lists* +- GP name: *DisableLocalAdminMerge* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableRealtimeMonitoring** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off real-time protection prompts for known malware detection. + +Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer. + +If you enable this policy setting, Microsoft Defender Antivirus will not prompt users to take actions on malware detections. + +If you disable or do not configure this policy setting, Microsoft Defender Antivirus will prompt users to take actions on malware detections. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off real-time protection* +- GP name: *DisableRealtimeMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/DisableRoutinelyTakingAction** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action. + +If you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat. + +If you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off routine remediation* +- GP name: *DisableRoutinelyTakingAction* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Exclusions_Extensions** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Extension Exclusions* +- GP name: *Exclusions_Extensions* +- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Exclusions_Paths** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. + +As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Path Exclusions* +- GP name: *Exclusions_Paths* +- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Exclusions_Processes** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Process Exclusions* +- GP name: *Exclusions_Processes* +- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ASR_ASROnlyExclusions** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Exclude files and paths from Attack Surface Reduction (ASR) rules. + +Enabled: +Specify the folders or files and resources that should be excluded from ASR rules in the Options section. +Enter each rule on a new line as a name-value pair: + +- Name column: Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder +- Value column: Enter ""0"" for each item + +Disabled: +No exclusions will be applied to the ASR rules. + +Not configured: +Same as Disabled. + +You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Exclude files and paths from Attack Surface Reduction Rules* +- GP name: *ExploitGuard_ASR_ASROnlyExclusions* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ASR_Rules** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Set the state for each Attack Surface Reduction (ASR) rule. + +After enabling this setting, you can set each rule to the following in the Options section: + +- Block: the rule will be applied +- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) +- Off: the rule will not be applied + +Enabled: +Specify the state for each ASR rule under the Options section for this setting. +Enter each rule on a new line as a name-value pair: + +- Name column: Enter a valid ASR rule ID +- Value column: Enter the status ID that relates to state you want to specify for the associated rule + +The following status IDs are permitted under the value column: +- 1 (Block) +- 0 (Off) +- 2 (Audit) + +Example: +xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0 +xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1 +xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2 + +Disabled: +No ASR rules will be configured. + +Not configured: +Same as Disabled. + +You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Attack Surface Reduction rules* +- GP name: *ExploitGuard_ASR_Rules* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/AllowFastServiceStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. + +If you enable or do not configure this setting, the antimalware service will load as a normal priority task. + +If you disable this setting, the antimalware service will load as a low priority task. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to startup with normal priority* +- GP name: *AllowFastServiceStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
Footnotes: - 1 - Available in Windows 10, version 1607. From 4dc4089511dbbfdd6260b835f2449f2a4b39ccf2 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 17 Nov 2020 16:55:19 -0800 Subject: [PATCH 019/210] Added new policies --- .../mdm/policy-csp-admx-windowsdefender.md | 1192 +++++++++++++++-- 1 file changed, 1071 insertions(+), 121 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md index 70f168574e..d935313482 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -116,19 +116,19 @@ manager: dansimp ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification
- ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable + ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable
- ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize + ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring @@ -194,7 +194,7 @@ manager: dansimp ADMX_WindowsDefender/Scan_DisableCatchupFullScan
- Scan_DisableCatchupQuickScan/ProxyBypass + ADMX_WindowsDefender/Scan_DisableCatchupQuickScan
ADMX_WindowsDefender/Scan_DisableEmailScanning @@ -1290,7 +1290,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_AllowedApplications** @@ -1333,11 +1333,24 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. Add additional applications that should be considered "trusted" by controlled folder access. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +These applications are allowed to modify or delete files in controlled folder access folders. -If you disable this setting, the antimalware service will load as a low priority task. +Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications. + +Enabled: +Specify additional allowed applications in the Options section.. + +Disabled: +No additional applications will be added to the trusted list. + +Not configured: +Same as Disabled. + +You can enable controlled folder access in the Configure controlled folder access GP setting. + +Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting. > [!TIP] @@ -1349,8 +1362,634 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Configure allowed applications* +- GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to: + +- Modify or delete files in protected folders, such as the Documents folder +- Write to disk sectors + +You can also choose to only block or audit writes to disk sectors while still allowing the modification or deletion of files in protected folders. + +Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. +Default system folders are automatically protected, but you can add folders in the Configure protected folders GP setting. + +Block: +The following will be blocked: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. + +Disabled: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +These attempts will not be recorded in the Windows event log. + +Audit Mode: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124. + +Block disk modification only: +The following will be blocked: + +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. + +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +These attempts will not be recorded in the Windows event log. + +Audit disk modification only: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders +Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). +Attempts to modify or delete files in protected folders will not be recorded. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Controlled folder access* +- GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_ProtectedFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specify additional folders that should be guarded by the Controlled folder access feature. + +Files in these folders cannot be modified or deleted by untrusted applications. + +Default system folders are automatically protected. You can configure this setting to add additional folders. +The list of default system folders that are protected is shown in Windows Security. + +Enabled: +Specify additional folders that should be protected in the Options section. + +Disabled: +No additional folders will be protected. + +Not configured: +Same as Disabled. + +You can enable controlled folder access in the Configure controlled folder access GP setting. + +Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure protected folders* +- GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_EnableNetworkProtection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. + +Enabled: +Specify the mode in the Options section: + +- Block: Users and applications will not be able to access dangerous domains +- Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. + +Disabled: +Users and applications will not be blocked from connecting to dangerous domains. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent users and apps from accessing dangerous websites* +- GP name: *ExploitGuard_EnableNetworkProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/MpEngine_EnableFileHashComputation** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable file hash computation feature. + +Enabled: +When this feature is enabled Microsoft Defender will compute hash value for files it scans. + +Disabled: +File hash value is not computed + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable file hash computation feature* +- GP name: *MpEngine_EnableFileHashComputation* +- GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_Consumers_IPS_DisableSignatureRetirement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. + +If you enable or do not configure this setting, definition retirement will be enabled. + +If you disable this setting, definition retirement will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on definition retirement* +- GP name: *Nis_Consumers_IPS_DisableSignatureRetirement* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify additional definition sets for network traffic inspection* +- GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_DisableProtocolRecognition** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. + +If you enable or do not configure this setting, protocol recognition will be enabled. + +If you disable this setting, protocol recognition will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on protocol recognition* +- GP name: *Nis_DisableProtocolRecognition* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ProxyBypass** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL. + +If you enable this setting, the proxy server will be bypassed for the specified addresses. + +If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define addresses to bypass proxy server* +- GP name: *ProxyBypass* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1359,7 +1998,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ProxyPacUrl** @@ -1402,11 +2041,17 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order): -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +1. Proxy server (if specified) +2. Proxy .pac URL (if specified) +3. None +4. Internet Explorer proxy settings +5. Autodetect -If you disable this setting, the antimalware service will load as a low priority task. +If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above. + +If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. > [!TIP] @@ -1418,8 +2063,8 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Define proxy auto-config (.pac) for connecting to the network* +- GP name: *ProxyPacUrl* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1428,7 +2073,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ProxyServer**
@@ -1471,11 +2116,17 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order): -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +1. Proxy server (if specified) +2. Proxy .pac URL (if specified) +3. None +4. Internet Explorer proxy settings +5. Autodetect -If you disable this setting, the antimalware service will load as a low priority task. +If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either http:// or https://. + +If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. > [!TIP] @@ -1487,8 +2138,8 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Define proxy server for connecting to the network* +- GP name: *ProxyServer* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1497,7 +2148,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
@@ -1540,11 +2191,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -1556,8 +2207,146 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Configure local setting override for the removal of items from Quarantine folder* +- GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Quarantine_PurgeItemsAfterDelay** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. + +If you enable this setting, items will be removed from the Quarantine folder after the number of days specified. + +If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure removal of items from Quarantine folder* +- GP name: *Quarantine_PurgeItemsAfterDelay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/RandomizeScheduleTaskTimes** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time. + +If you enable or do not configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time. + +If you disable this setting, scheduled tasks will begin at the specified start time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Randomize scheduled task times* +- GP name: *RandomizeScheduleTaskTimes* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1566,7 +2355,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableBehaviorMonitoring** @@ -1609,11 +2398,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure behavior monitoring. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, behavior monitoring will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, behavior monitoring will be disabled. > [!TIP] @@ -1625,9 +2414,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on behavior monitoring* +- GP name: *RealtimeProtection_DisableBehaviorMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1635,7 +2424,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableIOAVProtection**
@@ -1678,11 +2467,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for all downloaded files and attachments. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, scanning for all downloaded files and attachments will be disabled. > [!TIP] @@ -1694,9 +2483,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Scan all downloaded files and attachments* +- GP name: *RealtimeProtection_DisableIOAVProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1704,7 +2493,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableOnAccessProtection**
@@ -1747,11 +2536,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for file and program activity. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, monitoring for file and program activity will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, monitoring for file and program activity will be disabled. > [!TIP] @@ -1763,9 +2552,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Monitor file and program activity on your computer* +- GP name: *RealtimeProtection_DisableOnAccessProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1773,7 +2562,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification**
@@ -1816,11 +2605,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether raw volume write notifications are sent to behavior monitoring. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, raw write notifications will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, raw write notifications be disabled. > [!TIP] @@ -1832,9 +2621,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on raw volume write notifications* +- GP name: *RealtimeProtection_DisableRawWriteNotification* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1842,7 +2631,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable**
@@ -1885,11 +2674,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, a process scan will not be initiated when real-time protection is turned on. > [!TIP] @@ -1901,9 +2690,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on process scanning whenever real-time protection is enabled* +- GP name: *RealtimeProtection_DisableScanOnRealtimeEnable* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1911,7 +2700,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize**
@@ -1954,11 +2743,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, a default size will be applied. > [!TIP] @@ -1970,9 +2759,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Define the maximum size of downloaded files and attachments to be scanned* +- GP name: *RealtimeProtection_IOAVMaxSize* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1980,7 +2769,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
@@ -2023,11 +2812,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2039,9 +2828,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for turn on behavior monitoring* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2049,7 +2838,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
@@ -2092,11 +2881,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2108,9 +2897,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for scanning all downloaded files and attachments* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2118,7 +2907,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
@@ -2161,11 +2950,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2177,9 +2966,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for monitoring file and program activity on your computer* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2187,7 +2976,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
@@ -2230,11 +3019,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2246,9 +3035,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override to turn on real-time protection* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2256,7 +3045,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
@@ -2299,11 +3088,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2315,9 +3104,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for monitoring for incoming and outgoing file activity* +- GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2325,7 +3114,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_RealtimeScanDirection**
@@ -2368,11 +3157,21 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. -If you disable this setting, the antimalware service will load as a low priority task. +The options for this setting are mutually exclusive: + +- 0 = Scan incoming and outgoing files (default) +- 1 = Scan incoming files only +- 2 = Scan outgoing files only + +Any other value, or if the value does not exist, resolves to the default (0). + +If you enable this setting, the specified type of monitoring will be enabled. + +If you disable or do not configure this setting, monitoring for incoming and outgoing files will be enabled. > [!TIP] @@ -2384,9 +3183,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure monitoring for incoming and outgoing file and program activity* +- GP name: *RealtimeProtection_RealtimeScanDirection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2394,7 +3193,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/Remediation_LocalSettingOverrideScan_ScheduleTime**
@@ -2437,11 +3236,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2453,14 +3252,165 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation* +- GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* - GP ADMX file name: *WindowsDefender.admx*
+ + +**ADMX_WindowsDefender/Remediation_Scan_ScheduleDay** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all. + +This setting can be configured with the following ordinal number values: + +- (0x0) Every Day +- (0x1) Sunday +- (0x2) Monday +- (0x3) Tuesday +- (0x4) Wednesday +- (0x5) Thursday +- (0x6) Friday +- (0x7) Saturday +- (0x8) Never (default) + +If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. + +If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the day of the week to run a scheduled full scan to complete remediation* +- GP name: *Remediation_Scan_ScheduleDay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Remediation_Scan_ScheduleTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing. + +If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified. + +If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the time of day to run a scheduled full scan to complete remediation* +- GP name: *Remediation_Scan_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ Footnotes: - 1 - Available in Windows 10, version 1607. From b4c0dcb14f6fd6ec627417502c0df32a02b8c205 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 18 Nov 2020 09:48:06 -0800 Subject: [PATCH 020/210] Update windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index a4ca968d29..b7bc415c06 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -68,7 +68,7 @@ If the error occurs again, check the error code against the following table to s | 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed.

-or-

Token was not found in the Authorization header.

-or-

Failed to read one or more objects.

-or-

The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin. | 0x801C03EE | Attestation failed. | Sign out and then sign in again. | | 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. | -| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address is the same in the proxy address. +| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address. | 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. | | | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. | | 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. | From 7e0e79d0c793c8062e02938fbedc1d76c4f34a4b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 18 Nov 2020 14:15:38 -0800 Subject: [PATCH 021/210] Added more policies --- .../mdm/policy-csp-admx-windowsdefender.md | 1369 +++++++++++++++++ 1 file changed, 1369 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md index d935313482..c1aaa52eb3 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -3411,6 +3411,1375 @@ ADMX Info:
+ +**ADMX_WindowsDefender/Reporting_AdditionalActionTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure time out for detections requiring additional action* +- GP name: *Reporting_AdditionalActionTimeout* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Reporting_CriticalFailureTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure time out for detections in critically failed state* +- GP name: *Reporting_CriticalFailureTimeout* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Reporting_DisableEnhancedNotifications** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients. + +If you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients. + +If you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off enhanced notifications* +- GP name: *Reporting_DisableEnhancedNotifications* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/Reporting_DisablegenericrePorts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not Watson events are sent. + +If you enable or do not configure this setting, Watson events will be sent. + +If you disable this setting, Watson events will not be sent. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Watson events* +- GP name: *Reporting_DisablegenericrePorts* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Reporting_NonCriticalTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure time out for detections in non-critical failed state* +- GP name: *Reporting_NonCriticalTimeout* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/Reporting_RecentlyCleanedTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure time out for detections in recently remediated state* +- GP name: *Reporting_RecentlyCleanedTimeout* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Reporting_WppTracingComponents** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy configures Windows software trace preprocessor (WPP Software Tracing) components. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Windows software trace preprocessor components* +- GP name: *Reporting_WppTracingComponents* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Reporting_WppTracingLevel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). + +Tracing levels are defined as: + +- 1 - Error +- 2 - Warning +- 3 - Info +- 4 - Debug + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure WPP tracing level* +- GP name: *Reporting_WppTracingLevel* +- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Root_PUAProtection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. + +Enabled: +Specify the mode in the Options section: + +- Block: Potentially unwanted software will be blocked. +- Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. + +Disabled: +Potentially unwanted software will not be blocked. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure detection for potentially unwanted applications* +- GP name: *Root_PUAProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_AllowPause** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not end users can pause a scan in progress. + +If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan. + +If you disable this setting, users will not be able to pause scans. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow users to pause scan* +- GP name: *Scan_AllowPause* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_ArchiveMaxDepth** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0. + +If you enable this setting, archive files will be scanned to the directory depth level specified. + +If you disable or do not configure this setting, archive files will be scanned to the default directory depth level. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the maximum depth to scan archive files* +- GP name: *Scan_ArchiveMaxDepth* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_ArchiveMaxSize** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning. + +If you enable this setting, archive files less than or equal to the size specified will be scanned. + +If you disable or do not configure this setting, archive files will be scanned according to the default value. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the maximum size of archive files to be scanned* +- GP name: *Scan_ArchiveMaxSize* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_AvgCPULoadFactor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50. + +If you enable this setting, CPU utilization will not exceed the percentage specified. + +If you disable or do not configure this setting, CPU utilization will not exceed the default value. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the maximum percentage of CPU utilization during a scan* +- GP name: *Scan_AvgCPULoadFactor* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableArchiveScanning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files. + +If you enable or do not configure this setting, archive files will be scanned. + +If you disable this setting, archive files will not be scanned. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scan archive files* +- GP name: *Scan_DisableArchiveScanning* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableCatchupFullScan** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. + +If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. + +If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on catch-up full scan* +- GP name: *Scan_DisableCatchupFullScan* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableCatchupQuickScan** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. + +If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. + +If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on catch-up quick scan* +- GP name: *Scan_DisableCatchupQuickScan* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableEmailScanning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). + +If you enable this setting, e-mail scanning will be enabled. + +If you disable or do not configure this setting, e-mail scanning will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on e-mail scanning* +- GP name: *Scan_DisableEmailScanning* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableHeuristics** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics. + +If you enable or do not configure this setting, heuristics will be enabled. + +If you disable this setting, heuristics will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on heuristics* +- GP name: *Scan_DisableHeuristics* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisablePackedExeScanning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled. + +If you enable or do not configure this setting, packed executables will be scanned. + +If you disable this setting, packed executables will not be scanned. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scan packed executables* +- GP name: *Scan_DisablePackedExeScanning* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableRemovableDriveScanning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. + +If you enable this setting, removable drives will be scanned during any type of scan. + +If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scan removable drives* +- GP name: *Scan_DisableRemovableDriveScanning* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ Footnotes: - 1 - Available in Windows 10, version 1607. From 0c7a4df372f1329b73a2e4fc0f4b52dc823d2184 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 18 Nov 2020 17:09:38 -0800 Subject: [PATCH 022/210] Added more policies --- .../mdm/policy-csp-admx-windowsdefender.md | 3082 +++++++++++++++++ 1 file changed, 3082 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md index c1aaa52eb3..5e550c9817 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -4780,6 +4780,3088 @@ ADMX Info:
+ +**ADMX_WindowsDefender/Scan_DisableReparsePointScanning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality. + +If you enable this setting, reparse point scanning will be enabled. + +If you disable or do not configure this setting, reparse point scanning will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on reparse point scanning* +- GP name: *Scan_DisableReparsePointScanning* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableRestorePoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. + +If you enable this setting, a system restore point will be created. + +If you disable or do not configure this setting, a system restore point will not be created. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Create a system restore point* +- GP name: *Scan_DisableRestorePoint* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/Scan_DisableScanningMappedNetworkDrivesForFullScan** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning mapped network drives. + +If you enable this setting, mapped network drives will be scanned. + +If you disable or do not configure this setting, mapped network drives will not be scanned. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Run full scan on mapped network drives* +- GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_DisableScanningNetworkFiles** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting. + +If you enable this setting, network files will be scanned. + +If you disable or do not configure this setting, network files will not be scanned. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Scan network files* +- GP name: *Scan_DisableScanningNetworkFiles* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LocalSettingOverrideAvgCPULoadFactor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for maximum percentage of CPU utilization* +- GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LocalSettingOverrideScanParameters** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for the scan type to use for a scheduled scan* +- GP name: *Scan_LocalSettingOverrideScanParameters* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleDay** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for schedule scan day* +- GP name: *Scan_LocalSettingOverrideScheduleDay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleQuickScantime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for scheduled quick scan time* +- GP name: *Scan_LocalSettingOverrideScheduleQuickScantime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for scheduled scan time* +- GP name: *Scan_LocalSettingOverrideScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_LowCpuPriority** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable low CPU priority for scheduled scans. + +If you enable this setting, low CPU priority will be used during scheduled scans. + +If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure low CPU priority for scheduled scans* +- GP name: *Scan_LowCpuPriority* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_MissedScheduledScanCountBeforeCatchup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans. + +If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans. + +If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define the number of days after which a catch-up scan is forced* +- GP name: *Scan_MissedScheduledScanCountBeforeCatchup* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_PurgeItemsAfterDelay** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days. + +If you enable this setting, items will be removed from the scan history folder after the number of days specified. + +If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on removal of items from scan history folder* +- GP name: *Scan_PurgeItemsAfterDelay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_QuickScanInterval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0. + +If you enable this setting, a quick scan will run at the interval specified. + +If you disable or do not configure this setting, a quick scan will run at a default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the interval to run quick scans per day* +- GP name: *Scan_QuickScanInterval* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_ScanOnlyIfIdle** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use. + +If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use. + +If you disable this setting, scheduled scans will run at the scheduled time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Start the scheduled scan only when computer is on but not in use* +- GP name: *Scan_ScanOnlyIfIdle* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_ScanParameters** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: + +- 1 = Quick Scan (default) +- 2 = Full Scan + +If you enable this setting, the scan type will be set to the specified value. + +If you disable or do not configure this setting, the default scan type will used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the scan type to use for a scheduled scan* +- GP name: *Scan_ScanParameters* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/Scan_ScheduleDay** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all. + +This setting can be configured with the following ordinal number values: + +- (0x0) Every Day +- (0x1) Sunday +- (0x2) Monday +- (0x3) Tuesday +- (0x4) Wednesday +- (0x5) Thursday +- (0x6) Friday +- (0x7) Saturday +- (0x8) Never (default) + +If you enable this setting, a scheduled scan will run at the frequency specified. + +If you disable or do not configure this setting, a scheduled scan will run at a default frequency. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the day of the week to run a scheduled scan* +- GP name: *Scan_ScheduleDay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/Scan_ScheduleQuickScantime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing. + +If you enable this setting, a daily quick scan will run at the time of day specified. + +If you disable or do not configure this setting, a daily quick scan will run at a default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the time for a daily quick scan* +- GP name: *Scan_ScheduleQuickScantime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Scan_ScheduleTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing. + +If you enable this setting, a scheduled scan will run at the time of day specified. + +If you disable or do not configure this setting, a scheduled scan will run at a default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the time of day to run a scheduled scan* +- GP name: *Scan_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ServiceKeepAlive** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled. + +If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled. + +If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow antimalware service to remain running always* +- GP name: *ServiceKeepAlive* +- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_ASSignatureDue** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days. + +If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update. + +If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define the number of days before spyware security intelligence is considered out of date* +- GP name: *SignatureUpdate_ASSignatureDue* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_AVSignatureDue** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days. + +If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update. + +If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define the number of days before virus security intelligence is considered out of date* +- GP name: *SignatureUpdate_AVSignatureDue* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_DefinitionUpdateFileSharesSources** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default. + +If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. + +If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define file shares for downloading security intelligence updates* +- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_DisableScanOnUpdate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred. + +If you enable or do not configure this setting, a scan will start following a security intelligence update. + +If you disable this setting, a scan will not start following a security intelligence update. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on scan after security intelligence update* +- GP name: *SignatureUpdate_DisableScanOnUpdate* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_DisableScheduledSignatureUpdateonBattery** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates when the computer is running on battery power. + +If you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state. + +If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow security intelligence updates when running on battery power* +- GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_DisableUpdateOnStartupWithoutEngine** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present. + +If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present. + +If you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Initiate security intelligence update on startup* +- GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_FallbackOrder** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”. + +For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC } + +If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted. + +If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define the order of sources for downloading security intelligence updates* +- GP name: *SignatureUpdate_FallbackOrder* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_ForceUpdateFromMU** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update. + +If you enable this setting, security intelligence updates will be downloaded from Microsoft Update. + +If you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow security intelligence updates from Microsoft Update* +- GP name: *SignatureUpdate_ForceUpdateFromMU* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_RealtimeSignatureDelivery** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work. + +If you enable or do not configure this setting, real-time security intelligence updates will be enabled. + +If you disable this setting, real-time security intelligence updates will disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS* +- GP name: *SignatureUpdate_RealtimeSignatureDelivery* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_ScheduleDay** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all. + +This setting can be configured with the following ordinal number values: + +- (0x0) Every Day (default) +- (0x1) Sunday +- (0x2) Monday +- (0x3) Tuesday +- (0x4) Wednesday +- (0x5) Thursday +- (0x6) Friday +- (0x7) Saturday +- (0x8) Never + +If you enable this setting, the check for security intelligence updates will occur at the frequency specified. + +If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the day of the week to check for security intelligence updates* +- GP name: *SignatureUpdate_ScheduleDay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_ScheduleTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring. + +If you enable this setting, the check for security intelligence updates will occur at the time of day specified. + +If you disable or do not configure this setting, the check for security intelligence updates will occur at the default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the time to check for security intelligence updates* +- GP name: *SignatureUpdate_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_SharedSignaturesLocation** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the security intelligence location for VDI-configured computers. + +If you disable or do not configure this setting, security intelligence will be referred from the default local source. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define security intelligence location for VDI clients.* +- GP name: *SignatureUpdate_SharedSignaturesLocation* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/SignatureUpdate_SignatureDisableNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work. + +If you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence. + +If you disable this setting, the antimalware service will not receive notifications to disable security intelligence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS* +- GP name: *SignatureUpdate_SignatureDisableNotification* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateCatchupInterval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day. + +If you enable this setting, a catch-up security intelligence update will occur after the specified number of days. + +If you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define the number of days after which a catch-up security intelligence update is required* +- GP name: *SignatureUpdate_SignatureUpdateCatchupInterval* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateInterval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify an interval at which to check for security intelligence updates. The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day). + +If you enable this setting, checks for security intelligence updates will occur at the interval specified. + +If you disable or do not configure this setting, checks for security intelligence updates will occur at the default interval. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the interval to check for security intelligence updates* +- GP name: *SignatureUpdate_SignatureUpdateInterval* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SignatureUpdate_UpdateOnStartup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup. + +If you enable this setting, a check for new security intelligence will occur after service startup. + +If you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Check for the latest virus and spyware security intelligence on startup* +- GP name: *SignatureUpdate_UpdateOnStartup* +- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/SpynetReporting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. + +You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you. + +Possible options are: + +- (0x0) Disabled (default) +- (0x1) Basic membership +- (0x2) Advanced membership + +Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful. + +Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer. + +If you enable this setting, you will join Microsoft MAPS with the membership specified. + +If you disable or do not configure this setting, you will not join Microsoft MAPS. + +In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Join Microsoft MAPS* +- GP name: *SpynetReporting* +- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Spynet_LocalSettingOverrideSpynetReporting** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. + +If you enable this setting, the local preference setting will take priority over Group Policy. + +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure local setting override for reporting to Microsoft MAPS* +- GP name: *Spynet_LocalSettingOverrideSpynetReporting* +- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ +**ADMX_WindowsDefender/SubmitSamplesConsent** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. + +Possible options are: + +- (0x0) Always prompt +- (0x1) Send safe samples automatically +- (0x2) Never send +- (0x3) Send all samples automatically + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send file samples when further analysis is required* +- GP name: *SubmitSamplesConsent* +- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Threats_ThreatIdDefaultAction** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. + +Valid remediation action values are: + +- 2 = Quarantine +- 3 = Remove +- 6 = Ignore + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify threats upon which default action should not be taken when detected* +- GP name: *Threats_ThreatIdDefaultAction* +- GP path: *Windows Components\Microsoft Defender Antivirus\Threats* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Threats_ThreatSeverityDefaultAction** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken. + +Valid threat alert levels are: + +- 1 = Low +- 2 = Medium +- 4 = High +- 5 = Severe + +Valid remediation action values are: + +- 2 = Quarantine +- 3 = Remove +- 6 = Ignore + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify threat alert levels at which default action should not be taken when detected* +- GP name: *Threats_ThreatSeverityDefaultAction* +- GP path: *Windows Components\Microsoft Defender Antivirus\Threats* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/UX_Configuration_CustomDefaultActionToastString** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display. + +If you enable this setting, the additional text specified will be displayed. + +If you disable or do not configure this setting, there will be no additional text displayed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Display additional text to clients when they need to perform an action* +- GP name: *UX_Configuration_CustomDefaultActionToastString* +- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/UX_Configuration_Notification_Suppress** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients. + +If you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients. + +If you enable this setting, Microsoft Defender Antivirus notifications will not display on clients. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Suppress all notifications* +- GP name: *UX_Configuration_Notification_Suppress* +- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/UX_Configuration_SuppressRebootNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode). + +If you enable this setting AM UI won't show reboot notifications. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Suppresses reboot notifications* +- GP name: *UX_Configuration_SuppressRebootNotification* +- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/UX_Configuration_UILockdown** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether or not to display AM UI to the users. + +If you enable this setting AM UI won't be available to users. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable headless UI mode* +- GP name: *UX_Configuration_UILockdown* +- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ Footnotes: - 1 - Available in Windows 10, version 1607. From 7415a8e65206ec48f05eaf9099b7ee31b64a255b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 19 Nov 2020 15:28:45 -0800 Subject: [PATCH 023/210] Added new policies --- windows/client-management/mdm/TOC.md | 2 + .../mdm/policies-in-policy-csp-admx-backed.md | 19 + .../policy-configuration-service-provider.md | 67 ++ .../mdm/policy-csp-admx-devicenstallation.md | 842 ++++++++++++++++++ .../mdm/policy-csp-admx-devicesetup.md | 635 +++++++++++++ 5 files changed, 1565 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-devicenstallation.md create mode 100644 windows/client-management/mdm/policy-csp-admx-devicesetup.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 98251b87fe..0e6ef2c11d 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -181,6 +181,8 @@ #### [ADMX_Cpls](policy-csp-admx-cpls.md) #### [ADMX_CredSsp](policy-csp-admx-credssp.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) +#### [ADMX_DeviceInstallation](policy-csp-admx-devicenstallation.md) +#### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_DWM](policy-csp-admx-dwm.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 365e5a94e6..fe0e5fc17f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -76,6 +76,25 @@ ms.date: 10/08/2020 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) +- [ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allsigningequal) +- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) +- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) +- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) +- [ADMX_DeviceInstallation/DeviceInstall_InstallTimeout](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-installtimeout) +- [ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-policy-reboottime) +- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-removable-deny) +- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-systemrestore) +- [ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow](./policy-csp-admx-devicenstallation.md#admx-devicemanagement-rpcinterface-allow) +- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser) +- [ADMX_DeviceInstallation/DriverSigning](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-driversigning) +- [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips) +- [ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-genericdriversendtower) +- [ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-requestadditionalsoftwaresendtower) +- [ADMX_DeviceSetup/DriverSearchPlaces](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces) +- [ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-dontpromptforwindowsupdate-1) +- [ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-dontpromptforwindowsupdate-2) +- [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration) +- [ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchserverconfiguration) - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1) - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6431d07b97..b1a2a67b23 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -377,6 +377,73 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_DeviceInstallation policies + +
+
+ ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual +
+
+ ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall +
+
+ ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText +
+
+ ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText +
+
+ ADMX_DeviceInstallation/DeviceInstall_InstallTimeout +
+
+ ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime +
+
+ ADMX_DeviceInstallation/DeviceInstall_Removable_Deny +
+
+ ADMX_DeviceInstallation/DeviceInstall_SystemRestore +
+
+ ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow +
+
+ ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser +
+
+ ADMX_DeviceInstallation/DriverSigning +
+
+ +### ADMX_DeviceSetup policies + +
+
+ ADMX_DeviceSetup/DeviceInstall_BalloonTips +
+
+ ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER +
+
+ ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER +
+
+ ADMX_DeviceSetup/DriverSearchPlaces +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1 +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2 +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration +
+
+ ### ADMX_DigitalLocker policies
diff --git a/windows/client-management/mdm/policy-csp-admx-devicenstallation.md b/windows/client-management/mdm/policy-csp-admx-devicenstallation.md new file mode 100644 index 0000000000..c52d3a4656 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-devicenstallation.md @@ -0,0 +1,842 @@ +--- +title: Policy CSP - ADMX_DeviceInstallation +description: Policy CSP - ADMX_DeviceInstallation +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/19/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DeviceInstallation +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DeviceInstallation policies + +
+
+ ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual +
+
+ ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall +
+
+ ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText +
+
+ ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText +
+
+ ADMX_DeviceInstallation/DeviceInstall_InstallTimeout +
+
+ ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime +
+
+ ADMX_DeviceInstallation/DeviceInstall_Removable_Deny +
+
+ ADMX_DeviceInstallation/DeviceInstall_SystemRestore +
+
+ ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow +
+
+ ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser +
+
+ ADMX_DeviceInstallation/DriverSigning +
+
+ + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferred over a driver that is not signed at all. + +If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was created. + +If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prioritize all digitally signed drivers equally during the driver ranking and selection process* +- GP name: *DeviceInstall_AllSigningEqual* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings. + +If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. + +If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow administrators to override Device Installation Restriction policies* +- GP name: *DeviceInstall_AllowAdminInstall* +- GP path: *System\Device Installation\Device Installation Restrictions* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation. + +If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation. + +If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Display a custom message when installation is prevented by a policy setting* +- GP name: *DeviceInstall_DeniedPolicy_DetailText* +- GP path: *System\Device Installation\Device Installation Restrictions* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation. + +If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation. + +If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Display a custom message title when device installation is prevented by a policy setting* +- GP name: *DeviceInstall_DeniedPolicy_SimpleText* +- GP path: *System\Device Installation\Device Installation Restrictions* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. + +If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation. + +If you disable or do not configure this policy setting, Windows waits 240 seconds for a device installation task to complete before terminating the installation. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure device installation time-out* +- GP name: *DeviceInstall_InstallTimeout* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies. + +If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot. + +If you disable or do not configure this policy setting, the system does not force a reboot. + +Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Time (in seconds) to force reboot when required for policy changes to take effect* +- GP name: *DeviceInstall_Policy_RebootTime* +- GP path: *System\Device Installation\Device Installation Restrictions* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device. + +If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. + +If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent installation of removable devices* +- GP name: *DeviceInstall_Removable_Deny* +- GP path: *System\Device Installation\Device Installation Restrictions* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceInstall_SystemRestore** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. + +If you enable this policy setting, Windows does not create a system restore point when one would normally be created. + +If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point* +- GP name: *DeviceInstall_SystemRestore* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to allow or deny remote access to the Plug and Play interface. + +If you enable this policy setting, remote connections to the Plug and Play interface are allowed. + +If you disable or do not configure this policy setting, remote connections to the Plug and Play interface are not allowed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow remote access to the Plug and Play interface* +- GP name: *DeviceManagement_RPCInterface_Allow* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system. + +If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store. + +If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system. + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow non-administrators to install drivers for these device setup classes* +- GP name: *DriverInstall_Classes_AllowUser* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ + +**ADMX_DeviceInstallation/DriverSigning** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Determines how the system responds when a user tries to install device driver files that are not digitally signed. + +This setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established. + +When you enable this setting, use the drop-down box to specify the desired response. + +- "Ignore" directs the system to proceed with the installation even if it includes unsigned files. +- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default. +- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed. + +To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button. + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Code signing for device drivers* +- GP name: *DriverSigning* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceInstallation.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md new file mode 100644 index 0000000000..d82cda8513 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -0,0 +1,635 @@ +--- +title: Policy CSP - ADMX_DeviceSetup +description: Policy CSP - ADMX_DeviceSetup +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/19/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DeviceSetup +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DeviceSetup policies + +
+
+ ADMX_DeviceSetup/DeviceInstall_BalloonTips +
+
+ ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER +
+
+ ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER +
+
+ ADMX_DeviceSetup/DriverSearchPlaces +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1 +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2 +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration +
+
+ ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration +
+
+ + +
+ + +**ADMX_DeviceSetup/DeviceInstall_BalloonTips** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off "Found New Hardware" balloons during device installation. + +If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed. + +If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off "Found New Hardware" balloons during device installation* +- GP name: *DeviceInstall_BalloonTips* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature. + +If you enable this policy setting, an error report is not sent when a generic driver is installed. + +If you disable or do not configure this policy setting, an error report is sent when a generic driver is installed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not send a Windows error report when a generic driver is installed on a device* +- GP name: *DeviceInstall_GenericDriverSendToWER* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature. + +If you enable this policy setting, Windows will not send an error report to request additional software even if this is specified by the device driver. + +If you disable or do not configure this policy setting, Windows sends an error report when a device driver that requests additional software is installed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Windows from sending an error report when a device driver requests additional software during installation* +- GP name: *DeviceInstall_RequestAdditionalSoftwareSendToWER* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DriverSearchPlaces** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting configures the location that Windows searches for drivers when a new piece of hardware is found. + +By default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update. + +Using this setting, you may remove the floppy and CD-ROM drives from the search algorithm. + +If you enable this setting, you can remove the locations by selecting the associated check box beside the location name. + +If you disable or do not configure this setting, Windows searches the installation location, floppy drives, and CD-ROM drives. + +> [!NOTE] +> To prevent searching Windows Update for drivers also see "Turn off Windows Update device driver searching" in Administrative Templates/System/Internet Communication Management/Internet Communication settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure driver search locations* +- GP name: *DriverSearchPlaces* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. + +> [!NOTE] +> This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured. + +If you enable this setting, administrators will not be prompted to search Windows Update. + +If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Update device driver search prompt* +- GP name: *DriverSearchPlaces_DontPromptForWindowsUpdate_1* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. + +> [!NOTE] +> This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured. + +If you enable this setting, administrators will not be prompted to search Windows Update. + +If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Update device driver search prompt* +- GP name: *DriverSearchPlaces_DontPromptForWindowsUpdate_2* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the order in which Windows searches source locations for device drivers. + +If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all. + +Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system. + +If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify search order for device driver source locations* +- GP name: *DriverSearchPlaces_SearchOrderConfiguration* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ + +**ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. + +If you enable this policy setting, you can select whether Windows searches Windows Update (WU), searches a Managed Server, or a combination of both. + +Note that if both are specified, then Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Windows then also search Windows Update. + +If you disable or do not configure this policy setting, members of the Administrators group can determine the server used in the search for device drivers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the search server for device driver updates* +- GP name: *DriverSearchPlaces_SearchServerConfiguration* +- GP path: *System\Device Installation* +- GP ADMX file name: *DeviceSetup.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 0c6e72110a34a29ba0d126976ba964d3fa058a6e Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 19 Nov 2020 16:21:06 -0800 Subject: [PATCH 024/210] Added EAIME policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 12 + .../policy-configuration-service-provider.md | 41 + .../mdm/policy-csp-admx-eaime.md | 971 ++++++++++++++++++ 4 files changed, 1025 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-eaime.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 0e6ef2c11d..90fe63842c 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -186,6 +186,7 @@ #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) #### [ADMX_DWM](policy-csp-admx-dwm.md) +#### [ADMX_EAIME](policy-csp-admx-eaime.md) #### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index fe0e5fc17f..3822a4815a 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -125,6 +125,18 @@ ms.date: 10/08/2020 - [ADMX_DWM/DwmDisallowAnimations_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowanimations-2) - [ADMX_DWM/DwmDisallowColorizationColorChanges_1](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-1) - [ADMX_DWM/DwmDisallowColorizationColorChanges_2](./policy-csp-admx-dwm.md#admx-dwm-dwmdisallowcolorizationcolorchanges-2) +- [ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList](./policy-csp-admx-eaime.md#admx-eaime-l-donotincludenonpublishingstandardglyphinthecandidatelist) +- [ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion](./policy-csp-admx-eaime.md#admx-eaime-l-restrictcharactercoderangeofconversion) +- [ADMX_EAIME/L_TurnOffCustomDictionary](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffcustomdictionary) +- [ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffhistorybasedpredictiveinput) +- [ADMX_EAIME/L_TurnOffInternetSearchIntegration](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffinternetsearchintegration) +- [ADMX_EAIME/L_TurnOffOpenExtendedDictionary](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffopenextendeddictionary) +- [ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile](./policy-csp-admx-eaime.md#admx-eaime-l-turnoffsavingautotuningdatatofile) +- [ADMX_EAIME/L_TurnOnCloudCandidate](./policy-csp-admx-eaime.md#admx-eaime-l-turnoncloudcandidate) +- [ADMX_EAIME/L_TurnOnCloudCandidateCHS](./policy-csp-admx-eaime.md#admx-eaime-l-turnoncloudcandidatechs) +- [ADMX_EAIME/L_TurnOnLexiconUpdate](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlexiconupdate) +- [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers) +- [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport) - [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b1a2a67b23..e068d6a883 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -548,6 +548,47 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_EAIME policies + +
+
+ ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList +
+
+ ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion +
+
+ ADMX_EAIME/L_TurnOffCustomDictionary +
+
+ ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput +
+
+ ADMX_EAIME/L_TurnOffInternetSearchIntegration +
+
+ ADMX_EAIME/L_TurnOffOpenExtendedDictionary +
+
+ ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile +
+
+ ADMX_EAIME/L_TurnOnCloudCandidate +
+
+ ADMX_EAIME/L_TurnOnCloudCandidateCHS +
+
+ ADMX_EAIME/L_TurnOnLexiconUpdate +
+
+ ADMX_EAIME/L_TurnOnLiveStickers +
+
+ ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport +
+
+ ### ADMX_EncryptFilesonMove policies
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md new file mode 100644 index 0000000000..3cd05e398d --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -0,0 +1,971 @@ +--- +title: Policy CSP - ADMX_EAIME +description: Policy CSP - ADMX_EAIME +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/19/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_EAIME +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_EAIME policies + +
+
+ ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList +
+
+ ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion +
+
+ ADMX_EAIME/L_TurnOffCustomDictionary +
+
+ ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput +
+
+ ADMX_EAIME/L_TurnOffInternetSearchIntegration +
+
+ ADMX_EAIME/L_TurnOffOpenExtendedDictionary +
+
+ ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile +
+
+ ADMX_EAIME/L_TurnOnCloudCandidate +
+
+ ADMX_EAIME/L_TurnOnCloudCandidateCHS +
+
+ ADMX_EAIME/L_TurnOnLexiconUpdate +
+
+ ADMX_EAIME/L_TurnOnLiveStickers +
+
+ ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport +
+
+ + +
+ + +**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists. + +If you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exists. + +If you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list. + +This policy setting applies to Japanese Microsoft IME only. + +> [!NOTE] +> Changes to this setting will not take effect until the user logs off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not include Non-Publishing Standard Glyph in the candidate list* +- GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict character code range of conversion by setting character filter. + +If you enable this policy setting, then only the character code ranges specified by this policy setting are used for conversion of IME. You can specify multiple ranges by setting a value combined with a bitwise OR of following values: + +- 0x0001 // JIS208 area +- 0x0002 // NEC special char code +- 0x0004 // NEC selected IBM extended code +- 0x0008 // IBM extended code +- 0x0010 // Half width katakana code +- 0x0100 // EUDC(GAIJI) +- 0x0200 // S-JIS unmapped area +- 0x0400 // Unicode char +- 0x0800 // surrogate char +- 0x1000 // IVS char +- 0xFFFF // no definition. + +If you disable or do not configure this policy setting, no range of characters are filtered by default. + +This policy setting applies to Japanese Microsoft IME only. + +> [!NOTE] +> Changes to this setting will not take effect until the user logs off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Restrict character code range of conversion* +- GP name: *L_RestrictCharacterCodeRangeOfConversion* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOffCustomDictionary** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the ability to use a custom dictionary. + +If you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting can continue to be used for conversion. + +If you disable or do not configure this policy setting, the custom dictionary can be used by default. + +For Japanese Microsoft IME, [Clear auto-tuning information] works, even if this policy setting is enabled, and it clears self-tuned words from the custom dictionary. + +This policy setting is applied to Japanese Microsoft IME. + +> [!NOTE] +> Changes to this setting will not take effect until the user logs off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off custom dictionary* +- GP name: *L_TurnOffCustomDictionary* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off history-based predictive input. + +If you enable this policy setting, history-based predictive input is turned off. + +If you disable or do not configure this policy setting, history-based predictive input is on by default. + +This policy setting applies to Japanese Microsoft IME only. + +> [!NOTE] +> Changes to this setting will not take effect until the user logs off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off history-based predictive input* +- GP name: *L_TurnOffHistorybasedPredictiveInput* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOffInternetSearchIntegration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Internet search integration. + +Search integration includes both using Search Provider (Japanese Microsoft IME) and performing bing search from predictive input for Japanese Microsoft IME. + +If you enable this policy setting, you cannot use search integration. + +If you disable or do not configure this policy setting, the search integration function can be used by default. + +This policy setting applies to Japanese Microsoft IME. + +> [!NOTE] +> Changes to this setting will not take effect until the user logs off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Internet search integration* +- GP name: *L_TurnOffInternetSearchIntegration* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOffOpenExtendedDictionary** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Open Extended Dictionary. + +If you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary. + +For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is not used for conversion. + +If you disable or do not configure this policy setting, Open Extended Dictionary can be added and used by default. + +This policy setting is applied to Japanese Microsoft IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Open Extended Dictionary* +- GP name: *L_TurnOffOpenExtendedDictionary* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off saving the auto-tuning result to file. + +If you enable this policy setting, the auto-tuning data is not saved to file. + +If you disable or do not configure this policy setting, auto-tuning data is saved to file by default. + +This policy setting applies to Japanese Microsoft IME only. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off saving auto-tuning data to file* +- GP name: *L_TurnOffSavingAutoTuningDataToFile* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOnCloudCandidate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary. + +If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off. + +If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on. + +If you don't configure this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature. + +This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on cloud candidate* +- GP name: *L_TurnOnCloudCandidate* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOnCloudCandidateCHS** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't exist in a PC's local dictionary. + +If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the suggestions, and the user won't be able to turn it off. + +If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on. + +If you don't configure this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature. + +This Policy setting applies only to Microsoft CHS Pinyin IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on cloud candidate for CHS* +- GP name: *L_TurnOnCloudCandidateCHS* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOnLexiconUpdate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the lexicon update feature, which downloads hot and popular words lexicon to local PC. + +If you enable this policy setting, the functionality associated with this feature is turned on, hot and popular words lexicon can be downloaded to local PC, the user is able to turn it on or off in settings. + +If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on. + +If you don't configure this policy setting, it will be turned on by default, and the user can turn on and turn off the lexicon udpate feature. + +This Policy setting applies only to Microsoft CHS Pinyin IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on lexicon update* +- GP name: *L_TurnOnLexiconUpdate* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOnLiveStickers** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the live sticker feature, which uses an online service to provide stickers online. + +If you enable this policy setting, the functionality associated with this feature is turned on, the user's keyboard input is sent to Microsoft to generate the live stickers, and the user won't be able to turn it off. + +If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on. + +If you don't configure this policy setting, it will be turned off by default, and the user can turn on and turn off the live sticker feature. + +This Policy setting applies only to Microsoft CHS Pinyin IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Live Sticker* +- GP name: *L_TurnOnLiveStickers* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ + +**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging of misconversion for the misconversion report. + +If you enable this policy setting, misconversion logging is turned on. + +If you disable or do not configure this policy setting, misconversion logging is turned off. + +This policy setting applies to Japanese Microsoft IME and Traditional Chinese IME. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on misconversion logging for misconversion report* +- GP name: *L_TurnOnMisconversionLoggingForMisconversionReport* +- GP path: *Windows Components\IME* +- GP ADMX file name: *EAIME.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From aa96b6d2f12ae8c24261592399ddec66050c231e Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 20 Nov 2020 14:54:18 -0800 Subject: [PATCH 025/210] removed deprecated policies --- .../mdm/policies-in-policy-csp-admx-backed.md | 9 - .../policy-configuration-service-provider.md | 27 -- .../mdm/policy-csp-admx-devicenstallation.md | 223 --------- .../mdm/policy-csp-admx-devicesetup.md | 447 ------------------ 4 files changed, 706 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 3822a4815a..fb21f97424 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -76,7 +76,6 @@ ms.date: 10/08/2020 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) -- [ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allsigningequal) - [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) @@ -84,17 +83,9 @@ ms.date: 10/08/2020 - [ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-policy-reboottime) - [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-removable-deny) - [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-systemrestore) -- [ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow](./policy-csp-admx-devicenstallation.md#admx-devicemanagement-rpcinterface-allow) - [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser) -- [ADMX_DeviceInstallation/DriverSigning](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-driversigning) - [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips) -- [ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-genericdriversendtower) -- [ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-requestadditionalsoftwaresendtower) -- [ADMX_DeviceSetup/DriverSearchPlaces](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces) -- [ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-dontpromptforwindowsupdate-1) -- [ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-dontpromptforwindowsupdate-2) - [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration) -- [ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchserverconfiguration) - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1) - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-2) - [ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries](./policy-csp-admx-dnsclient.md#admx-dnsclient-dns-allowfqdnnetbiosqueries) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e068d6a883..83c2c8ba65 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -380,9 +380,6 @@ The following diagram shows the Policy configuration service provider in tree fo ### ADMX_DeviceInstallation policies
-
- ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual -
ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall
@@ -404,15 +401,9 @@ The following diagram shows the Policy configuration service provider in tree fo
ADMX_DeviceInstallation/DeviceInstall_SystemRestore
-
- ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow -
ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser
-
- ADMX_DeviceInstallation/DriverSigning -
### ADMX_DeviceSetup policies @@ -421,27 +412,9 @@ The following diagram shows the Policy configuration service provider in tree fo
ADMX_DeviceSetup/DeviceInstall_BalloonTips
-
- ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER -
-
- ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER -
-
- ADMX_DeviceSetup/DriverSearchPlaces -
-
- ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1 -
-
- ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2 -
ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration
-
- ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration -
### ADMX_DigitalLocker policies diff --git a/windows/client-management/mdm/policy-csp-admx-devicenstallation.md b/windows/client-management/mdm/policy-csp-admx-devicenstallation.md index c52d3a4656..5f9d502f36 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicenstallation.md +++ b/windows/client-management/mdm/policy-csp-admx-devicenstallation.md @@ -22,9 +22,6 @@ manager: dansimp ## ADMX_DeviceInstallation policies
-
- ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual -
ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall
@@ -46,89 +43,14 @@ manager: dansimp
ADMX_DeviceInstallation/DeviceInstall_SystemRestore
-
- ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow -
ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser
-
- ADMX_DeviceInstallation/DriverSigning -
- -**ADMX_DeviceInstallation/DeviceInstall_AllSigningEqual** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferred over a driver that is not signed at all. - -If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was created. - -If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prioritize all digitally signed drivers equally during the driver ranking and selection process* -- GP name: *DeviceInstall_AllSigningEqual* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceInstallation.admx* - - - -
- **ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall** @@ -613,75 +535,6 @@ ADMX Info:
- -**ADMX_DeviceInstallation/DeviceManagement_RPCInterface_Allow** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to allow or deny remote access to the Plug and Play interface. - -If you enable this policy setting, remote connections to the Plug and Play interface are allowed. - -If you disable or do not configure this policy setting, remote connections to the Plug and Play interface are not allowed. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Allow remote access to the Plug and Play interface* -- GP name: *DeviceManagement_RPCInterface_Allow* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceInstallation.admx* - - - -
- **ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser** @@ -752,82 +605,6 @@ ADMX Info:
- -**ADMX_DeviceInstallation/DriverSigning** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. Determines how the system responds when a user tries to install device driver files that are not digitally signed. - -This setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established. - -When you enable this setting, use the drop-down box to specify the desired response. - -- "Ignore" directs the system to proceed with the installation even if it includes unsigned files. -- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default. -- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed. - -To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button. - - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Code signing for device drivers* -- GP name: *DriverSigning* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceInstallation.admx* - - - -
- Footnotes: - 1 - Available in Windows 10, version 1607. diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md index d82cda8513..77264647f1 100644 --- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md +++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md @@ -25,27 +25,9 @@ manager: dansimp
ADMX_DeviceSetup/DeviceInstall_BalloonTips
-
- ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER -
-
- ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER -
-
- ADMX_DeviceSetup/DriverSearchPlaces -
-
- ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1 -
-
- ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2 -
ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration
-
- ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration -
@@ -120,364 +102,6 @@ ADMX Info:
- -**ADMX_DeviceSetup/DeviceInstall_GenericDriverSendToWER** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature. - -If you enable this policy setting, an error report is not sent when a generic driver is installed. - -If you disable or do not configure this policy setting, an error report is sent when a generic driver is installed. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Do not send a Windows error report when a generic driver is installed on a device* -- GP name: *DeviceInstall_GenericDriverSendToWER* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- - -**ADMX_DeviceSetup/DeviceInstall_RequestAdditionalSoftwareSendToWER** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature. - -If you enable this policy setting, Windows will not send an error report to request additional software even if this is specified by the device driver. - -If you disable or do not configure this policy setting, Windows sends an error report when a device driver that requests additional software is installed. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent Windows from sending an error report when a device driver requests additional software during installation* -- GP name: *DeviceInstall_RequestAdditionalSoftwareSendToWER* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- - -**ADMX_DeviceSetup/DriverSearchPlaces** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. This setting configures the location that Windows searches for drivers when a new piece of hardware is found. - -By default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update. - -Using this setting, you may remove the floppy and CD-ROM drives from the search algorithm. - -If you enable this setting, you can remove the locations by selecting the associated check box beside the location name. - -If you disable or do not configure this setting, Windows searches the installation location, floppy drives, and CD-ROM drives. - -> [!NOTE] -> To prevent searching Windows Update for drivers also see "Turn off Windows Update device driver searching" in Administrative Templates/System/Internet Communication Management/Internet Communication settings. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Configure driver search locations* -- GP name: *DriverSearchPlaces* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- - -**ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_1** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -Available in the latest Windows 10 Insider Preview Build. Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. - -> [!NOTE] -> This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured. - -If you enable this setting, administrators will not be prompted to search Windows Update. - -If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Turn off Windows Update device driver search prompt* -- GP name: *DriverSearchPlaces_DontPromptForWindowsUpdate_1* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- - -**ADMX_DeviceSetup/DriverSearchPlaces_DontPromptForWindowsUpdate_2** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. - -> [!NOTE] -> This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured. - -If you enable this setting, administrators will not be prompted to search Windows Update. - -If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Turn off Windows Update device driver search prompt* -- GP name: *DriverSearchPlaces_DontPromptForWindowsUpdate_2* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- **ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration** @@ -549,77 +173,6 @@ ADMX Info:
- -**ADMX_DeviceSetup/DriverSearchPlaces_SearchServerConfiguration** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. - -If you enable this policy setting, you can select whether Windows searches Windows Update (WU), searches a Managed Server, or a combination of both. - -Note that if both are specified, then Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Windows then also search Windows Update. - -If you disable or do not configure this policy setting, members of the Administrators group can determine the server used in the search for device drivers. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify the search server for device driver updates* -- GP name: *DriverSearchPlaces_SearchServerConfiguration* -- GP path: *System\Device Installation* -- GP ADMX file name: *DeviceSetup.admx* - - - -
- Footnotes: - 1 - Available in Windows 10, version 1607. From 4e6e9cdaa7d939250441c427a5ba8544bf99d371 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 23 Nov 2020 11:21:59 -0800 Subject: [PATCH 026/210] Added EnhancedStorage policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 6 + .../policy-configuration-service-provider.md | 23 + .../mdm/policy-csp-admx-enhancedstorage.md | 476 ++++++++++++++++++ 4 files changed, 506 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-enhancedstorage.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 90fe63842c..f48b6b25c6 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -188,6 +188,7 @@ #### [ADMX_DWM](policy-csp-admx-dwm.md) #### [ADMX_EAIME](policy-csp-admx-eaime.md) #### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) +#### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) #### [ADMX_FileSys](policy-csp-admx-filesys.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index fb21f97424..89cd14d38c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -129,6 +129,12 @@ ms.date: 10/08/2020 - [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers) - [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport) - [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove) +- [ADMX_EnhancedStorage/ApprovedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedenstordevices) +- [ADMX_EnhancedStorage/ApprovedSilos](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedsilos) +- [ADMX_EnhancedStorage/DisablePasswordAuthentication](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-disablepasswordauthentication) +- [ADMX_EnhancedStorage/DisallowLegacyDiskDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-disallowlegacydiskdevices) +- [ADMX_EnhancedStorage/LockDeviceOnMachineLock](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-lockdeviceonmachinelock) +- [ADMX_EnhancedStorage/RootHubConnectedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-roothubconnectedenstordevices) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 83c2c8ba65..19db657bac 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -569,6 +569,29 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_EnhancedStorage policies + +
+
+ ADMX_EnhancedStorage/ApprovedEnStorDevices +
+
+ ADMX_EnhancedStorage/ApprovedSilos +
+
+ ADMX_EnhancedStorage/DisablePasswordAuthentication +
+
+ ADMX_EnhancedStorage/DisallowLegacyDiskDevices +
+
+ ADMX_EnhancedStorage/LockDeviceOnMachineLock +
+
+ ADMX_EnhancedStorage/RootHubConnectedEnStorDevices +
+
+ ### ADMX_EventForwarding policies
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md new file mode 100644 index 0000000000..4e1cf740ae --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md @@ -0,0 +1,476 @@ +--- +title: Policy CSP - ADMX_EnhancedStorage +description: Policy CSP - ADMX_EnhancedStorage +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/23/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_EnhancedStorage +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_EnhancedStorage policies + +
+
+ ADMX_EnhancedStorage/ApprovedEnStorDevices +
+
+ ADMX_EnhancedStorage/ApprovedSilos +
+
+ ADMX_EnhancedStorage/DisablePasswordAuthentication +
+
+ ADMX_EnhancedStorage/DisallowLegacyDiskDevices +
+
+ ADMX_EnhancedStorage/LockDeviceOnMachineLock +
+
+ ADMX_EnhancedStorage/RootHubConnectedEnStorDevices +
+
+ + +
+ + +**ADMX_EnhancedStorage/ApprovedEnStorDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer. + +If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer. + +If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure list of Enhanced Storage devices usable on your computer* +- GP name: *ApprovedEnStorDevices* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ + +**ADMX_EnhancedStorage/ApprovedSilos** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer. + +If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer. + +If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure list of IEEE 1667 silos usable on your computer* +- GP name: *ApprovedSilos* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ + +**ADMX_EnhancedStorage/DisablePasswordAuthentication** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. + +If you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device. + +If you disable or do not configure this policy setting, a password can be used to unlock an Enhanced Storage device. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow password authentication of Enhanced Storage devices* +- GP name: *DisablePasswordAuthentication* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ + +**ADMX_EnhancedStorage/DisallowLegacyDiskDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer. + +If you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer. + +If you disable or do not configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not allow non-Enhanced Storage removable devices* +- GP name: *DisallowLegacyDiskDevices* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ + +**ADMX_EnhancedStorage/LockDeviceOnMachineLock** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting locks Enhanced Storage devices when the computer is locked. + +This policy setting is supported in Windows Server SKUs only. + +If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked. + +If you disable or do not configure this policy setting, the Enhanced Storage device state is not changed when the computer is locked. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Lock Enhanced Storage when the computer is locked* +- GP name: *LockDeviceOnMachineLock* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ + +**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device. + +If you enable this policy setting, only USB root hub connected Enhanced Storage devices are allowed. + +If you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow only USB root hub connected Enhanced Storage devices* +- GP name: *RootHubConnectedEnStorDevices* +- GP path: *System\Enhanced Storage Access* +- GP ADMX file name: *EnhancedStorage.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 0994f74a6ec435bd52e4043d30c2718dccd5b187 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 23 Nov 2020 16:32:24 -0800 Subject: [PATCH 027/210] Added ErrorReporting policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 29 + .../policy-configuration-service-provider.md | 92 + .../mdm/policy-csp-admx-errorreporting.md | 2202 +++++++++++++++++ 4 files changed, 2324 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-errorreporting.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index f48b6b25c6..559f7b27a5 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -189,6 +189,7 @@ #### [ADMX_EAIME](policy-csp-admx-eaime.md) #### [ADMX_EncryptFilesonMove](policy-csp-admx-encryptfilesonmove.md) #### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) +#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) #### [ADMX_FileSys](policy-csp-admx-filesys.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 89cd14d38c..4d5d2f3728 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -135,6 +135,35 @@ ms.date: 10/08/2020 - [ADMX_EnhancedStorage/DisallowLegacyDiskDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-disallowlegacydiskdevices) - [ADMX_EnhancedStorage/LockDeviceOnMachineLock](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-lockdeviceonmachinelock) - [ADMX_EnhancedStorage/RootHubConnectedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-roothubconnectedenstordevices) +- [ADMX_ErrorReporting/PCH_AllOrNoneDef](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornonedef) +- [ADMX_ErrorReporting/PCH_AllOrNoneEx](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornoneex) +- [ADMX_ErrorReporting/PCH_AllOrNoneInc](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-allornoneinc) +- [ADMX_ErrorReporting/PCH_ConfigureReport](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-configurereport) +- [ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults](./policy-csp-admx-errorreporting.md#admx-errorreporting-pch-reportoperatingsystemfaults) +- [ADMX_ErrorReporting/WerArchive_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werarchive-1) +- [ADMX_ErrorReporting/WerArchive_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werarchive-2) +- [ADMX_ErrorReporting/WerAutoApproveOSDumps_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werautoapproveosdumps-1) +- [ADMX_ErrorReporting/WerAutoApproveOSDumps_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werautoapproveosdumps-2) +- [ADMX_ErrorReporting/WerBypassDataThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassdatathrottling-1) +- [ADMX_ErrorReporting/WerBypassDataThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassdatathrottling-2) +- [ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassnetworkcostthrottling-1) +- [ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypassnetworkcostthrottling-2) +- [ADMX_ErrorReporting/WerBypassPowerThrottling_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypasspowerthrottling-1) +- [ADMX_ErrorReporting/WerBypassPowerThrottling_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werbypasspowerthrottling-2) +- [ADMX_ErrorReporting/WerCER](./policy-csp-admx-errorreporting.md#admx-errorreporting-wercer) +- [ADMX_ErrorReporting/WerConsentCustomize_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentcustomize-1) +- [ADMX_ErrorReporting/WerConsentOverride_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentoverride-1) +- [ADMX_ErrorReporting/WerConsentOverride_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werconsentoverride-2) +- [ADMX_ErrorReporting/WerDefaultConsent_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdefaultconsent-1) +- [ADMX_ErrorReporting/WerDefaultConsent_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdefaultconsent-2) +- [ADMX_ErrorReporting/WerDisable_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werdisable-1) +- [ADMX_ErrorReporting/WerExlusion_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werexlusion-1) +- [ADMX_ErrorReporting/WerExlusion_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werexlusion-2) +- [ADMX_ErrorReporting/WerNoLogging_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernologging-1) +- [ADMX_ErrorReporting/WerNoLogging_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernologging-2) +- [ADMX_ErrorReporting/WerNoSecondLevelData_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-wernosecondleveldata-1) +- [ADMX_ErrorReporting/WerQueue_1](./policy-csp-admx-errorreporting.md#admx-errorreporting-werqueue-1) +- [ADMX_ErrorReporting/WerQueue_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werqueue-2) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 19db657bac..9a2bc98925 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -592,6 +592,98 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_ErrorReporting policies + +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneDef +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneEx +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneInc +
+
+ ADMX_ErrorReporting/PCH_ConfigureReport +
+
+ ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults +
+
+ ADMX_ErrorReporting/WerArchive_1 +
+
+ ADMX_ErrorReporting/WerArchive_2 +
+
+ ADMX_ErrorReporting/WerAutoApproveOSDumps_1 +
+
+ ADMX_ErrorReporting/WerAutoApproveOSDumps_2 +
+
+ ADMX_ErrorReporting/WerBypassDataThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassDataThrottling_2 +
+
+ ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2 +
+
+ ADMX_ErrorReporting/WerBypassPowerThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassPowerThrottling_2 +
+
+ ADMX_ErrorReporting/WerCER +
+
+ ADMX_ErrorReporting/WerConsentCustomize_1 +
+
+ ADMX_ErrorReporting/WerConsentOverride_1 +
+
+ ADMX_ErrorReporting/WerConsentOverride_2 +
+
+ ADMX_ErrorReporting/WerDefaultConsent_1 +
+
+ ADMX_ErrorReporting/WerDefaultConsent_2 +
+
+ ADMX_ErrorReporting/WerDisable_1 +
+
+ ADMX_ErrorReporting/WerExlusion_1 +
+
+ ADMX_ErrorReporting/WerExlusion_2 +
+
+ ADMX_ErrorReporting/WerNoLogging_1 +
+
+ ADMX_ErrorReporting/WerNoLogging_2 +
+
+ ADMX_ErrorReporting/WerNoSecondLevelData_1 +
+
+ ADMX_ErrorReporting/WerQueue_1 +
+
+ ADMX_ErrorReporting/WerQueue_2 +
+
+ ### ADMX_EventForwarding policies
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md new file mode 100644 index 0000000000..5b37b35bbd --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -0,0 +1,2202 @@ +--- +title: Policy CSP - ADMX_ErrorReporting +description: Policy CSP - ADMX_ErrorReporting +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 11/23/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_ErrorReporting +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_ErrorReporting policies + +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneDef +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneEx +
+
+ ADMX_ErrorReporting/PCH_AllOrNoneInc +
+
+ ADMX_ErrorReporting/PCH_ConfigureReport +
+
+ ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults +
+
+ ADMX_ErrorReporting/WerArchive_1 +
+
+ ADMX_ErrorReporting/WerArchive_2 +
+
+ ADMX_ErrorReporting/WerAutoApproveOSDumps_1 +
+
+ ADMX_ErrorReporting/WerAutoApproveOSDumps_2 +
+
+ ADMX_ErrorReporting/WerBypassDataThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassDataThrottling_2 +
+
+ ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2 +
+
+ ADMX_ErrorReporting/WerBypassPowerThrottling_1 +
+
+ ADMX_ErrorReporting/WerBypassPowerThrottling_2 +
+
+ ADMX_ErrorReporting/WerCER +
+
+ ADMX_ErrorReporting/WerConsentCustomize_1 +
+
+ ADMX_ErrorReporting/WerConsentOverride_1 +
+
+ ADMX_ErrorReporting/WerConsentOverride_2 +
+
+ ADMX_ErrorReporting/WerDefaultConsent_1 +
+
+ ADMX_ErrorReporting/WerDefaultConsent_2 +
+
+ ADMX_ErrorReporting/WerDisable_1 +
+
+ ADMX_ErrorReporting/WerExlusion_1 +
+
+ ADMX_ErrorReporting/WerExlusion_2 +
+
+ ADMX_ErrorReporting/WerNoLogging_1 +
+
+ ADMX_ErrorReporting/WerNoLogging_2 +
+
+ ADMX_ErrorReporting/WerNoSecondLevelData_1 +
+
+ ADMX_ErrorReporting/WerQueue_1 +
+
+ ADMX_ErrorReporting/WerQueue_2 +
+
+ + +
+ + +**ADMX_ErrorReporting/PCH_AllOrNoneDef** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled. + +If you enable this policy setting, you can instruct Windows Error Reporting in the Default pull-down menu to report either all application errors (the default setting), or no application errors. + +If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The Windows applications category is a subset of Microsoft applications. + +If you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications. + +This policy setting is ignored if the Configure Error Reporting policy setting is disabled or not configured. + +For related information, see the Configure Error Reporting and Report Operating System Errors policy settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Default application reporting settings* +- GP name: *PCH_AllOrNoneDef* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/PCH_AllOrNoneEx** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on. + +If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. + +If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setting. + +If you disable or do not configure this policy setting, the Default application reporting settings policy setting takes precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *List of applications to never report errors for* +- GP name: *PCH_AllOrNoneEx* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/PCH_AllOrNoneInc** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies applications for which Windows Error Reporting should always report errors. + +To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors. + +If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reporting policy setting is set to report no application errors. + +If the Report all errors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components category.) + +If you disable this policy setting or do not configure it, the Default application reporting settings policy setting takes precedence. + +Also see the "Default Application Reporting" and "Application Exclusion List" policies. + +This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *List of applications to always report errors for* +- GP name: *PCH_AllOrNoneInc* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/PCH_ConfigureReport** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled. + +This policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. + +> [!IMPORTANT] +> If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel settings for Windows Error Reporting override this policy setting. + +If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting: + +- "Do not display links to any Microsoft ‘More information’ websites": Select this option if you do not want error dialog boxes to display links to Microsoft websites. + +- "Do not collect additional files": Select this option if you do not want additional files to be collected and included in error reports. + +- "Do not collect additional computer data": Select this if you do not want additional information about the computer to be collected and included in error reports. + +- "Force queue mode for application errors": Select this option if you do not want users to report errors. When this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error reports to Microsoft. + +- "Corporate file path": Type a UNC path to enable Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrator to log onto the computer can send the error reports to Microsoft. + +- "Replace instances of the word ‘Microsoft’ with": You can specify text with which to customize your error report dialog boxes. The word ""Microsoft"" is replaced with the specified text. + +If you do not configure this policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server 2003. + +If you disable this policy setting, configuration settings in the policy setting are left blank. + +See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Error Reporting* +- GP name: *PCH_ConfigureReport* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled. + +If you enable this policy setting, Windows Error Reporting includes operating system errors. + +If you disable this policy setting, operating system errors are not included in error reports. + +If you do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors. + +See also the Configure Error Reporting policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Report operating system errors* +- GP name: *PCH_ReportOperatingSystemFaults* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerArchive_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive. + +If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted. + +If you disable or do not configure this policy setting, no Windows Error Reporting information is stored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Report Archive* +- GP name: *WerArchive_1* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerArchive_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive. + +If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted. + +If you disable or do not configure this policy setting, no Windows Error Reporting information is stored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Report Archive* +- GP name: *WerArchive_2* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerAutoApproveOSDumps_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps. + +If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. + +If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Automatically send memory dumps for OS-generated error reports* +- GP name: *WerAutoApproveOSDumps_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerAutoApproveOSDumps_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps. + +If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. + +If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Automatically send memory dumps for OS-generated error reports* +- GP name: *WerAutoApproveOSDumps_2* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassDataThrottling_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server. + +If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. + +If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not throttle additional data* +- GP name: *WerBypassDataThrottling_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassDataThrottling_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server. + +If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report. + +If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not throttle additional data* +- GP name: *WerBypassDataThrottling_2* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network. + +If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted. + +If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send data when on connected to a restricted/costed network* +- GP name: *WerBypassNetworkCostThrottling_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network. + +If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted. + +If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send data when on connected to a restricted/costed network* +- GP name: *WerBypassNetworkCostThrottling_2* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassPowerThrottling_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source. + +If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. + +If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send additional data when on battery power* +- GP name: *WerBypassPowerThrottling_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerBypassPowerThrottling_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source. + +If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally. + +If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Send additional data when on battery power* +- GP name: *WerBypassPowerThrottling_2* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerCER** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft). + +If you enable this policy setting, you can specify the name or IP address of an error report destination server on your organization’s network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission. + +If you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Corporate Windows Error Reporting* +- GP name: *WerCER* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerConsentCustomize_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the consent behavior of Windows Error Reporting for specific event types. + +If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4. + +- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. + +- 1 (Always ask before sending data): Windows prompts the user for consent to send reports. + +- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. + +- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft. + +- 4 (Send all data): Any data requested by Microsoft is sent automatically. + +If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Customize consent settings* +- GP name: *WerConsentCustomize_1* +- GP path: *Windows Components\Windows Error Reporting\Consent* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerConsentOverride_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. + +If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting. + +If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Ignore custom consent settings* +- GP name: *WerConsentOverride_1* +- GP path: *Windows Components\Windows Error Reporting\Consent* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerConsentOverride_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. + +If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting. + +If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Ignore custom consent settings* +- GP name: *WerConsentOverride_2* +- GP path: *Windows Components\Windows Error Reporting\Consent* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerDefaultConsent_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting. + +If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting: + +- Always ask before sending data: Windows prompts users for consent to send reports. + +- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft. + +- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. + +- Send all data: any error reporting data requested by Microsoft is sent automatically. + +If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Default consent* +- GP name: *WerDefaultConsent_1* +- GP path: *Windows Components\Windows Error Reporting\Consent* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerDefaultConsent_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting. + +If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting: + +- Always ask before sending data: Windows prompts users for consent to send reports. + +- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft. + +- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. + +- Send all data: any error reporting data requested by Microsoft is sent automatically. + +If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Default consent* +- GP name: *WerDefaultConsent_2* +- GP path: *Windows Components\Windows Error Reporting\Consent* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerDisable_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. + +If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. + +If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Windows Error Reporting* +- GP name: *WerDisable_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerExlusion_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on. + +If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. + +If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default. + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *List of applications to be excluded* +- GP name: *WerExlusion_1* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerExlusion_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on. + +If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. + +If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *List of applications to be excluded* +- GP name: *WerExlusion_2* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerNoLogging_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log. + +If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log. + +If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable logging* +- GP name: *WerNoLogging_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerNoLogging_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log. + +If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log. + +If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable logging* +- GP name: *WerNoLogging_2* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerNoSecondLevelData_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. + +If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. + +If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not send additional data* +- GP name: *WerNoSecondLevelData_1* +- GP path: *Windows Components\Windows Error Reporting* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerQueue_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue. + +If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. + +The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. + +If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Report Queue* +- GP name: *WerQueue_1* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ + +**ADMX_ErrorReporting/WerQueue_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue. + +If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in Control Panel. + +The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. + +If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Report Queue* +- GP name: *WerQueue_2* +- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings* +- GP ADMX file name: *ErrorReporting.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From bd72e91c53680ab17b9443e579760e4333f4af45 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 23 Nov 2020 16:39:28 -0800 Subject: [PATCH 028/210] Fixed build warning --- .../mdm/policy-csp-admx-errorreporting.md | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 5b37b35bbd..1cad07a317 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -115,7 +115,7 @@ manager: dansimp
-**ADMX_ErrorReporting/PCH_AllOrNoneDef** +**ADMX_ErrorReporting/PCH_AllOrNoneDef** @@ -190,7 +190,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneEx** +**ADMX_ErrorReporting/PCH_AllOrNoneEx**
@@ -261,7 +261,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneInc** +**ADMX_ErrorReporting/PCH_AllOrNoneInc**
@@ -338,7 +338,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ConfigureReport** +**ADMX_ErrorReporting/PCH_ConfigureReport**
@@ -428,7 +428,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults** +**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**
@@ -501,7 +501,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_1** +**ADMX_ErrorReporting/WerArchive_1**
@@ -570,7 +570,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_2** +**ADMX_ErrorReporting/WerArchive_2**
@@ -639,7 +639,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_1** +**ADMX_ErrorReporting/WerAutoApproveOSDumps_1**
@@ -708,7 +708,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_2** +**ADMX_ErrorReporting/WerAutoApproveOSDumps_2**
@@ -777,7 +777,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_1** +**ADMX_ErrorReporting/WerBypassDataThrottling_1**
@@ -846,7 +846,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_2** +**ADMX_ErrorReporting/WerBypassDataThrottling_2**
@@ -915,7 +915,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1** +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**
@@ -984,7 +984,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2** +**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**
@@ -1053,7 +1053,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_1** +**ADMX_ErrorReporting/WerBypassPowerThrottling_1**
@@ -1122,7 +1122,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_2** +**ADMX_ErrorReporting/WerBypassPowerThrottling_2**
@@ -1191,7 +1191,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerCER** +**ADMX_ErrorReporting/WerCER**
@@ -1260,7 +1260,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentCustomize_1** +**ADMX_ErrorReporting/WerConsentCustomize_1**
@@ -1339,7 +1339,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_1** +**ADMX_ErrorReporting/WerConsentOverride_1**
@@ -1408,7 +1408,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_2** +**ADMX_ErrorReporting/WerConsentOverride_2**
@@ -1477,7 +1477,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_1** +**ADMX_ErrorReporting/WerDefaultConsent_1**
@@ -1554,7 +1554,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_2** +**ADMX_ErrorReporting/WerDefaultConsent_2**
@@ -1631,7 +1631,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDisable_1** +**ADMX_ErrorReporting/WerDisable_1**
@@ -1700,7 +1700,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_1** +**ADMX_ErrorReporting/WerExlusion_1**
@@ -1770,7 +1770,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_2** +**ADMX_ErrorReporting/WerExlusion_2**
@@ -1839,7 +1839,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_1** +**ADMX_ErrorReporting/WerNoLogging_1**
@@ -1908,7 +1908,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_2** +**ADMX_ErrorReporting/WerNoLogging_2**
@@ -1977,7 +1977,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoSecondLevelData_1** +**ADMX_ErrorReporting/WerNoSecondLevelData_1**
@@ -2046,7 +2046,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_1** +**ADMX_ErrorReporting/WerQueue_1**
@@ -2117,7 +2117,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_2** +**ADMX_ErrorReporting/WerQueue_2**
From 82609ee37dc9717083f5188d3aa24d791e389058 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 23 Nov 2020 16:45:10 -0800 Subject: [PATCH 029/210] Updated the scope of a policy --- windows/client-management/mdm/policy-csp-admx-errorreporting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md index 1cad07a317..a220ae0692 100644 --- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md @@ -1159,7 +1159,7 @@ ADMX Info: [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] -> * User +> * Device
From eb41ea66cdf3477157f9c4c366425fdbbcf3e418 Mon Sep 17 00:00:00 2001 From: Dominic Jean Date: Tue, 24 Nov 2020 11:38:31 -0800 Subject: [PATCH 030/210] Format of resolution for "The TPM is locked out." The resolution for the "The TPM is locked out." issue was missing newline characters in the PowerShell commands. This change adds newline characters between the commands so that the command is easier to run. --- .../bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index c112d898f7..7d66ced22c 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -39,7 +39,9 @@ To resolve this issue, follow these steps: 1. Open an elevated PowerShell window and run the following script: ```ps - $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} + $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" + $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus + if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} ``` 1. Restart the computer. If you are prompted at the restart screen, press F12 to agree. From b7003007b00444f6eba4859cca91e2efee00a5f3 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 25 Nov 2020 17:14:20 +0200 Subject: [PATCH 031/210] Add info about HTTP error 429 https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8666 --- .../threat-protection/microsoft-defender-atp/common-errors.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md index 34adbf6fbe..c43240cb86 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md @@ -46,6 +46,7 @@ DisallowedOperation | Forbidden (403) | {the disallowed operation and the reason NotFound | Not Found (404) | General Not Found error message. ResourceNotFound | Not Found (404) | Resource {the requested resource} was not found. InternalServerError | Internal Server Error (500) | (No error message, try retry the operation or contact us if it does not resolved) +TooManyRequests | Too Many Requests (429) | Response will represent reaching quota limit either by number of requests or by CPU. ## Body parameters are case-sensitive From dd371f7dacce90fd3d1ff264cffdfe5f5ebd6928 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 30 Nov 2020 17:38:13 -0800 Subject: [PATCH 032/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...s-baselines-microsoft-defender-antivirus.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index f562eb572d..fcdd4188f5 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 11/06/2020 +ms.date: 11/30/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines @@ -77,6 +77,22 @@ All our updates contain
+ November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17600.5) + + Security intelligence update version: **1.327.1854.0** + Released: **November 30, 2020** + Platform: **4.18.2011.6** + Engine: **1.1.17600.5** + Support phase: **Security and Critical Updates** + +### What's new +- item1 +- item2 + +### Known Issues +No known issues +
+
October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)  Security intelligence update version: **1.327.7.0** From 92731f4e39b5af0f67b4a2c1c5a68f94fc2d87dc Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Tue, 1 Dec 2020 21:29:45 +0530 Subject: [PATCH 033/210] Changes in Deployment steps for GA --- .../images/ios-deploy-1.png | Bin 0 -> 155033 bytes .../images/ios-deploy-2.png | Bin 0 -> 98511 bytes .../images/ios-deploy-3.png | Bin 0 -> 89449 bytes .../images/ios-deploy-4.png | Bin 0 -> 89411 bytes .../images/ios-deploy-5.png | Bin 0 -> 141376 bytes .../images/ios-deploy-6.png | Bin 0 -> 115478 bytes .../images/ios-deploy-7.png | Bin 0 -> 97992 bytes .../microsoft-defender-atp/ios-install.md | 118 +++++++++++++----- 8 files changed, 87 insertions(+), 31 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-1.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-2.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-3.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-4.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-5.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-6.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-7.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-1.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-1.png new file mode 100644 index 0000000000000000000000000000000000000000..e4e04c84d00fcb2c93ab5b10532ec2b79fe73e16 GIT binary patch literal 155033 zcmcG$WmFwYvpR6`5f@c+ zGdO#Lbt0BYVMd&4|5@35(RtJD?s}LJ)4n$0k})_j@zpQw?;nAwSv*j(_PwX&4=+&N zMLXHLb?vW+bghBLZ7o{^_X82!SY z_OHXlRw|`rWY0htR$NX_wVJt5jE6*)$#8U@#az+xY$4KrUMo*?!(%oaO_Eny8WtIe zT*!ChKF@fn*Xn?yp|N;*d1>_DRR1Rad&tS&J}4#z&B4JT@pR${SY6_HH7kKnM9??W zoBba=ykGr9G&i{jcVSaCGC8SH#*rh{304&8`SjJ|_IqI~{r_g7sI->+%(^lzDXH*Z z9N$15<>s$oY2cduAMwm+B<*VIMY$vR{^zNv5T;YMf7I~zDelj8CH?|Y;<;_rUuSG8SXs_M)6i#&Uwa<( zpC(u-v9PdVfJLR1@yES^c6?7kR8qs!+1Jx({P0`lF= z+7{kYwZ4Rh4xx&wN^D|c=$Fxg7I;ANR;`~S>VXZ5f zc8qM1bcq=0FYr%)_RTL}#?YR=f@u7}H}WWVMkU3R{NoezEx(<%AerT(j0#v!EppM2 zZl3476l5Vwv-c*1aTNvv#zmCyXod_QddEIv{9~u5VRHA%RKgRJUl$v6tgQW`d&31S zsu~)>x;(ZzgC|}U9HxF`$JGEcxd7ASoOYFHWp&boHFh`e01NzCphlg zYQ}4_+6>I#vDrRJ7;f=?;dZgvivI2WBBCTE7Y^JCDKW8O;1^SQwbnKyq-Oq+bOOV? z75<@!ZDuJrIvFl9GE&I>%~feeNR<+L`4eyNQZb%ar{Ip2IrHjEP?gascV&O|frc6V zbzO746ss-kqg(43yIjU+Eki>x+`G&_ZPTgBrB`QXA& z>l^FaM|-fEQft+m27?@ZB2q$>$jIF}Azc4xVf6K&;6Qr+hr`aRdth*IkFp^=)=-qF ziV9|tQWkP$_68`|DOtI=NfK>&MQ3NF{-a*oqjwk|XEi5)yN46_XM3p{gZP#3XfivF zVm^(d_-gkFNjxybn@VRvLo>~J z#m&>)^BuHT>viIVeCHa}S~|mXMfmiLjioeG<(F`@=U{|RvDG2^<(Q))l?V6P!{e^t z4=?jXLI zP1R}iq_fZ64jtiLob@8VdQEDbuDl{of6_dsTtHsX{xd<=*TxT^c@i-q6L3QK`T2#0 zg(Y9v7b#^>NMxGRSbZE&*XP zOWhbu@`G+Q_5?z7>w;y{?dkdj(^r_8&Jl; zc(7hd{`d@zP6Hq_GXajwLfLt8X@pVBhulS#{=8WaesxdUDo~eZQlSy&A|=g&QQfeq zxg-u(RZ=~ug_m0Dnd?IzBD<=1^s#_45mcR6aZ?PZT4)7m30izy*UQ{CG9jn2e>t%a1IV6Hv5MX@M+M)!V#cpd!CRcdbMi-6+H$!0&px1Xeu z$G`~l_NM3i{(3IYk|LqOjy)H5bwt)0G_i47wb)73`ey2N0!*&HS?PDe1Y}wTRi0{> znU`LQIM`)JrIo`HJWl5`I+%GGQ-dm;N#z?u3pVci0iH}z zr9Rd3%%Y0a4*TvsZfccfNPCLkvpPsrOgbDcV2R;n&!}e=2{L>BIrOKwn0`V*-ssm^ z$ch}d(RljF@ty^;N&e6x>VF$+DIpM*6^*Atw-XKn17l=jq$f3wlFjnaiHe%Wc=Ajs zg3spNL~qYrReD`i(CB|Q!Km&h${Dy5IU&c#bjW0U;vPryDapx+Pxsf7YV$;&P^{_R zXDIW-19LjyA$;Oa@6~}F`+|R|Yy*0NhqtO{h2Yx<+u{}Vpq5TwsESDE{aHjFG+Sii zZ8RlX%M-|gbeP#${8M5b%VKa^*yl@NCf4x4es%}%{+490Z6|NZ&5y4L(W{LO9Yr?l z*bGzhiB|@EGX$qtz_D^0L2S7nbgYi{24sAM8d|NC=nG)?G;+M{uSL)(QKZugCkPx7 zy}T|$7&u8QyzP!`6Uc3!w=VVh)z!lIh@$o5&18L@NFpRrME^j(0j!qMk@3!c?LqR- zNVbaqv=)>fX#90b`_phZLt<5oIVxI`C(^Lx5E?kVE*}?soy$I79d}=zQT?cx;2!j* zeu8{Zpi3P&U7Vkf^!)G(Nmxm0ITV3~IR`+?N~*5Sj;5}?>j8k&SRRIH)7b!g+teAr zNzUWEr#EX|6ID`GW!X`!j=*+CmYz=wf}grBL_t_^2WSax!qWu9IjrC@x3e!U1k2@& ze(*{tm#4OgUq_cG-O1Ntr?S?Yddxqt{pLUAX`L$stPg1L(|Oz1dNGn;y!)t9uAA<~`=xxShyvvNVO>Mt}!0d0~J*UCq;xX=U1aomV=hx~v~9deB&B z?K~{mSy1RVuXra^O!uq+;t;c+A^=T~2ud@SiWr;` z$RAe+WfOY*x}d)*wINC?9(j4IOWadf1h z*f=m%li|=4wx!;eqC(zD!h~sO{}`DSO_P^@neMuHG%6K8Ej_J&VFUViSC>OZ{ict> zrCn1{VJX4cdFIZ~BcwkDRW*%Ge(fQ&&yVi?8=E=+0A|8xT3XG=rzg7Vb68tVc!2W2 zCjh#dbuL1>AS`#X>0_9a(4~v3e`S(!wI|Y;95Rc!CJzuz!r(UrD;gfZy`p@_z@3ZB zqMhS;OxAEtewoJd$7`Bkv{UA5`{4R0YL5rQ&=)1?XNKM%s`WEVTd<_j(KUs9bmuY^ zjHd&JeBr-~o~P&M69W?IXzwU0^IJBno5@}U^o`6xkhFNNru^R9J6|YI?-jjr!^+c2 z>GjqFncrTgiy`6QWFwFcz?m$^1y3_|8}&0NOZ~LZs%W> zzLMrbXyl{?$=udQk$BvxtgdXqcWqwS)qw8;$4uo9aqViH1B=@k*Y(c^A!vICpjal$ z>dru>rm(I`tU=!1bUh9D{Kj?POhG7~y6_dtj+jAxG>xTsT0CZSUg8Fds8mp88!g|! zll@1q6!xF49mD-j8PuFx=G3qRpFJ3YhYF*Y{$qD7*)}@gMN(1FD-RmS7)_n zEo1Bs@9DW`Tzy$JQkR}C^ksZyRAI3+C44)>tcs#wxPd3AZUw>_n~ zg0?Z{c^-J1A*-eyMzYv+U-zptTZnYhuC947DFp#sj17+NszSA@u$D-pP_VV-UDobf z>;5cgPvc1Eyk!0rPpM2IcD?rTAD_XiTp0`&I!4Zuk zb3>#;yYACcdcXD#pol)m|L|EWwUMliZY=+Nd--sYnw>EMDGcWyxgfXO+Z*!>`om6%6AF0%)EQ9Wv{6cufx& zF1L3sL7iL+&0Q}4y#m^zJrPVfBy9-5VeSWinsnjWTWVy}>Q*RI^g2u_L z2p6B%1*2*mO;S|m6T=u|U|!kP;R)>R&jSd3Yiq6L7NenX1vg^M7?n89q>=Kv3YZyI zTa)ulV9oRe^}1C3-{ z^4DJK3BqG)n(D*jV@3_Yn$Fmzz!3GzO~P0fo@b` zu#-b~=NH}TH*RcNR$96VDRk?KvNBN#0|AXmLMRi!iO4Fh-Kb_tVpFiHC&|+*Z9JXhbtU z(16Vfwyy&!>t4iu{<|t^h7uB=X2IE@hh2L+HoQAbp3bnE^B#Lgy90Y(L^;L-E!i0N z=(`~d` zPpYiM_V;d3VHG!d?PV8Ii zd|_WnCX7Dcak72S*!pu+&$GH- zStC6%KniX9vC^Cl^TEkkA`Cxdsm7>4ICx4YAU9RsK1VYjOhwlFFlEvQp@jeQYj4jW zkuFrfvWiByxjA0%W&yn38{Dps6ZhD)s-49eX(q2bTC1_uQs`9*37NmQ98ItG@-4J2 zi>T#{;wsglgp66%mm|IhgT@NHJjoOl} zHZJTMU|5XJ<=41>M~mcgnzme~%ItVTb{`C{W026UzR2!N1Q{61f9qXe#0aSpPV#;_ z9ROtVdZWSawx;8FW0<`B?47=Rc#DbrXZP(DGyYOECxyizvE6WHivbt{MV(N>Ve+h& z$!o87LG1k73t|$!#0}M4F{jT$^jV!N%|^FaTiDt4OuK6w1yRn~WZ$$!b8s2OvpOYn|oH)Dgr;4sNqM z;Xo0+dICqv7KnEby|q7F@(B>Kk{S+v6sA2sPBrdLb{r{iC>xI@CJEML4Zui=r%%yV zKO8c-neaJYuw{!j?1&KuK z3+i!{ed8m=%(9vlEk3Y`tO*?zYZvTjF0>FwdU$dT(>CqZYbJivV31J{xw4 zOMgYamMb5K(+S)V4DE^rqw+OrHQl$$rx3ftLwCqecV_UrkfNjvmyKP&@2!T`Y~y_h zQ-IW0fZ7bY!vdL~MIU5LQqpjt;D9X_sNLNt$K1VsLKQ{bYchG3Y0hITmU;wi=;Beb zg`aALW66c|$lvmxOD@`uF$_fbC?K?j2>xXG$f7_+kJ!Jz)0tab2>CN^&W^GWf?yQr zhUrEYlLJdxu8c8odJvU$=|F|XplKycOdhk4n9x~*G9^Kzk|c+MWN$Gizf5%hy{U@7 z>B7@5b3$Ic%grC&F9sbWhy2_ylQ0^G@-25QAAUVVsXrfIB6lY~lQXazbtog%4LcEM ztYJZ-R7=Q`m$S_|q;c4YxE+rsT9cCJ6I6_ZpkdH3SPyv;oT#bwX%lCoozM8~0*}3W zEM9Mh$6Z=3OlmowG4?7NsO2|hne6}aJySGkV8J;Wi6fS-++*0S(SJleZG zJz<+WhID+`#__NB%0G)* zK<@6DpyT3_|1Qd|l9ZIE+oUr4$b5*>*S81M5^aT2nzF@y2!-P$?yRL12TX#is=s&I z^R(O(gdd%JInYTw#G&BgBdi|u&W_h+noBZ;Gr6Es!Y}U_Othwo56NoPXSEW3fN`>1 z(n$VDPXk3xz9X$D*M9@8yR*^AnE9gAt53Mqm?RyE*c;&afI;&ddGR(sO@x170g1&3 zPuzAVpR8@57Je4^WyYKpogjf`F0TlGSR=--u@jn`q${$7ZtyNi;w1C~N?$;^Ibg0I zWAk?c20rt%zCZ*fg<;s$m2xziY{um^MX+aTzlZ>ylCVZ(^X{2(;sNeQE&!>L&BYL# zFZ7HCu5;?Y)>cs=RHv~$z?>4XTIZ2kKPW`3_`%xgSak7D_W&MS3TjHq6A~fuiAG0d zAdtNJsWTbG_3eGZzko+qUD_KVM#N^etS27fuHmjorJ-~w5;LhkV>?7cg}0b1uuB1_ zL>j{};||_u=K`8jK~>Q=UA6gqgJ!yI*cP^@jF%m7Dk>s=P^^#=#M?FI@MVUJGGc9+!oqsQbl*PkSNx{jg}z zo(C{7i2C~ml^%)+j~4Wk*!QdR38KE(wc2HHWg$Ta+z$zHIE9z7D_$e4*DQG>I=C>) zEkFylxSag=fumx;NI(8YyRPxUq)4n7&_+I256aZom`(!DGGnI2DZ;pUe{X#fRKtCa zV6um1UB+@sC+^oq*S8~aF}*N1)UdE7noOlD)LDll)FjEq>ClsG;^%;%f+dQ7(hN7 z%w?+0+iAvBfy`xeE{q6SjX4OM2_9~r*;0V#>ucJho$Q~F>jYJ;VQsX#1oh`yxW&tG zF%CAOBp88mV{pvL#@NT^0%|?RKHAIA4=$kbvvkB7YnqBuBrA{w=Cq#}EiT^BVZ%p& zZ9xu(j!u7Cp(Cxtec>e|5*OS&T(~CM)=U=eX;r*1vchwb_}Qk%b%vsz>~!t0>~pk@ zdvZ%td7P0mf86EHbRykWcG~R|431))x7OlqN(us;R&2f~FUZZ>JG^o7rk_OAS_YL8 zO;NP#C2HtaVLN;Dl|Oh1M5wJ-eA?jwc;`~yMlsjCPNO6;Q50)b2n9qf2`uB<^Z39#}C^4lAp5H!eV(C}DNR=iJIhhzk9 z*gmL|$LqDwOkTs=HXU@$P1r}8QNfLkT=xd51?3DfLw@QBM)cXBd(wP6R<&BJ%?$qG zZPPMn1qIc}Y$qtSpRX+t^27yb*4Fy?Y2o+!8tX_Ht`GeiI%xWQZ^&yxSoW+y0pD-e z_FgB_T50LK$8XAMsEraW&UVyZnU$MZ!T&&h6GI|8k`lEPqZm}%XWAVecd}kQ1Gn_Q z1f0J<97`Y_<+rp*hx22vehv<=sS9jO3esy7UCV_R^rmP=FFv1|Z)R$cxDAW~H^i+~ z!zfLva${{#XmXqGME>|G2zc5i4Bp6!x1EilMtv%Da~s)tPLRlehW5wo>)m0HYbgST~EZiUY%#F zI6Fezu(@A$QU;7phIc^v!eil|T8QXwks`U$yDW@_wuI;XcIk^=WdoltZgc|7`moo@I5&!m6lg|}Wd)L$eNjGh4Olyr@}V7{#+5hdrm429YgM*VVmz-B6)P6mrYU8Ap-vJSttA&UMy~_8xA(qu7 z%~Rhr+^aiPIGsf7hVN~SGQc6JBxE8#=#DsHy=l%g8KPQq&d|~231ykgihZvie(~NpQMEP)K8p*XFri6kOneL`X zemVee)F%?xq<>&FzM9C1Sg1%+(C^ z^u1t-o4oRT`osMpHo$y}U$PRha5%W{Gn0OuRL%$cn1@-eLyvJnpdZjGgQ8Gjbm+AnkWaiK7*D zC#1GAJt9W2V~h9_N4OQvn{l+kW6@1xOlq1RMMd}xI}NvEBXS)9rEiUS`L+!3{y_#x zT9Ii1DJyC|fN0hW>PRbpf^pZq1ERseq*%f?C{Im=pnz7PVA3wccw@xuoPKFfG5m;L zvEBfbMlLp|Q?CJ)e#hNf$5gUgz6|4)DtJU7EjN1hWRrtML|7iG)!9(j-8{lF7xJQ6 zIvW58qM8iQ zJfN7!>s7=5uuJ_3L5sann6tsj^dr3(z@CK1^^*g=vV+SAKhS)fQQM{ESlAYCMnjA+ z^qFn`Jfz+g$ED5L3unEv^NO!hp2c^q{;L2oC+GX_EvjYQqR24(a8*L{hs)bB(p16~ zQ16)3wWl{&aXx?V(ylJhud51w{a&l)EKeZ&^)Nefd@f&?M_#}4rm}=%X^nv9*@NBa z)|0zJYJP=#9K|ddmG_m+Z{5Pqd`m@M*I9a%<@rL$?U=~;v0!iH9mi>Sl@$=ke2E(B zb>u9PX0V^>u0?9jb!tG2S+}u9J3~Z$Av#a@Kl^2h|C$-|w4L$Q+ zp7X%OJ?%=e$PV?%yycl2`&laCc&lpz!@i9Li`-#tjWdp+d!C~|KRETppCitYUmZw1 zwyg9hH#`Zp)5|3~qeqX67`f=3K^@lXAV4l5Gwudh}3&PK@t>h(>zI z@KJH^%pjs?RqRp<{xI!>(RciQIBZ+l{nnic{U?DDU^pM4jv2n7_DLxg*>{-$l-xOe zXqr8e9Ee6+0zy`YZ4k#ScrxtfFc0IjF`{Sm*i!1ZyzNy*E&Q!gBtxn|4 zOvvA2g`6&p#3jW?+%Z7?!Op4t=D3)q;9~3}Nnq8WJRGp*q5}2Z)^&_ zq(Fxbls?U`jeDO3fT4Uips8AL%D67j{IR2PBv*^tlwRxCNw|RzQXCbsifXza$;}|j zN1E=#!=b)lzSOSW8e|9kq`PNmAnoBGb?dsk<`jfkFt|%G-<~IP6+&-~pI|aO+f9T( zGi7`CaD@%e+t!L^)rg8_DH+-xAPuNR6=;Q_f#c4>b_SE>1UA>J%meC%Kbz`=cXKQc z;|jJp`_i5c2n`auO1(P>+|u(aLQ6z&t2+2~j~@^j%3^acg3Nb}JCe+IF3Wa~XMjj1 z=9xZ>r}D(R2+$^;R^3IR4++E`@Se>TgMHd_HKtoKtuPhb%(w6SJ{^2&Sz(kQVU}Xj zsl5C$8rl-pMXGU`(||DA@U55)7BA-4U|Hb}z;%UT-Ajx@k-kb6X#Vk{16*jX&f9K^ zI)UO;z?)m0A0gDA{QdLDJe>rIwFwf80C1W0-T)$bGCg{w{>XUe^+}7(ocnMh%}<8% z6_kGv%*BtLtrW%zwS5Fa5wjQWH0PmKxNY3wHbT5m?Qyh^5o+}zBwAt`?r?Xk`4ino zT8rkIS6wgIM5;a@jo9r??9(La5SdOGCRBT#zfRM2{dS=F&e%(O+U#JwILXVWpXgFx zMQsL`ANE0U*v=JfCRb^2;e7jTYJrRqMZKb8^rvpm+f6F-?oA;3PH=Q#CA6Zjnp;7q zP&0}R&21zQW}QZfWc6apcv@U9G@n)mmQ;T|s+EHVDPwY&0<`7c*Hv#W-(LdBQe*Gb z^V{$V zB30P7>v-HfmB*9&Fuaxr+>K;KVr{S2`pR(F!~ICa=$};nK>kng)CxYGpmXLKzr0bjEv0j+AtYMv4U9LqvxcRMD7<^DOBPBcoY!_+3?#_duNw{OORMxT3Q%98kB?( z>g-KnmqQnhOwY{e3W@nt=1|sJbM8z&BWIgyP!o-{!5s7|q5my?muj0$7XQxn@3*at zl6n+_Ho|E@)8OoztEoJ4dOLDO4)h^o58IzjRon?Gz z##wdS%I1T&z98=>ca!7kE;g>3fk5rzI5EenjwO60aI_!GS97{*NJsQ!xjuzY*?P-} zhEkLkypFVFXIRdKG8(`M6y&>_kj4NkJ>nm^3!O-OuBQ-3em9r$lkApuW=rz788z5I zY@^g&O=2BHS2_LTuXlk_MoP^K7u>fJPfxS)#7D?_(G`T*CO z5!QD9J>n0qo^Kk(VEwc4Y2x7kXlWh9Hgf?-qR%0}WrwVN09Gw?s4=O-lV>KW`S~qT zJ_F00%rT@zOevrC9aaT^o*)abRmt{2! zSHBr-_}qo@@gLs#*V?#hwM2;+F)Oua3BQJZns?QCPcgTRfUc|VqE9G-5jhpdI<+fMs9%1uq@v2PdqL3fy$!h$6CXLJ)`^0{!Bs53LYI zga}G)zl)**Kd9X1&3zL89f3#x;(;_{(8F zb4z$r_%R0fyFVe}bq$GIB=*{IZJ}a}LtBPDU)K=?+ns~rN^zdiE&~EeaVO3*?YG;~ zOH6JpfaYh|L3k?e&yEu$r%+K<`nk4ict`$;=k1+%-o(g38$Oa~_R$yhK5w4Aqo3hv z78QBllmVN@F;)TH4)A<;|Mt6ykQ4@9_RPp41dA0qVNpMqKtE2Cc3)H~^y_7Rzg-6zUu-D9nt>-PEUWh&ibv-7r^l7?R#!ca zIc#7l9C5-`U6xTI?;7#2d{9!6@uSA+Ia|wn-o&s#;3X8?#eBQpdS)$oC91`h(gZd@w_Gd47>oF%hEKlKJPS;k-i|K?3P$c)><}%C-Ptp&L&yTXW5D z9f>9mzqvZj-jAQOE%xVp{{Hy|%7I|DGhIHoAsV>LtY#e1>g>JA#&KTXdt{q+Uq3y- zUKxF8|4^E@(YJ2_&a|Y`Gl-_JAG|%tcx=~)A})E|EA-?)@JznLywE7e@gM7SF~lf^ zf0GO7OV0z6YqgoI;kNgqc*kIaEa=^?IMIi3C%+dv&3MqtmxyOY4YM*1B%g71cwqkp zVDI$?gt)!#BUEK+hX`eRq&670XA)~jbPS9cuo&08uPZTbmgomk#^kMToP)aJJ{?+j zGt7aDuxIj=-h=D(#XG_zMD0nxiOU=`6h7%Hkp#g*pA&1OVnp?1q}ZJ=niPzuwH+U= zwNEc?iWhK+yO_!T{BMjVJhBWjPJ3d)4KG6xPiN&^m z*|^Y@!Zv`fRZ{9-JIE@@$Na96e*vng&PtVb9o}{)61}ppIHMBp8hR@?XEQD6)@y#e zhkO5sPYflbsBNhMKo5SUU2w=z6*arl-WHmeIM6Xn0i8g!uisK-fwURdEC|B`d8A-8 zFZ(BIgs8@mP@kajBPhG08Ki>4q!Aep=WqBLbP`$2V;j{fhVUg}e2Q8fk{GJAjMwkM zu3E-tt9uTw>bR!6wKXS&jLjGr8IVE6Ao>f^Y*e`b8+=}KG?kGI`DIpWZhTjp&E6Z$ zoe@@Pu~KPWU~Hf%M=)4->Ef8n7&V)kF0kxupQpw39Fs+_B@lkEP7J*3uaB2Ij9(54aw}8{DoaIr{7jY4eeV1zN+R0Lj#gKGiD$L`j1y6)9O=1e zeQ%`6O^&{lQ{8dB`}LAMM0jUDmFV9#^*ozj7V44PT3|F&#8Lydsydx1(uJ%V4-hq;mJ6G8Xm#0O3kdEAxLNQ|{lCt}9>mAtN z3!x^Z8g!@r|i-QphekdoGsNo z{JLba13NuXJ=8J;uU~H%CciiK*jRMGhIOh8}1=6vqz2nMF7eR6nYN5DF$^} zEV>ub&%@~Nm9T^4Gk93W?;%q5nuvO7K-ZlUD@qBHx`fg&0?8@uh;6qZH;GVz2G}lV z8dKaMI5w{4p0@s@LMdr)I+@mBz?&1mWd@gku2tX_A=#ZjBCL)y@~#2kHOUY}r<@sC z`J0qIwYj36T0$be~-EfN!%oE@tSVFZPQnt0kj|gk4&7;Jv2Exhu zc%!^^M9$=A5H*o1e~`8%B?(EXhoysP2+Jcmtp1QVoFHav99zxo)Hs;xfMLz+O!i47 z4U0}`_*7f0;357w`H%*V&(1F0uP3Epksf31@ZP^QujyD0`j)W%L)_DQRLF| zcOB!3G|>93Nw~=96L~7{Jdy{P6xzIUa1LLh#{BcQ0cbsRtaI@=YlUwglJD*PY+OC9 z1ad!U5dV2a);s?JG6N%dThlUWxyvaYbM#f4e6I;8)i)$=Ll1;1%qv5hvwt{+U3Zf( zP24^7JF(-ufb+&OpV;!koUu?Nhn@ZWYj5B}KUb@5A!t;K+Y+XMi%VQM)p($Ry5){Z zwpPCzae>;+`;BhMEnTd>9cz&enwnNf7)jXG5}$C9^;9dBuxEWtVV(adHZ{NEtHP%~ zQvJcw4Du3O=5S9h2%c{Y90%dv-x=pXsKeho1x^u0Apu=xGLXc;boW>ngcD zPYovUIQ>a9A{v}02M&wi-PbRDY-_=7q?TC*j7x;`J@aX#HeDuSlOrYMn6z~FshS@- z2GJ3ESP+~kwDmVW7zxN=pnXsOtf$8di<+L!hW(J&8G=?761ybF?7ztBAK}K*!Fu{3 zJtNfKB-Eh4c>6Kx<9<>pK{Y3qx#raOP7Nh|tre5mSrRwg!Veu4pA{@nFEX{z$aED_ zS9y(psRw;{I-Dm(#y%(&&q67-mBV1W>6M7Yn1b}4G2`d)Jrnx#0Tx?7TRAb18MSk6-a*4OP%yf&hLKBv2#WXk&5Usnq+UvV*6iEoc z_U<4tvM{5%t_?8!B}#G5c6)IEM>MuH0aFBatUS-0HY^|m7`M=w@CKutK`YTRre>t} zthC|)H(&?h%O}j3EZ!w>5{6O!I7;0->F* z-Lo;LR7AkuL)N5mX!}$AyrHJSKgL(sRJ(tAYy7UVb8|JZD?(|?pp(rj5G-{LI(kR*#%K4Ri46~tR0v)2o9-!TxJ+55J0@|FI1P&u)% zq#D+Gg~jSbUQQzzHO`vy1^MC#o|dsql%Bb92J?cnQ(~om@RQ;4+K2XZt-kU0n2M=f zq0O2`nxKT)^!^_khE2|)Bg4ItASo65b7Fmf-6eY3R4Dn|&c&CTt~Z#{PVVIB<2BzB zXễYhXr4uHrvuX27WssQfa>VaE`)?pKI9hXCJ-^2t92mhZ7m zJOhtIX29Lgw+?>w36yZCIM&4LXctY%#>6^3bM4g?KexL&_qiX#+jRPV{7@n$BOmf7 zBbNB{4vP0~j_NOamed?cBjcG2{FuSb{{1HLTWn@+92n`1NpuUck~Jx04Mxkar5ST* z5c^Y`5vR^f^Ym1!#b^C}9Z{G39amRh_AMDnITdXp5GrBq(6f@zA85gHclU@Fl=`st z;Gf0S*d9HSC+Rqoqp^tE=QIC{631k40aY=(3!nU&bbc5KRf7f`MMd|4=;_g<1wTiP zL1`L@56^KBBEFEy!{3<~>IN1zLhg3N_!SF45bZ<=V;q zF4@F$d0WU1+l3qFq0Y7Ycbzx%tKPty1=V$fgzzU^xc;pLjKwkY$fzV7j|VckXf!cl zH1jwOd!+?y+LcMINF{z+V2J3L`S)$*8P+OPHN2S^W3PM=j&Huv|$l4rR9j9*e085%fUn6N9wCtGfU)GgiLsO+d;9%)xffsu}#85 z@Rq`aIR9X(r*3jf@&%+OKVVV11H<$w)_SnjuQPE<_bRe%jr*TGiuzh*fG>M+dwIRr z5-EpALFS)XVyClIVEo=tWN>i?QZOnhRf^g9auW(9G`}CAvlly>CeI% zmZRS%If|5$dUL~eFhE*$ZsfNEpTf(<&L_vz0>Ks^e4v3+qSq{WysR`slHU?&(;Mbo zHa&hZvw}ytn7wnQ7Z7IxDTGyZ_-JO!SgFyof+y*vmuB{ZI}njgj|d3L+`pB? z(Hu5-PPbd$?Ndd&bf^@P*B-oa8h_TOMOm0yA2<&1n9hDYbQXa4+U_Xv3C`HAi(j!o zrocm+h7&=ZzgkgybFFT(xRx9?iUv|#UiJikVbA(yFi?NLye2|uVw1F(JC=FtKkY=dLRw9dMinV8WRQ#f&Fm#WSCTo89t|7vIylg4uI?+J(o5d)ScsAC3 z;of5Mub~fN!lzA-Y|JE@(eS1OYB_E9zEVJ1fJ~8(ijr8uH!KkJw`$`F<=ZQ?;drjX z$~nXN;xDXi262k}^i}GOey3#y@MEf-D9%5tYvPWfwUs)X@9UbIgCYXBZ>_{A5FUuRSY}pH`?t>%f^dkjEB~0!Dp^z?G$K) z(1`8cMwC}P8@~|O7+1w-HVQY?-|~EH!#r=#wYa=ByMof_3=fN2VoHS7T-eEH!m^3L zIbRGz1qz$Pi7EYeTgto=9xnDgq^Brns!tz+z=i|PW3Nm?ZjvRl9qqpAP40gPq=y%V zzMr;~2+v3^yy^bpC|A@jD)Uk1ANmIZ<2H-05gV_W-wOB{e<&FMcPk|;i&$4z z_nt-^V?O1-eX>Kdb@X%m!L=|Iex{D;8_}DayuH&<3=!p#6xHE$$4Kua+=_MsP_h3q zBaClC819Dx4tTPylH9>+prb8v^CH?mt_2qhEg4N(=jVc(&|K`vtT(-_Y1>wvd}# z@ba&YlWqNMKlJ>Fz+XmYV|t8k`btv95y3Z6Et^zQZ+0U$AMT4WHJRVsp0uu*Es(o<>$uRwb$6OdakpXLqv?XahH!>WUH zLaAb7UD4e8=2PxHDHebSjrn}s& zFXgPu6yNm1Y%D*p6pDhQo8;YZnqBhCj;6V7NSdEfv0B**CDZu_zIdN8)M6z_{+T%b z*4%`o^uNQe{_8>_^8b}rJZcsA1sL*A2>$l=t#KH?i3sr2l>vY zPvTJU^S{LSqrzEwg#TA3%IVK<{j=-X+G%OB&WAT8n)9u8LJ)8st2Ont?@rc4%-ka4 zebeHbX|RY(tl;FW8vXN>}a z-}eMGXmuc1s?z^gp0!m+hYneFxTF8=Q*yYY=1F~**L&#Njpp^~!g!1Q9^csb_`m3= zs;dXZ&#ELQCj-*t%{rMFEgu7d|D!5^A=zCx-+TJUJCZEn;lcMV&f@rcj=h?uCSwla zzv>A@p&7H>LRxyvN<_4^)3BWok&sMv{u+k#W46>^>F5)zv=My&#Tp@_8ik_%BJF8x3hH}s zg%pKoac-_ik?DJ7gI|!l?gM`%(Z4#pXV?E%{e#-i)Vn41LZTrZPN8LmnpDU8M@Qqg z@1(8-MFe8r>mIPD87lr$5P?&pB#;lfAab#N!l2>GxCeMdAFeCmZO8irrg7) zf6FRLy+M}7IRB-Rr|Q0UXpsI;TuO?Pn_I(&7H_wug?C_JVBYh` z@CX?7?;;YBLvTs4`Mbj~B+jfP#xgQt>rdf6FqA4D|1yQ?U#9qjNCg?P=)cwOidL>s z*>`g^bs&cr_K8umYT)kYk|`mkF05iC|4vUa-8r+o2_{!5&{o`A1b%3+@vd}QZ= z?x*v#r!~dzygwRz%>J7>-!JixpIOP3vITl02{`O_2N0ed;!{&YspXQTMQQ2jW!kWp zT;KjvU}w>g$4|hJ&9tvJ1(?nwTE1&X_SDH7Z%?k>d&6e|*3io3f*a41@&xI2^}#oY-W+|TOs z?z8u~_Vs-~^9NQ|=A2`W+s4jVMqFklvym#SeA^~LQbv@dkYNCgp#YKsBs-g&9Dhc{#=hBifBd*QRx;-FWxQWW_yMOvufBIU ziOG!Q?|wx1`;vWMOv)iYS_s>(2plfd9~`kM5b@Y0`o*udx}W#SRkx>=B&fYy1yfXm zR60t|X$9T|J5g4%w4Q~5UVD^M8;9I&&!X{v3`3%$kmsOq9Jq2Dj~^oQ}D}Gx#_%SsW8|2kJg&`jU8m8@(R$~T}8{q=64JA zwgK6K%{@z_xSRdalG@s-@G_&A4G85Z{z>#$#z)C}7hCh&)r1o9$E1`DI$z?l3Ue$- zuz&x@u~(MA$8StU1gQQVUC(<3DOm7+6im$ihuiZ)i%?i$VDcB0PBRY_@+wl0rV%Ol z(|&tW$!3QTE;pSpD~w<~qVvi_B5QI(w)GR6w2TxVr`$@FwXFgRCmLg%p%mMTkAtHu z(y209%4f%gxz*J#*EjBN9%9-$=_}FRTEz>c7a89WlJaXv1`)I~V1KZ;pjy*>S*JBX zS+e$+k_j9BTCk%9(dKR;WSB?2H=C|eQUGJb!x`g@B=s6*$f=5nyC7Mml9!D?TMMw` zHU#F`%YW%U>_P<25OPyEv0Yxie5pP6_uTB)3XvUEIg^tlx$~91e7dNRAYt6?k2?6~ z;3&4pT~XLM*{Xw6XFrR$-0UKn@>^JrExqIMk`1~yuf}Tiq)V=1vF?vx`KJ~E1U~#; zZ$0aU55c@NI6au1t2O^16;0r0(Bd-OZsJ9_*1H{bTrYlUNI^lfWumXWKeG;Cuug1rBG#NFurJ&>xDlwe4h*YBDqJFIyjd^om^n~s$XdvM8pzR(!F-MVY@oyoL zE%@{S0Pi?L0^e(}o8KAo92MWNNM`vE^+260uq&nBt*4WFmp!d`3z7=%NPX4{gbO>V z6zgHd=hcwEu9S|i*%#$*SQ+m$W(o;j}BrE>#UC0pSvYTQ;U(x z-;8&?eO6s+_tp!yn*OlkeJH|MJH65oFaF^(ukdRr z>y^)wX=XORa-vuor`8*U&?{1;H@zT~MGAJRn01oPicH-cSMu01D`VYw#sg1_loQUz z)K~2)zYb{!wmaQz32ZQFP4cTRL2EpR!?mC_T*J(wTybS*cgyhh@hCwt5T&U+gvgg1h~sdNh<~52WM^JAhUaSr(M|= z=R+u|UZb5#wy_uLy0P&$=WilYw8CB8OXzGy?aJB4TrQ!z?}5CcoeshSk1emTkm&GL z`RO5+u27b|8?q1GP-6pJP*s%Jz(>@{RR#Q@jgDQ3&(B1Ca#Aj`teKjD-Dhry@IU2r zhLQdDn9?y>VS^>uY)*aK1Z{k{!WEG{Q^bGJWIsmdMD#q{A2LNYXA}z{n$ei`IEoVV zFOQ_GZgzk8+{%j{;g7oQiojTH<4b*kRY0!As&nTEjhGBV!>=~(L2UXklak9zh4s6< zyXK~ke>}5TbO>trE@(f&BmP}P zz{D3*O2bkXmhw^7-cGP_HGd|iE;)GDnDdE)AGgJ1I$16Z-~3~75gX#;v-nvy{Wtja zDSYs6X%I%7Mj(MS=jH>MAJ9@JSggedcYa@M6*@i!l*hX((Gk3{i9B!qAKLAQKTixX zO7X+gFY*l)U4GLE>idM1sHv#1o)@}~7;QMn9jW#CPP`Ak%|fpyi6@E#9LCtZg)8tH@*m9S`I;Qjy->MWYbAAMm3*gCRsCM`)jHTIVty5# zpmWBEVi^vYoQ-l)Q`e>*e;4ZU2s93fvKfeoD=GN<0XFE zYPrpGX}jhhy`u3^j~1J3_#pPJ3TfSv9LY3yT4VK5v5hL3rM}wgSyz4>VNIyle`8fZ2oWL_wuW+Q9HJ{h_)U>Xdn(W#!1jc*oP?X@x!^XCgk4ms}n z2&A)l1$6pfG*itHDCLqSUMOL5$vGxC3aZivk5-A=$fIAKtcL7Q6&XW2Ul4%I*zs8O$$gb6 zIr3TCC8qN*uq^2+5zcpwQwLqwzQ0K2@CIR$fI@+^8S}E3fEA{pDa+g1LIOU=*MMm< zWW6WYB(G$(P!8W*Sb3?dG=VO^F{kQ+E6+_#g2>u>KHJCp?($bke}Z#&;ZX8yg$dp0kSb#KMX*7Kf=5a}Bl! z_(N#9STEv&3xgZf_P;4~@S6z@95S?}DsZ zsZG&?>1D^NqN*DX1Z#yl)X2|7Rpzi8XGZ4Z5)zil_q{QV`A=K-kPN{DDhXEnT`XyS zWNE&>5BR{4u(>L_cc=i%*TDUW6GfQKE#ScYPYH#Jg&cu=bb*)w$nA+5fn}zxt1r=2 zTFy~clBD~y3#*)0d4G+Z!_7dQa-B9#z%h{t)ZLb=xiUg5!#s|CF)i?v4gH5WTTBX@ zQL;bgBi(IZ33Fejp#7=Q&u(ZOtTr2l6GaM9^i3y4uOJBvWmI|aNW@KkF$L80`!eJc zzA1IB&pkCf(8W~bGSM(xuo%asao7ER+1GD(sxLvIF012tPgSB`Vx&7HQ9);A-w5oY zyOL87>`n2#QDmTbH;O=GVJ`Y_?`=fF$RXW#VlYiHo={`jFQXC!_))N*;M;QB^T7cy z4)N7n@jnOQlqIS4ROMSY-5SzM(+#U;@qcgC5SmvR$mhzP#sug6|5i+xtF# z@WBOxs~g2z-Gn{PHkwMLJs<9$?{XaXHLmRpXoeEPh99nAyT`40d6_jDJ$3~pP-_;~CjEd~+OK%4WJj%N(t=S8CeUc9$& z!#?5A<>v2|`#v01amIY19Cxu@>>iya@N_wO>ck1@$3-Dm_gxq|gyxAm>Zr5X+cWGu z8q9r%=XI1~Eg2Y?Rc`_}@H2R!+}ZQf{d00xoiEDa9RQWmO?IP?Cd*5OdItuKk2B|?Qxl>QU&bVKo>>O|2nUT>5&z=l zm+OM*Ek&&I_nt@o_c~S#aOqGD2Z@ePot?*j`+-q$PbR_g+bBYO>fMB!A+zC5IFOxj zwyxe3DHCK7qXsoOBGNBmg8e`XxYfZ<{`yU2E5DwZa8WG$ZK8g7@hAU{5A=oTaq~&^ zjk6bdTFSN$X1?0^oOG@|(p84V+>?p~Hsmj!uXhrLfu zLRTBHE+x=dibN@EA)YgG9uM>Ju{1X^h@lB;NZ@bGbH38(DakiOQZOeN7OJIXC&Ay1 zjmCa1f~(8s8?fnML^~XtE6)AP=kZPt-w?QKer9i{1qvyp0%91(JFq261Wa&GPo8?{ z=U-2_Beo*H(L~@A1k)v)t?NZ2*%@Sr)&j*cSY`FwS#<0z(dm0Pjw>Fznyz?>>f zrpIlc{5bVSS#PFFk4}X&>Op}@UzVa3vP3Ked7*@{q z_P9>Iy}7#^%=$gpo*0u55U_MpK#>btZSlmH!(;2dIomYPJ;H=2IoEL&UXM=}%9)WF zwK=}iNYa>VHjg;8E*pnZh!>0<_$O<}HR4C1!Eg8+x2oaj)gG5$bzE!TZwr69pnrI9 zlK$0%njw$N{hs$95NN@Y%4V`z1I^Ov>)K)32eKul3qzUNMyqAjXgz*CqW$`Mm!q%7 zyDEE({U{{GylSq;ODcw!RcIVV|H0mV+rvtKvf|Fr2?5>dn0Mp7hLt7-qCIlJ)0ITv zPHAO{q^2xut7dT5qdYBru)Tuu`(PW)fQdXT$*dh~AzZL!Sls;kJ~^@B4CYi;tbyJZ z_Y*c_?C1BICAMKte9#ffBY2(fvyaudQ7|Dfa;WIywhFQr5z!vWFemC-g8*)2F{da~ ztdqntLy_Y3(I>aGa#^FOPU)dNkTAMaHvJ64E~=-Bd={Sd<|(hZc?4mrM;hW00tJB+ zlNRd;BTI#Z@qCLzEM9u_6`EMhn&jC%sZfrHqhsyTWrV-P>@^zszsQ==tG`F>co>L! z585iTtQNwZk$atMPXT*_iV82(7ELh2Mv|ePc$ct25rDKgU7EnzKUgdRi75Y>fGaQa zYp&5gC(>Q~sPGB_2`L}=I*$H|h74O1;tdpDiU6c&a;P0d_cn|PfI#Afl{HWoHNssf z)0KYb@F*$5tsL8J<~gmj-dWy8mZu)7Ee|I2jEtzUBIJ)zTJjNWKktkY-3DN}bE>uN zd4PC4XPEcr#awh6?MT8U$dXc$MqJB-uQ0a3hkGi_I<4Br=#sZ(cR9%kw)3r@!ZD|X z7Cy=@XXw(vly9enuz75LFgqO1smveycZ=QHx!%HQjD0QU?Wu>ABdIUP*b7QNIEUJx zxs$}jN^~z*Wbl}+PX5ZjxX3m$vm~EVG2H4>ojuq!&2839)EeB@P>c?*`E2(k90`l8 z^&M;JSYWYIjx0r#1UL4SWth5wM3|6+i|W?q&Q5Si3H^2&knu1~OWhoMt)i<7)60Oi zR7LE$CMi5TK5n(-q86GLI{uh&D?T^NSzDW}&7Q_<#z7QKL)y4w{wih`EJhF5KRNrC}tP7(#XU{d89#xf=c z_}A7YhLJD!FZ;7Ub%mOS?X?M$(sdI(jl6$ElCqB6M>tD?P*(lZ&LsBPi5DYH7N-?y zyS8j+#PpQBg;0`XzFHp-G5=58Db6K{69_>Zb3oMe6TLu8F@@y5cS1(ytH(m)y(Y$& zk669Nb75wY0)$wC4i$g=s3q_i3{wq5%uELTv@iIw{m+Wy*V?u*^sneBF52k-kRi3X z#icr3A1_}U;{K<@Um#Zz$ueSuK_#B`B0#ShQ)ox1hoNw4I3yQ^jm4F690^-cJ;4zi zN;^!$MVnzy_R-7Cu^9e;q!r>n&?nAhqm1IozUe z0}CuI$L8v9NSZ5WEHrA#9~v0wpI+c_=ufZmm10uk)!XL30dw20P~V@+iMkJycafcW z$jT`MYp##$V$Vi9OFEc3kKkwF? zje5r-UC!qI+S8A0&5Yi)Z}a*d4nehP&h$qZM@^KLK>3s824}=ki>B^WNaR@iM%f@Z zB)Wj#JC%puZ&dps5ac+C%CYW-jVYbv)BB+aPlbao)r}IN@dINVQ4-3}cW=5h>ZxUa`u4K*ite-RXH3=Um!i90@J!Bw zBz_$!h*Z5o(e~j-b1))cPBScO@6$H;yZ0G zHE!%KCPIAST`86LbW*ZZ{nvSY)|R~QKc`v0CWKE*=`L(-Y*Ev}sZC0fmy}z8peEdB zql5~2ddC*-itYIPD54p;Dy+-aFs|Do8s0=CmKSR7KGd|~*NFCPbzdj+Sy=$^E=6GF zjdIrR@3eEx>3Q5pKk@*3e!AWVTIu-;^ai70L25u4&2tlBVSU(pxSw7^TmzN(t<;S znz*@XHe!Am49LG=*&w&I?-v(&E~)~g&DZMJkZ>+;ttwrHkvO?d%nrSmS5?So0;d1r zn>v6UP*PS}c+-06Z#cZ?)n;td+ch~%m^gvAGb|1(Nxp6O4ThH&JS47aC>Ln>sEBLS zLn7fZiD!EGn$zWC)9X&=YJyf7XIt#y9XQb%Y*raVx+?ZT-Y~In5Slp0nV;BT*&8dN zF9U=sA)Lkmlfy9=ul_A=t1tGR-N4+mD$)qppDb^Ofs4jxa@s$*fhn(Fz}Lt{MZAk? zv8|a|Mz`Hr3lF%1Z2ebP&ssoJVLk*kak77g;!1tL@7p4F;P3Sv4bzq7X73bZ91 znM-4sMByOFjfnb6@Z~`g-?Oz?r0IXbBYNSW$f}TnSm!+!)SmdFlw+Wk}V2S3;(NmizI|q0C z3iXz|D2_S2zf=xelO98%l7)rEjF?CapnqV?G0D2O_qU(o`~|>!3GlCmboP`iQxqy8 z5@-t*p&}U)mR6R7=Z4v&jwuDf8`fbUjg9mV7K(Ct0j**sS!Q%B3JTh(86#`Iw+tlA zW4~+WluWf7@b9yTy$BJeg(-V8*kKh?O=7ArD%pYoHe`x~&ryQ33Tx|<^RtMsj#jv@ z^C?txJ1sab52Bc6IZ$gZXU-=a;iF|ctC(A{I`lKVf2l};XqyAvdO7{p)M{m^Y4T^W zkg|^%4k1rn!MCd)X|-4kkBLJGTiOMVAeTMz0U7VjaDSErK?W@N!mURvVEyCB*d4IpzDk8`D9BA-{D9yL^+;>5%ik6de~HR6;c?N@rTdPk?T4D!5^S z*7*CAW?zFl0Rgg_sVT$G-ogIxQ9}x|4y9|jZplV>5S-uP>EYJVmEkMdx*A}qerM%M zo9>mMEnee|>(1uEW`CE+uf~$f7UUnh_Ss#qZ)#wYh$xk=_Q?||Xd(V$h& z=Z|i~ttmvYzIt_O9!Q?RV>4tvFK#bn*?N}^5{{@@XXyW9;_$S&8Sc{8?0#;L3GtN- zJsbVMbovypN~T`;Pd4}|XE{6}8?@cG&3na+e?7%0)KVAmFa6d34?r(&kcm!HK$9o8 z{)i;l>Q+KfzsvFK>FDUlPWZcUsTxU5y_v?R*SS2F9_b9m(6H%aNx|^Wn;q;4!78*A zai7Aj8Hgcc8uuavf>(*!wWk@FnPVyO5f%!``$G;&eT|Lt(EH_T%w-;KQ;RYG1OOE- zzN|Ud{UeKp+PuTbilF^K48XDH1)KB`KS|i6RzsDW5~JW8*bVvr%p3V*Nn{n1;e+W( zasC_>lljKZLgNJp@9RGDMbYVg)yfGiY=8Lr`-cwM5k4G5DBxC&dubWAcy+Y6CHQGS zg;j@n;GMf`Tx!paK;Y5;Ru0gX^b)@V7C+Fhk|K6AmWZ4CGDClWu8x=KQZObYQeDtI zF5!g&iYH&|4C-(Vo54NV%Prey!H}orD%=wvGbVUquDRZpH>W$C+NvtpzX6F3i)1*1 z_VQq+!nPXFD`C33(*vd$BA($pFOBDB=vs>HepX@KqTZ#+GE4u3e2Akp=gkc+Ymsg0@M?tFTLGSIXkvn;I~R z?z;Q-{N$~JREvW0rO|FVexOtz)#C@@c%roIaLdu}_m|>xQU6;w@lt`{&uv@8Uxt73 zRiFTW$ajDTxA>r1n3d52t%D!gkS!NGl_!og*%A(nG4r%1;0iF8}B&jr5m+* zNCGWQX{28}D<*QM%~XX_o>>!*t)?mCSm0co|8=quH-SQPVZ3OeQBmVs&uI6BieX zOZ_%XAdpr*^;8rc4|VWxYD7@Njvw9rrXtFj~jQ+D|hMJyBitL1nrMzr=Rtk93`iD zl*0qSs|TNC@(4h-63Yq-k=u6WS-!{guEk|c(6{4T--fe5s^%KqqPFh-7eTGe!)>hX25pbuEvyCR@V{X(E2AT%= zu&=>?D6)SG)Bly+yap5~GB}?$u7UPSb1^%c^yWP0NzRTH%7~S~~se=wyze_Bph9EEP94Flb79eOD%sgTz{ z_!brnn$SyI-NxYT%1ZroQ!`8Yk(oa;Qp(VKxgfjMCaT{=xsvBawRVD@SFtbsQ;PX1 zsd|!1g)m_qPP@N9eJ}6*CLeFfhkq z%I-DCo`zLOql9B%to0Rtd$oRKoboY*lr4l~ZV`gUw{y{`D3j+h&r8@~_lRt1K zS$@afZ%u`ddKsY&u?jNOkOnBPeyv*^!Ox)K@>RdOPyoprwzkr*v-=~vmB-YdSV7$Q z*((Yf%`Tv!n;i#Jc3};J;_;wDTH(>xG`uDcBEPa?ng7rdN zXtF?Dta$ej@Fg9NV1Hs*Rq~qSuLo}&OpWcnP`VD^orU7_^kTMhNZN?{o~L_a%2e@FHxgC z=jT!cx#PhHLk?Qo1RVCDU0APq{DD&I;D2|$HH0&XW8NETJh@mHwnr7dFAhOIVwaLD zYImMb0&Q$;a+uz6F(j(2s%3oQ)oJrcYNdlw^6{Z~-(SUTM&ISzueSf4#gqN`#@-Yb zdO)Q8XHqWG9e1pd$y7mVqtQ3ZFDMSo%Mt-sTduWaUP$ZHebDKp-$B-J&{?1a}a(g;VtJCu)=bwl#2Tq!e zPQO>R(RJJ0VV|g@V_Ad|unS69s57CL)D6mpbxXl6d1Y1lWkzmpznCpLO2|+sr<3mj zi(~u_iAYGI&bu)ak@_z4%uUPAMC59LSusICb2Pjy#|Q)rSXvPqh`YGqUEmHxlg4r9 z{t`zyJ0l}ugF&K$rId*Ii;zV!6B434T~B2AiSZttfu@P?xE;}w`1MK)+qocle;19h z1uXwg0FJJSaf4`gdy4-#!E}pTjTk1$eR`UgqRO*{6qVTG({N z9XN^YWqn89jeh|)=dD)BX3Cn}!a0Z6CsMFv7L6R++%J^WQ5S?f5ru0@F71;|^5~B5L-ycb49sZCvGoSH|9x~%r{C}Q+ zb{=L^2f^HQl@^!C3SI+fRhOeBicOw+%N61TTE!o(C}|)eCK$U9PU!BuJriu}iv)544TTyR+USHux-Bm%lDa7Uq9=eUhaYA zCLlo?P9#H$0CiyXo*y>ifWzUnXS6~X<*y7k_u6E(%q`HqgohYE?gPr(O^W~4tm6D7 zEh0dXMyNoSE?T_UXnkJ(_bMW*rncz{{LqnP{4VMqyFYYmRFBsrFCiksBgw3ypN4if zXJbpmUt|x_GQ+(1|9%T9SmKri6^H}lRpatNN7GU7Y6x*xv~?c+@QA3PA|4vQ{1>YK z(aQeM|0Sf8OJR=Vj{|yGq|qGVll+z#Z&Yg7#mOxG^TWVuVF=n0@};Mr3*EtDBM(5$ zJtyohIa+-Wo#CAqc#Kg9wm0!aQ<>g5N;; z;tfxg;7yJX(wVROQQs;eX@A-G*}<_PDPuc4wmuV1B98yog{J=1p#YyARH54Qzl__K zzP4Dz98ZdGr?|mzw{}gtZyfd(>e1vQqqZ;&JMb;FegK1kMpy=-Fff1#P*{JJgeMOe zeMM13d4+{xq=L<#PH3*CZ@J%$|E!{inK24Di+?wVI8IIO&?Mm$!y>1V( z5XCQu!>CTD>|CT@&?;p_cgd*Oy6wCv@5t!=R##r`F=O^WUkC<1pDubgejCvv_iA58AQ!`-*-XOo{b(Z2(63VqWUq_Y z4nzC!7MQ-KA|5uS`00($8wieST+&!KX2Pvr+<(i-QDFX<|9(1?{_d9j=%_-+qqlC3 zb4pE^MVH;x!Dla>aK>ZY!G}TG0$*8^O-e`L-CxH2%IKvcKb+-|u<79mkt{ zMbyoU5mnOg(tWigH7zY@X-R)+>BCz)Z^ZR4-x%RePFqbE7tFYtxEo!0mjr9Pm@i^h za&xK4(ppFG5^gg92Lob$Ty6uQIZYouBeSRmxB~u{;CVO@HGoq5`&&IB11r$z-#(CX zw35j9#%j*tA!ER}x@|@o621L}N>AX&IUG#_B$yvdb4ad8kycJN% zQ9@CZ-ysWPhH;_y&42pkO7qVy+p4(Z?-YCRytZ<7PBS9FpMjRMIZUJ2B@WQOlM~QG=?aHsoI!>Q~XE*kJGn#nLb}X@O8FKUEo@c@k>fnhPIorSajE)&Q(!h*o z*!2kbyi-++oB;8^b2AkM)8Kzw~^gWycPp!F8oW zbEi~r)TbszS{XRvcRjt4M2?sAfWuXgxfnv--bI$oNl=G5#~iQr1q`sorDjKT`|I~g z2W>npF9I{P_%_ryw~`NQg>?8-d&45orE+W-lpuZrwM9aRcB z1@jR5Zgn6_sf|bOF%D-k3L_$-4oxz*_Y~Xn?l&$6{&-{QopW78jV9qq7D7?O;i^E@ zqGS+yGVt6B37&)-adlNzGU7isZj;k+tXD*B;3UMxWrftjhuOwI95Dp{+J{IoN$Yzh z6$#9-;}*4dzGnMScK}65m?0Il69>seufF8)Nm!i`rr>+WcPrU3s#emV>mXb}-9E;q zvV@grw9PhH)li1ZfZ`Aur65xJtG$dG=N=DJvN)M#ozsiee~KxQ;av$Uo5WXDW)oA` z`;N0PAV-(Ux5L8NO7(T}Rc)_u`c>!TCKi;OA-=US94#)bXfI#8D{u?fY#Sc}PZ2Qv zYAxY|FesxY@RPoyx7W;U_i54sFW_uZ1lXqB+$z!zLUU5 zI1%bes>e$bV7MChiuYRrweRV}sENQ(!VufE5_gttlI4GdvBAgEkm|ZOw@qno4x6uw zuuhPWn3z)aQhWM`UIFRsk}|ES61cdOJRe@43*H-d2Nr5~IO4Suj~airiO@NSq1YP& zqTNC04S2Lr9`?RH$(A>al_NNpgCj%TKZ&F{j6>OMm=%n_8V3oP?ry>p=-q|N6(7?^ zg|T&}Zv|vca!lfXVm{qo`{oV_Kcfnspdc&W|H7BEHD@p}6zo0A%3!yCVE@IZCt{>U zv;YFJ*VKxx=9&IYs9f?Q4DW^q%YU(seNW~uC+%W-78!PWULD|TfoQM35HHgelJSKLmy*a`{Vl07uGrd0b`>*g?Q3Hl{R_kx`nI0 zdsZc|w9TZK1IrDO9`@OMLv{<2LhloQ>S!=*bdzn~9D`GZJl+s9NB+%8ZU!H`Br$cm z!6Xd&lX12A6hV($ZtX)R`EJtGaAP`KArqmKXHqTPGGW-ygRC$?Ps`E+82OPhxpC7KN~(6?!@^PH~XLGC|8bevmZwJa$YnVyl2?7Q|0`N@7DPq{R^+|!C9S{wP}2iAy27>LIu+CMG`0ncVGB0mIc9cZ_B ztDniEvxI^RHxWBm%;eVi2?XsCeJx~p+n!*S9-+WPPKkEL^oM(m7DG=qsO2^LN6 zhP^`{rp+3faoMU!dfDxnoDZP7TW2`w;SahEmVVq7dU@cH9m~5ZtegAQXH2z|IJfyu z4Zi&<*6!6hs;9GY+Ug@=v^>5GF`ZC3{x3bMyB5x{qJX$_SBiQG?-|2T>y|IMrWrey zvz4y^SRkSSf~k&W0toaa_%k4q5j&QvHB3v0@?C!{95Bv#Z^C7~eO|N+Hlq@K45(3K zTMB;+Em6}8ufDh7uua9f@Nh|Pu$hpbOSvmc+ha05_%fEBXFh_rck1K{3<(J6;mO`q zD{n%bqN;Y6d|fby7c~81nC%(Vwn)zTCN*fJx%Gj=-n{5K9#Im=n$JOWgY1Y zG8p0b@}REohFdCdMtoaG2LboxXAzJ8%jm>9!YYbCwmWQQE8lSrw z6c2($)8ir>nZesYOHB>`+;jek)p_KKjK@&TBM`v)DSWoJK+qlct!uLi@;uDc%#2h6GbQ#k#?oIzkeehP9#^0W}uYiN9=JrMbcV@rXAF6iRxF4!n zu^_(M`_iR>ySlz6xWY1}DUP+d&Nht97yF2_ZXi5hHdgP+*0+sKF1iz&jOpQL6Jj!{ z@6E)0Q7aI&=)x9~QqQd$cDB%JPGtG@plfnLs&0s|2yp=tqnkIRB%BvfN%Q3g-}jPH zvF$&XxkdVON94i3(jW#AIZ%j#=N=(JPrv3xTs;Ch*dy1wJm+*g*?|3d59jn55AZ$y zRTuS>!>EB!AizJT-Rj0M^FxQK$!rLlnBV1)=dIx&CKjncCxD_PN&mG)VFK5Aa}Ka2 z(Ru5kO(LEd1&9NuC%Pzaw@jU&QVaSy%iq3(N%+tBew9K{fOrLOPI)fz9^R^KED6)oTR7zVltSZ{KbSQZw|7$D_U_;^K#U zFp)k08#3zerB*}o{V&%uUPb-pm>=_8=CA}DmlMRSka_*tos_on%-RP?FU9b2YaH#4f zM}^FeZ`{mV%M4W=1gnG|cz(&Z9+|o)o9!BOx_xI(hwUUf~-LEN>5Kg3NXS?4MWqZb`6h?O->+Fx#%W zkqht0He!b5-Q(rYb{0+IwsXJFA|-<{Jw^N8r%u2LKyz1S8=}b0*(iF_{)*lGPJT3< z8>Q#&zH43+tHO7(yW5thBduiWP2v}6lgGNJy`={vF5CGRifz)LAFp2h^4MfG3=E`X zzWDgk-l%7yErZ=S7QeaPIy@&GEYe|R-S=FzWv+++5xK1fpVfl|TA*Xidr1;$zLZfg*2dhYzQDhxxHu;||xl|6JMWMvHpioBTN& zD7g#fHf9$>{7ZaZv%-}5tY<6xf-#6@m93BRyO6urS*RF&BMH0pmfms z7EI?G4^jB{ftnKfsDW^b_B~-RR=nf+*406xlCc$n;p-p3oWEBtMlp$y-}0Vp@&<15 zMNIUJV!DS;%Gd_32ah{q8NGK=L*Ed*$ z9bUCtE)Exew#>jXAw`kRPyt){-P zeL;E6nc1n1!N-z9Gk$G@>q21 zVE!B#S(q2t3x8WiL4 zW8;(brf=L6Z@kIx>J^xrxxaPJ$gv$DzX8T>I3kRC*1dIakld|IKh3B{Z_EiMr}{wD zXCkIzs2kaOh%SMIWO5Jr!|T9+Txh~M`S~FjqNrd6y82BP$jag)cA(gt+G<1A9WT^A zUBvqVkB(=|->Om5asg(6ZshzX4eXp%_JBM}W)gy@;NyP|4RX6(Q56DDQ!>CXHsXI0 zt|6#K+z)6OpR=11TtB>L-JGE+{AE1Oh7I=6bL|~p&T_cYcx1JGzwQc*aX_s|e?WFx z-47joav8w`bOzI!X6wCW6MK^n(sjqVQ4{A4>l#Y~2IsQ1IB%*w-`dnKY=n^MnXdiF zl3{e~5Y*^n(B|)d!IIwi-C%XdjX0q~;GBXJ$Mns+lqZECR>VyJ<#i5S{aGRoMnOjI ztTi7oYa)B~*nxwMO(~fT5V2IeyxOG22UgL}>)i@XsOuT>{p8`NKQzAgU{+Z|;Dl!A##ThI+xKIQ& zY4VCcHztMcHG$qPSjXqKaii#3`!#Mp&7W@;-RM`+OMkBx@?>dk~W|&EY6~Rq$T;h`s zjsNe;z>F50tL1RbaL`IB01#m(K@`7^eqbhCK+DG`7SoM$%lpkFVYneTN^1H2(*YKx zjFU}lBy8q9Vs`ZV&b6)&!n7eF-on!Yg03`ihN9W`uvCr%&ZV>WYOGE+TCDvGo z;y^NR|6^HjJw)uN89C#8+9YM{+kdMqT!_^SwhX{L(#; zwg5NRnikTXqqeJ|LV1mCVD8sVQ_7TXprJlmPh|zPRe=sYy%DJi15Y2AEXtBmA8guz zfUHzCAf8W-I3mrL@7;1`ISY9&??t!aVB(!k+<^hCE8OC?PIY0lI;(l?zXrtMnpfOe zm=b5w3R+>aTCRC1?n)C{N6;b-CT+JEY31+*R@FcAbAn@726{Y_L=$#u*C@!ccfGX* z>0bfA8U)tz2K@Dm^Yg3GmWk9o|A~=kE@o~uun?;{AybTaq~W;IamAv2zxm^wE1DwLAv`pOO3RYjM`;1{i7V~ z1jJm&^<*UpTztb%jT|?N!7{(_%YjN&6?eQkG!*&P8$h1tnw*N|@o{mf7v*LZ(z#Fo z%4*>0@%}9d$>Y@xpzE*sYxxwcvznr1p#Fn|ZR2vZKr^!P(;{Xx=QUj|+k8CiCm`wH z$B@_sTu7`_z>F)myNgmAoIfXPT>+dqO-{SR7tDw31Y~0W0?jztvC%6?@lX?$mmn4; zk^4dvs9wr;k1;z%rLls|E*t79eF z9PNi3RH?@1B(RWGT3MyhGqd$RwuLWO{T2!pbJrmK%|eFofypS-lQf3$th&g6<3&n5t@?-&;cg7VBuUpB}Yo}AH?zYQyiO1T?@4F|yH|+gfY!`CH5AfKp(!%k> z%2G0Qdza@iOtV-m7i-@)zhB%~3*Z@c>Uc?GHOIU1>L{H@6yLz}u!X2tK(wT@d@-cP z_3zK~dHzBSsXn_RCR=qU(;7 znU{CNbP`#pODlp%!3GPt3X3i`O)Ww@hfUGra*9d6Tt8DpdO{~_XDnBBkj`C}aHW&z z<+__GR`!5dPr8lvSdBG$ao6>2`@RbDS(9G+!mXOE@>Sj2EhjPg=}XAW1fL@`6@2{_ zo|{4~E$eLk$}%lS4=jRn(i^_-?rn!^5nT;k|AsXBXw_NTeHUzO@1A=HOq;=LlW$(L ze}2?Ty&aP%Y4%jE|22D()7!1%RDFFTh&%26fjVe74<+W5l$!L}4AUR(pExI=MC zD5O}iQXGoAyIXPBqD2EGxVyWwI0SbO?rxj!`|h5zzdbwu<>chdOy589d#1StxuQwb6^Vh@9DQbuSiC(@BWV5#B|BQjTc@5m$@$&pY^kcKwWpXVivL zjWKrFI-fUj5^t<{H^A9zgIV$#t@c@|A{G5zzlh&c-ZYtb*A0G+>W!`mt#X*g(|j(j zOSj+XW^0uhu^68e>z@t$zbBZjEn_C{IP(jpIEMcsg6z*WB$(bRwNU~+gOXU(zs8ch zL8C@ky8FWM8H`(s0JNvyg!k<5+~Fd1N!B@9z7l@;St1@EgHy)81&=GF!{Q2^&bMSN zDw=bW2opuOrA(+qeSh@7%>@Mfg(9M05v4%B(WN_auXisA3qxG9nRM>g%8@Tff%b6M>KdU*nxAN;D0*j4#`URx-v&NDl2_# zJX6D42t$;QeURw{fm(teF2JU)Tx=k1xiwUSkFxQenGm^2@cf664VAWLP)kd4x2oMM zh2_Z47OJG*yKN0JDzHkIQU4JaKB2lA{e>CW*PaAl4ZMlhR-s=wCHpnt%<%e7e9n4UEu+BM(gMK0+vz05PT8yS5!6D~=DOW2_Ct@qEb`WQ{&!>(F}l*{ zUr@b>e=64L%jBZZ7mBw-*;k;-dW9!mR~`sPaf zHs}5l*^zLqUJSetn|PcSu@wCvSl?PMBG(n2Ls=`qDpm>u!pMlb;ny zEN?zP%#56F;`m8T5wSsR3}b^^MmMJeG2jK$dAdpk%^%1jQG|1S5Kz}*JFxU&#Mr;x_TRI-uFjgqn*_h zoc^X%z_~-eRLXm%jB3LQqWpuXM27P9dDNnWjdZY_ZCAhIs$FI~p6(c+Q#mF@fGf{1OrDV+~xL?d!QF<*qONP9)G)zH~t78AhDVteJKg2pV5u| ztlKSH`g;x)<+sjwxhgm5hxVdDL|(4XCAlz_8~9*v>bE0B+Cezg%Q=!K)*^yYqj+nb zjw8jb^SG4tX6%LW+#=vQv$=CLPqaQ8E$H{lvNkN)bhF+adgV|hK9;?hR|gkG*I3Qf zRIc4C^>3HGp{X&5#qC!Q_%H6oi^xTqfI2pL44D-h6Ejit`?yycI_==1uvR4^ zSu8$IoRaUYc?c7jQc76!C@Odk#}xaJrqwPwUxlCMK5tT;mD3> z!Z?Gotx9YxjAt-76?)EqlY4iuD?1T>C^I{e!0fWrS{i+PVv9f!mA)+D^7Rt>se z92MBld%?oMW8Qj>)Tn%Iq&UgNtlb?%TUpHXo$G;rPiAo$I#Jz^tZz|K^q+&o?44YK zOBy&r!SeaNvz?T`vvv>6h=Q`;cSTkzxU}+s1pX(S$Yvo| z=ioZEbz3ANaakz~5PkQ=Y9g1ZaI~0LkVUs+3yOdb-$MadV#uSVBq5_Vzacj2G_1hy zH|o`f8M@r>$pC)h7ivfATrQ}N5_+v*FrshVk5v#pS?-FB7Jp#!qWw~YO0SuWm*d;x zd$zOLjz=V*v;5lrdi2V(@2O)|pliytV*;#H!pc2bFM6)D`KVO<^hyVAGNXK~GTrLI z?F^qpBAU6juWtx3HB-{%2VhbF(QSVN5kTPuLQOur_Ud-gGRI_S2F^(DIOV$RZg>7D z6Bhmy%!?11hD5^;lE+<0qF5?aWeqekKa6iemPKcUiz%B&#uje z2_eg9d>VfxpKfK))tvq>FNpcaiXh-O;CIfiD}9lOmuj0nG*ar6^^(;$Y|U_^y{eXz zWERz(jkU>j_|iT@?SW;KCV31s`$3Nk7#vUa@*ZEOZd`K=(CjN~eWJ!)JgP@|1Z`qX1hIQ%y#1%`ONlpxv&gc56 zB>SE74LJAnX}J=@I;_C*_IwZCtjyF{_Ko)G%CmvH2BY%zLG-p516Q51u^j-{$r_tO z0n0aS)u^A*n-i)ciwmw3JwYZ9eHYs)HxsCg9KC6GdE-qoEE--{eH&N8?>{W~JnYk1 z>j;sWlG#lB(PX*IY$s$2K6w#MqRS-@Fgz z)(|$MVC50s$QI@Ew^?O+SImMko4DD#0fNJz_?|erF+go-kBSrqhz7dRd3Mq0vPp(* zryb%uDrtVTiF2ztMyXxV`t6+uGmL1hzde}qX!3^${}q>aKYB)!JD{OLr@KpDcKyTv zbwH-%{TPc(I}<|wwQ<9`|IGuDq>?-o3qr?Qou&z zsU=_)5&7ZEfE%^~_&XH3An`Fq=yp@Nz#Qp832XYMy5=D2}a&o%`3|DTMk0^bE) z1{SUuI8`q2I8e%e`|!y4XrVyhSsvXrvgVen5b_hoW-;hqfr10SiCDDYSJG)$YNiHQTT>Rxc)qWxwy3Ifui?I?S}z}Q8Odj5Sx~n(~K5WQoFVY%lEEM zR2fOHeS~Xm0u`2d)>hmI_^4XL<`iv|f8Z2zXBlL)aB1<{p&;#wH4lTc~@m>u+hI=(sp;7&Q} z4OCzM^pmHLRaQ29>R@`Xl8WGZ__FmNw0W1`Lo)%j?N^k}j6@iPpqr5PFf-e#g$p4|D^Iud-d{|+hp z3!C^@MNn|EAwMe?k|ISLVZI1Mh>XLVdbyLpavSZic59l2)z|l?*Qo+-yyc=Xon8ux z9dA1j14L->-H5ii(YhzEQUN{H1Mw|HIkKb6wO72Cc*eob;uX5Go?$=((en(HT+#-F zdPRYbk7&00O}%NU!lkABl!TKKl>_+sn3zQeQP3FjI%_?>YdAZoy!GZWJV5_KyKfB$ zycXpP9Xn;~_y#NLO)8tpnJ-84OugSM|Grhs^sjT|mvH6765!AFR-Skn2g_GS2j2@G zXS+p;WmX@1y8EYj9}_j&)p0t<)G&^;8a|iU z(rft2$-|162AYz5CdyUu=dJ*eYa#u->R=ZXoA(C6qA##FfioFjLhjEeE)i|#RuR7o z16eMTvLiSVyG|YB=l$0#|JYbMm+?a@U)JboO}BG@*c_DZSBo!!8s8ETbQFftC;)wK zWI@!TeD9Q(;I4_SNVe6{)DkTqbI?zKi}McGptR1oM7h}-2 zU*C35+wmI<>wOXC#(QB0?dr&xR~CYY|BXucQudV{V{8s*a zM+@D)!&-l~N=Cl+{-K4RQ{K+)=NYA|nX^cnxE#;m*Hb=KWzoxeU}1<;(9-uomlq%= z2MQ$h@ONK9sewE{V35y$6?}HrRSny{n@USdKTCMv8tSd~M4&y7-!^4tRyx93Bke;KfjJS#l*3@;& z_9gS&*qUN5!c~+9yh_>=WA==Du(>yL>^&twAR~;pT>LVzgzu>HZN}T z)U6&ToiJhBp8KsO%)M=Gk>hnf46Mt(xC#DI(SHQ6Exm|0IQ;A)lNhePIk{dWl#(nd zug0E%J@af1_*zkyTI*VJ%yyzmyT@=GpN|1U4gY4TZoK0Q7zrNKqs&ac<7D{kKPx?d zR|Mos;EzA2bQrDuQLTLUjbbp#6J=pl*x&!iw|{LbBeS^7v~TeyEtl zV)5uM2lpVw5dEc80VNW|bc;m?omMDaUupH)T-2D!I#3id68Etw&f`PHj`jX~WBYFv zBn?2d)Bm|iZeM^vA!B5Je2-)He$~#hqOVO)jh|R|4=3SGrC%UoR zLE*qK1RUBp@$ujYyr_gpvCjqG{amA>#6h;d4t|+(b@u+G!$`FaxrF6~gm@`oQtl(L zYw;ZdQjqf~Pw64TaNf#*gKP+eXb^COmIq%;)mSUZ0Tytu`aVvaaxN&e-^6_W5Z9TN z&cW^Sbr2Rl)|r}Kb!%ZK@ErPGz*p#fOueO2CAQo;&}DKvL=V8N*!hwOz1#ct)>num z#)v3<$@s5TP7w_)?d9%)_BG4{t`i}{UtP84%1*RokgHy_v;41*^@w80k!|~RlA;!o zL9^*-D39abZgs7!^TirFuS@cQ3?}6Fp0v{(XjWv@Ovpqqyj)V*Xkxqz+D0- zdS6sIK4#HNJ?i^?QZ#!GYHFSss3mC5=HLX+l0;;{*plPVZqJ>xCxbuc6o*<6TH| zEk-mua+J}!heCtH@TEE&KESMaZfy#-QVFn+%xBuJ_?xaI*x;AL%ZBdd{>tm4#p~XX z9-KHG*7@9OPV8cBC`2|C8$MZv!r9EgPowUN1>zEt3IJo{>i}w&LgNR1ZG{=d-A2}qNE)+`~4RIAyzJXlY~9} zqanpHq>~5lu(dhl4fYf1*Si1B!!MmsONFoBHDw#^6ZDFkY#Q6{TZ=qstnYT*yWl#k4v}jrC;kK|9evYA!zK{fbZoXCFoat)O`{UVQadn!YL_XIVm#&z%*1M?cvP zoszW2Xnqk|#9saKTu;&U`#eB@3l;NGfv%!-{svtDYz$NkQPD;8N{SU3K_-| zLfxMh2SWzs;>BhqCEw-exeI>+hhXArNiB}sGiphRMg8rC`T=C=`?alRLci?He(hIqrKCsDiI85#H1%hkwktQ^&pfS-PyI%h7!y1!t8Q3KGta zWZn3a@6!@P7@>>oe^bXMhYc)tRwB3evLB#7q1?paU6B4NpbGchhoGx!Wbj z{E(twfEc6_hO-r#%$A!@wYru;3%RFCMoKb7w1x0V(G+Qo>hXuXFK5^*s!1OP|6&%S z*6ZKTLE!UArYX6NyqR3q{bVGKeK69`ynV`47m`#|# zAYco`sD;mbhzw4PPO(srDB6v8!Tv@!MSCCFrMfB}?f%7Qy?>3$qAb#w7tKPf;$S~( z%9;u!1tU6SbhHDud-)w6J> zxvGeVxc7^=%}H62$fr)$0ULk{qkm!L-nY{~4V+E~)!Nnj2M7wJdOk}5(vwFz8XY;toRhmkQIv>mc5E{0D&et8XeITc{IkR%Gw)5URP9z^yu$6m=b4e`I(3p5w z3Q`uZH8OoxBM+X6$5*NwBx4kkOXWrBc}?c8EOdP`5?-CCpP}`P>T4nVZXYG}8JA6B$gQSpVUEJC(k10n4h-W#(uzq6WJ5a>HP8DL)UKSL;Kz0cq zM~mdw5jWMz1}N|z*74=J?Z%`wXdQt;DbS6Ty({?4z1bz12<|`PlP(64*T{6)tAR47 z+i`-_6(?P=c(Gk@Kh_l#a*=z%0MFR-HaXdbY&);iV(Fxa)Z%DK4ec#h9S6opElxO+ zUW&3Q*LM6K_xvjL0D1a%tq5T$oW;6&pX*e>lQ?i5XCUDaz*u22@CZA58$d;RZS9j* z1WrihN|PSB%}KnJqy1z0k$u}J{xxkjdvthx!Q8uuYc^V1n8+2I*FM}MX(P5oGd2HL z&j=Cw^@|++Cuiu=a0oQA7ba+_8y3!AO?QxQ!31c_hNcDHH8`yk-H?TQ*j1h?u=D>U zIC5iN+^zO%k~iINW&awmUw;ShCp!cPPpQo8hb0}Poiphcpo&{u8Q0pahAY~%KSgk% zgOpZ1v^4{ysmKedR-(9&ymGy6*jr~u8~a+;$_w4PTF^y0Dv>(eECLmLB*l6L8(d>a z6?)_|vw)rkojH(HP78FXVs-?=0%th7=jF{1>P_-xT$%vYP1^ys zb2_EIWZdvnj1DtPlEn@TM7l{BHU3O@_rp|AL&PT| zgJ-zV%oreaWw`|+)i4U5G~!gT?GSe`>Nn)ol*=T9Pd}SQY5P%B-9_6K6484ZJ(RAP zkCg8X8$Aetw5gO;6VQZ_Y)Z4Z&@&gG16GW7z^j7a4Pr9`XzO3no+eD-KS(_3zoszf zP(w#A+u<{1#F8S~=i`zOW_ji2j1-|)KYK-1jGp#QACpf(tX$@ zsvzqx2iW&f*0ZMg^zV!|r{bljSX4}#FpUOw$< z{}zH_6udNHK05H?`~4V72zxdo^Wnwl;r#?L(2IJkZkRJmjP2Twn2Kr52uHjoYb474 zjT!u@xoOey*4h#lQkB~^wKeftb39P&z7|fU#eip+6;xRYGrgX2h8nA)mDYpQ;H+^4 zE)5Q7#_Ccvs)!9hnjJb2(XeDOdK?EGF3p{JVRri3L~2EspVRUmYFwfsp#11{r}}PT zP0#Z>bA7o?%FOX1A7VM(Mhs}F55$Q5$oYHd8SZpUrtfvnMmQWfikJT znubzn(J$g_JeC4%(*upXRx=!HCBK+v$2_9x;6^`h;QblXh_J!=@1D~!OLu&JmTuCo zCD2^A26i|?(}AM6`lcaOvX{UdT{)E3SZ_tOYwg%(+~o4>oD`q0X}&QIlH9=*Ixuv! z*C-UHi<4aZYaE>`J4Nt}-wU!bf3}pI?hz#P8Jfab2xehj@*-rqs{2RI`DjUq)v+&( ztDZei!y4sdi-d$rK^a_|@lj=Vy4>rA$iY^z%3Kboc5e>pV)m%lCDV(Ov*u@{+lTMf z7)pt_F*LFvIkG8Y0@P;vTYZg2FPCDsO($>71!uDPVamIY)qij6phbZVr@Wv@Q04;U zWKP0;Xa4rJ2Ga^hrM0nH?J*y^C!ZMBrxjykDM6#vNzw5l8}i4h!*|^TSMAD!!p1=w z22U_C@A{@9S^o9h9UT&qwx4+g92=94XHZTesrpf~ZFzOp7GteNSQ-#h^yU$1*19`i zmQXnjH!`vWx}H-1U+LH2h zoj3k#Mj9U1E^+{BY6z9=>Llz;rnpyr7jNn6L(*3|55Ivnf`+B9?kDNz#cq}8C2RC? zxwQ?;vi4&&1ZPclaq8DZH*H@X(rrpO*|eVrLsd80jdk}t;aH|_REun_%RsFZjx*+go*N6i6Q??pvhRsvnoV-U=+yd7K!o+ zWJz2T^3RAj>R=VkX3?z&8w)>Cb$0rXm2u8io!R@$Wqk~EF^+PB$)BUm{?uhb;2^5)8^o!CwoUq69{8b-NY9yo{oM9aN=DQE$^H-{1=;-1k zZJ}LuB&D?|L8p7~aJ0Rg^_;W#UHr9%unp&8On~7{pR4LqbLg9C{|>q#q~E|2C*n&= zPV{D1hzoXFiNvo|As(I+QlgmSo|&sIr8b<9FFlNbRsF8cmeVNs$&^3+`|f{s~@J*;rFKA*iio%yRwtfT; zpz7i7Y>eiWEUe$uFfZi-3^m&+u_txi*EG|0rPlBOiA5fzl(su)?JHbR%y_%~+bPLQ$%FbMF1Hfq zkL1>_XzeKHA=omhLaUVj6v;g4L~B&#%|qDt|AKqU-@fT8FxXDxbO{OyBCD`7*?&)9 zUQ>Fm(^hO;=UF^E1#5_y8B!Vj(ow2hN_nrRM3y#4YiYdrV6@NcqM`hOAALYQTB;z1 z=g6G_Gp&+fY-yhlVEjc0)Z6Xwbay$MsgY;8%%o%d&+vEU*L`v_D-I8J9OTAo)7Mm= z#;cUwhJQE^$vEb{F1DCSFLN5N8>v7v*M2>G5KTR0uN(^H$*#I55T7Dj7|VYXV%fr# zqpV$fBJh5oe14|AeqTgHZ8auKXCcpLapk+RR6?=9JcjTN&gWePz(oEoXQ8>)%zWP8 zqb?cDy(t}o9OLV7|B85_ew@RA(ae?{uL@rcCl&I&{OrNKN#~{Sn$ge8%{f*D*lnJa43==~V%!H=6OF5!jt0xFLJ}tH9okAHKknZM!qbm2y|4-`DC1udzMnd z+NWLCf`VnBpwh9H!Bw}x^5?u3S~f91m&-SP=R;vKb+!YlkMy_AgXBWA2K(>c1|+{? z84LOkOM;MjzO9bse1-pFD)f2`<9yfC6aez#uYp0C=-M9C< z0RSf{i1v-`l6R5K{;P@$BS^aw$kX}o=kcNL)gkxWmNEDTTBS4NOTja-MjumQ$?KC4 zTOPS`D?MxA!@E1j^6xGlWWy)Rp;f^Qjt7=JDQ24!^JT1l!c|s>LG3-eox>be>mf$U zX+lx%{652gd3>9BpUjRciU7i^;zBWn42GDpv;fz#1;gQ7pHqe8v0b-88O1M-3kCGI zeny*YE>2;(Z05io@kHOQp$K$tO_SP&oXn zer;IPJ;`(EJ7*)x5f>7L<%EMHm84iRb=TYjJJHQp3Dos$HL1s>hHcK4cB&4ydtt3B zN{lNrDkx7%Jf69~iILZ4gBpO->`BRez=zpxp10twxXt1ZXN294(;3^#^y7ARnj7O^ zc}eSyg3wp@Waj$T6$)^{u&DJAEDkoAtImX?zzLU5bMwW1#DJDdjAq}#JPE(n@nn3L zC|9EwEtQ_FZLqMT{H}tRNAau4>#RZ>F$ULYZoX`(FELBe1xzDj6;fjgWfOM86e9M; zR$o0nEZh@8F%7r7)+`P$lx8pYco`M@i;y?Rn-5-5H1E>tFy0dV|Bh=}<=ti{+~#7a z;b1-w)VT=$!h_kI8sob=WxtY)nc6UCn;N;YOHlBn0|d}i{ORER$9*%DPQU-l;#5<8Z21IMRVC^zP@qdJ8SvxHzt#hz#UefQhmS47Fl zm7WGsX7@J^$Aj2%q-Vm-31SmfKu@fUAeOOZE6jP%NP$po5?<$5P>%VxF7i65T65hD zA4qW5#Sp@d{wXj1N{@B-%Y*48a+0F{PNDj z0pNFe^zWkHE4E#u@|klu^C>P~IV@la^H%Wp#`uB-oWD{O<>n~zIFm44=!;q^Tm2|t z#H?z6rVgX|<}gx_rCtmyODqY6R=QhY|Joh1KYvuB6<0);Np`h{GMqnfl8s2SV( zK|{ZC+C4!iH{|{!%w}h6Mby?h!1rX7{vY)CHPV26N%&rz2KIWF@Rewv7$N=RdX_K_ z^DhnI^gJ%#bOKV`VvRITVs6W9)Q4Ad-f|aw2(AIBrtEa~+;h2Bq(&%|J;(Uw?QZ&m zRm!rk4EXK^8htowsWd-wNp(>y9A-&2lj&b%#G7B;sA)KV#wc=RH+P7@sh8i21?3TU z!8%?`iX)bfV40OUp*#jeRq}2--L!6_`p><#;pX8wd@>(gHeV6ujsqShpU3K`J@U6H z_LOES)g)5wya}c!k|!GmnJteOjge&V7uxK{oo!y;ib!4^h3RR#bq%X}8JO=zenh5% zxK&`R8QHzc$3iTvS7UHKcOhHNw=nq8Ikv^K>0FI1YVG9+?k~vTpjW87sO({?C<MQeHV!_REW&>_8aH9!YL|OeA)&h{CAt<`2x) zL^YZ++Na8)JrXx=By29iun~{I@ZSk03AK}#lTX;w(ml?Za>!UklAocYY0>bRCajXn zo3884I(a~DF)d)Mg2~`8hqCnbg#Uow-ef+@{pC?4H8@0nZf$j9I|9Y@(Y;<2nk6=IeOw_WJ&omc>$I2n-$d#5|lpKN527c|#`w9aXwC z!TN(;ddBTD{Z}$oDB)*wWdAi7VJVv^^Ky&I5Wpbkv+J3`V&QUtamr;ilaTY3cXh6| zRC^!$U!iWx19F-Luo_}2q&Q~Wj~DVWV#B$;muOja>Je&Ew$3?fpRHxsK|1 zUG_xyn60P$(GRIQSNWmKO?-s#?@vIL%`T4@acBl&28PqPIc+92Fv(%Wz`_)q7CnHl zYxkU>_SrwtJA8U=tacboQxx515lhW_pR;)A!l1k)LI&KN$NMn+1af>cW4#hwL(H*> z=w$}qTkh}U9;ot|{uo8NgjA+g*FDZuayCx?&4A?z$29L_P04CV6b2nO*n7UyOF!7GGufg{64&Oyuqi9RO#XW2ti zmEW1l^&wV(R`k01r;sLE#2s}^iVgxdz1tj>F84m?4ztvyCN?3Llh`zjWP=ki!XMMHuBXr&NS+7szlR3H z>)S5)9F#CbQ4`teB@qQvHsSQxhE&&*QhXJ$;yvB0&$(XWu^x%6?QTa52<=umFCYRV z%e$85@#kx%WzSAaJo3iNPo!O=S-5;2%~^FDsBq*;*Ecs&8CYmClvhHyN?XmB+ZpOJ z+G3-s$%yZ+d9zB&Bvy~xIBo7NOEvh=@(S4cC61)*&n|;wTY#74Mb%#X2}y!wT&~aT zjlI50NX(;uDTH@fJ9m%@&gQo0mfGfADUUgQN&^9r^f^wu3aK@lB8KPW2IJ`MBp%>U zS~-CK=W#s!?KDH>P;^$yT0|2QG^Xzg3ZwkoE<8Gs;|D*`C4bQ2GaLoZJs6}EH7GE{ zj_9DH3V9-r(hWeV4tJ(vgo7ir+r;)>T(`0`3l zr}ecEO8wwd;j|iZ0jed*atXo*dK4VU&-U%{ucs9gCP(>~itCr?Y|S3`9Z*@U+{aHY zy33#__9MTp)t7S?dRD=RI2DNy89*yj;O1sz>fOKx=aWg?qq(};`z!TY%PDMdK}BG2 z2^HoEh1Bk~-@urkMQoDS@kiNF81+}~9)}A!eH6ub`T&RJ>^*<2?G^b#^&^Rh1KOo7 z@`uqIy5!6KkdCJ#4iXUy>_fu?&_KqY4@(`M6d2HG$(Qyv_meEw(ldpd62P`YgDrf~ z?*o)wBedj3K3-!tnj^5STxjQ+ivW>$xV1Y2(b4v;Sg7=IS-WXtK#9!=vXNr%qWM(U z6}@@m9bTlI8a2g&x?UlA)5R6tY{o36$`p_(pVMl>g>rM;52`q7!ky0C2IE|79{(%P zQyx%&3p=yAX0^U)h$9HzK~nln=HF7_YPhtvV%>rbpYz{lkhfUQ42W>sHZ>l54y^JV zvk(aOwI)(YDfn!&{KffL5R**u^<;i_PVxJl*@m1EzsD$#gL3LJN%9uX;a3;~wcv+x z{4-dML6@%y0rahy%`V>M-clB7)A2x73pEmIj$enbMsxP^*eg3m4zf0xa`z}HvT34?LUAOb0Uu#ZcIJ}zXviU-FX}b7**N*amo20n*G?s`DY+KaMC6eV$Ue5gsm6Gq+uY?+Armz7%c{LVV? z`#0{Agk?SbyK&u83Y%Dv&%NP?Wq#KaKeKI#G0@?Kmoxx$mQ9Jy@c-E&TBZxBnD_Pe zegJ`Vr4a|j-1JTHEf25vZIUc?bEbU%_)rl^cT&IJ-qVL@l}mNSF65Rs2wvPTD-uNf z{k9q6xCeLX%qNIyPDT+X^G#Cj!^(P1OlM(rd~*|7l$w+DjNnsUULRueR@oe&ST9v# z2*v6s<>ownP_!^$??zhI&nZDuO$wZAvqE(}S_#c7U|)kk2m|u)lvJ+6^;}m~^Jqme zCa8VgE&jx^>?*9Uwd>4PIT2$61pTdqa13@Se{Piq#FBx(xcFj@+GPh~cRWUc@YTDR z3#ozlx;+zDUBh?0hL z`Mn1ppFF4+n)_#CYFpC819x)suo~+ z{pEH)eIyLXP57qqyw_S%te?FYWZu~RslN_mpweuY$aFX!B^G|x0nurY~SAAo<=ArBg$0X6mjS8^4%Yz32cWkVbUhKvjmT$ zD>v{JH0D{sJ66_ zEspRauq#-VZj9l($#l9_$Ii^(MN5_TWEJ|MA(qqT>f-f9-=HlDW@g&mZ)eSTcKaE> zDZ*U5LXdk}HfIr3xz;w(WF+}Dxfd@0?3r1?Vx_w)tkO}Gpo@_SChVxl?rGU){_DW3 z3x58zb&*EZk@eJ}sBJ`bqLJ0%o2^Jy@j#FulDt%bUcbux+wh3n{pK3WO4_^eB>H|B z)<>Kwlo+p?uevz# zEWODaE7;;zdZ>}T`EuQ)pB+B-wDyVF12oCCrIY8znoT>ab_IQY+|Kq9!b#4i0`{D& zt zZpgBS=>?U|rt5`oIbU5JJ&f@J)3L;lHFK&V?dR&_m;VPs@!zzn5nlwx;-^N?5x*VX z+(H`~_$v;1cwqvK8$W)!7T}*f^buUPq((jeVEW+$`!%uokH7c7AC6o=Xhybwd?7^_K1w=SF{lMIc|9C{ zVxb@-h!N?Jn{U`%H$5o`U>f(1D@Nl?3g?m(NSth7s4*1#RR^k&S7@+LAWMwV?)Sfx z3PSrL`!mTbLLQ*5t{&Vmj)AE1;;Rt4p7x}oyyLjo4vJ_g;yPMqHCf{d+IvwnfGYmP zj`N$CwqdY>1+N-#^h?PvG;d&j-eqFUN`sk&m#%bx>KD@7>f*-uspBYPy#ycMIlC5a zG!kb)Qkgr^n6h|M+t4!Z(46Ut4ufuH!nb_%$I&@==ipQ!yY=T&5|nFr1YJu7wR&xx zuLc6gEX4UgiqZc?)eG!w_J24qt%VGqko|@G$$WekRnCt5yHu!DHw3oTWn))5=91Me(JNkEi5Uf{io{V6ltPnkn$hEl=(=jV zG8sypCj|oLyBHn}fe5$NKA0aH-y_mGCg2N3l)Ck6>*{Y_iz)x6`prw=x5tOBt`{tw z!k5sH#3|B(r?cqNA5qp2Tr?FB$L}nSkgttn=2%!*EX~Dd6RIE$Vq2K7^e@2YmI)XXgr9qOscY&Wt#(T~-ZiRv<# zAGFle7k<{xy6ZT3GWxH1(e#iXm|=+@)KBSCrc&!LzOR)-H)^Z&GSquiPWS)TfSJH* z&1$E&`S-7c`PGG;Mx_G2#AIK<2^HcI!Zef_L`Adt8^3@5{+^tig%%-poR+AG8|dph zJ1>M(p39{QiHnOzPc=~b=C5bOs+nz!?|%R2=|m^3hd%)ZzSbFKSgW<6bo^IbwZe%H znBK6;r*Y|s`?*>{+bvW~pfsOE;?0J(JXeil0eW0L5*LwNl6!`P=%Hybnxs{7`$c%& z49CTlx!;@k=j5L@Gh&R=$2uTV9v<YO5ZL$2~)e&@j)KXcEW!o!f8L$)63IX3| zWC_6(J}L=)jl${zOwcAh z@+FTTSWlsE!>+)v@p<%_;c5FV>8A++^Z4k)1WQ);xDY?(@Z|Crfg?YvSV{6}jnv?j z53Cow3y4P7et?wHil)^ULyMN;0U8hj;D6(f7}vFLjZI_Z^bGgMT@jzhDfGAJchiM* zX9N_m%r%9qgpMT9cgPn2lnifSM&M#2FcDwhG|(4Z^X!ZO{< zU!zL;IPdwDMMiOt@kz9%)(=QZ!~e*P@>0qwKQuFRa`U1bBQ9Jg(EC5JrJ3GJjuZVSP19!K!ws~yU zH(`-qnC@=%jOt7XQA0SU8~9ujORG<(j^97}{WC_i%BH(}@uR{X5T!sLz%DA{-nPZ_ zU7&jQZS%f=$tQ^M6QvB_rS5z8*FE}02silUZ?eqfze!nLi#t69NosoaVXu$>^8{r- z{~u4#0~!-vz{2O$6B3n<(?3j4uf=}1ioQ74+%h5N9#4TqD9TXkQq}p|&Wog1s*{ro z@1gCea$-86V0FzFISD0IXa)5A4jo&vGUE->Q`74_#;4sO3|(Da^kl#HWjE)!>U{?< z6f&bN9+|(s$xb%#xM*Zz6dXF9PL1k6)-t>mJt~7N%LxZmjdEh`_1STL=cW|3!79#- zsbwK~+0`I^Ej2Vl3o0!w(lB&M z#}HCOgLLQF{@(ZduJfLAzW>j^To?PAz4x=9XWeV9`(EFlJu0)s@|2~<$JYuVf1fr_ zFr@VbM6|!l{>9%d75LK8khz}f<^~j&AXaad`d6jgq5awVTMi%NxYO?LQ7)SLCQ;rn zz4pF6;Bu$GuO5aG4z|TBaO>cPD!dDGMW*vEIr!uSwz`uf*WF6w>LFxD??!i!__s?*ABurB$F)7W4)?zRl z=G=<;3ggpB?(XhPz1?VfA=FW3T_E$RVolQXK0TG3)+ZD{X+rAT$RzKJXX8mE?Htsx zHLov)&I4P4zXxQytoD^%3}5i-51{db}O}#62-_YJ+6< zeJ@eZiDdcHB@a7MA4D>4dq6v?4?WqPgVwr>82h3!1aE||oyp1N{Y4E`r6l~yOSFu8 zLho3$p=YV)h=hsgvZILU$`=@=c*9G;Hu36^&B$AqDVn`h^LUf0vzBSdCWo_?lM1_; z-P-o=(g3z7tp7kyCZ@X$?_Cn@v31KjNpO1c_W0KOhh{OwH!VzocfGqtmuY-UhsJ{XP4`6$P~w!+KUY-5 zPqO>*IZY^@(TL-NoFpUCO*(F=B?u|{mSvvE%F3ddF8Iw-rmg?Meta_LE8~5us6rKo z$l|jY7lw*n({YO8eRODT&#Pn%#L0<)kWd@LKOLXGTg`|Q2?>4Xo%!;0pXu5bK3;!3 z0jrqWFF|ADqvLb=m!^0j&yZHPIB3fHFxvtjj!wZt@W5yA>zms18pqZE|7%Yeof+DN zN5>~sIECyA#;NZjP3OEoMXw zq`E#yQSjOi5~^g2;%i%Tb+Gs7+4WA^Cu#=gz63{ zR6lnCk#s^$sUeQ;F^vQj^v9|%wt@YY!5c}tfw$X|F{@HW4hU?4XYnl^3>u$sh_C_} zp!m%{Ecf3Nc$wlqm#c_}u0&f0HLgAKhUM{}51=b>^>;p9G3YU=cz4;lXt|4Emx8sM zLjj%s{-eCHXG@Wqil%f$xHrR(IyC&}V*Z(@@*_MH4!heK&9G&4VdPJ11ITp!zmUs{ z)I0AyidNSN(B2J2ik7=R+Y+pJseOuq<75;+jwpQj=Rx_^>#Nn>hjXZ~<|< zZrStw=aRy;ps03<54m&EBlnT!zl50#TM9o>q^p@dT){|1>;-ZceCQebY19QTO#8?1 z^%{4cOmQ3asQxMwtqCBDh$BV)HUwFrAVs0++k#hnV=#{zf1KPBaz<==WQ(<6C-=qo zFmLQRTW*o9Z^iq~PC4IQy)kU`M4A=SsrK*nRxxlT6>g(LyQuD}K6m4D-==|kub`=A zi$>m}@T^)mMmb^@nGSYhiw?yHA#N-w!Lx#O)-=NgL0Fzkz$toj^AF7Wi**jM|M!Y+ z&N@^4fLjk?8u6VwjaNN3;+-ygO6z|0#0awezH0UIZ}OjA_xYV^-`)H_o~uwmZSJ4q z8gvtHFck9QlFL%Jyi+&*z%1OXxAOT*4{)j6qmyG$6@}3pEN}+i?9Fb)xfGdh z{M6gijHfp~Bb-AWE}YM)swYYxBIR;T+Z=yf>%7p7F1z1AeUN*EizR1c!`c}V;Ih|E z97`^Y?)5zY|KKnd7!VEahi8llyU1Eth<3`~xu`o*D8w2B8z|uHQ+DCulRf2GDAJQM z!?NO%c}8IZ>=^+8{|21ZEh}pweJ}9r3SbR=9 zI;Nk<)pO)G=DU;&v2>XAux_y@bPr2M*wMkiy9l7d9)xPk!t&0hv}e;^=EIAr-gbMT zv_aw|PGJ#|D;MLbP-!ppT)hQgBr3-6dmlni^|jI0jQXxV7y%xJtrq6 zx3JY%i$C$Lrz0#gb%@tzm==p%3}v2J8tu}ndmOu#*K32j+jD^mYh~j z;#jDoFR8mCBf_6wi>;n*e$#7tkE}#&NB%!O(No`DNiUCHjJ+*5!Y*9->4Cx*^R`oLp5;Y!5NN9qRlfcDXIBH~v62q|veC@w~AmUPFh2xy4pm30v~CzS1CzBRZR zgixj8aWV-Di|jhNcoRz{_UyJ&Qo%HV#(nz2d~k{k?zzIsZD-i^_6Gx0&_yzhx&>o- zMFaW92l4F~DO;?DV3PUnqiu|^+~^d(*?tRm9y~Tb#;ap$4p+9#*q=4^#}W`Me^*^1 z|1l|V;r1jTv4r3SG4dY<4nFXM5-A+MdN*SUZM_i{@nA*4%W*PQ6g8I8=_)4!JKx0< zg%}!}ZVfi>UzNF>orwV(0rp^X8h8;tK2~?6(9kXw|3NQog95j!R|4&6oAlACYu8R3 z17A=i2Iaui@kNA4hIku}=noe@;!5Dd*O*lNcWsH*Ch{N9DNe-WuC>Kh^j!I4+E97T}shUW{W`zsLB zciQDpA@UfUNy-EFK}YZIPPZaM||u8z1-Qy21XfC{B*B#S?!h`&JjcbTUUOJ z&&PfiBEPzI_sk$&rL+6>!smcPd}^5{$mFeVzVhXPp8q!Uvk=MSvs|1Hi(|c^pqsI2 zoxXxk4Ar;U)FJm$E<4-4XF0X#y=sAIn}uqk#yix#4KgUJ4e@Ltp`pjG0wlz}cH$fN zaH_zP!4C{l*-Nd&;0NeO?Rf<>H1yEsZ`8UfG@&KRKi6))`+0wTd?GSR)!XtWxmy34 zxuuiAti zKW{@DDmda?_VEFU*L3A27MV20Bp}#xZ@BULZiEEC3GyWgI3I#RA~{6X>}@oV7?h%Zvlg>|nHN%}J?#HJUa zQtlg9JC?8R9z1svr}6xKFydLo8}!uATI2(zn1o)}S}K=B8i@l}>|7w0sqG$?Nl?&L z)p^Zn;pNhYcwPbij>)1?Q?oxEq2$`mU}>sm2#@k13Woq#($5ObfJMZ+N&EyX*5uQ< zFoaZJS$>p6HI!qNo}Ru=zC(UDCnP@izH?nT3kn6evx-}L ze|nZ~XHo$oV~FXm|K$IH%z@v}$dCD~B>-<7G4!g^M83@*h2?c$8JnF>V8WW(vi5{2$iaznSS|UXOoO z|Nc(@A^8BC0YD9l{{QmNH%ls1W{l{_&tCsGr~aS6{OjSs)Tg*lus;Sr@u{h~jZXf2 zmSp4LASg_FIi_N^q3@{8!oYx}rl#iX<_1j71{BGR9c7|_Ke>>@rvQ3CYlVutf0&=2 z-<~dG5ftREcJpU2I(2jgpGzYlAsvHr|NBZTERl~GGr4i@_T7$Sb(cFxNQmRq(Bsx(UC(oQ8-5bN^8#F3Jd9_ zq>TP?EEI!i-Uj~bm7uku{`*p-6cn=h*J#g>o>c`cOOujGS#LeAUb!1zczQ;~#2{>e z^yCPRbe^uR$s7|F+1d5g)%f5iLBJ1K$*tg?;xX*NtR>mMQS#2r9P^+cCpVv~`34p7 z!kHS$4bS;bMKf+@Z+|-u@k?#f&wZd9jJPx-}3!0ywL?HDE z5Yp7KxJbFXyE`^9A?NK4b&msRX4ZYNO2^%?P{r`Ko}Tr<7=H~eO(*FWZ-f8d$5HtD z7LtVL6N7rR0DH&Z7+)xA5o0M9v;+bdws&fOWCE7KS4E2hw10T-wrA+*9qQ%c%x7EM+nPIZcy;doyhYR9tD9@r z$x!B!mBWC5YTs!kYIb=AEv*+K`Z!dg!C$)>10O8PHJtvYmD6)c<(TA^?vimDG$Ah; z8{cJa-xQ}0Yt;|KV6sg=AtmMIA@ym*ekwW*1M(Ww4!>*2B2Y$IwXgX>AW&egt!;^9 z<;DJdxGIG(klU~yK)oyDAGI-*Mh^r&<>8(`6YssqN=fOzl!ZZgjGCg7SsB~0x(&c1h(cPvh6Y9}wD$tr^Y9!JPaJ2GBYJ{_lK zl>Iz`8JJ!Iyb@38ZY5zXX=^$$S7OVh0>{12CKPf|Se<=nqJ7HzVR-^JLbXtBw}C;8@e0r|vHnXMJpNaK?$6XeMdxNV z#k%thCbBvQ_=4|Df$i?==7(JkBm2qTIMO4(AZZo5)L|P#>2wBmXBwPT zknCAbw4~xQ)Dzk~_Ax@pGew|a-u)lo%uisPEwLf~2 zdSZawPyCp`BBu256xcW<;=$^A;lAUeYl! zh2uKXgTtS3adbeenC;@?OCK*pug8)bYfR39L|Rat ziMXe;2Jfh~7PEb*7Ei91Q#c^y2@+nYVEiLBAK#=E;=HBa)^iF6&Q>fT7jVfOol1@j zDsV^68Ub>~zviX@Z4Z_yR0d=sz1A}@0FM`hM@2`k6^`WoZU&~WQd47PL`Wy1*E;SI zBO@apow;)f-q|4{&P9hNG=kTpIHjKJ3G)eC&1!q)j0_E7a_DmQ-JIK-S=kMqhJ7~E zwVxB?HfTEgLMo~Qk}NF)S?lw3u1YU_#y>IHDE7nrnjdH)_@*uH zj>kR1EwgkP{PO7ee;=Q-KlwdsYWe5Vn*|(XW5{KQ**@?IusH&O#@hi)&d^{Ubatj|TVs-4W~_ z5=-2K0(5b+zIAZG!i`mdeF_Z?{mQl*ank$iSDa%IdOQw}Bm`}cXZM>tES*ipQiGaG z!j~`t1qBTg6ERu6+!hc+C8C?ThU9LntDDx~fBm9PPaN0FEB6rCcvq{o08RI=sy_RZ z*Q5CM&txCuGtg5Epj%jN5d?TI?;EgkrC|j3pt12LbQ79G8pQ1T|5|bKfb=|-t(w#O zvUdc?$2POJW--#DXhQKg$Mp9-seCOdagg>aYjt;*-H4tpc>_{Y!w>lhh`E{6|NSWf z?LF~%l{|GqPM>LIOqziG=8hGF5s5_OJH*utF>40Xcml0=HV8J_(Ne5_N^X5r&Y9DTL1zRn0d1pa=f z#Ri!4#lG8P_}Kp2EMdp>kD0dH?^Ip&9*Rp#JEzVNa}9u~J$aN-s3t7pVy+cxMsxhc zm~T^YNKr1(_$kkR+bh9Exnn-y9b_iAg_j^UcAiT8UQi9B1f<8iqtkO(YqM8a$>b}Y z+KXaK9dtQONbzR@4(eBdC-jql2)qtl{l8ya!sD@ zgO$H2BQHPa8k;IH-BRT9w(&h_`n;!XZW-sFoioZLC53%(a3D!TD0@vpLSeAw3qTK# zYffzz5f+*fvVn#}ALOjK1^EGURzvz&yln~$1_lP|sUbKV`nZgz`F_5)yBiq>gT?Ju zC+8%G0w8DIV%9i4IUO=_@?w2M@gn`5MmKw8PyhGCgHcW98n;tT6_Xd&js1fXz?f12wIqeg*FChU$pD37N&A_81tv5cnPu86@=rW%9_} z76Tn{%|Hv&V?DPDs!m^{teplXbSy0=6lW_r2&neOHh+Q^C@bAyF`3V|G7h)pg>BKj zPNMqB`xj~4!Tr-pfY#g>T3_<58cAz^JmRMPz9lPc6EOpCMAcf4o*a1E?PDfAI7P8? zIl4XE`7AkBt+sm9=)dQ8;BRb9=Ca;juaOhs?x%tX=F#zr1Hfwz&Aqx4(Z?L6G!)=; zcBel$Gz79sk-?&o35f%-o}8S@hzHT-Z*l|tEOJQUE2y}t@^#ivQg=3#(t4RAo}KgV zsR6FCUSEX!oeRg)vfRRgp&lD(SfInMj&8fW-i*DW=g@1BI8vZ+H8t_M#Z4tQ;9b>aUQ<^ z_~g_8Dq_l{(rOMD+JK!k@e}hbqFi=ABiy*p=xV9a)X|DSi}ZsE*|A>OLh0ID2pj(r z{qa+asyW#cBF^gUT`^JSqTQ+Vt=n;b!S59{9`MTLfMeOdT68Oc%jg723mC{S*v3=1 z%e;DN?{cKfv9(NRH1*|JP;q`p{^bQYRp*tIy}5T>iFZ}TB6Ouj+cY>q;*`qE8)803`q)M z=dvNH+YL|Tr+1tp9x4?yy`9$vt7%Y^qLSpCoG!m{jeJ#vmdt@v@~;X$-0M2-ytPOF z?LQ22YBjOG=;OY=dFknZ6;ew+Iw#1^opv}DYh|5aq<$dCNio13$DQ(e)n-3PsqE?w zUN6?zGOI2t+qMpO-2=u+6=s%|bnV(ySrZ+F->^YlWYG6wCwMQ-_^o6Vdr!yc>%v6S z&xYuB-14Ixv^6y~<7Z8rKM2_lx)BLF0lP>;q!j)QP(S9*Q;Y zb=kvI7{V%ls7g`)sgD86oY;9|VZ23ywwAA;7C%8FexmZR;|b&D$X0Y)Fd@|;gC+2J z(~?j#zt^jFevU)E7<#QN+$GLP^{wYx5<5fuDe=#0(<64MkFp9?Z5BH~V4*JV@p`zr z4(JWO_O;`G0i+2hWqwrIxlYiRQ&94>5>I+TkeHIx`zy7@a3GLhK>vN3wb(v+4gW+! zc6MjIy1Z}1*JEXY(Bu26M_ZZ_+Y*OmvHqb^#5J=-sZDHtP6!+Pigt7Nq$LJ_-TU*=R555A&yZd{58XA*5Z=uxWcfl=ZHj6s%!#zMA zD~D$BLT*JX4HZaAgUZ)}zH!39x=PGSL(4@^&cQe7f*=!|5V1n|>p!RUgKsKYE12I!gZ~4ij+#vegJi~K zHr*tXh!ioTvh?NKp(lK+OQL?VMDuCV`$H`nP15)mqldD#hgO{WO@tJll;PC@cqh>@ zn$RqC8VQDM_|NAd#!H&MIucL>|fP|DS?m`Kg^I)gZ zG@tc(QfjTnz|J0BG%)ll{7b0Ri602p)cqV*1<8VXXN~5xwyFB%%F7 z4Dc4}x&c&tb#=8xGFdimYJ1yer`bsn6ClE~NrfF)D~y^4^Y+wbZK?P6%W(uP|z8jWK02w_E-CyC>7!Z3vJoiY1?xDllM+35oVdk{cQGE()9XW0mlWe zNu^woiMb4epPz1-EiH9T+ zm<$0c)0?`I2G8?d(1wDxtPHV%UQ6(}8xk~w{FKHWAQ<1bsl?`W-G$qJ@!hCB**|^8 z#8TM1(pko&=X{t~rS#~;d)oXoD?MIAf&)Fl|6s9E;ZuFSiIp@Js~E-e@bIW}!Jg6# zZI^LD($sJl(Vrf4o8M(3#)e-IZf()FHvn)-SlJ{2yAPNw5Hv5zT2d;HC}5AzmBeI- zq)mC7$}ls8g*waC7m+jAQ1~r8#u~>ARxZ|X)Q#T5*%kWdtlInzjdQMr=Jw(M)>x)) zR^jzjfLXnh3CYV-`Wq`Zw_G-aOjkWCjNo!Hk<2PwKW58pl*_<#()bH23mIhk5`1^H z0}tF5@5mfZ|A{nk`+2KS}Hm{L!8;`ZVcyegDI7 zb|aQ`g>lz&p_!N3%{W`1MG1-D`0}8m2dD~(Xh%-}Iufmlf;5koeBn3lvGWm>AK=SU z7ct+4o+v8kR?+!6S&{FQ5iDfOB}$RsFLzyngf7rBqyW zOicclZ|JEEO6B_=DOlFUfnCk%00VSaCa!UQOyw*IO7 zIjl;_R8D(SVu9niNgAjrv_XuDWY zNQw5Z!K&3+aQ?v*FfQwyS5w**8JNr8S?_2-;h;h)>4!pOx#7!ED+`l_|FCBfk!y=0 zFI4kArl2OhPNBLDybYm$(08V5vhVH?Z(7yP(LU_Q-kUwmRXV$ulMj-Vl;jOsGPJ37 zZOTtrt+7R*7{`kcO?`3Oy7;50rk2Ki?Wy7a#W)>&0Y zY0$uD+Isiu`o?^EFxC6RS#}V0$&!2?IP*nz2-Bpe>g)3bJ8wT9Sm$Cks%@GK=fF$ElEhkDC@Q$7n@g4 zBAb!K(^*M3m+vj&ayvNJv7I&nQCnQ)k9}*xd4!6$!)O2D%mQVfb5? zLxvw$LXUE+Lpb3RCmDJkuLzFCn2K2k!l!c(P+>1@!{osP3XAybvb43&6;eDc4Eu*> z^E3o5`)Ne3aA|gq!MPt333Y~FUyFkuGoQoV_i>U=l)OcLFRs(Fa%Bap79G;japQrk z)H_3d%_jV62QTH9^QH$}f33DJmyih$lYaN>*Hnr3DRB{%tMgRhgUP6S0OnO?ab9Vq z_Va^@9?S+e15ndfpnc5E&11D!QAK4RL?kt@PH68vHpaaBo`!(xe*9dcCn509*Cl`I zg9HEKbO)*P7iX8J8?6@pEv;908t*S(J>n0M7%kZpm{?L#QR0!@9=q6U>FEF=)FKVl z3|)hRFCuZNURg-Bd$KTgBgVUKMXQ{6Vsj~KPLC1G_&O*(y}d_n7*=uSrFUACSi9&t z=_T^=o(KfO8~jaLa`Crw;zmGbotN6nV3`Wz@vB0k`{zN@sAp-KCv3Vu@{B~ZT7pdojMW5h* zc-jBi%$k^(xCQj39K?iANQg$1$^aE}LpfM(hiF^`bhd{U(EIo(EsO^wU=I`=V(|;9 zs>B}eZYY1y?U%n+8;!26#;1h)j3)$z0N&L7rQVvuoUsJF`X$nX40&IA4j}0ZBojnbr1?GIm%rx$R?CYC)_xluv;25v zxa@V1u614*y&+X5Qgs*vs8Cmg0BI2m6))!l$yb>t$(ijv66TuCD2^&_zyg?HA7xDP zFjBI!-UVkf@(U<{7XkUXt~xR_8B@h$6g)U43op1J&FI-+<>0YvDCw$TX{RMQ7_9)q zrb_gx?|G@AaC&hjipsKOT8;^_W^47%em;RJ%ULytxf*nXpH8q&TQHx+6|?uZb-Kl4 z{4_O+NRGm%`G>%}oV)QiInW_hD6Jn|Q@W$(BV!zBd%Xvw9!whc`UM}zdT%>5h6B>BFZ zgld#B5eQJ~>h69w#ha8(BKzUuT=C~fNH-ogyt%dSN_DjMxxZ)4y4`U5E$cGk*j*`<&y-to-mG89aPbn(ex<$-{#irZ8t86*sR!==VwX^oQi@2%!5!e%% zi|~ibP}h8K`bh}{iJ+1Acm8fXL9!|x(d}$ z|BK;qE3y}N^8ON~4Ac)gRPgDanyc{<5Ye{P#&l@r)RbAD3&B6s2`%tp zw!9qp+Ih#XLxe>1`q29@r+i=KVdI!d%RL)+P(iwE5d{C;)7_RcX1(GZOC^F66iXF( z323B7 zR5}PrEl;}#ea2a0gj}CRtxWDTp6$g6CZ5eLn*G*rWQ7s3l2VK}g1Nnl^vwgYp0Ecq zca}GO?08+6Fn?;!j6m4dWL~;1E&M%dOyPNV z2$zy*nP&veBdI-YuDBo0dHMVO8{BS%FaG@g1%_)ls~MLi%f-RU-tlzx z-Vi|yUZ(1o2IokW4bIynnaCjs)~+kR*0p5|eaNLCUpXrwki4S%tF`PewqaXY75Y;s zX?Mgcw}usaVVpa#70jJz>Gz~kLD=)v^CWvcb;s+geR>X&&Vw6!CrYakGekO*nN(XB zTvUX_gh!X|ajiqdbH1{GDg# z=RU^T4y?XB6eyrx%=7v;Z`4-vJV;1LSgZZdjxRP9P^Mu#C1vvGXSNSU7yCQfA8e3o z{eThG1TP4d^H9$-GX-s*P4Q$~U(%)pz1v-y?zy{m!zU!|pY+G%EKq9r_~n3+Op7u} z6IPVFY@aa@w5^F8P_h0t5BM0MtRv%19`-JY8`v42tlz%9-pXM1%KwvvAr9z508tvz zIrwFi&x29Qqaf+tjHvW^QE`#t8wkj_!b0g}l!z$dtn>;xWzU5B+J~*-TMIeD+OZ>m z!3|o?BMgw#dM$OmU1gESeb51opxt;39fm01T`W7(&lb$le)74u&4XH3ZB3AkZGJ!ZN#{C06|AI0`qtu91I8<666ks^~G7WYHw zkO^#Q3v14u9M&V|8LkRCJa|u3JshhdUAH?o$rDt!`|50)tW$vxmteF?a<9J3?=L53N)3F=U>wM=8lOSdEFjTpg(p3SVs1Cc#_!*E zE{)*8%1?M?rozpM6L-G-ni$98K7m%bK8%OnE|>eYuZ(WlXNk}3`$+kmFnaF8VSX?1 z0C7;S*^|q-&3|C|(N^$d$t0eFF{Fzqy;3G?Ik^wgX!f#oAB`P^OC{Nn=SZe7ng@(O z-~vW|+1T1v*P&iN3bsVAb;0KXNrja}B_xiG*-zvl(lO*x9(R)*ygCBZJkop~*F|Vb zL2-%ikH=0N;J9e77@O0GIMTqqv9|CUAA;Uk>hL&(ZtSvuXR^rKiRI>j-+I|Vx7<(~5QPs{ zo;;qtc_ph80UrNK$;`~`&zc~4#;Mu#QVfZOi;HS+PO7?!H=Wzo_k?4~ zyfX*c0la)21~z1yFMSPT%0D z`*vnu{v)#RRRKJM`R-RM#?{cnscA<-+A>o+yK;PNsQ5hfxF~Nqyg(S13@bL*E@x0vjvqexS)R#f4d#-wh3qx(D zEb`~|WO5Ajc*N_N_5|{JjaPK-<;YKkajWb$DHp5L1UzbLG&|S@1FdGOO$P~wfoadX z5TnF*dQodH_&rqkyn4*{+wCKjE|`*DI6!{6F`HhX5b4$2M}(umuBVkn#Zl>4L{QQ% zxx0$rD1WwJjfg5nL%we43Vs`H`0Pt!DlzIiKfeZ_E4s9|I8w1f)ix6}8m*&k-h+dQ zEa?zAITQI`<5Qo8%DT&M2ew`LQ1)_*Rx6yI`cJZ(622b}`jk5`GuI<5>HJM{N;Kd0 zmyZLPynNe!cm^9_B!NXLl;pkZx^}akdn~%*=na+8OLK>sV^p6NtQqx-_YDp#F_kK1+!Fmk&sd@Fr7 zBiZ{#kH&H$R|dIjR*Z<>yp9)r)Zr9)4+C{wKZ%2i13U zp-~YWT2HL!E>U}?=33phK+EV;$tlCEyRXl_fA$t9n7f~Mkw&n4+ znkyZh%7=mm5nG%&6^A%fofE zHaI*eum1)omglesj;?IFnHPl?8L21gojNr&5Wa&=#A)0jZ@25u8*j7yR`vsi$`5t$ zL)|B+s3m{ls8Li-&i4Dq_>g?1#WQkym8gkN{gVwS+hDOidk z%^XPN-j^&iKUn)dCU7F>VkwpslH=^TOs+yILrhSl)^jF?S@kfc507Nbra? z4jsYkbK^do*^UgFKBN`pM!Np%RVOHJ%n;{mO!XIz{ZmNRLLacihB}n@?POJ#B6h;1 zTbw|e4ZG5GHvHiWs;JK$E6oc_TeEn~ttmVrA{a-V4u0WWHLFuGNCl(psMJKX4?(FB zY~g#jzy4&SOX(220CWtV*Ytv1(E2;Z8orLOBYuQBxN2{WGc2|SU^;D_gg1@NTJMt9 zD(xV(`W-^#ZyR0yupdgRV@KV5HWstk?MEGF)Q+r(i-;UZ5b>}`HMd(CALC0(Or)dH zB8HLMu(1vF=POm8kr%tF8r=-6XbFbJUcAw69Lh2YNmJGCnaW=>!=;v7>5b(Bi~ezlJq>B{{)!vd^q`{cRC|ger4UZ&0=Gh=xB-Slw~&; zmBj#_pgX{cPU8Tt`iKfji;QR=OPMDOdx!zXcHsGO^7CE!QobN311TzK_84&bWQW)` zyAzM8^N4~aZH_daty^XwaI4C` zFaB~AS9TdUOT=+q{!=@V#jb{WPG+H6fXq_=FlC0cZ%8(7re`Q5|HgJO)_h8@XDqI*S_lOsfl)HXXlkYm~kQE+1j*Z?kmA{4$MT^+$y&V zS=XkonrwN@>2I-;z@01Rhp|VZGf|3B5s{%R=1CI?Sy^%LswcYmN3YEz7*WFS+H6hG z@t;;z^LL$YDO6Rt$a%}L+bED@=w)Y_1TV%~Ts6RJdK2kXhB;R@2|{!{sT+O76yqTw z=~)!?Yufr|JVD0$Ep9bCpBO<0{V@DHC zEA;;0@XVftr<=*T>a4Nf8apTUE32r1!I4SLaJj<@33(irr;Kau1U}g|x-wwo7Ag26 ziJzC&gUu-Zh`R;kF?dX6tK<|fDh&rfV}Fd!owDSt)n!iqc!61pm!uCvQ0TCd#=oT@ zM2aL&CFImXNsSZqU&+p7SBj4D;mQ6o2wFKjm9uuJh6Js$bmU{KCs zpwYtHkkU?c@;*hD$cSIp;@C}2PdszpsO@Qw-)^?V5Q43rRvX~TV=gh0-bQca50=E& zGmkE05)u)wZvNV<(%_ZH*?5|v2Xxf79zJEXxfV<+DH z9^3CtT5l3)rX(yzbB+9qrz9>wKCiVMhH(Ap`^$@3Sc@rx#Ml?k-ZaM^T*)6rDX~J&3?mD+ubpZMyKCE@u-?3RQB%FSP40R zXTn)@&|pwx&bo%}s#b;SrbWY`ykyS{nA@?}IaoW2nUek2ZcwhmSj2R)^XnRqnVP<`^JSc=Tj zglEU8ge1qNJv7644g(i;xo>%6Vxs5Lxg>DNM9ZCvyk(x3SB(x?UU$ZyAGg)cHJR6| zeq4NjlRO&|xcSi@{MMb7$5w0u94Lz)y+e8Bf{{2nGs#!{Q;S-n&%8dHJcSTiR~)=S zw#;JiPNN?jaCB--^zp96&}-(7f141M&Bw9&5;u=koH! zg50I2bjpM>k?f&w%O{juK|1lQE|aSR;DFqC_8)`<%u-xbBqMoU`qKgqzZqttrur=7 zl;IrKyU^M}dI*HUdUxzRGb`ide%I#rI`fFs?`Hq^ZsOcj+RCS!pli8mM;sb)4eJ#R z3|E!D!q2_@#d1o=AvO}3X38Mt7*y?q4 z8nsZUO>V^J!7Ap3v=doiDpMD_O+QhppHSjCik6_G4>iY72`a8CnDffTMoByJvvqvo zM4AYS4T>1Q*S6SgVI7`!Cbewx0_aVRl26jwsR;DJ-an9Has?6RiO z1%WbBm z8T2sV{zX)>F8d@qB$d)Hk1@lN)fiy zLmuqXIUa~UFwI*Y1-u_(7BAO{>3Jf3Yo~o zE4w^Q1yBz7up0J3O!~xTeyS;Mb3{v9pJ#BHgx&zZWH+uq@oY^0Q4+gxf?C`J^TxHv z{;O%?)J9GrQV}()&ZpGM{&5~CclpHk?c;z#)) zg;DHl0VR$7ob>Vn&c`xV*;eE2Sv>%0yPVFyt&e*;>NU@j!JspqEQ8DM#@f%DQ%kR; ztON*wS-50n==YsBox{i?6-Ef{ugi_!ki2H9Qh_i?FiP#|REtl}Xv=FU@8W0bFrk6Z zX|h|0j**xUVU8y2nu@)XE!DA;+j4wG-^&V5ri{X)$mLoq5o+PlkSlI^kTw8192Tt< zDPw}V0)T9Cm=nB*XAwX7VE<(OCLhAx@$5}0!%+dLFPh3HhG=Lwa-yR8$i1=!=AWM- zr91Ffag^QXO7stKft9d~wIZvpVodjrSLW#gcV%xIc03toM3tn?9Dip)%HlNi;S`gk zCYz=>w5Vfqo(7(aX8VqBKyv!d#Pfb851(K^4VnJVpOu$B+2_k|X5gvIkgz-ySScD4 z!$d*~eVjE<6RD?Bm!akyT(~!l_g{e>4YxNu;39seQro?eo8&WoI6F;e4aj;?5-$2< zPaSFQS=)TWOH(G|a4E)r|I^Y1R7*R;B@q!;m+^}VlZ1d$npP^!T8T9WVspcoqN0%5pUxoQ(5-_#JUu)6`_uc; z@&)2i1*DPZ6wmYr>GBAru{SmWUeOy)H8mmc`-JkF-5Ui`WM*;4g{-~9i%|BhO)g|u zeeD0nXxA!$I(Nm;Oo%vo{kg4nl!FC1IfD?&@E<)8)ru?)qw&Q#^(mhi`zRicZ-JL@ zkXMMdMAGTn;54y$gyP%66}g@Y{Cy8R-S1mn%?hw$7vcbJTpj533cC)x&vjFI_4(ug zS$yUs8p=pZqWN;qzP^s>7J2>#M*uHbN z^7+_o!!shABu&%T$LD$gTcOwV7A;cFhkz8+KQtBBZ@bVf;g~u=Kmk)sWAbKS)T?Ln zdAY?iKAj1lCBxqzm1xROT{8GYL;nSni<>*w?V2g!Q^K9{n7cjoO>793DoMBbc-Hyt zSC_~HG7K`IwVNuMx(HN4B0qq6=H_>NeeHJS72&XRX-P$0C4>0!Ut*TbbVs6>Sp!vjDWm6N`EEgwyElYBk1PjUCEChe$&>25!<|@@1$)l z1loaxbj%CgPNVuK2=)EJnZzLwoRJ=Nxo)um%b{bD zR5v%L*_L6Zx!7*c>f(CRHQfW-*VpH9e@XB5cVW<6fwD}$b)yjdi?f~|DL{hjgfWZn z6z|TmfEV1Rly9s-22b^6E@ zet@OCNNKWAY%FGrG#Z=*?eXFM*^1El&GywHvW2zvS*~W-SnO1r(X2eD-=uIdvo|m{ zS;b%W4?~j>wzC+(j~zX3zrVZi;ZgQ1)|1}_tF8a8VmyG8{AbP7Q@S;l~Ar8BNtQH)Kqin zY(>}LVC*geT2oDZl6+7lB2k*_$;y|{QM1C50=+|kuR}Ay7*F3Z*Ih4+3~47W;7h}nUrPl`-bU< z3*n619%+5*>F+(extYHxD=NBC5&0NVG`ys%njq>jZaL(h)|^!#4WG%1#_8*w9N_K%5pe$%QJo*PtF$#TY;^$A#UdB#l(*Gjk1QE@h zThSMyXVQ-HNOmXhEg>Cje-zeN%oGX*_!lej-{jwM$eC~&OmY9dQr0C7G_#-pOX8{R zUT5kobqoy0M~}vLL-a5eqoRD=7}Mru;n9TSuBy0rc)EJS@jct<1EatJ$v=N`7s%12 zI1`+xNN^ff{{rGE$y|H(%~mX$4%Aq;$%(MR#YMUE7()!4PnT)KhqtUBhUs$N<0xXC zL_vq9V5uk;V?9=5X>AOnFq+=zqVklNtIuEd?0v9>WXGlQ#xzib(M0b{i$lOo7<3%7 zRn-4k$Z2Z>PDM8_@U6@W5G=8;wE)V{e;t$se{~aBfUMM;hu}5gfBOMgq2NPcVx)`i zR^Nho1%A)z8iJ9`^3DgFROnsd7zRA|#`Ygod60lT2YCVp;~BXc&adsBGh?4U96}a= zf_P;|9v@`1t=sGpnvQOAzO^eSkMHd4Y*DpcGhZ1OhkaM3T%*axHH>{_6&jv=8I>yp zCCu4N;hGM=mhLX1Yh=eHB0@GbH6?}gFWlp{vv|^BSQZQSzVQ1VP}wat0?Ghnn~2^@ zyOO&Kh3MsZS)4czA!hLcuY^FAa4*o{HMqNSkK}l%ZFEd42xC;h@rZ!r=nQiapZOV!BPfVQJ59$gwDzWnRbNbPz|(HC0t>!lovRzx}}C;vNQO$kS!T zD<3@-0rY?&f?I1sLmgTwvjhht+2Dt>n~P0wx`n=rtvW`c*u#4@h}pKRqT)_<0MqCw zCN5#gY09~}M*DVa(B3^=eaz7>NQK-}7aVC-QyNBU+=p7@$#>iwlLP8CZ2p}v^23D& z$q+AYl}B=90)<_i(Fz%n6WG8?IPbCl)SkX_|8kDCxys0UN8zU0pVB89rbM6fsK%8t zPB|On4e7a~4?1k;Z8<61Jg@q|%a*O=|qGJvfrE=dSLqss96=~w5V^$$C6SL~Z2K)cDrNFpL zO;&aDdN(_uH#`_%nT}>-JdVH66KYew^C7S4qvm#aHDRRna>EHNT%(yRQ<~PKy$CTA zf|k?{(!KBgdLUxLqReK9+_$(@7#0588^D=e<;k`=mRbmxkXsTlcv`e`&-#x7BD8;s z`Z`3C|LcYgOsBGgn*kJ`SWZq^xwgzIB5XDSH;u&(ZW1qYG!|aa|4KA&;s0IqUAj+M2_wcW(RzNGJ$8v0C&(A z;K&0C&b1PNXg4EQ8MH?sb5Je+HD!LS;aJmu#E_{dN>H7$Q;HAn=BC#K24g!ua~Gf`C&u%fO5hK~$c%zO!3u~qdolnRa7!7-ZuKjoZND}^eLjng zwBV1u=4QTxqc#v_fFTpmpjcaOf8<3Q1>ee}(f2Sg$LCoTYS z8DDl+lMp4f6oDGwscK)Jmb23UQdG1oCqg0b^Xe>QB&44b!oKGOQX%k5@s@ODkMCYn z!o)5;uV8KG5Iv(*KspMq>yN%DNkvmQCugDt;4Gdf!g&tJMfCsje>QJ4j#fnct47z1lDpzRjQYpNMyNU6`T zJgALHw82dv_e9U+C;s)m zODV!L-X3+Ut`o;cJ?i%E1NWm%>Hqcj|B%Ro?f{zcehN-ZQ-ql!4iLWJJBH#4IbD%8 zgP3`!vE|76#76}%x8dR}|9RyThv0DA8~|3m-~2uz0j%{{pvDc{!4S?qw^A&Ovf0B0 z0fb~=1=y=vp5({25nd0fS zA(YdIfiNXS6^#x`I$9Dk@`Y;!M_i8*rNRZ%8N!vAya1?OW-&267QuRx^p;2QEa^Do z+O9SzY5{fck#^0UqZ7(pQ}thzbLW`!2MXMp!<@tX z&4ek>s;kO*?xb4dt(^&WDt#JpasT@N=MF>_qNnoT-IYDP|JU2;gQn;CHt;Ksl6|f3 zN~038UNowl#W!+z(0ERE6Sg%V`PO83C_>+ zmu)1V+asvyHkAdSSp9e%+9oLJe~S$wa|#cO&5nf?j7Mm6Sr;Nr5u_9rB=gjwuQDBG z(VGeg(%^H_k`$!n#n38YubOTTwoY?j$4(90h*LEwkmwpx#y3|Y?JsdoHZ=Jg#Z@0I z{<&jkd*}W1CT^X*Zl|Zf^FBoQbt_>)g1B_{vHk-h2oKR$A;<3=I;~~l# z!h;R7J_g?=8r8St&}by@fLR@LL9wA)G7teT!2oSpGy?eP9hd*!U4n))o9kAzTz{VN zq~qQvK&Xi5Eu#_;73mEUQ>(tA9`VX_B|`HtXeT^4(DuAyD60bwx$eFlW^qXB)!j6aPmzVT9<;GD0;rzZoZ8 zzk{!FKdkcM+j?qLzMQo`_rH8d4ozRjO%4i!qVAD?346Jped$V5yNUg*9>DQgljb(X z(ClT#g4cunh>|k~b3M#B9pC77EjLBTmxd-16xj)uGK3s3f1}=BQ;?(|u|F0|*MG(? ze?T?w&kD=+^~zm6-JkH-89A>≫0>lRKQ@E3^)OgKu1>C4dl5`xsyc(phi!w~bym z?lYXq*ls+ZcuONNWN|axo~Lk$3+X<{KPRE5_);ICb6T4TJy1e1yxONj} z-!Uc~3xiZW5G>LHUJvcmZkj-FlNKHGZ4O5vMSU5cezW}bkc6e&){2_8Y>`E~xcI6B zP`4Vs5_)s)z~e{$G9Ur~e|L-7LgnIotsDmKY!KPHPQ zC#wp$K6k{5{eJd=^;^Ik@!ox`OAbZN1grivKe=I>^tu+futUx0{@s{+;YgC&ED3ne zrV7x0UTa^x>hfcjGubwIPtT57QbI^a&lvJIvzuV9l@}0I4I5jAtOv$oFfa^bS~(MU z|9TD~M?vqP6(O@PWi+UCM{U)4is+R-q2#8-!{;6UP^vFrybI^sLuLM+d>Xg^b7c3p zsC$ng2nDCT;#=g{KXul#@E7XYuX$wO8JI;x{N|`x$IpbxrlYw& z7}Yb5uf@!YVb_Fe^Gi@ z6+<@jKfR5c;!qi?w=B*D$E6B1D3=>=y0)W=F<97K`o_mtTwnhU6`dQbP3?(0Z8Dm8m@TjXiEY?{WKL z1WqAq8R|tfoczGF@+IyTc+|iAlJjliQk-vDFz_0*Xn6Niqxc6?Z}_3$Wc43bO;>S@ zU{h1JU(G0)&2B;GnaKl;u{cwv`(kr-22|P@SuohERG+`svPRbkwKP^^lnc0YqzxC+ zmBFsmgs}APo^kO7jkQ1HF87sps6pOrC4b6oKHx^aa9Z(CoyJME<~~V|QC5>x=`Lj9 zo|(?|(CPKmazGyKtf#%3gJwsUM_*L$tB9bsIy?Sm!ARdu0{LV`AfZ%1qb& zGOHe~O-2%tOC&@u^CgP@!TvpW!*>uPv1G65M|6)+Pvhpb1^``1PK7ph-#?kBX6-`C zhV{EpzAL5^T^*uqK7tIB!9U!A2XY7eW8krrxR5!=$i!aCB2 zQr^9{a;D*OEJ~tQsL**ycxbqW6~N?nY$b@7qgL9U=UOC^(qM*vSuPwKn?6qT8`*5j z2->3VG7czn$i7~QlIlYA-c<^<{w`63TGw-SIYBb#x(hZiC)tgzQ;t)l@w={i8mzND!wx8F*BflT&)20B0oAU-~x^54X5@S3>UUAH8=Nf^Rv z9GA(FUZm-9ME@p-dHp>?7HgNoJdGaxfGd}0@t`DQcCf_X3h!^djH#w!(_a$b?{Iuz z`>ltzLsbXqi_Q}o3@uAvC)k_aR@44*s*p@^*d{qLk%k3gf8Y1iGlip$|N9(cE+ zd&X34vfh`~M)U<$%hX=^OB`JHFqzjuOo^Jh=JzGON{qrN9URu;VJ*^@33c&Z^l~CZ>gyoWhBTaAZlbmSR#L*{#cx6LC0j&$O;BcmyRw;0u`P8P@hqEDt%t zEV8MrNX+sJPD$fyT&W*D;(UD$QqXWgw8GqXd7CiJKdg{z+}JZdawE=3y*jXsj~i#VUa9ltzW?)_(>-C$ zu&fs4#f3aO&^@4+L`!eJ)GAa2IHFHA>|jQO->G}9L!%^n0_K}_p6G>^HKy|M^EIY7 zPN#Fi#DZC77dN$a&TQ*m=+}fMl+Cd~?aDI!;a5RXx?>?3_4%^F#*aLClH0w+;Hu8*8@SzpHVMgi{2t-9{mUTKI7z%pOur(Nfin;+&AsppFzK`tvY%IzjE&h zy?cij$##?MaXO7SmgRTq#MXTb*L_;q{uC8|bEK@S-Ng_cb|L+7Pv?hOUZIGuqCD_m zWNHjHUoY0;QJ1gH>C%f%G3n%ZkAksekt!h_QR^_nKwK}T)o7O-+)Xp@lMe2ipKu!x zH%iN&jfQU0#f?limFHcpOp|j4p(f?L5hW4)5z!ltXLwzfnj&J$fH#s20cf@B1&P7a zdod}ZDwykhrCvngcuXB-fXTA!kV*ZrxMo^w09K$I{psw!L}uezp)e2E4lo~AEXXOh)y$B~i>%K~Zj6@~{y4b0 z`S|Lkmz% zN0t)})`z)rfLg1&_^5)%;-@FLt_rO8s?#KxDuGUb@qc#$ev+sa5qS<`vd#R8g7J1Y zxJY82^WGvDSpqB53y<<9PSenfoBrHt1v(b|Rp+lSa~!6-Fkg!7w#OW;w^*v2cXeF_ zaPto6O8tE0bf`^4NYTYE^+M?gTA%B(n-k*GAzc~jOKOYXqI`k6jnq0KA+grCU~RG~ zbMIb<_Neuqgs>O4j9q<%$jP#?pauuzjruLF9&M;ppK|KYJGs8g&T;>fupkYzSZ(F7 zzzmzM9o+Yv@8K~(VX1OF>nkX{COi00X#ShZOZYL) zX^R?eqvr?Gkxw6ZcmNKsx&Q2;BY>~KJSd}!10ab}@U9>%CM$_Yi{f<;P{Q|?TO+B6k7aXl~%OhA>=*};gi zz%*)`^f{cF_k2)XR$x&B$m5=|XW}7mQW~!7=NP0N7zSOSIU7P@Kq@ATTxd2CCHZSPqx%F2Hr#B5thG;)=Wx~ovFg+e~%D6%f ztefp16Z1Cal@WB^m^)etY7I5~QgcBy=!FzJfJosSnlz}dq_7z_HNi2@9c$4JcSjZ_ z)1NGg_ryAUVNc`c_dheDHgI0+i5&H4=D56Z;8BS}n^2Msu6~%NaCp7r$(|Aa3`flX z*#>>0qt_SHR=W+HhRP3p4f%p)1D={| z?!zF58p`l%rG7`f4v5U845Yx08AhI48c~ORXzn~H!0v*^$7H5c^0Np+QXKr}G#9%T zS>I~i-3=%zeQQsL(W|M;b+WX4Y4YUqp+GTw&hogL!kR%J`~F=?lALkC(t;39DJmTC zYi1^>McgPhvzuY}NMNJOXYSc%4MY%-^8EuJpFov!xcP4SaKqr($H3?!6q`(;cku~P zByREtw%GWXu+oCWEncRhmsm-kE7x}L$A~OL5icDf+&X5arf3-L%A{1OMD*Mj5+C=* zeycVS))+o%7yroW0xUjTSXj41;A|=F-3F2@t*tgD0(@*gY~$P}nDRdUGM>w*nz$Xu(&s z;yBXs1jy!ZvPdhIMslCxkiZYMHEg?m(|HItO_r3L8heRjoBPo6ZrH%^{yUxkCuy}sKFa&5gVS#WvA;FUz93Aoz zsD{>0VZ>T>`m*5GuXO%Kd6b?j6Q1crqS6L$h9PfdFz5vEwq-OwzT?f7pYyU;!m!gF zJl{$OqUitG_K{bZao7I{+ z&x9mqRui;9rqA!0ZARssew0Er=CW;_#E5yPigjWikddS9f;f zhrJ(_#YS$P`~+t@=orivWBIArYj4$06O#UhPYp{vZ0{-$ObsVZzGK;U0~)fD|Er;( z00L*DqPAv)kP}%xUcH!~h_3xum|;?RY`b}W@?Wl0b=R0Ztf)9fZa8q$$n;hk<4<+Q z>&b9dOmTjzqO2a5;`|1;mjsjZJ^yYUr`89MeN@v;*Qi@i;I4zj?kTTH<yV$j zY0gI{4?E_1cc-oD-}(EI&w_1Ni;VPX+kIfaF!ro1!`-_0inLvg^-E{n5i~Wt8C1Y= zovVxy`^OK6aD^FVz5T*H1F_xfzXlOLC2pTLCS_6l!z?xyoGq2DC+zTd$dvvA6QDP# zU8CFVfWE!)s}f1@`Ud(jJ}%*FDrb?g^r@Q=9t_AXnoLkCj1)(M?pWF9Z1sS#7hexS z$!h(i0k<21p40^woK&JlBgY7R-pHa1!RSq`ig$&|ds$)4ROp5NQ}M(;Vf&^qv<}dC z>H|Pt`5(mD%|_EcO^t>piH_h8mv6_<<`hiMvFBCUjatP*I5LDV14);g4TpCWCU9{- z=7#Sd4Fla%;}+1&Fk7rWuZBkKtjOug8g($+%Ef6e4D={Za`{0n)@GvPpS|T$T0p^> zN|Iy-A(*6(M7!FDkmtd}cw|pyZ?>p`>0vNF7oarkI-8FhBo)u*g5h(si{lHz@dr7$ zs05xE)S+WKVCn-px|Zj)o8MXXfyHX3AA=t{D$mAOe{GnEm)M?g62zZ$_4^_(_&<@i z-PTj~DQ3d0W+JFq{FY#X8{}&;M@eE%fw_T`tFk>o%E!|zLx7V-Hm>%*up$v8i@a>K zKE*Qrx`{b>u9?b$M(b|hCw?=p*|>zAJ8Pu;dD(%?f_|*$F8*Py+6HrH%n`CX^Tp{O zP&tjWoqk~SE}m|rjMUQK+POxne|DJlLc!||1{Kp1dB{t`O~lp>q&?l2E=!1uk<=GE zM)S?gjaZqXyQcJT!MtQp(L2-S%8%OHe2bMTERZ9Ub|}>75Lz3m0JfiQbn+Ic=M}iRHVdtv=ah_B?IZMw|tCIz3=l3Oz0^=%OxUM)%m1 z5*OD#@EKQ`M1_u&0}3q_2Y^AJ1q7Il;*M zI6}=X$8^lbKs$;ZyyXfgJkzlYhu`GIQXriukXy`@5uWqWR_pli=6W|&q)?nI&9d(V zZ$xlf6NJ%Mv#Y2+%F2F^|IAsW7&4S1F@oRA0H1AULpttiZQ8cC;kI)rbNP1}WwHKN z*6{lSod_Dy9?daf*yS{iXR9R2j^S+;x#|}5VYWDyvdV3g!SbnRv+gmsH`;jK?-PT{ zZu$Bl)q#WRkPJoVqq@5K0Mh2-+oV)utp|>ai&FV6q!~*|NzX6K&sY-@LHfuv@iNHo zkjHX;MemY*uq85Sqh%eY+<8PE8(tzwDVH60%upk6$IHx+jVp}KKJxn9>_6Nd4Un!co-5^@un`21H?qfja^RR8cC+Nn0Y?5BS+aGMyapV8Ny@4=A zxSI8ORxsOeyYnLf3U-xU7_ors-=M+Yg~kawtdG;xv^=C?9}0f|DCzwJCSKnVK#VUO z>zJ+vpFZJ}b-kwL3b=#i1Fs1OKVE3a+?~;l1Lb4nB)0UG}$SbXT z#^&vAlcW7ROm5&b`K*bgP@Os($o#+BH>3BT32L2dBO}{mOZcA;hYN&-h1nxyD%cPi zIZI@6sIgx!Gjz0_-kgOjbGfQc<^Docq`NkU9%dk@`~`!ITgHV4RqSR z&Ysy`BhxVJHZ^C#s!5|gu)#q7`mi+bw0h^fJ~b3P!x{xe*ZOP~TkRx;N*pHq%T0C| z6h@5m9&i*az?I2f5iYojMy0T+&B@&pAI4=JcU3(yoNx;hz;SGh!;u8(0VYE1xBEq8 zCLJ5G-4GcRJnc&5vK(t1W{(seMqylbm79FJjj8s^x_g<3@Wjtj4>w1hYH3UwVKSk` z{>bz=A#|s}_|x#b2T8NqCUgYCsRE%u?Je2=UHCBovTdwvQSr=edth?8H;Hz!y!-yy zu&yN}uc}*ybv$>T`|!QkRyd>0WI;HK{>W@D%!7n*xX^N2a8Y!rX{siV_Qgc=cPOgy zO_c~i?e~6}=EmNzhbgB}JVhMWzDN+`V)WIZ^(68SNjQ*dsDM41j_UN}p-ZFNUxu*^ zer8VrCizR1U6b~a2SDE(^h-iCKlI(JsllI84O{c}yEUr2iOwKC-}}0yLO=%nr?unu z5N^}5Zhm3m`;V8qfOB)baAeTmPA^f)bH{rZf{L(*-$uGHy+PQyxqKdLUu~5x40+Pu zy?gg{FrIc}Z!)jGwUQMJ8yiqFWL-RHc-zhh#9**G5l8j7HBZ~imXgPAP$ipDA96-( z{M+=p@R}}Ig&5l(zADO)h4J2dqoWt~O39+%Iy1<4Gy zeo*GHM~iF=^|?H2wA?7TkF2giuy^g>m$DHfXhe42h~D&`3ErKv6c6sdMz;nHKvEabzu9Mo-K@SKT4U%Ydy^io21cEB#C4}eBMq-?Fxr&nSW7hbSMx}07&)Mb{vN}#+%8JT#?(oE|qj7=h zP{>u*lu@uaaxm^nG9DX_g@q)i`HcKX7C%hI(}N5qJvYC~PWV4rgzY=ADQlK@8$()k zh)_5bIAU#T$3M(Fqmz=M6llRIS{n=D_$&#Qn$q&p>>;J@>~3h16ct0gri+jyhpS6v9bFi!N2Nl4>oQ|L>l$Oc!jd}J@pET<-&wfsTA;;!gS@0g^Q+nQh6u^ z8Nu2@lU+aLGrTwNKkXNC`^>TJbMz$+lU!Vus{Q9sH#s~D3Ai57mB0DYVhtB?gt z2B+{jz7-dbT2$r2Xs}!E;+w>;&C-X*NfZco+h7PpwGr(oXdmeZYKm>gnU@7_>nek1 zpQa~{oS%XhhHL~j-h3(kfnR>P8Ek#Wgub98*ggmZ1;QN~e%nh&K}NRm)`2&RC*-B1 zP>!+3rC7mHk%kuHR5y$pKLsM)K5vSy*OGY~Eer(lZXmr|7g{tffcB_VSI!Xxooy z3QscJkL%TJb0LSXdqI3TU&okpr|eEU<`)Ver$xf=ilUfUC3fz+?v>8=3o8)p-kyX! z_)hG!R#sW`yZ+jqvv%n7W)ivGpgn4nV$9$;(&xZB@moO2#RxB#`Tm213G_(lcO-(W zBDE+27u)~~6;**o0j0;qo{iD(cj?9@VDgZ+W5qD@1oQ*#-Pfj@YneW`xCxd-qoSp*%%yAXEW5=5j*HH9c1Y}Z|^;8Z|3bU~k z8XEgv)vvi#VyZqlja}63mSWu>I+mnWCDwk@X(~Tz)|+5TMU#+M_8X`3dKzav=hIE1=t=UX_sdiWL=rBB_S8E?n!xnLVFr5VJ!H-{Hc^-`)%KYU;B&i{$I zxxzM%lWDio$if^>r&%rZyjU;GTlA}evVc1Jv&c^Njj@2DJYCgk+lc7PIp6R&pJ<)Q zhU&@gc*yYMna>RU?;f{l9Bwo7r<{%cC#1(KO_a3fI1Y%4LNZ+jY({4rl2>J7ZpU-~ z*q=n&*A>@#U0K;I*1$#g?)EE@4m;Y$(+;9H`oD;njb)I(w4q*~EF$nW{4+%a`RmNc zfh9+1UGDEsMNK{EbANklusxJm!o(_m)=7#|FbOqYSm@I-NrEpq=5Ib0uUp@KLh z!eSqnuvQ7t9334~gst(8ms_nDFHnJ96vf7I|9HH60qzXu(qXF1F3!s>#9_z3&RKOo zSN+IXR*U;l{uuaLGGR=YtJsVi)viM5W+e%^5sd6hlrLSxJ8P^#)Y}y8$M}M+?9mhaSJWG(P$acF5G$aIvZ*XvJcP6RL|hZ)E7eqkElDObI> zvi?!kIjp7)Hz^$MnOh8Yr$%N@BgQhmboo0a6UIHFFMb4$Ammnsw=85#O|sV>k`QfV zE%z!^EI?5&Y~j@yhaTcx^tj;oSy*=C*3q#zw$mIa=g34v_gXmmYEN0@;9~msuC#K_ zc|GUCa46-H_vd?DNo*x+7vM3CC3&49+hAhc;$&?p=il$f1V`;<%!N1gI{g z@S#mc=e-2lvz7YNc6N5luu1)#98-?FV;~dr*=V^=Bs0KrqE2^>-z9r}D|uqyRdw%s zR8$3a64Be}{+^z-iWGH0ZOhYEaYn=)T24-I;UM-+4MKl0;r@PcS@FAg{Ylb#GLio(L4op*(zAM&uWwpTop zI2ye8(M#dui>4dy?Cu($<^-sk7(dxMy>p#|FAGB0AXTBzPvh%nkX$9W67!MSh^+(C}uW^2U{=g&QrB_oW{TjDMg=PR?AEn}E57-Y$^!d~vWCsNX z3Tai2tY!+jABJke24jdsGr?T+@yLAqXrW%r6~?nv>&*+_*eq)pk7wPY@q-QnpUTkt zVt(CMPFA+po%&O~;9^krC{$1L8U>%_qspEurfZ|oG^I-ARW9V_Th^_9yFDbnI@m*7 z=WDN>exB_KATuUF9jd`zI7(|FXhS#^IldwBX=kZx?m9c~chyg}?-U1WV+J1=f$Cv? zQs8Vi^o+dl`uU&L>+E1yaFcFim~HOaS^VyUnDG(P<^3`EGP?Us(kj@bam+}!BSm#+7jI`4F)XxU*)EQ&kwgXxNG z#NS(b0W_^p67OM3;8wr+ziu_-flYfX1_-h<8l@qA{w!P1iE&UDz-)u)EjF#L6+H! z{;P7zK$SB$^qn|)2(&jAjF3MerV_NcLOe5D>o+;|yCy^|##}y~LIb+6w@u$mxD(GJ z-O^V9>fBqdrCr(`>zrY3(`<0#2J&f`-;GA2y zi!Yh1Z9ll5X3jamZR*5@b%?tmjJ$2;y}ad)m}BS+lIPmIaK z2BT&A+AI?b-)~H-EV718_nzu)`rh8~*F0PH_6Ynwzxq#^r#+o3N24+60^eS)Bl)t; zN*j^!U3Hq@?=dB%G07k@<<|e@slkHr-muy3FCuypwrv>qqmb3s$Gc^t9LK(bNt(fo z9#*Xu0t9rDj&DfVY_115^c)fr5(a%EgajNW-*3^w4nx}tb3?g%;coby^Xb-kI&kwO zM0@!-iQK}GZoJM~cYTW#(iwhF#6^3~(o9$yIVq@w1rEYjUJ>vc@!f~|nV)T#&oH_| zqlyvgAqDxcfC5*SBs<}3$KYKYb@=ubLYPRXX^uy3fYJBWdfSa#0~Ip66j6VX8E>zT z;RMJsu)#=SJZMetKscTmfKHZ^Q;n^68FXe(C9leURfPY}6~~q3OEX>NpgY2_DEKlM zhta}OVmKT9@8Txpq#X=MW0~j^J8p*53EiECj~6f=_8@IKo~#IaGHb(6)_gb3kKt0S z+XwV*xB0T!h|s3GIO*8lFn%ukuqxu4|DlJ+aKfkgXp+0kK6@pFaRn3+fbI0i*B41l zd!vvlBy((yys^0<@ggj?6Kh10&55jX&F69Yb#GAvc-&D!Z8%MZPg^@%W@og`4{uJE zA-{eJ0+JOWKdnE@4U>tCKg#2COP}8H6O*!Ns6Ae%R~8&nWK)W?*Ch!%-B!ux`TDc! zwY)!M5f%oSkB1m{2Hwrl9~h4vX>BYWr%>b8SytiwmETL}j0 z8>_`Sydcjgx_97wyP_3?HPfq=^!8+mI;n+A9|VxBxbgHY3&u#%5^DWBFswoz>Dk{~UES&ZAIsdf_pGjtDt>zy zw7Eo9>_6H0?rZdNVn)4YuR&#O>cJzjlEP3QfBLffOc;7=kQvVmQ)Ft z;dJ>6bueM&I3>kl_Thc_I7@}hToIteCON>habT{jbn;Y?ZsnCr8_A%`jXx%wG zb3>DV1)qr9C7tI>%%*ff&Sr{IoM|3z+_)4g|JfoXy!cF=WxV6{ zh-Iq(O!}-B1|e+fjoFvU`_OF@8}b<>7+%g9C4k{F2@l7CwrDe60pb7!bCR8)xo*3R z%vQ<*#WeS8F+DvPzsE{b1;~a;dE63a@L`4#8#z^Km3oxv(6;d&ZkwoJyV4~%{3a&p=razzL5Z-ef6D2Ag*1%?K>*Lj?>`DHIaza>^08i(}LDY7$v?l+qdA57*3|nSg9kZgaEL%CO#aZj89&_H;@7Inl^r z95v9LUgU|57NQ?wW2U{kyZanq=B*rq(@3z#C&(zL9jI)R>rjqFxI31KyZ`o3t8Z>| z?HNY315jg+bM11$8KX-R_PJG7-1@s*nPRU^yWHffGo$pQI4Bqe|6@QfwqH_E7yhzs zrEU`w^T)ZJx-=spkkX`i4U6TSctF@$j}NbXQWxwEBvXL8H?tdpG59b^0Ri^QRCA8r zvZ>2iO9`~lfc>{xOS@YrA{6gw&xAh1ez{pv@5E3(!Uur`_sYVa`ikNRafRi;FV=_U zZfP`2Sf@Vd>Bj8g`n}7+oL-n&ncz-9Af9A8(2pME@*ySE2pi`a9y+fs4?zb}T$H!Yot^N_gL))2=RM)=)0;iXkJ%Mm2CZzNxt_Kr(Li)qKwf<@%_AU7B zN~3VYa?e;$MORCaz|RrgH>tm%&)~OarVwce7d4b5`|CwF%-MOYXRm2pj`!b=f7vzoQ7=m=8M@JQcel!B6`EO0 zsjQXooq3oB+KsWgwp;&qqQF|?(v>*Cw!b2$ONLidCoa@Byl>-yRkT|PoxaeIfLa(p7#wQS6KF6-CyXCDVg8%4q&Dgly|?A@81?xD|34i=wB>&;6@9%$luFFpU5y3zo;t|bkIdK%; zg=N+@PHc6xufc_3@QMHHOejvUDI6kTA9FpODaEIWG>q4u{u?1vlMBolS*};7&HAC| ziHGCQ#p04hI&za?W7B1Se#n(pY(WQ??=1(TA~tY9{@zJ>TGK!Y5XL?ucLjEno~V&F zdY(~((4CSCl9a!6hn{ViKOc7Dms#r+=JX&sjjybxsH_#*?7DZ6tH!ABx{EYYKq)rq13OK%wp+YQgA80;bP2)?&j5YTP^kaP zVC3~UQ{?*M(}SihT`(LDYg<8K!RC9e+$To$o}1zOmT}X_G14XcbgXDmu%yve^Qh~f zk;HW86g|T%AvM!EDv&6N|FA*tbhQl+PCuxB+F(LkKQsT#cL$t|vlv{XG~DDUxrdLt7PZ^9@YFGkhZ0!%p* z`uaR%9J#v&(y?FV=g!g`oC@fMJud=t8&6#HMW}Hv60-~<7Z?#|YEWjLu((kzSV#KcKLfdiDR+MM3bIRTDil3bx1!#*Z#YL6f z57swME#Zo0Lkf~Mug@D&G!;(LwgCz6Y>2RzO7ZM*xxISje7j@9<5g-G#s;FzUX5#d zc!hnoXYh>`jD_-x3g3>4QHYp~r?)A>!{*70&07o2eAOB3=XBjhK7 zgEEJH?yJxqiBCkqVTVzJ-jdNCOXiEA=^pIVV~~@Rk2Thgn}*_fr$lf%Fg)^unu@N5 zZ=E;xS-i8NpkV)o5l<$gfU6=FX6aWcv(k#c8C9KsP*6}ra2CqSl~Vd}6ptRxSMQtd zw;%%tQawfC(#C~LjtXq^RIwXDwC0b=zQujA^ zX9)ERY2bUd%`-0_vDw;;97<(Zm5&-H@3v2Q(wf=NO?1i`j?A#C^kCQi? z483&gHVuF6W)tFLeCXcHhm4JE$|Zfa%>d0%gmINWD`)Y)?8}}7C1 zz$IV%*<#+3er%5{xd5$o9>?9@UGUCf6aUKNFvoWf-*~$2cIG_N$ukFzu|)rMjHTKC zple6w*=YG`FWb3-0_8}a;&{IohCX(li6t8cXaMEj218=}Jk(ihH&~J?1P*1X zWcR*n@KvWp%a@p_io$VmrymE*6@v}*Ep^-;q=r_5ldoLP6`jK>wCQ^{)6d);mRlI7 z>=x=Y*v>{!D#Gat(1#B)ewA7*of~G=xc0L9jDNI_o%^#Iq~T=qW_pbl>iO{A3nL|w zKu*_-h_1!Nzg3O^QU%wPg+FzI0!=8-Q3;E&cT z#-~MuK8q9UBQcc5kQsy4*+3VIA;rfKOdzG-%P1_YMH_n9 z^Fc%s$CnBdLr_h}>0O~<6Nam-l;%e15hFtjEA~?qt~(eXKU3BUFEhMEimW%4iq&~n z?N{1ruUTx-#kZF-cK6Y_yLXZhT+%rSAbtuA^~d+IaR|?T>9>s%88DKS2eWxuO#0LINOj(bOxRv z$vUm81ayzT&n4ao1J=Zv{REz@UMrQ%ojs6K$f@=}0?i-H4Y67bW2idGs_2~j; z!Z6yV%!zdXy4iisqT8T)Y~@pl$&g~r>4FXtCScX3G$^}{cKOi)mV(%26pCNXf%GD&R!m8%^Z6dj72gr&&2iBntK_cVxsz0B`! zP6)k7S+(>4ElFP^k%(_e3wya&nvrge>TN+~5sG~}5s`7F52~~NXpV*X3;SqMeWq;V zHXS<9VjU8qSOrI#MSU#4!AI?WXmedr7?#1%T%CUM&nee(a5iZ>{II&Q@eAMxp+DC3 z20nMgq&s|oU#zFC^{3q)+? z6vjgiN|w&N0k`s>wbjdcXjle?ebJXm^eVv#X`ft+sI5Gi&LvU_n=s?Z1T~vE!(RI_bW z2F}b}bgsgG2UUn=N@s%!pho9e1uqtCzOxo%oQxO`>oa9t$(clTdhq@PsHIoifXg{qi|z#-Ob5!v|~~8Qn7uW%bYjAF~zlrV9hyBMFlT<__np z*BE6;Y-r!hZ~Me%5Xyrf*xn~?tz1S9@SrzqZ+$c~;I|Xs7Q_b!cd@_x-^m{NX_znb zSE=m!a8|~Br}O@(+$V%(@|xumY%_u2yL_?Es9NE7J+x}xuhM+hKuXlzX`DpuS#n+%4D{oX3j36_InJ8iHo8Q7Z z1XlJ+RdHS${>5v4q<~eLH2qAH*}|DV@N>R#RR1gFh5@n* z$5+WE7c-Twq_g?(!R~-L{8Wi5wRAS8*}l#a!{c=%ke^|LWvpH?t?p~Z!b>|BQmIbo z*J7{^WCVw|<=!xPRGt>xKpPe&NM+iUG*(Zy~Fy_1t1(a|mo2P4$uDG9?IZq$HCawxYXd+6TCZKQ7 zE)~UP@!YQu=V`R23-Si6)H7+Gz7@m|$j-AgMZK-Im<0q#E3m-pdOavb4zAm+N4Q6Bz3fWcpR8m+{GA9JhoO>M zcb>sQ4*2bDYF>v#DUH%}z6Iu=k2U)yEQLk}(>VPjgzUQg3enNmkJX}P#_R`@pYx27 z{%7`W(r#OPWoHh$drzAK=+w(g(|NLdTevKMn`x2xuxhZ zdcsfLt`?R?MIEEOPuh-w#$x`V=A|z$C|EyG$u`!pL1Fr-V3ecyon7;-ub|Di;2%SV zHXIgq=FY-z@&Yh*RaH;n{3u3Z#&6bL@{$FZJJR}LrM)cfJ6L zTwAt&U^63Pq~dVD#!;G??%7>MgQlT);^WoIyf8jKz7adHb&3CT<@1Q+slNtp^M8p& zK~dwxF6osB-R0w;`krYCW35SNPj#4PVa4K}Mf&rc3ozZm65 zi~sV8TFS}D7X_|nKSZ{h<|JD%5=T_Q=$mSPen(U2LXG4>OYsY(s&Oz4!E`EQ7wp< zpuv8U<7Rbt*j~*QQgh-eC$-s1z%eW9lbn1@^Zc>S{!C!TZmBKHAnZdAQz)J0`dgP* zU25O3b2P*3J><`xX6!t(m^(tit-CDcH_q?>q!f2rOGNdS1@kjAK~;gV_}5jAl95&b zte~jnpuc|^Q1^K8z;>kG38)Rd!?7YOIdd)hN({SyXBW@VU%6z7PMGCC z9ehP7zv|kEz#X4H5zvg|&`HN4Xd@+_$OEaaen`L@8nbv z=cEpeyJq6}!7D~)w%jGH-EL3Fwh}E_HGy6|c>6O&1R8=;R4hSymJ`P27fy3&h{+_cq&&sM z)E4*877lQcf+cK&>58p^TZz&jU^yTT0_Gk2{^Ldym{fsHHu#S7m_TcT{A(#ruI;AP z@x~5=B*rmVM><>NS*8J$zKUxuwIY`ESs~Beh&=$$l7dH@)jcZ`3e6_BR6t>K%neo% z@kKgnz78ubW!6VR4^(I;x4v){jCENFZ2o#zslAWJkrlX)0fJn5pUv0hK5W*7AY%5? zB%!=2Hr0pj#>}H>t?5da*fg)VD6aimUYIZ(C8#x&NdOhw@+avl@@poCf_?NFNLxjeRIl4?ayUn>! zGE4|&#})Wk$zn}&C#;pez}P2kXGEZ_;#p>u(cIKVLj7X4l+GC3-|3$-q>#SrfCgP_ zeK_M*xl=iEY`+OQ5O{G4Eb76kYX4t99z>XxJu2oaP0GGgNMabz$9lV(mEzjbkznGo zHtlE!fA34o*Ke+?U<=1hBY{M+h7!{#X_3lol1{H+3E$4SO2teWCEYcm_<1Re0xoD; z;+I0d)}Rw45rqdU>I?coL`Z}xC-`3M(3qJpFv^UlUbXI|=2 z^3H9HoYTuQ$=f(<@Il;p6FAkakr7C#o}Qft&e8>B5%i5S?GA~IA6TB>|NhoLEy+&5?{+APOh`_U*JJJ)g}amX^P919Tcr5X zf?3a`!2q9Do?>c{up!#o@9z{KbaLd>HsOit7098;19nQ59%R0hESw!xDn9>hg^L9* z!TN3ZSL-Ps++&MfC!2m#H;UJ&U(BLm1{&dypY%?%xKWpyZ^YVPR_w0S6ZWy6N+~L% zFrgFiZ#RP-TD?2n$0-|{E@cwhLe?l;;Jp=y+~&{bn%q$DuUvcc#GfW=wTy<(MFKA+ z&{$-Iqe*|3mfS)C+34RTt{uagF)J}AzGnLE=P!)FJZ70vQ{U(0;nCrG^-7LQKmbKf zF6xcEq7*=9$6ep}>x?%y7ZDj1-}mHm;{+(=CSb7duR&_SY){JnyZVpY!K~^5ULHAQB%<1Rr$h^?^W8OJ}jaigWxS> zo#T6eD0*fCQ92!(1BDJ2VX8Afd3x|Zy_h{vk0MBr99z47X-LbQ1dgq0Y-oo?Qc9048%T(0=EyfjB^xvQAogR6Hb*- zW_8%qv1un`l+M;=5zq^+%Z!<@DNW9dQzL0R0$5HV(u5}rEslSbZWe#Fc# z7`LC4~U)cz>n$R8-=RN`B>w-*bd2q?MG)?G@JILjP_y;?>gG27J|L zShniUlohBqF}dq9$7akIb~Oua8mEw17jiS0CyM_mqm#B!kWAec)X zyJR%S0*eqI8pi*{(U&dL&L(QM-iMtQ^O4im&7lDQPkp)XVr%8XyT6fDz4#40xzvr30xG?AxUdUObv>hhQNn7ms-yG>mE*ulVFQ!(@1_ll573gL&# z{?B*h4VRP}_uE`K34S_26zTD=O)B4_Q*NaqyEC%Ed8zL2@ozS`byrQaIR36S`s+na zF}ha5t=UtGAA_g)f=xuhFoJ%&Hx412VOQ(i+qXisWS*ERA9C-pXW0y}ZP+&q-EfDK zlauVp2?#T#!{i4{qC5a92x#J}eVukpTv#xD(57FomP zXwnD^fD)^|mb~-FXXKXv)`fpg0(kCks`DW?>S&yM)=>R*)mu1Ne*he`3BB_dEj+nKa^bY8#QQE`gz}v5llCWa*OmmT zvA03dlcuCMY2mrQu{shn_e$`|tn5cjh)DyEGhQMejT7S| zWIN7PawUJtNuX*VerVG^=#d@ zO8xl&mIeFYA-zpgiR7fIEW7qw+JW}C@e=kFiIH#Ih@LClSh@DY-Gn5rh<7*hR^%iN z%p4`9uOlCc3a}{HOlvhF}bg$pi z8c$McDPADsXt{Ju^$lqk3`yH5zFtq7f~o1m(AOppBnUZF$hv zcN#kTroVfap@+^Quk3z4?Mm*52E1+F`IhROW!r;D4hx4Y6+tq+_0Mm0Sewu$L8i2x zaJUFN{KN$3zyP22L1WQBaS3oL1@=m)?%}Sn7m8+@8^^x8wjUkEN!dte#DVK+;wne9;BU1w~9oYY3pFK-?Yo9Av^mR4Ul9|2<-4nAniH1 z-xIj*L^yC49cGw>V;MuV$B8qycMx=Uv178wq(a*0gyz*NW3#0Gfgqx=GqcjOO^|>^ zCtOJ!$%&p#QhzG)ahl=q@}esk@uH^+f6o7uMa@N;y!R=Gy%fltDE(&zGt`(~n=Wa& zN0Fxx7QadY!P^3$%bx~(M_4d`0e-ezYmqPsoYg~3Q^f_a4758<71kz`T3 zc+0yBtys!E>4CpZJr#*!4QW!=O-#aAd(lp7NOAH7IepF{=x(mk0riP<{#?X;>r%JF zM{$nrfKaH`K4IBUrqknu=hM$MQ^pF?rC^(laN|`4g@x1Rxr+EwzoXEGyM+eLBbNeAQM!VlaHSxl)Fkyg(4+g$nyW2rU_DF(~U zs26-7%EJNW;Y`k#@b@?3?Nnx~gf5abNvt{w;{RT6NATP;B$7tdtj@j)J#PGDc|7>d z@|d~WOg?{G7;(jYr^5VWoSESZ4y<23d-O$N=L<=)xJqpn2G-gRbEg{5DpWy&Y90vZ z*cLA$u`Sq_*$bnvllE9Iz{WXR5Y%e;SbLN-Bhiurh>G7`tqVm<%xtV1(xJ)sw4$#= zrie!@tH!+9`&QPh*o-QsNH*O`FY-&~bb->>-@{8vZ)qg7{s%MXmif#3qmiJYHhpxV zw1{jh7T(m;87u+0IzN9MYdqVqSuFM`wh@DlalN>(&Z|MPd?n31k#*@^ZQ z)x(BQcEZO9O}Et$ffjb5uJx_=;?p|Aq?7PV2K`j0yV9GP`+DR21*^v|V~O{pl_J=w zSXuF59w(GcB4o+G@CQ_yg2P;8x_kZLk9)pQ8fgX7tK?FyR}$)j(EIAT2|uJ|#eTl^ znOhUUtB~y5u&d$eQ<>BeZE)WUmK*YQdcL<$WW!3fpbNb(?+9(Qbrz<>CnDNw@U`X+ zk53C7U)Vbrl6{*IjpIdyKI;7d zq1oSr$$BBO`&$CVpeePMHBMBvtLuX+HGUVcq4kzoYfk5&z>FE47rPIDEFQ1+bz)R| zxB%np;r(ZOvyLyJ*^c19tVB2p`N4T&hcil-y5?;u0C$`*;iH0S8ICWZHBp1_Kt3yy zB5I9~A5~RgY-95^EALseGHrz46^j0qk+Dvg9YlXLTVc>U5=l}gjQSmoAIZdL+uUm5 zS_sRZ@GsVWU;w$%o?vVvY8<<#x9{gs--nM`v8PjCwy=7n4uA}!Gq15g@rW)~>)dcl z8{U#ZxTz71czoPfEl$fak`#(|$At^}g}ejzMD1e$~hj84Vw~WUc)yo+N2X{7J~GmpiHs9wWblAuQ@8%?^ zqgt~nYW$Uc$LD;9InPVXSOPrsZM9uBN0a06QSAmEgp}|ma#%fJl_H~5TQWN-w~&Eg3C7*ZJ>frs!LBfK|KNLsLZvMQWf)dAXAsq0_KPp$G; zKrC4ne*Kt%{pKIkJXF-V<`NDK=m#>|^$_6v>e zP}S!R?0ww+o7%+se~cDhqCwPqaUEnO2I*RYOo_nUAH%<#=5u3;2xDLt6qf}!PQ4Q} zvY2Lr>tSh}_Nc|m>7nI%yhBmPj$y%%zGXU%xU=64YmdA*`Q>hI7Q(YT7wmn&hJ>_q zv;Zq78KBY!*^gZ?Ftbal8ozjdv`AH7U0vP7-H809yKD2kS%dc$*Gz@(tI?`x8OQjN z4d5(TfYiVC+ZG#c?3HeUpt$%Y3OdCiTIT31;G%WkKpbXsQ|Yyb;C6HzZD6&Ln@~-2 z`dNq&$&bK9>`#yjPkD7>Rmt@I2ieBCLrx?bAuNd`iCDQEP9TAh6*;M&`5IE?vmu0@ zafBvsN3`?E=`ammd{an6bcR5LvoKNL9kIJOiy;YWG7ZdR1~oP2DWqO&S6v7VE5F|R zk}#C$djkhoZ`bp)=z`O>kM{EM&Ma1c6T_gW;hh|lW~_6_%HBQoYGLq0+DZU=-C_Hy z`my_wuHEDyj^FGXS2d(xcvbq$Z(a?Izb#D({O2$i6A2}@@iXK6FrzJ4vs!gLwSJ;q zpDg$h*yhGkaNYTL*Tf>=b5`I;7tfyCd9{@VO2Av2R$;}GBoNyxdZa;9vF9IGItEW~ z>gt2L4x)>rp~*ZdoHvR%#W_qhM_%NFYC{t?J_M!~J=1+K9oWlud%Y@`UKdWzw%`aX zGbcb|tl#7*j>_DQkBWx6+W5Y_B=rE8eKKJTL)RTIbaGL@6RLeoTCH-x07QItJ~>Fz zDP)}sRUTswjU#P>?Ce-Yuig{jV+5|Rcqh0Ij0{#CRRzPvw3c*x1oMur87*Jb;=9A8 zn(Zs9oMsy8k;a6D_!zJMY~|2V=g%WZ4Nfg^%$;b+*=lLa(FAt}7)3mWhl|zX zziIJ6(MuWY5!2%HByR|o*PJaBvMVU5UPG2IXEae3NnnIGaN3OTey6JvH`nOT7Cw3d zFG=ww7p>#7^My0>(mQEs82yp%i}1+vLw=I5o(LH5EsBs!35(h3lb&C`s+{^(?x`E| znHh=GWS4_w;RlJ9gVef-#B1J>qXZN*X)+CM>FljSB;%ny{slSBPgYXK-xeSUp}M)P zPVG97Mj>R&2dJlMXMU|ZhsCltxMtHa^FQIX04&1U3NkB0Q%`o2I6A8F_N{O0oLYgh zghcS8^zHOlb!GY;bi16KocQ5k#XDwQGY-h*8wCZ)CdvT&Vx0=^@p4K&KCLG3;anB` zL65ok1AbFMf&MdfT1H0n=BBxqFy^@-J}C>ipbG-h%~2|67is5@s@T0f_BNv^eo zgYCpSf09sCk(f2BQR9_mVfQPK^&XTm?KaXuIgEb%@ebab>t*BsQPEGy$@AAt3@wJ% z-%65<)X?gm8XG?RKIJyheL{G;-lk@OW%~1=H4?LBjWXU+7`Brlvs{YC2qdVY|1)2&{s`mIptD zeyk8!Z1RwHx}r(9d1c+y1+-V8%Ot_J+duaNmz9+@+2XpLSY=_CKgJvD8m7)#u_UFw zltif%K0kNK^|4YN-r%_#Whu_1+EpAk7PL7r31>4V5lG2)Mc-a&JH9moO1w+8ZqyteXLwKq8F;ju z2jDj*(Cw42w{~0^n`ue1+q{xtHWLlby0Mc4@+3{l1-ZjbU8MH13xDp@sqy(Y#uu{$ z9ag=s(G9Ck(jSr;QHJQQdp`3#m{e9fFv>NC3z&gS_l}1qsTl+oDU$leWX&_^_9J-} zg%UVJ?mI7>V(k;~6QtW=>Ia*GhV~u#7E>IipTB^kX_+pn{Cz!Q(++~D_h&8kw1qCM zV)a`W2zt^zqcf3a^2aJs_*0Gj$VYF-WHSBLooJrsJ<4Anfr_z+L$~}>_1@#N{7vt{ zP2|>O{jKlbZdVpbWdrKF)za^69Zl}G2N-#%J;rvk71XCNM_VZGJOu{+%w0zHI^iYkraXJ3oQ z@gfe540`vnu+Jvt9C^#1uj=%i7UuwqV_E4_H9QE5JQR&^bV049an;y!|I^^Q!0ubE z0Na_eP8HE-23Ax<1mzbGHwQ8KlHo#H-%){JB!g++98zkrnAPlcMc;Jo34q-}WCPM~ z7GqdRfo`rf5vvrp_JUU-+)f2Q8|eHO>WqJ#7il+J;w$GuHD=kX(PyQfTlu_AwxTVx z0dGl(_?YMFY3~*ZMQzN(g@{w`FV35%ROxhdP+juEH(fzq{64(;%dUe3Vf;kI)QAwP)n^02;3BlKkxZP^rOl9{f|V5@B|9jmS)UA; zvX~}~$(To>vPvM8ZaM|lZOe9n(!?y2iA;rEc9{;?SGw=|VDHI1mEH_@GMR67@zwD$ry!&bKg zYHdt*6)gQmHx#7n6FmExH$v*nn~kKi*0C{hAt&2P=MhD{1#R;=fRDgAS*P>(0nq2Y zy1DHI5q3cQ!DC<9^5Q|rvQTz*S-bK*_caB7s3a05<$wp74CZbEW6YD(A7lHZ-@! zh7LKq9H_aSh(IzuBB-E@6g-~M5j!5nkqQAU*QgzXQzrcQ-Y-fQ`^|m|VbN~uwSRHW z7lDX)GF8xv;=xmBrQ@sv67~m-kg@n~WW1I3@ot|g3nOG)v@90;=LR^wYwxbwRFamP ztPY#R=iQug$n>^f!?1pwghD{M|o>_^0<7&8Q^<41pYW2SbjiW%^!ti#n{g2qQ{Fk8i zrZ^Ho(8=?jiVMn5uVYtEzx%f}_6r~izgrPrPp@AnERPoUUm@uJk842R+&IQiZ{9D1 z&lJMm;L%9JRvJ@N(@po5)>fE-It@Kema298X||9T9EI;`TiPR*j96ehkA|R~BjEP7C2$dp+Uh!R^qX>ruH2$6I)()eDAjD)w2}pqfxxvR4-?PI- z!i`+Q7<=Coz|u1DQ`&9cY_i0Gw7N8z`j%NNe@4Ox;7fL60r358e0VD?poF4_;xVYG zueqfIhCE-()ye%3z9l;+z_Ui>0>c9`;YgrVGT2d{)iWu){n+Tr5A;nYT%2^>9XEKc zwFoJfVkfxUZb>~3gtWR+5#}v$*y2d7(b_Iz;Rg((MGN5%dFXt3E5*+RY9_OK1V{~<$#Q8Uw0eG8xGpe>BS^iR{Ll!AhlS+N6%Nm7&WE(;JZ zEc~#6p7}HZchs4fhs6eejc7cu6VQ0v1<2~M1WDM2Y8{T=l^Im4MN=a@a1@($tO8BO z(Qa1KOW!~3WnbBXb<1m+Y4bf4w+P&6i3ZKus7dE1WkTrVs!1Y~mgSqE9fnOyc!%UJ!?AJW5^!1`62+ks)m zQ8ZjwZ^pQ5Hy^@l$>n>UBMCFe&!rYJ#-w9e3B-HwFkTyWhCqE0w#(;Y9~gCqa|!;b zN&ymxe+j(Y>HxvK&ncn6k=EMeM>WRvmWMB*T|+|(_v5x9`GAvdESVsPqUDbWCWQ#g z)CvLowqyGp@kU>QWRTK}ujPLFS|Hh5PsdL)d{L&R5|yHxPr1Jp=eoO;*ABk7e{3hP zU1cvcfO<#)1%{&1mz|x&S}ldrI02k)Ak66bSxrsNyqX#*R1L8E`FS~L8sM08=04wI z0;uD#>FL)xNG!INngp6<+VLLGM@DOVdsH_UZ9oK)L;z)E9CU}5sc6vBR-M~jRWHVa zf4iN0Y;nEXk$%+!rQs)Xe*I?jfuCg zh=h&KG~CPI*>Nlv7fDX06L+TQf}gMq?uJk%Yk6v2x)g08Hv-jFKC`3HQnc-af{;IT z<>!Jj&aH~RxmXk;4D{!tWkh$aX6*`zk$$pQh3|kSjToZxl^qY4KRLptfA)9oDT0s1 zYKE&461ty5XT;Dy4?TC{JQ^ZJ`cA_2w29`YRcq_Vq;MY!?h+`#WDfcrSDIdJw4U}O zT6sGC5!oKjf;noiUdzR7k0nWlfgp7{6YAc}WESq51 zwg1dacC!u?ZEQy(;%JwUEqEkFcIKeXz8nF5M2>a0( ztqwz5EDFQVB@>y=$vH4zs65^Uc{u&?A12(u(v>}H-I|M6dO7wg0MPTjJuHmo(w6_3 z)dVkG!4y`}@B-0vQC)4Xh2n#!KBAv94rnMam0|AbJ*wlfrr`X zN9`WS$6RI%Ic-i$4mgXvUEN*Ob5%PxQXipSn|7VFN=rg{DXq6AGgR%W5#Le|m;$_j zzVUpV|8U2YtQ4Z4QF4IUlowY#c`fF#gY{(F%OK1fo!s+z_VohbevyjMsm(jhzGm3-QxscXbaVi6^aWE z#UvM^TsrZ-K8!!x=o>Iv!Uy}azSfwgDnR{q`ryvE+eCx*1y=!PX#Zr`OCa18T;03d zLPJvTLi~R09rB?HyI}(*UDw6uQuJQzXquWI=_2mYhgjAEorCvT0^CJgh|>CiE3!tD z{=}6{(v6H_CR7JxY?-U7q4TQTSvfTPXAQ!Mv`O!>X&-q_R^E8mNvUvfJrXs?xKWdv zK=6uL6Y^0l-Y!ZX>NzyexJLf6@OJ{5lH_2$f+wnRiwc&hb z;&ORykD9j`!nWbyMeP&2ki97>y)uJW%k#Z;)j4YbtWKM4)EO)S85-#Kfd^P?gDq;) zCVFZO4(RkM;qouPw6wJSB3y`ja!_)|0Eku??Cc5NR~robs&7qw`lMzF6B#5Xym>gO z+QeZIU09uSVj^y5dTr?R67jQ7s}kc}{eUuGu`s`(0l8F@>&30beEpPxZPzWQHskd~ zbYzx*8Iz@QF5SZM6_91ih?WFX?ekD1CWn<%TLk&Z*kOrnl6f~i=@bO zfBRnb63$VAE)kHNDEv>!uMev*H%U!!LX?#&7V7SFKspuJPeiE#MQBrzINbmcan4nf zoETseg#vtzwU0+y3KhP<>5|s%aNJNA0VkuRy1#B6)Y*W>g?_ExLSmYV~KxBElvy`LRi ztzFmFrGbVSCB-_rDDSxhM6~U~qcPDT=tigmPyyhw9P2_v`z$9y4~}p5WM+8$2xO}8 zzL(1U@oP+TD|lhcb}(VD#S0=I?%g#*+^uIvqDk0ZvwS~=Naiyx;qu%fz$K%oV-r== zHP_@`db_+N^Le-5`WJvcQ&XPaYr`jbP`!S2NWr+xMaC-kxrF8(L3xJpa@<}9UfR9M zZKC!k5yQR{4~-9OXAp0K9(1oKO@@Rf6})n>nkSZ+aDRdevM)ZEUh9t7^$r>AE+jlNjmOFWQLP!5a=1PLo5fRzh6@6Sxq(X4J6s)l1OU+?_G&Ja zmim=|^bB5@C&u8Q96*!`V~)n{>=d6Q4rfy+^O@n4er-iPEj+K>3;$ zK}A|vZ93oS5B0&2I=y6-dkp)}p~JshAgX}>+qRuKtrgrY3xWM8!zNRk!7IgSxsNvF zecEP>HmedZ!S1&#JPiADSDh`#fK7z?xCN?#?$X3ayu-U|ho!J}Vab=fKa+AEMF(dgQB| zKq@rf`~W$HJ|p~pCq@4S4V;=+E5I}>aI;<^U+4+UUHu*i#De6?S)SL-6~c1?Be{H7 zE5DVt(^r&4L?(lGk`hEerch=W=LIEsgJ{SFE#0y;Fp;#6U3UPR1(C_8aDEy(HZWc| z7D@C7HTywt#|KSDBmXl2%qY1ROP?5ut=Xgz0vfmd1oG(92#Z(R9dp4n?9{UUj)*Uaji13h5}6qU{`LD1{`bD1MiH4O`TuHSVOWb=E<9t50G6&wr)Z}EWZ zW@T(pYr7z$tnKM13yaXyM0Xi6((pP;HvM>+Jb=aOxoauyblx?HxnO&HYBJdrxn+{g zag5u`H=-2y08xnQ!afo87`3}&Ih}O~PNHB90CbR`4C;N_z0wIY56nJN=D@~t&Yq1Z zAFt#&3j5AuBm(`x5>J~{W{jGed;p+pE!}P0=SJqua{t3#k2gkWrrv*|BZ}Fqz^QBW zq&=LqEpx5eMqL=7+$MtjWo;(9_}NE85gGT(^pHTCzfP%P5jXkGxEnLp5^RZ?NpZj@ zwh^9P3f>qV_hUGmM!B0!M@s`mL&*;`WBhk@h9N*Rr#?YS*w&H_;X$ls5s-Z=d#DoA z-7nLR4-NHfR06tnu27{pF#w3dgK};hiIku=Ypfy2%~iKS?9;C`uXQY}SPEA`E;R@4 zWAt)}QH?%7s|zHAVN98&Dsm^}ZZd^D!0AtpV)v~mv39)Ix`EGH)~}CIe)rT9AoNdm zSbe|p5%ILfOpWx|i{tTNvhXV_VCTnr`@{t|pg?JM0#_UbO_d@!n@7eT1ND={pRkEA z|Kk~U2hvvu2&XPl`Z)G zO=oZl-e`x>9G!9&!>Enk389kmw9VJGwJPOkEHc6O9X!oJEJ&v{O!*82`M_c|)vOG# zEPQ18fOiq6@W=mrt^}tWaQ|kS!UH4oLyC$9hSRyn0bNqem}pXvSb9R#M!y0d%}gPP ztrzM&&4BLWn&j>SBvpNxkE_+tjY)n?n+Ro(iQH*F2bTmrFup@TM3gTjNl9jt09qUs zV#(H8oeSNh3(yFqNsqMNp;Cgo8-B+KTeC_sL!POJ#rJ4oJF!USMs#hmyX&vLFRdB* z1%gj9Pzu->K0+|YLSN0e-&7cI`Y&oT*1?4GRi$4JlKT?0;kZi?a&|2(Jqf_RxPDQd zG>uu;0OCmVMQWw-Dx?LwxypPOM4puY!`EAeRrT)M-y$Uq(nv^mBi*n-Lb|&fq`SKW z>Fy8(Y3URe-Hmj2*P{OufBWpS&pFrgaQQ;su-2S+fA29qBP;<~3#lr4D5tbE3ag){ zcAPG%G|xe`Du(Ef6fO_kj$HN6)Pmeo>orqQ7G&MZGKpP~f+RFj{}|T{u`m-khZ`es zw}fV~)d@ZT%2%V-Ku_0i(4aZ`mlzVB)`P?I)*voe|A6ij8_Nm5+uo0lv&E;AhN*%s z)tSOI-dL`?zMw%ouT$O@c?17;XOa8{5!TH7w~U`=e(I@K=w*kuea%PNxaW3iU+>PE zCE)X<5EY9d6=c#YAF5T9ecG!tW*(Z`vkSf$C%{wPTS~lfV4qOPP=sm(^6kDO}vDXP|`DFz(tTDN;Y1d4JMW`E`4&R+okh_Pm!6R8U zT1XDRs(EV62k?NPwe6ZtcL|-wFUO-5s<|d1W&upsUwl#!nvC0|`JVq(E*z}}wq}6; zc_bOfgS-qz5eX3gfSjQa*U97a1l zCr}W(BK6@Vt@qV*ipEK!UXMqfcCt?yag)A-rLA6+8Yl7`zb=p*Knq{iLbdUzKryC< zL&_b1$L`4iTK<0m6B@+ z)mj-H68GS8d+$~*K1HfYhM^8{V7d5W&5r3zZ~#+MrOU~(F3)Nno~R72S1Cyki@`$% za46uhrKjDO#bY*}o|}c;AY{?F+LXdHq^;^p8m8f#f4-AZ@GnRj^~fmMQkmMb!FF*U zw$p7g_%rog4#Wn`_LyUww!ZPl_F-s5@pcvupwuHNj4wu*4mZcTthZWJIf?+zlXnjk zBn}(0y>2R=1*7}H^LV6lZsT?=>9Lv#y0$5oMl1@h+#js^#oLFgAEAZwY|SfxiN5xI z8g+~lY<}*mXWkp-Ady%izPdpKcH@q*;YgW;$@n1AL2{9vKaGz4bTd|~H<6+vR3x7p z5hvDRFSgv`eUN_A?~#Gxq@X7!vn(q_*P((tPVV@UX@KuI3?x^sfH%j<6b2F)bA&cfw75~l(~=Kda(c)c;@re$H+ zgUNjW62$2BQlksf6WPy4uecM@y-*|_gj7pWAO;nLPbyvx66K_t;fZY zOP)V{-=x_R`=8Q9?aVb0bb9Lk#?zi(&T{G zSQq9T1gn&AIXW|$$NJOLAF93iV{up=b7_xPfzW=@2_UbD)g%P zV+^us^8v&F>P@$>CbVvkhW-%l=mJ1=8&dw*ch)4r0VZ#<8z-aZ(UkQT=QTf8$8u?~ zLiRJE~jOU6ab zfUe1M0HbvTZUiqvljLsOAl>eR7VCQm(I#E6XR90&`S3{;J}l$b8>4wU1xkQ zG!2J4KA5eqz>=4U!9ztuLu1gc!xHdvPAM0QHtaHWjsULd@WsM#Xs|-vqZ3@3uq+*n zX-rt&9|yssZPtZK#{Sr}QosV$Cb0vADU)2Yo*D-@t+%YJXAP_cMg4c3(C~%Rs3`{K zU(EukAXu+FoljzjIy(UewwhS9DZ7EcOcqV2z8URXZ%F68Bbc^a@b_w;GjzT^I4P^v zd%QYKjfUNP=&K!a?b~%}MJ$tDxNYuvQV!C<*Tc6?JNBEq82Dn_v3}m)Mp_v+ArAOq zp*Ug>pnFKwhT{i@ri9!3`#}yun9)>0T`h&-bRONNw=hwTF8gyBz@>8e4wC_zoD~h6 z4^#OEFW`QN*ak_9W}HoukC{nOuGWnN$U>H=BUNuT^3>Y1S#Fufp7tAi zB_W!t`?@H?PgvN$WbmX2{o5xtAWgv1equJY1T$SB(iGR3hUTXbt-6KaZoUXEZIj?q z;}QREb09Vlt+HD{o7z&I`_%}oO^Cw~v``EPZ>aj+pz3dz3OWiO6}lbJCpmFn+M4a} z6!cGxo&l)Qi@DJ?QSfN>u&_|1Sex3U=lIKde@n44nGR6)u-7q3PaQA^F57)>4xa(mm~!shx)LCS?}phZg%MZ%t;Hh4`z~^UVlAXw*jNKdBV$ z()*xba(Q`Lf|&@kDN4)7DUU-ILsj<=rvj2U*&j;P44;==?(c2ybo=Pn>+UbfvAI^!52f{1J(aNQ@nL)py1h9+(nte{!Swq5avNv+fV!rk*f(XqLW2P`o`b?J%Z8Y{ActFcrYHLtR-SA9G_!G#v?7X4hG z#+wUmp&l$m(Ze588pK?hYp~%`7g}@Bn`IS*2I?A|4*l*uhPeto{4ISb5jPV?`wH&s zPGGi)p=Eq`KS3lN(KJ?+!@OUr$rki8JR<6dT5A?$U*PJXFQ^YDk|j~g@HrA3ya?g< zK_Tn-QL&Pa=QW^1dd{%^Uwor>E62^qP2qDaOh8ZKl9*zV$pI_p}!nNTvH zpukTk{x~~#o_p2lHr#!N$zo&i_-YWa6ps9drQisZ1qE$mPSbJ)c{~YdhrHO`UX1wv zj5OyLkH^I*lvczYY@NvAQVl$b-(>(Y`VzWD1c%M80VJNQ+cH!#gQ5z|(|(12`;+zm`H-03QJun*KtNZL3=S6zswcje*+DWRO_g@~ z186ljZE*U$WtOM17|;m5mb-I3Squn&Hw)-AfnLct7sZ6-2`S%bjx4oOT)dqYCvsTy zUJF#6QdFtkdA@jlWeUt6?!*-g`@1e9^JA<`jD4%waMt~bVt`MBYX4qaaiqxf zo!+M~Xyv0>SzkNEbg%5d-wSW#9vXg+wFxwvAk)NTL`EXM&;gQ-e2wKt+$fL`fq&<5 z^4nYec-DT~DQcAJjF0tp6gyDgnFp4}hB z^$E@zZar^qjE(%lF)qMWJnM4-8J>&bv&O@gL5tf}9KWI)_ZqRAi>a1F}D&v0I)QKe-k)1@V+2TmoLSjHt}W(F4)iZ`wsd3zHY zkqC;bOhGRK4A&-#_5r*SMa6HmDm`h+cKtwCVvYj7Wl^zFxA`uMVLOIyUHTYT2aSd3 zjV%>}fMo|5kErK}JwJ>jHf^kTCA^$$si(#>(>J%bPe8&M)6%1?o_j{Q@Pg;_S0fDF zs>~(jmu7!?&;R@^s{kFy8B|{OL)20eKbmT?fYDR`yR6Qdl_xx499eLe`wK`2 z0lMFR0ur!Pft3zZ-S=R+0vKd~b4?}usqi+L*CDNTiZ%Cu6Z#I0U`)O;EC*^(Zr|aI zl+mTTuKh}5Og!8-6JqIf3uyL=Sz=OpC59Yn>u7{S8w+BGBQbw-n>FAz3|F6#< zAopav0+1N`QxU^7J(aqi51Yoq-+p>J|Hf(hHBRdmzLbi3)vr+@ZPQ}4(A1dc~coEOG;>h=1Xwz%d*OV_N|Zy#`8ZvwNx)Q zyuZJ;AOHY}3vr^TDm*Doum-UN7d=ri$&6w8YGDvBL~mlvOq4Y_Yr^oH^q}f{pltm? zD60BKWECX%!%x@f9Jg>|SqCWfA+_Npf0cT7SppaO5_{znB4 zATIt5xX8^tr2-HgfKddw$!K#EcSBl-RZbEcFgYZdcklES8WnD1Z8((NR~6+3$RC zpY%c+9^NL7Y4uWV?tU^;QAz4DVd>CO3YDDBPw-WtoxtlB5Dy!Y(=`8T^c8FpJZ>UV zw5wn(E~%$y6!%(rNdOEpV?!%8U0~(Wl0Ws@N7ok%dquD=xTH%&#nqM5(a8yzYikRCp?obu7GsV>+zUJAj>0k@DvdilfA-r08-r&S;8H%*{omgq&fp1r-R zvv)Q(N>OGm+z($`RH6npgtmTFu!Y*pRshLo#AnF)AkrZ!NKr$J^rz2I5srA+Nq6o^ znBh^6ODdN!KOD+#7;t@EFnT)AjhzFf20i)<{PzO`qiEn0I9!@uG}fR0!P1sV@L~XS2z*c6nCebLLQR5|uPw|Z zh`x{$X$-sva5LG`Z_Hb6$9i<4`mMEAmzfJejNWD39NchYfY<2EE5Lw*X%}V#sz7aZ z*wuqluP%teKuHO;Mj}ncn&7WCZzX zCVf%7zd-k_cw-B$5-J<$B$?e>&H6A8Y5mB>M}Y=!hr1p&%mdj;S|@ZkTgx@Ql`?=DQKw$?oNvAo;hgS z05T~y*F@E6VOxATc!m!7*3kD960tv8_)@3twWGDGh|g*Z-G^L^1lfiGcccI$Nw(UAzV=TLYCP@ za^I`)&hSC0&J?%;L5{0U?CLD=t@S$wTWS0{k&NAiU5&e#LywL2^Kn6XWLcwN@8Di6 zqs2}gU{Sb>GWO{<|LhQ5u8b1J>)c8wqPOUQ{InJe+5L8$%3(@ZESnW0MSi~#am!D!1dw( zYps=@s_Mm5Nz~X}XN%3y=Ky?qD?n(9Wp;`2n05+B`)MV5-VLBP8yLVuL$oKaQee{d zeadsmxR*y{TRPelr7*);E9+wQ-Dbs4o$G)6xaX;A)LnEGb-IMRV$g9qjt9s*0jyty z!$xn{uLU$n_2etUrntyI-=@P+k%V)Y7wtFA5TyrY4B1k0i+^CHT$hP9w}}CHF06Ft zc7~2QF&YGTaJrh<(nDs6>MHLqjuDXeW-z0mD{@MEXnD){#fMhlaJ6||8-wa;HpC+2xbl*!|O7lumG^Brk6F8Q;lSi!Ge z0DdKo#HFSk{u47SZzcFwADxfM!gpZdBzR##!Ar+TF$WKhFnG7IVhTab*1bBJz1dhd zG*CyxadTHF@XJ?%#0Ej^a&*XL5!FRCXSzw}IvzZ+)R z7Vq-02Vw#?&q8Ivm=?%rS|(>Ip_C zvrP$>i`YQaoFRoobsv!HjH8b8B_HNmTBb_K-`)t$uq?5@dL0E&=DBDnTzi+@)wfYqC$>L&b_7u4> z?CtnoS~MIUvS%v87Mc9~Y4$k$iVI1U^&VWI?ow3tiC?T>P_Mxm9h$qxPw-_G^jO=@ zE0_==Vbft_tfIw^=%=IcI+@Qy8kM4jXWegazVH4iqTjYd45(^Byp4#PtM$cS#AWV< zBVlGp<$nzg*SO*63>Q71BzeYI^zR;}$E84nfQTqsq1S5vc;~X9NB{RFlIIHdR=>|*y z`siF$)@d(Hwau%Fs{_e6tjTCBTx!m9_jPqtbUt)_E;l_f9~Wa+ZU7S=i~Ach=Bu79 z`0p%u(b8jz-q!z2upu*0HS^K*>J_U!Uk)5~Ho`A!Idqymr@xy90mQA>y_9^ehaFxg ztzkmX7ebN?b+#Dz_?CQkEhS=auh*rmF1RE$c z$DUdCj)(U#h<#_m{uVf!yMRWr+S_J~?#zOWai&>P#?*Zmuyi`vLD`4CCHo~te6F7b zu=MBE{>dwoCnlv|W0DIa2KTe4d`&m6Bzi@xdD-B0MUbz2u1L2Xbz`R^Vq=D3W!nqv z^n5*DdU(EE5+t4tZX}0a`OL48daVM7dV?94a&2W;Ml^O6nXn-%Oz5Y4XM0Xga648n z(9`2(xy}u!0?8fE+GmPZS0ar0Pe#F2e$+82D>?JwMKMXdnP&&*{@J{ZLVR^zvLhHPny zbi8&64Y+)E2Li)J3MPr7s1=5JAu*24O5Rcb)c^s_ZYS$6&K_1G;^CWRMnPCZfK0Dd)I*{Pk-*o-zl5~F#LOb0v&)F#b+|~%02_b>V^2=+7H<@B99o)A3o|O2cQ<#957s>)Hwb8b1EjnHnTsx4poaBVX~A zHDwG}YF*-4N&VknPkeuO%$HVq40E(Rk3M56*JVn4=l=n0%&cF|G*~VSyo++Q-6!hQ zYi^hur_K0hkR|8Neg}wy44td^=6XA$O!rAKAOOYm12y?JPpo-S!u!=|5Mo*$#6&m; z-4wQK0HZ~!HMhn%o}YPR#Ez2}nqHzY46_)z=jCxKeq z3rqm&_(Yt==OXT`l6Vx34FG;2K$Ox;GVcO0Y{(2O;`2qrvg+QmvO*FO5#gwBjpY)FIbz(g^BjD9T5auM zbQx@sli;pm)}2+;ygKnDR!hQ$X~q5$jx)*^a1R>nO@myP+&S)Tb8{DS< z_^xfA|8-m%_PTVe!~K}2^HUWHjtx)rr8f~&1mhrZ048Y z-qXiDM{T|tFf%ssPK`Yq9a`6QxUnzoj4{;rUD_w5H*EW0lkxt?bZIA^jT0NOn;TsR z4l*dJ!HcTTg(V5j_{PmH$));=Q)`b$lR){0_eCO`97#afuI|4@8jgPgjq z3XOyeP-2Z){)cFs)vazA<0EfcGj{cmifRHVnVXky295*X`hQr)>eM z<=FM@;Ws>KstWGd6ciK&m%HQKblJ3luT6n$ueh8X=3Y9$8#>_`7KqSk{uM~8?y7sRunSXi>~Zi-`w_x(P#!m~FPyo2&hPWM zqto6SzwW$y&qOMr4#;Pro?aoe?!DcnZ~>r{)J`VuH^HwMRtWl(w>!sn5%txUTxbUe zE8-$*%Qe|n==oeDn_Er6M4&i}dNTa6y^t?qxkS?JK_K`TMa;$u^%CyU$l*ri*u`kG4+FAY%FH@u>+ihA>%E&RJ9>Y4H2Dtj zg(U7^)Q0LYQ_cB!-iV(3qhV&yZ4#Gj!^TQSO6U(B8XDrw3mGMZrnD9%2d7O40OA*^!gUD^O;kc%ueQusiY*!!cGflfCY~ zcbC(Wk!@eCeW2?PlSuw-VPz?PxHQc0~d zJZCTs>&%LLI(Tp~ms#R_SCvwy{*-ia37%&Vg6S6J41~|<{?<8Pc?N%zPRlHzv*}TX z00aV=17}@o-i1KljL&()=?A;(E|^OM2Dr3$I$eFa@O^A!{2G5*uh5{Z9N#;P3@+Pv z;}+lwCeJwR8UX7h_U1(Js&8@L->l}o&jg~E&m0`yprCZ3t@wpi8A}WzP*b-iP=D&a z2ST{9>616^fc%~&Q=~S?gVV#q2AW2l4J}iol;dg45#*spp4Ib`hKF{$FsWQGi`TUy z;PD;^8V>_hulcqaIpC)+=M68EZNLafoSrKRNHjq5);KO!gNT)uo@fti@+*cLXI}OX zmZcK7&~Ei4XKQYc=)~42p>_k&-KlmYdG}cICe}>a=_MOYul6YGPK>@FNb*arwVv>9 zK%j{f&e4_c{eqb9Wq*fgqs677Gq?4geUz0Jkx;{7Q2oFn*b=$6^6Z}%<@URa z3&5#bwv`mbvAQ14k3FRbT+75mW18O|^>bKZ(}TdpRg~gcr(qzA=4;+2rIvYn%q7^{ z`WU13x{Al9cf0ksoPfDcJK*ozT}vwwL&9J041(VsYa;@TRw5t}EP#)$iR7(I<;}Ek zG`ffM8(aRmI9(G1z%^pCOj$)Blvw#JUf35Ia3Z5%EZC^C4}<))zn4TRg)VS5mBWF| z^KzGo`ZvHQ*(EDyb=>?2=%pm(;Ar1m?JlD{-dzKq9KbIR5Vyy_mJ~$LQk+qR^Sa-` zSaQYW-qid3hF@_D8_i}ZG}$Vk5qeiu&tx=RCZ zbgN-lf094l#8|3mTD^Zd{#b+Qf?Dw|K*(nSLGpMr%1hPYKF|=dx=}ahdJe_$x#HUg z?8@*v(#!D_*2Cr#7WZ*iyq9|K7#aFwe`yqe&W-#`qAfbbL!=zcXdmzAwLI#h>-*Un63$%cVUi%iE~mew z#G*{QUalvtZ(yJsXp{pgp85HC$96|AkBhtr-fUuG$Ba=41%vl(_uKC>-=Ki6k3=jc zw|AO^`wwd%Hbdz=(3n)wVHpdryw7gUcb5({qvO9TQ_0-W7eJQLlajC}UWco3I|q$d zI`_Zb3shD38q4Qqw{cL>miSr;Fe;A!vc?635RW%2hJXUJZ+Q4uR#EP$mBo-!FL6wM z%r(=jc(NMlKDzu5`)6nLMP8o}G@%D9B3@;hqfpKjzX@YP!mrASPC>DnAFJki1U^U*>IlI2LCR227l-1TBaKE4Bdz(o zudhb&IPDO(n@7P@QX8v{kFPA~ZKK;@>PLkn{oMR^Uy5Nb4fbzqD7uTB1orv{DCM*> zFbXouvvbB=GqQfe&Jnti^DS&c-z*#49$|daq~9@GT0#DR`_@H+vk5^qom&KTox|S0 z*FVx}dq^Z_xpk{Bm(oIXBsc+bOsqB%CId&hQ?X==k^%RmPIW+n0OXfGih_HZ1)7 zER6z>-)*8$Dm=!QU7R5#bd6>o-K+)ylR7#fa1c4V7XEZ z7mDnT)OWEP%|5K3XH;alHm|;a%)kyZsGv+`@gN8s;THyd;`v?w zv)3^Pn&!ut(SG9E_4ijpnsuo4%0J7sTViRsFv1=LSiJ5iWOD@I^?be1lhT=E!rR{S zVfYTF7!Jmj(mc9^MF49G=YLp@!g=q>oX(!*kh@moky0Mu`JQ}dG#?&^>>rLU*&z#- z=BN5pVQV=%*+D1M$R^r!adtn1(+xr!--1kI73ksQKf%KLBA1mUCA90YQ^ETETwdJ@ zsWIZ309^ajx|`dJt8(pwDC) zy|o?v{rzQW%N4Z72vU8NZnyNh+2gS*qW@{dt!6hSLyEV z?z0Wy!UcqU4`*SX`KS&61%;N=4-lIubvFV*O__a6+D$M*5tsb2b~N60yTsE)HPerg zE9zQXmjy*JpDwpAJ~;e_0URD{fP~fUMDLv6w_Zp0PKGo>=3@;B1y95@)jY5Q!$3xW z4N55%5P&6O2EhC0Dh-2x-1t?6sqwNYxh&og#R3Vbs*KUk2X9?C>@BYeG~0Ta@$UG2 z&NaMy_pB^GL4rLnYK4v>K6X6_)T4tZsY|~5221A0j*X{tZq4VEWy zLO8<6p2SLbtmF>@ugn3}l0C@&)a7B06%cb_0{DK^Eq28EG;lhYdv1RTSk;HolWfNE z`>^9d#YayW7$lec#e+4HBP0aYakV4>dRf*%PfyRTRewn{wxxLEeJZqRf#M;qiyEn5 z!u41B^zZ`*(LNw!>cEl5?EV0Au^2riE?bXle5!-fFzb|HD9DUdLHXj4z~zd5;Nz($ zgSG8Xys=0&Hi1zm2Ix-SzW$Lo+a9mVFYb)ymI%ZZnA!t_CSJI_4GESvJHG}&1Wm=2 zwjU~wt81#e8#T`f2;7NR)__T-r^VwK*m}nw{g@7z(W`Y%7xZb0PBB6|N^=;Bg{wn| zU8s-veSo56IqqWxoXhG2M$z$BV}%|Dg*Lj-1UtUG<1%@6K3#?KJ_GOAzgs1{uLMWo zt^onQDS;?CVuCWpJ<$>`s-c_oRd!CR%{TZ8JRc}Q#~Z&O$gamzih}GgORcHJPCIfF zqTwEZ(JHz2t<~;*K5*Ts0J*uka-o};{F6MG3gj%QYMnPUHb(56G+_n)ssGG8YAhsG zC-*lg!}j073(mj|RSh2*yq~~wL<##9@>Asl*|z@2o~74F$6G0@a@im@vV~}CO)8y1 zj`e`Kb{;kvM83VA;-8V=&Y4Ch^EJTr;9KkuM85h1t{n3EtN?oO7-RU10AaL)l7Q{L z3Ji=y!ZL8Qv{hui|ry#@c+mDDlSjsP!_B!FDwmIq^rpRRcLU9$;bw zuDUv(9`7A?S4BLcgDkaBUQjq2AOV)=AzTqBkDiFC*oDprstZAva}yvP7YSe3SUQ(dp<5%N#cWR|Yp>J@u-AbG>C6X36_zdo;m(y- z)6%r-mBY}`(5q`z<#y}+ZQzv^c|j6FvA43l+^XKkwZ73lDD8tXDNNu#j4oD>35rIB zCRYG-${f;jM>Q;9-4l&}UeWBHGj0?niq`2y48r+)>-$m>7Js?rj|AMS;k?f6ckif^ zdHsZd{^_v?Ytxn#f~-vW`gohHeG|h~a?5xv1dE|PGxT;x$)0?W0h~2X>hRHaU1^8V z=4iQ92KjP(z_xsX&1jAVf2f|ckm9cj?2Qm6Q$0DE9dH_?FAkR){8g&{4oihYp^uvg zhl)z#=?xMeC3I2@0qg6w46gpB?M=_CAF9BJjeHds+8Y}obrbBcQM3TfNF9!ZYvH;K zDi&~G^>0ZI3k!43d4ndj;hZ}dU}_-z%JXWMRCg$bkcR<`97!Go*F?%RLPw>r>fo>! z3nZY+kZvr_*Oa_Hi8dx<7K1~Hmm#0@&U!rz1RhpetcfN@2GII7l5pD40LFNV3b9iG zcC$;GOn!Vi_zLUU@{pUJFXwn6v^^w$HjfxD+MRY#7i+*|MmjOTA~J)ZiABFXk`^SD zk7{9vPPP9v5aD1idiV#B<;2fwVeX|Mj)-kqU@%)`ZGO1ate%`RdI>?;0C(Rs@P}PV z<(V~D+yJ?zeNHsV_E*GD6EdewSkoG)J*0-|!x=tfb-M2~uS4OsfF3KUKTa&$#hYg# z4i#hDy}Af92&xJzMRsVkkc&a_gf=oJ8R$Qa2g{(pb<~lY!i_|@2fS2YGcy@-YQn?c zq=n8H10b5@WZ}I%OQqF_77t~;oGVM_efvEt!IKPcPAPSfNOkY>+K0s^Y}yb(MA@>9 zrDj(thkaEl&X+?!Bf>pUD0?_*yGMO~T6y+*IE(cYH!#Ru9OZb(d!Y&gg>l&b3dx(C zf15w@(;0JF-yXw{{YeEdD<$(jS6{y76gMH8)(FT_yzQ$}G4hjzQqz?R>%BrQYsduH zv`Cho(Wnu&$t7ZjflvYw071YIs2wzT9{pH!4J{jzr4=XS^X#tc-Ct)jzh>ak)UPz? zbSh`Mw&xVytXSLVHpvQ-LS<4f(;x-E1x}@hhlD(u-`;e2>$iDJ!I`yfR>n^OT%@gv ztJ;qaFrx*gUjTp0gQ`9>eD%vAxXxDF^a(F0h{@uQcuwEYKw^SVB>8pjR^J$DP$4W@ z4tCFlfzLUSSSGKBQh9FIt4Ts(FAoo?vp@qPRQtUXXG%JzJlR1aM7-|hRxcAGQ`6bl zUa`1f9I-9zEl2x9K{qC|p-iUw4`ZSMgS;2q2O%@G-{i6qdm+Syzow)CKM$I4W%hRD zWtj}>Z~R)1xv!)yIH)k{Q2Ag~T{QxN#FYkLXyCA&O!ifPX7y7BF9`X#bki;Rm;q}n zdu|<@1;Tk?KVMzsa`jO`$0*m*%S~v8>!)4qPNbb>*|!&Vh%FG*vo*5OE8pE{UFm(x zcKc}7W-0K?_5jDyR-!X*9RpUttCZ!X7&-%Uy;cZ!y{6mbjB(On>zL6yxAHgt3CNVW zqz103R8(wufdk<8GT+y+le7~`J3?RhBHGi?scvW2FIJd&(JJ2I)6n0oBUGHj+2mRCp}QDxwdG@zXA6 zQrg+jv^1s*-m3(UqOX8iE9hvKee8n;P}O2fh6kZFg}}hWFT`kd9_>wj>knuG8M~aGir0Puj^EL3ra#_)| z3Di2^Q4Ly zJUUl5)`CCd>k$THMenW`2YBTBo3+b#0qKS;%2U`YYvRhl7GX;k$M&O4IVQDek@gBe z_uNFZyE$G;vXwvevfmve9ZKc=)Wd5OP2{WoqVdy$p3~=13Zg0p^s_+Y{rZp5Cp|T; zprsn+t&HvXMfLn7|AO|kB|GL}Lb4&vIJByoAa4DnztAXCZibYj3NLM2T1T48VCqaA z(}jD?NYgT_V{7P_RFwdpUkH>n5Zg)%AABgu195^e92sAthK-)Np zia><`S4Y~$92hOjfN|5L(n{_%he~A2Si044`gHZrh!kuWJm$#ReE)84DQ0Nj=e=XF zc@^oJG%$kJT%hkIz0Qg95$ONk*IWGjj~WY(3*j1e9PLs?KB9ExoffYWGWMK3J7$3x zIQUtGUxF|e9MNsG=R2(Hc}WBsclWmpxq!&+I2O$c|`v{gn zYkq8^P`|xxf)4Z!%Zb)0*5$y2kT6hMFBtqpQOHs*G z$SN%sXQGSke)3w#Ri6O$Nlc}(T3!USLtR$EJ$48~qzb>>T3C+dchNC|h#8J(RTDHV zxGEh&h;oCGy^YoZKbEO6a&D`aYk_&}v7^U5urb2wZE`sx+qh-1XC18edluYV{|0Ng zeZGffKayE~Vg=q{({T0Ai4N=Hy~4ig@tii|tO`kC)QzN+!I_TW-OHDoPqultew@XZ z-=e&E+r7vB%~Y1MM{T_ZY|U!#HWdVa-tg;FdEcEGGAW`Q*6vid*vl~VKjHQI%eY_r zz)|zp>NJMpE^FKZrwsMNKoo;)_PT1~>te&%8N+|1+?;49F&j>&G=5bj_@-wnjnAz-n#&js zk*wAv|IG(r=Z>Y4s;<>MSD=NgwHN=vb7;3|y6H{wm)|f;X>ZEyKUl8AT%OFTm#^0@ zPb!zMirZgN_cVB(=OlCDMrcsc{Pq2ZliX}!jXWRQqIMPd4G z56HuSuo21E>ac4$>`i}814uR~U~lvq<>F6;JPH2EHiT7>tF+KmMNExhwp>4@+lz;}cMqvG z886P4Sy<1lvc3A-Ux~>w%)d`fJD(Z%%No-|u~Q}ueqaSv^vWw}Uckg!<@AjbSi^M1 zN3mX7$R>b@0-@6sh)8 zhqgkplai6~S9TIgr)nB9T+rmXBMD<7O&!3i9qg=RSJ)jJC|vsv88T>zJ`%N8ux(X~ zWccQTkMExDVL;$j>1!d{ zClu!YzI64<*c$44uK1Hz@sB_X<;!aLPTcQ&Fp3w>hjj>!{!^f5)`c^0e*Kx!{;Nc6 zwlv%8#Q5pfgrPMt5{#={xoKo2z|@{ex3Ski94(RDf7{*gAplxHOOGW~);Jfq(IGAU zdf{lGJs};+s^L56YHPdNkrRjrzeBLw)T25WLnvsnaKTTr&r-q)!hgA!4oMF9CwuN+ zn)C<9{1_2+u}XmxF)Q*Dx*Q1w-^kxU*Sd_ywQx22f^hy4eB#4Ok`8Dv4tnyJ|-)U`Y zM1xuOT*9S4bUgons);#Zxk!a79mR8aKj9CN&8q!Fi?J6?CNR2TMLJUc9njL=UDV^a zEK7_nZOv5`uyM*68+haUJ=;z^Zku)nP(pt=S*e#tWy01&b(Sv8+2#aDSlk- z3}P-+r@h*=gnY9>1y~>?tzu9^Kx$FMS|>Dyl8RL>N`KFoFMs;qxrzTg z?SwO6lvmO80CQs&b!BIG+O(B)%|V0Q-F!HoPHrP0OJ!k@rJ*p$A3l;UH%%7zFjyuL zGvo!^p5F@Ob$Xlz^1)Ck#QSmj7A^~pt|TB3csAwl!v11>_;)TOpsB_L^oGTNS~M?G zYO=sw0prO`3hrqzU*%!tBL1{_zDjK*0{qNMjk@B#W87W-7I{g^uot=h$m|lW`lIU& zm+_1urjn!cgv;Q(4`9C6*Z(IZ)c$Se`22nb5l2k__xC@q=7bZE6j^&K z)Py{PB~?{Re*D0?$U{_7Ni1k-K`ttyWXbqs#88m{b>4^`@OM1w;kLw=Tx`q`W|+o& z8v0JX-@SJ6#RCt|CiK7+QztNby#j-2o&EV5k;QOZkz6UAbbt4Y+5Gr?P3C^1NGuuk zo_;#7gY9_469LdUP}6PNutme<(14pk$aT2JXY#*t?%c8JRf@`%sn<2*ucD*?nfrH+ zcUM;yZ1$wMSvuVz9J`UZ%uK;@l?^4YKq0p@41GYH7ph}5dt6+0=w=~|N%6OV6Jw`N zCjgf7B7AuZ++YG~c)(<~gIS?-iNcYq?oTZ6cy(UUGqQl3>Rb3dKSoZDq9(q;{&rn6 zI4lPPSrW3x5}ef@U9!p07;NJd$b5hzv1z^>Hd_cg=W~vFX*S7BcFfXFl|YO^{lMz+ zM^q2haQ^YWhz=GMht9yLPUH&%4{KS79V1ZMof%eER`RushFP-lp|e3nYbP;L!=Ng> zs-d6er?W*~LP7$gI+IHBOA)35$yY#8@)UZM(D`Pv;DD2;>5VJSlwkcrephYRC(IWy zyQ~?K-C;)TiQqH2;N7K@_wANC`4<)d|IiPOkuhPI#5m#cSGKq24Yo6^|>Qf z@k&Sc$z2CIq*@g?LnQ9D6w$|xzlj3r^cuzGM;E+HYWdcJqxu-{X-TuXxnuI4hZ5TZ zb|xHfq|UqAdSo{+UG(Wg(ZnPsCKbHDCJT)rh~6S)b=T5`3KDzzAU(^Z&ExSo`7zC+ zFd;BWb5nPFkl}bw1I^P~z|w<@;AehR83{a;bZ;$AO<%p7#B+UdRkGMj5qB{?ldyyp zn-W{KVj$&Rw#gC$D%Kj#=My->fShNdUOZJOuTQZ*|tq>CKMH)fh z_To3X_t=J;WLOI642LQ9f_mh@M%3O~Y%GhPrJ1_4d>XB@0`$}Z2vrDB*K3;3m)&p; zE<1FmV$?ZurZMJtuHv#69dZGA!FP5immgQ6qQo_(P^4ap+p(P^b|`7a#>Kp}7^WN% zW3m%}XkyIU?JP-u%G>GCV_STW&_pQDLMQU2rXi_ezLp^NE4F#*lQWx&td9&;oPlDD z>VN|_nE>xwgl`8l40NBL{g)fOb^u_ksT}SUJ&t|(n8XmIU@nMvGAiCtBgx&_inxMB z6pxN>Osum32Pyjl8F_iQXZW*#6!!eb2LtWOwlD{FyR$hIEsVPcl4Qh8nr5owO5zdl ztKt^KerxHY)<^ef$+3iT-9__IH@xJ4XYw_1xs3Sa%&1`bs;{F1fx;`?-0UB!szL{b zhecQXHA6xogk5~z{+f!5Ns6U-iJite>o&an>~zEj@a!rlrxL`VMYss@K-YD(rWFju zRa3Fx2ODnnaypG82>xHqj{jdS7`ijEihQBCp5W_xe)0YCPVxPj%QN5ddb@6F)Ov+P zzfjo_x>UbV96kFv8vXP+n!)-tg{Z-0d2p}UN79Vd;jA0cO#P6r%$@OR7P0Gy3CW4i zz9%nmcFO8?1>q{0fSWgr769Cm;JPwYZke;Lutvp;9b8@g zF$MbjU|56M>|Kg$E5xQAdxC7i4yyXZg_b?MsFRD%mQ=;_1L|!3wowl)S^6L`!eECr zr#%qw6JTW=flAfa(vc}Tz&RP4zWb}D_ z_8&yw*JE}b8=;Ve_}mmeYlLzm6^LR5=UjXNPOPSNm4!CxWjgZyuMjfRb=|7sZWiQj zmI%t+6xy(b8GSqxe$u7*dT!_IG*l&ypOvRS5!+F%JI}h(cBE9pUh&q*Z+st=H{l2( zWBC;bB+va(jK5IcN3MGlwz$bs0gevY1~&NCjgDywWHu4Fy}0bj-=Su7?nvU=?OvN} zHNL*dcP;~8oQMuJ65U^kljsMEqiR4*j)kJzS_GpX^o4gN^>3e@p_kj~;gzQ0oL1ac{V&&rMKttX ziJ)Z`%Tqv)$xKeWc;plHGs{Lb!ugUXthqX`o7W#e`C5bj(5}nM0u&@V%uP|E^PyFR zS~|0^K3cysdzbuJ3pS{yI?me}&BW`GH>vUA_c4@SHp(F8txW6!WDKfa$FB)t?syF2 zKh~~Cbj0D?Gjq-iXmJ+_@i@oo=qdv}ZV0xFbLA{0Jso?mlKi-o0qTW@}vcE9XZ0 zlQQ0D#wg`IGn6}7ybgM9KBIUZu5+?N7VvZIM?OmGtG^VT`((XIyBIXM&`#!0>U}a15Lmm#Af)~F~MFm9A9ZNM6K3- zM?UicGth+T_uyM2YT%Ca=n1s5PsXB>()^wtXn}9dK^~QkiyIa#r2eBQj~qD!wykwv z5T`;Tg2-O9!%nCM5~Oo*tz9(Q=w}@7^R`eMS8jgo!^KBGzc!nPop=J=DEw(^!~V%5 zH@ZV^Zfe}<)6D)Up+9fa(bh#3je-0)(t%~`_(eT8DAz8-%$P&YhAc%GxTm3%C3RmF z#ZB3qFSlg%E((#*eFU-mH`ND27XvEbFjN;k3?n=S9lmt`UOrtst0 zH@`KCs7nd!$SR5nxbGbB8#3rAoaI2 zpoaivRI^^!@rMRGW&%pl4^Rx9sE4%_ayO&pH-81fRhQ6Z6ad zQMX)X*Q;hsG67pHLZsIgh=_5_darqj4GB7dr%ahv`^srd*F`@uHU;r5>rTWo+i-bV z;iL*==pUPw?R@q$N`I|IJab)8=E`@H0?s!Bwo-1E19_aOp%LU=G~O5*IE-tsoM?6J zdZ1f^CSg}9PxJGrW5SO4G;<-S!sialixtYBW=M%{yxKJw zJI231EE%u78X>~Y6EW<2?uBnxj@W3Ek$0)~;7SEbsy>l=CKOk1S0@*Y#SfFI@!0Z~ z8>@7Z9%>Zg_7{7GX)_reW(Z4;zkz+MX=s@yDzR#f)mbDv4b`EtVv^tw<(=N$l9C{T zSA zDZ=@~a1FY6`r}EE3he!2JhhNYL>N3B>uLXq9Jx>?t0#Xr8A>(^74W?Mop--7F>&tj zvxD`TtuU%uDj`F|xTDf6p~aMi@x_oi{0W^K_}lC;@sQNwtp*d~XE3pTPP=LvaA{13V`trOcAMG$+=MDj zVa)IqHyr(@0n-~SpKqPQqa3z4i4TkFlGoX&0gyKgkTAvxj4P!kpQCo%n{7HDKBhMB@>nV7|`ffUEPyW=J?IdzO41NQlDY&o2nK6vWYuBsR* zxeO2j6U;P}Rp0nN^{UmM!49!kbo%sS5;nbHx3+472?_JBa>J#GpamgFp8=s)O5W(9 zKt|~DEW5idvryjD?IzQz5`rx5-(t6|!u2>34lL^RAAUl2+5|Xt7Z}@qR*Z$o=C!Om zlZrAQtcOsYygMd5v14pj_Gu$H2r715iCJHv74l^VHMqE8QCS1uTa&a~vW;+)EycUC zJAX}JX>5@}*&8OhfBFu5UX7wNKYa#$=6n^b1pKKeGlHrg2-z}qwLcbg*^hr9Tp|U)+vH80QQgDmR-X0mImGr6>d<{nog4xGE$R{g$rWl8Q%uQuZO9B!}CjQRJSeQeLI zvcPxUXj^(cf&qaiq6!XiR(Ri>vY?_LQ1lJ%#>Pg2_fsAJty*7{y_y^~W)yJKmE`5E zrMHXWpEkRIpwq6g-!Ba=+ytv&3>jb>f}$$VrcT!6Os>9gqPo2r=K=15106y)h4)t; zq7dfSYg08__>RRZd7fXsXmgDfJtTj2*pK-W$sG?laH%?tFHG;d^C-`kKSssN@7bB% zsf;`tkn_9fia?r>Rv%qfFe1l##@hl)#+fn%U2zJdjssV_)YT4}ka%Z_@bHem96rcN z{h6iXr^y!?EaM^g{X=w^Kei+VxT;OlKoA-#lo`5J?=V3LxV`;}?8cN8gm9&8$8ZSD z;xGHLl;a&slNynn*2O`%T#xh=P2B%bG`(%kD|J^&%2d9uOJ~GE?hF|)6R)yBu?=IwSfQVO_OX7->i>v#2(#@|twWXwWs*xHPGmb%$5mjiA6q z`WIuVlXh2jp8AI^0-y$G2ZCKIzSp#3cD75ah+Gros~52v>NA_en1O}dXW%zcixJ+* zus^4ofqxt=@n4VX9G-E{FnPCT|Mb)2a_MtdLEXQP(bmH)=M5%jWG0UT=S(uKm#A=uw|X)63L_ zpOOIRPfX9Oddy%`83y-D5Qa$x=eoXmtONFBufjDOU$J_=8n`{4imt4t!`G~aOwVV3 zRm>;jCMHHj+Gsq2mkE9_SOhnww2uIqQTxHaa$$gFV!NA@HJraYce1GSqDmh)o^XaU9D~i2V>6` z+@>8a(+Y^LAPFv+eK(TP{yyFRcB5;sd%1fWdG6SM#3rXxwj*ly7F`mxl=DCd?y4UJadniPzuo*x!&j!8m+$f(Dz$MpXBnLd?}UTV1(hKqQ3VHnTCZ zuADo1)x-P{5ArfRWw7DN56hT&E!zch^Pq?A@2Y^*JR^|9aCh}BAue}~<+PNE+t}J1 z?$fOM=WrcyJ-2$JC+p~Ib+C*eiFjVFN)cg73rJ6A6ebl_U25^YR-AC&kL%>$%O=R0 zf-qji^%%MOitPjhKVUp{p<`h9rKI3NDUQF77ptL;f87^b{ql;66a>RnW4R%~IO|cA zqH+e%w{NUr;on4|1WjRQYYHVWhSkR-%cG;oC6kq`nYFnek4qLD9Q6{8Ar6!KoE9_6 ziMf@P@SG@&n=1g0x!K&RVreS0lJQ0u+@lZhO({V(t%$~=fi$!gV!>j^B@l-?Ntho| zqV5I&OL}>wuggkcWzm8VoirVyFJ+_BMP)d~7KLoiIgM4s&dw-i@$*Ja~+o?;s8k(DexsW3zNNxdUpi=wIs9d-s*W4Vq zsu6`wzOHUpY-V;2l0Vykme>q|NGBAd-b9XWYV}=OZ~&cZIKZWO@Wx<`}aHP??#+!5;l>qGu1)IQvD zVH(v~O^%QNnAeooes_2tw>NuZ;#KHfR!I(xgedckja?~KFZ(_^WnHk{Tu#L z6rdmMNqre^(8DWq74$a|Mquy}(Ui&?N@gJb`Bjbjr#}htnW_|HBNUi0>+<`yEFB(= zI}OM&W3k@mtpG(;C-XX+X*gQ+kW1+P2&L#>$HC3jM_&WWZNtO-;0Q za|s1h#4(XxKBw4^jxmr+zV30^4kJf%$`ES~;|Iw5iJF38%dtkV2cl z`zbQ&Xi9KSL=`rWf}Z|@$3tvmJa0n7a&Xn~>#wMY{sR2^eV`e^qeA>V<&|R5`dfV8S|1SUD3d zQxegNEmG^afcN7yBe3ACZ&_#9H4wOwpPye;Qub1kkvt|23)7k&zfb&JTV7w4`&Lvm z5D$INcYT6W&Ph=8KvmWIiY2GsFG{*^MD2{GMh1hd9&0?tI34&|^V_=>9A;6GW5tJu z&V$c9*2v=dChyfJ{nU=JBX+Y)_bo^L>rb@a_wR<6Wo^kT(P(M4#wyJDWeM7s31qrq zwqjk)m5ST+vv?3lR#~4isM&^o2B}uqFH8@RIv9djeFITWu_FaqENY75F`D6~=gu&8 z$P`WCL*ZUn95*qwhHbk@R}1#Kzc!il(TVbUolS2WTPZPu=_^otaZ^D!rMSSRP@#fKV#3Y(ZvL9e?h zOk10LUVy)T{n~D#n=JB;&%K(D%dLiUUaa3}u)y(>p&snh>TT3n^H-WUtfd)m3IEK^ zHFfR|+Q01E??Nc#p_KOa4AFUikY)dbQ|95BiUzRSZ%V(S zt-W!&8+MbGwMq0?^Gy6I>3Fdz>Sn#hfD&|vpzS%-9b8#k6*POO+~9pxU_Scfwlhz$eeGn0HGYFN$xJq&SEZzADx&HSqf@d0a1kYxjW%39-tgo= z<(N-k5<(ptwvN$)h=E)fRK}}2Uxt|E;U{&kTsx_;cJ<<;nZ4>f^oMb5OC8mM#`l&e zip8`Xy%C<17s#JWtDP5EH@&Yz^t9XnsL~uE|XE zvC2)j2gY5;PdYwns#>A%sN*_eTDSTVvB&E(U`%GU2q^}O#8S`j7U~1btm({p&ORNE z3=g1APE6J8potpFfXerE?P>0Y>q93VEW?77IF+}_4`;}RkJskUhso_7w6PC5!5_Y5~8)X!1dgLHg$j8eGCm*Vd%4{5+;pN)1?&^~}=NI4bq z`ufD6@|8J_jp|H)Vvva-OFQUf0FOLKu9%@sw}^9}9>swn}=f&oH z7VF&%L_&9cX)+&_^nh|N57eC2bmVb<9&zjYtV3me*i7${K!x(cY^&5(^Ot$ULi}jNXt3fl`&7pD%pDEW5{~tPw;&{j8Z)&*ac|4ejcP1;WVEcml5^*u=w zj5@`54G(?;s^we|Hhc8)!VH0?2e|(sjGj`)zu{w@Yt?($pF^S($c~sAPCFJ zk;cWv**(tCLhZ}9J}L$S#|mY$zkF{Oaydm#!l0hPS0+_7UDZJ2?RgzLS%ybN{j#4W zFfcZjl&Ss!s0&rpCu9P3rxihD8z0+36U5PWE+i!-(6RAo966(cfFsb|3J+At-o@&! z+YbiAK>@YN1i06o5d3$4`}y-5Ok)0+r;zeG1`2D*U6h?4BVT2G^^xWJ`8s^z{<<%9 zb$uZea1bH%Y>u#yFVS_8KhRDa!>IDj=9lSteW78dk3ZUfaj-ZhFu7 zPK@D~8t{Z3dPyoduQ6v#V85<*cc@?hO@2uM!Z>pDOu@k)ZmqQv_5N8v2 z28N}?#Z&?#Iu0yo0_JBBQfiDCZSr;@S~ITpI^6GtF&2EyNL*{HoaPCgBKAniJ=p^?%y^53Txqu@C$!Y#1ojS`gS&PS6m z=!`g6u)oKd5nz@E2I)sYH@CKihm~p!!#Mw%+awrg34amOG^!#}Cas1yXs)gt+?<2s z?`sb@_-J={bM*zGB1T>1F_~($4wQ9no*)P-Y7z|t4OGY_eB|txxD{xU&2mod8@nHs z4e8XB!VcSE$Ju&2n&<6t60g2Wg+^e1bmW7V+5HsfB(Lt#hTrdw&-Uf$4Lp3qTVC4b z_=j(TLmWE>OFVoMwjo;_`E7hw2ItH0z z6LbyK8-#LXtV4Wg6n|k%al6>$9L{hx$Ecb2fKGoHIENN~6}u=p|3wTX71JmW3M-e| zy_1h93krgjZ?kJ0b33tdAYo(Ke~PCWjWOkjKf^su|%!)ElZ*LoDPbsy<8yfm|VWq@Of(T!o&rY@7$~D7NN>p`I z7?P|G_41HhQEhv~NqqhMT`zS)OAjoE`SmTzV0A0wT&WI%YPKAIF((QC4c(1;m0G(w%;`1( z#Yol))Ov31NxqCz?C=xOV)#uIoIWv(O0x4u$&)#9rg6L%EMKlSlJ8_7iXJ@vUnAH2 zDX)@#PuwsNhxM{R&`%K3febiDC%u1fG$M9BPoh}Pd;Erqpj@(xF7YfZLoE?KFWH5O zjMzAsQboU;aRSV1VrYdySw-=ZVsOr-H?aQZ^oB;L_}Cm;Ap-*g9mneIcE|e|i~5uU zMY&`51=0k@{i)hl+-- zZ)pgTI-10Hr}?L(Q$lgK%!3vUx3o;u1>So~=Ypd`k)B;5moTMYRdq>0?`=^N4Boua z_WmX!tmNE7dl+0^TQrbRE%G^*nLdfx7vo}jb`~YgS=n#Qvb7H}nOQq7+k9YtZ9;&@ z^|bUE+OHazOyz~DH91u=q-U0K*4f^PmJe3udVIo)K<1%Ke<%9R`tFJ|73+l=nfHV3 z*(h6AC=D}nJnV2F(jHVva0Ce#x9O~WN(&DUFQH%) z9Z@r*w6MH5G^hs8CNm(iOhOzrmxSZ)ZDbZY6n|q1jovKKw3eTE^z=j?e(l*;Av#AA zGKyx*3N$wu4Z3Xd*Imw)24}R!{2M$L0SSKrkAyvJNIryMDT!^Rl{oxhjz! zo?TzwG_Jv(0+kpXZ^^<=0iX6EG=lKZY|6)oDPpW2l&L2qB(&H`JvBX@_g3B}j7pv~ zzH4$)*d@Yty^T`(P1rN3A~_Eao}i#0+xTGO{&0bS&faD(l7pJGu&|(pMw+n^tZ2~0 z1lx|rST-LuL>buQE(W546J2m~w@xB*`w-TbD zd}&**+t3pUFb`!tL!*pn`!pmOE9|7rkrzVh|2+sllf&Bw>+W>DJ7clhs0TrGLe2?I zw27Y`pT}rU&It)$tR|xl;_+!Z6s$ZDKsu0-(*ja07mpZk47WbU;_vV~+1 zqkZpNBMQhMK_O9X48cSws4Z!c99&!~0Ir!+#o){!#z^AZFGNaVsEdt`h0jt2sG{mL z{VF+L0%K!Q4g=^Ytr{(6euO{~*thtYc>@FfG_*`yCl_?rQ4$~rpQrTouhoWr2O5Hy z^K9NrO874zIbtF@cKo-HTtm6BjERZW0!lG6E=GVt9xFZ>A|oT?xmNvYVCv@w9h&S3 z$7&gGSJ`?(R1p(2;UFxOC$PR1hZMclnU1J${3@PH^|OGAp&3U-%aeMP<(zSX6PAm_GWB^-| zObv?e?bAxkK3H-&KJQLtFWfeDq$$MG*3|aSY)L-qdBDQLlD6y@3vKYYXHgeS=C)ml z>BFKdEO=botyTtn!$$aboxJt-f4@l4#DWP3?&Fz!!Ek8A1B4u|XKTGTmh)9!i)_5c zjjRS+Nm4A5?BCNs@>CqPoT)?{p0uKYpQxx(<^Z{<+&dPz+YRqiftIBzkbwkS(GBvQ z%L}{sv$T4fl>~Ri1pHq`$O_}xgQ#a}6O~M1Uvfoy@6OiyPc*sh&(;LAB12<|9w6eV z!zWDIO`n3% z8{fT5^C%*g_5Q=)`$4DIwlzWX2)UZ^Dv0>btr5DMO_nX2Gn9fw5l^n@^ilZ6;dnvb z{Fq~AUUJ$mh>iA6jukOs9U-mQvaHB-$Qv}hpx8*uHq>ug@=RR#l_)HO>}n|E<%z;* zj1W5TS_#93U}|4&>ZE1{BlEF2)1+R`vo6i#T9RUg9a>&{M~8)V0oja}mW{XL3u(sd zIi2I;B9`T$LPS#nWYcj{G(WN&duMX5(z4T`J7VD=q*S2MuZe09hV(VD$oy+L%^t)M zn&4PQTt#cBt)LBEX+7@0hK@wgyR{V_0X1pxd;bq|Ni&`>C}Nx)rA)0#ORP!`DhH63 zVC8zSDe6EIFH@2@Jb<1vW@m0*T-?3P$hTf|Z2qd~z7i4P1eKwbr_w0chh2&?0fSRB z24cv}cFEZo$jQl##FK!H*aE`t&X1$WSRVimA_z|0HY+S9!FL0(6jKSgXVhUhx$wAb zx<&p{lepH_Wo*%isqjuRfN~?$RDe;7T$f?kVGi5$ligRl7{V@4-$&;z^OTP$1d`s@ zUu~vm7imX70WPO!WuWJY9_)^wR7jSO7wPY#IfHdp8H2A88c& zhb(T86obudY~mhb65e+>*=TB7@@{?frgHpFo|n)wi7hO;oBFexhYxp0RpXaY72z-F zfSq92dui-Yz?AkgqnwtTnqWAIA$A;gmNPN>@?atSN+s;%Ku2C6?yZ=!NKEn8=5feU zlg7h?bWAa5C%Vx?)Th8O_FIF|g+WhmufCn#=OjOHrdi7BBGgX(;b7J9M8nlw%7;jK zvk{zY5O(pkza8NHq5aS5**0fwbcTwq&-%m?^O;2lWUXh;*@kL9sZPN1LA|KO0sMt8on#^hwoYQy zCU-oQ>-iwOtN@o;N1@ocwx%N%A;*D)4+|+SsYsUpf;-kOwQnf{^=-}w3?q+%2mIXL z+zd#hSNX~w8i68VCWV1#q%|oe4AW zMJ7MjFs8ytyhqT+-Ra7;1Q(G5eqpv8y-*WYic1H_9Xlbm)CALeXyY#nZZd^}u~N>$%w+!+ zJzM5~MGq>0QYPd5j0c$fMu@~FJMdlJVV&Rime4pqzrp7ujc_ebrNk%!e)L-8EEsWS zBhQR*C>%720=X)hxO?yX9Yfo_f@^x8WkbH}^#=)d8?a;z~^gX_a5)~c6s2CRxwm<^yVI;Zd zNbc94{m}|}>cSHqKhrI%SpQy~Rtv~G#l2fyhYoiGo}y>>H6+r~vhyH0AJQ~(?X~fz zI}xIKNO2X$2k^))EP*K5WWu!)HwPt;sB0{l@Pv1+(TGxAh5xByQiBb!jaSK(!xDd| zqY(p_`tYcj1Bh+bu5}?L|Im)=!Bsp)vn1hnm;l+kurdZq)kKX+_7SbBJ~k_yZZ&^?iu=3D-1R11!s2pPW0+h1AFvEcuN-UenrVV7 zKtr4gJ=BNVF(QJFO>>_bpULQ%HfW(aC&BOUu6hj)ETFF#+-uO<`fn@xU(m~hNd+mQ zUOh5UuoMoaC|ztSsJp{#;p4bZFUv@9(0_&iUQpF1Y<5wMRJyP#a0)$tK5sWm(*Muz z{LS$Za3Y>v1*qY@9-jYKC?q!&Xlr;7RXCY(P1Ar|Q;Gw)^X2a<&M zK34t*e(dj^YRbiTC`6-kM&3CDwhX3r^n|9&7PRPzPE^>EixOFOGQ|S8YJtva{uuvC z4|ETS8I}qT`TJD*V88A-Rs)fNG}I^A65)4^Y!y~ zLx`ZC|F2!d|L60biiNTjU4ao|&-2##cI}H%6a9eqR3#Wj3g;k5!nkf>ra?2hLKti| ziDieZOJZ(uZDugEog``aKMvymz`!=A0t*!g&SjhFV%LG+WA{4F*)39fn8AK*!AZWE zK_Z?!3>@S&d$Bk|OUhKideCQU;JxtQcgrak9conJjg2603O4m?k5;cgWdGol!9V_i zSRVFP6KTvzSWb*Zs1qOrVpS>}0TqvYhH(^+0jd6PoKev7%rD|s{}$>b(tq#$>!aLW zG%#&u!>CHlmiloSU(%>3MSS=A_I7BWkWFR4h!qc+O(J;BS3^T%VrgmUZ@Wx_yuLU? zYr&odY#sNr1fN_SzxQz!kNi{HjF@%TBj{b>^7t443@|%@0-iq1-2VRD&+;hJjCa8( zO;kHa3Ru!v{0*4(m+?onm|a+|Rx7>xuN3s!Bu8CYRfVy$vjer?(1ZRxw2#ZIs_N>g zO3=DxDiu<&rGK1cv`*;fp;)ZX6Pqu}PomCfQ8hOQT%Gyk5qAa+}IvEmBX8^nQ7 zoRhH#6}|Yk@N~yr)Nq#P{*k?QEvtTO`icWlW(}LQFm}a9pl^4iLr{IER?VQOEa65V z|4q6y(cxFFc~x>DW+bQ-`BzCvkcSBl-JxbqVO6=s$EE&-vkFFu+tSH{$;D#R>QGLm zf7^i(UEIU>790Q$Zth{Tw>aT9F5vdesu?JVL$tsg1cEs{I+9ma4PIK(fc`9}sYxU4 zi_v4uAV>`TZ_Ikpc$q2|{_=ivGX6FgRWBZ3#(i@EKmn!Lf#3caAEVQxo`IKNXk96*W*KS%K5D7y~U;x zL!D+cl56!uE_+KIGbP6p6-3;|P{Qk$$~)Z}2<-9T^-M;r-I0w=OY&dpQz_~(y*g=I ztx_vRQ~fuyLXq29c-A#EpgJ=(9F%^rzM4^K+yV5(hXw*7G!Tjp@IL46&okPviyfs@ z-|1t$wyza`rI{Ym;#*#ZtE|sKK}fAV_gRXnt<_G!PYuhgde|ocbowE$&ZhzC5&<5Q zDS|wk-`9OFS?dC!P@=0n``ezk3!{H9No0R@-HcdF;sHc>2U+BWOW5)HyIsP>?gOi) zP!l!$WdJ1f0O?w>aG5G;S5;~!z)kp7Ys{b&c+1JPy)9Cs1ZxKzLP)1e4diQPhx8X)4aK;uj;PW zWktRsqk!IGn;a_DqUBuh>dn4=zu(hV5Ub)1)2-I>hwQbvo07j+8ItS!zEc_Yc+eu? zWuqTnqO5l|NrnM6^ ztH$+VSXw{A&%#`IZ<;QnLzl|fBOz|@L4Q~*_?mt@Fc6hfPgPw`P?Uy#?Ock-Pa$+d z?kwd_PZ z4rvMbMfLH~!$UsV8R@jmXTg^VKn?P)GU}9)N@YbVUnY-Ho_wDv0~4u&*7_3zjfp5A zewKVBRRD(FbUd)TkCcC){Kwctpo~0jbOllWT;yv=n+GD7qlx}a+Reh|&JQTsj{f;L zxxG7JaC)QehEzhc){JKGbHkYigANOBJoWf@$h@GDYJD3=oEiht|GmgO*c3#uJteAK zpO7PWOu6XAPQ=yiomZR)=NG7!S17s~UIh}q@4?Z#D>JYHX8SWHJ8XCWvGx=#S$Lk2 zF%H%Z?h|#Q1GdWVE&8ko!@r5l#Z$Yv-63+RF?T8SzsXarG0bU)dq5lO@VLQr3nct} ze8ZC=&;&=1JLa$2BYhp>IGeBA*JDny72b%-<8aNu)UVaM*iEL!|A17w;-;2Rk0lU< zx&my2nTATX2j##(AHm1uagzQf&T3ZcR5%5Rw8{CB{+IaI`{#P!pcfV2fK$GploYp5 zlxyFkx5(wk65+A>+q2^$o0c#GY_$U1xw1l6xLTFYsIke z2PHHvF$0J;UfONzb1Qp4Tk+@n`kz~&^OE%!gxh6Q(q=G1kd1vy9pbS=w*OB0Eopll zh$Cv1rRd1cE1k$>#91uY1fH>Rp2cv}RPDqOQyN-x+|ce^H#-NdQ?7fFS7;S-Ash%y zl5GK_x6@`vn30~kLa@QGlQG^X;RRmE<6CzVi_?MIj<5H}vc7%gCA|Cicp|d4Bw0d7 zeP!M{Y6iF=T_*lT2l_S2Mjh5;<5gxytoua{StyX@&$_6F^PJ%~WdGB`{qM%dk*)Ua zpPD1%ys;l=y$#S zC_+Edd;^9jRu^m~+md3R`kB||tkwGp#e=ipg&Tm;pU9u#{v zQpHbeXDy6EDqvEN6j#Q6%l;#+^hk}l(=(q~iDHgCh^_ z$H1a+T)QJ-HjNtZBH88ub9xp1yIKb1Yv*CqpKa9y$_L3+USoSav09;<0n=)%j<924 z>*fR!8KqPE`NdfKb=cvpGC9f>qMM6)4BGqO#cKgh7PDq&6FK$bfhEn{dbuYq{KXcc z$-?viGsc>qDn^t#;+6IECNj^6b88y|7)RzfrIYi+2Hpez`QXr?*qF!%SM(NZ#<>dJ zXq2P*&Shr2d6Hd->ACd~&yRGBa<$4SxQ|W37w&JO$Id#JYWd_%36=cz#>GUki*WtH zE$b1ecjKA8fhFeqk6h{O$X8>3`4Lh?3WYL(HNSAAcoaf)&q_MP;pi^J*(Xh>n7>G# z|G66O{Bu6q_lNO1`c?K~*?Z@H|M$`IA2KjzJ0f$ir&MIdt>zU4CD%Dha z(-%)HP6x4eRPd5GJe&Hp8Z(iDGY85WLu1Y<)mHSsjyN17uA*G*wI7*~!hL2Xq zVG^Im2kN5}Xl0wD*i}!3mu2VYg7d07?Hq2!%b?#|I@mb~6MT{PbF|_2k=t4Xizi=$ zEkDXfcM)h5_x=~NjV}H{ZgC-~G)%=vwT&)}f3U(l_$*QDnY&r?UT9vc!&e2g^^KiGr0EA@r`i+xLWRM6;GSI!tq7zN9=bUr38VUG62A-|%nFDbs3rvldmlQJUw6ejZwbTf!yI}Q2-ZFaSaFN|UD^_** z`T2p}{xlXBl()~mBb>;8)Y)C6ZRd!_CU(eABCKqHtu^03$^-%UgSvHvY7X6z$h9)6 z)}9Dws1)~78&r1A$HjwsIMY|aw*CuQr~MQA7KN59o+Lzo{ba23h~3npE!A;>kP2FX zZZ+)9vsWlz2ooP2=nRLPHb0xMte+zZvyOCdFB>kq0T(W_3FjEKRY+hEqp3o_1kdPX zcq|UETu3B0Kiqfv8oCtrG3xXyt$Cnu3C_{X{=vx?6|GM=V_DGy4Gh;#brh#&EJ@>8 z5fxOjeKYFpRYS&D1`3E1)PR_@nc)=6Rz#+@PAEz~7%B*Fuz9V%&~R16k?Ev?QsW_@ z6lvU0xsHppE7hM@tjJwwRkhUk^p$TbuozWmz&1ZMBpX7`{#Mo26udq%I5D@gv685^&5ggkxAYv$gO!ci zO=>-3%HceBDsoi4S2XVaMyT*(3eX%tC{X{qBXzjwa6j%Ta_|a=(9XFth*5sx>zN7O zhv-c^>Q;1=okbpBFOqlfTsIuN=$u|`iL*J`79!&^j4}j&k#zF;qXXO#@hL~;);_~2 z?SwS>5IoGH3`n>6g|v1q;JdtWosyWi+vKdp#jmQ5iBkwk`$ecFi0_y4Tbsw7msr{( z?J!uMfdGm&OE12nl21UPM50m`r`m!Z=?0vn>=qo7?B>}qGwGu}Ez1HzD~Dm9U|)KE z9MNE3n!+|NPHt5o*h9%7Q=`nUsTKc2W8(mGF;p*v`D$S%X@}zE!Z1&0P}JGG#4N&j z|L|1wW-C0U&4Kfa?e^z&mFSV0{s9k-A1;x^9+|tnyqp?adxul++%qCF-f`4ePMA*& zZYVglqHunsVPFtbOh-J#H9q;SQV4SNru@aG5UVH`g(Lskw-vI7{F=gMf#+ST=RoyyC4kuJ>i&4CCm{%0&|dD(Q>}PAF~|(;cu= zwmvlzn_%(R*Clqv&Cmp-GRzUIPaaSm{%Ve+?pzqJWtei_$!OR5O5685Bit5otb z8RlCI-S@CWNeG7#t2t^%9&}Hr1^hpJIkmzwzXSF2ol_BT!JK6 zfW{i9k>Kv`?(Ru&hXBFd9fDg3?iM@{+}&Mnk$uj0_degbKQBKR14dJHSFN>b)%!kk z&NPDz(MV&Z{OziYDzsfoT>aHxj|?8zU5xiGQ(%tURDO;4J`nyC`Mcg%5+%*DC3&Td zwm*NvvTUlZYKz6#5eNwPzoJX#BZx-rmz2QkX8sGi?M)fAn5e%ifEgD&SZSTr{DJy4 zrQ1i_dn5O2TDOn7JM80{9d<+y@v@n4w%OIhOphmZBEGtV+-foSN335%aX#wgTa)AM zl!l|GgplvrtAon>`{f6hMPWU%5vOeUEhA0Dfn7IIf9if=Mj2zKwm|+B4D3~hPY(*r z%`F8pGe#r{pL=M;YMn2n5dHRY^{i0gn*lfePVa`H35DaOHO$o^+WKq+U@N?QvOWOV z3o%=rKlBa``i)GLnwo<}$UTVwXqv;}rn-ds-Q2N3k8D&r-t{SV2epvy_~KE_aDPcM}5;77mX7uZcp{ z_dX2VJkxC*zmY9?xGRAEYYA?;gt)k*hPO*WjCcUN(@}TGdk}i+G!XJ|cP&HG*4HN& z+d;HD<^E%=O(52!5bS$%Q&4>2?Rs@YmXewxt8!}|IFdp<=EiGx2Lm8T!fI3fC-qGY z?UR$B%uEkMlZU1Xz_ZNrq_3xDGC z97<&&09*pQZqC!P$}}r%mtXiD%+gbY@fu=5g_)G-7J*$#cig@z#eqQdEW^H=ohpk< z)|M}iz~Yg^8{*Tz{cZ!<&uT%9)iiV!4(^Bw)HhBF`83%15kf1YnI8y)xWl%tknq+n z%28Vz@pi(T(5K()Ud(KE`F9K(zxwj7+uQorz|V>~6C$=-SbZB)yo*;hT_v+w^jx~k zPDO|MX))Ag*imk$U#32DxYjdtU4uggx7+nZW%iI-&il{#cCDd?KioO?!r18b@CJkc zH5q4qM3i*)7j%wTc9UvTPBHpG&in8zB}3vg=jz(p;N7(#5YDdFzh+a^D%IWtbTg!!NxmW@E zMNYFIPb({W=`@Z{YApG{w2J{=&jn1zuOd=jUM*&Q#iQ307yBJWO0+=UhSl}M+}s>3 z*YO#baG&RNrp9g8F?;Z?m9-g8&kp8d<~|2nrA`v*;kfLrg}kQb8>yoD-RX6&1FXyU zY-~7HCPPAvu4Q!3yA(l)p#z1`;4i5}(MFOi203*o-qPbswnsQ;(2*$5K@#O+=%}@^ zxgr%|M+x>+(6Cu_dTZZAp^qoXV*j@t&sBi>bJ}%q-nff@8VjUxq77uKrtUT^_AJPJ|qI<#kyO2S$ant0;$h{I;+0+uv zNk;7>)N?^h-5A2Yl*0Wb50wjsx z;5^)T{Q(9Y$aFwLSh<2(XCbGEKJYLWfkY7Ve7=FKdPSWld?6nYTW2lr=?;LMZ*-E- zZhi5a?_Kt_gP5_=XIGRhd@;}pA=a!=|4^UX`ma7Px6@7z7^|=>&Lk%7dN2&h(8wrL z{*Hb$s;MWExX;UsU?6znxI>(aAcysf#tBl#ed-5ZlCVStlNBNRS0ZUIbL&v`mSeB$ zuR2Y8&&+mhCp=zxbGm_6UeB$6%R&5Q!3peEFO;n!_-lTd{@B@ZKwqjRESr-Sq<7it6uX?fGC#5JG@1;; z$LJy$C4Yz|!J(^z>UY)kqIbS0c@Hf6txt`*8}C0&F}#6~l0*c%tlz32I9x8U2CD(c z-xN|~Vvto-R1!5+KS6#nFbqFYfMy6$cke+L&dxvIA75Ow2b}Nf5c*t}p%HT0t2(PD zCnYT%90WY`@tN%dYJ1Bwja?e}NZD^08GAz3vwY)Y-?UoP2JM$=x0tJ2bmDDSi2)zW zW$NQIA2ZGCD@$PAcH($9EJJjRG^Ur&Tni=$jF;_6+xZMRR{XA&RigM%+0TrBvyk2R zO}h&4uCWpSE8qSYQwVkQ8k8dHKZkB$gI;@i-Op5dHPyrI8d>9uii#$> z1W9sGi^3%W&|sB%3;yh^S{}tSbvqqX4wZ=p2YXcwP0bWS>CN3Hsj0RdrQ#g)ELojJ z(g6WZbgWm36_`$}o$X>0tw}(H{emC`$5SZ=E%uzf@a|eh9xF0Ka2L9TGGos-)(8$aE;#6+H!Wzx_oEaM zu$W5!DVudOUjdK*dx`Z*=-hLsgOV-6Nytn-Z5s9I{5ZVx0@EyBgxG#v@ATT0-e0S}h&-<<(?00fvuQOp_zGI*k2_%EW zP@z+f=G_Xe6XV?Oy+(*eH_GqiAx%n7UfN&xH}o2r-+lET?{3V{GK>(nt*2ji1l%%nOo=qP|3b!jEIZFD|7bxvUZ&<@s>w z31g+?|3PL%v~HFn!=~s*>I`B%MtWH7aCvfKDK6#qw(A!yqoguVJXZhhUYfFwirHf@ za@Pm1Gqlpwa%yGjG}Oz?4YPMyj6%!Z_lnikb!2>p2+ScnLI_=I?^c->&4{wb2jt=| z;m6_`NDmgEVAH`}nQ&-C8vFvb?@qV6n-11Jc;_7H*B4f?}AU6heX&rHWq`DE ze{^)L=n1dqxYmLOjMi8%<<*FoZjIvDtUdtn=g*mp{hrSOI&Sq%17tdm$cBD2qqa;c zxF(=|J?YpjESW@ZgmkYPgs=1(?@kw@jw{VpVKq5OjDGD60o{HXbX4(v z4+SAQI1S-fyky|Y3Pw(DUO$;N)^n&aD)MEPJ0;YDjwUORyvP(D+YaFSuB_&$T6cTe zO?T)zeo}^3O3j-vmJiuFIK^EGgBV16vQEas^k1LRjX47`eqeegW^V2`hcEYKIy*Jv zx`|R-zkip;2MXA!U(j`8<7sGj5!ga*#~2`2XM<5@A{!XU8rde2p8`yVl355uBMAj8 zEs^xQ?E3JM_Wthx-lT1Bi=fOTs*j)OQa2LNnxLaU1V@LnO zrRS4H94IpA!tc)tbMfyL2BKhMxCZhRGD(ocGaolAvO-050o`ZtqoWvxX=0`7?gYuh z&5pPb1oT{?WSr~i=_Rl_z~)IMhWWu=N?C+?0=KAWK_EOSx+AjSbZ@ol)pWTIODU`U z5x?Kwoq}l7w{L>OSxT}QYgew=0CUD7C6xx2ON)VQzpmy3VHgr75AUTd=Xr5d%mll|B$&1?Wt?V&d%=N0}c zkrzu2%IVmvOA6gQ$(67HGsLDqTvk`t+1|J_l4f^_PEdR0*^gIH<7WY>7vFl(2(=>5 z=A-m#l_w~8Vq#l^v*Nds-hK`U7>bLJ*K2Z>mIw)5k81wi>8 z0oO&g4&K%AK5ii7{V>7`630>!l9Le!K*aTn17vI`(=bS;M@L@7`lyyOrh>}cYL*#n zd8M3QYaE5=T{(YGdD$Qb@Hq5$==5t_s8AoMoLW3DlOG8C>UbG*EhrYWzi(v(r~V0& zV921!0k{^?)I}sG&n2Wv@8ldTv=9Iiq3(r>7JK-}hUKgThykT|9w9XVy|?}Tt>v6m zc-m|>4r@l0SjFyGN9YdCLra8tl8e3BV+{%aTyg$cv zPzdA;ii=~;MMRLi4xgx=~>{&;v^B#*gH8cC#jRX>Ytr+PjWr&vu9l;)g7a3za zLmI0Rmea;%(2VNXrD-?U)s>~n=k>a&CR7)Jo{2!AM{L%bjL3A%x&>*yqd8)7-7D8s zo6IZ0LV2&-@*<4JG)~b_w7u)Kz!yAhS@-GXDOF-xF@RLOtNv-~ezm6EvD1e2TfglDXE_A3HM< zo!5)RtUyzT>{JcN3oGrrUMEtEZrdtsrUxj?RrigKRt!=@pBf*fRe^xry`wgMlJFd+;^AEFP45k0YgbV6$et-_Ce3NP zMLY^fB_(n)G4aqoZf0ppNrkJ{4Zj2=Vv-)9L%vD4Nzjn2hzRn&%tkWvp7gTkgd68N zFNi1n9N8WuOfkj`z^>EcqxV^t7!Z_HK>s^uAL7n@XIkXlzY85RN==0YX^D&wfSm0; zj+=iT6}RNQ8G=cMeC?|G#4y2L!*7%3b<1O!qCEh6RH_c?wA1 z{CYVeHSv;?Hji0R8Sj*7a%!qK(+<2hnDTW4$BnpA=NoYsPxgHzA=|KO9{&aiIW?<* z%$*@Pt6lIZMpwl4ExMSa&(>^)2`Rs3Q~sv6!r*Z4u#X{Q`%y zBhuwAI*Hd{kFiW>AX+WEB8tBpq%Srn-hP#45gjZPWS>P7fGlk47Z^CO-6R$r4Hun~ z0@JdP@N9-~=gQc`sP9cv~)pZ zZBNIL!;|DayD^r-zh3zV6z2L@hr80VSF)hITy(ANrM;?lsagH3Yxle&$g1o~oe`G% zA5%7<($n-SZPIa=aSwj#xM}l~VQ;UZTp0Ef{8p*>pIq-()I@lh(-T>p$NS*X|I6_H zUD@^?$v}+8IOGpK2SNqF14fgb0za^zdYqhjl@lG#z_))iv!3=?f3V&M=DY~y-i)1( z(n*~AD-K*|D=rwxTy$U8{~z>>kAf(*P`8wEC~W>t&5TyDXu{|uEPel+;`<;c!<(=g z#?Y>BNdIVeKJ}#k7!d;&2T^L{qh;-F5FX=Lr`7nbmaFM3@4JEm)K2|U@_D`i>2?ee;+%hJBf%0Yb;cz4h>;_t0GABm95 zQ@@xakl$Z_uiB#z9I5sneeox%@{buVaHQTGx6zWecuJltIX%XQ>;lmbcXWH*Zeymbm>>}TK+#ioWYK4EJ`B8I}UR9rW})RfMqG(&Hau! zKBt5611IE;S;Lpa#OyfPlHQuVV6>F@))fGzJN^wkhrx9-s|^kj?GQxwWlis{-=h8* zR=ik%Ih3~~QGet(gP}r3H!91-m0I3wzL70748C!$qpCCKJG$_R03R8v9zH(vj^lo3 zya^)NR-@_&aj+wPCVOdifNcqI^>^?89511jVFJO@++5Jeh_a}t2;kf`LLQt4mE`1( zL;42>M<5 z6#uy%*SmtL{O*s1#l=tn&;>AdiOK2dR`MGSa$xlppZtUA-eA8B8YE_R?_C0{>G^?; zAJ~2C@K`I;OYG??p7H|V2jELXv&;knC#SP52VU+R*<9`(t-=XjT7);MP@H3Ck}MRq z%N!~%yBi@kP8Qju(y8UjLyLER{Ep$Ou--*kn=H&6$IG_=HHm))`enB&NkixxNm`dj z^xJ*N;%OWnivGcH@6P2QzQCDm3YEm}Qk5Hwv*|C)ZichV`NQEpHFko(G))lIE02Zg zES9!EHp_kTX;S(`^7|bwpTG5&{-bjC{v)5BSX}{m?2zPNqlL=hZY7mD@)jA>#kNek zlvIqW!PW1Ok<_#8#>=Mk>Whh}ogu3R8YJ8dHlpcmGegD-M9 zlYLCzAa-s z@o6io1pf8fzn-YLNV1f=5&N$3t82-oYbppzE;tMTJ{NEd|Y)$Z$I75eLg`^>qWoAG#E=50AhXo`v)BrfI^}mJEqjrQ}B* zQIp-;(eta4n)VWG;-C?Wc3Tqy24U;=k?$!XPP^DQj1U~>I%{1vpWt$J&s2FTdsuV7*PsE zW%*#Z_dx%bb0z9Zt{%yo$VS4kJmC4 z+o~^a*5kr|WSGTAb4bb9ba?l9S|YWED8FQ#&@wIj;6KnjQpt9Q-`G?g#IqDka^Dlr z;m(8D(oyY$YJK3`V?sjTHq>nF*0~97k*%riPiz&5kMF`C`S0f+U}DD#A!}#L&*RkZ zI7Ud%2l7*|E;V0%RX!ta-30Bxre&HPffx#4k8kg!f%ksukm=L6+x|tLC#|+1r;=sr zcqlgk67O5eWa5v^TwDV*6QEi|9Cg!}Ivm!b>NP0$`?>Io&94S(QVbG+9-1tSi9b(DKQsOaoMbkVAHSc4*kcSZ4vN1oYh6e-!01A+3RVNX@7{< z%Mta@PuzA@{}uGW-Ym~cLM-F~MaG|V^l3QZBk(KAeI8zlf0Rsb5De@YeoGNCGn>v# zUgKkXr{=b|8WtRfQk&o11;g_7DXw15;%k~8ind(Q(r<&hyLT8GhDO%e%z;yLIkIwk zvw{MyCBUSQbRrf8Y~j!GH4&?Nz#$WbQ&|f6=;0OwrWeI+Whg1HoqvE;_zabcnMMux z9h}g!P+;1<*YyWeTF}~hZ1^erzYt;isl`0LEavt^BP4vbxc~j={8acy8BcvmlrMu5 zA_L(}n2e=Y)Et0XXwwe^2JQKPm9o{|nOdmusj*($j#K?t`DZnzYeOc(z!_@##~A{c zIFNva+B@sTa8ZXyvuIF2k?2u{y5AAOHA$@A*sONMD%ozOYnwQXkfx}{;mp^es7z#B zXRGcs1q7eU6TV&Z&P;j~+eL4z{X6pkRZ?KxcTot;vJh8?RJ_SYe&ou<=JT2lNkQXusR)0WBA2(=Ma{l{c)`89|08@=kHhu? z$MN4Mi(Mgb5I1RiM_!5cfv52KW76nH9~mr+));Sc@5fCzprbhUSu}~4u!wc3M}IaF zV@IbXKOHcm&zzZtG$DjrEfSVykL`@A$N4*jes51VR$bl;2Rw>ALQ<-Q_S9Ml(><9` zO%6A*i_77{QUQ(v_Siwzp)XhE?p8l{D?crIpeB zfR)divkoq$D}bDp)7q^Inv#R&k7r#SJ6V3y_>7?A`I+y2o5J&EJwBms5GODjb1Z8t zyLkL#z)H`|K`mhnl}u-~*?6UC9Q{Q~FjT7v<+m1WEMJ3f>97QoUAs!co2ik6I=tbz zj%e+%05WJ5lYEbR=v#SFIA4MAiJ1;n78`sj$uz%hhmDS@NkqHIkc^+Eu2EvKpU^FksG8A}PhA7)(ag&+TnoXwT+A7tBlwkZM4gRgH{P(F6vH>X4E*T@DzB8R&{qsF zWygOSslRYkTqnDkmlGo74kHj#+sZNEK7^`WP~;fL;Zsk8wgshkw73f`{mW|b?KUGR zPI}F9;=yCTRJPK=ht1kCVsGKWd#g58W?;o(SIC#h78Fw;*q~HeJ}i%0 z(Xokb$@6KD3-M`E3y3^WTAn_}zS^vxt|Pl2t>(_kcn({$LlA>ftZ2T4yz;4p9@^iM z9Ms^BJ#F(_SXzt~?EbPEzh=+Yxtf)nk>wS8Sr7Te4RQ{5pJ=E!B9ZXKDASoc;ATkr zR-2H53a9RXDl4M|cK;o6brG8)*5>kZOunf(rV&O@Hf(KS9#$mA0Vx|5tep!nX?e49 zibBtLV%2w-f82w;NF-C2Yq>3*H9k>@O`bSNEg;iXs)b86q3SM5^I57NMszvk{V*ON zn=qG*=={L<%{ui{Q#J)RyGU+A)Tg?a;i8Ugzci&e-> zxq5JT8};ZstDlM2em!0z@oC-zC|xG;l}b5L{X_jyIJ6iRxs;>jH%L0|69-`f9IpnO zUP~Yk&QNmXl0h9=OTi|zzQ%@v+cQGIfGw=}=-{pDh_kR~W2JuD0$*rN*-8?dYr8`! zOYPO6P^EGSo-)}xQ=Vo(PRXlZ@e2KWt?dO0zw4IumG#`4GClMS`buF(cVsIvv$xWM zALD6LG$}oU%a{)ozh4*%e*!Z?Sbo z9}psHXsmDJ+v8SWSlUs{6Y8+3;$pL$50cu|tT4ZReMQo6s$Zbme#~Fb>8?BS{T_ay zQg}h3I2Ung3p?NhWtGT+wlQ+ZV)_TID6PY|NMZ#cqc69f(yei1tM@LR?%Lo*)VuKM+;!D*}wjO)$9Nax) zdX-Q*S8(RosV3vpdWyc0MJ-yv;5>SGB>6dZ#+8b+%Ac z!-CcwHehr**57HM)o*e3O#zbD`>hF6T(844_BCvI_Q|Zg?+6fIfioT@fVK&tbRdjY zGz#Mv=Uw*|!=$1B-;k*n`q1t)zgwjuj2{fpnV@J0Z{$X(J^kLvJo1vJ$RbcgGp4Zx zBhag)az+n#2eODq-KqL)qCwpl=%%F|>V_v52NrC~L zN#%FOtk&m$?!16&0!vat!bjS%cyy^oPXwTcDQIVR92zmM6VliSxw^W_sIHy>K(PmB z8skq{hk=DLa5k4p97(2O?+g3FyV|kYIO67M_$1CKXAU?(0-G^o)C{!8)g*aCRc*5~ z$$$qe)ym;QN7u`__eR6^DekIo88ReLwj1r&-{~8at^7*8Ef|f^mDLDeI=@gQ@%B=D zNJj76KlZD!AjQA!OwwazI8=L{|07$LYVRi)XX#+bR5Q3C0MBmlHZna!qS+Y5rFLcO zYn&}2_a_zeoP4b0(kap-!`C z?8O*fzQ&g}8ANhz1QnE5VQ=O0L3#@oON8#&Nw^dV0a2dqxE52c8S1gcth?kTI3t~3 zTQ-lD+O+1e&K+4c2vcxPO^m&AZnM$CoLExM<+K+Oo zK^wwun7&?Gre)&=z4%ju;;4%suEk?XWzWR zxd^ru+5r{y+^g=GLux9zO}Yry@dZ*6coI+eB;-y!yn4sj6O3&q%;XHa|d>ERF(5-qQpGI~RPv{@tXvB8k%R%;~@<4W)OrY}0f!0z$u zy1tR$bsrsQ>~anzDz0XdR*T@GYZbYbV-=*g`)r=Y5#z&%1olerVR+iy84=HR>^ zKEWR?M)VfoIU;fQ$ePeb+;UJX$==aq7a-qScAd1ijIx41H^H&#{jS9v4R4+=x@uFK z8FCW!Y_wB<4>drDIG7JoDpoc~bs=40p=IK)v$L%(9RGY|RSVDYi1xeR%6lPFbn{-% z>hR+US;oc~8C~i%!Jx+WGhAG1Inj%Xx;lT~Dwc=^cXF3)C6#5z0#xO4)#sbY--A3f z{T}onOAcV%eDcl#5Uq+@2dys2&w;s~VcIiGc%{TTvG4vF@;T$9Ndkj00H{sAQLEP4^hRMFrE|NwJ#?lK)Y4tzhpp z7>U;-q6z)L_6)_hyCmb4i;V6%oyk0FBII?^FHb^*vmc*xo$J*sGb$B1_}lO4=9Z? z1(df=UU*xF*gi2lfR?LcwAUf5n#VtWPMna5#R-SYZRw|}LXXuu=M<@D;SojB+`j8o zI7^O#2=1`y!QW7_6(&DzY&a|A^bz2Jm!{fERhuV3E++(|eBjR}(0d>ntW&)>t{ZUB z^{`>da%S+okLU&Rwg`YbWXH19DU+E$!Iyy~CemTPiEQDOLL$|QU+6BObL-BWDqc)p zW9Hmw>4nnBMfik^)`18*v!qNKueb?5Y8MN-q%--*c=UOds5PT`SgQmRWVKzZU{JD? zSr*q6M5;)o25#1N{2C_iYT=hT#VpZi!Aomm%v4$wCD6_2`PiLDh3DSogo-LqE|*blCj(~ zK~cyOmFt~ecmSc<8MC0;Xis@!C_4a%l1Kvgzxh{O&iH*?A_dHxiRLJzvlLlBMiUbq zq#<`0Gcv*)BDFc&pw?f*kd@}W?D&PBf^zCxH^K%J3^`d?f<0{Mku`9=PsE>6Uj2c? zMW<#IY4sp5<3mdLki5_2aTCuGuTER%=E{awyfFd{#?+Y>TD%9Y+8=H1lvA+jg4x?I zAmTBV3wjL7^_JZWJY48ld#E<3aH?uHKYr&MU&rBv{wLQXAZEve!>A2xYk1Jyjz|SB z_r8iqT9sBpM}Pi&p`wDDCBb*O!vB^3=t8qPCSp2V7^~9cWce5`L;8N^3#i{w?qQ@p zX8b@Si`AQK)GA+ za}@*qG4W5FU(hGkC|8aaNcZ63I~Sn&Q7I~Khu^qPMSdIPf?vcA`tgIGklP8tA2|=c zhnH2}T0~DJitmN5^Rnii7r3uswx@ek{nJ3tW!oYj{HFDrtmZ6u7lUE)x?$7KMZOJG z#&p{pp1!Vi%;h6oBTnpO7^RVct>mfCO*7TAM4Jb^0`7OhFmN||BW+c^#Tzhv|J&mc zFds_*lG!$f(_T?i1LLFgb8<56YeYmTjc0v*Vzw?W9S`@nmA^-1q{}7dTRd=Ur>1D= z+#5;-6%;TD3HLfLzSsLa@>(x`_lH}_Pc21mZea_Ju&qnE50N6;fC>Ovl;Nlff!E&w zsmZk4zQE8xbb0xhx-0H351}1XYPNkh#eWhKuTM_bD++*ElFX)j0$5*dXW2rELVluI zz#sbfxX0&fcUXI&LjF>X+bJ!lBbKS@RR71*#)vLV^F0Sc3SI2A0s=6 z8RLIioPbc5C$B1FZrj5O#(DNVLI0bf!}Zcv$Eusgfew*j4RHy_{{M99qVx4skWQse zOw6M!AD^EOL*C_i!iS$c+l6nvAMV@$t7X~+M4fcn#5~%%T5XCzb)dDGU0W+sl$j~8 zv6%@N><$1Gk!#t1g|n`H@&NW!`*}PCqs`YX&84KoX~ZZTBYDF>Md+V|-Sb2U8~9df zXSYfReIghMVK(?B`fYS{;&T%dY9JD**9mYju266J%TE{~_oXWjbpz*vY!Yo@Y`^3YqLHqx@-nQUPvrB@InMvNCstMLD%Ayi>w zxlArf)PBw&94$WQTePw-n5>ymJqwoJounNDv|usUHbF7e(m(pf1W;1506i#F`@3i1 zU=1e74Xw%9pOo{hn6vo!_|Ho7_1B_|*Y3s}k^wOnXM5Je#oG00|`rE-!C4Gpbi2V)Vimx$`hW~97sDWAS7Z#(04+gTIi zULF$Lp4z3h7G zpPcOfYAgPo$NX2fbPLMjwB`BK!#l10?|*$?DoG^B*=ny1c#S$l7eY4;fd9ny-(Ks0 z<@F&CB{hB+@CZh1(S9UXW2VnOp)taze@7A8h0iDdP*xazRU2gW2!JL1Ih9kDfXDn_ zmZVSbWZCy2$IeW6MAC+0M(`dlJIwru3xx-)CzELTa`SkliDAv1H4TS zrzghXw-t%Dz+yJ)Y*V!W(PIBMqGf~TCJHzrJMhND#vuLI1u|2>yaeP+W_wSROt_7b zipoIie%-c7@Wt9aV4}KF?NSgmmDM&2OEe6h3$_^5S7)E%1&+%6&!cK2L&QNM>B++q zn>j&5zHOu<646}XH=zrygNr={+;lh=p4(P)cw=9~tabqPUxeG|$_cWZZBtRR;@29* z=T`<|jNaN4zUc_}+II(PM*QDZMdwCq4TyZZ^wof{FJNf@70fHZB#+e+UI^U?VSW>` z;JZ*)2xVq>+G@tCgt|Fx&BvOE=8ua-_hkq5cLGhV_$`}Tu4KqWR1_lj6hilxg|kyr z1?oJN3q3($zP#5`=t&=1RW1yCpt!##8S9KHRlm}kTmHKdCNCR?C7dlq^b?3m)Gwn! z2;1h_@=An=bH+ME^0w+9L{$nIk;=hDl82B2@XV^jS>1iARH}>773cdmU}o{^ls6B+ z@c8q#|9oF~c{ur3*z~`D`2cyMp8mA!|9m(2^#A+k4+?<~J%9U;z)%}We|&ttLr1IG UpomTO4EPcgmKG`#)cyQ_0I?vA!vFvP literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-2.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-2.png new file mode 100644 index 0000000000000000000000000000000000000000..0ec7973041e6362fddf172788258dd81770792ea GIT binary patch literal 98511 zcmZU)2RK{(`#-KjTUFXplp3{bxAs=l7Fv6&+G5Av9Vl9R&#GM`#NI_~O9&EM)rcKC zV*ZZjc|OClK zAh;}0c_pjkW41XcW=RjJ72;NsNLD)D$-{7U>;#CLfeomc0f zswxT*?h1N+feelA<&cQq;*$L7G=#-v%nxESbF#4hZSyYC z1Ekl12OxNP_joS}In6IVAEd!x`R?622G3`&zlHdc0^j`{XD&Lt^Uqo7YTPyM%QSB% zZvclOrT051u9}}JXwmRCw!^dQ7`ABiuUaakZ~pTh;<3OnvG>Sm@+0g9mnQV8udd6? z4gcJd#aOE&z6djm@y$RfX+m%RpYPO+KB-n<7wB~wHLq^f;P=4f8t_hlOe`AilS+j( z#*Efq-P_gkzpLeQY04%`n0A}NJ!ygVpW~r_uI7Uv)+YXLrb!O2hWq{hIscfuu_M0z zTmNW7J?84lCQ^5RIRjqyOsp24%uh5J8vdv!y7_WxSL+@Yq+ zTMvPzpX1^GJv8UGY{G_z7Gt8n!Scn`(EnMNbG^C+fwFhoP3=#5S0DeoSz6?`tDc5@ z{a=So!p`$C1RdwTQdBg8#OhkZ8zU2~ zwd<5$Uk)Li-h2|m-gUKV_wcu@zS&x@hEg!xhrPE>5K$xTY3zN0uN1=ccS#We&+w5> z+4pYYohsnE1PucV$8xbeZ4YTlC)s58^AuDc#a5<3laQzYEa^b(#RC8Ei=%BzA?ueQ zjEPTCXqS<4nVIi01<{>5&ll4c&YH5c-1-T73?ESsS4FlMvqSfZ9;ZPn{z_}B1e4}1 zpT#Zm`#XIaoO{5^_%Ovf=1~3cLnBLrsQV8W=q*3+>{BfW=H=3!Y@=CegqSWW?;hc5y)9x{O2>30lO7xCu74Rcb0GWXx@BIwwB zZ_*W&o)MbA*7!MDO3hn&z`_FQe&I_E5e%{`NEVw5mRluMIdF<++?YuKmZFH)og|Zp zR^9?E5zwJO{V!cZePFL--F^l0`!+9DrRE&m^N^(foEXbhY~557zl-5~N#k9{Xdw^o zKVI>BCn*|i5Oz<7J7&AVu`~D2-nG4bZFFzMd)=kIVF!2Tw}eC+Z(b?t_p(yZA;LFB znT5iz@z(SS(RPL+JUZ*VF~SyV;YNg3_Sn1b?}iVfaZP6M)(WhydXRIrzWA}2d0c*_ zCI3Rm;)u-4ZK%`ub5322?sjeMPBSRCCz&rp`B%@$Dy)r9>Gw>Za~i{Gl)3nlmn1dB z@YY48IU9o;YNnqId0_H6)1=8b{fv^8@dX^0KAvaNf)gKU&L4DG<})QO+LGb=1ei?| zx{9$%RouqvNZwu#LvZhKE>@*TBSv{q@oT=>taz1t)U+Nb8%Vkr~D$o=7cbNGE{D(rmYY<6W`_$aGX4J+dr6OWMVxQbJ^|~lW|njSvonBCW@Cd zp5h6W7d|NDYgG5|?T38l|5=kr#uFHH$v5Qiq(IduCo1*Qs`Km_d5BPjuDXrbTqy`I zw>wwr`kKg|+{Cb3Mi(AlXp#`Va~E(rnqK#vYZ|+j2a;8A&a+E!2_v<3ee<}SLXD)Y z={gmiF+wm$k#>fd$jr!fO9WrEI8Ic`O4GcMoAbpu36KCg=ZmZ>A(X%1o6kH)T0rOS` z?-7`@b^a&O?x`_etCQKdOjg#3M}_9eSmDqOT0SPLJtg=eq^Locw%0AVHr-ggEvsom8-foL5?!1|dWYGeC&< zHFdx(17_5(!|e>BJRiooh<+^Iq`xhK=@ZA6#LGuE=sE9s1iP7p<6>r+8RshGrwi_2 zz@}JgtWyeOR2R8Z^m9|V!drR_W@MN8+}ZP8PS=5w4yo#R1=q&(2a0SzCi9_+r8`U0ddf(xiBGI6)G8s9&iA?H<|fMI#Y&QK5Q$c z$9>gzGeT3tRRmvMy4V_Z!2j9Z(Vv9O_7 zcbQ$>yi`^_R!dky*>Ga{I#wVM!{lvmqF?<~aoMu)k%uy&s?gshs~GOhRCUomKHOwa z=_g*a-{s6(VA+yt!!6ZHZnMI%w8DOP{Vy2vE)l|GH&d_?087h4R<4b`3AdR$qPb!7f`!AYF?YVR%P zE5#;eb#b_O9hkHh)$du>wf1z_j)HmjxbHRs#* zmi5gCKE#Hu;Ne-#pL24Kn6F@?N$VyPsuYeN%0;eZD5udelbO_plm%}2HA?0eaz8d0 z-8E3?q$iH8XjC8#S5nR3JMz23!Tko4k6j{0Hk=E&!*@?+v7%;|C?WpRrs`Ply|YWJ zUp34~uln8)Qn+&oQWy_2tGp-hd+6B8&+Rvj--o_wi}gVAM!)0j-2_S39JVc{N}l-F)Y$84 zX^6s=CX9uwq82Aiw~ck?cvgI*S77%t176$smv4Hhv}HWz%{xD{?uY_l!0R425wrr~ zB(fiIaH9tElf&2J$|6-AjLpouja z(PUW$PWY=glq=}56w=Z>(|B1WL^wWaM-uv~lF8C&)x-L_ zfzO`oO95VDfNo$Udup0^uIeF=M~Gh!$mT9WdUcIlTVttj*UBrbL_h~LHC ziv2_U9AC>*ne(#*o#NLWepghr;l!%_&-!ZGgiSRWL#Oq(!}yzkH%m2#XV`SmpgGy9 zvzzqRZ?1Sr7rCz_A%(d5kIe}46Bh5#kxDR=3;PhMGkyPkS@+bpUiRT`eN3VGL;HOL zH)?0CNHwH4sK&!#xlR4e+K!LKTFD~)^|XEPMMAbkbX;Z-?3;`3noeKA`HTGv*}bf~ z>t07KUkuY`KAeq-d2ObC3NP}6SWsD&EItN<;z$pp8bXN`SR0b7lLtR9U-qd8tjyL7 zKeIFXWQc5fpmzpa_in+wfAm8}M z(*DinbM>c{j^iq6TgaS|g>no?l!mmZU(?G3C-{B^ji>MVn=z$pw4%e1ZeKOF=jSszgaVuinHw(9 zGHzrTo=1zT;|S0HPE^@a_>-E+vI5W*ViUQl*pi?Z67H`^X@||}y3ut`6858oU(rAN z6ZozB`)6@8mY{z~DZ~7wUt7GR6l+(ltB9?cFYY~Z4&0H*$rV_>QWaJvxz750HzB*; z!SktzSd>aa|4~ExLDNtd{{`VYFy&T+t5eK#xx({h$L&&3^*gdn`x_9-IN`6EPNW(W z0sMW>*=uWrKcXClum9CI4;(+Ec@9!IV^65xPJ=xhyp~>0$;xD{8U7y0(e$r5J^0d$J`N!M&T`cu$^Z#;_ zULWIN>43+mN8Za^qWR*I5P+qRXN#gmhb*>oCEtmiY~@r|K+m?fWqRD*bAOoB%jG%L z%R1>Wby!W85(|P~&$;F_plZn{!hSi$n(v}Dt6$L5SlKyE2u(`N0gH9LvJLTk$!TBx zgL)X7&7%#ynv!jp@g1*~O~cWiq~)3l8Otd{imI6^h(KzM&x=6KWjoYp!PW7Ea`zo4J ztPgDqw%D7kj@rJI6BY3{KM$U=K(8zZcq$&9VQ5P&!-KOQ5yxjsRisGqQ6??u*^$E* z69w^aQ@Ho1?#}}FyCkU2y*ID6On3(wxoC1bWr%B0!i?G2tZa3{3*6ScUu3m`dY(oH zQ&Lo)V#M8_W&+LaXfYos=W`34#{Uv}_Fn5ngcrf+p~)j|MmllbgjrzBu|JF~{*EY@ zoOWoWd9j>#amfJyJJ$5qE87{qshV3Si5xPj*g1sShF-l|Ym?{Tw?*i|78k?@kt|@# ze<7i&=# zxgp|LnuKk%pc7Jb&Ru*k^~J0alasxx|IVLl_;;HIYiGa6kqvK{tEFd)*qc3)8QLzT z&7yAjA8p2YIZgkX7S2N9=Nho}q&IH0@L~`W?Ir+5HfT393oL*dwpSR(SiHm9OHe$t zfdBp`GOvtkRE{hI55-IUm zTP7-AlURy@l!0)D7QQTTDKdYa2`se7eRJZnFO1~L(%;`vs8Rr+UjPd)=@zMyXmBf) z36l#lkThv<>z){Gu$nLT6K~p%093I)Aw!_K`>Xtz?3B&G(4JxWn@*mO2Ac9xP8N*gnhT z##qH1W|gX}5nw*+17=z$_P`hKN3;=(J`nLbKJZ=J>0(6Wyx)4rzw&9ZN;$-%K|1bf z_ie273T5>D5)NWNy|@ZblZ;Rgw-Xua#pAPEt+nP30T7cZcuZnjMxIsr;sr$1g%q){ zUZutlVmODW#XUNIF2almm48dLb})7b8+V%pSO0Kdi=UBkYsX1n8zs2X3wtB?Rt^(F z&WMZy4O(qHTdr>(xJpWz%rOY7PtAB1`I^9d+*)4C_sGjp_Wpc-BY%9WejtUMEwyv! zAo#19D1^DoXF2CPF5wdFWBmYtGWp#F+UuS1$ zzRSF{J7U&5dcCey?LSF-4TWnFz zHZL(H_wx<3=f;Zzo$BF2i|IcdAM2*|a(R zseqv1m>=6V4cgKTE9E_qLrir-JGN#ki@?rqP4z<%hp~VPC|l<;P3h0`?9{;FCw?r! zbSXF|*jefZz(_D94HVD$%R;XBY1zUDC_E=2cFTUZ$CsBQ)5<+f6lcV7LBZL3EQ{_> zCcTCf7@qtx^%K89c7XDtZdggI)tMUD>^xhiC`)AJ)=FlpZ_W$EfFS;U((5`0$X}M% z8w)%>a#o#xrJD;5&d3k8c3Y;OCkvT>c${fA>q0!o7`a7)7 zn^5dUWh7Cn*L`kI(=0W=WEtCdi+U02U|!msJXMONX5MRT%8BH*)_bS}A_t;!02{em z<1VUHlet-!`_tK&{^Bh!0@6gVIFD%=o}J*o5j~)o;rGZJhUf$T7hPJbT{XKGW0#~RZ7XnPLL26w36^Zl+Y0D!<4jTT$4cw0a z5qqt8i@czDU;J{)AbuQujlfl?iSr{@aIkH=E+e~S9XZu}uoubaOcgX-mFuGM*W{tD zGrkdO%yU0R-rDxP8x4&3v+fDy1Eqncq&Twgd1$IQ2t5u#Uy+nE?iUq z#P0BcEv{;Ks16T{X}OIwnqK9U%?{S-2}q=WKmY|^N;Xb6)^@8Q2<~mh_OEKnfZVh# z=InCu1AMJk4y!EaoZt%%W*Pj%+1Df#|GVazKjvUPdjUs%)s8mQj4x)ZJ|S?Xrmxko z+D7%uqJ*u{L|b6S*-jS@r2~k2c214==YnMn7jn7IGgpHG4#!j0v_5i6*$ISqg|(%W zZD``O!RbS30stY86|NSw8_s|QO!8j|xcWt<{0%?MMhw;D>#~z#Usadd8P<>E!}Zr9 zFSKUASciPT=SOo8w6Pf9w>@KUsv!IYZP`-=rmKfGX>ubo_${tPmpj6>GUO)O4aFwb za$d%L=)PUJC6S?AyewLju_X=P^A#(ivKo*EkCFE<#8(e_N6?a)l*FbjrwN1gjhejp z7^oV`)n4;F)8#)fVP)H)S)2SxeFtF{pu=`Lff&IL-Ofj_ZJgC}rxn(I*Qk(Wm4El@ zAKb*@;KjFmWRNpWDngMQnY|6G8hYQvkpYMq%x_?VRk7OgjdZAnW^Nx|Ev^9*3=l4o zw=Oa=XmnqWZ^kw%aq8EJcX{T9j!(HDneWS3oj_Ehj96*hfmtch-Zl0dCMXZSL|ZR( z%2*FgdBPkHY0{(@^?m=mzs=&keGK{m7I5CjAgT+Iii(aYW>hp|cKadO4o9n}Le0yR z)Pg>h0Y~`D!RPKv&(`*q65O|H(MD>&*QRPqx$hW0mXJK_Wkw0O8Pz#*RAUAs>N82b zXWWWvU#;62?2afgTVdx~QJJDg7x(CdxxIqT7@oiUp;O|Jjkes`5}EIfWA1Z#Hj~wc zc4*-{68Bsl9kE2?9*lotS^049Y^@R(yV!e;+F34%7FqAs_odX0 z^*2jHT{ThD`*sFp^u@cGMydz5ZypaLK%ANLu8N8o=lco5weiJY|GsVrx<>s?zkG29 zWL&OmBsmeJ+BS_TsFXg+jJ#L8#q+G0`-XhWK^jXO%n@au_AO80I!i-KTH2@UT16iO zltnYWctov^8&yqsOGXQeTfjysQOQb5*hHe-h;vnbBMs+SW}K!p-wC_#+THj3m1bvK zGA#iy>T_Gmv`93R?UQ&0g3!9`oSCq@HiDh?bO7sRdv8T;S*SMiHY+QGDGhuV0(&U!M{&T<8q7ynWe1)XuuHyPxp$ zXM^>-ltax7tq-BWya$iT;Bl>b)Nw)({hH420EKN@MfiSos#yYBIH2~()Nst#GmV$A{tpvi}k%htzHN7j1L(cv5Q7YeqEb-7n4-ZMkqPAApFy5xwEntaHhxWs?Dk zGnW%j0ZkNXFA@5Bm=up4TNSCBdFmWxMtfvy_S6RROPbhR*2o*d+pQ{cx=HS;Jwe+r z)GPHq-V!Ny3~H1izwm+@O!>AO)U%l=I(p$Z#Vc}SIZpGtoO^_gtN(I6b^4HnE9|nc zT^b=Gf_B7mNaXh+X^|zLgb)ce(o`=1F){Immi+`Nb@g$jBZ&+b#c0;K#ieF-zr)z~kWvul?9fup}fe(bl zWgP50mGnC&1RUChUxe7(XvN%nv%Ke6ou=!mS45pAVG6>I6K_EU8h|MlX2uQhjY^`_ z{k}tNeX*^%(VncE;K9Ps^TTzt2&0i+Zf*I>pvHtpCVlgL8CqVEIiEZ+jqS6uv!#pM z^syIEoM!cuu%Ah7OqJi^dfx;9UnzM$SYF;jE0z1|Pxl;+if7R)?+WOI3l&T-$fIwSik z5RJ9VPLFh)-rj!IPQ2FSfGSHXr~nfXXl<&0TXj}qSYJiIgMrnpWz%`0}x zF*zCQ>?OIK_)R5_e<5Dkb%=@obOA|iFx~%GYbQYTtfl5W0J^l=Zphi%tl%J8C(!ex znPqjK90@k}=s)#y&vO#kV34QQdr7;SqmGjPOxuLwTwi54yFFTa4J~%u z(v|(;FOF}7q(W*Adx0fB6|A+^Dzy@@UTbc3Y+>KbHYHeZE1kDxs+~zp24h0rY`T%2 zsQ$RqDg-%H_D77(=tRRkz>98r)+%!RZ3KJB0aL&c`IE9$CU^$wAykHsqLCVU3A4Pi_2V1X<*_Tugw{b z4ODq;;a|z4V{#RGiPpIfAC1##tnC%#lQI77e`>{KrrQEfmk^=EpE)bQnu)61ywAv)2TC7EB6}4A%n#7HxBXEdWgHQKULs- zR~tH39v^xgJxW0YmnpG$-M|YlVsZdBzWbOq)%Zk^kIC4q8KpM#b!oJafFBleypvuH zUqJ%;?w|C&;}36Izg3qgMI_sA#AF!mF5QhKmE!D8u8Uq=5rrDlVaCS#ITqOSByRSh zQn*yJShQeFLR6T94O$x(z6UT_?cH8v8@g|mjR>qkQDLauZJuNN0R+Ub z4zt_1F|^RN*B$0TLF-0_!!Ne34}X!?@6)QxKM274iH+oa-uE#;S1cTJ|2Az#4H!g~qACyNq2tqRawVT$XtXkCgmNZ>mWik{ZBI!;)f?L)}95Q;%_eZ%s=$h~FG z?VO}|ZP8aV55kDnPX<(_WWw^Z0^0~$xD!l=&u*5_--N4~4yPW|p?}wUZ3Dk9=1sFdVf}q5M|LZ#}?f zr{Sn+S6s4|O+#I4x`75Dc$ZSfiT~dSxYoCq*T5P_F!$e)H{a(7^P$VqTzWKc#u$E2gVx`uc$ zQNqAY$2nFpHv4m-U_Uv>PfOWS{JL%_UpNQEPnT)! z`Dym3d~A)&lNMSi<2z_+89wzLy;)ewYnq*ip+mQVu>N_9(TOSvZM7@EMi>t5Mt z(G-J81R0UUj+FcHXQAZ7#P*{ptF0p5Qm7jh9XZ{Tzg*>6o(L%%OL1Uvjg8H`bl_EP z#=z%=uI2gQ%fk}iHvr1u0+QbJzwAHJ=yNR>)E92AQ8}Ik;>`rTf;4XdqODzc!NRN< zuq5=;sM_Z17y9!OBB2>N(O97j%>h74d9blLDS*<+eD^!b&~h?Hn8bH)i3rT8@$zEO zp0nAiM5{2SG~b7K=I*0ss}OQa)T!q}62m*1@-OwLpoa7MW`}?2QUbw;;Gis7kFzH*$^_<_4OC=FcpVt#or zN$qTZxw^1|w~_8NTfp}0o!AyyJ)?b$?a9Vi33%vG9n5jGiO&Q`{rt@#hU)~evk(7G zc#Q4X!yxzqPmYqdHD#QJBJ$4tLqBoHMp5w@L0U%Bsi!a+LrU1Mp1+ z7>E>^U_BAROE1NLQvhGG4cm-ww_jc(-)WfM#YW#8Dgb^xLldQ4rNv4uup)q8$#BsY zwCnJBckYa5Vy;soK0ZG`2b^4yW)`fwg4V(!9O(Hg(}vh@eT@f8<-YCOMVh}is{5## zX2VHYXUsLxI$q1=_P_H#7`Dm?I?uf7{>s4DesPo`i67H0)O@aav^~qk5O@&R)7Aql zkmx%VuAz4lHTckp13=CfqT@ZP#p;LQWXr|ga6fV){VF^1sS`{6%TtFpm2YJ^g12gc zm9n#AN#sCIaaVl;JA{W|mI7{tQD$5H@}l5={j)0j)BK^Z%jBl^P)*sh;VPLa$(-i% zQylxo{&$PtyNf;LB?l=z2+hbxJPx4WlkF}!nNeSA3IoXL>9=1v?mjB?BjyVko4rI-D;k&Qe z7tace@}=WR4<_Aes_f4X-O{p>FS+M$bt`lx0l?zBZzHyvd!+NuYkOu*G&sDRqv+eW zrySaKWkM868R)^B_7EY89`pwHV3pJMhH6Bszx?vS+9)7l2|LfEJ~iMrswvhfG5MXo zmo=+2xB4Qdk3?h)w$eR$fjx43vUHu`PvpM|p&>ee(Fv#4k|X|!+nNP~esk!R`FxlX zHQM;Dx_tcp{ZaVg=}aRT1%>rcpAU7FDNVAVoon^gLnvp6?bka_@+F43P33=Y2C`4m zE4!#pkG2vBi7zS(`8CR)fLZTw)vkN5~nrj_b%#H zZqQMD6Z`-l8~Xsv=~?G8zb&e?QC9LREAq2zW)2}R{XfvA?C3-eOAxF1B+PmlE`hBn z{F^D^%{zS*cMF&TV836zv=+unwD*23#{475f3P&SzqXH%xnwb}bF5nVRpMu=tKIcW z7a;BhX6GkY0d?XPcvgb_&{oF^BIL_gCYlz(#LT?B0c}gHtb7jE=q}MIfeAWH^rlA&Sa#nttXYM!AVQ^~ zn88+i2`NfIiweJa^QHmh@6sVI1zDg5h?mK{rcBM=SXiN?akWkD;H71oP?DeJC9bhV zH}$bo`c6?!P`qxbo)P5lYSpNXoOYLXbp+tyIsVHQRxT(mCg!&pw6lkxv#ugog?N6R zhND-+TleWDpUQ`~u`jkAccwp4BF5IfH3m~RBEKz0OKc~Sv8ozCG6h#3pUl0+Yo1Pz%m;mTuj{@H z;CJ2c6DQq@`X?(%)mUV#jKgz%41mvNhSiFNB9>mI4Ou zgOPrmEuw$grIoe)LcD8342=g;{M<~Q$d`$^rO&!Y2|8>xqSs6s-Bq%h4$DeJjYc=} z9x_V`-zd%zl1i4J3q(5_8;zs~$%nOU9GuyI z1zPA&&)kc0l76dEUWvtNzgv9wjkE#WZQgiG!eH^A6=U^`$KXiNZdLm#fvTho1a3Jy znugk(b%qkdg3kT$3*lH0=$k_Dx%J8JWP{sBZsR8Pwlnt+M0GV@sJe3FA@EGC!?-Ga z;O6eljwIw1hzf2VJ6@`942*H2Vau@#ego0|N?wrUEg(K|U=TSXT^%295AB%X{&xNxkS6L*Hago0K^21pkJ_?lhuXE zsa&m;hpn~PZ_j$ZVH@B5c8APK9X2P?8bv9C;b(YE=S^8muKexg6#Mqx2=bm~*kWU4 zSNKqydX~8ETp*5avZjxEXEtDeh^-PrvQ;A-L$8EeVRPz}YR|UYVwYl@LZot?-#c4w z*xrIvOc(SxUS0(5^_=1N7H%{2y0l-UzYVU1)?B-B%dbq=dQ>_)na7m#;lqaj9FwAg zVBksBakfLkbmAV$UYp1IiZS#&Il)J1L?T->s@of_r`i7Thhmj@=T+}zM=&BpSO&Fw^0}_?G9lrdiC}0@xmporZ*YotQPv zgV7a9x!6|rffSxgVIYTsoC2Ecu{c1qx0XeBEDD{0_-b zZ{N^V1fC!2qY_86yk}WmT6PQ3Z2dqaB2hRO=XZ%7bkmIZ2SWPe0FXZ#vK%^x7y!U$ znb=&bm|g6Qzl%SZbGgO~&dw0bEpxHj%9biJg$2yetkupR+1>PeW9cF}(e%s|TzWvp zSW5iQ3*iEw*+g{+{n?x#qbBd*sZS0<@8p=0NOil{m3aCDe zx2>`HE)Izlq%QhcQA%N;_a8sgls-&E2-VKmkNW2I1SDJ871Sha^@P)_qJ#>k50L|W z10a#{s+Ig`b2FK>nS!XbC@!%pMb@`=9!xJ^I_7sAr?eEoE>3QAjiBQ3e+3@-a^*&~ z>akj_ex6{BJv#;^%kBU+`EXLTVa-I5_wV2Hzy0%s-)F~I>qjE4a9na^*&GN2IE)or z45>%}UGd8dBlVY=+~Cl!$eb}~t`ka%y~PYH%2?ZMU*X@f>Z*3Bxk7Gcerwjd`)VyQ zOtTfybPVw^G8eD<0pBz2g~)DICxJe3F18*5rK3I|(V(*x;}XN_LLm`*zcN7r zzkKZ?7Q~yYAXXQEsJEN3D#L>24tArdep#nYBp+|xPriV*Z&%$H%4pNPI3q0Mm|s1V zTpt}l7HQ6V5d8uW6!(9Vvh(aes^%SdARNRhNU^#O`2WJo0>BUVcYl4d+`GU`M$^=@ z8H1GDM9RvtEg@~@9MBa`4i5?nU(X(t);ec#8y%#SnYFUboe176F(~<-*jV^Qu%Yq2 zpwrZ#Aal{VIx8Dbdc0c9*50dA!6}$^6!-DseZy9p+Re$G-Buw5fNNrGG|$>(;bdiB`ejSsvDL5+5gK-AUplXU~%E~*)>}q#P)17q)j;)YT(@M z8Jrjh-4OJeS*xD<%|{?ITH4Kq?erdJd98!FdZ%gO9*lL87<8&AP1xLCZSC+LfS%?5MbH0t zhzkhyUn-7>B&Z!iDNT=&a zwlkm+#{3^d32|Hn+#u{7-W}jO_`PLTz(k=Q0hzi-{}l!i#17dxm9nZOr(U$0*asVk zhyWZ0ATL%j|1ENYG^@*tbAFdO>_3ofcL)HER!i&*fR9@rE8)^D)u}4Hx+BB??x^m* zhGeA{a?h8%n6QMoT6{KXaP9Ext_JLG-%{UvA91VyK#6uyS)&G!ZazEft(N=q?!&9Ik!^VA3^;U;l-EA&zCH&0c#8I}fjl zs{Ta&R{=#3s}f1U#pX0!n;;i@*ANom-9=JsHJFO98vawy5*q|$1pK7+d!x?L(8y_w@H=l?1~S|l(%OZ3*C}T2Qk|R{mkLWwCKNW`e)o%O!?oJ;r0K>!_^_|=6_Rm zbznvGzxf6ZdddESeOKSavi?^Ic6IPn?diW|cvlB6lmFLk;2?yXvB&y0n3nqOVz2n# z(kpN$%J+Mj?}8$jY0J7>{Hn)R!772K9)WYC4I6p&yQ!(EKJp$OHPpPOO)S;}$wC8H z=QQ}eUi_y55BLl)=*}c6ldMc;=vX=Pq2#^RV3K-DxfM|!$f>Wi$YFL4ZzkP8=K=pJ zob^pyJzX#ElfC=eY`nM6;66;F#5N&g9F*yD)eyx!;qvvWDDb7Qu*;m}+FWb%JzCM% zOiWB=jr#1f!BV7tk_QbeD?t7$5^63}U3R+DNzB(9%P4OJOaK6v`x?khEjq?! z4f!E?LfajMYcQ5E8l^CahJZRB8Hp#>C-G7!(W^(Y(u|9XgE@?I3S0m(Mjt#&V(56> zVSi<4MYQ-TZN3qL8T5H~h0;Qasgl1dM0Jx+VGMx@Kf40PGwDL$20wAs&w6DfK6@i~agH+=^LSRmC$G;o>oR)@08hnq5f@${x9oY3 zQjE6h&0Dwn197wLeC=njN6%jW{Pe*niWs<D*m@ zi4h}1<@--CG2X-!r7AtQGYl8&KJo_z{jG&vjl$DXaksyp94BGFZ|VU^Ii5zyA@w4) z&Uw~>$Ia8QJ*ai^GQ+t^#kpbO7Kc{;XCjzJmbf)f9RC%VkEWAI-vvlvPC5f%SYIBw z{RT=;N^J%bmBF2Q>;~IE;?U`prm-CRda8*+q4yrtYOScZz6DLtDDRk#|3ak06hK)# zrJ`b2&jHH?f?Iun7yz;>7+M6#p8nqQfbB^OvJEm@WL&Oty0uKpyhFfh_z%0Ys|Jnd6HWFJJ+9_t97Lqkx`siw^C3V&cBm z1W<1~2bHzm;pb3?@gIflTw6HKTIZHs#nH2GsCC%s@ScK>PU0Cb!+TR;Xj&v>oNeNb}eBI{KBdYi4r?o*sRb3Kp-}m&_7y*{H_D zq-dtjfn20Lq#9qEuay5$A~0WCon2k!1&ekd5t29a{#dECkvyf%y_}$vlAbMKqxEv@ zE4xy#mQr4%KK-&jvC3AWR}|Rkx)lDPGw$A_T22;=;^RL>1vIrkR2hA81^y z}9I(34mBjay* z0kBXAofY<>sVyXgV3c;T8Qb>6CD_B?b|{^dA^5C{RyttfQ$$nCtuhJkZNXYXU_-$o zxtJTo8($V`)^=M;u?*21N0`t4`Lyu)?AfTihVi1Zc@gUpnxTAGlrCd_^H|P1;pY6J z8MB5}Ka`jjdR3PjvMJw1KvMMK!w2=Z1%khj1j;u^w_^HQUDyM+ONz21MI?8Bk^jYF zT~7L%E-y|2FLM`#EXnKmbc+T^BuuWd?CEcCTU7u0e6|qC`%atE|4JjoFI1iFzbz(U zH()D&DOnrf4Q?@jn_FuWAf{YSC;4%A`xUKs6bnEQEBSZY3kN4k! z%h&uje8(zxHlXdvpFiKJHZe+-32rk9K0mC&sH2NyQ9vx2!xoX9v^H9lL1Uu|jywla z7*~$l4^hTd0~>92L*h=|K%w;0(gvmvrK1B>%AbYkH#%&PFH4PliIn6hc{MUzSx#y; z4G;1H&bkGVYZZ!GP-i;KgBe-zLuxi{%B{H3l2b-QxwI;HqIjbLkr$aYL=xqP??%&kXzl{mUxrOmIr5hDRL!?AW$}Cpr_Sf1q6X>0 zP7V%IlY%dip2>XXX7qlmjO2BbHQi`B?->g@hAn8nep60UyFwIY5?~1oA-~7AM=CX9 z66m2d--Sxz-(hV59K5s;&LF(-4HTmUn0fWyyv_GnW z4JQv;jcXmOD~L%%M!%=M%DCkX@RHBoaCZ!x$9vW@rDUz%7C}GR>y07gs% zGoI9@35Z?g9KgaG^d`Kif7=?4BQDz&Ed=tJ_9>$WlL?i|b|2j}mp03G8aJW$aZ6QC zuhpt!a9itHTcV$A+fnkp{7s5Hsj9cy4gv>p0|_*DdQeOh z$Ft_Kv9-7KXP4g_FFd(O7M(>p%f_f3-WSs2oYEZ=z@nz*>omb{nFS0n0e|u>_Nn%y zTi0m@8<4Si?|w%XrinSl^Sm&ED4lX4(KRmfbDtjA7XVT?+bc-XLRc7Y)9m*9FeHtY zxcNtha-k*SS}~P_vKyFm}~JJ+TCMyRsAxnZoY;r7_xllaq21Kc|L_rmXJcx z%(1S70n+-85y>YxdHJCL9K>am#&$~mJ5st38JVqFzPqgPQF~TzD|n;#A%+S>@=z!f zNn;CH8GOMA!~7y^2uy?J<_4}wSiUUa>2*bC?fuAv?cE6#;A4k z{rRZxb-`S%SS&YrU49|7e9(aX%1{heTK15Vi`#>kwg!s*aobfNh3Sff0&7t5!i}~f zvnv|%KsiuN#LM#WJXv`obyJT%hS zmLr^3^gfcFPs*92Akb>f-|o^p`)D8w<)t;nr>AO9u%?mmer&&@Bk8Dl`71Ck%LNPO z4yQO6E9Jyw?fT|^>2#6My5Q;wU=EfFQq1D{+K!n(>5hPJRt8T>H%v)i8mm0`+Ay~I zqU96w6I)C;DOXEv^!`#cs3PYgRo>H6NQ7?4(v0lvw^$Zd87a5d?G zdtwl3Wvf-`2VmU*pv1Xc2eibHGA94q`Xkd;yEUH<-T#jN({}?(hd+uD7fiS@D9+B%X~x08StpGAXWcy5na}C|1nj!bWav?F^pkLf zNun>B$#gVm%m-xA1^sz*#)0( zg&BOu!isp1NAM_lkT(YJ6s#gU?3ymp)Q9v!=GQ^Ft1=P1%C?{pnd(t-vlgBYLo1fQ zwv?x?oq*cin-?ndTF#OBtp!sfXhZon=5*q($&G3Z+?CWgAvVs%ye~7?n{vH(VutI3 zs=8f~nBX0^_z}8b%1g}kgD+%mT9-QO*ixM>%sX5tdSjg3P`^eBO4(_Lq1UwcO(q2V z@QcD^>S+O7$|X5cgmiUXR34=PySS} zpW{GbT;XKswd8}7>mRixrelzvazefap-iGRSlI!uH-n}9Ot4HRbw`9`Fv3!JGWG5t ztPHpcXpq4zUzy1yhbf!!kxvS*n?l^wAKz+S{XTUP0zc>Wz3nT$tfLjxt@AvHBTiQQ z$h>sp4xQq~4UE&RrYpIG1>u>}vlwqtn-=K-#lepwqTfh$w>~RfSlXNMFFx<*P_MbO zHN(mMHlP)hYA-Kvbp`2&_wkuk7Eu<9S9?&Wi0}68 zsHx%9u$F;{djl=q}9@eT&%0!WjIJ^*aGJg)Yf?MQLix*KgUQR~y~VOIL^ zna-mWOgK94m`WrQmjY=s&M{FB_Sg}p)!6q|^NaFCv{lF+*QB%$8DSuO}0@5Xrc}@}F8qviSL%xZJ z?E~*}21E*TsmK!E2}!w-m18N)KLV&MfU78~RNOTB*2DK=g(i2yZklr?cgA`Lsdp>M ztP@Twi_uV@k>y~Y78M>Xa*7LXNdKScy%3pQza3-W6`Q9ta z0Clwn0*CF&>qyG9M|F7lfIK~3ShL};<=?*UW)+{}+I@pKfits&S+;m^U+6GI>ooK9 z#&dB>G zFYy6qK8Y-Cz=@P7yK7yqmOz7{MTFrzx3-eH0}7(B1dm~?QE z2qt=$H;j%y0HI`&z3c$@hPM@nr9g6kMJdn>;@!`Erot$}HTtvylLXo4v z3W+y7wK(9+M>1W&dtf)Jyz%-evH@k3B}m%q%UK%x`{<^;PS}gVx3^CibarO2FieEV zSuuSjk#=wwn3$YeDvqwp73Zoa#DcP%v}Ipj_7L#JyVfilgKDJa;K9Fg1UBg9{%O2R zAX2IYbx71uR8;IDZVo$Aja-g>x=UoT_J>O*SKO8tXY|jTEIf~ z^DZec+ihpdTp|kxt_|2mKv?+SHk`z6-2=9<p0M)l;8MVq7Czu#1ojrNFb*$W4ne7|kMebXp zQ>B<>9dBjdejV-&opu5xSe7#gLu<)1`H&Ri_VSf0`XKM#aZ-?0_Gg&mx|UL5d>>Tm z#2Fg#M{%dkYqc$^w#RZH?~$uQh?IoO7DhW7J32~nITv~Lzb-vzQP|-oihmvWsUH1` zhG`eS=7P?7d5%fE?dp^G!M_1YKNgQwQ@Tn0QQQIjS>;LNA!(lnIxWZxpoW1kL7reY zIY}lO$D81NsCWfU;H-MFpg<`=E5G}8M1eXU*^(G;9!%U^yBu4C=058qB}Y%J?M{P%NN@MeQA{XjWEN54_KV90 zlk9sxdvYGXja>Jb=n-vCjo4Z+F&&tNE!qMO*SdWE{m8Du~5}5I#*2x|gIe7AY5P?mp$H~FWm$L*FYM&XY zVHQfq{b4G!odPkZI_bpo72`_SWdkb=PL3m7vlE`+VBm!nf;3tb82m#=@)jTF534+}kB=nCe^8DmrH;)9&Gw1t`lV7@*sTM2kw5O-TJ z`*6L+H9nCgl`4Kup)H++@#h|)qj!z8P5`T+SI&hXP2w)#0+OvY(;ov~k=-(26BJH?!8bb+>kE;j?*lFudU z$fa3VZ~uH?arXSicL`4C7Co1EsZP3Am&9%f5kxrtJk``$h|8$>2+}dmF%~@pQg#3q zfC3EEp5zcD@<{O4b1pHMyO;`y(U?v|pA?ky5H{rR)~>Z2--4 zfApqDlyg;!n9?`V_SIdcIlM}{=d6LypcG!I(Qzx3HBfe*OhNOkb zLA1cu2XX+zAHvAm5+@g>|FJ=QJsGRQvDXl>!JallXS!!cSjS=5*@UPp!Pt;US!G2_MNUUv zCB^X0jAw}Uug;9ZJF*gY$J5>k3=jhMwhEju@rA#4UyMgAv37x2pYMTHahv{Kzc9DW z$~&$jlz56#k^lLbG1c;!IrffKZpucU63BP&ox0X z8YD*BgymE4ijYStC8$BqeGYMlC03#;Z(&Atd2U&5(4>~lAcQ275*#ELQ*~M=>51Bw z1$~1S_c_hWY%lM{M|HQz`3dk4vu}m+O@V-qE-@5mN?>v~Q8EJCiLt2KH_7bz_#B~?x zz{M-DM_rZ|T_g8hduhpB`QEmDgZZ|WK6j~LQSceH z{i1QCGunzRp<|8RwQuzbHPG5W7aM^?am9^S39Cg}OYYh;`b6jd>`MIYp@?ehTQOK< z?TD`s7hKZii^+qm?x2ShR|==DWV5~ndHp@Dg0qOht?se9Q*7E-?1i>JX+MXJcK+;- z)=-9_B?EHtg}Bb2mEVf+Ho)8wojM<;e82W~t&YdUDSvxr(1Cjg{_%X3W2L}|TO?2J zlpuN|4x3YuZ+E7F?|M@KWz4^($NX4Xi2J1mJv*JvzptG_CQa2AXx+V9?8X~C^r^+d zg=jSATGcYKJF!`&nJKC|YL$gejeF57+3A(l9jixctZCQ=9&7U(u-5~E_bwK2H$@wk zgYU)v$^oct6t2g-CLYRVMP=Z&mS-bZ?c1Lhocs6vZTw8-t0SNgvpjzX_TJSdi2_)- zkdd+@yd~|m+V2^> z)uOgYct_aCY_VW%h#YABE!jEpF8X(2m;B}b$aMbtPygNW=cC{7M)G$k{%3X8nd+tc zzeVsL*~3cTB6rG}#{>=lrDlmXT9bahoKj!%c(d4^}V}Xnk0Ot$sN!WjGmt*J3={ z=N@73&^um)Ju_2#{d{(s&7>PYXBSjr`A%E$UYzZ4A)PIPeB%GUrkoPwoB-+B6A>go zNPZZ?AIzgDfmuM&A! zp|j;QpFVxGSGdu!t-AKUD(SjsMtspHjhqDK;4Q!{vE6bH{8>l|A}Mk4l*%V`WYUvY2r3p?%6 zbp?TPygEW15&gaGyVUGHSyy=E7EQ{r!9o)XX8ig+YlkN$QqOC?dFAOma*t6V@Y#~g zReZ8%+m-9HFuCg!nT`v?A$2cr>0FSwa`}9%i5=;tj?ofzoa%;M0Owop0LS6lIHU_y z{`P$ai4Cm)ue-@!to$yq?X00fRJ78TCf{!}O24hRSd|#}s@3LO{F-R+h>(}v%~6HDx8ef$&NZa@UvU*1`JF||W1LG*8&KbJJ*T(P2x}$Ym2D$ft8Y@T@fo#! zzsbbPy~_4_*1V1)>izWn#5Tf@Wh}MpSSHV{4y-Fbt^7Fj<0lfDu?=* zsAYZ<%KUnr_DS`M7V6vw866kmdGxmtmV{v^!*MB;hb{jd^ryS|J|E~A1f(Wm1CpfN z)tHxM?(-sVL@Uxe$N%QM(5OKlvJth(Dy`9M?iBsa%Og$ms%!@%v|xiFBRf{QTK8`K zs8!2RjRyPKdx^DCI|wu0TkO6<@oR3INiVNFOwv?L?t<@V?FEHfb>@hxF#&dB{e4T3W|AdUg_V6QCO)c1CM>5(fQ;|OP!vggf$ZLSfhaAaoA0)vHYrX z>srR*aK4`n<~Hn?AtSHA7=+CS=7&X?_Kh7B$sR&G{Ht+c;lnrx8K*v5M>f4^C*b~o*TsN0e(Wqpak z0Te0%K044Sx|T)ZxQ$lDn}11NohtIU#CGh|y6T=pL#|)px(6xZ+ts*lSq&U?k~g;t z9o-m5zA=jP1)`3hJ*j>xqi228y29KkO}V3(m&0cGAUMx%2XJ>5zMT8pPlu+ynLwh)?V5_pPe>)Mt5x5rICj&?uifLMc4_$QoJ6 z{iuW_7U7y_Ml|O`wUfTt--)PNWEMv12Xs^D@u8JHWt(Ctv!sq-*d~+ z#7Ze&b);g&ho{XxCs9<)R;@Qgei4b2SG%q6bo%{?1O2H`nw5Ti*cR- zg$zEX@1@p37+FCl@3f5$S!UuI zOz2sCW$6pKE7Ya!YetdqXY*dnc>f7#t91`lzjJ>2KgV}j#1gZ)S`2b|Olgt+@0aGJ znoU*_jmix7l1MK-_R6l<^Ca9G(|zURi#su{TGNt`7`FH4Mb}m>SoS+2h9wNSg`#8xjwDQLa9QWcTS8X}u;Aws6;(QUG+Ecv#>Mhp z?b}Q)yaYZ;&H*zb*GRO-W-k$uTV}l%tPmMnFm@r_nBmCm8eMBoTnO|lof&1mr(s)Cf>Q~}L)jl6C>pB^$LVWlkv&NJD~o{JCfZ4{hX z{7PFdTZ-e?xgStq#G!heQ@>flB`(-rC?ej=`RG>bc3n{@PKPv`fs2-s5Z2|x>1rK6 z?BozU?Ux9h8&NggpG{le6P+lPy`Y<&I(YVM%qtbY_PmMKu8>m_E7#l<46)+;4&_zZ zD_+w%D$KCFv^JkCjicW5iox}Z?#?hlm|4}$N=S1JLJ8;0uQnv|Dv&jB|0)4XiaZy) z?Gn+snF8Zln5>#z_VuuLSsq?l-&;(^TO?GYNwv=*)ndUvJ*h1ZydqshDvg7ZQyq&Ic9!de<{AX{LiV%y; zwN@d^_+&AAPV`zW)x7o95<#xnD-*&EaNjukOR>c+xtk5_vcHDgM#_mgokJ?BxF^rGRWm)ia|ZYu za-J0>;*6fDH8~09eDm?J7j*7+Ds=#q(>e|j`*RC8=CIlZTzqlwMEIBczWeI2hE<%=Mjqw?|ow)z@ zno+jmv!Yz`J2Mw7Q;Xy`S6gB-Ud9EOji%;Z2%gr^5+(o5k>_9UQ~NiVpbb##Dx!KM~G5_jxaqGf|UtSW$e}&aU2CIp-qdMHk+H6du z=a`Eir`4@6fWilt-~aiqHo_wM$T(zGray>je48sv%zynA`78f_gQ)+^beQuJ0m3ue z=(eMlp;yPLa@4IqgK$AVH2+X9zVYd4X0?ML*#Wen{e#-JQDRbeytOr>bH?`jifRG# zjPMg^VhlqneFEM5yV*Fd@7!JJ`(#{go6sL6V6D>pY~h&>RR`3^^{pqi zHb0lSx<57g*^X>1`gp=}Dd?Q>Vevpj@>&TB(|b;u2F&>8AE5p%3D5N)ByyMiUa??o z>q#Sv#Y>6Jhc!j^)A!tE6-aCA>mGIJJj~FP!eM!)T0>`&aOYg;;hX-fsCb6VRbCz6 zknwZ9-m83WjUu<`4@9gUzI*>GwNHWjhs7Lu?r{18sG5c+mz_~>pWh4TgbB3rkgxPK`MWk$r9O*hT6bH zyr|`E!=c^)N?kX za4SK^&sD7C3yD@0Ajc47H#cncpLf80I3A3Vtt`>&ljVNiI9DRqgU!EZW0RAv5NZiX zJ{-@^UMia-??cBwEnX;gIqi$nW5w*XrTl;1uWv*IaMPA@mlmj0%LSU ztQsza!wm&dH7YiLFqc4cHnv$gLe*h`#kBNcig~?vdzWAC>K^9p?K1zhhm-#PMbAb{sMIshb=FuAv0FgFu498GcAFitqq+ohT^vXuM_*IP` zeSQ+lp+d8fj#+|MdcPdUu$zF28NG~^(kJ1TLmi1CD;}58%D6K!@-}n)2wRBrLf{+| zpXtY(cz$Ec(TU*bncgfMR8dpwBd6Mcfms*I*L^dM%^QWZ8lkN=oXh4Y4v2h0vy3ZHeuB6M%!0bxroTM{5Q*QlD6xwm9hHtiw;&=sH$A)CF=mw>ti$Kw~0)?O){}&`&YF1{sHE)?c18)JQ<1mzD;9l9k6~aX+Xz#9gBOh}=g~OWk z#5nJ!(L1jxe{guc32b}1*uaZ$h~dY3A{8Y|6#VS$&Eg!@H*9V@`{!1~1NMWH6GyQ4 zfl@%(#x!O4ibYnuA-{14nV<0R-oatrW-zj#k<9fQA$27I7rv}SrEsg)6vQi-l-wHov4=;Bv5YO9q$9fCeL>y3NnnDXYq`7 zS;-#-VeTmgkVsr?R$&luK7sG1bJm?x@OQ*Tp`gRoJg>>X?oAWPvUA;*nZyQspKfcCD z7|g*|azDTOboh3iHfF0>fVGNW5S-{YqN(bPZ#+s6G9FfVz^a2+hTXcvcdzX=tK6b< z%MG2Cas5xXZcBO1yFseuyZ4|wy(x@3lnAc?n#pM*Jga{le(X38+ko#|6VJX z9jN&0NNVHz=Scb?`^=~qd3T6>*iMaUq_&Rn&FUn5cG~)wQ09iSgz;sQiF^Qe(7g-6 znp?AY&2?}M!3J+khaNSkk_BU0;@$;YIA#IOlz714fMC_qIL50VJfX~r)u_tXZh+_E zn@@#yCDFA;oArW+X5;_EC}X42;6rw(@@QwqSDm4aeQ6cS1tbyT7Zx1Ete)gp|2{Gj z$-R1jltnHkvZCATqwjKBj(%>(T#XxQ52~Fh`#^5`;-yPmor!`8T!4n}m99la+~4mE z-y&!&^QRTV_SS7h12F=0^0{{am0`AJv_k8zojrT&hhHSj{QaxDvJ`s7jR6HY>~+GI zwKJ^L(!UJ;g@5PXTfct&dIjLc{^Pxx`|f<-SL&YTClS+HXWG=W6QJeriXf3~FFNr6 zy32rjtT6WFsZudA<@1}YAREPN)ahhtkW~6Xs3DY~)_X*kQK$N9D$y<=<7g;}&SnJ7 zwU!utlkr->1~{*FaKZ+82M(#EK*SM2zpd2LhmTz`oI1GobzP62-};Q&9?ss{W`Eno zu2%I8dtR?VU?B2k^E_PM4Kv#rcv$Wj_xkeTBg(H!K--ssZSRjqe2YGQNRi*LBqVsx zeOG1u^Alz*>W^fLbbbyTLxvxX5?Zqs1ir{$&SXRC&vqmw`Qff`FRv2VzC~P$`)S=e z<8G2{{yHL7+J~TyGbXmX2tEdfG|AQ{V4XK$_lP^Ml73A9_p_btE5asQRa2q~8BjL0VcA?Eyl z#;^EG*{G25&yF!wU3mFwU2)*yFVDZ4?;i*9*}Q?lR6JtyUb?dIR+iHtuN9@E5Jmt>)w^bq!7NJwd!pG{`q zGafY2vonVoUjmrXlRCWFO+zo~c)$k|uIoJ>HU50*-%<$Lzv9c!mzoSu-*le}bF|FY z&s7I=pvo!}9pNmqbX7P;SbcrJ6>=<*$-Z~LJ;f`;t{&?6hL5Z3dYCgA(Vdr`XS(#Gd=Y#nH z0pPk?5;N7Y*@WXU!46hNzSZ{tpjDhYX|rKdE}>WnOOA)Z#?n7&j9>Wq{R{e?G8LVP zW7trx1_ObSLe)$~`=v9bR}_PgyX65%NQws?)0p2_h4#TqAF~M_>18q&M%~nJlHAHN|5L zoNk#&P);FE*3#q>27OMn)gs#w)~)G=oE5Ym!@?-UGFdhoe3;d-1q5;)3s^~^$A#Wg zEKs~~3}7g_73gL^PB|Th%+cD(sJkB9yZUaXlW4INN0LJ1cov3dNZjlBTtk4on6Y)Jn{H3 zM{K^KzPAM#eeC*W$aQCBVtw{0<(#FmAf3%6;_4_+JOI$abbX|Q9?X?E0H)MuqL$jY zj#Oh`2t8=u5xh!07cJPvJ!F-9@ISXAx_p3i z3?QJBDVt8&I8TJ51$*2Rl0}`5MkET2oPY}<%y}!jFba*v#40{7!ou+@Z9rk zxn!506duW>1_-)c*1Ebe5XohSK2g6F^O{MI#yrgwJ{YDrE~VT~12`lIu9$c*M`~Zf zsk;N5(8vM^1Ah54<-E0L>R+-U66(?+m3Lf20xg%`4oE9VE%}U&#Y}1|-$`cDDi-hR zSzgjmzc_e;_kmSXyCb_U>{J6-Z)@Rz&a5V6sc9*evn?$qEsI7404l$| z)9oIh$1iJF2}IhGZwTMGaYG5#`0E*CEM}PiiihLbCboQ3_AN8ivFT~J5m+(e1B{NH z7=)cF<;omTr3ucgR%#r6|-8i{1sgrwv5RA*dUTF4iCnG(hHlJgj*s{ zoh)xRGvSsZn70Hs?huZngNikZ6Fkc6b2XfM z>y~A6+^&1YpjX|Js1ze3>ThU1k04b7)RszPw72(840Ms({n1&v01W}?$ukJ^kP}GUX=W>s=cU)rjk4V_*;6Yp_0oE{bD;R(R8G7(|;Uy`K}pdooXxB(07z$hOYiC%eUv&+&#gkoWvX zg#Z)@&133!2Za3!jY~u;ie23T>h2Xll`#l2*xA7E84|ens2-yPv1-%SC7Z+gJ+jI> z8WAnRX|-!QZ#^m7-}A=i@|J^~>7E@-Y_mqJ*lr=3f2RY8B%-n!Tm#L}uR^pLNLxv~ z6oX7uev<+DDJ2jMY>AnDi`XmrJATWfT8V;I*TAG4gYb#AKRy-OMnz7ZiRF1^d44*w zp!(~l;ET!$|LI7w0EJln!FngRv)<^rB2raU$&%05SnT8yRI8R2!0I8_9))*+K0u|3 z6r!1v(PX}o)AS;4k-W>oa?YFQK4yjjov(IH2C}4r5s2C$1B_ash6nS_&*m8Vq0=A9 zX`O4UvEM?|6srPqa&=?}NFK4&r;am&K>>@X zPt*Ri;LXbt-XFSBAqMh?HaX&s=&u(q0^@OG&vsNiz-{414N$@>%AJ-8SkI~NtE(dG zd+a?N_or)g8UNHIPPGHbooPE5ilX5C{h7?b)dUbHnU%bLuO-$%!kBr^Tlh&uZKT;v z)K20DLf-)0h}32dIlE}@Ma~Ks&W4z)8U?IN8;}Y6)`&t4*(XV$)_Y{!I>)8FX1alx z9w6(32Der1pl8rm*FZ8esI)aJW@>86|Cz~lAbbF{_FS)@uC7Ms#oBeJ^KQ(Mgk*e| zZa_wnH%d&)&1O~tSGKF&R>nR+ltZ#)jOC9Gyrev5J^{o=9lFwG?Bx7ys@bjD)Xind zG9Q9bdFH;f_YKngFp6ElbLIt5aJ!SD;FdWe5t#B^TAovxc{x!V-`~dShM2FPrpl}Kh`Qph^a}k$1XTdpV z7c%tGka<2o7g@LO8cnj!os+d{w>x@&gc9I7n_pbn|H;(Mb~Ke_XP!nKv@o}BH*Tz= zITp1hZ+$_YQBd<=MJKQw70;9d2ibF*BwU7$iG+6-qV}w%5<63*+4y+C-j?dqzTBQXdj}4TYn~m>xhVyHE69^?GiBmU+cN}bSDzt#LMm%R$>s^4S z#pg-;XvRG!Ys-~jr&k)I(wL8WRxW&XuX0F1#I9G zNjT#5RS4fUPROOwwdwJxIS8C~aP%g;_k-!i>4B5EhcbR#<4VW?SvhTZH}~^xuPs1q z_zIiU>BVtG%RVG_su%b5=?=(3ot#{2WP)}-)$H&$2q9_t{opPO0hoGXigt*^m`n&L8coArc;>ZF_oh?xk4bzr}6N^ z!;Of~hG`JuxAwquh=C+C@mnB?=;JxzgG~`0S4S;O`WBYong$(?wVG`7H>p64VtNLj zUzhgyFVedrs}GPMCaHBgy3M7@hB4@<80p>QRsm1<`lu8fNHthfNo0b~O({1*f@&ca zyJK!B^?9Dm8>gVY*=6DKCoETmtwN-(eIpDB_d$mbK9iWcLhyl3{`c}U84W(Xd)7Pw z7TS4^a2|NN4~Y(l^PQ$;u~Fpr!Rt3$y;HfHnXvPm8Zw4>)=BL2u!zn~GbV0}oVqz0 zn!+*pTwDw&OA1)72(e@ItDPV_!*0|p&Xy(El1$d%38bS!ClEkRz9lT@aIEVm zV9KblgtQfDP_01z9#Xt4m_wGxTzAM<>6&jBYWvCE(BtJx_x^di*GQ@kQn)aw(dx<- zC8sv`+TX6HuN)<*34(5KOkw`-vf9Z?-SY2= zrWH!pbDu3Tp;vLMvZwiKI`K&U zmamq|Wd<7=A)vN`_z~Myl4e@M(AFZ+M`lybNXC+^ML4&St0lbH&=brIPp|U{?s%%6 zxe&YzWC!AtEQ9nCh0W|N-!BDrodEebz_rrc6w4eXX}mt%AKH7_YTK9Q)>dY#(cQ=& z9NNHh2=smC4y-6QFV`K#u;*?ba8-r!rvdr5oz2a+^F$z;H;21RZ9k63@jwk!pXgEJ zy=5wD?l046D9jVnNvj_YuM{0w@=}-7Prx>zL#U+qaL2~e!N46Y*%Mf7xUFH?~r>E1{d*M#=|85TGRUTf)7w>+h%B<}~JKq$4n?6VNlM=TmHBKI4oSBVDtO7#9c2oMV-jHT<5y48@m7C(sjnQz06F*$lk; zIC}VE(nzfj;T!$TM?#^Y80s}v7k1Pbj4@wD#u!lvs=VF>RXM1jSO`fgQOHaP7bK(R zH0l0?GFLoZYW605ro;EeWc`w8Qz;4Ro_C5VE0U3etbybxq?OcvduKY- zx;546K0!1ys+8W{@mSj{;l`QaCw6H}>~HeJgHg1TtlSERyH7yLPRREtpCmfr{DegV(e$p9`U=tV-Kl|gxnAS4bS7x- zCt3g2Hv^ulZOUaf&&%%{DHZOpd=T7Q&v~0A*(#CjqQ=AYVYoYE61_yvYtlC|m~E*+ zWYmT37Jbi^AsuM%t*NBQ2iK-xu=V5l(ZAYXy`47vc=Jn0!uV`(_KsFV@v@>3HH_7N z>KGpA;Lhna?61g_xtKLC?*Ku-tmI~c2Dg#b2S;bEsNS~*i(p`niqWHNa8_(%GbrE_ z2o<0F(N(w(o+zJ%hPQgtEtHt-Q?*bSnuI$hC=hBrb&JlVz^-bX{fo-$nEt4J!}%Ty z&9Jv6%pwO$d-JRY7Jct$ma^z?Di9Z}=f-6ZztVx6(|$^Dk0pGM%RmfTWxQk7`y3s7 zMcO&p^zNz}G!5c5$)8`DM-L}N3&m=Lp6dgOvcK%*+pM9aT7NQ{R+z`k8a=O{Nk_4+9j@7y_fb&0%-(sJ)d< zx2x27;^Qz}V?zP&hxvQaN$Txum5wI4t@mL5b*|Bv)Q%+KtQv{UNxRUM&GPpI)c#7H zwb|KfAhzBuyR(eO3PF)=<73{YqzB=y15aq>9k!K96ec8HB#cW$$h)~3ZL!ug1l+1w zpebISm;QYS$Pl?{?P*g-W6mg^mIBCJN;b})li=$QCmhExubK=>baS`!zT4M z9`#n~@G`qCCr0U|V1p?KR5U%4L#XL$gXCZkC00>w*`Otknt;^+a$~tVIOCiba8hE$%0 zM_8*Qo-8<@rNPZw8bQurzqY_UcORlK${&#+aTLAB{kPY|T{la3jn0zDpw-r-w*hm& z+z5*u^hC>e6c#m}?^bWSh;_T4YJCr`wNUY0y-Mecl;D)04Mg$-(zFSPWU5`!ND>f1xnibVzN)bD42M#a;5#8rSIq=<2NXSa9!r?PGv=4BySXCp@f;%~ zL+cjb*B6FuJw?%`V>)SP4tC$v@}5O_gG5iQApUmAiMj%=I>+m25?6*l=vj-cEZ1lG zn(Mqew6tmQ*{hliX+6mdy;bleDpbZXmU7q7Gf5}HwYNmf?(3nt<%tc}kb`~?VMexI zY588_hXHu>Q1H)Zhk@dA<-N8qrZcTkt^2G&m#?fiJZhldg};X!M@rR$juhkKr5{RI z<>tzV17FfF9Ug4xaEmiR76*oXfaK)|DQ>lZuLIPyn=npc6}jr*eh>Gn9yfjjZPJS`mgYVe3_E| z(PVCXh#gt71&Ad!Fy`GXzD=r{1MN<^ivXC%!?}7{UC9*@`5qe|PE*{J7;ZHBG=HTW zQ-nqxTiRnk9 ziV##spU%HuKRVxMs2*LVh1&s#yrkB4jcc?e1N4fCRsN2og^nj47YP^g2}JIxV4;s| zS>b|&0IUnT_ZoSRnd6Ihr_`yLrNu4%A@EIy0H9VEEY#JnC{B9k^xO#gQv%S812&TTLAIghlYY?ZzMPlkN8xej&$sh=8^AC{5~pgq z({PK`G|&{%&pTMe*xT%0+^h6cxD_C-YeQ^OSLbhqn?F%7yVSZjlt;QZ=DU31Ai}&# zi|X@M5UUKmke=)QN0e+;TCDfHfCInl+1E>RZ_tnF-w7UgW%J$-ngKOH)TCcN7WBIF zOCwnCMa-53R+Sq)t=p9D9nlNh5_uK1O)?5OaE=e!3^b3kde4GLT9QYY|H>{P@IG&` zPtX+a(#_(mMup=@rv0hDnW^8(lr5_7Kj!s=qdbMD?zLM?(oJN7I&YeX;AT+c4pnK^ zgEZ}(rL7?6>+$htWPHUdpcak~V0499Or#>_n^O(EN~G5l^S)UaCTgb1VPs`7=DIue zRVSQ@nX7Bx=hp;jpcrG*lCUxlax=*u!ACt7wO{G~;%|_g@YL8C{_Hm0LT!0seQ+g9 zSUW?WYrcm^z#QWhV|h*E?m(ZK?Oa2jWmSV9V=j=8K?7Z=Xswfr(RSh&`(gS=T3ef@ zn7pv9#&^e_3&93ZPsBC*QMux8-E)sHj@`P!R*3fZom|Q|vnmw@ej?-M9h^p$-j~1k zadsrh$-^D1Cl1)ZwO~sQ)!9uchnJPJyxbal8g-neesucUaZXq+QyH*s`3LT&eY-+B zScJ(2M;XBDUEmE1IQ2{iiVuWAn0$>w7y56#FV{(y?+80c8qyV&ECcxAru<)=#)D0A zo)0mcl>57vM%Hd2_(Q;Iy|wLYc+$8-uAWKKHQgI1`nLba% zYDr+Twhb0Jx_h1Abs(`%B!rs+zzR&gGr_lG715_nW$iTNdFW}161Tb;I{CT|-Iw!v zXy-8xH0B*Mflv}UP-_%@I67o-KW|C?D$SC@{j*6yx!=c8V^wJ$B%hMQ$75G4{Fc+4 z($+w?2{{aR-<<7*Kw2}~DhhO7s}9uw(tXH`;^JkKVF9nThw)e@YUqb|BqWJQIL9aw zR4uzT7>8bKIx~|MnjT!0%OyBIRvuVYAUKUrS}jJh6~iN$=HQccSg(OZyhmnv;jO~@ ztsh)Cs?m8jd4cTKbQC)_)hLpW$AX_tWV?3RMNI=9IuKZ5;ia2q;(2u7@P82ZmSIi5 z@&Bl;sDOe63aFGwNlPn;z$j@Lr4lkmmoz4r^ypGxNNf|>Xf_q4bHr$r9^J7K=brKV zegEe=56+WwozHdg0591-b-(X-yh1;SW=S^+U7Q>`WU+hTaOUlu($Ancq%?erJO^LT740mfvBO=0hxex@?|OvHa%{es z4gAF}z1~H2x2rb?!z?i0pDA~E#y`$(83=0j*CECf6`}-|cuSR#KJ3vdZzsdwCj5&( zRu;}_Pf%T(=|cE<&3wNI#g=M;G7*Nq7y3d#ZIwjYiaKUEd#_R7iG4gxIBjf|DS%J# zT~k7%Z|_TvjiI9&ke-F4*i{qQ9NW0Yen@X&i>;7~s=vUPkkLR%#1}Ik`x62NYRi-1 zaC959psSl;lOF3i{Lr36S(WW)PxAJQN(rCOnyK3q-7 zC!qV{2gajEpruZfIyZCBr@P|Rl8jHO?IgBF_}|DhU(ngz-C`OD^@L9Pk3bJPOf)3` zbNcE#t%zO!Gi)i_mv2aj=g;)!8P8UkSBq60Eq3s#SS7C%lC7KihY$8fvQ_%Py}OvJ zigDpTK+ALZB+aCUFWuO0yRxfpy@nP#$?6ywYAzf1%PX*NHZfbFOx%+goVKQmG2BT1 z!Cq{p2yN&1+_RTDL(ui^DRLRc``mshX_eDRo*W=eY|P%ex4@iQeEX>E1wC{y0k-(@ zcF26_;F)yi@LgGq#GBR7%arG*<QPSF!D3S)B(JPY7G;Yxe0Ox`C6_FT=^$XR;4x@#pOr>0KSU{Or)FeRbA?xj1qL6< z2eX#?^$D@f+Id)D)Gv!XGTOdUkyfd~5YB#WvIJH18^YULZD@R8mah^3U!u2|rXVNG zu)|kLZPTF~L3Mf`5Jao@aINcBD2t*Rc=kwrB;nR{l0M|R&+R^9gvXbeopEr_;()Yg z(yq1LHYI6$i*ywT>I~eG~gau6z4)v66!cczej%d`K3hO{?05KG*Egdn9;_VRntEG{?YyT#cqM5-B;OW zCC>H7nLJaKckDa6BRT3FD2G3VE--OJVUR*((-gI7`(`bbbe z;ytx$KKdK8Ps|UVr~fpo@Oia#W=He+S=oWYq;s7UXQHXrXCH}WZ2Y(g1ZE!{xB-MH zeeZ5e;*QusrnXkj-LgGGj{?Rf4_k2TW^=8E1l}nH2PcAEbD~?YYV7iGPYKs-bsQJP zbENq@4bElSWoYX4RlbsVYx?U^j(37R1~%u>BLo^Nl!WJl<6e2rD-j6}!imE=NI8;$5x%!?CcSmW9sijGa{>CB)Fn_A)ppyr zDNK|r?qF*_z)8-)^sc4NP%(Rk#Jz1;5X62_%K7SOO?X@xp*8wZ+T3X~`wCzizO|m@ zGIDmF_pz^wImTM>R!Q*Eg7yjJ)>Nr3Ccew;-|6pPUCmFO|+QX4=PUmTbzy!|QPl2%&;gB*ANzUgEc!cQ~ z3V8=IA#UdTWa&YW^3Mj|ArEs<9;fWeq7?5E?T#>CoOj!D6K18I+C8UW?~#GVddJPb4bh`WeQ*wUj)OBlSuY*BxOUTi3XNIn zOnzi^KaHb`;8$UVG;jzj>Hbm_jvT1z0~}E66nx{_m9Zfo5ZrD@!K%Q zh3)ZDDFec%SAq+Hwm(o%?=bA2i1qhbYZNBLFG7NE&#*%IPzVG-%F$-ore*Fgw?<|y zkx36DnBA=R{W7)S#TaKo;K_=38@g^awE9kKauIRy(~U zbtB} zV1S&Iwd3Z3Hg%$q`l=yp^+NCAv7?NaV&uv^lAs)~=@SCOJ6-h-wgR2Ad#M4_d}2B$ z*5`sJ(TBYCU7^giap@AMsq)#0?x_At7SJ|=j=0HZWj0c4>=CHn9PHRHc={w{SU-66 z!^RQ%H>+Tzq8mZnqEupLBQ&1F1JlNctj4Tg$iqB-l{iVnd__01kSybw%6@cC782J* znhKQQC*HbSeR)TqoRq4CieY!L=w@ig)}&-}@Q_#dobat)Y5MM32PElH4D{qH=ht`P z&9q^BAtq0z9a zBP3*1VD7!(y>9wzz9fN=@Z>AA;3tdH8{aEccaG5Kmo1Tn^>F9nvxAhdpKbbD71aT9 z0l9AM9)w6vV3mSBM4yC=kZzG^!2m5 z&+vOe?vBBH^X4VD;iOaMTgY^R+TmJNG7SU8Lo7+ugWU!Xw$p1yGE;(dIeXfRR4-x6 z#8~c>U>t{%FcY4MI7`tGjd23z=?lu`>7UQF=$|Zmxdhi8cYoui#jcShv@&zxfaX;A1XdB z*J4d}P)lD~6H7Cv3{hN?cJHZDi-~P&*okn1&XTw$@heYU9Vhj;79%>?H)kClwqwqd1!R+25yC3|s?vDsTgA^~zYAqKUqN{^3 zBt$RJGDw|f>s$Hl+v1`ti-bdFFGH0AyWi$7P5#-Yuw2Bs`Z!hU=Y~=J=%+bZGk=}~ zOzXs)__g9LjPbBIEFoT$WX>r8mpOQ~supEg)i5x+N}2(VRon+JrL_VtJgE%@wxHcD z-VQ5-Mf`Aj(7}4E^jn3X(bVnT#aiKgLDYX;z_(3A{^6$UR@$g#&W!KKQf;Pv`@@2l zxZcQfl?vO7oCO;ZEH?vmluJ*OO z>btb==b4gVny0!~(*`vzXQM16A2|Ve-Z0&jmjpFteFGG2FW*k{Vm(Adnytdd_+~r5 zsBLIf3)A;_vCykTbsUW+?n42I+6haX^Pmh+pv_|nkX$uEgMs0TEil+oh6lr(v{5QZ zt$pR)6ygpk(X{+M#pN?vqeOzgW5rIY_S598gLmb-CFSq>;jEiVgi}%#SqUtpu&Kcl z4hG@utqBK4gi_ML@R_x-YGXi9O6rp^@Wv7O^{qNw?rONgdOWEuCuoPVJm4X3`|ZV& zJAB0~v)SUY`rCeI1Pv~x#4mWC=7**A^|tqi!%D!IB6;$cDdpIZA+>kgX#iEYy< zk3-|vzC12td%S!xUnoRdWdd>HdDH}CMF$30IZ@<;{9x4>HN+EB5-Y0jX`~jKe>jKSZs8kq# zVDKt@b+E@RZPlx5hqB&JH-W^@lR$O)`1X!;nOIc<`s+&~N94^sktj3I{`K9< zYtj~jbp&(qbUrJEt!mvpqh3X3P5Q4#=$rga_MD3De?8CdWnoP%P0o}N$qOoFrrQZq@idA1RN51R-n;+`Jo()pau-NRVWi+L(0 zAO2bXZaz;aV?V@s-6d;ps2!?VJ~%)r33tu|76UxTNQ)3<f^p=X14w;na%n~DNMW(a$W9*fpVER-b*=L4FZ2<|xch@rN_ zhW%#xuP2f!ADi{FjLS7ySVTsYeLn;Td#orYA=)n*GiQ!`^1JP7^$j^aL-|-mZ&W?~k(zM2t5>tH{f{M>(5j za;1z`<60;)wp7fkqK~bL0h<-eTj#AHGu={2Gmw%GQcuw?-I^hIX-#~}rUeAWGNzeu zD>5&iipXx=($F-YKYFlSYp|F&Nt~=agJm(GHoG|4VH_l%JI~FuT2@!@vSgNQ4+8;9>=%9k(I_q3F>S$9~|0R zsh7IpwZ$J;y{9y#Wjd$qLSa-)Z1t~dhckX!-9ckozdRLgNVb|tOsXx@vI3$36bW99ifgv32CWIoq9z8^o z45|;!#08Ap+`THw(5zhX1-LNTo9Z*4BDXP;gs7$#lH=gK}12CbEw!iploDyo^4W=Usj>~I{eAhP5Yal zo`(dSXVN=&=Fwg}w`y&r-TSY)%^XrtZgAFPDxIZ}?DUsL`-m5RBAZ-sD5d#SSm8 zi|cUX5-qT&#kG=OisdtbFNh!jZpbYK{el;2jjUI{s@!R*^{>zIcsbVDtHi`MDX6Y) zx^eqs<5XdJ7&@=N&511O)nCVgYR<*!SzBA9_;RpYg=xVQbsp{Q?sxDGFR9^xx3I$F zrDw2ol1@XKN$ed+D6W-_?KcEh+D0X=-F9w=-|Kfivpp;dhEJll-*5y2VplhbF>TrI34cbZem#CY~j1T#A`E+B`oYk zKw)=^Q(aB%Gp+0K^Pvw{uZiuxTkIoC%XWE(E|+lA6Z)?2zx6e?i=*5wlhn>g|2qe<+lp4IW6dvI+kPtQt$HIm=bI9?ybu zleoWjyNm#(^Bqqt99clDZxrTf-)Yc*Gc=G(5BV19`jSlw;(bh3+%;$+DobM~4ah@) zxW}&>8L0<6DOjW(um+#*eN9Y?>@J+%m@Puexp!Uze&O+aR_Z_*zUQ;lcpCjho7H%o zW;bv#=CHp49{c#jjm$5y^YK0$8J}=}s>j);6U(8e!n4L=pQmfmX_K_$5DjGyw72vVlmGf)qEOv0X=zPuM zyEt3vwofKGZCdHYkDA8Nq_BELXmp-7pKm&pZfUtLuK-a8IA6Ad`PW8O%jQgytQcB)36;0=IUtWA9Z#7kfTnLG8ZdMQUsy7&puhR^-zHi|dD} zKQzIg2LIV6I%*ADEE*KhBTUg_JMUF(YliffO^YDJe9zO;E=iIPJ9JqHoaQy=R_e~E zQ}%)>x)cR;fSmkT(%ggMwQ%*&h|4SkpOa%&SBhit;zC{=#_K^Jy3wZAl$W`{c6R$l zV0k5V-qknP#fscDqr2qF)MVRT+XW0S#^n1cz;6mLSSs}?z>;_W{{41CfGRl#^3@0{ zV9g2yzt!*Dc|mgo1nHr$JO`N%2Pf4p22d=a*8K$FHCqoFz)dn=zkYSErWYJ(CsNf{zK^ z`Mw@Bzn|>_pMn=JUnanMvzku?t^PX33Z5h!t^neJWMdzBeJBVX?=&>ZgDu2lfKD|ZfSX8+uZD3b3hkr@-mMAR!JQE@ zHvwM3umcio9O6@1mpIM?O!~`zYrp0VSoa*cZ9n(%{hGAZI-7HLO1N3$e5BW}$U;TY zmc(i3L%pabX`j181Fm<#m8$Rg*)FTtXWf|T!*r#FggeH9&qB|60=nP=(X(Q5>?PON_!RaZ77vks2M4~a}V|^ z>p}OBhZ}M)Z>)yh!i?=4cbcOD&!Z8hv3i-TEI(aExb_gTd1nXbnM3D+##0>Nxvwx7 zjJQktx0pC#GaffL(@_6Du8Ga1QJayHVFRAWnya&)`#pgrTO` zt8m4oOg@)BtcY1H;Geh_{H3!#nSJvLVO!gpkZ4GL&O=`y-bB0y?=A3fmy!IMIBK4f zKE?{2uC2=E5|A8HGBpzl-LDEXb)Eu?qqOtyNnZPjJ9E7v|GGWi=>#t)SnLjyHTN}2%H(fj_KwbbB;c)L` zgl1o$9=`vq5S_ZIgy#wh7^orgX3M9$ZlJ&D`u8MjE4^`mx2CUEC zUy^`Q)&rp*Gcs((>U7468GuZ-R7g+QFQ8Eiu7vt`fu}#|XFqLCK{ueie(AakP%0%R z61$14CYXHMw%%Hj8o^hgGts-~&^+CRG{w)F5Q0)1`zm``H8iLRl&Mi2O)LF{Dp~WO zt?~2f?rz!>O5sgFHbad0)C;sMdFji4Z^EdGg}S zIu2Rxt(BGSKakI%M8cler>uk;4|62m{dg+A2VH^OhcYC zY`h4C0In!Xx&_Akq&cZ10_=nJZ^j!@IV}<};+@psUx#16c@t%98DvVcn`%D2w6+u( z#r<3>%|s(sAoBb7&InhU&-cjl(?}yDKd?_l0m%&{-B-^+`itF3WbWr0Z^E7W!NZ?_ z^KY?1;J13=im>RQmsLf0ty4@tIq4yX>OlA~WjmKJXSa8}w|HcRWjx%d%(TQ%F2A2Z^*zu4X?wU=vOAD-rLDJx3eVBg~|s%O=LwUo!DNP zlBRq6T55du8hKK1X9f{@g!_2?x9ZcPp4F%6-Zt-2jK57ZCuz;)P}VS!$Io5|0S>g+ z4wg;l=Glzayf5_MaE9l4uv!iV`KxvuMT8h*swfbMj~8f9G(JiT7Lvj`@_|Au!pW=z zQm>ZAB(fVd-fh;euBrLXaR^(V&wS~UfG|BP7eJIJ(9FxBpv?Xv z@5`07u=CrmWM5J~UPz|pv5|Lxr(riw)1{+Mv0C6qkc;cPKq%JR6Xk*s3d0{ybCJJ7 z+bb=upO3pj-4M zr1Je=zjIpT_<8Q{JOBUTFSqdbuqsDsCFPUKzwhe4u@k$vizdIDAOO}z`|^F4t&Z8Z z4O|DW#AVFCw8}R%IOX0F>RuNs*coqG{!2xcD<3+|7t?Cwy2iife=Bvu5F3A{DyK*S z5Y?YlzWcK%_Km@^(k?vwU6+#nijX{!@!}ARgnK4ncR%hv6Zz%Kt*zCf*74jtbRn{o zmmW=#r{+8MVcQe05{o7|m)|+{{Qw=0X!?tib(FQ4ae&=rI(ya@dGydBHNepZY6S+Y zl8)DazMFUlxaCi_FXv(2hOML^*f=Z@z~G?cBqile=;o#mDD*`dub|j0X3VmleI;mr zIs^A8`F)>%U%Ba1dNeIzc41(1crTs(REx$F2CF6uuwrS!6|TK|7F5mEAys^YmZV2o z>g(&W)mb1IcE|gdpZSV7VgM?;Xka&=umtvHb>Okab@OIV(_27P2gc}0s$D=6fkxOo z_8Hvg2w@wbx$TB8Djdzo6a8w~a`wf~T(!6BBUX7&&p7ue1@If-kl@azU%p)0z~kcL z;tP^N-_2k1Ba@Slw3>rg-7iSZU)-AQ&_VHCrP;Z)TPq*{I|iyhpznOt7&Lh7v-TST zQcV^Z${@WFVu0Zt4U`Mwp{CFic_7Q=nWZ&GmJ9!n#YKBfe!fyb7pfD)19y8Li7xfK zG{=3~Zm6zSF88idW%pUUy|lI_folR~)_sT6vs^`wT4RBFMiQ%$a>&U@%PPOJlPCiK z#vccM*^-UZaSK45AaRX0GN&E4)=!(89yoqJ)_=Z=)R{{J;1V=4=gTUHdi+3CprB?s zJ3aj}%Z>Z#`6gQ>O({}3eZ^H>hoFaFc4LV@A;i48}dZG`ov*vpFiO46w-FBA$k9Nkuj-tV1de*2mDqO z?e^Rup!bCC^g`6K6QZV8}0hJxFUcy%As4?OdyE3%q2z0m;k~-gS z91H5Ck&%&n?i5)Tb|LH9Ai<5{#~4%NlBJO^`vKK87$_L=k=v^(5}Y~ihO^qD_?Z55 zYaoeRGUyIA+ec-lMRv#pOshXga^dKBcS>Np7nXAz%uni-2ie6tLaL<2t3@W)rOVMU zW?BYZ=>FsQ%Jz9qAetL1Y$XJil6atz?cKPJD`I`-_rYt@?A}@aCrE&W3O{6=pr)o4 z0Ti)Jt?RME`3(quQ|lZ_M-ySjf#9^0zJZ_VbZ7T#f|5Glq`*8icwX9fJ>k(<+XrR4 z@{G((F6O=g7qh*UR)uI9P=#DhPybAui?WrS#w8;1Rr9g2$HcadrLS+qHb9=)$?-@^ zYQ=l~@4MkVqUqRZ1XMo9KBhaRd zTXdb&I^}S4g`90|1Ln-#XEusFYPA6^va;9s(egLxzRwSyljE+_#85_{Mp}paU?~1U zp1zZ=yZul78I9?)}+&|Ju} zObQ+nLDE4U4t@fA*ruIS3GjQ#d~mH~K=n^3v{)DluYWuoEZizb&1c~W+DP%7S&sl) z07wN5f;Qbk@-2%18`6?&c~)<*gA=2eNhe`k8@?jd8- zYlgWo?=DG0@Y~aQCqE#Lu#pcUEXtp}&t?cE`|#t|Q;+Xn+VBS2i)~x}>BLP&IXY&)pFe%PMtTOU%=LSR0^F z>;xk#n}IlL(i(2|lXgm&*|U}FBh#zxIRRm0vKB@zmU#+VXGRreEePg{UT# zb>I_^(EFKIR#l;LuF~WwmqzjG9kXWO_2Ry9!-+l(q?UDH!e%SIxwZ8sbgqnMd?yk8 zmUCScOD{YO~5SM@#Ew|(5qLK)lxi|o2%Y*=UWDO4AIJSd>X@YDq< z+X{ew+M?uP#&USmBKlosE;A~2YSH#&nko^P@D|5HCL9BCK|3;l;8-B)yUfL0Xa6}C zkNLF9DsF$jc=DQ%kaiFS7SfwW07USw=5sP$`DJmTvMCw)_V==y4*{ZO^M09iSgb|Z zjQ4cs>;JvUj#oteW~l1WT{G`Vd?>+kGblOvrrS4hzRe!%z_FLRJ6dzdWa3)I zxK}g;f+SZSE#>7HUIGdNJ!{&UnF|7s{nYk|o;o(Ex$`l$Ly zf}~R}?3>bag!3SKlr*6U@${gTxK@w!5pkL{#W|^g%d|p~BXHXd!tCP>ZJg{P9ccvq z!FCRhdr4huev0ey@7SpCJ3l29r(H8n6o);GCFE(u#q854Suq&KFL#lwwZ3?8n@@YJ z{y1+nFXku4&Gljsw@#e5; z?^3&A!XI0`o8Sp>9z&xA=s$G>-3SMZxnY78XqPpwg6Scx2M@Enck}=a^Ebx(p9QV? zM}_V5S3~wcCDTv$Mlk&!4R~Z*t7>ffXNVK_cOdfnl>grj2fuRG5Ah5A{u74(oUSyG zX>5*&h`1l}uV|s|BG+#IRjB;^|4VNDt=?$AmE6*Q`uktA|MMvc$OFPvVw0TXw>sUV zFR}6HE)_7v`B*-5QV!62HpTzz!-?MG6YYmr-t?YRBWxp*ohzcEvim0e{a%HJhRW&X zq&WR9DbM~%c>Zryc)6$1?BHd>!lv1`kJ|m5?EUIGLE@Mv@{8?-5`$-r8?EZecBu-9 zELSZpEk|G%?|S+u_|mqiWv)NB>xusVaf1<5qlMmU94&iy*F!nfQ|}*^y*u3)?%th| z-7B(MprNo6(&Bx=tGUY?UFX>^VdKBpmQcJmWAf2ypug5Epfb<~u-uv-g7d3O`dfr+ z|0l?R@@)PlTc8m;bxF(Ae~J*3Uu!xM{cWA;W{VU?4ar}6y1!+5*UyBSXUkR@Q2C?3 z-)whgBO`$(XkS_1;rB-)&bJM{_?+nb&7-h|9cudZKHgSV&EFnz74yQG_Qgzp6H8x% zfQQd2MIXmplJO9bs93u3e(LN^zb1ATCfbS^lla?W7}H(YrXcd=u|HUgz9o%4d>U=u zDv(B!1o!6JzQ5N{_uOcH=(1vdTAEyx0;WE6OUrvYa(u&x3A|3n5Bzx$`|HhE$?ml5db%AWg z*zntB1Vstm=Wwn6+XrwyBG~`q`}ev$4E`#c3qfmrw%1w<)Y#Wb|L0R;7Y6Sm9OWGM zbT|}Ft68}JKh2QMSqch(O*JvgE=^{zy?r*00p;Sr9ljQ1z@tU61PPO^Ah2opiU0SZ z${(2?+79P%A~hww#%BTf!f3aO7!xN*)d*vkcW8(+1I-Fry#mH}>;Rc%3dB`Z+^5>E zz|m^7N(Rh46)20!y;c4tv}yR4z<)}wp|jy~c2tby(O3K`aN`}kedH!}OC2OuTFk*o zl1_yamI~z@!@(OVawJR|FfP6`Kh>$uqmytw&j=HVo9Rxv-Ke-Dr|-8Oa3>%jAYTI9 z{(xJGMae>;3abLDB=+iomnJWg8FuF0OJ zU!65WLLr)fr`NFDRMgr)lTD`GXjiL$ugR5mx&k9Q<2RC3CAN*{ zV7|&4boBHv9h7kO=>{kp`D1|52=FQ2;x(n+7@+zpr!RmLn}?0T1cGO@3PRN3+SDW z&GlupLRj8Eb~R{K7v{a=1&Cdr2KtKMS4w++avY?jb&N^__0QF*p}~_-1<$GU%H`$D zMR*2)Yw@PFEY2TgxUqtU_uXM9_bSt5y8vFGn<)qMX<+NOIlOj(N?fMPa5gcY3bf)N z=H|(`yVnPe11;%S*{9djO)X2h$YEj2Ta#(^^^2}xPC^b>iQC%D2yc>Z^Qsu|%GOMk zQ-5f!Km7P8BdD8Yhk}w|JVXR-Z|`rLgB68=P~-nU?^nwYRWojLIshn-z`?uKM&TF) z5XDb~H780*H81V_8{Ebb!R*-vJf4xcIYE@!a5571CAp`-I&^hv_w&iXQTpCW-)IAr zkromk0sS+lL~Q{m_7jkewo3J-!1}Qkw1zc+Oe@f| zu*3+O38KpYr`~X)Rgo8{X5)&ZXw@@F`21;awzS{aD^n@ZsLiKN^9winFEF&WiDz^x z`B&<2Y%Mnmb6vfvdG`8?UBm)@HrP}n{!nPF3EH)*4sEPvt^r0cW?&Fyd#C2NL zxdi}9EDGCf%+Or-VqZbCA^T_55_!f+FmeiTli1x{VO(K_IhCFWd=J+6tN*!OBTSI8Fo(@ldZ2Jp0TEhf%EQ-1z@Qu_#(4wM4=6uWPKqhzvr%G$k z($-#dh=z>ZR;T{*=)1J0?Svw`#-AjB4bIj|dDxOAb|T2^G8jl_YbMG`+gb#6?hr>) z0ccggWHAZnDXOERL+)E+Pk{GZ$se(ptXSZ!2YAH>r;hWV0K^q`3-+<}ALLcC9VlU92l+6O+fo}(X7R>m|H>Mu6fY~9C z{fYt52!2~d3G?zYFF5nm>|luwO_d*+{dn=`e&4O}xU9SH6Z!g!7f4T@3PYaE`C{$j z09U4Ca(1hZ6Er`2W4vPKJ5nAG+CD>CR6Ne=Om@$dze|6dS)rI`;KpH00q6?}n z%_2|W<|6j=rL4!vpEBN+)wW{ZG>yxr1M74B9jm6c+52^)d9;Wx?&RKC8lgdX^zk59 z7kdGJ`SwgCfbl2XxF*@{TSo%c200I%IIDn6P~txLLTZ)!HgNKAn1IAwdqClq_4%3J z@e?vRGn2S$;#uj9>O)=%5*-lV|4IBE@gC%0)oSx$2l{+M?5=GKMv@Z@B;5bHAndz* z0{YhB*R#XOfsv3{mT&Cz3akWiNU!mm!S1(rKuw@%Ppf#T)BgX z)ByT%06ZNOezhf8WL)Ee&k~a!(i0{fuo-blcDgdBYPQW)T^ZR#0{~nfPtMK`g|RLw z`S_Jt>LhLR>t()@h=nBG>kO*sE2%I{^_y1TTI~>7?%&?B8!|Mu3eKP2hVeCJ+AmAsfSXT31;O4Jm zrda#P0pH1#<&IV{+wtK%nwmmIjPu5gdmuOBb={0JCx2pyD0HDhbNo6agLWqOiD?fL*b)dqMJ@TmFizT8Cy^KqngeijrF zX_quN`4Y!6=b}NCG^=vJCFABuVJWg&t~r68FhvuviB0~C$_r7Bdym~(6?Vq*UFQ1Z zKC^r9xj@`~>;{eL19z~T;0Js&p|;AA1@)XA>q=l^qW+) z(Ft_pY!gMBgir-tndOJ4b zt+Bh^F&n)e3=$imlYb-Umbv?G1}uUvGg9F(goR`q&7A2u!!7(P7mYCO#G|`i+pm0O z#X3@h`{uG(+%DjX)0~U-i)}q&lm4D=;+^d`l;FC!$`4s*1fiXYqsiT?u%XJAbT5G| zjI&mAAOMgNH^`4NZ&!ybw}#L!tF^K(&y_H1GW&%|Ah6wWNA7_kR}?5>Nt!Fm%TX2O zo+4D4pn;oP&Lej^wo_Bkm>o%ae~(Wr3+)+`wix+L3G@)4!+XeiL*dimisu^ZbQC1_ zBP8kUF@}bjt`GQhKfdrqdCw2PkbG2`QP8h-_%trb$jDf>RAZ#qv+lPo_Z zs6T|H@hUuSvuA~g<2)~&+a&j|fJ(AHpM;6}p1pN{a^P@NYStiMc40x?;f^2_pp!m) z7B$=Xu{|gpD;Wdbu6-!&zn;%$1-gd@5gSAP!{XuR+1Z6M?uNyz&p9LD7p0hMr23edl^%dH zVD5(<80Cp8r~AET_-I7~$kHu~to$4gQZ}SkaMEA;a5M3RxlmLh*2zDQ?j*?d}6I_2IQ~i7ygzx$DetU!$LIbn^(9)?}img zm=F`WUT*LF7;Y6VL%zY;JAAi6J$QMKVuc!HN;~BON@q8YGZ(I9X&|Bsvl`TLn7Fw= z*+*fZKU(#jB@mmBK-izGU^%l2p`?Bhv ziHmjb+cVIHT@V8_4N==^aWcSCGpqHIXN)rLYL$WgZ#)lE3jqq#DCv68Q>)*I=FuPo zwWy7NB=DujMi+3V|+xkg{+65x${@<=e9j&E&%wazzsMeb_9bsp~wB} zzIq`$#2FM&p{UQpRPg|ynM9x^TMxm?*|7_9H=KnN=g?Ic+Y|`=le^3HDCKYh7+C-O z=G(Iy=|i_``rCf||LB~UK4+-Con+eqeop+Ep1S!@B=8IyIavxnihjt|Cw8Uw_4{rc z2m|U;k0qmib-kP)Bwgo;0Uz^Kg-LlX0Sfk#G&7GbyBok*B-m*&v-R-!aQpNeiQFfw z*zwN7^)(Yu>G5ON1X9^kCnV(0GjsE{ywK=Lh-NzNYZN8tl-DO2aY->V^VB z@58j2@lmH|iGn*pSmb44Fz`gu3W-Vu8^CK1$d>5ZX$BcHZL}oURf1WaUYj~gM+N1p z@IQAC%eZE!x;I&wpOM+9*FOG2+U1}j1wE93itlHq^JHHS-*cd zlDHUtU1*7lCo2iXAAW%8r%~1MR0vji|0-e8EUggo? z-qBwVL@`|b8IL}O`qcWWsoiJEu`J8|&hw*jYab(@WihY-voLx?J%@9Ekc)T{CiYiZ zt2At#jVteRs9zIIRCh(VyD!eVnPPW^w|wj6w%nHXY-&cNmpeE-#^MM;(S~N-jqM!| zqQ++UUMCD9O4}|o_$GE65ht##Ku}o#I@D0=Qu78A9`0F2b?zXY13<%@tAFemU9bOV z^iLkWK54$@hM*kpxr?ezZWG-6;rqtrU8tv{SKh!tCE`+lunFYok+(Xp_ia%LYlWWG zkY21up3nJpgb#;Eqkk<|gBGbcB395P1_YP-#4fna(lR$w(0a^wbtTBY57g{H=56+-#hfGqW9>Z+73-EH%h6QNMmT?tCyK$CBpq zjoTTf;8AeA4)rC1pLN0ZYy$bIWJj$KPfkf_>oEfS z?CR`HajupCeZ`gO=*!1`>RN%Wi2I05eDd4ya|=oe6JgIs@%E+%uluWwUoax$rRg!p zP~h^9U;5YjqN`1>D-&P3C(3Nc{W?6nmkImOFNnbvl z-J(W*!lakyPQSFa9Qh*ij=o2(N#tcdE(M;_H*em@#%HcX*;5LDNr*zGZwps*hNHfC zG*K0>3}L6B;BwEX{k`R9PVoh*OSc8ojRt%?L^&g=wTlooG-^?;t&g-gnsqO^aYIDg1)@Y^mC3kDuQeO2q&)5070>JfT%@^G65dL z%gTT(2Q^zh!^+Gvg@SPx(yq}hE%AgbuXpd}N0lsaacGQZvV1v-qusfC_y5L&d$(+k zy>iT8f6YFUGQ~Ik77?3xHt!7~6!RiRkXK6FnWtp1&1l}iw*pJR;|zq2O(AFKqSBRA zvL5yxXEL~Xucfv|{X6;CYn@kdN&u_BxV{|q{l#}p2aDdelb694{a@U@cT`jByFchT zwqrq5R1V!nZz4^)iqebHJ4%NTdJh2=4;GZ(LlJ4xmENPG^w0uC2m}!bHADyyNl2JC zmhbg@=ia;K_giab&CLG8Wk~kU&b#0CJkO_C{W9+AAKJ6<{`y&K;lV8xam$=nf#-^h znwuGBk9t`u!f`hfF1|7`7la$%EV_k!npn(ne(huPY_)!A23a#v=(MorKQDQCCGgFh zM^wZLSH@r5G=Y~mOd(mTI zUo9B|R;(#zHLiG0xQoeDI*!kuL(6OM3n-T-S)sdSzELPzz!oD>+*0qspL-1w)XKzZUJ_G9@|+Rl|#j5@`- z*uS1ybxx8}pH`MzObF)%9!ohv&7IKDe4w~$&=7L^3F&bP0T!rrW7u3X_Qu-A+DUy+ z{k4ttGt4}mYhts)h4y{jbYRtdo|17&{Py+Y(c*K;*Z!G(yO>+~WlFlzWz6o7N}v|I z4g9$uas8g6@2>q2nXaBsY>DY+2_(lJ^k}k7ABKqVMkU35ARTfI=o+&rNXc{rHyB&@ zYb|xoZ#V4Aj|qwAQHodW{k%9WDB=BPotUg!=>xo(tD#jNE`E6Os1AzAs?Aq&kC6`w z(TI3^B0^)^?G; zASV|-TbhCM*V%$j2x51~&QEu||Io8FkyQ)F?B?&goyMs}c`Zb{!f3pMF&CjO?BIWU z?)m*zLi#@!qRy3p{a+Vymo8i)Q;|@m`Q{|yv?uD#C%p=LdV+&|LS+^H6Q3&!eEgvC z3H@-vX;uO5!8ISD)r=cj&pw3kr(W%%t0YZS+P?h8PtiEEdsXnuw75j={IMuyUdA2~ zj#G_y$Nu$oBY`nlxIZyCdFqx?D4cdtP(t&3?s;C3^=eKP4zb&{G`-gZ)0c(NrmWG; zJM5xU~%q_XWxUYB2WejJ`3e`E&C9xANF$q4~x+T6g^Stdd&1@JgYxWzw zK~Wzl7c~?0n={s)#wFOqom_S0P&^NvbHU1cW(;r7A7Ax{enQ=})A`Q=uIf-R_B9UZ2jW$!v<%KPop z|729Ge$Byq%(aWS=ge4o_;}~FvdSY|nTCePwX!@?EEom7UrCX(NbSn^c}Ef(i&g(h zazY%7OVsndocX=_J@yl5dQ~|kG62`R7V(-~Pn zo}3|q;@ef6ah=iW9|+;%xBE?jF;g7iYnXa057;Pw`wTa)^T-5FA7;J@o@RjfEe?bQ z_OeMjRfB2L!WVowTR0E6NNfD_sZT*x?X87k2bHq0Zc}%jGa9Kv=+?WD))v@YnsZh% zK(ADR^$~njnn>$U)scaP)5hP{&{u7Z;aAiAhM@2H6NfVbjuB7_o^_ zq$rc?EUAtu0YN=t-PATFsr@+z;_{xaWN<;uZ&QZ(ZmaxvM(qGk!cRJ9y%K2_XzwN= zWy=zLPYMs(bg49Z=M{b$F6_2VD$W=x5$p=c$dyN4AI`cY*iv_#fG2U}sxXFT7 z_!$dC)lD43LCAK=7E}G? zC`j6T`1sLW`{@mJ^`4cnsyuRTj8@fhh2*lU`mR2iAgrCdljdZu&=OqSv-qNa?irlN z@AZ^>jW#m8kvV}6E^fWrh}OZ(hlBC}s4ZTDJYV@$-*TTBF}0PzPBw0;1bctpkYyBAW7;Cb$f*+NlxHUgYTg8$E4Xdt)Zy!3lJ56l+xC;k;+4OP39U{buKRP0rmgnwM zi3vHL&F6rqmv+OUA}(6RFT7{)fHnh*B}p^50(j|1{~oaYUOcVy%uXxl-zDj*bX`z_ zr5|6sesL_?yKk57T>AzXozW^Orj*q0tzymmFd)`s#N`+_ z7+lCs^1CG5@!@op0Nr#c@9`bwql4gbRVP-*EuMZpby{XOr_u1Tyxl z>)j<4>2$-yauv5>4N#esm}w9M0K!)KlCYfL*B8Nh@YTAhFm+Is@WcaD1r{If%I)h$ zqin8kVr;uw$T)s`WttI=bIYV#Vv%WpjN|fn|FWdK)j}=wTaH`+G(dZi$%?6kk&U0x zLM)|US+gYdglAS@D~VO*CG-0Ixj3T{Lb+vKpM_*vboiAodr1}wS)P-1+)5$co=BS0 z`%9)$4pomVb8?=~lEhmRZz9E$H52%Ibb;fuBfyfKKXPWrsT*tn=*qKn#!&jqeb@k1 zGH}>`_IYiLr9Eh^PUdyE7m!_P&QJ*KV`mXOb^K0}ft(C7F-&7>I6jkpeV2hVonD=s z>*v*W1iUMJd-hiNsGN*-r+-!^mZERYXD2+j| z5KBYGaO0WXWjCGg*ETa--F35q9B_qZ@Mi@XJUu07r+XURJ5g*Lj#z&#TN@AV^Xa3- z)3U}43t||VyPy=i4WLl7^GK295Ni4@z)Va z$34M3;XFROj3v)&FJ-=I&(0xFlZN{{pJ=LrHl5osr@*=p8#qV(+&wjAdtE5f%)SdX zly7?ZiW&DZn%{AND9&~hQ;;`H@*5eIpD564#ew!-0X!!6O4h=a_jh_n}0PC4fl~KwAPz?MM{0HsrzEgcc2_~MM+=^ZUi2yEX#}SX<@GCHw(=rhp z8O&8LGr-SdlW5c}An>uD>HB8E#__!nHP%V7OVQ0GX~7|6$sU(sQ)R@P7PM=*uJ_3K zLr+9F!w!4abenD)Vu9|!O*dP-u?sHuyHX*m2#2bMfPPe`b^dl-7wwXqFDN%+!>rPr z<^kyd8WGlVf`4&Qr4kfyQz<{=!~_MyEF(-?;iVRrZ{QZcmhMm% zoQGa&sV<9vdpwI2I<9j2Fo3A2J!em=47jq}#*EICIh4d9r7>uW6^56;5}23euW1l~ zspyWB80)(lbocZ~=7-0nrY;<%7QwF(CYw6geRb=~PzG{UzVmwMmCT{}Q7|E#g0@%O zcrxp>1JD(YTPQZAnDLIpp@PFb$-1kEe2u~Lg7XkSveS#G0O-PWsKShyu-#01_+tNl zfji%*vB?TF#@bQ7h}^rOenq)9oMQpWyxw!`gUVH*Q^FTalgjvHjgclc9+TR5GDYW% z5+#2kTvuUvfiV!Kz@jU3<%(H|66Mt*zb2eEV!BR;5xX_{k);@0gnGu4*X=&#cKKQi zV1%GJK-h>_)t^=U`z1|M_ivTHjj~e!TcDdRQ-gP5xy@^EJq>^*3O63vk^7OmokG}+ z(uG>*oo}j<9JwKFKI7Fz1*JKt8r}5N^`w_byr;LSHi`Ep*}OlhWmiZ+DLjOGGqf1A zZ{a?@(?Sn5$}DPhg4e!GIf5EQfqUWdl3$tTv<{e8b&eN=0WV5NuLEbpzYtZ00;!B4 zVFfETab_FyezCJQvCo|R-e|jGDyH^sr1Z}0tv*XMhMajmT#-`KyR`Kt6h41vapYBk zk+97>c{gzGsZ%zdpUmb$zYFLcm;+_PUQ`Eg=IcxpOhA3RPdn%UT&~uUV^wpL(`~u~ zcLUW6^#patij2c|q3`1uY6lD$2IahW9#Ri8zYUy3F3QVWBm-kaPWe!c=9cEU&cWPu z@|5sg*tOa5F21)BG9K~QYh9=L^}9Vu^F8y~aHsd& zleIoI;q3dku6SJ?Ew!=t2vbv2OXtY+JQ{4xFhNWvgwAKy+SiL(!ZTfLjQ|6TA0W(A z*rg#_B_?IPzMmGK-)cEgLM1FsxMOQa0&L>j_&aE$9C;nlTnT_klg9BToW2HVXq41+ z0~mQF4zQ-W>OET}`foS*I0l1quHZXkfWQL5K_^%gwB6lHMZOVa(fds83|_8an=qx+ z8D^DKU$4~(xvJ{^_z&z{tP*L8!8aLh{`5pEJK0;oDG1Tm>9$@UEL=P57Es% zvphTS`g$aQ#afBb&ONHSwkx(gB?KPFp8Zje2uH5ncjeG!_MhuMy^d=lrXvE(2V3=V zf6Ghdt3|Ve_(&)9k_|ws^XGPiraNV2D))nxWVY;Xo7GmzOW9*Qt2k?JSZT~6^T$C3 zhvn)ntIpX3oIRY9ddF!fkBIsPq6J+vF@A=wL~>WzUXSW`1gb)#6GpO=ehJN#@z04) zC6$bscM+(tR077W>r_s}QSO}(Et0WT1o$4D)O2!*uOwttCm0=|Y)qkz4lLv{t9NF| z`IZW@8CTd?M*@uWcTEPZ%VpAErynyr00r^UM5B-_#_nUR$+;qwO4uhUO7mT&WQWPC zG5l_Iy~SuDKy8bzoY%bwrl_m*-&JYYZ^<1SKbm!n(k9)Z>NEnFBJ}t9|)>) zLOG6a@O&rN0zLyt8>T>$&ffB0-$3^Rbm`?8ejTrn83|#EB0~qGVE1e8#xgl$xXe;E zKOkP&7S!o_X1fd-pf$+}aErNXQR2w>S}3r@`6tI?CUcsY&XG1o@V$W;;81dURt>@Q zZSdw(y-?DaPAu_g$~3Wc-b9u+;=uzQ0coJPJPSCzX%>gH$O=-`aZnt`I^hHH@l}3DdLm=SW*nzP_7}GsUyIGO-Pyb6FgGKn6ua@8;EUmR5tw@y;F^`5(~gxep&cNT~u!3fq^N8D0kMm~me(KEL?kH~;Dd#=8__Jd0Cy+!Kx*H!$etJPorEyS0DJ}6?y$(3Sz-`*D0861?M`8zvie;?TP>ap9x$^f;) znqB5-O~LuPix)34JV_ma6?KZv_h+Zb`QlS8pbW&U(XabHT>B@hRgEjwgaQ8qQ(3%m3B8so-qNc zuh-{BYoW71rqFSDboZj5V3);ZDri#Y^jKJ!g8P`FAL&bcw9Eml{givs%)tpgjx z?8<1k3eZY%5KR(k>S_PaFml~xU@y;rLNEHMcO=q68F`l3&J*TM0cB}2K<@>z=uoJi zoy%K|x+_ zNCP-)Sa;}TovCf`SirM`s8DCX(*=MlmASPJYNx+0B6ZUb4u4L-`p?#@P#WEF&E|lt zI%;*KvDHJpzh(wfFmKTB8ihyA0=1dmhNX}|)+#P823T1%tqSw2^W58carJ;HU`F@= zF=!12&SQMIsPb;x0f^of0l?Nn{KCy5Th}7NWrum2<7?omDe7Y+O&*Y$eSA(B{tJWFJYTI9D$v(;IhDE zOs;xNdS!Q4rTO61eCL=|;Iwe1YN|2QXRfD5+!wDgRhX3s@L3kxjkV~2V=!`<5rdcQ z*prk1f~d|`ICZw|#D(7A0fKxkO%*N~P1d@JEtnIhwoWOMz!=i$$7 zVVkGrfSYlRp9Q-PjTl~)kGY^U_xb)_19Ytis7jT-X))+U4L%Dd@P-(r_8%PnmpaPpAGYQHC@XV`Mjz zaa6uugDBQr4>$YC5QqZX#(IxIy_e6|oMrc^R#dI+9|mA6C@IR{v($Q&W2>MjNhYMX zkO6U(w08ZP+fh;T573)En<*c7#@5zWQh)CY{f=jGfPS35mZiiK=Uhs9wKDI&ONaAK z1Or+ncDtdCvm~o2N!YYgxE3CzuMrDMEzp4%_iLPdmJ4>m_v6DkJ9|%D6O$^aOFk9^Xnbau7je)jxcVw90ylLAf%98Uhze5QM~-K0$C zaZSjkP?{3Nq&uasci}Q=epd*HZe7laI<^(7>gtkn_sIbhfaALiT}pH(=jPYc_`xiy z+PRAb0KnVT5o=nOUll&3eCWuLD*R*j@%paNoTl2Y8o}wvA%7q%jNqH-?5ZqZSQEFX z9(d>je&@r9$r^~3OTJ%|z6$C4zAXJq#^}>VQeRV^VPT(ONAdhBWf{>0OmIYi$Y3RK z#E?`{nw(PS4!+1+Z7>2Ejs;n{^cnO(VGMMtyaAt{7^_JxSym!z+#`5*^l=raC1f6W zUgchal;KIEZw~v^c`&E>?qWSjnXSp}Pg}kXoh`C%3g{*+$^kWM#Gx`kV&iWjugIXQ zgk^0Qw6*WYditMSR<8A5@6>tl?fV9lpZVT)J{|p=0$DVuif$>0l>}(&M4*h*38ErN zf~jDW)Kx*-oCig7v!5KS^ShIJX8_Vg=U#kThRAaF*yF#@b%~>w-TcwIg4dp3U|O-5 z7#L#r)q~W5%ZRj5*zx|fgh{(pNzsUsF&p1TX*l zeWti?YeAWX{RZp^V2m@lo%EspKc)&R4^!Ffuc%mzIY4%+&l^rp{If4!lbm3QG!68pjU59W2<_4^|bFw_b#BnSZWsQ<8wq z1Q1Xf%@VRKC_N-v9blm6BI#pU>mCP+CTV=fc*2`w7)$!LKTZ+y#7NX);w*q8%jkZd zMAww)>}**cVh-evpLH-deXpODIMWfW3ECwetOKLN&$^REAxRm+wyh5mz2E3CaM!O; z8*ZT}=2k7ko!k91agzjD0+Aa=$btDEEt z7qJoX#rJlZB;2R}bNESN)VN8&mWAY4{y7woY|T@p2CRQoot$k6oJs;COiwRcUX+2@ z1WXm6l{fU&W%kwJP#qC{l8cM?f_m8bI)4{&Kr+3ks#}pEf;de;gHj;KponMLWa&X3 zIJN^e8$(Ya-L=>KD@mIp)LQ7@CfDOuV=jbOk9bx+(s!x!rYDs!j2I*uA~84^zmO*r zo7?v27((5XxUyf7A^M=qDRI5nwBj5iPb6YZN!bBlWgUdFHN)QikY2{%xOxjW+$bz_ z7ZLhxu%m!E@85*Nw2~7XB@$~b(;nouQ>m-`K-&9%j%eSx^8!?N)b+CD9d%I}2&zKR!VA~y_Tb*FTAmc*4EL^^NqB z{qs-+*MU0EDVwVP@|E!hv`~X=nY4+BfChtTVPhERms9a;1F$EU>0Q!IL^1?jP*x4j z00I{dlmsoEUNeXQ$P$6M(T!3z#BNaTc80MZ02a}F7%SiBM#ZWAUisK3ima~bpN|{{ zT#ACB7cL-UGHQmGvTCfcRuD8SDD4S*x#CkTO}s6dy)b)-0{#;-U@*rXdMBc;xd z%=r)aPX$w<4DlJoub(6M+;|kpF&MeU`gFZ_l198Jah)8QEO-N{W_Y3j*Tg3{}cf!M=YYW#Wnay2)X* zEXn(iwic@y5aT2GpAcgwj>eXiMnI{VtLj%t;jpNcdWWekv&?rWGPvwBE3i1+P!$y9 z6x!h7HaT94B-UDZL#%n}sP`pcf&;unFrp1tz7sDctS$Fw%3sg@Jb#@_~%95de^%GswBV zpA^c-rhz3@+rJ*p%O-mMUeQ z5U#k`mdm>w`TN|tb53%M2HSs7x;%DyLmR&Z#p*N|%yr{Wd~Zka&spJprk(x@0q!Y4 zTt^ecR{4N;`XAxcz1|a6=Q`*#vMunXhoI|{TAncHqe4U&mHh!EGA)n@CnM;HUsu~x z8KGPrYYzk=lEC&$W{#m+ZCRdik(aNVQKA5>JRsWfy_WW-gYq~#JNrjej!XEB+}eL4cQck*h6)tpt?$SG6VhsoFZ%!A_bA4@msVN=23*;9asNG5dW?r4J*7Ok zHt22Mu?S*wS8kS*Cw0tu6#N$MB!f!Qo?Bl3mX>-)fcyXsmp}VWt7~-JI64A|Vx3b~ zwqf|m`7qk=@Ufp5W5$cOqCXL~|98A#D0|Nd3x)0e@nq@^ntiXB3Nc;!LzBVH?>cl> zf7`_K^YIn1ojiH6_c#xa_aQgbz-iK{_VBB9ZoI(HZ?ThimC-F_b9(T)KF-TW})js1c?TkG)RAMTgB1`yP{_pE| z`M)ET%|586aeZ81!y_{KBLYdw2x@LN&&mk?kRA_bCE4@}no@%W$#;j>y+|39AYPqa z^0R%+SRwH~1-`W>MY0|wA>5A|!)L8?_1!maxWAmZ98l44VieXs9qN7I@K_;I3d0c? zlB?(W!7-psOv!o+fI=i=8o9XE|11x-6578;tKQuRE}~5zBZY+!`!7L+)^qn^o#&bf z^Ro^{4|a&is*@hD-k!r>s6R$|Ju^@N1e$50J!IZMWjZ$6w{m_q*ien`Ohl_vzy5v2 z>xJu-}B0aq^NC;sO~>1*Ib_M*mJ~&Pr`I#A2OF; zAO;Ftz-4id4mTH`ZMFTL61xXGSMM|Jb)#8il0(p6Yg?1Z_wnNtwr%3!Fe0vViqX%3 zR1_#gtD>FNo&4muF6W|nT?@AwGjMNxO|3}vrw%VsU8zsZ%mW3~(oIAzGCw+#kos-* zPAXn@x(~efv-wyb2(zx}D*6{&8jTMNoJR>COywJv;l#6&wkLs%C(0h=EPL&pss%4{ zRetZJE>pD%U(!4BZyle~*VH_ZmR0LqOx+QzRA^C~gz$px-y{NfBsjdpgXQbx z1H^2W!m15DvR~_;pYf?MdF-)VsC&YocS?I4BXs_LSe6e2bsl`7Z*7*eEU#p4&vR?I zRyjSWFbLT=cJ#R#v3snWdYa!1d5syG)Y$&nrd#Q>_@=(Qep2dP@FC^4-6&>v6avqNzH zQ>-gj_zCTV1UuEbbjOXqH_Y0{wru;gL%`UHGw_509X!q&MMX<$fpjE=Ms(?3TU4Hq zox7^VBRN(BlEG+kbr+Xc(jRL|)3qwmwwcQ^;#=)pn9wbNlUk;~7gtBs`i1*7g+Ldi zUt+rR3os?hg{^fNZ;;6$v}NksxGWZ>K-usXOtU@#LzdvCsT3HEEhdx))dawXx|2yW_}Dr;tJRmvNag4T*n z-^sAd<=m{2nX!8AO@FrL&-F%sXNB5qrh7;RRBSipcf8u*Y`H>AO{*aCo6fsWEs_jq z5nN7|miiykUCZgw~xg)B1~z^(+Otm7A2c zSaT0Tj*Fn}u%%ndx+EIbe?^2AF6ZXqVEtFilMq7co4i#NYmx1}m_+PNPnXRwWP*f;=WR)I&PBgXyR5WHgJ+g6*3ENr+Ns(enfV3*^ZuF51dTBYfS7^HD!`{k6(g7_6b1jt!e zw@+w?HQ{%a*e{5-eu8FM*5y-kF(2eC%_D9x(Zxn;g5LOrOXt(US_R2s$Ueeb@eB^^RT4GfPTA*0OjTls)w9 zmdkh}cs+XDhP)#1m{@q4n(JU`R$A0xCehik5jZR=C18p2bbCB>XIRfS6TeYKvBO2B z4Z?@|Z!<|Gtr~9Lv6cJV+XiPAWYwsvkh&-_cVH6ARHdp;xSYKlR_j|t&B-Qbmmif? zNgbH+b40y!@jdEE3%mXW+El!}G>_teozIUTkgmq4?m7hpJ)W=@zx9+7+|AQ;!TLb8 zy#7=am)q%@OnX~MF@*hqiW2oPppB4i$H>=Is0DQ2_GVlFMRxPP;K5nC;6W6%qH&Xs zzOyv8%M}+rwJKRrcY&r5IMSiu_+jW03uSpr^-p+j%@t4Vm=rcJ|6kK7^&Ajg^o$-u z1T7he-#Sd?%Rb-oM-cqu9ukE3u_<%c&c^e#ipu;ekuert&>})G+frVIgTsks;={2C z6__|r;vorSNPx*+jcoFyie6{kvYvMCI(^*}$zDm$w{V)wtr$+8;wd>#3d~5D3Us7F zXd5!z&*PL;cw}Vzs?pzaD@J9oBX9+}1+<|d9S8OQ1Ms}W~?MKs$g zl5ImwWaials86zEQaMUQg${Ps(xvA<_jFOqJ6`YRkK;p2<&Q%>Cgz-U&z(MVTD*U( z50+9A)&1mM4T`kb~lvOfOe>Fn0jmmfKADz#+=Nv*p%ALXN>w3KCeqI>PK@B3$R7+zTx?>)31D-vu zlCnabDmOU+ah3QZy)}6k8)8DKJ1T>@KQkpwb4O!>H^AOVu2}CTf2U=XeyYE-vX$VR zFEH8uQX{`UyUA-%{;~H|HTg#wfMKVw_z4j-l+MTg{?j5;v7YH^X~&kk`Lg9hXbvk2 zg_{a9Jb{7xtC$p8DmL##oDD9tc7 zNhMzDA>13G3&Df<;%YS$kHb+qu?Y8hXBWiK$RK$G? zqt`#bnRGbKz6y<*jo|H)jo|kyJ1c8+NJGwsDi>NC{CY(NjvH>(>K~z6^!GHXc1gpe zM7%?pq^=AQmKs{(CpKw$(+QCxAxaQ4N7Lfhbp&bu$(@4e@G5+Da9IZ21kqoG?P=U8 zZA~THnRt}4-%+;R{F`%8`fF#+N1fm~dMSipBcSA*o1B?whUJ(^h<2QN7kLezy0T%0 zTryBbZP%hn#rFqshTeG64Tzy!c}WEt0o6u8W2!R4nbN9@jNr%MJoL&p^C6JO^RC!1%hAhcan zLHDHG(749kylb$U#$9nUXXImdnaIfy9P+3*OyUMWvvfG68 zeyxU=IJ{c9jBr37Q$$H)enL#(yJ!u=BVv+U919^?ODXSgQcb$w`}zV6Q^m%eCb;pV+k>neqNAmL{4^crGxth|fh) zQuz!o*u}?OQw@cSCXeH6DROh2bau#JCg;!2H0TjKbi1T2q%#hSW(N;A?jk~zCAt=2 zhKrC-FEWr&WM5CKVHYM&PZ$dH*xn8umrw{_&Jc7V{s1C<&RW;;%9qUsdt9`ij0aD5 zYvzO?Wdb^%*BQGz)QeVj_X%Oq^`yA6=r8q^JauxRt9#nH9;Als)$+U{2kbo&5cZb~ zx|d8hBJC*b+DlWpU8tbNin+|m*G3_d=Ha@TEFo=#SA+>;(N&1YO2bPU#zD<<$(4s= z(G{&t(cUVJwjA^HS_VbkXzkrGw&u6~k}2c; ziQG|D%kPw3RE#O|%gafv_{SyWnpW->#3|W|-Gw>+{Afb+Vy=vOvf=7_*pNjE2tL#C z6H=TtJsCh9OgYV|@tA&}qFq@Uod5icBL(TKb7ij7$*9aAZ0OYkBpNSE$R1%IUUE(s z?o%!i-)c$a3R!eXfLXA(yq(A$a{UrkBw_bx;x4RtxEd)97sm)MXD`wfjx_kU%+z8W zd)CYZ$$hm)E2@swxMS)LJaM*X(Y=%BXE`38)M`?4tYDNc>a}QYP2^@v4sDOqOw8;mQChj)dll0__huwq(>XL+39JdJ9T~Ya0!!gw4%$ZSTjf|0f z^=4VMtn${l_{i0|mO}+AE}vfKxQ+_Qdg97#kvPSr+NvlB{XLf)hj^XtC;roso(X*{ z_ylzkue-f^&iKEaS8ijc_O>9qwrO;Sh!wsV` z531gcZN`mJEg+GltCrRwGGcs>pz|cg_Uf{yXF_XLw8N|W@oa&?D%;~YS@t2htc31b za>}T@Zvg#46%hGqsd;2Ko1H7cw*XyVTs=xGd?8EMUaUeHlMpxED>O~ud<{Nth&N4T zxT2Ey>;p7M$aOt?4VlyFFREjBC-n*0t3HGMEk~4O`;;Zo%#`4g>?W;jbx7diW)3`P zOx3n5sfKc=`cRFJ0Y~-Y>_UQk58XLaxxyy9Zwu``K<`Lg-9n?ZI(cG@rKQpI2^K*@ z2Qfjbwm=}cf+}z7>y;qV6JodPSc_Z{d@!%DM)7i!QXaYWq@-&bKm7S$>hk=`&ZpfB7DCbprcV6` zuJL{5CbI4CU!K%?&LplM!+B7Ib>`Dp(4jh|I$U0VpKkxaz%5ceFlHvDasXvSCvF0^ z?^yZvktTdiq$-i^k;A(_Umtzi*|7~PrYCFxNjF-}O=~wR1Z^jcaT7NJoGpCulUt6n zA3l#4=x3zA3*!rdtbO#@re1AteYjf2Be1KK9U^*#Lu{5ZV8J`nWD;v%F`9fkFj4Yu z^cJh%a(zodq<%ns54Fg{RmFVUs77ku!Gx?;aG-xL(}N)$%ygNh?Edlv)OKm>C-O^43oJ3m^`PU-8?)f)$U9>+JKZO+Wg$7Gyl6T7aq`Gq{2hgRy#Xp! zz7;gBGF@_7TG&9pWe1Pxf;{`5u2lsvJw8mxFdtjZ8N<4P7o7jNn77C*x|X%1)h?sQ z!sL&Q@1|zbtw-QCBtL(WIr*FaN7PhnN0_`wKT0mX>}$96&s@@rJ3W%`M)I9Jzi5V+ z(W&;v7hS)Nh#hRnDV6Ok*zx7d@Bh2ye*U}1xQj!_hO7ta{M9lVAzQX~6)G8PY6aFN z*Z?(8Bi8jTspUmVxx-d-+Mw;X6p#r`Ih4w^uDszJoIRj~)e_&)LuYIScw^k0?Xfwi8+Kx`l_E&>DP zPAAx~`OQ|=?c%8Aa#(g7jLdqI%IvG=dA`GO@L5W${;KEki_6(%V*OI$cdxfIr$pvA zANY7UI4u^^7MFU&tzEoHYGQDHm-r9+&>OwmSeTqit4*dAi@5OqIa(fOv6;{XH(Ct# z*-{>w-ocu7)*Je?SwgQ=hL-{E>BEWva#NE;>O|bU;7qW;M(2t zq>$oBLy4D4`f6{!$72S@&3Cd4yJQb-IwjDD%;8m(#KnUblxRs?AN&h-I}>oaBZm$q~pQh!}xLsMEf`Bg7tK&4Sw_5hv{HOnTa?W<~Q^MmSHk9;A;Jg5zvOdiI z-et;$y?N&ic6&1yjz>)oC_Tj#zW^nOkkwDwta6n-+r*ya9R{B}E4Q+&Xoc5Nb`4Y~N;R z%NEwVkSY;~l^cUCg{E_?G_JnPjN|hXHXZKRcUr3-Wr#_+G*{@vmCRP_OZdh;0Cho{ zfz)^M$ykR+qYFbAIhuS3iOPzl7lEWyuYJHQnVfLo<`(&%NcJsE$7vXgUo^_oX2p3E zB;+Iwl`n1kj}B;8Xe+dwsjetl+_j;6F4j5Wxj1^MQ?bxyJ}OYXpjl<(HsrFByMk<( z9_|*!VgqXOo|BA?YI6W7_$n@SO52m1D81D5hl{Q(2`FLK%hz_l)fD!&`n49nl9q*e z6y3hzQIfeMyABd3k{iZ_($juOsYDZYDd`%xvYU#rzTBdro~=IZ+~Zch0QO!~UCY+i zcxnJlzoY9Z?KZwjpovyHNB$M9hBMrmx1T;WuQsy_IeOV~*K_LhuB8RS$EmvD`2pT@ z*OV_e8jf*J#a3ZM&YO6!HJQHr67TRXH)(F%eIMskxq_%t_!S2ayQ9`?B=vA@(mxc_SO1h-Rjg{xwe`L)m#V_XUgBJ{ zOsRX)C|7R^IwP`dOfZwfMTQK+7`z$|?8EbcLe*$SuPaGo3lT7WBObS}m&uA`Zc7R= zw4nM8Zf+1hdVuE0gur<9Nx?3H5nUJCh$^Mid z9)55emPWn@sMwgB7&QJY0hlg@*kWVMRi&sf^Rc=>OTzifYq(hVslV!c>&OW*Jmk)p zM|rx>&&#c%yW_f+Nc^Xb}SWUq=vg~k_F{G@A#9>68g0B70A6BS}Ap&L~| zMx`6#|88;bQQ@@EX{|5G*veOu5~ zra5lD@jW!ur0H!wS=ShR%ygrD^C^Ex8iz+nm5*sq2Im#HjYpaJrw#91X?wAUs~rdH zl9Jdah0<)jm!CI+6dB5ouvgVHc@ec5m6J2DV`J>FwD;W0y9qQoJ)nmsIuh0CS&MPC z!W?G1E}XABBD!cek|7D_+N`fZmatkTNy#n>o5|Wr=EB<-YF@}L)D(%fyfJOc%MP8) zZypnO&M^*fNzjZ@Tz|ZMUCD3Z7SM+U)(>3e3rtN67cqv7y{xR~xHrmK7coLzFZWrW zCOGCB#8#|SLHk=#A7hM@+D}*7l2+{&nCu7~I&HE97Jfw`oD~ABk=^fcNhs;%UU)6( zRn6Zu_=l~J0wO!Ky7q{(;mV(h)MW~H3}`LNVOk$0E8C20bmYq7{gvQiE%(dr_rAv! zG4Ad0`YXbwZ>ae4mK%1)aWy)VhnF zwGH@$c;V|FMzT{W5y!VIJPpJ5hSbL&ZGPj>4I6GnfxK&S_t;;HJ`r@nH+t)FQd&8& zFn7K>c+5=D`h&L9_!jX3mO9z-v1pL*SdG({f_b+*Ia$CbAa8R#n5*C~mS-wUJb(ZN zKCK6YkE2f9z9;FQz&i}U*`e~KbqpibZQjOX^0uDii{iaW^lmFp%A(>P*Po^D zJ-@Mq(tfb2I8Ru;lj7f4c-B^ce0GRzbV-*ow?9R)z7oyh2gD_0k@8c3T7E;FpPX}w zlhZw&!2y=uE4y;9^uH{p|Ad8{u)1cl8k2l%hOBw7;?d$vuAU4cx@oBV#&?9psf)jj zwVy5?x3gAf4v$p@1?C;ifax5|kn^P4x#(7FRwvcuQWf}C6VMWehRBqY1-1f=vB)^? z3E%%*yytP0e*6jTw!EPxZ2mWdWqzN!LjKkxg}jB>-MrtOAcOSGQ{jX#w(UzEsI4seL%q#M>KdOdf`uTop7YmPZ) z)kz3SvtR}=1~krySe*szrn&+=GeA|~zX1(@5pf{NKmCbxnTbt$m|evqgW)2;&|Q&c zFa}v4{BY2`r!4~daAd2*4dAKds4I8{kb8RH1UBa8KKpy^zWZ3^&G`8E(uUPC|78RN zg!d7H(Ff3HK{#cD!9BL{y$OUk;ySpOq3I_$fo2b6rJ0A?=9n^Y}X>b)DyNxQGL)!Y(rflBAvA zY=y(D2Wx@s2uFZtbGq5hFuWDwKGPe=5qGf-ND9l1XQez6IQrETmO;VW5Mqbk&^aNg zQ8xQNUmr-&MR700yhPtV+aFVJ={eA(Dxff$LnA`*8fNZ-3~X*dxiD>G3!Nx8NsGxW z&mXp%07&7&dU|^KT%C4T2+plDC(YrP`*Kxiz3|M}Sha-~Etk_sH)Q?MQhkLv0gGn; zFsKBUFQjzWob`Yegr5Qg9tDr{1+=W9j0=RP?fO8t`;b6?mCRIyZB_+2$naYEi-O)v zkzSFNtDI*6Sdc*33LgAB+RM*B{k`9M7HLo)&kjRGg3sSNZ2i*h#h$2hEJE?3yBw`s ze9DYJB*MYN1C+sT3NEja*(l-wP_`YtfvnbRvvIzxSzF$&^6mumk3DvED9U>PfVr~E6l3D5(;4sB)Gd#gi4y%f6yxA3XG;N8w14>PI9eRkbf(sR z-zkY71)L+lx;s@R>y70p+8%WFQd$Kc1+3%2`J?_4q>M^UP-d*DXPHmdcgBKT6syyJ z){GxO`PM+?eFssXJp~1gVF2n|)4L%?qpS_Gp03*pu+1}WVfU@qAJ4h=-@=?osc=R? zTRqMMXIlGGiLBHVdjlOnoyY76hmdk;u3H0oLOE2uS9dG~5PnAhQa%-Z<@V_sTWPv% zAO@fkBKU>w`*2bEkgHa|$AG7iL&Mu@&Vxq)RYTT&z<98hWN^GQGZr0PYy+^k#-4#a zclNh7cK#92Mxc^R&=Va4qdb#*__;nP{0;O*M0af1~U%;+{^o} zE+7g3<>_-!yrny)d3sE9dLF=#0hlc0L7CX8!{S@jO1CfNyC7j%C|#q*<~Q%eKDTyM z-N4d_?&Z1m@MkU*TQuNWRvpXNr1Yd$rNMICwdn2SLzQx(D7R3^JiyUZS7-~jk0qW0 zL#}T+WirnS%9p~Ei%21jd~dvZg2|t(GmN>p*^793!=`-f{hm{hD+ft2_ zvn4DS3Bh!^$&aepj!H6SL=1|Obdm(%sw)fu{)5P>Sr5@zc5~DAivD!UBsY0LR@r-U z|KhCM3(Mg#Ks{$EbT=~5e%o}xJ{Jgm!|JpLd&xMMIct|V^H1^Kz#>TRV(VSc0q`(g z*@J26QZc258mJ1=M7Kq2sMPXbOzjmEPyq0h0L_4x_PDu&%mj&1xx;v|u4U$-Z3Zad zWlD(~(tQ3zSdh|*$}#-J$}J?i}V4F&eYQrMTsN9(2SN+(@F%a;fc&(!q`P2{qq zPbN^roV*8HWn(Hfo*EZsOGh4stkw8jrs3#ITTkgVs2CbJ2k;-C?xlsSWX4&Pw!f80 z2aq?tR zLJ0tOA@swKFTK?>##5z_Uj|mS(_30aT-KE7VXcHOIS=btA4W5+B8w%P%nQs7u=pbK zpl|+QZ*wiVM-L2$*z`9X$J%b7=!!wEd9|A{%|ozMu6^hhgSIGUKh(SN6_3Ru)OELk zAtQ$~qj$DI6INeSO-s#0E&gaR?5tLvpTBVt27?CGpj`=mX&vtF#_!e!a5-i|t5w$Z zHdb5sQhXreFcvBc&Mo?GsR1TGIzTxO9uXBVHB#+A=lN#QajU%jLwA3j;RAS~;^6;C zF1}sT4so%zw%*^_TgY?>OlUBaMdGs*HL$DfY!0>IcWXF6H8kx0R|aj3|V z8sMQGa~^L^gk`oz=qva+xbS6IF78Q;RZD2oc13K(SLK_A8YnGEY`DrnuP)9H`k7tF zUZG=QRjrcOHL9}UUG`c1ra=Mi)Nrx*lec+oTJpbAY;ix&OWgFGD7%`QZD>`pPO!dq zC3oYI;)iVMuMZ!M@cNSqw(2y~-C~rznesK4`r8fFuWxU>YbG_%*q0;W^!xQBi&rT{ zy4C>uN91jC&Ci8zbU#wW-a}8l^Yj6Gh&(%jEAc*i+x2h160)0;?CjU#d2H9>YsMc< zH}!FJ=)qIl;4`_osmF+-kHLXGuj!rM3jqnWoZ+E;!&h3RfYGEP0rLwYehpd)UN{72IU_^_Z(_am&Jtw}u`kEk)!_xo0r|aSV*?j^6*ZdxF zUHOBfZ6>3m{PRQ;x7TVH8ic$~&n@OI9ZQs3Ln$Qn0pOT0?SA#}$uKX?!35mJ*6noV zbpT)OjUqVPQh-ua)vQ_Pnv-*jcfIL`^;*m43 z?B&yf!iS6ngn3C^WDYy$5KLcFQ&YWOz->mX`Ed?NHob)(x19q`JOXgp+8I3I2h}bs z5+%xWb#|xn{6^f4EBIMVL|1z)dLh1(lhjPWUQfM!ZQ%892T|@3b@^n2QUA=D^n+)N z&jCIzj(X*JzG(J=eMYkJTAwBpVk0XcQ8Y~A*nDdCd|>~>F;t_RDhdwk9gi`(H?QT2 zsL%>gFEfH-8))DSuIPz9~(EUai~GU9!`L8<1$}b2#%0>C)quTd^|4$lLjX6zph0o;X$e(|xCXKgzVUw2K}12EKFxH=CA=iMxkglcBl!nrrx0 zT$7FfU@)sO7H-5E1_hq_=bzDQTD4uzDyrSj96ZdYtF4(lFF*Z)w-Yb{FNW9KACwu1 z>g(%|^v6aV%j(wvE-?=}qNp3$E8TH=>jNn@4B~6CJeC&cdA3*m4BCyZiCKyGIMUM6 z&MPBJePuQpH2O{eDW=-(^gzSAxU!NxR(lQ`Hg5TI<*YBBOMws@KD{~0T$R2Z_CN+puvS zn~j$A++3PX!yaE{EoZi|LQMid3e|OCVxUAb=d>U=ey_}qZ+MMOuhn;2=F$ausN9!V zwfpAYyWqItT9Tjqh26at{@3BW_Cfxi8l3|?a!@!lNEr22eaUCjaBW6QI#QEM;#z*$|o}ij{ifUf>d*=FulO^XCcn7Te;qO+Q@~~7pCFX{b z)8cdAt6Ecg=@UXBEav?)v$)W=jF_0q%<_JwBg;sT_w#FE;+Ln*vXNFg*4tm_K5onj zgm>$=sJR4C3&P%&6Q>}4elg*8C8Qm%f}fPtt#6WWR>}{KBrg${|9FruqZLI!fq5E2 zfurW<>+8Ek@abCqfIZ35rgszrb7Q@6-IhnCi%gb_i8& zSF*|qhca_fT)Mhf&gu#l8%8vJR36i|Wp7wG3x)XjfiwK}NcLVK>N~hZ0B(K+b+1uH zmUYDTp~Q71X52`4NxI2y*KmD7kkCsuM(&kw?AVRlpLTf1@_v-zW#50!f?r?z{y^)l zqksjaT@mG6o#3QlF^?!hHzsxD2LR zVlZ0OM64sg2>kSr{f_#MdMT!d5uO{;GjDuPIaiHYXVGzytDuW4)ZBfKx!fK{<=E|; z30iPl&CQ=mr_U5x?~|o!B$}0ck@ECb)TB%=(~;LXd)^eF=SbU7H@RU!TWsLoJPe(3 zaxv%OnIzP_h^&`>NAAT&9iR056p#0{FRYCwxa@E;nh&B*5oZ5@KrKfg8P$qQk$)R> z_mK}jBkNDc|zzGBylmeC5AJ9*nT6vL4}abtT%c+AoyEv1V&cXCJ$W}N*Iq?Jhrk;Vm)w_u_9+F%Ofy%! zLNq9TeZf3LUHxYVW8=LG{m|7$s%YT*SeYS)ycti--ptweJKkRCy_foK{wkBMHg*n< z2X3|>bCbo)+utc~Gv%@;r?4kizD&;T(%<@}*3L0Hz?u0mfk$1XA;l+)y?k(N_?o~y zAD^P=Ja9HV&;hIuquhVDZ_X1 zc7_-h9ewNPFh} z@Mv*@&;;aL5|mOWHFLf&`sov?_g4OkLGiN}ZvK6g%mRd3cvwcfR!=n^c{o$wW$q-@ zZi(YGNwvTNE&GNo^Y3)}hAOJ77PDJ~a4_mWS((ozr)g3*onB+~xjUF29K+o!_kq#EAB~G=EJ%VpU|z?e|TdF%b( z{3egFxsw{*-g*wo-=!PFdttO5!drU~Is1u1Igm=N*y&dLH}TVx_HSjxbuRnM@hw}V z_1ro?oc`w!lIz>1n+NA+<37fL7tqP-8Ay;qrqPNubPX_^RCsR^TkkF5DJ0&^d*Y6# zJSjV^G{ET!6lMHF!?Zg$#XZt)hsBLF=w7S0DIXDwVrtRy?nC_MoyGer)JQlBO?@7|O z*o<9EdR<9jSY_t<|32a5L@PgQZ#>ZYxEYu>X`6n7WKL3$y7?tU{3BLOxGeXcSQam{ zz&Wqj?OTmLOx8q7&xD_}d=-3#txC{DuY$C_oywSQ{NOY-gMlOzi|+-4d z#u8SDXwPe7UfaxI-TluZrHvE@{wIYWN}TJ{*>s}q-c50~xFxj~SI*lxc@8Y5P;_u{XCk zA6K!JW5UdaHW?EGXfcbQ+e8kqeCGcwo-Mrm&5<-gD{>I8<)~gZ8jGoKK2(hT+_Xivu&ZfBQ!t$)uxQ!K$x?Cj2*SM$yOXS@trZcBIFd@S!Uw0~Ip z$VBhKYz!|E4-?39`w|iG-K^y1jpsUI8xMPIH)rHSCE5txPA*Ih= z_rCB8*rFA6Oh^EEd}*Jqxx6(_jg1w~gp<4Rl5^1yD$LUSvd`ac>Sy;Eb{=sdZJ+vR zCpOT={JOsuZ-LV9|GnAn4$Z5(+_a(=t^G>5bng~DW}%x9Z%BmEo|MMN6=!

uAw^O69P^>tY*Q3BVBMW@hL&bTxvDzmU+5UnVTu)6%gkOY>m2XaWhX2Kp|x zL81Kh(m@MT-s9xPg&1IE4E0XGKuzBigU8LmAEFN3M9H0f-Cz5|D1($wjgJ8Lp}QyHtHV~!=8o;B*8{iTJLQI;Np)0^gCV0Sa9 zD|djJjtK@+y=C8d2Ly&EpqMS}-HeYA+S&@lQylDHJp;Y1Orb{tuc@gGBhxPEH*g3h zPML}MGbdC07z%ZMzW{ifliMFr;gT8q;Oj@u3w)b8kDkZ0W=n04O zE%JvI+8K_qjaz5ifzUEJ%wWr;m{Z}Zr46$lBXB3Ul%9Y^xUqEtG)Z)I4a~9TqOa@+ zti1e{Ldy!=w|6nTUP#Tc^+ZI&4e}%J7!r!S)F8ygm%o#iw)z8zhR+e-Lu0V z9fGx?s!TjgvF!L0X?~^3ZFbmmjMI<_t)U^h4jzNqvu9$)%;}1^8PhO*`czC?uo8Ft zGK6zTX{*pWVj_u}mcI0S)`Qx3zWFQR@FuO{I8B7MOaD=L5vMp0h)HOVH)^4k6I!ZF zA6eWN%4#gk1{gB-sKRl$bySp+&@LaKu!U9-(OX+c!lm+ML>02(<0fI&hpunh6f9Z0 z8DY&@XxZ{JIwU63@hYO#o9r`Di;@&SEa;~#^z>kBGqNt)tW{8r@;Z}=hE0viH;OYV zFW8F-16^%&88RQ<$t?{P`1L}|?sc{V%ngr7L`Q}pG%OSmQSrzwETfQr2EGEJtt!ig z?V8~fM=Er0%tfGV{3{b$9}-$!5?za~qjB)UHP~Iff~!|r-mchQ#?`BL@h-8h%dwP7 zdVXD4Ie^MnZH!xS8o9E{IeYPQY++AyQa8e?la9?Q)~yL`Re1>>@1G(S+Cd*Lw8uzj zRn!eIZ2WRuxPBei6kJckW-H7lfAh8zGC!gz{-cC;90_fDYeJjbve4F1RRHfNcG$gs zF^2ZGhJmIEI(DRV9XcInZo4A8S!-<@g|@Z^nc>b@GRzE}lvQEbZyYx7KZP6ickt5H z9l_!8$SW41H1i!+m>NJ$%k*~6x7qx8rH%Qm1uXb(_4D}ud=e|cyTjA>t8s+3v`WZivR zYaNw#Ii4r$a?GS*!M>Y~C(Ej*8tE~?cw&DV>lV%s)>LH6qiB(E>2)1}n?BNIhFJGD z=d*L6D#RBFrNuNjCp5%obLb(N9*C7gHR!=cQb!^(Y3qZAO7J%#>9gUQCN_R^z?M3XSB4XAw4q-Mdk9jzAasj zYfzNnfqB++J{He(z6l5Jp`b12%g91;U01ahg;qgjglJ7@Sr=lPl|!Y1O80W#5vvf< z$`Ujc#mP7{zbjOj05|J$EJnn$BNW$k9?F--CIfK(<$L7iWw(BP>1oK!&Z!?`)>vp+ zOWQQO{0)Rw!p5{e*#~2FIxmY?_Hv9i7H9gpx`Ny`Z1gw97yDki>B7LUEA~Ekudo6~ zNB{LgOTS^W9KR`S{WqV??=G~p$P9jj@!breuBneHTW-~ln`T{({p}V>yYvoPfbeR? zdA%*vR#hP6{y|u4bcE5MS#XONQ}|eS;};lfN@Xeu^Zn40X6g8$7Fx$+(<$$(qSwIn zh?eV7^C2oqscc(f0VP#^%-M3SQP*p_NfXc{nn_6W2~`$K+u>prcG; zWZW0~@5;@NEYLQgWxb?s@0|o?3TL-bi|{BQv0)s)9HN|HEF+;+|2>6PhNQdzF+twA z!s1|fZ|JCXgr-S%9JuwSetlReZ4+8nA9}QZHnb=Xx(uCz$NupRYc9(n$_T*HvF5^a z|3gCC+N4lvf%h=RvLgxY5L|fPe758|*nRr`&T5#o)I!^Y;@lJjxIM*@EsHR;hbdI) zdd&OJ!jq7^kC;e{!)ZVK;e>W2ZS!8mVce4@GTTmsR#IJw&_{b=t}dPIsK?|DxOrtC zx~MBdN6!!wHeZpAA(is0g;pkPD@N!-jUGU(>*U~RyO7kHXUg*tLMy2fBlP}mSn6~V zCWX@L+!qHQHjEQ)2FYTk&lU7A(}I?k4#{>m?7bc!`?3`(^5Amo5QbS93G15b(Ql{k zye<`CVL|m{Fji3(x<#@vhKC-t(jrY^NcO*hA$rQf5rB_sb8Pa)|6$#`SM0sYO;K%2VGr5Ox}1I1+wqy!i5QdHjFcb3O&%-th{5^T&1e* zr_dImC8^1cz~+gv^XVI6)N0#?<#^i4XB65haUpK+n+I)W*2PvA7QKezUT8~YiUdVM zK2akfr+n0OQYcpO32;Df9aU&knAl9?`{~~J*vtF9gtn?A1LqeHgc`*wn|0i*#{eu{ zy9rx2Z@{LFinfhdyL>MCm}v|7iwW@XB_~m+um<;;gtnD+Xn!@ov(T33CE(n;aU@Af zFzGQC_vDvCs;NM%%V`*CsKT^+KimqgTVM85s6lC>7v>Kpan`WHzWZ#PZUx?4Sp_Y6 z1`QR)gf>5VYeHLFCBnPA8=O=QCM^_ecK&WC<+UQ)6V(B3GH&)roB+mI@?Z!mKDl{ z$!~;ZWz@A;#kLoQ46=f@jy8-s_s2Psb$Nch(6aBdabw$L;UU2)i^g3@H17wZwYBGK zYU-MV+Ag$ACW>NSVM0%RsA+1$K-U1n=I%jMp5lq2DhktJw`DR_#MDSkwPDt8DxO8l zwNBTxX5G0sIjg5IBd39$HpZ+!MU`dtc@6SnTrsn&76~X5BNF(Tdl6ZrI1E)qX%sh8 zp~+gzb#-9Yb0S{G$W1o&(LyVoluAW5hS$t|8e9^8TcPbUYBEAvIwe(p^U~t*;>sQj zvecz((uSV47P<|cix&|^vYn(Z-GC3QDJrQ|P=RQR(6aO8 z;l|Es&}0Hh=j+mgDwh6KF_wL=m?r1@j6%yM$q9DYhpr_3(w7}wu;kD~6f4M^O9vG+&37DuP)dSU=oI=!wDZ|GNk+i_`F@7}r%F z8dRCq*EPhXHK&kXT20a~f=E=>WD}vhyd3#yVc0#r3)I!MDXe-VGo$f1hPC)Lg$r$K zlw`-_(b)|!(^i6pzB%Q=2PkS(X=c4CJTTc(6KcAhvE;}Tg)LG|scB)NnW~CB+}<{Y z(n1x(S6xOCmDBrY^n`|vIrctyCp@#8(wfjp^Uo6uGt;E-n_=nkrx3Lvd<=FE2Hiaf zOZAS>vmS}du8k+7Qj7#`bjW(X2BBronn3$iLib|}>rrq?m0!Ar32jKd&@Qx5)Iv-9 zWWL2>V?C%Db;0_pfr?uTYeWdWzZd4Z8qg;3{hEZ9JwF0(?Si?IGIR$_!;{Dox$=(* z?K=`$L#P{AVD&{s>(J6ZDgKy0(hRCvdf0sJwc_yAiV^teD0=BCL7Oct*1{Ot)zf3%-nYiNB^K?nMMz>A3QNVPs-*LXN|2ctg=d#{p_iEkw6wILt!Ik) z2X5E5PP2v4)51LA8W4q?!m`GNH(Q`S+8gUfTMJ#4b#?SGYwrzVnIlHEI3M>ZehsKX z#+C!pH#W!o-Ioy>mnwvzQV2sSGLs|m+;$K88E8XOn~po8Qj(CIEZve4;t&=7 z9lm_vxS1`y}4eGR?o}NAiPFfGgpcv#7 zmC02!BoLPtA}u}|Z(QFXIlrk*w@qk;^SNKcP*ZiP97xYMVB$Kw2&D6|v5@lTD=U(o z&+QG8^5pt7d`6*VX|ib!9P0?=s4l?A~DAaLq7(=M{v-rK4CRH@>u{8pZiph>Z+}&)at> zlKblS5L)(<#`V$~m}s)u%PHJuJ#q9&+y^UTl4=qCZUcOY%62uDW!cy{6&5<84gnrUlbMi{Y21=!FEk zRay~RqDqtn+x26huA)Tu&`4Z*83IuY( z(RkdiJf*qGc=!H2@=9CULovUJ(2}fGmKGqtw1t;gHKp*qz6$zUB(!~}!9Pb{T4b%S zlbB#>Vf3ae5H%BJ+9x*@YkTXF%o$_W*6S!}CRY-qhr3|SSSw)?KQ_zpZz{ADsTF0# zC@gH@jcaW=JneSCg5ud|*j&6$s*pe`sJW z@yiY)hlG~H`PTTu3GJMwYtPDWUz5lQV13#gI)%r3D>Lbr_m=!}LX~ zVRQZ}Zd|j2?Zq?LvUocB4<3tiuaoM2C=*(hHVG|zXcr~>U>!a1bgAN}rN!O?8(_%f z`8as`6721+!}k0MY?wa@)>OEwPz6>;*9gOAZ^zrrh6g=c0?7TsGMM)sj?Mc|Mqx^O<^cW^uwkp{e+6YHVcEUA%;wxgM+6o z(eTUVudl=F)vN7xQVGGh-4)5A6?Y zGhHZk{DmIUYQlKxfn#Rj>Z_J#y{-|b!fyKvp*y2=)?ICM9WVx)4xYjNN6+E-`~{vp zehAxB2eEAWX!N$41Lx?bf>kH9<_$u7thvxKYQ$-{zH1hY<<4h4V04r7J;IgKhp?Q^ z*UM@a$$LXbX_j8{Ld!&_3;n)Tp&dJ*UZh6J3oTJoT?(i3YhbC%!lMH{Z4DT7?u7;G z_u>lOGuLg;W5=4==w_^kJ|kve#)Q7YO9D2AcJwCu#^cv0UlzyuVC|${!o*2B?D{BQ z4xPLR$1dE!vu7{x;@NY`-#2l5&jw5y)fZ!y?L|s?!!ZP*y|Y!AjER*mre^Ae z!?jgt?dpYA58Vc~AECAGNMh7~DsH+3BQ8D`(b3V;Eh-YhZ@uC2@(C^;-GcFhx=)#dUJvBh2h)Oj4_cZbN6_@*@vK#w8&qHy;K0dB{jjL};KV zZk^qWDdR`u`rG1W6>lk2na>TwhLL8_GVP4%3+AAop*Cjiy4_;SYQ4~!bR;1h-%M!P zWJT#=j#xONGt`unVcu&zPC2~9`^W@jW#>}(@{yI6jPM{&+`nRrSAj|OzptsLXTkNI z=xL}%&sBYlU$Ps|J%f;tnt}X$62#mbq$EVa&+QpbZe4)!3pOI6$t=ttqRm39qy)oH z6k0Y8J@w5U?6t9l>ziQ2r=%g5(x#BoCNnJoZ(Z+V;c!c+Yv^LiwwowzBCM5VnXp?k z9vVt2FzY=HcRVAJO~22{Ohs~Lfe@ZbQ8un`8VYqKRhV@jfujztLOc~vJY}aRA;{w~ zwven^_v?e+#%#zA3GHUZLaRk0*Rs&|`Xr&Pt*%6Z?+cvVeGV@E?-8GzF67TbO8-pC zpF!>quzZxIu#&;_Etg5$8pnaSGy|uX^n?oC^Sy@8!K1e^$jQq`c19Y~*ozJdN~I_Z zc3Y+h-SZ8shT)jQYsAud@(T)(LvirV;|X>x9E~2`d!uJJQ>rr=U|zE>$Lu&cxV>d6 zw3U@%(qj^CxP&4rCl9$dJzQP-UBOLsv~F_V&cl9@OU4C%< zJ9X+PJ5NV+>d*nIB>g59-7sbGE_g)CT7+e=3WVFaMfm=2f2;qUin5ZhDJyjp!mL4p zVcly4c3*tiu*{Ae8KEz+Zq6ulG0}&Hx~eb@ey93trDJsLNMWG3r!Y)gx(%+8jl&=y z2(3G2SpN(qRSjs8_)b3OCHqnlR5{Oy#Qs?W>742$H=58;?IgrA+q9-^LsIi({#8_n zGH`75F#Pn3k|0Uin(9y{X=Uqh3g_+c3;oNs4#JBOeM2+!888e>w;hLPSi0;eEmM&d ziet+sqnnw5aBNj&N zg~I!SQIQ>vV=JeA;Cz%<>3WQ<7Q#DGF0->1+6YICrF2%IxM%CNn)Mon=Pe0saVn0C z=uPp}Ntl6n=+c9YgqBfLl8B3&rooCT^{iDxLsfd;)aN5sahD#g{<^{0?4H;|Z(M-05R zQHT>wiW_}{iFgq%C-k42+DasP*`lZVFHmF4B++$^-(XLbxwciPDyW=0K7WvKO>7Aw zZIgkx>`AgB`(6qOR8a)Bjp$aN4incNMBWF^!G!k8&PkN-rN_4DJs9qpU%Swj!{2T% zEPnVI>INq0J9sEYj~;;$BZp%oZ6k&aMo&vUsHspMpggasYm9+oXW`(5dq^qy(Ag>x z^5Q%u_A`g33gt_6UGyJ48Ee*U!nREtuz2=l^t0Bde5(TM!ISVhzU8%4Sq1yW$pz4% zdyOq6XJS48SAC?*1Sx{em>%nP9)0wFfV%c5-0^K9v;x(L@pQoau{~j+LHCe~CVC7U zhvh5RW6S2vSTTP(2KQiNce}%et*tEo`-*JbIkX&oC~nxjp=n@=@v|3V^QO(%w00F{ zO&W&I2C7h2*TJMUN08Rqcp3!=LhE@M{q_G2b*&M&<=L=4FM~agye@5k!H+*dd(SN+CmQ?^KL`1Y|RF&TRsolE;~sjr=}XIZy#aiAS8OGp8?Qm! zNc3t^nj4BGArFti;;-L9)3h5VOrMW6>o-#zY@|4thTaqh z8rp^!K5rvjqnpQp&;|X;5%f0FfSRf*Ec*<{%5@vDa_JK6xAT_9L2WfM-#^B@p%x_N zouH~?j1f~7VAGb(SiNutdUi3P`*$iXJKV;iv7M<7rjD71?lqhAiRB4a_6_So_oK2Z zOsxlD>1vAa74xzA{BwxwuUmquf>@kbH3`PL>QvS#p>xk6Sh{LGwr*U5+2aSn)YJ?! zw_U^wyHzmL{sqRC)8UrZAhcDYVmRy=gYSRnfX=-JWA^-|*hp!%b)7VC8|$b+&#V`g z?YM|!5$|ry`8N5(2rZioO5xhGa@$0b-3cVLy%ul9i0Mo5EHoF7B8qS?Bp;4Zg$PV7 zLw0FZvqJK7QX$I4`Q`ngXJClV=4M!ViV8~Eck-||mG2(ygO!0UOwBDYdD9grs;{sD zJmCHw=;-PR$Fu6z1J?r@uRAHM|GHxiOm$d`jR}TLTZo93#!#{)9-dsmy2Z0GZscI} zuPmP&d!qz665cpV)W(fKW{yW*&0<8i(%QJfZv z8^^X|{`3hLI-n1%EX-lfj$vhufkQ@O`hw*+YWooJxy=L1;wQ@WD*bj6#ts{ZZdMjB zH!~G}Z`Gq0hL4$q#j7^shGP(#HTcL;mJx;6g@bW z;ozl*NXTnxNs(F^ zgpnA~t2-=YdE3&;3cUvm#-wSpv1ZF2JP(Mc*lR#oi}c3o(}17PDUTl2RKuvv58-Q5LCA-t4+ox5Psu@}NU(trfz#nIR|WiX|K z0n8}Gy;WEoThOST1PJaP+ye|60znhpH3WBecMTTY-QC^Y-QC^Y!vMiflfA!hKmYB2 zan4-8#q_N1wQ5P#Th&$cduE(o-pCj;vAa+eUs>X>TD?%}+PeF@IUi`TRpyemtuWkc zMbJ2tyAtS3a~SF;pR`4Hml>NBu|XPMWQLZcA6d7_#=Zx_j6Wd ziI-(Qor)bA9aO4xCL(n9&1k8`lc`%-_Dyq{_{7{9f$JKv!sjR=qz=C?LMxe|BGKDj zuS~~dINiOfRc-n?FBC86j2!zUH}+TF`_*!FM!g;Kk_DG{&x3-aWsP}Ucw_Zu6)`<- zBJE|2Q`5fh)$x+;Mv4qIB~o~hRm0Q-w9JP0Ens;y+$^v;BOVX0sqn{9nsltXK1(|sAP zn?pE$bIA((KDs7wr(F>q`+G{>9!jnw6JBG}&>x%{EEbt`l6{N4y3`(_Om_2h@~p<0 zbi=_NON%}krbgbo`IwSYv&?8gJ|VZ|74Bp5E`+y2hTtw${?x8~*iS?0WK<(vSVhon zk^`0`NaO{X%nzG`bU0sgkU^n0ACU{X3rs!n-B4(-<5UD1*|oa6sBu=7lcv14er_#} zG-2n_F9r$oSff;*Ek-we$4}4>9Mui-*&7c?D&lKtszUx=P^PDELEKZH>8xnhw6%27 zBtGq9?J;g5k>y@Gis-kd%^{z5L%@u*EX6@w_${PiUv*+u0&n$!&eu`MXQJxy1{{dE zC-K4GtF^g9CcR6%eST&#|BuvHiNtCgsuK<3ZFtF`zD+m8M{VCYbF0W%j?Fu2 zx$eT1Y1aFQ%dlXU24#q;@iM0^t9M~Gt6qePM7yuy%*BE}^gmQXYY(W5_ z(n(^!U2MNy+Y{Xq{cG7fx*>7z^kdqUMtcGWyAV}JqK>CgSG{<5Cwvh}Wu&fkm(9sm zPQEYYn(blD(wd~iq`0LsZ;+q3RnNtmnTQu}!f*d9S+t0q_F z1055`ZbF9TiK4-X0GrM8X9PCOiSx4c4*vf60C7vS_H?f#6Vx?l?p})JV!lU~Riz|u zw>{r_5~hzI6;tq*#RPfZzgyAV7?W(Gkx=zeoi zeqI#@uk<+({W~7^(!-6CrSMK60t2bPzux-h!)_)g@&;biw^?E8*&n$ucCF#ViU%L4 zThpC{Ju0pulQH1p_rtAy!uroFp@-tjxt=0oO22fJa1DfkGo5m-e)jr5iIeYoHl}@? zjiqpUI4LXPYJTtPuP8$M7{EpnL%8c)>11^ZR|b2i?e97cK{6kl6fxm^b-9O|>r=`? zfZyt)qSRLG^?~NL>q%3tEq`5R!Q!i%_wTti3m|?c8b}>l6p49{-P`EDlk5D)Q}`pGPncOG760?SG2I z?>7kDU!@H<@1ffT!lPgw1PUWtz#7{=&6#t#pZW+i?SHj9l{1Nyaz1!AcZsXC=^Ml| zhNFzvz5G3Q17$IF9ahSJe1z`(ZjnDa)YzfXIW^4~Y;_~`^AU~Lti-coT30RC=A=zp zFM16JO+N5?V{c%{*VO5Wp0}Xeo#h8b0K!$@^#c-LV}F|LxH=bV{AAS#TOO9^Ik#1K zS!bBX!^jO{m3We(3%ULx2DG&GaN3Zfi$lwA7k{_KKRrJvFrZ`F%VnM&kU~r`phF{N z67d53>n&j}pYC$0#i=Y*me6E0l2gjd89^Ee+paCS*|peR4`aUEK|9 zEPrd{5)#zHa_9VI3n?`?)(7lJ2)8%Zq%>=ey~lH)zTXkH(o)&ou$h`Y+?pspnoVYdhh+w`eG-56j_|yFe;;Db8&m z&>hIcYxN~%?~%k;p$Tl}7R<~UqF1-=_3hD^+BEcrBvU_`?Rj2I^W!T%;A`i;5~~@p|4reo^V-eHrD_QSVeXJFWY+~HWp>e6*wgm1t6qbCj2Ok) ztdgqtZ0oz5nj$tpOk<<_i&u`q{x?SEBWMBT)nB;^HjZ_00ciSigvYsdvi1Wflh_1o1);FE!$RUuhP?(rA)km(d zFT<$7E!wyB0DE9d&$sCzVf13$$R?y2+9_Ou{BLsezmnG+WTUA01WxOmqB^hGX(Ni` zy6E_NH) zu@&FX#Nxk{=Kj~om*z0$a%ixpZW1Z&kkbk!`R1t=p=tFP-2GDg<(JcV=B@pchTD1k z_Ii>vD286S6q^3>VLwgMOpI9GY@LD(*$PNt1MstJ+i)L zNl8cuV7J}VIw^=uU^IxS2qof%Yi)M)$xUP`8IepjqpZjquYEt#k*?5A!F2P3xRAVt zO&`by+Bpc6;L=q5qg8L4RKf6HqgEbxK>9>Uamn5+!C*$69gz^cuY}uuq3F-+RpQu6 zN=hAFQ&p1&qUp*icE5OUJMY%73Adz+ACpB*lKmVKk)Nv$=~lLa{oMbV1Aia&dU@gu zh#XW=3A)}N*WKy~OyF{^szAhJMObaJ=f6E$Rb6PxR1McSVA&-OJj{nb{W@jnLoWb# zJZtk$PhVTvuipm3C50?3=n1);ewxmgb&icmp{#t*m)iV&I8A3^D7C!N;q3bHoIF!q zplV6L$dDxogQmD~VrqTe@~VHhfKR)99WoFSQy)rXc!VD@-6!b3k@UJZ@C8Rl&UAq# zDW6?iiJof~iZzs8oc-8@Gy?e~%5Zp%^%u4hNT13qRJZ)vCoJox_R~|B#C8nxh<~Sk zU2D0_9YyBVt{k8(&N>IOV?QFenw@0^JnJ3fVdeLCFfhX9&Q7I!(wh_)%l=R&dpL%W z;fmYMCq6JonF^xOC;G3SWAQ$(Xq~o`x*TM;fJ$ucr*Aq#|{v9j?1LEkJo;=c|{1a785}q?Ym0pqvxNp+Rb(~3K0^z-ztuecK3YniRi-(g zw)5vQs2#1&R;S;b*s#&MB#i7Iyw~=-m>wMP$Ld^nSe9=yS&Bc7cILTHN@dMY?b>-}T$E!OjXgZdCK<4^@Zl9%a>rR%y(z(f|`# zlC-q-z*Iwg5+PVZ!o`5o_!M7V(L%olVz_;Csm;QD&bzjTKy<3G&4I}72CHMHttv6U zR+AzDr-v0J*8OzS->uMP8XSJQ7}B&YOPkma8n!L0Ya+q=~@C#Z?gRpl%z%C zzr`#5Zg>0PZ?TukeZ^$oo}H+BK{&26##=-h@QHi&JF$io#?AzwUM>+Hvz`9zw#9~g z54Ew|TD(xD{VA<&JeNqGjN$|qD?B}%Y`=UXu^Ic(ZPj}F&H<$Ei9&M!xd2t4Y~q^9 zfiCkx&FyDL1Y^!l49vdeuN*82YTku*2llfzh74qr$Q{#g{bDc~S9_Uq16EcFv6*@u zOfopF>&cK|W19#@Iv@H=lR2hCic0|LQZ1lx(>pvcS+2cTYqG~H=UOA)2!%ddAnd)0 zRoy`Q4pOt+h(=eca$rbvZWGK%$4+Z=^1Fz^>H<>M|GVS0DFexWKM!=uIft|}wiPc79^C|PXvyNsxa{BuD8N_Gi3IP{|uJ)yfY@8iQTyvzXLhs!bruT7od1EdrN-tUjFT9a%qwQ4$s3%PPZGp|5Rj z6ghv{Pg1JK7HI5TXw{((Tf6dpY#B^EC)CAE?f;xcpVx$c2KKMC>wW7x#P&TtfBTQu z?1IN&@S`$9eK207-HUxr{7_O3F8SPlvo;(GkR9Y4pR41G3VzEe*@FO6ke|XI$G7*X zAA1RkyqOD2UF||Z z-->|AgBsu0X)w#7<~G@+r5LN<=`k)hqE-v<0Is*b&f`8Q*XW3gwXHmwFyC~;5DBnZ z)1J>WcfuM`2|O z`RqWjO1KYYinVEx*oNB;G3%MlPmwzT@0OlhC#xqA_-xS!f^{Ax zjr!@=e_gQ#x>5@yOtC1TasX+1f4^;wR2(v^^-2;$g%cZEe1TC9!GtrX2sHBef@HDs zhV!=Rtj%6NGfFut2d)s6p~7MiwPy&H&NPy{(WF%k-ki%!p|r1YpAMc5@A^pF6Q#I5 zz4v8&&GVaJZLRCt!9ysgQ23dva5&E``1CyO-1qrU4$ryswTI)_VCiy-?HKz{c4)?Z zUo8Q_5nK$31c*HmG;$wER9?up>6|apvt3yrMsKV~PuFp;S`)uUh0@RSkKgXV zzn80YmaLR3wu3x8il}t9MgQ0*@-(!A*6at{d{OvdNPJP`R5LQ3emW^!DV6z_L|2ma z4_!&R?ymHT+Z4?~u2?@w(}*;qWt;c}X1;KTaoeVJrQk8^-l5>KxyGin*!>_S zJs;@(o>>K?;8d=;_tlakhS@<+#vb_jtgHXsDq*ET_sCO{R=L`YhRSaE6;HjXP& z)lh0EF?d1PSFPPfE>1F))Jr?E4g&pe-}y`sF=~kL1<{<(e%{d~(VyK4^wz-mOx^GiLD?7tJrvMwfhy{=A6E7P+aIyE^8{0Tt+a$6&M~x)af7=^PBpX(M z7VB{@kpUe#N)Nf6+egV5K)F-;g`<;efw>l~X@=@@dSKRRq4oQADw)maY}j2WG~(lB zRY1m$VFMw7)f8N(_mJHBT(prT3%1OTT`aJ{!_is(Y@=R_}4AklC}-E%B3K z8i3&Cs%X+EbpX{9C8sevlMdj+`;WC-;VJe<4rPA@zI#9seN?F*bmw%u}PH3SNQw3 z?v(6@qG;IZAKCAbaQ!-~<)}x7V{&#t&MKW;{JFi-qde&3wC9BwdZfSR#Q7}0qEQd9 z-UP+=%pg$PEnw+{{ zGP9=P8}ropa5fdD_^jc$7{$4E+=?ejHuJyjwZK5p{ZG^NzTR>F+=MScm5*2ab>#u~ z?4irdp!oOhTX8ZIX#aEx##;QN5$wOeZJ@xY`S%jO6*M@Ne=i}ifc<~pd?Bhg_;5O3 zPUd1E<{cImR$M)ebQ%|Lw~?j#-yRP5hb+S{0jeRp?VlK5LN4M=5@=<>##+n5k0299 z64mP=pr-dQvDE+fY9O9->G9ERvDVc8u1tyEE16YHtK3zY#0}Eef(HSNBlbGg^=}FHIvH#vl{>`gozI@|- z@bI#C2tuuXv0pK#-rc1Fnj8?%c$GNxN27HH>7ew%kP3(PzoOsCopIp}9{awx zjV3xw8z=0S3p``Q5**a&gCNu?6U>sxKjLqRQK2=Olx|H?BNiXm8~$B^kZ42Bzn3}^ z1rh0tQRh3O^Vs?~;wCnlNAav+*Y`b1naJu8dU`ElXqrqAR0 zYNRn)PDX|}H`kJt@uw*kE-uOKdH!;I3%8%2-yc_bc}G6b>vQ~|GrCO9q8k_-q*f%{ zXhzUB6RP z7uuX0pu#RRXv~$Wn?GAbOy^694MIksXS+H8EQa35TLo9VuD zLBj5NmV%EAA3YPJ_rT`cB4Q7(!j(MM?;N|IlP5RpjpbvW3<1$=x+H%I21gy{Ik`$k z-(T+^%3BeU;_M82M3kO>d|kFf-;W{9rFa8t;6!3%p=s)#)kU32+cj~3K!U4NaT;iQ zQIUXnAnt8=ClFn4Zsd@8)h?n%(tptKp1F3R&2qx{R|h`($~4Rp%fpl+^s;8N%MSyI z+o*y9m7VVZ1#`a!`>nDVBA4Ur3v_wD#XNcLYII&x^n9%~NBH(^s#R4Hm&+()rNz3tZO$KJX{~ur zeZRS@e};Sbb&0@`VCA(dxI)tX$(xsh-(e6x6I<~Kf|8US{8T#uUb``glTdmyU#d!$ zEgUMdY2d{{NkJi|y_wv6*G4-*-Q@h#6!L*d?JU2&jh3OLLL7@O#s^7ZdSnDa`HN>7 z@D^*IU5B)&wru1Ro?7&~Y1m*{>o;13gt}$p#c(PCTl|?MURP(2wp~%d zXuR0csHgwWx*SWmbv{L{2}oUa+0JCS2(M?bMua@gD`uaX_}bZ)V>5y4_ru}7Di=(F z=`&{I_Q=id`J6&+NWsA&rtVBf%!SJ7a=HW*LHwoprF>2k1pUP_U|6-@;>cQiw9)Fh zWoL(L;#^!383k)$IG%p6vD$Da=sr0$ws3j1#adk`9G|3+np((+>d;{moBqJiO%v71 z(^vemhB|uJ>k#2xL&xcAwfHY2TyiF+$)*v^1uSczoP~KSmeGUrhG!PHqBo1XLwvHQQq$LKRYz3$}&-aTQ0WeZM^Ye;A zVffUzxVTLtXw^U!nI8@-$f$;sDg@qjj^!FvCbMGk^SBT(MtHjTE8&$IW@aV6{{E&g zut72e5u;K^XxFx z>CpxBl-*M?tP0FjhvZvkod$n3rc`9%TV7$}9%4Q0k#t&gDnO^(?k}?9G~wV^=-->n zR$Ihx5LLIR99v+@)~iDuuD4j5IVb5VQBtzY+8axxL+=ZX4d8VAout<6A_$~yC6A^G zi@)6ND}b-jKlJ5Xg&Eg&;p%CWO8X+q<&XIJA)VUVdYo=}Y~zs?`u#xD=i*aw0YR#; zO6zWy2ekQ&Zs_{sP6%j`^R!j{k%LHP!#RXnHU1f?&!o7OeGMMnp&P5!uJJoOBcJDc zoB4PjHhAkKk~svST=h4S2ss_(Tk<5SZ6EqR^QEl#UT(|Jpl?b10Cpu#T7{Abp!7>2 z+q<8tTs#Q#}I_0zkC_6H`3nIxRnpxC?BwU?-AIKg~w538qLz^O40O&GD@_25l+){Iz zo``yxVJYL{0-o971m{qD?r^3uJB~h;bJ$8+n%zvGqLzLs8|id;xG0uZvYAIX>9aWv zKrtiP^Fl3UUKH<-h8c1sljoRwW@woAqK6A_5 zCOt-M{&bL;=XaaC=xzpmVPRpF)|wjb=dSPSYTC|z%cW4hADM5Zk~x(5kO(72N~ebSai&woPz4C;NRj$IKO)n#zq+()1b# z@i8$N&N>1tLO1>41f_9X4Gl`7($Z{ObV~u+s%i^#WJV9*Givd8(3I1{!{P1jQ7kR< z6pZ!PuSDwonBj!nQTKZ*TIx_=Gz0hoj;a|@W0lxwKTX>`dh4AW$R7PlF&-;kNP!>2 z)R|t!2(VBpv$Y{Kp(0A{2~rD_B~t2PP;WBQ+)5H|Y^>6H<^oineD^>^dt+Ab`<2CN zFoiEyJ`EJznR){*a4VHkw~aJs3++PnT9aAMuWSAYQa4Sg`R$r0WajVCC@wSU5PD)W zM(IGYz4_HUFTaB#^bMwoe&^!;HJHhtnP)}^wRD{eUL za3Uug4E@O#dIupL!^R$%W$`P1%6;-{uZ@aZzMb{C}ad|j!>`-(2`(IS6e0xO|U zl(Dg~3hC&x;dol(>e z`b#=#TDvP19;r@%={6`TN+Z81hTymw2(0KIbEtM%#CH>ei_M1hsNwwN%K=&`Y>?*b zYppEwv+oE}=#n8u+xi+)lHT*-Fx5OgfE64$;7=^;QQc6wpfJ^h8#*LYnMKv(yi@|q zHNQLRD&=Ut4|{uSq7+O}I^Upya))vfwg72Q2(ZI;yr zUcBd6I8yim!>$CtyB|tCpD$#iFkjErdO!E zFDWW69-F#cKWsIwy+r*>M!;<*W$}~#LPRICBN$Z6*mcA)J>xkuuvz84tgwo8W>#;x z7BdlnvWS5~+(sKWoD;aM-_XxE*pObfkC^#haWiITpS~KU5;y=NN0W!)b%DxZUET=8 zB~ToO{>c6&RUZ{o=_8VobRc&G0>gr4#tR@o6Wza%;yxK_q=jMN-1(CDpJ2XFH{PVtxuESWMI_blQUB3mg_C68K}eIR9xjg_JjHp=23L4YEWkz9gclJp&SI* z*REu}%?tnet#^itAv-5W3F?&GRwLXdod_b8w+DrYb-n{t(Hm>-5GY7Cu*siU<#|px zn$Ti!Blb{*5@=O`HzzG25hIG;S7=)MsRI0`REeI`p`lG7$KiXd_uRX(l7LA89g?5> z*xqx?%c|%(v#eUNsqUoW&lWB@2=HRjOwiN2maSx;+ra620;0>KqEU}XJ)nvxzE;pM zQxCPkx#PMU87%>ty|QJ_1nJ~-+%fWQbgrX*Cv`F&<4QPx*0r9H(k}__q)gn1 zb9Qnn=O2t{;ZE~gTUYcWfv}e*y5Edv06VTydeKDND_QpD!6p{05Pyp5pY1n9F)h=ewMAmiqwZLOJtqfaFPp6Bj z{N2`hAV-Io#|$C5L;%?=iBad-YP0@C2CvQimHt!6gUg@ahe86QGS=Vml-)1A9>{pW2N0k?>*W8jVqhCW{rN*7;lm1d@B4z>_4v}y{AX1tJLuepX)}e@kb`0QDivTS6X0N zW!TSrg&`U}Eo`Q38MUD5bo$`fd#ZJJ|2N8x5UgeMQc`9o>U1J+{7zcQ{9R2*$!BhL z?x0RPzL|Bl(lIgdQjG{x!RVmT8x6;SCP4!O??NQv4j4yMnAG1RpJ-AVY1{h_S7tNL zCQO>n&wR#JQ0X~Pd8p5uOIsIcA30 zjgtOlykSA<$@O@SZuBfLjO57S{)*xfhgAT*oLCzU@=FO`9l7%Es-L-X2-R?>5A=!n z5JV@uqPbp(0~AL|nQs*oN7#2tNsys6WlvTUB;C(kti@0g16~i0wx+_lJ!hjQhTQ?r zbQ|I4;RV$xTg4y)HjnrW_k*?4WCJl_K1y;GKHg-g&A?-%Vdr`ab$#HN`{R7MC76T( z2b(yNMlyUk{`I8*H^6eeE%y}ko{~~3CBw&UZi5)SUMp^x$n6@p(r7CjEs&|TRQrSW ziG>{#?Zhjmhx~9Mv$ap2^BJ5=L1DAm+Elf{HXwvLWND#I7_&j<&OXQ*By=^36 zOp?go;v~)D&$Je6>v&gbt0wq<^Hp@^E-s=ar^OXnw-peL;q4g>W!t=>`*E(@y9kG9f2Tss4?vbBGNv-`e{-|VxFEwH=h<8G9KhJay* zDctl1Tgw(gs*TDHpLo+$jBt2A3(M=}sAw|9({NB=QaA-R*s6ZQ&Q9U5=c5Y?>&R*{ z9H+09$;%-(C5_nb?;aZaMEi+fDwRvN4E+QK)GPw>b|-fD{FOm7p6q$3F7@=&w|#`^ zT`gzX$YWVgwd0%~0Zgv}i<2M`+cW5q#`Cqt@8I)gs#lYft2%5$4Fx;IEVHpOyrvpv z7=j}>tV7Pd(+rvR`uJUB(}*221Wf`FwtZJi11C+uXUd!=D7r!oIQVp<6`noUn`?FL zpz^z<_5szOR!B}oCoHE6-2QK?r{tU#)Mk7&a1wk){Ccr`3`9cq_xFo&&rn^qf?{^` z7Te5|38D4l7d?x7{1Lw`Lmrz6+K%Y3zh|qrSe46ULwwa&@Cqxvv7ROdLip~DXIrZh zl&|)Pk+9ym9Y*ysz|0~;t)N>u_pQ_obe$kT{$8BU*Pk1~tz}LIIe-3WRE(^)mO_;q z6{$&@7@i&v`d&rA!-+*6;gVjUI2=jFaT9*6MgF=9iqb#O8AaQq52Y>J(Yh<@8Ge;1 z26E>!7$7~P{H$fCX5t-7W8Y>L#bk~syVWeVZt<0egfhRmyfZEwK^Tr9T#n8?KbsK~ zKUb$_c9JgY;i+hR+sBPr^!d- z?OpfBNnVM@Jw)coC4+Mar`sHWFwEZ2#@WqvkJ0Bzp6T{lG=^r|jH+<&<8 z0CZR~yh^ekD?@l-I`Gq9uZa6(LH1I$5})V*bb*n_Xy9;muc9 zR8+KR^WtrtGd!Crig)zgL;+mZ()d3vtRnOHyHH@IkuF~yj(VInuvZSX)=>>FJ3W7*N9h^AXSW`(OGGQwh8o@b@|YFVp`SC*Fs< zOWnco@%i@L+*h#tIw62RE2$r-jXp6m@0=`Fqv7Cu1a`1k{oy#{%iG)di3u4%b?pdT zo~Hy@IV%Pxrf8P2qUCziVAnq%Ic;YJsP}yzD2#xv?(PgmZyg>|+aJwDrhEJmU8=Wa z;C2Pa(5p8M0A~{@-SfH8?rcT5&SJHw3z+f)$=}t~K#B~SaX&oTs&wwA2@xN-2wac|F)qsIQXZF#?Vvrv>8C@82ZphWI{zULpR zL>A*Hk1~XY{!Yw$$M%QRpyinvd4K@}`iTF--Y$#julk(aN`hAfMdW51?2Q$ehD5{z zdbwhFA^l`9Qo-PkB=j}{WhmD9p~DM;#(OjCQ3_osQFm{5w{Z3g8(Y1Y#IdEgsA!;o zpx|IA-h8oM4zPJ~HUL;|B#m8t>IfR%7?`85YLjB+1MDHXHU>MA-p zP5K}Q3%t8Z{VTl?|sOG!(z_c9;A9pX|-zIFE+g3z9@DOI01oiSGS%ow^4C%2AY5V zbTBWMYia_jh))W)s)ky>K>t8bAbO7AwSmpy6!3Z^uxWYz;}W~#u{PxmzMDZ3`iAs@ zWuR?GP%HE1;vxbdmrL<6&{*G<9A6$hU(QWV-O(Afq|vprwsKpG%y$fpzCMaPv4#*0`Gyj#o>PzORG541|gl!6MH;gW~@W2 zXU&80A?u+P#pBsePZ8y*-g1?Bx6Y%_!*Z>q@TKl&FgO&CZKRTKgem+36Cqu$0q0D& z!al9OeV=B^JUiKj_F-Mew{Aap?B8lIB%hN3r&Xh09%7g$s1r3@@3vG8Hgqgr_0Ugl zYl8J3Cz9_Z`5CPd>euBwNj&9Nmsl!|^HxXViefjSS-ZS`F^dd_=(dSE)BK7FfS-v?7sWOWaN6u%EH@3E%?U93cdp zLQQsuAOe6f(pr7%=wlB4Gnr#mhCgZ>q@>is3zKWYx0SV?wLcLwn9tmD=6i${0@(wOGe8z*NS3UPWVVrPd*G7R}|$3 z-GiJL^t=zD$9~ki8qg9#;jHZ((D0XGJ;eGZCPSQ(RsoJsW8Kz_uPz5?bYRm5_7#L)DX%x#i$CA>e+?=}bt#9h^WUv>T1;X`D63^ z=o}ax9zd$`wQMY%2B~t5TCpa_<04YbZ*FPKT^OVv;*{+Q;uth3(}XJC*~udj zzUnrEV+k*jaF8#Fkj|L6p=-5-l=viFRH0-Q?B0avTd z4x#|F(P*v~0>I;%{6roPkSnP9d&p18h}3!;3W|EAD>!iq(rOW`w6Ul^rrY|Hi6Clv zcW!ZWS=r2$Pv&Y)cTlgs*Az}ig{Qz~>S zDZs5184s({QZk;#P5ZL#`G~w&sq624SnPw%1Zmy<3o&GYOH1<)sS*PzDPIzcMFDQ? zWMdMCew9Q5qeiHbhQp+$fP2Yhb|A9~J(tL{s)|LY zl5-4@6;?}9BlzI-LZc@G!4$5KR;e!=A`)$n&axr+%@15XTl!jWkhQTtN#e0M{1$mN z0)M$8#6n%~75NW6ygz>%<62p{rM)zzT7KAjwIk|PqH;(Zj7>N3BoB>)&yx#_kk%G-tj(63KP8^ajy#=KN91} z@_Em4Z9ou<;T2dLPi8fmE!WMq{T3uvV!-QM%JATBw7bl*a6FhGF}8$c2NePSPDx?? z+z`UgV(t8(V|g-q&&Nw>GA-zVpB_&+p6zW%HY<7dw27aG_trwBc-MK{$r%}CzN%*E zvN??4BpPzqys;JNnhI)Adb3&RJqIKA=GfA-TJr=?K^wogot;vxaQQ=I=$*Qq844`| zo8HVN0FRlSrvw@u8KmAPo0q9K=P4K{8IGqoq}nH;$W=R`^THpWAk%J>U;N=O6dA&Z z<%&k_G@jCR4KlVofv0_Iet$SkrN1!IS+!czTQNmRNjbEdU^K0eIyVtZgC*m?j)IK$gv2;*=mxB6tcUfSVosZc+jnwR%sI0~o> zE5cgqI8OLv=CysgT(4N~f4~iZKLkd;=_9Tf*riQY-sHGA8iJ+zXx!;m`{q>6bRuMX zF)1;c;|06JmBD}o*F4=_hU2-?SzXC=9`$#u7V@&dO)TyGD1B$#G!!SgeD2h`bnoZb zq-@gV@yXy7w>JiauUa)zEUuX+@=C9+W2wJWwni=Rs|GlLSixoD!(?4l6GGdr2r5~n z_B}y9bTlA&OOlf7ftqcs1s-;GQJwR(SRg96>H=8{R>f&s>%r+7HJb)Wf|Dp2%cYX|)oTmnytaD_VnhfOu@8-`Nys|P>jvEH6 zXp9g4()WhBPH?JcD(dQ%Xifi5>l54f82wim?_>Ydi{#z?{X>qxKv?~o?)4sD$kn#2 zw-{>ZzSjqzKeeY9#ysHxI*w(K@%pOb#Jd)=lsN(R)#l_cE9pWxpFV7$9j}X-So9&NjphFJ)n=d~!7c*8so{BX4Vf7Q} z`CcZ8p_zF}koEZ^5rUH6y_0{`0H|^~8E9j>KQuZNk97dRv8Sf!d?p;_v_|3~9NaE! z(rp^DjWV-0I#)ZcWNw;*6MTARtN2DsEYg?=C=8fyC#wu^>8BM&qY^*0=;yA(jbeq@ zA!L~Ic%GH0@EMM#kW@I#om?jJu)zT5w$v~_>Im*D7g%9YZ|F<{oN{lsCuzMoi!?~?>Q%BiYag>J>o%ism1ql$Nm#|YE+LFwg#gSqh87K0t%2G!x>Mmqs_*xO-|+N z)hcL|x-6@YSd7_eno!e=MkOq+lnmW9&oCg8^+X@jc`bzX%zdp6W(^up7F zKoZXv{$B&y+dXr)#&IR)uk*h?iK2^VW?!&s#o(UROD3}d?h7_kG{hLZ`SN1SM$2`c z57}_MMqW+)2c#Br-MR@XoOBlic>~54JsiGtQQRc=7&^MB*TIp_Z+L@2{haDOFMJpb zEIMt9;b+Wt16reHW?t8VT~x^5seZ<@_ZU^@N!kykB_!YkHsWPlEQsj%oxcSKo~qOt z(Qk+RtS!Sk@^@OdP;WM}q2?1g-LQwEYq~|n^}7m1E!q^ttZ$YUPaBMyUYv5{&&sAO zK&eTra3NuPYx6dR%X%eu7t!hF9FO+**7P|=VZRz^uyt7 zB~$du+Xq}M;`Ot3spSiq-FswwVxHmnBBdouU$~N>3VJ@HFeYzI*zho%%4&f0!?HVl zgTnjy<{F<>pcggF_HKgY+A+9qR%Zise+v$OdA)^7DEtEnzzd3Sd=uan8hDp&0_^Z1 zoC)3|9#CO3{E8<)_a^F3V70GO!A|XT0c@!){WgCQL`3$CEW~|Q=Pk%YEl9d3sCP<& zPxGa+lOIgR;O7U{Jxe8$zG!4+ljcs$*lv0||7o>%OF_>I?PlL9Z%ZGstN`f0Iy4mh z)|$q5dn;nVzh|q?_hUt)R@xdm_y8!feDgv3C-II}1=0uNP6dy&V68C(1(_lTF+{w@Fl;A0s829POw~mc(2vED8#s}qBM7-_r0BDkF7uB6sTWN>rpVw zcxB)!r3jqn!jd@ls{vzK49C@B`_-Hy8T^0Y%a-j>V|z2;4A3r#bzoEa1>P7!kx}PPN{wq_ai)$ zf0k|$*N&K22yiu)gZAd$r3M19SZ`&435ck&Mws6mOXV1f==8a9vJw^Q(=*L@;~DPn zH+Z}5UQB=*EF5k#%Id>nTYddl?;DXcoZK_Pu(F4dAVW~P_I#|A-lLmU2$QNo!N?00C zi9kA)iyH7W(^Ok@nd1Nt zHOtRJAY|JD|K73F<CYt&Xyzmzmgd*W(eB(61lWqjW_aOFX*Wuw@ly2`q ze5-o}Pmjw+-Wwn?%Z>e3|L6LdcIg=( zXnp{nPsg{=MwsKwslv$gER(LyzDs>W?$RYbg;{}hve+yv{F9*5TAM%!OIP?}3$ToQ z$9}+fx@_HDVn;b-R70?_^e8H4bichsIHuPe@tq-D6PWPc2;jOW(m<`+F{=xj??Oxd z=5&`MPfw0HaFM}cj2rRs-miQ;Eha9m;J~}$hUFb(oLmc;JW5g>#&Dh4TFEJk*td@N ziC;WYK=c2B)MhgUUMM~na9U0D`&*?Tma}ut<({Y*Vfo%#mR~@l5JVI$O&Tc{pXPgIp z`7*HU&|rYab~n7$3qRbN%m~A22$ragQd!!|}o zyV&erx zJEM%|HlrvtSimMRUFa6E1M4Xq`hfy?$uRbEyI&l@>N!As)}PfD=W7j&8iu>+P+ zHgj;!%bEQB+IbqwY6S6W9mR0b1$5PZ9qJFNYWV?&g%t8jVq=44(Wj7iA|%&#=zwsif1al!Y6@bzPcZ^8g}JbCU3d z=g9VWk1l?>Fk`hr<9P3myCnOfpbCg{glG`Lf$VI$8}ZdlG4lzt8uT2F5+CL;()XqE|( z5E`(4(MOX14|8uB7G>1F{nFjiFr*mt&&)#M{Ln+nK6`qebru{pB`as% znEx&HxmCCO59?eb9#BFQu8yHOx3a?rZUS$ZHE12Sszq#O!4ud0o^_c^Y)y{^pn8oDnP($ft~Y#}t_uO1$j!?61F#H+mT|o<^`DBPZ-p6G4qxf|<(- zlG#_>HYoa`;X`^xOekV%;(gAkfO|0c_pj2q{2*Pw=)G+bl|F5$TIcW<6r-4f$mPZwTpqP7rj8@(MD zs!|)CrbW5LEAk3I(o$D+sUE*P*7BuDz#=Ey`OW>}kGu}C@``iAK{(`*@cTxc=aDsG zv(RL@Tz?TyOP6qtGWTDD;#7!!V{%00qD!MpO;}>Y#-wk%UC09dGOhMF-Q-TN&|{S! z2@tKI93y=Vr1>Jc^A8e)E|o)HS#w7iWV*na;JV8%!dB^Sa)Iu0-ib$v!oOc)7F&HN zcI>okH>f9TKtn_Q;E@zZ<@|nopk?wy%dgRVo1@$e`t(8$d0GsPi4b=ptv$PG`T~b< z$_NZ-@TMD+NYabf>+$yNh!jr!M6>9crArX0epN!VHwu}xpCmZPaWU1sVg>5V zpERL&cLTmB{g6*4#vimQ+wr(6_wjJhERVX}_(>E-oASS#wx2wjKyXl|RX@1DlB3U{ zN%Gd`?Bq3tDM||RcXz_JXOC>mrk=UQ{`ZSOK@z4lvf!yck$s$^sILRJlw7(wqd!ge zUfxfukQOg+*fxy{!;z)uTo!?>`?_N|e~Ua;_{4_u;QseuUw({qjzVs8Vb8s}l4%bv z=pR0^d-qPnna|4pa_DduKEfv;cvhH?i7~U(k^8ZVy7zqwpay<2S{9Ym zJa~ssni$or2=~xnU$URC=e8txti|0``QOmLJ?>@qcr}n#(jA`GDP9$S<%BVbqLRgl z--Nl9@H$?Do_KUsVQr?}Cczh*8zh9WU6BsFERelb6nA_9G+J#P{2j*iMG>xhx3bsf z9~s0MDMcRaDbb^!PeiZw|EzwBQx-jfd28cXt-39v6M!7YLt(dffH1zrFsaTY6hOf=h8G8g6a9 z@8|1|oc8lQhl}$9)$aM*f5D-nAODdzSN#5EidN#hx#3#7|Irt}6aPn#{CRV=$qpZV z{`g;_==sfm|1d~DSPln!)7C^?3gG|WN~dAU_kZee4_(M-IqZ-S%hM-PxP+oi5wb)d zTR8vw;Yk@uCi5j;o|n1PGFOUw{4Sog$1^0Uqte|^yc2)H=Sy&~-Ss~0ziR+L8R!2O zd8L0h4O|OQ$Nx8Jt8WzI;AkR;xmspXQBmN=C5cH+CaVL=0g!g3nWj?7j+Xujxu3N) zU%a>vo{@E_ITKoCo2cQ|fMAAJ3kMfhRq2g`ii%3oF9~1e zni3;6LBa9ncVm{(F)?h99w|5f+2Xi#{JY!oPg43I=2^0`x;j01anQ3m8#8H@YKVjIz!ysFnbo9L~|uP6qHy?&A`1rnE5_9813r$ zQEpK68L(gfI$i7YooQD0?TPomNw0GA=hSMd%xnZGo~imaW|FZob5emim{zTmTWde?cWNAHn;vKGbVg!y?)!g0V!6Csb;7KR3#Za{%^}`W%|ru_chJ9(L_pdep*^J^hrS7Y^Gw4u(<1=`rlqY+#LIs_pRRymxw4Ch^op>CjLoJC2tGEsZE=v zrgUFVAfmjy2>AEk>QEu3O5C?o>WxHYYzO`7Yf|4_uCB9tIL9WBko{WNCw1NZH#5HA zNy)kSQ^;f4o7}YuL)&;Hr+j@qngE+&@MoU8jf;Ce>MXr}u@*4_oU@X^oxXP5W__@D_~3yuh$q$E$ZgC)GlzZ8 zm-~#cl@@LMwkOo1qNBf;mw&#Igm{Kv7J-nm2|7lrAS`#L%2zv$ z-Gi<$gU?b;wt7HhrEeS+T_*d@brM0DfhDO_j4x6Txy;ah6L&_xA9vmO#wgzJ_pj+1 z$5J1{)2;E*BG-<&x94LvzNcFhG%(Au>w^x@dZKEDS-Znd#FZ|Uy`7qxTiq)H(?rTi zNoMBe9lgkemaqN8DHZ|LcCF=~1}Y|7Q)UA zSz#>HE*8j4XRvXXg%Hs$8EM)vRm*)v*A`fy;8?l7Jk|%`VtZH|*Vr!TWndN+Z0Bi# zMTvVxD?3 ztB~U_`nw27RyW9W^o^)dst?n&h^#w zzRzkOMI0kS(qQoye4)9iPRhjXyqE}de`FDD>NF5faqL>`lq=53L1=4J!j*LfDRZWn z``AK2uJ^6e!s7LCE)mg8=`2gN1dt;4zkujQlan8^Jlvfq*yFm^nXJq?@6GG1bui<+ zk75Ll@}b|rb7{Ht?y(O~js2|RT`a3x%(A)C+d{gQh=xxd7>5dnej;9LeX-xx=9?3D zEi1A>zN#YC^U{DJ967)Sf&Jl}a~80c@eK`ONDMiw!3MIWo_2*Ddyi>5L7Wy^qhEKK z%IS*Y>7%G}71a)&GtMmg-~8zXy0QsL!#L`e1<>{Kxje}c)SVZH5&Ne#-GL7~zp%l} z8LAZw{~TGVS{<|o&18A<54As$l4`>8B68aAxLO*0Dygjr+Ucqv_`EBc4S;{(!9tqV z1<^JEJ+E}>y^_bFTePlVUD~zy#ajHuHg&L~bR(t2}b*VgEQe>!O7336ki^f@G6beNBzpM*&T3+Mt-599Gmr z-LHc~Yr3OWA2xAh4nB>#fzWL~5#}H&B~d4?oSVi+5gAY)yalVi%+X}REek}w$&?Gd zj9V@+=k2nEJPzz>t>lLCm;9-sx{aS5>U5cvht?82qr*xOo5U@DGf$w)45y0g@b(L5 zTCMP1kU`Hqt?a}z=e|1Iw1{6~9nIHx50mSOmtvQ*wt!#7{1BI zPaW)1R=9J3`Aw#nN7|{BW(?WhFz^+?S?CE;q}}NGh73EfT5KY`FDtB;cUQlZhbgCp zyh1(i!8(p*en6VJyEc%na$^$ke%{xk#i@x?Cgv5&GWpOr2*x$-lXym+8sX~GV_z}w zc_rdS>s4BBN#G_B^f%F=eU`Z~5!^Aoo`TZmi8z@C#65Jd%8Hn-d}Z_1A4HQ!%FO(X znupzPo#URB<|)M&AOjCtz1ti)U7|6I^STn|4`Ab+CenS8Kl${;~r{!q|RCJVc9wa|Q_# zM(Ncq(RR8m#>GvQ1N>n(ewSVAe4Rxhz69u5)R8juM^xDX4??hrke*$MZByOrw3DF9 zjs3N7FeqaungwapaoRuMpL{Aof&2x^rGOXPd^3kpYZ4eWHjU|xjrm)ZA)fb=HE%W( z0(kekvywXwXbg4!Z4burVHEFi_1}aGlJWS&R^%OHoXg%%Er)&CK<0GZnKO1T+SU06 z-9iJPpDKZnHY3^%1Ac;G4Ix9Nauc_L;atasl1zOB)4TO_SdMF%+vanLl$Q}oYYPS2 zKtf#k-Qxe5Qvc15<|U7C4ZfmIOplsZN=|mVe;0-3JKg*fTQOz>cXl|dg#4~2TfTR_ zNI2a{l2=mLJV#-{_(TEWkDai9xLpKX+={)PK}5~fIvY)fSk-w~=CjLM4`qF6XXsY^ zO5W>}LJJMG*Ghi-1tcbIrZplHc*LZ1tE2=WqB`1rAHy5)^smDQ-JQr0UPK2CPleEk zL+B=M(40(UoEAT9j?`5m;KPQ+ms5<*29|@wnX4h#!CyK#XDh5?h}un=FemKY7Bh|Z zgYt4R?O;xHFo+E zL4}@WU@6`0A)=()etQ$}H=TfvPhJWg!5YaQUeMOe>-U71)smDS*Yo;$C07=k_^ilK zlW(@cj*9mj_@mNT=hPKx9Tr%>c-{SP^=7SgH_I8YI3bu^DQs!gDCdc%8Ldb9=cy(L zKg8VV5?}0%uaDP;2c_4mMZFNDe0sd!BJIW1)%GG@V?0w4Y8EtmwSR^6>L@wc9ONzE zavQ<6Z*ZKW&oMeV#o@eOVXsgp$3aw0En8)WYQGvd*%7zjzP;XBLfJknP8aSU%&RsZ zTxi1N@_$jA#Z-+J$BkBH6vX%^XtT5Rrhj@e^RDL?JlNLHi2#~mp#c?VKD=@%9$$01 zLC4XZF+1ks#p%hj0yMF@&4N^rH&tjCPzkU;iu zuM+mJiYXY_S||<=U#9W;H{w~))3KgyAO#%el(||47wMhUBJGQ|z2Xbj^+#WaUO18K zP%lL&w~~|iH*<{H#18xS%Z9(!XM!)K*x92q^N+Z#nbkGD!QJZ}>YKRv>2{*2^G4Dh z=E-<-Ipou{Hk8i6|I;N>FOvBFX;6Ab)zHW223&p1=Uw~zPmt!%FdUL?a@C(sp4K=n z|%~?i(E1> z8lo6n6DBRcO!md*p0d}gcSC-W#6uCf{+CAz(-xgN?(OC0%G3mxlZ(jC;B--pmJpqyj;)`Q3^dTn^d`jrc_C-$5= za=9jau``EpM&bU0jvE}E6A)l?hs?PS22(B?%h;VRbwpTcwJJ90_}^|mY;r7`dO=aA zNX^>VIYYGQCor8+Gf=pgToQAJ=Fp*wC9yo!-1-}3=y85@$8jVH&D^ZAu~i*AI>8yI zK09$drVcAQb&$mllD3wcHA#2laA)cYuPn;! zBJ(U(y>1rkg%S;VAnbpA_UGzcu;p*$lA<{FCX_jp8ONw=0Ji)Di8clzVyGax z=;Nd2c9bq?um1pk*w|Lg;2ZsBw0B&=g@XG!`!!PID~cR#HQ@Xzu)5kKT?N>~_$NQ+H;f5{>2DtfC2^W1x+6w4cy z&b!yUvhuFt3Oyhb)85}d3j@m`8JGjV3lH(SGMXQd>=SyGFTza4aI9+uI-2G+k?nt? z4@e_*2pT1QwZDht&Nq0zU0XA*X~gDqN~pG-{2`uTf1=k3!ju=W+i){n{m>v?7K&An z2+yDY{`J)94Fe^Q@%`*KN9EzwV`siI*T#EXaAz&E&Sl2GON=K95}teXSHi1NPa{*o z_Oz$v`dDg{(0A`z^q)oiJDrkD3{~y;C5jhRu2#@~L|JJeNdUe7YdxnD~t_@bMrqe<^x^Q)DdI-Lyjl!#08aL_0i>4DE=weL)5Elz}sv^chLf|+kQWbk7it{E4{Z%0_P%brwTHUTSV zVT!U+;vzu^bxNWuMmuG1F7T1$o_ATf0=zfj-z>{LtL--#ZGl7>yE@h_)F|I}#5u?i zQ)}j4wPXB44mI3HV_ameA3xnrNtrJ&7cDg>*b*$V|C#=p{r!r6OZx%b_mq>)vYkID zZMNllGhr**ew<5??Im_y(RSb~@*(==?S%-W3-FMA6tsN+eA#c7W^y5&C^2kjhPe9o zspQrUqW4NYapTSIA$Y7sJuuw4?jbx>IkGq!sdyi~X2T1idiV>yR;Spt(INEn!0Ocd zoJ?H}Sl^2$(H^_Z~Sk9I!12TN&_sTEgH~-p%Y!r?E2VD#ljQiFm4fUS{xlh-m?e`{cSSYNHGiWYsRIQ z@!dptB~Xjr8PwP%dD!b0Hb9Hi;aZwV=7kR-@swy7p`H9pZkH+j|o?|0*6fm#- zsvohuKVKPOdk^8%E5DA}E0870H4@JUn|5Lip`(Q@Og-ERd(B{~5Eka~d9zG+bnWw( zFSeX4%ejU@o)H797pm$k!LDV%&IgN&^bN~VxFSv>tl@JT;hjmazdG3~-W!V#rbKIZ zVa4(qYHg3Ujrzuh5?>rVVJN42UdBE5!HlByjG37^`D2Pri9&v~SB91Xr2QiXmKd<0 z^EJS38Biv_8Z~&p!f=1p)s~PTHcXd&mT!TJFo+EGWBfxm`@-@ua?aAYYtGT*5w^DAR|_5a~WP6O?Uy+zE168yvZn1VdPJ zsuXNum92+hG2M!)e-Aq`Dr2-H=nfoE3b>3p8#++SB@T)0nv%k(w1*YXevG3|nd~~V zjeD(P>Kz_7UXGq1uM;426-tGbUyLR~jHB;m1D5ZBKj+(pKVrbOf82k2`k~u<*}JP! z$uLBy3fS8#fJjR9=TmLTU62K8@nd5@TnHa*IMF8*3`9*^QD~r_%$+Z}%d4Dq1T-0w zlU};1&2<#e&HVy|K&&s#7du)_j=(02vybX!zc>vaudo7(48r;V-g*-gL?*5!qJto; zeFd$B{|%Y3p1txS0r6+W2t<1?8 zgD1#Loj`OiXrtmR;+&}j6ZTyD(zr$iwzcy9S}n5_`)ge*StfmReLVD$hWcE7vLtN+9@Xs0Y%S)wcOCo%!9Kijxb-p) zx3lu7Y14^ydU$e8GOQbAZoYVDY=akRW1!)2foM zCHV%t=ZDVr2eD?~N#TH+) zrfgp@=1|`CZ*J>6W4HVT>Q2)QubgJX($C{=RSS2f_n&%Vn|3=(X+%I!^q= zA$QFJvXHmA6TWjt3T9R#&Yy-J$~ei2W5? z*o5p2j=v}hh_SqoUm0z-G{5Bty0?q>;*hraq#aYBM|#C4S~>w2x8UqSg4Bnz7CkW5 z8_@KAJ3Gq0VF^H+Q3>_V@e4-@UypI;S^o7=>{ayy?mpFhXom;yXD-89X@>RLqw^`O zp&7WrJ}3N;U~yW~bFXNR3KPAFq^>8!&@xNY)@bJ*x_E5v-6SmxAAO*{(te3=le_Ck z%VW#UFOZd1iOb{Y7Ej_CIv5Cw5jmy;S_pZkUYjQagfcdxRUd`-&#xjC3wQU9N0MZ4 zCM?`?Lno@%7@{0zg;)4jvaGS4bhY2;gy2k|=RE9gN4!W8H!u6}>$lgT!)9&xn9i+U zX3T9AfoVn!)>ZkRyU~ZgX(`2_hVw?CfP|bUrv35h_N1HS3mgtN*l=5TnA?7qgpCR~ zpj*EE%Rqmm03yt*&4P(Un?Y&uhVRvx-R@5lm!lq;uY{wVOqI}E`y_i9PmeW$Gfsa& z>ZAZgBIVS2Nv4=!I=kWc0hP0EnM*wygoPl@oN0WT1!oC`gD!c=P$YnX!}b-t=`W08 z^mnYOA}14BNGy%S6EXFAspIB0!C;)~Gi>KZvkt7Pj8;6%0|;3XQ`CEl#z(iZ8=ow& zPy@fQED{ke*%xcg2BrIegpgY++F>Xd{S%i$%+|~V3)pERubWz0^p~MXKG!t@QJM|TqIHatLNA8JAGk3za}mQl?XKpyFC)z?cNBjXvAsC> zNiX6g4XVi|({aKOb+3t~2iuQqc&Q%Gb)AY|oh5CKHmw3!PCntcdC1=y%*ke;;^b$Z zjJ^7#Q)&z=m;%Wuit6$4_(hTPy{>Q63jUbus1!=Pg0y5IqWW28qG3z8&=qANEFKC1 z)AsZqwD*HoDfTG|l$RxC({T2nh`MxPY#W2vUHT!K^K%gCKk-*ozRy|L!?X{dYHz@p zczOSk>q%p1yfhz2##=$&z~JrZ#}k0Ursa`fVMG9n6ByD#XhCdP*RE}&bL@+p$?*pU z%#KZJtSUR>!sv)fI4&53c@$rOei0om;f8|mS4>&zx50n+YW|iSqo4^CQA4_L2#r~w zP*1jDH(K6`xM6o)H&oi$d)*1P4>A8@O$pEWC7z(f2^dC0|1$C6EVl(JP_ZgdzYH_| z@rY<-`uC5{&fjUD>5nz^Sl5|znUA`tvTf^~?gY?A-^G#J-I|5Ih1=bQzLwkV7Mrg( zeo=a|k^;OaLAoa`R}C$1|DLworn-U5FZSr1%!_f4B^@o0$fV@%rv4&#M53#(BuS76 zqnmh8_IRr+1YRY9CmLVVKTwZAPUk#h6bD@VrW!6ox~z& z=ctj-@0$hELEr2oRgt+X*ip{8@}liuJX;d$bj#hN-fdGRO6FwJ%5DLJx-U|=Bf}|@ zDlkwf^DcFKv==1CC2yY!iq6wSk|X-s_DKMqn2()T_?i4sHI5XK7DC{P+rAuqGD}i> zph-+X@S^acxj8f3tk|6#L6S`p6&VqHg)eV~-muN{^GX`izME+4iCrB*0mncXz7-8R z>RG@V@Ic1f@f^fQ2hG@jI$Rfbt^PRg%`WYky6LGE->gVc3UDY@)7dgj|)BmX`i#k}g;_ z3sIK;gn^@P$%gK<9Tvlv{K)kAE#0IeypeR-V5x%$3=EY0?gaZob`c_TjpplR{14_e zNJRyO@2lj&uIur;TggGX8GlZh~#mNr2seaZVV*OD1y6H)}v3UYRP0bn_op*vS6dl`_mDN3I0{BS`VJI zfgVgU9kMjxd(vZO^bnYvg)lJ+tlYkbgi&fi5H{l#;Q!nC(eigbpy$Y{ddgtu?@I4I z#n1jc^E<$tOJ35i%oj$!_%w^$#>q>0L*}w~jN&v5-c>CrDGB?6&NrynjY-l1G?fn{ zcbYu7rq9*SSuwaOPHuqwIDK8|gs*7b0OFjtc?gI3Cq_v!GHn(E^iff(JceafC$rV| z>Hgt`hXCwoHL&$^q*95PA|IT_TDBmh_>+Z_N+lnqx(h*)W*3LAzq@f&Qb$Cg7<5g&^NkbAJ-`#jt7Y!Ep>Z9+ z#KPJjNBct3omh2hc`2nEd>K;_KGO(0K@S z8%>rxJ1sn57r(oa%JyBmm|UT3e8jAe=ArrIe}C|)y|oB(hpH2;VInw-QMOs=_)>l^ zq~+l`7wJy^VSpA62JKH_FY6Vbaso4gKvJk+3v+eHnMgA$Nr}h<&ORsBa6y{m4cOB^ zMwZRp^lm+gv75p4>lG~jGnArd@%25?&1u@ngKKIpzP+OjBH%a#+d05lfi@4`#l8Ps zSx?L}q&9z9Nr`dO6PSnHo!c)eJG&IDSNiu}Ryj^;l$f+QnEcOeR<`>0ZRB0&z~_9A z4Mc25V!J_EPFebTbY*7T_N?l^11GeR0B`0T!`zotijIPUt@m-S8$Vc){|)oW|6};B zH%Hd{lnOu=xcf9BUSR&$r!z7_)*Eo5e02POW&U|yqW;J3gQb%?wI$K zd6K&lk)GIhU--|@{(r^)I@`+FZgF>Yb>01A2hAsij~W>N`v8kE?PX+wI=i}5WM$Dn zy1pOVVEOm&s+ET};Pcu4 zSKMLc;zdARy@N=DKt0GTn*WNrGrg!hd6EoFGgl+$5f*;Hbh4{zLR9Swh%mt3@fm>_ z16~w?1F?00C6kqH$98TZd!8xof2}(U5CF1QWX}zt_RRm$sxTpkz%J8s_}h$(p8oS{ zYmlj^`_{Y9`S~-GKAwwS0QqZmvXMkaL-QI0P45!hiHRhKAQB#Xb-t^rpupVhYjkvc zywdlcW6iPIuXj7hf&u2%GxjR&^Oxxoe3&B@w;^(yg1*tDbRHb)@M3IH9JN}^Wu;6l zOJEr1qPsqJOq{pJ8RR%W@cL)q8OR!A&q)abj2R#$Xp1lf3$d}W>47)!R%YI!z|qUA zmViNAdDg9Px3cHwPl0uJmDywT{5WwyVXID}ASAH1oJ+-DAG$*X*=?td94A}{u+2#?h^QlrpDDgeo27* zdk6SA*_&5Q)_U$nv*iPP>7tG>u~PKv2Cu_UC;O91dkar%c>E-o)Bre=!%xi*NrO&u z&807pIwW-^Py1neBImYrq~4u_W^eN`P`Za*ySzbq^(D-GhsoPJ!A

aqCUF4fZ%uJ>1=lY@5(#r02YQ8I>9_OIs8+4vqCMemeg zd*v=fK7D@=`q)KM=w*egi<_v!Afm`l)K^$xa8CVwErQ@NR2bmh61UpO5bA2{%pxMX z=D*F|-$?*CuNYZ}gam^Bpro|{Et3+b5jf1JQ|qxxdiC`5&Yo7sk5*Xq1D@~)tIT{I z)cqU~?eB@*{8d_&$zRrEo&HDnN*O9khi2WotUyLZ^$?&;Y`)M5I0YgECkNO3^^4l+ zWiQl=J61Zdhj2JgCF(u360l{BDI)9NbKI=-^GK!w3sEgO0`5APE%gxCM&3ELTP|Cp%NUn5(Rt5-$E zW#2f%Zmw1aTbucZ(JtMt1QyrQlgx~aqFq1mDqLKZj>2F*%Zcl0w#&Bw_H7d$D@n$- zd#<3|y6XGf@ItP4K(X5GI69@gMmkupc z3#Iv5nD`i5L^5~D;K#h~!B-H@u>xC#L+j1WO&gkSACYj2IA>5C=Q0fa3~=f$u?x^; z%q&kAKA?No!o70Zx=&n4xCg!dQR~UcDKl$?$;E|O8E-xICf%zK!Rk9$%F55&`0cWY zZ{H3wE>$-nIz8_>7~{hzb0A6vR#h^3`I%s>7o2R*P9ik(hxT8*j2xig&;}+Tb;M13 zT@GQ%-|bS`YRx1scg$b>GBPrJJ|~YvT`nRy^(y4^)zh^#ko9QxOH8iw00n*3-cZPb z^#6TRDe5%J;ixss+w$cKf2Q_?^H7|OOZ{BF?+-`5tCl4dVhzg#!oV?brr2A?3QhJ| z5Lzw?7CLNp!;4N9y2@K|vaG1i_uJ_`G8>DIcIZo4dBLhyXuY20mqDpkco)x6| zqhZu+_--q5vP5^}fPM@PWuQZX*)C1v2Yhq3Cc!IhZ~)l6-KD7ABS^&GY$WbLKY0T` z&PbsSu^zxOM)RQbujy%(s@!`BZ=^OnLT(nm!Z<61A+WGA%Aa?1J0f}}^q(-` zau}vIe1jc5Aa*oWp2z3h?p5b=8eMd72;H7Oukm&jrINIB1;o&K?2^>4-MrJa&Uu!W zQ&{hN3quy@&ynC>oG{2Kd9C)nx0;yZlbJ0pTv-pI4a^ zb}&=s-=y||PeG1Gzsly@B?|p)#yRec2mx6<|yZT#_V{aF$| z1-{1-E;mvFKi$8f1`BbiD$>WLP+qZEg}lu%vcRzK_tWH?!9XfP_}~H?>?!oNu(s1K^?6z{l}FH(H~f<%aRj#I4D4%2v{$mmkiY`&Oc6 z7|c*exx0aQa8B7y&6^hCLA3j}nk$tjfOm*@E7DTiUQGc{OS zRb~w+td$ZzYUuDoGCeW6+Z)jGF5_qgd0E^v>NKXowno6A#!gC!NVPOe;^j}YqL|@p zfNYUi7`#@1(93+qg6fyKET;{&`oyBuywXLd-+rdq5WQ+w;4edKMO+Ut2XjrO4!prm5%KLQcty^mvG5uM_#bo2}_kj(dm;B4dfNvQN8=@R?bBD)#sRcZ{p{{VxXkL}NtW(?z1e;Fdp z17Odke5<{Dy`ySsYU0nZF))-r>ly2B84EL&JXSn#akbYb4h%O3DA$pa%;HfHPI3%k zdy%A!&VrmA0#JJd+nTi6TLr6Nk91N*&n-?r`Ah-OMZVis6sAh1%-6XZ0C*Y45>>~p zYBs)NXGGgB^{%L)Ju@|E$q?ZdSvvK)&k1i~;m?4L&lnp4>jp?>XbYQn59VT~=w+tw z88z7Ct9Bl&HRw*Zf6va#0q0GQe}2|OVs90$NI3vd^*#`kulSF(akmS!f8j*DdcE4zj z2OQA~u{(u1ml%`#KZym}`t1Lb5CyD?A1NI(aVsVlMoZ?gz9i5YC&6s{KTI2Q7BtKy zfr;%m=-V87T;#fN-}5cK2YVzeQ2Rde<7;mAhExO>uzdXWe>B9i6@P$jNvz0#b#j@? zW01ceszl_xHYkk*^Q3C=(9_J$S1vBe7Z(?4XVpz7(A|r|2W_$q#-NB}Y6l!BOQ21B z%=M}s#&&w!42U#Ya#lGlannuHH>^4#`z^e8NPu5pgkA7VJC!sYn+?GIDxf7Q9pRKxJ~ zYr8*XhPBE@pwT>l7HoV+54N&W$)(5OpK<)TkDY3~!?;fltfl7OfEQ_X^~0mb7?%SJ zcE>z=W(I-?RB;@|MVW6*LwkT>S-`nB5Rk=o>#Me=f8)`2>mk4QJ4c*tjnGk1aU33= z_eE)&R{b7aracW7i9qS9Ydr$HEsoPxXN(2r4_acZ8N-L|`zTavl72oaSs`K!XAzw` zPEj3IAq~biKBoeTc3{z_{T&9Gg%ilX%3C`)b<4EZ7SBNC(qjyL-g^04#oqKfF7t)hCBrpE>7hG@v8zCNF3 zMqPWTKHfPRMqC5F7w@oWn=%!1=nKq^NY=;XYtnA9jA0@nr_Nn?>8jku%TDSOE1JVY zmCSkbVOFT^MCL>(?OidHeI%nEbz42A9|~XlmNC}uvQ$^|$>0lHDaqKnMhUK#?D()K!Lfkovjz-D&I#T7;CjfMMs;S zuD->W{*=XSlRGd>R0oLoC5yn|JG>B0qLb5PKZ8)2z8-(H;CB`G=63q4)#x;US7^Rn zWX?zU-}uyPWM&5>-{l-`GbQk44{jDL;ErHQ+F5`*Cb~n){~q8uvr%d~;=d#aFq{rcgD$%8+Ryxfk13*f+r{^wV(#049X(%IZY@ zv`do5ZEvjNHW%mWtz0v|115H8i~Fp{p;48hc8T7@ZFHg6*h}hd1HMcmx=KwXvz9^F zC@S>GM@)sZ4$E{P{j4k!+z8wPukhWnOb5COXkfa+4s(x$`9gOOO>;W}S0f=fgoMMX zy3a>q@_uc=bAE@rC!V0QIz}>L70|&fL1TX;buDgtay3%ax-)aOBH*vTdkwXyOYLB9 z*sutSr}(-C9xb+7Ob`*%T7rBgSE?|6#x}5>pEkC~LwpNu)p5SjpQl{{V1M>r2YKJ=x0g}zv|9nlNhM_ZVw*7xPM<_l9D zeiKZ{$!^avU3 zDv`3}ae~3P$F~4P=Q9Z+$wMZ_gIF(pc;C3izp485#_?}G z8Q)NU_C`1fWn>w_4tja##yN{3#kQotHp{!t{(e<#jLHhT{h+>QG7VnkYMDoG81%=m z`<;y#(mY82{@{-`B$s1YRK(RJmfg~qf6}> zMwGQ5hNpv&3STjaPjh6@Eq|PB=37)NDs`A@qIeAtr3*hbF;``BJG*kHY5(_7IxUJH+%1;%x^53e~` z#@^s%8s&w(0tC=ud6gJS?y=W4$hB{$NJJ|2c#ZT`oCeXd7?%uwP>e=08+>>ow_|i_ zjKVoOLRRi1Es{8_K%u?hWuf+#3C>b9Cj!6$Tm6XFgZ?l_;U=?Ziux(es=a#FVxg2^ zV{l`Le6W3$|H-Zo1tMn2{Nwtw7o+YX?Lda8)&h@+j$MKX)Y9mOZ>MKi!jDAtkGwMC zvAl6{O@*^&0r1%d_g(!#{lEom2={&6Hpghcb_IIM6=Q!*uQ%`GXh$4-`nQY}R zy0INiu%FG3!!t18lt_Nx7J{xdJ(WBnC}{rx>p?jo2Hl^g2%@GLH$fisE9oALKUpM; z+Oy_O*dK)*zcUbl%wFPV{(^+}$bI`3l8?b2)TWGHj5z_(XO2H&H(|ArY8SfaIh(dE zPmG+^8f{JIt4mn7LTvec&(wCY^B{&ce-3ao+vZvh-n7Bsa))m``EG2%>Dndeb;SmS zUoMOcOFzcfSvxSu#n3(AP$KHK?i&s@tjkFI7EB?6H{&vT_AaGo9>FO}|5rNxzW6&^ zl@HICdD)NZ7uUl2%LTJpjL$X_jYI;B#e}@1Q51WZ`eF!d0O9NXY<^JSDOo0AQ3y8P zD8!WfF*xn!UY6<6E43~ZC&}u^4`|`h&H|j^@TeK@4F?!&+8j;XJvJK+ticr3)Oy1ddt48fjl# z8SLEXGoo(A<$G?C^kGaGML;GR9FE349B$6#I)yHin-f7b59CEXcG8H@C@GrKRvALx zK1y@IDH&FN!qxzFJDP}HNolcezk}QAy{q0eZ)r5X`)NVQuBK31e{k;H)%yB52XiUfAJ;T?!W+5n z^%>H+2T@=@tqWQe%$zt4`M-4~i6BUA^J+u6I@ka5u@Pjr^vIGLNt@yro91&00yb#7p&` z?y!nHQocG9@x+gOX_*@#gFAEpvT}mnOn*8inuo*NLr6a?6?+nG5zE9_K1(7U>Vkcv zc8#+M%oz}9KQXSRSABC|C%K{zcV?XG_vboN1cTDv6Ps`&WXiiIc0Sdlt)eahP@NLC zS2QvP{(r(IQF(mkVx?{mn(7^xn@#I$2412%KiQBE0w^fKHM}Tk`XB>d^Mb_QQJVW^ z!PycpB@spe7&U2sb;7c4js-eZ44hT*P?~^7T(?mjg47IMrR1g{>35=OBPT*RHoLj# zAf|n~h{NC!Yhxxbg$Ab17qQEEOR`3Zi|BcOJqMuW0kMf~Bf&|M_c_|oqf$AGYT!Lj z=wV`D3&4J$a0h=(>?B;lsC=4JSoZ5Bo%N|5bG!@d$VqEAFH7oF3C&KZRZs z-#&g`_UbJ7Y`e7ig^sW;S9b#4!v@dYu_O-sPGadrbNT-E8A=D+iH!zKMQ;*UJp6}> z*-Y$axe9j4{3NlFz7no$i1>|a_^{erZ)s_ZP=(U3rr8Fx=B(iyS8ZBCCE%n<|tZa$&DUlq&gF2_h|+G|7KY ztL>S6?uucbvFdVdh-^;?xaw8qJ6=>c6m?NCH@Dx@_+P}mWmr{T8}2Itf-G9;4naDU z?nYXW?ve)S?rtOnBqgQ0JEglD0qO2K1OM;4&-?BVd!Ost*Ewf>@Y8fL*PLU_ImYwc z_wQB&3Wp70^LYJueIsIHrb{A?CR%*hA`H0CPy()NSJo!;)m5NrHVab}85#CYZx&63 z5nvxDvq-*_dEwy;AK6)1A*}%WUhW<}Xo6oBf zBklHj>1YK(bRA5E>#a?sq$keY3=5fP+5z9_2AYE2AN{N6c~U(gC!nq~GytDJ@#%QE zR7;-^8k$Y=8(Lt!GzR>fFMT;a(8JD6iY}-M{y}8r64l11~CUW^Z?xgN?=!a=cQSx2#3J!Sw7G>utJ?C zG*Oo-kp)2Y2x~z7tN+@F#G*Wci)z>8*6~@j+^~cevOw1(`+Z^qTryuDpDb0-T|X`_ z28J-#V!-0LMaM(U{pLkT-yp7)X)^ia$9r35W{dXc2*k!D%$^V1VlM$#Ss`CvlRT&u zW&~aj?#p%;w>?N+F;8J~)E{tR;uLs?uDI$7uLjdrW3qVTpZ_|_SZ~em7&kD~%az=% zox>6tal%h&>H-+*CkoT>2Fs%4VC)4l-;#^Aap)4zifPcvr;CY-^dV>yfqFFCzZ=QF zi}EvkrZ#O5Y1R@OsL=6~$pZB%$mu#Zku@-UFjf7(W@9U@hInnf!jv{(w|$|9%9P*R z`NC2Ab!SR3%dQ&EII*$2a^Z*x2_sKu5L!o<{tS3Qr*J##)lvECAc_1uks;vh9U<{$ z>HiI^Ybo^b=l(OD_?4x#oS|RbP}q#6UO^?S6{%O}VPGq;^4qC1mDVJ0v ze?c55@(;^Wu>$^bAYqQoc}t{=kmKFDQ2l=o2y6jB2kV5NljO9B^;vB3q_OAT| z|ACK>Z?;yq12R6(&#%|#_aTO2yADX*wcXs^ClNy3xqdL!Qpy<9(h9$S(9}s=dj6b+ zhfX>d&*pnlduC^lS{7SR_119OxZyXwj>$XSZzs=B1xaNvZ~F&&M>bR#m`DV2iF{C( z%bi2(WUO!g1}=ezNh2ML(8y)w9l~;2@&r(Ar*z3NWv)1pY^#324i6EevP{FORA?(|am8wfgdSh*p zxRV57bTpIdbFVXr7sG~1wvf$&>DP6cg03@Mrg-p(e~smNrSOY?gdW&+0WQ%{`yX8e zJV_N+4WPbZP8*?S<-{gE{|ZTs!u1UaU`t->z*Q?BJf;&F= z>xn+;Ccfp=yR}-VZTlB^U*4q6{N2BpAXbQ4QjtV_@qicsbPG?PcnL{G{{Mf%5&og5 zJYA0eP4e;~!6|(-u+~x0(pEB1$!ck(YBV~1B;4GbOK4R8au*hM`xK+(d~=rXo^K{0 zDOtq}!~qv?O5my^0b(4WZzMrF1bxS{hOH&wil`Cty1fOOiJQfFJ+2x=Tg!y3ywYBv zi+}+z?YJjJfZcXxoz?Yx^z;@eG|r_eidqL3xx0+BmQeFI#K*iOJc?a+JPZU+9Dz%h8DN|OAJ7MX@0rV<~!{|nSM~>O6%CYfbx&J zg&`3qvE1$2h65G9kN`vMhy#$iK_7$$Xv!)W+-vyd0s;cW6X;XkaBzIg*!PQHAlY*1@XA=K|F3eU}5woO%`m-O%_-!Qnl3)aM-AT zEV{ReiHR54SrlHb`i~FpH}kwsa>wqHK{Uis)mFjl7olvC;a7yzZn9N9E_8aKD!KzTOT%#{Z1_ou2r*#P7V z%w5Q&9nb+L_{P*=a*18@^|do~AsBL6GBE4QA95^~%iJ4iwJPN>X}{%8b8&EN$6bJO zUG6-+2D>(B!WyNX-=9nbttVJNdem26fBpKEXy8zB^4n?FQ-Jfy1Aou&6>s0aZsinC zhmlchu_M9mP!NWIJoh0VK`yW(5JhsBaFGV1QiWk}hG~1bWm&Qa7sES(j1vz4@jezn zaq@uYPr@+oy)eLnkT$uVzd!#&q8VN*%HedhqHZrCx22ymwAf&uonEB7qJ;oR7r<`^ zGRmi)Tl9&LwKrei(3nhS`g0ez-oViqKYF-t@Oj)GGQjtM(J%-$2){t!({BJAFg$kw z`WW-Y`pL=^%}Toc#fF6HT@d*gZ@I~lXaPgth+BBB3t(9(oOFJeTT;_mc6B(6UnL}Dwp_r*;awQ7>{v8d>wGC{ zw^VYZrgxpfRbvRCp__A;F<_JT3$zvuL0b_+&7@5F^XC9iGm{s&E@_#HalgHYdo{y? zWBc&WU?lp2mCS7t9mc|74qpci*QaiBYz03Dprar&gKbYTZN2s&*+&Lmn1YifPF0KP zq@~Y}TB-QVm9hu+&lerL7R7$dx!^K!8JT!AvH&wNDlV@6=CeU|YtjL`v3iA(DMsM& zX-tQf5s=h^LtFq|TE(5ayNa{z`JQY^dYD;IxX&_)p^(2!;M^fOEuL%o$-mp+n(*Fq zf**4rO|9NgK1b$)BsPPsvJdO19jgpJ zU-5CqGfVv^6cO0MksSb-!NgZ5F=BBL2=)d<@G4>H*PdlU>%Dx+IX0nuOHD0-OoSW< zw)PSd66Nk@>a+|yPQYhUF7x8Td25KE>PRoGlvEjWILOv_mynb7iVXpDTrmf=zvKsO zR0HGsAg@LL>VX^R6$10@zMQNPsGL*{R;KgRXb5 zt-t9Q)_|q#a0v4ExM1m=k!Y>iOn-}m2Svo$_PDyfXiA;?Z8hTMS=5t~09c2fG+QO) z#Xq4ZpqIEyan+ZYk1r2CJOOSI)V~^HSn$nF08`w|G9TN(*3C`x7q`PkL~hqy*)+hp zftGIgPC;{j_uioMBaj+Q&+5;}f%SrKKc`*`$RGYG*X+r+9#_J4(O@ypYVRr|B@qiG zS-+ayUA1?=FW}gw{LLF_BqDAGgq%02goHOXVsIIX1@XA=%)GJcfz57!YN7N65McA`!BaSDry{wcec%6&<1oM!}DE>8jhn~S}~a+yf`2r#*rww48U z{bZ(|leJrGuJDR4K;PwHUwvb5h9jXSukRdmO37_LYXY& zWeAIiDXYi^>D0<~NI;H*jS7KqL3AN9s*@Aj- zqH;w5I9YTMtbyqZd<(u8m}7@6N!ggKKSLcsh80+)$RoAlf_|LUY_&x}bD^%qJ}}fe zWELi{J*fF$GB^~j1D{em{YA0#K;}E&!;uVc5y%H7;s_8+ONTdAGVR{#0x4_khBt0J zDkIeEwIP}-cWhr%Ez#0EzBrK|4T(UGXE9gNj!zm2Q6z%60ZvLW!YHVTZ8Me08oVl& z(%|nrSSS+$6b^L?TKurU7el1Fl4D{ z!)E(%n2S?IAY1kj0fZ=hT19DtW~;mqMO4HjlH#R3a$URZcqa16F7{!wmQqJL`7`Ix zRdekONGTj_yZ0U{Idzu^B0D?>9=7bE3{8FU=R># zAkxux_r7~30QtDRyIXJ=+;@V7_Kt%J`5hb3j(XxRUUq>xCo4_ z)!AWIV%xQIK@FSetWYGf>-w03Es5D7LL(Q*aWReNFXUUOd<5?Zw8L#JoAaGG<)2vG zF@I-7l<6}DJ8~L9(zjyMItG^_aEm*!>CmtO^VzmW6%QX(S1UBMr{WE#aO_l=ncr2# zKnnyJ;Lh~ytJj1Xn-{OmIw!%|39c|NlV3gDZU9+TpRCeDc7mYh33m)9KD^Ru3wHu+xHS_$3zSnWVZ5XA z<-aUG_J)*VVOwW4HH7?|ZF1P2B28Z*S-)uLgLWm5!p7AJ-O=WRr44ilP zUIMm>voySf_`(YuuJw=FzLnboZRopef+1uRj;)i~t!T&jFr2ZsxhYcPIg~ z6TN!%C%RujJfhs#=*cTC?K`1V?D$;VT{*s{Zy0nDi(I`8n7=@f5E0*}9EsdC>gZ&G zxfOlNDApw=-YZ})8FHWn)G_PN5{AmS*zID zP>){OTD^~!$n6|$XS^&!XB-#&1mHa_?HY+6w%HT^@S*HGhr2|sQ6i^dNWHYxVz~$i zsL3N>Fc4M}n9q&u?o{1^$nlxY5vmz4!Y$wd-IAOnQuG3d;}YE}{jPWL4zaOyE?^nc z2QwA6lp2Zfy<7s?T8OsCwd%Zv3gRlPj{wtvu11Xv!96I|gWQyz*Lna2{q+e^WAmHf z>R{gL{ei>b5{eLc1~O=2rRiQ5YPY0P3>D->V3YeLGnY>)pB1JrrU9l#^;QWpyh>ua zJ!}M$Spf|V-4Y*&WsdXm^0GPit-@}3+1DTO7Z>UG2^ux9l)oKm7xb)fQE)LZK)TsS zbR0Aia68{WFG(ctr2KR9g+p`=uTv^RKQiAus%;wG@=J#g*R;TRT}^z3!gDMsgKfLl zPM9-bL}tirl7pWEY=WIj)Vlq->d9?mu-LcT`)58Ld92Z z_>}L!kG!8BP@dXlif3vU1F2q0w1k zUXuLMY_dFikMX>--uN9_H&iIgPNcn6qCJ!U@Kam)8Pl>q#w1SVFa(Pp#933uYl=<4 zJ--1vRF^xIQ$#YZ>s6sZyQ62R@7Z~mXxItSMR=+q9vbS6wo%+ifbu*zSxQCB4_7QF zR_N;pi%!Vt@>-QR_c^+In;~vb9@4j6>8CPD)=jC_Oprg1=Ru>pi8C=dhgBBZHYwF_! zMo6h%qkqge7#hD&N%t@sPE}leuFOnc-yVw_ib*F=f+7GJsY^8DG%D?G=W$)AEt^vn zT9_oZMF!gf=z|)bP2RRMh0>pG^E#{Tut`^tmli;{Mc?x+276YOMYL!&RX2&@Dr{KvksTbNN<|fMJyKP0t)2H|mjvtlEO{2+q-H zpe)3(b>7Fl^#|;6o)g~+HYWC!058;URxdW_Icb%oV|)Q}wVr9#1@q8L#1|n^+ECU% zOJ(%yS>ZqQ+$+HpFCq{T5xCjBu1xyq(q~Wv;r3^I7R*Tu_gql;S>epL%v_<{3(k?y z{Ua@Y@s~ScjtHAY{;dIQFLol9k%Awhs+O-8plBF@gK6OmJ! zp0N96vF47%E#q9;Y09vL(i!;X{zt*A%GP%`|S48(4xEvmCPD z*^3$6>^K>>xz`d#a60m8SzN-`GxQz)jASrRGk6`6Ff;wMEZT(^-F(X9_^DX!PC6P} zaE{-0St?I_fSE!xfiw;P<=M$hKIqV z@4q_Wk|HvENx$G&i!z$J*4*K7u+Utj#c;(oC7{9As7*LKpY#1YTv8>&qCd@1vX{Go z!RI`-FdCXSOLSm!I%Nb0?E*yNNkXlYWycY14f=7aC`yKn3JCa1&hq{-GbD=yXn84v4wy5$bV~~mM>u~FrHn80>@B)UD3ZxbnwnKwN2^%L>zZ# zWB~5TXHP!=#h*iV@JsL&nE^z2K|%4Ewo@mnlMCYb)!TnpVHJHrO_%(-^>+_|m`hdYpDiY8vQ^y)G7zyU+0o|BI;|_f_ZT7ZTSOH2U{fSVe-bFktF% zlX<*Cc_j9{x<51ko9qj#zE^3e3`lsaQJ&XZp3zp#4-!Kud`6F(i_aw)Hx~p0q|I<) zX*=+JzqR5f4*mU&PX%ip7Qqp{p*C>1+FYe&_9-r>tn0IaZA>!qmfHh$&=d-P0?Ybo zBi4A{;t$;V<&)S*x3#1QNYOUe$lH(&)>u5WpV)G*y4Lb`++*wT3QBDq1uowQ7BYDP zLv2J!SN#mu#Ub?t=9brCk;`ghVrJSurZ@RyU>2^n{voj6m2`Zsm}n;9^Kfq{i(rrp8X^Li8OJC9j> zJ#t{6cGT0l7I1NX18oWO*YAfl(| z1E|3Ymn@6(l3ffGW!0N7(fI!coQWk9=Su zsn`D$YeH}ysO_n!%Yy|}cuDR&?p9rAL5UA7>)pn@RWm(Mwh{_ffv`(?fHxc~H-uD_ zbf4TiE{n^Oc@?S5Q~Jvq41J$HLGirw{Ixgx?#ZV1WV5>78<(|T2D|mib7Gz2L(h9~ zJF7%{1)oA#`}Pjiudhmoet~$FJo^P8vo9uk^@W8SUOP00wC5n)r+E#Zs5@gch@X)tGhe@(ULbq>vkfn=?)e|)Q`Ht zhAqwRzxV1YaA_Lc=UJ;71@GDwv7d9i|DEo3^Q#BF)+B}y`c|Xja}~Y%_7){Tw~o2A z`8$CM=*h7d(XS8;ULby^1~uSvvuT;@)xg8BJd4b8pn4w35IVUwO8dD&z~}KD1_mY% z&>w%i=RxOjM1Zd>H0xqb@9(|_~Jj{L% z5lEd5uSXU>0Jg3to-xS7^sYw)ENvmW8bCc{OiP``#FZ;~BZ*lcw`8>ghwM)%@4fiL z)$y16w}SqEO}8vo1>j2n7J)bKXe5iWI`){VN}XQdLIsn{0r{$u0K|+AWU1a>Ng&odPSPTQ_tKm=~L`0hUzb4nrk`N?W>I9AuF3Fd6Ot{_tuab1qcgRCohij|ud8!_&{VgckhR zve0S^ZEVT zzy#ROySttQ`Zl1Hq=_uRWmrBaXeK=mt$RDjrv0I&So5irE&u6L-uUr%U~aBk)(hbpGRUk%bI%D$r&fZ1IB0OI z1C%Lg%Tz%DPRyw8Q#Ic$D4i!1^k@A1VE$=EfnF5EZm=Oo6n+j+Ui%n;-E@#I^jZ}- zMc+PNKHiC$EY@e&lY-uH53}VSc9okTzgj~rzlY(Zt)JqqRN1PWHEO7~Fc?ndssEcp z51zKBT);t3LaZP!Kd~`5%76zf>hK>Rg~_R@^q`)~X%X>GH8ByL0OO7Ijk~vdK2jJ3 zNIy2|)(u`e71bZuy&L1@NBF^!x6aJ0GnG z6w%CHv;dxM8C%5PSJZD!eu4h>c6o~p5DD>An442Bo_Q+ZgTO5D57yRkSmV|6czRE3 ziKryWD)_lT4pl|@@^^=lrZ&-8i87?XNFJ#E`|*mel1{u}a@Z`|;ByvmubU_A&vMbA zl#{bjs!K?O>>~mCAK(ZKW~;$i#BX;hD*pO41m^B_Yv>ze+j3?N4{a`q0Oa;M)1D=h zy0je6(9pEG|M;_Nc5A>YZ)#NrV^NK!R@`jleChuL=?86UC!oIRT{)@!Po%dz zUV6Hru5SK`pn&@Q|2v0yC$)w9Lf$TT@k)pDln%;Q7yO7Pn{xA?KZY z_m!_XP%E|F;^{H9(+tr|JyQ1Os}vj#7btEW4r9YXlIAZTXXbIUq&=qoiVE}jx;dh! zGkE{E(elstFM#q|ZK`PbZAU<4EJMq^%)?nii$uf4 z{>H`N?#Z83=!9E+aP^Y@>*@h5z;uaLd}@cNI8j>BnCJCpoO;vTusKw6GU>KuD4J?X z1qN*sc9Z%NYKMKMS!(9$NFbjPP_oqWvSNX!wabtn$!dv!_I5O zWA0@74w>BGz@{^vuhaw)*&iCBT*pk>%{e?zRDcm+qNlD_?NAeAkB@;(jF7k2=K8*Y zdeZ*;G*xLi*=WK!&STETeFxot-u^r&pNsOdwD*z$DH3SIrR)j^adEmmYgxPA#wJ*= z-&i;YrSdQ9FN<1^X^EHP zZ#YjPIv2yKBv0%aSVa>!N^Ut}&z;7zbggU%tMdQz2BrtRoZHgFG+gg*L>B(Iw}>#Xj9TBPU5+fo8R+t-(aP``dH(b+a({@9X?zL*UnLamr^A-K@ zk9b6}>KB2Z-WnHxq5l+4pT#Pt54%62Z#_19V5u?bg9+a2qm#u_m6hTek2Ijdyn`1n-FJn8ik#)eZ5;sj@@UgYy8y=Rr z1(z$fi}M-XmWW#~oeo~Yt&N@KJ{bH9*#31MTl|47GlHJcxSQ+d)ahkw*P_sCLVN3l z%>cB%DSIj^7x`ksDSPW;vIjkn)eNB*zZ&ao`(XChL?E4@?{~jchpg0Qv$Y$(Q5(;rQH88U2;nWEW?oI$QCFgdu{BvtR4-CzYjz$Pwq&2)tYe9dnWE zhyLpvmI|-_Yi^hprtf>QPr<7OsWzl9x(jheo<~dOMt(TfCyOS;wvMsr%nQA5mJuM3 ztG1Xe#8icE8CxSIt33H+&g1-@GNGN}kK>nlFp8;OaihuyNjBL~Y0zsn5?eb0OEQrk zwMGbu+VLzWVdwmQGTQ_-y!97`i{dN_%J?E*_qAomA7u7v3DUvg!PN6h=6E6 z{9!Q-OFxh+n-bOR?()m;Sbt+Kt{)x8y1<<4PP8}2{kYxPwyAgrL}KZ2MT&zhQv-l8 zsIbDlh)sdpfw0-_&6n}k29*BJ$symiDOhn?xomIpn$a=4Pm=$yVMYd9)KkX3jiy(J zC-xz5#n_}~E2k2dOa1v};IG*~w>EDmRL2f;3rgMbKAOEmS20$9Z zYV`_#%4xA#UBIboH%zu5{<%UuKMYS*d*&jYLTUsWn^H3K+u^>TEyb9OLAki_1tw(Rn8u z)aC}B{h3k>KqMrG!kaEQD(}qFZv#NCvL9l72PyL`pD~^fo9!4Jt5ypm`{Pe=+HH@0 z0O@jlWj_M#@g`u~4|R?_Ko_p@>|j=CcYUitP-Jm#l1A~j=jplfSh2Jj&$Q6yciqWO zj^RWWh2aYIY5JT9Xv1W*ruZWdO@Yv1)Ni_Ck-hH~4x5{-n;L$(Rq*V<_nWfW(gC`% zSUv!S-_z-+_Ee*0_s7%5xB0%vb7fmd0%C(7^SWv5k)TVt<6OzIH9GuV>`$8xMwR{m z3m3ji>A+m5ODk@;dn+tK3(ke_Ii>Xb={#i=I+}Qfad)n?KrXERe1T1f3vgW-7uq34 z$UCkhUp4SacpSCRKQikD-Z`ASyuQRq*vQRRHXM5pe;Fyknu&R9;~tiPF#(k=HL_HH z?9=~Ncq%(|E8F@Fu-S2J&a7TAGD>j)DRmID3XB(|E056NCBkvW|A>r&mOs}fB*Nldy4+OE9*7mxO1 z{qXPhjC!W%L}TgWKx#>EJxf7H3@*{bH4jlX*~7m^U$|qAG^4;5;U)Zr^N#7bz@zHB0ty%Nmg4`shU_fLJQo2 z=xghohX)r6;xp_02twpZvp`!CR z|Jdv@z(_VwMyF?*E0bt0yk|-P|BcNk{=Lb9oI}zw+VpNLT1V{*q@71o;VVR2!sK&q zVn41*Gcv9kt12X&nUW1OTV#;^GJ3zRL7bzWxXZq1mPGMNy=qKWg!u)<_u-Bd$bY`! zO|#PXZT}R9%pi-7tQ{tpS@u1e?KxkE_rPA?<}3d`^=JFd=bRd|jL1vYLfb&G^&^^` zVQa7xddKSo^w!uV;rUfe(ah?{90BZbN<=U0t^bNQ2FgKUsZz0Kl|1a~!1nm0&C9j` z_io&bnG!3jDnh|t0b@{URHQ3Jtz;|KWNEJ`QZqn140ak?%cMLx5~!XPOH$+I!e(lu z((&aWj4-LV6FhP-o|d6287l6fHvU06ky&Tm)Ix|wirQYHIX{JN)wy30o$EpiKcl^K zSBNQw&o_b(w}zxQw_v*Yh+YKo6H){mOXn;+S5VaTk3%hPHMlo9F zJK9T?<)71J71}DsMYee_{e7x$Ab)!^f~L?cG9$=b4zl$#F#-Z3Q%H?;kIrFe6{3v~ zM#B}%RPR3=Z1Kb~U@gZkBeG}rCl@!8m~3yK93d4}#_PBw0`0Ojc#Iod4iShJX8nW! zr1Rk91~z8zww3}&h5Aq*sroLb;QZhyLk@#4h|K>AL5cgVT# z#Xi$Kn< zdtdiNJ|Bl2OybZC3G3~!E+woE#4A%wvo(^HoTg7P7|8orZZ&Kf99CO2-Ho1tHI$|Z zg-nyX5g&R;you_FsBEetiZzf%GnmZs6>L4XorRoQiv2NtVZWSrIRq_=EFAh4N@)`9 zwr;pg^sbs(h-elrV=U_u>!j5=0ABl3@{~!+>WlEx?rT3h63Fhsap@1kEpM~YALl$r5>cbqSN*>F9yS*W8N9V-=(H3ylK3N|@MOc}JP*42!Y&*NS0OWa~4(ke4 zAzotV9Ot0spo#`*0(NuPNjCL+EV}OuKg7c2+D=FC$@(las$j?$GEYwJtsT6b4+|B!A%P2+MHcxzjP8$4Z^Z$)l= z?(`X__@2F@OnHmwNKqqYxQ-&~#F)9WdEt}pf7Ml|!vS+2w3@2MfMSar^rm{MX6NwW zX%Nf`Sl2M^i6YmI+vdM}}f`bECV~RSM4#g5w=-Nwe-B z#7*kB1Rp%Lu=-*4A3I__)9e*-3qztFZKG9r2WT(ZX&z^T=C<2LrpULy?2R!P z<;q$kNu2G15CH@Mh;^9zk7n@zpp)qaSt>;BDE%wdZWm`C77sh%5~(?v7`eYQWjIEO_y^Qvc0uZ54b_bcPd zYLZCj7Dc(lDEE01;ruMCXgOvl0~dSx7!Lgn>u#`H*`I*B&m&aH=`73AOwX^j)zyqw zF1!K>tzH1yTTRX4a z&i|0~`Xy-vDG9tlsMCmzj{`AGk@TJFt}2k;jOg*GBw9Duaj4>|&zC-wxDXH{lV~Ng zn9y=Lnvd^S47lj_M2P=*aXuM+{YSTY3J+5Tza*|F)4|b1=`~jJ2!|>5m&S0l(NRG`gfQ!3^4l}lB=9i z&mbHTk*8h9FK|X75O&(l8A^|m?WOUopoY8*nq3P7Q z)+{5v=%F1O5UGG#|7lC!-i4Lut&Y1on&-iDy%rO>5en+n41CuGz%#ye@@T=Q?eXre z9AWxVFXZy8!7n=6uMC)cSe1|V6CA3ZoHD7r%$a>%*3>irMFa!n3!eE3)BJKzAx!Uf z9Ns;D6+ihdSN11%MRi-_4^*yR#xRu$f5@g;yv7~gvcOwi9u>;f&6|$PWfSiFDinB1 z_)(zG?F%^H{S>RqL0bz7>(O6vQ8<-1aYx}+1MSO@&{^7^b2^;8wJ#AF$h)k}$8C8j z;IFT?^_c+92eYhn_kKG5rJ9P=)?l(G2wF`#CpJ#T(+#}g9&*i6Kv~62Cxl3OyRwvH z3GKDrz_+0|F43oO{Tk~ERczF^oPoN(Nm{OKnEf05SWB+n zs02D}8NAu?iU71W$bMk!%YUV7iq=!r>P!ap8l6i-WMR|{NnpFCU2L%(tpmT(ss=$v zs>%0;gzS`*EXgQ&8GafI)08Fvb9Z${bHJ+1?wGWya!t*0>9vlZlaPI)R=HEg0GmBN zt6k}x+9ei;b9?;joudp?TdkNg$5xj1V>vbr{k;xO6vzK6cztmdfIyb|;yjoa#uZ*5 zW2ajO@iaJ2e;ZC+Y>@boQL)hy#!cCRqxY&(D=>z9>qD?x6|l{Ci;f`kkZChCl8(MK zIr-BT8sC(FA<0P6ahUFXKRNgs_T0X1yAysdG_y9R%e8m7ml(qthZN1c>U1@T zrX2QLMukYvZhB~c%?u{LBE4$oMH!DppTQz!=Mkwb?>Ek0^{Fb96x8x?uU(RN1E@j> z4Lsr=xRk5^|F0)cepbI^qu-(7C-2JhIlHvKV zU{W=v)nxNw+8YBK8q*~_>}|JwlNpSSv<;i+(=7Xkkr_4Tr4CVh4UYhiOHN+zy!iUA z3afTStKLSWzNm%b5qA6xk%Md>T916iCg;v$h=t5pw!cNX;jOpP@&MQj}dm4ZcTSF+L#!wc9WB5j|xQk@<$-VHu}7I8=Ars-`)S0lf8Uw>F%fZ7bZK zmMO$APa(DG;cZ@;K0(p2lKU5_y^foux)s;mD;1Q-A;+JPi`lI+m> z^gqrs!+`1ZMan#MzZBoPkDc;v{`j)AdfZ+^<42O*f9}FpEW7>+jOW*hx)cSq`;mav`S0HVPjYM zETyWcU?ZO2E#@#K^wb5zV#~BCfuLv7F=C#B-uBMXFijJ~ETwO%%SO4!UL&9-VwtO0 zdDdo^YwP^zaQd2Vq3pk_Wbktd81Pd*fjBl4q#xo5!@uIdWq#`IrpPhLq&1cj<(zcd-Uvt>} zUw?V(A2w+2k3pzUJxYqK_n$ z0CBlZB!8K>`E{Q{pDOOUqaX*R$(s0|&cc4i-zt3bzcH~(B#JbDGozngJ5kg=|J3in zu|ewpJ_MemlkWed;Sv6-Qsm7rIZKPU{7DG;qe-wk)xR1wQAwiV=#`1EvWD8`)lO-$ z(I#8bW=tLNEEx>>CbWR`zJCDhS_0S~0u<KYO!Bt}-tN+WzY+Yy;tzTSq2ZZG z!Tn$3MF*+1C`c?4b0N4^8 z9UZ`2C#$8+>VU%B!{ZfzE&sG{vpVKf@kRPq`1RjwSpHS?Lu z_kqSJ+G*yWOVlrQfj%AAWTMoY+vTjc`HZ8K`(kHSA)a2YFy2!D3p zE`TC&yBZ;RG6A?hap1v8b!q|vvbvlGwKYnbxSM50Je+I@i@+yg2X6#b6$^-@#6~Jw z{S+rk=#qQ4KKvX&`ef+?EEDf8qHug*52I?6X`FlTt%5228OX@}6x1A{_e1?Oz~^V6{UVaxTz2YE#Io|^5U%yoGi)uzyCktbdKr%+4 zAxmHU*e-P)rsH7RrP5+l)PSgJth)$iS_5e=-uwV4R$-IVX1MPT2BToi!9sjo;pr~C zd$V(MB~2wlVqarj=Gh6}(Q7xGYstm{H{W$-Wu+LA$|s-D5QM6Hb7}jkEON?zK-4ua z;cabf8Jn7-=-Rv@ARwqmzSYBtTL%eE;-aGU-#KEa&(G~$v>3^@!yItb%ja?~H-ji;dXn>X{OE|W&UrmR z;u1t%8Wh(pQN=7zxk8fIWJ3@j`#t+5BWoTdTK9si&6lZH!^bf-gVpR8Abjt)`YEk- zcu6=m$uQrgaw21!^5!r~^i6=vKA+p~Ufo12cI6zIl+3~JxzZ`rJ+IKuICs%3einC*lp&e-1he8*Oz12%;Vfb++=)Y-G&K- z@C^Tq;@`)sV}hZdyP_uHPKTy?_a->&X6ESAJSVA6$MEXmf|<*2d-kz5l+pZ8Lc3s3 zCdLGvIWxr@9TX+y4U=VVPv4#?8+OD6DUYaZ_a2F*GZq{ zReMvDoh=d_BWrfLv{y*Gm{VOXs^w|nN2^^eMH6aopT=Qf39$wyftQIDeswuHYNFw| z`RF006jML+xMs!m0KeN3`m67PuBLBY>gML>{I?9#ryh{61qkG# zj4~2Zv3(&3CKe`f^~1ahOepZ*3I<)_NGqM1|NP*#ER5`Pvb7CGCRem9hAR)X?IGfR z+q~YBc&=D~XE9wvos(yY^?i8SDCiVmkrlgd!bYi?i(#iDjB1TP)>_&E=w>oJ(O0iJ zTNeZivA_!vWTcm)hM&Blp`i_c15l05(zKrX&8B;0GyA^=HMf?Ama!O~YE{m*fSc@u z>G)bWR#InAFRduoLr0GMG5k;rrPM=Rm0){xaqoD4XlDnXda9}-Z4Zs*d;}-s4QV9_ z1hcpJkFjO|vEa{(&dxiXpSbumtPYWckTq2^1C(}UEhUQ6FzzCN=BW{Sr}atvvb%fd zq{FK+gOhW+sAf+PvVD4npH0TV75!!JTNuuI(GOUm-%7>C^$J$G8lyK6p`$)blY6!K>s5qGl6@c$j?AF#vR?8R^IdVgb2-Tu$|AnK99 zlCqMzs@lYLiBpm0F^K9_IZ9@B~#%IAYPXM@}BKT1gQIF3@t>7QvYD;;^l}roVB{eEu@y zxiK;#mFVLLQAgc~lG*7@NQjN*i#!Rz3%71NWd@R9VDg@;d96547Kmb2H5vV3;oS>= z!5GcE+2@L*kj-o&7`xli*c6Rhv&Ofvn_9*#gD9AuY1tC zKCAqTtV1sgDoV?U~0Z_io^ldF1J2k_OpFY4)PO;1HBU;&DFlW37OV;(xCmFmsPR zS$9s`K%TiLk;pN#BqNvdoaNo8SxC}Y;G{kI#Q_%uZ1?s<2{}h zHX%hr<_`nU1xmGh(JJ=-DZ6=eU`topX7(D%Jfyp!<3gZYN)A7?C}rcQeoII773r|K z;1K5qb9!=eR*R(bzU@#1ESoM`Jn`F>Ax{^qqgHH%!Z%zUfzD@V@0%a4Gv`>)t{Yh~ zsv21dgJnUi99dg1o(k^b8mrfqOLBuA3caGYf~Q(ieQ`HdwFH5 zviiN=3S5x+&e%p@S=&6r!}K}DD)Ms&d*D{y*EwMv9Uvc=mJsd)LwAOa>bN$Hh)>3H zp;lLY-hHWb1l1M%VW(m%neW6zZb!{vVRC@t@i@{B(?a8m^M1SM@mPfD>B2A`d|e`Z zkNr)*zIeoA?k2p^qf#On>oVdn826Y{iLNDrwp>{+?Y(N+D0#}|LH{XHTyRe#zUCt& z24$FKK7yN(SRNQzX=8ABh|RG-&z}< zE+^#}pGBezi!{u&wK@S0H*2mpiG_H~{nR&T|09#A=O;u?|D5XD5@1696Es-+Sqj?E z6_QFsUJ~v!sdRm>HNEOG(gIR!iGA|A*`c=t({wc$ZiuEQrh11`xH^Ze;w9b}v+ywt zi=T?8B*A5d4QHTIt}aezsnDMez1(Y5k}o zUC=pzJrv6Py1=G|N0Pys(d1eqM6Y@GDObAvRz*pRf@Jf0#mNs5>*zKR;EG##v8}l= zU;OAeeA9fUhaI4c-F+^UVgF1}-MK(BCwF4oxO>Ql!}PIyJ^CW13M?usq)!Zc98VGk zSu-@FC|e@lMi<^ZjZC7W%@t_`9KA|kMA{<;#>9ZV7rj+o0=R1Z5qBrZXHc-g#e7}1jEc6Z!EJz{Ly=zhzJ zv%5}q>iaxAPpmfwWhp@ff;C4oQmcK2*3EH-gEQLYz|KI@0eeT_%TU3n)T#sLIjoyy zGcY~)G|0nt;nMJ4;3Z(F)!wHJxkfwgx5&@j#l6-#jN2^9?)|NEEqyI*Q04^lyLZ_4 zl$>+}Qg^dab25z*J~G5ZDT|$v;*u^?-;DR&3c`8d(2H{lh3Jc_n?xw}e{FN|`?&Lr z%L7)PJ$?47-7?_TIIT&2%-WF)iX??U%im=SerR&rO}fp;X_?*A@qj$Wd_T>Gu`s*&i7`__wbsOf2QmPf34$VyProo-uhYA{Mc~$V&BKc;_VX; z02jOF?&DsyO6%;d*iH5Ib52<=dk@?l_wSWy6{!i zi-0|EfZL#f2Ssc2`YjO@jqj1^-M9DJgMc07Az2^S=*R9_5h`zEe*ECQ43XZ>jyTP&PCv`<2QbKFi~l8{Y#DOnmd*KEF5|o~6_jJXbG3dG+gnBS9>fV->uz3N-Ud_P@$BOlB0p|;R=Je1ELGP@~moICAy=2Veybw4rW3=Q& z{{^K9H*Rmw2c30u`MNA3oWWjNwBM=QA*+7Xe;p@y1b`)y6r8#ftmM;Qqw7do;BF1qF5kSV85|o=;tw=piP)vYEo18kl zoj^VWa~@3!fRBysP#JLLD=s{;hq}zEBm3ju@Bf+KTT*EL++-GaBc6@ohycPm~>AZT$3?ky6Ew#D5_vErq;1uHbTyF+kyd%5oC zx}Wd;`TqO%7#SHSIkL|_d#yFsnscAe+L}su*i_grUcA6lQI>!E;sq+?#S3H|O!Vhp zdck+D&tFK8w@R`vDu!rwo;Of!Wi(`7yr_=Hxd)>?Z)3SC8$TaG3;pMV6u)_5{o=(_ zp^ChWo)2jM0Yi^;wtzbzr@5`}FmU}@5zY% zuRdY^UwsPu|4uIs`+qw9uWwaZ+WPv;?F#>1|J*4c3#jC?AUt~Glc^n5zxHKU)d#xS z#ab>48Ws8s9;&q+CL|?gs=N_!QweXN(u@4*?u+){o8o*vxacRYczGA_OqCO2F3?%h(T{D|cehG0EU0Nge$`(X zIao&jLqF9FUwSnN>n75E>}ul!z=iJGu&x(pr@R?Z^a%ART68Tj7o zN_lyE_JFslUqRPXFNOd6pl#dUrPg+_&;-9%>oIYY(X8}S=^lcW$(7nVB2p`Kn>k<16UHqePq#b#T=4*W5gnq84J^XaK)7(!s{Dh zm<^QQ+;sIzjqGQEty9UH|1>5YLfu%m1l0i$nd08~d3kwjiiy*0W}aZ)sWhm}oyMzy zuqPg2ydH2Rx{QH7^Uy+MPlTF^$oAJyg~>VqcL|#I%&5+us=4X6Xb#gp@a8WsScge} z)Zvwtxt=jIIWZB&ktqKtJ|4UZh+fZCd)|JVyRpN;iM zjA~TzLSjK+$c(;3u7HW@Q1*y;iBc`%V_5di0va$qzwRi^IFZEV*|(Hw!7-EEzNs$Sy2I!-YtoDT zmMr9>jkofJ6kXS?)Qh!Cmn5HkZ)GtDcNa3A7yjGbZP{}~UR<_k|) z=BayeR&+;u2^2gwE22&|@SWc+H9&|iK}#vGtJ9pu=N(%)6;X2BqgbA6BzKbYwBHQ_ zmSmjLikku17n8_-^jAjitZHqfY*BwZa~Wl3PDPYJDDpQ&mWeW`hlPgu63v9sF|v90 zY#2#`Z<35oqpSaL;g%g*w+1GaUlF3vRNKZqyT0SocfKm6rK$i>3=EFLuFPI0^ZA%5 z0A(C_>m!nBxmj8Nj(m%as`up^Dtl(#1l^G3c&Paiq?$sDO!Iv_tbJFhQ@BXRtmqTN zPXVmXiay_BHqO3e-B$o_ZZwr18qmKU=DhXVUJ}v`HsG%)6wJO;)YA=f8Uu0~57S%~ zsQ}zL(7)Enm2RBs@}HD}L}=CrKDNlJ3*q+!Ro>F^PTKhby!mJ%WG=c&#~9s#3v4tg z#A;uYGs92PI}x_T(RRO2QaxDc#)o@Xp7!y&9aB66;^LNGb8_O?4rPA*lv!Fjg~806 zc60q;MEGdTNTchxcHDd{!IB--{p79n@^{1bpWhl9XmR3-=9l55k&XJT#QW8_U4GM! zt55nsk2sj?{P*5H%;C*Hjcn@PnhM4mcnl1D)iYe`Gu%4b-otOKKoAJ#f4!mq=_HKC z4S9poP}jQaJ5_1M3uE#v3E%7(sot-ce_Zb0^I7nJ_jRpc(w_(y^_Sf1%8Z(jh!Mnr z%7g-01tq9a@Vd-%w4>nP9n~kXI%~>ysshqb)@_Y}e%Z0(JdoA2w^O^>qG@SquCA^j z85z_ZoYG7*C7mS0@^**mq4725he_emDO_2GV)@&y|hX=tIx;{X->H7ZhPy)K$If#bS>UN4Al)l5R+~m4n+QKktL8mca6F zq|@=g(C?x-u{RhrO%H&CVtpAWaX&881Wsgc<;%7?d+IYgRw!70SD<0|8#a(BtImfX zuF46^ltBlJP@6=Q-V-|t5OgJDTy#}Q={bE_UtK*}oiA;n;V9|?-nmD#GiO5i!kqtNwBUa=E|HVJBC@wLgT_$GZU}%);D6=?w6^E8gh&brsvt21Zd?1 z_M)1E3wlb<> z^~(w$5T^E{#7sYy02miss&yI8>8)k=H2Lrs)fJ7r_PBK(5u=O}fwy`KA5PP!qCYDu zJ$1B8dFq6f*S5y7Pez~x&8G@jRjvR-%Onzo2W3iC!F$QLeJkjaiuR?)96%g#p6+#m43YhoY~=Vb z^uIW2Zu`!BnGDgJWU#IcvUS7*X#>loSsDjVA?DrD_h-j;fZ8*Oi8~Af75TvHV*5&Q zu&S>9D&>hVp87{3X$A#7DxrzOT8RMPK4%G!6B>^!2vtO+n6XS8+P*6KMZ?OY0B*A+ zUO?fmHkm;`J0LN?zCxrCn&CUdiBH@HhGvZVK6&l|Gl>tCOYA#UxW4K$yHs($*izmU-n3qG$K<&cBs!v?Z4p4 znHO&7P|A_(&rQ>wqo(K=ea2}hduPFPo24mF#iRXS7gY}f7L}J&gk8iM{cQglvF{xw zT4cJ;yZ4r(<{htm%)dCSjUE>=ms@knL7HSZZCY3=T1Ym@<})nzUnKSL{~N0NUo`ap z2pU^;Jr#&xfuJsF0qmZnQ`LWm_0|TkH6os5jcz&bBE24uR~iXVFnoKbs}mxu_1zCeDFYS^D48$7D8AuTqkozI!P?hZ5cA-7Ed%;EkA(OqA`4*Zm0nZLfV_`GgZCT^Zsn z`>`ea-~P53q8%EQg5T8RBj)sxvPk_bnh(+LO@n^%s1bBG>7el1HS)pSH0L*c4o@4@;@9c3(5%5;gw}U#lN4OD}cr z4o71YV?QJDOT3qi1P`5qX?b^e>J-6o0GJhX4+E0~6|;WMZ?dw#(S&5=Vb{NC+UWmd zU3dW}z@mm0Y&vk758&HJrM$G*f!17)XXK^2*JGR1A$fh^xe$Km8)p5gz5zK&wrj=H zk(&ue)VQp#uDtd7aI_JG{21n;c%ON zOD2aw(7T0#QGH+k2oQo$BkQVe{@qb489MKaFoWhFeeY?Y*I}xBxWjG7#mZrt*vS6Pc~t_bg;K4q^6D@8@sAcYWGPc$pVFav_C{N&ErX4 zEjj2tR!@?N)x!$S-fKxmDWsS>Bl5<4Xwj^NaitJ(DWkJ&Y~>vR;}q9+P=^A~ZicDX zd}oS5{kD#JdSvUL4i(wF?uiP1RED*Nif(BFJ`H6xTNaiwKjODON-L%6ex-%K+OqyUga>f3=wZ%mLyC{wVJVMb(TVal4WT+8IGQyEMuBLb4k~ z{BOQ_l$?+dI+!8c1&6DH&YW$BvwKSQ%f6(gu~*v7QV>8Gba6%%X7QeW->^JZA9$JG zxa8eePI8L`20e0v^+rF|_EC$D&-)|Au6Ze~P;$LQtizc&bO} zWu%bf3EN@-5VT!xmi!9==g7tiuiKZR^50+kH+D^(GI@Ax~JDl3*R!dzNgJeQ>z7=MfQvoeSU!r|NesKd1cBV}2I-;XmC_?C zh@t4$OB9#vg^!KZbQAG35pk<34VXs`ia{#1GWxzc`1g`W>*p#cG-TP(AvY3{<-n+o zeR99SiNuvjN&gRayK7&~zUk?Ip$pB>w9PGXlfU-2X}E(Egm1<^y)*bp&vjAf>bmTu zPAQ6tqNvr;+X~Gq%)@t*L_z%?X-HYBnA@iSrgm75Gqj5Cd?%yWQnf7hM(d6(&YmW8 zJXT4WvzRp7gu5a~6zjDv=k<>X>8H{$$A-D=ZlZ$mV>QR1q7p9k9%jox#5<9f9If&o zPGTu>I&P8tAW~-+t0RAd7-`4B`1P3+lH=IHZ@co7`kTt}c%9{cFGt2lKQ$fuirXDT zPJ^*N+*cT^Owz7;V&@cP?InYKDnS5Y2roYEWZ3O$=!oQI2ts{!y9&sRn%tBQ^lFJs z%qRb?tik-&Qr2~`|J@ABt_X+3kRA2vQABrMOZXzY;2JaTg@D`TE=pu@iDFCB%z6fJ za+3IW3I34ivO>U*pDAn5KT#LZq&5~@o`vvpkMM2s%_mY@_<0_83y4w8-{(dtZ$A)v zna=UOCwyf~ftqGq4BHb=BX#zD$KHxjV%^Ambs?~*iHX`7zbLoD1wSV&d7GAl6aMK) zSJ)_%FsJOk)^(e5%zal{ynj>*IHljW!+E7+G{~$V1%7{g=u|2 z<}mTOlfR+F^6^kwsd<$}pc1OWdbo8sdVS{_nUMJ&Ue}!?A*w_*uLubRDDCfmDcuV$#y^O?6!%$_xvbo zXc2vFCfs)Hti|a!1`26&uE}uTNGpO}0GgqrkBV`Dhq#On&Q%*;stP0x`9mRGZ7~Hn zN6b-XiQPwXW1Ef!j}XE^bvTDe8kOk@p}NhYFn#v5Bd@bg90)eh$WU&6t$hNoXbgrQ@E-0iI&)=0!?uM`LoqJprYjb! z`mS4!v8hUBtDyWsJlPQ+AHpv%2*{`CIesqFxB6doUhhP^ZuOqk^R&ND2(4Ax%3qI{ zH23JC&dWBeI*mU8NCk*Q;8YgadZV513zM3}8NHOM4_c1*_azCAql}OWytDk1`w_rJ zdUAvJ9H1HdG{PJr8x}cTd(6?q9t<&xv)x@-;3XY6DdR>07q;ibzYU*|P`+4LDzl3E7HOHsI}rjWADgj-9!q1qe&A`zI3|FTXUe6 zAZ+zN?^qcnaf5G>@A9M?V6$eK0$5tK*1P}`+H9dcR}O6G=R2Rxwwyj1{&J*OzH0uw zOd8aY+vC5Ia&bw{-X9ZIc&QmfFRI)o+1)OViE?`>`}C@ydNUUb_I7D0=l;mJAjbj& zt|JzaI^&Aq;OY9XDoG>i2)Mm6kgq?KZyXxKgjr$ojF_+cgZ-ABrl)qP3KjyY=@ z00_HdM#KYHBr1^*g)_7d7*8>#Vzyrsm+vWLjlFP(b`N{QbV5fegM;l%@JT?r(yM}a z012uL0ssRWvss&0YcedeG}DOYoe2KZ=ov-kmGf4VxggoG|4P^eP7(HexiC8RQNOlZ z`?om#z$%Tdyu;SBzyN%d<_A`ma$O~x{&}VOUsc=M^9_V3cLP$PT~N%U=;Ia)d}=14Jqv;W}hv0>|jk=#sGW_)jkxvb|NXI2iDgi5c7v1^?xAJd835yDQf$}B{kRU z*PDW|vvYH6(`Lcp85tQZTMun^sb@U&lw0>o{NSPX;6q>$2LY=WPnbm!J+JwFP6IvH z9xch;8lO$vVKldClf|Kd>Gw!ejr3BEPYF{7=Q|5%4^X^587C*MbRqPvKK1VOi;ODp zB#|q{R7g|B3zY zeP~D zG@3lMF(rr@yXOkK#aQVHRWlOsV!PEyjUBI-Allf*F?s+Gh0=^u=_cSs%iDc`F}$*Uhc3)x1U~q*%=-|ZmdfW2xYbIH{)=?cIx%o& z>E^m5axdUW#eK)}$AOyjFDA?n+`cPr$4&Mg3Wy^v7Pti!z1 z)31iiD~k9JEN%O^P;gy)(vVjy#@13)be?TeU;9aiw)V@Y0~TnbQ2N&Q9|-MCSMlWh z0&tPTrVj(&k`#mwFC6W~uk@=)U$^<9w6Cy{{?Yvv6JnA&r-sC6Sjv$5T%$^)#2P#} z8!fbCRnKlGC%-g2UP~efXpwZAU7~T=)(De@#--MsV8W;`gpiRJoq+Dj^zipJ*#1K0 zz4y%2=H8p!0T1`CPq)5~j}Q*hplc-EWcoKo276aM#oI%vyu}!b+>7`Jff>hlM`w8s zHqav2rOyKlWn0sJJ>D(!*s|zw#@ZFhSHrJ9(MCx&cwW|nERL*w&=duyIr{jV{F3NI zFsrts=_Vm;*bd{q`WEy~G zChteIgEu{Pj@?PED@vc<)tf%`>-|5{sE>4UfYBnxA5K%UHVJ>rt(ByEen>0IR9~4p ziu%yhFXk|=)Cs?*d0n{DqLz{^V(x`=L8(m^aA>qv|Iw89d|KMv5kkoWx`QdrXyR`* z8MRwdR9t`mJI(x0qJP^$Cmj@{lEBhAFrW%zv~+RdL6f8>-iUn8z+dv*(>>BiW73Lq zn0ILRlI+3iUIL(~}`~Y`c@EeEo4C^a26u07`G_hNZG{F6UNcmropoD9}8T&?>TBVhfNdd zNJ8!iB))!~Z|a9izlN85yb`p;)xXBVxlCuQmyzS^m?W0I+6}{szIxS^+bB|mX{aG= zVXlRS3lJctjyGbc%XPEF-)wAfeUH^D_9*=0r|73{^v-t*r)u|t5H7z9#K#;~o(^B( z;G1uLl&kU8LA}ZzyJCR8EYKf^WuD8z+L6eExWiBu*uZ2_8nBcqTmj8f&e=V`waUib z%;S(B9i2ilz42!tb4#WMu)?aW!3~+x@KQ>|j==e! z6F>y}V@O``{+kbq357SWW`JP8t)^)N#)*c%4JppNkEEZcPB&4RQY?NYmY!j8WhT+b~_yeVVriFF#?Q_c!{%}zr%3}QSgUnoEp*6_+V+#WJ&+D<&i zrcT&`->3-LYU=Pqn`1)eQ>Tik6)VL?MBpU@ePnXX9(Ow!@TJ_ik;Hna{3h$Ioad&V z2Vw+|W2>Gj++8MqpVwL5jE&7wm5+ z;a9#KVx9;jYZMBBg@q$*h(L;lOp#2&$^;W!<)S&fvA|yzydsj>vU@WX#LU4BR|*ek zNO&5@0Zdl%+c=IolWt9r7Iwa|qigaw;@NNZUcObgLT$9%xeh`|+Dk2TZLG(th2J?o zpky`Uf1LF+Ca8>v!m0T>yI*Dak0s>~%kAee;ujKc_Y#SUiK$AuA1*etEfO1^czw?ww+f8MR02d12a z6Mim=YXS(rAu=Ux0&l(Z>{cld$97ZwuyMY7%IFuH8iSKPI@aV;VmC4t0M){Rl&bNY zHw3bXc~Hmb)(33X@mZGy&G7j%H4y-yXIl9ib$Dc}rTr}D2bX4mn?6NU8=>WdVx}8B zp<$YcLzJSG-7+iRaxVA{WbT85!1y`zvEzqZaP}+L-c5& z8bL8O-eodfy{3lf0+;^C1(d$}cEot2?wqI${;{X6=Xys8jpnz%HvM%ZIBtmV9C5mw z+N4T5=vmC6;uBh4i;i=*%d~Lnw2)eR#)Uw`udaCY{#)!}IHvh~wRXft^3 zTUMm~>9 zhYYpM2g2(;EPhSFjQgtKw z?KwyFulM&wg3vU?<^;+LfvjU)bnW@-r=B;-&bGsH~Ll)Ybx5> z_r@Yyzg*ul{U0Aa79R@s_qZqmznZ;tkkwt`JT7;K!VIh#LVb2%0<& zqCQ7ozT{}{_ey|e9v~`5$RuyiDX6wJpjCeoZNkj^a@v*S`901pBtHLinizm(O38Lr z^mVL`w4bYkmW}LMSPh2hVuxtO*HhT{R>+ty$%}h0NK_Hat&B}q2&gD$lG~jx;c2wg zA;tFdjOF{Z2!trx#$-0rzH(t^7HqKj9tOf*tO6}oq%CnMxC+g_xmg-o~v$6*`KMri9qzd~2NR>4E$d2m$IVT1P+F1pZ{lVRto<3hs9|Kv1x6lmK z>B8F9$ya>gcdS3lxl}(+MfD>_9B}vP!uuUEw%6T><;3noLEESx%*2ZH)!rJYctg{7p68k6X{ectxIK91;(gl5~(o&Gr zT59Qs8Kme-qnAgLcE+C8lr{Wgg!HtZr?cbTZdwE2%L zA*6opKk4%%kQrOm91iEBV1rUFu z79jmbM7@T!S*SbO8jXyOoAW~aibYaw1FR_x_B}!hH4kjRF@u+3e{-|id+)KkfF`G? z4)e^J%Vw?t7Nv-US$Ffe`Vcc!y5s|C<_(A5Y{${^THL>1!1)qRF3P(!)4cD^{sO@u z0euWrv=~h<7qLG2^k+ zCAwD+Vu$mDFK;IVzza8y&xV~zTX~v+rZeA)Q0>3b>fzR|Z|1Bd@!x9cSWuDU^*NQ5 zi1KYV)GMzcb@_Si`{H)c2<^)Iry=Lzg|#~E5*EpmSjct$)#YCqHyhv-oa!^ka=SzF zeDTbUsii4uCo~8ab^|3$VRT7V0}olOw(g^ZCP#cqD(o=7%0Y}3Q0z;C00OQ+#Wxb)Ka{`*U#k0_;On1wK0>i#2msN)dOc27uL==&v|BJhas z$CZ9}L(;Btg7h^WwZ{2QMaadirq7j5Ex@MPCbxNw&FFp5>&m-hAnW2Z8l?BKW2Qu$ zXxzilQRWP+i8NGPp(O1_eBBwk$8zm#6oF3}`55Sz-=!sO-n*0lGga4FaPi?h_l+-+OCC0h}-?OTZyfvS^`7+@N@ZmE{FL2#PY|F zQKqBy%P;OFY>;h+(_&|X;V^pHG)aGEli+4GFJYX@UlR_ry?&l_3$SCXJl@ygqO$8A-C?4xIK}ifiA0+y{2JEq%yWJ} z@4Zj>(vKk(QGr0y4=bQxsyW#AE|Q3-vE3kh=?DP)byE1#e;1{Z`aHfRCE;NmCARGp>E=b+duf;w5S9Y^M)%!kmjLx zxNkf%8Cnzh4W+{JvN#9mJS8PR#e(PgY;`p4$8Qa$_3W_Yj^0Ib!|oiOL}8gN+CT3g z$hUFnsM9OnEjwsLGY=I&+YQ|JCk{56>>mMJj*jebUL8fKrfF`_q0X6PO{wb1%;<~t zZWRxV*xtDV|J(u>jOcIS;I+fxagIW-soPR^Gw0K4|it$=1TYB zCSuO=g@^N0@S#Ij=FR-CbXpG9(-!lv)u=_O7Tcka=gD@-_BI{VSb}7nI*zh#K&#Mn z-&r|VjFUr+<|y3s_GwAD40p=DcBJ*rHFcm;ne}!A$a=D=52ujqhRYPz#0!^4pJ4#{esxHk64$K&M=vBNaHe|NT$-Nl#ZM{F6IPGbR2-S>A}N z-FrPAj8%|%)5I4-s1B_ce&;C59!(1|?uA2MWIvmtv9%xEk zaJo79JYhV#Q(c^;c9j{}@)-W>YqKOXzs?D8cgirs<7j~vyQ&h2SCM`>@pupz-HZin z1q1+|+QL%>NydL@bWSW&Czj{}1GjMRrA{c$wGmP6UQ{pZbVL{;ME6E&)r4uPgZcol zQkqPuUzky*cb$lDDJ?Zpa7wWYEuZeX1$Q`3dwfZk|7yw&^|9E&!=2{OdXgXbcUbMO z=b$sU4rcYmOsu%nwy}y=Iku}H?Qyj~!sHKdEE0duj)|luO{TO`hCB_SK&xZaz-L7|G;F3IEVKXeF5 z8*Uo<>-^69rEjp2`D-V6f*6x3q&5vPxqssOXQgfYd@X3)%#VxgM$iCBUYoU0(*+&s zoo)5$z%9^rDFqv1K&N;r?zeTlAQo!o$8J966}ZuF2&o&FX+Oj^DhYg)l!Umu1uW{Z zT~cDq&(|4Z{^R~G2KC{Og&4i+`kw?CevzdUK(N8hE_hAedl(1QP5S78RnTqB0g%F7>!7@c(5jY;-Rb?X<6p;9*=w%$o8~v&N{Eh4^k#hj%Y8iSQ ziUD?Q>3;7TBI0o%s^;atNlnT8%%PW*-OS94qK!e3Nk1_?+50hlHo|5Z$?`<(x!+T3 zESZSg4h375$5}>8e&*nl&6PN^^`Hh~8Mf?E$Bku*>PF;kM^ZN2)@%~?4EGR*l8Re) zlG9rKvIwIWp zc47GLmK?09&mk~9^hq{857@NDSQ%iV+3^~FUr68=lQE94H_%5b88LYj7h{XFbM-y$ zJ!LoqZ;d<~lc%V}J4{GiwgdNbiDlT6 zu!yT4hqH)4E{90ht*rC$l>7By8e}?v=k{6jk#Je4XgG5VU~cTM5^2CT75D0mVl?ms zQ~WbCN4FX9%c-P;Bo3Edg0P7Q2ncpgH;S}!lBZji{~@xaPwfrXZWk{XLfageU>3T^ z`#ZYVH!aC5WC!K9go}D~D|36KVW`(D;oJN^Q06tTGK;ExCB_5qKrPtQ70r*`LovQB z)NN+#Rq5sd23UNOqT~lQcdt0_cW*-v9Yh@SK!kFclfE)IZr|RZ)&HXRx-p|rtxQ-i zEhjR8TzLJr`F-c|hrGe^LekB;*rQuw#ZKGOd3s zY^OQ45^hk59zX10nG4fOEeas^#UoDRq1=MgO;MQo*@u}-J|JxCi~(HhaUe@pFqFfT##tFQy|DAcO>aT^*TTHFuqd9+3>7$Z@~&HdsK zu#(p2aUpEdsv(H>VqE*l?SICtRrVrAOBTa`oZ< zO32V-j@^ViLi7P&B239hY{5m`5;}%oTt?rUAzXR#QUJrb)A;!6>KVR^c^&A%$XGG- zl7r`reY__4e`fLlOq)HsMyk(Nmd31YH@=xQn_td+MEn?`lw*AjYkhGu>0sZL=^OoLTaquDklZf)CUGs{0n2}OoH}kIaF;s)KS_(!vuU^+Vph(F zCpa55(BIHXAaz54RS?}vOnkKdZ+vRi2ZB!-jUEAN7G{m+QwR`Z!GTSnyn^9Xxy%1zz7T(1c=Hyc#^%FHnOpxr2I4s^^YH7CNidaopTNm(y>l&0fotL{74t;mIa zn3tL0NPLXh<~uGZqj?VW`=ZX!>vM@4;#E*1djq&UR#dmw((0)V0JIA#02{11oVGee zbYeess#bc#yAEQ1-Edm3!(w_|?B$9Re`wN$u^T~!Yv8IY5 z6*~}Bg^8W{z_48IOe-}DkFP)S24FZkb>ZkAAr1L({)QYLC#N>()t%aNvH+tCFVegP zOg&)WlE&fTdz-y#u98Y(=llcvYw|l)FdxG&J~cMOg=(1WoVhEr5w>0H|E$d5_vGF` zYEuj{Wq22!m?}In|41SBu+GZ07>rF>=Mt8=Z5q=i?-VvR*Z)N>%n|ZPs?M=W# zUWO&MLjgR#-kk9UhEJ|4qleQ~r2LNV7CPEJlb zpeb3-62WI#?M4ea`i1rz;c)KMT7CL7JljD>O&#Po=Tx*F?yTHg5klzC!#`AD!Jbo5 zNR!3N@v6x8lGsh%V43N|R-o5HC4k=o*o1SnGttN&5tD|NVN#hPuw(_+bOGN~Rj<3r z>yktVQR9an1_BSK%}&m$WKQqAJBvT#tX$`=PFC>c@%l?Vp3pzVu1d#uZS*JbTAwn- z(9O}CK9`}KTQTHRmg#nS1_cwAFY~~f)?j3TX)U=v{Ke|!niHdrC@ zOwY0`dgbSue>+`ZwVXai2DwJpaQjdP5?-LuyUgxRQwQD_vuEfdg;~ln^v8*h(@EhJ z2c98@Ev=P<;xs6idh%Br4r;^dW#uxrDUMA#3krp4Nn4yBsjcqLH+;PfvOe~x?ug03 z$hBleyO#<^6Yz)y+c~3aOlGA5OQnDB8ZlOO>Z)P|eR9HKQH~wXVI7Rv)iE{76ho7Y zeMl9z6CfpRvRK7`jmj*Tc2&$m@jE>@-=t`11oC0k-k`95L^nM?&eXr-vVR^tv|AlI z0$F2N@a2RP{jNTtV)NRMl1tX$$uUDZqAmh@8WDIPX7I)-%AwiSl$w-#;KlqMfM}2q ze18bMovDK0uQ(~}S14>e88J+Ua!Ws;JSb^KL^aWA=7@cMFi8f(!b(K!&13Wnpt(;Q zg+4S>z-OkVU{v$|SXZfdUQimz-54Yh=aLi3{hWEPl00_gSt?eE_|jw~!(o-WPsDLV zNQR&>i*7VFeZAhhxGE3b+NT`@0QfF#N9dQcl#FRFw{^sB&T zi%as@XG(HA4jnL7hw~`n@%sWibXIn4smv4et_fxCPS_m&=c`ehr!-v4xI@_l55j^k z2h9nB9hF_KY6S4puhck-VG zhxdK>(@_&ftZ;mklI|Lt{ao`R&eq%fVqj zR%7Zzc6O*T@cEz0jFh~-K3Pof4e>pAPEr#v66S(ZBhPA6{dXf=Xmq1+KS0M7WbkR3Nh3^Gc@sQ z=aBbVhE6TLP8AAD{I%?HP!S21eu^rj_FCIITWO+WtgBf^0bBn3*i*}D@kNBvGld%f z{2;Q$4Z_hip$egX^Dy|} zhHRw+vH-#by(|V&Um+?+C|hp{V42n?ZtK1xe4maiPK!ZfsDFZ7(B=dqFFgC&JaK>x z-onp(D3PvV34@3NxxN)@gN0wMB*e;o;Oyl7H_D|mD6X0jqrl$~&4WT}*phW9tR|hC z?oLtAf8mSY7Or0R!okr_+IWHZ7G1SdVCuRr89%y5U$KUt@{nqmQ-)=#@FvCi?h+cd zq@N}1{6@slJa*;#ZMMEk30uhaV)RVAHFGacAMUfR`xy%q9jE^QLw9)_+T$Fz0BGND zOgqn4pJD2#jJ(ZcyRQDTmm~Dw!X@|LnlJ-bg7ESK7xF59gi(?x6{O@NH(~b;zbfbh zpX_EeoQhN(22%KM#q3X`@&87&kZnb}6C=C!t^mo00P$^-%`!4R(zkekI7$e`YHl{# zQdrT1^i|FKg=(P=Gkz9}5AAe_(h)StyYrq6<6!K01TOO0@)GnvRykM7L$@WbO7gN< zg@p3SGQ+`?2&(sBR#vfoJgHrBV!1)i9xmQ@B+tP03T60H!U{j;u zBO+a49o$~0C;q&Ky*jBkeF^_+mVV#%b6fpce4F1Dx_Yz?ttuATn2uxiQ435Rcex&Z zF7b0rCX?GR@^JxzU=NJ>>pDhr0c^Uurs1D5al7Rs7&?~eACZtEqdqG+hrS{$zj%(i zU`=e~fEFSE-S`K#t~*jI7OX3Ow5LBlkr~>!g;psnM@Sd^bYo(IWD1capoAl8dem@5 z2F}XOFkM_ocbPF>&M8I9H|yArdoH&)X0z+t8%D8LXoclYyzO%O#=PIw3y4;>Ia_!h zBO_Jb$n-Z~W^rtMXMM#b@@8f_fQXnpJZ8b$bgqb)QiTZSa4Dy1fP?bJe&8!HH9kFk zyP{mb{F+cS`D3z~GOGLXoLTAD1S)2U-#o-)86d23kg*Q81xz+9a6!qhO;n*qAfM%d zj9h~SpZs(E^Mqe_j2`;_< zCv62ceA$PvzUZjFX0gg7vdvfA95g{~usb@!u!irriLI6oYc05|wTRHF8K#@Zhu@#n zPih%|Ca^Wb%p4{_gZ4A_o`1MSL81GJKB(B0orXRjEOz5!$IZ|rifu-zcfTbc9+1PQ z6IlWj-?c#$+{k57mR>S3$oL#w>`m$=zvAUXb-54ydJ%`U({sfm$cz3F=D)eO2X$So zO)y*#+2P>+Lkjv!9j3^dS5sJ7l#XrnqnFWWCZ~H?ugcX?`R{-~r#jiBo*{!UBN@?} zt?bMclFTdRfj`a{LjO=(4ECJQToy@&P7LomEui)wZ5O_DDQ8!Be#16h%#ot%UYc}d zC;gAg6^f*oj1*ee-Z2_{FWbDLGF^%p#NOWev+Mv9A3r(DM}^1Kbg@ZW3D={$KO7E+ zuOJX?tv_7yI}7`JfPDjlW^K83R1u=>EB6KQ?e~X8x2afPqzT+olO*8P&X4xyM{g;% z)E{t$*G(wkqtMS6RehDutoK;XK;%6es_OI8A_BJ!FLO~ zpeTp$@FfWlch*}9SXgJp&8eZu{%Ypgmy7=IGW`e1z!M;=R2e|`BF8djizH?`=$#=8 zruCmZDA1qq^&o-Up|OObgHOkVB>w7Xb(M%UH=3vg0W}2$#cXKZ8y`GZFRx@-8r~6J zUfvronYiLoObUVDx!YQ_Bdy+MMoT9NJRi#68yy;dc9yAvwH?*nejB{BP2T>LsjEP0D0 z|D46nT8{uqgR#ry?vAJ7SlatzL|rWK@bQ8b8`i$UO2*S0viqfGe)QMUVNCz70tu%6 zM*^VyS{|cN{Cb(%d1YC6xs>ziRpQg|se_0Q^Yfb#)E5{|f-BuRpPFxkxLZ`aqPMlG zy(^?~f_2@w$qXP=#u$}%oVOln1f-o&J4qDTF%OpEt|rtxiyelqL(2?ko2CS?qp%v)NN zA9cnlx)LNIQbroS+;s27KF0o~SgWrt;LSBNJ3m^a4u#@%B~n7FO%_pky534%2j&fP z&Ye-&5FCEgaS;6S_TLvLAdc3ep`!HecK?UDzl@5b+qyvEBm{Q|ZUKTj1h?P>cejQB z!QCwc_uvF~5AIImPH>mT-Q8{_&vVXr$NBYroNMlLK&(UL z1%N2pw%EigE+vQ#=>lG~9u+RGkGGW{^#R5aVDcpN9wMexNZEPbj%Dz5R_}~OC#k;I zAJ>YPL_!6#t+VsrxQE0Yy67J54iz&peX5vsXhDDz`ORB4b8)9i${;rfBcD!2yVpfk zRmM2vcS0xc+IlTwP4f`xSsDuQ6h(Z1T$swQlOB!%D!%um49&;;@|RZeoB8V_7X_yX zp~85p@BVV)?Gbh8+i+HB00$mE?zDS%r}POh-n{7&8U>@Gvl zr_CDUi(Mp6NGACkP`(_x1!cca*nU)wvcB~s-57$DvxV z9Q^w?dRbW+H7#unamqhe4BqwlLzTs~C|Oos^w5^fYIyV(l$Bx*k~!Guc>eq#`^|HR zNw(<-JBhS8M@LI5*|EruWf&cbfTaQbMSl^qfMXZkFBNE*x@*nFp?o3vw+s3A%?2>N zGNh1<2?+^vLw@vdJ9dNAAquo-b-0_sPR-6o->a+Hp#I}Ga(`TV$6Sz``&La&ZGw=; zFxbf2nsFrUVt<+r7Z2}qt9_l-A`CAtZ(L&H(8+(jJiN>Swi@U^)6vn%B~^ogfe8)^ zi)DHZ27@zma>yB)y&gCK50fqFe}8Fko4l34FnWluoQjG{&iev28JX}J8BgT@Jk`}^ zXY~IXl0+l@zcL>A|F=c;-(gey|Iydv|4XOe1T0Bgh2aT9&S#ZL%oE#Qunj3(oC+`{x@9F|jddn3%{^eGaxhw))RBe>J{j+1H!EbQ>7> ztQ3{Hv_$BJjP7NTK9&wSr=YrH_?vQ&nalst&%~r6*?m=2Q_F7&3~sC48RJ{?yo-6n zu2oZ&MSfJ4j#ky7DF4Tw=Kda7_MVVghVQtplUovfK9twU_bJTBxdUIOD z^{!qQmk2`S7>b4LEt!QON?Y}UD?46#m%o^SJGG)19tcP7qZ>1b8?@n6)l2f7O=tR% zyqX^Q^Y4vMX<5+@7nPRzF0?vYI)4^&HNi7C^1B2};R+6cvk^mrhkpH-ZIi|_{I0iF zng?IQK5eHWf_Tlz_hUA>*_&h9b@K~USM2PMo7ZWfQVtkvkVB;QIeItbABp%8i?f6V znFY`c$WFV2oIPncozyruYU*UXbVPT?C->y>4Gx`X;)x^!Ha-oHn`k;s?s%iKWgBg# zKPm!>_#c!&k*@UUku>Mp;B<9OnwQm^^{@bLF`9}AHQ%~gxZ(@_C;j>-GNCH`$0r?{cfb1 z%Vf{L0?sGtXHo~-xz`C)t+77Yu-o}2JkV?6U&T7VbJH6^VC&>$_3pUF1@g8Z_}>sW zJ0iOLaIn8%Jo*o<59L<#h!PH#+GSBlcSrdM8|fl$(=bb@M*sLIUGkeNgCgf1w)>wP z?|#*XAQz6zDs9$lDMX`skUM?VY#gB5^oKF-5;t~oLx&iWp%W$g=TDx+VeOC!a3CoD zuI#5NM*Un&JM<$hI_!Lq_Dca387VuW>UmHpBa`U&M*&S}3Sn7fV&3_VZZH;fJeK6= zU?E50L0%uHG3o1|%4a)Q(QT=E#DK*GSm(~iL8Et5&!mm}`?PV`+oV$m98;*)eR)*R z!SZrJb3z5V%&?7O#?(v$5}rDQ2vSmO+h5*xnYeGOsK$};QXx`cG2GPBjD>X4Kr!fC zg-2VrH`rl|JC{-4KQ<$JQDpEAyWL;XTpuk4&6ev+*V`;NL9?^}c?~7&+o`(b#JkvA z6ub}E3TeOP{04p9&FCiGV&JkHQEtnuOpVjHeSm$>U4SN_ZdK`FwUN$^C8h}ne<>lV z!(+dpFJg7U(NLcasH)m}db=}qh{3J$nr1~c-eQeYoPVWE!EL@ASlhdNgB_K94COBT zxvvPy+o*<%XnSM{yr@aIL;AxF-HeUy%%U5$tw4Osb8}0oRUQJP*t_Nui~|rN+EDpf_e#3w_Sp;p64#*BgiwRYjDH5Om%6marx9d4`9U zQyH`w9k7I&RH2KHQR_u#{gAgljpb#jFe9SY73n;kciLtYw5&Y~T5dw-DlI|H5rNHW z>3moFw4ns%w>!*aohj8s&TEyh-H#)!`!yd(b#8F08;XDkvNnO)p-WtSAbO9I;?QLK zIsqG-ng(6O;%~^m#|C1813NVd9TOF4bHiOA0J&9h6^uT-%MIL^VqrgADvunp9?Ru+ zF`s@{umQ#+*U)nmbCsdbCVK>#Wx@}Yq)&+UXcn=Yy5HfiE3$xD1vT&pJ6W1}(Jtc7 z4;2VkYLNE}4%hZJf|9yr-WiLo`_FjqX0(3qsDSeifPvKd0P3(7+se*u+2%FZRZI~2 z`l+`qJa4>9=T>}akTm(Uaf4UqyM%iE0c-Uy8>P`aGK3kKc`jmyKQRxT2$Ch@?9M7t zvtuW6)4Amt2@EcX*>##O-o7SX?`NP5Oo_FtcG!ML@z8nO&Enc4?N_&=rui)_p{b(j zF8kO`k)QV>rbKm47W^r-xpTgNXtgASZ5NHGG7Tt69*xXGCqUznmWI!SGo;h(O1&y0W@6{yYvoXU_L$95cl28#`E>qQ zut%sYoq9)4!7~@mmK!u(B4gj41uFUn%bi(b&I+$HOL|=kB$n?CV{m=ZBXpG~x0)?y zsQ&F^(n%JUT_>>#UF1yxfYbtgeSMs(II?6^UF(q;%`Y`fPHuc+{F4kX(*EDnt&Iv; zwP=2oc23B4EipbDOB!cp|s6c*W&wLft8i`z6^J3B%g=W4-${TQ`j_O(hS z1K(EttLJggmWLkP<&Btu!h6QF3IEW1nwTN;7ZWV|YF0EH90V!{-NV@$A@P9mqyglv z-)YV3mo47A!KiNug?hZVn!m@g^1KM!J|l0RQ4jS{G-Fmcp~k5zcw97s zQ^RnW3~!E?sS{BffeN}4(2wT6)T^tqvs0H83yH;&$&IHgYXt~VDmJWTP$5@ZHbpuL zf?8onvRsN8osFSvggbu%awD?&rKT zP)UDc1z*^A66Y}}%uWZa*y-->llav|QqnW7e3DaTXEl5>u(687ERgFwjDtrxUXJiv zxJFA)o??@*$zV*MmVMTa@Yo3lc^(HI4k|^cNIPufrYwIFIx_h+8tB(35T3@jiCpVG zy>(~%akd-zMAA)6fKY}#)5xj$XJ486k4;1oepNo}Q^dzEI?8c=p8_ERl>pvIm@AN+ z6FTu~RnRpH!&f5yZ%5jkLaMrmJm4d?+2i;1$C0YGF04UWX>|C;s#wqs_RsH1b-gyR z{=RAwgyu#T7GWEGQ8}5Juk!NpnAzET_9hDsD21QXgMBa1CaJj)`|`&~>AH~-`%t?| zdn_s)`kbkc<^tVfC5+A?y21VEsDy6J3$^%aoU8rE?{^L?p|;q2m6A5>tWmEC*@V09 zmZf9#);oHwTyd{KnDNrSk%2sAdX3@5wDZ21*;Q|FnDl;pC$vLh{3jG%FUTZe#;JuC znQmmgd_W9wi)X$V?B&_{V%d<4G!le&Ds844m72UytMbu}Xxc5BtI7tE(SwSNZH)uP ze4m{D;Ru8VDc>}etue6lf&F=&r3d-a4jY*+)bwuK|C7&)ovZjX#}D(zgs7zB0elP^-rEq>Nh_ zn5N>>;PO=g!=xOaPFehYipdYd=)otoa~|(GkCA2Mch@y*4zYrf8y4KMhuFFd9Az+X zzE6C?vS-iJwB>Uk+#wF?w`fBBE;AiB<^YHhC%Iblw9`EfD z!}797P?-qU=iFui51RuwFT(a)1@C4(?`$Tdh}ttgagG585pUE{k&ABbFC2|;)y=F4 z>5&6=-o??DXI*bQ1agzHj91pw__wyUe*6I7W0zM~c_mu#eYkg8N2@zX4pNhzSvB^r zhppL($}}Rv+@&-s7vbiOzui#i4r|t+SlfW3Q(^DCIJEQ7s&dzV4=#6POsgcA%w4BQxD-2QZ(&a+T#o z`bnUyR|H~PTD!v6vb#FZ6ZdYWy^y-kPG7j{6$&o))Vrh3lGS0MTN7=jjr1E@FH-=P+n@s=+jJQOqcb zXBJkhR_a3e46?=cVf*9Wol0^b8|8wnC+_Wxm(rV)jX68%?#)`~7^>3o8{mT{o_Xma{=^gm(mK$9+cZK*hI?gRz{;~$dxVX$R}AlY(gYdg8_XX(DJqw zmx=jn2O`-*OMdwI=t9C3&QXJ>Dlv^pbM|YJ-+rwT(9Tv%&{2gq`Xj{@=;-SeRqq6L zSW*xF;#`Hl?(%_Z&+K52;|!?RQIC8tNt^5_KeXYXYVMLixea$$6A z^nlH9!Xlg>GFYri5OjR}z_?PKEMKi}m*JKw2w@h*Qqk$jk=f_FnU2FzWT$*E`bw+&-{|Nt3J87;?`U#M_&udG9$$bLPhsoy6c{j3E9-A&=*)SUth; z@EruJuhtt>zEx#==294Qz*$=Sh(?3Y;Iu)*VG4{i6iY+sGF z!Qa+FrTO-|+A>a+75hh#(5x@*!}dJ}Yx`DrB|A8h^u>mJ zIvDv(;;T;6BS)?JAH0I=-KCc8Yr{6PIjO%lDE@$RkF|DV4CaL;EsDX`|j zWdF!W^eo!%`t7Ydq(mm}0h@miAw`dK0C5Ztcht~K7ycsJ;5cA-W>Z;F;hCbOsp&g0 zq13R_*LC7Jcy-8vt(5dQ#3s(LLQbSH_Da&ieiJpUq2t#`D5v#_EzDdC02b6~)q z5Wed{mb$?@OqzY7-xbI|v|9Z)Zg?^IUuXlk&E-?E#qiLJJ_Gi;M&CInP3?(~pYWf- znOcG0sRhPk_hGW)jFEW0TZtl0%B|?D(xB#om)U)KXx=p-MeN!x65Y)dw-vv z9Ic2dR&$dP;gL9+!gRjIJ61D{VvPkSvuiJ`p{b(6yA9O1|kFYYhubOsUzw!)FfKDSIOuX#b?5>N@4AZc&2o>2X zKh}yY^_hzhRsMZ!wNzkk`ah%OXqco-(CcZ5e!_Hpd^g1`0Sta$;k#$7a{F%P9h)+a zVHOVY5Zh|!ukj60Q^#z7=lfBJEy@r8?g{7u5~0Cvcb4J3i2%^(DnKIAu(JwR+ExSj z9sNHa4X}M4{O6-c4z&JCv@^iV=V5`d9elwX0?2?efO8uDg%{0%nWX-Aloq6t$cg)K zw-w0GnG3r6;l#kQfbS>}Nj{GM`^i7^#PoMEb3tLDWRsz)!%+7*cNbx0mLB7~Go`8N zeEF)3#>- zG)ezo%kTS9z?M6EEISWCB2A^Fq|mUjVPIil0p+ecMP*zq! z;KW<{GqQ>vHzVLwfB(09uBWd6Po@UvBmAYMrQBX(^ji6m0B%EO@|mE(z(2GD2L}h2 z$2I-&O6#I!W*2i%8=PBGtoto97y}a>6VtDuL8H5`kCarP&F-_of2KF+PF#$OL{>)f z#{%mKIWSA&vHC~uctCPmTKGsvNX#DBmcto>Bm^9m9or)*l?I(}WRgF^d)yq0+1gfk zT9KJEB_ld?SBN9ocN2314!ORqt^9|FhXz(w3|Hf3Je&Jr{@f4+fFMRz$*FjcGY?Ji z^=O8giB{CvL_pwJw@6)!zNIgK;#^xlns3fpBqO<3;|pKF%u9QiwVTET>YIMJs}8F z9;eMpcPh67^Ot@!oiJLrHS)UM9U3IBjihn(-orow1C>{o~bkCL$CC)>Eg3EpR44f;w@wMSeVOXne&5 z=4VD+fa*p<4~UwiTBx%iUzkLScsrMf`+I-fyCMlWL&G;QF&KFG_AU`@vz%!NbV znVZwdT2H-ILl4pl#Uu;sgR)!Zz}$W(D&jIZw#)H_@)*XrpN^oovpP&7Yc5Oh(kf%< zU?El~bxOHcTp1^Bz+z=*3);c*Q5mr)-iXeX#Y14^{fy-yqoXjj zS)q}P8IseCZ7>|H$;`V!S{`3iRQxHVf(ZX5K3TlHptPnmU|p7-nt?`0OcimgvPpQZ z_sYwxxOhcCFA?6Sxhk)#;dE(muxCS_#c~)$cmT5P0U)5#Cq>k2O+?ORe33Pj^1q6+ zWn72vXVp|SR}MYYRTU}tSMk@q%#PjE6T+eFxrLqg8OgD(+D*t<|`QDM1u|!`LDEsM^pXtS5cx zWyUysH$Fk>zWpU=?RGt$%l4~aouz`WglmGQ@9;s&_FPdZ()86JbERYAelZ=wDfkKh zvIa%OI0M0Pga|EG@dJa%X9U7DruDWPf(Gsk-{er%8kth`1WLUR+A0yb!Lt6yJI<{dTtK+p0|8xNM-Bt_42TloP?8q zG$imRoDO!~gK5n%pYu?FVw|-Rme)sa{$*W{yZxo-em%UB^7?2Q)gfreR=^9xV+MZ) zXws%QZS#TFlDI}3+hb1E(T7{amPEby))>!_?XbVv-tyKbmD?(4JkGw`wHds3><~Ak zucN96L#$KVg$~j#IplpsRgY81&(nA3(Q!EkI$Ul>rLrt1<5nl$SBWRxy|cpoO46Oq zPg~LE2zz(3sQXXO^xH+8%jKyGNP+E3^Ya6-=+q>s#$-b-jC1qzIXp0|%*{jb*i0lN zT2Q0olKdG`IN&2*VZDWcA)}&##lsWMS?`3R*RK0Rm69xLJZeDdo)&y!cP;L%!KtYR zUr%(ym1l`N#4VU2lU556)yzX7StV6O*PKhXN}71?+d$LyM_!ogI<*Rco!~GWqO3Y6 zia5v89}L9jq2NlpX{DVH!dnOJ*EXars2M&Y^{7Y}#mf(C4L!Al^;ePZsGD)a!CQ3XkHGE9Tx9+~Bc zQ-$4u9v^~KVnUDy7s$`{ahkREyWgbP9Ilzc%psmaWn^qIx1+*$tmB5`uh6?R1G)qRV&b{yKah%qH%ewksL|Z!U#SrbTy^lUztGe3j zp$>5piyFRO^EMIW_^Oeu;yTaXQ^b{1jcHMT>^sd3JExVh{&)r3kCm>Hok52}djt+) zLuqgwfY+kc&NSZ)7G8fs^spyRskip~`HP(J$lnU$No3Y@;-(KICBU-x-v`JQCroH) z{N>Asaw!cz3ocFmtiWOA@zb2 zA~YLuFq=0n{eeSxY3UfjM^LLtc1q1t5F`gzb3^~_?r2uhb>n*kL0uQ8EVjqnW-U-y z6(h#vhOK>{^X_0*YO?vd4LdF|)^i8KWP(+IOR+5>O_c9Mlh~ZGD_*Tc<6MwwrRSc# zYwsppeX-*2wOjRgtnWt_FaFo@>fm1(Np$7C#9csZUJR|QU*JTBhS4GYGLkb}-ylQt zDXW$Mj;0t4Qaw{wXDp{;TpCKOu7&M5L|j)sEjd-;aJlA{R6-d5SQPa#4DoAJKX6s; z$D|{0?H+<-urY=;!mXPDhk$i^5(Bn2*|Bmd6 zo(Sc_t2(?~7IO6l$w##p z_g5C-1e_>Q#QZU{E&ATx#Bu)O30$Q`+&yAqbCq5M)+-IKVS_H_swEm3ztPapbVhdt z*&6X-<}!m#q9G4x8?`JSXz!6PUc6PUdFI% zi9+%cUEs_4$@z6%pX9jQRdkDS2!8Gy9%VJz0P7~9fF~U6^i*!g_PrBM;o&^P2s>Gm z(*dP7fgrJbI$yMP*ahN|%7X9sINBZuQ2TKF==mg`3cF(zcB^Sg2Z|i1#VITr4LWOc z8gGB^UFHDFt-=#m*U!l(!xY!9o4OhnGG=+?)3LkHg?IdjYV@$slT=|#r}rTa5jMfr zQhf!bMB)l$>)p?8xzd1Z?OTP$$-jV_XvF}^Eb;TB)n>LEBpG+O#wO;3@ldx6tTt__ z(fdU=BT+eXTYUNAq4se0FcqRvZHLKGsvi`Q!m&0subgG3t$VvN3EzEy`6O*jK4Z0tm@;H7IbhNAaTF+~{#1~> zo-&n+nMHY|R}l1&dMC#kkd+n1a+_@@x|UYegS(p>d{iqYC@YJamN6mF z7eHuH6Pa{lp6g;JQ1GkW7uCK2rjy!Iba!(~J!_jIffI4r&R{V@s)zIu1 zLG6SV;uRAUle@xA;z5r=umSPvIWGc5R#qQ2Z20VatSkE3^)w1?x$5@nc@Jz_P74K- zQuk?082e*;n-l&4hgIKQiOX3p6Ohx%8(j|)orcrJ25{3#Rk*)n{6#ki-|}5HC1Ks} z3o$}0l%4Gk3?WBd=VYP{+T%7$Tzy$Uek_gxUPLQh{n~z*=pDZpyDeWMiA4n9Gj&kZ zI#=lVuKYU~4R;OJ$H(VwkUtrDJDjGXo`PO0RGEO;L=)>>1y>uaR6+93SB;b;R4Qs+ zxAq&%JJWf}b5%+tjo_D!7DmwM`AEa_C9<#|RPIWcFSwG8l0|mENckrL{M8YG-Se{r zU!wsWJ9$Bqo9%vAs=W@Iz;}Lp6q_J!H{ZGHFIX~!C!~DzlCJz<3j{b(QO7su(qH(K z1}`ShHWSEII2ih_MX1nXXD1E??f-X{DA3T+iHM1b=}pc7%ua>HY?()mRf6C&-&f(d#-V0 zB#Kf4Iflp9@Usy%kSrliKS7L662FtO&|?JUh48xqWt3rgek_&T+Cps!S6O*fYN};w zUCp-~zd2kobM5Z21YGe@%=ECPVQ<8B+OLuG!YXZed$UU9b^1zcn-cgl|q{VdU*JGZSO%z zo@Q1_)r4b)4ruq6gxh5+uYFi(&^N^dd(H#cG8qE7slT5^8qbx{kkozXmp|>TqnNA^ zUty!#Y=g#TSPb4#JcmV7Nx;sksKMWIvl|DZQZq8+^hi`J<~dpk_G6^3noG)0wgLpk zd?}3@F`|LyLVYy3oU?wjT+7% zEQ%CAflXT(YIZL3PDAU*VcN$PO?u6SH!hyaUl5@Uzv?L_hbeogfeJ?Nn$RRw;xfWQ z0kS1-`lg!(t~p2$hq065BoL&^_CG12B+}=6*%ZpB`<1vkHVGsTpg4q-Kl(gf;mnll zGwB+()ON=LXw*Yic{yFVnM|sM$;iH{aE>AeQ$$G#9SV_3EEs3msPA-Km%|croW`pZ zl{A#dBz>{c(4fI z#|#%|7$$VMAht|rl|7`Izke%EoCD?TI?#5fWbnntl*)>e-;3WYl7!{4m}p;YDj|41 zgewTx`h@(r{m(oIX+3QN>U|=A^2L0So9~uib509g-Jhu`Wwk>K(5py)Qp@>Y4^EGN zY^7ShY_y8N3QI6-zgNWlnJl!krWT%3Pdv5}V5DwGJ!7-@s@mg9gxukg$zXc$u7M=o z4?KlNxKJgfVTu}wm$a7aOKCFlGl2ZMs-5IwpJ#^Y0a4qzL`Z@Q1s9LFFY;GO<+FcS zO-nH~W*rYL09X^Dn3)S}OB3P4P^~4t7nn8och%|M7elP{8YBIBKmcCa#ZCBii@3;; z+@7qecW6;)r4y){;v#&I#26lqTy8SRJGegs5d)YX+LjYNT?807Kt5MxVM%s z5zIII+Mb-R0`OMWsE|hGMn*X*Q!Ab;HD*Y8)%cM>juN)QecGLHX8hYdh&|Q5DU5I3 zf|_BMIBtf%Pi@O=N4&k>74gKOU0aPDCSKo?1!dK5p7jUGWow<=C&lV$VBx87>2VX1&m;WNQJ0`SZ zU?Akp_k+DT8L|KB8BkBcE4bXi9*J!kOV}1L+V31w)YQ_5IY=TP8xj7rxJIWe-*bT4K zbmW_~Yp~RC12=FN4{qXiJ?$rYKD+7*ts1sna%c`{px0cDy_6K>(#Y_Sf1 zmT)DGd(VKG=kL}vGl7)AAqN*4?iYI}V99MK*7mNDcA$rCc8Hmi_w`Wq&grfybLgOX zloxyO^-YInSZqa2tA9to>+PNUdX~P*Q|_SbCS?F5G!1%~zVz(Yi5b%M{d9AbuAlb+ z4pq~4d^XC!3IubZTwu3+gg0@HkCaqQ(;b^KYI{>gqD2{s=ouNrImr9Mw z->YD-(@Um_rIO|kHdj@N>+0`EBjB|DmX`LbVi;bnKwerXYmU&GJGpaUZ?i3SR>&hVkjcbt*Krp*e@ZUNzkY^%8G!ir$a>5McXf?wXiK-+ z;A2oZV3(_?E~-h&O9$0Xo0&Zmn?NGHVdX_e&V{AVB)+2O7muQ4Y!e z&i4+xnsZd*-+g)h)+q-;f7lA(U#zhIL4)r{;daXY!2Odf!&w|*0Pg`DUZ(yI|De$T z4xQ5TkCL^G4ctig7c~b|(~1hO3RGWGFs_;Yy*GX!*!+d)EdUMn&L}k#9j2*)>0L7x zC+EMP(EaZxhCp(%vt>#~#4is%P%n>T^gi|Hf-eP^&xwS*z5iYe@xK>i9Y&9|q7bH8 zZ9w1J=*uxV)G%1$N@&;q$^2S1mNKhj03KRZ^`C(+T*my*UBrUq+_(Yc`Ul;kpzha> z#G%=o_6)MDFWWmg4TX{mOx^E;*8fUH|BzY$+3^*)sr2#SvHsyW_xTU*9p0kS}z_(E)t-6`z5=dS;vqUXP)EdGJYWr3W}t-rtjhxO!YY(@rCcm$Gx zv6*kRX{iAKE&-6RfsMsvVQO_fpo;$YxTEY@xuzdoT>LEfsSWkd(9#3rt(_2;6x;_E z*nT>vSZVP_*4HPwy}KjrXt#q$IyL>zcR_cQdDosQO$a9*f3N=?gi>o<_4HnU0rpl` z;t%Y1MD*V?s;Q`aID&#KaknI6{dvB%F8>)_B!@zV|J1RV>r3&#^Y`Kj z_DP8C@m~f5IGOp-zsbmrD3^;dAU(~9{BzNN=R81=HUA;VyW zPX}fkfJP25{pw6xQ_^u)4jmH6Yar4H9IugT2#8yUq+sZv@9R8Dqo*o`P@!)Lr&+d^ zwB-d46~_o7p#QnxLKuEre0*kZsj&CMiSNI2R^H!XmWgEBzd+sas*&&!6df_2Ft6bu zfHNwPH|I@*$~IEXEK#U!7zM9>`%e|u@fP2r( z><{6yT8x896fu;@n3b9Ni6_gY(HU7tNa#FI^fIe0k-319=?&G*i!VBPFC=qXH;$8= zUJbij#OFj9iR2^lHi!K0=j0dY3V|#biZJb4USuAlq{(M29GsySi7DsczIVjDyV~eC zf@Jp}kM0~kc)obvF;g)%W8k}-S3GE;sFZC94>6D&ujetlCZTSXR5gjzU)T!Pyh|8E zs2tKP1nzj{fZLV$>8zay2Pe^>AO_=4nJc$K;Qsu`U1zgM3C#~VSS_i7EvvT~O2qgb zbZ_mxz3Ja^+K)g@chV8aVD5^k{$Bq*rt2#9V!d_e@w60|-F=pdy0UJ_?klELZsWJI zRt%|)o~S>2&hOf!ChbP9C|kgWYZtdXm$e@a)@`Bo0^+N-3WdDI39WVOdRT~%cQa}N zZ5#tVf66%PydTxX7m}WRRVJ_3b#dpV4#M{xlK}N)F!{yn`L zjR(-X<`&?IPG}mpbBSWcz_H0i*HcG#~j1RMoOSy^sK z>L=~udx>}ZW}D4`Jt5!)C5u{0f=F1=c$p*`5z4T*t{3bKM z3CS$PPI6@U#ktef2`lv6AzEF*AC>=|n7Fv%Knw+!9mKySaG~BDkgbw)mZMGUTLis} z+<wzs>c>3OXoPY|feL{VlPNpJ4 z7ZE92@xp4%ealuv^qA{2s)TgCbd6SXtOR;3fAw;`0SjZjHdo(Pk84S)8_0p6=Plat zvO_ErMKtkxm&9V}s%!&0 zVG6@8y>EcdGhP zp`$`8R1YkWT;qW+~Bxg1mjvWI+-`8dUFy3Ti4+q!BwmO8wv z&OE6cW+|D%5km=BE-bf&f3JviH*KC+rWv0h;a_q0N*l{;ZZ#iV9I3dw($et zCCz$+_ivP$8MO+u>om4&l+(+IPept>C4)%dtOy6&j#H_UpkY<@gq-ZE&TDLZj86G- z(8C0G5}y|eAu$IW{9-VWl0g1sZ|yG+?M49L4Ky^wGiBLiy=O;Y+_AFVN_Ppn2(48E zfeA`e*olYY8T>c0TF&W8Xe7U-Pmq-^T7`x$gtua4XJ_ZW-&uV=0_+`u9zZtpv!2nM zB0XzM>auzLKzWVi7V-QKbSPzsX{Sq^;(8Y>_8erAvXmO@nU(Z zfMkG=nOOlp)M2lm>Om5nH$Q+Myk1A00g zFGsH{m%$JUvS@E#hm0Al;}(#y8ROw^qra|~2W{^Yoqool9Wtu$x_V>?}15q`6>c=?_l7G+yPXgbYd7<8@qu78Yfs5&RJ=^3>Y8~-%B zzpqZCSr%_hWHPTKyMdV)hF48!a-VoGw8|i>>9q$kd`fZ=HrLsHrhIbn}@w#_)WvV6A>9w{Z^$5p&rsy(`bz4e#h<`CBDRU+ft??1i*wX`v&!e zpw(N`KM_7-hP{=H3Eeq=p`z{l?bhnS2DM@mbUp8b_2y#c})l@-XdS;Ob8n5*rEsy?;*bt!E^&oV2TPwf26_30z za=~KRi!D0sz1JpUtccHu_Y(rH#Q{@oY{XGM7<65tYt#)9{(Aa2ecg{96?QQ5tLt}; zM5XJQ;T)V*`u67LrY+Zusd}XL_TX;G_-nxz4rE|!^p5VccF@IftYl0En>YOLu~cR| zN5NEE#As{53N`RtW%Vg@sa^AVNl}q#W;3FU;}Kfo%7lvz7FkP~$jhdgXl`xV)A;f- z5rBUOrKc0C{lXYc2^gFF4vm=1-;Oqh+H-+eDf@c{ZtMuy@Kl*WiMjhdd>2wI^M)g> zr5^SgQ}aip3F)}~-juwx8dCudz0vMZPohXTGen>`|FAZaoBS}}{<1V)bZmSCK|y`X z`4)Jfo;=SZ!QS?N8}vzegIeY0q%ZPlF`#dOo=8&6@Kd$f223h5djP<>D9l$A3?(r7 z#!s8=+4Wcfe2VUEwqW=lv~x{}y;QRm-{bmFNJ=X75*Jb)>2XtRu-euNV70udGwGoK+GHkx8-k-+v&zObml{~< zORQ2?+U+k`zb2M_dLu=u|m@RUO-jKRdicSb zFOz}1Ove-u6ydjj9?`Ii&hU#$*-yFv74!>m=JjKHVDVZ|v7B#&9UN?~kPyT386iYf zy`YnfI0x)mcx^XSV`|D|1WIL5Yxqp%oZuhRSN%rzVwsu8d+N4)49+MiKEUnN-mMcW z%-6sl3so5<$_U6EEkG05X{+FL{?>qgU?^kfsYLcLi1@WwN6uG*@iY2ZVWr{??+r=U zFNt!+%Xseyn<$XnoCpE1{~kgh4qw2IPI$vO=lBvI!4u3249*!p1B&kim}Sm>Q>O%+ z3R~b}G?)3g0aHg1iD~kNG9QHq8M&_)Ij8OuA7gMkUl^4d>+>hApdk+dix)ECcNH3~ne$nl^sryuT7N>)EhB{N6H!4aP!+UVEBN z!qR6ronLz&IVOXtCWXT~ZZxesorle2xTDcw2fvoI+kq4c3Tm&<@IH0WZqgFR8;>6u zhXiO-W7oV*4;7Je=b&v{Lsel(Ph>fo&0=n6;w|v}+Dw2+HQKjvY6D1hcY0G^x_8$P z(B>h~dUR`y@P#pO!D`^VyX2J`oM&I?3&uz zTw{1J{ID=TD ztL;ARwn~|F%j$fu`-g^}{`*$-j_OT}B&y3+>W-iZFj*sH7-6+Y(!VZdHK;H{yp$W* z9)|aJe7#tA*s*sp>Uwz#U$#itH@wBW7Owyk=Wo;;icv}&Bz+KS4^?h3nQ!d+E;=lG zSaO$m&KIh0cve{YqX4r^kxY3{q2X<`9`s0o0IFYpF zd~x_Gy{3IEIu3&ABIaD32{#IEhRD9Uq~n53(gosh`NM$4H)>AA#|d@xz}apE7L4ZS zI3Tt#mn6qn^0jZg9f4~0f3hHt#ML0BRy=%Cjpzek>v1{J2O{D5x`nBOJ0?(=T8}{o z=Z&~5uFRBU$x*rzvgp9dFio>Rf|>NS*zlqkdCo%=_C`+}&Lc?1IgZn@HmYM}h`@zO zg*6W0LMv9WmI>VFQ4t|6Tzbdp3b$&EQ9Td;7Bx>KF-W-y zAP$^(>1q6&z^IF0W1|T*Dmyopl5S~iVq!R7Wt=JqK@7cW3La>G42;Do6LGlU8`g1q z^%+?^bL-C44luJlUW`NrvrG&>qnzhC+|c^BH=#a>(9Si0FeC9Zgi;$Uu=Bur@`&4s zeEaSQ+mu0_qqo!?h&P;-O~F*C)q8{(8hs97y3cc*5q2+~vX8u1P^1$XKko?Ec0V}+m?bkCTkP!kj$&jAm9ybe!`*49PqT!STrQPkO(X&!Nk0{J zZI7?B1d~Ep_)`u9j^|LK&N3ipS@;mV1`Fid83+>JhVrKdcr9tqp++5cVXu4WTonos zw}+JR7MRlvyJ3(LD-4}Y&A;uFIXvCIlGfNI>ZsE#Zg?Uij5mgE*s;an<*?~c#MBne z<(ONPayZ>BX1G3H`u>ae1`@M4)U>kw+Jy;HkG9bThnD?ZBirsQTJXBggZF==!ZHnOZIf-#=0-NF!28gGjeXgMgHjbb~OuyF;YAq$Ea3jBX@0V3c%^?uOAl z2Jd{H=Y2n)_x!zc;Ox%*?(2J9SN@@b=O$iT8E$nS*opMMuyXqz84FnW8(uMJrvBI< z=a(8iOROK!t%%hr@UN`o|FUYxtEgZ9H0O-Va^Z+l0Li5Y*0^~cq#eSEnr}%mgXKoC z(>eW~ip8e!nX~W)S9@=XSQ(rUIS_veJXb5pZjQpbeb20fAGF`{$6eIb&*9g%y*tsD z!vTmJ!_-%y^arV*pm!WBTi2Ws=e>=@fuH_PT*6JXG)u<}YSHE!Yhes60I-VJy*&Xi z=fjZAUpETR0HbTKy&%tOk4r2AALbmIv`*DP;cfeAX@g2TeQj*xt73dslkgT%mrz^{ zUDZcvipN51Uu|46AcI&&IFkurz z#Y4nPS`ivI=lyOwm2MSGX`w_G?9JNvN#XqE4Ck+)M2I3(S37Xe`yB)vWxas`INf(o z7x(Ac=7f=mAp&N(z1d`xvV*1c`f@94(IGfgF@jxS|J?|oI0`jr%kAqi%M-7xKN~9` z;}LQ&HL7^5_LcslnGK&mq#Mw8cX{A^x-N~X-DvUkIE@)Zt4{LMd?Z(U?#X?x?`pO*(N{ z>}#0~6=K^xFOAe!FD`Kdzx9`#ex3JxIUjxv*o!&6vF?ydUnJd$U1k&xpo-nA@2UP}wGV4daF zP*%oVo#pY-k}6zFAD(MJBFGw*`<=#Aa!B{7JROTEnybt!`iSq(qDmq*aeizv?IJ67 zDp=SES{v9wo!~&&rP0?ikXD5rvCi@EIryMPgS&0aALjl@w1N)=Em;s}QI?N2WqM?u zMkf@siylN%1GXgf1)A-?L#i-}a1n1sF_fh>)VM*l$EK4%ba$`9`G#?GXhT+b{BY|QY)(%hPKrpu+@%cDE^28upH`{*JS0goI!)16<2#K zBV|$qdym-#BcnBlU}D(99=mA?*8N&tSSL=M|Q-85O83g#oYr@pxzeL{W z*h_yU`Q$|al2}Hi4k`pk*w6PLk2k=$D4GioEQ@3tskTFY_j4)3g?)Nn`kkn159wAv zJJ1#ebbDrxw~xMLbJh(b=1{2V@Zb@ zy^8=lp-ew#sP}8os2{G>htiv#kk3?fW<@?f>BAT9ymUg#;nUcV{7x4KIWX=TK`s1wT?l*#4sO~vodoO704Cv2%$vc@$OUF^P`bENO!$4Kvh9UB$wH7dVF zRu$<=p~p)|ZQF-^rH~3325CBF@!+0j0aAI7A)qV_mtzH8S#tIyVFysZ!YuLG6*`C{L6RfnpO4_|-vf zWUzAG*yk8-kCX;wNDfS34exwrr}tme={3KH`_M1bTQPcC^Aeqx2eA3W1{xdIW2N-- z3o(Q33usF)>;n7ks}{hkmMgNbX#8lmXi!~^#hFI=JP6^aqm#hetCWQqPuW@%xMEbU zTjK8ZLP_>>(Uq5GWOX`kowZ+`mk&QdG9y0pcOL`ONOSC;Nk-F$0d@fbvWRSb?X}ip zNZ*-%i`obx?dsco$+%8S=WE2(aS*UiW+?q539qO-F?Q_lJtzHdn9+0RYjv)q_n!8_ zh{o*ZOy)0gbT_k#ce{K30 z5XhFr{SsQFM=N!(sqtGDu-x65ZrVg7{QOz9Wg7n>8zW#X70HyC(q7V~sv>(qDfUXg zUcA!x8spnJkE~*yQ}<cIF*)7%ws#arXA5r>_i6 z=qO}8`(X4twv^{GBK|}_9+n=y=M=!5MQIg=Z#A-!1g;PyVSBH@s;X*3qwzs?;BWMY zEnr}HiZ4g0JidZ@m8nizV9$`IZ@tt=)1+SdBq21bQ8R`7IX3+J;*6%aLBa0FUcYmO z?Q;AH^f}Ifnh^^ov0bredDli-bZuUzIJ8FRr-(oV#lmP0pQcy)Se$Tm~Jp zb9dnqpt$0tgP;)UW7ZaSLs*dg;8@XobXIEiAbZ{#5b-B7J|852nfe?&CWK>~!0@={ zKOQmEd`>pKp&pY}^Hc>V@}Ats@ZXzIOnSRHP~Sb|VJtq+1kM(oNW7FOv5x^m`a-%ae+iM|Nt5<*4N zX^Q^xAzBC?ZUhXB(0r<`nnM{ot|#laC}}J*EmZFEz5zq~y1=nG-lWE9M?a9Wkz~8R zo2$5Dir#F;)a?!l$#-osx@m-I-_-izmoK`@_*0YgP<6uQSC01-kY6=mx&A9Dowmzp ze#-z6x`}tQti2Y4Yd28Yr5e7Iw*xjdss-)h7C3j$pye<+72_I%6!Q4FV94hc%n_!E zWuCcl*+811@w=G=*^O&pU~uk<*`+5xcQ?NA{SiNzi0^Zkfre2DsCs$BezZ#XNLM=# z&GF1DzZEz(+o@1k{RK{8@%s*QQ%*m=u@|@V??aBKz{!uJJF|WlMM3~ALk9{A{5v9K zg;w5Y{|sBCZ)@aDW1pSKfd6pKVl);UR z3-~Rc-^hV-my;9R%5U-37A-_fBObA?%iPHRHdqBr6?c;L!c3Ox(=lgDhdDymzLmED z9@q1OyZyB18^)65HG4hktGtNDcQviEJ+0Ay@!(*N^$?(mCARSE=_vW{n|Xfhz&bi~ z$V@8IL0#yhF=uDL|DT(Kt-m*y`$YH9eT~DY)Y=;UYe`=`9{%AjbY+{vg#y_~xi3D2 zk`x#izBjvrI9uqx$y~BwpNBI5ONT-k)RyC2q4VLNg<<`9J6niw z7&M2OF1;jz@0JkdVLW@~VrXoyeomwvcNB8IE`74>igoHqSF_RKTqrjEFfmO^vpZ`N z@&;E4G!okr^!!0i10&&+&k%#1Q9Bwdzt4t`2F^&9*pE8Zu*jK);P%W;ohF0UfOg@^ z#ena@V1;j6d6`dir+%7kOi`(@xf{i7+48Sj^(+0H-g``MFX_uJW2~Mx$4qrR>56Se zGidd}lZC$iC8XJF^QG3w4W`AW*GA;4V%)pbPe38&L3F0^h03r`O;|ST<)1jIdHbyF zG*ejOS0eI#XJ87=m@BuIop3}%bYG1_k7>F4rIg*-Af{*Cad@Xa)P>Ekg@~&4S>n%Y zkCjt#O<5e*BLT0n@MbrM84?UihZr${vqj$&G8%&k%J(YaLY-4Qud;akq5r z`JVyZZn0h$D?+FKCUaRYGF|L0qsJX#oG@KIdvSI1e1?h->ltbdx3i&+Nq?|Fd8Po; z0Riz+R|QowPd#j3Z4-&&^rTZ|*Yq2bZj1aur73{-UR)Q*P}WC%9@@Re?X42}o>VTU z2){+&wil}KhrZD;&4hk-Bj+LAo1RCM<-I+Hjda-#zGxQU?5H0{o{kp-p_l2XX_7}2 zhyLBroQtwyfKe)1=4tz>b(15vIp_$`$S4crTc<8 znag|P9nO6v>s@SCm}~^tPw{xPT-5_@=BL(ElRDOE7oTid^I?tACJxnM~gGS6h(@ z@$v|K;zxUV!iOnAOvqAt)G!RV?i!DCFCI;`Hd=2U2oZW?%RyQI3?zAQw4VcVDya?c zY%kyn4-E8=8BP7I$k9_|vD;K)F%IAX4jTvyU$%+_X7~vR=v50Kf!NUCW zU7b+{gc-LZER?T$z_z`;ZJKrULZ{7&7FE{`cC{P@{f$Xu*Dn&nm3%LrQ|_OKfo`2G z4#$Q~PCnw$=??-X!nthT}U=DK+&8U@tV5U7e@^HPnJCcjcv}>D-Ojqtgl*S$7$Jod4E*TPerI^+dXNAuuN>fF6|9a{d(4>l*z`s!9Z>g0 zD5*gJzE$X+ieWNY32pWf#Szw?&pmfUtk;VTVV>%LKQhFiz33c-aU!mmiMQD%Rm>3Y z);`?%-_U9u;c2J2=WK*5u(=^T2u!hAPB#OpJ;p8=M3ncR(WoYS<7>4;LNDK!#u0Ej zc{lNb_vfiCk2gUKxaJv76pzG3Y?oaN522`KVtdH?&36Bam9=CXAO=d|?T?LxHKpPs z%gM4T>PRH^u*n(&i!11je-nJV!Du>_TXm{hoHOfuw8ad^Ry$tXtz;*gD;5Tmn+IF* z3C3N$@kwhHl?_>KE(C$xQz~;?Fu6a8BinP1C zBW#T(yQ}#%*#w+^)=ntjI6v71N#o-`|Hk&-T|%J~E=qPkoaV%bbz~$G+0(sjY|@*$ z!K4!1QFxSX0vQ(=V(#6Zqd)E8k|nYUq^B~N4LbI{==c#U?0kF1N3rsU#Mu2fL`l{y zUNy%B7a9md$2N4Q+#)rP=k|4T^b;R{O4>z7;9>aq5Dkuv`9Zk&XEiv-P`oRyj1!tQ zpG7uwxPUvEeIKBfPVc&1e|X-%BAg+m*k6<2oK7FOvl&pEwTy!Mvl1f)0vhNT`0ohr z{1zw|M&5=!2X~ZCpN|)uTN(K0V!O_al7)$V%=}t;9AIg%fSOV~JA0ACk0X=@qEAJ^ z)UjxA+$7(F@UAQy3LU{0?Xm(i^2QcA2~JeOVED70?9RJuZ%So{MyaOGRF5k<;)l%Q|z2#H}MFiGr4>UJPV#Xmi#%{QH)!&fHmqvAP^%FR7#coXmF zGfVU5B&8D}G`|x6+_orhGS^ye?D4hwmF%Isr{AP6&JU=gX~x#ep#?u3@q37BsNf22 zM(F2);Lz$N*0DbePtX`s=v=C>!Cy6%I_EuXkrB4@953th$y^WJ#bQp7v7pr;iB*%~34y+2+tT48kM}sLAT{;WKtavC&S6PU^EZ9* zv$Q(weu-R)-CM-5%`csr-zbYZIR2^HP_}J2bY5b8O-jP1Ic0H_YiNHna$~m5`?Z~& z1+;IWY%jifQKqqPbQJ&T)7I%Z(7VORc$ktEvoXj;1}}qVF5t+(?)+3nS-G(#u7uts zeUijzwG*x&;6+E)WO__@q$S{|HEZ&t=UKNU1a7j@%Gwf$dCpeudEAQtfLZX)2em-$zn%yzV(z;jRR)=%*uGO zP3=50q8@M3j-6ysQboA&4`n?|%bi;<4I3b~cjH`>$~r>X*wp&F1J7}9?FY7BQ_l@C zMmico*zCop>2I$DWA>1OGIPGUB5w zu=07U?;Q=<^OgXdXyT_{XZ4@6Pb9W)6k2_sLcw=00o&fI)=RGN+2SX}`?go;l74Bc z;*Tfj_f_xniZ+>ZQun@)QyVYEQc>UIjfiPC;9Ce$+y%z|;Ap0#&hqhAHOLT6@RE;P4(^)WpXNfrqVwMo9cYL)Yka0 z{bz0^Y0B2`l5q#4?24tvKvF+p4>8lpsISI`KUl+?@?o+NXvCY$fC;WLl(QOyhcka@ znu%CAFE4MuHmk)TY(HAPSQ#~t1^3f`E*k+fSyGh`V)0uqI&)n46S9-T3!BTFC}5<( z3yL6x$QEVGJe<1yQy>|SFCU@n;7NHSTCpf;uKG?@HBv2Urg-@KV7=q%?X|korP2F+ z+cE<3S`4X{zz7Zi$%eH(dYoN)+=@Rp0srI{ur9W_*_K%hvHRR^DqK)=PBndOPfAg* znlhA_&&rOe=jb=d?xJh+ReNTU1O4#<7M$!eI5djNs4F4|_$}g6@7-2Peq$Q}BQmvM zFz|tqjpWGZz(i{TmY5)nT6H0xWw%f3tE)TU3oSIZC~3S>F?(7aNKi-!G{W2-?UQv{ z+ebRT(kul#+K^X$>Qc*-n5`XQspl#5I792VaIWB${Sl3K)Y;|t^A`V)&$N#Yy0RK3 zF*e8#E}5pOxlrp!hsTBXE}!4We5x&*z`%n9uXD68>p(|Fj>XD{MvFy}7_lYsFqrhx z7;^9dZ+F_3sge=(4CJ8f`T=dD+?4kAW*luxY=Peo@Ro~aV$K}eZ^067D zP4yMv-B6UgV67Tv*CyEnBr*6+%R%cKFh5l9KSo{IX^EI{$;ew~$?l(ic z#DPukF#{nVF@d%a-(|K=eqo-IrZTEE*a6jsr@mS>LmOEEp4maFbrWLvu5XsKSmoJD zLf-k6kP884Q(~~!?UK_82Zpcs&&t2{=G1@RRBVcc1w+j$&OzHl@+#VaQ~F1;y2V+y zU$%!5SGIh-3&@kV2w6%mA3Hu0G+3T3o2LVO-eAJ2{ep0dlrtjs=BbHMo0SN8pId5U zR~Dtn-qe%>f(%nX4>tPPErB{uUXgeMRVk+V+_~ zo>wgNSZptZp_S7%{Fe~3YB87nY|~BU<5wL;U{oH`2e7+&8zDD?EY^Pi=?FPpJnN@H z`Xq8c#!Kho9*e{lU-Fvt2%Q6N5WxWqh*sxr3H&OT4&cv!-OE0IHv=u-^pz0mRKvAZ zG=lvjE0R38m@rK7@bLESUQd`L2J@C~T02(RqQbP*sqk(#7)7197RMx}eU0!|yroWB zE1|D4(&MCrVI~vxZ_YocK{9!tl zE3yBMOk^3cmqZ_LyP_(3>Rrq^?%46<;%FLo2||fhMZcyL=!<1~jjE~}f9t{#77!c? z?dcxB0on5FRLuwZxesKL$~F5vp$G5%a9Fv3J%C4o2C+yLsc+a@;@v(!)V)}Q)RV7x z!eb-~-UIT^dDyD6<3@!8!*IjhG$TjL&Q`a%o>2!bqi?()mAcuW`)StO5#T58cd2AN zRR0TiVXkhq*^YjFYxuH_WXGfY(&U=

F6Xw=UoO|ZXJGJ7ly>xPwybM#&GNIc2^$I+riW^ujs=8PLIoE zf|IYDb%~kc#lwu2ggeg*9Re74wD*YT_M!%hPaLKKFUv7-=RRJ8#-2&lc94l}jaZ#C&|W=^-Y#I`-q zo%NLPTzu8y{z~l8^qqqlSyvWLvyNYQPBJO2F|sBwNS{&kR4EOAyzW@8`4(vZyXz2r zo%6-&!sufJ)e3&6=}K~mD!F<*uNd~}8U)E3HtO6nS%f^HkT_smFUxtp+U)ddTkr2* zlKQ?w;kSs&-EFYH>NQcg;m$#$@4ZIDQXShi9oNl>K6T(1>ih1<*ZqUZyzjy9fK{ln zKH&c56r}T+WwG!H0F_(4Uq?(yxx^tRJI}3*n$cXq$crRPFCCrm&lL=$u!826SEVWk z?t?i~w0rWRQJ}X8x_3DE_2#wr&Z?p;=0B=E4xN)cXiNbGLNyhM;xjzdqvHj`gA$R; z{3u{US;`Q1VDO8omg?LhVV@H33FH$MG3W**`sVP=^Rdg&c5<`;T;wj^!D!`>KBfqOLB6opR^|I56_mO*d3?@^4t5O z8a9MZKOE5F9iR1VD^j7(}hsY$4|mGGC{XFFru|ClfY)*yEPBBj}FJD#!o7j zd?My$pgXNkBgaYC>NFQpH?+Tgy&&Qb4t6@U696gt^)qXlqBNvEo-6*v%V`r&1w1Q} zxKi*47A!UAqZ2AScTZ@XzbpZ8zKu@&(c?*&|23aqob;N+Cc2l^ig`Ha=lt>>lTS0q z%-OZA7Z7A|g5f=pXH||w#~OkAzIg>kFya;IYWp;$tWy|e6C zX&Dp9&s$M52}uy->q+-s>3THf;znT>^2o$9jftH@OM6ImMU6XtH`l^hH_&AUKfdHJ zh*X$q{Pbace3;;H1{}_dyRyT%e@e5Te0ZYB4=4qFI^@a7rqy#`*|XCY4_5a z(e5MF9mufN@sjL$0WVudQ0QJ=W6ZAUCEhqP?9FKJiTA zaRlm&Mvy0w!?EM-m>*Xn=~ z8n*`v3I|KKAro3P)hiX0+u#k{F|cgJ;LEnElkgK%o$zTq!1F>OAmiDyXD3a8h^Cvv zx=|zHY_##wbzQ+m&g>Y+u%YfH3(Kw~F3S&hI1SQCx0Xa+p%knGTyv0{Xh;VNDp+u{ zIJ}Y+elSTt=O|Q9NKDKNXq3U@a&>W;dSLJYqK=hi#WHz5w$W>EkG1lK2%aUIj3DHV zRNlxq?Tm1?p3fu__sV|jEM%@Wt|c_mZ`uvR3YftqzcT94AF-aRG-z>?$8DlJ{~J9Y zv~27brWAz3Rrr>TXM$@neAjYDCz!kwWAz)~D^Z`TAF$J1i-tw=i^3Iqguk3@fFBKItg>dn(wbzF(y{7K7 zHWW&wSiC8sh_QDzHgN?}C#ntPxO@Vyt6#k?*4_9f_rbM2L#AjiTe@x#oD&$+x-QB&Uq~t55_ibf? zanb(%ei4`K^6QFF!T;EaQHFZl|L1-~Uu@UH0*)2?3FkBr&TU-spbL4Uu~9OC?DBKM z{gMe^IP%};P?r!3{N{iEH>yfx`(|4X16*IPp=q(Xy-g=9OpY=Y1pS@cMG=>p3JMB< zgWTbhw_lQB8b%A{cwoe=w?$(EocN*>?X&`M&m|A{pF~T~g5osxXAxnEToGw@S3C zUcRk4gNi0AY#CL|`M(#uv|avV!KE{*x1t)!(IhV6lI)isM3n!n$MhJ@c`+HkZtqOZ zLRnR*Ly6(Jw@b`I^v*mY7{$i__o|?5;LrQt?a6VjsE!*#JH%Z-lUmab8SZd9X8PwW zn-2tfl>f8#TsHK@bq&b_JW35W>jhT;8fT1Psj>e$@~(d_<-$MA74>FN3P6~$=mKZi zKcx0myGlL4;5<}tdVaskJeB^&`4z|eN2k`@B^f;#>)6J`J7NOW)@jwQ|3+Np$BnR= zD5H!gsYLxEqD>OhYmsa%UWQVnD{_8ozUK{aSKv#xWsldzudy#}Y4fjQ{tLOjO7u== z7-D8;??IVFt*z~aW*ju;4bFV^J9K>w^jh(>`jn6;> z17C=UiA&XqGbJr7-lJ;wu_#|iBw@ZW$$tsh&!4wVQn_SjfGHWF5yIEp&X!DKb3T-! z9x~9g&(F4V{9k7B;%n52o`1E)=kf}~5xWAPCPTBx`MbDHZ@99A+|?k3e_C3EP)36k z%F5@eT6!R3ly6=A$SzLwo}9eAY8udn66K|(G2O{<$MEgHaW|jMs4OsD2L=b7j}G4) zUaZ9G>ffK1+A_U3ikI>WKnDT&^7AVt8V2rUL@K<)LTTeqeB-$^^Ul?~vQV7K#zy=@ z#N5nGh1NiKZ+E_BJXJc6cP(gy8@=@6Z@-+Zzkhp+pO^qyCcnK+o&T4q<^K*gIyxTw zx)8zI`$-QA15?iF>mCF|S?-1yfGUcuX{i#tg5K2JID)`2;Ew%SNBNIPU{ChA`&sxLG!q5+yhwW zfDMVoXrq?Ikd~*Xrsg{iU5Hs>XSv zaYm@|m5rdPY{!2WlmB*RIdp|j9S(Ln5UNJo#{6PSCL#OyUTxw0F<0#mK1X)TEqBuE zlb)!o=FQ00I`vkxNeyvZetq7}&KqHR5BIm&&8@9~_(pc^DuW>8;vXg-wL%uBj}D99 zd*=O7-sc+bv5TH@4Gr@SD2MSVu>ala&3J*$2qmVo1EU7Dr?jyKXd6B>gfm^b z1PK&R6%sCEA=iZ*uH2sQ00y^*_YaMD1YOy5n0k5TMFrgWO(%^%t2f&% zQt9u30mvSpz@tXTOaELmCFPExDruZx!kD*BtLXjXN!shx`!Qd6qd;%RdQIw9_TRsY zK&1+1;%W$U)Px`zc~-0Tu5ib6XgTwyn-wS9-x0*CbkIdS8XK9s_44u5EcA8P9PSO>g@e_L>n{an z3)Xa>qoT9W^fTv%@hsZfMQS{TZ7zKc49c*)CREJewqR75F?GoR$-w27JLNHceRHB}>>#tI zm7TdZzer$E7f8k|ji08h{He5fHFd-;^8HHR)2B~Su}bXw2Szyz8bVw=cF2wg|2u}y z_A1Nq+LZ=j!5$*wu3_jD4I9Xl>S`?nmv;RImM1^|rHYQKzIqvGbqhGCCclz|h9T^E z)GDcUl)82wCW$; zmgJgmMQz!9?qD0t0I8Tz{3IgU1PrDQSO4NuN1l7FEVr|Cc)gzJ(`|NoTF%Da01mJC zb(Y7sw`UECf9D!AVD;3~6Q)0I`yqC3R5&e@>PK<$}|yX&@kNLt12{w z94ab3ahtd+1GZ{O-{lEX1UJeqFsPw{*r2Hye0JB{(_?ayD{-;_Zl4CocvEh=rzYa{ zP8y~s#dMR6L8v7;!*L%~2|+Z!PaB1V8EI7MIyjtzSsOU#5i26D+f!QF zwA?$GGRM(feK~8p>%Qk03&P=ocvpAwk-QpK^rhDi{)lSt4VlZQX(L6nLy3QEEo_ZR zbah*3dOtk~%vu|doIU-C65lwy!Jj)@YQ(jjDOZCu;kd?8h{b5KYFkkn7`|nL)|0U7 zeIEdAW1a;eG3q%Ri1*`rQTpB*pUeG^zLXL369}U1DSmLr`Z@Y8JT0z}kyDtn*VNVa zB-T-=jV|g^L5QT!6=fWk8a*GTeeJ$K>4SsW-_7X2eA7=)Z0I*pz2?KsB4p(x{rOmC z`*jvqfJj&U23>GO#7i9=#Xgi?=s#UVG9e?C*NN+d=BQ@{y4?PhWyEe?7eW|tK z;S=ALH4EWx^IH@AxeD_}(KdN9=6T1|G)6nq=dtRQ!7QqB3uw zR&x+*>pNSwyrG^10{fNjQUZ%x9@0y_dz}tideSg_@}h0Q6kas)=w|2VhLC$gKs~Ik zp<1S>@t?XC=k15x6vVGD-@eg^-EB}$*Hc!Y+n>Gl+*_27MJp}w@<&(oWpM51aQgLF zFl~5o&V$;?GWhYt4|_l;tLN*VFSTWGvAdS$VueRW-Z73E;W z4v3xC-dazPydU^Tg+1D2q_?yz7*6zUq*P?8fpGh?<@BofM@B&Q)uL2#*{V+g8D!~< zjEeF@GhM#t&ej$>BU}e0A#71zR-u_KBB)Gwmd&2sbG{R-X*uK79A?1SCq~MV1p{x; z|Du$A)y`hZlQ>ed1}yu{z+j_?2K|Zkf-qNL*wb!*S5{hjtv`_-1nL_fm%zQ{PB4)u zM!C!q+b?0@9ro={m+8T?27L|0p7U(V)#Lc3{$bO693tl7`8K@Ir-WJ?aP~6ED)}|A z-(-pU%3Sgm;-k_y(e(8*EoejTrF_<&F*f8-*ShW~mmAbb2Fmy8BMy&dYow4IlM?+` zO*1>f9*1OEX>1Pr;c}lEWEMy(62XR&UF}6MS{5F)RwV7EkQ}kvU~(H-GS+XD{=V!1 zb|5l&1;2AYaQgNbFb$h;Qn@w+5KvLY>DF0*l9woEs9@=SJBJfj!56J4Xmh&8TL0z5 zoewWN+thuD%e{>vc*iUxOoR9DXswzdP{T+ZbI$B$Ldo7(QwvNHODmCqLz#T-mhNG| zHq7N&mH?ARox-VOw&-EcY_`)MfPJsy_BRGRt4@8DK%r*sX&j+oHD`K+lB7y0SF)3a zn5|1~E-X~A*1pMcMN7iUPEm1kN1}*NUP(z6I=IOP23=NdQ9tDgjR>MRP*{DBkbkg{ zlTKT6HKz%bC9L;nIDimSB70M;As^-sEOIat2J0_Zlt#K|MNMv|SPxT9ip+h}xOR3E zq1BB!zn81m*Mh@Ql^9kwqqb)2#lkjgvm}6g_SSGKbX3KEbrYAv(NB;jk@KzhbF9)| z&SPMLnD9@3(f)GGlQy9kR}#Bz9ePnwL&H@5<*8D2jbg3k>N5+&cAMW{9Jg>ekSzJFLvjnUMO zs)tXrbCz0bNc8{SWLbnc0CYH{GA0!ERkao(4r^cVwK0o98s`X#?_R*;txPC6tYOk- z8U<~Qx7R3CHEOV;$J~BNO^{v+$fE!(T{C(ixP{xCza-96_afzT_?UBAhFh?qIZ5xg zJ(QOXn>}PH0~Rj0zOOA*o0dc-A6wDYEWj`zuEwK>B%Qv1S=u zj@A3m%0$D;mNPD>9*){0tZ2NsP}JYqSQq-a8}7EHy+7m1UV-JkHGB;@)W^&qtOw37 z5kbXLVV`DRXK2R$vaAy0|MQ^b5!>=8YQKPcod(SKeQC3sb*S%c_a^H7==dj=r>RZN8P9345ZRC9+& zjv9+-12y+}y?wpQ1jWtCZ9rwy8QxO$_KDt>o4~bRsp3LcQSUQUic(+MVA#&Prj$|N z!MH!==NTSZOw$5teD4-crLtWyqc+`>P)y_QFY%RE=H{HixPlgLQ&&wPB5LvsNWtgc zvA;(dVSg{)@*IEFPq-Xp!ZD_%b|<8STH(+lYlKgYe{BSaZlN@airXc-uEiQml5&z2nP3Yv^&Hw(CDw~gZ4 zu0Yi~`D72`2doJ83I;AH!~E$}bZXl_x^9Fq*88-xJlPLC_B9=UnBdnV5!Vd7s~9bIi69J0nu+BOJ%Cw!^z={$(|-S zi|f0ZpO~?@DS~I_w3dx69&k_#n;At}%xgZs+rhL!)H6)%%|lT_SJ0R=I04roB)rVI zsh1%rssGOUfH=v_VY$A>S~-i*zTFm9-r0@0;jAj&SwnH*Wo5jXwED$WcRvOd!{DBs z(09&v2bG#iM6FQDN>Eotk)O}Q>u$-w;^apB##Ha3__TrFwoeTd#gbyBN!?adr!Plq z_6J^HTqwxG?5%GWS&0LhzSQr~t&L$T3S~VnOa7DY$w6&w1AFXCHES?}@`@s=p9No8 z3smR3Hxs(gtBeBG0_ z(z2n%L8&WqleN%ies#RKbt+q>PZWQob^6xttY*eJ%)8$E$O_^09N>Y?R^&cuT`FE9 zJ?;Yp1L_`Xu#~!yT|zh$N51s!dZ8aS8jveezLh}lBGUuhrH8Z*OZ_QzICq18xjj%s z`?#Nwm}A;{6fi$dF`G34<+9fgKOD3pp~A#8nK5ARY7*wHM-;EC+b@YFs*IN`8PAAn z`?hbnC*>+QoCo=0y|+fpSLbAAOz$=cKQC+8;gMeek1W^55utUbf?yfD{_j@?G4Kzy zUH$qyTkj{o^m{hpWN^9hnD@8bTN+7H@1ZGDh(G0b2q`<*6#p|3aCGdo-@K_Kg-R=- z{;1(Df{Ja(bC<-o@sCaG8_Ces1*zMSotY^t# z7(HESPzZfT7^R^ND=B^Rj*O>~k>-g*rT$k~e!grNmHe!=&UIeyr%U{A8w0>_eCm>F zxuW-^bdb-=4rS3>aQ7n1ponRw)diSO*GD8-Z?fLe%+x>tqx$h`l=itV(IJalSLL7K8tU}a=kj73r?9ocz2L? zEb>O?{ib{Je&uAbN-52kXRk8YjO6%~{sc%`dK>Y4{t7bdj-w196Efq;z}J6%s&wB=k3(VWXIuDtE96(f%2cP%+g5xy!bF50 z2f)b#l%?gh)#*hnvzrfRVyP$6GL>W)zh5L#$_bcx#eZQ~tS?nh_*u9BI|C=0gx5Nn z`SYkYhsc4!3sYMW5#(eaoWA>14Q>otS^*oy&2x%>bUo8F`QUJ!--e3Pwh=A*23 z<3e*5O8@4)(v`&>H0OlN*?Y9`o5jpauK;1kND3<(q>X3gMrd$Q1Y=JH?y(%?lzo$| zOvA#%q-?n>q}{S^_qfEq!0*>U)uo4tG(MWbr|JCG6Z1iKAsS1IBje!bHsr5>+R;^h zlT$(=Xn2Ga2GcW~DfDV{1=w%h0;hiGf9@i|Brc?5yxij@mbAy44CN%RB+e@~e%m!! zraApr+I}Ihl|eU@i_omzP21P6ROoFDKQ^A_+39ec+mJ}&!UxMZjTJcpp1W_2pzq8x zSFsu;a?Q0L>c48@Y^Cs*nCJq%f79jVl4z@!X?&tX$WpmXZ!zASo8zyM|1QfF@vAb> zH%`^No}w457Wh?`Q>O9cuYY$W#ugdKUfs>5eTG}b7^lCkNYKx-|@;`1=t z+gB}`T?{HQ(}x*zs*S2%y%|R+3pt_8d^BC1rfmAy&J5Yltz)S9@fI3_-7-kK4G+Hc zX9${mg}C9Qp?jS?6HxL?z}ti?ibgHeSB(rq7KbU zNWcdD$lVg!N|$C~M%gR;AoBmNs%n&n?>bU4_=0e|Upy>U>TQO$^g|FEG5I{k7j|qc z91W9C=Uh8^Am!T{F4?%Acb^lmaIIbPQ#JL9m)!?bwc{!Z@rg<)J?+m=wK_YZwg!K7 zy~TX{PA(x=mc_7el&H|X?RPMTl$FtryGb05>iPLXB}=Imn{nj>EeEo2M$XEltiAV) zlJ2#H!Y4MUKhAkhRGD@qNHEe&m_f&Ab+b_NDQ2YEyU;A}gMcnko#9`hg|Zcpnd2{A z6m#NdBAcQ#uL0PYiDsq_-c)B)2{0JJYQHTFt^UcMZ#M`;*==SV)iiEQY;_UuiZt``r#;%-uQrouLT!RBr4_V<>=%VC6kN)E9Z5*|@Ry!xdS5@@{ zs|7yibu>-nyS0oM0d9}mGX}W#kUDZ^rvD)>I#%y}6hQ1=ZZJodAiYq7P!*%DhM`SP)72rEfTnob5w>u;+u-T z-Ts!;RN_%vNL4Z!R>5eIY;`y@F-)&xY}C-aV}o3v9aIsU6nN;Db|iw5iZx@&$PywA zo80pvgOGE6I=}(j1|He2!pEt`_R$eV&7cojzJ8bmSG{{zK{!EoU5vyJ+?dq9B=xoD*{@1Ym}(Jw2wW+yOL*>f$*?DFeQ{CcQAppbT@I~Y={Z9 z6X&AbTO2_AO^=Un5?c7xCT=be9m3%<1Dd%<6_^6jXk~e-;`51uYayTTL_PM&j0?5QW%#XSZF-@AtrPE79YM9DvCLIcUSLE=21nsQM zpoZjcP@q=Tv$x*MJWFA1)Htq0*#gce(&Q}OpZL!1Jm`GAXa6!mP@Umr8ZQktriR%~ z2CBq%`}ZF<{Nt@Na$eKj;{#@_8S>1_Mc0AzfLEj_NTZ=YfnRVgKExU|7&I7{PNy1G zx`c1RV&3ZlUmC9aXDW_tbdtFRUnTq>^4>D6s`cF)wUsWVOHz?WVj`h*gTSOiN~9ZU zR9d~H5>``YjIjxTW|%xN_N5lcmZ`0lOwN&)K3`dpmEW}AYL6qBL)QL!KOJ={+OO%@HpScXDU4M#T=fW*Eoe!1=%cAha#xes*2?{DKmxEDKeL~9 zBFLh`g{Syv$H5pw*JJXqn&~z}UN%TnU+=(Ocw`k-m`$%cTc7U+IKaFakg`9VCYltP zYsIHlj_+weOKoOlvg67#v|oBV5$io;dIV!$@&OV=gBI0_4JT7{&`2Q+WZ(cLuYHZG zA>~#nqnf`+_-pBg5p?kek7Be9YMLvyCyi6Hppg%(*-Up?T5DvPd&3iEb zeMuR~#on8wH<@DUvYm+Bx!|~7*%9)jG8wfyOv+f}jlDv;tVvPHh?sX(AWukotw<$) z&eYWmCoLs~!ZA;t%%V=y;c`l>X}BkZby2#J*fB6|yyGP-QlEF56F?m62#Gjzl?}Hr zSzo0{8C&4170GOvwk@6ukwg;HN`SEoLAHx>r@Kx1=P&6|GYbPq;XTo|KPJu`!lz{e z1JR5>-$F7EXg}V}kR}@1!M;O3z#UMKLv!*}C#cKrsm@2MOeMPeY2(5$Y&FW1K*cJ2 z?qzG|Z1OOq7_UiL*f=WA0%3TH95$@&&bNE4$sPB$cKj7H+EzpxzYGUOsxgK`Ow;6r zmn*QW-HoiPqsk-w9G9%%efV1}R9W0G3_>9{x1=~(;hs9`;iJaCj1TM9^cE(+c@Ll!ng z{q{P`{$Zvj^`$aat8&F>1V@?m*NjjIWqCMKQ95$btMdT-1THJ$C^m*6S89g{*T+p+ zYGH@sbZ+S(Z|r*Q-q!V#7`dw-%y?H6ur!2%-gJ zhmPBXK`c-ULYu$wbQxobF~GHMJ5DXJhh9=N6*UfOlP-30bn=MPVwc+Sw<@$!@6ZwuQtU6crG2*+DK%2a$O0MPT|`{**kNqSGZwK9D@pSia#g97nzz6HMNFUMgxr^F*GTjuyUxGPZ>z&e|Bl z^}p{`hn!|n-3XZ|rMiS>Z0N^M*cV_MR1nQ7^JR38u8^yL1134%>EzXDzmX zm{)VLljaR-_og&9Cfbjom(Oh0L5EgjD?Y7N+?WWB){P}(;bkWQTio3zdn8szT?D1U zi`BxM=fu z2Rb&x>YnTAgZ)7qpK@Yhc{#(Iqn+h*&B$WOfwyD&A|DP-fP&y0RZT=+zqPj)vW6O< zGkXV%f2U}Ow@uG}iMSF^-oK%~$26mkwELA}X?;|8^US^sWNXEKX^`uNzH4K7r1Pf`GR_gSlR zw>Pdh^W*Sk3DTl%W30M8X=P9$EvS(6Hu2}WdNRApF}qmc)&$bXM*%a)EJsTiX0(ET zFOS0Pqf} zKl)f_f)uYGWYe8h!-LkQuML1e4a>z8C8p|6%sz+jfAYU}_s%~Y9ZB_XP z=UCFG+@faheLZtR+;nV^{W*Okbg)ZO%kfT_ZAu*S7Z8Z?4*%4hiKoD&(`l|h zRmiTA9h5o3DOPyq{p!lNS&^RND;}JAJ56jtNb{Ueb2?9NE^wAr_9_8mSrR^ zz#5yS+~^;r|0G;7xUG*4Nsz-7w7D6mU+t%S5v2RV95Nvp8Jw_P&Cmu~5(?~R$DciI zv3K#4zsU+b0*-=*gl)%}304wE9;rvJPb1l|`3PkyD4R~w&VAV^<-aX#t&JUMMZ%s#sv~MJmgwcd2uW^-e@t88?92^xIu<1F4u3Z2jO!7h z(N{NUTvd&VG9HbZ)K1biX^LMw4Bg0(P0m=J3!O6~Dsg2v*O=zS9uSKR%@rM{oiI2N zjjnLJjDy*Shlnlqcw2E2@DRL-tQ>HP&R$u zlv!d&(Wc@lmm6N6v6J|Wl7 z>T%dQBU*zRXNBM4U~RWb)+A6V$g`;`V^qGp(;|;Vx!)v~-uwOq+Ys?{Yzk@qsKMv$ z1$VGn`MdF~akCTGV4s?qtt?+dJz#F3Q!qrhPv? zm(XGp0+}WT!{V@)lv3_Abhopa;~cour3L8Wbl4p2MxAI$CNHFy(?TWiVn3*eIl!A~ z(O#VuYq1-bkJ;9WLFwAZa;fP3`g)Bhd!dabS}zt&mDW}ll0SCO3BzuQCHd5rZF`8E zS5U{ss3!T;h_LSTi)>lxCpYVlWQoJ5py+x8< z#(Rd@1EK5m3&=EIj}wXIh`2FY(gZ0OLZhv$7R?xQ|@+_iczT!hBDR`JtMaj$fRzPH~}Vtu%+ti4K7ouHBW zaZt*hprWD@ITOF^`DEP{NGz?~_tNA@j`7>B!h7vI7uZ!9;aLpF1*q!bE2nxhw~Ol4 zlDJx4l1i2dmua8nGmwd%eQR-5t(2~u6w!{}lQVZ3=bE!Jh z-I9~1$a^SpbcF%!`=Q4{;|1eR>gLXpvL(m4b0r(lakF$L@^jb07Bu6qw?BoPG0J&x z;P7YBKu}rW@K|7bW?YVO3~w)qB}v&wE4}vW7xc3hOpSSJP&Yy=)lt(v2@5=0kPe^Y zmW9P(Jp0_8Cp-@1p#;zMl2Y>oVJ@Dz1-VB{XH+h2bgmiRuL-F5vK2CKNAJG$#wUtP>Bxi#!0ik*QS~dYPnJC;he?}@3+0JFY{%G zNhOy{LJy~yvP?M2gFNXV258-7Q!j^|MV(!Yiul#ST#fOUsTRLc>9cIoKJFDv^57}^ zY4V1=Ay%=y?JDdXWelTo+(|O<$jU_je9^Ie_X%j#RJG}KW_N=E1ZGU-n5b9UY7W_y zgaxJ{ue^SpSjEUup7AsSfx8SoFj!O^W1ak=n5In?$qi5jGQpFiZ7g9@#FIrfQuU_T z4sDjSNY#t3=d)L?Dr!B7f+bz9QVhw$u_GPKymJX;} zp(9UJov@d}0zT_!D_m~%0*PDeZM7rUw1Lw>30@{={lpa-E|8M^bdzlOiMetWHv3B9s@3%n0#_^J;$1zSt}8t>)-dQ`V8qAf8Vyc!^FjAiX(B zNWf8H+pfD6a}EDY?DS&%{jFb-3GiNm5&#xR`EVvNTLx>|PMv$W=B@9;%jfc2RFN_{ zjI~$wLaf0(vma1-TpD$t09`%g*0%d3dpxY&(|}?-c|%2wRC!q{Y|D`(n@U1b8rpzS zO9b$J`q+rCMzyMnQcLf-L7n*^Iz>ZYjTKee+noAgP2GA%A?)VJ04xqI8nCE<$~y#s zVGRERp9HI|jp{GpHx^dxeQ>d?NWWo&4FF{)1?*&gp;|*7|GSTJ3&iYSI8qW45sm)i z7&mhczrsX(nIAx>w{e@87|TJSe#XG+{qLj9eteoL9$`pC)6YU@lT`fe&r!N@L<6oV zRNS)XFN`e3KH`dL5Z8k^+IW8b?;kkke{RID|Mczh09PFQANzWW|0N%to?xcs=O+Vr zys!EBGWCm@+4=b*rc$W#^718@P3ScJ8-IQc0GDF>67yQ)KZ|B+-7{cRNx4MjalpLm z<#nbWqXjro_?-6iVElO~>87HmmpU$^mz|v*v$N`(#9P-0JZ4KbOb$jcUrYXF$K&hU z)dT>>R#sRo!9*T1$*!L(?aN~L%m}&d&WMMVibLYVQ|lv*z-%`~c4xY+t8IwMu@)dp zO~)&4wt{9VQ@<)ew^hAA#}*AHfpcezXB8BTXbTE4{N)RTK*O?mL7HQpTTv`SMpI!h z3FvpznQecJt6k>=Zbx~$Thwxn8JEwM6ckd;XNvSjvZiFBh$5n*zLu3Kxr-ZC7chCF zlKSR$(O+V}m|!+_5wIazT@QI32V7>} zO;83uEjJP`8!KekQ%H)>?Ug&E>|CrQY_kbJ9D>(RSTcW2CIXA_*Rjv69>ZqUc!!Hg z^{e(RfLOVg?0)tXfmEHG)EMoG^#EL`wE{0>E`71#?Wt<5v3!8L)B~zb6%H(S0NAMs z7#cDg9+?V>imq9tpxE5QARGl=j@)z->NBi>&2bkOcM$q0h-U{eA3MMP*@UrcSCBOB zlnZUO2HmaIfl9V2x1V=K0*OD)+N=yYv9hs!GuVGCmGm4*q2%1r$yC_Q?PHZp*tykIrKz>8;71M#KGRCDU9S8Vi5D& zOKEc8W@{cpkGEse@_M_c(D?YK@wvY6pB-M329r|5Cd8J4Jt38jl`y^4Z*YlW}A6?*mRCb*0J={B^bd`Lc2iV)Yc=l2eFeE4QubMgTq_U0I544>bP z7(8fCvk8|%tA%^)$w7hL#1Rn@S*@`qhCVyz2MrPJ;qU}rD=VwfZ%r6vmp=vREv-Mz z9Bt7(IFomFaXzmcE!4TqVK(W@RMJ{rRwiI~*!h|AYmn#f0QJr_1GEM8r$BdQx4o52 zXEmhZDn+;C0{M zmqiq3_l%p6w{9Js%q&sY2V^)lMMbtvxv+!Bp*$n;SXgwPs^#{9YD#h;!9Z+LVSf|f zrZ73@){`dH+(`}1QnPEdyU*`|WgxO5lRVdWy1!l|6+;i_`32I*PE(+32=)|JX3~CL zE-qFP%v5FT-F&cStP-VC>;w|>jT{((+dLH5bh zbcL*=IG7(Ed)%jd`c%B$GfNK<>JbNk?4#J&+APx#GkrvU0c=vzZ{an0eg~`SLtY|7 zPa>~BOR8wjY$iLP2T=z~C7F_^NX+ciE5q3YygATFpFg;Jdbh&)7~RSJn1sVrrGQRb zS5LQO;;2E*)j-C{sS3b-^SeTKTZUUiydc;>v|9etmv4G4U%u98xIdenu62L{XH)zv zM#&hxOkN+uUM-nrdXQ|%3dW?Od~nLCe2+@iMZjU}yN-%uC-f(Tn(724bQ_nIvKO(k zK@B>9BSwGa;EGD&_w2Pz*}1tne2DcO0AT!_-qTZ%kkaweTlH}D=cC-WsxXLkQ4uQ? zbEsCGQ%G0@Hj#xCavxpDO^XkZC{mYmATVg;~i+%%On5)N(y3)_YmS;lO zDMMpZa_)pxTBF*7iCCoraFP@K4_OKUn8#gii%sUcn8h%D5}}xVu-Sime{&1!piBOU znYCn%ANZ(oW%4^Knt}|tpieLT_TKI0UZB9B;u*g+QE9vCw zd>YKYZ`?cB@ad-%ogYY-v#YgzxsO8A|uZ2 zk)ocT*M)ECU*n6>D#!%7&Hu2nn;>?5Nx4|{!ph1wFwm@wp}jpg-pt=qV5GDs-^wyP zDazZIh%@dJ2ut3-!xG@>oU-gy6rmmO%(Q-abz70T6XP`w`SB&`O7H!RXw3fJz~6sc z;?JB}ScnNA%S!ugT?vp>BlFmiN-WZR8WKLxB6CB+x}5wS=|!s_*npy?vD*%1a%ysD zv5lXGfgLJMM=zM`o8|f^$=jj;G^L>6-zWL+61m@B`YQ+Y3&LEk>8o2%JUw=^dJ`|DSxX6wnEDRJ(h zuB7&PZ?7nMx&yU7`gg*2`8B?ug@Py^X(C>q?N>g^EfS;P#rmkF;L4;7~N#ssJa;EVBm#K+(^Efm;3BZ= zRaWNl-T(8`M5=)@IyMdt!E#}2jd=2s^qHU;Dc~?N0qP>Kvj!wJew)s&E=6rjvpH8} zn?;Vj#L;mx@YjE5w=7*cCjK-#)UgAvSmVeBm%&51WUXNW2yS-k_=^h{umJ1!T4Qz4 z|GsLF!IYJ~8yImoSjB?n`2rL~%QRO-@f79=d zI?YjSM#sOx;qW;?_kTi9KXk0Cg;)f!LZTQpi@}!C(t&5GHHN*U8g(wJ!29v8mV}(fA{zC>rS-4`v}1PaKlrUUyFJ= znprgN4#%EoWhtNy>HvelNaAAMvVOxMp~yo3mtS@=1qOyQtt<;LJv_SK30G4hAWDV z*2rQfJ9rZ=ZyNr6(sP5dzCJk~hush0yW>mjU&m5ro+s|CJ}`L!%z_t!(urJ4mZxgW zcD*}k$mmsfkWgA9W0(z*T6(oU-K3=bs@zMu?y;AVmI?*z*ZPC7E|14A(hX?8<(A|c z1qA@$)k1qX?U~86mcBmKysq9v8YQ65*?BUH){*Ix5+m8V8Hev+ohF4q?0(;9x7aP9 z_0iVTV}9s>2p;MnxKUAki{ZG7%MqkPfRD72di;%TF3TG|J(5E~EKiu2nm~?MBD45t z(m%NMz-TZeB;-r|(N>;%Ir=o87OKrEUN#7Ah!V}KytK5Gzq0+(fOoI9{deT)G_~G* z*6Nu@!c_FF)&x|!a`8YQ!_D?tCqWFG1z8Dchi>&J zbXR5#1{XaL)bNXK-NjttlapYwS>VBVR(i>`CM6TYOghq(zY)C(vwo|to}xa&^b@o< zF69vki=BFQRwzd5MY-ltv+UCH@@JA47x>G4O!A@+{$d;ZPTyZfu_4CQfzROw{0wY5 zjyL~u9rXZy?_J)^@&lK`6YQ($ZJw)FCfCn*C|b@ZTOM?JS&%G?ajygMSqmnnOKfu0 zjW<1|#m!(lx7u9Ax|GkF0SXKXy|r~$1lHCzLyl8k5nb(;c_4iTc1d$!BXu~EdY|}8 zTAE!~R~Hk@N|0ApHaHJ3{tSzQ-ibJI16$k@8RI)iJdUaiAfyfFI*ECk10V4$^lu?s zV$$NTGih*&+#HD^(yE;>%CARY9sZ}w5X0L=P<|PNY;mt@TG7mRLfTf_mE?NS@@D5pZfY@{h>YS&p&8JgYMDofnDEFE8H<3l!_ubK+8Sgg#~u15zMGTbaI zjI;sp$dDC(5N_Fn*Kc?}IuwDC)Z3|WN{i^+Ow2qCX+xz_fc^A1lJ>=!_tJP0$)vG&TUB7crdD`bV z0!&dEaiiD_$yt7;RMh~@J5ZtGmh0&igP;a0$?$I^ruhTVX13dTX!>0_d}ziVENH0YE3?9&A|0+=rSGK@C=j?psM`* z8A0T2Xq_M`D=UK)69WE(<34f8MhA44QfF{?t_kz&lom0>8qi)X+<3qBN4nrl}bgAZA{v zB_3`JH@c6=Ku;IG**&Y_;XN2xZQIQnE6&5jwb#t+HL9b;-kuT!hE`Rz1;H5h+oLJm zMc|s1B6*AQL6OPaX-#83`M@H4#JBC?@9f5BtSO;?V!qFC0S$H18i#k-bB+^z0?Krmp=EsGXW?kP@3)D0=3!6|L(UH=}02YF;24-en6Xh1!oka}Tgr_GClyr31P$+bF zZ|_s9(t8JI$FC(NLQ_32Z#@OY$|EZA?}9@~zx!Lk92hoxdwa~T>-tj3TOSOZ^L0;C z@GFQbkY3cA;MYThOz@c9B=coFrqeW?Qf|c< zDP+zMG|LGI3qO9sET?YBf3oKDww;)V)i5YJI@9T5w~(3L?;C1zSf7Z#ewyCE4l0J_V&_eAXu+>wO(2I3y&2M00b-dy9GMQ{No=8#5$8Ap6rUEpd#YBw@pg zPA`0K`)Pk&TBWY%QBMxX8}B?En(m_3htGVJCel>V@mb7~@1f&oaeG@xCi!=%QW}Pb zNf6#%vy^D=`gB(&D?huR$qUvNTC8qhV36HeH&K?|L2!GFAFMp3hQJVr1y3yx^bMQ) z6;A?>mB3vdTA3Q2!J#en^4S`FBt-q$9(8Gdl0Bz(uhgy-cB^e_s@7;m)MO)>rRmo3 z_LM@jfingP@~3oEXgr%b+DsTa+iT~h-;LIBo~}?fcJW9lCpE$Wc~TPwq^Iq{yQ_1q zRJ>9z<-Z;k8-#C^BnO9M!!Mq*-tU%u{rdIC%sgAv&dyG_ep`z^85oz6$iG%n8n!jI zd3?T{ZSQJkmgnYYuBxO&1A3Tny`kaZFGWQH?s-9qb7FE4;gse5OwTDMC?<@)I5T{X zFB24dBqQ?HdmJyfE#>I*?>GwXuAopo>hA*me`C}4SMBqA-DCU@b*VvtFE&EY!0>3K zK%?cbGuoD4okP_P@(}5GJ3HtxmL2i$d)8#CBjct;+9I3uDY(i#FzL2W>dJ?df)cIU z-gExbxBH6UYg18Ct?q~mk=*IR*>Gn6?rQ2n0 zYis*{v^All$95l3jGE_#QLtRLH=pT9TJPyqRGK#c9yd^;z#h)i^slMmxh!RxdVtXi zD5vn#1P(i7&=|MtwD8me`}uku?s%`TKWRz31Mc6MiJ#P;-T-Jo7+$Dut&Fwe zyY68T3xu)sbs$9xFs<*L9#K_@J4K8RJ&q{WlaA#fK*8mj>q`;ja@%|YG$C~6J&}Oy zu7W~j&>cu|UT&e&Asr%(_@#C~qm`DKnX`eGMqvo=c=P}n8ARW^*x1`CMSzM)+bM!h z=IwDGV|KJZb+igjLMa;Xy*U|EM%=FNt1t@mCDr=I#y8h$rj{TQG%_-a(yJyP44w2c z2Aq~)L7^XLb}t-BFt%q38q;c>Z&@lv1st*qal9QS)ZR|MmKh{zc zF_07DAb&y%#1g*dXj3gGNdF+ud5>ZvlfZ=zl9EGb2NnDbsn~$cO=7#sbdc=Ka`oQq zO@c4P4aXAm8b`$4Ua?CQ9}}H$b)8#UN;eOWjrDuf8BNK+Ag#%y(}OV8oto+GRrX?) zZ!VsgAsa4!s{`0BF<@KwC93)&0upuI*iLzNdgJ^=hO(;aCbxVN1X<=#GBNr)91gvl zmUnaGqo>bUn5?uhCZd)DjBl1CV-h_In?GGAwdA!GB%78*#{ia0(v;pSF559Toa9rX zFXur|0Q~g)XuElwJqNzye7xP@A}Y#0B4r{_+WM`mXn;FJ7}nTqac&<#%tA~wT+o{O zL+CP33&=3ZHA{!MM1$X$=y{~2QQ4h>l$FjmG=!FkQ`t@~QzrHkkS@t)7NvO` z1#wtBt{u0RfQKj^wO#OG*O`L!er#-Pz3#=u1@pVvmp_bxsmqhuJFyLWlc2$aVUzCJ z#cUTBWjUSgYME-wgP|!(twCfaFhvUEXTPK7f+3R4vPN&S?}Fb6H~GE9GT|&3@u?Av znHC_$Ovg)JU)I^QqJ!CmG2uP&Lx>v0>nY3N6PelIE~^yKuCnPPZEiX}X2rerr!8m@e!sb7OV{5SH&F}tFm)Bf z<48fgxdm6P^ZmzSV|I=y-hIcF;iLcMyyusJb>L1?1=`Be4$ zjRG^7q-4bhBoJ$%`o(mhg2FD;*)x1pdj9dRaXup80{tCtNE3~W$5ev}K4#1Z*_uY^ zhe4xw#!OfMZ68feV!{<2PVk4bS#Q<*(?WC zO?Shg-3@x1R`T-25Sz4t)}Eg2NH)XvvWn_Tn4e#I@mbm~5}2fUzPf#noSj-2+690V zo*;F9`0ye5vuEmwDKKCuCan`xBeK8p0;Zz_1{~{-Vh)tAA{9>(xZE_RWR|Z({Swnz z#g|F%huIRZKo;p{}54jSYeTDJJ^j@#((GQK+ z%=%b9kWq|2?{#V|Rwdy_XOivBSfQM14Do+#Tr>w}KsqOdDTp~W4=<0Rr7n3mVek8d zOga^P>_ycmHmrvZn1O1vPyzDn@4()&e@2a#mjSIan!yC-3$fdyQp#7EHm!*Gc!#eD zoxq#A{O92z)Mg)l*l}Z+q3c^&%c6LA;k$l;M+0qJy5=)VBPd9E`dPyzMhftK{8Y0I zp8NMThA{5pU{i^ghALhL;PXi(x=oFZ#X=!N8GjxrsDC|AKx3Be2H7Ermw9T2PGS1( zqlDT|{@?t#uy8%ZgF5@{e(2j0nSJDU>Bj+*0f=ohtz$`CCk5Fmpgn<;70FUS;1hSM zq6yW5(7vUs%kyrSic3u`JgtNE<2M!p#>n{i95-Y~QwR=x-yal_p_PZ_wMH-t0S45Ex{y#bAtC4wB7cDPj<%l_|Gk_AJt#?&Sbw#tqrNP{dDWL z)$umTB{qfeKOQmoMmtHU)Vp_2fG$<;vQ22^JDDV&>>e&V;3sJ(LYv(Ns(m9n*7;uG_Rr@QG>9?Im#7wb=5(%N^_!jroh zP3k!rq7B9kdgGfNG!!$niLgqQfA2-9-AxJ3r=|Ec{3vzbs7LKGAG%pl!?xc2te)Eo z;+oodu^mB9UWclOVW@Y!C4V{Yn^g?5QmqT3@F8J+r7g$#V*+8SQr@+yNr{v@MA?Ko@O#zn z5!o`(IeSe0hLf0NrJ-l|9_ZkO#>8aRAEnQ-q=#fQyY$hsD80rLs|w4xnkyx_L`8q2!9w#b!jtozMlcQEoZbqC(fzllv#Yw1 z{fH^#^{K$+^O6!={=n!=BV83H+#5GEX~l(JDVBE^+*Q(aK4;FXszPRGXNRp*1LH3{ zbTm+V0P)g~XJ<~A*d&hIr;d(d($d1hUR~q+Fo2~1>9Wa4X8_;JpfYp+wLwK{8BoZm z(dfJ1yL%V*a%HaRzVR3<9v*@WaB1Gxx0@?{1nKYn_+K7WY9n!WMSFIXaY8ghPP6R7 zlIpmb|6wHLg?aSq$kAH?0mkoxgE+LZNgq5scumdBEJ1Yq0aToT@pcTi9c!8C*w>`u zkXg~j=+mJ6HxL^dAm`?Lj)b(%{aQuEcWc5`2P9ztrm}lDz0?XdM?8&odgEOC2FB|{WUQh^EPj>heKh}#CxlbHAF1uh) zS&TJD5LiGTJu%(x9z=~NS;(J%C=ojXv7EgDY|1@TTZ1TA_h@*^s`N(tQh?RB$NFIn0v@>Q zRdyyLu#jat`?FJ>?BZhBP%$Q9K?dCX+A0g_DPQU5<|9a1c<_%ApTBI(f_MTrXz-;r{d!Ju8 zrC%fksjf(TqyLIrKNI0qubrZqsm)j(+UdR(_F3@#w0YPpsK9jhm!;1nt1yM>Ow4EM z(zPkzFV4TYO>rMO8yHX@Z6bYVjZRl7>$*Fvq!h!Ya|_I6E%z41bG2$=@M0M=fEWYH z8-v0`7#x`>{Z0Efuinm~T};grom|GLbPeQ3zpY3FTpua^IRC7!@|-Rt9tSxz zcUB&<*b0ZFCLRFI%IVadsjHR7!S38a!R0n0>8E=BoP&anP6Ev@>^za*ofKucSJZ4P zXTtJy&me$+7a5G?N0=OejOL@k44IbLVnYP4(m2Hrq}ivgV6O7d8%ykA7|67{d5ZFU zHD1MTozIQkiOh}Np1*F&QkWq;2emwOV#DH038C4wT%RCyu-<+zx52_gD zdP%SDjz`aiRAFh9YfD>Rp_JY^9SNX@WAE)Yzt#lWTe8+IIlrdrP@V2L==#tiBJYw? zZEgnG?sq*2W9tu>ie$#>MT3c7sf^kI7~EHHYZ6`;6|{1MU}V|HtW?Bk7;*eU*=QZ! zVne5zR}T01nPar_b1n`5J~+vO0I&5<8xcqDNK$aVU{)jXd1W_H9qD30E&d!_kCLNW z%&UcP!6qStDNYy)O9H;LjQF%TPXZfCgtjG6Jfs3$;6aDN#<--Nx`2BF5~H{={vgC?O$Htl%pNmwx*;;|hCd zXW*vm$?nH0O*LZ}cX;G0!2N^Og|cZam9q8*=4x}N4v^CFx*2Foh;l+81S2IIOQtHI z_B%82oyPe6RGT(+WVVX&fZTxqfc&p+B!6shW@T}(z`b`ze?C5Ot?)&7a2M;K;won7 z>7Pbku@7WGG{?jtA7-KdFv4~WReHHS8=h}+@f2qXpgI0DDZwlYBsie^^Pe`+|HTQ; zf60xC0pl1yJv|+43C^iB<$3w}!!z;!lq~IE)(Ohp2l8b2d@gs+4oQHe@qJ^nzTh&q z%f+(Wv&+lg0HgZsdUu1b53c7quP^Fn3NJ~nR2I`?@oE4x#f@TAP@VpaG1au_?XLgkQb- z=(Z;NenaUw7P8x1aZQa&v$m8v0CFP;G;UYli9T&`{(Aa1EtpyhRbtc@O9 z<#LLRe)ld1bU7k|#|t3LsOEkK*Q(#W{sxRro)Ve+BYd{kf09;e0yXXhl?}uDLA3A4vY&Z8N zNKRE!FB#{g#oF#_pdvK@Ut4@$YbsJ|8ra0Yeis-T94C>@>IN|M&>nivboYK+Qsd06 z7{%#%TwAy(z(fysgJm$NTb-(JI{N?_PEJQ>=ce9X+4?&GklHzznjQY6p~v&*0w^Xs zD~((Xtmmoy;bv4rp>LWUzRu$SnMmW|+>DL{YJWVv=Fdyg8xbqqV3tckNeMT2Jd&qY zc?(QVhn7GW4bg1dGFhwWDJv5Jn?jXLn=9!51pweSK-Jm(nGFeUu*Fh#ozfnxUW(ok z;cn!$eiEgznnGu(!FXhB+?nQOTyJ959Jw?7wCm}UHsx2{0P8&qhR%~yQ_P@kD}~RQ z|J2tnD5&KYE$u@9%I*|^+2As2d}$;H%~ z)~zwSy*C-71;8%n!1OPQ+r%uJ4VOvH7i+vI1O;!%EREH0?$h1w9&0$e&~5q+daXgt+E+{0Kd#Sm zuG35FTdpts>wgqnUyXb ztf1F~Ems08dL9fUZ>egf#*u_{22$Lq*sEess06c?$H#Qf?X@2bKR~kKFxM!!mA(?# z3w5CU*aPIphxEky*e1r2k&u{rKL`(D{myO><9Sa{+Pb>B(GnxJGE*xvV{6C37HMg- z&SeJa5wq!%yZQO%Fq>lzlInv4+dKsaVQ6y+Rp(+AFlb=k36$b6b)mCf^X*`5Dx|G+ z6%%`K>y|y`<2kKCSJaK5K)+YU#;~&~6)mlNWXGfJDG&Aj{_&&w$pV0+h4xXAXg@yZ zp_spCzjLI#5j8S5ocAtIFeg6R=btwnXubpKWdtDce;XUfn|Y-p@)=!>5kui=3eEA~ z+4#Z2uk;7JIII1X0Bu(*T}L6bgmQnm>B<2nJq@^%03*$^T#6obV9l%-me5yWISx z?U%sP;@77yng55T(7%50??v@LHT(YeS%cAWmc>@`UrorEIl~RsxQ5~I>>0n+l|L&7 zSRu5Xg@=(oo^L_(^zzD12KFOoCNo_?VPJM^%?k#jdo*vVQjZR5bpg{N^&ox>e^Pr>N)&`aJaN%ZRZDu#7OK z{ri!}`hdYP(i_B7$PcHLl4cp`&R2Xq4GKCrN#&nMBy{SRg+O6nZ{G7KK=3L?Q~%Hj z5gc;+b7KKnthxCY`wEvq@a?1AKOCDgcc8Sm1n!usbj|HXhnS1IfH( zS6NvjFms?w2;Jgy+`9unFJDTp@L62&H4+lB2nhTDgh%gVcsS2%yLvF#WAEyGA74-< zC6w`p_6ML1Qi-gpUMzS$$*q+(D{l$aw<>R z?@ZU?vpQgs^1J0S;)ELg>t+{i#{zcI8ZDXLYRF?c4FZTR7tjvNARUCmAJsa$`yiYd zcs~G~BotWJZmHQh?q^5?Qp5f8%EHpv)b0AI5oPFJT3TAxMu4!e@K@R7X$04R+t=o8 zZ;Sj2^(H-bEdD?4wLwn=a1jUc@nBeH0d?_`JcFG6sAmQR&EDfH8#FxinDG;M$Tx8Gl-D;9iy_+!#}NGyBSR z?Vu7i#PWa-FCbsr%@1T&b|B)T#c;W~D8#V!HjpBeQD=G+_yT+R&K1>VzaYOCGLx1b zywl->LDHBejss|0fJrE4`j8OozuYciVOeI=Rm?6RSD0-i;7Zte%4RwW?R(zj{5&;o*MA&`cR8+?0YY63EtmsVDx z0MiEG@N{27gOWgM98BWoCLPHo>+g?+Sx8izmxmBny?y^EwW>-@lQxRUra@WTPEc3( zD_~y4{=s`NOU9(~-ditib)%1~|G!WSh7ZK5 znJM7_9DTH34!m0~GY3n4M>a%1e!xmfN(xbD>;g$64vw~L7LuVnY!^9>NS@T4L`iV>%a6lWaPD|uXnM%GQ@lsnWv3{Rr>z-qCm`p7C+HlOkDV% z#6t{!Di0g}JUp`$qKSSJp`)=Dm;&*z% zO7gF}DQtE-sCjW-&NhgU<58I02iix66;Uby-`h;hRD)pO+nv+`pJ9O4G|EFT^zNuL zrRd#PJ9IS5Wy87$(cFxVW>j6wUMs!Y&-0#9LkLh35`fQ?o5pZ5E>DLb$qYKEUZEL7CsrWHuGddt5%n zi5-Q1D}2Prv6e@qvo&-ApqzEP;n|~W~V{DD$ z%DzYSq96k)BpHSja_t^2+qiUc+mohRw>8gbw+=!;iiI<4rN_$QgVyv}a^}rxvqfl# zyJ~$Ir?R@TKfp-O13i)l$UMFP*TfmmPtDH$h&G6#vbD~_<>n^Y`P$rRh+|U3J z{Fr29!IIGerRPi@@$t_9<$mZeuhQ+Zs>94 z8@%&7(`LB2iz_R7AdgU4p1%dWUec&Cv+M$iS#E(YKm(xkSLFOZrM-1jl<(R$EK(vR zAl<0~(wz#@C7lBdpmYwM(kLAg(%s!HpoDY|-7+x5&>ipXezyC!pYNYT6=Xsn*EXf#N3DR{RDKcDhiFQ&j@TlpiMO6F%gI&!Ev}rot!y)av?2_U5-g z$RU#f(bOcwp%w~qwiU(#IM;Qy7~j=wADXNyRRJEG9_+}p@0+a`z&g|nu5;c|qY(7g z*>?*(J>{`kXiyRz0eEy%8)N?k+XLM$!*A_%C?xO*mRNXLNK`oHGR?av%iR0yLiW~b zkCRo%8~4Qld!Wn@5_f4u|4}7O!mYBlDRc!k=irUGXh-3j1Yjn1FtQ|E)tDKcwnqVI z@4B1{7=bF~6#5tlPUyXKG_AIrltw|>>vc6U0+OObBFXuS#@_rHQ$VJ@xd8oGz=NG1 zt6tM1;OVg;Vjx-QSR#&RQVMEJN_vXIpcB(40E8X2+ygw&s=B%#H6Pe!Ydp9s3_9{8 z0(ncddq!rYz0xSHC==&RFYOiz8vbzC8|Gbra49X?zCV!I@g4Igy$I3y4cXQ8EK%*A z#W%;^u=%-SW3$GFC435?YFpbHPA!qQgeSbRYDUp>0wOO2l`gPxar=Pk)~a)Fj^NXu zsiJMvrVZXciluj}*3Igqjc zUqgL$16|xk%mE!YK8)QFhOP(CkZ*fBOp>mG=TEY6j~(}xpK8W#K-5bh1>n2sE{En> zOf~@Q<7mP(ani$mYABP@2Mn;7e{kqDx~9X6$YtGWHJQQC%H5<#ZU;Y#-@h$!G^4CF zAMMq0yD0cVjA00fWwZ&I%8yPKq5wKRPbssY`|78sPtC$K^sJbHZYZ2y24}Z2xa1!2 zx#x3&7%jsx&M$#*BHM49+RXaEovzv${zrgt15B$+aH`r|xt!&ho%0A-vx7ADrYzH~ zktJd72t$mN#VG_GKn#kSKbQLuZIc@xpZioJqPfM+f3POsic)Qu+jHtA(D(t)58u*e zKkTT9*ykhr0<%F|aa?GILY*(hAA;~7<@+6N_5g*oHDIK-TZw9AZ3VFFKYt^a2?{a* zqJ@DvQ)7&vwB2`VSRlg%i!a{d8K znE_e9OE}SMjWvHPa=kWp+KNU2@;DUA-I?-9BP+X`^L+=1i|q`al5A69KoZcy@D7<* zlv7fPxo1_xe}B_Wx3b>>ukmlAs-XmcWc4IKNt?$E#*zf=e)Ii0eXZI7MNw6Kbr(?V zRlDw!5o)pOtOiw8CDDH6EIx=WA@8w%4Ic59K_{dc7-Pkd*TZ3K{p0S1!wgIk-zIIe zdAww1n=xWpa3fJZq0}_*$OnusOtKq985vd16tb2YWi^Lo^J6r|XDut^+dlSgHV?+I zVp!(2^a%{bGBeB>&V>NA_BT`oG<+;ze|R=NK5oUenZo_icxqcUxl~jfU|wkY@aVO& z#w!f&cDU~A>FDdP0kC1&udC1hs|2tbNxLFGYUG1WG4!_xLcUC=2|hp*)ExvJsb5f) zeRA7muxaPSC}s1h44@#~F5)QUwu7aO1L_pn`r#~pI?iL677R0E4E^@ZIE~c3U3LK`?JidU;o9mlY0CS4fluqe};42;|M@ z@d7bo?Ed7q02pk|e929<*^IPk!<-xPxnvs3`z<~vlZkRvtl2Ts1$8Z0$AO8QkMndt*9 z{h~SGhX9}k*$qa_8Jh`b$3i4q2eFyjm4=!Zj#KBMj$d)wN&i#70E&H>5zOev%8+1a zr`5Md%_#I|1T^e|-#*3TYIUD%36!-9Jz=92)r>KH0wF?ilNizu5}dd)YIn*n5sO{p znGl?Ec{T_Hypi#WM+VVN6eoeTxUgh18d>9;by;7VmqfJzrndaySe#sGQgVs<`lH<` z+=bJ>6MGMNjYSqupJJ(H%L7qe;Nfrajq^ z4Gz~R>0cB+I5@Bph({rx*s&S5^Yc?A5m!c)6B9FJeiM@=5u%4N$EO>b_WIWwp$aa+ zs-SnrB=}TvjH3Ydq&Y?d(9Jmv^$`Gzd1@}3AqZd?6>Lq%_Qi3V11X{FKt~KeS97G3 z97;<|tD5#HErD|mb-qE8iUWm(3DETO($>YuC+c#^)rNJZ&l-ug3|d_Y0rzYz|Cv7-U;3@m*p6|Nz2pW!W**UGp(!xw zv*I!@HjH~CUy>4(7Hjh-(DIio??{<$;{0xD>Z7Zp4Tjmdc@zIhZ(icD0;N=quW>fv zipH-swIrB7ZTbS8hekY&{cM$C`;3$DoPAAngPn`^4Fq6GTCq`j3jePbuKQSsRq*%` zj{gP6#dlE~vCN367n-xajFfyg2i>n;;z99i9r+vyh>R}rM~GX%b5ctNf=+tJMMJsn z_v^#LuJ~pYKovP>S&02>kY&n%)d>!70y1B|SfwcHjEFEwMw`_bAn$0%$Iud-WC*(v z0roH7fqJR#49@&Uk6x3V%SIm9iE5eUR!u}6A~dpt44Mvq#n2Tq2vU3Fq}JOWo}Rw< z|H4_U6WeUgP!uEhF{te$vBZe!WN###lO5DDwdcG7Fx#2+%~~U2{;@ZxnZkt6Gy zq*jgJ;fu>}0wMt11>ON@L#AEH`*)_<)5KTyrk1$gDLf{X{193F-nR9_0l9}VFt(lA z9O9f8v)?&bawjYqc*ZB_)9Sp3y~&G>jjc)P?Ez#klc;c|r=}K;wAF*}JbA_Ag5EeS zgwxUvkBB73#g&a1Gj>JpkqZvD#Q4x7kTBdgS&b@%^-2GQg#QCT#9YVCEMW48LBGw| zm-=XZ4v%gG^n^Q$=Ck;GPpg}|fQ6m@^!<4bFoj%X=MuED&QpIyNXBnhCw8G|ZI=A? zC?!XhAE^e*Ee=PhedRx=34rgW@lRjoAi15etxLq=9{);J>9)2~6Q!4oJ&t5nix@~r zrJ$so-t4shwJ@ll8QOo(kbctDWz}u6ff2uR2RJ4Cd&n`bnQW>IoD+a4AZ&?@w4fdk z#2hS+V_SO?6e_2y6-wCKHjT4?O|u+yTi~0PEBr5B?d8u9!7si6V89~tKeyRN5+&fU zHt-L&3GCB<%;f&xJ=7$F1%Yexl8sG^^5s4kIr+i^bU9sGDrMg?r!xAY!UfT?1e+>> zm%+s}r`=pu;P!6YH`zB@>FO|zOwPXC;(`+qE)}|$kAH24eK{#B3j0D37C;m5MKOTp z@zbIq$u~n?dyor1nV^ucl#dw+Q}LthP-Xh%i%7RwJnz}jdE~)Hw!dG4Da0yJ^a0aS z0EjWqu7o~P&qR_YA|gt(S5@>84{A?ST~t={7D=n+2ce@11Q)_J(S8s)RoICFuuL6^l{~m<|oBF|mXd(L0psmXjwoh_-@T^id`w4S+AsGnJvjI`=qpm_y)gN`-@Sdr{b}Lfwb^bB72Ha*S(>Fl2mr5! zC?;tESLt)!`rT!c+zob`{hLVkj(}i`1e;wUletFe-si&&c|)WqG3H=&$=@~0;amoU zu1JwfQztpI5uzODu3c7pzRgO6>h}DsKJ1Nhv9=rO@xi}k)c-yd<0J^4p;(84dpVW> z^4*Dr_fRBKJO1UTy)$hCXo+P9r1vMkY`iy9 z^O3(9^={F(w&BIc*{!j+SFYOM)|}o?Ho~hNRzSB4gejg2E2xG)kI3tRKl}A#6uR=gzDC-+y8hY2M=7TJU$8IBnR+_W9$w*xoos_+3->ePn0?3hfNvDJ zRyZk6xMP|RwPAH~MAhk8mJIJUV?QUk*IDNVr7-7D(wEIEgVySqYv>(?_AlYf5olLR z#X=ev_8J$~6No;+8O_Df4{9#r%lB@2Q}utRg|UUe;wF2wj!#X5>}!`)@2C;-fy%nq z7DL@RX!=S46lKzZr!M(7y~ir(E`-OLu9f1MEvZbr1CAuqveLGJIJ z2pZ)PrP9?wSR0fVw9n623k*e=o4;&leK^Ej`jS?<6BhmDM}3Z-&g)+4JpKq2+L1TK zm_*ah>?=C_XQxXY_&V{mO64kL`Ice6F(%tu7qfvmC$DDP?w{zr)*{K&q+&uHDwXV9*!=8A$ zt2#NB(?fC5(Bt7!X!TTI-3uls=QG) z#Q1eG3f6o>!?sf5KYYz)OmZ{F-|m{oPf>bL*$N_tdc7ioP?H@Hu1@?^?qbvCz&gzl!9p0|ddcv9U=Tc-|xDs9EDGLz=X zn5EzlZw+nw%2IV=fYcizcrdEaG`6IZ6Lr$NTpJ8;7U@Z=Y(|H|R_^&vLUKm_j@ZIP z+9x?=5{Z-EY*9Va%{a_H(hiA^%w4wHEdWJ~d%Fj1y z^Gx={+>qtW?bc@kUwG<_yTk71Czh~fItdwJ@zoYHtct08$T#dsSu1ukH`s8&{58wQ z6fiF-aQ353*J25kRgrj2`A!@2oqqqw+fzVx<(i6$j059zJ-e^p^>|)u710t+sqygZ zPI%P(J*?W~jV-lBKa_Uf6rC0aX0`;r z(n?#6bZFMWaFG|=&dJ5;_GnAxLgm4d9dB2`2rbelkxEI?%7Ls5qou-*f)?%2mV(7V zk;hz+RXWxRAFNmI|o@b_8rN-8@0XKMP7z(h5}qt zH0k7IM95Jmk^{c$mQ&fNy;7(Nnq0faLDK*!L|0Uwl|(0*zaQNcS-!4`auF4Z-i=2n zO`l}7WSnH!R;75lyrcswpLZx7rcj3#bclgMiCoyO+R}_xDz8QRFJQM(Ht-8tnAT{1 zhNLgKkm8Yua)v@wyw})G3pf_>)|Na0rqwCvmfngu(kFCT`MW#zPYPp0dV%Ux+i`>g zmI+<@{?I0X>_?s)PLSkO{fZA?_=37Oc9Iy6nmTZ5L&kZOinNz|xw*6A^ekm;Wg)D* zG?5iV9IzyE!@o&j)i3o%;HR$gy#eVcvNKRx(zVw?d zBER5MCuX+$Xbeq!_v0ty>TJrO`@~FnAXTaG@nn#0Zb@lum5X;=1zw6QT z)e&`0JKVTV|F90uH!(Sqn_Z4suuPSF-SR%g57k^5Bvm+oB?-ai8qJXOkit+#ECnou zvgaz@F~Q{_jux?9+ctKFDhcG5r-~EvZJr1wIQMv`I%A! zfoRFoqC3|XWj|8rh0kD(2eZ)&g!Lu&if}L9toja=Lbi|V_kr>TA{`2T=*1}>+k2dC zGxUQtJURJWY;0y`StTv_q=o17zCKtuX)R$)n$h_Er)Olw+AG67>$|g!F7)eDS2%fT zJ-J&rlxlM}qU=2s@u&?IFZu@r0t3DXkxZNa?(qD!>mYbWgTFolh8!C%mfL;Ghmmq| zkI+`;EE7IT89U397uDu6F`e1?{u$H4Vn<^|veNUwkVl-g_j9{kn0_T(@u0F^9o-;f z^kgRZ-(yz1$fJ>-v}%R;hshRl0gqao&V~13&8>D|TRqgMe9(_yF*Id{gkOrnrVlSJ z`et4OOI`i8GK%NVO*OmcD)LG!G#`^_1K$3^f>kISuu!C_EyD=pBiM7LXRgRI9${w! zyGV#M*hFYTL7#Qi3ysgVOt*RFz*gMY~se*2j1}ZhSbPSAB>5GhGW|LiX zD7S+>P7>D?4N=k1(2w$75_YDGkapp5&bGb6vkpjHuN}P)TQaxrVueh)W2rh7A?ogX zF^1C57z4EWN)QZ4oUz%-qWjTLA{N5Umzc2Tyj0y?i4%u1B3G-P{HWB&>|}&gi!cxo zMy8XHa?#0jr+GNKo9xK=Src}*cXSs_J;uU1&D~YSTMr}#uQ?gLD@IsMmwXjSaUq^* zAiMM&l{($gC!ySvfo+)Bd^wf+{)+>MjHPk-Nf*R)API@aD4*t^vNskC(3UarF(c{5 zZ^+fSGfWfpHWVAxC;nSJ^Yj8+S{|_?NS&n(H_7;@!-RFwi#XPju*vZO;~eDmDZaQc zHmwc=K>ubte1yLoEOy`h@)Ah*d}_`3MmDT3L)7d2O_kn-I|+iUk}wb{uz@OV2@eBN z#o&BaTFApsJL5-17dHuZ5g4=Q&%V}sT5vmwh;cp_iYPe};4ywX_ggesXrCpG-R{R5 z713_kEm}C8YgTbPIx-GR3mie?(DghB(Tq|$d~BkeEM`i**RE3Swy!pHVH8^OVt>0a zWo&XhV&uS%XR$pff3mG6O$PKyTY@9&Mm2-SVDAAZnV z?7)Mk7cnJeF!eG-RU@70(a>#Pw#EeQl=w2xAfq{+Y!Y3fOK*TfNptCuExckvH5G_x z84Kl?B++roKq0~YM@9DB#^3FNmkyuHY&_rm)`Sd+2;Jl$z#^j)0UfjbcL1nx=3ntL-AjKj+W<`l;0@!5$e za>7V~WGAw?9+EeG7H%Z7IfR=1!g0KQvKqwKuBAekZ4`n$+T+n>S;>qS6Hf6w(g#+@mq`Gm?xMR zk0I4sIiyDVkT{SyZd^(a=|7J|3q-{U=W!nevN{!x?jl-`aOw=+U771Nx~gT;>kuFy+#?z3;+^R-Nnp8 z0RpJ8ZI`cRBc5ts_DIN$Zs=P5%P0A!-D$y)G_bM?NbDBo{W*7z(6fV>6zv1wdDhxJ z$Us)~OZq~iNj*aG)_20pfZ4OmS17Pwyc*TlU$w}R+eAk+Fh~%rK)hjQh+Ss;`%q7W zdVuuz_ZV!Z=`m`GJsF>_SF9<5*wB*sF;z#Tc%nE? z*uT5xGhzh+936Xrgk=x3|!$uadD# zrN&5bvD`oS6Mo41lAXoB=i@li=~K+wD~kI4S>|Er=nK>Ngn?wC4^KO8 zPobAEBR~Iyv>W#*Bn>l)z>9=u31a&pJtbrZOw&(%^g?JVgJp#vGNFRwgIlW(TFn_h zw3tW^8lCA}Bn7lkm~tnr#v#}JKN^Tq3Da?F)_A>MjcjU~X05E-IG5h+G?F{s$%+uM zhWAa1akI9=#k{=MI9%4IwAjnSltV1@sFMhwbOH|S^BO%yTcJCM3K@-l6BJv8K%Yy& zdHGS}xd8Uqk`ZwskyH8PN%hp|?^m@BYj(&XdrYF$RXvLlfu$19@OH2u%#{@1kApkl z9@ucN*nwp1{>642Oarj8+dekRuu;&dK5x~x^phnGSVj!s+WwErv@@>~=-sD}%ppwG&%3wj4t5-UE|I^qKS@aH zvQ_;2Y8cwglhr?ucX*cRbE1k_uRCll>gHt#{PDM>x$_n}fC3$iZ>eqc0qqBKy2PP$ zB*dXok@wV5)U@ppwDEz{p!Ya&&Whg%80Gwb4}GyU`FQ( zdfs3+7tt{DafwC7v##GtidbVqfPn$UvQQ-#w9nlxg*-D0qd2HzF?mIVYA>-=OC(}l zBq?c1Fi(b{9r5E!tXPU%zJEKlRbV{d>Fu9zYo&>uTf&6)-o-`yMba#jm{B!Ao-}288rC2{MsXQ`1LFm7p~E8 z)Z0>@F~Tj@A9LMSqRtlIKYkxCy3!%bK#4B}f!u6~3zYBaC+wlS*S~~`Li5E+-$Q@D z_mVLT5`0miZTkHbh1?tV-E9f!R0!?RV2K+ovZ?L`SuJt7v~7~6=%lWq9?_>=&0!#6 zGJ!W4Mi~Tm>`n_2woJbL$*|X=6A-J~T&&9Tyuf5@^QuYb^hx*PXzV)MUV94uS@TZv_ylvF6h0d<$ zrSCUsx~t>11Hz@=>$6=|P2Fs-@Cdiaq z$?}j&tW*2b+#Y(1S4w@GQVOwpI=EQhVtfRs;yW+#$5R_Ow%6`vzcrz8i=_k<&8l-m zVs%X!_`gI{a`>n|I;R#42pk}EEfhyy$Q4xy_SJ>uDbP<-O~FpkHL3 zcZ)F%d3eJpwiNG3Fxw=ny&ili7TXC8YYXWa?w{#-mXq)_ZY+*CDBf7%;K#YH&91fU zG)`bD_~g7dSSf%H2bH$2SDShAe4BD(1&>%ENN3YrF?#}Wrie3oCrFLD*=^FV@6Szc zW|Ranwb3BE$d?|YJuP($?qYjyY`b(>zwwcFfX8S3wja4N{sd1hKj&$1UI(k9;q%-4 z=#oUQw%5l>96piys9FyBd`aAyWUu;Ps3^}+HCe0blcm>3$}{NEs>v0^P4;# zFkFqw-vV|Q@Di4@TY(A87kqp~7#J8ri*rCsgdHJK&b2S2(7c{8MXko!ZoWP{Hb~u_ z%8}ePr=%DJ>XgA9jWgj&9b3`}Nq0PIGQ56v0hw48=Oux0aaVDJu^&H{s6uFTuJvN6>4`pNOd+o2icq9Xg56Ik2KU^fjU_cUwEm8qdOXos+QJ?=cG z?Ht2Ki$#$#vgun3I$k!?6Ft&^P02!4=u|<{P=j8p-Wv{;NVvV>?jU6fTtLtMg*Szc{8>!KFFM&26^rxj%yUiw> zRGtfD4p-Z*C|4fzb~oTnBk}0=*2Yy=O#&OD>B|GpkcbW8RRk=QK1Iq?_dH=qI96M) zFhefU6d?st#cB8{Me}_HH})viabJruqNIy$u#;aKM(=oml)zsHHx&37k9Pry1}}63 zT3GP5@gX^Z?lIiaujzU3=+14w1o^$;aHVbyGv6P{AILXPY;Hy6XQz6rp+oaH@NxBr z3sntqtB~m&_}pS(O&MgiQxv19|yjx;$fhKQ6ie=j&&gI{ch7R?Sf z85%?yY9^&Uy4wHiyOv{r4wUwtKAquIV=)~+4njzm1Lbr09S+H zd~fNGe-}`DY4hTEIY$$xsF=4wqV=b$nbfHjH-f}_4Fj!CFS@|Hk{-Q|?tY{JH7}M( zocnpF#A@+Ax+uj972H^&<|GdHWwTsx2p9*erfW0tB!1sk>iKZ(>2>;yGetz_KsO|$ z8PPNKg7!@&PX09(zCjUWz_DVKY`U6j?Qrmdwbvo-=EG7 zw~23o_%2@=p6|k@U6yh)wV~}op}rr_+6P7T6xnxsiq7TkngRtcxZTkxeOjmtam5#b z@Q#xc8DAHc5Q>jJK7yT7xibVoBsL-F+DGvve#lSOF=c^GF6wR z)Qi4T{z$E=yiFkgAR*~cL6u*4V)jC=MopNZJvj%Bu-D|j;a8ipj!{r-Z)ivLC?lfN zH}#~AJ&?hLZEocS%vw@)Mk-Cr5vTEBv1=(+cecq2qhJL0`+kd7d%#RM#M8itIJzYc zY8uEa*n7u1GU~qEGkAAgd2=^QvnA!z=IRUOcDIW^X&(8lyXPuwbrNN=Jn^Bwj?|gC%<3N07}tnw2}$q9=xe+UTG9ouGm<% z5NYP&u`cuqpR2GhRn1?&cM+wu*8Y*zR!!-8QW|Nx^LFB-j7+XH(2*HNRi?GUaN?U4Zs2?5y7Cd)@5btklxA ze~4%YS=g2J+V%yq*E)z z(Ery5&Bcc3=!k{=)wzWA8YlO39|J*y|5h9Dp!HA?C0;cDGrlC*s;X)m{jZmhPd43# z2fgJbTG8;#!0qV}G6)qcSa03dda+GPY61p(XiMD<53I}`KHL~_UQcG0bdKYYczXS7 zZmaMoKI6|%4#qm(mU9kt)!_I_N$O(gv%~pNbtRVn@9$zd@orVXTb9;9&{=QJO*YNN zd$wh$ck;JxBHB0ZeeScQmXZc$(QE&Hr192*p0w<2S`sWY0AMq#wYN_#UUE{A-|n zd;;j_R+Sz%kJ|%4XKfGTaPT)KqzxeBHJpSX)@OuUGKmYT`de?{j z@0qQH1^nUkKLhgrzkfFE?oKOU6J}eomVqy6rLpzmFSJuP`oT{`#7e zx0%Fm))@#BC0sixFJV|xeP~gLU1obbNQ03?7@J8tm)tQs=V*G$o*t@j@*h2vcNRa~C0#zgWjZ4AEj(9HNpA~Xs!;KD z1HwiG+zwbnLPJ6NX*PW1fT!uZqor003kwHZpY*P=z~dUOgy+P6vK1=RVSVcWWk>M zPpr2Hf9Pq)1DPXoGp`@u#V<+&c;0+UKHKFG5ZIoFW4TL6NO0IM8w{m!QvOj~6hxA1 z(BGu&J}H7xzdf%n1ttSMd%E15zXu1NVBkmq1{}L#)Jf~>t%v9566%wwnSRE`k5pr= z9RYiEXrg!|iXEP{)&^jl1mt)|)tXOKIq%>D1SdswFgZWN`dBuyr;(f-hPRLR;pqUu z-Tml4H_e|}MTj!_Jtq%3^_4-_=;NA0Hze&N?uXLL&{gY86+GzC#hTzHZfV6@?)!RC zR`RtJmnNNs&$YNh4$@ywzv0v+cP@zt@s$#OoPO!t8kh39SiR$iKk^M=-VqE$eC0GX zk-YWyKRh{+^73jGQ})~&$`mFxpO`pY?LzjkQB}ng5*9wYrzXef$$K%t&s(O%L~rAo zy1SGq-7Szi{-hOgk&XN+qcdCTofkOp)37Pmdf*f zjOH&74I6ykTvR5Y1JfX*QptD9q9(`G^lKlH*D=Ye`CxeW4t39Wa63WC6B82wGSP6O zHp41oF~F5Cd&LXBvjgZ42CK|3?C$R0{c>bAY|}x1YTskRxm)#Oe~1+DU(1FXJM8-( z4AWnXEiFX?HsgTy%$djI^e{HWTI#3h>Dl?3p+_@L%)w&EoxFWcH6ZpFo1gyzSg5W| z{0#4J^41mY8O%^TE~~G{buo@fiM?9)L@tT-0pvJog7F0hCr^PjIX(9cl{Bht@3}JU zw+H;c)o>-_!ID5$&9%|E_*ir++(RW(3}F7-eYdKI?;od?m%qNQkGU@OIDE9T1Dk?m zO8WSuTjM&@gEAx!&H%ZtKxRhN;w}_iD>%vstt>5zhFLN7~Pf& z@my;6(#E}rqvANe)r527vqdnTvCx7-J-0&oqGNpzD4c3)U1)wYiN;cu`Y0(WwPgI( zp{4B^PQAJoYHo%aVWq@DwtoLMxz?V1M)5q%#zm}{y!gQ!P8y80Ku*3@SI1L&V)Q*2 z6XpVPx3adDl$J&tDOpJjinhN=y`}vtt@_u-r&zc|6lZ;0-hI50bxwIf1BwKUvx z$LvVoXcnT9o`G66dCpgh$Ne>-aL2NoVV8zR2puCT#*yRo*>o8zE2w5O67n@oAoj7i zk{)& zdUX!8@(K!P_aPyDI@R8!t~LuHKZ4ws6f9fX=FD&ewz2;w17H{JxEGte%H*e$Pi2SLGF%VIUBjp{RJL4?u*8eCS*ViQ)YC@#9lI4ChVV$9H#lMGXLpG{-Pq65#Ix9@O#IXJcbko<8!T2(=&-^wJy5 z3CU=#>2|sF0sGgqv`BzYTdOORX@1KK(vif3I!*CL6m9@?-5SRG`t_pPW=CyLaoOM9 zCH(`ujSEFtf}D1=N@jX4C%A+yAh62!PUy_%dfPl<2?}IbEgIt1tEr4 z2Wo0jyZaa=RPF6;&Y&}Aw_U`z%(T(=udjz{XRlWLPvLRP{KE0^N0pt|jQ5v6VSp<_ zF3wSd&3up~IxZX{Z~OwtZqku>T%rkg`xBKdmY;E;tp)eNe^-u!3w5D~3KxxV8giU< z{5_2SwZ%??;eFzL&sW*C%~q*SZE6wS~tKZ#4$T#C_Xb?cj;cD*g+ z*s{g9uHcaYf)`b^oNqf5d+T^Qev|gmi!y7m8bwvGnIkd*qwt|rVRT@-oe*VOY**`z zGnSBu>Usk~QYv$fkXQC~ z#NIjM@>>=WMX?bXSB({7a17<2(3g@3-`u3U_L=$00@#wrWjJdesK~zGK)?#UPM=_i z|4C##Jao9bKF(LTruZ1Iix};2RSJDSk(EeA>+kO`v>B6Sy>+_Nq8%AC+JeyUPMIuJ zKeOIJsx$6-yx4K(^w<=mooFcY!sH;ks9zRPy*x>;pkn9pI4;xWJ{#k!_66}w7{KDk zOed&2$5x6-NGZqt6NC8Zw0-=-iP_%Ow}^uq=bkmYz9uR?QQ+W6JWW2jIGF}V3RlHv zDC6Vjw`}bQy6zQaXv=vjV_+l$68o%B)n;Vs_>!A?JUm&AQ86w$KmJjdCVJWoeF<+7 zKroeO)C%NQ`7zYR7z1~LV!H~3s5i=PPVU*tYT|2s=j4r#su#Dkirs%ncNQi9W6a#_ zR4}fRf6d;za`goZ*CE2YVzsiJ`$&C7@z!b-H07-Ck~R79pzjWcyJE_11D;E@$$ys9 z!}Td_H@d?m83NywTe>6yPL-Ke8z<443okEEJL&*v(%KP#w?vqFrb{SuPEC#kItxBk|1LPM9^rFFeNwQx0 zsRsk=2Rk($lT09Ui4YxBKmcRNgrXwsxbkTZYoN>2kv5M%qO}@jeF}^8NB3SU^Z1H8uPO z`<1Qv4QKiXG_4X?BG}np7WMCLpiz}eiYf)L17j7Id z*IljbgJ$|OdWIoEz_iBqHD8gZ;ChJy2Bcf7d;%#e$jnGNBk1su<4#yfQSp1+&v2Jd zFTwFB5fhUN0RmU$-Y@@Cv0+Uc`ZR*0s&J!LXZJr2E$fG@*tSKk*fm9FzIeVGFPUGo z$Fs5Bu9Z;#EkLx@0$Kn)GSOCWr639nk1x4=t;cK6GGdM?jX-k6IuiZ#n9mb--P-U zhlT)lGTd6e)_EJjGXR@oTs!0h*ex;hlVZeb$+G3E}K7F$k*%YGmP zd&E#IWs$Wj9P+9{f+>J=+k^A3=aZ;euNWts33!HQf) zF=_gbNk;Sg7_pAd&u2u{e#~;nY%M$D4&YB<%6e|e+Lr>}>40bCbmeK=e4{;kTbou9 zV)M)+F3--)mu~dC99%AhS1yZ@A#5S>lxv8y#60#lTpe`sxOu>l3l=lf$dEm|0OSc$ za2?fPamSmV@GP%nVg;rOn>SSSTu}bggk^)HUSQZi=AzCinhQhz@cO0ea7yjo1oD#b zi&H((Uke@jqiMN-c5hXZY*r$q4~W5%;ce62nGVnM_kP2>2pdihPZy3i8Y-k`Q66Yx z0)z%yU*eWYxdslGTBSTY3vVu1&csOL7$6<8^!M7Gx5Q~8J2r=f1sQaRbsFqGP(mZ`r4zG^$!`&vXf3$tH`g?se1lb`fz;xS4>)n@^n?4^o~|1CVmni@FbkAD3p6S`t^c zFUNDQ-D%qkwnj6ft)Xcr*aJs3HOVhoUI!;F29{og$7HBY2+R6ba+%p2?CD2|*~^8MHXc`@pQ8aiE(jS|0SO$BgS5Rg;I3P3~ZuqpO|kO`v|&7jn7V6*Rv-|(C%E=#_fkeZrZG^J+f zEj{cR*XVnz5{d_>?Igu_tfB#n1UQ4-&ljCDR6MKuMcqgA8P-yQ)DJW}8Ei1I9V>1b zSS;m88b1zybA%1WRv80wCr=X-Q8Pu+=(Z#en?*A!#;aw+?2=tiWt?v9U^rnHLrmPY zYdk_TKp3NPG0)IU!je`Yom#|U_2;dS6LpRJ*P&Df0xtWxwkxS*hMx7j0UeBD;C=ks`hOLO*sR07d{`ecOBZkuV z16JDnAj!E+kKX%(-^;x-!KpS$v}TeOUM`cP99zvIyB};oEdvOfHiY2;=wP^6Z6@@u z8|L_r_qK!7OhcB9Sl`7@XbaL>LZx7()imw!uQg+52=iATJY7n0BNa{d45@rXTwKmt zw55TVDeFOg_j?0ekQ43(-3!vkOhCaaENonzeD>^R%AsE3S8DRKCn*ooo-YQt4o>g> z>9&2VILtNbYa{P^gr+QcFLH;u3Yr>R=Fm6=Zr4tg9pY*Eyj&4v{O_OD!rKfHC=AWYscR=(|dige@%=jD>esl5{ z^IBF66|5lkME)O-F+9BXP5?6eAA^>6?@sUkI++2#BmHe;{%?LC2S?pT|BuEfEKCe# cH1px1bmUi9J9bv=Bj86)O8H%dgmJ+C0i{u_k^lez literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-5.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-5.png new file mode 100644 index 0000000000000000000000000000000000000000..d250c4f4514d84fbacceeb77bde37e0d7cec94a7 GIT binary patch literal 141376 zcmbTdbyOVRwzeCBdvJ#YNO1SYf=h6B4eqWD!5uM`;|*arkFF-5Uguj&%eA59TqpHZDemmrE-w?e<@bdCPJ%hb)S5{Y9dR9Zi_+7kG zeeAS6`#!u5+9yA$#4eDQ1%EHsoXzU6tkHwM1ieKG{`c0)CS5Hqi7EC5;on<;faJ`7 ze?r(ymHgkk<^Ioh7s{&Au&`jt$;p+|{s@pyq?U@tXHYAY{r5lq%u!KMvPw$445;fl z;!<(3u^7zytq7;fAn6P(mdR>GrvKUcpTm-s-jC3p96$lC5=e>9m29c{XKzzL{9qylaWjg!($ZDU~wtT z-t)xUTW`%Rh5vQ5ns=0hfx+f`UfyeosHiwGcX#f5Y8sp}c?AW9cl+O97n5vUaxRdX zmS&=c+bJp)P5N)kJ~r;`9kFfv9vYg;TYBt*+57x7vh>}5S^fnc{{tG6fPg^jXDh2? z@pmDci}+k>>gpcB9aIF>EU?CHx!FzBw*S?%HI=lfEi5WJeDuhSPzsWO4eG7u443wQhVxcyq#xsZF9K!( zJEz3oZ$rDVpeqEbe_Q_DIuYGCLf&`fno<^tiS_+1NlZ&C)t12dyMHrKLfB90-}gyq zO~1hiyS!>}xatVR##umH+TrhsugCjdNB`%NjbmEUdM;b&<9a3I4i2nwcwjv|%gjLj z$NA`uAYy(Wk0Q0j53>n0Xb#4grHzn71c6iPbW zA}uLto%nC#=}5-C5NszbisBTUzRX;s{~hh~@n4UEZ-!GPVKbk3q{NhYpOli4^}qV^ zMGACMr6D3oUyPLdBkk)cCX*J3fvf)WYjWN*`y+LHef3W{mwl@0E`-_ZodzL6i=D?6 z&kZW;XVbk5-#TOLRD=gmt9q_5F#egh1y z34F;>4Sc1%f;zZTq3TVT5|y)v>;HDG6G%3mEj%4qiulhd1b7{wkizc1PFh=)ZuY;! zcR2K%L%YaMj_oMt*}cZ>VbfXiX??rK zkAVqA6a~6+zm_k}D|8l-f3N41iOGEXCIKUEu(@h2ZId!0a>jT+Z%9ujZ`KZXeB z&6{&krZ$(Jx`Xz6o|FBq{-Z%u*?V;NZ(Zom9R3g2EMu7hAu)^=xOs6$0VXFF~>2=S+|OxS?=455=k8)?FCW7(OvkMRAG zh=3dLdKaI=6Jfo}v+Y|w`wNMhQ84?7JH651%L-cgJNrx_A2oEcOK1GQQ)<(z-(bRo zA-+_s?n~I@tBZ>Zy%`jA^aoSw*T)Txr+OMydWgH3!}+d7(P=_9-{M7{OD=c*m|vYN z!WXf~+nSnJEt5{u1!9t88$kDpO6c0xJGdO4Ityv(%=<5QYw2~-c83MbTkZpWeR~dk z#BNhm#y7!iwgw$k(eidc=QE&~D$NIGO7o^Wlkm2d(!`jPO8Zdh;*Iax)U54_zhYFN z5$_=8+>*AwglnP2-EnC*5pv+@`=C3%oMr{LA00G-fuZ*AaP#qLVgeZ z4i2>DT$#Ody8l4KdABT1!~YWBJ8-c*h(k_pzjW{MnU2*Xna@GCm)nH!J zpWocTv1{7?l5JHJG;z&`d`&;F58YP1ZHAKpQoVxZCe>o?0k;sQoP>rvk~p=Rvtr}8 zVI!Nu@-9uwQG%1V2AX5JTc%$U%J@WsxLdYA*7L>n_4PoWM1=FpGw?~q;2#gR>DBj! zEB2f5%!XHfj^WJt#f4Z`08q79!Dc~6zh`I&*I}t)ZklZ&K9CxpJf2cG7^g47v?uuP zK5W%k>c`Q3#hEsT&6K1&cn;I==8Ok;3Ct@^Bq~!yA~0k$DZ1~9B<-z<_r-eQSKanE z`BDCg>7vg0UM{;d@k?ZbPzgYog@WiTBKJniX-4-ngt4MsHL!!t(l|jnnE@SDHVysAzUD9Sa3?b{ zKTm{=McxgYby5revVYTG`(H9ela?suh_AMKZ0sC-L4qFVsYwxOR2#_2IQ^odO}oCg z>goKvrErbzHt>|PrBn%6zuX;G=`_&g2P~LBg+q&#JK121TNlmI+S7A>_+SWobESX8 zWGZ#-gAMt$P*k6z=5_f?O&ekGhl+OgeqlIO_pRCICU8XVg*;nq7jY1ssm(dI@<7ig zIOpseB)78x8WuXDJX5)Yu6}fa*#I)|V6Pw}!8|2W-qgx`X@2G{$G*4=8$Dvenq*$V zvc9`0PW(i&J@EPX=#gd4*Zdx8-5#ybm!yqj-EoA8WEeSA(Z|;}fxo(z} z81F&%IPux*&6@L&oF$THHtI)kNKZ4KqmZ-frVktOu2q+$10U6iswX5~4H`g(IFIQx zX|4TL?(3iaXQrUq9}rvzPvotu49VNU;?3(M=b7vmGzaXkcl-kArtdC@>!*?Xl$prF z3VYe8N%)KgsQE9JB`GfNp>~zVU6kWFqI?cG|19CR!tB2=3h+PJ!omqv4Al^sE&55DQQ=<0r0ta ziNre}rOv3z1`Xz=ZNvynIPW}A1e1*a#+=uIFEf6&OYu|v6uZ^2z7E^P04hzOj3bg~ z=A}f)Y0%KcxVW?}n&pXa1m)4=cmZc(N>Yr5hdEeyI|8@D-n_tALQ_`$a3;zLSDGl3q(MV(-az#f%rOX={%-K%7&NA<9stCvBc8)`N z{I%oQLj0s#8GzGGO&DsVQWl`7@2JxQE&iW?x_3OfCAY_n)!IL<6o-_wyb0)(E#woN zT`jCq|10NUx-HeH$7!jdj9z`|wIV6sz~WCUcQO&=XuubG(|CV}uq5z}og>k-GL+i}O|?Z(0TdpGJ3JBR^(O7m(n zZ`aR=(9rJT;ZK1^3o&v=Y%Ib~i}T&xAKTR*e9Is%d0(0rbXM1qR#KlR%g20P)`W$j zp@|&Kkp0ow>#fFHpa4r%?s$(29sx-iB-7icV^&navH8i37-add*5Oz3DY6wQ!Q4-~ zMz095(ush_J0LrT*F*y_K7Q}gNG$!9VDF)pszvn1B6w+I&1b7c6sfX~s6-AEjP!2x*e2$^D-Y6%B*!xT@?Zl*rMUezp&IK`!au zTLf{PWb3A_GOx|1ToduXeZe|zXFv61R%?)O`Wlkq1#impLctnt@s^*OB*g39q|y(+ zcPcKz3=5QVF1AYn-nVLi}5L0M;|yMjXg)o>dqzEWJ8L85X4=7M$esS^KdQyRFc0fNc>5DAB(RPc;z- zyn78+Ux+toZzqc#8g8$hOxo&~p$;*dux%kC6qT2(_uU|O4NMr&f9))CFr5Jy;d;Kquj!k$aYF_% z+X&rw6a?F`GVRbE8F*FseFy)2cP;rN$_X}-*yTByl?b&Dk|{y{M}rQ zeuXygo%5+Q=46|fll^+9Av!JXM}dB>Vr3bqt>$FC1-e1Avyl_u@87@ekR5nTd%fKc zCMZ3QXQU}KORi6sOb23ZnqBYe&y3;k5euZ_W}TVY~x=a4V0rN!G0Y_C&}%VS8QEBKT;cK=vu+y-)Ruh(V$Vd4n??fds= z_=lT3o1}qK-GU$W5N;MBA@B27=zHT5G8V(W9>=8|GZ^O52?J5vgQ8b4a1VDIJ@BQf z9i*f)H3|JOgophk^u#b5VN)zM%|or{8p=R;Zsb!+0y(!|d%=;gNTE5Clqdwf+zJ&3 zmAGpanM)yGT3qGzQWd0kq^(YNl+Jdgl?bIxYOR?#JDtw<&=s0Y;)rT!gAU!_5YJI9qharU79>J^@dcXQ!s6dv6bmCe5rnROgkZndk8%X4c9T$*8UuKg+1 zSgz@O(TmveGypxeUM|LDmQRuF>I7bFNo}e}>fXR3Uo+8l#u0wZ9R5BVFOcOI4Y!*$ zY&LeH8yO!z^)SuK=d|{#8xH;oH-F56V%DR=c0Xw_MO`T%;cOL6K^F@Hr8}Bnc(PUu zp1opDm z%0rZdPKSM`_jt;+=dpwf*hc;gjrI0LV6(g4I%}waHm|6SVjPNc)w&!F6*PgOs*OPo zFNCTg>o-=TnPsPk`SDg%q`bK%eGpz1APBh3OZ)!Ak9f1O9(?=NR$Zz=`b4;=2Zo$Y z{`>30fLR-K=gjq$u3xr$8=tI=xjKUoXLk_)Jzy9*)Lj6*c&!5Cyr zOoj>4m}E!f9DDn30+eUmZU>`Ct)g|NJTUOWd}-eTgozF>{t(xVqOZnBY-KH8C5C$YbS}RRJ73$PW9e)rQHQSOVDE`-gI50W3zX2I@4BpsiKTLc4E z_<=@%xdQ3<38%Z37nj``R>M{V$o}|Xg?7!=bLcu#DywcjUaFq%_erO7I^`dw1z zO|wcOG{)CVev^YH8gk&Zj)rOFAoJ;BMOoGDp)WY3ClY8MS4wn$en=Das*ZoVUhl&- z5KB^3U_dX<-Xzl>ZOmrtoQXlki(jSR*j;b&$z|vK-DOjQ zqIb5jOIvYe+IVmN&}IpwH@h>TILvkQ?Zn_TZzaY0bw(|C@Sw1)teK{}UM9J@;^2M{ zg%k9@;w&|_p^}QL8U(7?D8Dfx4Mvf|yfI1E-H#x{Avv07&TJ+Oz1DxKz18AALnz$% z^YGcgpEAS`tRB-?$?y{CLP=48&o7f`>S+84bZ_o;F8@}~0Xj&s9vrx0){Dnsn~Hs( zjS-^l|6xr8L+nnVMkUbgm8WRj;Odvp2HxaRYeSwL%AvhNMJ>R1=wY@H#G(Qn&$<@tOFAyU79J zg30Fc93lBgZj$Vmeb$1@e;(hAIGALn4nHt{J)nIog)=i=KF zyMp&kXV^+2oP9A$cwxmFDdPyxmQT9&=8>jXb2)^hhiBc ztOQDtnL$!uk1R48+<-;~TNEjH9eHbL_mlVKZC$*MY1`t9{or(oGE}WL7T4qovBVtD z++R{s`am)-ytK~r=^ooWOtggxhyr-VN1~UnWvwylm@|*u&s85kNYyfs2m18-xMnMkad!3N;~9cM1M#NzjcNy*c|6JHdhlXIz`aRJtKi$ona_vWjs z#HYzg8|SpKA{z;ZeEFj30rfYTqNEh4J^DXo<6`(ERBZfSogKYbbi<)2pnR(xJYgP# z{lorBYIro@piT6R6;SQ#orR)=Xe9C6udfYGINY+C<$Wi80mPmk$ZO2d%eP>an_rzw z;7K2_-wK9Of5pSQ(#8?=zWC0;5py`}u0`b06hrB3wEolFnf6^*gmtuNqc%Vt8%W|D^U_a7qh@&U8iAA}|Z@CRiT*v@AcZ7JRBZQo>lHBa)f=jmHyP zDB}P2pX%(}$FcK=c%M9p!Cr7^c)>kaH0fg}ujdG{4%1+pQAaCaXzr~xQ0DsFS>^%c zV46q1hjqHVc~Kx!tPC+R54jQKFa>|~mbbo*Pd2&K7+!%_3?!J}o7BV>%s!pL*V^q`+pB>V|oh|Bj zy-9k<0phYPqE`)hP|^6U0@NjrW!0_szKF;q8KE*$vNx!VXWz79j;;Tl(3G0$Il!>T zZLeb7#XhR+Zy>ZcnpJR9rr*S?lr@B>d~lmUC2AyiDfD8dNd%$Cg5R6jn8BtrF8emD z9Yab!PCgulQ*tywTZqpx#3(qDBdVML{6=T1Qu_yQ^arm^VS%#udRm{$Z-Wo`W0h4^ z6D@956o=y8r|q(sb{?2y4YrG~_s6rQZ!!f|5^%U<&rJ)Jo2m`njZ*UOjc=iRvhFi7T=Ukp)`*DBP#jiwYqajM!5<)V zhL@&R$Yh7R9^xo=>$JLYoTl@sje}WE3R0}t@U{Dpb_99z?5w(g7VUxcx27cj=ocJ3 z*4<&7i2L7(eSjWw)AcN4p}@Qn+GG&@o!l=8Q+8uSh)eP#1iQh0O+ne_T~H95-tXM6 zy^(MqMn8-CN5PbmJ$5!UykyQ)WQbLzVVjn+s41=*;HqI27O5)u?c-43#lfoRz&AY2 z@@4@mHAb`3@9Bvf9cOWoufc<-%S{anzg)KmJb>=WtBR(aZ}|f3kd}k{oul z5OwKjz4w#j^UBZ)+Za-=hQq_@5~%0(J1I;`<(}w7j=RBHI0(7xN?lgvbWu#|6_DXE zyVP&PFNU=DMTymD<JMK;b)@t2;l@i zUl?;&YGWhcP)#hS?=+YXV)_1A`VdFP5CJlQjgr6IjEU%4vyTM2fI(DPydaJINiyc; zw_<>epYu@Pd^9OJT_$U9Xl^)tHw0fRbLPU=H+;!zH=1ChocZibds2QeM*JgeLN#uv z5SQ7u@3I`~?PW+}O8*uLc+{zJ74HcG%8}JhAXy9pj$Q)gW{3sMLOY4jXqdSb_D@Y- zIF^F9u)u5*GbV*HE%g@ABPJBpJa?!G<& z$bNqAXDf0s$l(;kRTHfqOs5l`M+!sxr!|90<0d6#r>$GFyY^BJHJLbkBydcg1Vj?^gYPb9 zb>?@Nq>u)%kWb7Y(J4+SfoKW{?H$-{XJp&`ZpIp{C>zkV z#arAD^F6;X047@YGp=AY7F&)GcDVNi%*16qvutTe1@yteA?%-jn)&t30gUGjmrVR*5Nv;@mY}E#xv2!f?hhVwJ&*R>&##(9U~b^#A*u@T5?1>8cTat$TC3^WdE_etd=G3mRfz{eY!&N zBTdGSyz5WfQw>sJm`eUPdBdlY7-1h8haGQ=T9RQsnO}+Ldvy@6`_t0wY(*fA%j!Df z+sy;{)yZKwxe?K+M(g!Ko|`s4;_|16rs>w<|{G8}M3x zZV-G!X;0JHa4PGpDuT$`8X!M(j6UluYbdJ70X^h33WXNhTf;W@=eJ*+Nk_l-gfu|1 z_M25}v~<%6-H1{O@_s9NySaqI$gh%sA{q+##TI$XAq^qOp{mZyt7 zn1q@G*RTGhZbnn#zqWqy^*Gw9WayF&uqIPF&Aq+gsmO88={!u(ysx0m>Td|E;L^hm9rr+$~DQm5gT}l~KE2W^mgS_T8mFPy+z+bhq4S$G;*& zwg(dmEMf?k#HzI#(XglhmE#g(!Kd`hd~g&7Xf*EDh6aoq-9hb-gab1fy&LX`XXA(T zZkFS7y&qj&zZt#%wYVsUPN{Hxt07Q$7p3O0k6Y&M=p&SRTG*$grmnULvW$C<#bVd) zYWCl)uZ|Ho5xmAkXRwuOeyMPsit`291@#R##l`zc(bfqVpp+6qYLr_1L zC}!o4_ml~#e^3-xQOUmTagk9CnRZ)H+PmWSKTrvhr3Pg%9k34~k8_ycyHmWUee5jt z)BO*YLC+eVW||BWEEn3Wu*(T=2Y0GBj=Ny;39 z47vgo>7I8QP(UG2D_WHGt(&t|bgdE7iCQ>TM6lmr5H|ExRjCI1ibyaBtCu-JzMWeDEgFoRQSWamZZvs zb$u$^ptrHa4*SXH&UNfywt@~OcvVq2Ri|yj6pE5washwh=kkt1SWvqUbF1y1`8En_X(<$&Pl>!s}T`ms9KR@ zKb?ORVRlm!uMTFtVoX{e91QVt*t!-EYCmU_XQKa52Am!~26TkNzV86E22EeD0#+VnEJJzal4}A@B8Oahx z?-3KbH%MhOp7X(hEn?*m4t8AA+jCQZ6B0z3y~jFdtpob4u;G1PN3#NbmL6cj{cAdV z(zGQp<|Ihbjs@%dCroiQ+mELJ)Px9}M0`qRJ+vW@mCwZ+p)IQ9OO5sLI1RdoX|mem z*#JI7j$fIaMW2od43#qZtDBPeoQ%v1%lRm5rC+IRnD{kIIz(JMc&r*|=6&fMpRX}? z0&pgbj9{=Jafk;6BleRYi&X@(C)Ko00Ac zc$#U9fW-^BUq4adJD#LdD z70=jGz#AZ=c6s4RJqixa=DoLBBx$9f6wWn^6ecJ}G#wIpr@P>YMv5=Q=)iUun~h29=OzU^F8bD!bJkJ ztbf7~gT`rvi@vonX~A+{ts`&!}r4)f`cA$!&4mDJWRcLbE>esytJ1kF&hLe z(c$!+krnm`xxKwV5W+N|1_if%&=%y_s4s(gh{^fF=`l#{`3vyjswa^~rp|tmvtxxZ z%ayN*rnc^2Qv$*BX|gF>lbQ>`lVNX+HS!=+vWS;@>q-hT2A z{W~p>O`Xs9SgDys{M}Csx#!-|++3DQ^Gtmz3-_>~Z5B8Xnff^G8XXKAqQ{A*wGe2O zfrgpFM{|+uJ32c0k~y$@93{ihIzdggJ*dg$SYEkPntK1-(!B&3S*gp=p~PLuIB`DG zjrogPG$!5#7KxC~;xFB%qVUdI_(nU@2%iPB!DIMRpzux;Wl9I&wIaU>rpRV|C( zG&p{40hWqqpQ(`Z&juyF!lxKWAd3h=zCL!4lZ*0Y{8Jo926YeNFqbypizV@m9%YO~bD_>N6mc zi6@_QfU!y6NZs_I-kU9#=CHje>AW80*{|M)PkKf`@Uj+^M&_%?=BQ#1RI zx8Q|BGa162h(VWKg6xu7w_0FBqUvCNCJ+>s^E0g}!(pqAImeD_5aaaE(=EiUHx`uf zXUy1+Z=3WE@il0b7?0%WrE+|}7Z6w*l%6%>(0xq2Z)pevBBL3FzMmVAlRZAUy+$8* zfL(~nCQwpjZXW`IMKCk`c>e(!qtPjNAeS&DHTaxMC9Sl_Z_|!mVdi&NW###}q;SN4 z^Nd?C3BUF)8<-;_iMa{>zt~5o83%FD2OU^^ZaG5N7B=0QstLN80y!+JEal^qpPq8q z^di8(#yDTBnEw!x{eS7OzbK*z_MoVCbeVAtD`RW(fu?omdo}a*PM~kg(hnY6le0_# zUjkw=m2uO5$jHA+abEM^QY>ti^zLs0#o)GPE3~~Ywh&*#!$U!^eu-1}p|EQIaA#-W zi_yAyaBgTIoug5K#dKM9<48`asbpZc;3rLo=$BK13NR!VYk8Kv?L}7 zR)E;F5))1eAcVo3i|ICzSm@o;etgb*w>T&3P1$7Z(q9LLFrFD&v}L@fqeE7ZMDRn`Kt>xl?ip&4~fgs=;Pzt-a_M6 z1~*p0P&2YF3k6t4M1q5pr_B%*7sunkg5n@YM&ikLqCxJ>JeZf7N`#Axd&RSe^*v{D ztam-)2u#IhyJJ~Gb3O`xvf7MLfCQC};ANS}HDZ~mR5h#-GiV9`HdrrX!AmQ3Z!+EB zq+TC~t=si{pe9Z{Djxfd>!iU>M--62YGT#}8scaOYiuN7)T)Y?j?2jVl;Fbe0p&O| zS_xu}W84}Kd=X7%&?orWlr3ZM{qQ`HQD9Lv5>-OSn^=wWQW$Rvccatly`Gj=Z{Q2~ z1v!GWs`hlsZ91ZNe(UKRA293HP4(V>BL9iFSrmgC_*&9?ec(4p^I|>l33*OQlilo^ z_g3av*jO3{#s&}`u%{CNw3$TkFAQwpX(CDiA5kHDZfs0bOaeRmugUjzKJfOh~I_rneN#rX`Dc>B-wyx=%jx~6N! zBeN#nYxi7FgW5b#gPWR~Z0y9m+0K_55;#N>Cus3I73T za>0EEZOyx*FJm73hA`zz^Vg<@7H^EB`BJR;L^qck2YQ7v-e;d3%XbUM4A)i0(KsOw zrWXSaD3QbalKXpauU3J~IRF$)GVY#*u;mL@p~b7b^Tt~tKuC35mTGw{{E{bSgk6G2 zz~LXIsDWAG;fXpMVRu+$N$1od89gG3gRsdLftBR*H>jI4g~^dR^`B8$jXPuYn;dOQ z60m5qyZ~$cK}sJeu9E1KkND2*w~gie{o6g2bYVk9x|A~p2}Q-Lb=x1q&X;s{u8kMU zQ#?>n-)MH-jV5$n5Ox23=P$wAkr>_^oqo9AS`U zSo8TzQvzyOb&dZgpAfngTVBa62QreS&H znNvEAk-sLqod%H)v{8tCmVQQdVV(N6jYCKpe9-*)^Git1bPEY;bE^}ko~DbWTnr~M zzd48hHm5>P04*OMnH(y|(I*}Lt#8xsE>zdY_9ZdDrDO-oLM`|>0hA=)k~QCi2EKAn z`=^TTEYC;tR!4L$%4zrT*R)S;d_3>zlS?!b`ts+E{r!^uSAZ=01TobIG7$ZdTkm>H zmPeuRZTR!AD7+jPMp5J^@s_y#T~Ej{DU{=yZ?F_wbh{3poY!fsvLpf@ zQHnC!B6cEg)yFXU?FrpdCh`8LG1b}dp^8v;J`%@~WkU$@skv!ZoY_fV&STa?Iu+d` zpfuotBVXFnmwM%fMIwpR!qh?+>Dq!R*JuA(=O=_ey9@oJg2C%=-;xsZ<;}!}#9wzf zZyzBV1a3s7?HJQdz2kZJ#%|y`+$~+rxzYgL4l7H>{=Nj8b~8uuTNmATY%nHKg&Msf zi1Rx|dr&ZItI5|4k_2?YnV$vinDWV>-i^iKO*#ScXDt}q56fI1r*pT>jSfE75s%?! z(Ev=tLv9MBU=KEAiuVB0++c7uvr)T_U{0vnYYMqefs!vSH)n>1qS2HQ*i-|Ba!Krg z&;HGAZFWJSVd@;sY&AU)lHgY_<4@j>Mj8A5=Nm!U)E})=OO$hLdn{m27yw>>hB>(V z5{{=(-u%dVSZV#VSp-)0ZVI}#5Qgcl|6SK8TfBg6bL{uPqn*`l#BzEa>oAeBSq9^9)LUa(b-aekM z*@mHy=TPXZgBb!=0yYN53~0k=5j=2(6K{An&hVbOvVbEi+`$A$e>-8+PAOFgE8Crj zO4mCpyqOCT$2}gq=e!K2##t5<6!O1SSyyi_erH=dwlW|~8;{y+-jcP?EBf7m9c&fP zu#|qi@kIUTTk7%vFB!L@aJwcL6;O55J+Op^r9?2%2}a0lzjz&$6Jz$f=qT;!-H8Yt z4XW6)k!^0*FMTIb7+6?tSf7Ybg=p-==3VB1T84;hsU^*r-xspE4b>7YUAseg%lQE= zJqOsA7Bdpd{YzTr?Zi5n(|Y@W9rXMH6-C_MpR@jQ6!EugyhL|flegW;6Eq|#6A9#3oC%Y#&jb;jlEL@JLUvl5j(v}baQr^)qQEUbUcyAv@HG%z8fJso!cmZ9K$T*as@ixADq0R;|aYnQX zBhV5bBP|NpsH?Yv&j=+(>30n0?@@7ad)n9j8ivU%9YFXu6sbDh@$2G_p2Yw!{I!aJ z%c-X;E$Fo0uk%N#g|FMvGU5oxTUqlN?JgH%WbZarWf^SK<)vT$lIm7o?1Ajs-9`{U zrN<

hSPF2IP#EXQ*zKS+imqe(@t9-){HxtEX)(q3%|F>MOT@uVBHga|6+NZ#>Ylu3pq5@CGbz(~X*k*x< z`o6YDY^0nYjTcCK9&?^8x&U}^x*)r9BQ4=#*nv}4GjnHWHDg*^n#siPf-0CLwd3ahyV zzIT88XHA)K;YL7&H_Dk-IS_(yJr_b`A`;@?mKaV<79=UkxJ>3t0qR56%@4h&TrA=- z0XgnlhX`ciC|M^hZu>_-Z!ExGrdhWTdIN#fYw2i}^Np6nS8O`99|b3cvd1`&M~+q7 z*)zTR>PkLx*v&DYPH?sckJ+iJROUr?yQ$=Ea=!sA@A;5<3kQsOX2gg->Pyvy!49Lq z!z-v!6ePg{nzD0-KCm-}4qobo=YG5}?T;o{S_@rn!CoGWB#y@hK;8C6CV^rXUqHD} z7;w?z2sc&_HdGR~8y@tr&c;hg)bNOC64vbbCiL93;DZfygRQzsE}BoxY@+5}7faGv z)_ij@qPo^ZOW99iVj<$lh%`zxrX6t%N;$)2rjexkV_DPYUvJP6k(S~dcD*-w1X%f% z7Lc-2=h;I!mcAs)keApaBXalpPP0B{fh^bSJ2D-Axt+W9K78@8%JO+Z>!SP@6Lr=6 z@kEcGTyuD_Z(sn)L$BEkyjvpsJj9WVbMd;O_(mG$%_qEexHCKNUI#c)nXeB>5zn*< z`eG5sGu4QjX7Z*gwZ7OH2z3(0SSfvc$zGi(Qm4B*62*XgukP2q@k7y!*Lh~U);*Lv z4}_wWV4wD0-c56uIXk%@FQFQ?y7zzC+^)4h<@FXim$aXf8GOGoO_B6)BiW|KqFQ6A zne68NanW_GbiJ7YP;LiuT86{3Je5%y89Wz;#u?3mFL&CT|<}bKd)mad;dJ#`=+}+*`=-Re!4^uA|2Z|6zAsx4rBW^ zCF(&wZPw@FyDg7#vI0lpchy&oj{SzL_>gh8;4_U$6X1s0!cD7Pl!8`A)u#J=Sm zOI0$;v00qR5v(iH*0oehl}2A26*KY%zw|7WfZqR5`j$i-+gGulZ+AR*kRQM3ze8dM`cs% zyf5|u+|8g5bWEY&51h&$XeO$~W@-$T@zPu$%MvVj+1RvYw*S?ik$_XS*U(dYQE~oD zP|1mpPG*t$*Ufv@?3ILFbStylR~}AYXQhK98#v~*-m@PJnx9cNT@bsRi~BnV|0oVm zl&JePfLAb&v9qMy)i^2rGJB(a)H!m!usyOViG_S|dC!ES_<|;ly};D)HPzX_LbHV@ zKo0t`86D)~!MJY@Z(hrIR`(Z9hHRGG&#g8R4Jc(qbPTff(eW2=G_xmW4E(MKZp++iJ;10!0lV58lpkQ~;8a0~i~EI!yZx+u!YGjFj5_aY zUD6L?%yH!TTCWN+O9kRE5n=DAv4h15whv=Ekpc6K!a${W@Y2kyDT{ zj-HfzH(q5LKytB|0tqW4a`?tyG3Reo`ScGeSY9e-8jOSNt^#wtaz&7Fl>k7LyS?r~ z`}AF*n{~TzNpr3Hq1q|^RAMn?JQ6(`Plzqc25{!Sp^FSTWD+8x2mqA3OTzF*8LJ=(%OQt1jok&X6L+T8ll<`R^6DIBkXs^?tSY*`+ZpO$MeSH=L-WyLHg$78anpajqS^KSD6zDlCgKHs0C z_V9ymXcVmj0Z$Ed6ai=?_z2Bx3A+OPa|@Kxr4xJYyfrdyQy)&4uHTQ3J`$cFqv7Dg z)5kmey9T1^jwFZ$g}%l;{v)y{K>u}u7hgAah44f>o@wdKEs?YVXOIA5?Hsrib6q4m z(5m*!B#*e?Wf0;@bvEw#^C`Tv$ED9@>|*R8-l0%Ymu_3+bDnpfol5Pd0Lf`jovw~X z+__!u{V5EcX+gPck5)Cz=$RZN1zjro%Bc>d{!GfvU5V+COLK1X;VXDCvU%u$4b}&{&S+84 z`O}QY(BZwN2J|>;wr!k-c8>{{a?i5&;o^NP)e7b;Q(NhM8|=|tfn+vgEQ>7ijg5mZ zLz;F4FKLM9-be6|bPgMrHJzC@ij$XHzM)yWsM+Nk^YMZHgQap2#wo`mZ$UDqg~jCp zvspc73Qo*@aHnQ`+aW@9^6#4kULXE)SKBaki;?wqDl06<-tI9))fRD|Szeii3KtVA zEA;)#l*!`bHzyspC~{IA*(}i~+_PQtb+*^U4YnHSyTj$6GB<#lf*Qz6Wu9KU5sNqb zvRj6Pf#@P{jlT|vc<<#Hc9fE=IPuy3HEYWw*){3rytzi^e_1a|L&=B5 z@-btH_f{K~$vvkQfiC{EKe;DMrOFIZ6M2?bA2f=!Yf#?p@r!&V!2C1Xc+avO9ebq( zJinf9MjVdj%mQ;oyoYOf@Vg|fZ9@fI@mXQ6d8B3KESz`?S;NP?khJO3KO4Y2f!%jQW+hAVvgs>@s~VZu@7~()+$R!bv)dW=?=%PEgK?N(Zm zzdH)Ry`=p=)V&2;TwS-d`6L7g65KU`;O-8=gS)%CJER~u1PehE+zT(<-GW;Ig}b{u z^nTtx-__^z=|9kafTC9Iz1Cb~j(HCyanA(G)+(0+<3tuUEQ_ObR^JtN5|L(N&?48D zq#w5S0t-E33+@3>>+e;U4QmElMZ0%`HjM$^l)A}v16c*Kxjwg|yv`@|OO~jTAd3d% z?V$sI%i6TIgBslrdZr6g$KJT=XXPro-)NbSyn3=L%2i5T;iq|vp4HQ4KpSgo5%e>M zxwjBH-jj2J$or5Oz}i=w)2=O$O)C2;Cq$zzkOH<+w{NdXz`_ox@zXR@ZkPpkofq4S zi^|5id1TECBuO_^$({A`;CLz8e|hx9RW31?fm%-@7G+7Kj+urLosKgfe<`&^qt#i! zQfQ9pCOyq!NNfF9CwBh^6wUOu1ZV=QhSPld_4dC#L-v=ZeF`=eq*E#0l3MULyT6;a zHyC7K#ck1Cg4w}n>bL`y55KP|9RZ}Vg0WN-B z)HQA?>9b=YQeFPW=(B7}TVaiSRv3%>9pQ{9=65vCjMvFLz`#)D^cT>GesHAAcH2$O zTfQrBSxPZ}y&$O-agf|i6GJ~9qoW8h3!^|g6tDX3k;5@YhmT-S11P8JGv-W;raW;ly&aG_1z8UJ>(#Q2KchH|jl+1JWQdh}jaOBz zvm?5MEd!>Q%c7bLXz?If9iMF>%s9WbMF2N~IeE<(iCc6TYxrBDc1c`&; z&HlbN9~6;-(bx;z7O-}|xHf(+pvaulYUttTLK3k^0Qft_VU=%^PCvDS!W3SM23n?uwere?FbCPd3=V^@r={aBUqv>ct`*i=C; zLeCSS?`G0*CgXTKsQa@dV>g-*5Ab*Yp<>WMLIbC!Y9l&xNt)|iAs4|?6a3KPBDh|& zKih=^;;<`xv|59{TPY|Wbo0v%^X24IvV!F^iSh1M&{#0_*32pFlSaq<-a;!giG#-T zAJ2i6;kbBx*wXjzzlwc5D2o$09@w=9FyhPP^1cx5ZiO#R3{jM(v8R^|1Mbusn@mB3*At zRlRsHv)S6qh8?@O73Er}z)sA5BoQvDiN?ZP+!Cl%WtSPmypPCUzX9*EFk0%C%%JM} zitF=l`4lqZ=xIH?Tu^Wcq((K?wa<1>*cm6e!Z2Kcc-HhJG2VKyv9Ma8ufcVX)1KO~ zjjdG6QqYmaFrS1~IC_~Ij^SY0Fs|*? z#dU_+X^qOclTZ1gc&Ay%BX2_&8&@E&dGGAghs_=q+9DVwpx&GQ|18__Z;p$|<$yX& zoNupqu(`<0uI~yVwD*YgP}`6b&||h*8Z}t2^36iMT@?56V%PD64->nT?{a5v&a!fm z3qy2T)jx}#r+qHh(pIly9|#sZ;OO~uyQdZ~GZ4mmuTy-u#}%S_qV%*NPQ%nAB+KM= z!vft4vuFTC9AaboKDL`fD=qSu3dbl(Jgqf+J^vEM@64pC;EG;K)F~^&Ysr=y)T7p>TK;V zbuFC{UNVk75tnGk3*2O}fgdU%&xg|GS<{(~`Mt#|z9ByCVs7mm+qPuw>Pu9L(F?Tg zLRXJpRMvV8>_-k|Yx-66{I`TZLWecYrXT9GdEHPKcuJA{O4$$Q)!vXI$agmRIf-EM ziZIxQ+?y$}cBM6mfZJ_4s(Tz6>i0v4KuZ?bVI^ zwOD}r37ntV-Bpq|CQg)dUXk#EMp0pOAAANO|3?GGfW{&ijAm%?U%2P)XHQGvuuU!*j zekoc?_3viu`HDR;i5r4F!(sO&9)Lyg691g{)pR8*#KSB=St2K<5#8a8 z>6!kC1T6dvZ0N4~01eI)Y5r`vPqkj3rFHA!tH^cHS<)&P+C~U^W!XoNqb9oIrIaRBTB|Zr`%ZkV4 z3?{SW^F*XlCG%Bl&hl9eJJ)%0kKbdZ1X2r;h%!uYzPy*FNy_b?^3PBa<$Lmsy#Z^t zVNx@$1U*)M!z9kiep&nc5q6743UfnXIXFNSW@Rchg1en3w&r=y5RE&}u z+b*$wY!UGf-h=UeE|MaPKHQY8{?i$0;P$cM$!(o>$sam}*rMy8C z-1rJS1+y@wOo@X^&YMPmS40F4TVxtL6m34uu0$^Bq#kQua7op-%fF`X*5LkXSN`Lp zp`7VX8{U8c?8)=7W84`Y%T&jn!(WJ1In5k*M0K4jp-47uxksm}&bnCoTCj3O|o)Y`2 zc;NYblv(m-)YmiX&tMjKq^ij?UvI*iFb_$1L}J*&Lbhs5vv&LK5>0OZ!Z~PNI~V5& z+Qw=BBNa9HQ2A0oJd>YyLnI_iQD2^?bKM zcubyq$<*5(5Xn&#yIwXR^e%khqXwvI$_Rl&?d+t>M}B_}p`J=M+jJQX=K56MUIeq^ z8#1(s#N=&op!=ht%3W96l}#wOR&e6BqDHuXumZ)E9T>JloYY!Qqk6RqL?|EFX#Ne3 z$GO4N+liAHb>*ftSil=?iR)#H8+ae}W7a4iYcp?s(+Ba;Do!E;Io3z+nENys+e=u{ zB^zAj)9)F{KI8uqm$MZ@(Awz#cGH(LJU9v7o@B^u4H|P6!$$ZV zmA~FKIcj~F+n>_Ll%AeGSqpM16L7{9&WVpu`YQ2FA9Y2rF`BPOpsP#Opl1c?7*VmS zE`^*j=;5522UZ=g#)ZZoI0HSa#$`Q&c1_O_Hg`Qf3*vaGjmpi&sd&rCg( zn6ksPp~_xo?Bafm3U#RxC$y7xC#c8i>WAx-D0_vIC!au=wO~{(7NsF+%t$#0ctz`e zqD6mO&zw?U1a1<35V@o7r(gWR;n=&H3M^8Sw~Fr^ZIOkj zAe6Z6y6CSTPRu%m^Dw#&t5;!;W+T;(wN#I3^%h1h=@TnUibYui7wI@{v;@u~u|_vk z@Yqrr&O<223dENjv3#@f6pAWm-iE=RRsthzA=H#Xp}X668@&0nk^(O2$~bHiA7W8n z#z1rtY`&rOn@x176Wq1%$9@{6+i>csQ_R8}M+C$}cJO=&x#G$<9pe=r{Rufn zvT3+&dnT238zX(+13OnDw;6?;7mNa&OnDAUHqc=HZbsn+#d zggi3?Qk|M+|T8 zBw4ErzQNPvCg8V%e^S^yrp&_Ra%DeT*u)5{Ee&O-N}^nW)RgRso8y7ym{&T^I(rSv zO|)d|28-FLEBK<{PeW;e_1&?Kn!-y4ubR*@3lHBSvT?n&;#L&3u#!up1H`U2tF^9{ zjf%Ec6)2>-O6*?NgSF?FwOj4-+QE_AaFq{X?je>|V*zW1*rRVY0o`3f-VrF~mv zrUJSbRtOEkMpSQ|&AY5b6_FiDSHI8BkZK5(Pu3oOOb6w+3#JOcXsS?h&61}T-UOC6 ziyRF#cY16IE@{lM|^r9wqGFjd->C zQa8O@Y#?Ep)Z2henwT(F;81QLVR!d>|6@&sV8ePV9{ghvpBM~{zisD?R|*lB(~(3l zOmMoPYfg_Wt5xRkNIBbpek`<3x%h!i)81<}>cA<~s=Z!WSb#3CRO*ZhdCCr!=1h_DeVa>ILNxf|GZhGfu(1oegZl2<3!O%{WtSJ{lxGnv(z08Kt2k`UEQlpdREFVLR z@VPYGJHRgHlQ^8TMw%VV6)PqPhT*R)xl&Xx-IPGJ&;x=7cY!Cf%ckHa9d9>~$O5$Z z9RmZR`w`Cvty4dW&(TAsKilJjW@1hsAJ~?t(M3II^k94qy(bKrcM^We=KC{B6xXsJ zGL=r&pU%a#TfU*`FV0HqAnNgI+Qn*wCyF~z+vfKonjVMvlS{;Kg^zvew+~H8KjIW@ zX(U}HYS}Ar&_mCNzs2KVMC~eZ^tncn?6kYa_$~Ye1+hNq(Ckq|Lu8uohcq+$)GrKD z!a^-?Z~s>WMY5G(3peU)hdf*7TDq8$(U#4-Q6`m3MZV@S>lH+MtCUg|r+g(y{ z7T}JT*TNO3_WL#0eWo6^{lb14jGh~YE&HNE#Pm4QOPLj?=7id9$YEpemRR=$M^#eW zR~W@2pS2ag_V`vV+#iQ4`RJCGRWip~g_1avtYxxA;lpzkA?A(t!7_2DRsf!4mM zPZ=iHr?0tUqa8|62>rDYj9;_&d-3o&{nceRjuvTTT%?$?@jokqejyCIv1Xekp?j+Z zeDtu==0<4ukwUmgQ;{qChI&@z-A7y0-)$uAF82(2wcvOjOXzu$Mu(1e-r?T;87j*L zx{fMsEF*dFP;7z9!Vuo1H8{h->(NsdvU!%nhPOk6q0?_%WELJScqBOf33yr2o7DHCw$b`f2?_$G*dY~A@{CKO{vST1Uf zvJe}Db&9w?ClwQV$^bZQdpC~4ep~C064rBTg7r&99Pe?yi5rpt2XP7!6U4Go0PBJd zvq`78(arn~k)~TvdASh1MnxFl49s@f46|O^GqZt0$ZXXsz?U>IKIp(h0=h{n#;AN` z&!O}j#9~Ge)%iGRCx$pjba?@+Q_fD$_9?#xo8;I*rQQ;yOnB>D<6kEmR>iSltft1$ zwgL)Rlk@`-_ZMuBn7C`TS0`<9u9C*iK}|koW)H{}l#-z4W4nZ`{W~(>^!@{%gozqC zVo-&zhi$H}hDJb2t9eHHp<%fsI!ViU?U($p8duk$8K;=hq6+-@VM=(fI47|pgc%cq ziwj*vaTR=Sym(CfipdKrFk$9&mbB$l2mvJiqLK42#i)%H&=I(6)o<~7PE5xis0bDs82)hCL_ByLW^2ZjfK`j%>ZcEPt1NS%CE1#d?NA03gX1$X zqJ6NNL@06oX_`D`kDoWak>6n6I49ZpRu&hM}C5F1iS}YYHC7O zwx<0Ha1j~~$k(kAU8JRX62E^%(a)e)lloixoJ*b?*&IB5rUM^{iPhi@t~5*fdA;reFNe3 z14(E`)&SvduDIMlmI~Q74yP?IV|AqCC%%z!H5^HhB4$YZ$5!UbK|0bW8JdOf*Dp)= zD39ri0(q*u*FiV~!bY||DSrb52V7L+_5a&=+7LqR_;Tq_XO0FDt6nsiqK{cy8u;SzCEumL@MSWPp0Ms z=C;jOo0SkB;aAjPW?Wh57q1Y{Mcsy50m*OLQuzL+%)En?}Mv%jC5?Dc$>`V z_#42%7h_{!-8|+6kE0(iaEPWOjpwOsptsHS;HYZu0+j-vTMA$w2`dK_^B4+=81*HA zcBBkq_3$KD>%*qlfdny$4|cos+KrDJR+2I8Oou(qTUlWB4qP;Rap>0=pSaN|sl1Y? zI@ekTvoY#zFg}hC3dY6VM}+#y2vsVk3CJ{Udi!<~jXI9l(xa6&Zx=3Zx@@T(v}>rX z;lkdW*;X5t{b=3*jPNnNu&apQhLrRql@CuA%4UKmU7-|$Xe_x@I9yU{&^sjnb3BG` zH*g&)9;pg>1v-*bwy24v^T=|Zbi4IGL$>(#WxO~1QOzD|CATjW!OF$-f9mbyRzQzt zz2M1IZZqVttCR2aXn>Add_5OMR22woGNqvB)9IY5M<`?w0K9T4=pV0J`Rm@)mGbA* zhH@=ko217m-QbR zcw9RlLg6H1=(*TNkH0sMS7Tmn5j-?7NBt^bRLN7(I%-NxK`m!h&12x-k zsxj(&p&=FON)*mJ%ud*ri5k$YrGTrh7p`Um5$KnSobHOMLfl>x2nANn4f%^e!U@M5xkfjj-d+ie>dj z`p*+7gq+U!OraxQFhPWnt;^-S+}YlF0V(5k_07$jJUVOg9;qV+sm`V>q9R*E@+B|$Thr=^FWw$ZB1Z#Fy({d>OZGoz|i}R!j|(S+F_UM zHx@GB7Z>>8g+4AGT!IFv_Y_NW?5Xk@|CHY0Y?$Q6>m_W&=cW1VKG3p8aI7rtyWHJN zrm${p5&B0#z-0Ylx$zQ)E&2)5cT87a{e3+PK^e(sJD7&U&4+lR!Nz(kK3xsZu(|>+ z-7CUCrpMTg?miUWtPaO!e=FyMDcn}HAKfW+x~+R5*}^ zW%Uy$1@bu(()(+_F!&yU?DQDduYYivY*|&!hKqs6e}q?mrGbR$KvT?S8&*rkj_4$I zsUTvKALfS32=frFGYUwIV-##|gv&_V+2#XJ))J42+*e14oatEZ@0@-iO{v29_Tht=aXtg%`qbt3 z6}e$#7W0wLt4(hKKj=iRRNk8!7aoW++*a?S@l3=C-z*1;7Jt>bd_N~%JZ#UQ)eOiET> zRF{LyA5m!i@g5w?mG(&58sPhsC?dl1Pq1BX(wSl1+*%FEXuU?bbxBF!pzAh!RfU$B zBSuYm?!mm!$R4&sb$0N%s9#2Nr7p>OT&6qDcFlF8S(d21B=<#RyCs!G_#%6c^h3N2 zJJ--Olyl7q)k_!A^pu2|RcYl>L7~^v&0Y2KGKr-*4^9mNSU^vbTZIyZh2=ypSBpuKR`oT4DLcvFcOv61UQSMp~*6x7wG`PQ`mj72} z6C3#38Ua2x8(c--30-_;eyOmV8d#%ei*~#tr5#daTqRyf!%^pL3zyO26Osh@MrKEV z!RA2DxfY#!gd{?C>;_U-B{~!4P<61TA%T+w&3^xb(w239iQ$&iT5S=2Hrdm9+6vjx z2jQdKvP3^Q*=2W{+$*P0G+DZCxKt8}iGvYl&#q%&itFqsx!SxlJ7Pjmq{+*DOxd`BP~p(FNl@7j2HEeKg0f@y`NWv$z9uF_IswG#ZAktDGO{ zLiz#@iu(~odPe-q*Ufd_CPhU+jTJvU+Qw9UTZQlaQ#bmNsh@liKTfp##|^E8Nt~#g z*T>#Oo*u!Xu+TOXV8TP{t4XEiw3)N(r9Ed!PI||$fLxt%8}F^#Z5tV#!AagKo6O8H zbCs#L4&h@xmuoB{>8fIx#t+{;A;-*{?otP3-}h$r zQL0QDUdJftT&2~&5q9zMxcASM;$yOf+O6VSW&ZgE-Ju*gq?Ymkhy5xT%9hHDg}HCU zw#RKgk(=puXhLXJu(nH~eIs?!m$v~{(!ErA&)k8Q#!c}w6V7Wa~7 zeoK}mx=OvRzF4kY=TBV5=bfj`$HfU;>wSD^bTzBO6y}Er_ySNeJHAC1Y&LgI&XSQL zj;q`*4*0YJTFfdozs*jc^F;Ki9Wb)_ib5hj^4#e{@lFIv4^MzXVjJ3LZs_|56k2u%!pWduycM*GQ(HQBbR>yYG2Ngf*(=cPCZNkpQt$ zVNrKwL>lb3-yvq!?k^ADf(DX?m%AVA3PGSER>oSKE95`J3ljT|OBw zq}m!a#*zq}J0E%ADxFBWK3?k(qHG_{*~DmsSK_m0Fc1shj+?6AT0)qw0Tk0r&o9sk zc{0OGW^Py#(CAjTi)hjt!%J^ZB8!Py+|AXTXNS~QNtb5kxtzPK9DL=I$>D{VCmJsQ z?QdsXxJ~;$JiZ!m#1VY;PJg)tM}fZh5!#PQim22>S{cVc3i8NRR_mY%Z}0jsNos7N zf*d=RG--DwxO9!o;ti6l82rRa^J$L{4^{Q1p;~;=u&2s@*z(Fr4J8)W*7Rnl<}2e} zCq9ru!~9><%78JH7huXFMiBitO0-U2WJmO1ND56V;36T(P%ag9LnRWyUPRC6z1H(O z-`ZCb^mj(&5vo{Qi}grlv!JLaX$o?lPJ7vi1h!`{{r5La#KC`Xk4(zjuXt=1u@7%D zf{nb(2HDhKY<$^Q{QSB%FZcvOyRV;Q_A)4kRmS^7S!@SM8qQfveSw%}^v;E)R?0te8ao1~}PfbI? z*oi`xqPW?`;FNG#l0KRy%?dFfW!mFq*!9_~r8@JzBC0w_t=%#YL2U0kcNm^5_aTLq zfQB@kA{B~GK8`9c`y;D}U#sQgbAxZRTx&JQDsfAAtiu71^}2!bXH``-4AP@uw-&7& zy|f3~-L3aDGb!)@AQ;>jF!f=ybRkb2xKrwu5?YooM9l@pe^ro^bf3^8aZZaYO@7%OHkr#!b~*Pl5{|fguj6BdZY8RJ?w8t_FLz7js4gPX@}xCUK{$R?>e=j!dwvuG_!fS8u*JnZ!%|0W zuRY|Tyo9Ti-QI{V`b#ZXLVq*^HTKzQ^{UXQnHQtJ^qe*Eoq?Q*;QnZc*;tgiCfQ}L zHu5z(Kk`wSV$Zb2N2e;2>kBrLRgBtp70MH;m(9GD^GX*_th$Qa&;zo4fPGE40bXII zkv=c;l6mI9_^kK7(fJaoJI^$}r2Q{VuSDl%mxF%0FZL;=h=OZcTE=%h#GSk!c}yix z`;ak%mhAe2TYiU!%_F!hF?eTS&i*tINGzcEPg+r&xKMaNG+1;ByW83G@hxY0Vfs9K zfk|Gvp>$C-c*Oj7-9ffX0=2bvCAY0cWnqGQa-}-y^c+w>h-D&5sF>NO{1}R73Lc8# z$ECB~+Ohn!Rv=J_Y7b}i1BDx?!pfPOZ%Lzzrwh$yM+j2|9dVi)oMQW#7L9lB)4sBU zve5l~-#qJShS!y3sonpuUY^IrrdH~^8Z?`1vM_+!OpzTgaD_(Ikdl<(jugiy;l;`6 zS>^gm`f2Ov0F|3fNEWhk~T5Vx=9lr>Vj)Bl5FFc=(Q??D?kV) zzl!}6`eP;HZWL77Y~Iaop6&b4-` zh@%VjqKAcb$}8=tB{=bFd9Aj7_e5NiB|hTNavhX%{_D;=x@q-{Fa}~y=yU`u0N1vz zJIriOB$EA}^;v?C3T@k9qELeaT53poomSTu;gY~=(XHL+X&qR?tO%*2hfk~4Uu9+O9PUcNCNFzdv4c~Ys<3X6TNYyk?dLFfF=C-I+ z@<1TOCzTQA`i03@=Ryg#z?Ut1-Mn|OK%O_l2Z(%u&DRHcpv4<&)tYKU|3=WN3A|*?`KYnV zh6t@zsRcmSE8>$snI_@JqcS;Fe>1w^-q$EI&FZ)C`RW*|x_lcmQE%V|Wwb(C6f4YP zo!TfE@JF>)6R(?ldozYRk#B&HO306sK+PC70ODV20wkE}3U1k_BAkN;qRU9IXd1j= zThKlnFn>#zccM@ss7`EgF1(ZRAmP{#l8TxXj${TgmNTR(h0#7!i}H+)$Q6o+09nBH{?ThBMXX^u+|A9!LC|S8AQ_%u)fObn=40tjp3gCoiqzl8 zjQYyrE5MpvNZj_NxbSET<3yVLQ@NP+nH}(#gJ{L)CXL?4Ouh|H@2zH4NPAwm?0a$D zY#tji6q?HxEA2}HZrH{&W z8D<%twd#F2Siqhh#1Zb5?Inc&bT5rmyU&4hl4*G_kV|H^4J)KQUwuU^A{wnSAKwP@ z9@DS9m-w4-h4i4RW4wo{R!$6ZDC*^_$iwwyo%J)*li5pIw8#3S96V&2x2;WSV=l)r zZE`fZCR8*Y_A5dt`1xi zEm%QrTVfRyLo^K#ky(6hi*eJ3w4@qLrk!P$-R`rP1~FG)tPbz>8Rc>k>qz^VR)4f! zHSTP!#XJhvR;uF#B+>>_XZWr^O#{r)bQRs10*^RRn8zNiB`adAZ6(*E^lGrh+L}69 z27+Q|=%e9Z#?L<((zr$HK7a%`#rUM9IJaXkpPx4Q?Cq7y4N*pP>xd1zT(aI1_3lp6 zxjU|X7m;1awg_iC^CqxN2<)Pfqbbg~49e-es!ZJbLbA+GeoQ>~J;Aqs zH%4h1WT`jlO}wq|*eed|KN-0=MJ?<mx{ebEPf(^$fnZ zq~DRIcTEph@)~cCm^Kooh3{3fk}*ONPiU&Xo#0#@9{$L*ecg|mU0*PB`bS@VK zoK_r9Q~-2<#$$_z&vE(2Z;B1JUG6n=$}KHIk?PJ0nwq)!L!?{^YQ*Flr*AR2jt+P86_(TktGe(Mv> zNPEzn4-cqm5g>f>Z17SCVR4nW|0C8c)1TNbkYBd+_)03P9n#pcZ(!=(yCuFBY)Zcd z=@en{s^|Q0ex<-46x>^+W8|gDjaVQ`3+VnPVXkGbDHPP*FnboH%|G--EEEg+Q} z40JzBewP;lEZ^b(hhG+Swh2VGWqpCN{v8$dwPiOoGsPezES6JuXT-uvh*ycwjZe!6 zyn}shn`OO~QygYogWw^oPEgbImx@sLbLC!E#9tFie&!*jlkpjlkR15P*5@qXc75~r z?|TUeNlH4dwg{HRre+7WNtK5`lT|KXhiSLcI)Y?WbULi_{MjTIvm4LSWzMT2*fUtD zmfam@D)PN8P9vNpN{)*O$=fEBfJSP0)%Mi~(k`(_s{Ud#^)#Of^O>F8qnBcE7nK3a zpJcxgQCU-xTpe@wr^gS_D6}m_TeiUM;T(5ExVl7bvCEht9sh7?XE-HygeG0@O0+Ih2 z!%X>kw|*SpDMfFZWYE(?iGhtDcO_rLmY&z|AZAEPnP*x%DzaE~;IAa7D1rJY6BBrs zpNPI8+PpwU`r9gQJSOHy-eR#)TL{l*v=@DDM1xySQs2I|#Ev)DOnYv8b#*2sYq+M#ILIUjD%V>|5jyeL-+Wp2F@_a_a%d49pi zvAxa4clo~`8hIxyBasetjGIMr%{E0u#&Agjs%+D1GT5qY<$nvcG`hQ2AHbQ}`xmcr zOsUSerH!NC_~C49BnZDAjmifNtiXehwUN;P`Q|8>^gZJ@1M7dUjA8%t%18ku0~XVM zv`uf0-Rky8rJ$p=)u(Or4L%e3mDkQ`QOu&8rG}yE;;`z`!4W*f1U*NPUCN1RLvu6zPQyD z0WVf5_i69%%ak?$d#o`Mf$v;Vmf2Pj{4h#TB2&L0Piy@xLNU|H}E& z6U0jTd>{m?Sn}>a_X!gfCR`c4b)J`wFrSk*s_hqqpZ{%d8~+z|@IP-YK=%vj&H-2D zD@pSvJ;7}s)b;Kp%(crvVZshLwlHAKrWkAIRFEaNf3-7eT3|A#nnPAMQ7TkcLm8l{ zaoTE=U)#-n>AQ&amDylVuD6EzfAlo+{+|Cfk|#7Pj&n(*8mW9(ASY3hj`L6$mB;_~ zYs?6aps>e3;tTa(GKglBtI~yr605%SEihGiFA|1O;U>WYr1KYu0C{+sF@peFOh)|H(+wyJVj!0kEOO9mqic-z*W6u!s<-Xd_8P}`DYk9#|k+a6DjR&EP|0W?6N(I zGE-|@5y{$oUNvN>Ldj)_PDq!&Ti(>)-3GkINM#_dHCH~EoeKa(gEWm-o}B`|b|Nj( zz(vwT)$RKuelNr-ItpuGkuU#UVrq6KKOnP< z5Y7`up0&EcS;dkL%n#44k@iwib~t8R78G>u4pQp#dSKCvr-v6Qu})D9t{S0fWv?BO znw)~px4J&)3kDznXrlgkH+<*K74cS-_hP0cyrCU<^AX5r{dF}~&QHBAjjPRZ5&7el zsu#lvX)&;gFH4t=(bGkWUC;dncL>r$9O4)uS!n+O2m^$BqpcaHM{&}BQ_Z(4S$xJ* z$wPhr-`GgDcG#=?e^eZif38XJ{vYIJ)c<%_|346y|L0-*PvYQzLrMPM;wjOboLO_~af1Y%l`|C>vB*5A&_ER!|Oca`Jd_E1?d<5pl&c2;*ur$y;{u^e&3wq!L z0Ld1TWq(l^{FBk;jqzW zQ|f5B22n;vrm$SH2Lv$EL*Nk6_PFuFVK8lgWc2|Nos6*_G&9v0<=K%CQ z_pvMybRh1I)8XEix59cnH8qu@k1UqO(Cp!=m_W!Dr$3r3Mu)>{qx=5y0A@aI7$8Ja z1MmR{ba@&~Q4E14X!5A*x( z@9=nY46C+?^6ZZimzU?%EY}TnSge0$%9YaACfFJK9UMz4U~P3->E0c+vEGA7AmYdf zM4Xu~TwI%5nr{Hv+q}M4U^0==F19+Wal@W(nZS;jxG*Pdu8Un2Er(&Jh|+mDykeN(#dI`Z^GY9QL+P)1&fe zzKs|O38}C=E1dg}kR3JfuUIZnVEnHq`9k0aQQ0Yw8p&ocWGh&_*B=MC@C0A^oLZLwNiUX%Z`Z)?Eo%GKcNz@~H@tIftcCfRQc zBpmLZ%d=&go^<-WUu6{gSA<&F{Ko8sLIdBz9k-kIxuWi^-a6Sa3>*PykGk&{S~tJr z;^OKTyMhtr_54X`xfzYxNjR*=dI9jD^ZEw-G>v4BRp*VvBE;#`@L8W0ZT*1%a%Zdy zNLrNFdzbsa(60W{Dx1Jht~=7`zE2TL!WSKivV)&Gkd>JkrpM!Ce4Z=WOd{g{6#NC# z42z3BG4FYAU3@#evg>Mp`Z_U`CXPJ7yN8^ZIN0NG31ZTN;8CHc`}KET`V}w^P9ZF8 zcq(q)fp~jrc3qN`%H%YvOf!J+54WtSH zENPr{ULP?f^qk}5QoB`^0f-_18*}yW7X@l_1Y?=t&4;d$k~+yasemG?eNQVYKT@= zPOo-PgI6}e2d8{)J79Jc0LUq-t!>!;>*@+s(C0!TE34k}8I6=5aPhaT)p;NPw$-m@ zj&3)ul~J845`%vX^h_^W81!XdFg;$VgLOEqBB}(B2dD8kg3qhv7hQmGBJbyiB>!X# zsqYhtem6(`TwKh2g?t*jf5HdCt0W2TyIfl2V@lyml*Tgz^p3258ew`U{dXWSkl!s< z6t?Y!$pym$rjC;D5dQE{>=_%hKe_NrhPhIslL|%v6iVyx45yQQu**RY;9#qRlUz*a z1L-RDW!JPg3~L^9Dy8#^^3D6Gpt@fHTS~=vjm0H3>9(ke$wcQ1tUTRqA#P(Zi6JHF zvi%=B&C2c_g)}H1HT^)qu~ldcu;p1xr`{vN(0&j{e`X6{czK%V7|Gxuo-R_*h<)&7 zDq-yw(;zKU%mji!pXhJm-2M$((C3o0RK_6UvdzZ} z^*miFfX76}$L^1tKF&6Po#L~k&v`7=J4Csv@0tKnYK@>nyxhDz=c_Z5tJ78VHoxmB zK55!NsVE;pcGnWIrKXoU0?hjL^XRk!au!t3j zau8K#D?qv@8HHzj2gzwZ4vFWqKQ*^Fo$>uMp*bTWH(_+m@hHH+pm)nvbi=64N=`gm zIsJBKgpk9%<({w)37Lb#QhwU($MxCm?cDAhtzXDHM6>Ds57w*oAHqJ6<{o^L-vxUg zZWmN?h-WzEJ$!p^zE0(|p};Gt!YGT)nQ&8`@#qdY*UmlYYt9hyQe3?A>tbv5IMi%x zDxc)u<^2slxV+lOo+k6@#^{TkwAG)O)q^&gWTBFAzW+Bq7xeolM&-aR&`YQV_k82V zxw9UAq|RYtXIG7z85}}bR1a_|nG3oV54Juz=1KwZSx@Er{xoMU^qsbBH5+*bpNB2F{ushM$`3HI9UbqN zjV9MjY8#V}TvWJ~M*kOg?-kW#+`VmrR3S7$2)!vqq>1zrdat5_(m@1-5PI)j2>}EZ zq!%fQ6r~AB?;thOA@p8D4J0s+?|;qAyS|w@nuA$ua^PAVAjy+o+56sm-`DT4Ay!r! znI0EsQ^z<&ZLUg>VE|j5Umut5lPh;|3Yk}4ck1|g-FMS~+!=izaK8rZgzgB+_yshN z4DBndIZ`n`0-NYAYuX$pC~)&{D*nuo`W~(?TmbM{T=lim8n*AeRc|&UxCwbwN zn}5geZltCRO8gLp%{P>?^lQy*t%tZ6hsi(+#4miZaF^SEbp$mZTGkuR3Tf2<&?}Qr z;6Nv1&3d1e73o+beEa~g{JH;HH>Zg9vqw{BSC@0_2TJ*!&ZoSZHW-c9~DHuIKpcr?@w z+28cbv&OCU>_;d-7%wXqH$T6vMx*Z##}m&6c+v4JKC#;{^(^nzgIw<=EbSE#Rm^wC5@XC0}beV zH?sLI|IN>k;RnJDTJekZkdapWfDh5mlX700m#O^5B9_vn>g|Ry@5hVujSxRR0YMwo zOaeABhD8+j@PY)nEN%v9*$-qA%NVBxLlZuWJ|0_5l{ama|x4Xo<%J zzsDhk1jl2^64uIyu^9pwu^+~p@hVVFZNSCoHE)n3V}JP=HYj3i+w3ut z;KZqPfZ7RQg@k~1Ccppn7ctd9Fd$gfzgGTM`)#o?HT~_3F?XigX`DxpN3=ge;0-lG zP2Jq>K|kDS{N$IEd>l@yGBi}sk6LCa^K0ufsan_BeA>iEB)5AuyT}>53g7v^BFciQ z76U+>`^rxH?o4*sUN|@@g?$jNG#C0D6ak>~2h2cP0n? za=P(+JV=P2zwc$e4U!})NI%dv2ke8(uC$~Jk}Bt0Fq*Q4h(x3|Bt zO4TOA`haicRO^v;Ewl%*7tlb6S`>Q}p{#mc*HPy>-|n?m2x!EHv(YwJL1xfwu?S-J^s`Ks2OVY(RwD4PefaNnR58&L&KnP}mSWWdGePwT^_Ad=> zX{nRn>GlVD1-<~f?y3R}?`(=QS{o~m0KDV-hL1&Km#JtS0-A$Li5S&o!Q)18oFZ=Q z??^+gLriNtzGP2$EVWCo^|C+RV~zbF@O)FWO|--5wu>0_DOg=U;n(r{b`WoMOZJ0D zPWkk3DG5d+Wt+F-+*0?$YwZZhk8Pt$eJ~`1n@%)kBx-45{R?#R|7wzPy`+K?V%h1!$&)6@w0^3;_2EUJe(Q$yY$!i;YXR5da z0;PrR?5%H}&`K+x{kgp3A~zPWVWG9^SUB#g#qMj>Y>>4+d}DS4v1Gw;8JA7ZgBzfv3(GdvnVp0sm@-hPLR z`1`2FSPd$+Z8?@q`nIGX89&fUah%=0CXE6wS$O5-w>zaKMMX00k2346gA|-U=ICvVVN5ST$45 z-CWpPTPc!~p@73rU*?Nff1~d~kte@M9bs1#XC#TuaZy5pe)ZjAJwv#)a=!yWC950K zHP_}9f(-s??5Cg)od)ohKHC06fLZnSaJ>vs7u_*w7y!0Q zlMSpL!YNk8jPd{(^Y~lkUy!StH64Sj_(*^8w8Y3W+gAj|KQbYq`Z*aieC6^1n`?4T z&J!QBlostcuj8qUA zUgo=2C&*xEn)lkKW* z?0>OACIHZgNAtgicV~2+j*)K_z!L26iw$nI+woNzKDJ#zz@nA! z?hU`H#uPWZ?RrLM140K7+<@wAk@?&L^)HM?ZaZ_HNp;fOa?6^SOCl47$<>4SE7Y3DiOwljn9z;M5Re5=77RK*%2(;KrJSi=%)%5dy2Int}}Z=Mg$s}(geN3I=)vqn!hQZtOW)i>8f|K2}+ zzywdVo@&A0X(y#!4-nZ_F3vDE-CVs>9-^EVUTfYQB;DY9@O22HY_KNs5mOkg) z=26(C|95~TwN(o8N|S!Qg*2Ai8gKlR{X?-)>}8bB*blZBZ$M(xyafaeUi)P`Dm39n zyqQ0MAWGC=$u|1OhivrteONzLLEwdSF}vt;gueK>AQ_MGm)!2sJH&LZY1|Q$2YK5I z#lA4Wq@Az~av-R#HsZQO!+!NPSt^sKGn0+w8w>5A8qJA8^YcJ_SQUk?ppSf;%Xy*&C{M!xiwgD%gMVf~i~L!>EH=wAphSgLqs*o!fwI!)1; z{*fbn8YM7W32iFJNG(-eG8Kiar}4T-?!ct>)!J}VmMVvj7Qr^be!)ELj~V7nB`2bR z+B5!aPqSFLR^Z{>uJd*IUXjAhoL8DKF#j216HM;RFiXqGc&fC^Ie%{$+frZQtd!lEmB~3^k=*|`BISOa@m|maxs!dz{*VXG~JxI=a=cAPc z64;Ozca8q_vUqO$zX|3ZEfy?Js2 zj2QwBuS**nv0-6&{7(usF=p>tS|AY-5huro8oA{H|FwEm{-H%5yg9t2p`r1+xt5QJ zjQo#g596nM+}_^)|M&})uE3(PMr!=$y_BO142Na@i|hopjWG&&{_oga$_e|w=>GpX zPyf@;@!yy3|9hg-|J>hQ|2vWDe_BTVzxWdu5};X}BakKD+&mNM&N&{0o}UHg_8^CE&6`hb1Y3tWVOOX51O&uju_(~O%IN6m z8yDj3Gmp%e=xE&9x%ibVA0H_I{89GcJm=~$y0bTQ^?d#(e*blo@AAsZX;mmNmX>1$ z)DR|zg|Dy0a<@7EYkh?zOA5E7lq8q1VC{Mkw%bVlv`7ATib`_;`M2w%pjoPlx7j4F zV)+_(Whxb_z$PC6DC_(N*>Y`}(?3OQ+Wr2i**_irv;yL`+xno>-o?$c5t{jCC^Jx7 zsJJQ%bU@Vw<#0b>1x_*4oS=tYImVhH1w``%J zTRq#KkL3UQ-MC2i`HB}4y^wjFg{<%LXh&=`88zxwPoFpy6#(AD|EJx5XI~QAnE1n- zCgmPcPSV5MGYU*Wy8+scs=E5;Gc0QH7+`<;n%4Pz4`Dkz&%u92^(*t2QGU1fLW!y@H|cXhVk@osHE)OAj3ccw^?R_oeVG?Ptjr3Fde# zU$_G<^LKSVKI{gveRn{$cA2Ti2W03jEXMPL=bHV@acIY64~eVu#A1DerAbJtxH@98?T4-+QrJe(oj;LhrSm#CnSWPYaK}C1N3qZNa z+{zV^8UmbE3Rrd2KVu(`gvk23XzV-}tb)!y2iRg%Ky9OawJ&9HY3X`a&E=w`O3Zme z7kEHM^USjDhV#OK=eupTe_x+10h#Lc`|Bleli$&;7!XrQ4l_o}z+m$Hb>kVd%6{PW zvqaofvCF~wdeQ!D6_Bc`<@E#$1}(VH30hWbo)*Vm;~W(Ks{Gdtf#rf(hVTLgFfXg! z@BtiQZpZcu-)3kCJGcb(k0r$fgxsT0yNqd}+R3n+4N*)N{{F!6y^=HLaq-P0gB%G8 zpf)nzLffIgdYGs3Pv}Cd=8ks{=YNWN1;*9*TQcrz!bppGn%Kw-L z8rZ(`b5rJl+2`5eCQ57z{<%XSXzFHPKvVQuGPiTW$&9|&q80lUY||{NP{lvh+fg{LDBZ$ z!P!H3qshDf6==8AXE4aze&_`<-F!GAEy5xsLmfkl6^LUB`q}Kcfw+Z$Ickyu+}60e z0v~rIngULrNPlJaRv`O_CfhD$p<_bdsV#87d?hMt5+RXQL6CuU-)XRj0C>;cE^$CII#wSD=B|L}|IW zz(YJ0UZ3!tcoOQ(&!gox5JAIyLki8M8XcWn{sP#7+TkBW6PozIT)8v#w-vR)c0b;Vr zmb>P~;9?r8!TXy+VmN?!bL{|1AEI8p)+{n!nkbk_xp^C@c=pt%>bpHx{dWbB!;LdM z@Iyv%k4|2@Fhdp~4gOinTMRWSTuDs_kYX8UVc9Qho}S{eWb5?IkT^E_uiVLeg(q9{ zX2H#>8Xi^Uz&A1(td7Ouyi#cjo|;y$hc^iSx18TI(S$|hcl)fltyeJ50<~M$!3;5y zaQtwYu?WsHI$ls({rh9gRtc?)k(VFO1KynWj?n@QHvqZ57d8LOljL8KgHnc7Q08n< zP>J{Lh|QOjGxVAcu2C9*M0Iei6^<_1>4VmPS$h#&MH-f*iP%I8`73RnJbD$bF|zwlV{QBBRKTcXRN%~0KiRA zFZB1ldO9#Cy?xWq33&dm&jAhzpRzc^E^% ze3{3(+mWXdyLogXFQS?N+*fz0@mHROiUma2;zj=kAb&P#Uo(*E4^e~ z;x^=L04O-QEl-I8#s8=AjC5)M5wC1^*jtbraZmIM$j4o|m=$$&jqc;*a{1 zE~aC!@?f|5f~{odzp3(8bAJXPYDjCdbXBi#50BtrTy>gKEc`Zvf(;T!$Q@y(*zNw2~lYi3UzOH@G)z#VU zsGZ0{L%G=H>(^O;aD6J#{46`K+WJ7`orzA50HmXnQvHUYn?PckL!|hD_lGe zc|?)b<*vIM0)CwzZ`}U_!6IdR}0zG7yCN{2D3Ac;?d4qu^tt0{j7|SLT+V>rAy) zLdV1Tp{OXoUVNb;F_df_x>XnHoY!Q7KHRWEtW>QRj^vuRX6odsjjHWrDotQ_T;IMoYFC`ryof) z!a@oA_5UlY$Sbh1yygd-ikW1t;SWg3$R;T7Wc9bJQt02+G}(K-N|fb1!v*m|Z>^r1 z4AHZCs9U80B&kS$i5N;&_zEv#r>@J@`8mUbH!e?yr1pkO5`jo|Tk;ySB*BBfH~)>7 z2hJSt%(h=-faa1*b8%1hNTmRRiUBzyIQ8b=foIZr1*c>@UJ_f2>lMPR&(#$(6@s56 zBpMX+xiyW1?~XSXXP3ACeSPsd$6tr9gn9z@;Rh$JThZ5Au*kM8fK-ShrJ97H`4`># zLC`-TY2tR>v8D1}7wi!K`~m?mw4)9SFzF^n3E=zI2*ULvtH zOE#->5vmkkx|XejX~drGdEFSjT6%hyOd>Oaj+x=x&h~mOlg>w>YY`zn%E9L=G2aH# zI!YDkp7NC$Hci)f#dV(SVp(C;GG;g4tAdul$Si5A>X4&nF#~GW zGYDYbk&a2~_rC(+)b~qXNVWJuDWF1q4es7@p zVtj%PjOouXfcRrC@;t^~x8t_|-arCF87&-YzdJ?XDtbyF^EV!^yw5j{3Iy`rKWIcN zKeu<7`0aln4<=c*?!3(-CMFj7>NW8Cn4bP>;639#om%_M-`V_vT@KN&V6qRL%|dd( z0;|8zN#a|?QLyqFY|sMfPuxmM4G!!<|-+CUv}c7as!6r0wv>KjJ)4sY?^LP&Dd$-<+Sj#<9KuUk;VNU(`-{# zwzORXOfO(_g!6_{Wbo(DpY!55Tlf9Q4xeXWrJskFB&UmxOm@Y=esj+`{QdfOUoArN z*0@LsGqQm6h*{dUzBpV>JUoCwjRGF5AZ%4TNJIj^!W^$(%JUP*;nn-LG~-;*seQF_ ztF&zR3Ch=^AJ&k4#;$(cckUfSJOFy{dDPPRpA3nsOD+wSW)oF&;{q+dy2hpE`zU!2 zD)vtH{`gCX$0{i^&9;$w7@Z39N;bc$)|69hJ%T)3O{|W1g+-VK?$s0)N87DnEc{W> zVtH9Bv-w0q^Bq&6{OwcvVcH2bn})w%p9#nhr;Hl_bjwv^J!)|em1#-mi9varewAM? zQ}t~Mm{nng)7WTx8ZJIx;CI)2mzNe+eFy0O{C0I0E{eKeoKs1!1$3sEBNcV+Vsl3A z)J^!3l3v%Ae>ZNd^>&<`m_q;k~DHAkx#XBn`dm$w@=%4}nkUFThP zYN6M%oj=g?2I`3F+bg{Fykxi3;h}uc*%nxifjc-g-3H+7LU06AMX4uy^Nl?TrbThq ztq}hwwyW;AzinyuM>=vZZD+VTKZ%Q9p6%Ji>P%+x4G*YN6cxAj(elnQ6X8b?-8*Uz zJKh+=cu`Fd=PkG!bcV@zzqw+f)8%Gl8RD*>cIINyV6&zJcyq04dB9D6QJvQF1!E3) zku4@u`^xy!p{@7l-q)xj*rZ=>KYPOUM)io;=JjG2KIaLr0zzmAIVW7K1Fd`{ekBFB zO;Wb;IeZ?#>>jsiLYAD1lX^&9%~P;8layoeBt$uOjRa%rau?-6=}lxt$X3td!sgUe z3KSI;CdxV-+zpEpwhF5-SW-}%G;;T0hEQt`jm&UQ#m5IC~@g29Ley#{>MU# zOllOWt?iu%*}_j<9xph2rhnM8Q86Snc=-ZSqXF>5k@Uw?n<}pw0i!MKJmv1SX66%<;y0@exIsAV+$?2y~myN;YDPvng*w zPsS;1w$2rk;a+Q!CGDv$@`Ir<{P@(w>cjUvw`IZ|U9Z~mwm4f#h43wUKdQ>V_KmgB zASQBW=~sl2A6KaFSzk9{&SFtF3zI3eIB++-5<`^P_%T-j;A4gLdp#;k7L`#i}WS%rawqM+nd1z zu*E$p^K5TmP8C15eTN@k%w-ETAXQo8l=pjv#X3Mvv$Ut=BLi3PJD%oZvA2dveDE1r z_V21uMDaE$)|1!|%G_&aQ@aTfqO2U@9|7v*thD`SzOJ3d3c5y1^}`BRNDAM@hB!@R z%Fm6VhC0e|>q92xRco?dpl{8*3?m9nDwSO|JAVB~ds|Ht_W0xl{4PG%M@A>dg{JgC zNh2RpdDfYla|?ZHnN5{A&v^Pj!F6C&`Rz>rX*_pz%e~Cf@sl4XtF*^d!0D!qZoKlV zMK)b;%;KjOQYV(BWtN5KxXaViOKCA=)~2@-YjJZO$X>b8Hj7a%DCG1T)tqOnUnbdU zx}4fnuKpi#XmUW?ZyL4Bn3cB--ky$pIz^q8>XhDJWJu3HlmLecaI&a=6>&3&`F!sU zwIoQah^m@2hN=A8kH#8rIXxVl9CgY)74u<>R`+%rbw|=G95Dw(WQtnzFxA>fiI563 z0H|$*DlVDKTCHaOO`xfURIIHwNw-@;48?co?1WG)2fekfO|N=A39K9Q-579JzqXsx zbPxoAByxj99yko8EiF(y+_$=)7CLzoH^3m#B7cz& zw+KLffrwn{1Z{MJvo#+YRvupBwtm8xNV4IPRmjQ0dDAy}JiVcPd>Rth^XG8>m{{s) zMTV3m6@M~6vtFo0t)5=p4=vmOx!zNOOIzzD8h3RMT;#$(Ai6pq4}U!**kJOiPMM8| zV(}g_Pxi}^&H{N}bdv$od-KRr7NWO)1U+-4{=wHlTGBMU`{}yuJsg|V2l3JjIRYvZ zf^7nL2XE0^f>bdFzdRiV`V-{p8OFez!~6{BOb?xQ81gp#{oj67h2^O&sK_hMggiuN zZHKrNg2>p;(v7ku1+vPXa}eccw2sYKnezBh|1q)So8mms*!$wt(lM;oj>e>!6(tN>qwi0hdbw4}5%FtkA!FSs!3-E}GeN88uy{ACw@m*D0+b8M2+m(w=Nhyc za#&k8eFN@=wLHY5nmEZDUj3k!=C{;a%A2t$3!{~-pYILzB9b)2R|%|;K+L}k%?nW@ zHJZP7#TlVWVMLp!f83pOs%2^rHUHwlF%M0?%x&CZBVgAR(luMeSN$a;`n5mN@I%R) zbc@@eu)FE=0+cN+&F4veDu-?xochH*kxY_2w}g!ASB@$-z(@Pa7$XD-2`)6Mt%73) z&*ey?{frG!n~?XxWZ@w(*XqIVsF$J2IVqq!;;MR44S(oJCxWdv60i{)b!2zBEJ(di z=c&cn^#aLS=uUMwA7#}DuBo;vt6@`1wa4SsuXUWmw~ z4R=L;##lsMz}B5;(psWLxl~r?quQ93i9EM#)1P$rd90%bm+bI(-Bqw)5m5hR9U4b= zQ-sR9$!jjPqEUV-ej?V#VWfh5TGD|u+ODSF(%y_6w?gtgkdO`DODAV!Hh_SZ!l4R* zsM_pC2IXYv?NCh9kyjN|2G{Fj52@K@9^O^zn&pju5JnB`8WZq;nsh8@%RqAuu`K?f! zFk6%gyGm$OGO+)isnLnqCjC36|7rkl3+O(*YTZ>F5;F_kPKL^OqH66KriU_>XYaP} z>!3&!94z>%zi-5wpG>)JSF!#He0^@O^GsT<$zST&y8Cc3&m!HZ%~x*IKkQhtzCJuU~CoZ zZ>8`L~CyG1n;B z?`A(OC1K>B@k1V zx0%7asyQ}^V=!tq$h~eN1Ji=Zg=e@eNjXCvp6LD8r_3p71D^%tO?Mj)&#mNhjoMOi z*7Z`F3;hW8S6gaqgh<6yUY`)mhDd;)Rn%WmQx$xhET0D25BC5Cb_rH%F*M+vc#F*v zMn=3pTL-HH)TS$yLyL%uZp{8#!hD(rHX-j(zDRqYhjvs+aou`X9_8tTumcfmG2oT)iayi)xrQ7-*q>D3PWD%rZvI$kJSjE#3zd@qYbG zDNdX3pYzy^0Pc?^kEY?ZXliUgJ1{Tx>-ASR!EHQmg)?5l%TJQi5Wx4n9T?ep05wsL zJK>ooq1kjMJ-JKx@4PuWBgMI0zGd=rV)>07oX84TWn+NQ3GC05XExTNJN0&cU&1LC z(x7HT^X|z7*eY2ex|xQQM8T`qecr}I!~Yr;XJcD%2{?>FXmujw@@Mc7rg)-8hXJ^m zcbEeS>Vq(kt_G|WYLmG&>f5kFZ3LfVMI%GlHnlF`NB+B0qO(IkrU-)B^)^ zR4m`7K5z#bL}sgH(uE3n8-e1xs8IS^LpBJ?-F}FEy$nZ)0vv1F*fyN?K zNpebg5-+HMkNMhyjo5ZI^!f9TB%Rss`oSf_V2`rE!v^yvztMrT%g)mULS!D`Q8Kgs zC&PKQ_0a@u+v7(_F*gWHqrF9CiENfa1Rp!ardp|~itazVe6ua&?E-{i3qzCT7S4cx zSxdnz;b--H`nToXvF=l#INy16>Qzu|CTP$;|1t3DjIGDnzp$q+j?|$dic;R5dCql1*>8dNu(;7$zL1! zDI3GYTH3C7Jl=xsx?Zoi>7S{A+7Voy*Qrx5&lp^9vF~NTntckk_5KaP?93L|F)zck z`TWf|+Mlj|!Izt&Vv({YXAr6e#ww-&t$$vs)w+}vPK3@Rk&TReY8@746uDFd)afKW zhO*_I168tr6#J;D`>7=z6dUCDB(e~*(|`m(K4ah&)t3b(T3?TXK5@dRA3wNLj+g8J zjBr>E0ss6gH7;(LG*WX5Iob73ZhOhNiUW!eF6)EouCF|@B=OyCthM~I{JzK*^2^H3 z0!0vXcU11zuuG+@;$}|GrxSpAYORb-J0UY9B3(rzR5(qllX@Fy$3bFX+J? zb?_jvcsvbLRtK$ zYoh(e4M~80z)xiz$Z;t)8@RDWKJobmTQ#TLC>`+n`e2dM>>7iuB|X;zzWrsvpLz~# zSIA^E7m>4*%dk-87Y*1{ZoUjY6;bXBCz^gX`JVFCvJ@=geX}I1o*@U(4J=t=x`qpzL|_kyOk)5$#~zt{AQk z_lw-n4C=@TA{eOh^F1v3gz|SD3I>AS$17EZkqvF4aSuU@0(a;Zh&$6CkJE#bo)P-% zSc(Qm)~$~h>3u`?5~35^{(fsXqGdqC(M98`jt_-j<4@kd>6N{OVV)%p#ju2~NTD+V zw3$eeD!HzPEsoArLx$a%2GX7^=lMYw*^iAi-cKe>a{fj#qLa^tPA}p)R2NZ5rEN+m z$BUb{Vn^@XyJ_EghDo`>mKB57Wmr@)oj$EHy010>4G2}30}qhPP6K6SweJSYd3vkY&?UkwMPBH$v_ks9b}ow77IJ7)F#&>_7Clp%4&$Q=t!i z<>VZNgAC@EJTaxuvHG~hKsX~ps}{CRvG(>8^JHOjG6Uh|+gHH|@A!-EGgXVCkS7kd zH)f2P!&S)Nro~Ufciu}@Rjdf(I8n!+E{siKyUuJ-+`EQ-3E6x{MP&;;1Tg(vbVWIDs zIwQ|C*#ANOfHUl!B0KF~!8XU7Bu+J9*X%X3fyu)+)M*hO7u)g~4ZOqGIf5or5Q>>I zTcZ`M{H(`%sYR%o(Mm=|OKs@IK`4xX7*ttm%wtxOE&s2xQonxX!bKbL+a~ED7ZsF%`PUO0^X3%UbkxBx+6UXfx6=(?IW4PAy zcNgk0LR}y(+YaIgkX5EYFxbGNMzpMtrM4>}30jxyPj~iUE!VKXA5+12y2!;;yR$Fr zelEF*b4Qw8|8X~u4K(yQ;Wv-mq9gSRN*wKjfjj0BJ>y6?oqAiKz2ErWbb4qiha~yT z+_R7Klk?d%l^hhDwQ8`yEGBx|-bQs)hNK#|*IKSGe3}qq;bOB+Knbn5O_FI|)@7e)VOh z$4w8-TdOuh?EXc5tk%iyB)Bm7BE_=VA(!^b8vQPiXGg{D2}mTmcNc=%)3f*gaNrWn<6e=et+JSd{S+=Pt{3F;PQ z65XYi>`nAz4=HA0v^G}2GDoK2KkB~azASd$C1vA=(ComAI$%t)OS2vkQRJ}%o6nJ} z&`3!N@x|G+{qCcM8^DdmI!?j8o*;X5X=6)s_DDkRs5Z(YTQZG70R(5Tu$cbWJIe-4 zeTn@X!G*U~>^kFUvWNN+yzEvEcpA+{&0rhFOg@wT>??xPgdZGiqKSQw8AkhI7+9e* zycLF&MRf7CgSjd&2@S0dGyE;btlsgGU0~h0l-fVyZy9=wUe5vR@fu06ujjvlQqw%bFkDBX!6;*=-grqap{i2JD0T9^pNab$q}U1)aK^mj*;EKudCW)?6->2qd${Y)5D=>#u-4#jH(x~0I>6ZGg*tm zuAA5_N(jppYJ()%^Z~yN9|B&xMZBx7;n3F*TpwgQPvt%=B16*o_00v<&3tjPd2{B* zhU&*CeE$5t#kR;@eJOhUFuNW&Bb4e6F)@{Ph=bAS%}VIa@B}bi&0eqWm)i^l8=@80 zmn_)WmO&w+9(}Uta3z>M0hH|m5zd;)8+PwXAK1s4LFCU-5DUXuc1Wn%&?M*3CBJh>A^;Dz@JokkR(_ho)i_Vehl*b^j z-0YkmDePmyQ=(QxDKWt0o$`VwE1Yjk30uMpe%FUyW-3g$x@;;%|VW42uUDvx|xxC%0NjHooN>`$xYSTu6N zjRu3M|MXg+`6rkWdBMl>_PWHkUH*X;f|Z=`YE>SidJlbBQvH2U@@Ge0q0jw9Vbl(c>vN7G0@)qj974`)e5$ zPXbbJo84WA>gdZ*vM{oZbgMXvqjz*7jv(|c!Fe&x15$3lwDpZfmij~e^WA~1L@nW4 zTyB*9z2c4rRiPUJ)y88cM)G%-^^{n3iT|baM!``bQb6#KZ_WHVEATb*@Pe;Vev@Ha z1Je~+TQ%Xv1*I8isJY^H&>AmdiB4PG=36PtkM4MdGANBXCzCW`` zI{le*-MKwku|Xh0T%)Ul!TvP(ZWBp7k?-$$1=K4J?SP%WLnS3Ac#)80d^n|8X{4>^E1a*^1E9@YCJV4w8jZ${Ex>P>6t- zA!C|B`lI`W#Ri%OV5@tn7KVNu<}{#QM$(%!64|5H%{JL6e6bk)Am(@O;YtG>>8+yR z7SKa5p`D9$5YPA>6#P*yB8HbBsj!5GLX&v6@6lp2Xtj_1mb#F-=AALPdyHsDi*!z) zhvnn1C9$c2-bx`HZ&W+DZxcv>LMJ4^@&VNptTIScVNZhv8#)QQ5+DjO4);;d{<(7- z$j&eWzeUJaycp1lmui;A-C*o0JBn810lxwKK1hoAeP`rj9yN+`rF2{D{c&B3wu|_D z;>q=Z>K4+;j>^?5slD(3wIEFrH@*Ef9N&Q-6*|q&dSo=Dgt_Sy;l#rcAd0)Sl6nT?WFSx(DjW5P67@c;eY4NsOKA6;-|04w^uH>Dlo{S~|vE*8x{|OB? zhEql6eZKl`Wc}+OO}}_hqo@(dCq*X=RUwDzm+S+H4VqacgU1nmXfZh1SW&k_!1Zmx`86{|Xa}kT0 z{bUug6xl0Upn*wEg~P*b7X3Sm0RZ~MT*%RJ&MaU%f@5Lx0m(5uOgpe8-SGl3OAJyZ z-?cGhkr#K33Z!Iv+)G459QeU~g}56Tu!Afuz^&$7_sIi>6emzx)SF}Lb*1bm5=mRU z$X6f{;xcfnd)ViwSO_sYl`k8%l$wMl>Rx9gzCt&#y(WvuLlMmjNdlK^bS>S=+d$f4 zc7ZpCJRk6N2?>ZJ!?8=ip=f0H<(xlM5+d{i#Oc2XI{ zr4pO7n>jx!HA$SVsCjF~v6G*QFqWi5OsB+)zYKH|p+xirUx!7H)#Bkwr1VP9x0wUrbPzWQ79g+i-WHMU6WPbfekwBAx zAdq-el$AxL+3uCd2qMx>_@@cAIJk@&LVOA4o{M+(gb^={I)}+EVjba0^yNx2{mhdv zW@0l@)(Ubb?gJ4zyXN9s_V6~ng%6=ugLpJmWCaRL@2lXy*zF^f-YyMnTrm5;wNb+) z^&GJwY0){(YKfpRmI3leknn9#V_NoCYH>|k_jbH>nblx9o}%PoY{FJ(a*5JsO>+0R zt+%M2ohON$rG5w&6femnvNqEx|(@A=ThXRIKE#XzOT~Jan_@vrqMhKeH z&?T)n?TLDIO+$jt`cdR^v`bK)K_|ZHTcQEn*z^YjH5kE=b;)g>qZQK`yl@Aiqb149 zrl(irV{P8OJD-%8itFp^Fhom%ghu=<%>+%#eNOWo%z!@q(wP&#tGJ+8IM&xF%*8CU8}_scF_0pKY4su!$(lH?5)!jMb<(@j|AZV2h>RrK%Jzx zHwQMEDd#PU!1U zoXJfe)8i5ttE^8o(8D@)5PF^`UScH-roA5-I+ydpcct;5*&CJ+5`1-WlG1W>)p9K9 z02%}Of}G_8z3SlM1mC^CeLNe@xmlfUL{r-t4pgUJ<1R6+cU1VrxH}ZEe=00koMvki zVvkmOFkv1;bJ7!az6Wj{T4PbKK)jPwR6EvrnUWh32*C&4n{zt|Y+ zHcVLZ&_R=^E@eIjo*YNh!4az@Imug|%H3kea$NiAF*QjOo5(9IlAc4^2$FN_)~6QK zq1&R}PyB5-@A8q1oylz2RVO8``l|Vdg@rAtV5l_^+*ExKkUu&xAi`R)8O`h+hAw(& zn<-LK!i`iS&PCGn$3Kc&>#E@s9{N&NN)G;nOb6GQPLT3|ZCEsZugJ|vxIMHb_9iC~ z%+_JSApFLKN*6rScf|m9OOz&8 z3J_ilB2EFM6r-Twl^*K8Gg;$W0g!5#7@8^}O zXgno?o%e_z+Wv6X=}zWfM|aJ8X9WJRyJWN7(eueoJ{D7Yc=GsiM-ru22&ja~rc+OY z^d%@n^O<4tu@X^AWQyIPjR@E|OaoSy9lGxzO;+=b55*)j)pgSDvJNrM zJ;rhik6mlfN{DfXj^AA2FgRZn-;J6#P2rdnWIpMwFuS~cX4c2Wq@QH-!yaRQk7$#F zUF(_1;N6BR>aOqA&E&hyz@gd`J5=j_{CyGIcnTIxF(9Z|}@ z_rt2~!I%$BeT(!v;+NkAy>j5(MGFVVDQgO5_{S-`p+}9|bKwu?6yef|@j8E2u33e+ zFreOvzkFfensjW2jZyDDdp^)y!OgXsEtC}spO=co?RXaNyMsAq=-}|3_mUHm1f_bm z%~sOV+3;9$S4uXB&A!9bXSrFVjr!jXdZ|^NUSE-zQed$=YYu;6|z`Bza zIdimowD_=_}q6R zuW0b`s-)fRA+vuy<~N|n>=8;&)6M~D9$EaAVo|v?rwzKE(FIakwrd*GRo^YP#^a%) zDb(;Wc314ZN8_&rgZ<$75wJ={8&3O`$7{ulp>iaRyl3N%z zVOFwUjEMuvQHdoIw#-5?qZH92f^e9QgR_8pI!A4;@<~8bKnnJ4C&8b-LAx*3&AsLJ zBx`tUQn{8iUDOAr96G@ZoEBXyqX2%M(V)mFb$8$??HN^=&naa$*QL7TJ^p*dtU!6S zHf4(yi_+( zS_wrc37%&)sm@H}6I$=^I^Wu^bI<0Pq?dry5x-(ap0S(mNJ~C`Dokla(^NT z$j&himjXWl)8!TeO#cb3=>}mAzktOpM7Z0iOwKKC4g3h5zVpu$(+6(_XI^hy`*R>{ zlvY6k^Q(_^5i>v^@LIuIPnCSx1E7eTr`fNg@^S43DK)?0^>gzyRljBJ0~1<40=?sxcEtQ@-G20&mG;>T%4lTbfiqTGrMUwb1$8!FO^+gcFKniLZt2_%v+Ev}6gFUu zNTj0^b?t?v#j6=9N+^20_HcbjxohxW{qPMSp|Spu7fm}iScOP4?hJG7C!4!uX-#%)178J>1NX(^Bv)3 zbi!}I%HIOzdxP4y6=0BhD~JV-Q3kst@&-!ldD^*^-g^hbn;E!AAtCEdhN;xll3Q`D zJ6!6wjzo?DCiRc^_0-4c>*YK&1=7r$bmLSu;|865mB93KLWqAWEkLx3DuF#1Qky`0 zp?PEISb}Mcjje5CeA?4g(14J&Ot&mY)a!VA`^=Hn81NHK!s$iI>4Ytgm55h<`3Cyv z{P(&)P~9gMc{JErd!^YZ1Lo^E>>G7W{qx3ne!Vx^x$4gIBz*dvm5%f6WAVI67s8}j z8j0}Hhc2s@1+Oa0FTKyk-p_YjR3#^eirTF{6T2L%w6a4HkvpMC3Lk^(XR+u{uE4!G z)7vtXEKpk;s2=ZTFrn9IutNIj#q9O}DtgYM?^S-7-A%hZoqBK{G^^}bj;lA|%I%?E7d-)X)lT}g>H>}CB6UR89{ zi{x$1wF4mS%b7*B>kggDN+7lOuJyKz6>a&#>#&5<7BD;0h8^)m*-Rc zI2|`5Il~!hXJkBWLE{&+!diTZPPxaJ*G!8wt<>{7s2BeHc?H~8K(r9;!yE8uY<*5K zRE~kKnrNUKDtNTct*Tt}pL(6TzOS+N(R9gA3B)*Nl7yecOdeLZR#_maZRr;Jn2G5> zJN>H4e{NH;C}BGd!cWY8Vup~imPueTpd1$w>3O(p!hF6nI6kZG@rIH1j;wJ)E|2l{2K4U6>;!+1VD>neFhrR3$Y zim!heAZUL)!jY~RE(5IPuZ6P}E`YRh6AWl5ub!&&9A6(TyQsRo&jW1erB_CRQ$`uj z<`~pj>I3ighR|dQ->Fws*5-ghdc=ME$@8W&(}|H1RwfQ@1Ir$HLdf9?f8=8V%Jc@) z3_}G{xFl4><8a+1l!mW7xQ)XGnf$kg3B;+o=h+XR~Ueh!ppjUJ58?Z5rcaFrd*Yp-d%0!}kid zdU8|Z?Q(I2_3v()-ZVrEr`o=YpbpjBt*LH>aPO%7p0w)54|-90a98xFM_h6GszSEd@#il8B5HXY~#W#)-3#!(RKlpz;a9`!!zg zEisOnJ5xZD;)WkmSp3y0q##73>L~TgZnQJ!8G=fs@FVg(?yjiE97+fMM9y3-e;QFvV`J^*ZpV!H?FBSFc|qPNmOMig?=(c~3uQFgutZlOg$* z^uQ~k>fi^f4iH9al+nYH4!Qgzo97se}Wa*JXdXBvI}#Wicg!*76X zBh<6Bcq#73pO5X$9t=;2-v99JO%|N2a%;hiQ2vvg$ zFDFniOD*V$0R>{?oA00K##Zk!#3s&$rp{&HCig$c<_)1o^LY(dYXh?OxKu7)2J?_y z#{ZJNKYIFuW$?CE7K`*WO_m7rRsx^wgN|Fk3iKj|$3S8_dcPr6B#-P`+w;r^Y0w(yHH$g%rE4=AhIf`@8O7zEvt|y zr9T_<8IF5@$onISwO<{R`{QMC_pL-W6Y}jZduBlgsi ztE65Usky$?)-Pl9ZV9iM#cpA9@<(5D1yevh%9U0z=Jo`wBgz?ikBMW9emEz5M{o0U za;eo_%0ln8A+;kM6YIwlA)?I}n-kR+`bpWNH`A~a`dbYjc8WkFSM~oM3ghAV$N>i> zX!RI??CGlKbM?qo;JG%v0iv;{V=f4sJ{6{}!B^T&1g5_dok;E&ey% z``;fJX^g&kA$`J*jl4F;_LXU_OI{#F*$u~XqcKJ={a=8MoLdl*EDD4;_5Iue@^tDYw2vz zx6})|RenM)Iv#|3X17)>UuixfO8|ZXkGRPS#BG_J((kWVsmUL@kBB3S>|oe&QL-_+ zHDR~WvEF-nBF4468)c(32l^HX5eB^8%~*Hn)kp>V1U>^NM|oLU*^Il_yn6xe(TSDgFsaWNr@)|gXm4IkUN>3N8N}X`tL?*~jhgIR zcOpNW_v|>i$2|i!XTb?AbGq0O$(o#cLtWqwD`3z{bsgzLDh_ zy7g~H4Sgity4PMqKzQRm74mP`A0%AqT z&N>}gAL-}m7vuofU#`WjJeJ;sYMznmZ!jyC_B^y*gYJF>S3U&Ba@f$zjf>iS1K^6Q zghq_;je43r=m3^eY>c~49j=Xc08@eWaG{}Re(nUIH`q44BM?pZmFABDMvGA}XT!kZ zkp%@4+;UQ$35-$6-A@uDa+&QhtBO}3~h#2D^99bY+!P?+h{+8?a;4YZM*ZtFgOe#a6%5|8 zFZ^A2km9|+B(1ylqF^0B%|188qUi@(a4Pj+KkC=*evQxVpiFBqZwl-XqeG&aYbdah7<*gXGwwPva2J_%Hvn0S{Q@RV3~~dsb-r4%z!XsxwyoU~5b2Yz z>Iq=Z!?Kd~jnfJMH9f1=+D2-gH-b8uJ@6$v&+q)mkneYQ-*!D~^heplIHzMl>1*7H z-=H)&l8F!{Ib0Mf+sgv)8pzd{;6Y9AyZ}AIa3I&21mzPx$;<^cDa7y&O?qSwKVji> zz@eRjAcq7Q!8}6Kw~A2^z$>e)EYKS-W|fCaL%&oT-p5yY`9>+|N(@9I@4*bTu|{EM z0MDlbz{ls}zk0nXYbnDD@#Qmw)KkSxzJC&}uxf&Ke4P2T;A~=Il1TY3qe+r2n*c8W z8`@4{g>^oQNb3<^J>D@(g)FlAEXh^hlJdHf?8}>7wBSjWw#Mo`vE+*B%OA+C>#YWk zQ&TAieJwP*w#J7b>AzB7tcdO?=U$4JERLBq(GEZ4$mCW3Pj+SfAF~{CKs0T1YO6SS zyjhEolhj>0VqtdM>@5ZH<5;F*X!o4P1T-U0IAM=3;WOjM4}rrsrj%O~YaZ3dRH+u~ zSFfig=E^Z?OQX5mp=-1#%lHv>uLx+qZge{z5%d*) z=y`b0Hwp*!*=itX3^>rv>-D9d>L7B&-{j!XvbRxp$;CDM> z$ZZyzft-q9fCnUy-^iIHLrwSglARq8F<-T+_0p^z=UN?^#VyRuPs+*gjj=r2Z!iYd zu|RwN`}AnThUZ1$_8z5<2Vqv+r4YR@S$V=eUE7WEiZWNb@tO`iHaVaP>jnd?iH)kA zK8JQq+YVB%H2JLtFYQ9209=?vKuS!Iy(gg#Q4is z*VvlCa<*&qyX>c1TOevbYQ)8R)WE&6wzE02A#DSHMz|Ju-)?NMzs~n>uwyHRld(r0 z%a)yn>`N6HC$|Z+$bo(bS0@7TUt>ok68J*pC+sc{mC=pv3qJc*`$N0p+n$ z?{ohnGES+O4rDP41tZ)c{T?%=V;+x`H`gs;OU*ZVFTLx|J5jVv7dFF%8wWg22dmVP zc#exqw}f9WLv0vVsaz6k$~+Ff2>lGl?A@~1pb3*IY%60lgXBpA=}9S*WQ}`DmK0m2 zCgd#GOFH=Ug8e|DkzOeJ92*H@X@&=?nBnInICDP}(Q{+jHTB{}`zp8E>vAQ7dwko#K<}^#VP{t0;kxwJx;+xgcHwTIg~whE zhsD9xU@8000T!$Tu;xZufqe#?sP;d8rm@xt!P>VGjA7bjI#|)&JurLB)x)TLFkZ6O zZ9G$v^x_jJpH(WGXx1TjOwWMbaMhdHdj-%nFMROirO}$b#<%1tBcnmF8Z+EkYTolr zb-w+Qkx=Af6BK(35CX`=)MAMVi`7_eDK%UOPNA%R1F$iOb)Sf(l14JWwAUBJ>RK6fQ7aC8)Z%CDTbHnx-(w?P!Z+(_- zpvcIGwnJCK6ue@61d$;@$$7)YAw&NeSaKK#Id4{Vzv$Swik2Fp7N6lw1HL|OA8@!F zc>?-nm!zAht9XE7Q{QwG@4TQRrU4Kz3Kx?EU!UEDk~E_RL&*jjceHr3aN>ck3YZabv%tLP&+N3G zqygL}D^K=v&(uHv`2uf4kwGnI>*st@Pdzz$Odsf&)Y*Am{C-*aAX<5CsNeulS#CX; zJJ3RZ3G#?18gwxjVGb#IEjaFQ9rop245dpB`j)wtcPW1KJs#X594M#ZT}#_$yOD1F5LKLyRU_q zH5&{rsc*qS*%L;i8DQ7RID1f4?Ok01wijY9UIyXGE^BrN%4x3-=gePe$fN0-fm8^# zu=|D?ay`cm%x4({XZSLq&=lSNa{%cs1&W%JCD5j+5yMY4gGKMlqlvKu%C?`=nv458 zI~`bY_;F9aN?+_iruuPF_B5~8C#qw>Of*rlyuAteYi430*N^0}I<;BAMdNz%$Z*-H zh``LpkG#A0Z9h3a9$C)|P%FXUV*L?14fPDe`7%b6Aha+pR^RXc=I@{GKhlhd?p7eL z?~qs=Za9r2y^gN{!{S0;W#SmpwXueeqcQ+0Q2A`PhyNRhiOg+ejV-qm;b>z&=x`HC zNb&;i{7DS4d4d+lop4_Hz_EEE;||>>mW`EDVPWn{<5Z(Rb0%zgW867R)AS=UH2dir zIyyZ0YRFFM+!#Q*mG?RrZK|Hk9W?E;V|A{qeJL##@RuKMk-Ili^#zjBjQqA4_IlOb zP2E#q9!gV*m^MsHZE4^F-7F;Hi-l7UBEb2HOLtuuG=J4SU=f8nT|7QJF&UI&_H|zrSp%=ZN3*+ToDrSHfh>Pl2;k6cE$t_8d_T?ip^@zm` z1vOoOCa3q*TPl&fdt}@F!PowL=RhF{^|8DQvdwHx82W)9Gpc!H7?M3vJ{nQdxsowy zgx5009o6yW42*|!X~Ihw3nE`VGmatBavzz!{db?P)_o>Q@;ddQD*EVmO6@lRuD7SN zVyvyT{a3QM1`kkOuk+Y1Z~oyM&L}bDvzKJ#IXzJG{4vDH``|OE4&NoCak|(z+MaCz zdCt!aBd>)Zq2`ug=F9f63Y)dedrJFm(>`l*I4F`+KI~NHS1E4}1h$q4wF3%^d^pCh z=L@0(aBp=uFnP02*`@jH($Z?8Y2`>waYEg$jfd^NN!`zB9AJCBA;ig3oE z00%@V<9JmZIf;%=X3o8kklBc% z=^s(`fc1jUL3kG#%_8mq>GsxC3epIi6(i);|J&$~Cxw>%CP%gQvmnWHM1h~EHO2_Q zgErlpyz?0j)`p!~eP1H^SZ4;m>J1Y_5RYdU8P<)hy}p~-ZX|WtS$}!T160DOt!?>~ zYR{_1p6exiX2!mrvD-BnPj=E@hmg2;;)ruw3lN0lzl^=Et&O}CV);tE8_6w#JWeJ% z_?Rz(bXM?J0=wmD@|B!$pZde{=Nv3a<_D=qZq(< zk7#UwlCMC&8v96*yc>r#M;1_K+m_OTmlnkM0`_ji9(doyGmG;{lM0eL>yS&_OU_?j zTwarzG?UEFpVgfxReXGO4w5D}QTJa9v0=J>9e5G-AM5ENA7EvS0wq|Du8foiflK36 zCS=Vc0T#cK9$7p@*>#07<6jDY)|T%CLjB@jQBHl z<>i)}*#6PV_+J0sU0`Pzr*U!a~EZ+|5DeE@ufK^yoe3v31%ssfx+xtCeRK) z9#D1o)Ioq^4WWE%Plk51S#&c_0!o@W&L;$mytIXF_mqNTwLTgweJa-LZi#Hp628+h%aD@iS9aWD^4H_jmRZ4@h2BTH1r1 z-2rhu$EP?6znuy4;FM?TqZtd{1@~|czoh$atPz9%H8as>mf#hieYclI`mS0isW`<4 zl-{F%eUe3PFUP#^=wY#=W(?j5Gj0(MzDyGfCR=51MImQZqo_o>L!X18 z9s6EpKi(DZw9%#o@6xZitEWcyPmnsM`V+SQ#R!_E3b%L3E8HEDHSr*_QXV0Ki$Fy( z1!d`kS9mvE7py`QqAs_OLDYEK5VTU2B2N-;N7i-GnbLLU<(U;*3|v7uf10| zwlpu=)JQA`8*f*I>YZFl_Mo#Ge#i~fYDZ++@h2|y%LNO=&Lz+$S{G2U5PX?>MD1@9 zsMVI9SU%en`)KkeknbCPAlv7;;*&wSus@JYCBjsOROJS#x^ARf9%u5#;ruj4M7zWq z@~6U^!J280m@jLhI*`-9Nz6QR?(EuTM*=5ys>XE%Xd!WTq{|61UOPvcaP_(k5o^#( z*M^sY6=4GUx(*EN@m48M4&=Y(rq+>lXDql+j~=d1&U^2CjmPVkhm)-h7Hsh2(EvIB zJi&S%=But6VRTx8vh+!=@BZOaslRuQ#F=KyDh_=?2$B~*sBK{S3p$vtw>e92kzqd_VF4VlR6optv zoXC;rFL_Pgs$2t>oy@MA#ulWfh#~Lg(K^pjm%BGb9?_6&m?z>9#rwq2XGh|~nC`+M zAOl}_ukbudje;h;pSjBKZ*Ub(T)Pp_5NNnRze3q8H#1Q*X*{&t&q? zkG2ki8VN zlUuZ?xqB^=#1K2z)_AIleG+b?;mFr6xK#Y{0OgSK%y`El=bd`eA$FL>9on-Aj1u+? zl(`=aFpmtKW-8Pl?$~z-+fR;(WZY|@)dSTA>tG5dr|8s*>{gE#te)UG)-V*x zSHFBIVTx@IMGSe&nG?C(zJ6fw25C6Us9XD@V9AIx;Gs&&e4^T^`}^1@JO?357yftw zcvE~Z`JaSa)4ntAZF^Cre?DL5ugT22nlySu!F}hByQomA$%bel3btFibY82JM+%D1 z0xV|snzpgeCg!=+bt0K2HzIw{QT*{rsPw&s>3e-j$})lJ1IK%5m#?|xng(<}#=swv z#pjF55EwT;1l2x-rHn;$YCqHA1*{;_(WVgnO-X=xB|K;9^*iurfo zLj)%bfID*jf-30V1xyYXl0du$5l}1i94@SvY8=eh_D;XyhCeGSW%+|8?da9BXQmSy zWJ>H1!Bf7WDwdfON70D{!;lL9E7;n_Z2^_WflRYtip!{lSwJHpVb-VU?!79AkM(Y| z*be6uXgoH-QDw%0dA+_mH!Y?Vo+Ju&DOxav_63Mf00TQWZP`KS}7isP)F;i}lnTz&J z9V~h|y!X0qUANxyjmWzU!-WoHe8KiRADZMA9(Sxha;rq1v$pR4v0 zmrX3xEgMUdKwodgZIPrf1(2Aps9_SsqZpR}f0o5MkV!O1A)27QFl_9T6WC0@EFm0; znDLfN$zlRpfHp}FuNg+d$4?3rMjBh9Ef#=$NwN@ARBu}>KYAt0kc!LCTw=vjC+vQr z+Kl)9EjtzYtsm1w+Q}_AY14^C>Z7}^kwPqpG%4;xxt0hnV#aTwf&LW$_TJCaXW=kh zu6onWKpMF%6SxD-{E}YJfp@`@!TFw^+8uVybaCA{+XQ`W?V$LQ{DSPAIO)v+B33Gv zhip>2Y#+Eu!nWv?g?Z22n0+jLk1w{)6*;`=m%sq=@41V!yh|5O4L+CW8Ig@hpawpb zSfD%Ud)EO}0f!it!ZMh%;@rb_(c0%FBhC|09G%vWRvsWc*tJ*>OB9xa=bn~PXeF-A z;dYT;Q$YSg59_U$orDT@l_hNapv2(}kcvc>(Xj9vP!itpJiVXF<9j*4?EQtvn`uX` zwQVgd@PlWt#RD6T*_2eTKhFv033DWW94Rw!T|bBt#J7@--5M$g4JYm=siezIz2TNK zClF3uixyEw^91b!rI@$!y>?poo<^`EfeRL{H8|5I?7|4;8d0+Yt$<59h7hZB{M5Mp zgV>vd;!M6+9g{Jx{t-~Jsy>!Gzr&nru5~9ptdqT6J63wd?37?w@g8t?ES205JL!4M z2~T2M7zVY@I)iO2;zp|OH&wz|{%aj*N_MQb=5!YVi-rzBSz-K9Q$81`$4H{_kMo6r z7PhM1$*cYII`P!+>D{*2{3edLGs}73JlvKG_xh}FO_Cv%otr27x$S`Jh@0fD+@g6O zlyq9~&QjA1X>VX3wVOdDU28#NNDJ0Uza1Gh6Cq;K9Iylzf!!|4qaz?+YLkah{1yZKn?j zi+fF$H(=WOHuJsL`D9o(cuvz<&}Fu{-VOXCdtwx%zz673t1iGG}u zGa>}$$G({ue+U~7n`hl%47GrNJDa4F*OVFh%arDj~fC5%0uKxBR# zb$kCO{0CUU#(tNKltHqP3*QBM4FAz%``S-;(X+jaIk#X6=5NUMaVhZ{h#-#$qsfSM zB7s>um0-dG%tVpGaBK;VjZ%hMkejR4voL8&b*0EdiF9yiX5Srrgt9<0VaJY)goVW9 z_dX^Bh?}+w*Kw@)`^h%$g*7n@H^wD;G?!VohgtFYwfYM4BSW-ZI=x+49ron(^aSCvgn`4iTdu6JV<7v)qx4hFL< zA)fHNgc3ZbyHmDF%=de+Ob3D-ZEP+s&rkR*!8&z+-}9e3<&*;62MeC}{-gJ@Kap{4 zno@(I{buMxcFk)+17g!&ivtqN(>qVI(&T&F&cZDQKY87^&cVU?yRWJs`|O9un|+1NYqg195|--#)}`jUu^MrM8(Rj3Qns{e(wxcbA)QE4z3W9XSONk4`8}pQ&;0>d#{z5rDQLHOc;#oc`om2MDBBqp80Vqz+g<#w zgLBnEKLjMb-kh4dt1vW(S!+%cFxqmoUQc~rf_OvDUzxl$Qc}lovECinLB{_f@wB;a zdu%>YCDo*VC)uoqa}BPz6*O7vdgh`3t*!YufEG@?&#p{yWFhC`x5U<;F`5zngtTAR zkfQbNzz}V)#a(TA${9=Ta-vhR-BiXOQ2I`@U;W5%7cnHwFAJ8B+mim3jlW2cw1O4R zh|Zfs?`|VZYrp9XV%GZKigwKelDmhfbo8ZR@k7ntxurzqf)-!Y$sH_NP0!bNWb1TK zw7KVI(Eb7`%$xe_+P+|T^_J!x9TNJ_aosn`ap{FfYf92d8}I@ngmg*+O}ZpkdPhVf znuNR8cg&QH9**3U8`KBi(8dGimU!wWXTCoet!@;iR7?QAyj&$7A$F7CWV(o2)~Ky9 zJZhcxLGA)m0=7SsKeSTCOu7V}TQg)ILFVS;Y9cPI59$+Z^*R~V)p{Dx&`wnE&3Big< zq`O=@E+SX$^r zwh?${RC{>-We5H49!tIH2}wVMb&7Lv^mV%Z&AbNuRlbb?nTzZKEKepOAsxa=`f{1w z2vhTXEqA;xz{x++YfgBLiuKxdWg27B@)^q?yWMK) zrsvEpi4{Thr>mqkKp4u~&9q7j>CSTf2H{*AIfQru0`yKh+9*w#v_BgCNjxcp{`#1j*}f)cvD;#@8yURz;yw9z%7bJJKWW6I7i0ViYVpOeivB#~0S63^%(R|awdaYrJJ(!>2l zP@4LAHf&^miSN2_tH7M70MwPRH*TST?ilUMFvdy~%ZSQpQ5D)F!2l6g!O`htdZ0xw~>cr#lHoEEA= z*}UV|?(FY1KLHvv$84V#v~R#^!Nku^cLJERk@rbpkyhio;rvDs!Ch+tGlppVei1Cq z#|YS&aL#KX>Ngvoey6I-h_?&8wj*vO845ABrkDzfkM)j~f2Pu6aR?Kb|(&#a`- zmBv_@0_RYmsT!wiu)>cF3buf~A*TN1kLZdyK*;!@1L`lzhPd+9ouhu|r z{A*ZQVkGG-Wx4ZGq>}^T5nTj zcv)Y|ARqiEDgScgJw1PL6E&nu($n?q+>$0{fgcwk&V+e>9db7DxEd%ajw-1qMv(V(3oNkWy_hKAo?rDlo0FT&b~N*4Xiq9yrP66V zBXtp^TXrKBksV}FhdqAc%g(siEC}=H5PX7*=uwatO2Avla+98Y# z0%iU5^N>(x506nt$G`p;^{#{i?EY1|PkKx)SaM!Qy~*jX0P1B$*2cXgD{;pVvQ)As zMNI?#=R4T3hW<86?4sP_?z|zv&?{57yEy_gl+A<0yNQ>#P@mv;Mqiy(4r^38wrQhE zn{eJdRH!}NICp34iNH3s!Eq-Uq$QIE}csvBnUs@{jAvDB&f_m>QYGom7+4}jm ze&m)i0D^0@lq8ATZ`U+==%YsmHFm3B=G|P7oO(!X{#%hs1RAX46$dE(4h&kj{LDF3 zzb^B?s%oL~Igwwsw}`#3Ys>CDGx@}I;BXdU_nDunGL9*(CeMGEaxIQ?y|dQq^E_b; znS=uxbA#80zO`sZ*smv}s;(hcoFC=t;+)9&$e5T!_pdB{7o3ikMz?x(crbV=`v?W1 zL}&%xJYeo8Bh$~hWX0cB`fHkh#C&8y8^3VBf_M(!kOk)CnDS+}Se$e1wn>;Xf+h9a z*H*b+*tuVE2-o9C2Sgz)x%E(rDY?`TG49YKHpr+HLlM65BZ8B6!Gtp<{#7KIs#vKg zpI?vRA3ykIXh`0LtSI8l!hE=lCx-I1$9t?0%UpuRqkkCkJX;@lSUWHe{W7kh)IP|s zDtq&Nw?KBZP?_Hn$^OqOmWL86FO+9#7X+BBZ3bxPtw`9h=aaa8D zu#8btb3{jW257Nnksxu+ejPY($GmYPrOke$|635FwSa~cb9#5!A5 z{cKq^;EHXy67{HnTnI=61=2s@ng#he$~G=HIaVHFZk#KTJxN%6C~v5xaA%M)^RLl)CG(nmaP;;=_Z&mLYu zATWqLi_8#xvkvRm$Pp~Q`AAXwHmE}GG?rb9M1?eFu?RaG6J)l-7)0Nq6BuS>Wj#jC zquZk9A9}%xU?FH4VfhJNXp9=!h(VyDs>#_QfqMe&JU7C&(@h?!0n6G+gb7;a;`Hc%TX{XN{lPaI zbQQ57@x)C_hI&rbC3VBiZyZA0gAazLJ_`8A>3Sga8)gqS#u4?0ftLO??fWf=`qOSj z&h+pS;)hJE#0tbb&T^mf(*{$Vm->+PGhMr!tdVB{7)>QDWG0{Y#lbM&e(T$rjHba% z%q58_jMOT|(3Q>PA&>TRopYL>p~u=e>#4!pZ8@-SZq1w0$eH4JC2(S|MGDjf=9>)S z4YimQ+-&7CB$;XQp9!Fiyn4P!NOgIY!k~ERa+_WP3HaR?`C_vnw?B0(CRYOv_t_m` zlJbCs9hrIpT~){?^{b{yuUeP09D`~avf;B84r^nolD6ge?@2uOO(Snft*_Cyy0DHU z`WvKwNF{_7+RAPa+E3SSK5x2D>EzQaSO`%VO7dO8{Z1Q!KU~egow>dH3Y-6OpMT{!1cao_eAATK;H%!EtrvCLKd_p_?pCN5LJF6_4u=0CbRAn6=r8G2cEG9(ep@1{@k*YIH=jTS|_&S`#M?Tp-CaTgr;~pii=_S;6^LuP2u_^tO%F-iAcz%mlu)vGb zMVlNA)tysXALT()UP=Xu9Fgc;v{iQE-W{_sE8r7opxFp_;@F7YIAk36zDw=iTWH%F z?V>hP5MDYX>=*`&Zt8heSAtTu=ercs<>q!(dP5)C4`(*zJ@wC9nIw_lfGRqDTPpA@ zGL;l!hIx4d=#j@znM6#Rv{O}?wTdrvG%elsw#HKQfFAsmx7Oq2)1p3RVcaR_CM*Sz zGL(K|G~PM(Z(*&7BIcdO9o-Vn`I;ZeU8-JdxiG#a* zX0<=b(r5mxIkTCB9I@$N(ow;4$_UE%%MDyb{qFa!g=n4Mr_>OmLL_`sjSjG3{{(g0 z4YVo!&EpGtP3JS@?h^ri@Fn;z34bh%2tWJ%yb;!0bZH8!TbeYy*z>ZxH9;lpCL5I_ z+a{V^3pVH6G`Zv^fx3ea9Y%U7ZcCoDAH0_y@W&WE#mIDat-@d!*jaudYlY@Iwm)a`kGExUEGFBx7P>kE^TIr0L zeC4%o7^SHiw+$V$D-E<08^I3Q*uB_`6D?SI+B0Reo1=@~HTDyV_0x`A>gL*MxBHAIJ2r}1+`R*Su+kqD6bwJrACiKF^1OBBjT#d0ApD!GEe{5#;&y zd&xVb<+ojat=5fUr4ts@*(|3v`hW9r9#ErZ1ZUrqG zU~ETo`Nt;TZ4GAvtHjRgm7Mp=!!Q@#cdGlL`PjcJ!L#E3$GsUGu3qdTAz!Wqu}4Nn4+u2 zaCKXsa)i(cW`DiX?Qa3^(*Nf^lxGBJCe;i)|E#>c|BJl$3W{oLyMI9tkl0AhSx|{0 zl5o)0yqN-|yRBI2Zp@b?RK4 z8>@D?g=VqVTys8SjNjZ12S1-hHB%?jE;FsHA^Er* zDxi&jqbi#*jj2k(K38A@ z11*82k#vv7Cxr@TQb4?>eVq-RvN85oP2`;z0vX`z*@hex`VmMV>zqs|`rHyvK?$J% zpW*E9&j8X1JSJ5mQS?&J{*};R2qKVsLq)C-!S#}yiYjr_@2Q^N?|@F=_n%RfuTKZx zBl_zME*F@;z4v;=ZR-g!mNH zoS3c(uPXlzMF*S|zWjMSW6();06!Q24zQ{$<>)%y#}<%l5LFxpffv;#cQ;YrD=&Bz zUp1&+O7Pj2h@XhbQnnrLj6`RcLEf<5h-8&&!N;m8Pa~~@tSj2npcwBAfkaAx(C51u z9}>C7$~|^c8!m_$N9a5&JU#ac1YH zL3N?;wa?M1W%@*w-PDsNZ^j`Z`)R%Nw(V;uFq+=GJesi>Oq&_4hM5?Ek?yMSpwq^< zqYbJk)%#@1WD1yK#-+f-3fK%k+o4Ju4)AsxW8>n?L5!~yMA(Bp-c%e+tzA*YdJ+RmC(I~X#ai9R56Mox4Z*7 z;Mel|v%*9u$D!pfq(8$0_&e{*pNXS2+VXw(gj!j%EkH;5AL{1b{-E8DOvNk7Q-|{- zJKvN(gWtg8?=Hr6I*+QYtxen7*sz^qh!O?)gziM#9Oa}H3i~rPo1WfDYv8)ATzJEK zX&5KGfJa0f49bt)7VnGxm0MEMy%>{_uwIB<&=$t8=U<_d228xipT)uAdRG8jzHyq+TI$V732f7I z2<4hMPC60>F3bt92x*bi*7Ssy=93|L205$VzP`$?XvV2a+~duI9)YqYQP&GNVzKl|o+@HQ6oecO@k6eGH_gWGMde;yQjk|y zUxs#D$n#SC5)04~O^gU}s_VOCF6Qda= z_pqj7*9B8;bwM={RS^Z4Hj{%j=kROZ=kNm~nM;Fu*VJRoKpdhnkT?!Ha%CAgzxfAwy@1T#L@(t*%}FYMC=A3(6gXFNvdN>3-Uf8Q%I_4? z2cqnD@RO+R6d}9U-~e>EO;e9Hq5-=v3}lK*L5h76kW6|Bk1kuZ=%l=A)IW;+xTBUd zw>Sq3r{kbpRWco8(WW=P$DZAFZRAIt^D1C96!Dy2%JJ8M-S+F5I+sKK*CQ&?eZWS) zp~imz-W&zI6$hJBoF7pWz(GhV#m6mp1)Hw1C!p%D26l6UF^5Z*meKBR`rnSTbruCo zI*baDAYDK4HsOAQS5Ne3mNbUR>gtcsM6DyWpQcX+mY~HBo1#vyJd@3XqG%+0!8Gv| zSQZYOK=JkQ9;ZfO0l)8+L=&$|*s25oT{yB)jC0`1zgZpPaJ{<{`_-_t6^9VdoqlMv zT9aw2wBaQ_;UPd&5Iy3GH|l5FyKSDd&Uzyf?^N1*vH}vi_2|tKqT=W_TvrB3OWn)n z1PyUn`_2--NjM1mWDMQ^@gBrEUISz}vCHT7BY6ll0JCT+W3J)bJU<}W%=6?DU+dXO z7BpHKZ}Roc&yz6xZEyM=u$v61`gB5Un5meaEWerE}r{0IO`S6G`5C3?mcE)z1jX=*__= z;iaUIQw&e|_(a6DKWPUlGM^p{*~US?!{zwXRMC^AAQ8Z)LA}CRB!poT+Kzt27z!{A zoDcH*@x?+lMbfkCx|0rSdW9?22(>+ zPcUiF?dCu%7#^VmQV5~~+GuQ622@Z<@0CGd=hPmr{0#|(w1@VbRB}~qsfXeJJgHPe1DelTy-0pP%S}= zG9rAX*Hb(0t3x@R-D!KjP-^ncCx#6k33TB4SBARIW0>;W0u^<@pZjUQj@$C|*cF>$2j zn-MUfzyfZzkb^>oq-Svi? zVFQ|A=)c}reX$vxVYH^xZw2}d%n0{Dx%}yP!tN<>6bJY>^czhWU}JH;rEMO6C@efU zHZ3CoWx&iWd#6l21AoMARF-{URc;4@q=6oXfi2b3(s8irRuOUWb0mYbs|58N)d5Nz*NBLKigoqfrTW>xw$=^89drh9BN0W!efq=BJ_Gi(F-+Zh&XfOS+B( zGv{8a0gBKj0?)D8Cb&bDR6^yrH{rgKgsfL>yl0PH{;zKzg12?!(>P|a5wu8nUL%vV zPk#sBXmW;z779`c8G+o4O`}CT{ir-6cR?-S6~sqRn@5N__K9SIe$Ao{he(dbp6fE_ zrK7=`M_D6gIW6S((bf#zS_`Gk%$J03gm!mCJHpQ7B;`M4_pb+AcsM38RH=k+yv)G^uoxr$BBrMlvTm~<7bL9p^ z>}AXw7m75BryD=Z^S*tQk|duyz8PLW2{fjZ^iGWb6V0`+2NuANXUXOSLd}(K1SraNDYT`vok^ptNB*ND;Tqpq379w zwXu5*@jiulXvemMgx1T|=}a3srwaHScqjfjipcTvf@O^J^}+hOjZE=Yi zo%teIJu4GYl7_K$8FxpmqMT(0ZhQVP#?{V9fs5DYH|vd} ziy!OQ@Qko|_tU+7am7NT>H*ZGIrZKUWkzuI26YB-DhyE--66p?&W3FI z`}nv;m!Qv_g_i-zNe3_eIbyuj{9Zvb|k^)wu8yV={F3 zoo(5l^lKm6kzozE>I;gws~$=j?)ULYRRavuIkK%FBjAUC@avJ1LUT))dDS4Rdb{~T z(5<2(Vxm;TXWt=qzfZL7wLdF|5*Nt^o;{MH*W}~`9c+JgSAPgZT(8wYV_y4ZX;<6~ z@q-6Ab&lW2-+3Ny*9!cM7ZUo_zq|juSburZX|!N2Qb@@F>@O~+xnA=hVkVy94L<`8 za#PhrZdbQcM}S%S-K-d1g>ixO(ai;U>NYmy zM-j*V#a307QHadLmV`8_*vGD0{cqYTKtIiAUh358`>kf#$eNAG%JL>7lk!)Q#e%U9 zAC#JxJl+x0EVDg*aQsCEqXp7gLk~Kqnx>b&N-6Cm{m8O&#w)k{Ru$Yb&OtJN)xfGr zw*0+H-9R`KXiH>UlI;%!A4qCyeiX6qib_OCfZexrRe|Df(+^P~aG-5I-x_?xet?Pa z22tR00du+2;G;6=m4qkxnIBac?RaLGXseB)o$EL(L#KXVm+3wYOA$KTNb=x5FLos@SZ`)Tu4Mxg#i3Xw@s&MXIQ z+iCeNmLmqEW1q4VsXxUiWnk*nWZP8p7I~F^f^0!cS*Hn7F%!b&I%f!S;_!RqaRmZH ziH@6vHp(@x76@{gKWcsEk{Kz0^Tn4JH(d<{-!=@*e_0a>PRe8AW>Uj38A%K8+p&nE zLiXuKidV+Wd2jD3#*5w-vt4L$hbQt2!zP9}t{9%s-N3gue^#;ZT~_PW^C~-t;%0qj@Dy`q3LTy^y&$*=~5O-rS zTKXP^5MzBzhgo2~t2d0W)E6)l?batObrKK;83&} zSSt{9UdCLWA5B%GycUf)s6z^#7ae>f;(yJy5z!itHS41cfz`QeF6?G+qzBanyz^)2 z9ifyc|18XH|02(o=U67%oiT4lK`EMM(HL_&PEmGO1xy#tU9R&(0bTCoutqsuOA1eX z;hTR9iZhgq^%R5ZS8bw`}vDBH1Qy<{6B25Z-^EGJc+aPzBAe&Azm zPzT1ywp7|}d$5yN+;X%&UK%*~Xf930ByguYp3N3IX@otMcoRNVZAUlx%`QdIGpY%( zqUgEQ9n)r?K7^ysi#Z5+g;PRI=uQ1@_7RATk3Jbq|I8~VeX$irOU}O^r}yo|Pj_$s!ogFX@Z@L;hTPG&3J#9Yk^tJuZT!mYIqh@^(`bm2F{u>ls|A7XAZyK6 z0o2{+7}GlrlIF5$>~JFpL=2dwX~nV$O~yHLZ&oIE#MKyshVlA>`6}}J96Rq6oK4sI z0Hn@aN~hEBN@|c_PTq=1OmK+n->V41ObJb_gc`oxZKE?F^l5%)Dyu1xl8l3iWC7%o zMo*G9fTQxN!-K`|I&|*Oku;qfCFhsAtW&O2b*_n*H@X>s7fNe)W(R@yw>m(Hc+tmy z^y*liP~P~74`b&E-2Po2oJZJZsC{gVjv=Z;p015>`_*VRbXIzunE&R@z*vC;0MnkH z>oN!|lTDJbf?87L=I$${b_nlMf3{U8>RkWW_JI~|d9XUuW%BUNwqV{w-C=UE-~%qf z;f^%C)2hd3HhNJOz=Xr!PJ6q&;gO>!w9iZt`?3;2PpUIkAqkJ#gw!g}U9%U58 zt0^n*d@_78B!qNMOb|5=Em4Qq@QX|c-5zwYWs0zrz}sQZxPX`5o27?OX%Va4^f)O| za5j5E5kR%f5X^=2&KKlvy`^T|nw$L*Q{b&f%OnqcO-GpY$(uL4b-1K14_9~Pr2|qU zBEz+m-OH`4Y_LP2R8PlBH65`(HI^W_jpaYK!N5S_FmbCwz}C`do7%QFBM|reQK_F^ z2(J)yAB!mqJin&EUvfXC)J8;eop!oK&s6(ql3`?;y0u zQU(m#y3yhl+fc#0!5!RNMfx=rrNS`9l5fNbftSH-%Zfztg3lJqGvrlU$zy!HJ zAeIstyC0yq9W`3!hJG=qWc$`L`sq*?LVj+2LB6{x>@B>>kL*4W5N>o1)#~IyL)D0_ zdyY`5gxy*8UU#T=uzTr>VY%CLo3dxUnlv&MbITlEG2nPV>4NePNqyEW4ShnqzGfO; zg1FbDZQLxNR-pWQzJqVr7QPro+Iu^CI<8V-r=1i=jP&Kgm54K&YQB0|_tzV53hZ0h zT*hC9Eq4}D_Yf|4)aGR!d<$e%-0QEj8W9BJ{*DFBaW1SSpc%nhaW^+v;m7U#zJ3VwiH_IqfXUg71?3c##7YMF55xK+ zRwsd?Ffhrg1b~9Nw-htwuLjeW*C^JXwujy#!NdRHt85=Em$}&L5~UcDFH+;d;xiXZ zmhtX0z?tTM>A^pc*EWwU_W4+u^)lM((~Y?!od=qqU*=e0Q&3{OO??U~MsoBixl+l+ zx|SxXxqaT={zgtlX`@dmCQeDK{@h2*4(JX@$v@i+=*J|&h;2Ma`ZEyZ%MM(njWB&| z(B9RRv#5ty+~o4Y=prYd=20aZL%`rYWLFGC(sQ(GpEZmFox0QE^ruQvof08Qc^&h` znxfm29dBCU;Yty z+G^=_83#DkgOXM*I3jzH^WsB_NP&;{7ffrUn#>8iY%q_PJ=EO5uc|l2Oa1-*)2&U8 znClUiNyS3*3mz1s-+n%4{PyrrU3=x-~uOoD~1^%&RXH`NR}Z+xGnJl{yt z;{dKvY9`M3t3XjPd6m<|_cCFdDN>wt-IL!g*t6YSZ#U`iftH#+eHeaoZ`(#lz|)9= z+X0HzyhdJq3=1vv67kQ;Uq$7#e$r#}DS7fH$g>Ln_+FD$EF|;wAL3X5rq2VYErhz5 zl>Zq&Hr@}6t{UjZhpkMdI=L%>s#hL80ClvXMZLY))9g$!TH2NbjC<)I$}Xu$gk(r^ zdJa+-HsL9{D+61b%~BHx`X4{>wcd^v87&$xmCD_>hxIeHItAk1lEdaT!DCNOrjc5? zTNKyQ_7WVUuIP$HH?Sg)u}GMZV&nSk?tGMZ43Zwtl09iNaXc{vE#KB^ZWssnwXAh( z^RW5U5SFey%p@duzn~Py^-_TjrweR0>C0!f0m3-*Jw4ErnJE?eSBKu}HbPa(jkMYEgFe^rCI!@x>^ z>35=3X_D~0olnr&+u@M;oR%hcl^wr~tTvrMQRRL?vz(WVGNhF9vg9({^NcmNj*PRc z{hN#a{rKqC5LWiyq2%1a5p>XOH*$KbOt zhR)us_|Xor7Z74^ z`LPawktFVURQR9D=HDL_&8)5i!M)(>d^E=jfLK6|i|d*GCzArOC;MYk{Fh{e0M`pB ztUy9Scj5iFzxXdezkldm|L0Okr-Q?tDJbVX-0u!_=HTNSd^PaVRI<*k z{Aa=QgpP#0EbjXYAV27O&`oMk_cH8Ty7b_$!4w;(mHsLaJ#asLuAr?Q19Y5`=iDa7 zt1c*V%`^$3Wyc>t5Z!RO-!l_%L)_;gh%Tq+O@_wPS3y(>REMtT0IY1*@s?^dbdQ;S zbGBiMlGhNrFXsckOuq)b^p;)b9c}U<_qk@wsd7ur9J}N?m!l1uLFK)7XAbNmdAAn3 zCV&?IB>IUo!p${bn2a-`8no2B00U+~!8-6?RY3fC=KsDGslRig@#*%nNNaTMdDF$R z`5(=(dQjdYgoNo;)A^3PLFMZNUpEQrLckCMMd4Kq-&Kkx^Day z0GNmOnH4@0mK+KglLPa_)u{ z)BV*moHuAYHTw0@Cll$ZS|`iZY7TlS=Wa3A-%y~}?$uG%f{{HD82W=tf7*Hi+_IHG z;Fu~gm6!K!czU+k*E29sMLgeV;;F9~1u8|r%Z7wux5b~9bpCx5Pu ze6avb7a&u*Tdg;E9##}Lo%P<77x6lI7kSGU+PVxyLRq*JJa}M%i5_3jGG6@f)N!=AFyc-xs#yJkA8W&EAOG}1mWmRtwn#4*= zFX=HtOfO5WvNC2o*T*tWz%HSx^gb#67Y&qoROp$0jAI5^k? z0(Bb3FeMnw+Ne_URe^Np_~ARv$K6vvGB`gREz(~ce#{!*5lleUdTe9Y1Mn=9*AL@y zL2-GF?qi_96)NukvhUvphKStIiV*@7xHmc;*-iddq8oeMYGB$uWI~h3?%LFys%u5HtSJ zH7IXPOd~c9WJAl-9QVf`l5Yo9D}+Wd$ax%}9G5`nZ`h3FXQ1fx2rRCzywhN6bh6nu zdd;scYPbG!kfN{WT$+gG2uBwMB;bq5NYp!TZ4AR$vw=hAOzJQ|0;FQ!riyw`@&;ch z9(>|$M=n&mtdC9XS@e0mP>&$7v)rDQG}e%*Uqr$26*bBC_T*fvQYBp0f*rlcJ_5=p zT99{HAE|n!o>CY3Dq9>&HYVKs#OV~@$O#4j3U3SPuIfvrU|U4s=nLzbu`uC9sb!D{Qc&oHb$r6BKzDE zdCZ|9ntZF|g!8gAG>yFS*cs67?<|jAFR1|6Lvno%7S8H#?JPsYj@PZz7TO!2AFc$5 zutDZ2XXH58HzXt<;1E}UmCyhsB%Mb*^GTy~>J%N&85_j!iOb-$vp?T2W8O>x_y*S^aQ=61Yx8tj|7H=aG@L7bG#;<|TDQuwt*=C=xUZv$o!{G&j=prGIkTj*Js3Ly1E zmhSJS0awZj-R_GLXj-vsfU+uZk`z9UyJO!xm?B=Srou&XnBkPCF+Y7XEuFdv;L}Q_ z8qRB4)V#pMZX;Rea{Oj>ys@EJUryAXq|?3n-M}bV!owlyXc@dvUvS0-?*~4cC!j<6 zFeyBU*nVX9!u<+kEYF^$QTzE{J;2p46OOA%nJc7@ujE@OJ?)8_ZOAYtI;i>qVESMx zyUGcg{i-f=T+U}3&Us(W*#)lPT4>U~X{{mKCPwDIQcM4J=(6)kR*D0E9`WdBk@|Y9 z7}Efa1YB$4*}e8O(ef3&W34fRhp=BRY#N%G5)hmj&pRJM6}G_0<93oW_DMFgZ+yPH zPUk0C(w^@9#1`K{HOQaZUzFE=Wh9=b!dxU`#T0<*FrjQ6)Nuu@&d{;fR!DV19E7*kJM7g?GRF>2>?5=Lp3&} zxe_*<9j?`ulvoenNgrql2%>iMssOjoMkT>}8 zNaB~B&`K1e(9pKLmx_G(EA@aDDO4YZW>8fN#>PZe==GK{Lrcl4&Cnm_O6MOisV|mW zQZh|c=+f@9fiY$&%OzRBuE$BY>GkDY3)X0XE{X8dT_1ASwl$2g<4 zhI&LWJ5YEUPCK{S{454cdVBLeLq`~aST=AUrqaPkw+Zyx%EF^zn3a&iuE|x$LyrimYvU2_67~n9^Ze$kf$RYKh zkNAYg`YIH|Uxj&zK>;xfZ}qkL{rANsph^JS+#|_lbF#yYxRz#;)cs(>GJSknOL%^I zqMY}8p?>A0v@QpN7NHg2cj3NYs2_Ldy^dG|jy9sEocZ?$p#n+1%zW8N$XizsP#SDz z`|`M3bCQyk(S>2~&e^TWZa0*dIS@6E7I)r=k*!JUeD*k8TTRo7p8~+LLho}|My6c+ z`DB0o_ROjZ&b2PU3PQ-N{Y{qox7|p^D*8(wqG7%zS@-f0jD? znKP)Z6k*6U_3;7pwX8c_e5OXb?ExQ2bNAYS}kgDj9#smL3rJsm(b6ufEmU3N>7;#evcYBxT}?Xozjz&=NB+^i02$Z*Hi7=8ZXhovmj6A+gisE9<(N;*ZdGt zlmK{+pz>o`hlQ&giR|MYudo>#$m6#q#5rhH3@>zSQyR^K!3KqqMi5dBP7pi6u#P&u zN7CuD*cpi?U6le#dtIVTeU+W}d{05kTy82e_Pa-fui&)3;T^Ab@2P0mfPl>cq?Nz| z(WN@&z!MZV%(6q*DJj(zZ`e}3JQ`< zPUd|Aju^v=pSVE!_&j(YGWnatO7~K(K781gb%|_6*jB4a%@A9G8Of`Bohi?2~?4JvD4iw(>`S;eotM;iaI65okxu3 z1XzUK;)KEqw<3`2a4x8xX_Bem?(+}Utll08YE#YK3y~*D(D8*;Z6C4rp{G=y*fa{* zvu2Cdq>;)IW}}eDMVDHPqczYv97ZxEX&2etMeRO|)TzD0;75Tr^x$+C0U1Mc5As`@ zfDyzF?DpXHrRr5!iW00+g)9Phm)t=Eijx3~;1Y*1U4xw1F0tu1M53%w3drvr{+?*d zyW_xkgLqjb&GIGT&Z;aNtHi-dJKqx=llS)QMrvYKuA3n^LFcU4-%R*X!w-FDz36C) zI>^&he6APQZL5R4Uef{qs zz1SdU9>bdN!1hGjyYs%-z~A&6Yo)l`tJ*HyW#Nxr_^WAxmhUyGTIsUCIBI8U!b~iK zJ`1Wz75-UyBO=i4<|VPY{@TUHch}VdRzo+X{64kq42GCNwH33;r{EZR z^yVx+{4V0*s>1)a20(i;0O;rRlWbrB>4YG)T;Oy9L$&XyjnxbPe1E(E$1Yl8tUywu zt8ao(sN44FOxcr_c_p!3*`~z&X2OdN2fCh@K&dZ8DaKJOx`mQTG0rgg%;Yl!$LG_C~4F+_D%~nJ6 z3nm#xmM>boYTxG6CFhL%LJ2c(UU#b8nKP9);()jvpLEx6tTY4B-_VejswnPZ1RFft zd3AE)`Fs0Q0ylfq?oHL*HyL*PGr@Hsx&-eu3zu8Ld)Vf|&5%QO1n2r|=G*GY4<^RU zTc)tE(rOlg-%9_Q9E)!iMD4^wXRO+Rbzz~{!%@BRQ{!ds z1H znVp|?I2#NX&p1})x;fFt_rIC(P%CzMbuuA`K+8m|1wv{>y7yUFu}iZvq&cY#-Z~cy zg1<^P-CI)j#VT#iM{drpElv*5Srh8IIsi3^Ap#HQ+4a@sC6A;WRwmXg0djTwb_A4i zhZ|`9)q_i%?&IKOZ*qrzl#-=m2RipbLWf!t?|IoW*&*FLgsN0sLTv`biM~L_ILV`zI5kJcNJn~zrc-OY3 zXG>P-jJ2L%;J!%Is%U%IUV91WHUISbSi#~Uheq|B*C<~`lA>8P(^)JYPfOAi<2oa~SoCB@pp*D!xEA5ZPXcic4M(yH zx2AiJt5g_k@_$s?=!51@Zk#E$3Kj+C#=J(8ns;_IwvrpmJ{;Mpb@1Uuh4a^d2-tOt zBn!O!>Z^&@9kkN#>W&&)57lIhS#J4<60Hx;$;wG$OoosB_&)HvzPrttx&5E}OTv>l ze}Bo0JHVYJWEn~%L70?=f%M)QDa|VGf#m7&Gu-%L2HJ2UaUOvV{?>gDVDX!Uzz zDxEd8C3Wx;=TzdGVvvtJhk>2zLG=$^IVpK#<03jQ>VO|AZEywn2^u2$>CM^5<7nU8 z1B;vIpj2D)=%=p9*-9FtQ~4LPz)#>lkoj@rmw$oopVLO+0Tz50?;lNi9z@3wh*31rsvW5rZ|3i@g$J zeuwwQU8z~_YphPx+|Axzk=~ccBDyil3*PpX;NcGSlp?g2T+;D+&#S*+ZOKE3jipdN z=C7z*@4EWZ>DAy~6|o^fF=3GG&@H$I^Y3;Sft_(KeX=Zt@p`Y*w_~__weI;%6(p3q z3SJr0di&U>tZ$?%)PopYxlIM8M>C8|xVR3_feg=Lr)eb8Vi5X3aoRk_NWv|jV2MK~ zH$QyCN6yInHH1;%K)ac;xG+3W_&K@A=Pvj&@2d$*Mw8BtRT&kaZ~n)On;$i}J|5NvMwKG5AX6~2n$Pw!H5{3A=q&yZ)zlY^{A7Mb3#qa${D4?J0B|Ac#A+mR1t4 zUX;zTE3u20Dr8ad&su)_xEivW^O1>{H!KuS{4w)we(ykQD!3bTBaTGoOkXReX1>UG zYg+&KwdogiY*{?nfM8jw{&Y)R68ef;WS!@Abft_yU7fD@QQUST*S0?F_$Cxl_Ucx> z1`;n9Z!Wd9j`lHv4K^NUcKcnEA=zTW`GbVeGIkhKsF>dhq1;Fs6rq_SCbYDvGDS|f zX7&3yb{YvDE_}Nr7i)odSlxb_tA}qdy)2iI^g*nH$wK$T3@{5lA7H6SWd9L}3Hzw0 zSsZfa-|e!~d>pQKo1~XsKK-oY8DnqQ>b-0_O@cME)Ac-ji(bkKcy4=@EJK&m-S>2J z^YRnQrZ@r-t|3rL7Ikh!-wUpdv~tViG%dcjhU3r|+CHBl6d5p6iML5zqPD2s)@stN zjtc5EI*ZT@T>+D6nk*NvW4BlTQ$PMu*vHBqgi(8f9QvK)4 zg^&Y1lU4XBbICHm zQXd%;tT}PGu$FK?rwN4i2>*^`{XbS%{=bnCSd0{j7PPgrp#M#F$&xN4ZuS1h#UceL z2*>d*H}}E$^2!Pjj?j`0?Em+Y z&USsiEF+><`wCCHGU(Br|J2U#B1X`GC?z$L)j3qc?!${t0s1~ilDACbz#X({to?&v z5On7lfUuGgGRYkL%G5-QdiEmyx9n8q=ONA^B0AB0%S-?2 z*I8BW*8Rt0sIbTpVl|?$xM@Twgjff}Xt2*J|q~tpQ)-N5ye^jEdHPfX^H#YXG+_o8kp7IKaAy5RP1pK>3y413Zpqw|*LLKmw z)6N?u=)v5V(tvWv@%-rP5X?kFR<;o&3_5-dB-`x&8bAlGrhq#~vgwPM^z5CAl~jHG zD!cXP*KUf|S(5b9KGPsJ!!&uR&R3kJOgzwvJmZO}*l)Vg^8^N3vZ+*0~z-|^P zYS+ixuKJH58R5pCZ#G>dUbkKSD!%Fke_Z!oEnc57 z6`FSuCp0$v+B^dEXxs0f)QZ{uy5)lI(Hzaw+=fap@myA6x973Qhm03a2+F@`I>v8S zwKze{r{VJLQGRM1_$WGz6Y8vGqQfCBKJ`J!+RXPd{VMMAr|%hRLzl@5?MqVe91PN3 z28|x0wdTq;6Pdxwzka>?FWHwh@?-KDeX;`@-bPMhn+O=Td50POKo4H8_qL+bj^v74%4 zsDZ1)rnAH&*j1vh-Srmg%HW*pdjHxM^ywBp8~GFg$`f9KyYuTo9Snb{61-FZSt{6* zh+P!On&3aDJ1CIKtnfl-u;Ila{C(ZJw?L14s?r6g~ zg&Id)9h!uC{A`V4^fq>O9~1RFiuhTeGxevi2=t$#LyK!F$M!RSc4V8A$;+FT`@htU zeILOlpDiCQx@2sC^ZiSd&weGq^;LjWmxuKGxVXhb@l-r_u7558?_TC>XLbV8Xt}c6 zdHwZ%)5LhGx#ZO{TK227{n>i8wSASsqmLYKYHM2r8>uTg_t>bC_np7B+3d!@XMpFi za_5_%@CcX-SOWJ&JpD6FcX#(u5Gk@5t@w;SFM`66b=cSPva);qOwI2YB;X~Ua>&RF zXfK4dBbGz8cdHAf-ePriFx;dE_SESq8qNp5NvUL2&cmBaQia{3K+Dfak#WNdpf!T5 zUv~IikesSSgZi_>$Rw}N4p!q_adxBUfx?^?&E&P?uc`V40o14$=w4XV^_H8lhQs9< zk+{R0jJ2eiCf7DgAns|!gVF0x(e;#Ppn1L(~dSJ2kSXQMC%nNN#N=!5Cy_lpIWNV%H z)(BUa=>fIJy+^<>{6GQBlF8RpW72ifrjZiqtbvHz>*T(>WoX{)?*+M`IOyTpU!bbn zTRfh6Q0vZ;fo#jn5bTL!q`Q+X7$oq%WhRU{<}0YCZU6!5BOygrge-`f@`U3qtE9Rg z?8GdGmetS|rE;rcKgxAx-&VYolTm&9_@bVxJq~$uZ_h_0v?ez3uUo^Obzlii_u8X6 z{#8rSD|Ks?Z3aObG?N1Y?L7DHdGRu6s7SkDu|$^Lkya_MPTbj_X{~n!p`n!_mz4oK zzUtm~*4}qsFMGB7vs4^wq+KH473xmM3BAzsd^Obmcoqk;2I9MGX@>DOw!W(}|8qWY zTZnhX$Q8_)wv9(?9^zOIVsOjAAx0@>SXf9rsKe6Ax>T9BtfDa zO;1y#`-UEN=(qwyHQMn9)lU{C3!;m`sz6UfF_XjH<5+c)-Pa(q>|%?W1+e?)RnM_t z7d?EGTs$PZW-}q6^=&*joa#cHa0YDA>p%Ud*X2VS4f2QrUDRrbaqi3ANO#+urrEnc zyk7|j)%M8u)U%2p4SS)bgyqeUkRcy>QgI8LoKn*}7GfT&pv_iPdjk(@H&sy@o>BD9 zvfgcTPedoQW(7#27irm4n71&$7$Hc8;Rw|5_o|b~hjue%9mS97KwW7HsBGv2Z;VCM zkIv^sdZvBv`3kf!JmMTQb9W9v$s4HqpxuL8tnzWV#CB-+=uWB*-%*#F*gQfFgn)N# zvRz*5c5|tv+$B(mY`NN^8jbtFOVn^q2D?=d5iE8dRM+u>3y&Oo^ywS=RcNILa?M-X98>W<#ZBw5T|P9f&o?0&Qc+fR223Gu)8z-431!iVskg|0umr34yIlDgm>=NN58j#*0fYQU^8 z+VO4!`nw1(#OfT{ZH_%as6-zktV7)yNwetgdapeTAcyU3fyJY5(87{&+Ze)unT6Bz#>3avo2pzBKe;GoIggeK=>yC z@%He$BESLTg1OS(^EQtK+FyOkJ)Lx@3bxH?Q1vp5fC?cpz5gRCl#y=;B^=MWItv)E z+Y54M`fxJ;w-UcWks!fexN;tQa+fbTiPtd3TKtq>p8p>7b;V+WWN_WztMSrrw1y1f z5dVgO$gW#yj(OJ+FF9tw_p89`OXHC_zD)IxM+!4rlR2vS@|z7`-*u^N znoakRXHHhW4t5o7R*Ik|?ab(F7|^D~ds(5ZK$82Hwnlc!S%oj)Q2% zvP&ioLcE7tKZiYBx3_NGKHeDm9EW1cxLHhp=Ev7~GX0|3e)%v!$O@t&b$&nwTelf2 zymhI!EY9AbE+_hra?Km^cWFSjgLGj;nmR(z@*7^rY8Vvm;yQ>qGYmYWeu8;FuV#lSO`NR}qX(1!~NLpiFJ zn#w`d7n`8D&piGvQ-N-A6*}2H#1TG|-!5Xw^A?D|?mle%%wFUn2hZD2omMUw@i6^V zf@J*0+QB~3+dC+w+I|A8k`ngf0kYpL+bL(;%R8~$L)=vNUwyOHdX+oF!|m)J=E4@s z$ZA+FAL?q)tuwpaGH&^HsEg^cXR^Ycp|`$B$a<(9Y%*8v7Jg)PWzeq}TxyY2y?@Iu zGco#A=e+iff)y)6;rhHW^?lu%-vJIGGJzSWGIu8`Su4-%ESYDZZAelw4eLkC3a-#z=LIb9&T+8Yr$2e?L5K+LU6Iy zP2UwSai-w`d&hmJhG^~=CEp{PK0>({iUyxyMs?_6Beg;Z88-}Up5qu(!vCtc<=817 zd>03graf|R@tX*&FOI;Ga%tt9aC2Yx=pCdAPFYHSB1Xm=FD|G|uEOjL`&iO(p~h3RBoJ?*`CxU}?yO=Jr10^m zWOkyOsq+}03sqoAXn|(a+k0#8J#C-|}ZR3$oJS+p?pN;k9NK_Ez z>dhavHu(8iEOrt#2E#6R-|)tBnk|NWud*sv>uaeGvzEebZ4gO3ix~UXpFDi&6m%5T zr37FONM3DT+wF+N$A7C@nyEm;_r&A_?;-YozK0@T<~wF8H8nO$VTW+S-jI^+P&e~` zkcjyVsovbEbs7ab4}3);O7bOIYB&XuxwLLe(g7t?CSnyBaU(9!90OyMdY^BRFDct! zZemjMa17wlQaeaPgeZBP`S8GTAIB%`}mD9SHx+L>>dPzC@lwr_n~wG9UnFqU{&R@{N(u8L=&vZv!n2qOQ5wXus+g*Jh5U z%{kpVV}Kb_GO8ALC-Oc-=*aUjCu(s9j4-YGetm1CzIzC%A<4YC!oPX%Rwje--0L8TD+cGTswhTKfzKTffo<`19} zkk=pbWs#3b_79uRw+u}5Ze!hF^3zNOs$?EuXsQU?++g;g=Q2uybW;_DIJRewWBqe;FOIzY#5!>3zDjek==nV$L2K>Ip{8e=lE0ockH^N=t!^x)i2SM>j zT%N|+8C7AmHjVZOG&L$O0~x2)$eld_M)bm3Y~0`V01brdMGe)MB}2GmjuH=OA{|G4 zSxohl9Team=`py(I}A^i<)Blpc@p|BkA+ghXZ$~zPP9!-$OvNKK3AmR$1U*M>Q5-?YFhl&N^4wdQH#dLJ%VWn_aLlr2Db;HEL4#vv zIi|_vB{WPjysT_0L>C@^;59n);bgpG9eu{$pDjlYZeqhZmy~suni5w6R<(Y?AY`t( zFW2i00$3Kc38pj6Va4PR%hW z`C@N0DN#SF_^);G_3s%CbU_XmCyv5WyR&{}!E%A6x2P4U#|qi_N%^9o3Z^Fl!I**R zLU&_r?(RIIbMzC!(5tvT7y^>ICvpgGJ(V;^_1W=qMvQRw2f;U676wwij_*Oo$X&0S z3xYbtNF~QfS!v%FlKPF|+)yOf;58X2$HY3*2Vxu=v@^edti#QUoamIf2D}?@51dY+ z8^ktp%#dLx_11AwZteFlB_TC{N;e29Dcv=cAcz=rNJh?IZ= zDj-OAhk%429Wx9tDh<;0ZanAtKIij$&igMhbKm#g_ul(j>so8cX)>BSM%C`BDzoe- zl3$<}E~Iiiw~&GAlJ8TzRZf?49NY6*;Ko%B__k`D_G>Z?+N1!+>w#i>nm@U3k8R_EEAdR4!- z#R40k|8*0C+-`k+b6JMzVV9TB&#^CsEaiu{)+U?hfaB8;-<$F)cUX`CC+lL()%eJt zNa6_V^{r;KnHv4_U=?IvP0W#K^Ty&mV=ia5-^|5X-wHhL49#59VwVKsbn-h5|5fuw z821ou#l5~%51k_I-|7H4+L65PXC`G)pup;SC`teBK%tD4-zKt}W`=m?C>eubUMmQD zl}Z-w%lh9b^dH?_towM7*+`#lFT_R`{cX_DwRLilS7Ku=cpK3#V}id#gj5K@3YL2we4onbmh8;cXpo6R}~Wro?6D)ys|^AN9YFPzsEm3)@WhEHxM5D5>(pr zvT%K-n)JY7UH6e5&)x1wKlCCq^+&uL+XK@{%MAsV)+FxRxzaA?UA`W_^yVOXmbEvTpzWVn7Eb9sUl-43&CH}S$ zu;EsC(0#RoQ_@e6}g(DvaUf9!+Rra!StTl8Gr(@WAMGZxUWZn0#s@vSNbPMlQ!$373tNlLO zu>PUkme!X6h95^UlS*?f9;*d@g7=BnIe&IxPkb`=VoemWfIuPF^%;b#4aawAKx%i5 zT=>0lm0VJ+bsA?1sMs&s#V$afW>aZ#EA5aa-K?fQ7QE49m89p{Z*G)H7B0&7->EbJ`CDyr}P#iXu0}BH=ZL1>AM}!rP0kc zq1|4Epf`MP0x*f)M(HJ)19s;+?c`UYi|MiKF#f(JR0p$`5>k4xe=Olnni6496s}6p zw_)q({ug)B&X_oJfLq!JwOD44#p6Btwk_tRQFEr3&C3Mw=BtL%8qdyg7Ir1{$*wEV z>5b-}rd}On&(e{FLVYK7!XK~2HOm24C(v(%s4n&5Q#U!oq z!fn=+}zwrAz9|l0Tc~F0}MREsP~``@X|v)%r&}z1f2t5*l2*STdY$EPNuAF%@73 zgB4;TujXNUU|BFaUoV((P}l4LaxBSzW9In7YL<)dw~i6qz_+@s@+CFcr(2Rn5i!B_ zyW<~U0^A#bAZpQS_Rj4cMgeQh3~SJ5w;jPU^`YwXdlp5+7}44P%B|F{-?;gXZ|f=H zwl(3u{2HS8i22{HND=Xi{a?OZkx(b#-#AV})(;8)LQVpozded$^M8;w99KyH#Nif! zF!=vRFLh~EDSn-r`lKl;47isnJ`SJkc|`p`7Y9ry+nRQFcGduf<9UAS11u9GZWCb! zvnnz(88*p3hQUn#@qPcXwCn*R%qu1~(G}NdKf%L4%g^6=hrCTm0Tpm{>?AKQx%$mk zcL(TOYx@6T8iOrQv+?uMKi8)A-I4NslI}$^jCY|5s58Q`18m&2pN&2XH3Si2Odn!~ zhtz@b=zo+~z$LR2J3um;Zm8TQVJhe}!TKUi;PmMOZ{`lu3y#dDpOj2pY{|VkTVHr7im#LMKLd)&q7*q_ZV^5?w5V3O zb@mW(5ZowT5p+JpX*c%Ze;&AZAv7*%@6$lwfmFrnghtD?MH%D|or<9SA&!6hb07(W zzGm0SSE2g15&gyxMJMw5f9?e+`I1)D#)?M%ZPp-!Rr6HhZvNXmdke%WcEbNN_&{IC z_BE+UC;#83y3et?SkNeAUlE|}`Z7rJnE1$`4@uw<*fz4JnHYcXFfbMVvqI0cG@uYD$ z-BF8G{|%6FnYTV!ohQ6Ty8hsQYb+HnLfGUKI=hCnG} z`V;8Oj&Fd*5P%$30YL4@izb^LPF@4vqLa;^gv$!20K0z{aPr&5C2Xg)EVkSI_Jac8 zwp9)AE&alH#u5$8;CO`%c|SwybKpMd6~gtnh#x5Ds+t2%^oE#Z9Dvm4@e{6n_|E2h zQ$vh|a~Sy6DF9JBv<3(Ad15~|Y<5ToijHwfcUx!P*B2L4C*-Ztr6Mil&8r-%bTiv4 zyBKG5^?X%RyjVP=UzR_;&3fnjUiHjLQ~kFW?%!|i&--mQ9n2H$xmAUUJx#!wO!HhxDykw}*&d;k9ZIFM{Th7Y(t zeSQ7F9G#j1&Ggd&$(Mv<-@i`-Fb5D~tfB$O!Y$gXzkZ!c-?@F8uI3&|yT~6)&yv4P zNHddbtGIOXi;D-~_*^R&r(tqs=|a|(G$kO@(-|mKsxG#I&Ol(2E)H zlljk$jn9`~3hyeP>z+>U8iUO9(aTxJrJZFr`zr?ZI+j7=TQhSh`y&2?*(IQ`3EE4h zLH?fsuLJB82d85Nz=>wwA-yLiCQh1u-<2Pu5w?Ah0@?dq=YRCDmPuwUPR!&|8trZT zM(b@s!E`q%J-7&~@hW@j6Xe-}<8#=tnDewHHNVO4b%epu(NK_e3^ng(Fn6W_^j2(> z;3VobmSsA>=gUel-`j0?h5hyN+lLS;)Ff=QnzGyiCPwZAGd$z)OcAdo}w1M`ezq0_)D5Be%r-fJ5S~L z^Y{0O;s=I;_JzE}b@`2KjYhFBl_KKlVAhpSw2RJEJMArJF2sGKmt}~sr))bi9_Zad zU57%qeCGF6Fj|wcgVGlJA@-5^-oM6fdBLVc$^5Jj+tZN@1y?XMf}C1bR#q@J-LPHn zzG#bfoE}L4`s@KBLYaO(5wo%qZgZ@)`u$^}lyhpz=1Pp2DbRK7bK^h>k$#`Za^}hd zRAJv1cExsiVv0&jw{2e%qkQL`c!VZGS!vi+Notw{j`du36sYytU>v}0)dIA*T%Ev- zuC|JxfK?MLeu}F@h)MczZHu502@+%g`&qxuAp%`qH2ERrZd+ zh%qn+%gVg>L7^7&kw83Vg)^GYXwri&+ z*mZ-oRMmY!6?VaToJo9OBm6eP4I}xW=P*0UH>#PS`BO32TV;)i; z-mmQawARjrgA!ueg(LL8on&KY9LWPK5GlCh9A$fDDrOSDt+x=coOdSXW6Q} zak;y*&fbdA_XE1v)LBBZb4#!ihwiOSb*v0!%`DX_nFMA_6#xp3R)O#6%`ke^pDT5 zz&XQ*1cc33ifIEik#tNFzCbuek6DC*&`yV;4ddo``*^g7&o_=$KppK7_E^X*@gk4W zWhm*3F4NPxfRmX8S96Om$z8H*sG*C~p|wJ}^Q52~*sQlNDiASrU$gxC#C;Yy027lT z6&vh**Lhx=nh$h{IgN&HfO$nBvsPSj!EON6S!va ztusnA@Kk(tw4ugvsDGXq?w@)?C$$b%bqsYx}G%*XAsqQQebIJT#$Qq(|b?-V77_hJ=GROWG>= zGSq$7c8ifgB6)Fy3p6%W0Doh@#g4CSL~-#7kD$`ekov+1I*VC#hv(d#D_=7JWh}d8 zuV_L94T(y*>D?R)+_LJ11stazCD^e}<6#&n!cVUtu%G|@xnVX)riBK?Zh-edZxXu$ zaN!Dcb}4mkIx6ruuT2SJzNBYYLj~FdL)21BjiqL4kq&MH>oY0-GK02DlP2}M| z60ob=c<=nvGDpXGN#iB7HvKl6Er4)v9}x6ej@$l*p}knH=8!B(QVTtX<_R@-Y=&L# zhwRz;tdt_XPZgJNJ&0LtI=9T5*Y?-pOO-=iU}xZ_J{Sb_`Kb}&I4Ydk^`QgNM6!{P zzcz_3svc`1c{3Hkwjq`mUhlbnX??rb$ad21rSfoso|7~1Q}e}qLpA|?Glcu5Ym9&} zL9WC4YZ0d9uph%eJIEaX`<44hy9Stnv$|3$iuP@7kbW z*UmCiRtS2QA(ORz+ed@hMQ}Hd%g}PcMJrp}Jizb3GilKswgR(L@1{*)V#N#m{^7-j z|MK#RD4!!N-lf0?Js|pBA@g%3BB~&E`?fr=SD4oyuT&BIqoc}i(3D-O|Uh4)qAqp zgn0(VTkIWfBaIT3cpACP5QF0~UZ7Hq*mDkPLE@BW08np4B~yGn6qLLr$)S=AWl9U-S<7j1Q!X+9F#E z^E9(F(zxv)*cG6wOha44&Bg8@d#*X2JDzs5utB^vV3_x&-2;Nd*&||1)BRWU%^H-2 zJARoxs6aJ!_40#xzn-r5gq_lqW1=n26y$XW4|Vx#5%8iU*B^;N3lxOmV?Tk2I(+r~ zxfb~bFPnmOmB84fB!3?SR6v5yM!e#(lZhGNhm9C9EeX;So3& z`M8+|?iRGfF-ck$NuB#M5ir>}fRa^KI=$|*SLMmFTH35vaLmZf2*xdRWtx4@=T=HgLu#)<~xtG zL9{{IcaqP1HoTCTz$DUs(apMY>{<%7fLw7iyEyM=znh7QCKqCv4s)~maaBoo5vi6y zBRDXaDTBteuF=b#e9<=Qm4Cq27m;~=pi^<<%KUFCiQ!YJBQ_AW08IX*uBe_G8!|TY zvjqaW&Qk7TO1s@-ex&w0CW?++<``+Xa7w&Du4IbvL^0(z2i!8rD{4D{a*%X*iZjFQ z1ZID>wuOmW?JSkuk2mcoCA{|)N*Xv{tMf~-4IZ}|V9WrG>$r7GR`WI;T)81R)4#Q) za7CyTwq7@pOwI&cTO<|6$d&Zf9`>E7WG!Z!Hh7k7-f7?Lx_&3XZ~7MW{su98Y)nk+ zOGZ}KvLYA7%_wLs|K(~9wg1c4kWz@v-Yc*B(1q#qppQTSGbYLwpCNy_|D}(uZ$~lt zoWV5_JG&2#-@=Jx{c#G5B@lG%Vd!u*93!QIr&%=de!s>>ofmy75-OT=1-%G*WIcZu zwKUlr_PzXSD2-aoQ;q@N#dU#>XouD0;gf8!5_xUT@BY+Kudek6%43T_Br;ISoqH-@Se&{uthPv@5`S6Q$gCHO z;x<8OSafh$S*KUKp(~ViTp7}&0KH0qn`-V3Q~B}<5^0OQ6D#mL_=G|*1f>9+Bz89A z(2(oM9wLm#;-Mh5Dx}$?CO%kxE%Na++o-|1WPyL^hREPaBKv-b*#tu=CaELR z7^WB-97)b}EYs=bU+3~+mM|HfoPwSlfzvwGmXe$(8lf7vlB3TADn_EO_csMZBfX%B zU5C)|Psq&Q3+bPC@BUcp)Z$n1<&{%Whgq{0-xJ3KGI1sb zVD_CuY z^3QPzvyU8YvD&@KtP+CN4m=o2D!5Q|XhJe3;bFI{kaYQZvUwIE%TSAQUNV|RTnhHo zkQ&U=*(GbYLH*+R`nr9VuItJfqx^~5u6 z`%^EeA@CrBsKG3{i!3*z@@ElTDIDe8%O+)J%`sSns#{AbTu-QFspjq==s0f0soEtb zCNq$N7AH6J%RF-vSt$0t&mHlaC9}gH9pvi{-1G;wsWmtXc(O!2=F>CBFvj4|33L+Q z*zXx==pUNE!d>3fozHUVd1_VX*i7(c@$y!gt7JuA-HGF={)u`mLM?(|d*iST%{7ez z3v8nBOLN_^fM)j6UH%2{xlfEow}Me@2*Z)oQUom_ErM}rULH%~vbyxyhG%MeOi(1cf#z@hKrE)@(S*ejgZtA@l%QyM$GVPvApIH?nH(#Dm zqrLJHL>=@tb8ZnH41$i(fDd!p>>{6yE6uIxo4KYVp)9F?GDQA9$^Yo>DUpeygUTRd z1vA-i8(Oa@Gi!w?g(I<^eljX2mpg5>>Bq{fAwsKPn}%#Zc%=7Z{Ud#KI5gyPktymLU$RpHF4FyI~DkiOzvFopBw3*wPe(q z9Y_}nD8lct=u_|OptmcCy)qbAM85NMD+^1Jpu#z^*1hAH^oh}|!1@nNo7b1BL$us+ zJ}f@P0qhk_gF_i^u{A&ZH(R|leOzwXM4%z-ipk2!FxO2MJ4lIuY^uoXoz$8$5_6VZ z?i^!apVHFBmCk`2zAHo`WC-12B)yr7Io@kFrPN`wBVm-B+~rCf#Tkh-V$dNts1H=_7<7!U3(N%J~(+)2h~R#z4VUXlgg zgKHGpl^XsBOJm4D<65(3)jf!EM*ze9h|G)>bSRq;rSjet!6ZqQz?8Rd-%@i)1}L{T z{b_#tPlfJ$S)t?mV5@OQjWQ|=v4{)c;*JnxQq6KVp+-nYGBAsaY#^CCLDd0vKX@rc z+>fJB-}o)7q5Ni86UvME3KpN$#y`9^Pp<* zFJ1VLr)niUEC!vEiRLk zP`On*IYx!z#)F3s*N%kqZYdpQYh_8JI@}BHr$3uXuCAL@ges&)vbs8{PxkF)OIXyK zj;htN1>wZo3$LMK-pq2vGkX!7JRv@KYFs-}cMhe7Il#psU&653Wp1FX$OmPgjT2`W zqXE)18$@!%x)^$b17Q&7qHI)w2r4~$(kZq(^Er4O8Yp1Fn?!C;DajyoQ>3 z%LJQGzGjHRH|tsH@F1tj?J`|;$_K)7>OB2xGOOby9!cyJgqT0>YX2Edl0U<_TsWJF zi@_g}Pzl1FadA4u8<+F_jeI|Zt;F~1*T(Tylq&F#sQ*FZUm#K3Vrsgn<+PNk?7y=_ zC3kahYtAfzKC4%pA!o13qbe{~eC^J$N%k~<4@pnG-{yu*-v!Sk!2+Wa0r#B+XLsH= zN3wd6x~BAf`$&a=(Ygx8p3c{%#Kk%*P%dQdkNE{pa z)3+3$7{r;!RsH7=#wgcP0?da(10LSor_J))wGiedKZ#1)y|bMRjr&0-IOp={NubJ& zHcz9pAJeKiXd8xKYQK%43s#km8Vk6qn-P9#Crv)z45~5BD@;~FUlXpZO|0sow->jL z;BJ1$^A3~zN>2>tZ44o$VgEQ$BGo$Mv}9EXm}3}3NK{uIQ;JAl^>-dx+#PSaT3K-V z=~zNmj9+~WF^VdEjzdw}^v{27?7R;Y9z=r^EOv-$_R2q;P+rv^uRRKCVF6ISa)?uk zOpD|){>kC`3rR%Oz6k+L1Y28D(MT!L`X6TK?;W=D3aRGh2gXC=Jn!57B|`iAsKjS$ z2C5k~7>8Y@y`t1Vu{9S3+!Vk7gaQV@m}>eDr}KBsj3B0a1umBoFaYbXhspkQ9ghDM zP-HaRddUDF)y8Zm!aemabt-=^`-`FY`+W#H%#av@PVO)y;GwZ&PPp=2{m8Ono{E-( z18@Pl|8oHvk95NBx;VtUh@~!{Z=?6|bkHs5PyI5J%oF7u8fTe6X~)&F zO~1c%5VWw`-gNByDdjV@MWx`W!<~QqOmrGvAs?`hyXrJwnOtI6a?X5VakAume&6r3 zC&(e8WtY+K^s959<@!wXfsEg2WRUHCoU`89=6UHv#HCCIAk~)qy&!W;k-4sSrlXpL z;g7EP?^|UPWd97kAp%lz?wmIFWQ zi~WV^jtSF)dRTtt*lNyN*Az(KYLamvZg=_9u=n3HEqEH}_pUo$#>Prc*p%>sf<8;e z{=saK{z0cA;_Z4?KlAY?;THcKjz+2k&JUM8M2sQ-HcqV28H#@!*>GE_|9Na+E`&oI zRsU`FK=RfJ|82f0Rx(INvHmy{;Kx&RnN0}&6_D- zBwrfaPnC9+w5}T{D0rJJ8Jc)oFRiTTft+3AX8$RWg0t2hvHL_{f9fz?T^ey4c;bED z#SH2LxcmC`>vaOVd6!$-ou_<}=*%iNlpZyoQ5j$}8+3I?Yr86rIK+)4P_H)tIsvLN zy0oj?d-B(wC=_iT9UYm78BmVvc?$hzuILCbc={B>27&;a*QXedlTmKG0XHcSeNBE7 ze1`Sz?`yD$jGp`jb$Oc^H)jHqFQ;nW4AJTR5ZrG-zIWb?##!@$1C0r*#9G|V#JF7VDw9ep~Ud&)N@WPIqOl%8t z0R4g>_lyiQnScBW-nHX{RU7;9VxL@!n}FY{AfFE!x*5xCBjvRQGi>s$A_Wx&@bkGb zzF9>89EY6F^n0}xEeQtm!My?@;&_P$^+}4{xkZAtt!!p^3&8vBTl~?aCo5tXdFtK` z0S(ixpDU=2vw3gbDhFXM)1ZthsjePOV_h63gFJt!_Gc3SZ{i|no8grA&VxKMZ(IXo z#lSi}Q33v)AW?1;3#yWVL=ZgV7q%GCQn!=6d%+7A63B z>5?1o>n^nxwoDjBqHp2-BsC_|wf!pS-_;0M6mkT+e%(ZFQj~Cvp)D6^y+C z>$}Wk1XNEskWbcMs#omjBS@hjgC?>{+<)o!PhB9PBTu-7GH}$s2in0ga0}jQY?QdT z$5z zD>h)^TsO~n`@r<3)+?mPjqQkB6L~2p(`(=v5Lquat2_YO0;cB6Vn1IqX>kHQdDYHA ztA_h4{0n8k(r$9R#L#H?biAhdIkVRe%m_Tc5Os`8puSGtDGL=1SZSLK`xCskHHl5$%~C1sSJRKZt$|2CYEup*3r zY&!PmDDUzxYeJrx_!l6cF**zmBgo+e@ogS>pUc~#)FSKI_VO>&Lvo<+m~1G@!|8a#}k{fZ_Cb!?0rM8iCe580)> zk@Dyp)`0P@1}Tm{S`^hFBQ_K8{S&~;6P?!)zpl>IE*o&{-eM9-#wn*ehNMdpcK@>2 z#k5_{B96Gkw1!U!p>bfm>xJ}mbj;D+A{?~KQm9R!r9Q;et@Jj0jgoYfM_@2S>UnYzK@0+jeNAx288&i zZUmfL7{mnO9DGLd=ATUv;ELJ?=(c81Lu36#ah#oTWw!XQRK~=&dqYiTe#W}jzRQ? zFQJ@|RJb=2=m9Zj(ix;>i|D(jVcf}{7gcn%Gp00`sgeWC{}gksBpON($c89r3&ZzG zz4E{Y;lws^MM7o~RvZ{`Jb8|LQc_twu&M#N9s=Muc6x@%%9-;@M2k%~9Unu_!h8)Y ztg8T-Y&1!&^RSX=?_f26zQ9{0SUO;(!lR1!@517*Ck0OX(=kQZBq+11m(u0QGryes z&-#wB&yJ5~Oj-Iu1w5^TqU3-4h$(V8&x~v%CtK}_rL}ne{CT!gurw|;zqNO=Qt3hn z@=Y9#;4BqW_j~dQQm&-;0!KU(FklsX8MXQGL;YOs_rg4U=Z=uiB(%cAyN+v9O*7V7 zIU5x89JZXP+4_$OTevvnvVcRXk2mi99Tl)ns*O$7dsNh5pT@n3d?f%lRzUTJE%b~< z*no-klokXZF06jdm632ggcUKfzuxH_ZiY04AQRKmfA+H>Zd|tFPY`)un`VhupHI+Y z4p+>WC|7mH5Fqa$OObOuMJ0}l$OeI|xG-CJ(w z9Q?8Kw}m>dxP+7)^yW?j4FW0Q35zdvks8csT%uj<8oFjVayAD#oXD+4%= z+N4|^R&e^0m9JSAXJKyYpOxA%>ezh;V0-e_evQz*5x~C|v&nJK;WpIXyc+_yPm&6& zA3AG#cI0|;G!(d^h$n=N-H!7`B;S@J?^W;nHUY8?d&+e-ILrRyrwdL+1Z^~n%5S?9 zS(W_735UlYEU3WGJ^{ESTH{`$ajuNHoP&liz9X?m+FjNMzc*)wQbHfL6cL81{apyo6)9u zGyMHfx=cUlUogLHs;H@zjZqU9W8u0Y#PzlZp7WOBUOCVeib%jtJF(ft@V^kI@##M^ z6m{I+ja2%wL~_`A{QK8)kQwzE_(L4JL~Y3rBMq=8;??4gcB95@AtJTs;op1MMUaz8 z?E5S9&fbskM{87;mY0F;lWtgt#K21)lO<;$JTqAzTs~9jxsMnRO-XpuJ-`CacC&KN z-@nhswE$dz31A>OlAW@F5%9&$hhaReuRg+m)t zxU_!PGjU3O?f>eAiZ~TY!UDC#ue_T=O^Lz6A2J;8+Y}Fobax|gmAAp*JQS|bpIsdeKsI{-q0c=<0w6aG@Rz_?%sKZewh^-?n|o zlvnc;9C*jPHY$#fPXdE*4ww#>(33KQ3$quemQsN`5`o>Qb8AmZ*H-8v-d>oa#1l6? zIHJ92;M!*wJ=ON1jAc@f5ATNDHgyTa=feoJ(;_4dsDEiciYI*eH1hafR@?--nj=;F z|5lj@vcTEtKe_CmaQ?2g!7c{1kNOLw`EM!z=dLOLf{*@NYX3QoasGt@{kM+)zvcZ8 ztM(s|;Q!vwKMk+{0j3sx-r#}=O?JO)k{|D;Yu;S--rs5qD_m0uXfixIJ8?Py=H7l@ zoAq-gA1kJ%y!`9Cq(r`ZHhlPY+v$a&{!h|7w;MNfMXs`jAMRWhHwX-tLYNQur;-Xl zM}W^u@sL+~i!cl`)3Ffw{@v+&jq}XJwG-|Pu`~%x)&X@c3g$i|MkoM z5Yc}>3Hb%hb-q%vujNrj_tz(}FS0p_e6N}N;QX|XB2MSAKI(~n$Qzf@KIfNpFXp++ z7xNSwo+LU;=s&&0UOJ!tSJd!%W-eKsy3GR1^oX< zwoB4eRsQma(gda|V`e7}9-7#bJHD}d4o{!<{|@GL-u*y>*|Hi$_Xn18qJ66)?Qf-g zp&b1)u8WCfc`Dp#3Ah|}BWHdGv%gkXO}*8K&3(iGxHewm>h)xrY9J}FqIirce6`!h zHGUv%a8nV%-?JM{=kED)_L-M~9<%;^w5OM1VePxUPth(+V)vp;SmcJJb~A%CW<%^=Vhgg!cd4HZpiCN`z*eyF?F}hP<7Z6V>FuHicStfj%By zE~y!2p40hkHEnHB!t9Gh(|LHF9_nZ`!Ab#n{P8K@OvJ8Dn8o3mYohJSTKZ_Vy9xrj z=mU*A$t}HZ!e8cL|8(k`GBMBIY2A?c)L2;i>V(56+@sp==x#%1`V@zMnWM2|$;F%z zNz}Nioc=;GE^~?f`f;zUbH-u)p>HX1)=A~quBRDrGSV>`TihS95s-EJv=P6IS(yw8 z@LS(`7h`@jI-}gx(CL=STbok&u~hlIfb`f|mfb zA_rO29lP+z*7&z2p0{?Np_Act)f&+;jtkjyd`ol@Ya*DV=~-l2WD zy^HD~&}K}r@`vw82c9CbL`wzxd(~<{QSllY2Rs(*Dk!4p{P(}4z|W3dI<%3sdjm9D(^e~fK@QZkA9Oq{Ng)ao-;;_Sw}WE z4P6si%y~X(^Dc(&%gMpa3l*I($1>ZTnvXPn-yYn2DUw=+I@P}+ah>O2^_rBHyXN>w zGu=>F?%fd=x^WQ_s>OpJ6(d7M#UsZ*YVW2OThKYmgP!!VqJX@TH%)DS7N363!-yze zJIl9)0o{VUyiMl73ZNV$uTOWV6xQFAhJ3E5SX2C=Nfr0tK_W)WemzUd^T@T}MZ^$v za4#RpA~Y{4m*coGQ-yQ~c`(PWW|P3!GTv)oDAHnU<(f^%&~7zfGvDg37dEo7uzHtn zjZi8#LH0SmOgRkO*ODE>jl+s&arfhj4qSk$hJ2C=+Si=KJm$w0;J7K4D#FjzQ)<+_ zHiN{AAaCFf#_bH`4|ltX6Pigo;$v;(|FXzsXk($p=4tzWCUMg3MuleApUK)MkDnN< zEWhJ<+I~*NmEa8-EaW!&2x2Az&(r84ab*HS6CtJcCZ*SxFf*X??eL=Br`XR(%UJC& z6}Q&Xs^)Z@1IJd!GN3s>uEIzmkPUoS$$i_0#Y#=>LEFE32)i8r(C2oKdPd2s6h<=u z%+S{n7))Ayq~|>+Mf5Xn8J%5AwGl$N5w!}=ECz??h#PgTb*RiEzHnR8p*x^s5+{W3 z`Kt9ygUxdmmD?JX@u<$Lb`R_`ZY zmml*fAnhMetC)o)6vF+oa_>|Ij3km*=Z|U{di+{)k@7fwW%bs0Yta3XtmG6_C6jEG zHZ+ZCTnM^;dymb%{T6}89jQunl4bGh(~$kA*M8|Q9geyT5m}kZbo;_dnI>x*ly$;d zj@GJ%&$H$HB-eIpVp9YN zl|3{${UnYwit3e2s*A3*)tOwFwz|);d#7)C(UMuR9cGEB74{iT3?olO2mBlBd-5TmW+l6$JY)@L2F zsg0}|UJ-wMn~TYE_FSRBzWnQx)LFK&L2EzEr6~5hY&4u_VVGBgeEr%H@q+y+TW%k3X z?CCm2_^(8w^Va99I(lZPzT;$0pp?Fx&r!8?95jlFN7{tCb$W6vt z)hJ47t)#EX4v91|mcECSpnQ}`B}=3Lhb`|VJywybM4(u>58n(U+nR#4Y>*z@(%PMu zX*e}e)s!!m^4JMyB;H%^+-9FA6L^cO5JD!Tb-og}D&tJ1736AL0r8_C`XOK845b*) zA#{ZFEHv3S1o8c{%^~*4@y(%}W}Ft87Rpn$y+DLpFpHm5@>Y`eB(ObM+uM)Tl3?_i z?ljH~ct+oMuSw(T@|%r0?xW(OHrd@>*QWKwOk10HCNd9^F=w_dZlRpqj!mnpGb8Ya z6StUqlv+Wry*>BE^Oh$L3Eu8z7bY$7YjX7kMmCv*(|2CFlo}D266I-FDc3ot`J1%_ z$yI7pa#p@DvcV&jRW-b)f5Z?%H6I$qM8;fKdQoXVv0!#N~bX92lX z#)gKg`ui^UYLz{P2Rj*J#tf5;l6f`Gky>7Q*_n+C3rpK7*)`Gb52FOk4)H>tvewuyz+RxR#Jb)se$vZ?o;XEU9GaZ}}1jn+tpK;*38Q^VqyH zqpDdRq5v$`?2LC!az}cMX{=u%9gsB?q=~&i;8II$g2_n8E-vqmv~TZ7C&ZtZcbYGo?}y&ihF2nCNoirL_fqi~ zgOZt&S3_H(ZckB_Qn%w;DciQG-)_=bTmC>YL5RZ2eS5PQbDT00=BfjSA0i4PQ?Yb} z39msPV=c68!v?t$7>Os|ji1!7T_f0DM20kFLtfZFr2NIcj>l%{rW3X>MV5qv9f}~9+|67_*X5#{>Fy5< zTpB~sw!%^~-n}D@f+|TAp%GVm;#p+ZJR?IsyD>tPBnbK9Z=)&G;rSu9ogULwLSLN1-L^el(8qAsh*iyoA%Sc0v{`AF<J<#fGNj^N=5O0LCDZ}qOidjXlf)9mbrh@0SXVaE5~-F$ zrbVbj1^|>Te`BJ<_)i|HbeAh_3o3WF;r9xTA9LW;O%G~Iq+-Y7!us}qn=}zjC z5?v9jq~H@3Y9`SW=^LJe}oQ^@yhe0oo@*7u2H+vMN*=Em+=ph zhCI7yZt9NZ-`+%la*sL+wgZd+DVr1SZuRLJ3b9fp&cS;>#R7un}@HY zUAv%W=CcM1RlY>uQnHyH>xF<(Rzma7T zhB3r@-4g0hCS`jAfzWtH2D_f0>L(zPCaQ;>+l6OlhHQ$5(iG(Gjn6-l6*7=8ZqhT+ zRt2ux@uQ<2ShLYWJf9N?efu^$qCNe&Dugs}psmWWZ%a6$Nh#8PNSBhI@YV;;eWIdZJwnkXxrGzTgp&=1hz{iQDmJJy zkqu@Aq(#~&T$^h1>fIj7ly$U!`f11WB^nkF?RJS@QhJU!o?ND2BE&G|e)E>S+*b|$ zYRdq0|MtCTy2hx5Dht&gvpE&Veg~)b*|lV!$**+9@X?qxhOkfL5QL!c#c`KP-?$Ax z2pG`bZ}GJxlqe@n=jI9{Q&{AY!9bBI+K3wJRol&RZ>P|H9YbejCFYOlLBXW+Zqmu7 zY;-6h=#Y&N5s0L?Xj#J8*e;V5WfUFY8Ksvb@7aARPp%e(ErGDzODc(URP z)6SCh`4&{THfy>>$r{bY2O-+#X-+LFx2j0$&lPp|r@)G`R3p_o%UwFl?g?@H5*PAA z{t-5#MYWQ=ZSM=0dF3ma-aFdE>IGTPeFKCU_hnZ~8vO$ZE5>v}Ex$8cEqr6~jtNd9ThY41rBBF*yu~H_%?c6}73Hn;=3_ zLM1R+h-+>n&!}~aX1-wYhw{P|E2ux~?Qns>^S5jJgSdyRSc z6ow>nD7UVN30}_G6ez0zG|ckl9>)kN)K>> zSC*gT7mjfU^|8qYo5BTj<)`>xMOlu*OL8Uvp~h1G4n+ zoK$^JTV@*Hq?ewomGoXs41pWDjMnhv*-RcF_DBu~6Tp2w0WOM*UCXHxR&)&xPt3p} z2p$@X@QnA&6qQ@;vyv0-*hfHEFO{)Gu*dKLWJAD zegmqL2rprmtWb-f?xJgfxCbIl&SOk0_ihk6#bI8{?))BQ%1u7B(df(bwzA7|g$Qt9eaDJxXdp zI(6|2AG^3{hq))^!)%`sp%o!10`qa<>eLvH7f?!Q)NOrutKt$-|Hjy?OK!-Ic-sQ% z>dRn0Q|3%>hM@g^L;XyOJo(@)SGXmNw~mPRb4N3UNUujZyZerMU(b24efPeY)9e;l zauVZ~mT*zC{YLVrIId^7&emuCp(zg%(=b^<@e2CtvNWV}C_Ro1=&M|YR#z9)&S8AK{zK*ek!j_w#vXk!rCh#o5`f z&gyi&2VmuPfHCm_akr94J#c4Z0tF!pi^F_v8$0hI1EcY;^$*wYG;WMeSxMoAGtN{W zlQ2TnAEd#~-=`7MA!2~>-_A+;J_5zFG{dT@%wfm!NT4`2fMP`c?tNEhfhF`qTcsjh z1Qy44j&C?g$<;z!Cm)8wJF5}ABxhS>-bDwRU;D~!!2H$KXE+r+f=gj%TT*#nmIp{?>aFt0GhZIo0eCRpicxvYtXJsF8cvZT>2o)=4jB;z zNl#C&_T94!dcU9d##BxJU}NqiJ$Fg5kpyzn)y<9f&Tsl(^k>N{NDHJX#a#SQ2+|XH z^BOkUy*M!-(%=^3Z+Kq_a{j6T?=MoSCfzQgrKuAZ?jZhVsqYQ@AicEYJNLCOHISw_ zg3M>ulC0_sp#(D{Bi0RS@0Q{DxL;+}OKBy_gagHosYgf8yk71~%s-(#9x#+(aBY6T z#v^N7^R*}6O;fU!TaP!SLOY&l{{Lg{EyJSh!uDSgDTx6Q=|(^$rCVSqkCgo0y7FF}2UR%V+mB27SZX&EaqmTroxG~ZOj42Xy?p%4@p96CYd zOUF^$iL0#C#VN(}c0uk3ko>i`-DP2kEI{NoE8t4Jp!L*g5iS)$Im&?fG4tGof?Pky z8poHwH_`br>=s2rgy1gJ;`lpPL-pBFw>Bk1DhmRZ?H-aI+oHlB{V%=PcIo6F1m@KV{=<3Jy6suceKmg*xyc!E1xQuC)?Q z-=~_n?RSLige5oL)V5J8zP?uB4PE@acp!w^gL?6aPK_rbBErv@%_khhQ2pS7IPXXk zISkN;+R7naA3A~v>$tDqFqeZWY2WG8nvTw!HNt@UR&5fJiDD2ZTc!QT>%aqs0yp=3 z35h$D3)*FE^d|KxN#)erMUb_dnTGV@q$A$N6eD*GGuI?d7?S*+CR)>O$pujEwl$02 z$vkpzJNB>DTxLgp+KfSIGxgER9fe%T_-SH$v)De^cm|X-!xi8h$^nE`zeU!M$AI*QOOvQb4dKSMIL^Kx+O;r&`;=tJY-(LCYuUG*pJeV5*DYwhJ3Tn%H>%k2 zJCafkbZONx#|%jEK1pk}sx?NrbDuJ1OWsBvd5Syurv5H%`JEYIozGWRay}f&AmQ>Q z#tnW@ifn`vg+A(d@+EC!m2rQABY|B|iIjCon`mcZ!LvJ1?1#kERFoZED-s10RMZTH zCl9aH=#I5Iy_sTiW@(OWK@AC>u%$S5?~rJOC#u{jitvwdL{yLXpQIwpM=&F&1&`xk zMxI$gus?4o-G7hhL3MxJ2tW2;I*ZxV?+$nTIXkIxE_BYAZspr>+-xvyRoVP?1yR9o zIr_dNVo1~rn3}#jaqt$deseYbQVU%YK|pUSka9V zEi&s|0YnYO`DZ_-!%l&uHNI5@ifMJ#IBmt2a?e8CGvOOY-s*%xEFbaJ#ZnC8}cHH@t3{Y_Z z)PcyBsPnBUkkYo}5zpoWl5ehxX=iBSaXIZz85|LvN)U2h!F;}WhCzlh!xb5=3I4=8_9a9K$A+K2KJ|3N=!MMzIS&>}_G)=X2E-ZCM;{vRSUwVS0(1X=zTGnm`uz&AaJEv#%FgNjB<*RS&)y z6WgPj;#a9q(x>F)Cke3`+X1du+d#&=bK;Dg=cEJZRZ=7Vp-eeP0Nki1-IxeHq?CU8 zUeyCr#xm9c#JMLJ^R7q_dHxi}xYHVoe#=x*zk(>zlK6?3WC!SLbKz-ON%Ap3}F-A;S@nlZA>tO+cK_P>1&+$W0peeoEu)%2> zR`yKyz3Dw2iJwu6e|i*yU^|eb16&O$8H9|?>jB)L(PQok}K-aSe3!8jV=9|2Fx~Sikx-DWiKAEjVd?8+_TT}^vl4q%o+2X1FLv zuT7Bk+iP&~yFcdrRvD>zdVa|B^@8a+^MQH>5Y=PJ84~FMG1b-0RXaM7s}dAlb^V-CA=r#kv-FVO(HZU!Ge8 zF8Fdf7R=!ksXV>1$We8p0y&r_(UEi4$yyX&g-np`vg?itStwCA@k4&g>B{_Pb87Fy zTx_u!;EXkYetxT8YqNK!AfzPZB&1%BZO=C-f4%#Rb!XW)RoEtw_hoJCQIL7B(;I+F znGB2VxcGEH2_8ol+el`qt{fWG5UI}r0S3S)efHqVrGUun5y=h<#1YtOAO`x#OqOUOQo`9*W($nc+=d8Bh?FsEUu_ZIzKy^j$bKf))Eg~jkI1zhn zRxw(%P}&AyB;!EE$YtKQ+?%1o4sav>7lvcC{ulKs{sJ-q4BwVB1^wzHxM`_{d|&iN zGfHJV?oz#hulR)UBmaHA@*;3bdcwPKI&M7K=;caZb8BhkOwS2dkl*Qn zv%CWc)aLswm=MIu0g}9Ifa$-TAmpjeQHo+Z$5Zp34{ce4+-Qrjh9CmSsZ(rYqqOmz zSmx=E{uig-&9rPv+|(nF74adMEN+fetMX8A=cWL?BC}7wgV>BMo%|kc^A8CD#r{Mm z&BG&lPF)l6DKxS}x}78TUp0t)P@cTmW6}|z-zbl^-FiOu2B1%{EE!&-##$Rpop>Yb z_DpWgYV|dRaSHjR4lPwqaX9)jr%sTcW{Plc$22?HUErV!MzV)JNfU3&;aSq5;&{M7 z%^L-9q%$p^Ykn;zsj+q?aKH^ij zCSeoSX!3X&JmuapZ2DWk7QQ#~f!z`unVR{AP~BRaJ;)AG-%dj6t7|$C9j8t-GV!lM zlJ8aXYngh_3Q8{7sC8~09v9?JI@rl1V0ncJF|!Q2H(JhRxyEupPtF!SKYg^Et5CLznP>DmIi-L@xV9YP5J1 zwOYBW3+v<*Zx=&$kB@U8e%3_KmW5_>vdc&L(ppRaLCG_VHD$#Vkuf)3x8GeIa3xz< z1eng^Zfhoxw^kkmCepIc6deHd^Il`dl!o`wx`owHMpeVn_7paEZBo_yWr}0a3whOm z9oeQ$u#%DW6Vq6a|G}D0Vq)TYw;AVcg?+FEM!e2~!oJ_soB@2RCSMYH)A5f#b2Xu6%l1O&$th@}9PjBh{Dj6{Tpp+Wgc5 zb@ucOfuViJ?}iK;?>Uo}8j-uLb$s4iRZqdOdlZ!LY?5igDk3tN&h)60Mh1wDw&(f*eAK>kYczvenLI8*Z5|HLOEPI{?R8>VUT*|nqgf1qLS0Jh zk&CwF+r_QjxUUhg-6bVa&U4_Qdg?g_7mY`}Dc?`t+cOX~ZHLnfe9mm4;F^9KMy;l4 zo;?gRs1a5oXMN)KXLbq?A4MQnv=>1epgtYo*sugT?sf<)OL5pvf|yB@*KGsercC0xaSRB1+E5 zL|%irviCQl!upf=2~_NxwO;jBCU7WAmj(pHcXS+@c;G3_040HWO`juP=)H+t|EPIc zIii`@Ru)t1&mYJT-6NaMD$P_Kz82j-V;)Rw2?tT;1uE}9tm4*=2Oq|>2%a*Wtqw|@ zNUv|mkycSJDLEB3&gL>Ue~R5cWRzY<4kUj=>OE>=wNiF#p)7J=8*VFYL^`re@m0h= zNf95hL}aW`JOy~ zTk?_AkFsP@kM)Fn*~$q0r%T6~57+P-t- zq@{8sC1-HTAly=OQNcU*kr1PJHagl2LR!YOGhgOCcto4|JSiJhzHnT3tv^2pasTIp z26yIvIR%Ir&ud4@y4TLl#cAD6bE4%mI|}b(6?xhJ;g|h?7EEF-FxI^PEq?pgQu*)q z{@->+>{|Nk=)n4S|JzUb|E-H2^6XFf5o1}&?tbDtuVeU2kYoS&Q()yx=v$aYg0M-d)tux zgNg$@tD^0itB=2~=2{$Asf|i23d^@P-vfazc;Dm|y^QjTC=c(c6?_BldoRAtWp)fDieNj?BxbxzxCncWCJobK9)>nahrQxxe-8^%m1(D^-dUFzzKh96XqrAdc~Ot zgvZad7`Ejd35<{1-I-E?(tX5^^$38$S^ zb<<9nWmh>WacuR|O!d5qz1>cSgMoMM^ywd-9983Xjyv4uOTQ;6f&f2-g%*a*kSI0gZLpEq+>Q~E_tDOP=vzo#6kLOxp z(TWM&2WpBb+Ht|MUdx!ZT}2;s>HIqL?7wTuz)r-ops2i{y-y+4c_+gKY#0A|Pa}X> zLy91+G;**Gn480#Q6W<;cDF^0mV~2#W%}+xW@b4wee^jYtK@$Qy?IBo^K|C9ZMmN+ zR=xq-lH`s5y{kYYz##^Kg=PNle*;lh8yiIc>{(Dy@Lf_`+pF~^YX;CN?>2(}k*!Gn zKZN4SDsMt<{EdnkWn3mbwpGi)Z{H;5OHraP`pv8Q1RD{NzDC|oD>zOze!8J#&H1@x zxa2rLvE(i(BZdHc7tm7(Ba{Dcan~?eOMNyz1doZ(xC(X2Asy*3-)IBM@`~wFgwu1n ziAvs@ii#~=?+}@rkoJ;xAorGX5&xlE^3s%kyre>=!DH$z?wLI}8&=!=R0bhZ;aGXG)VvEENh)&vX8*9$iL|2y}w7`luBH#P8kf1xc#Z_DzhBWnTl~e3StPe%K*^HB}vM zD9{FBIl91hNL{>>i%8*L@}2YtK3fm)7F~CZNfulUpeFA-gPR9Ivu+Et+l`WJASoS9 zap@l|K*F9gYfy`qps>$459s>Y&EDVroOYnTI*<$lp^Rk!XXfv(BbB5Y>~a^}Q1*pC zIgm}n<)+rws@z$A(`AJ5WW!FQxvQd8^OrA^{A<%ycHi}!2w(oZx7xnCygd1ic(tg$ zzTVj;s6)W=U~N%=qym=!Gc!1BQsXA%|LPyB)yc!Tv+sL*R8k`FPmJfk2z1@hAEW0oc6zq>G5Dd45bITn94s$C=%a0+rEW$MB_fAPXP;tn6y+T1|S7EB0kd64GD zJMF9Np~Z`{BYR-N96v$Dz`(f|n-n-xYZ^4s0;Ubq!1}(qx6)5KGv5FVP(|fO^M2jT zzVxEsJ(1>$lT1IP$qs!2xOcv&#q+SUcK{RykCasZjI89Z!ghZnU?_u)1iq^_y}$=- zfO3HN<%gMy^KE2OORj<%pc~P;WyZ_@y!l5<$_qCmB+p99^W_7PXJ z{(C6qP}yTU%y?=`r8BB)>f^A7YesnM*MTQKsKbe^s}rrOUZa2uYD~n0KU0Rt&Y5df z_L442HxmJ3rS02;oiEv{s?g^@-bS5KW~1VaKRALUhtf=tPJ(ER$$QpVdou6YvT>ad zrfj>82Rx?rU%!46b@&MX=eh1w;K@GBX)To#5SGu+eW@wE1e2`!+dD)wz@(A*2mOza z^8(Ln6-zDlEq$(htzp|ON?-#|*y6td%9l=^gH z;M|!#BF4DlqNK?}E#Q=Q<~;Oj%ESMPt9rvnuKN4O!Y!n$^fBC;PrtDTvo*J$@bjsj zo*h{BW#yxzU3W>pyzBdc;SN^_Yb7QZ$@3Zekw=yxe*P8omHxol?Uoh=4j(HHTpVhq(V%_XH?{`Um}&%jqdFCad#7=g~?;9U+*pr z5BV?ZFiV^K`ONBchniZ3>N$nH)XS$&Z%HEW`Zt1S7>gwEV_dBT$E%njagWVU{1KlO zTSOT$!xD0`wvaoZB=lLW_;UOcL&LVZ_z?@nX1qRKfCXa*J&XdAF-wqh5A%0-k7~)< zI(O!ZvA-;*@aIn;~=?W|zVA8lUY9?$Ja#57=8a=HU0!_?a z!p^w3;rR%Fij(EHzC1@<4xD+6s4o*vKiEvq3lW)>U<5_2;()5%rlkFL7}6!Lx&CkNqsYFBEVFrU86@-_`R=<@RF~7 zF9BpaoU+@`(04h(slv#H0TVPULFp)pYfE)?yLu_}Qr+M(<|=vX;?G86&E4L01=LBe>+CTw+ybTs2wuxg=VwS4 z%GJ_88BC2*r!zT8`Bf;Lu!HPK?B{}pE`i_8N(wMk!eqhR?886N0C==T6${g77x^|w z%e_|8QYj_P-5pJ9@$n;KNFAqA0yOc;_Nn=fox`R9BO$a#njb3F*xWwEyq(c5F#sT*69QmP*fz#`>1FJ#~scPO-EkCx=(!&r9?3_Rg)S*smJ&`ViHy00H(9d3?X2wg~> zk10jm(FdmMxtb`@XDe`)i!WgdtbXI|vaE`>c=oi>zciBi{9Ka}xlfY1)QrmbGM_H# zK6;_~ROEJOOO9lhmaKZ`W!54+Dq?i|+L4rdBoTY`qEs%!o~e~ir!0Sc7|-Qe$I-<( zx}+DUTa}0{Oby5R^1SYw_w;!1zLz_clukhMC-I$uBPblqr1(Sl;o}3eqQc@N7pDhh zz$-pgH#}ms{*-RX_Enf&CR@e7S#R?$~mXh>cLk3yq)_0zb_9 z+wg;p2?Ra~%_34>*mhQ0I$>=9U<`g?J;)uQWW=OScP+$#*rtZK?{Hyn+5eGg0s*23i+=g&9EC8`y9k^!y8vvEy&@0!y0udZsjWIDKSgG2cbQ$tb5&Zx$y zdiO#wG8y%=CN__w4jD2jF_P(!)e9k5GGAB#4@{BP&iuU2mn|hj|Fa@7SbOlU5q{_J zrQex1twEsqC|NYEOy7*BWQ8=xpKAhXA)&`jm|?*LK++0*<00-K4tW7^(`+Lrn(%7! zIWf-48A2rCA=HJ0PJDRg@@-a$w9xq=y1St7CiCf&0GV~I(a_&N*bqrRfOlQ>veG&W zFlc_(+#^BU$dJbdG{^_xAE%lGdli$;aKdKpjFVQ`Jj?ZtzQ-V(CUrWkHWPnN1GI2A zJTi)qsmQRdeaA6`!xfVIHP@%fe9h$w z1mgm$^O70;VaN#4aqB@-UM`7G^tSu9)v0gez}_i^td#F0IWz6s&u=qT<#zeO_Ptq^ zc{RW;DjIUh>@VCu?{~z=j3XbwM?tvdWcHrU_ib>3l3Du+`rW?LLjWy$ugu41>-2MZ zb)~Lcz4`)QC0p{q6z5L z&J*ql)gx1%c`tq03fR)&}kH=R)^P-mqTAkDVm9!!mz~V8CL`R zXPQiwAyyYh>b7KAL$zdw!fwZELHK0o8tB)rV!pLqU^G7+owq zi4tygj(G@$yP&As-r7I&4W2d5FP_Lb?ywabH(27fKkU1?%whI|6y~Tt?BD<}x6B!M zCnwF3n8bb7*!8^OKTsOJ2e6q&Wn)^&J^+xjKEhI5D<^3Dq&A=55rNYWpebF3fZJ#K z-Ft9Y^iII17&;%U2yT8zb_*uq_qz-!)QD!^i|J|BLDoU@Bw6s$*JByf!}hVvl*w-; z-u!8D2%c@9ci!iVB&*D9nN|Vv15Y9T9n1zA%+F&vsHcgeetML37!BzWP!<}X^TVrrPz8C zdgJH*p!9o=LVmud?48-Q8dT<#B%4Aur-+;SqH)E%Wc~nF|5?l*dt>cxibVZi=sXDCrE*tZuaCdv2)hkKQa-cuh^q&k#J~$0& zW<12%{SBPBT2qgjmJA~z)NgS0e$UpaP0shq@9YO6;CK2TWR`1GT)l{}Xyev0 zj)FrJT$7aVem1W8W?VcZ#NBTzXZRZ12d4@FCc@{nl{)Eo%mh@Jw!!P&G0gj~xmOX! z=oWUuLiV(%OmUJ91zc4w>6EBk3Xnz2$WJ%(uK23 zZ9o5K8g)wGvA^k6*jI0>)h?JpF!uXbmYHxSBYv!vH~gBwKU|u%U*;zr=WCHd3Ss1o zanwNen-;8!AM#=NM1kciuXVU95-DoCOt^Ec>m6d0{_f@Y`ypybTjYV8F;f+ckUWfY z*l^5*-sOews?-8mdfnxv<(oq{5`C@i=uj#cjiNRjw{@7DO=^;Qiyb1s6h;wt+f7pK z$zz`_8ev7}*c5QmwZVtRjiyHMvq9PTLJ+q^b~~6aThCUcnY&}?cZOK~ z79?D)&eT=Y+6l91y~@Z}ip{R$gc$B!r-ZA^aENZ%@JhH#MMlwC1L1UJwuii7O4r~3&-T1;|8S9a$zX&Xsz32r{C%l_Pr z^d3wT+!D%G))-{eyXEyl2^pf`W^MF2PhOUBoyzRGqc6NxI5axbGcSb1Mq-Io7;m{l zUf-CO=~JaX;SF;|73aZ%Us3dax?`XH6nI$J0=>12NarJ!SlF~OnV7yk%YCue_ByjZ z#_1K?6WjKVXfdluyr`PHl|Kk6Djh4e-Gu)TK9mvewj;}2LC&4y(8)LSNjMKAX7?D; zg1OHK>u1M1HDL6O4oPYj;9u!c^jvJk=~qRdt%z4uH90b9cQ5%^ZlIsAWT#MDLnRz< z`Z=DCNyh_G$hO~6lh4shA$bT}F6+BoniRei+LU{4=A8^+ck! zaSCNP9TPHaaIiL%#soQxAZP*)sD7i?0zU^HuK`OXWrpA zS`#ZIXG33CB8?Nk`N<;(J!z4V_}vC{wkbEMK&}EqyAOr5yLF!qJvw;%Jjz*d5#z0AvpF` z!q5)-(G*$Ny+d&bS@*l|s(`Vx3m=2O1UU!7j^n6oWkuPbERAgZ4wA3~>px!iC7ELL zC`fJEL+{oTv6_OmK?Z#k=1pfc*xPE8XquInQht|eoqp(0iL~xBZo4Fxgr6)lA`((k z?nM8r`jdf=L6BR7vG?uRDopJ=) zitauW*&q@pFz?X|hCm!eO?Zb20kiuj?R9K~Rcedx+|iFDtsvDG3`0IJ_~%l{H~zaj zKiYx_&K;Yj8A6hUzJZ9a`W3MUvCO+^bdg^Ts$7(QMztzNIKK@}R6!BEMYI1?sjAvG zwb-SSAH4wO#~mUNv;;VIkM-qnCsJ9eP`GNTESs2EcW%`3Y1P3s%525G>rhfAU6Q%a zQ8P8TauQP=}7hQ<7K0n$AcR< zMx56Xa?>Y(#5lotzZlQaQy!w7?zs7g0q1gM=u-}!8iZ4w;axH&(pC;Lw z&(lC?%Lg2OcS-lto}8FBM0_-w1Ab48Nq1wCb_X7| z_upmvMpO4FlME+_d)_*mXgUp>D>bCOgSN8KqS1e|7((855xt=1XL&5t%ygY8htxWt zC%!A<3rNBdVRSS;PFLd%yN=T-bDF*k1wZ)bsEjOxYWkOAm!a@SwVdHn=fM$=xjqpn zx*k9D^L=%7sR6-@%l`Z*7EXwBy(}=5;0H-{HAWqu?Qtxff14NRi#K57ru6Cb`m|S*2mHN!~r( z-~t&^eycMJd(l&;?i-oj`-)c4Yl72xI{{ZdnE1@|N#%D0CYAh>rf!v!dTCgSKi68N z4#FlAu1!%#!EC^=yV#~k{YsW>YXt?lHYd5nKc2*J@fu!po&v?vCd0fD{O!?7`+ zWq!8}pxbu*S7-eFr49dxD>KTaOa}(~LS!&Jd&qOI4?@3BKL+gI#SV0EF50jix(;>` z&PY$zrmy8P{s)un{yxFYE(^nY8RVx`xCCVOBx;UuVp4H)8SjHq<_k0dU+^Ob&0^vU z=u4HX1E+@vBR(OpBNDfN8r0tGpN`X?c=#)HcNKNTyGfPHl{%ZXZKu} z>qGpX%&yJJvXI@a?>QA(C@ML!`?paIHj``CKhgfc^5N~k z=0Mo_M%4)!a##Iful`cF#MJN3U2_eK>z&-eZ0V^NAq zcapb-MNRv4-ODtd3O)#Qss|V;VuxWq&N=BF)^bgxe(#h>UA_wj2cwTeA(H-Y1{i1LtH0*45ixjs9*b5$}w&JY7L<>a?4Q9l0Q7| zP{nD>W9w#f`-*y$x@>=r(**?&0I8z9j-Ccm(jYd1O|)nu-oL+aoOg3gD=5$k^@|I5 zBkRiHhMvoi@afujX9?t(KH_RNg6l)shWnASk-k#rvLTRerP`&%bD=Yfgot-%)By=T z0!!O-k}-sA3wZGw=+XBcLDrD%w&Nz^N|EEfG5U}wavk|jJnh`cnivkkOCB@4ODl$H zR-=PwV({G`{pGa*k2&xab13fStT0f@(YAfadI9y~08$sqXJh32iCi(6aF?%Oukxmm zax^9CW*59~`Yg7bJ2-6jIy5Q?526!SH1g**QSjf3DE=3|j|D*4VnNx;-AnOkry>Ys zya9=0umdq;?G#cq0plGZMhpMUC?;f-s}4pG(qTdw{G$o;<=VK0|m zp-~YA85z`ugxK^w#=w7}^8XjITM2~cI7~-3ck}w?u!%s4|4B-{I9m`q%Wa{&RE@M5 z0yw8ZF64r_k6BE6OQ`NuuV2Gi-jMC~a|0!fy14-Ko>d2>LKr3ze4}9a9WcmWsjGn@ zhU2U47K!?$o|?T|b?AHTFoF1J(3?TxgXRag_k*LWGAhP~@g)y{+WJ+qVb%Y#TIj38 z#L#SMpwL~16RY>UJO5;@WbjmO#!qamm-#lhadeMDjLKZI2J;$s|9tlX3YH9JtW;!| z=Owua(=WN|!n5M3dQZq?yCaB6*x3fEh2K{unMEf*S9C9H0=l=)4_mDIo9lY-_&a(= z%=Eo3*PE-BgDu#UzFW|AF+gv@L|aCF`}q_OUW{9&o(lDJQ0HUa*Wxn<^&Tsm<=WYlWt&avnWvPj-hMWyH`niq<{-a6_ zR}ELwOqajq%4g@M64RfWNrb+C{ZL=3Vsp9O(xa)3O!UQgo1I71NHGI&=4i8F z|7?;utxpAy`-Fv5e1a*L*sD^5cki+9Sn@Y`8IIL!tdxAZK!;k2h*&<)Lec6U!YZU5 z>JQj<$i(^m+BCi@v259&v4rf1&8sSeMH4*xEoURVXCqyyf_W23=W(_Bs?f)&yI`Z> z`#DCV!MG$1dm*3ytB5c|Fjcgi>J47zUiEGUK?df1pKLCwvzEf2o*wUCwK#0*)b;Er$k{SBuO&uZ``m(99_p@d0L_;T(a-|7}mPP%!wLdIJ7t*!V3lsQ91QeeD1I|BsC8f1v#TU+K6JCQwZ}=!xCiU^V&|NZ>~i5ML3fgQxy}h8Ui~1MDE>en1KIkEdaz{ zCTo|6Lgr|DxqQDCD*xmWY!xnMu` zR;uA6YzF1duv2kG@D}7XsdYJ7g^9V&o-Uko%4=d%y zO#MAL6ny@wb6>v3ipnq`BjPw_aP;S(0+$x2&$o0LyE~E_7_F=PDY+A_Mi-mL*kJN4 zQik=vv(db;a7wO8Y_^j(X3Z39rD2+Dm_nN>Dn9dEQkPPH{_$hAQ`>a|^6zn3-n?%n z-+pNKAY@3e00Qr7kPd6S6WE_04>ZnneY>4WL?cG3O-^mH@GC#5fNeum93l`s0tT0W zzg?i=GT@f3}5e<&&O-IOhiuG0HY5#J4+AnqvR^K9q0cgaf9&@h7P zf$p&=12wr=t^cDbY`PP@n1l68&dx$jYlSrRd6unQNjgG9f+Gch@t`{}gilImZH34nf(@BJ;Nhw4Pbz^o#3iQK0t-z! zkS(ZyRp2WH+z&#b-c@4lRdHAqBQHp7k>&@tXpMZ)zOx8i1n?oM04Mhan3AeI7U&9C z0%@+;d|D22dNL+)6A;Z>8Y6q&3RZ{=@GHGxlucVwQF#dJFTNFObvfu%nhW>+LH)%n}b&*k1-@7Qm9F>{O%ie%0 zN52jJ!2P3GsYr!Ns<8_YxrznU1J~4i{X3r;tC(%RG2k_s`K~Wiq@EPB)uF8-8E{?( z=1FX0xgmKs5mADk#S`gAL4f3j2qB|2+c{s?OU%gFp1Ez*VCia!z_8xiX}NNk{1yYC z=zaB`TV~WlnUF(ta|B~Nr{rQ~>!T+zw^p;5H zKDcJ!;6tV|3wAB%ithspm?e9SOxZyoP_O}Qw*5?<>x%RD*&o?Yma?X)fBcwm+hf<3JZV&E{hZPzmTzJTdTZ04y z4+1C9pV}@hOJn87X49hfbiI|iDcMxqHL8s5Sf_7g3*(clIbylU)_2z>-F-%Yb{?ef zYLyy1*S7#2*FEk?umHT%RU#K%bG0&WX4b6=r9?6cbz!XuUT#leup$s~FFV%6%JfnG zOy}uSvuEF)lo>Z-TpOH_fe{gEYHFrauN~FtIy-U4b9_8Y3ePnf#=wjXWD9{v5zRDXsfY?JgoE{$oJt#!_MaCYv$ zHq2UbEWP$lRUG*DR{u&_uthZXpd6YRNpFXpz)RnOs*pL9yIFIJDe_iOa8S(D-IE-l%kH{(2}(>LBlsW&r3c5pzQL0k%-*@tTc78LB~?=2qa z6}y4XTq8LV5Jmo{wDeycM-VhiJ&Di8Tk%QW8Gwr0gW*I5+zI^tit?PN)1{S2RaI%M zK4bKMXdmpq06bK)I1$`njN8|*Lp|ixjoBKP5%a0t?k2~Dh+UiyYSI0yH9IV5i}FIZ`a5>2eM{i>ZC4bRZp`~oQ{lSVO5akx#NKTP z_hPtDx{*mR6#r!6N&h=*`LEIKI#OV_9>jL~bM zsT7?OiUcRcu1cF`V;534koUaG)Fn^xqZe3_2Ja*<`HGTb=x1iHP$Octuot(V9VUPiV(l=N*1$qQ9`k$SL zUr=94p^lvVPj0n1h;ynLI(4?Z&ugb?Gws0l!8g3s!Ew{GBM7zL_bai=JADNXEL=R_7Vo~k%9apt3dKhL222PrVaO=KPmezaKKt<5ak7{68_gMz@DM8 z6-?vq-PalZwvF}&BVAF98(!BYEzdC6B=;Y*4lB%1>H3XLt1v4p!IM7NHj z3Y(iwFX94q`mOuI9VHy^meBN=VC43 zvi+Um@!fuPLHbQVGclZwR_f}7sE7O;%JOeqEz~}zvSNzl5Bm* zB?P{ONUAh{0x~A}0l`@_NcvIH(2>hCCoyNO51JK$s_7s+wr45U#|OTt0)v;B{p4_# z?D;!Wld-JmN3}-bT()EX=$#4R{ccoFzL-Mz(>Vmo%3{cV5m_bkpKgQ@Ab_hE2!tt( z)y5w6&^&yttr*1UikV57-gxKXjdoH$Em^26x?0hK9qwE>R_{VCb6^)aay8F7l=a<> z8-r^G6T2Bch)4UEe4{kBN&Xi9Yum3v^ zkrT%Dus=%=thJ`Dz=L^L72NO?b+QSG7%H~Z)R?X#td>^W-CN7pZMYSq!|Pd`xzD0n z(gynbkFvNy(dyA1*%Q4sX()s-&_>&|>qNKNlLJ*#C1ACR@KG&ogx1Gox}NOarG})O zg;G(~NC&dp%;-w_Z+?2N`;Tz3&6}jg?+aCSdbKs>>A>Qho>(o%$`B-FW^wQ~RH}v=%4QsH1FwT5BFwv71>QuipatLzTrl zWtn=f+AJdWdfLI*7yX-3~sY2(~ z*CXNL5GE~*0i{FyFxR+wS_EV+zu3RPUW)>QK*whX-K#zUt!3Ve&=&KV%l^!l^NBEw z0K)^{Qs)l-kjK5!%L8)r=kSCiq|z?IUGkwYLIvSSa-ufk+amXOLWbrBz116>5yi8O zjy3B{Q}McE`O^ei_5mJ6jD5uJ+8nZfi_77faC$%CNZI?C`w`g2K>-DrCEpRTJ~%tt z*dPjo3tWqqrC4Hb?g8_CLOPH>SvA+-aWdHg6iO$R;$Ykyo~xDmo7IV! zdcgBJe0nTDV*n36`N8eo1%-l&>Tt7+kF>eR2r~|>j59Rs&SW~^C(e-`TYmq zN?ul2MnST|nOv5yv(o;~LnrsfbJd&8fx5JL6VT`SL}{~6NKl1@%nG-|hn%<5B#PGs z8Sl{M0zIcK&_6rv2Ew#k)zFo|i|oYf0a9k3VMCQe5~Z!w*+^%eMk{Wu&H? zVzvTMum*9@44FI!LP~pHh9Iamcj(|$gJ($$bHt4t!W;MZ9IXl8tI`;~$=gNua(NW5 z6-UYZ2TzSm|wLxxCoBri{@=cwm`@=2{zh;_3 zjb*2w_>%p5jbq*ei~+Eff!w~dNf4HD4(6eu*CEkhq&btwo9ahGAx8kATSgr?VZu!w z-7uK~I0ipeTpenToX-4ALGuu<`)2p^+CW-cOu&I6DF1xnse!&csZl)Zh!^ozknakUfjyfkyYD@W%4RQJ_kO~3uW_(c?@1*AhlP)g|z zNkv-eMw-znFhm-p6hWi}L=fp14H8O8Ni({Ijb?yjaPH~zjpuoO=lpf9>s)95a9v~j zY`Z^qyyF!_m6_@EcSf{1G%BZZEE^i1q-HS53~d?vH`@o31^{cOxg6P6FH6ZM9&(p& zT$H;aryLnN53p4BB3p32vFnpZdZsl|%FdJTSt*6Z>!yXDJc1(|%+dpDYJX-oHRN^F zZ`o0EojjK9ny*a?#zd$5Cf0x=LF%6)eCiNI`&mBtR<7%oUxSABYp_J?abpYQ4!*vR zB1hQhlORGqW&>KMeV#Q@+yxS5ckf1E1|%(<5J5nESdhqyoNvWV22z>dhjjwi35KX1 zKYlIE{k-EoTk~=-o4$=*itZ_7Qq5PkUK! zflf4zT&TN89F+jS_%EoEw(|O!1=}5@4h?~Q~7^6;cJ`N6d}F zi*_=uCXxc$fYri}+vvFuYg1#rSxOR8Pxqomr2-II^kgENjFUgw8oaCC^}BOzAX}Hh zy&_4rA-Bq%?`nlS4zoCk+Vt|~b_zlYKX+N`!D&eum#*?qJmO|A?dNx%t}OJAN8a0& z+Dw0BDP#E9Zd0I;r)5trrcQiI=4Z#%LdJ>ivh$=<@dnRIX>P|zgfHpXOab(Xhy$ac zALo8u*#N6WT9MJA?p!UA%!7L;(athe@FON8hi)keT3DU->;)Eu-_VSB3XxxV959(Y z9=#^yt2v+G0)TDTdG+VDNEJ9eHx3eQv)J{3mogcBqWQCsSWel{Oa0J`XbY$li%@jC zFc9&t!TQKyE&d|15(4W~Q~HG=8x$Idd(tm}-L8SVySt8bWVPei6o_tg22?<*j(=_p z;DA!SJn&a1eu&y~-3Q7wWQ-0(L-afxS6ArClttI@_Se8}GK|0+%~k@Tlw*KYVE{0U zL%RskZ_NAv9jw9FURQ~E5P#|9k)-)lHsiw6#L(54&o?JM4B)80gyI!Y3!gKT$ytH4A|03`cx z*1#cR&jIPS&Y3bI32ZNAN#%;D-F9pyng^kT z?jhV#M%KCQyK9++RqAl(35_;kCTE^Q9b|`Jn2~;$` z&qAh}q*?Ud%5P4E*QS?oo9<7S zS_0Ngjw+~0W(UvR#v5*t%rs(_p;>yb3d-HT=;Zv-E$V-W__20Wv7rBOcuMki=mNWf zRYwa!c;+1pSCnGi*gdw3e6l0VIoap4{Ad}Q6~iNBp7)*nF$c@VOF3W4a7Bj<~k)ATN%=2M< znxvdHlZP4$XEDm~hI^YdS*7ugO-$zad)Mz|22#ZBhrAv)cB*~4*(`N6V@EWeG05^q z-jS1)Qguq0N_=xeFG88C)JWH_>G5pflR){&v!&^PG|%N^2K=>3p312&vEyUc4S&X> zb&bwDE+HH2&!ILYu^M$NQR+3Og)rxZQ!_KYC!GWvZSDEH&yYmFNL&A`=W{d{w0f3A z(u!_~HW9APuYn>|z?)0^hcA6!i3O4gQ9rG)9RT_M@Q;VU^l-v+4x10 zG!%YM{)VGy!M;GW$Shy`S({V8v{(;wOQ;{-bUkunzJgj zfyGBuP~h*>JMehYC)u=8CjHf#*7cLeBvP~vy?M0gmbDfC=GYOsBdMz)b1hA$^^lf; z&Ing#hl6Q@)yljC^Mm|P1d!Q}514+o+TILBo|o47!FUjk9yZk&cX_R2C$;vSRgp3%}FHupmXjfBFiXrQnI)2>b;(rK!@zYdLB^k-T0PmU{ZW zqPP%?uFztPdtf4un9<6bgzL5%T36J}=IO3ln{a38=p;HV8sa@+*1!<{yW$o2w)QX6 zA7BxYaQZ5n0mxGAMf^cViu=4WZok=ffOmi_*luUGVOy9;h6eDs)|?_Q;!4*9%}K{Q zzX2YVK%IU#pO|5=r3FieJ9Z^vRN>G_F9R$mcYte zM6yHRtIr9ByI+b{`IMSUPd|?&>UmH?6gSWwJ*g`SXgOnkiyACy&HG3fKmH-$#Rk-2 zCogZeY}bjsvGVQP7)8zcZ%@7p#xECY**F^DDg45!XGWOLv6g~cmFw97rr;-T5>lHbTAkDX8Y^);l)-Gg_e z@DuMeGHbEsRG|{p#B?prEu5PV=X7kW7q-J}3lSp9rq$=x4`9l|r)MvW(QB_N5F~3W z@XSv>MLR%ez`U1ev-;DwFHt`h_FDv`d!a7wFc&m>L7+wAZtvOt^FQEkw5&Wd9vh4! zMYu~BDkX%m?mS5*{vau?oUgfG&ep#G>Ux{!`Vh*U`BdlaXf^b18>E~KV&u}ce| zQ_zQH?PG>?EB`C)X~6Nro|yVez$EeTW?hFhpVaF@(Io} z`L!nhjZe)1D`*XQ9)Ux05gKn!GyHOIe*Q*VJIm9A9SIV$WMu^s`mx;|Uy3pE^1*6V z+uok1;%m6~aEEhPNXuG8wfuaUcRxqZ`y}68aWH-uWlpmxDvh4E-S==%KbVhUe32A` z^uu}CiK`X5cXuQVva|+JOi}|MZ2+VQA5lA2A7z5G_MVZA9h&&;$& ze0P?~eNd^2p{e&a7$wWU&+iB{hAzMDES)*L!4T9~@HygDS@YQt2d^|Uh;9k8Yoxbl z=L{Fyb#rKR7t`^re~x}-NrN`BIGwZ6FGVT8I&CeI)VMx%=k)zIXk*1-KSh`~dy(yA z55eQiWltYbrk?hlSLd|-o6CoTXQ2>MyRoo}mb&JyeJ@h4@4UZZbZ7e0>t+^OW{$r z#ld*l++l=7Bt<{|t3tM3&$dyElr?JX=e;!dgJd329cuxNM~2^5Xd8}p$~ma4?Yj8J zsr*Cn66rkDAOC!D6KI4-2Lz3J(NV;8CzY{XiuI^&oc*~4wmywx#CMO!sMb|F)MWt= zh_dLV=U<*l<)N}xSN)&sTqNnipuV!mko5mh=M)*DKleW-v^EIXf~Bl9^?ebxa{=NJ zP~qtJGoWb+IQ^i1d(B`ZGDQOj3YjJkja5-DOd!oh=7Zb5u~pjiAAB_7ct~x_szg`` z0%Y_<)>2xwVR}j51P1Y>>DuMWX#$b~Afz|Bsz%q|Ud12*pe+wgWz}O(3oi>FJ<0Q$ zdfGlat?86eGgF3Vdz%NXE5A%hp(|5nz`+$@I6_jBG*N~T30zIQ98Z_SoSgn~kDhAh zxSJ!{zXXq;Yjj5FmaSA+a(ck;iR$?rECz`WpsqxKF82>j(zg}C@3*mV$ zB=teQ{^U}!LsnhbPTt8a92`!z`wDW8megdtdwC-&JcyD1qNuklUH94`R~vapzx>RK z^NwF1)-ukT8bWB#oYRaPR}*zcQwi19vgH9Ivnmp?$>zW`1{vtLebK7Xu=CqHJD>ym zLfJ`@fYB0P?4dk*`Mv~018+y~DjxgQ;-KS>Xcw8P^ytgd>F@JWWg;t>6L03oPi82q z$;&fJopjvZlCJ3SFQ=!rpp?I#gY0!=3RL1`?g@GFuBgT9D4PQZ4`yXYkj4JsJ$qpA zI?>BFtGeNkHrQc&=J8!@29_VIsBpu8vohC}5cSyT++Lzx^Nq#j9;y0eb$#`U;pb(1 z1Gz(OyHk|E3lTvtjB=uB>C^12KYRxY3RrQx6wA80I&aL+L*f16b~kuS0aUA%tS zdku`_!=ZBEiHESJg{T>U^D2%NtE1s@Lu*MOX~xfP=~XYpsSK`QT7_fT`KGLSyF@!) z`-kSQf+7&MC{v&m0(cD8f7y->v0M|9#uX?^@D#*+Z5mi!ie#ozQTibzVHQvtxHe#S z<-cN9RV=*bI@laCss1njPj2M+&`boq!beAizl-hB+LWb!Ly7j+#16Cy`w#5RKa`tj^`>bSg`!wz$$_Z_I{tdx|VXbrt z?c8uV`+!ICH;U$8W=y}`r6aG4`F%&kpLHS3FkF>$XsOg9udkTBK9{$n`F^Ouq8N5F^r`l-GBeT*&3{`>+iDDb`oDhTFz*-Z}~ zwFv>m%wHE)aBRI5MHlyA`M|2Qut087Jxkh}hQ?l(sh6Nb%-Y7ZDk+JAi-!kdJSD5{ z4P%h>9dw@Mb~N6zoTzrp?@N_}mnMRb^%4^kn*?Qa``52u$Es$9*L(gvu!jTE=s43< zG^lB(N%<$|<>w0lJ%B-IUf5pW8|j&^aWoJPb^0S%F$|^N78Uy+MxFZpWI~0{b%brl zxYMK@S9KN@L2DMl$=K^5T+)#sFbE1=u~lu>1R2L|@7`J%CY%b(9MNO7G)g2Z>E zY9sj?F6iBOs2%WVpi7Zfv#`j<%Ccb_+Ebtp6lef!CqcWl6}XRMwiPZW+5mQ-uv^>3 z(xW`-a4S_E~Il2X5}d+9hCH zUI}Q?hU2^$kcBq9%8A6(x^%I?uYgnXWcY)6xzHy)blQ4X;%#2u z3Xs4~p6pXO4TDhA{maz`8q^`1aV0Rrft>8EFun`|(wk`lwsAxx{jU^=61$dHSEm3C zUg}ydKsc!7C@S2)AJvy3F@A}7-GwP=`lEf|eYf&FdhsV=VOg_t%j2S+JMa34j?NI1 zmF+*5%MdW-kUJeK8>3u6)|3`rW)TuYQN=^^!=7SQVY@l0KM0rOgxopcLJ%QX_qxhMxpXuk8p{2Wo&u2)v7o z6>)j)y!j9b=SZ@`*oNm;Q!WJjWBBkFv1--nsi0Ip`5bS*$titqWAqcGC#joPcV5!^ zQs)(6$kY>HUtbA89Wol}`JiGt1-cfHwqv)kCV#!n(aMMn8K3?d4GoPNK;532zY*dj z>$+#t|Hk4=Yn`fE0|1{8mr1wYr5Evj0R&=Z0Wq0Q7)YKrkoB-CQNCb05cM3X%^O_xul@h8iXfRB+|#9mE!2_ z0fwS{MK#4xu2o0^=ns&%rP6LNYu!+7E4Py%75{mNvM3-~ZapzN244)^Bd z;_3xrJaz!abcl(i7i$AL%nM#`*FPBu*!p7V1)f&LUhPDj?kWrWeSfc+e6=)1K;92} z9I_1u7<@?7V(V33?y+baw-4UF1dm0g~ag z&zl0N1^px`8b&^SviKIKlKWtNtgqf@dv#nTQUOm3_kxSjcVUe;XprR@+Sq(3WsSa2 z9 z4OShI7Rl)WgXeMjK#7QmQFQPX_tnG#W(Q_<#6(?tgkCJ*@NeQDG6L2~T;*E-B?(&- zz%Iykj%5-V3!1&n=M(I@&=%IrOYB8JRt}OOMl!sryKGzZ3~^svUx|*40~p@PQgFJ@L>r7`-DwFhmK|lPiE8itv?$&)bnK-#qU%gaYFlpk`o6vcYsLOvpiZ*Rqx% zJxak&mq!(DKupV8{t}l~fr=B0mK7XU zY&!6Ygz>=QktjyN>|2(|c#q5Mfy&LCBxx>(bQk(Pp{WQDp$P94tRk$_#2qI7KdQJQ zpD9QRWl4ppL_@Pp8O4(jkp7RFrC?2%14vi}9sw1==WLD>1X51|wWCILw)-;%;nFi zi%1W^&OJrC3x3F4Cz#z>Y*gImcV!@z0cfvl>BYtko%j) zG4#_|p~F-jv1o;?vv18+eAi}*O_TI{IZlr_C1I=CGa7nsv_uPS=^f}$cS=Ryu*s1bK*muRRBh>pCsEq18w-CcZbG2HFSAuK- ztY~Fr<;-CI2%FMiX>O}5;bnqULS4gm?RI1VRxk8CgEQ3QAK{2WBwhbS?9nq(<5P+` zU6ZNI!XWZ9NtoL*-Uj0$2F?*0kjXu3HJ7JX{Il*@G-6`{^$hVJS~Qo5>37oUfWY?N z-4jBgRMPaD?j)`=&o)0BS8(*MqDjK9f`sZ}sjOA{a6 z*l=hnDIdThM}f?)_4|A{ATUV=yCgLx6_A8yLZ-^f?~kxO%{7~A77jWK=xNG5S-s&0%Gwy5L z7B35up^|ouq)yhJdP9-4doF6+XuVp0LB_4nSN>bl8@3xyrXF0p7GCHY8>;fCfa4oW zh5r$6>E=+ytydg=2U--0a?2N^Jjqbc>Sae13=P}oMzhtJeef0;+v}+pTdO+R=&U2J zAKqrHR)F8jq}^D2cLBGtnTX^t*4`-fW-=<$iu6L8XT``DEDMqSZgEl3!TRlsG}66p zA3Y)&5}yS}-aEi&QA^@Xf;nROgH8LVC;QR@(?!Mj$jHBbGeMm1^i*zvTpjR$ykWOo zbYU&Z;|qddw1&>cB+^{sgZT=NfXfHJn7$LG9f>+I-cz=U2-B2rRQiFMpo`0};gzI_{8G`N)uDJU%5LzVI1cmBPNM0LFA0;;$LrKL3h)&d8Z zB7iU74ATb@Kj0@wSyvIAoSe)O!|?ty?O;)M*g+jADmqLz`VB|N#DK`$5o_V_1P>2y zR(OyRhPP1rj~fYa^4PDH2ZN18yc-!A31H8i4oxLL1PyBY8UfpWpa+`@G>dvbmO%OO z_nqnZBnxhhcyxhWhq9sJTLy8@E*^GvMNlo`23Zt{m~Q-e#_I)RQIb?ZVAf*5P&svY zcsPwd6|`J?!9`=zIW#hXgwC%W;rAt{K=a3YdH!8M-}wCzAf`UR|K}uWya&z?#A7NU zPI5~nb@jM`C$d|F$wG5VIpIKiwENFgSh#Y2n~MwM(N_Z!)mPny6`_<(Q|D#i@& zMblD*pV-(}{dqzD$^5T`%sezYw3bx7#$^D%(SQYb=Sx1h`sgCA_!-DbJUGmOWR9+( z;nW0f&~89x0a^SYaKuOhL4AjAiSdsWFjB9&Gdr(okKp$jTYpG={nyvcqHR}NR64-Z zH8w`*K6pYGpoSf-X0eAUQtnj0I+x7XQX|*6~~fVAr^c|G5E1xVyNKY zX~<~d<7+}df!D*RjaWu*;+^Kd1_DgZ$#CCiU-s=1m?>DZl#A@rl>L+(}+r=VdBC5zoqt(v)Ar_3tmz_a_x%$#vp^fZ_{S zLcRYsYsvsWU$Ph6Qy!i^25RnWB7mdS2?JuCSar}pH*r%u(B&M{QXu+}t)`~tb@@_E z2NBj-7=S-Qyibqa{+g~=!F1&wQY4BSf2q0Ks8kYLRK$(NU(@{&0j5}nOwcT^X(Q*q zEfe;Ng4U#BdUCg=Pqb*c>G^!{!Y{GH&;RFr;n}KnAldby@8aO&cex!%rlMV){`_>X zqp~s?uwa2%L$g<~!0z9R%ux0J#~l@Wm$3aSi@$%~KaT)2PD`Wr${Z~)bEUQ4yD(L)7>Qj@Bm5)QA^%ds;4X^5I6sKfDR?21# z(^M8OcbSXlK$*)yquty(kN=PBCHtj^-^wy2ob{0*9IS-o?r2V3x#^aRM-e;nxE8UZzvlUCj5}0s0zMqyy%D=+4eUua3IdtV-L>}X#1zL{{EGTPwkh&*oBGA%ilhH*OUw^7&$0fy5|cSJKs6EH_NLcMDPqi7@XBdI=u z#`f%t1mvh63G*K(hLb~O+z6k<0y|xnRJQmt#CQ$aUHr4yp*yT4bf4m4lK*-I2%joCDNkfL4Fb% z;}`}NE_U=9c_kt!E738?cAXNfw0#|h7XQ87?tYIVp#9~Ijs+Y}pD7T92hofBeop2y zacb~pGuR8pz#zRgMooZy{_sJ?X`}HR3Xp<6Slk*SeSHkgvEE%7n%l*HVP^zQp5ZL# zO5rcw0YN>B(A#akvy-VQjU#v!xBfmv#)pZo)zm;M*FPN7Kfx`L;L+LZ-UMKJE#UiZ zd@d_d4v!(tebtLZH7N@(>4#xv7WCTozT(H&bv+1}co5(hQ2U^&$S54Mf5iYM+%y$; zePpsFBYjEd)6ccVm7o9fuQ64O#lS32v>V*Th5;=NY4d|f!kg_&SnM!IJbH(sCwPYx z^8#wibjp^48`IM}AQ21y67QGqW>VG23+q2u3a~RaBS(!_ndEXV07CJ>@eqF;C1$1! z!l|b}rpXHn@*5|MiNgRR=A{axtf~AZ(`YDXP5)Ut;`EYM?vWy$N5Qo7T#%DMoZiG7 zgByFm2f4CiE(||1h}yUNOuejS_WUKrFzX>&we?Kt{2>~?ux)00u3!;r9VB#mR&&|7 zqGfb52Q&Hnk6z9um%7&^2#vL6co0+1&Rlb(1k~ zt`Ax0sA(&_`yNO<6`kC7G8Xk2%N6AfUjZcrfZ&KTvcF&cdX}>sn7dB|2l_+KXQjMR zBljD~l2cyKmI*8zvEGU(s$GBj>Nqha%_>6YC65&HxwT2twJ{EO-Zw%jrisaOj=~pa_SX4NfSO}H;CiI-WbvgZ`Q|!-Y zXOjJPhpnnSd72BGzUO@PRfrXD2;43=;cajMSf|O6+}9|dh`S?f?GYc!oPX|KMKeX1 z!ORGrmE*~YH=@g8?(!d(IxXiAKJE3R76ygZ@AD?>g+3vccdc~E8TBa_g1t^B z$l$fmVx-EH1NsPAUTiVvs9S6oOar(zdbs4OD67i!ali;fQ27}cig zCjsrmojHkt?0w;0GJ!CUNld9jX?;QBOEcS(*CbAD3q~-$Ph(h=@xU0xWa(kET|4n? zRUrTw{Vc~0sVOXotf!tA<2}(l`;vEjBK!qyZ?Uhrf5r9$6Hiag_&8Nq%O+3tawcX0 zA?a^rlD+M}HcGo$w;#T?R;zP9fppq6Nee*eh7=5mPUn4bZzlX5=QVo%6B$-xre$^V zot;-HLGYk!K|b@dhw^vffsbzat1xz^30qYvzKR(MAN{e{y}HJ}GwNBA7MtTGC?pyA z)jbc$z?O-{ByIdbt>@i#ysI6=aXQe-Z{EmhXNek@eMwqE9|Pdfn<4EsJs_~TVLb<( zo1L);^796ED0}XeCh4-L^GBQGSDnx>9+=C3Ggp%qB1g&3;3H(RaR}x#McR{K`{N^3 z06NKaI!9AIE=Ez_z%;yRBj@YFb8#l(y`{%tC{(y*@5h3gCOt=FQ0hyo5Y$Xnw0}Hg zW9TZn_^w_t97X57xy1_4@ajDC>=r@~>=QVt+Qhydm#Vtp--F0f@2YT%=xv{ick(i< zMh?_j0sQi$h91?F*>;xwoaxgU{@$&Io!$18apX2(vr~}ud|s(cY53nq=3fCzZD2I5 z=y`84_nzJ5mtk8| z>3oipF(mSQ@N;3I&baH-)jyRrjB#%8b-IME%pHsNowXMQfClbBNzyp{Jjl>lK4&nw z2UVelg>c~i$N3dU9>!~AX{(;)I)r2K>;|WTaG4sLLy=rfP~a4%j5(hK+e#3Cy5HBJPp34O$%h=R4*`GB1LphQpzjNRsKTJ1eE zw<(DMSi!@yN&re%6A$P;LsrqJc~rDHY%;-L0`x{@wIXU?C=3;|vv0ewwjD8Wmx!B; z@s^(#6iO&SQ{VFK3@w*pta9952khZTjSf*Q5tzUw);=f;wlJdiZ_8{cot7(ka+E72 zz~IS{a8@)em!uh<->ohUx6=s=vv5~A77Yc`JyX&!vMVenequ1cCGmma)<@;btDHPM zyMe~e*Mw-pvl2on5<{)XCR_P)q+lG7!xcgq3(+e%O5b5TvGP`hQbX$-n$R3s7A@Sw zWp7SZb<|@fmP(5mLn`qko!nF*a-rrLL_G(BE#)iPDB9$k@98o5r{?pHoA0M9f`p}e zmFR2jeV8Q6*=;`|YC5ea=cp6xL0n>uj$KGWwrr-@2RU|G)4A<@Q1(Ieeyof+ckw^k zqkBvf;YN=?MBVsq_nOE}?uRd;Zf+=Po4ar=#JEGyA+%tq;5`L} zeiTb|WO+ko#e$p+-$Jev(bv_8>@gN6|{NSvmeIpb*=|7UTIsBN@;pxPvB)@*)5?e$-uqPmKg=syPjM<<%O)!9F5q7 z!C{T63}>CmCdd4irj?jjx>Gv>N=Czcj+ag+?oK(HP2oxrr-G)L0X0?)$hih!gx1t2 z3@JQ-7u*@LBj6b?uTrmRw2LEVFk=;ZoA&(-c73Ko+v}hV6JVY-r^_mQ@Py()>=nPf zuUot>Rr0j43)0hkMNZX|rQ<(W>P?W;NS((-+8seKA zq%*!n<8#S-UCL@GL~?nQoY0kZD<+Z2ml+w}!Xi#-p9Em@$V&}t8RRh5QCrq6CgIVb zRR}WM+27S>QQ*ujOQb0Ap)htP0m+o6-=CCKn@+{rz8^bcdfTOSz@3$NVAoIO@Pz4$>Uprt*2WH2=M zws=*Lpw^EcW2?KRQE-j3*I*AX5h7}K9c-l52pmHw+kewGEh&$XQGu6y^%!$UHS)km zE%sB!;pr8${`EOun$->sjBEy{o5Nc6`ub=Ss6rF!Y>+ zJzQrEp<*<9T^BY%q#6(RFw%f8z@Rd9>v~=^{<1aMI|t-AI5z2JgPLGy-uX^@`P#gu z)p{grr|>06ia{Z-?Frn@f}h+A;7z=*hI>QQgu;b^Xj)v?<55NL-TB#|3`dT{kmbJBqJDsv&UMo;bJ@ z)r`73y60)yky1wA(4Jy7boRyOOxCu3YK4Se9%790&^rTuG{x?9rke!UeLr1ZRV>jA zUsDQtk<>TbNW1mM1LIha(HliaDX#I-1og4Wf4qPri)gzipFM)}Y|(9eA=SV^f%W#) z;u!u(;i0{#RHrmozuJ<)iaQHGyJ1?V^}C04h>6GqJHPZ>E86Yxaf3V@JspYHVs08x z@si}O42fe(Ani-ay*IaHcD-KVgLQ>dPC!5urj3ge-DwhGYx7aAM3UXa!MGTFA`Y{+ zMRvBP1CH!&?dF}lOSkAB#9kx(&-dICQd!V+NHYJ=iTLoN+|>x}+>3wxhSaS*C0}W_ zGh^3nk!Q=lub9roBecciQf0uW<-qoqst{s2HrDFxsYgP`Y zXw2!D@Mh0$2nEiw+R(6YeiK!q44smetn=(Qt_RRH4~+1}Y!J?_$N0kX10s`y%L7?V z{`B@ct*H;k4^9XwprU4lr-P9^=jFrKi=4~SlE)_ddR3-Vx83I&Vqtalk6m<_hXAA)IxgY)n)*fn%+3FTO_ru7-#d{v&A$+)?`zSFyyqb<)=awum+ ze)#H1&XGjcfR+Q!6}NELKN$Vt=pN;ovQ-KrBji@gzK#+ADO~MS_ z@{a|x3HwN5{PhML9L<;5$pId+_jACs!amre{(KSJf4^uiFC2>fh5#SPlbaia>z||b UL#1mk6#LA5MRkRed*;vo7sw~SMgRZ+ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-6.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-6.png new file mode 100644 index 0000000000000000000000000000000000000000..fcb075b91252a959dd07d78ec4a864674917af4a GIT binary patch literal 115478 zcmd42XH*kw7e5M0Q+f~51fI{Lg#W{d~XNo3)ax$s{wAJ5Bf0s+{r3j@%^RWjGc7fOs!_I$n++ld)u*Zi1hvWJ7uLi#+jl%3n|Kotu*dxK zBurk#*%1(2f7aGeeF3%DZYK_UY1FzCT$LL*+J4fC$u&BgOyKMDh&ki^FLpb8ra>4dQhE z?}Jw7Xh1G-Xap3$SA@>^-|@ICWa-fVp7iELLx=|`_TM$AeUkkDct>^C^t5qbf4_Xl zr8gZteQ)?Gp7+0t>-pHo2QT47EVfBxyoG&ahcRFMXAsc6gmg>Ir3LrJLq$HgHWZ5AqF?bG z%lt7(Eq_*^bzGEDv%f}L&Rjil=u|gWpMHEnETB2K&xDkc?@d)PCL&pqTHzZHOGE$47Fmz|AxYS_m?nc z2}ql|BqT`t0|Z2sQAKQn|EuWOfS37OafJA*lLFm8d=E8irj1SsyzQ}U!Qjgo`Yt`e ztq9XVV0IUc#~QOKa>k13xR;zh39WdD0k=Y3dBS;s4lybr7Cx-(lXJaT)9QStQI371 zrxWVu?nMLZ<#PA-$Z{IzABEwjJor%lV!mv8mSjDV5nN3y7i5Y_%8zDw*G^w$)i-bF z%6Lu(DwCB^6D_@(R(FvPT43`d7kzbZGxzZ^NcK!ghN*N|`n;kgBAPGn+@1Pe!N(AB z>X?cNburcd4PPX53(|%T`-Fjso4#H32XfFy9JRU^^~D~PNgOHM6K{*#d@jzlKx64M z%Mz(|N6Y&BN)cZ+<@BNe9iuAjUYvg_i|O(fP(0_e-)V^g*Hss9gy#rI|7Ff1vFOuX zaIn~Vr^w}~aLRr6GK82Cv!L)X^bp<3>)%iRyW{i4fKU$}fM#@VKPEzaDMxV1z@^wyEpsJ?E;X@fJCLcF9~J3N zl$;c^+Z-r>I$_Ipqv$(|HSUA=^MICt_LaDZsYjL~ZO79s*ef1CTyj;Zfz7EBiY&1k zooUPl3Sc%-C;(3ajcR&!xj5i(p7jucZ`6tr`{Y=zcW;h<@=)Y@)A}PUd-DUw){-6> z8#5@d0?i<6qGs_yZ)vq@6+9Lnp<3P!)$-aAS&(bYq;vp0$GJKRK;RRn4!nJlO8!rr zam8OKdx5W9BD{RJTUPF#{_sImw30?=bH;nSX-1b$WY~^pW)1G%Rp+R~uP!z}!3QMz zy7x$;G>T6u5(X4{sI}CFrNGhX)+LOATbv43DNf79g^eRp8T_mF)2nuUc?PtU{cu+* z|1Lb&@4p0wrnX4~Ll$CjJ?cpA-89zqx+B6C*R}#0nK`X$(W^4hW;iWe)-&vzlne=d zx_R_$rnB4@cYH}iuYp^i{O{MCj+gVndsO2`D#>xox%pgjw?4wUL~0N7Q$EQ6Gn-cK zc4PvX+(^^40ilBTbO=2wIuXL>V*%~32(x0|43DRqF4prv<@3T%j%~L~iTgeaF}% zo8%nPFzEKf9qw;p9qyO&c708=?j4z-M_KP-2VlKt3H&!$B=|kKDhckh49*bQ%3BT~M zkL&Y-2(KrXD*QR%8?`PwhyhQ=74i;+pMa%|ok0~pf7?vKMfL8n9 zaLDD^QKp@wv~Y zgxk=sO+3Vm(dzOG015id>@BWBkFEv7jB>1!fRKx?4yah1pl}rr8mh7_4FOFj_bwt! zPNN@*D6>a5Bh-P2$W#8Fnn_tYKOPIWOqnSB%Fk5G(+P`=(Rp=jH)af~PLQ5&Z>A=3 zVk^MJL8(z$+aVya!$kMR6Jh<87Ci$#U3$EC;Mo=+O<l(fHcd0q4k-GO0VB^QYXv4$)cw^5K=xu|aNh zWXa^ffny7hECuO=f%1r;hp(TLw0Ap<=GH22yglAFK}=>m5W7d8ZUL?WPI+=4&UBp- zE!PAth}vTPXuYdErUOB*T$`dh-zp_9=z$l%4krbM3kp~F*xY3QVJQMcg`PZLQVB5c zTBoN)=JOu|`NUdbY`xWx(0B4;GE`%=dity^QLlTE#lPsT8A=INRvSFg;NcuuYHALU zhYRC>Sit&VvJanE9yTz!`|$NPh35^lxaZAm4#qA`c}PA~y`_9NQ3J`+F(AK9N3u=P z6+cmw*}O$1#6oE9{8i-^8^=LqpxaVO2Sx(DT;~u=8UHBC5VJQ2@51!qoBBiW9xHY( z)SrwK`@hV|rUWh$KQvuU*5p^KIkcq#yS5~*miE3MpP6SUIKUtgHwnmQYLWjwr&~aJ zkD|kp{T-Q+s2f>3bNu+Fe#!7SDb(@7{@6IiP)7PLAy(EY?5Hp3iiSE?=% zeD0dY=}&u`%DXIZP|kn<(?=4z<^RE?hc_^ZbpDQds(c6_aL_Bbl_o+|(XD8PJJjs0 z*K;irEy(y^R=oY8-3qHG%YtrGymIR;4@^;|G1~Lu@b-n=xq{4G0AB&RhqD+l?!4~* zU|Sy85rANSVd}-okDrsEV@;$y-z`4F4-METio4s7b}R2 z*W)ThsysRp3^CqbnF~!?cN{hgrF_dY*V~QeMG1+0ePW3Ed@_QeQ<{_kBTiGDS}O9Wimd^dS4 zM2?js0h+281TWM;WUa&}^#`ZILw;^E|98J|7^pMEtW6AZGX(bUr34S$b1Pu0y+huV zxZexRcsUjI9|`y*Mu*-7)f(4a+--|C(=&c2Y61ZUo!SKf@sd=e+W#XWeX}?c+2K{{Mw-g!}(T z{NleT{l8^B8rl3D)Kvw&Ytq6sR^4VICe17vZp5a6YVMX@+5O(NK1Z)ml*tVZaVmUQ zo;1hq7Gd%S8B2Yi1CuJ3KgLn@;(~J|+_5ghIgJ!r$a$bRGeVh;K1#~|dOORz_8KMK zCnxi7Krf_H?fdcQUj$}HN-?R3q~-OL5;@QPhhhs&iLv~nO!+jsvMDFkR`cumWhS55 z?qY_bT$Hnxu!d|UOl+D#hvvHL7M#sWb19;J);{_5B!=HO1n*OkGF?QEM}6nfNw2^c zX;bGOhptTXTf_~N1IDXJzBk#ui_x;C$gC%?)gOY0h;6@q_r?+vRocoLfA#CGB67iR zoBp5h;W50fakwV_rXUwqzNGb-h7s1~^WDKhjoRwHKSr7c#eI!s&)S(@*SjU(A)j2f zn5IW)?{a&_#)X7W%L($QfRZDst%EWG2GBdvx-61_rS-5}`Suifb3%$-Uz+4_s*<06 z&3iNa1&asb<3$>&TumopMhR28W@ZnIZ9eRGgRSjbH$C)E1eLE3>1{<{kPPV&%N@rV zaqr(HX*lCx(ap9W&ZG{8?|RUo4UJWr$x)qnA{NPzc>Qt4-rtlCMU(pf%xc%$pICq# zzFQ(+C>;~N_wRQjCfKoAQuhcyP_c}cs)G-z871u>wIr)NTH*}puVpPtl3HLd4&Pne zOM03Ks^BL{&WYdZHcV1dd$5Mzv=;avOfK1Kr;5GkAM+fr-By6o%ucz&$D|r*Sm|N? zy^71_W)=gc^|!#{GYRXV0a5gcrXBpXZa7^E>=Yw;Bl{Dz!~Ui1^ep^WT~)j-GUm%1 zUzhlc+ojhGRLG{7RhH}VekqO^R)p+whEV?!I*;*X&I#ftD_2tRzhnBk?Gqu8BU#bG zukd;M-2pvXZ2BE6797MN5WdeSTymx_ZP;n3{=4dw=i4ixm|My$hBf<0IiDSKskLPf zuaO67L#d1#op``%&fDHqf;i6LwGJoBW=GT?js67}J$sY=(8bkuN23E%oyfodTh+kp?E=Sb?wlHv|-K^lCvb4O96%IZBps1G}ulgdk$ zHfq>mzUHva_LIjoM_Wh__Ut4emp+ygfGbhxX|8#J&yVpC#Vo^$W) z9Q%Ae$3S{DQOi{aL!+97$g`4?0zeAK7T&Ik{t}QvOG_rpwK;~yFj2+F!@5fNf#Q38 zeaqG_h`71AaeF`OoWDd)uWQ9VoN62m&h^PfqtSc#F&+)gC~FL=NWeZ{%KOV<*?6(= z=scC=Y{~GcVQiB2d^rmztE&>{?!k(*Y13FThjRNdnz^sL@77rI$iZs_II})J`XKFO znjgiSG*G4`ei+b?=wCLp{nQ*SFEbAEt2j_X;{@W*x%cptP=7Rp!*n%l%0XUR@P-ZH z*n|^v2hF`SRQ!D}dJ)KK4~|Q@L7`HSRBc*LR-5trgP%ssVXkKM@+irkiCEmRjnRFS zkT4&Xnp1v~HMVh?$!R=w$@7rY4+{#(^q|D--{YiDj2TY#SX=1DOiI@5Z*iSuVSoq? z#DmL=TA)6SoszfO#d2=OxJ;;uf0~Eom$-vEDSf((+x*L!9Cz%v$Ln=|e!RPNrCU%~ zw{BQ>t4+#5W3r7{!l#>WD~oRVXvHaO6{jl&=igjHV+Osv?5;`C-jtDGt98v z4LnO(SHlmkp?x52$8%_9Omcw|XI$Oi{z%Z%Zgew^!@d$1l5QVSD=&Zb2!@!k8;*2X zJ?ZZ=u@mCj0100>>V<+LCqC4x{dn6A{^myLEnG*z!>ic(ogz~g00XaAm z5@t(_eK@G0EMc2VsjQWurmS!~Sz_GS zXKhwsyiKedkVCLm*GZp+NUl7`W#C)QjHPSX?G=|BY>=3{a1Z4byUShqm#R(s1^;K@eP68Z~dVjkVZd9?|?NUb5rRSY56 zN+0fD@4g&scXsgEnPl&U>vgxV$9RfAjMI%x>=~0L|5fsqwccsrhNA5flAgddmAh*5 zwj`|k9v#5g$4Za{x~5Ge4i{Knrvva@CyXUHpx8C%)w+xa1Jyb2rzxe*I%Db3yCg>& z(WB-qRs&^sj2pM)ZgF23A70RM`Bg)98-8RehXBqFtwP>v7O3`01pd62d(fKj;QanF zC%R=9=whr)%@afMNH!Hbr+Y@tDor&ci-rGDR86{V9-9mg`%^OZ*~YYfW14+pioI4w zi+H{V`!+#0-~^m8ng_I+-ZgGLkO(i%@ATj6r_Youq*m~AiQv>>($eD;w;f8MUkxdX zaZ?H?e%^Wvko4uMB9^%3sc|}n`nb(9u`Bv@f5=08pe@Jkb%qeKrjK;HUj`J_HHUT< zmDG4`sS+v0BYJZ%z|W!j^-h28UTP)vu68-}Hk4p3yTiwBk2Sn>_SyKu8Hil)*!Isi zE%k#qX6QLieBq7O%}iv~Q}0A`#Mo^0aIOCuP0Je%uJJkXcRsK54g@-Bgr+Xc)j|=# z(o?J_SyM10sjn;i;wxIB#?Q}3+OF7PAtY1MkA*6)IUXSvwKe%Q5AY{rLem_wCvP3VSSkQvYDQx=18bX%P$j zQg!I@`(rm>-m8k)B%Q|F?4&JpF$tuTHjhfF948v2!J}r;R>wmis_t4PRteAFkILB& zx35{(a(vOR3~YOx#MR9n>Q$OYTI~ESc8#IRZ1X99$&cnFS;ALQW?nbE-mvzH*?p zs@GQhqS?9Nu>9mvq>Vl#9D8QHoBlFWCTYh))@Ng!@sjj1T3%;zX*-c%(U7KL_?mr3 z*Z+@@9ht9>(d<{wM(#Hf)&M++y6=Gaf%xzgHUcucFJ?^=1*t^ zE}{&J16bJtK5NcEJUlF%ZAT7eFIIO83Uv>-{K71wE(9&+6<_xjHMrS6^S~2OVxO59GHJe3RXc7Ug&2qf6CSbGJENpD#Nb z$r!+XWGM)~@Vhwbyt*BFI<&B-89h9ZFGc-L#wF%ysT)W-fRot#5oX^X*Li)kfYWY) zf$y(qV9lBr(J3sPmzU!B(Cd>0Tt??=cN3!nyTb#I-Emde`o7c?hT*8;4Q2Sk)leT! zJha1 zvRxN>!?klh8Us?LZR||Wqf6Q)04X^mr zsHww_cF^{M?0PHolGAqYP(v&|BUgSgW$6ZoUsGRSEnG9sTT1s`2{X7;OVq1s2D#;9 z(8!6Rx#`bwoeON&WC+<&@WiHF%GB$)%jZFk`xl&?A!L39w;UA%#C)qQBLAL#Uv~dO zwQ}}_``9dSvWOwbU*&b$a6;!bCX_3}NKbdxYq%DX1?9PmD5+^aw!GfIHYj_-!`6Pf zeXlmW&3M>eAjPeXXgI(5`RJWgd%Hv`WYdb$tC81lrc%1Juax=g8Az5`idXb9$cZ2 zF6H|h1GGhMfV6h%&`tt4*Al)=RQDwE5U^9kya%WHbO zoTIMhA!Z2&M^lE;eBy%OL+T*>7-ArEhEiGnpvdBU!Q*UAC;ea=VLaE!3sT0jUL7wX z$|h_;RVqzU@)4%XLu_pbQv9C!bN&g3cYc#>0w$li)?6g)WLSU!2tO70p-YrkKY7;i z2zx<}+|^v#IrY=4CVwb*XwkCcZ#RO5ytWOw-ng4$!#s&p{d!oiRQ+WhBVbB>UiDxs zj+Q=&XA4vOa!yDfO+4n0a_|M=*4DyaZJatua;~GC6(MAq6LN`9+PgU1#s8{jp3#x* zR@N%b7p4t4AN&4H^#Uz^9d@X!33R~pt8Bmj7fd`By%7$mTm5NNjKso4vZQzt^xb^! zwcbkk35XNtBhkw6>CR}D>K=)W+N=z;>FbgiNIkU)vW`rR0j_s^dqE!K#v6;{4`ap! z#{3YTLoEcM_WvX{cTplEg>um zp{JaC&N)fz^X-ZX4R4|)H4k13cR38d=lHyJ)aQRqgtXHAtyICLLc#vGUL%6DQ+?jW zBt^QMIX>t)(}?L0ty15eUqzQz+sgh^3i+U>Hs-vo^za;7AxqogaChM;wbC0{Q=+5D zLlMuF0DLp?`Q%ZhZ;6NW`f5jV(3@UkyzScCcEj2L^ZKpnJ4&s7>RWs&Sq~4tNB?pd zOk;dXD)wlRhyODRee_Fph5Mn=x_q5Mzba-4D7JqAW|UBSb{m6^s84q`UzEQKngK1P z^s{G8l&a6WJKKz;Y#~`Xxu&QVGq_Keu<2v5C7eK8ynC6sf{LWWNW>dy)<-2Wa{^I}ZSgc+h%`xbjYO*HqE23Xu0~*gMWF(U|)+`4B`{>dcZm|@JzhpU27@zlb7G3`JRS?Qv?1OiiEzh9nIum z89A`K{zmu3O)d!orv(5zJQk@3mOiprGaF>#mG65&WG)x&snk;Rbg01aN1xHa20GCN49lo`cAH(-;>YP{-ZScg+nogP zQ$l$CHz$n{KB(PL7{_xXmOJaZY+~D)5u5#WIruLzrfa$b`PVuxs%ObYSY;nIS9@`# z>ifPp#qqxodJUMzW*MT=e%zKV5KRIs`vKTHuSu{hlJ`q#ZM^;ReYS5*RR`Ip>N9N0 zuTBM@H!|wYhxjH=myu>pe`Ns8N%csDI{5%3@6KhXsVl^T{HP~LY&CjAQmsy(6cAax zKeu9Q>WUw+id$*GxRr+om3rPztlEK-9 zZT{)oUy@cIhPORSJX`<$RqD00dm=6Ui9j`ZiH#5KR{pxi-V8|n$Fcn##J#v5 z$^59N!DW9JnSI>NshjKU`x_UswjRET75bdOonyoV^>5({26NWmYamihwk*zN1$J0F zIxu+1?&SWwhVQi6c$~Z%upe|Qau+W4MBA5{wsYTI*^7>mkA5qOocdD>U3iHg&iA}V z$<&{Ieem7bvIc+4V&Ewu?cCrX$XgXfnEH%Wr|dCt`@l=D3+-2 zWGX8U-y+gZi~odn7dayvD{;x{HE$=a(gqzi%eCDnXDa;fX2}#)eXSlbs6O-Ks{|QT z^^?``QXkDle_18(8X2L?pGmM@j(#p?rxNy@m9N;0Q2aob1viI`@D$xXHT&1}hUWa^ zY#l7B1zDnI$%tfE2281>CVA~vN+XGY7IGP^ZFLy%*oTE;Xo^~yaXI5!#q_%oRwL_~ zZ;VY$XGEUBC1a_M+xxb_aH%?3p+8%&r&?lM4>#{XiaF8qKMwHi4m>M3nc}~q!XfMu z%td-nBnSMc1Ek#}XrE^+{_fu*ON2(=cnca)B#Xb!Ov+3e?zh1TZ#Z+Z=a$|B047)J zYLAvfGYW#ZAPT20xc9umi2XH-MLy47Armi}84_EQ@L= zC4mo1$jlU*$=kDEggL-{JceEob&8^LDoTX~M_mgN?OheDkH76S1x;|K@VVtia0cuu zywbx)eK@V-N}wH_>HHSq+M%~#;Tww!0>d0eKGH{#uV{7`GXkylpXGM=u-{k(U5Ub& znt(H!7Z(cRZEZ?R=|9>3C?@xc^4IDBuMRR!7dKWDgVyey?lU}8`z-ZpM>#3S4~y=& zX3v#xV!V8P8JTO+p7?HvXgAyrXfu17vG15S3!-G~JOrM)M1J$5df_~NXQ*)-@p-GU zvT441Fqm%r7;$IsT&*vXQ7XxO#d1k^t4Z8q=$o zUh+I*aKL(hY-GizXi&ulaY{OQ%9IYc=9mcvy`PI+XOs6Tei3z+`NLPdYOXnk^u%qc z@0i!o?9|!z==fc04ylkdHfDE4?h9=i zhX0B?L1d;&r~HXEK~~Jr$Kf7dr>?&`VQsP-b|fm09em-Objo_N^zG+K*ZEbG&l(N< z=#1sG&OWSBUq)w}q56eXEui}KEjREmM!uxK#`rRk*Qy;!@?_u#nt!{37 z!=WsGbEw#H-u1zx+g})^FtgQB)$Kd#6(v~f<4i2R`TX&=k}t`Xsx|at6}?2j9Fh4P*G-t1JD&1YRKhZQD-7P(USr3BH#3%281K<=k4Nor4=6a(AXB$Q>gmxL!!&%7!8Jju($W$KBKtMQ%Y z_B!J{58@%&9vO_+A`QC#DM#R$t!4*m#;_1dOp(=buOptlmn8xvs@<(lshwMx3ZS9M47)`q8Nu7*}Lo} zr_L*?Giq#l--wvBlUs|dj1gu|))9WsIa|VF!_F?(xQ35fLu##!C7Ou6T7sh~IEa6R zUb%t%v%nhv2&v1I2kCuK&}c8IE7Ee%zVMfEZZ*+@ZCGx@F zF3C#Fd5P_ELlP8wbI~Mr-aO`KJ^}_UeCeFJK}fRBImZ`YB_xAz#PKhHaNG|EZ+Xrr z(#5kMfpIanOhG;0X*;&XCH|`8zFpSkLOF z{X{1nZlDal*=w=2ra;9u{p23KBeQ@rZa zj))A}EDIBI$nuvuBvDN&-~?DaBzCoGQ_mJq-bsmolEPMGaYvXGRsaP`B=cOz0jY`-3Fa@)G3b>5$)#o@%;I(yG?6$6mL_*Q)<-8mnz)jT~a zpvA8hRz+V>@P5(6x}Aqfbk`mr=gUc-k-U;z~Yiql`Nn`=bqIl+)N z$nQDy`m0ug4*a$^!`E@5Kr#8i6$`4WV-9vks%yn5&$UH9ALkc@Gv95)Gicwbr*rtr z93FoKARQxPSUaj_h)dm@pCk~4i|=SmJULA?cpFoCk^$&E#!pbeh=BQ=`D^#GzK6sq zOEsDz(=r8I^2hJU2cZ_zxugbV*W>E^QacKSr~F3M|5SfB?fve}Tp20fN=H5PR0Bot zQt*e zaWu=V#FRR#;elUZ1FwpO?6+H2r)}uNwN<7hA)s!ldC%p|zFrT@2XM{>c$)It#np6L z6Ij>R1)IC!A57SAhtY!I-?ma}f;{n^*1%DG(924B-}BEt-ICAOY;0&~_X(!NEW6e; zZ46h-T|A^9t@snLmAU6vb;FFY(pOQXkf6Ttyd-vHY8xQAx60`f_tA+TrF+FxImYC0 zk-9}3-~Wx))vzlDVc#wL_I&x94UBUq*ZnM&k-%#Cs-whuQ%-Vzx*z#k#5mk!NRrPBJ?W zKG-ZI#C3SH-S9Wyk%&^z-L#%GS0lDSI=NPVlEKxV;o_13h1N)?ri>TJ?0<-BpK0HE zYam=Y1Ct{GtbKfUHXWPyD#ZPv?>(f7Z zlh_ptgUjv940_1^!YsQ=R`iWMx#NgGT6FdPB4Ati!PI#@N$UFgD&C%Qb2;Y8s$qpk z$jWFI`%K;Wedi=IKrRe`bkTT{r#z983y!2Zj0xyl8EE{EReSZNweJRvBrkSNszYChq8 zEY>pSO!I*2`I(RVD_G$7q_aZpldsVCKGeFmaJ5j6%UhG;`SJ5}iiMg7_GOmk3WFJ9 zVQT)~+!=x;7ABHKc{6tF2vHxHK76h$jqo+Z=!TYI-+UE1G7t(ihOt^xe(^{T}A6rf}A{oA1NKAX99 z_(19(lz1I=2>vYv+tyNh3m`cZrsUmPV$}d!%Qi8n+91enFDU!OpD6FwUzRkmmG!e; zTmIJ@{4wP2qpzB1-b3&Eqf#H~uH!}9+S}i!hD(*lNNY@wL=Nk#^9?DY zfA;@?0Z#S=<5S3w<*T|hF{4&$$Tb0r`}`nOqT$v?)D6-{9h(CVC{jzc%=W zGO_CXZa%KY6fxGkDGR0vxYwO>+ob)wG0ro|re}9}GS_)`xPT|P_Kh+0!Dn_B&nDj> zsTP^a=v(r-etM&(O{L)T@a`CNdw)A(c>J2HG7^FW%)sIf;PIYHfS)vjqyC)NlePSITpy%+zvNxNp1rwP0d`KT&g9jcg0>ma+NXfL- z1CZ{0&@~Yb$KTE%EMIC3kk${_?CNSeVv9wuMo`%>h28G9sd864c(ctm6uV6<1c8%- zZ>0p22i$kp6I)x0`u2ka-7**1eq$vk^=xvvzMrZu%>uOSF&t++e7E z?W>Ba1#dcRdnD~KMGOG>@ea!z$Z%tdt0}inZm5Z0HFNs2NE@u{2=_D5>*Z#V)^7g# zOr2r?h&iCpp*nwktUX~yg~61HpCSvE*k;`q#BMv3HV>$i-<#7<1bU6Lxy<_0@FUH- zDov+qY}Nc2B%|MeWyN{mn2vCON}St5D0%X*+dw|Q_&4c`{xh%_(n1?i>(H3Aele@T z){*|5>&n{bxa4J`dnNJ8_cgJ1e^vate>V%)Visw0kJ`g?jPxP4=bHm5yh@oAs5vM^OrN6{uM<++(OlVT(;?1d>tZ>jM`p{{$>x6hg=m5mp z_2GYMBC8v)U36&ao1sRn97wP;$SB3Fkk=d{IQ-XpmAW75m5-yk`QaCU_zQ{yUtV5# zv(-FB+9eOrjmYhbi)Hb7y{I;vR~dVUN`yVJ*xxt?wYS>1P~^QZX54J8n3O9QH54-C z5rBO5TQG|~OX^do)XkcUr?8Dz)Fvn?05G4_99$K3phaxf>}`8zFfRHAawJqFPFjv6Zl6JAri(Sii9G64pp4))J`=5fEHc9 zwRqqMp)nh*mLQEFB+6|dqjwIJN{gn9UP|AI3w;T^dO#<9)~Gf={N+*x(&o0S-E<_m z8&)<8nA{J9+UX^`5D(fc70piCFYMGAaD|cteNa~Xn`n_#T1WbC%hou}zdqUBzKZ-K zSQwUsQ{Qhz;5D(gubIboFiUP9^rqyPQouhy=z|97K3JoALncmb(_}vwmmbW_FZkg@ zuiuc!3z7B2!wsntmpQDQC*n^{65_b|(m+7V-ge*u0cqQ;)~0;k8Ci5R*v+G^VEgkW zpx21aXWO5$Po?|sPx$+WX#Mj-&rX&&W{re9U1?Q6Dv%xi7hwQ*IV=0`5YXY7>cyE2 z?H21`{(KbBa|h?ZFpZFE3ao|)2#VXI@J5!Bhf1xZ~izsvoz>C3eiXU$kr#$t1pj{+9^ zT(uxyXn`E7ehhOVXZK7bKWnY!YDzfbiX8kmdiq@t41ah~*$%$vN&!$GC`MN;WYmMu zGk2N#D|SkCwe^Q*Mka8Tv}lo8aR#&rdCB?j5$$+f87b!14-4(BR4@62;20-UI`JUp zl~#7jjuHFdv(3a<&s1z3$<>=+F|mYJ{!QP4$i)@9QICKlkD#0d`Yc@&;b))e^^|H5 zs-N-!jWJ)Rwt!52saXj$p1TkJ{uZ%Myjse|rI7nRSW(>*tgkkmyvMte`hzTb_(?!_ zD^YQ+kCpj~q@7}&mdtOgG$ZQ0Xm$%+Ae z%ZE>oozF$e6xPK#LB~-L66tb7uQobXv=;u60My!^-dG&6uK-n8%h>&>whFE(i+m1& z)8{%aPnIq)a)`Urf{f_gm=@>JM+}F)vfLw-tDAn^acNDuqRTaIqgE@(bYd1%(68mj z2a$#@G;7DsH;NeykK5CG2IG`~`y1MLOavPLc*$u-?wR70%wg5t6+OuxjRFPzDnu}V zpkXvnK?v67&BEqDdOz7tE-}#FdwHpB>}0gixpExbWf$o;iux(OxVDt!zIEK?bp7cM zKJEv-p+a&DtrSa2iH5n0UVU~z2-NFnoz2p^%gm-;@mQXo)9ZGx>5FLD7@1ZF&APAy zn)ky&#ztcItc{BdWSr$fN4f2QP6z&od}bQvM5P0gqCyAzCKj$&6;HgkThfNPZ9G*o zXIiGl?^NA@>*?knbr*ay*bDt%{hc_|aZ3A|U9FJYvoZs3T!7LQLf6`pte zMLW{f(T%$2hks}ehLsJ!uK?`2_BEBN!;)X)zL$SRSYPL=3Z(y`bTdI27OL@VcjO*E zxrj~Z8CHJ!epV_~ev-zmF|slz`$J*bL(--#xKUTD`C=aID;~dGPy;vcCk+)7{|xvkkS!6wbK%lG$39 z5qrE+4Tj*$jgW!On|Y_e`<=CRm1-9iHRk#I7U(g2=IntanX2`%5~S95lt2gOAbEoS z+6yIWn)b`^9Z~g-tU)-S#4$IGAv=&d+?f2l*BjXeZ_z4J^OHn1>dIU<+6A&k4_A7L14g#;+$sjYBM*^Pq99bE8(kG%>zm&X5F;OG#Wo|H*QyNAya+98G{7fA%Y}*x{^cu~m&r4*Esr z#q5MyxlZeQ9oGt-ydHIHm-n8_$bGzBr}C$-DTXxYMvY&3PT;B~q86*eX|uAEx<0k1 zh|fe&bE3K9NEo&q1IhUyb;KujYM$>{ut^*R`o4)(F6weYc9Qpi9o_kwh9 z{*d14%Ex}FTE}t4^TGN`w=W$5MY=n_)9EjQ6BASo-hHhGR^4F;YredfBg0SMA!0<& zgGko=+%rG0_>nVW4GaBBYw+)o{rc0C5&dAfLp<8AETY0h()1vq9fV3z^5eQNXcTNY z*-YT-1zQ~sSOb1nQ@1p@M-5tHz_o8iJiCxGYtO{s=;DYPTMglrJ&B&4*k!ZRjy|M$ zwAIntoSgSDn^>-5GJVXkHSREF9aSWnz8kn^s8r{6cW^~2x{NmSG(JtEdI7V%{*`=B zDe%@7GfZ{o$-;eyeAGayVyg|ItP%1?t98wa_G0*J0p4B{jFwU7vze_@nr^p~4XWlH zmJea@BJMSP6?P+}gD;?kk8pR_Wo)?{wv{8jF~}Ub{Qf1SSqWFDO8t&9!@1a}z1e15 za!rtn;))FS*j(&4$f~n-&+>?z_Y(IghswJdo>pUW!_|=-`sTXxu356K6(*0NY+?TW zwb5uZ;!beu6}rZC!7x`T_*Rb5sOC8dV+wyx3~kRwN~M9_@a)EUZft$OoT3P{nr)`8 zX!s-%X!kQ9S1ymk!6v+KUnKj}+0s5(n% zT<27(jc7Mk3T3+&Y9do5S?iB9G;8yr zC2gz(SFbIU7=)n)3S_nRAs{gtwCOA9o{72G zj<$UFo`1xEOd-zFmERl9qW%%O5lt*CyGSt9Jt~^1gEvc+*1SEs<>U04(f?`Qp~UI~=P<9#23*DS zQo;j_*cYGbn2I$MR9zDfGGn38e8JGTZe|5nq(0s3#0x%lilg(d%i7Q8$ZziKsUZ%` z>-g%1r-$TnpAWCG2)GkH+$wMUTK!pQs@t93;q}o`;n!+KUAE|BZ1lVh6Zf9>GSU95 zBJ1j1d+F6L1W(ehNM_okiaeUZ)4p7urB(k3R~oOEDib{E{IBW09Jwb}AF$dWMd|T^ zg}N-`rUz<*@i#s;k4*~_H&a@$*xPwUx^HwztmXdKLW&2@><3=TWl7;mB^A1o6fgnm z6~pkHV?`uh`+?|<39b_0#R22lUAv()&1T8ZxTj-110S&JpALqj1Wol6N0&3a#HeGAI8vJO(rc(^< z20cDmvRr)C#wSzo^e3i+t|>G?D*J_ii|FrF>{?Q;KY5W$v!npdj)TY8yU3)mV|}KD zWFKnxD7``+XsbOALCqmZDgXLuB^Nkz=Kwpr83n>6KX+(a^L#)h?hV-PBNdTG0Eyt+ zJ?0dcQg8TEWoDssrL)7GxO@FxTqUit@u8-7c{|0z+0w~mrFHm4mmN=>M<#}jfP{P$-a?o0Ha$-x2W{F~vqnrD4 zWo4~^gEsjCrboEyPB2cK9Dw`CQ4o5}@*TedM!S`G0=w)4T4~YbBtgk8`QT6fYv4LA z@|$^e=Nl$EM_ag{hfzZQ4p6z)TNd*(BDl+!-KYWl3`W4PM0)LML9{(@XLyeG0VJ+ZZfn?|;_P$r zQP#td%lip}$*1JOaS%Qw(41tk@#oh7g+g(m%nM}Nl6Ts-Imr|NCWAuYx8xavTBD$L z0!}W~VfM?3Dp!FnUk97aPDGDpr)u+eUPFme=6#0BcZ57K#d;fNlc+<;#b{GGKvwc# zeVrug>fn54bhI2j#?Gd- zL?b`a>%CYo$;!ZU0?Rr!25W>SI0$!&c_m*q>-1psycOOXi#zQ#7#2=w)>3%!W}e3c zsN7-hdNcp7-C*MUFQaW2x7^(J2C{D-y>3w7olJbMgvJb{Ed2gC{@LJxrCzz7y=~s` zOF%ncm6{{ngc3J4Uk1`b<>lX;)w190#60)3)tHF)Nl;?--4(TT3d?`iZg6RZRgVSk z3lX(i+?>7JwcIq%!{j>y_&Tl%62$e*Ue?L!FOvIDwu(4h8}_xDJi2&0W2W+$N4-V- zeg7=tTQzSyvsTef3)o(-zQJZj3YqQ;+To3&jIma0C+C*b`)~h+Vd?KNj*eysF)@-}&oD1AOWhHjD}R&?;`3t>edR`D1)0o?AP*}5^LT&|6MuHI zs-k5Rsu%x7zjraJ7p)6>uKok57Sk4N$|PaJwt14)TPs3Ww7b;KRBHro54&~J;2Hn; zb26{9DW6Qo(QvY}KA-8gi$B*g&G7f%4b@Dc5_nOak>ZMS-&3Uesk-5P>r{-@)LOI4 zm;X5axS<#rS-hj89x?3qB@$ZOMY>eZ;YZ*Yd3NfY;s(~vMxIX7{ho53s8n6(V~3v5 zDd=W5>(nAyOVrMrpHv17+--MiSu@&VFnUqyD+a1sC&OE-GQO=}X~g?f`+jbw{4OD6 z2q68tdlNrjiM^boKf27U$#Zsa6JKiP|Nauv-<_LU)e^p`q~l+ z2Aj*aHc|^n6EScBo7&Se*@9^)s)ZLnV>8rFu04$Mh{ra+;=frJ6b4M0*3%Sf> z8K_>|bm9mcSpEROH-Gg~U61*s*h-FD>AP*pD&n4Ws_y_ORIVO76ob2N;=8`ZCCWa^ z&EFaD=O;DWYmv+BqmoD}UAtCBUb;-fI@&u#)sFiWMlQx}>>c6-LnogWak^0wJWLW6 z*Yzw9`;xf?b=!jq7Iph>?Oit3>F}7?jxTFf`zjSNVp-%yG@-zbe|$vrw-QB8RwXc+ z#L5_F(q>u`j28G}|IeK^GZ-jH;#`w{u2BVxGx}`muWJjvrUM?J0ik5S({=n>CNUUS zb&@b7Wt=MV`JdXfNBKZem)9;>in_Vlw(nvNUE{V)DQefjDPmeV&{P=abFmXh9IthI zMd8Ujd7Qg;?TdZ~QA-#AjuvQ`Kh~1r&^+j_6alw5iTp3j53CbxgJh zk>X*AvKpQ`rx@#BIY%-gy$DuM&jrE6WSX*)zEXBGHFj-TPs@Ka<6rK}Dze-^?RrAl)6W+su4ly4HCJn^w#FD&i7; zCse~L_a#Ni%@CaZD{0^LR3&)3bO+iK}4P$Zc2f5f4SJ?hs7wuo! z6kKemxPOP?SNDC7*&6mC3);yl`OQ9^*;bx{mR+ncp(S{kdQ!~FVXKzh>VQjn)0jaU z{$S~>q|n?g-J&i4lx_ptf93vTQFNd_9yl}OzDC4AAH>T ze5gX2FiH*!V}#Rrz%7fse@*12S^1o8IE^0&jON-ia;2LjG+9Am&w(16mc>hJC{4Tn zEh{~afpDvOPaf_EchxdaAtATJk(|9N`xN_u6M2ECu+_U>IeU@s0!rO5%@GX0ZtXl6 zNX<1W3)1H7EPTrn{U7a%<{JU(|FnDwsq$Rl(`m{jiRkaFcA?wf95X_c9yp$V@)CMI zGQyr`{dtXb7O2WkmWlt)idPVyHpp+kjCK6^+pgmMrgYefR)W#cHrNRN{=b}jM#I7S z6Lk_HIK2fWm`I+X;o;ZIMBSZzSQ?S`cH3`=_)v6uH1MCP^5ZvD&tQRf2Z|Z|oLKU* zBoc?&#`uD3znKReRXJw-&$S-@pKGnwaF~N%P?sTXGlrV+ygNoROV}l#t}W)vZ*^;h zRz{-8%4lm_i^U=ZzMc0TFS&3gEsC8Xr)P{Q1VOsen{3DApwSF^pHraN!!xHwsJu;{ zJ*YVTC5x`o)s12wi9AY8c?U@%qz@MJGD?NDluj4l#C9?X+xOXp{yjbjOCreYtUlX2 zt)*5TgMJv!*#GUkNUmETNzVvRyT70>W_YpwYMbCw-(kJ@zKu9ud^RcDg3b`;#OVN2 zXO;(K=^sbc-mrEyIP+;8u)n15B`bkeQVuRJr>Cw-Ew1xe+Qa)}kq;=ZFxF4NoIL!M zNYOvm(b==^&9lf;93HFKUeNMe*v{I|r7T8sJq7v!U z&Z*S`*^`tm?>d|vee@MN8(rAWrcCNU$gTyKQaG9#Y*_75y z_=hk!^B0>^sbAS5F@8=%AN?BHk3QS502DddsexeoQrjbJpK3QkN7Lwd-9gB7i6ekr zf#dK}C*Ij^x}ClAsdxgz=f@u{D@j+C{3vOyTd*jRD<*^BbsHpZtQ9V*apsLVTN?*Q ztWZ}i&^*|qVkUi(o+J3C1rx?yZcyBFoMLv9^O!Q(7ABL?L*z4uzk?`LN~w27_8ivn zaKlzjp557G#%3 zW1A8C$mxHpOo8zvKGpia9{@}0|4zyO4Tk?nqpSTD2!@B>wuRWqlWuIqT@Th^yr4@YZbY#s1-8)K;*M zk7SWDbP24PI7PHz6*OHxRA_VHwb0>tURif#Uy;}l+t(7p_W*t^o98b1wjR#0W`E3a z?84b;*T^G}&YeNU zA{-%{u%!-qp2A5>b5V-vV%lQTWHJC$?7z1mgkOdp{(U4wB!@f{9$6~MJNfe7cW&QS zfA!y%<^4X29n|4EF7S6GpT%(?)z^dG`<0-U8CU1^3KfnNl}Mv3)C+L9$gw?7FLtUp zrGIpNMRDhKC!^u4VWPC*yH08kXQ5=FLH^{vp`M)=1`#3Cb=nv&D!*OYfd4Vud1P}T z+;@~EX7yUwMBohFdCmctHDFNpY~>qV6=WjXH512AH}AnR=F=NAjBlJLQYd@JC@dTn zVL#p((V*Al)yp^aYv%r8+v6HxIV%Yudw;Jz zd2aeb(JBAASp^(7^s2s+7_*zP@iHd^6oQeoNn>+$!g>oh-9fl^@4{K>30 z$Ko32{ukmE{V3YG)P@I*^<8DGcF+~old8_d4tEKMfo}AqYUs~R?1m%sqKpazjzIeo zvR@ATd&8%#8+xF%{P>p9x4+F_EI&&L=;zo+tgJef@D{uy_n$-5nKro4?`=$D8{eli zP?JcgWNv(V{P;|Yr^>F=E6}h&DH!pONr$$KFM*wmghZhUrd$vld9)3wuP+4_{mWPyaum1gDDY_e<@bwLrfFA#2_j*#?Mcw?iD)uz|*-w}=Xm-Vo)rI~xP>up!kOp8(YDIqZwQy_d7$jY=nJuviuUK}X?;d4bPC7? z-(ygaU1Tf%waM#B*#Ux?-L3o4XUB%+L7p;l$EKej^UJtT5=TZxrt@90KKaAp+Z^zd z;fc@8Hn&Vq?jh4_IYIpb^-O^@P{fQ(pO5hIAt$9tD3ijS+rmPRn8mGKCfe!wwCpD< zEV5R0Xv03Qn~7b*768vdkTZg_KqYJv@TlxP8PO+;pE8;nzsJHZLyN$WmaX~4J?vczvahI-gP2qd3)p%@gIZt z&$s35IRe+l_}%}EoLUD1xgHFi6a42?a6q`P9R?HSRRyZJ)fz3O(;DoeJfpvwl!2S> zQtNo3%V_fCFOTVHdZL(b+<95qK|lqo{8Oj~_xkcRv2Y)14?T3Q>6Rz=r(NjR-kj_% zpJMiq=~Q?=cN|iLY{jC(v5S`s;|ktvMCaw~6Jor;o}~34*Y6C)`g||+_~eAWJKGO$ z)Oj^Uf2srpNgLI&9t886Ak7R1_Abj)Esid3`0Nf zdrK=N+m>w@G2v%h$3v&URL?0p`JZH&FB2kSkUvBBtHRG;;$H-%`UIo{Y3CbLopFbP z0p+kJyLgqbgDy0h z<>x2amh)ZBu6O5XF*olm=FJf(cEW9^FdHB~(9I+S#y??8kX94PUx z)p3n&A&T!tzC>S_#PR4z64-g{!{26p!x9Z>ruRj9@Z3Upc*7B;dxlwD%nj~_m$1_f=HdrZToe;t14y8VQ>NY#Jl2WebS ziDrVRW8r?1*2#}R_sRvGN(FV~7GTm^^J2tpw#AnSvceiV@A3!UuOh+-tU~!^Na1p> zTEOsh0@(#{>fr4f6NlbWT4g+2=Pt>r$CfE4*9!bD(X zSRVj$5b3l@5Rj%r%}avAc#k=&dI=U&AriJJeB!L$lfmd1g#YI5YDqnQ$T@)d&4KEq zdlUb`SwNc&By89j)A|#NgVGJ;A|I6eqb^Ru89i5mcQel&>>oE$ga%s7AECM5A{!d< z-fB2>{MzstlwLPwy589e0&{I+yZmdEQAw^N4^im@8BQGe9&^*IHHrjZMqPL|k zCWa7VVLk;`jP_l&jv9z|9Ry3MO{WvsSXtWUL3*f_8K=p{-8k27oO9mJ3<7VZDuO0z zQn8kgpYlnUM>eh#4K>DJ0x!f6tDM82876Ev@8Q1*syND9bt}I<$3~nUSaAD_PilD& zu5a&{7ZI4nBppuz;LPly*_9>hfL|`ujdQnO)#bOk%ojVlG!EH@mF(ax)b-|6%zYPg zQCk?RUcQXnDM!hQfvhfPR6Vu2t>fOR(duX^+9ZY#;el>(<+D5+o3h7b6dh}=*s4u@iRO(Vg|yRu!`2P>|AC7-c`U*r)QBtA^-u!cCUc zv%^j7--=?z`QWAxr=&x{?m(+z*kcMBn)~afop(~&I8OG~JX0G!(fE`RzC9BmI5zTZ zZ^|#2ziM-Pf6u(#?S11VYLxG&!|m4JU%5obJ1h4I4*kFDma9=UkeK)0(A~dHO)STC zl967Mf25e`Hq>6eBH1YgUK*y6Qg-<=uCLxMyz6T5bsYT>D8e*cj8trP&frF}#qZ6^ zc+K8y^~d#P$5C1I&XLisW_+}})&26~T+aqD%^6OA$)nf0qgl^L z25pst!I5W2<4s9-QVvV)Km5it3ay~%HQx+)Zn!MYK2LU{q&sa5p+mr(aYR_i<pt*__8)YlOCkA8e;YOh$w^%-39vaUGAbpUL*2NOb?5CuuX9;McE*1$lU zC>qmV6msM*Z%Df=zDo zFiX%jq0l3EgW%l*Hu0E&BHZgXP&W#W5erR&&a>u%N3?#-YZZ*5b~=HiEj^0Jx?d+* z#z&mtrm9Lr*k3aC+RVk#Yw!llF2UkRH&tYvWIgsgTr_*wK&c2OKAuOw94n`HZ^b@Y zJ+n?Y-o;r3rXRjgCLfZ+!`-FQa)K(ns|x+Ek_0#V`Ab)`)XR%g{891cZdA|Q+*~N8 zgPgsifbU}A0v*-+npd-e<$V3+$FIxPVxsgi0joEuIlBV zZf`t?fm&Rj7bpfY91b@k3sfEZE;4eIp>Lg536{HB!Kkf~wFV=Vp6{ts^=0esKs71Y>$Qe{5jZ_hHtJQ_%CL}Gm8gI&Yw=*n z><_1U{!i0y?w1B4w^RhGBQ?Gn^NSH>XerP@lK00xKeo`~(iSHsB{e4%%MkNSw}GU3 zv4;$6vin2*a2n<5T%x6UQ}*zbgtmP84ZVt1oD4Z&K|>>9K9QopX zHJ4J86_?sX$0hfcS1zb4(XXej2R!w~b}sRA`+$oIBuS2);2rZWWWW_X{?a)won7{q zR8^)@(elN!J}{bseUgbO=om-N$c{qr-2_v{X({yIRU%=PuzI&`M=3;Uy5(5TT%30N z>&TcGwCz2g@hV#LP43|yvy@nfILYneH%N_Ibt5J3dF3Y$wj)#NF3VV(hVDKj>u1Fq zNZihV*f`Hibto6XC2KOHU&S2W4QJ+t*L8a;$KQCf)W3CP&&gUHLq?~XMid8*YZkK( z5k+%k`6pWkX>3nh$mgW%QgQc2xZbbXR$wjvw0N5Gs@{8{!*n*+p!577|GmDlgm4Jr zd!la^#R}JM;xV$}#f*O+!)|d+q{$vgEH_9us)Gvkrg!goIW-Ay_3|uqSnB8Q#y(w+ znup`YA-fX9{6&bw3XPJGxvKfak@8-Tv{z6$Nd{zg1ySe@jiJbJY_C=Nd_g`*HP6@D zU_jYqAc_xvp{h0{90$hsp4P+a!t2r&rE6$SM0XXA5YA^%(du4YEr~3ec~Uc|&Zkps z9!h%%5)&TGjrZVT4fb;G*oNj_C}%?vI0$<9tbX^(Ir@>#+b*b%HZbXe7oB|C-(JAAI4l!#1CB<1HL*Xz$BGLW#f6`|vu3x;PGwDze|g?H6i~ zpnN~5*OjP4&OB@3>(aDL4NXS|BHI>kMZ%b@nL?QU>L$33msu3nGnF8?A^KQ z!Rx2_M%P=Sy@u&MqNboGe5O>CykDRhG(s^XFhoJZkBMC2sCLcfx@aO%Dt>cnJ#<^i zEN6--8^(i&OkK|k3!S!jfdcie12(sgwtv@NK%E8Yhcf4W_8(@Pf0f1gEmLBpihZ{(5niq%ga0E$BBO$$V@As3CT{xWgirVFJt8&&Mq_qjH?d43Cxm)17g#~SN z`NgmOEg<`Ehlb2MxrSYrXK!TsdwJk}84ox>Sq!|CmN5#2r;jPDlXup=uT1lb|EsxRwc|lo}7j}5?9bWr4;zjC8-9U z!5BZ=n(WK2tsGSX+IsuySlaVM=Fbs9JHTZD!TMr-A++dW&hv#p1q=rk(Tg}f)VWMp ztsP*wY`_NLedh8?GUy+8Rw=Bh z;)@fp!b8RJrWrc559$}NtS?@3-#*`3tv%Qqbco1HB_<=W8mGAzaX9CHBfaO-F>=JP zb}1MM{hY~w-AENa9+3w}ZNacYLBBZblxNRR_}@(sumhHwQ}XQC8MgGAMag{t@i6a% z+EE^8kWekQQ7(&tkfS%fsj_e^6s(lgRb>cC-=zn-Ig*&K+Ty|gDE3wM^cw*UNavZ-1?W|9~I7J7pD8Zp~90mlwYONJ!|o zLc-)AM69g>G{P!a#=ASY1#?tb1Z@z1T>ZO1Ey^fb93Bh;3==+N=NqQh&7-*8Nu5Cm z?DXiO^~!Pe9Iv_&!r%M?^|QBbaA%~eP7g1)&Vlbeix^G3RwkW+^A(le2)A!_RB(j) zR+1rVc4GqhTSt{dGlPDB%T<(QP`Nz~jpM1&YlF@W*dgbu#Dai%#86ghqn}$X+6Lnu zkExm8ok?vg45C&}M^BSd02IL2B&hahPmq2A3E=z@<<-7;?6(}=41gDw8ZZE~Flbk- zW_$wFT5FYTQqy4Xy%%xBygJT;$PM&WLt;*{aJ!S0`C4CQ<(7VM0LSYK8QZgL(n;@5 z8rfGh_ekm3U6P24@S+2*x<;uIwheale6TU?$)yeQO3|XUXCK&jDQvkX z@=koe(#dcp{)Jml*qDzVBJ;t04Zd7g1bCcWU!R&_Ih>t+E3ATOFU!cj-WF7&x7Z15 z{vMp>6ulJfss+;Y?P-dWOq*_1Ck(6;Sgmpd_y^Y50^+AI3P7+De7p>V@8$^Xi8ELw zDum&4xDS4ZIlt)%>So4@+A%$3(t$A-qa%YqFQx#00aj| z$GZ;IWxqX0Kkk=$Ypvj9OUTLQ@^nb?U1_zc@-z@_uCMS_>c6v_z2=^6pj3d7 zb6VJ%n}(?NgNOJqkw6?eLyn!={YJtl4bWDeIF90ssTa9Ur~RH4WW!Ne!EF&blx4C* zd2`o$qHA{(nmx@bA9R-|MS%2OB!6>^JR6gKK4>pS`Rs%G^|Opi zg4%BYaw~sz80eVdi!;c7let2IL|PHrCh53mn>!pwju+)*+^ibiT$d(gf42DE+WPfg z1X2v@acMAmHx29nHVL$wm5_f`1J^SeX{ho6%S7|u$=0Pq^xw!9dMplG1IP2G3s}Ar z8%x}Jv@Y#jAm~Ms?O1`;U34CiE0%YVAbiA1#JX}nrv`K`IqYtW=+6Z`@dJf zTp&BU`3!be@fDuBeoATbRt?1LL>VcBXF_&cYqOR;yd8QR@*2?kx#{sI^jg({#tyU7 z>#iw;$nz5mE&g(`=Rm}L4~w*~pfge<}3d8BH) zZ@Im#QtMNU?D_7b^YzxJuNwZIf3|ywikn zg{U9H(;v6CSioIX6JZ~!SZ?rmQP#8in?JXasPV>hAu|(HS9%`K)>bg%GbrEQQ9y;z zXHNE4l3)!6VrQq%5$cI^znMjHYGI+4Q_jf+pre~h1ejbi$QI`P7?M{n`uR`T@Ikaw z;Xd5L1HFCxmI14)ImthD3dZrTGY@t8Ur4Kwix_ z+W2@@!Eg&dqvp$_jLRAr#(FkQqo4<;hrvf7cZ~gM4}s%T1>jyGS0Ifb=>lTv5s*vB z&NO(%0rV*An-u^9d13LY+8?K%75xC;7wKr|dn807E57)w+SbOMo?Vs2%oLBREme@~ zzKv?~6uD=1hG6GLlFWi*-xSw<)Q%w~p}BWz$ysDptzY=y25(~$$Ve>$UHk1MZ4gHc zbW|~+-(o6aTv|CIT7jkE9DH`NK%$vV#hG!%a_guL6~)|u0vXr06pUh+k^WJz?ws7~ zYtMKW!G|ep$V~& zR}g#Y+e3^D2|IMww9QnHN!S|o%aLO~#lH_Kjv=QKr_GUe4%*wAqk57p2GR%z|NHYb zu0WyAar?u4)8iH&jIw}!fqh^LC%A?uVz^ep?|FUE=(E(%%t5U$5+=U0*D@3WLn1tTum<^Kw2aO6dnSW5_lGi0J z_GckB$>y}KPKAE~=k;udtQ$q}9oA&3B2B{5y#e74VNP3t zP`ftw)`#zt*%$|k*%+{UhurO<3azd&*BoqlMMA|B~JJ#WH|42LWR=BhENRrRcS zc7wMqat|d;yb3UF>9173(&nnYTF&4Sqeejc0vr`V8M*1HJeOrhPGt1sZ-T z%7}HDN>O`tSQ=b(=zwEHI@{Yg!mnZBwA=%ut-7`8k~C}^JMdlet<9sli#nJe$B=3} z9)J?U>@z4afvB~dzPY@JJ$WabDb_6; zFnH5lt^JEw)cGy7aJz}T;$iQ1)i!Mdp~t(q0&FD@C0ulMU)6l%)vWCzX$$Erc6-{q zA~){eGl8;dc5|vcu(^W!FOQua%`0W%XV8S#ioLDau(Xvqdt%wR{ZTX~s~K$(&_?Pm z)Ykaw2mKPRwDz>F6)~jnP1L2ucNO~c?SkcQW#_#e{$KCK9HHM8-gd`36~tTZyG>Le z^WKY@urK6?VtTETxsj3Vpf*LJdQ=vhOvam&fKu+c%Fy!Y;hX~&3Nj8k8xC$Ez?vj zqeoS??TWwNiO1DBJ;5gMd~?|QVx&Vk`X|;^2U|d}SBPZuxZl4h>SBBYEtG6CsWiYV z?BZb(VEpMfs!YL& z6BHi8t>h+TSg5kNq3n3ZdYJt+n5jOMV@T^UX5WH)Q|ecX@k?psk!Xd4&SzdFQK65* zd7C@%6MHJpWdAJpbYo1tw5PdtF6pfH(U~rtsz|jXj%-M6y)44B2zi1;h!c z!|<)e^Zb;=9PDppP+(=`1Z#+WDg%ON<-FQfk5%r8=4)HqP)FC-sE>ClZ#pC+x%s|K z6{a-B7g)W@|9BSkYP*S~WgpEud6Iowx$6?Wek%{+K>vOd%}oaMv|C-IDD;cBR1j|E?+6?W=| z;r#CB1nFv)wY6s)yW{9pYINR1%j6IF_q`yhJGO}9L3i|WR<~?1Me#(V?T$^~QG4o_ zi~4QbAmz;;eJwk=Zy#&+fTc5zxSbUK)`NRby276?E>MSyf zzCFErw7|=`FMj|QHLn5^A5+B)6e;_PKxmH#s0?b>|7mV?(!0{wsRc;iAoJF;>}-w5 zoJL~P7q0a%piA(w^cZ?@=-)&qrU5obNkv6ccm@~z@Y#1u|Dj_YSnzd9a!LyJCYh?~ zc*E7-tW7lD7iIVLcn7h@_dblVd+-&KNIUA!=HkB1&MH-ke_4sn7-`2obE}q z6$||)^zuj|%D-*1vdl1a%DzBh=9OlXLPbvR$Qli9+l#h2@IXEJPjBM}!7fW_st(>M z{A;2Ae?$|9bXOxwlDne>W@vGWJ$`>}aYn%HT;EdIY}#`@iP#koV67&G9tlwaAnb8nU+ z<*&}7fD8`73lg`bQmTINajaqei}G%~#=ZE*Ce@CZpN4&pU;ihWASdYm_od835{%tH zuKrFL#q=oGir4p|U2RTv>B1}J0oGc{F>!TsN{o;uv$fsbBm#nk5Z;2#pV#8-(Z`t37Qo4|#)m6Q^@wQfP$4{J( zPmj)nOZdX}U$x70B1QuX^jk&K`}gnjiY15<(K`C&PHfMG^g=A!FR$8_K6rdg1mb4f zzL~=A-K-3>8-4T5+W64@$LZsKwOAHl6JUt0T!=DM{<-kk}nAzBR-Q0kc_A0 zj>UA+^bfO*``TYdK8Q_FN)OL?%^Jn;kZRZxb*T#Izf$!R`%ASmD$)xYC>LT3fbIP3 zu}zM+Zt>vYqrUd|lanI?<2tl2>?#bGRPH-iJ8;sab%*@jh7>6K-k_(aZ;3ot+?s2{ zq4E#NDJZ%D-W|vQsi?`j-iu_@bDbZk9pQ1fgt@k$?uCVg+T}U^vjIKpg63-mwlR-X z19$EYq_QUwu#xbpLM5Nk!y9K+w*3HiT@yO-_)PA(q(B-^f|b0tA|k{fgvj9x$e3G# zHuLz63rlWdJFJ@LH)W`)Df{+Z$A6avx^K+YlabMKb^&m!4-UZvr+1}F-UgbM&m0>n`Rs%(v^;F$MqBrwWp$Lx^WPU}JIRvt*Kt9NG6UaVs852?^S7e4C*r6yQd4Z@&EhMwl%R5S5be+o-&cY~Sd zOvAv$cQY>Sb{iBScmq{i?v%U#HL5d`Rp}tO4@P3td*Jiyo$yiPLn`-w@ZxAEfI?fS zcq8Ik;%@@Ge-+B!Y;HpT-l+jLitJ2Scv{JyDo-mJ&oN>yrJ#ljuZeH`CkLCmGb&ka zL7N(zma?_bU1nnCke6Lu*F>#rZjU5_X!i?L+?f#t5dtvbbUnp^Cv< z)_}29UoAg~z8SENt$71h^Ar#tE=XIpd;fCb*92JMUvNR8%q@eS9!~AD)Yq@=Q`r?b zznfP1c<9`|bB9yjdp^X=MFN+e!6QHUO%0!BwndZZ8zdRDJ~P1{ho#;PMtOHyaAn}{ zmGG9VqDoYlMRV{djoQ4hjS*p!qw7lCf8n_{9;7Zd3n+1IP{$lR5Z|c6t{~T{Sc|Lw>3e<5+R}3Brtsc z?@j$sdRsxJR8Mq6(And#*_KGIk*JH~xErFCW6cIULs;x^)20;=d_yu*Z@P|Tyf37K zHfPpQZx8HM&iAL7QFYLI$0rUw-m_g7`g1j99uF%-Z5jOQpZ8Mk;`5|#`Gli{lqn*B zZg+u0FH+f57{gzu5{)DR*Ii|d*f^@m^XK<_4DbLMnJB+j~ogMq5 zeguAp4#Xt-rK;P*fZZ$!QK-1YVlo9Nc-)~|jt-6$CsBa-^#PwYBL8p{(0cl8FLpoR zV+)}zmjR{YM%tS_(RoY4q{A_u0_Xb0icU7cn4UOOL7=`(7UdpKbL={}b|$pO5O$4B9|>6^$?a3$H0Ee1-5iKamybT+;*IEG_RZtqVqP zsjdS`sY*tuCRTF?Z4GUF>?b@O~tphDFG~!WaL>0yvR(` zL767Wmz_F>l=eaXWTo-n&mVYqPjf(8d;0@@6xcMQ;GeZ*Sw{DV zYKeo5`SU+tFxFs}=B&Q`u+1ii5^`c}Yc59%LsyS7OJzAzkLG-j1`XV$VO1krOZz~NLsA|Lk zqoDo=6F99vBtOBwzHG979)#P5ISpl56oqpPI34FsnEhj6bq$4}BlF z#qKD1xHd-x$Pnt4@e)f_ATVyY$TRIRtBTt@*{O+mEZdKSYL1sWuFYkHP z0$ggQlq9m08_>f-y&Xe601N_9thg9Fi8Xy*U z$UlmqP46;&S+768|KNEfqb`)61Q=cO1BZ@QCz}Vtp5PEIFZ!e&0^}>+aD%<4w+H09 z^gu?&^S+6HvAB(*<0s)=8^yr7fAkh!Grtz%X(PP;_DAwiy7$ zEcH?3DEJSI`ynt(;m$Iy4r5KOj3Sjkg4f*|7vxeMB}_8bT=8y2(S(M_%~fWX@d-+r(%?Qwm$P7+XMxXcb8lOw>H?BRk1*8j57y1tO0yVeWfbyMX#N@4qaN z=p%75vsf|~o?*o&SMM|wU+V~0Ob>zH9T5D-u_49J1pb3T+GA+zH^8OL#T)?b*0gPYySL=hadRP)`4iPcXUb-=RvB=0r(8 zpZ`1Y^!#vi;H8KAgOf*@bnT+mp05tY|45O4e_9ng)93~nUNu4i$_H9jzW1coaXZTu zEn=Vnj^a#*rhbW$;vjAxeNQoe?u3rBi&It+F5p+Gf$me5r$0v>wJT*lTz}H*KX}tI zC(n6BdJM>|@AI{PP8ug?3})YyE;ER73s=;{Gp7v#!nzu2?-doSMzxjFZa9!LN%^v; zM-SMqe4(MFXhT$(*WLi4wst4o>9sEmx+`GW?B$f!lB4KE8K2is<^14&XJka>!#ttq z044gIdfqK-yH3fj#rAr_Pk*%`8j{g#Ch@K>$NgnzIjzb9gm()@Dzq|gs0c4PIQV`- zs#l0wFl&=hcPCdr!JegBq_+zvxJrhj3=5<_BHyR5MAX_}SQ9HKs(J|hnyj)&n;!TQ zB@vS1aMl%lUZ(QJJy6mHw3OnIvy@dce6Tt{!ahHY`1B-O+;YFn3|WK>?3vysf!9ra zh_vyTX&H61LQMxxzEkKylqxp5a}YZFW`I{7$#?EQ->s%BXW#z*Zax2JZoWO#+!q7# z_#XMqXpZ4)cs8eEz~H^+jfUr82wH(qFRSyD?-OqxF(d3=0y(ZlVS-0*$Q-TKwJhly z^9Nq_TS3xG*;5TA@}1GHJV?dKU*;X*xf271!`v#NeQxXKW~^lTfey~xDh=TVJ~ot1 z%guV|F4`fW)D81DDbv)Mg9LkfoV%XrjbQT?@hZ5-24B_wo zJ<~J9Kgkyt^+a)-?w670^gJxypSgzUl;~ZHGk-;?`M`+t!odZX>{4sWFCXP-^{ZoLqdgJ?L{pcep`YQNSUKda*V?f zh0^FBEbWU-gEAjoK7lG-QvZCh<>E{0)>$PSw^~RKox1m~2S`srw6B*$565*Y25z{p zecoF%Z1G_gZ07|Mrlxo+acM2f7}9+)#{{H0_8kGs8Kf#mbq}wJq|4xy`LOD=WT-cg zG4;bERwhkHyo|}ckL~c;x2K~!TDwKVhx_YOrGVs&HZVTpH*E~=XDL!lk+h5 zuB5OJru2EIK5_4TC3ts6re>O612ViGpL295^D&0opS?Qh0;nEhRm;WIc0@-Y7eX&| z7zGz=6%ydviaJoY9E6N^9eJK*oWs7>Ci(@X`BAIz4SLJ;(j5zX3;UOg@wscY!_7-W@D*(?k zNCSeV3ad6!69I!D4=5a(;!vQGy6->n>;0s+GwMyh5$EY4zFv#irZv2Or^T4HSTXRI z?;mM%1L1;-&TZVYq}>N|!(E1IJ$eK_F)G!XT;=6R?|{J3xBM$ahV9ZtKfntK^^macovsk6^PV1!%2CKhc&TJZ_}bgA z-p&<9#vUfDc2y!>hp*PBsB&zFwL@npI&bzg4F;ajsA&%dlP{3Ou8r14gvAo8t>-v# zkHsK^GPp8Fbn|@fGHAaXy^Rff?J26wK;L1-F7w4XkTdz|f3QljVc2_N6H)+%Xr9+Y zY!@Cl6SwxYK%wK09#L(`JHS?W5`9+~+vTqqG>rH>S*RvETkq=uAsS}dkA_ZGB%^JD zCYg2yx6^qUS*;FMYjRfI3@ZySup#$6Yx2J(rW+-UF8F`6UDYts)Fse zbZ$kOrs@xnuiUYQ8*nyj(OUmF@(@zP$;-J<4*&2r=2Qv&vvberuW^NOEFi_B5*^dtsicbHr64Z zOA$Me-Z)m&JLdYya#xSbT7Jq6{X=#VoVLBVzxu2^7#TnR&|N0lWL}EKJbmr!r|$Ff z!)KL8jO>WL;a2fv9Hp5aU1uZ_C|&9te3!{67;nK{l^wm?txbDLqfN`>=K&=h5=?0N zfe>+GvyhD9UKuIGqIS}EN&CP``CwSC(;v2=9>b%tCpzXx6lSpG{~_xupyFDVwa-aT zLV_m{T!Op12MBJ#88o;%!5L1_0E0UWLm)_ScRL9%$RNQT0s{*LH zE!JZ1-Q6YK)m2|rO;f7om`CCwsEMg8nHFYxqe0iqilh#c7h`0M`{MPpHV<*3XX+08 zPj+b|8C{o?d^sM)?Y)mA%&T^sDXKV?Y0UFo&m!7uri1znX=I7SI7c7F6;ZCGV8xN; z^`)8`+6D%38I0Qb+|YkI>eM5fbsJRh)IN0P8F}$|58n$m-g7c%0SjGzFG-*PPvO#^ z&dRsKdhhQmvhgV=X1#2R@eUQ_)zuiAEbx)emPqF-SV`;OMBYSw;eMAZNL z{)mycxM+;Ke^tfV8NBW+%}LN1lNeIBuxMU1Y@H2no-H?Ong(2sdJ6*$f0hQ_OR(yf z+r>`5@8cC4Dbu}P-dTK2h}@fW=a^Z;dGK;6GHgxWoGrMyz8W0(~i$%o5yu5U!7xg zwwtCA{``sd^_errQFkqZSF__PUPB@=kP5RDXLrV^OZ##3&MQPZ=yDsII3fEk&%ao2#i^{`{}P#HV6ix95|sybq4AwR2{ASTBWk;Yj! zui%};bBBF&^xQf_+io`VYD+WZllLp6v2WajjquG%WbB|MCJz=>>MDVfpgU{>vo_IHIQ-ha%0b~ zusCGb!L7N213u^NHV8R3q_)}^e5Ggf-ImtLRphj{#qy&wjo2FyXN%;YVoY=3x|~Mh zc4S*`Bek$<4(z(#LZkismkHy8^EUL?ZNL4yLgm!&cv3eB<@i1k6R27so9hFim`_^Q zv)?urDIS>`p~g8SmK{T{vSrxVXHQC6gvd&4Hh*mxAr}4<9O6y)h~+gw=XoG@!Q=}U zp{^-=p)i7_TjMrHCyU3q+8}H^=6Asusn)~?=Zyscn7ajpk}y+t_e~n7+Ar2bS^1tH zf zJYh5)%f|0nM3`sozp8s4L9`WlZ}(gF=o3kVUS+HV`Vfuq|84(S3!;t9eQzQq)%WC5 z*mz~?S3!-K&5+$>nLg9l4>EFnpl8UDUk<7ySrWCCkz{)dO11S*qB$o4D;35aX71ZP5n-54!`T;0G-nDvWG&b;tX{8FcEOAA<( z<_Jd-2}H1O{92{zqUOt}{EHfFo+T48^=JB0u2X3JvM&fKs!`oOkPx#CC|zXdy9@F2 zUS_d>^n@cC>u^?iMvi;5Sm7e7Ir{>KGxK}43r<}=zW2|O@YU;5U9}~3{Q2_3lg`@E zH13?)Go3QM{Sw6@5>&p!h;@Rq2l0fdf*gbK_3~}NMQ;J=Og#WtloLWh7AWn2O~x`q z6qS0M3C|Rk@aReWkaXEivvS6|W?UaZSqb1QpF3M{dF{=vZnq!zX;4`ruRdG=W9qd& zAqOy%`-?4nPjSe8EzV$Os4w#hHltJD9^wkqD}@QPU~W z+7M~GjsH9i036d#Vd~FcBJC9+1Z4LOj<;bzf~ExrOg8Z?7i(ADu=&7^DozL63HZn7 zFE#K~R}n~D_l_?u zD*jk~e}sLQ=O^!s?q7vIF~=8vk~msqX%v(RKWLJEvaCZv{*};P;SO(zXzIUkpzsl4M{{IaWKiS=J=B zdyj?An>T%i4b?KNCj=W=Wb9@aJh`4v{7vOj$@jk7FKtKxb$NLL6g)?V#ZcDZdaSZx zKH5!InyIv0yl`jMZmoZ@@;n~~7sj#h-g4l$jv8Sz#rRUEGx@IRq6U}nZrhSzEsl9) z>M_)-(Xo8=%%>ORyM^mBFHB>iyT;U=1OmyefP5fY>bI_}2P&E2hbi_i|< z$=dbU5?=7~KC6BF(fKjTc7bxpiHS_G+_fX-VkC>(JYtUU8sQ*x{GStY$-w3Y z*we_X<6Ca0S#CF6QFF1OL=sh3PF@kmY3wp__Z@=c8JDJ6J_+7S+6I^fB~6YK zPtOk-NF>f~JQseh)4F!}pZ>Gx_q@B)erPCD0`bzXT|eGsiCs4Nd#)#~)8lx`C#SJI zN})*+_;SL%+&Dxst4fdi=Zus!RYK#A*IC#jNxsSAJps~&ni-EHA`A+nUscfjP1w2j z`g3{=)-}E)8;VCu7%fT>H)1{qZF3BGx0SfzCTBa^e2U{~Ne}GI(5Ez!n%aTm* zw>l|G^ARB#A>ELIB=vE8cTA21n(&bDWhKmggl%PwUn^vRnG<#n@yzfqE0&!h<}$UA zz>7yJVvubcQy^M~e(`A;KUwhu?`KDh!W#%8GV6t_gL6wlNA=#J#J#+AoD8~fgJPS_ zuS8G_Vx#2v$gtBaEaqCe$Q4cidprNA zu?%peSM{KiauUW2l}VkkBDIW6z$pfb_XFX+m~zD4*ZN(0^I~SHG20l2@5BPV`6iVt z2eYOJbI0XzZlxF<{oV^|vn+iymxP7JuW~3MgpFsY7tcqLlf=_4;Xqlp!%m4b=B5DD z9InTo>HrwtsDJ7PB(+tz)Zy54y6;IwaP}!#F*(ACJXl~YE60lv$xk*5`lhZ(E=kbU z|Lq(L`AvgweqUl06BQUN>;vY$oinY&QO5N)^pF(KbsSu0DN^gSk-*w*^em=Q7@=R+ zbu4=vjx{|;iRWZ=ITi2CcsQpwKVg3X*}HK&cyC?2gtk_x@J^z9P0{iFR@GH3c&=oy z%1~GXOBlTO^%Pu-?5ST3i2G7;5&m3VcCF*$xl*ks3fD39VqG+}$MK;M)Di485A12L z@M@rB^fx)6so^KeCsD_=ps?={7$v4Andc2>6;A9+GG^i&B6d1LlasgePZv+gg~~XzR|(AMQMet8BtGPy5xN1M9=V}=_U@|3+o9XE{_soO)>&61Cs zv=`mYh5Vt+UKcDhw%w`lAO4o?6=qG-SJ~ITkUE7=zrZJx9y|2+QtlZWt|px&5b!4DaE1p(p_|i*A3&y4y6*7j}2anNO7fLfv5H0#$k% zNQ4p(;PREVxH&!c*oIA`qrOoEds$?F%%%w0L z5Xpru9A2^T(%cbpvB0-^bQDGLz4P6rg*dU{0u;jft1S0*3~Q{uwvaugu9-wE#vZUiL}E^f63#J8(_(w?oW_kpB*Yd#s6CSfX1*8 z|NiMnPOZ`Wy4rHu6_pN=S$ngU1N2@^Xz2Xoaq;3?;i6Ic4{_hiFupf%UBr5i#G_`| zM{>o^y$sc~P|WR*Kl(B8R00U3IE-w+4??6oV04S~A>XD51Kf-VH)p-wW(05Zk=2>Z zo3(vu=@F3`Xz+;0RAuh$%e97I3KlogAtWoSwDA2BLd+;x59Xz1RmHf1I9*?bN5}EU zx0Dv*BhNe?{|gsY^L{~DkPs=x0!KcCiDiV7!$^F_SQcUoi@T==jzd>Y##5^uo?$>hCJd$0@MCEpM89e}5U*cpq0U&KZv*nJ0h~W-a~M;N!YS$0 z#eor=E6#C_jR6PuvqV~;?~~c{O0G|lH1Re0x9ZpkA!33-_TJ`k6`o}l2wQLUUzV>3 z2?A9I%!9SkC zbMwEocQi`+7sBkcdYj_FWFyO%=Tl5D*i@wZI>L|f0UW3Jf(svMoS3yT821TNdL8-x zt)$kwckdL#@d@JkKVf{j?*o3fWZ%j^rFT-5?@j3+P=F<`WFWuJ z05Y6INKlP{>;TjCC6;;r_i3hus3?#~`#$FATq)rp#rRSJOB@oW(sn*(1es6hp)?M0z-bSFjY`|M0V|(0xZ44&KwU^zhGiw;TcJP8$uHQ_Wk?Uj}BH;(7nHbg7P8%{~KLe zvgB+fc{_(#zvWCOi2z9<-y1If=+UG9xt`UJJM(CdU!0PZF&y()o4i2V34C=FCe z9a1-3Kob1E=i+gcI{??5#QrxKnuA9_9sTnL_~ygd&#-KHs4T%^F-O(a+;o7GOv&N~ z=n+K z&deaq7ptEzaRR~DVuT@~kMOC;!UBXiR~Iuqn}Jxx!AeV>O@HhKuHfqS zA;w+vw$BrvTQw?CSB>z0eE+&w=_y2{yPs}SCd(J8{>2#N6dmH1CMI;_c73n}bd6uV z1vv3r1l-Ob+Ud%G=!E$?TZjwKk_`G(S&YINW?NDCk3wYe*YHihNq>CS?)k(>u;Tl) zW#=rl)@v{ihA|hopm-69P=4fbFx_|A z7cYoH6zM93F%~+hdX2+gBqzqMjVfRr|)MShst?WK&i09e121jNJYyV|*`93ZR zTc}UC5S0IZJhRVe1`AL2QfXbcStW*g}7(qi!p;@bD6{~et} z$j{(Y_QrBk2#BxP@@V{naPVmn10f4chI;Y)Sk5lD>!!|-Q8Tu}h_PVEl#_-`g0`aj zr;8l6;u`xYTF(x9gJvfIb+gt3{8JiVw+Z65X^w8=I@ggKxmnMX`VAIbyyyJ+H)IAkgY^&SoZ&DI_=b3#SK0E={WM=hA{*THJff!eI+7Clu) zdM$%$=wbJHKa~@x3v0$@g>R-ge&V{(B3EQ{yd=m#+*Yu0Pa@{$4~%Ayoj<0zvLomC ziY&&^4b4A&uD6dXviXRH!8f=KWDR}wPq1pvw@Ck5>MqOxiFQGSc@)19L& zp5=a0ONPKw!7W-q&rq{GLhJA4t|$UApP&ESO*Dfy=%+bg;iPq&?`IPErfoq`G2k+E zO!0y-_wYLBTbeEwx96s+(`+kovCmMqP(!vzPji=mSB}iZSz+?D=Ma?VahcHmcO1G& zksz9$Pw48;ZNfgjVre7UQJHl%mJ=|#X6pB6OKowF1DebaOH>$f#izwp`h%cSwT}Tz z)jxZFo0;)B|I9rOsBv5{7w6u7>2;2Yn}w3{zIs#%6$wkl@?E5*kPI3ST|pOU-(&~2 zd7r)3LdWJ~)~gmiV-C`|~gV|2kHG zW5@AnUzBjceQ3`HWEX`S9(M=SzXhBa@48H#C(BQ<(hkI<+>VnlkGrCECosOa--_D3 z>!RA3E|2i%XtlVNHX|su^&G2sLqkRN*UBy1Slb8L8=bPW78~cu5+e)({R5%V7g1s; zZ%g0w&9ArG9Q@^G)Tg^QVObx@%*V$mpFP9vMt;SZ6?Oj0A^mHlIa2T+tF^HW z)cnO!an@$bPQG<9r`|3V zroLsYyH7E={|v!~f0XOuVeie6N$Hfwy_mQUKD&F=UrTQ^AzNkTZ<90!feom-zWG9G z&rjAqzL>X=-sY<9{y|!gf$u**w(?rse3sw+caJ^AJ^BU+KvTLPO%Q0e&eVkT+R1JH z;I579JV<#wsd6wx(}Z8mP;p^et?*7iR|WNrkAaazo0kff%wu9Sa2R~rgkCt8OoBVl z4~(1GGDsYyVLP5Rs2cg`p!wqmG3(ahiKpYm&Yt$u)d&_c$0{cv!n{ml7N<)=UF3E)WP8Y5P^<`fHyo?$y)|AO>TPufq-0{!g$M$2b zsa^-;Dsb#Q&fvMvp@9wSrS!$Nc80`Cd#AFz=59>(bL}NXnx6LK1tr+oE%GmGF$=_{ zbk$u=zK%N4R4mk|FvfPKxqKn&M?#EQl-n6^TZK|9V{jGaKv5|~HiIoWF$G`XRf$DD z*^SPHqyH?AH%MD<&zd(D=t`u9T*UA;s$gx82V|(`@@lmzDKi>ws@8G6k9pY5?J5%aH7FqMm$dRLNGU9Mv1iOiSqktY#z3;Fpw3a z2UX_;UA}rbizyuxZ7PGNgGg5jOZayMG+iW>62IS2M0Ewdeae4nAbC|94-Lr3vk=!M z!m*>fWvtZYfthi@eMTubhj;N(j`7AfkI}oH_PyFSg}NF!Kw@MaBEz0hS#g&7Wdk(0a%x}7&z8TiC9TF zMz29x!J&qM?8A{m$;}XPq3-?T*IZR^lz#zSN(lWXp(BVny&17kSci$;h&)gPfA=H(bxJ&LyC^!K&0~_3 zOdo%+l#U%6Y`XZ0bh51Q#K1!lCRLUch7db#5pw@d#MuRm%DIY*K+~qUxSOHKP_U7G|>X2KTd*38=R`5CuKxh0;Bma zzve*wp$wygm<8?mS}#W`$88&vrW9NqLP0FuN;M?d9)sbHCV|(cr~% zq}rGTGc0iR09jL*t<$sv^ovEVs=*cI zCXz;m!8dH%VvcoI#qj`{G8t{ChLrBWX`_yO?BcIn(#EXArHYyH>;b1L&!$J3~fSagIWf=ez-KDkU?P zwe+ZT=N0_cU5GLc)CpBd|mk z;%{B1b$h?4^+L%MN)<+>NTT7w4+|r_p1rtALxbtx>oIuiW)3%+a;K8jb3~OQah(fg zuf4}RomIBQz>SN6DQnY5qCBwVvNb`IGfoP&iiOxD$0OE}n1=4kM=$c?uCF=>91GRD zIctx#pqM;hgqvfK3U6-z&|R+5At;-^OISmlJ(q^ElY+fz{G|2KtG#&xc#aWMuAm)5 z8Lo-$stHZ}s7r!6E1a0R{mUpzQnUk)q?`pWCd1|r9s7yO5@_^*4i8zD2&X=cpZf&% z_Iyn)w3+xNGDZi22d$MJcherli8_*~Q&2`!lLS|un+UXboRD=GOwem!E-_mBC3&IB zhsdRLo}TP70hxFSl1pO!Oo#WW*e31z(K`IZMazjIkHrQP1{`&*(v2k;=yo`06ci8jMoN=%12@|`;iXAJrfZoq2iTXGdZ&Xy&yUyr|e%Pir zQeRG5JL%(f)xp>n^^096O385aH_7*avX99jyNsE=t9lz+tjLm3++s5{6eIn z%2(se3U$wVUc$kk76VR|TaXCO=OiIG@-k!ITd3?~GnV*UI<> zf@A9M^Gn#pycA%1L@g_rm@x&yr;XUI*BGSVhI~PtPy<1eQF3M>t=iIF-@Um8^mB`w zUk$E=$a7tYlq8Q?R=pkVwQGT*pC*i)-S@2gO&li~N5$fhuifxP{-3dheHVqS@R$Pb zt~W4!tAR?8Y@vJTM~`nYM=vM~M>DLG5>nZEdZCb63soZT5_y&WN*E+{4HFbs%nXRFu1cFhRit1(YZ_()|9~VU5jGZu#o$(w1 zJJVD%&}s3PfwIR7ErFb zAj#&KY*Gzv9#ecGBthC=`GNGe9m3bQT(61nQl%yxnIc^n z?Eh#;EM=V;@y+jnGbqMIAN>@9shr%o?EjjfR;p4eV~~5|B4?ksUev2(Y>^c`M$TKZ zJ2U5J;rAyslU@h=mUvE`Hf9MdbMFv82bT1pdic6Sp2OV&+TO3x&WIEZVl?UF zOnsDYm-^B(Fr5EliOcF|$dcAqV5_?A9Ma2M@tb8=;wVijO`;vp;u*<00%fZ!D*3g* z&FkRDvZSStB-^SDSO;}J+eoHdhAt?_R3g_+9bhR|QYlZC+LXJb%jkM8-dq+e{m}36 zHP=jB?=wkz;k=_1vkc_WI&_Mcv8T3&W!L(?*S?%M&sOYU&}X2lGQfmEQ%pI!5?n0P zl>9XdH(gV8N)yzTeA$&sGLv#(%t}g1TE<%H^bB`B9`+|kk+pY|K`hFh9I}g9M|Am7 z^g?GtsZ~O(B9d3Y-I4BjzcvYcCQH&dZoq6;=TjFhe$D+<-Hyt!PN%FfKj0*I89 zz!A{JMn!)g7rLeEvt;RxHsuBNC99>xGS=_W497n0kArEV7^uGES!nW6Koqkxk72y7*(w} z6I3}Mx(f0etfOf$*>but!qF#xA-d+!W zu<&#tW&LJ? z&8c3Ljf%a#uwMh!8GUTMf68 zj4l^^67Xs|$Qn_zo0RA)`&8&sxu`bV-@PPdqqslugLa|ZZB;=K>VVhn4fXb1OGAX~ z-+K}P8p=9Q;)0drIZ83*s!jw$8M=^UMYOo8ea7Q&WB(NP!asRN-l&2!Va8(BGV}Zw zs$_yQUR1MY5xC^61d$(-@6moLmsWQSN=h^Qti!3t3&cv-5oQkH`iYD4G*gMTfuHUZ z8-~V>>%C^ly_P^5OZA+>`=1}jJA&A@r5uWS=xtRr*L1fRDx$nVzHdrd5rx9HdF8N4 z{mzRUtnJy3Vr(*T1Nk^omLQ{sBo~uS<<{t!qdDz^`XYyH>L&$~nHaSe_(p@B<1u=%5kA$rUL_Yp%FRpx(_CpR1bv84G4XD^<&eSYdF~TYPnao z*6DySlixm{-Ly^4MM^#8QBOK%U(YqM^#rnzug>LQ8e*9iTp^cWwQqPynDf*#`(j$Pt`%msIsV)Rd_`(JV^wp6^)@+IUZ+=? zrFSn7BkuTSpeo{y+jYrQ{V;)J>zf`HkDoV`1JjPUF2;0BoGTx;5iV z+h|p&uryJ{;%oiGUVAXAh4SYyufTnyYpO)Rs7f3aVj_?ss491!10l4Z$TVQ@Lf8JD zikn#rn#&nGX6?u7iPegHS0c(2Z;u*^@%xx^S0`1EkAF*S=3 zX*Dw5;IXkO0OD)S_1Y2C(5lBKE|5%+T@dUa;}gfqBQ z;A^lhS6g%_6#RjmMX>H4PuoF!zTR>N_Inlxo(O2ZrYU#<`*^*v-POX#d~&SQJk=b3 zZS>@ePx2_H1o58;(KBc{_N|!Nga-LstyW3-I3b5hlANq4a6%=otMl^pvwELOVhg{9 zJ;!@Y5;pwY{NT$uZtwL5s+*fwp(F128OBW8Ew>~Z#H=)a8Tf&aL)gt*|c z5kKGldhL|49|s-weiWH$II?=q{0Q&GJ{U#i4_-g4GWZFTJ|g7>AD;)D`l;8;MOXZ) z+41Z?$1_zS5y8-RnQq8kYyh26i?9GS5mMTkI1xpDbnA%G&NLAt4Hd9^B3!_&%5BlN zF&NzN{=<2Yz(_$^OemHN2r=YFQnQyN|aH%#43_mj%3(o&1hV zpv?*iW|lcWEef6qr!&e}(xd#q0Z0c6q7OR-ZZ?%HuSTYXgvS;Ho&Q<8{Y&?i%b$2p z>vCbhZJ3WQpl_(BIm*488=}w6bGHd0HIa<{a6T_00$xv`kaAbHfYB>zYTD)a);kV$ zw$%i`(L)ooc;BT^jGah+ILPl|Dps*~zboTAvXSBdl)=X4EG{$3od6kOPEz&W;%1m^ zw@4*Arl7W6hZPZBSnxN_kNjN6v)kB)MQes$&JH%^n6Tm1{2bde0>Dr7KQHNw@L&>4 zJ|XsbR~y%P8T;V~m$6`>>jB{N|HIGuQh)uo_1YFr=SZth=BaRXO`WpN{A_iQk9a6-np5~Rd8?)+!r4zkUGB<@;6&98h z0(D1#8QOd>-wVr4vij}a%HjEscdPg6R2_o2zmST)nFwY@YurV(|2m7muMxjjxM#MS zr};f7Io6bf%jb9Zg1Vg?%Q2P6F|11urWM*d0#hc&Xpy^!n@Sp1Am-pHw>Ks9ua^;@@iktYHS@EoPVYnC2)l^^g75rJo>@0*I`on ziQnpd7BGX``f^1MF}8^ZYcN8S!0d8@tT0ucVe8Bs6xnrFADrh z4d&-DefRGD!?pv}?#68P|L(?4isGhqY^m~l={gQ2WinHSAQ&rz)NasrE9P(&qK z`Q+{IsbeF>%q?y>@R9Vcntop&LtXVX;2fY?6Jsr$m5=iw}Q_~0u*kw}2gMI3bl#OrB(5Cb;A*!dShBYPhd_F;|sfa(HI z0Y*Ar%!4>Q@UCihR0$HC&3Mq~g2Cp2-1spUlaygZCTa2eIStAOfdfviA=4TmR(P4m z#z~|7c#Sh)pB7crJI=@(HrX-eFmfh`g_QnMTIs(xN z>xk*l4HttqvRAQ7zMR4L8{< z4ary<=%t#llvs!`Y1Z3zLMWr358#e1!ZM3QKKSbA}P^!9}H%w^cG7r#Yl zS@6F(y!@4fD=OXEGD|Uj06~8}hc(k2Mn>xV{=$Sjvy|02@Vm2`pHd>>tMpE2A^1pj z5HrboySx*<{ZlSU^BukQMrxj8w|E7+Cyt@LoSOUno_(s0o`mOpB{N&%cr7N?Ip!r^ zyh`6y?%*#54Ba!fLKfa)AJ1)muM(?>$7er#{I{1cf-d(1%m#Y|m4sY|nWac_%=bh0X9~W4EfB@|TuPgw*IT#}RJ8mcn2^Kx|CYh* z98!HA$;POYoEr6flcRQig}4J_&RsmSB#asL{-K)CLWM)=TAP(8EPAn*`Sfyv!~0BT zL1zJ%ZSh@6oJ)~|r4^{}=l-nr@tla-Im<$`m1SOs9okpl2K@Qo4z=XedhBwxc%QZp zQB7zRRV}iFv$}k72QL|1mP*@-_(_3W4zlQQ$acG^BW;>!Hv6@VU=wilYxA+XkWmEt2_k4Z><;s?I|xxeAlb(K2l zI4&On$>Ov<*!nQaN`JQb9K>%4#ok&`c#2KU);7ABh)x$>`b|2~p8u%y-f;BMUm%{! zl6q=UU6&pP#lS#l4;-!{ubx2YGJ z_%?Tr7nIfD#44+xmiGKhBqG|RPxq$+F;WZq+B5P);@OhFa^$A7^|z5Sf$4-k3RCtR zv4+&!;&?>=$iCHdnkUyxl@wRvQjEgD-#o_~zwUI$n=Q>mz%!$edmf9M7JB13mZdB( z$5NzfLbwVs0!lgo^b3Te(_`BZi5bQ|deg}WUY{H8Oi7=-asyGbryuM&huc&W7D_g> zpk5|=L(~kXl2-9-3uQeMva~KI2)lwM{X@f&Yw*}_6XSJtJS~y&f zf2-uq)Bmy0A+)WQdWz6O!RJ2X)%I*ajJGEG9~)lhDIWK@@mC<;U^hO$s@`XQ8I;Rz zdvcXShf7+bxW=zR2k*k2Oa!%dG-h9eY0u?A(Lv~oB+_x@9r>MWc8>etI zWmr>!=>Hrs5Bn;+re3@&>#3o4id@;uV5>lx)dpI?<7Qm8iDy1$jWAQHDES21#N-9e zp!2*|yk72RXngj~h?blfH?^v-9QV0zA^SnfiTxQYaH{kRHnoUW1P(Q0cLa8VP42Dy zJYFWPQ?IxCf|dQGb%L?d4N>l20eZ}BsMsX9*-Y~2j!)99z_e{-ukS9S$GUWpj z0Y}!rI8uZEk;cYigwlB9wXo6@eT!#cN#G@AudmCE$oA6LoN^HpPh>;8(Zc$%ddFi& zV51tpWvjJacnWIuN>n9VmX*Bzb!h#q6YF56xTVR;EpnuG-3@ZRkeo}z2EauoPR!`* ziel4&D4TMtx&gBQ<-zZR`YV%z zTl;@lV{|LXP-LyB%%4%x)*Ogg^wI$COtn*Xmv5nTtZ=Dx&c_Of?}aMX-)>rXeU^~t%`%XwMW+xU5f(E0kx0*9H` z0aJjh?T#7O`q`Mkc!!Y?sgQFVyHSH7(I^>1Y}ZW(`=ZZs1B)&zJko2AT_s-JZAMmp z$evW}Yvc(fk2Dbnh!vsFo(AKPOmImiQd(^r8+kD3;2M|&NGVw$DbSX!A$WjFo;}AZ zd8w8)JLlo@VDD-Q5lUU2&{HwLc$bhsa>yQbhBTvZeAS1%<(&YN652W84iV1orzVYhOD!V7fSJ_)jT$Lk=!2vz$jovYzl8o5;?JqDA6Wi`o^IkC~^uH4PVl#dmn zgX6MzODkk_bAsjx^)6yEE-3$%5D(CJSE3h{mkZM^Q=tXBg6$~{7<8x_H zNhD-sT%&(VhopSX2sF)L$LjM+`7`D`oa>ppn~RVAl4EtxPF;g{(rt{wAQR42|6D*+ zQnr3RYv)_Q;e-!L0&?;u{1 zFiYtfoVCFz7!7OiSC7+?R6zCQv)S780cU#m+~)_%IR z0z13*olBjskw}|$v=^n|wt&kH*ZN&z;rK5Em-RrNkwA~TE*Po`M0E{ujOqQZ&XX+> zg_dnZ9$Tgc5ViqgA;sdejt#3tM18ZjRaD?oXV-Kw4G+xQFP#5oYjh*M%TEJ&R}+Z7 zbKOX%4&B|UYHq5<7&lAlwCaT_4IS|Pxi8( zd(-(<->emfimfbdG!^FDnId;R5`J)*uf^$-&1n{NV`RSw{u|m_e3|N@&4}m3l^d+5 zVd%ZZ=&4tksuV<~yi%evr1slf0sjSDe~=aw=CN2;d14#r@!v1l~sQE(O!A;JTvmG#_fvB?Mpx${t`x*Vm+Wh;K{Kah7q1 zzubPQafgRorAff+CxsevFnuL&!~6oPDQGUokaAkjx=xAjCJLIXV!A`n;(yuNQ?#x# z`c|rnIjK3)XMHdg;cQhUNgf`l^G*1x?+JUTh4RG+-<214I* z|Jro$)I3#ABq;;G_;d~7JZ&bAAy}}Q&I?3 zUG9Em}#m)R1Lj|Ji z&*t}jd8aw3a00CXGv0xSB?`e}6Rx+{@-gcP#WpTXmF&!Yd5a4e|8c1flQFChD}2E9?8U3R-{ z061%%!IoL_7L#lmBQ6$%<_I+e8?1sb=<&gNgyE0j|I_^iD|8D#xN>-(bklvrOtMC3 z^wb&6Bh$RKo02`;nEm*-jg_VZcUG{EpKdA=qPn|-W zC3Jx7kJ&Hs?rz~!RNiqqW4_md^0ZQ+s_v)^IO33#Q)NQ%CP7fpq{IE~?eG<(-r$x*I7Cc1seAg5irOy8*xos`?DFbMIA z*cgavmKxv`>0qn4EY9C}A@Zdi&%*9wFdl{A#|t{iR~uKz7_Ml3rS;tdatd*`KuELO z66n3nR#s<~*Pa83G>PN87cMagR@{T(T6>vCR!?kdPJQhL$M4KicKYD3o|dD`dXuo^ zW(|iw8yN%o4j8PP1=%h*ySeK4CAS3IN%+<9SxbBB0fD z+=&JHKEBiU%$j#ZUey2h9`O0TuhFB4+9Oh8;H4#wi={-`0eTOxRLM##f4+E?%8FK4mf`tOVT-aP2JT)w}I2EBC0SGQ!!^l5QVjD_;|2 znveSBA;fvOTj^J!6~t_{x3rQ*3$@e=mk^EnH73VTN!Gg^@))}=R~VSgVY$R=k;GXu zOL=uL|IN|ktr-v18kj(+S|s84>&#Zq;jm*vV5g}8)6N8kCukiSKjG^K8LwmMVc=OSreU*0+g!;)Wl`(t}y`9w&JlV&b0v z_%@M3-@=XoDv_>qmX*jQ&V)PT5M8#yfCmc{d!1B2|J-u2)?|n_|5U(n9vc2Ggc*`k zliBs;a_26rN6&&iy&X&j6k8&NJ$iXB;Fxscd(L6T>^@ z`&Z#s23OU@Z;&`m3a({9K~i5|{x4fIz*8SOvW~!Cr>pMBi8~iUvT3JOR0hneM?f`& zfs(aLc*Zo;mx=Bwt=8 znF8Ft`*NeIi^GFl@#$C@nSzSU^iG6STuH8OxkdtCD~s86S*Jm*({R~(1DugaI8@Tm zaJB= zCR39Ty7U=w-3saK=Mzp&O=ik$c1s#w@X#r8f4y%MdF{3aH5lada*@wvF5FVGG12+= zzT&}SI=e2#*n3hkIpgnWd1;mt%YyqH&OY2aZ|SDB2pMZ!fg+2(V53y`t;) zM;zmCvxR~E62SFs=PDrV3khRIxL8&{eOEFKaDDt-tV-`r?Ca2@GyyBWMKEN0P1=Y5 z%H@0-lqO=;hI=|mQN6Lak%4L4OP(HQ&6)K$CbrQ*zfLw59rd??7JI552U5&tz3SSz zBJvm1;;d|=hH>sx^-3<5e!ys4Wz*nNBdDB1Z&#Dsg^e^hw;_~GAF%Jv-5Xk$fuyzZ z<#e%$*m~>p-XV&=%f~xbeZp!4KfBqW+aQbBf=cKx5m(2d->!AkUyg%WhpwyXj0Q+x zO&OCCmQXa1cB=F9l%K0vx9)JB2hOVEywhZHP1~);T+tXVN*`r3D4q+da_WDIItoA*C{0+tvATV(H1N_1rR1%aA<`=WxGHUQ zpa>b19ZmtpJh$lFq~SJXQ%PsnuZ2`i`-HUd6bW$6lrHR-GvOun8(tGO*D&+Y^%gZ* zF>SvZ<(Mf2Sb!D-`(4f^MRZu7PgEItw<4E;<4vmiX%adW%0s2mRI7jhdhhIpbvwN_ z?^X_1CWWXOE2Bvto_G!+Gv-$!TFO8FvFd}54c|suSy_qk8W|ZmnBMfRM1?z(u!SBs zhTv)`N`-RwP)R0&XN07mzKnXP6K1H-}SZL(bo?zp7L(m4#qW1w7K2`tU#b$I54FVda^@~0$t$$EQx)+uCX>l|Y zs{0t}!e+UqrP#|_Ao4}Za`7EtQi&9y$e*(8k9uYy+leC4#&@7sI3;8`AK5m%g5&E$k!=T(PR ziZ)sKVqE`(Wze|NM4R#qg1ry&Pg zG3WbB3feYvpIhu|YiuUedLlEo4Th8mEfav&Ub??L(>V3&-Z$B_(Wm0pt~eQIwU?i# zp)9!75?c`x-i_@=kvA?|abv}i$IeZ}nT_TX}pbP7E4+fNIu0?cN9oMy*Zh zr*jv4#u6G#F`iDi|1h}k!Vr5=1@OA;*#Yn8;Nb1keq{qxe?5K%K-90z>zcOFgX@#_ ze~fdftobg_51|?4cYa=ZrUr)r z5c)`|&lfQrr2u3NCLbN*@-VgE2^W}h=)VQr4vUC=qNbnM4H)n~U{%d1i4|wlQqL~A zSL$Z!IX+48F+Z-s=^#3Ms=UfL$V6{L69AGoswB3@IbCH^Q2zS4>5~MIn~+XIyHfB^ z*o$|?U_sO88kI^h)qbQ@+6+F#xlJ))FA! zU^NyQiHSdjXSN&{8Wp^e2)0TkJ%)D5XsXd>n$vgbC7}i_<^@mdKC=Cw?O}O8ng#lV zV?VV;I+(-I3HdR^!|uVi+9+r728fW^DH-kODNfW!(oH>sY3(QBS2XFw{ukC%ffJ45OrEl26t8CckI=h3lq@$RvKZ3={8Q~=U^K@%UH+0-`- zBsBP(Z%*=~Z^YRM4+k`G)4@`5Mm7dd8?V+e7J4h&;G@^BSlw|_^hRfp*3u^iZqX7g=f?Qpfwqy6TX=Sy~5wF`tBLqU5VG08oJ zfRgT4Drw>t>EUSU@g{fuM&wIzAayj=3}d2q$!}3GD!Dm30*vBIld$p|`XCKD-;@<% z!Zcxr zS6`*WllCJGGkz74cun2H8P!-hWo=R3Foq#2{;$kt0=Ed?grfIiBn64YmRm|Xf>@8% zezYgcr5klZyVH-?ev(yLc9QClR^hT6Uea|JHJo%mzkfTeKQP=J19=MtNvWx2Ls>By zD_sI`G>d`;`4%OD&rg{P~4h6IiqJ@|T-_C^9`zY^hL$3S9f*`w*Y zSOzxskY^Bw&(qHrMFQa`QO$3xkDOBK^92GJ6N-joD~VZ~g*yst0ZY}~u!e(^r-%2G z^?vcv&tUS&ejJ>74{(tAS_q`&TQnFE+wD|EsVWXm+Xjm`KJ17!zHs5I@0#>Mrqy8+ z(l!Ap{w}hAAqR`M3t*PT!OV)w7<4{w*X6-FJ8JYH@mC+Qme1y3ecq8uEJBN;9s}gk z-kc3n8~R@t>>ogKCbV{||*9Ht-fZ(K5e$>K2f=XMBfN87KEb_npEZ;RW+uj=xvuC&4N7B3EDSSbb|J1E+E*Tc1-^*S@L=C|59 zxpT8GTTi0~)Awfvp%l}qe9fY^2pJMMA!OkysH9#NRYvB#6vR=#RDSCGDs8O$a`AC| zk}5?!wJ`x?qMn4$D!ie8Pq8Un0ig6<5$`25eS_Q zne<^IXiI=4=YC7p>#V0J&S64>b&T!r_14m;c<`=US(XnTNW_EFB|b=WgT6eh)kkh@ zwz7>YpCm+N}tBZYzqo?UzPK z9XI`akS@H+?z^^c!PY{y%U5STr@OaSZ#XJdw)6ROo?Wb(9i`$tw_fG+(&0%Ia0DK3 zsi`eYM?fP{Y~l7T{MekW#kt!mvjGeimS2vW&R5N~ytlW-rjo^KC#f(yYS^~%=&bCT z_jw9rQ?j5=W+J6Mt6`lJGdu(r4!h`JiA<}Wk|4dw2tc8PLe7OM&k?m(2q(w3xh$Oy zz^?Nl^p#owR^ciidNcy`Lo711T*U`J}JHhTBFPo zZ0d5>!=vAh9W8U`@FHsa8(xP5Dh?k;hIDyC+{TU!TRarxEK8qGwp9V{q_-GVJWnH( zS-6_t%JoO=3QUoI-t`zVvzcltBaUQAQeQ%qGFf4{6+K;vgvhW>TaD^(8zd;9TH@cN zRrnJCc4f38?Ft2TJ72tj^I451JdlW~?KzkSxNOl6&2sXb+3&NnO(%03!zCGdy;mi! z2}7_S8h!o{$wwcbY{=NiLgFp{3ComNvp}n)&Y?`qW_A2S1%rJ#%zImK!|cyPq&4DT zaq`@or)Ta%6g;%4HN9d9cot_XB+J(jC?p0|d>XF2j(`iZmDVF>yUhf+2DN-*w2s9L zPHPvvbRx+`Mhb|Pu^V91nb!q66>TnCMv={Q7A#`W4<~27#d=;N9QQOn8)&bNSjnf* zphLDLj(?h%tlh%janT82YZ%P^@$a6unT|TOi}Dv=7lX?x{P-=UDH~ZWczbma;vgbj zk7(Uk$?ZH*0W&=|ocmMNUFdXsJFCnq*>|A))|)l|d0ShR%AmKBT!C`-&G+Z^GY`B{ z4R!Y|p-M9f$2J08!dZBpnnx;Km+wf{>=?;jz#o2!gn=$~M+{oNTU2Exr;(%O;3OF@ z4Vy2VlqnT^FDE(c>wjOVEb%4jcWm=1A1eeG;sGOWoN))cbeK$T!xl(&#MI}PndO6N#C#-Vc z>>m>IkE}`>?A;ZP6ve?Qs7p%mmUQlRe*6LJ*vOK%#0Zu1@K_aTz7K9VazVJN25b=> zxBENiJ9qmm;!IR;NlN(4x1`hFI+nB88H_r2+zbg#PxTHgwzl8V_(;xN!WwjHdX_Q3 zCCs)TB6P)v!OFxZC2^pS!_?8KMgnHUBVr>$36(>pc`We_=bAhPZ6uxT>%EY1XT8GkIx^U$9$)0v_!lYH)t_#khz1JP8>~k^NQ-=uvkXx)TwkfwRC~e5 zU3Vz?gV7?Cn9a?e2)-X4Z9V+yegL`20iUf2QK4Oa5CfjW5_n(mK&Ef?YUHrg5#QnS zW@i^Dt>1RKG$=Bgf9l{5n%PeeD(x^$<{Wab)frh?<1k^Qmeu-_WWLd;(L11K#;W>S zjBjt>vsE=Hci})HmNqa`03Ny_iNQ6oBeoQX3pIGX{_MGT8|NdGSey!7v)xq)3 zY3>|mG(BwO7Xu-xt}_~#f@gno8Fq`$xbKZA%PoDa52MP+Ue)^D>iBimS=#a!6N5l+ zK_#KFyXbZ$7iO?@`enYJJc!}|EMA>VrTgZK?WL;Q=qmDzY>7Vl`~}5_JUGO-lLIwr zu7)>9L%irNXB$~gfzNYoT1eQ0X4Z@qTy@q;h10#l)LWN8rOS^hj(c}tMRW0AGDtukg zBZeULH%mE>_Eu*cX4kqTAEZa!Ym|i6d}RG`Y1IQ>>N$wVP3Oz7*3b#^AOVZDu0!a z&d=ZKi_7b^$fS*kQupZ9DK}tAsaT4g9HMSzRp;Il7)<6#!59*XmJYeM$Z}5oIu%SZ zc@B)?Ns`y;W`Db^0y8g5=TgiaVzE}CP&I=+L(nlU#CtUH%nr$gWEQvu-K^W_wOW?h zE!OBI^UR1c`cz~95X#|_DWg1DA^_>lp)4+3QqIXOt`v-l-eC9O%;I^!jUK|69Nf!R zIDn7#gi&F?z^5}HQ^pH45O{y9&#wBj*{*DBE&Y)w`8OLn)aF-jM+ ziXO_4GS;@9x1Xz0owoJP5&=rTIYY8JD`8ePw9`b)3L|R5|E)Ade%K}I5? zy2~b{5;?=`_&L&yg&k+07F+7jI`<}EGiC`-1V)B5y^%UokCjQRuG)1QUYcBj?n%T- z(P5HcCU6vd1R}<=h=!jrx~Z@L9kzXB)(~*|s-_0QD6}`s z>p=}`ut+iA&=Dp|OfzPusz$<;%X?Ycegg#c!>Ij)9b;PeH6RM@oX@1ohq>@|5qA@oz2l9{Xpw z^lqKJ+-o^3t+v{^Z$T9YJVnTo(VZkj9n5ZI>sce(oh|q0`XQkEGR7R9tIOC}wMWzR z21q&IYF{{0xS(bbbX4fe#&t5MEo-EmS!&Kcti~^3~NGX>%M`ynjL()zGE^-Z; zPv0F>CUx6-xZfEzxYhb-LH#zDs2h>Ya@c8q}`40DEwl~vBe>gP_%-6xEmIV66wJc@4XShVL-s&h0|{N-qPM=09^>6C6-=t zir(-BLR|kypp#VewUuim49z6HF1~{*_K?Xq$ zbYGA*9j892&$=L^BB{_U*qJ&RmSbR?8KIdbWcGKf$Y=6a=Qcv(JCB{BI}3wgFq9jO zBWAPRQGR#6(|5{P0jGeBf_c$%PbBWBY<>e~mN2xKvzZe|WOG(8TBL{19|?y+6q=6h z5Qm67D9UFOa<(W_FYi6GEQ@fwi_B@-|g&-j@q`pfec)t#Us^Iu$^rX z#Ga+#7}XJvEbN#yzV)!%YYqR~a_AQWvW$56EtRO0=JWBB#mZhKZ|I~rKph|@fav@k z1++9Ryk1!1xM>DkLX2W0lmCWbIOhVVE_eb{~Uc-8XWpCz4%{sR1+jkUMlE#f_`@q7`? z5)}sV4LVo-$C`uLZg`qvz}PT^ktXzP%C$F0h-q-+}>(0eJXmU{+*=u zuc_>X?T?uRuISE4WYBTq_7k`)_4gQVcS{?>jzt5RZyCCTd*WBb55#%Ijb4HU>3M5{ zZN|9Vh`cB1Sql1}N-h zj5!6=nB7XY!(nIo{J6m^Cn5-PxhckBsr)^fa{ZIUE~V)vehx2KcVS z#-bnJ5d`zjqi&HaypA}Bu|c=PYP&c`LpM+RKYR&QkoQ(AX103q{&}HHTn~%UW1hQn znOUl}*YnWK9ay_rHjtMUqf57=v-xeE#W;ym57e71gqYyM(=Fwy*qLF+Yk&82X+yi63pI_lJ&AKg#85D$Z3hE5NRnSn@hQ?#q@>WN`0(v;KSSI4Zep zLEGpWyQLoccXLguVo0vL&fd}YKlQmyckKQmU@b4|(hhN1ECU}2gYwrS8E5LM%>@mw zH6C~490S1G)V|54)UvTmrP*uGOYT6ix1XYycwAwOFqg)67Y018G7@Dgjl>5&lw9+m zq3=}H;icJ|*XzYsE>nVomxWPV%=sG)>P|~d$SyRE$exX*%?W6DG#dM{NHrWoB%eF} zs!@)Q%e_~e#^CI5fyKFKQVs4XZ&fg#NH%n+_@<9EGn_Blb=0W%cf98Vim5EPT*;rs zL2zayiD`o==405|%My!-WELZi0a4jy;i({esVCN)buMA50o=e9AbZt3V}o81j$>qd!uveEPvSu8~wPjFp%MuwLm7G#p{UcW!1Tb`pU z3ZVtn|2_xmoj!McJg0egi3R8%@hB@ z*h$W7+?q!#J0wsuxt4rHsByJ zJS9v4*IAen%_;<6|Jz#3K2CcH@DYRk`IoQ+)ccV5m-Y0|2BOlGxZ=;p1{3^y@_(9u zDP@eyc=$g=hyVRpEsCL{{Yy#u_u4S~-P!*VYW{aviP?WE``=Ne(f<#H3I4xb7=#>5 zIvyZ}z5JP%pdcw1kN1B~#C!qPm;EwW-#Pt7enWAj9dW#sPPCye_n!TKZT|aZS&Kuf zE0w`+I~ujoE(~WdAZG$p1@P`&+C=FXmqTbJD+jl%D^; z%KvY4tQQ7)ucQ=~pP#Sz@nd{-SJyiwW#t4+?C*#|%JAg$)cmfkH9kF^Qt|}uv^UL_ zCg}cif3{L{V34Cj0Zjf^DMQFHFvbVW&cVSVA+eN{q?jcE-1LPvs%J|kMMmPO zB5#f=#$NGoU|`~SNbY;czLAkS>7R~D1_lsnanBE!SO{H_dKHa$#>`<9ZZk_ zdJJZY)psf^Q(LKJCr6}kHvtY*;|kB=nC396cjBjT8^%ApM&7+VWODD1rV(Qn6r4t9 zCL}NcJr0xcBnYUb@-3u+=IT#kOQaxB51BR>&;-Zf}URSMIM2z1P!sIX^V2pxv3A-qlr?$j@}r2p2TnW!MN>m zpKoWZwYjUeH)QnE^65EC)P&mj0_#e)xEJTaLajUgK})Zy=6^ zx6Ok~HbiKA4(}8jD>hS@EB=n?UFnA_jF;+Z>a~8gxaNa&f@CrSB%{1$d?I_!FUUPwWAV)GWZv}Nw(Bt`F_t;|1qQIC* zuE{-2xYzmfJ;Ogaw=?tgd+b{ynZP`M$o<#zG5hDC}wHkdU-(7`Pa{Gy8~gz!$o^uF`kfQ!PQ zO=J*77p+9oU=oK;hr%wY(WQlQ%6oNuS!ZXB^Gcz|$n*k6uZ24MRi-t|$Y4UcLXw@` zzjbezBN2uUIh&!IwIO5U9`*};EncpfeZKjO>z#y>vCzwIp7qOP_-gf6|8My%=qcmd zAOjr2_?5;#`Oao@m1fOVB9|9h!PJ|HB`M`%pCW^GG zzI1x)wfX2>_U)~LEWep!6auR(CRkB7gxT-w%MF)?Hp&gfmQ?5hFmf2Bx^?1zU*If> zR^WL&2#5^EbR#D7nG2?+N;6JAI-d1Hj`Q2gW%LQGYOxq`$(Fjj<6al^l{=eLF^}Jf zhRP7yk>yvt?GhjGg0l=3-l@<==azr;GKUX`(A3nR=*1zUu*ZHX$F*ds6w8t1_EK|- z`49S=SHHg@@|B1oiUkf{mq)pUK_j z65AetrR1R2ha1v9wovb&+)wp$&j{NhDebZ=u@z-TX}!WI^2WOFO$WyWV$oxC z*0!&jdYVHnikFReZ$DAZ7APn8Ve0NsFbX0_J4_@(eE;4-$tQ4wk+ym>qhuw|?$Q%X zmZH(7n5zayj1~~BFSlPmfGR8#3TG4elhxfAeu%vr7{sLglla+v>6%5+K;T(;X!mGU z7*W2+=h+tG#A_nmkcTFCJYNYZP3pi@wNz?xL}Ad`+Nfa8_6^n`^<^c!&sL(LlksfJ zHY8JxbB3Wu;Rm@fUAg&tWo0A%SI1Pxkt)}UeZ5bJdz9-P3^VuM45jiKUR~^HO5oDE zO390zXKoDgNCJ`=P_%(SyXBg>sH*Yyo>t1#SG#}OTKAWld(mjsSW?O1n^M*FQmm~< zgJc^#d&ufOx2r9i6f95F=5ZJW-@>n>xV1I9tN^ z#-P)2?4&#F*cT1Kslcb>KAC|r2?;5%ex+Rt`t3NjTsFg-1BOyYku{tYnnL8M6t`xQ zgnZc~jAwEZ9LB~2ZT)*e%Vf3&{*LsfEivJ=JUwC1QQR0{@0pQ$r@Q{MJ2fXYX7L0- z@=av2(Ad!--!tspKi0>%GA*p?S^J^^;-f`mhf_DG)1MPBt0W0d?8hme!6#uA#0~8y zT~NQ8R9;Y1I9#$Ev31zT4<~mfq-ANLCY15{rT7eV7`|IA5Vr4?qhV@4F*@3L7OE3`)w-MRzc&hu0XP*Ae7o;__?T0TBpCW z|BA#V&+%>HRbb%eAvRRvdEFzdoxo+vl^}f$WmGi*t&GvXpBSMmmK2B+Pfwu;6st&(*Z{AgYO(4 zf*KiQv6L|xa6ctVJ)r|BnHz*Yv>B@2HpX_g5QmJ2OTFO1B-!p{J&I=~vam}>KuOKpgE78?^XP-oDk24}-U)y%c&j5kkvLq9oj5mbm}ro_!V zZEh>Ctv*iuo;kVH?9rH#DUcYzf79@$&U$%q_zLyDFXGsCro0L2T$%RTx5Yff%JAEq zTvv${_O|YLzujC_P>sXX$7D{Ub)!!!X&B9B_wtn}Dxt|=$XIvuy0l3w^=odmD>$)#KWoVAM&$QN^0&!|O9d@t5pPOID_(5jY%f{zK5|(>L_h znTP+2XK;+Ab3JVeX(t)DH%RzWb~r;IA)0;j6;B&AUz3={fVq&Yl+#K!XG;=~KS0~Q;cF^h#}Gs1Gw%aXn~y4?qlY{tH)DW}xh z&V15YE)CnFZKxX?ll^w;aMS`tXF%gerLKpxZZO7eJg=GjVA+De;Irznbx=)HM})KG zYri<#lLa9J60wwY%-*1HGsohnL?#ak!KYz|qK7Lm8352x5n_X^ZCw1JL%YYmsI6~% zE77zEYXhS2@_C$(%gLO2258y`GmcAD-Hkhfw)2zjp%kc?o_=Ds#g8E-R^NIcJ}0zv z4bM)N>&9J1fl`1G$nM;vBCjvJ2S2UQg8Su4-=XtW*2?4c{-FW4YRh#JB&1;H&@jAs zZzNj^(}G|8Q-C^9$c00h4Zrnvk!r@;^z4H}u`JmkcFt*^uXEoUlLG`1NR!^4&gL-S zkt6t&3UyEcK1jy?KK<}5urFpykKnT_euVZo7F&WAF(|6$CYD z_aVDj8M;KBZW&xJsO+U?Ni;WmOal-v9W{&8+|NfKbJd2P6gBw=xOFp$K+DSFm}1-_ z^^DE=*Ypr^z{F=%E;x#pD(<3=~p#T{oD-@W%mHp7~b4+!ag(`3&%58StB zAG|2E_9EnF%eiG(qKMr5JdnndH1Vtq8k6KtZcLrl_v&YSaIm>`DM{`HFu{LfmaTmLr1GK95sV z`x}cx1R2-3OVN4xroe$w`tqLpA{4BCol9(R7kQ#WH#MUZ`g)n{N~bGE+@fwW!1j$r z2q5ZY``WAK`rBpUp*(C?=reSzevKv{EDM`Clzs;hUT)UGEO5+ow!A3jXx*Yh6Q0DL zY~^MP*v)>J;l6+H0KJV#QrsY3nEjTPh%LG9t*NO$E}#49Rqfs)(C=Vc+~VV~?5w4Y zUg5|psB;QZmnMBSe|0InO{HN30$q#ZNFBWJny!+=)fvT}(XU?bOJQOy*ycfQkCllo z*N6okAKq>{uES#_T`2tot`fmlZ7Tf7Mt>BR3J&x>^lA3mE&ggZoY0-fx}`?R(wz7A z(ltsVbZ5 zkh6x^$M%u?PBf;B+b2Vn7+;{tJz6{jD_;J*>UJ1hoFnM4xII!ZjvIFT$6K~TVT)t7 zPjYgEmS?g*AyGY;dzrNw@Esh*9Nj`p(YW8xg zVQ4OL39c_R?<~w;jbOYF-(&U3WLrUh9JJZ`XyxN{Wu`R~VJMfv*QE zSR9`0vX(tI>y{Yc)r6?=bU%k^QJzASi%eGS223k5L9L;QPgyZ*+$OWgG*a!w!{={% zqkL!zjynY6MhH-_?dL?LWP=gQL^(tjIi^QBe&v-#oslNL&AK9j=|iQkxD+`E*CIez zo-qw{7Iq2Ahsx|11h%pRj-IGktQIM0UNwctV6?A^%{{8IF+ExG2U!9*hAmhxQxeB8 zZgta}w?599g$Ui;!*LAK!@S7DXy@0Xi4NJ2&@FocSVonMp+eTjo>7P-T$Iom{xH z=q}!ivBrYsT!M^3RQGiU{k%>6?VU$)DM!?nNv}FN1>U~?NXDnD z+KSk78F&5G6Lb+C%^{Nldj)hdfM02~@+>v0Hk~?XI0}88{FCIBV-^~5KFe#iCdfLYnNV2SKP;D`2NtRr|9@tpn7*UKQ=QPcU^jQ~yoCdXZ!h53Kk8^3amfqGp zSWCRftWs^{ToOBEeOMMMxU!ThVU`ow;J93)v^#S*fd7oB zhm0qyxhC({^mm-gzzW^DU5yJ)qQ2;PV8m65FTp`17@H!rGa&LzE--V#_g;V<9{Z(W zq>D^*pL<}KuqGR$?+>ZGVUH7scs8Ai7KlNEFFKu=ATR@&P#5X_7+}!R^Ogjezr<8Q z@n|KJwVXCf&WN!gwLb<6)Fx1()7bU`^z@lc1(e*7{vCDE9b_8EVR zW>HO<#RDv9{f~o@+n5VnGI_ZX*LH8!JkMxA6vP=gz2f(9NleE3k5JC2jM3Yc&HE3h zCi(L36N}>g)Kt*C_%T88F2|U9ca+-QOB$7nA4<3-vJu~IvgRs(8dF!7abYWoK1)GCqEx-Fco5LAR?ZScVXnCw$YXG_$ z2mZROep^3ijn*5se2qRd@RqkN@jtp&v45D>U~;tK{zq~w#*{wQ2Nyqw(0ykEdrai^ z76=8P-|rd@2=Gmp$`;Y7w93+S-Q%(NcE&>Zil=7K8f$>_oChS5ZInMe`AT!CS^6rA zpg!OX_2)I-=U6BZx$jI&EKNi>X<>Cvnf&Wx2$9;A?WE2=SQeZ)=f3-Z^`57CF`1tz z3D;}WODB=S4S$ztY^sBxikYZ-;<7=Q5wDtTzy}jF;`;E;NOD|0KJG2MJhaCvI^4lB zoLu#U{<-JQ$If1B`t2Jp!1Je^ney^?8H=@X7S^k6t zk+n)1$Ox~g(`%*gN*E!|^d{UJYfdLA})Sd`8Mu{Jj#et!8DA)a24V$U&L3{Zv(JHE9lx0x#0@New{j)CC)j~gL zflRe>iW=PO6{j!#LxGh#KpN!_6{DhtY)svYO!}hn~ z*#{=iVkvM=7;p{=_&D%x{)iL~@$q3uF*srawA`avlanvFvNKDpXlFOlp*!mh07kAQ zck3hioamftX@xX`PN7x#<#R8*n|m}KEst;B;(s7`$r0J45WsI#>Q0l{MemkRM4g{& z73M+kqk6W0YIPK-(DK7oBnFv@w9N}Yvwj!uY^m|Xte67_C`-Z~8fVSNF_^+N18`7r zmz0z7eccdd^2k!nQ+?<4b(BkLQVu$YlL)ITPu*%@q~1fbqICS?Yc!SO5zXts`iv-o zNz_||mlKQ7)~BA!4D{$9`r0-U2dCjT>zM@sSky&K;#L=>l!yKyO(Ej*6&3@U#j6bX zG8oQCR5jJ)!bus2?%~5KuSV`w9n1Q}Tc$j?xY~s}d{z+bqD7k6vEv1@#ZB zw*gA`rGC*qL1szVCKFdlZ!JRH!^U(7W}ZZ7I5M@RvP1>C<*2>8JjNq@$l4WvO#X!}wE5jYE%QB$Z<39XaOvC4 zoB65_nerfYnm+pU5dO}*-@PdwX~3fGRW=Auf^zSmJ z%M6 zD!V0+nXiI98wJsHWj+zMYz1XLI6GF96_>$b0_~389u-5Lc!J(|s?A@U1;*Srl)6W< z-nhwj{>)1Ww2RHUEyP$?{C|=6)?ZOYZTL3`3@9~-bc518beDukC@LWx1Bi6Y&?(&@ zost3q3JA#1NHe5#58XX9?|Ht@^Zf_j_s4fF*8Id;v(KD;_SyTsug`U11zozW3<%b; z)zzuVT?}KG=s(5V*CvKOq5%|r>^@@EimC1&3 z{#D2$h`W#=;<6>Foj~ksBHvauY}i3m;Zls7e5+KTL&=JGW=7nBd}~}wX0*RNbC=s~ zdwynLX+}lT!0k0W!DcY1=KW}%`NgA*e%MG`U}ezh2uA@*?Zr!rcH}Ug%UD{f*xP9I zL~Af_c3d{4<1VMd>})(91EU^w`ezE;ts16NW*7c!+fRRmJGz1MMyPat3&EHs zjpvF@H~gf76^{3g(~A>F`Klfl3My#7vxVzc8R{?m%s-V=Bx_893>PXYuZLln*FKYv z6?@5EXS>iplyftRvN?1nd~{$SRCT6w*WRZCP6W>Z;N_ z>s6fKipson^zZRymwCcpThe#0Mfg!&ylV+f`A=D)wp5lu?wlE_Q_HGs&OMzN&Klw+ zoxLX*{eaYwX{y%NLNp^Mm4Z5dldkP6Ctl?}f>fSDC56%L-%XYzg^M?|I20+9U1KxB z+WnZt3}s~VW8HlbA%2kUM~-Bn)(pA)OorjlT^Dhz?MbsC^*M;~dOKN12ALzi+fPHM z4!j4)DNKA0K=t3+qbbip!N$o9AbrYb<5^Cvr+xm4m%m+z1uF~=PG1w(JuxtsQzL&?$I z0ehg|YP3o3++XALJ(l*2>0rX@OvSMI`ys9|zC3)2WO+^W@V$1lE8T!`5W48zOgUTr z=jL!-i{bBi9u;0av=Lujk8;Guz zwfty7fxnA9%YVi0$XIp24g{+pGY)$6#W}9;`yJ06I$~eaSp~k9?bef=l0wAUR$c|@ zubBEO`=MV4MmWnkg^A$GQsE1K-S_{ZCD-FHOM9i_*0yU(1pRKs*ep3z>g1O~(FAeH zs%b05$fBI*e(*W%DNoAMwdufMrYhP+*z7Cp+OR(vRQA`JHP9iKa{}KVIH#LU5*A-B z#Rq&V68-nuY?fbmo& zzU_faz5q%`HiP1&4Plg4wjCRbPF-`UP)kC=r+55=*H`J1^KsxlX`7JmX9_Eehfvln+Us;#PVnk$+)N^0r!`r;uQ+_a zC{XX5-dzr+sC@7UH>Jksw3N_x+d$Y^+dKKQb?a7D9!!HpB=mQ)oID@bh`sytPP@Xw zVYDLMHICV#i$oEl8L5%&_IbSQ>n<(-&P;|lUFLZKXc26pA)UUv1NYEeKYNrOT8%#3s~-Z-eyvw*N2EL;WlD-1TU`s4)R0P3HmRA<1pP&(X%b3UsV|D zT9o_+?X3F&L}YZK@>rmT7rbusJu!5f{n*(7ssgccii~gyT|9So1<6jVM}bIotoIW- zGSP68OBcDjZVU{_S;Mat5%k_wIiz5;ODx;^FoiJr4Kg1^NjMfGROtE)8;Cc@_uMwS zNF~xV_G>x)YzD&7b(Ijyhwr&!=`HezCeC&>P)sNLF4E0wa%j1g`FaP6;$cNs0c_x* zRrN)ghc*SD@zxGe$T;N>Qp#jHSqDRRw$o#j%948YxPFP^t63e~Bg4aNMg4+#e*QMV zjqb~Q!D>_XM?Z{Y;jvZYt_qezVE|?FMz2>#+V9}^`w5le+JrGrHIF3}>}lup;_t}G zP^pznZjQ_Q%HGb}C`os4%iI@HkS+VE>2GGc8Gqy?Ac<>tiDLg&xoN~$;rF9HOrPoS zPHs-zW|`5`K);4K0Gx+Nm`X6u+O-*&mhDn(mh;Tp_qy0?Y|&9S?8$QSq6~pf{uU8H zddst=HYoj4l|&}XFDj-K2~;yY6Q3Xs$9`B;=@1l?Sl)v?#b%0~^E}E{U=*O#G6{U4 z>DDq;X+)=r@~z~)_LU5ZH*WCLaX4PHcmSPze;<|d?^q#ON983Edy>{!cIgAWgxxj4 z9&VytBps{6=Tr@i)N?@RAipJqCH@lL&9fxvMA5xe3zrRW*nE_82;HG#b#}pldB8-J zb3g9gtZA#z+vubcc z3MP8p@UmPMW0>S3!7H1R&FAc#g3ptq`!W7u2wvf<|hh)`{qexdB}4NW0M zjYGmYFA)*G(>q)@TFQKlkUJW|cs+ss za-%h(sa0(j+ZAzqe`iOAl27?$fqczi6&V`sKH6XfS}{5XUcpX8R}Al?<7ka}pi;)s zkXa-K?XC-pHBIYdY|`8h--yh+J76g!^my^hrhOIZHS?w^6ewRT^DHU_>XE#UG*4-r(g9ih1x!<|V5DeF%{-J))^lT*{?WvY+hW z!tO(r^S2PpAscs@E6s^pv(Sq1`b5mo0(;AzpQKzB?#%Nbf2<|rDS&M1G8G*VqWpX`qRf2Dp@YyWq{?~R4&%a0 zGJ%K0j9kmkn&M5pfsIy0ouygXawYNkRnc5u0$jV_%V-oP^)nQK@#PB=ZqYmk(|}3E zh2VfqI-D-P%u1Xa>*d{~kpNFVH2nl<-Db7xn0H@FGum$EiPvrdakz8qL^7hFiqgJ{ z0=2I^&@;DRd?3Ppd4fNs=Qy6~S@Yp6dSet1lMaThS6vWC^NdV_44Yq4&xD3NB;?RZ zP_gsRM~ROJn=m4Jmm0mn#OozzjT1DSPM6ong^;2N0fLcPV@Jm_6`V%%%|3a+P!oqs}?x&>3Xs<-975#D{l&Zev^F z&a{~S)Frtawv_EC#d4JckOft@Hh7fHhgIg0>88rPB-BD~gGek}tuU*p%G3kF(dBfv z_)=OhSy$W>oP@T#mtZKC-kf?#Xun%tcigB(WkIm|?5O8*y()VR{>G4dc0^u75hk=d zNtwav0cvFE^uc2Dg6<@>_43Qy)}W%|UsH^1jXVpR7exj-FPwg)eyQ&q=`8h)sx1gQ-&JMjo>gr#C{$1KkQc2|xaJ@KER8 z@$@zNj*ZyV#s(y8ZZtTOWu*h#M3nm`!N`k1T-E-=el0`ehG5i*`gb76zuqZ}Nd$wy^ z$~9<2J$5gg(Mo5lDH=Urk>roCF*g^6R4w{tR+gHqtGM{~#0Ghn?`iJbDDn7mgeq1f zy^>+(NgMm}sg-WMed?7(oqdCBbU$s}#e;H?-0mFOJpznR4Y4Bdx}+OL_;7L>o$o-l z(|LjTxC+6y1qDG|jN3bA`Z(tT&ZgR5Vs*T*!Ks(&hfi#UXduFV^ zxwhWQzQ_s*dvY4qI-A9bMoq;J&|RF2V zN?n(m{9^51?mN$s^6?|YM_8V2Znm8taHPz|92XH+NcCWs_>`0#Py_h*71gr`HXZmivqqK zdyz0^d&-a^9`tUEXOEs=n<>d5an94T{OJW6G?ThA#w2_8XakOOCqScsMR^D4(2J73s*aY%5iXD6|NgktYx#stPf6si2>4 zU$fDD5-Bkw#p1M=NX!}@_!6ZlY0qdIPZfiXVarW3Oa40arsXlz%GuVkN0%=xV3T)} zNSu(8*X|uB zz!du(BRz1LUP!e|R*aL_ZMqMLX@&Zck(HA{j%Xj;;tRz?$4ez&~GVS8mh({E*_0YyJF^fF;-2fC>m#{3nOhHRo$dhc=@TYwDO)nQ8?{Q&0{Jq9;23{UVn} zv36xt{tt7|txF>I4+=H>eud}hROt?`tWf))Lph;d$u5OV5g-PU7z^^bOf_sQEaJ?H zKRK2?+XiV7&^H{Pz>7x)3VzJ8PvWc)t^EKmMcHVTmZZ6VLz*j!E;j>OsoylOA1gF{ znM$cL>C=(eMlj&vh7b(ovO6NeLddEp`{|wNf_sz6h;0>ml9Apm191-EROQhiW4Kj4FVmw`~>76}!)eeh< zrNa8Be%AI8Xpek&3$=BPu(PLgx)z-fO@<)qC>c%p0%|rDf)xoe;tvrIwLG<*c+uK( zRQ(?pQ7yjLWt93GvkE)ULs&alX7fD3C)u?Yd91%;t>Qy&ocTmBXi7W2wr4Ikss9mF zl{ax3SswXCyc*~PnBDcM&ySM)tL>@PnmA16IJ63)v^wJYrP1RWr2nB`)E)ayV1Cz* zi=p;-&p3AZAaA?7jqR|GV(5%-i_3*Cr6{50v*G3vRR~4q;~GPxqSvooFQ*xt-H244 zk8iX6lC99THBJkizg{9sG*HbS^X_;TA&VA=INgx#)X~ktTnXRnce+y}t!Km5zcX9( zHIW19HYetRPn>5znreqX4$BL#9COPOwhOhx_nmiG{Ijhjbx3m;g+*{;dA6q)U7>i#2WjMentd1RkD7^bLR+uoLXu`{E zrX9NOcb0uTW{EO6=-aCglL+)B4^mgR^**vJLT=Ep5E_fZEfI7!_sz}bv|F!hKS}O@VAtsBdHT%yqFp-3gRo3bv1*L(F#IN zQR-kDI{O28iTH!tOm|3CVbPP8W!FaH^`0hw5)+9kw+7z~mQNh&qhqQ4iJDK=6EP_| za#L>v;{vR;zfXOTzuv|3wp?W7Oq*G~Z}2(RR4OhBL!2JIKBDb^vCe5=9kY3CxY%TR zX~XXv_~Xa%(UBzj;*ee5o(*j43DrrCRps?Qi#Oh3i&4?k=kdfAYfTJ~w_m0C>V;#uyYNfH ziO`#k^reVNTAz)lxqnm$ZidNku2hf9pMaWTNX5*Xwf<4=VJomU1C5 z1HYz-6`0$NyQ)2P*Rq_cA{>i2>~4KZKlXA-8hY$mpW6yQK(3E_Ea#LAZ?-0AdmQVX z&`U32n|1H!Ttpz41}ApgeI9|_ZM49V>+5{GdR@%9ROZXcVmhpSQ8w|$Qc>s}SLyq^ ziXYN=#l%;tMjNsPDh4_#PDECL{x>K6KYMRnqTLE}@KQvT@DDlG;~OA&!+Bj?o}`$= z-}c6paR%^4{KH?Xi-ZPOyb8WG+?pV(kIl9g>dU4Q|etC7zn<>0u)BJSb3;Fn86W{J1$Dp%sh?+y~+7tQ4 zd}DJFNVqrgcZ-gdM-MsJH(r&)={LXVD}D?|@}JrB1Z4-3^{d9G9y)Gi;}_!}EJ$VY z!^Of}eVbnSb_us%C%HB_TGA-YyjXNlHc0a7sy1_A%z}eGR>^+wQ9QQF6$x<~_mBIG zVoJu%hY6kJgb1I|J^8n}T?Mp$DRd@pohx5xe80hiZPER>@^dn|z8l^7t3Bh({(ZIu zQHcN)3DyV0#Yr=>uqTrYhBRedc8j@gg$#1~B}R}%KOw#)2LR}l6+UV(-Jh(tuYJ&? zd>k{caTgZyBsX0SN?))aZ%5f3hfk-FVt!N<$xyZ!fz9_w3TC{S_#o10T28@0e}S{& zs(VjrBCG4v`uF3JJDq0;`2h5ree$`4sv~sxc-}i3H{y7KDQ24i8<*`$w5A2F;WHjE zLX7!``Ip10v;}moDV3&sn2hHEKuu8^3Y*vzlFE_(c++6wdQS;OSs}M>z3u>Ya$cVg zqLkfpSaf=Z#kd!Thlb2|(0A^byXrG0&l?8UO0eB&c3Vi;8j?}J23s2kKWQf6xfJ9hufEeX*vLrR8R6Zwj;$f_pFX9=4P-=oOfxE?WuN zuEM8aE4~)u$|&WS`Gb>$Tppq5T$=w3k1$x0^Z+J1v32^DD|Nn@KB4lREVjelBBIeD zILC&!E!6C`p<3CyzfjGg72M@%6ga?Zr@Z@#^Gh9kGe)dYu9vU@*t(7NLr59Vd# z%E^bh>fUuMd7CA%9>*;-aFqLHoFTZoP#(hoO2Pf*h~ZsZjr(X3uRVKkmm1W-Yw~AJ zq|dSy3v@NZvb`yDWJUR(xh^Qo_+`#I zoh&Vic9ur`e*ktLQmS?K0r~pc)v5JC@SP8Zz=g_f3ujZ7!`yET5eGfK#>S-s?{S~v zwXC9&O<@E` z;8H?T)Ka4Dcya&P_V~QD*5$koa2&S!SN49zWH)7g-VmML4IRp8bb5JXh?8r-k_2fV zHeu?zIo}7e<(*epWbJGBUcGsfzqYov)!K>M%HmUAuTv76n3hHN1TlVT#&96_0 zR6qif_#e0pAV52Tkq|M+a5sBhB=^KIgvI?|y7>)oyIWuAuxh0MN zlILRFsTLkb%;4!A9v79QM#?sUH`kZMR`{O|=W=`SQ369QATfT0c38MC zJw#If9|D`Qd-!W^2&KwratbmvwLbNgKG7%XK$zp|di|4hj`g&MVrGBc?WLpF!zv9R z>&W(Oo%iqW9Q`(>?&&PAYi$KBy3clMSEv#;F{UVN^@5k&&xRQXDK{^zCqcvQWYU6s zy}5Lfztww)=+=Oty!j%AZgED1y6w-t1i-R`oE}$_!@C=_YfWpGqL^BhjgyHV9}f>9 zgQxU-*s13S%RfgI6vK)=4Gh~fuNjs-?)t|rT@ z)aze&Y`!oiYW7A~@M47|{33}dD_Idku<|{|no`-oPpFtcwPZOP1AHr2W)~M81O;Gz zWjR!A_xBRSXg19R=Z%?su?Ym56Yuc`dbXcyIP!vK7`52G`95So*K%ef%f@WOF*mg; z*eCz9Mf<6uZSlHNE>${oI7fQwCJecrp-rtctU^4@RM|p{IlQcAIUPJqSd8i9Q0w*| zcpdoL0qy5DFPKY7OB;Qt(97>ANIlydH6o&u*ou|)y3{7;HPr5WDG7n-Y#_5yldf31 z0Tet2&r|tKQhGuWKlABlDRg7>h-jAa%wST8>u{Z`9<`SDD?k)^UZOL5?a^PeuOn;PKRRjqh~@eypKQ z@)LCHb&-($tP-nc*7B+*9O#sz`meiVXpE#dAn3y-d=n~W4vshEgSm%eVf=5AEI2ga z+%MF|Cyea97Vq_jvjh}@d&u_n{nzVzy2J!(h7Rdhxv;z0x=#t4f5ot{tJTJRdSdB> zbHcpu0OtES7uUeu{>iKHPbY;D8L`<`h?KawdPm)*Br810bNXNq(TL!v{)Z}qtH``B zrv?C%lIO)Q~m*ZS@e*i-@#1H$EC2M zDzdc+;gBDIWc;9+SqqPC%Bgj?VL1z+)rzC8`v|2t4S#mHyt}-59FejTJ>zy3)Hvyi|3!Sz2`e z#Ps3sI{+&#GI?mxG#rzMF2I7XO$Pqd*)8~jZNjM~+E35#ch6^W@Hf-}_$xc@lXt2Xmz79=G+T z3w4bE5Kp05@b!Ph835~*`|Q~>o3MvpwV!4bIt9B3MXEQNHFhU8Uwb(N6+Ko!n(eHR zx|!rqc;fkCTIR!=I z4I{6Zi0{rj{U+#-Cz<^c8r+^k3}HS*--&9EbyGgnMhr_p}wta9C>yQ> z&yst$(*F~1SK!fwSp8hIj!Gc}@<}i3>kwa{9nF+z8k$%d$;rQ|u(r;-Sv!5zSFc?B zP5udr=lRQ~m#=5L2zj1Zit4$W{C#jG8$aC~DyOHl82S9;zMj7y6heRmD$etSJ8(h4 zv7)$0i+)n)nMT(V$*?=;?m7MWG z5TgXZ`$0Ux_3rxoh-C6*uInR`<1I5~A`+jCL0h!wDvkWpDq9ucOsNp0e_|sUGwzA5 z@sYb?`k~6;FM~yb=Y^n^3O5M>+vQ>kAoCQXHyUvhR5F-K3*?Ol$9KUA^w?xUP5|;N zd~#dXT~jA>=rmo!{FJX-=Upk|pq``brwMjK*HD_?UL7-G&y(k(T!X&B&Y()WrQbh3 z<5ijT)ZGFe0#5W)@~p4Z@;vAN7(~0|iq}{-#S9;fg@Yh};ZLxw6&~|FqIH9N6kCr8-o+$qM_EkqGc9CDF!PsRYd>` ziMh{7p_-ugWCb;lr&W{rM5CX#hsvh2^97se)RzP|CLeqtM6Z8fVHpF9T%NfT6PSk< z9hb-doGr9LOt~o;8wXL#hUMm>y`wBDwXrs$(ik+UMT zv6X6KXS5*9(z^B8S@Po!0ACWM$n6SIO6@6>#EKu>K}DGUcYaL}I@VE^Scv&vyNROe z&HtWI*DQxSLz@A`f>H&nO#=Br5Ui=d9q=CpnD(8ti%#Esu^ z0cqslw&=wk2H!1-HDJ+pt}$$|^S?e;aR^OD9*meNW^Z}Xg|ErX<`)OkV%JYx?9cY= zlfm1R^|K{B+Z^GnhYpuwnDx7)&2~_tIU9>=9g~tu%opTh+99yi*tpm&gec9zdBU=4>95ZkO`( z^&3p7_g`KLv6o0WRz7hg4rZt*AtqA5@C;}YgH(?m0SW|Vk8%~-sfTO3&Gf)1q3zMq zH;OzaMrECsdIKz;!=@PYc>b4bq?uefXC7;kH3#kOk&Fam z@k{O5<9+HOJDp*CxO@#c`g_gZu%;XIl*@n6Eg>!3CP6?`B*!L2Qq(A3V%N(2ryKHs$JHio1h+=)6DP*>v-Y24z8%p-#TuAG!gg6oBgh1ROOy*#Pqf_ z3(Gj2wP}p-`QU})d^OYUu4t4qs2qF?x19i8brYO@`x0ddNQY0hOLBV?Uqmf9!hiD@ z_yMjLXwf4FZO0XJ2Er~eGoXcz-q+#j=KJK?O=FdovV`i1dry3(T>_knUbo!dLN=Kc zXNo^F-m7g^Q~+T7{}MJjPd`LC%PBD>&%i6PpNxGHb%%D>k% znQ-Mxnef2k>+4pUg>Zo#Gu9aQ9X~?oJAoF-3H`+evjU+v`Jr<1(SX-V$6YFsM7HJp zdzCUqE9HB4@B!xRHhTAmbi*I!NzG8}egq{NvOX#oJuVKI<>O+8-S`|yOunpPoh6pw z*O@8sMr%s}HWy#Jtp0I|d+h1Gqi|dmb-2}In*}PioV$}hfGyE=qx_e>>Sc=s&K?pG zdTiWB6ch%g9?z!sO=m3fuv5(^<5hx>7`r!zGAU%9W^Ai`UPUs52>sRYovff*VG({D z>3l)o#*;2jZP?bQbrP%p9vU;_hEMYM9&68~<_9ZZP4vU z2dnaCVcOo=lqHB3&Td7T1{~Z{05;2}k;r+Dq){ATKUCx=YB0@}cAd31Cnro1(mrrb zfKJkhdLNoChhc!vqGL0iU`O!cVM%12h%?xka9bmeLtY_hvv1pTIaMt!Gf1v zKee*{aWDs*gI3bR5J))U0Jgj?HGc+8RSK%}`FVjT+4&^uhI>ltxZ3g2?w!6&dm?5(#W{zw z<%rAB&cA=_LF>Xj!u|z6dj4nrbC2+vO#iJuHWh7BH@@ic3h25*UT3a4b$7Vy( z2#lAsaM908GjUmU9WQEYB55SX@FcMDAvN+&b5LkfET59A4%$4+z3jkmHX>Hp*tjy& z+3=^2=cTIKJk*HiaCGTQ{F^^BpgR387ZWr; zO=5TS4j`v7C-GfF^bN)srT5+h=jQh1=+dgrPHiNda%E zwMF|A-^!Gi#8(5epG5o#kVoFCseZsyBTdh21`d*HQ*0wvawbLqk?l{q#DZno3FpfG z!g(O5J<)c_%~Vp1Lk4%FT1;7yUc1q6jp{TVLe95v^mpa|b4VsY^{oFOM}>=HKd;HE zVDPZB^G3S_VYY`HQA$|GXRfq(o`#Z29Nrzk{wYKgangtg=tOQQHdK2HI{f6)t#qTa z$Hsv~1FjMtl3!)vV3rcioC$AOJW#Uuv?=~PqXAuOn@>2?5UTIVx0luk#FR9CvD?hp z^MILw{~*eTT2spA z=Dl^qa20j8AW)0*hEUF=OP;zZ-?$rEN|AvfaMpnYGLss_Ldm zDyFQgM9}05scn1Zx>Vemaf?r*tA8UILtH#&GY%|=X0;W0oU!1T`?PH+ zkMQo#86F1tXi*$Ucf(T_H&qs;5!}PpO{hbl(E!j_UIsl2di~a{`?a5TG$5nU&t3R1 z;BIiKszEOUU+x!ZGJ#-p<^j3Z-snmPjDAIlpZRo<{kBxx>8`kT5|N-L*PGv`0jAxx zBH)C1#LuGUhIX1hY*jex6XhKfZ^c4nfPtq<$hl zSO^G=ucYY$%)PxE_ox&!6EjPXluMAuDl?vZ-cf!V#y{(o^i3y+bbJa0Qoj*)^O?j z&Cz@t92jE#0{!FGsXuXq2LZQcap7UqTG+C|X~~d0hgB~8h9%UApVpGAR51HMn+v6g zC4t|5+keYE@KeM;;GRW!b2bs8zV&CAK)vp`Niz%G-yV{WKXEs^D|j z!4vTifO>>ey)ZP3>Zq(7ME*o(&X__MujpVF^Xc2qytnp{xeT+Pg7)N{naQm8HOw9YG4{+uosqZ|xY5Ahs1t&k=Yn>s%>QdMcWmxv_935s9ZAeaQ7( z{|j8U=a<;Dm8~HH4U<{^kdLuxpf2v9m_Q;WH9Ims08lSGC{+ov<8K-f{WLui;ok+? zb-Q{FWW4xv*agkbi@VNW`*&Rfo?Lc=do0~*Iv)PY0iw2Js=(oQ4LV|in|opob5LT- zjSXH+e9HDMz3ydlz1>tdVKFu?6LWiWwvd(e=Qg9%^L{*E&?h`mNaSKU1|N>$J%=}3 zjen%g|Bm~<@pN+`!@jkqF%0ts2tTN%VlZHpnx5NH9?o`LcG+2yD?wo~_Vwu3;?$uf z(dWo+UqlaRc)Ex=RsWoo8h5i&%HcC1CPPdnC+)8P-TN4$znCP0cQhh4%Q-`=mI#wV z(&cVoYPanODPW**H<9zwzfKmKDiu_>QevK;gYQ@8-^0?UW z=>C-V?BAJ`(~(?EZ4`Fku;vQhR^ghqvDdF(zZMutgK}<|w7=5?(LcVWaYnX0hQH!( z5Hub**cvUc^W|N7T(bAmBTEC%mrm!+n{Cirr(nmCWjl0^fRnrwd#;>sw+tbkKQX;z z@{7YCPYJuED|gmN)zzKEt!={}60s|n)O^?a?2qRTPLw?bKFzbux1Dxx?_g5ZZr;dtwNE5IVS#Bw==F3 z7eN8|7rSy@%RA}_@IV5@rD5^c@5bNh5&S%a*6~9dw9T|D@1_T_=(kQn_xM z8NEjN!A>SnMe$U5td6j>RqC-Puua0<$)+<4w9ahC_QY$9x>I_jHcL&f%|hPBMne7MfsFU(yM;#WwO^$4`Z8O`4w8^LZl_ zL%8%N16;u`+i$dERS$bzgByhW&U&Sz_^%NJPn0S*W$s;_=|idp2EvG+b4iwa@t2D< zXq9zK3dUg!KN_RXSEf`YmDTRbuuJ)bJs$7U~NSN!&gzR*;D+8^bO#1B2$7$A4zu~n1uk5sg!a+3w6QL^6=w&){>3%bYX7iLfA&rSnomd-7=6 zl=ZUXFaAowf7=0}#~vq|zp+Qf!8*x!lYU6z9AM~Y2OEyF+x}%7=J2J-wszk?`M(4C{hxvScar|+6HfF04-?b> z*H@WVZxG$8J;3YB$?-*NUEH5imQpJ>>T{D0`whdhR$<$0lZ)5%P~BIa|H?5r+5K6y zT)2vMX7D-6fX@2>*OV$EG@7AEZ;U@0w~)&ZnrDh-5euhU)Q)ZnyC{ z#-;S#IJAhQIf))V{jZtT&F~-Z-`q0JEEtpS^`0gyXy9^%T_^CLlkYFL#jhJv>wsk-yDrIszey;8RQ$?;>y}x>?ceAg!2`VybtAFQ z>$biN8K*uUntY-Dwp|Cd_vux-(1@7HYag_XR!P)#2!Y50I1aQIpU#|-oC&>q2G_?1Syhq)5rsn7kDlA|IDe_V0 zy`fd_DTOS8QcKr)-t1#pMMDaM%n9dTPTHn}*GaP3$4U+*sbO)EpAqlbA3Sy}M3aci zD>nvm&;IZ{n9Z^@=3Jj37-<~H`*Y8lSswHc|8h&v`WiAnd^%ASKg#R9yW_37@kW7cnsD)6~-#E&UBwn&~0Hb8Xs49>q9ST461BHeNl zONNKIiRk?4$T*=36$LpTO3{PdD;Y;|PaqNcUb)tR7V-_O29%zh==J+yAp-Ftt)ki! zD?QG0G3VjQ8-JPxEoh$(Ov8$i-#D6BEPmyl)kv(TMDe*)>W!rf!yPPMP(!wI>KB>J z(|+|;RodlOuhMVtzKKz}at}0So!;6kE8myDJRURiE^AUTF#CGzrG~&SX}v4ky*fE8 zk@a}wdmF)>3YBN4_#sl#{~*1d;DZo+^A~OtdSUrF;x=_g>s_+Hq^?~*jx$zARwWP` z4jwCi?n5AY6NESA*)K3fW@CWO#GCKq=V>3Bf_uV6P4JGfg5-~UnUL>QjO9jaGTVXV z{_Eej*~MsK4YUFw*2*ec)oF&0^{~Sq_t-q^tb*`B?G}FE+AM8_K^(TkrxDK-COCf+ zLJ``NJACtog8qMbilN89kCG@*_2XQH3%}o8#X)k#%!JpRLP_faoD5vVwfvfdjQ#z& zAM7O+p_z&6^--vGKj@c1iBy(OBI`d?Q%hw>H^e#&Y9D=- z6^y?&0rjadm#P=3Cs|GCTutx2d9Nh=GRysQg{$=rIILn9>83VnkrNbYEqM1i_O@B( z=HVaz{oh+LDqrro2tzqOV%fwOs95U(c%AH&Yl>~wGSr~4c0P;QUu5^^?UcBdWk^oy z`?pQn61jS;8lpwL{*!Lk{!l3oNKpeZmN{knoGJ)lZGR$L5zqH{bb0s8fugU0l*{&5bK=JI&DR z{xoRqdxeJ~gY(&Gw{p4r*PTtL#`(n>#fVlZ`PEYsWbX+Ao%+J&x}?9v-~-rS{`V4B zBC+oCSE572mA>G6Isr`s9~yyJ%`87w6%bu-GGYCb_Y-UlLbuxE+gnMgQ;rS#dA4aA zV@DJjY|H8l`Zsub{?!4FzyqD9kj|-?dWz9d($aVMoqsLD zr1xbY2P7VM)d5~gikYGcnZG^H@`P5)_~|(th8Qmlq#6}VQMYx1egy={w3(W z2A22TpY%V~z4-T4i}(=V3jRCAU)JVnSCsSOOC^7;Ayg5ymg$ITcK2N{S-umAY=?_v zfuUcK)r~*BpUHjSG%oLwJ`4#2Me-$T>9YMfeQ@!s*c-VO{%_|hIu~EoR^a}5(^y1@ zAFklqWzy3bFBM5NrwnL&Df}_igTip|tFY+FdfL5=&fj7G_wp?gd(^%HKi}OO{%t>e z-#a9c%7x27-b5wcHPM=OsjW;mj} zef~4^2P@*^;j=%rY`&|VSR`TeUwi#CY1kHoVlH;X@ydR4u0DKt$y!s%uZgq1$@wcy z9K9F8;fBS!N!maEdY@CHN;a2eJYDrSZrHaG|27zOtd&)HS+|NcP?+TxG2Jevuf%PccL+}wqFjc0!sf)KD$ay zVh|ri-qqV&`+xhEd&V}*0inH7MfJOao7Og$c*2u>1@guC`2&{ky^MYpEB`x5&8vDhdQhTum1dd;pIqtTu-Evvfs6;!h$XY$@4t;5 za8J$tjwF*{2jiAwbpA`RR>C?yE*WR|PU*$Lo@Vr*%efd-(;dEdy_;wV2ToqInT`}8 z{)9hQpe?t$WSRtwa$IBr{s3UYR6Ro#lryuqORcpUtEbo{aJu!yRVaQNPc}qQAzY(j z)kP8gS8{oZ^Fz`j=jU`J&UWv)nPy4e@rV?O=~`=rE=Hx#V%{k79_VOVsRy5{C6a+r zHw@&B)l8QGR5N^2&wY2@yPDp8z7GzBtvd>HC-7e3zdsWs9gr@`Mmj$d`G44Zudt?~ zu5FhZK&c`f=~a5~9Ra0^sB|#&F48*)LV!@EcR>UM=~ARa2)!!31PDkkp@#l1zyE!& zZ=dX=eY%ghLRRLSYh|s>Imfui^RTx*r&}Yz43;QTPO}(D?|6lYHiJoS!|!m1*RI7j zJF~VecI!BEhut>?(Ictb4Cg${$D?PfW;mLKVIF|lS7A^M$Aq72=Rnh=%b8aU1JJr=G1HNm<^J@sx15qQ zK9=KUs7Pyx(zT^qb%ucy4!X}4Mo(9xA0yAi5=tEXdvZ>ik4r=thPZ=**%lK#P&h}t z9fgOnd1ImR|DEdTF9%}WZ=V~xX{Uw=AB2$`c9_yv74j(E-JWtDH=bB+_&a81ySFA9 z{>8zrTUy-A-vM^~5ioS`SN+QX3P+_2LsPGSt!6XtPq4Ts8V%EdaAn^9M-)_$&b~0B z9~t}bT&X6w_hK~f=CpR;^fGTEqI63)K7%5DpyGWvre@EK*mKUR3sY)ubn7A&lxhX};3`ctKm<1=QAynVnUUoS8 z&LB#qe8Z^i@@K1hW{ zA#~Su?E756KXa2c!FB*x|0y*FH6316I93Z#%pErFbxrBrB?15xm+4wM8 zh0nuc7ZK9JG&*uFaS>R6<2<_@T-2HX zn^pF+*Pr3j8I!jnV^NHw$^K8(Sce2(e$PX(5%^*BiGbfP`94aCd&z&S>HKw-R-dr`DI z=+Vd36EMBf$jMx*W6^`}Oiq<`uBM;L?}%Mq8=fQX^`Uih#)oa&I)*1B`)=5D!$Rfs zo{0QFX_LE?3eG8(hRm2jgaiFt%~JS+$ZkDNwPn<)8eMYnmn_5?oniKU`!^&$MQ-P> zcM(3O2b!yW64=>Knd!9PgZ!vTLj3$AeEDg)CqU>3Dlo$_ z{l3^DpshffD7@M=r%A9stm)aGjuK_@s#BZ!T1E_P5Mk|C$~R@c@#*iPoF1Gr?csGQ zj(+-@1SrWxJazn9xi(vr>GpDwOF@I-BxO8gEGDC&-W zV{1K!hR$`MIBUz7M#^QSdot1bm)W0cYIm21yviY{^M&8v zmxASn&uizhsXinP|E|8Z9nk!O_xr5*u&il>c<;TuDK62$V#WP4(~G(EgKo)7gZPR! zWbyXT3~N`Z^Fx)hL|>y8tbF|A#zJzZszu622t}0>iPkk(#VKOXFGX#?-Up77Z`X>9 zH1mpR4*&gdZ#&4!2`0<-rM(egJsc_s&*bNm!jrh0e%g85lRrLB_lo!4ecDRGWQ^8X zm4PK$H}bMcq(5{>wmYbKIVx^9xM&R>!g!%L${smL8BS*5FdNOY3B#T42{3FKUBOW1 zm;60^uzKHz#&fl$*0{d^_VG-|_f5JS7HQo5QfG_n^h{6X8NP|Y{M_l`ea=y5&|yw( zFWfDq>UUPd1a;~5@ffGPr&B{vD|JL?T#gb}hQGAQ@^7myv;9j6nVI{a58Oac`|ZwU zR@@H1>6#;JP-7gjp4fVe`KNtExk|<3C2Q~bNPaxGdmkyReN`tS?X(66T;C(MWXKjv zFo@;BR*mYeAjU2oDLmMn#puKRqu{6f{;hJu{UUVnO|}C#;YzY}hQz}ATJbzlDGy~I z9f3PdI!CU6Y0ko4s>HMg`q75%D=yu9jps)rKTrng<$ps!9xFgnrwN4oJ_0=mdC5F* zumEgpqIb8h$K-@O2Cp_d%%~4-E8TU^!4JBYb)P*f+>8}_?)r_^U18hW9(2+0AcMc< zw&KxM4}5hL!aN~4CpDjRxw8Ex0a@~@B!4jGSt5k^l^hkA~a$}lb{mrt#_k&1SYbS|Cu7uC- zf+HBF57$g}MX<<*u$UfC&=WgVMd7fe+0#dzN8Cbx{xO3p!hdWzkFOJETBh7H@=c*1c6$V56v^C?u~O%TCDPkR(81`WM-Q8F zeteua8fX0s9VFO{Kj7Mgv&Am0@XykF1hH}2X%TN=deUoM+-58nkFG|gYQtE+SzERY-cvMxZ6 z-E%A|n0;JnA-o+WWL1W)VbO%5qbedDzD~jzKKNTd<;?k|a_umL6yUAIMA)c+m0$$M zEuOqYU-;xPRK{j_O|oWd-NofNGKd)&H$Y(Ej$xqpM43C%q!v&3Iv#Rg|_Dr zo@tSx{ClC*c(U^vf0wle&;CIqJ()5-a|G#etzL1jWGGjhMsrEy@kga$rJHqXB}?p@ z*t5odsI;9PCXD#NCGOaL@qqAJ#poxp8SjxBj!NY#2VPaC7tq`xKg@^+FuB?@8%&{8 z%kzyJ*+IXWd*!`9SS+#=fx+8L1z+jd*KNF<)G417AJ_y5x9dUxJ?vhrJ9o=_$+wc` z^gOiwb1aOTxVs}L>f&8Vw~Zi+9J@gN+To2U`6UxU~S9(RV z#^O3-P}(_=GT5ntLjAMi&AB8M+Jxuu5K8**iYI2hNTotX7~nGTzqAP(jQy|>r+`O_ z+~SWv_IUfzYqvCwEB85P#Qz*?!2cLH5(9z?mLV?=_c6_MI?hiYZuvAhAoB)v_~MT| zX6i^ysSMz7SifvcI7Br#Xife<->ULck{Ea8rx=5^6ZAy8qdY22g>Ny>+jv-7gdZIy zga+(gEGIE7bdMh;yvX^Vo=D%S26w%_N ztCJ_o3>b|k0@UQt(YqdNz$xMp6`ft%T5nQT*3;kLbdr8~?Pz@Fh_g9dR-};+%m}<8sypd__P7pa_hkH!ACO|M#FhxnmhNWMW*dHTfyd{)DMM4MEv9) z>4*0ZjieT-Ckz6qSnKhEFkvw4y-}lUE*s64o5JUUEbf3b^RdH{^yIJCniT6DUWfdM zz}ugys;Y)n-)Yx3Hl9~XNr=-)I44Rh`)a?bII3+hFbfO}T#q{JNXN!IH!;Cyo{CP_ zfpW5Q07XgU#jZ>9$6a`bLnMeGPDEDNmub#?$QWflr|q{q%6z`%<7Jt{!HkKbjlDUM zM~sYipl(*%BNHBO?$>sdE=>5BpDE*GcsZLur+E^`t)@Cg?VWWsdA<-WZ!ugNFCL8jy0qifP%gyPB+FI9_ z8WBKc&bR(%k4-jtese3r!;x&S!m97@0a>#QQAMvjB94co_Yt4W{#_99?32q4DhvBF zcIK~FDE(*@FY-n`j-J`A^)8E$LDWzuU!HHm_Wj2#+3Neyv;-_vq2YW9UB{X4 z#o)T9$iqXY}{0B}YpbiwXTfN5dEa|E2SnwMVUccn_Ok2YP6@Yz zoJZF!j^|;wM6}};H@6K#pB`?Cg}ceTttf`?34^q=>+22b^5<%8M;vdLEQitqvih9X zBmLwChkW*qW@gr?(|L_pu!rx|<7jQ-PYTG|K0O89+}?b3_zZsv2c%6|02n?UpnWtv zJyV7=H&^daL`W;C z_lDPkfBSDsdQ=@Xo@6E9gVS$FE*fFdjm>TixLzcFQHk1`#2Us@X+oM-8UK9oO*@-| zfPmo27-OOiuekQpy{nIHit8R$PaU{vm5=TwP+Zbd0Qo6y4mmF z3sa3vPcI?dLs-12G(~Ap=z+n7X&WS42wmWbG2GzfAt*bju;?&P&jq?v(yY})$`a%` zSMCA=`P)AeP~NePjaM9Wr%9PoR*^Zf?#gw8F)3D*!db zrJ2q@L2Y^6;1VBFqOfRTZ(n*Pgf0OvF-NG7!?FN{@ z_yt#}F8?Z)_lmrX-yBsqodGIo(yicCIyr*oK~(ZRe&EMK)Pd)YE- zyk@nA7U7`xKb?ZWFjSA$YwLABit43b-l?YK&YK$>FG}K{7#Ol9h9G~w{kccC+Yp(d zR0()58plj^6H0P9bQeIv9)x*@U!9#v(up}2tkGamW3!BQeSgh!c5;-PCU7x%I0v|m zY){pd+#K~>9FNRcP{alk9#iWn+~0_p(Is>NPY{Rn_`7bb?q*(Rp>|k~2%$!MyU7ON zLGowP4Cm6`@Y4W6MS8D%z}XHrBIN!DvG=D>&!kbI`Up9lV())tj$;Zx$~(eOnA9OM z_=|N5=%fVe?b>2seo*1?{q7PNn_dzne|~zTm;cc#M=szr(U>vB8Fn(h=KPBfUS;l8 z(HJ3FX;RWaFNQS_Dx@QK;u-mg`F@|NG`yO@7Hc<8F8H$>^d5D5>~Ed?V1^)`U{?ka zaAB6KwYOBB?%IQ6%7+XGKxOMTO0%)$}FH+KQer1t&`x$90WuL{&aeouglM z3!s<|w#0xfli4qy!^&X$2o%|qU{`@STCsJ1b>*i7TJW=-sUGN3epyohea6=AV)19& z`j%{TiAq%d205~k$r_2I5AuqqslofQ)C+Mo?SZ6|=671;D1m8O}Q1TlV>`tzRlNKpf%wH?hhcy*mS9Q>a{C;ID>h?X@>TKur6>Z8mYgrAr_dyV0 zqGhMCCz=w&Jzny`9eH2)MUfUmYQm8pa6Dcv=MeVD5)IM+~2hvzOX*Z0fK6Z2k#;taA@vio`i=DGvtUn zF9P=6LK{UF;GpYak)K~?>YkBZnIwcY)#GB~|*yNS`t}dAL=>bis z6R3+Bs{smKNKVe-RRPIh$pxA_km9q*#DDv2SQKy7+fZjWYHtx`Bx1L<`#x7YQ+5C+ zo5(ZyQB{vuJn|XEqd@-3-+;LyUH)m_l{#7m{q3LY4N&;ZCIUc65#|2o!Q1o2zLR03 z$7>o|T8RKg`NG2^mpwD1Kz7AP@DlGGbeF;%ciLOPsMc^fVAF+lnVvj4KKek{Ym(SX zVvP}|nSqnz68N~YT`-gQKEmlq4Q3z?+{L=!B@Kj78cYeJQIDse9t#)P{@s!eC*7U- z@jGbsK!o(VK@#t6mH8`#6nIuJC?_R_3-Dx|{@P85d<)q9mfhjGlS~KoG&0>OjWGl& z7~ro8fyK0TdhA#TLS2qt1)T3CRkfp)MW!+OLVuq3>#*{7`Aiu0!uZgpfsCzHZ^syZ z382l;iYZ%G$Cx$v;4hP%jVwLHs|l*aiVgHEem6}u{>!Au0$NNk!zS%Wl+c_dr&5FK zlA{g$37DQJdV+1Xd5_^WE}Bn}8*2qAlo?6@%3+1Q)^H584Sp-Dj_>|NAeUO5>EVPS z1AYXZgkz~uSzw8gmgF&@3c0gayl>edrcB!Po#@33T{hFnj73XX4-S4BSx%n&AY5fn z0==!yhaGjKRzQfkOPIrKo3cMF2@7jjR|tUiW>A1dp~0mU9c3}I(u`wQiz4ILz%VhJ&9 zX#Q5bux((IQB<5qdeT4NQ^mwowd15oP!_+E_MH^jbk1Zvgv@Hb8{ei!@^WmutZA7> z5Y#ht+;ZUB%76(BK>TJ`)q{AN$ZDcgCkPcr<$hKBO|5U)T&|3tu@D|vLIxX~q-s?V z#O_)SL(VyoUhxr5K|QVe3&Xobv;@n^NT7!kDi(N7H>;4T%$>1Jpj zjt^nVLHPxo%T`o86a~{G`o`Q^w4WnFXI>9X%nHX%I$?`ALldmOy`W z(|xE2VNsGK-hok$&(JC@d-NT+9Na*0r_*Sc@wNkw0!%Uu^W!8q@a%i4e))7?ZGcax zJgBttW`56OV6E3bCzg_b+%Y^j=-U2L8Xjr!%X{ip`YjWw@>50+?RHt4oeY9cou7Pp zNUR<7_~SaKXmEbMukBx9+EN`y-})dZ$AqyUf!2dBzgfq+r$k$khOySa6mlI&2D^}d z+@EYDk?}fCAtrvGgCR1(m0;XzpCk_w5~@*yTCH_5!#(2cpM`U!OfBS-FnPAz&ujN? z1AENVmUp&Iv3@_Eh+3Urkdt>7@sz~z!B>x%y=&4Q)O8kP+bSq1EHT<9y9mXHKKV>8 zZb*_4RwpYIKPi<%K3igINhjo7YP*kV>nwz}#CR4>sVX5HV0f+IGM}>MT0$)aNYTjrBU*$^9GI0%=otT&UV7B4H!^Nj)$=kTs^O zfff*j9E#&}F~i-R@@{TqjHSYN=&k46mpT)3yXPm4v&5Na)wsU`yNv$I5F739U!df7 zoy62+fyz+i>>(mV5;Jm`<_0@(@in<367BA?M(wHny*aOj-)o}qQ&tyiM603T7a~+N zl#kk_!4Q;Hfc{I@mgZs<_mtYYs>YU1 z5{A~xjZme>4S_sDr}8|}Ty?INr$x5$wI`**-QO*>i~yTPv2UFbGJuHte0?;aq+!w_ z5V{4sc=lXk`bPqt%o|QlA*tDpkd8Gp-jFk?+ZWnSI3?2X9D79}Tdc=AM~U}cEW zxJh3U&7l!X!{qEhAphuFKQR3i9%Mo=i9kUb4gt)mrJwuzXTc51-&Re}l6Npi$mOZv zVqBes)(Rs@k&+4Gk|dCXYV(dxdU6gMg`1-wGfE6b=L@_}V~@?Bml27Bo5f^E%SQKl zU>c^nyxcrbu#QKyG207;$DC;!?m|Kq3baa>Nfb(tdY!7w+rEPrrCvR;f_e4!N(v(< zvTmOV#(AxcicHw&9bY+B#q`zMT%iG@PY$ko13N(%{v3rWOp)bs@FF!#aDuoFRd34pzstfQR(Ap*yleDm;mT`OZ`y6>esg- zqI@wu(MiNYBZ4^35)2(iBVoQ8_NDyHidHfy(05F5s0c_n5U)bB=d!~Av~mnYz5aw^ zIt?Xx_3*mcEXt%N+TqSInHHI~c%~(>MwWF{2a$2a>wSj=>@Tb!NGH`bqus5?x&UW1 zFJTg&@ait(_bIU~dMfWFowxKZCm?^f`V4SVK~n-Y(e7H34Q>dXsv4lI+n$27om@}I zHSj@Ykf?VZYUyvecFwpp*KahP^`^h)eJTY{L=)+v?b(Qg#f;N*^Cgv{76xYQAcYo0 zrAZp$Pe^`c5qMq}-(%?LbNuHyMY>bYApA+@P7DO~?kSx4C|u>^#&6x-9pi&*T$1az zyvEgvLDUiaov?fk&WaaGp*9{Fo~kOw1>i+=8c@nl73&@-AgULBud;@{B2%c2%YoiU z zDH7u~5kxze?(~uJVvi;}ocWENRz63_U4lXxGE2s;0Th$5)LX%1`z#65qQkXqRQh~( zMqNbTJ|;}f72jXTOD5&{d4m2@~#*l-W5Y?97JZz6M7EATS-r6ug|uN@}mx;EUD`{&o^0D zdhebnFPMm!Z^14nq7I$(Tu7SG@rE+rWKh=qy3CrxMk$=$zl8D8xiY% z_!lioqEa}Nmd|Gx1L7<$-HkMKUwBNHa)O*iUD{wWCt$iv6h1R1jdNBw)*D*NtTSpDro``2B?>Qq z5_GYo(C5BY8|K3HD;ROyEBWK96f>Mpw^mr+bK*i&posH*Dl)2|cMMgg+oVv8Lb9m< z?2-0rM!|WAGfbNrfvGAC=7Zru91`UY+}1w%3~zP`C|XuoG`=|$`~qGy771R$Ut(;( z*6Edx;JRV>zHT0}FGl0Qhtky2dL&x-tmipQ8KZ`mp(u&R-+}2)ahmatYQd$8Fa$kK zSG8NiOb`~073fwG8#RuLCO&FAvN4?YSyN4fJCpWmBzLBFr?bBCjQ_y|U;XXgzW3p_ zw$tON5n?vJI7xXh8z21=?aL-YdScn!xm(r#eM%RDJU9LtDnmQ4I$Lc^ze(o)=+Vog zd&8)N2W+9#I}24Eli%7PK`*-^W=T?CpId{NVPe$zm&XwI&;`u`)q1}=+kb&u`=i)7 zC2Nm88fD23qB>50s@nstaMl_vLVoBF)j=DM!oyV~2c=?hQPGv#T(4?-j{pl_z?dWN^#YJX;`185fSr(zqwmZ{I`%PH*~OmOmDGUfMrn5QEfuEA zON{*K0!g&Q3j!Y+dC-$gTh0}mykE1&2zNai&2-laWbzegTV4c-9QH#OHp%D2J+;*R zcz*FBTdmBfq(3XyTPf}V>K6=j9D2^(-O65_szuFxM1c`a4@I3+LSrHmN1Ym8CBLfA zsnPjiJpY(17=s-_T8AIgwKwPSRS8>^-P78SbQoOt@UY7(>{!j2Ft~Hno0+ROXyT>gf$6)i;MP~_xq>PnMtO?% zpFdD?>Ld!o9ACn6+PoQjR29X`TTpiD3G#tN%|XgK9w?< z$HaeG!3p;z3<(okH(UcHf!-02@=S@$bSy1WbW#Cv8lS97am-lP9%(21t#Q3RePI|L zt2%Ldg9{_S)x!?@O0z#?_nqpil|);**eJJ)>MrU8jyg$7>yimJB2AncH!VR7(Qi%@ zt<8kAf(3?9R@ZJe8zekVG)>V;k~h8ULVeh#Pl12{MXTO+vD{)T28lnm{}y?$mQh{Z z^}{)dtIJR6Cfp-}-M8#bkx`%mByiIggm^`$ z)2GIbJc{~3qmqg;o)tcrC3Loa`GO>!a8<4;mT;8f03tG;^I6Kn*5OfqB|jJM(?8K~ zU=6cAD&&U^PBUsP?XRHZYsTi%LayPX@czBE;Ff+2t2D~^g-p7cs@*KQ;cn@NnxU2y z+7dZKZ7Z@9XOer9#o#bsp5wF?^Bn3G=l4#G5dDBoj9EsIBq2RDlU{8M#zK1(M<=Q) z)9M?!vWNgl?u5XOzmsGjwXHM!^mip8vG@g$zhd(sDq#D= zkE{L)R%bVslHoig5{xrsDCqF%krtX(D=YQfNWyJdFC=RBe62TDw>6))@_B^_>@3o0 z0&ZR#9`I$MOR9PXYL)pQp6Y^L?Pw?PFoaGE%k%-!)C*R$G+J!a>o2gl!fwY52Hjx< z_qRJm6CHE`Q0FtwhcC518}86XCUjkctr+1Th+XxFUu&dd6p6dJLfq}z@_NH8&MYGb zP?$P4IQ%G|PdA;IETf~p50t}_#@oxI&c!vio8+Ls`Q*- z4w%De&BHYIwH6TWlbM;$DCVTqy=#oL6(H9fFUKpZby#T?KK5*iZH+|+q_P-kuDWxm z*~?R`q>LwIsiiegxhwg$374OCZdDA}bY`FU*Gh`_2!Zd9y2O1+)&z3|V6V|cg5D|S zg`q;&`O!OU22bB1B1mVBCu30GvFODjYJ*73F`{CAZf6YGZ2$e-B~@<}Yx^{RI>_2g zhI#!`DKwh@u%GZ<;V_K}l(i?q9Z3E%;K6uYQ9H8FNy4IKzFQ73zCaK#fBmK+bYRQG z=B}`k#%J7L@9@ft=+U5zd)50Ca;dS!);ner&mnOjr7`^=RWW zi;=~ko?_5?L7#{i&(}NrXcXQ7qL$*1R}b}ss?Q0W`X(~{SGzBJ+1nx#sjxrVihhQD zU7ci)W$$sAizBKvu~JJ&o2#=+H7o>D+Z$o*B3qO3KZlM4>$TI5eWGF=VVaV%NBCS@=j;DtR7CYD-Pa!) zpLtLqFT&%8ur(>CJ-^pekF`E#agZ`f&dbvJ&ou!4)YIBKJi}FkHWpBqP?!8~BU$B8 z@M58K3~FI}AUQMjsnMJRaMjLD)7)i>wG>|Et)AKJM**YEn-&&%#V+^5+2U0i^W6aW zMx|)NJXFr*=A)&cpdb3xPe<7GR=`)h$LwR?lT{t2>;zE_|U4oM?gwIzg~Q!)T68 z@q9#NNA6`5~SK7T+$Z}Bp5}QzpA~rJeD#-I5e{L zaco6cWZv}|j^=vKEn4O8(FW^3IG`{-<$-PF8Jtk>w?b@ ziGRm=*kAdLXuVd22G9w$+nsWAH;r~dSoC1I*X?h6I zIuMxxY9B@*RysB?kOYD7Bt8*fh=GH0wTggQENYMvNg5dz7PfY{X$N=jGh=c^ zwDSQ;g-LX2=~ft&PDYIb%J}w+p`e6>y7wV*A`ojI`lr;l^N0Jx>Kg9u-1m{zW)GXA z6{X~)q<1cUHRwza*>^X-atSk47BjwkKt=8q{n|G`o^PnZr9C-2y<`F3of9}CWHCAN z<;$0~wr5Y9-A}&#EDqGkmF4d6+-CtK&XQ|v-_yF{TqbsfZ%h_zPV;={r#6*vHWUD4 zOKTfi4Ihj!$pg3v%CI2?oMXUqd|=mqz;m*$c4g$G`TVKL|Ijl)w3r77$A6|6N*@9) zKN~xHuYUuW$rlj2$N*B$qyOjw0)qx>1^?4h&z;$qHw|tx!#;orYlZnw{a-++4`3xu z#W3NVN|p-TMX@m0*J$#8T8n_PBo~d;hlta|nYZErZk3eoT>y;GI|Et0xfwM2+vI>$ zqY-^yu>N;l205?vn@ueg{9HN2Ef!g|2ue zCJf3#2lBvjk{A!7gmv!&T6?5aYgXwgBWD&#^yE9X)-SRKNlrgMKU&evztX_EEhvTG zt+sLQy6-;sK5ndA@2k0MskRJQ`k{U`4k zWqlR%bu~3V1Bx=wKYU1*=T872r%WNMU+C-Wf1FM#5zNlnx#FyJjmfsjYj>Kwm#@@W z=wN%hti31RYUMLLfsS)ojdb2hVGSok#5-`Mbt&Kk!2D!1?Cl}z8-E>gQr@iS=H;@2L28(b?O7IwdXo194T&Lv3WS+B2} z|95MfujNZRnttn-!wU|{xqc@17FSZO42L}@v%1@x+;Bd}U(|iHI{-iRn56Xm;Fm97 zYMrgx2qw)ZUGu^pW7`6%S5_ptw8Vsuqez|r zidR%l(+fakeLbUK5rn|ar+EDMYnT5@p4`YfZKPtQ&r>js_VNvvbCVE9rtvPvV1!w zJ8C&|pK3xCxcr&&7#NO+1k5(TN6!X^hsT+Sl%#J!P1cn&?Lq##4V+;sBT^7{;Etse zcTV&_+Zh1hr3yY>5E3oP>J7+Vmb-U;{`ZZ)3mktT;=0hzI)TpP{>(WPh8<6!^nPzv zNGkZo7v+?!9k{Z;&-bcCC#^S@a$DLd)DXuARWYm;WJ(J&kvD13aMptU?5$}93C#|W zbDj#VCGIaYJcmt{f0%|$`JMb7%#o^#doOnj$xzFu6%ZiFbX?=IK>RSqwD$mhkZy?q zfNg^M->$LNd!LpyQ1guvi#G~|dWnb)LCQ7wdc(9^Y~WBDVW(-{=J$7jHJwo%KdtJ4 zG#`|hs(`v=P!+FJzi+}sOoCL?YX+BQ9UgDX>+*%N1Cf9cPpE#(`{)>Fsb1?RRArDvniqp z9Wv&OuQ2Ec4$_3oTOy$gjZWnssV&C=z$us4w5fA1AWJJt^rc-gASPY3`wKHicADr+ zND2M*`DbYVlPYpd;K%&W=1~A4y`Ul-%D`6?r=2DFl9JE3l>M}11j9P~7BFIejYkD> zN>QKN(B&LPG4=O#VvrF{#EEHPbkm6-0VrkKieA_^vHjvNQ6E#}Sl`O@>Sn%8tCVg= zZ?AloxC;vqO8>^h^g8e6qp4BwuaeWV>!O_4v$}>fZJTHm0EIar2+*0eoz`=J3~BN6 z&uVZB-aot48=sHlzHr#9z9!~CT4rFtteI%JK2}ulk{g1Yj$-#sw5y}NzHDzhT(uHa zPHDbN7sY_7g0-~jK~)k^ffX;Uex#D~I3N*xdHP#-qm|527Yj^;yv%lMFT)zA^iC+M z?L{ANn5!iU{GP??tYUgz-3QU5gN)3nL0O1n5)ytNJ68NqTf|_D)b}9`L>1PHporI^ z@R8~-t`m9Q^3&BUm#OApF-~<@D6sBO?O2J%0xFuHgW&-0=sDtde|P)UC0o2U;G)N> z+y9(d1yr7q3y#Mg!UNn`zG2ZaO@v14oYn$UK`4iu|IK+eAUCXFCcrG~(o)u$oVESJilxN-UX_4d3%(l%w1VS0s`J_dE?l!7*Nj;yDu#OQ zFBhGchHDez3*yZbgQ44 z$f_^HJ&D9GS9m?QaDfFNTkPJ(#tus*{kMn~GlR0~eF|;&?V7N}iTBu>ow#zt=!@~d zAU*QuHL=C9rEy=r>u#B}ve*iEWA{P3xDo?Kd z#`Ap7Xuh@PPFG<7Mu3dPRzi!5K2{E$1!SzZr^=&rD&8d%1&yMU#AQ{Mnd)zQP1GiRx(YI&ih+0Kfs_T;vSo$skjd*OLb?h zaNGeE#*MUBk#q4$ohYlmVvmyeofd%IHIP-pucQqlwuoS$5huORII^&fwuaoM@n!A$ zdn~+V7SB|0%Zu3txQi?!HCd}`nNX<28jDG_N+9dBGH(6|=)@o5Eh7?le6-vauldtY7Bigm&rf`5jhM@-$ z&FZ@QV+sRf(-y!wA9>1_O1gH}KpDjJ(;t!^i$11Yl0fNJED8kr%B6AODc|@8u)+|@ z)nCJ>r)&L^siU^qDcz0y@6O9b-R2Fm#9g@_ZjMb6Hk$bdTUr#{ELO(J&op>xqRvoh zi+frWi@qb@Da0_>fb4f88{kgRCV$<`tgc=D~p)wbBy}OJds zp7Q0%*#6JS%{#fitbRa$Jrm;`??+%wxQB8-GHiV3Pub@`-(PF$7;a3Du4JjH-NZ>O zk8e2WssI^1^k;yIvj0nUhs#6jLW1E$TT8s)3=k1SYUql(A#Kqb1RT z-(4dkGh=)<_ z9-BJ5OT^v$pB%&qvDv0ONdU3^p(7=I{p1+b4|$VQArM`~CtAmNs?WI8O?t}|B@DhGHX0P@w!^#rghHd6m)t?Vw$5S7$u`_brgNkj^5mZRCZ;MaqH6eY$h2WNQS| z*l(z>E-UPw&CZHvd8u0kEr$u->uxp@MH7m_zbmkS3$GfBB*>Lghu#lpR4KsEYL$1Iozc^$}#B~%mt6DdxL1X3{at3Y{! zu=oC_&k$^o}k_`ogZ?X{)=YYekul6Dle!lA)g)Jfzlj1rlY^fIdr5GZBNa7mn1 zw3THORRwmAtiX5jXVxY8G7!dX1&5~5sL>;(LL*{|UNy6}5U+5S&`c1cpoVVK!!%iK z4K=+@WiPToms0oH%?r_{iL)rL`=wR{iBcc%7GIoZ#78Ay9o3< zr(I;3eWw4)ftj%PsYa$$kYlFJj?>$!l$WfL(dm8q&0ffPR-2uZ&CxWWBDGSzzF!|U z#WsQYS|FRcF$^2=YfAl}MM4zulS!K4TH$A0o85eE28$q&V`lP+7B46l(2-2*hpMbw ziOP)h3`=A+rQ(8yYhh?J4AVnJ1euTyoabV&RQtK6dD5aE{o@MlP_`$AY-(&sPk)PQdcsIm_4<83Xkiw-=(k3!n8Ka2!MpdV*S9P-KkY_E8C8nbqQ%LDPV+&VDa8Y69^fOc!`)5+6BMjsO+$lN5D zes7`iEwUsC@7!tZi2?rHEV$JZ3)JrYHTp!)FC#1MDFBl?EgD`0&K4Y#62x&i@ihS_ zNNQn|=}S@^U!lvz^u96#Hb*ZU;oS-;mXu(f-*=Au=9{E`~+T zoP93Uz?P8di32$kxC5ajJE6GEB<_S?UMinta3mQP#*jkO(M4T!<`3)g!(T#8S_#4Q zPH^TdX8xk0LW4vW(q2OL=~v)3agY%qrF~&U2%^1Q{ZgD;N&E`8$GajAwYa_-SbXld9;&=t=_7m;ms)f^;)Iz9TMFJxW+p4a|7 z41tY}n^m6bMOP#jaK4qrMu;<;&zHdr&z*s?dc-4p*sxr)BQU*2=Ebh4pS+au-YTfu zK(`J<3HQ&T`uux`D_^iDD~w*v{cU-jfQ!Ix6umsiuJXdDpOGh9(}`a;X6kP3_;7^58aU~HtE@G4qjEj$`vT7)rcFu=)YyVKhz5IVgy;?>w! zlG+7dlJjuFnhRSua#m)J54>e6rjxZmMaCSk3RG53F>j}@3=*~-%_)vm_u}hC#hd?@za>HR=6Zd zP{7*S+Nns0E5f{0R<1saOo;YI=qVYQ%Bt8CnfjR%$N*>$Ia^aS`Rz3i1#<39G7kA; z`z>1p-~TD^ETf`qyT7e~2nH$ACEe1UA_z#Aw6utTgaQ&nNDo~C0wN_LNH?g&(1U;= z5(5mSLk);D^FPPiJD&Sl>s`|<;Z=b$C?CjZ`H-IRf85!DhGzqkdN30>2;v!UAzeltW5r% z1sT%yuQtAQ?mfNXwhq@#T+6eDhlllG(7R+(&uju5$JjLu-U!^g+2P|tF--B&mt|LG zLOsu)a7cH=zi(K_x~JA`(#k8A+(B8IDk9F|!3(D_@{3_TXj`0fu?VKos+CJ7tMq4q zQY6+Rx5S@B9*n-?Ed^p0sblDeVSFW;;Kuk=YS=0Nr#B_}heW;O$e&JBc;}x>ySj|_ zUx}0uBfu>ug`LB@>GRgIP8}%Oi<0p%>Rk#X$xZDGE|2F3SZUY%)I+w~<0)tEm|;0P5RBUyqRbTa0Yh|Fey z;A>+YwN(7{WJ`dv@Q?U+igj0n*6!%NvX#OUeTHJvkL_15*nVHkgn~8_YI4zvK4by` zxio7P=tV34wGJYBnK$mC6^CMhL?+$`64Js9^z`{vcg z-OSSdeY`5a;)1H`&vM>~gPyZ_@{PSIF_MYKCmW#rjV*#G^%@7zy-kzEDAw9)J_CaM zAAUfiX$Ft75PYtFhZo&B>p_ygxAy5){jrOHT>M31h6FA4IAuxM%`dnM@$4_(aCa$R zP)L@b%irzd<`$~Do}H?;M&+I;R=&@^MSWhF!B-TN3R^sz>wRcFaV-Qf2L!h9 zbaG0Qfh^8p@DHo$6bEx6L^RHFq$0?(w4YZ5y7+~TNQUf#PZxYwuZRY!N(8p(63)d4 zN%_mUdakq%)8A(|j(3~nci|4pFmp_N8(K{rgg(g_D`u1C(U=TfI1v=qDkWP*K2?A0 z-{+w4%h)wfUL%>A!z)^Ajk$X@q*4a}0v*>z z^1kv>&6{qG6&t(f-w4|O`EAy$Rfe9LbB567>v)M&iI~sGeQIe3s8}+}3CCK*#_r~w z-kMOs>$aF(t%ruqR95wOfnskjC+X$uWd$$A$SA0ZZnM)XyS=@M~5`1 zZcvY41hMl)50PQe)&5-n>;lVxIuX+`WOKcV3{4*y8~e%jgWR^o2q#fn5Yxx1Hm^sa zgOWBP{^^$~??R1ASs8B7!XQiA%(6!Qn})ly8=kRLWP#Jykq728EexpbjBzHoM&h;p zz6Xqi+8#5{ww>}oZls5@)g0tfUO}CE6PRga$dyXvu`Ao`|d0;#l$7~D9v2$ZajWPRcWVFJ<;H1HT3IBD;~^;LkEyT z4+?V|x@(0C8&Z#Hoc&BFcu9^xg&9{O1L+S2nx9FN>##q?|CN;jHRYCluYL$4UTS+^@pzt4TwE0Go}#9eEo9Py?XUHxu}_ouF(B1tXAJ3sRGwY9`a zOOYs*;sa|E)XQ822deH-BIi_~kSz}1hAmS!YzFY6jeo$ZY|=IT^MZ3AIY=E~dTCRr z>=uDr_Nw6_-5FDYT9%0;w1U3r``J5 zzKDV3y`R+O-3~U#N#))h{1&^daikQ_%fv*zqOIWNrNV(kHplK=RfuGj$X$fhL?Fm% zZ>U{g@zw}wbL%bAI=0tuP*976rkB5j8LUv{G1PBG`<$$C_`$M2??<>46TklSK-(?S zN{jz8W#y6d(#Xjek)UNbqT~^FA=I)tdD@J`I5s@*&75c%WK7KEbz2e`pdAIdV0}|u z`8{T7Rr=H~Jc3CXCV@tDX^DxY=RN0Z$%#6~UX7mtQNr7gD;zoUhkYxEpXyy8%AS#W z^hM|s^v5+dVT^p$N=W&`rZG}XN|P1#HbXKFF3LTCFEOb#QWv8&O#+Lnu?csnDEBWe z!b~3)D`4t&cM6olv1b>4foA+nj>0c#Xdd=VxOB+OmYFn6M( zjXOdbi+FR9j~d*vCJQ(;X6mT^NW6z1aLA~Sl9AJ+wW-f~C{zSpb!WRICiIzac0?t<0zls!5NWLH_kHmaB;0Qw#gUb#S4qS5A*fqBX z?u?-t)bTmK#>1yY1%<4COAlz?;+vL6qgSpW4V9pi6>sIcvQzB(M2WEigx|UdBhR<5 zY*jx8-R98NgSMnLKiP{QAtoke1UiAgloOu~rft@1;B^0xXFyizVZ@3cbN>6AYSUp_ zFW)I!4;4R*MvFQt_r(800r7Rf4vkLZEI%{=PV--Sj{E-9NOlB;J(5O7IK*!C*arEYN3@bP)^9LO|AM($%@+rv;yP z!|^mm&>&+Viv9nj?3-x#lyET{o8;6EZ&#{;pJ1HrEIA3t>WT{pn!E?Gst4GAs`Dd4zRZfw`;+D+8akd-90&}${!KIB2m+N_i)M1 zF{T6Y6m4E#@F*Ais3>YFEOV*@XKA8hW21fz^srQzUyrxfU=OCg6Y86=0lv)94Ko|6h zDd&5hupHc$8wfev{S1@i zJfwocn$U%sT1cmh)W+tj@wWf1X7MX{5QVY@;u zUk#!n8*ljfHa(Mx#|3p0ONgO{dYPs6DTr<&vSxQ@XS~02j(GBG^7k$fj9S_NC>e zfGRXn`RlT4zU0Ifde-cLG%lz3n}`u$3%v%)1N9Yn7Dt&;MM}c_{Nh%uqCaA;&12;U zb(7b(r1Fob6?nQWEH3rMgZC&v@~{Wp4v%C(X$8mvb4}DdH*k5(rx@9R?x9`$_U*8% zudKKCj?X-~$~j_2F@wpde6KpMo5Yxw&)#Lc_ikGG z4`Fos&X4fn;Hu5`7?wa>!}qQXm(S9P9PJB(Blo!&I}4zfAMM2 zzN^!SkS=~!nPat~fD4NELCXkMMyzgA!EJF3l`yyWN3qjjKKjXfiF4I5u zK&OW!Fk2snlT<49KtLoJ$RpUN>W7Ru$nlA&m=t00sKD*!WDf02+w6RD+(4B`0n4&-mbr(kBpxF?c%HnRMoughJNwgG@c&fulG+60fj_U z2Xd=gs73^JbpZv<&gcNWU!vCv3U+|5RUQe8O$I!aduDWCDJ{%+a@_U>-W5g8Dm$wi z9pj1f2}hTRjGX+*=s6Qe*1>^9hKTQL$q1qkT6dmUPgUCkO4{HHbgxh{V8aYWPL>&K z1JR0u%Uh~{55w!obEp<#2ANkkyceINxqZ$H^#fIVGPYUV;_VobUHlI*SA<=i@O94G zAeg|@{b1bVLhY@&Of{?82YG29;4kDXK(dhy&`V6ofE8lNbpX^0b6;;sE)fx>1)m-djF;#Sx$}!6+^QV< zz_ekJe!4!gPokIoe($gaajFH9S>rkLN-8HXMu`(ZHEjgh=i)Baevq5~+&whKIN4smmprBtR{3R zdVa=NESBb(n!H`l<0R3ub@^{l$F;uGIY-5{3dvJ1H`_w;^Mof^ljZl44FWWvtTujLn5%mN?7O~QrPkC zr0C`s;^&8lo{kz`5RQW8;3z>alPwUUvUG&w{`bbv#pSvecK0XfI9vdFzzVqzQt^G} zCo0m^iHGh&zm3@ePLI&T@jEP*j#%W1$b1AOe68EmJ&Q-h9CSn02w&J^QT=`v4`g%r zMleA(4h|GwpGsE1RYtM9MOqm*CRv*t~iMfivMpdzGk7xYfihwFm?gIdPVFs;t zCska`hJvo<5p8Cj`uOlB2U$pKM7pQE1$`y79}{~95fW$<6Z07}%K0}sOz8F#<$+m^ zAH0s-d~5Yz>kx2$aYRAOWntu6HIxWx-$waCRNVqi#K2rYYG6Xux zDMhyYQbA(pv+hRsLF&K)&>oOU0NrM?Lh%mYTo(5@_2I~eP%JL%q9E2n1H3Edv%qQA zIvkr5Wt{}jURi~fjZCR`H%O)Icptyth|$gY@-I`;s^h6)8m}p5pPJe)lj`Y7gIltT zS-?1@Toe*8r{sivWGgO90?by*JB_^Wq1;Iua^4`cwZD@9VyC|hG};UMm!Twx*Qt_S zb-)_V${;Tj37?Hla2bu#+<-A$3#0aj68Q(*ygz=k7f0+$skHu&ZNdKR2D5!bx2MV z;6T(CizDTs#7%Sz`~YT@7U3(T78T_I!Y$;O^@LgbgFozi=Cdi!#?=kS3hmyk6`13E1C(oRRLU08 zoY(D}?H{EML-Vt!TkPxw*L`Rm%`O!{U`E{poETr z6bT+s5@4WFQ&a!rGV(v)X#vnEvn}VdNGf17re3Dx@BNgo%ErkV37*5BH&jdG2uwF! z#ZCSf)c^F`G#tNu`)0@^9JjYfvh0G9&%^Zze?uOSi*3fY=` z7D50bL~)|Rgbg)Wk!NV#=~nB6d`3vv&KY*$!bIhP*ELxmCX|4~oqSQjoiNoD|Bc(8 zVF3%IT-gDO%U)MFzWgyPO4J)~L#>F2$>H_`tdG5eUJ^+01HAP$hQdZ!Q_IYR% z6Lxs@9Z}@Qy?2(}5g=z-N|j^YQSZ?4EtDT(n}EOEYG>X_C0$0Fz{L{(cs-ypv(X%y z1y2UO9sw%Ojq6=?`4^S4X8djM1r(A``t@rimr>{jP;q8aw?XH#5r~MOFpp z?M!xlT(%Rb`TeR5D4-J_pxyKSG`n<;?l|dw5W;0u3xb~BbawHT3ddvZLjaDi|IO~k zfvc-Ckvq1!e-07@ikTZdi59a9tHl`h&$#8gh^kI)4!xYPJU=Lvsu9ov?l}w}T4i7u zi-B>39ajbYU{~h`d}C3di2vh8O6jg43zT%A#AW?<}n8vWbX(|*k5FkLmeJ%Ewq zHn&u~C5bvjXvQTFW!V(=Wj;9EvK8offqYJ&dePTEPWpo6pL5+Xj)t#?ImB;ooq4Nc zKW@Bizs(;rE3Vg|Mej6LnhJ1>rj@01qhn+C<8Km$K)=vmPNI=jX&se#$N`2Sz{DsU zp3o9T%*xfEAmtk68EHqCe2DSpdCex=afhFMX#iDIDXm<48c5(Y{c``f(Z!(yBeYz4 zSK`Hu{C&0od8K*jt+7;<-^<>e)O?i~^!T{Jw~+-$C!LOVI@xCi{P-8a_Q11Tqb;9` zCGi;ZTh&{dNG`3cs9Rd*?7exWKihpEPb1jQ_G6)-H|)UQm*O>TAqtnjFPcq6nNuK2Cxv>6Q5Y~uo|4T0j&+|^#+^n7=R#Ji^bYUGHBiIai!tJH_6-A7kRDddSX zh}S0u0F!ew=v)*OI_`3hn1Rk;H;z%>=msiaYtBM4;3%c8Qikwy3o8&WbKALKz3}=7 zwV)})+fy=ZQ z$gdpPAD+}fLzvI*_dxS)2L8))#!e>pn;ZopC` zsU9jhzOEo(rm?Cy=LA4FK!H6uwe(ZyCDhUq>$mBKN)e}-djRLhc3|^vyuv~Qzz9o^ z&v6E0YF+6i{SV$Pt*&ao;^;+q;yq1ubeMKmhEwC^e5@R36d4$<7g2A3=bI>1CzlwY zvJ^_eW7ONS)%w=NlQzVQz~xSimp{^}+2ahAhitwy2k`{u@YCD+`dtzS z-QtR-F3{AIkc*}jX98eUZI0ey8K$>6i65)zlZUqQ&ZSrX5Uq(T?7O(@);}M_O0llW zvb)3xvq+p!>80i4cZ_}KR?DuUrLy`BMVkrfkU};O3U1wEKYQ43L46mzFJ{)eYjV=K zAsCc2mYuU~_KI3ZbZ86Dv#7?U$YZ|6S9`7!$*RsmHXMFV>4D(IlGYhLP=gkGt&b>z zqMNsH@6B=D8YGEbgX?S(Bc$9BFCdo;)vH^5)=in)2LyI|{^cfZDsujq0KV9U4|q7r zXF%mtHyAMdQgY|aZ!0PyBBHCS3(!@~A0|<4eWw+`^wGhZV=|6>Mn7CTbTWi4&G6_6 zo>eAS_B+P7If+RNwkQZAG>w$|DyJ9OP_BtD();!;6L z?j7gDYsS6`&uy?=xYsG`)l1?u{w`QqRXWp0k(XF-dhTq%Z1lB>uoIvw0sx_MCbeQb zgi*>%Cq4iOdrT+dL>DJ3EI!9=3=E!~pGfi+vT4mCMfz-jY;B?IhH16WC#8Tnc41+C zP<_e=%7#V0%6&H$J~ijP&e@1ww#Ai?$I0n!|qknm3FT_GBwST znd!REtb%g`@`{#+eD~%uAh#+CXOnAZa5CIkHAkT@+8=ct$ZJO@;FrB#vRuFglQAiw z%b!rIe-e`$)xr`y>AA!MH``GMTBg3mEVAr{dp0CF{>En#$jsJJc;x0;o*pC?xkZ@q z1Cld;&)9MWZTOGX?50%JN+tEyc$IBa17%IOPu9d+;N4j^TN?<)b z-`hGr-5ZjVPwy1a0CG=JzjoJIQzyGKdNQ)taAxTW@JMb!BP^N=l5qecb8^*XanVN9 zR_+m?j?L1rYyT&HxK(}kYp)B#_ zpBrCGZw}WC(*r!tcp^0n2 zHHf7*BG_kBF>d{$hx<;GOG$^~%0G2j8Zi=r9|_PrJ5i)7Zm;s6AxI8Kh4u72E-yX& zZjs@|X_(}BX<6k+*4HJ?x7|DPeyYvC)r_K6Z#zc$RZl z^DPo~c6RkjhK@cn&`$;wD*g3VgwE6CgkO3Xt-w-Y2xZZj#UzcJdT6|Ml~x~e%fNI9qQXx!F*@JAXECX% z+z%~N(Yf^o=1AH5{1(>^2TS=UP5LWevw1Q1f7YFp+m7N}jA2?x4No0sRa&Wc<*ACfpHQp`_O@%`{@eqOQ`2sTen%g>)xkF^;i36#a+H~CUa<}GF|Q=U}ET-HrAT=k<;&!3RVFhjc*7dZ(o6>N z$MRVl80yzg@4s6N0SqYVl>5ez(=}!PftJj%VRQ;}C}H zchsOnYTQRq%kqk-A{6C_r0OT@`ssPlvAcU9UO(+1ztuV$c$!?_glfrx7yjwJJOnW% zZsk}Kq(Ir<_XeU#6d^XPG_-%&D@4)mdd!?XWmW&rgBl{;38V--^xD2Obz0TC?bb2K z(ud-ZEmvLyIo|Ha!?E-+1%IBnblyXdD2_pvx6H^#&C4KVrai!HbZqp2;TNGnH!swL z=57{WI!gqRNyp+?)tX)NiKwzQMu+7JGl>&_O?w`A!{&(^QEXd|+J88%?u@RaNRs*K z`lDU|!s_yz(nIgOGPDP7u-zx6q3Gh`LNoA9q`4MMF5=z&h*$z|0_B;V7^6e6gI|Vn zhOda>&Si!+O1VEmB3-h;5e@~_l|VaEWZp)@4EDc5tXu81yK)s6>Ggqajx3T5I&rG2 zeZjO%9^33g6!nOgC}1Ue6bGGB|K(0={&p;Y11Z4s=NA1xM=W+h`~(h9Z*7%9k^XUE zV2`&HiT~yGb8&LMV<7$QVlyw@1_%G1uE11UR{A@z^q=hvfEpU|$K`=?J*9QaYYt)*O{bU)<(0Hu9nR{#J2 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-7.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-7.png new file mode 100644 index 0000000000000000000000000000000000000000..ff5154e6b28c24629712bbae23b1e8597a3864be GIT binary patch literal 97992 zcma&NV{|0l_ck0%%#J6VBprK_Oq@(?+Zx2SZCevN6Wg{swrx9k`~K;_o^Nlj>eW?U zb?VePXV=EHuN|r&Cys)Mj|c$)fg&j(q67f}-3$Q%IRy_3{^v(;xjXm=(q2hi2%=(w z@CbbH>9?S)AOu8pG}5af4EPwqMncmb0)i;`pD$$e-qlYCh>rqE5kVCfz0)^G8x`r7 zPNb~ThiGN%Ir)xzUiTezXVRut@TYeG!K$0I>C;0tX*Vf4VchrCwKZM-q6>D`;U8ZS zy6;hkJ+XBS=jqSRHOngJ?mv7C@q+%dnZeUHBlj}@dy|RurAYqYxe}JD-LL;U#}1pM z^WR2zg#%r2qyK4y+&hb>VfXpJ=Th*Yr5XQwLu6%RgW;e5*BSEv)0trTu9%3(=KI@= z%k3cm4waD8X0yu|`rkVW3{bA6ot>SlI&;c$b~7Llv-7#mY>6^lBtHB0|E~J?PN`_I zb|YgD3PDgx3SM(}Qc=b(B?U!}a*xH`DiSY$y2jybvg_CIhr(_{O_rGUB|-3Ekh9%6{X0jszQf>ff*Vd6_%4j zt*NQW{|TO1nY*pUYGY;=7Q=r}QsI5BoE1$mB4gm|tHn6J^wS2 zh4XoGHsEV2a&eM@9IUL$_!05{ELx#k_rI4!rd;gLs*(a#(}-+h2@VH4yK3puKTA-G z_Mge0HKWDUQ5{xgQ=OQYNHVikR#N)c`jvkE?*&@32#hd4yH#g5fCuqv@?Y8ovS1x58gf}+CuA2BGYSD|b|94^Q%?guwT;TElL`q!Q3 z(Ei(;qSUX9wi&TowW443cJSvvqc7?BkF+V%m6Yz%E^N~Rlf~2uuN91p$o>&18Fv4F z%Vvs} zpp%Hr2Zj&tNboriD-?bR`znTxObTGKR0*V_Lp$HngqLPYV0t>pY08I!LxI0G#v*5@ zfU5v3Neq`!dy1?l4Au`7>WlwPpqd{C^tN5i#k z%bta@bv(}5QQyP=G33=*_ddxhA7q%4&*GNKCSsG*(E&La8Kc1SqLOXL_~ukh zpY7vie5IW0wbjW{kE0q;JIx)a1xxz7xYL46hm>#aCZbLQjcf(!V;`z5qn-6Yy2P z%F=r2%y^@!FuPuD!Xix>N=aJ)hF44m{vezrvgjhK!HrB!=) zf7nXR4r4nmigq+xUkRTTpodJ!@P-!_Ni;LxT#ve;^&r_-$4M8w@(87V(t>|>X%W}K z;;GEV#kFK(>ogE}b5L!4K}@*Vi6$qbr%WsRh>l{!XUxr;UQ! zlU6Jy?Q6J$ucD;1j6^FJqFYWeZNIn$uvr`2H>2;~58c0E`A-I9r`Mz1eseRtUgH$` z`LTH616&vzA&^d>Xlz2CIIqV0QZa3j%=DazJg`~YedyeWyHDng(ng4o+^0mrh!fZw z&B%gRwLtI(_1QRvb5QV`pb0~T>rpQ!aKCo%E3z_Qv4l+-Su>lbf|*$<+aVU8bE*F> zCBoLdjq_mbZ~1=KDb$D4)62&z@}?$Ea$4Fj(Tt}85phxDg$km>^>Vt~JBP~yl8*uJ zw*zm3tK2}PkGodqi>}pGWXF@&P(41kgtFbGc5^Cx_P@~r?{7@>TGT5+hF$??49#2J zk|tJrp@Egkd(sIs1L=*1CbjGk4`kl*!xT`^&=k{ems|cG!yIJ9T}5Yp(}xDktE^a8 z3ISuY7QFVMy;W;^j}K}Bt12N%3_h?>&31cXz!sG+Pc$JtQEM{_Y8iy|-}?h{Knkh3Rsu$rA7GnfWlQGM>Q2db(UWja zsS%;?8Ps2JYQQ=jyc#rd1cZdZ5kL{M_d4(G#RBelx@MPxzI;d!V;W+~;dCAkrCf$j z?e9qm_Nh)*tdHsGX(czXrFdqrSgj&%;a;AaHGwiF7rs58!)$kd=xK30$-jsu;zMM( z((Qe|n;OfdAv`_X(;nq?nZl-(h4LWvaOeyOZFeYjBjQ)e50#qR^`Wuh>*M2dQ8}Fm%SGJq;*pKh2<+?tWvJKxw@Q=LYNTrt3PSVf^B=aQbz#ts6=h6mr_C5Aqj`G ze%V`h5e|V$c**VOAG&tofX`_m69jxy2X4p-w9e8rW4)m#zK`~00_S2=y^Zipdcj>b zc><@#vz7{(hgCl!xHrR5NPg64X($A!>~SVZpMPrI{aW9}MRRo6Is@Hq)t6Ui8@;I3 zC(v&%W+iH?K~GF(L=v?WriNP|0Y04HR?^>d{IJbuQVf)N zH>0&yHd9HL?^yKnt~);JXRakZ%wreB3qY_zByAq?v@1!Bso5Rq>w6`SlOD`pu4c&- zM<`+b9zPH{)ubrQW}%?}EHDiF)+yND@|gAUE-!;8Acv2%>kOo4!vgz8SbGx%RW-|u z+j{q7hNW<`z-G_ZhN*dw$cY+50p+ktp`*QXa4Y=n%hlao|0-AQbb+$C#d@8h8&^KE zG~-Qe$$MODFXrfaS!Zgq7qYmv>M+CDpmrnY7#BeRBOKK9wZWGG{m3r=O^}eY+%Ht8 zl|ZB6c+NJ*=-vcO->OB-kfR49Kt^V8ambIqt@si5FHlqOCe%^hlER;(8HNVw4m2VJ zK8JjJfu7pYU`FLBBHMv8D|vl;qnLKIwT)#eA+sB{q!!s#h9R>P_4v48@N&sic=oh# zp#8QIlzrk0QCEZ7m*LKGnbg44t<(mS+bIjr=vJ5VZ*p zDa5?2xE%VpahMX4e_^pL#ojXO@YL-Ox3SvTJHtRcV=dOrpt{RotJg>jlXw2hdo}d0 zivZ2ml}URyrhVp&bgGeyt4Oa!B-JlI*>^Yn*<7Jjdt}iA^6tkB#?i?uLmDN*71*I2 zPJPPeoeRWa)sgEZn$LJ`gP5LHK#B1Pax$gr2RZ6zA`DZyZJVJdn^hF*mwSE=asu2e z5ra*@68DZ}-qofhR@&KBcbId{P4s27?=&~l-#DbdTGy;B7ug(Xe?mo+3;`hH_$lK& zxaXw-vM8QSum+J;#9pnGtgvISa*SC$J*Cg!^dhv>YK;4#Ca#SX1pACP)k%UgmKDuj zrf$45aHmo2!Br^x2g+U|~^iMM51nEWiB~C<77-CK=q_?sXPqhDLY8TuY!_hkQ@9I!lUY5AH8_C>vG@ zwY=o`q)3{1;>T!|^+h`-jKK{`!)QQOE}B(3{s zJJ6(;6O2NB`n)aHH@O|tljN4VfZnp zN5d##`iVCAz7{%P=9Q!1TCZEETs%lG+d~SV)n5sobTr9DM*&1}eX3UledU(eOde-c z@JC6optQ}671BTn92o;Y&?s3L zkCNzmz+1!3_)T2V1wAlK-Kf*s>Y=y%as<&@l+%(RMBx6@7Aw0Z4oq*WyiiW#1hlS2 zk8Q8^D`khk6F4~XLJ**Bp4E@ZWKv;$c9yo%^CF(e5`YUY+>b-YJ3Ps;-r(o7-Ny51 zYmZGy03!Hp^OjWZ=7~q!>}k3Z|fIUID1t0oU3&M&VHJ{A_&}5zbkJXukKr_ zP>FbTqryI5?gAy#m`57DXH=xbK(=mX%3+L;LqBO4l7S~X#4oCz%^PUtg5hWDoI>L=NHr`cK4`ETVZpiS z)dGgT26`2h5m!tcNGpz-+Z)-wxZus&UNG zKMAnxBcuKJ1Oj!Kc7JFlPTu1UUI%}9^O993D97k)G<<&I5JGz-7mwPUFW24xHeY0r zO_`iK4JE&y`|!Om(1ZVpun8ay9MY`A)3xO>5+L&+@Qb z(k9FG+c-yy6?x9m=F}B(f;fnUMF~kB$&z4M3POe z41CclU1#|2B11`*5Cz!6j4n)XuNnv>#_NAP#gF`@-Cp%%PciIiv0u9xPiY6ut{8-3+etqK0o^~4_m&suOnoXQ8 z(KpY*KbI2(7$aLwiXD#d>7^%<9IacZB^k6{=Ma@K&cn_bEj*~;Pv2_z-n}P ziv*1@IRgo|g9LA}p7%;`4PxBMF$QWp3V#!^n$K9BjLh;u=!DSYhWM|YK+X@`oF$uA zjBvShzUoa={A&@Nb#FrCymmpMfSrU|$?S}a-Q_T#+Z7#f+>F;5- z+LuwwV4Cij@dmVC4d1v>NP25F@#wc1*pN;tK5cHa`fX9ka4s^To;A1_Zzf9cVsHF@ zHNgI|r|kA3t<3IeK0_I|iX&vFuY6X7K8GS?Cu`XQQ1O!3#Xz+C%HrM0!L1X{$YW<` z3m`MKp?y(EDS!BWL!M(pYuYQjvS+Zd2XTv2la;F?MmkKCOWzD*szKj(g% z)+>1E_!aME14t@X64cDeM56DfWOFTwrKXF}T_ybfcyYI$LYj{w`ow8Z1#yNN)Gbeu zz865zy$TMRHVPFG(B(4&@}d$2PRZy-qx(7CdGPM;VZ+*TGw%B(WG4K|(O;vq`EqJ` z(AD2Mo$Jj1!2m`tXq#{8wQJq59UL9Asf4oD+c$T2fgkrPF88-I`(tUL2$%!L8y)Q+ z_My!5A{OIkHjA|u7(i_7b-gqK{N>=2{qJgvBmETapI>npHNLR_xxc)O*)At5HhoCv zsH7mx?WnIi`k!!i-XZY+`i+86N=!;e%<-p-$4s@YRCcUMA zI{d|8^d8)KKBE+gfQL_gJ^TLnAO8~NB7?mV>?Wr(d@?e!U2{*8g!RcRf#iIPt8Gyw zdmD@kT^?sCPvuVaE>j3lAkx0^YE$)Mn`^woTR>|%0czMu_WR!%(H0B92A}71e$S4A zSGG%m!&>X_Mqqe?HKShBmx2>8>W5BD%&6a*(B%WM+GY!VvQRlV_Iak@*Wm2x+v-y7 z<^6S>7s1HXtmer=d2e4R=5(bs$q~h;0{O-YU6E%QjH|EMHwWX1*DzOmH@|5rBM5kK z2<9u}(-`TLRfoqhJH^eeJ$5e*OHBC-820){lbIy_t5_oZ%r>YRQ)5;O^pE1rnUZx@ z-~c9Goaju6&zZE3mn_J?jMg|l_YaW|^BqS~?0)0g3_g(>XTAA)Q?;3b zMsKC?;V0DQMic})%ByIdF2L6Cl5_PY!~Fjhmfa0zfQ82>qZeGP?c7^r}zVo~BlCu%R*Z=B?>w+&}6d`5NDgF=ZKy=G5|& zT!0E~h3Uz#Yi<$4H5>zqQt})(ZWW5K9mj`puosZ426baIObY*@wI2w(^7`YdL6=bd z^aietH=7(Hukhxsg^bN1DJD$s@(3#!5@THl`-71+c^weoPgrYLbvHzFMf z!|BS3{;~X-+Pp&tGSxQpuz3l|K64n>iZ)n6TRvK&Zf!Sot8ph5I7zEW8VW`MaCvk_ z`Kv}Gt@QBsFRlhc2tqHh34#lErTy(`4z~PeWlr0OKZWyorP#6(@?;Gf-JHRjSYHj? zI-62YjQ3WAcO1HMACgCi7d5M}I-?tk$k7YF zorR-grv(_c@=hPCe0tq|iv)vz?~-2X!xW0yS~?gyrCckG&Xt@87p_uDXNQ`2pYgK= z-`rAY@~OWkh|X8k2gEK~uW@^4+ZRRII5{O%%D(y3+Je!qk_{%J^k*mzt62#ANP=Dk zef?&bea(}Z_ubjvN*|oMh?`aQxan0>6kqA1{2!m`cPKtewjKXJEk~n6i8ShM_ zlFu|aO_>I{P94tS%i>GF6n0|4S+3M2<^TC~sa@UJ7%xUtNaGZQMiR7{{bg}k4;Qqk z+9Jmd+fOjJ-e@%^g&`A0u3Dkr$yhFYB&Bq6cE<20KD3(jc;A!gb?@y6au3jWJEU}Kolu%^y^6YpL zax>M7q}V`_$?r)U`6|00p64@@T{fa3YGj1}vfkVJ{CC z-s;O=*`tpIE)!x_MX@6)Ue)+pYJ}`a+CqFL7zK1t6+IW>A-(VdDBb-wNfEb|WGiA; zQ5TE?8j`kOX%HhHUbf6MG>89q&%*s`05*%dyf6|nG(L7OGhlWjG~0wv#QLdw5JLsJ z{P5h_R0cK`$^F4txNcb0uAwDO*1^|ZsvrBV_;p(tbJ{bVN^Ct6ZchF;MUioj9@A|r zHqu8QuglQn2H!W_4g}Yb$)xDgjO57i-)}53L+!t9$izZjs_*HE+R8-i3er}ER+|U{ z_J!*H%tc(vyop#|gkJ;#GatsqVtChAMK5u#a5Cr-(WR!7{=}m>cZ$S{bue?{K@Fx@ zyW4)}5X84RzCT;pSX&h(ZD!gzbPLK<`~}JkGkjqCM1&gL!_;cAPD9mv?OQ~-QT9EzKb6mu0JZi{2j^ju@9ZjB z374Ij3*z#{?EqHk@c3l!mbsUSJ2jy%Eei2=+l~Pc=($9&BuvjkgPrH(mfOD+mTn5? z-VY8?76)hw;@%HMtK89%-z*_*ihpb}g6&Z!($8kq05hiMZNf^uW*su9cDMVk!Dx~_ zeJ>t14RlFtgqy#btkvcVaw(~)QawU;!l2TWJKu`vmiL(a7>z0T7L}QYg*b}1wm8md zySTZVg9*v2lCjj8B8n{_0H5aR2W_k}xbp;I>asQjE;px&7gkCJ{%bx9$c_z zCYgJr)9P>z-1Ge@oh)H%%vj;82Q_t-CE!lE5mqw(iWB#8M-%XaV7qG z00+UYNZI|i4@gV|>s!Aijgn|fMO(nvTBJ>)n2>6?wwz7@k)bph#$rnA3sr%-e8B|Z za2)vr6^}gcs&uBbsEsR0s2Utp^{W}ga|UX%bSiS-F75MfklR3)3OuN-NKzt+gO!n% zUPvq|1ovush7ZTG+@tD9+08Ud2l8%dJkLMO+jaXRl|mT6 z2PYtl2EwCCchAJoOMW{lExt_1hzX;4X`6cTV9Pb7Ej*PO zpypyQ-m3C+AtX_&jK?+Jf3ytV@~lV|uyW-S_n7atT1 z`59EF6-Z`9?FC}3soJVTlM&&6jd`?0^8~+l`jBhsD!mUkLc*QcnfSw_G^1BqPEJU8I-TR$iV^xHHg~@U zi(`q5zj&b9JbA)owhA%`_46ktd3jSF7&h*&2x#oma#)k5%TZ8?RNz;De$FSZNr9oh zR_8B`EMgzG!`ko3j96gUd@8$rVI2{>w-Tx|-BM^i_fNw;2?@HWLW~ zSvmE)1jG?{662fnsrWpwiFWDwN)Z7Fr4|N^OcW4sKW9pF+)+Opi(AW1Sq@cJqNvoIJ+kX>%aQ=_~5a#pUIs z*I$RrM-MjOWVGZtji*|LMnwYu6UC9RY#R-lV&}18Z;)5~F31bZUwgV4RHw!|77~Zy! znH^EzM;S8l>{tk2^eMJ|jM*p=B+s09u`YJszSPdtFwZYzjx&lT$F8CY9lzI)!r=;o zp=@%rnez5*doHbS67q`tR=g;IPioc?9mELc+ykSWf7=0J(pIK%Q>rj-3QGFZ7ik3Q zpTUVHI^e@c<2(WDnQ`?f3#2x&xY1T11lz`b;5RDat2&u8O_m;i3>Jq<4lN>-fuw`0 zDkrHfrx#`mcf#=OIuO#3q-5_QQRZXiT&BiTiv_-j+hEQDDyhfBb>Ux8*QP^sC%g89-cr!01`h8@U~i^pg}sC=or6TW(}-?Z7X32-sJI!DrEV%=a;95l%3h zxg??HEN!}ZQ%>GrGK)*fqhbcHtZ)N&3yqeYgzEZ)v4`Ew; z`2xj?`m)tY&&M($sVAJC7OGnGmR&!N8%|_o^QcNVzlP8or`++_Y0g`)KN40;Gcnq~ zC!WK+xEUBF4pqIci0l;RplwPJ(6G`zwXFf4nQ*(r5R~;-Hb<{asyQ7pcwTc9@dFmK=4|!)on2|W?Yi6@Pcu5t~5XRG|#A7Br;7EIlnUeKH8sXv{~Y6+nw3$z!>4`JzPvFLEI4t6@WhPtxb4 z%FsI_9RC~%^1ls6U+H{B_y4v{sHFjy+ssLl_TaQyz?|`#5D_Bd_=1~DkmPr_AT*`; zcSWmjW~f#Ov^Jyo>n>Mlksn2T!ye#*sqZ9!utlR`&j+>emiXf<6WXM}fB}fcmKdC? zIFn$$@04ZyT++hK1Lssp#0m#=X?pBr;8MSp%N=e0$N-WW7U8qzPnhm*MCQ|r4EePGK^Or31R z8tgo2 za<^|M(~y01zF<%h)h5OqEIAu*?WX$mF9;hJ-13ka3b-*LuZie1;uyY#i#)bt&y8Ga9Y!Z@0W;B6hEN$OMyfV)V3gGjI>MlM$v60#>3av z)(Rj4On6FFfjI?lblGefc*uq=roUu(u%khIz1efBjyUxCO$ z=a|IY#N-PCkt9`r9#r72)REb=N@=+&oN66)S{T~l2JX9;*R}P?&F-+V4!Rtp>AQLDsqha{PlH_!~K<3%i0~PWy0LKSsaHtE2-CuB~PPe2yT_p zgDdH+0a%l&VdmACEoyU*@b{sj=5!<(w+v?|IyO!rfoQ^DC#uM(?lZXZdi>m^YL8jx!b8)Zny9&xbxtUI&Uq&;iJTrMs=_Zq-skGsI#AhY^DWr(Al}5=G*81dQ1~3c7-}XVSt2Fp3 zM1hBv1tN>xocBA}tJp#V950k15fL#QG0ib5wNYn#H2^z+zhJ!xbcEmvq6%HT&1>_ys?+mv4Qnmsh1$I&~r?2ee)r*d2Y1Q$3z`&jb8Bm+0$Wv=tL;Fx5anLjy8;*OCKE`xtcLEjR%f8E`}rYtB&V!rxOaXt7|fU( z|5>&IMaXybpvs1<| z;Thchv1BJDE%j0XO5q3EZ*RB<%oq0XnfIO$HVG_9~C z<&KReFFqw@T4`;~?7E+39RKAj(yG8D_gs8wW*Y)T>PdqnzKZua>R|025_Tq*N-?5P z&&dtpN*-Bj-X2r!hSTC-pziDfHA@?KC+H!6RaQT!AV77omaN~+iqPos;M06EC9eM#o7`O0e8 z{Hwl>xPWMGsBrWEhq9EmIhjeHQ8OCE{zbtv%VPUzrs!}g$A1oaI($c`j3hATt za6;$YPN!dnO@GEo%c@Go6w3Y4slZ8exj#*HKyJyrw_MqrAHP-x(10PqBRy;n4-aOG zLj}oOQ#nKH0{*H`XTkf2>U{^%U_$8MxKqpZw$G`Wdpl2C{%{~9=n^$miR1Bf4iUmc zJ#jGAQp9o72NL9l)i}$f{wG68XQoRDC2N&b4)@kd64nsxo(rg71`^vi?s?9i4*n+d6rv2N4W8_f63rj~Pax`@K0l9M1uJJ{RHQ^=rVuYIQuI9jaE z1N+QB6V2U^D7u?$jSJF5kZg&;$%SMyD}=Z%q=U(vR%+b%L&ZnHZ~=b}7Oq44Y{bgS ziu8#7Y-3U(Z?2Yl3qQt4iE?3r`8=4iTVO6g3rhTyJYPULPw?$;@^Hp;)tL4x(VR_*WQyjW1ROlwc`jK6cSLbOl8k0jyVwqwY$KlwsE+u?( ze1C0J$-^fhq1u23ey04KduHO38wN}c!SoX)Uj=nI1RTar#avFoPXe`Ond-bdJ3z(# zY{i)U*n(GXN85oIsg%%wwjx|5@l&voLv4caIDkR+APUl?AEdj zs+LR&LM8H36gvF}#?nVpvb?+8>doiO*-_Mq!IDcNF>XUwErlt#;q-oQOITO+z3%R4 zcP}ueGs_4L-H}iKCi_Z6KTLC{PAp)R0qkK*{KwRtWlf}l0=CPYD>GBrOv%K;9?4t_ zU2@s->Wa*ZIMssoJ5|TjWv+B$cQGU-B|+4qSQmBt?H1YH^(Op3q)0?RtXn8cEsK&- zZdVk7yhv_AJ`Dxunu%3Rm4Q;5bNWWAyG$dK~&;I&9fgdd=dzFimp5pR)egu@Mm5cl){Q{%~eg^`8 z1VGB$)PM^6A~_{rdD5&t7*bc@CpPQ}EK)_4hO&s_V(OBTuLzXGj70v=#h~xfVaD~= z3v$a${Y6k=RQS8as-sD9U5fGg%R%p*2HhS_2)+gQeQu5?5~E=1LL?dXaKUm*?eB?f zFw_aEE*XfKNUu2SetWsD{{g028lSIn#eD&BOhHtu@&b;4;%VZT%dGv>UBrD->-}uqJO) zVGGGjRj}oH=I>h^Oudn;BySCem~ebISD7=u#$M=G!57gMZ%TH zL(wMT{31JpiGe}(r}Zn7en-r+7U)(`JRo0Xeo_sxA9AjAIfI*K?sOuHLq4ta_d|uQ zO;uxZ+GS}t((?ITnfhXNuM~!$^eDSh{Bgo87EM&8PBYoKfV6Vwlulg&acRt9hvy9} zkMn6v8sAK_@{Ecjdt$=3*$?NB4o{&lobWqQkH0#k!zuAI(j`Zg+=8$8Y@5?FRPt4> zGnA&Z1+oMjQdvjOUqxR3aN6pW^663nBgJ~&alp17n3R^JtfOSfKoq?Xsn_UKK8yV4 zT1T|a{Xq`j#T=~mIUNoS3fONEsZmVu$yQDls=eOaXuN3Fi%VK(Mw68ytwpCA&`9_b zK#u!kpOs`ioSdFwBabK`+JPxt#zAa96=h_W%(IU&s09?g@+nV7n0_SWY^<*|S{E#9 zjkr7L&{T#`CO9AdME-->`+p7!whkiLw9yJ5$R0@hPW-7TB0J>SbL@l(V-j6eC_d#J zp`MVxa~U~!tM{b2@Sn*0s#1Anexi=u&o!n0vx7rG`xqISarFbW!4 zvNt&9eE3g6i%hv6MRJK1_)*6u1OL}rno)TTTz`?0h4i1=mU_e_ox&EuIO#m`nUHR< zA9AzvztMp&EG2k2J(rq+ew+0ENM`FtjZ_&2ckw^(^%VN`v-aI>GGQ|D2rv-^ZOPZKpCn@_*-46>D_l2Pvt9oYpz~_;s-3+z#5_ zCfglGVp-a@9+#{&0>ZZSZ@scX7pXD7qAfY@6@W{@l|mI$?GD%pyklQP?I8ozSS6)1!dWJ3iw7$O)j#S zV?5s-hHmXpZsq*W0OM0%FvJf zF{=f*N@*(hhmm~dC>Y9Q6j7mciEK?q?IMV0(fHi%2bVoLV#q*D18)dPvP7YpWzIc( zWWpVg%A^jH_8pN=n8AkUExngfdqN)qqFQwVR#|Jo&GEr`>d{ts?AF+s!MnNCe8>lX z_l*`8Q=4ALpkYP?=C&=0EZG=QHA%fT|$V*rt0HJMX_R>UTiKriUDG$Qv{dF_|+kR6ALkR@LeF-w}M< zp1NXnd3{DA>%4mQqAcmCWUe$PV5?Au6C2ms83~4e;=qpolNo{D$>id4@)h-bk-kE{ zuX0bzV#5)>;UTk!2Z(XBG!m=G)&H~<5{=p&jEiP-Kc#1()d_1Zl2*P_1=)&9++Q9X z1rHx7{?6f=AG1m|Z}Q8;$Jf~DjSx%=7FF`V;_t+Dz1#J&&}zh|OJW*Kt3R=M>@(%X zHvJqM?;P6<~))19{nW%S4PBtemFI>%XIY)PN9#7x{B3D`Y>T*%Z{zoF0p5V_RKfheY{!>zrO};)z;z9qBZ9my3haGoJbD%RE09U^=sJve1IPjDi;& zer_7_&=Ngu`QG*M;my%iOd*aQTj5a4Fwv(uN<3xpHvy5*E6tHq??WJyU0j3*ya zO5;(KX9H6#)y7}Du+6JJSWkMk%Z(3Z+}%P^QK$}eY*Qi`(0`BuDP_~ZrEust49f;nDVm&~2kde7@9+Cjre2lR zP4d4FLpU2vRuC2hL`OPl9S^?PsyW zuWpQ1+`*%brCxn*yaRtbWTzE+;g!|T1LDg_dZ0bGj*opKRxO$Ycq6<2Xyq;(YPviY zY_}=!P>WeP!3w?cZf@ZQI5=`d`O^XN480z4sbHvfW(U?a%& z>?~<=nM5G%&UxH^{_JJjJQVUA!BFd#V_KHE=yXp5O0*^yvSYG1q&hbaN~wSUD$V$h z0U5IfD@P_E>Eh>?`LW*oqi~xmU!J8NKI z3=u1)Fy5h=^r&P11MGe|^Y1fK7qOz@2gRgqKbf{>S9E`#G+}LNN+P!wH)iW~L|u`V zyTkR*Jf2JBvq8maSWU2lW)$mOwQg*6FmB8U_od}%Q|2|2qJKZ76ig$DpYQ7Lu(LfoI z?$}ePj4JUIw7(_*9k_dpnDbZ0&VGj6_9mOct>GK?0ua2U8bhtIv4Au!Hc@4JW4zBH zC$Zi|Wo6N*(3Cr;%IZJVH_vHuNUBXIm{SfB46#-ebv}Pi&$WC(JtW;Ov45F2G0R08 z4?>x4TN82ts+`paL}US*`=8(+O`;1hU%nUF@|hf^=cs>>rc~R|G+e9)3kUzLc0QmS z%VNd$Z)phlHSnYM>=U9wXFLNU(De^rsiCleC*yL#-Rn+zKrTxbzj!qk_cj0oR zQnXYT$AeGL&gS8+YTw|;6PVO;zHkt&SCDK1@F8H`+8rs`)+sWt7(hCwY&rQ3(XXckF-*y*37^p z>fN}|_{PdSgWnkyTtd;MnZC1FZ%ZNeaDt3U>JMwgr^{y?p<9R4fv`vNm(;q_*aDZ; z#0=r;EA#i@%w7Z2pOHulXP4J!JRU9w0X!U)+m{n4Da=m5zY}~SYS@TZ)5Os%&B33K z=gj^1<2kw*xV7ISBghn~6;9-Z?4m2PfS+`STBBIR#+M@C_HJmm%~$<%9-<^^K4!Pj)SZ6S z1#7~WWzSp?(SGydl`#Dv!Y{BI5={Hb{ymHAt+^rEa*g!VqoPxj2B&;RDU@1r|z#CNDSyVykEUN8xI zrC1y&58BY#i~!b&EqPZ}UmN-?c)Z{I$aLdtDf7pH68Y-a zS-hrpTS1HYMyz5l9lIS*{q0J_GlfnomPLN~y}7GjX|Y+&q@gGbcMzy|TZ6`~AE?y|I% zgb}0@-*{JzwyB0aM?3H@PB(}V#XYNV=WrC6&^4Cyz0mmM#^G-*?#2dDTR% zhPlGvnF3zUdJirC(y^;@T<}6A>%X0P{S}~WhS99%Y_;O8JAU(>hc4WDPX^U}C|-jw z0f#4$>bSTb@7qzE#Z8rL_6%ZfI-DII&!3z>6cQSm=*4tgAUZ;Lw~qIHhk$pgwXRDv zWM_Pr{d+L?e^dP^Q3woAL4REChf(zTTeoWoQ2HoWOy$hzd36M~!o|OUYUnzxv3^mI z4=w1nprU1UfeP;Tji6 z7@*O2;;`!)0I8Qd=-pV_+c`AWcUvc83lk&KgFUbKpm3l!YeKzm;eg2sK1wdZTREvM zLd4brz)`_eZGFa8!t|Cxv2t~rN3h!A5md%mG}I^al6Ld z`xaitiKbpH3xUybEzHO`Ci-I&*Te4JZ|ZOtw4!Fk4duz(XRUQQ$nltd4p)kW{eygH z5_)2L9fP>ifr)NJOv9%Lt5ToW6OgX7L;wb^2f|)Hg3&JF!{~>Lo>CDmpUJjYdmDjS ziBxExuVTprhRyjOOTInyerl) z0!5#e;IAIK;0`83WF+X^S3bms$0Z{Cl3N!$L#Q^ost{X^iiMuIh8B>r`mOiEgQTEEMM3!9D=*U z;KAL3dvFf~cXzh{!QGwU4#C|S+}&LUcL?r&X7Bxfp8G!E;k<)4)74$otE<+!*6#|} za3zQ5JEu0z5dG@PFV#DmF#_;nfEPd+UQ`Ye3{7BpHNhbEc#}uX-?8y(ttavJa1m=; z)MYWgB88&*jq@8ZalO_^M**OSsVWM23uq%euT}NDA-?T}d0QQYp_*m034w02FW4)S za>9-MEjF&Gjwyn8xupB(l^i4Rip%cWIa2Ny(Ps~R@7 z+lzcXr%0#ElO0YMmf3)8G@Sx7-I}p``2lDJ%4=oFTJtNGc)eAn`rG@!gDv^o{7olP z&^e(5v$4QYxHYFW7oeE$lTP+@Q73>VksMt1`j+kohlM` zUSDD=i2V;Ho_8M^Psnqk-P~+g?0XemPG|9U)rf`v^gafC3GwI{+E-rGXf(ioemDsO zcl6}y4ow0COgUYN+df|m*Dc}Qtq||RHUx^-o0;yG|0HOzT*qKsZ5Z-tW4=D66YDOI zJYqVBEI8EcUZa$ITrZ_v!SfXmLE{T^jaNT zu%9mDQlER%@B#F&DY?k0KDjXy_v*6^$ylz->;-p1N*WCuth-+hcJy8mA&86%N-r}6%XUCS}DzV}0XFH`hN9NWXV3MmZv~SuRr+}aeOa&`H44eH zhDrb_-6s6g0DE?@Ws3<1NzrPwp@j|H&0M89-YJz?u z+R<=QquGUXFa|%|XPvKmc^K`i^}c`kDzU%Gn8oshj{9j0fA?8HDCU0kBf#>s)O}l5 zPyj($R6JYDuZar3WGNS2%jL+Q)kp|a5?PpljVSdeVes2ftnq$B^5c^4vC)lY@mFRz zCGRuVR%LICBe$WIVuPXpABX+!hI9Qmk6j;zA?w9CJ>nqs z=Tz$*{g1azvR7&(ScYKz2szA z3jqr{z2KB73--qJ^;-F(rAa_^|3#B{TNQxAjK4?@5D6i$Dq1b=%|63A@EE*ynI~88 zg9nYby(~BYcZaWSkaefq-oO{&eRV#Azr;I%FXc>9Gjw3roi*!5!weoOchZ!#+0YSL_~g=~p4m z`>g63-scU4S7a&r?kl&nSs&tGAG!${!CWa^J-sTpTJlINE(zFPvQ)8*{q>j`Gb<|k zVL6=Xt^}c;IlFtCs==R^NuChR^1G$UuUrBA=%}ytdz41&oUu046V9o-iiSZ4MBE_=@fze$RixxwThO0rOdY&G-zc4vufo z$A-&Y767DDU|li}%)}bmtcn`$?rsgLE!&<~V!T^tX|XvARmtlr zvb0!fU{(@pMwgI*aURtr!G(J*FJCHuxkRi@;Ty;>=<5^4GhHo7!z;ryP z6NeY=oI%y6qAq(9Yhz&(^1gep{r9XmOzIi0kzkV<2ps8I<||;vUs@Wt<=~Wh46$86 z-+jkI3~@t$u@2KS#@$*CT!KT077;PR*vaqRx<4naNR|td-u0NaT)?F!ZYi5T!r56L zIJ2-f3F3qd4f}l05|!Ex;K~Mm`AP*5epP$<(9aArCPe0h6aBnPUrp9cKK_8;=S&={OedAZ$$paH>}kA z&T!QWjj01JftgXE>BBhcbV(x2l3wRcv5D5xt^(C{{N%H3rJaT`5ZRgPt}pir(c%7t z5meg|pnP~isEJN_OQltoB%HF}&-DxVQMZn=7q9VDLF{9M-r*sbt+!xD%&VVt z_=eo3iBSx(MAhxP31f34q^m4rHsK3AQr;DZzLL{K2DZ8&4-Y;dKlp9 zgZqbtzzr?pu9VY9)4}N15nC$}=d2Us;r_G21ntZaHa^^Lkd(SqEJ|yXwx7Z#d#@7f zhW=V~%%H?q>2n^8!%f-+4J?!0yNS1>^+h?VpRKFYZ0r)ndV#ejeS-XNN6L3p#lbud z{6Kv9Mgrlb668f9H$SC;RHOvZif+Fnd#?FLmD0$9rBP5C0W+EK9T+{*(b-BM5Nv~w zebUaS4SlJlkq)<`-a(WfVSjzP_KL(>4K{LJEppc|=oJKMGpaUaT)AVa0I)=)G6K}q z{cWG_f>-~#3lVCuLTKH+i@m^GUs1~Z@*p7vrc_Lid_!G*em>$dr4$TGsdkR|@Isw? zVGj)nflwp#{N!k@NJ_MX!T@H^{A3wB!N3^RO_g)1Q1YmP&fn5iq+!wvQanzok?Rsc88>{D`GE{G%9SI0_tRMsAY*eDLm#^irpdU+6&uN@cY zB_=QXY^$b~E?u*cIT-wqEENxm*MwzQ^HqM0+0##s3k{`am|0ZB3^|kNJ-=zbBc&eE z{o0u0V$Wf@h;!4FDJu6w1x+&^(U%s@WH!`Cq6hhFb^ zvts_cDVzCQjJx2B{^sG~jN~4he4^d5_px~JTlmdvzJte{$`O~9-@WKT_-@kF!^{Pf zp$4@8AWZ?iEAsknmU1L(7WwB-hE92>NM%D`7ic;B*YIr2#Vs&+%^0^RWP7h{#$x#! zrZQtJ`SrH=lNYE*pA+5SPRn?Z)$eXxbKnwA`46ZeI*B}@YZsQ$Y}~b zZLb8wjWUSUz}@ns2E4Mp>1!3;>V`e~me5dUy~YLCia33A3Ida)?1cGa?9*W|MbmNB zVIj>K0`2QsC4C3nSBXT0NR4?#BE~JO(hm#eH{tM+PImhuQ`z!y$Ai!meHGFJ)i%4q zo87yih^*o*;`cjNB{pMFt&^7@#2cDi~AH zi=_^B*mc%fVR2yC_hYk{FFv=U{Af5+qaum@UMV_cCSr1T3tps0YuW%yD<}bP#v`rU zff>(ho`7eHd+Lu z&n0i2VB(s1MQWy8z9nRAy%6qtrss8PN>(%$3dU_J9GzMNW;WpDqdc}iW1}xbl0NN` z;kwa^`fZRl#J|Gm6~82cTvzc~>W%^+-E{WGRB68VqmPBpM#k#-5=jJj;FotHYDKdzpi8dC%8^V3wb8mDt@XCb>0u>!n$fRXaflcf z;AnX72+ku1CoAX*t0ChWl|;jr$9}2P30xYwzBoM{NlE(DrXXNO%?OsIvr`c<<_O<}MR^(};WgULhWPQiK)C?F?Xjbqh zKi`a3jNb$QSJ5x)*lUFwA!4L(%ZSslDkG!{;!ym38z`1Lg?02%mV^C)it~Yro$tA$ zi!-PKh6L1F^2#CqG)dsIJ?4_JV+CiLgh`AwolWb{`yB5ZTcH@lj7s>Jh*$j#J9xXt z74_kglhGJ$N!tdG1Y9BPx=<_reA0m83hg`EP$9tQrAn!GHotQGaj|6_SrPSQw)8O$ zk;;KUHOM<{WfE{aHu*(MuT<&x9{d>I`oK@b9-QC_N>4jgjmWH{D*&5EQ(%n5lOQl* zFC7r>PCjxL*yozFzo`T_7*s_d9 z#<*;y(PAC)6lFuK0o-Oih$>a}0N&3Tl2J5cE^c@+>pu(Zb#Kq}vd@)8inp*#DcYFRCjB3bG}S^uw|Zx!dP1)5V8%k3nFdO8R*G*Wcfm0 zfCKRQH6B*X>=u7Q8B_FCxu;R$N%o_V6W4Nmyb&8Gl6)ifCUFjxnq%Vr^zFRUeC*I; z?Hx)7-|a0+xqH9+y|`5w57mWR*j9xmpB4Ags!;0rDmt-=2pOzQ-&_1y_}pgaQ?}Kt z8!`081~4dsubfQ00x58!0fZCU?DYsNEKZH@n=ngi4m~2c7UfUr&UrjE+@9lSWfQ7J z6WZLBP}%3d_RQNZ(WTUZ;QpoxLGiXer?x&6&9<(%JDMSCfink1S=2juB6G==}1y()%6@OPSYK_N$-)4P`i$qybB`&h$3zv>SD^X(Tg9IC9 z`mUq+s*l08JT4TAdxr0^b%u=xdeaB#rFv6zxha1!Rc zgzhW76%`dVUFNMWr`?LJpcC+;#6x5tI1K(iXuYsNgV*hA2+~pHhCpk+=o(lvVFm^g zVrsB+1h^Vwj(-_RN|{l9%{D&wOP-#a4KmC)U*6v$e-S}GhOoa>&zYQ7W@~k7$bh7B z11r;2$UzWl=6c@B(PFN{h!up)P+DQ_RcdSuo94w$;pIr_5tI-lB>F=k1DG?FmC#6c zcVd~x-NOx)%l8s1{^p&d53+Vf(*$xSOP}wMwTu_=B%fw4a=#GcR#3^vGZt3~F++9j zsMCK{a$L6}y**v%i@P&N)7#PcM@1km8}G*VT^lyGKZ5z-E^or3x;PpIlj}_dd>--) z0*X$|Xw(x_aVOad=gBy>(^nicf(bt=Qs-;>b2`6Vxg3dLG@OsJS66$LBH{^;LtmD@ z8!o)k0_M9=JswWN?Xvh}3NF(#@FO?lAy!?|J`a7t_I?%~iGH<-Mb{nAU1%k-<4x&+ z`AOm9*d5hLWsyGz+hi|$Xu>oc)twEj%q?6av_@Skw|%CIM~|Agfe}_vz)dbD@v7fr zN}ndemzbzId3Ao8jgaaAE+`i|Lc!Q}(#)$tNS~W&ggu_H*b(W_yT73Ad*DJwHyF-Z z6IKC}Ni50Kx$ zTKm*=`Nk9-b5bCA(4L)7CQ6qI#v<7x;!34eoQZna`AoBB0>frCPJ*^y=nz+KM`@gZ zE~!tJWbb`nGdtUO-`#pWh35RiqOd*bNX|~Vq6!U@h*Ajw_#7jWqDB$&JiR#IGc4Y= zm7<}ylF&|KB$rY&jdpsQ(S$B2jg5s}&H!9x;ba$YekZSWX{6+|(Lfygd0Ojv0g>71 zj;yfhC6V9+%MUI7%fZtLo-M>BFs~|^Jy&h+fN`eO*!=eII_xgBeD6`7w;|O|qLq_5 z19KASNWnD~R27USE1&9i965K9bbzHsI`M&=tiqyT=QQleKs=*^RfQ~;Nno&Xj~G_n zl4Qk0wz*~~(`+W<#F1+|i`Q1=>$l1jP6saHZO;Wdr?R$Ws9-8gq{?gG4U`^2Y$|fU z`i#iO-t~^o=+2bnp&!__L)~E>tN6cKWUldIJR@_kxUDg&@D7xSF%kdOg?1(dcHokT zSx6@u0QaomN3wwE#1Uz!^IKqnSB_31!G$Zy+zXzls5RPoXSL39#Ez~3$AdMv5U)Us zIwl09e<34QVhW^%2tbyzjrfQm!3$VvAYHOoHJ& znN~q%!KbhNqwnvO3IN!|69dyg-?M+Ou;FmZ4==oMnKOcrh@y z^6AF&QH3qHmyAl_-l!3MnE%!Jo@MPch(mH@`imqffOQ8$K2H9W$AzW{d4(TyU-vIc z?zyDG&f}ZY5*XA`N3erC53gy1g7)ykd*|!=Q1oqki*sp42+9Xtg7Z32TyCRSeU5*q z?B$%$OvVf~X5GwyrawuD$RYEg^d&8oDW~pj^=wntu%PW&ks#?Zs~*v6XcI8IwTG@8j1J!VIS}xZ&+&AG04hX`l$8hjDXq4} z*@zM8mLqp&SVP?D!Vp8cswfWh-P_?h`q?ZHoFLGac3M~fC*MPMyX$`Jyf)@Bi?z*_ z47e-zfJ*mAhURXxrzhnU%6@TOd?jqo>gyC%G9};rPCAnZj2BN=(00ZMSG8+=eM``$ z*tyT&2UyHkM+#!T2RPrl;YbAUWpDE0dms}S-*c{kGoV!Gf3*2nGFeh zlaHYk50Q{X(g}PuV60ih8MbuQCZybPB|U}PC#H^y7Ah|4OZdUNmx#SZ+wd&TYWi_y z%k4>xulYpmKap9D7V$wpU&B&^u>P2vkm_g0ekLIixln7hSap4!O3_Ja1I&*=wVuKD zZpfS7I&)BX3Uq^n!S9~u&Pn-f3oSh`)(5y}_mRFA;m*_Kl;84jY}l}XU3klw1Y(N3 z@9qfj!oQQ2s`8Hmy(c>Ki4JHi{P-Q7a)=|UUjQF6wH)y!$?K(@;^7Hs%Chu``9^I& z2zvoX(LX>&M`JFYbkRHN1TS%W2IoB?G0kBaN~wm6PDKL! zdI6RygW2+CH`-F?ETljJ;zDU<$oQIPna}j^vns-~?85s(^zRqU?<6#050`65NX^ng zq8#xc5z>%ys(UPG1X}BGsfPcjzUeC3ok_5FKR#_`>1Hh_%+#vC zA5>$qBC80-Lp1=NoYYq3MaW{2E`Dl%(>v)RMW^h?Pv;s5?GBjfrlXMcCVMfIR}_m+ zHE%bDe}3SKzVikxSKrZ3#`e}WCeD=DL5>T#;}#+#zyBJMziN+7gOs1qC>NOIdscnU z7(;mT<1p49d)Z4)0^N3-izG)In9RTz6MGJ)BvVh^ph!G4JeKX9*ZeBfJBYa1^0KBM z=O8E;oBriaQuR&@?k`c`nDZZCjsrneAEqwW^WbN=^c>?R4dJ0*&*BtlpNf=EaP!|V z5e2_oB!I**TZQ|kKhsZn6#|`Fg&2zOFb<8QlBj>j7Ek~YgZHS)x{OY41Q$j4A$gJd zo^bQ73zOnf0<^UUzqN%E7gcbpSD6lg_m}+bt+kjF4Ig67($?DksCP>|HZ3=<~UHEh|`jgT%g-m4k4xh1sTI6NO;zTzrQrLr>fK@`;ClL_tvnYkh(`lNBIvXvhMxAler_m zDx+be!!La8pzDnNUcfamVnsu-)IyE2!9eeubMaSP-C4lGlEC=6NOriQLgg7bL3@QC zcoN<>k~C*fwjz}&3rpB?qSfh_i5*@*FDaW)zN!PH86Y?{AJ(HfI?gcKsS6BKCE$8; zcXDD}<>H8&75(XAN~Sq{GFqFJSD1%Pj{Y&xiZpoqLNXQ>Nyk1_F)@f|VfY6TG97=o z0uyBw_}fNQ89+H8PDa)AXRg%aD`bu7`6ocaUPQo44G%#sp#Am~EF*{z9g5)2oQA$5 zVEQMxTvPZsf;Gl-nBQc#UkI;}TU{*>0>}V9|s9$5C0&79QF%WXYyeB)h>*LuKr=Sba zYCuoWZqojTEh2>I>RJ4)Ih=`#iCfpMh73>K-NAuU>(n}5^Cf(rvY7@w<$+N|fVT5{ zc{p>v(Fmi|edxk?=X6PRFp$qq#YYJJ<(HEgc{)c`;G{BFuTbr+fp5wlQ#J@QnjM+d zM^*fal6-NWO2Umjs8d{lv~={XzMKlU67I9iQpJI9#Xe9L*gT+?lt^&suPVAKI+u$L z{Qj}%1Xd(>CASwT{tNMpq03exyEMDM&pW6P)V)P*~_Me5sii+pR z8wG{i@Ca0eXBjU9|u{>EUQJ+`!EKMid#~arbLaN!cclUBFVd$b+*NqmM=|Df&dLUvOTY*t?#Me#8@r);d1fI(RFOUKcFS zO)OZ!Hr{~n&n_?7eKijt0r${;GU~2R;sYw*=)SpXeQp;N>|=5~KMUfXqZ!d!eFik| z07R6N5JU%_jB?CtU79GXggj$w9#v{lpWHCm;lRv-TYJea*8>)erQCA!kYF-mI$UT| zA33LE!u9NBgKyTh^Y$g-!gK1|BPm-Euy65++37*c{j;q_71IwIy!n{;3rjr}m51n> zKZt2YgWhI1EEfMTt)gf{q_FHim-*^BmF{=nWg!~UO;(F<9=rd|>wK~m*7|bKOa$*; zDKR~3ssG&xk&V38d{WVZW2R^N$rG)hC`yOIWWwqk4q#=~U192}^Y%!TpdAs`nEo%XpKPkxi1*gC;s})dx4+U143Rn!4 z9zt)qs@j2QoBf=1xfI4}G2IW9G0E?LEvF4$%(MK!^yu_l@#5`$t0~!G>7a>LT9#Rh zC_7B9?zV9iCDlY7nT#Q7^_~Vt-G&oByk>f$jJ!|POm+!cjSYA#nAM-hWdBwtfHDDG zHkq?TzV9o5#HDNzcS?B;CpP7{RHbK_Dh>W2Ix1L&@8iOW&v&doBgA5AskuTV{~b~$ z>`8%v-}{Zv0#)3>+=2HNy%BM;u&#VX;T`(7oaC90!l_%|6*r33PFiv9OJ30gQ_om? z8>;6H6=A3Fy)7;cj#@6Hh773*Md`X#*W<{Q$P~k|#mZ&NM(m8Gs@_a#aoyHK`uJw+8Yu3pDVK^yYPMeW~za7HL%81V%>^qK#NJK)I z+Qt!xKllG*=J&z(^%iqr{@<3rdJ3qY1w~tl0yeO0PApV3D|>voKB{) zo1-_KuLdgPGVMMm-Eeytz^XB&hn!bt^eAF2m(u<`Jx{#qe$%#61}A{R+f_(cwWk;4 zAb+0DWsVfo9yTy;w0V$Ge8m~buSrR#L-3k0yu5Q6xY0JRF?sq**zzFV2}y=~Ve^n@ zt&GgRXdgkTR=kaa7S3OIBOP-c`j(b;WSR$$y!)NoX$g~MnUkItnyEkb{O1dY|TauT1VSYk!Gfe+~PSHK9wT0e29gOthKNMEo1{R`C|p1 zFJz^+@4o>j{<{RYx%Nx<7OV4EIF&(rKI+c&hKY|u)mPgtG^o+eI23fx$a%m zgv|X>O}vVf?oW>@^o0tj5`y47x4nA}mO>-poX!j9;AL#%Dc|$IH>HDU-*TDHx#Sts z^B=;}YP_GIEh+J80gj~EEp_%Bs|1lRj&qaTRu@cFdTDgv<-oYZ#wm9m;^E8wtvUY2 z@g^AYH9ui=*xN}CE?ZA12;vMm*KnR#4L2*-PG()766hjeZ+|XnJ{MwPG>stZmK|KK zV3D?I=AlHPLuemvKF+J-aZagEH_O2KX)2rFub>_mgYCBu!~hV^#V25(PrIPAh-Wd& zOXvRKD)N8D#ecppG!$-raUhO|IWgfpG{I8w*#=VLoeyFWqrz_=#iq07PY>4@{FD$( z{es0v(#dB6A4RY~uqji*u6_mTj#1?!%lj9sK*@u#`wv8#x~$Z@j+wdT-CuGi+k@W;i=KNc}+eZ;-Xs zRPy+J-4&EYl`E)IG=)2IKd9_3bfXT~Nh*FI+6aDV6f{x3=bV{kozaKXUCYf;i7s z3o2=rt=Vn-njp<~W|PJqtrZmjWogvvY59Ml_&aNG3p|?q{adJ_siMVJ+2dvSGFVI>J9(F|ze}{AM~-HjYg2USQB$x6FfH)@{vm&vim^D79c3{R1 z2CSRy0O$(RAb$?6)r_d-EJ`4uPIYrf1$9LHM>5SViO6P?M2T{-;HoP@z&?TN*5g0T znx@Dh;oMeh)<`H>g3%L*tr6{pq!i6IIXYz2lbG5?$bL;y#=3KAsjUvkC`5ezeV$DQ z*Ku|hbJqO#M4-SQki5Oi`IJ>)jt0Wl0#L1^2(v}li@)V*l}3vP+jl~tn00~_BZp?S zBUUp(SKBwlj)6ONdoGBnF=-}wH{)2^^{9b6tAdMRyycD$7FXL%KYC`bJ@Q~&H9DYJ z)DRm3$tFQM@`=c1yFd}Mj{h5M?9Sed=yHP@`g4;#-MM%4jB&3L|4kT^CkgtiEu@0{ zUx+@l%3AkbR|bM5*a6;p>Iq=wB2}2*W4B!74TF~vN%DytGX>N+yv_8{6|4g7) z;v&c4s!Yj?HWZz=Er~u495k+cJj>4AJkKW5;CE(UO}7;8`h~m9PoGs*Ndtnfmvr^F z%s5YNwyBi5Am{$|m&VmrD?Cp?OSGVtNn&y>gn34lX!zprKRIK4>3zZrDFg0X%z$B% zC>;o+1g|dc^OZV+h+SdsdHw50_Q-rY5YAKI%wTH-3iO;AQxXOj6a+=iRzI4B-$nGp z!2OpivP=4WPuEAApa-%(>P2eA0tGcKVT{{UpVP4o63MhOTs8b{V+NcdhKQL#z2hU))FbOW^zh0MoN)%N0`;!ER8oYL zVmm^c}csHa#yLgd>b2>OVgeJ_&y06{T`j&tn12Nft z5Ia;otkPXc=a0nm)~r8cDwj7#2+EPa8V=Po&XvMpv9(21ldgxs{G+8t^C|ZR5Z3pt zP?X0fW^Z&@G%f@4`}ulQDLHIzbTBJBt-#5vKe%TtI09nT^=}BP@`2Gua2s3{v%Ul4 zs7$|gTfGLWCj)N-d$8IrjFSG8gh+Zu^H~_YbMo%VZmbkNHHsLi-Wu5Khs3wn=#{Re zR4s~ryJZOD;O;|gE~~9!iER&d;{vE;A)QL|~~OTnM=1&S;hl^OdV za-p9b>&|E!V(rw2J%a0bxrr6ZwOxe?CH5G(F@fMG(I^OSL2bb2hOX{i$dT8nLHvH! z)PMA@YgklG+tFXD-vx0SJw9Ez30JZ1jj!K3KZTc(gC1h59Cc|fV9c<2p;)_D1l_GP ztRsM)G8VJ>;yOaKiQEbf4;L|PJD&v&PV=uUmd4@a@#oPWvY)59Z2d`%&39WW$#?4K z&jbjjVk-TchV>cE5&UHzSKq1twSpH8E^9JK$1CWJ@{M@~D~cZQb5bDX^v2^L*13<~ zU{CwF-?~=|Py&46dN_B}Qr1vc79Y|b)B3Ty--SGk4*SYluhmkZopxx zX9lMe#=hQa@V7bvoCi_F5S4#r;~tje6$Ikg@)-uXOAvM3!?DuJFc!@QIC=~z-C9^f zcxMe7z44Y%UuRcIU7Wv#8n1WGUB;B`*)A~uFT16DM)}}vLHvv`qHCBFz z^{l9P{lQGuLXAL*lYg3|6eUnyH?v6vJwyz4F?fBt%}A&>J3b``aDr*{df~^1<;inbF49ek*3(yZwDDByO0y#HF^<&&Z^hn)EBf zr>YCR?Yur+P>W$?M)UdBc4CUd9nv=&B`r<#q+Jhl5)aO$z>s8CGv%%+1aJ@pQM7c{ z4c(QeIGzpadR<4x`;tly`#n%g>U4NOt23|l9w+Lj6}hWYatMAV(H9zEY)$4vaX&qY zH2Ed3A9O*jgZa|sHG;#u`6BYx5GgJdh19!-8|yH4k8iip8M%}LLQkQikHan=+O7=D z;vO1n`L%>146je}xs_W8lXY9z!RG-3#kE=7V{K=!QrrFL2nu!6fMWFFjU(c^J{~{- z?aQprE$AJ#)@&Eyz3!Lw=FRQ>7_}7!Fi|r#(rtW|8%g?+nG>8E_AS0E)8XS>ep#<8 z=~AlL2M{; zX(yvgUV3$D>GYww_e9R|BJad!9;KmB*G?BX3bfJGV(4u5jnQ6W-i-)rrY4IHB*&y5 z*@X_f|JfrS-}QI1g|sx{T~xkF)O-Evcwf{}2uORLw&Ug~2`bJM7_dJ%<;Xgo@o~3t zLvG^I`%={K<^>N;*5&23?T4st-y^^+LHUjV?sNPG8X6E-<;hJDe1MjULK%cD9%^Ac zFK~%zzTnx)dOVXDDt}tX#U*3ofPf&LbbsB7kxDFA+HiJ1fy&vEGD&{1eHZwjZo&s~ z@KQZExM^CB(Tx`DbU6`^HanLn#GWa;bJm=}`X?j5i_HAhdDz}Ona;ARp$i>R-UrNDbw>)kS*Y0v#bdY$)>i0MGr5JiY0#Jx}!vbMZw}<1&YZ@DaJ30iu=LklF zo8Dv_+io4oy|Kt|@34_h4FWvw@Qu31iQr^P|HuSCMH`H~nGX*-<7Jw%p z%Ch&(+$QfVX(Vr5UI#&&S!uhrLI?z>$@pa?iV0;r^ z*6wV}T$ZVF2n^*@A^D!ouh~KQP#FiR3eB&5tkQA9jQG<CFt!>RlyH9fE6!q z@6OU@s0cs-m&-2|!Slpe;KwSK@~)8Yc`{EcCZ@uvV2E5qg9`tH^z!a1B*&L!)~N-j z`Jg-DrC$2dE5bC9+BkYay8Y)({Bw)BdE{pYGdiQ**Q>ojX*mKAdh{vBw`NxQ%fXKe z5{=L&K@BHsSRrL6VNk)S1c#g{t!pPJ>;n?1T1Pu@d+`TrmX2aCxPyT1NW@s!;j4=#s`rOk2HA*4W06i@LGd|NLoQJ-&#b@k`)ZqUVnjkT=hlvw6cnv4o6z9B&Y?D5}Rq+h=2>2S@!|rvfq$G_c#oELF_%w^V)BjOJ*r~_D$|*Q%BWp*J z3w_gO&g^o;4UHj;Pe&(O_WiVU&i_rqbp;mvZlbW0eO@Px;$gN>*8Sm}2m@0#gX5o{ zM^bivTuG4K{O9k5P%EL}xWqWnfoC7<0w;QPZ>gmdx}GGK8vcd^#Ko>Zu86BGlV0H6 zyLX*nb12GgS^;K$e*T{Waj^NzGSA&1O|%?Z(Dg`Q zr8<+{^WJE3_{BLiPWR#!VoU@gzfA|~5GqmJXAa#WpJps6n^G9{EA^A+mxJhAMdN?` z$&1YX$7%r|B~NK6npZkm0EjbZ=9t0n#RW6fa$&t&^)mo(Rv6K#6s8Mf%upW5?A>W$ zYYh_qsH8>p+KuM`@J-dgfwfTnR`$$#?KBG~TAG^MgV6;1-e~{cfWiN{fgHpU+g4^Q zUpqLlKE@u48cM0xq~O*J6T=u=iVbKA!@fWZ_7ys9HD70zC@@2P@4Wb^`Go_i@^!|l z8MleBE2eL;E`1H`Yb%3Fdhq>nk#c@`$v{y$STwzquJ zg_iL3^a_;`W*}pTm2Sc1;C}=&kzhpg=l?2tdEnN4MJ2&SeyQ%3v6)m?fg%byRRnsX z9mBKVVLwrKSk{|dcq+M`JTf1B8L0Fld&t_vxSs}hqvvGXot#9pw9;Q`{u?#U{~2|u z9tU3+Tq%#ZRQVSQb8J$<0yJsOV5=_mpz(GxOWz1synpVKr4jZ2=y(2gW>3w5|8GQOodIy9Q+n0{?zmgH=2(|St>|^R=3iZB?nfDJ3j4XX}>i^a5I>*6l}De*9vx3)Fam86&wn_F?ZP9CMFi}@@s3h-#&;wy}Y_l zo)pl|EC}o%5^VQXHyxpret%sNZ)Jjp4u*FBIA=T$dwY3$A|)l&i@*f0zs-MtJN0CE zyYE}I-nUrdZx82$+^-tBUSdxpt6JGTR$N^Ld$X*BL^<2rfiINu35f}bm$xIvrA-{H ztiqYr5X3?raNwbW#aEr3f;DZP1e$4h*OYa}0zR*w?De`5n8EA(spCHddkom*?7Va5 ze$2mb3Tby}j7{V0p!qkbT?f38LYm4EU?i_W-!^RVIYami`5K>-5=$LxnxM^~A3Dhh zw#OCR&;##e(7$HVFcy0&-k7iEoHdp|?wkZn#~DcHmYO{-MxVCW`zk#9Dk&v2Ajkjy z4JV|pZ|U2x$zN#AjFvz|L_}Gc$N-fI#Vbw7Oim7oj*d=t{uLb?o7R?q@f{uof+=5rolJQ7dyIM9 zjuiyQ+SuWPP1@5l3#7Ahf`9(I^Eb-V)$NbjxSQR2cSoCBkOM***2^QsVw=w$0+TLx zD0t3x?&zt-!ai@;Q^z`9y=v-oc>S>P#O>)3o_&`Rv($GrBDptu%39;P?7iZd4FX_l zrlq+*?Etw$VU;RxDl?iyIw8eK*;FcgVZSpI7JARs9_fJA1^fEe~(Z<>VEjYn%C`G?gP5 zZ)J?#SWQvTP%T#|2y7rZNtESi6N_ISLL4%8r`qF|?DzjlOl;QzhDa(YE5*|jeF$a? z`lwKSFKJ4H8O}eLKmap~9o|k%!OX#tl;L!}xz66czI|D6B=7t$fS$mCU6|PnM;HUk zwvH)U=wtWMMG!Tg7dp z&=~yE>EP2uOezo|jQn(br>H6f^au;L$Sb`LsM59V@9oKa26ru$9wc4fC*RdifGs2h zG0PG%Qc{?~_B3WAWkVhpE3erwVLCN4H zmzo3p@2BMdJp#{>q=%70+Q1Su^?$Da(=mB6%SzAkTQPqvqwqv{=?LpYbp~Da2;~SR z`geKx_R!E8pL?WkoswO(fsRA6 z^*{e7;D8141YF!hIscmQhNLZ1DG+V`^$z(+0U3>YnDco$({E1B`Hn|_$fM8aON)Xd zHdJNMMlQvWDG2BSiYO~tj(YtpqRHz?AJ|F@8DcryVV4Z6%%m*F(dLEJ!|F>`COg9? zp=S?buH}T?xdJY=Z&Uayb#1gLi3KF=t*a1bv>jEH<2N=o zP=Qu44oREp6GJB&Z|LwSyVtUn;{7oI;qg3*utK{QbQw zzn1`{L7``#R#)|viFHd43bZvBc-~LeNT9*CPSWQlT?TKqXe+9aqef*_FeW|=eO_&M z4+6R@-#44CN3C_^!0J(cS&-9wRM)Q>xTkUB4GldHkw6 z|9G&vM)2o;Y|f)+@Y{Czy$#X+Vk1w~x4>4kak{5d_*>N)(C0ps^ib1(Ez;jkCAd=V9k@3R8}bT(BZK_ibmxByNue34ocnx zd{=47ebL?<%ZmFLUmx8e-g+d1h&)armv#>CUQ9?0wL<3LE)j|;iM&J9v%bapQ5qh z+wGVQse&^a#ph13aqyKc`T2ugyNV;()W`Mpr07Qh+#UY_Fb~l~AsLUJ>u8u(P|a!U zP!*j{R`B>XpXG`#Tu>dx=c3a8t!-B^k9>}S65hB{^!xMnL&9UJKrqxWBnc}cGgFED-O%W$yxW0_RE=bg-CBDT&``L)@eUPOs=ZsjkY^rR zUE_n0XS($KF_Q85+^WRap1JhjHVYm)sU-zcOxvB1A zny>7rT}MyUeG;!?fyKFtZYM%-UVG-eN znNn253n=hLZEZ0afar85GP-BsZwyz`W;ELzxxbd{AbGa5{8A+Gw4kD(kakL@Wt9^f zm-$(t^L1k+eeQx{4W7T-pxw>SN!ZSAUcV2pAmSiHL7R*HRmr-vDat}>-1bzIl+w33 zz8QEVP(b%=g1x>VVblK!-RJ_E(SI6FA9wz;ZMO57 zT~XWUb`TK@`XpL8YtS1++v+ratR76(Cjn^Bur;dmlkBevy^6LAcRv5662NY^f@8SF zCgs=o(zkFgW;LgRI-Rtyle?CGa($$np~#0q$ofu&QlZnOIx=fU&2KYy(`gL00<3`% z`tdJNTa~s-PfL4fAGh4;FT8DHPRhm>@b=%9t73${g}>>Vp1!(;EX!o8Oq}ZC{F zmfvFgIDTq_Guo1`e!#$rRmq@H)qS8s74(C9GYH`}@UG4CR=vGfFaTh`ZLnPpJo~M9 zA73hDUtOiw=1-@=2;RBX0?Tic-< zV4vA9EGUrrC3BGhn%vXaGv^68E(cm17lp_6`u*E-TEuR^1NQM97#U>he4wh+hDf<>B!R#8VvT5Yt$61EZu(0IKu=b+H0fR1u z&nd1ab;6Rr%V}6n9+wxUG|izO+NC*KK88n_+Sldf<$WjnSO9->l3?XjqE&nMC3SM? zSoR?34dNUAvjaY`1_-L!pOb^MZM7L^(T5Jf@V~-(Nsh56S z!7dQ?bafqgj>w{O*d!9JSNpi%EQc4O>48(t`{#h z1NlNjGk}1x4gGKE`V-i|un`!_lcBmE+TQu9~(9H_z+s0jlE{7(*2e_Fa$Q(;qUQ-5Ttd zKt#*J^n$GkM9qgeTXEFNDm!rKjqmsq0WK%hBIz`P1l7e*Cm{GMusfC+z>vAQ!)kE7Y$_OaytRybuSfvnG8A|N34dw43*rM|W@yeisikf(erhW#>8ms{GVoH~Y~j-7 zD{DUTO7c@MT*OE!6E)fBKD{Cq$W1c5;6Myh}m^gjhwO7u^L z-G#L)^vSPj3~SAzN@j>=?s6o!g= zyhMg&B)KlXlz|c7sN->muB!5#?xT?ckzgk#DL4d;FmR@!LRpZbvulNL2=YR)J*VA& z#?ku2SybHYgKo*%Npn3=z|(+wbKCurEs17nKulb&-7d>le2aA6#zeGx5fl^#P18HCG`lDteeiz=1{&RUQuyjc9e~d<$-zUlZYd|{Ap`B-Qi!PW(}FQ1qVz+uwkiY9W8ZRQlZoE9pC{=Y99v?@%u!gcLht| zrT}-{R&JBJN9yg(iB8FvyW&sl0B^xx@nsz;-F+e{Q3;{exD_x3;n zz&+wg3Ww`P4@(DBURUS)%L2*@XJ3%ikIzd9ve`T?AHm(1J7*grDV$)`)mEi7lpqsl zzxh6Z`{jqwa*O0@$xvV9!Bjqkd|D&134BTv9C0*XZ(Za(O5Pn$5_Xx+X96~2)G-LPPT$Oi_yjRz9q=}}Hmz+F! zunY69GU!0H?)f^sDbBD)1HJW{%5CKR59Q;~9tuFFX+iTMa09vaeZWaYQK`;qeiC0w zKfdWxYb-_M6LWw{N|u4L==`&clQ%hAf4q3nMBA^nk|G`lo^KUA2`PF=#(SRST%}%g z18mOc+EO`|nQC+z-&eF{4%m7wJshfV_$)q+BHS0;tu?qHiAUp*UhFBKx30a#kAnat zmGH#pHZMuPw;k63FLLIs5*azf4L2i9Xs_#xQq}u40}Xv)-wX6k{;%3mhe+&xye+ySjbAz?dgt;iTyLD{bDHKQc4AVo`KU>R3rg<-N&aDp$n|8YBrm& zz!0_6zuE8IA~^^+JZYv-fTyXyuBf=oj-L0)(p$k2PJ~Fb71O9%SWy zGZ{1^l%41l;KfxrNPK1;%W8=8jdzgw3mF_@(hV5c*?^1=161`lA=Ah9aCCK=YzEyX#btzB znd~wwKrf5LU!IZj$pjudZm5W&!aNE@oFE-n7h~M45+@#~oi*!N=@A+Jr6q_`cr&e& zl79^X^j}bL`6QRej)4u3^JHLP06=<5_ZYaUp3)$RTQRG+Ur(KMY6xVALk>#dKU*V zVx#pLC>aEjBl(M$RW53|Z=i(=*_2r^M8FfHiFp}kT2-=stvvv73>k7r)}C*eIqys- zT@H3Zk|3pRX=2(0?5rXED(!9IBL;_X>&)x+BA zN#}VaGvb9koE{*DKP&SrQBmF?RbN+YE)Q7+VX7irUR?cIS!yiMUd>crDlqF{cVymR zAgVc47r_1%B6+Y3Cy&|-z6wAp*yyl zoWm)(Ezu|2#(r!VoRnSy?0bz;ERCRO@J@|vZ0cgy7~n@mDo1Tp>b2xA64P?=aB)d` zJC(c_tKYQWPmt*}Y!y_*YdSR-VtOntp`O|GIkA)BsALNYR1}nWui7QxdW?gN%c?nh z8$rrYPA`h>i`>s8Gs`bk0b@Fyev%+p;1VAP%j7 zvk={Vdja{L$mkB@FQ&}Wk5tqzGN*3)rgXLRqW1q$Oo6VC5pGw4*ue#;)i@+C(d`7J z912-({1|OPPcY9+P1cdWx8L69823d>dRrg-y}c+Pn+^9*s)%Jegvh*41Nh>%?rY7J zolHE|m8NPlg?&n96Ot2(D?SIMLoO)6`kSOJa(wh%+hi6PtNK~m{LQ zlkf82891~mB^@oDr4Q-wNg%rZ;*o_;=a15uWrIN2GXGa61WpZzFBa|2sCLP6j7>vQ z9zHFtwNOQ69B*vsn`NJ_w#Vt?boV6L3wxg&np(cI5PJgwuGMe>s4AWF`kyy8OAQq! z9pufxRa~L}>ycBk(#Y8quWH>~=$DZ4x5?{zvqDu*DR0fBDTvh;r9xU@6h7x>ax9M( zk?e?1NyIx2h9b}22y7;1-&NfME>0WUp0*9z-Y8s#sP?krjTHuR$io0FIRwU;Kq;3f z{qZ0q1&bK29!>4t+b_C<{F zr7@+gwawG-vI+}x)R9z)ewpo+2E;wvv`aWzKKn{XzE*D4+&QiP5z-^^@f;W#W$NuM zI^XwV#gQjXoix8qA;@r&`s+j5z;0EXewSg86y4-#k@FE_!RTC3Y4>1?3W$ol-xT}X z*R!Bi+Jk~jjU{1PZ18y|k@iC*NLbV`Se&hp8-y6NO*`g}&$#U}R2b#O~wFjob#EhqUua%u_OqJAvMl-iB0;Q*f;&l(%%9kT$ z)g0BT>)R+t&w;2Fgdy~kGBI1VV5yFm(BB<3;_ z;?JrerDaZfr%B$w&Oe^6m)4XkU`9u$q;!}WfeKslTJ}z|U@xn%tT}bHm8J>1m7_&4_*#o!PJlIpTTu_pOl zv%O*bp0A_Yo+tS4-%K0@hV%iEAm`zV+g5J(i~L~rD(z=c*%utI)3Y0vp)Lg;1MZ(FWY)X+}ShM6(R_<0ct z#ztiDdW$eysYk|;#;Fp+$0Ye|>=>42WWxcazF)>7RfQzL}8um?2hIjkj62pMYBZ+!y`pv_&b=tkd`LCeKaw)O} zT!M(8KL2rJU#@fy`OKfkQ)NX2^BoE?kI(l`JRefT7nedziS)HLzw~{8BnHyZoONR; z?;%RQuvV7I>_w;1(=jlp;UCIyFTe;wC|De-vSNa<9HioDSqnV;ajFLiT72SUB>YDu zEu9cmun~5DgcSjo{UJ|*NGIhOEq&7l5AH;K6IkI#n39s49tism268?RJoj90k%uGg z{M1IjXP?MQ?|2_ImdPv8{`AB~D3hL*Rk&bt-p`^N(5-A!YdU0xLb$uI;TKDygo&8m zz+)KvgES*mwuN1_HRrnxV_2G7YCpTVo73w9q@x(;{JX4Oi>s1+EYTFif^W>?43E=h zKg&MsAro{M{E8lt%QQzK_?i|>pz#9J8R?YO`Kf8Ps?OKAdK-U=vSsxQ!e$W|uYUu$ z7m3^X95GyGurCEd*6GsP~ ztu`{T*v!{o#Dl;y)x!7oWbzjAHNMEzuiS_EPlL}ZZlG~SW};i--i*Xo`>Uy?nq%T+ z2cxMh!Sloxnum)pY)bOY#SY(&41Ond1LWAabe0LPm}nC-t4$W+xm4xwN73EaSr}(` zlMRePL=T5bKA!r!v|ykE02p(AVm~2fQWtpMw#WNbzSQJF%x4iBiO<^**uS&-qf!zJ zY6I@N=2b?e9Lh}$SPb@f1a01VQZUV3%P^MiKp%`4cNHCqex0cg*g7%oN&byG>RGyr za@sX$13^~o9kY)_2wc1oqeJvu)_fnZ6{4M_VpLSa&z@Mec3$sbz{_SEU<+N!S`Z=)zv zLlNc72rM66ZSx^V)5F=k8X~^@DG@RBedON{7uw3Mz{0UMgQ2>3`7151R+3H{jXqCJ z)p!k&VDRnepC#YjIeZoyO+*F8@i1c#l0ZhS1a8hP4@*%g^`1n2Y%fmaxS>1E*0O@? z3B+aGsiNi&4^mA`D1uoV=P;Q+9Cg-9;ylgrhS^#CCP`(!RTG78x!lJ8qc^6>TxmN~ zip6R^dTca-UXiBU0aPD`T!*a1$9_5`?c(AqPT%MXu>>)+M}#`}e(*GQ^!udS z`#xbNm0Z&;8QuBC+!0YNR`6SYIeYK0&S<7-s|3@Fx<+Udm zMG3n_S0}tE!}I=Jf_Pvr+q;xVzq3wj4D63hB}>tBThLHu-A;VDJEF4jHgwrRejQ^H zCUobCq(PiS>rGLi)0k{IRe0!T`Ho%@vMktp?nI=p?P!m4@#pp{h8UwTO#4M`;kR7{ zkknWW`|E|}q^S=x9bu?3x>pV}AULv#JF=&rc=-r7hUvG;0?7Tq$2qW}j($E6 zTXv|1z0S);>uS4gnRru$Znf;q@#?|sit1nJ)bp${_AsPL3@IX})_Cd5K>Jx+@(|tQ zCEg>m+*UJ38HK|wBbDmgoj;7wqxo9vke14KZ32VsM)w#Cr-7VvrMv^byW}(b5?Jq^;xi6;YiRq1LSM z+?Z+;R&8CFWK*Hgf>`MP-o-Bdu62Mpc=-zoF^^>ul<9<1{68t3p z`Hx}LZ4Z-l{cxqjxhGiUo^+VktCgMn#Hh4Tk?W;1h^2BP%mpQZBD2(@)h-Ty;z?Z_6+|BG zSCnS%KwXFEA)uiiPZ(sjQNZU$Swe-D1?AgwU%e3A*}9wdBW`U-q#Bq(KY3?Lp9I|a zad0OeZ9mNoE?;=rKb?F&b9{I1%gn8HG_)q56!K=w_j|Zt%n*!i$;qbh%ozVy&3x7= z$r>rs*oPCw+XTpGw@Bz|T}vFLWA#t)MGamyy6cnKY?WRGHzO(~ajcWM{LsCVIR*c9 z?8gO;GWGtR)3LIqt_1h*2ETS6BwahOf^`fnLr{6%xar26CWRPpJ?rj8%e})px{K7n zCJhS#Z#~p|c)eqev%s|sQQeRKiNVCQx6So*{esq}FW|Yv*W{}pb_Z~+nyh8%ISxHj zMl4?-tz{>u$$w|ki6^lvq4DreeH4zwqLQUY{t)GtE`V!*!7z!boR7Ik$lAG!za?RH(LBS3n#Js`0}Z)s3c? z;w!h|n0<5*CKu3;vSsrnPuSw=vb*$M$yuwnPP9pWS<^NbLCocsFS=-<%hvZbsofbm zjr#((E7kLqWDII;AJb*G*4FPF8| z6+EH7mvqib$j(r5|9h(Zwxi3+>*)dd>*GyBO4+na@@}%bgsUf;Exj$eG*;{sdI=r-ed3+K;LhkWeG zFKEzUx0m8yO1oNDBx0^oi=r>awAtzNJ~tOOC<$^Mh`ANF3TcvzHvT5bU3NS950fK59TQ+fNhlZD>U=G$UaKA^t0DJ^%i!{n?IA!c02Uk5#Ow5s zPcIjmFx-V}m);WZ@>CrBnXUcC!Yufs!Mjo_p0|5O9V#`GVPbqWXhh2it*t|gzGTa( zCp1VP2uoAriu-vQh`G^z;g^3>^-&-T*&pHhe0b;Fd-Bg2CY zeqp*@%%CrrP)f%&a$0&_suvd|06BySr6@)Kf%_UNtmtLTk;^f`MFF{kxsN0taXU(l zwK6qL@Z()cy>R=&LlU`96*BuL9eZ*MPstt44PHN$(GpZ~#YIqkwR~+iifb{Q z`hYbKB&nuTG0rfUxC1PQO`85x)J6S9O`GV@m+U?1W5b2vedE5#yZ z-T2>{{LLo8;;LH(ZHZ3RpW{3w%pDa^t1$-&LUy$579N26>2IceEgjXhqL(*mA2S;p z9sUPON0hEmP1)_Vehz(fN=F&R2~ik2U&?vJj_8-Hd8Rv#>>D%G}|FJg5+jya9?AQ=Kx04tZ< z@q7`NHN->b%50TxJ(Cnx=3^Pk8w4K6Y;3hPhM%fI*nTZH?k@KD$_7%g2(|L7j zJvF#wxACel{+$Rl2x6k(CVegs`p>y5Nd7$ep|RtrGR)m&A^5lt;hVyK4G|NavF#l9 zdH8=QoLKcWTHDJs7!z8DAXh2mb|3c!D0EXDT0*5paX*dw5 zk`Hx+sVOjmAjdX?}d8fmf&}697?&o@E|savC14AXQPR*kx9|Y z2RspG?yY^Ko(R8-p5<7 zsK1dDE=?Lr=Bf6`y?cP0bJJ*RByjTGB!Zq)(yfJ=R0h=iKFJF~tBXb)>*XCe=TovZ zGgEIs1}SgDp;e{aJDKiATGo)5Wxdz~zdP8hW@xb*FRDt($jqRc2X$dWdBGpBae5U< zSSJ20m&6f0iQKA_EG)E325NRKO?71y9#-Bc~!ZjLkpQGPz0p@X`Hfd3cz<1{tKjJ-KeOXEG#kd$zDc zRO9J-$_gAZNrUH{{IlmpH{ywjx}elB8EVnG?GhR;J3jXlZ*d6?@O?YwF@_(a_b0UxE-ZbgT{9r zm@COFeSdkR(vU5oe~{B;pHqM%=TD@s%=lhQ6*M+itgO@L?+{^c+{AG-F)_w2n zWizQ~>TnIUirLr;!Xz`!QtQLg?_-nTc^@Bc$RGVU>_Cll)M_gOQ`wKs&g*MC4s;{Y zeTa{4F>Rv?9>@S3U|aN40?g_|!7p=4>o633%R#w&?pfQ$RRi_YlnkaHQGO?yeJrgf z!+=Ge^3@9@e09UcG)(tgGg z+HRNcnhFonF$Xs4rVs_tWB-aAlyaHl9;YH}Qu?LFPWVPU##fVSP^WR9~2W)l1-&l!LN zaJw8PW(asM0)tUR{%qy!g~q8VR68DKZjSN=_~*KcBqb-`{_o z>FWABXbza!@%{f+k;wA2^&Xh2{<53aXRAOmPtpN>%^FTrY=slR#dD@-G#nIFS-*9$3tnOTfgz*my0zWM?~$^G?(zOFFuCF5 z)DKgIatQ`co7n%ZMquz_oJ7-q8({dv^?!a*OzG!9?xJ4%?*}t-p0FWk4*2jg{`b+v z9QiTm-@GC(qW;hHKL7WhgPi|A2SCpI{OL~?u$I*hUxOYPupM=Rf#atC>eA4;Ma%mc zsHtNC$khU*NdxtG&AZ%>I3h3FdDhkH?f)Go5ZSXxLkATb#cg$cE=!EY=uLu(Apg! z%>UP*=-;*=0yk-!?`am0G*S_$TGO?<%BJRc5a-3muB%oCuajF65|UN)jwBq~tr%$E zLIgRFDC{{;8SESP>3nUL^tqd-4+~RpHMiNjU=KR%?|dW9GP|ny8r^j z^!;eA%6oD76j7(qHEMB@vFdTuIzY~iB+;+?;n&^65D&ar?|pLt zQ4=Tslnc7890u~2?Z+(YrBys+GY~?sEB*JO7^#_p)C)b`X4UAi*fDJ4WWiCnB*76m zr1__=i$~mn3;BTP8uG7{ZleDt_BV;noz-;m9kBU>BP)gnOApNBXHf*J?^UM|ZjL~v61?F0#kopB`z$hCBE`%j^AV)xM zLm1;@#2MmZ`pRR`g8K&G>(hst;<|RE_4Ut+nRXR5MRw9d7Lk94m zx<*D^YpSU*yLlsx20)!1Hba7fJqP07rLq`5sMzNWV5Fv`P&@67#sML}fo7K@a-asb zsev4gSRmH>@fP~Xv6N(6N^j7vi~od8D)?F&NyI;xc{vlAD-h=*%mapz<9{tjV`PcE z5P|Is(K>br`U*5{?`*h>@2xV^;^o3&v;9|L`cNl;G}@ZZEidM{r7onhX_O1>j7#Rq zlaL7r88FSqAS^0olFz+z+f}C>OkKe!37wF$aF9NrJ4*~Di4ey9-hPmL_HZe%Oz55b zE%erMGCz*pYF-fo14CEj&gA2pLyK_C1{D0S1Bw(pYXsfRgs%6?@c$`+$D2H=E%ekXwr(Wx~Ppsn>3K?8N4>u<&zxYDX zh?DK~TBP5CZKLp=Y*DTrw7=Rjrhm0Vu)`vu;*|(SBQ9L}%`n&hYCT(yXm{>4E@UxP zSdTen9U$X_XAU6N-@JVoiY8nNkO5xvGZisLbW8wfGuH|aoWtziXQraj4!8*$98X~cemrc_^#S7my+!|l!X`<;A-!N?y5PdDZ)5VeH#XF{ z`YM7B1+N?!(z**i5W)3uUPx>g06T2AVz#O-0)Yk7hrSo|>`O(7KtL8ZCbc4PqHNpZ!+Uu%3{eNL{F?f3@BB%)*SX37Q{Y?qvu zh<)7X|0O~xqwt4ddM(a6k+wjkwT`a+*xS_$AWLtd*Y>gL>*4e+1N$JEpxE}sQU;g9 zug4X%B%s>+pw{O3;TqP+Cl!p03j(yId+u7LVWQeyR!G|a?h}zz6pa^)RiXQ>?aT|8 zQ=rjlhYrt48~I5?c0$9_sAO4%dH(9`=}y_ai6zI6MBRs%9^L?mo&+l$U0G9gI~mf1-$7hrt|Z24?ez8Pt4m=?48Vr?a+| zTF=IEofh?@Wdn)El~*Y#DQ(|Yt{nNNvrc0JqhFPRDH#L}J}6sz>!xCiX!q!3;{BaL zNcAePHsGOuYfT#;ZO@h$>#gTh#;Cif?av6&IQ}P_A*@u6=bJwG=^*3G57enKWC z2i}bSkvRF5b`9(L>+AE4XLhzQ+Q0^k7E98}ivY5=stf#$;Gx18Bh zH5m~*OZu(NFJ)lxQS!*x74>A!Cb}syBVYzjm#CN?r?C8GfCFJG6#42N2O+J=0N`2E z>%*C}Iz+$4axE3h#r&}8awU=8D8eJyRD$9W;Zmc_&=-b$pJ$KBU+zvQEoRHKd+&LM zqwv^&>_ktEZOrd=J5^|Ns8K7=?gJ@w*ON3L)mG*DE(;#RibVkG)8>IUxYDl2i#1rG z-H-^F7atliq#QtXI*pZ+O-f`aL3Rh-9Hhw^=9ArFlR!ZMhA<|RdrL7jIFr{ol4)-D z7Mbjc7krqXI~VBL7-dBUh|jc3WC;!-T9&tQ`AU0rwo8Jub+BpE&hh^@>(e5c1QLj3;r;8 zPkBFrApbk+XDeuJ8q74ui!IG*TWn+tb zmI|g|5tEjE+y_ltwV*$M+3424?9SCTk6rc?tT{M7djHH&fiHimNFf2xI{jgo zRCTbiY(XlrV6>^~b~kUW#m(y-tuv!d0uef7I&Q9yU1hG9oVRE${_w~r$5=^(GBqTqmMP8JH z5P}Hvsk2=YKdSuwTd}PN;3Q{_oEsSm)z#ldCg2+94?%qo2@KhrFILLCx<4~kj0V&K zbZ^rtYVbQ((5=ya)Vj0nG2k}a9K>T|5RhYJ?E7quNt0M43JSkxH2bfe{PZt;BXlFS zN2=^SAyh(CJErw(`iC#w*b?2T+#;oK%5S+BcGotq72{#dxR%QdQCnU*m)Yz@JVB*x z*7gSb?A1z^mI}k6>x^O#^#*-BzScGbWjwJzbS*ANU#Mai2OHPC7%-`1-J}T|vh>?L zO3vW$lzRK3@Nmz5cec7a?F68$LI9mzhW+J~GE0uHl!(2by@|aca79^PxZH4cnR~Lp zi3++Q^T(x+V>+^raK59%XBFxcLfI=VFF!lB@ol-@YC-r5llEs_j3(GjnTAwtpkwp7!aFj!zhD`>Z{gxfKS!MgPf6z~WUb zK=ycZK*8_noWPPNzAw|lIUsxcq=$of2~=iM#~6xyIQos4xA}?o2MZ=tVf_J0c__9< za{rz1+61t!2LS6@OmY~w$^;5y)JP}pf}wLH`^eA$Kw9Byj4LA`THI{YIi7dYp4`uXu_RqO|&qli%qn_|h@6IsYcdy_zAF_ZCD2b_T=EWhCO!IfX6PseJZf7J1 z6KySZb~Dm17ppC_(T3e;8yJNAm7??Pd&Y~|h9bfH=DpC_5~6*Ajp%n+bh+5Iv>vyW zBL(ektiO3Sg)J{UI7Y9{@ZT;AuTLKMCd9VdPjm(uW(yX?Ij{eWbRG*mK92ZHAudLu zx^CnJVQClC%n#EYlw?Oo*Co%{e$R5EV%aeR2{N8MC9#K}P^lZySLPWN%L15loS$ug z11$j#bmwns6XygXBzh9S@E(je)YpEU6evvsn%78JsaMd~m#W33C3VE{M5RmPQ#taU z4kV-Uj!Jc*6y^7(VJaV~g)XnQ)seP%HcE;_BhoQ45X6kHYjao?oBw7%Q=D~$8zf8buP>bKH$Qm~3{TTWE3!$l!5T?n={Xv??(|=lZfa%rtEA z2X~2Q9?^U~EB>#0|N7s8uPI1IMyeJM2}VJ}g_fa4285DT>|W{An;Xj9FI7+Za}Lyym3!FbIfu(n$MS5cNa?$D?hmG*^|KA+ zgGFdw@UvsoN^KQFm zWh_S)0=gjikufy_9M$J64!#gKyK~lr4O(5Qxpk%?Z>lW7?>Ra&uhK_SqFZG{i4pebw;MLbv8hm-mbANatFU-ai-;9kTal8xZT?5lF)`fS*)LeK9-OHuAL+W z2mlJ4iQ0S;_5jhzMEy2w4V!lmmQhhLneHx`1i7|2uX-zK+w+sv&t=BqSsP^bU-Mx; z>h8fYnO-$jQ?wSdM>>DUdCTj1Wnudt%g?xvt}m?}%D#$BHkpg{SK9OT^W(W`fdhga zc9tN>+47G}9KL?Sj2trA`GDpU?Sh&tw9U;g2X0FVm3c=(d*woH9;`XO9h>slQswQ> zyZ9(-S4gdom0syzZB^|{_f}fnYZa^F|B=M`%a5^t;?JTO<3$K1UJqs^^Jky*FwC zx<~=BFslpoLw?p>$ehx zw{c{_L+gHT^EF~%%_nigR0~IYP;->6jlHq-qpTkOYtGTrxX{@13F8%qM=4+MGHC$( z7bF-?;|T!eH?b6M6)01D>QR6Pc7eOHdpO85RW5b)s!LbTGnkMjaxxE_Fl z2Gbg%Ii_zN;IUf(8(sDd<-Jnf51~l2DuZgHRDDk{ST;KScyur6{RFRra2+xstKw1U z?^B?O)8`1+#lJvhqqSaNA5(H%SBNx3p3tQC%5o9bJ)BL~6^tA|O1RW=W1gtndL|lr z>2G+EALhYNkpB4Fq00l`5k1iJlT{p}BRA*7ciFv0>aXffYQrfkdPSJzg28hJ_cUj$ zjXnV$j*MJGoq#RsQjE$J@zeTrwj!Ngzg6<69|%ql;|H3DO7zlp_ISHd{nIwiPl9P}=f$D(Ss&6nCE`Upi2AfwO{YQMr^R%sO3h&M1#)3%(%~EWJY3H4VH|BDcJ@MR6_&~Cq zG&awMkK05mEe8&`62sF%tuusMJWBdx;Sl3c%raSTQGbTYxLEyec6|~aGti6M3=+W=geE^lv7u5jVpB}D&(XBl}(p@=Z$s?AY$LE++f;A zF^;S_Al6=H0UzDR-5))iVj0M@YL90p4IQ6>CmmcSd!dT-Oygy`?)8>f-@1-=$^6J_ z2*i`sdC!8+Dcx}6kOJv%j~8mE9d7wL5G*N0Czy6S{rb=+rW-XBwCWv$mTm`X5#wSL z>kN7U{GH}*D)9B6k_G5}2!4yOpHWtXhV6r|i=<^upiybV99 zguN+>+jPiozd0+NsI~foHnKbd3<|JC*5DD(zh=io; zw6$&^>U4-T_wTgUb&2SuABR|;m-24NOiJb0+@1=KTZ0b$o}UzVk0TZo81@=*iLr}B zz>;PI*DO>59a5*@0dPHgT*TX-&2AQ(bIg$lIkFMU0BB<9Dy3(V)ecg(2BAV})Q?R| zAC+M+uWvLPnscC;^jP1AU_isd!e~4DkB{JE-sr2h`pSxR;b`&&v7-{P(+_VAF1hyh zv2viLrk#trMGX$)vaz$zA04}m$CkUG%wCud`OCm{e%cUg3kisAvY@ijX|y@O>maQ$ zAG5=n(rJiw8@R;DP)C=*xddDcXWiq%D16g}nu5hp&v6S1O4!VKTO^Aaz2lmIH#^Pe zs1|s_H#PWd6&R_Z3qYc#uRuf*FC)S-sk!+Sb)#2B4;~ebZlL%nca^;p!BNy1K=-L# zIVwDv78vt-&40q0@tMbF`kI9rL#J_(k&{&hmn1t7sxF-17meg1?^roop(A5Ir$t_u z(VO83wOvw|)9rCHIy7o|Jicwm?;RTee3j=F+ZEcCmCNworovCSL!$xN%o1u{g5smzZPg#mSVaU}8?MTW4RYpnd=z zdDfR?Mq-gdP;aPFx}h^?7Z?~x@iCEG5|2w@MAQ|2FpvbgNZZ$2An%ii{AhNWZs+O^ zUJF(kInQ|2Esv37m@)edp6aa;6LUn0c(`i@gQV(>A3X)AF-bcG|98Wp&7FFrY7oU{ z`nu(j4)KElb$Aalm5ON}3#+Xf<8W7Z>)FA)dyrP!@MQZaLEGiV=qKpPJ<9QA(FLv}kugdo`LX)h`AM?2c&?2IV-D8=&uptuy|!S{-&oRteBTWX4V#7* zV=fs{pdb1zn2bapEAAHL7JwJSJ3<`K3O(?$Gjigh#1nxp&WH zxfgj2RhPmwn~Qm^MpYcxo1l^eq@SXs zS10@NfB~VSbszP|@Fm4$bgeh-mJrpJpcDC#v=o^QC7fbJqP9K<$Ft_lz`xBaC;P(D z$pieIYE#(p;CrBK@fKKExc1jsC$PvZvX~hN~Vp44$Dx^WAv@*KNX`Xo1&$sq8uUm zj1^}6j7K^M)S}+%6vsb%BQy?D{<#>&4ll#W7SLaGGx_a77x|7I@LBa^sDNu=WIq)l zRFc{5Jy1fKWsIra>2Y<6ie07o0<@Ff4l7PnhY*g#tciPXeZUXLWJ=wa$I!O*<2-o( z@J&~xoPln81)EFjUC}1WjgO!Zhcp6iJ@usc<}=#4<&3c}2JYZMm>_>oHDcMcI-}0< zgJlV30JS~&65hhHqtoG=@c#FLcWbl<(ub;*pN79#lp#_#2Is<~n0MvCK|4{Mp*O0o z3G=wq2hVQqDNVyCp*?B#)hwl@-)pnQMf9^KC0;AFs|}r}1|T97kO7DNykelJUgK!0 zbh-UxHd_4p9JaqYcd4+g+CO^^^NHKhZ}=$nSblyvTr~&=f5!ksE=V^w0>FrqqbBPd z&C*gPea)WN;Sy`B(ufGHi{CRir=DFzKC#S)_H>|6n>Bia_InoT$r$|UFHlp<_ z+~et^X?-_io}q*SMi1WgJCeKlkr}T_WSs1rYR*(0_&mq23pF-Y#EbyBu{+Va3PWtt z?3$SV?(QIOnor&9CnuFx!~oBS_Av^iPYUNM!B&FxN?OHTpHo;1-K?h7K4W#C9O>qE zTSS)!h`mxB{L{PdpcwBrbNWBgp)KrB>Rdydl5^CednZi&*zabTL(qk&7fcq9cJ8Q) z!{c~+@(|0HO4eOYU!+<3l0+40+rGUj&Pvzn368!1_REBybJXu9@XokT)7|XCe~G=w z89K83ENuzA2t(WOpa&(e98Kt_R!ChKL4JwcKjYs_6~jCC-X-2`_vN>lz}I_E9Dq8| z%#&fC*Qedu`LtQUN#W1*L4{m}b%aLGXue08INAm+Y z%%B&?44gC-EXML!{>yMIm9WL1M|jA8ghu0x;~}$9w#HSe0rL*BS%ZPt&=-36Jch!f zE#C6-7`%r6EKd6_hl$fMqDS{WmgJxT(x8V57uD7#ik#}?RPW{Z`JDHq-H0E3T9oOYJla`BF{2Q5K)$K%F(@oL2b~Jw3=L%?a84m8OJ{VGUJQm#W^ffTGe|} zpG8i|AA&+QNVI>O(j6S-_Y-&VSCqtX3?lyN!sc*5R@%sUAJs&P$K0~g=>*&yJSUg= z8JEiK86d+u``FarHrcL4m;Q2TNc{wz9l5mL(#)KA95^@*;%Y4|>XJP_Zn0TQxjoW{ zos*kXNls z@(?{F zQ=%`_usbLi9`}{ZoAK$vE>EfW_}y{64C}#`&)k->?>g^^OXEcucN}yy1tFIGAIJ-B zjuz7%tn|OKMFEB9GkSX2)v4<;re2U;HemRlOgFwby~BDGtzCo5_Ib}e_Q7t`hi~D@ z*`SUT>o=0uQ@|;NMwgW``PC|#jrpeG3pIi=O)On*0Up?G{q zF6^>a?Jb8{W4Zbe_uyFrD#q`05xE#{D)zSdhY2%z=Y9geSkwY7z(*b1E}~dn-$xbt z;`=G>Lf*Rm`9tK)OeKx1*dYAe@w^L&X@oOT9gYf5OgeEq9Fu7@-oIa2e=K2AD7M%k z#DRX={DYJ8SAd`TNI21PSmJvX{a*ve#k!_oeE+0yd1Rn|f8(~ifZKMKtQ#Tc^G%F} zIsM0xZbzt|tAW7}=)qJVfR>cFmcU7jC@8jFAI%OdIcdkvbJ@;v`o)g_{*oqr`qfU& zz!u*1p!w}i`d^5~VwW`gfz&XT7x~?ByfpWf-VY+|U#Q4}&>rnlW3~meptD?fEPgR| zH|`ZBP z%Xr#Pc2f<8UL0c;WBAOJrCQ=Ns_c4Zx=t4{bR?nBH@HUNyVNIGq0-U4(?gB!$Cwu$ zcdM!O1V3C~KAPh(pj)s{6LU^h(U+mSD^;Hi_<+6h`c40%&9QZtbfN?#*VJ9db2R6{ zZt@JSmKGO~9UEPLET7Yf&;4kSE2qW7$P~;{^#1}#PPw8};^K11m4wziRWVS$pQwMq zq}2~r`lhE2s1I*o_5lQ*{hhaYFcZ1@P{`k2Zdt+Q( zdb+<6%>R%YI4ENpSbsfgqxOa>su=oWPK;a3{d=k?kvB6F;4eFpjdOc_ z-a`M4i}c{v!8q10i-|bmt_S&XkbnLgK4Fxa?@r^kfP30Hs*!d+MP@=;Pj+U;bCiQ- zh8{@(%_p(#{lDofQ%n)LGVJ#ze}>T0wD}GYMz_R8C2e4aDao^~9~EJTykL!s1yG5+ zvM3!BM(i`D^-o~qr+d8fC;JLu5r6>s*HfhW9`n5bWnaeaF@}>Q?2(X^^apz~Rfi{o z+go+wd(to(KkYl7eAW2%;k=$O3r&-Au!LIom?Uw#Who^;m*@qBef3FGn9xmOhD-&*#rO&0d0jN?6CA>xG-&Ly!pBczfqI)UziS~KpbE6#r(CGyaRa+VK1zE zrSIu2TlFj5NM8OTS2^YNe#+cs=f8;}-*S2f?CH7$4*jfjy&j|6U;Vm%1`s^-DyfXk zm&+V%dVl`nK_L=4U{$}+kHKfCtAl}5Ik+}6BjbPJMrv^~(G5=WaA9qgTgW2-#md@H z4*mtq(u03z&8ZzIMQS+&u(3yN;@{7@zyI-Q>g(|oTuFdYT*rU@)XwFfilqu6Ws{NgVQ$ot7fHIevTTka zhY{=3j8}BX7>*uSHld#BB%Uw-@Bi*ZN~P(+?G}<8m0t7Ko-i>nIV>Rvm{?ikc+C3O zT<@HUr3yJK?9}cCff1Y@L{x{p(ihLM!JFXybU3%KL{Y=B538_Z#{|n*Cv=-A_of=D zkt^eoByQ$nXL}26afZeCJ<$6u5~3I2S*%|no2Qh-3Nk`bAk7Yl6C1njiiJrea?wQH z>ibx4(I@v@io)IU&ZX=JL4{KZYxS3Zy1eOw$=ll*J(#QWCnzE zxSfO~COVx$Z{PiEtB^ad=EK~aTG`c6UIWuRO+dM|4TvE$M_kbDUg7=wEElcYFA*Y9 z(DJh<1tIEkSb#&xuOu5z$`s3>9Aj_Xg?MAOzHZUVmfi;nZcJvU>%jZ?U7ND&)dFv!Wi;zGAhX@hC!Wp_}i>u3WJB z9ICP;vVLRK6|tQREt0r8ANpa0W-(V%Oh?yYiFQ$LXGJeh!Ea@bauWd=uAW;jiD~G{ zP^~@f`dn$o)^r_@6|MLAhNv4}?J%><=nP6;qRXx!Y~gbvV`2L=W>9+qBl z;nx8bUDVmZO5>wwY;e{y)}*3C$Ih+->=my+UWC1b5j|KP(An2)4?^$pM-(qe+hm95 z=N@z-_mvyO9`T&yhw4cW0PRJ{PZnG%TguJRB3kRI%4krOC-3A`+4QVfvmxQZFrdWN ztL*^)yFQWG2x+%=5}y4^^8^cc7fN$n6EQwmZAq?gqtoCHiZQg{#~WmGTTg189S*DJ z7|u0u+qXeUgiL|})S-X>;acgJHPf#Pc_?IY4ueBoXRcy`TsZ0IbmR6`4|y$cr`?z9 zBONt8EKnCxj_qpo?N*uQhxMlktyde%M#f0&K!Idq&{&2BgbuMFTi*@T^+yN5w3e$s zRUPvPN5Fk}k32=txYKf%lcaMqV3%`%Q)pad9KOpta6iw#f=IA4#c$WBAf6$**ET|| z>)R_9Uqyx0rEbmgj;bqr`_N@XbbD)VZm3>Qxdl=-I5=tdoLN{)?ZRjZ*%i6TMZ~W6 zl_R#WNI8Yy!mto@uHYUx+CJV^WIYmmQ8}8>mvTr3=w?_bQHCfxF`oTOG;N8GyD~6w zB<=`4f)dt+fy}` zb?Z<2k_9z^+_CcJC*R(qI~p44PwGbQAzg_$3|O(SupBm)y5~tjJSzY;2V({vlFUCT z6H1?$$rZ&1E>CIGIka*N<2PdV63_-%CO*KErs$V(4LNL``06c6BIa4k|3zeE4_&}^ zOsl-2qAJ>CYN|Eh_uQL*@cyu;3HR1l0bEMq3rN6)m?e4%c7gdOS7Ev5eEw*jERN;y z)Ei#@uHr+VM(Y+xfWEH!`0B`$H)^(;_g#vXX?Em33Aav?eu z4H%s^P%a$gg*WnJ!<6OUYl0n*We!1R=xHJO*Zk9zYqD=9R9`%5ihOK$58tt07S=uDlLqLA|jBjA+0Hj2Mv*cxn(6c&e*U2uwX%`UIj z$%=zuQ&9=HPj_Y%pOV3g4Acer(+o)~tf#8wGsGHA!z^o6&S$-2E~)$VT|a!tYs#fq z^sBGAuHVGul>IQ+a{ZRSt)5_uA~$6ET`jk*8H~d)FC99&a=bb961WqJ(#U362T}#4 z+z;1E(p*ay4(CPave$+iYWS;3NY;OzeAh}Zp4H4s<=eUjQ)}TbJ%I~H#nP=7<#!hF-4x%+S zGjSaqjoemiYStA6v4A7|hPYRf#&1_=nX;F-uaUCd8Aif3Rc$l6?Ycd&a8BS=2^i{D z{<9KWM5ukoSb#~!&UnIZpOX4wF-duY* z2N7~~J-?Q6&CnJ^_3>pqkIua?f=fT;HUAo-RT9emlQk$>K9>H8u+Z9bo~0t*Xb+%) zArTjQyP3po-vk!rZUE_5mcA$M+{{%9(Sz4iy*BG63LRb^;5qKKrDy2rI>2kx0Eb%G zv(NY6Eq)%mJ#P7?O$uYzA43(PP@e<$z|wF_yX>?IN`sz9xws#mLq9r*c5;oC!O0cgvH~H(HLX05&jd$~$qVy*-61pV$Crp6vEa^FA)Axdu9E&Yi0Z z`CDGi{0`D?bG#^@d}wH1qJLr$cXNDm70CP)L7n?Bs)3i77hSw_eb`J(?qqFNKWnBv z;|6OzkL!yshGu1~lH4$q;S-Z3KxX+mCKPvCV1%mpxcC&=5+$+yLZm)o6*iTY=3x85 z#y0Kksp?o>;XFqP0gY9UHpYJUbJ;pwH0-MnkXi0`$e%w+IB=MO)9s;)8Mv^iMp8@` zP)AHv+T?zDf?weo2$12Go!`=;2B1=)QjAIXB<+5xeczndNilyaTySNUq_gPV&mO}4 zeDO;I9}Xs_Kqo6QgJ7R4n9rD*ngvIV0ebq&=BvI^({C5nP%6?jeD^O;@DLb2UWURm z94roQ)N=iwZuT>7RJ^aobj!`vt?ZOP@t%0dA`aTRrAr7NP8O-L*n**WL%=XWywMT5 zH8C-~0^?E(PFujeygI6bfFYpfac+Aj&qC)S~ z0HCRKDFWi_tN0FKFzD16TkA8`dDCO`aZ02&8ppgK1`RQO-(e;<4;n|2X!NG3cBin2 zx!OBS?XTXh=Hlg+uzq)a0E-*+q#}yz=oP<}im+#}D#eSdOfmS_9XBwQ8Z2?UWJP); z9@rsUfo@X&&kt&`$Wt3lKiColOOME!! z(a@KgQD1a*?bk^5t3}7Pz0Q0L|UZl%>t8XA_f;6!}R~G8fLs=^GH>rTl_b@U+y{;d2#UoQe zM(tXj!_eH^++J-%?@U~7V_2bL=N~Fw?eA|&y1HGyl-s0DGW)H+vlDfagtjZ_rwe-I zoeB{|vFTP0+Lw@Jc$~3DH?;D}&UqhHjd5LQ*7%wHHZrKTN-{v}ts8JEZ=~$!9p9s- zFpsNaCsh$b1=&a}4Udmn9UU$csp`pt-p&N-xHE79WOJ-#oR+2=CA}Uu+Gl z@;dy4)TM^5LI|i#;`5cf@BG@`A1RD|tFkpwmi?9?9cmCk|8 zb95Mk)m5h}I@0wM3f|RIjyRepJ>L3*M1M`Bv+YMe-e4mCC14($LL$3SJk-UgcMVnJRP-wSOx%s9Zg9Oi=47^Z}_7;EUU-*Ji`?etC2xKU3tMEDz0Rj`M#D4`CvG840Sb)>5R~ju2yEfvq0W z2S3ucC=#<}!($p`?nIJ@uhEUGlkqv^cn7$Zd_FtKxGo@Xw{1S_#2UM=f*HvXeU_v` zN&PaY5@d0D#|^!hD$Fo8KKIjM;G03V)H=d7Qv{4%P%+GeIFxWnSS6ILclSNd_Zyl&c&{DV-CpAp1iNquSO zjyxPQHp?rUM_GRe>NelEGf^fL{1A?T%WV6j&Rb}f*#QD^)-OOj<4xj}i&!lK#HGb_ zL8d`71_$Tfm)}hJ2cO2Por@AC|Dk~rbeeRmn4+aY+TsK`f;mNMG2kY|0xni|@>Fzi z*V1$jvb#3K;sFc}jb&vmwlvJ&s@U^2dlgC3ouQUcZ}`cM@Z|3$9e)A;@B4sfhz<~i zydFrbdn!<3xf)OO#^>~Ecd6L$O2gkKx3npS?nH$8+j7N#Sp4Z}i=!_(7sz1da7#CO z>KDd%F8Ns!GU&M_t@wO6%S;U?<+B@Tb3fO+-YDYWE&a?Oc11JpK@ocvH^*x1e{+6q zxD+}dK3wLJuKfYFnd7Jog2u6+#DSS}*Eu&`pWe&$q}~)FR9WP;H-WYE6VH69Vv%6I-5NrLFo-W*bPgQ;oc>PkNkitt%TtKzo%at3 zektlgl^WN5?l96eL)v`WC6e|i#Cu~ENhSi!84MWhDb4XLo)QG+>W^Q#9q{2y&bjQ1 zt2@k|5yvX#5ONHOFdnEe?7MDx#>{mXuMe3rm#_P_gofyy%K&69Bm?dG9JlZz*u@7Uc zMuYd!ConX?SB+FC;RQp9OYvKw^eO-$D8;xtZxoCRkU_cdGtllIj;p+2%vVX*D4PI1 z?%6mDR61+8BS4JsW?PBODID)l5mxE`*E>5)=-*eLyrQPK;`P)cY9T=n*}hvVj5TPVS-lg(L#-3;9GonfB(qCwQ2Z)f}w^phOL z3em0;cdd4q^5KgpP0C#79bBX-N}B!mU8n0)eU!#lTFqQSo-*mCV_GJOG@0jm2Wj_V z&@|N-|2Yg}J(gGJ3c~JTyW3+`p^yq&i`UNHyIm2K!$DzlSH}WFjk*Hlk-evGF%zD9 z*B4;Tp1&7oxOCSbWoPH44eI3WBVEIpx@b%3Q?UAQ8`?g4Swxy9>G!hfBExJZ$`yx0svRvUKM^ze;e@fpXR6Bg|tzPoIdle@`rab`<*a96WK!@8}U8A zW}lQJQPkPzOH~2U@p-HMw$;X8dOJ9VV4o__$P%-2jJ$&9(|moFao)j zXxpZekP7H@1tHr#IK~!DEHeW_W8U{D-Y#q z+D)(cO@#qNn$P?n3H>lT@^=w^y=Xll+9`G_=={bf_+3l#dl9D6PeA=(ry~(E-3XI{ zP;^J^0M4!myeMbkxD+C4ospFJzp*g6&!5n}x$DPJM|FO(T@?Ka&PqdLL`H0T`&|oLl$9E99W^eq;PqR4_ z|FyC~C<>D03>U>BKhx)?E3B+0xTA151G2lX_B8Hyw(n0LFeb}>#Jv?f8k-vVCPMogC;3OU)co-sM^CckMq4-4sb9W?W zac*|tAPZw{CUP7aq+P6`GpDxyPhMGj_KQU-igb~+{&d0YS;ZK<-^7Dz$98vN9rv$Q zqC)h>Il~V@rrim%=4haOQ^NO)9PJXJy<&E+8&(l5oJek1wJQN<5VXv67xwwh&~ z^SUT@x!ZVfP+ew|CiF8aQZ@!jkSvY)kb(kE{^`WePBM=sGulizkJiW&&sOsa*B2vv z1#`RwfB#oq0oq0YI?gQARN5@%b#Wyia?MC3*1?|-#&Vl&ya-0*LL`x&PlE67Cu|~S zo4gbs>C-B#y7p~+3QV)4R&*&tIEOzXA!#JS!~DEca(Nwrp3W##m)T3~yX|j{a)H6f z$X2Tx@cehq2}b68C^2;HH8^a2>PtY9>XYZA8M8O;tr?{L9?yA)G2%7M|Rn0mDN^Q}@=(wo^T) z>|0m}>O@$(KXv&IAlJ%_&+k7{HI3~IuZ)#>8LcKR%|-L@RPm9YyYr?3QZ{@fncw>R z>?_s8-vykYf!$Kz{l~3BPJ8q7kA4e;LD}2+YZvG$>3G_H76^$KKSTun4Pg6Q~Iy)612_Fdvxf@Iehiu zQwdhBP87plcljQ-`D3oigt@E@s(`BB@8s&8%xE0=$-FkK781X)YV>G7bIQmKtqnz~ z(U%jRXI6YBX0S?Rg48>$=Pb)^L5|V=a2>_rYGxhmS;;@>TUdP6PG%L_K|T4AH|))d z&`xox8kHdK(vsc~Q)n%F+YoB<*zxYzfoE=B-nwYc=fkg=bnrhZomg^fn&V!!_=H#} z`=65SoZieV+V|Sx-J;ugHg;z6g_n8JrBe>Kem9=F$>t}j=}G!ZWy{O0eR+4(=3uC` zL_>%9o1ue*I`{+%B>U&zsSgDX%s)O56w#)v2!Tc00Dx>{u)BjWfbF^BpOe9U>_QVoGNY2uq2{UE3&8p0uakyqobE zcGdyrr-tuIqtWI<)mT(%YO*9UuuDs?z*@Z*1dV>$KqWhSmY1NlE}%{tmPm{H@>c@M z)Ub)^hlt7V`hmH>5rQ@|R)zd_$#CuB%m>Jf2aAq#P13llD5+C!+YP91a3bCJv%|uC z2phqpuIVZ`IHhiI`lCSz-5caf#C$5`mWfM?XD(@oxL$81hIDQRU{Coroa}tW2v6yr zZp!JNtMSQrAVg~O&JZ3+r>;}&R5)uVY0X5NCM8bSn-!ZEo7JGg+J!^p?TM8AO#i*D zy{GECLE~g_Bc<)9^~d-Th$+*R-dx)CV8K}tNRMyeq%VpKPWBGedib`;&Y#QVW6bJ` zjQde(oH#Y@&Ug&T=ViZG9rifrIV;fZL5F%^W-ea40h5WxOjk2bW~0Y=|07$gvkb03 zo&sx2j%4UUcA}|WyWy(_Ncql-%^8MWTz=bV)T;QEgy9!A{P$;}K37BxDvBX`<=yU3nsG{N2?KO#_DlrkUe%7kO@GGCW0wLy zg1Ws%Oi&VQN|eV*BcISn%#YJfyC}nsB)gfrIi6d-xoo~^yll8Rbls=C-f5QW<+rAr zbdKs&O=aB{c22lC&A2H7AD_DJ`&>`?aNG>sTo^iE%F_A1F}8W*^9Y~?VdGc>LvuGf zH9`?3yu`+`A6zWSNXYQ^yK zknR_%J~94WpE=)2USFRE&Jkh1?6_;x-F$Xbnyas+OPB_smoEBooc9{rpU9ria!hT& z$~-@V$kxYY^}^?R*k{Df>fM`Gq70vJnUi74bW+U2u2%y$sFQPX&TTAX%SJlk7P~+Y z;@2>ni!wrxiQQolh{gmT<@Sa`-5C1?Ci=36fAR)W-D09=f>?X%5uiXj#GFE896`1n zJZ(1xByz9F&;mSUD-pSlLvRa-+qkos*!kwg{%?%k-Wo$~ja><6v#_G`HQ(lMjVH$$ ze8@bXrVcrDTQt*3fe0WS(c79XlWN}~aWx=y8YB29UFa8pmGRE%8bLs+5LpAuQIlpk z&Bn#-GGpfMD8Z1rOB|@m$PslIkckTqJ0zu%%nJTg0BX-dEZ}AE&&xU_5qBBbi78r6 z-S*K=CE}=fS$s~?B7Bi#anUFjJ#i^vMD`EQKit+F33PO8-qHhVDw0W}L0Lvnv@|n3 z8VBM?agVWIi$Ymvr12zvC0dHUF zH}=hK#R5Qe^yWTb3@q&A_LoFkIA}SEh(-z=08FU*N#8JjP4lJig!_UJa_U*KVoIT5dvO!4$WUa5I_%b1(E1Afl|lE zOyF}OC=HB=>z3V#lzK1!m&^bVA@SwnScTl9x@!jskg*Z6-2_qs-c}mw3u05y9m~B% zZ|-{*>6HfSv=9JrLd-;py240kZ{ZN-e+hrM_CnbScvo-uSzE3SyI_xr_Ppi zHhmlUR%JRSZzbU$s=y7sII~K-*d8r4RQ0}?n%jsP8~PUtBU?wEni$3#y%~?ups7Yh zG*%j0QS>@Fo=@2GP1ih*eNM3??i>jDOV!*eZx)DZ7W_=&5;{iAlK*{&I9TU$5J#|f7PQq5vR5fDBhb-@J$CQ$^V4K} z=mYAb&ZmFzlE2JLbL~-RuK*jkuKDR-HJ(#!90)`dCBBl+wWFOS?V`otEky^H_>V9N zgi)Dy4_2RmM{qh2j%ZvLo0C(;!=wjO7zVfolq}a@n-8#1wQ(?uhJt#FmgQ9cotvi? z7AxIsmVmAb6A1Z_xW`+4T?c&0-AkZwasT)&c)C0Qd$|)K#V58F}s1EfB4HeEZC7AOHK_FkZF| zRlo@AU|=*X{MSdOL7+)|cbcxi@^P^w7&x#>T>pC!wNuX>v|(0AhX>SA1V*bRFUwnFE6L3hCA zLncU_Eb-r`_VeGPDU33`9LO-f%T}Tvul<&)3RJO+SwEd^Y*2wdkq0GmbXu1$X?UVY!26s%5n3jN55V zZGE^1rq}G!x9$28cEJP$Pj|IdGu7z(k@ng10U{2|sCS}Ay>HgIL;vsaOGv-*X4Z7o{6bx_phYkzjmZ&S>t@JJ9;`bHu`qK2%zXP0lJAtqj}*@=Hn{hhnTuQ(-y-Th5KpVJrL zxbr5i0#I<=PKbAG9>9geZQ5gEG5Rh3aD7-ef=rBTx+v_Hy_;qH7f@HAcIuyN2GC&9 z&!Ky)tgItVY6b=d9l_H8`cRk=s#*rgs@7)0<{PsX&X!M8{vWRr{>BOy|{Ng_LD~a3ZTEt?s+&>}Eo!#+& zk3tdevh^A@)Fx3DrePkwWKMyO1NphQxN2WJ=_tCUE2juxz=BlVMnKJWKBNW% z7DxTRUiMDKPmJM!)~%En{q{N+VWZsWU*Lmo$kfr4n z1B0@a-v9HD_jh?|39Y|0Bpf}O(ZL9ix3`Q; zuE%(Z1JFxD1dPC}4e4y+CLbg`sdKByyVYLHltPhfkCs5@A#{Ej&x6G|k%{g%%Z8E};BfA;p8k9?~4`2ql$ z*1dIfx}GtAQw}bxHnF!EEzboGV7^-EO2^48nS;fvp8q>ag0!Ns!(3&eUY8muGkYDy zdmbE(YYbnB8?`|hL=K!&a8*2kGeL26WP38VLW!7iyTi<~&jx3mWSuli4+!BcCM$!T z0Q~@Fj$+f%qxJP6L@-bteCq*0pfibSI#3Mp7HDge@)zuOSVIWginNP|EYT!$0LDuP zV1RQH6%$je;2((Dt=8K2lBrm&|L0W$Pcue_{fAG;lq*0~n9cDhL{7DUP25Pp>J3NW zw2M->Ukz-l>&5XJpd59YZPKh}%4Gm!b=TY=!@8DhPvt zXhWU(@4NTtHx105m`?mTC}g*jm!}Z(q^hx1Ka62tnkCye{ z7v?${$F$#ky?PThG4Y~P46pnyF#0LDA8k-8lM0Lp&LEyZ56wT=g)&4T-W{wc4}r{O zjWul*5d3%lsW9`^75O}J5;R$6+_^Sw1#17}#jh4lVxprnH|0wPi}HodV(D*1K^9vP zqcy6O%HQ@hNuQHeaqXnqHgsB=A=;xH`jdEGuEtu9{P^s&F{1vYo;zkoJdTVZiij;_ z)Ow;?=3s>zKv>1Tl}@8L7s#esYG&-H%t`Z#Bn)uDTdC%xMR!{kI(gm|rn# zd$X(m{jRp8|9LD5(xKCu45~dL%e~8~kQWrc#>akRiFFKPP+q?JIQpGBzUflZ`y$2g zHcihC)(Q2p2SE*B5$qARz0nbKy!%bPJwPK{*7@u>#nuGaIO@YG%dx!AmSIEL9(XeX ze0;A!wQ14ahjNxTW2N3qly#P7F-Hk($-RbiH=z_hK+`g?Y>JB!P73+fd;@EalS^wh zJFx*FL-OTHan0W>qUF_87iG7t_f-N|(zF_zDT0jX)o*+u%fG_MYvqj_`vX*<0g%H| z(v47}hf0JkH`BgxzD(s~Gm)0#cQpw`LWNa`k!L@jUX~x3-#%$^P+=3UaT~*e1}S{> zC+FdtL!)U2hSz5qCW9?^91hpi)235L4*lwA#LAX(THuyS+!6o$Y=;8AnoVE|=tafi z`zb)-OD}`Z#hc@8A8x@qN@=hec2fm{sqFB9|ic7*3mg zbeAx#8%*bt3uoUS)*uYywH;G>fUT&a`tJ7YEED{%hk12z();NS8XXX1i1W-%?)seQ z0*m^L<^jBQC|7YA)_kf>GT7YA|LE6xKwu4^{#w}-0`b>AD5uD2X~jK87p)<)T|z|v zGPSTeBwh2bRbfsZT2aUhlJ2pYxYVq8_j9N*M-EkG7|@0h&{)H9gE( ze#LQpWM~R-pVne;GLfZQ6V%ymB7<#Q!x#vqx^Q*oXkzg1 z_K4=~QYV|iRtJ(Yl}ax=<7FgiZWfp)|#QU(VGmBg$Z&lE`BcDW%?0WwTxpwcVCBcU>~(W>!pl1O)K*anaJ1L?(JQ9yfMd~O z-RCf<{Ypc!%exu|^mCI9n_aX6etV!JN(^Wx^&~J543nvuUS`n$MBgh~tw$ASIQ^sdIf3dx5Wm~890Gz$yEP$oJ6=C1#BN@Vp6fA(YqK*|**+T7SM#k>ghwM6(}IppPfKD= z41zv(KGWPiNrU1M)6ujui*&i&Wz$`Btu)O#I`? z0(Ggg{m>YS!OiiKUZCC@p*<}!yq5HzDAdgVVkrZ8?sYUu#BFp5wKfsC|B#r*MVO+Ju_zie+{Z|7)b|*|-Pxb{Jm)k+^kI>&e+R>ULn;9Q9>dXe zsu#<9hDBJH&Ol_;eL5w5GT&yr#b*QMF@FCZY=TLL>P;2NX(vI22X0xqnDsXsp7$Mg zqW5V=@w#)wF6Yq*_n=HzSl+v7u5>?xXYJ^~(c`I!&srs=NKbLvyQR0|rH0y`#oj~1 z!^=e+O;NyU2z(Xuxw3Fg4zfUeyOKW~ejs$`+K+}z2APtseCSK|C#)NxoVDJ;rLe8W z1(=$8vF@fj{N$DydbQ-TKBO}c=?vtdrAeUoA%||Y(q^L46mUQexw-en{&hW*U9!@Q zAJvuA^Y3Gf3qeUq1lD^PCAnj9{=(Inl&fblp_FdL)J~u7H z>};2pT3|RZ&wKE^gLspDc}WgzOr0-T!-F%_qBq04Wf%i}?Q4R>I@8<@RAUSm>P*Sl zl~ROcZcnd^_6}i$6l4jTlL}d_@rMV#V1IPFbFCwMx}ZVmGv+*ITl2pg-!Y{slk;__d^F>VLI*% z+L<;p5Di$4GRNlvI41_uDZCx5=O<{oY|wnN(?GgN=B}UlBi(+I((6>)Laj7i&w>2m z|IBfN*Wi{2h#RJRzp@6aOq?u;y-rV|gt}m}J30W}L9|?qari8B3~O`S?&y&VCC-aoN*!IuyQ+=+HlsVQ~PjLffrCl~BUtKR7Udsa-pmZv#0L%Vul>_jQxK%`i zrtP9{&xu{XDUCN#uoFBfue6<0xn8HdmheY{DZmtT#8qkOx~+%dwI|exBJc}3d&Tm4 z4Ql+z+`gCv*s!~HgjL>Mtj-?ACb>zAPEdLsW_EOT_Mnhm&fm9ThTaS4>#jc+y(N^w z#&kf{44)3+dvD+rV;<{@Ajw|kV6JDueabs%Uzv^|7cu|pdA!cxu9vuher@Y>kf4GV zUwQK>g5`srW0NHui;p1{UI*#n-SYe}&8_(&T4@8&2JVzltWOgwr_iV*_K*R2mB+D& zQ2S9qSX-nqNVsr@X?G9MJNORYyS2g(yiD3#I&Vy;bCP`Q4RSll9c$zaIPxJK6N3v< zfeDEv0Zc)N&Wrvj+ulH*t0H%!q&y5fTFJy5CAw%DE<&V>6ba{7A9>Xh$X6e?U2;N~ zg|7z00zLeIU=F93+Ze6LPl!e}eNxN6q^#e}5^>%bNysb_!Ibl3U)_5FCwQ&=r*6!3 z#@ViT&g&pNWF{-CMN61BC^S{>YR~tCPo2o9b+_>%B7mdw}_>uPM@Z(FJ5)d z?*~iMLO+V=?6f^nD~>xHADNFL7O=mY#A(gZ;Gm!o5lj=OAC5i}3MnSgJ@&x9 z8dOUKIQ{ITV1-#PaEm{q71f8KrR(@De*x_VEEHm59-4Q)S9MxmGTE%t(8OC`wWAsX zI|LRWjCn=iwm$TXTp$Ev1Z|fED{rMQE!*HD`eK>!OVhe3cHTIcEZc!xUPo6~on>OK z<7AB6^T%z0B+b2*idHp4`UiCts^ck?wo2^AdKNj5>8b_3XPb`C6SG}_A(DGMUic4| z^2)){SBY6r+Gpk1dE*{#lQLTLIv%qoZ>Kw=uL>Ew`Wzsx8n$~0Y`P}5CF{YJp90dD za`OH^y52f2%CzqrUKJHANe6y`KBse|A4RAK;vG&N+_X@y%NHb#OW#(&^pxGcl;crs-D~6Z0C|#&}B& z>p*ccc%=T^5(9{vDhQT@fJtbCBZ~<39?&j@ zq{0ZLuyI`@8R_9N4KY+vy;$}LY9;|U% zjj*z9Y|gwP9+<^L7e4b$F`ZYiX=nvJ=O%(TjjaA3TwUz&2AfdPH7B(v{P z5hmXfqi6tVOWe@V&}=+At|=KmG&`JvYq>&11BBbMgGS(JkP(cPP{&`rtdJ@oU?{4x z-CuCsFF7`rK35_2&Qtsg1+bec$Fu33>K;*)*a3m2RymV8rDzZnPk87H@lai#FTg$$ z4V?ku77-p|@ zX^-YV-h~5$%rBQ;$X5I2)F`+zgggO$HhE3|gY9IcngLb-NZf88?sS>LrQv`3<9)8U zElkh_q`+?4PcE6PU?tq@aCUYAMqZ*c^WL<6`+1dOa!QR7eHfrsWc*LjCIAqCdyYP> zml`5LyZlP1`0TN4%C;mglBjDm!Hl6kp7SvN`6dDoIapQE7Q_mho*%E4o>`BTzO)=E z%xJoY_a3Bu1Ja=4xy^uPGPl(_)}E^CG+E6hFiLQmbl`>PRlfjuEfZ+#ezOaNWkN~9 zR`KzUK;7y%4P8RN_-jE~zt*M5M^fl$V^SlT*NQRXF;6TeWYO(lRvZ7*uVfw=V==iN z2wVe^%6Uhm%DRt(M*^_AW+acShVnAx(s|TMgxQ4kPLDPqvIGRGNYEOtN5Pb0)tkaU zP@^VWrATKno{3=9#8Y7{d&#B1`7(|&r0gEmRIu$(X3Zq;ji5nLn#;*$mx<==X6frO`NNhOm z{P2T!#$99DMj{;b+_hzay*e8>JvgC@*cT{FnTs2MrZ8t1uo%A7dWdklLB?%KO_n!G6rTM6+>Y8OhlaX3-LX!RZV&~$7>qfGlo?2)e3R~X@dOimq&`Ug)7qA zuR+ucR4Me^AKg9JUF!(CloeT_CrPrSegUf0P=o71FEOAX#E7J;4na^a(f9MdMD5-rkb8fpILkIE$Y60#6wfm37$kVdJ6nxfY8EH-r)|~n zcO?si+|JDer&XWo)|MMSzF!D+7tLdR0$%NQGdvF25ev-`1(J9WEOvE4w>Y zK{;?Ho_7Qi7l+8~05OsFZ_-GcEFO$@bPK4#2C_qbGF;;u0oK24;2>xI%{MI%$(g8# z80dYwx+`2JUOC^JDv0%SCxL#2is&y(J~#%V!B75(cpFh zmc!(C+y#T6d!&W5(Z5Y`v8;!g)#w?`(rl%Yur&@x?<(1rJVl_=6drkwr_rQzZ2iut zH`6)y}c!2th>1>AZ`wXN+m>kz-^8G0+rI2;UiZG-=L;_)b8tDRqc13zh(c_9Mp z2()G64ckWMGfc>$xNW_+v@1-$5hltde76{6lwTI-WEfj&Ax{c>)f^`y@X@{L?hc<1 zdN_fAh)7LLbDq0xA@o_Zafo?5mP!Cv@H`buBJ9n(q~N)LDYh`1*H^WV4bWEod6u^+jhG%qzZw=C*U7KPSwZk=X(xe|s9Uh7%0BNDRE5#-*$l_6ZecNxtsNh|LwpTQSzoP-oNm zR%$g+4U>B$+Ay~98lKlrCl#MK6KBjC9HP8W6@|9~sN$|gnV8pZ>en2Cg32oerKV~s zxV@6Bf1$dZg(+oPoWWe7RvziJB5wVFibs`;G2zzI3^<01SJ-43d+9v4(-&fl|FoL% zD##N4MAS_xfmJJ0g^?rmjVwgfTrNH5I-!sKXuxc)0-sq4rLdFSX25PgbC0lLA39oB zww-IV_^TKfHS)$xPz2dXE!sFN>aLru%=3>-htdkKU5pTj$T*SM=uCDRykV2NTTKlo za$4F|whSyOd1;&C7fu>x>k(T?=B`) znwnxv%4xKaJHm!5FEyVNheB$aemZn!_l%7WfFP_ybP5Sy)zQ`WYR_%kGLoSJmcv)S z1LLRsJ$4UqZXdlzPhTwARYO%qFSmpq*~xhyZ^Xbs!a~AdvHO7_tj)jsMAwMSRlcy% zy+BEH+I54EC!q@s7hd7INB05%C{m~-`=g(@Zw}~Oj^=Rpj!)7r{@(pWlRz^&_)ntL zU}6MhkFu*JwaVmx*j&f1`(UbyfoH9fRiS}x5P4;c+=G3#>nv;$jMl@uWJ~=seY9=- z9W7>pfueOrge^*EYn-&Sn5HylVrf3xc4h1Fn(n22=6tsxzgD)KQ?92?T{LeiE$Px( ziu?EaifMnt9N6gRB~XbJRSaBL87YVpCAh6nEMYJF4${Ef+*UaDg8#^Ls1gVvK||x8 zKP*c1=W(Qs0avY)+Ci};jn!-6~e@ZNKm_50wFyJV=7c zEqbz@$C{5{Ub4dqzmR8*>ZoRiJQ0$<^Aa-W?smN6H+fm?Oo>_bN&YN>l7HS-_pT?W z(WE@T$3;d;?S-@gkw7i!`Nn3QPNnFI-@U0#aa8MQf^wwX`&!rScvIPgE|5sVz{XY) zkmnKe3Ev(}j_|g)yMQ}3o&Dh_Fy|@pUhab|K$U@B1nqcPVZ~{(^ENf$(tTi+t7_`Y z%Nt8gAEOC}FzH8aQGXJp=r}{(!D>&&^hj&aIpm$bOy+jN(S_H;m6oI|&5`hy&D)$E zA;|JkYN&+?UWJWz)j&vXfoeW$T;rK~GLHpqt@r-tdKu~OeO^|BIST!KJyxSxQm!FU zQKNlJ6av=(9T@{cTUO2A9CPKLilx?Ww+mw7;Oq{3H;*#E{0rQUdvxUgx!a#pIw;D& zDh-r~sN$l^HgHoBjl9>};KC#**{g_;CAy0P9X-k1Dwe7xPeD3Y0*1u{{Six;BMmqd zc6N2$u{|-H)4xX{Aims_RFrN(om3Kmw;cLc>iZ`uIUOBy&1kOaNfLxlrLpJwFU%gS zj}cA*>RARn#}NvP55{zv@-=plBJn*|QHyzm2&pN9OY`yKySUjiR(J@Y0QdyRldg5O zf>6lv;ewqto;nCy`4sDadkL(XP>|O$oBS7c{&u5iNk*%?y9PbO(w7u|M{UY0JnY=o zGmqa}o**X21}S8V*g|k@Mg?&KdKN&!pt|%KK3_nn?%~RLfTrg&t>gR{2m}8U84R=j zkvDx)@s$UVjR`-X83RaCztxXd-!plf1)&=>O2TLD(X%BNHP`Jg-4l*U}xTc~Yo-8eB&wazL z+E@j3y8&kikv`-JPG{u5dWKH-n@<#LPKE4e-;;yBqI@*CTavB+zdIq=9`T z+cbZl`4#lva z#9-z(M*28!48?CZoQ<$;JO$qOVVhz>jtvq-aJz`NM<;;>;}W7W#9(6$=RrV&Y^ieyIOa{wR% z8ZstfDfucNz)dv^)q#{pS3GBs$?5W$rD?&q-GOq}0eT3SNv%g49fC#&Jq=r_*co5RQnRE7S7fQ<^m zCOy6V$m`@1_l#v4_oUetm=DLsZL}Qs>YNN*RN&ojfI=w5!r#b0() zVZ3)hY6`#dm^5)~+bz(Ja|Ime zNa(@491m^KD+(e-^kh7owx2#x=z&ws^#?Q8<-cDcei`zjt=40Ft9=FldYCAhavE{3 zQ;Davg;t}zt+crPRUkEo-+@+kTSr?v8Iyr!)|dQsW4y7THY&IWbSmAhD=QWXe<^u< zIg7=*l7wpbQ~YM5(6d}~>jGqeVCo_%k-pToA8djq8o{;8lp9fN;6$(H7X65s9891~ z8?WPZh2@}VN3jj8pIRV!NbB*#Rr9{o;oaXi&W^zNyD$O!K{(l^cNIL>T&_zls=9c% zKCVLC(z0qUa4!bQpUh*+3e2m68-hNYi5}&CCPoy3PM^YxFZ~h-r*yryL4DswpvMA3 zOZeKLT2DJT1(G~=gYWC*`g?wqN_PJ9eQEj|dBp5wHp>){w{{(VDM3*BtFr864pY3q zS)y?d5qU{^p7^I^EZxEN+$LQ=wK-`JIpKmz5|XF_de5gV9a&WRUd*ZBVdjHrOU1Jr z5bF}80qLpq+2Phu^O~I(_8GV(|gnT<2DQ*5{Vi)-`inp#e9#C@Rt7w6}G6KP~|v z5^sol}&mrw*$RL zKbp&iKz^}kJC2$F@SX!KeOcT-Q2(wGCA&u$@vnn1fL6qTCbf;b*j*SUiK_1Zc<{*) zbb2GmPc554(LU%h^15^BH&Ck13}kzB{EGO_TK$0I*>?8e@)dJx(T1u+9zUhhw)&e2Hg- z;uj0LZhit-PQg*av&E8z^Gr>U69SqF8VJbl&7gxLBH~7DCZzocf1Vv~t3+8=vv*RA z{^h#<`(?xNxe8GcsG$3FO96|37@6_PlV2mWL+?+{-Dr%3Jj-qMfn z!ayW8JMq`VBSA6_uj&KTu*yaY?tNzqykfb`Cs^6-K>aXISTB7H;eBfp!Wn zrD}U!W!;a|v$B1$C_<;3w5a7~N+`B`KWDSldYqFYCOn8ZibEz(GJL*uk z;%cocTQkTBm6Z591oY30taXc)*FeH%nHyHlA}Vb;jr;hU*D>>4SFP!$-#UEZoORsE zEHhhI`^n_gm2hPv1KY?IM9ULePKaO^VI{Za6u$LaX+s3Ck`E(8xgZR#)Fa zJ{)bh1P`5}*T1#HII2Ki-ug|+cly|7o5Cru;?7X%iA6v2Pdn2^I+a-9%bfxwzX-Em z0Ox_gtee0fJOXFcgNuV$)GrH8qeVKolhkj{4%XQIOu_VNVsF`XAK?|zznvFyH0z58 z!K+p$jTb!j@;~YqMc~sw9_{#CHvv!ou^wC`X3h;@Adlb3UC#kKp2e$hrLPZmdfEgz zLR=sA*MlMV4cSs_7>U)?yqZ2LQtCQ;@r}OYvW0dhvd3r7LDghIffgJ&%y5)^)_V75UpGcZpi2Jl8v7J#Clm3}om2Rvl2w{LdOQf# zF_bOH$@NuwIalOU$ZeO`RYkthA)UiZixuARjWc(J*-PySn^RAVs*`PSkXjN)b@!#8 z9rqg(alg8S8xQoYGE);3YK64l9+4DG=Ix9_0EILBY5H($qO%2ua1n`s7%SsUralwV z<|6Z4Tw3Z%?9ZZSu zI^O~)GTNwzJWRYr%EY4bl;#coI7pXN$91t_)h&JTojL{?_QV%E-)w@0ljp3n6G6{q zE(g{Hp2ySjiD-3Kn>2HxZI%y%WGdmj?m&|-ARKeM^LrvO_O9%8P%l|S67>=E@a3Ah zEie7G1HF+UtLMOmN$MfFJAHxN8iC!D-To*z4TY@k=3x$ML>NT*pA$;JfzF=6t@OA? zDi?*z(O}0t5OgKe9+&Xd;+)~cpqags3c{WcZ*?^sGI2$J!=;`@xbi|qJ4=kwME1&Na>~z@vX3PxW z=$JMC$2#!$8TJUNmrvm-!`#;g>*C-)z1qAu;WQjo%O`M@c+9vN3-g?mc6#HT^hs4J zCub-jDPP`H(vmPKR#)m!FWfW#NdWClF%#0PWRF!Pdzq7$go^0(HF2vK)|ih#@{bV; zFvnniJ3=*6(Ql7r8P!71V7lygG~a5$7N;8K<5y&UP6<7!J8HRuTB^CQ3$^0;AjRVO z48;ptX!+fC-h$ui$MFO7>8i7T!@vx&690a!*q|%|^tsw)MjrzoC-7po>Q}jJsgNdN z;*hfnLEk($BLiZY?B}zF13#X*^jS9UfB5WYu3F8kF$y-dp&!11{5c z>U!$zH#LdVL!!0OzMh^!p+}7?E?d_dw_T@kE@#1=>tY992mCZp4f6?C#LZx$!iELV zqnIRFnLiorMagjcx$B61!lr@?YP>3&NoH`As3Z@ zKsvez1SaNDJw0-uW9uuj#$6>6R96EcdW6%HS`O@(EPx`622%_@Kfl&T9{UKuY)5ls zNp*vTAE*Z86M_~tlemD}MEYbgrcnkYD5OZIXB#_Si$a6LxG7+SIXl@z*Si*1GHU~m ztNC2z>B^sCzz=?OwaKW5XNrT43rbrgvfv8P~fe#U$Y#tLnZih5An2dK1cAZdd;t|(lj#H6xe zc1iG1b^*BH>#Lx{fqG9~epggoN=H|;wfJ9Rk7#4|gKz8-;vvuI}k_OH$XQAz7`Oi)>N(zF?V<6)FWHk%- zt9nr~^E>?1;8k$rWG3@?w3k7{Tdjx%iwv?>>_(P4;bpjqz#zs>0a z;F4brFHZLWdnyCMmoel?!2*j%56Bvd%d4Ugtd#M;g=ScK8|tI*`t`u?Z4dx!A-(|W z?$s7)-vY{nPEWvjz)=zbM>~#2J-QX(16WPnsRNg#^|@l-FXa4C@ljAYx_+`ot3hee zj&f(EQY=2}AH-?kHm_V1^}urx1UeD8`H8~NG@sKmCa5pu#MQR5;+zHZC&3RP{6X7fP(7Nq{!J|{N^Q40K!bUhWFs{^B48$xVl<__sMd^2FM)4f*!)E z-1p7Uy`W`Ny4eT6G*}kv*+p}65SNn>+jN&~!qYY9t+6t_o4ddzFom$Sgfok?cXtes z-#Jq%29?O2A8y_)_eyaDSlmE?RMf14uFgUv7f_PBP6;3QuESV+KwdX<13(#TomDul zW`BAYO%k!FO9LoFErs?+8EAaRuraTPCV@8Q`P^_u?E4OhLZ7oO-p3Cj+sXX8`GNB~ z%el7#+6%f=2U_(sKx?swVjczxu}X5|f1i*5Ckx#506rm55%9W4yclc^dGA0tzvua} zg9Wl0rqJ#`Mtkp39~Th zpcq?oz?N;Z(k(EHAW*qS1Luk&hiy$(@*7UewK^FZ`W3&*UQm{BY624Gp%_6>kU)SA zY_A1;ShUCLCm+xj0}&d(KvP>ePt`bMqSrm-P2kIR!c~QhEG%d_Xfa4xsjkr~VZQ+g z=6XQ9adCMvfTm{5hyEOV=u_nuS)oPY2To{4b&$xgK3c$%D&Rb1uiX@fQ<2K;m_vD& zL$-4Ht8BvhZr}sTLVY#6a5ma1sVLN`Xj9Y$>36a_?dy}ZRjNh0TCW1eBOB@CXvM3` zPwetB$QIvAvXXTCdN)%LL{Q{mgyt(oVhl$#uWr>^bpeT;oQ6+vzUQdzV_Myc*QP}K z)5qf=!?t$8iS3YDr2%}(-!vw1L4_B$l{PCB$34<=P_j2wxFDToYS@|pr5A5L#jJtA7ecxIj z8_m=d!4Ele^y!-CaPE3Y$`1|j;7D>M*=BOXl!D4DDh@Ve@bZlG3A>*Eym1>dY(Gyq z0v2Qsk=|}@&rJSUC77%?CRMp4>OwfHXWHS>tMF$G`9v#Cne7pG%~TqS+kr_pwIIk= zL=okk#Ayom2)TGBK`_^4k)MA`3hPdskEZ37?*kj^q4@~iVy!1XFi_>I)Q+%x-UnTQ zxj@hMKOa<3@auer22d{{Ezv{bcX_Ps)Ukc{5N;(0WjSb#v2l@?OGJQHuRnqkt zH(y3UN`>FwZc9+yV>r7)P|E)Ie`LFf9SALP^|-_kT`-<0_Xmr^!e;62 z9br-&?e**8f;HQw2^h%)4$=0Kf#ufINSrG5$KPb<8Jc`zVxs+Zf{_kOZ+kXobZ6{F zi(jaleW?prARw00^23s6)3L7`0RkUsQlM#RY3b3}jj%UET7nh%fIKS|Z+o;PiZOb= zrrBZbO{B+XQufW4ZANwN=qU%L?RTz}UG022kuku;yFQ$sg?@%9w)vJS181?vu+Q=F%$|pvu;Bs?qA-WCZ7h}rKhR;Tld^VPPFT|4 z-_L3PXb-R6jSzZrXJTvPT5YSr473t4S9#y{9!3D!4(gOZBo!$?(%KcHBT2Rk)QNgiZ|fIWuw{cdmGW<&`ddP-wsrm zo)`Zvr~jT?SfJYv7dyZCYkX}E{me<1FTMN~87E;O0jK>gtxj3bQkKuk620pgmfanC zecY9mI=q3qk!xCE!4n_9#W-?@B~1o(V=R)}49o zqUfqNVSrbn&#EMTJ>Ngd0$r=~Ahx|IfPdIHftIXRA`xm#yv2IMjl6e@gQj@igzqW$ zj_UD><`PX;tIvxd8??T3<8dPC;`e!x4MfBL+{u5my!23E#7mf<#~B;H@{ZC|K4s6t zkyqxZ?JX&V<68l?T}!t)om75W5hAdYbUyN`4n3TDFt&lm=M;$_M$#zCvN2K^y`@uC zebv|bbMXfB`F`o0B56EW>`&jV*bVU!4w;E`rUb{QlH#Pk-)PK$n?`cGIdV(q#u1H0 zV+vn<{!y^=8NpEpXdaeZJ^gok{v#U+mIH3LV(A9j=BlaatkD}yhbD7`f=l-@JZA@9 zk(QUeIBd8D3;WVpAItWcw>W{u|MpsnT~7j!>7F>h2mL}E4!J-Zb^$9S^YjqK5Z8Di z34k`55KkAGZsK3`9>_;TF?QNY%Dn~d2!$TA?l`3EX%fj_Tsewy01%V5d=2+`+AWrF zX3x4`s$gc2<)KE(@0GYYRWJLP*P0r%w|tVqMak^>c@H2|ZeQrf^5PyUa{SkG26$zm zCyIf#h$m8eRGn*|qv#9%@_ckordi3pl5x-NJ}rsgXLmkfCYNvdd4^(WFy^kCtg~pa z4%!I$Erckssvhi&@3$CbOqN9&vjr!ygJws^Ov_x|t_Eszh15?cj^^Dt_cxq8EB7N; zL~kt@fqzj{e1so*UP@vX-RuIa*&i)SG6U!BebKxQ%O`TOg$mx2D+mNg5MWAd%g5 z{NGK^Mt<$>T-6zndUct(%>dSri<+!SHwCU7;J!Js^R2 z#wh%ztiAl5bmmF-*3I!q*NggMWad+Sd&-L^Zrl`>0gpcvy*hIlD6}9PFSC(#U_!+q zyO}*S`zl$DJ;lG>c?2;z7EKv5CJh|hy*wHzn*t@zNdC!nsG`u+9e(1;dA4E4lgKrS z=1E4?WB2RbgcO&YO8R!5+lkYM(*off-@4-&rGa6ZL6}WKbj85^4P%$A)C{nW%)HP# zzA}3`>ru~H7IEd}2aiQE4%MCRZFc%7>hrz5G~Q2ePOK`bDrwZ6UIC{L=|0LS`WcEK zE0dF=rXSwe*cZYB#WrN)r9L*h-t%sL3%AyP36^M>i5Qc23sz~2>=`jafiUX-gYH_q zDZV$ROAVNW&X5o7(e7KYiT>G{n2%AWiifxZp57UoUH3K}g+-}5R;>dC52KPG(mTt; z#d<0aHYZt*bj>NQE#MGc9*Mu6i}>;Am#Hj)$x!edr^h0;Ry`EqVN`GPJ<|LepHOTx ztEbD>r~WKSX|M!CSKme#OTFkz7nHIb$$N@%Sc9RDUWdnKXvs>w=y$1U3t@Y0va6QF zQ8h=_aHY*SeXWai%o6IjFe|IxvXv7p@J6x^&n(QCq~qguUw+5LR#({sg`n`(C%I%i zHd(@XXJ4@#5;om0hBY8}`3-xKYY|y$p4D_=h}Z5(?m&gCd6KAIq`s$zWvKqu$9;43 zn63(H$r}AarERV`a23&)(!*Tb{ykT*Yk*-F6fS*RqT=$1l?$fKb#CHlniB1LsaL31 z|E3#3Pt!}`nb(sdBH!Fzf980(Y2hmD@L0XhXX~-+Cd`8pi}}bjV$!!K560P~N7w$= zvxQk-r)~`+-vB-HRz$T!&W9iOQ6hy-GatnfzDK<(vq9o%5~Cc6I*IN1`0Y#_T!&p^_*W&A69vnp$pvg^?C zDEn+;18(2^Qbtzc9(I`3$-3b^*G(!eESyZnZ_X@4=1#g=#I`zh2~wN`Ujg?&Q0n8o zHi3w7TK}yN$YyZ-y{~GxKdTShoN3f(HmKz{ZpJI}jbYTBnxRM3BuXIY!B2op4exHbq3@O-NfREVSuyTH#& zn{C0%Mo+l}zoL*5vklB6;f6)mnZ~xk9yVaiik4K0vkpT3asu zC}1)6r6HT1>bG^XOM> ze0FIuDLQxF34Ojx(vzUgZTT+nU6a>t0Ns21CO0X5)NW5Rvt_Lds!(5VJ;39ePHm-} z(+APQ4rkL8Ue`*mHStw3S7FxNw7fG$)CB0{-dtbI35?m#^y75U?{aG1Qq&uDc9t+R z>5{*o$s^;*(>QXg6ETTbxwH8R2874SFDet;1OoTbZ z$5-qSi!idWVaE7JvS?B21%YHOn<#$RDe=2hY7aS{sdR%40Za3Q~~XnED( zJya{33PLIgK_x-oQ1~FW)}b+}@9>SOoH#*AYD1FtHl1G;P&>SVA^dJW64QAR`};AB zks5t`&JI_ot$7Xv|M<*?_Y2^}Mamd0_ptzmy1ik01eZ!cypf%LF`2{WTTdFl-YI&G zZN}#!E>JL6U@mAhndFv!BBv>{;&qaL4>ty44q$t)uYA0Rv)X+YkSBPc z$?@s>t`JPHJA_e0g;JcuSgIbnOR~+F$+8Wl)+JR0!3GOXsSqeh>r*CTM6g(0GEf$) z8FqS9GW58?3B7{%Z55cTnCvUQ4RnRP7JoWzA{K*>a06|&pkX?3l*x4};1HT-rEvq@ z=Uk$VK;jG$GoL=n4VOwRYaZgCgl~TVK&NXTrN;~t;hB+_nPA<5o7R(pBlur5Vdf-u z%nMfd1p(|T>LZ5jsd>vEv5d1$HYpOIWp=Vv-e!`?K9q~=iJmduyLBU;7PJXZ0#G#q zUxY9<;N|Z|#9u}0Jhx*01$tH1zC1GSIpML-KG-WrhBb5%`pM-Fj+54O+FTjsp|?;@h}FfCy%9a;p`%_St(*x9kTn!MciR(%SPA zpMA0p*(;@xG-9a>0Z#jgheQZ$SrL`qoBJ!@-WgPx#RWbcG)xz8kB;PKsEfB^%pe5c z-8OE=&46l&R*+qfXCw@5vDaG(v2JopdXVqjO$=?a3F1vyu%4vKElHjzlfb4 zI#qUh)O?0iG2m1pF4>GFnQKPm30}_B8P+#gua4J$zT-UNKB_tL>mOM1-*b=p;(2)A5N!u}7q2Vn2LcYC6ECC*94WgSxGwXW9e#4P6wDWr4$Uz!Lf%Pkg+`j(46 z^FCj2@b_?LueDVMc0lQ_y*v?P7{IwPx}b8{!(p zgj(1$03plMl#mvwGoaU!;+i_qSsT-1?-^x>3e$8Xs&|3Bt;MoCMnW+lbN+!FG*wBb z%sQX3#^~t`1c-4ue?cc5eWH!$u1!}ue@_du;!p9BZVvAhDnxIH?}7S@!)B{LR-~|x z*Q==7%~)A8Ms*2Ih2q^cyB9)qBNZtYrixVxa?GT1Qer87zSfgZ<&=q%;!o39ac`=Od7Vwzc~RS&2qB=um9VnP|Hf`ktEKr~Wd zi3F$Cd%C;^Jsi@XhN=y3$Rh)0ttN9K6y*Ionm>oFL>K-r!DSpuDAjChAy5xro#%^q zJd&WslF(UStJoArY9LE&thh+a`I+118!d?)-L%xY+d#nX8>f{V+xFu==D5beGI)K; zBl6`#ntgWCxcdFAX@uTKrUh|+k-4&1oWAmv&eT;bgYIQ{XDSinfCs#V28#8A^&U=x zd(Yyl{d59HVVtJfU%%~KpgzCmwB39})QGbihCY=U``AH;{A}^*c`clUOC_PexwGrM;+Nkl;kZRuS?vzt0{d`hx}E*{D8;#lUrKE!+yCHT>S^B9u^bm*B%5 zbpSqWi1#`vF1vHvUF_bMh-5y$Zs#Z= zol;!T?5Sk0wVKNsCv8{xQ#-`di^_-6E9je??_|D(rwOUtlIV+uWwn1>6xrYiEnkP+$T@cRG^ysJ=Ni(dG#`1iBf8Qs&$?N*fwx(a3xM za`qvyZVaK8l=EroLHR?yWgNTZe1@Ndsm8rQ9lB-KA)#88uih8ymdPD%PUIV5|IEqc zw1t`dl?KX_$;Z-}22+1SRF9%3(`@)e(tt@@^4-`@ygZp|qVlb}Q1Y-74}KDw$`mqV zQ38etN`A5St2dO(gAC)Uw!IQlQSQM{`bueDVfqt2>dJ>6x^B9iTq0xKp-&)`y|Chj zI(I03W14x~X_gSSac{RzfPe~>)o39|9$N1_OTWN&XM8f0rZ?$4LD%B6*>nQRV=d}Q z$b*#3BE6aTWsVFD!l7jka0S`#GLg-VV!M@0=iL@6N0Px=zT-OHL3(ZEE)=ADObh-meo_ z*2C^3CQ7os5|D62s`zC3RqyWcoUq<>bBGB11U^kz7<*fhho<^m(Ou|gyNLBd<1M=+ zUmdK+zV)2$=uT**A;Puy!-isHL|H>eT>oVH9z4D3zVF58GHG|+{z=3ZKk;-wglAUBnx=iy-@BKFRY-^Y< zJDzDoX`KbwhPkh_&`nf0wiD>jtq50|_c13_O*f`294ExNc#R~u=vE$$#HkmnWM#(nR#Ncv|qABIO#wI~n@%+f=y&kRD>J z$cCk#)gtSE!MYD5hi;}f+gKf%{Wm(Ozep@_Z6gU{S@wG=`6c4IQy%GztmOPKO9EK? z$e#PN>x18OxYUVHz#7l_2hTP9FDeQ( zRSOAvKoJc#Vc@?1PpSbBgXo9+iy|m44zPP@{Q;KiJirzHPy9c4fJLJ?Z_NAu_vMc6 z;&cDSm6h&sF7w5Md=*O&6*_8MZ^^XX;2i?D9JYMI%zWo5o9OvYv+;O?cWt3TqXMdK z5$!+)EaqR)2Y`W@eFIQ%vz3d=CK< z5rN`Q^3L76{<2N`tNq4nqg5s4&fcS5uDEGIDJkTjThgfP3mb^c%>k4;5VjvQJPzF5 z--!{o1sy%e!IKQ#U$y7DF5qDQ1aP#1KXIph4NyFGj7N`$K#n%cZI>zsI)uha?T_uV zqs9c5D!VQ<$a$0S-L5RX&iZVzzuE6U@)B1A0q0GOj6R{dx-}Y)iXHfIIL!{;<;kz7Dc(G~k%(0woa9x11|LJA+g?i&Hf6ps`aSNg_y@5N_f&-j+7 zx{q{eJw)@V#49ktVJizjdm=^UO%IYi7uHxMTx~@YrW__k-c7w0{0T%6OQV!mr=!qz z?o9~^*Cr8geNzZW*((v3RPsMch$ql(8IZnadU{}iafKcNf8$rnIA%^@(ITKuvd}p<$+X z+;ztB(q9n8XN+V&d(}IQ;O9RJpGpP)^iDHT7fI*7zy9GmtqV01k93r`|9$2$ztAs| z64rP`{-O6>%EFTKl(T-)pH826YJF{m&W#YoJX}5s=eS)6Oe(*U)s#T6ST8^9waqY* z=*EU?*Y6DF0k<#8NBA=mWnlu9`*j!1dt*U|hq-6(nN9+578rP4b4EI+Tt8@xTgf*72`O^Z)siH|_2U#9I{8#NUbI?(39$w#lrsE|l46(v#xS+6uYfs#^^ z(Y^HZ<1{{X+A7esT1Ro&zdt`w^nFN`?iU>`G%>UmokL1OM7-|*zB4I_laof@F4Bs} zE*=i&JeiQrX}xT_NNyv4ETC!X4xqN0&BURH?kgo%Y{DX^N+10FO@KzUW(FizkNDKb z2l$vz7Zer6^=CypQS>(lzD}~ZeWt4F>|DX=iXtCxv`Zg>Ffn1OmqwqQhC6L^4Hqy> zm%l7M@q$}8_DsrQpYYQs;E7?=EOLJle2s$9{bGLW>_%YE^z2}*7|)ZUmH#u!+g{1BKYZ3g9bSQ0)hkAQjmc`G`3mDnms4;nDk;ciO(~7q?gjepqzwAtkMgkUaurOD?8#ey+>t5&K)?VpFMxjovdUP~_ zX%g%(nT?y%d*ZqG#ke_%lOFIqa9<~9C*vs`ZRj8(B4U332w<^x@yDm9kKCWef-hQ< zO9RBl#zyj?zpB2hY^ZasD{7j%F`+}8Zbbb`Pw1~lLVV(bjUawD_pGsV^DdT0SiY2r zcy;Izkcz8HI|vO7wp)7Rk+yN@+fJAS!zSGwSJqv2W@$Kunu3p?BdjWMsINdR^RvmM zr)p|yaHE?Igv|L*o`^R-vl8>%z9#f-M6YIDNvl|%FvuOdfU1qna+fGE+Tc?9({9uW)TI;pu znV+h1Wsk7druE9KP?Ka}$QRPF_z6S+F>}qv|C>*+UwmfKd$F@#4yT7!{H34 zk2xtw@eS7z+6`xi`D5E4#F1{Tc4Gt0y@>E_Y=9pB&VaN#Sm~u=-Mj@nhd~GEcZ0Wr zt#xo8y|0K0I3M`;_FN0dtd+5Kbo?$!3zoI~jYHfWlB<_K(R|SCoYl;GYUa@CIs`c;^t3{9>w3`^hB8l2(X{Ik(p$R=ijC&C2SnI%>E^8sWl#fO zO+CDTpo8&MR^~xnnZGp0p|OQlQiEhU$(dP##Skwir*2l?UodF4<%-;|k%fTg@5H2U z$LeAp5IpwP$p6#Zc?LDveT$x=Aksm4?}BtikPbo!C?KF9NbgARMS7855B3-10 z5|FAuB1)GUiWKP}O*-Bk{lD)y_uiTF@#I5>$&e?>e%4-l)!%~0U-?eK6%7zHgDZCC z=AqWMwkxL;V*6}e{m-XKjp#-!j87gLBJAH_j@Oco54DrRe3kGv9^nbedMvR`h_8Ip^lv4|hMM@!a4V@~dVoILsH;|80R- zdi|VW(=kCF6*FKIWJ=EJq>FYI+jVpwf^Nl7aupztW7c!XHsJBs9q)S~j92E1jxWv$ zAyUO1d!pJ92pK{xdiz1h9FHueM-SJ1rtKi(wFCSQl!7UUN)$n|1T|l{%BtHxd zfn>k^?HStEw%GTI!z}pNQjdjlx9KjLClY9#9X!5!!UPc>#mM6-$i>y&T`vvh7%l>> zvhs2-p`B}|zw}?G-|H@jt?~KF$mK+hEmS*^UvpF!eyPUxkR(6ymZfi%_KIhgMdWt# z_G``3&8NTFkz8uL_PGY}CNjQd8~$voX z0Qltf8mvfQuwj4LZ)Y{!dkv?s=V|^(ae(u9}-3a zbyu;TLkzO^1P33U5LR!xZ_Kgi{TzM|yC>!^Yo%gbzaCO*o}JFlrs1+3(wXIk2{gnQ z3mY|7=}n5Xo9ootE-?<04&s(tCXnQBmj}ghj1UiB937vO4H(XygFa}MAbOY<0Ld)F z6^Qd?9v6xQjEg2(Dsyv$)4LG`nSK1&$<50Pfm5lirK*^0nmKRMvW$OjnOUKexh?eQ zZT`pSWZ!V#?0)fa&HmL{uc4vAEgKl~S*VDz^UC0;wCDrsB4XvKf<*Oih)qvO>WddI zmSUWLw<{0Zu8cVzD0M%)OTWr+9yVxNZ97f>Z9GfQceXXC$#umpVeq9+I;ci<{4_;% zTnpJ6th^Hl&49G(gs7l4VKxaF2@9c~?RerOVf81ZR=LV|?|QL(w6ZKLXlxw*h@%{g ze&9g_mPq+Sdn}xI;;CG)@vy0w+*bgrsB>X7;Os~g5MTSz{?+aE5s{~eW zfzl)SOj8tIOKLpUPA1-s`T0$A|Eye^KZIOmOH_sUB;u!=Cm6CiC`Q|LUrqFjj4*`ma8rv&_;{79z^WUe$TUUz`6zp$AyQp8R`Y=2(y}@>{!r@%3z3#h>m`$lQ zV}%pW%5SDCVa0m4414Uw+;lHl3>MR2l4qRpv8ohYJfIg74jJJ$+ z(YPB8dUwC637a$u(rwp4U0QOv^?&PY9IB$eH5VH@2Ku|Xcc7j%&NW8d>2EsOuyJsd zc~2dz;5u@*IO6+$Z*T7bU;EF~-gKdFdy8!D0B*uE7Mzp2vA{fWvtP#OX@TG^$G9J-*LNMX!E;j zr8m!dk!GKhd{326{toPRaPMrS{#BLiHN}25->u_=xis=1!$bClSZu za`+!HDVS1sVOQ~8;Ag0+f5hq72i?F3tPVCu3(mrXq7uX4)tmSXW`_o7%&#|#qo=*! zdnI;P+{gARy)W}_CdFI{p~^wvzhMA`K*QVndd}c*Y50YM6MHHBm_uN5^++Z=TU$T0GVG!ps0Pc1HH`i@G*}2O%5pS}yDf zp%T1yW={-D$yL`9QY^*&P}6|c`C3J`(yZC`A_<~yjBzU!&rh}i<||j)k7v1NEoHsq z4)THH2yXOBcdwy|zA$XlF_-e%qdD~Jv;%wq*n)vqnYniYsvxZa&3F-*f6m9&Vy*>=fKqPW|S| zO4HXUir(?r!%M;ikGq@lET1(#@TD=V{Y6|_G>h~jRsT_*#qTXfdtOuEqr zj}JbIH^wXg#)HUxpCq4}$3PWU#@l^L~t@x7bqqvz~ zW`x#{^@dDNJw76m`5byYjxc4v6Pd;mk9eTEy7`8_%btY24pS zzm3s87U3QCC8V5nxO2yd4nbM(teM~THD+Iw3vhPjOz8URN>EUKRPKSw&uvW0Tknt6 zf#Y2fS6;PAX|Zrlmz{b7`}=(3OXh7NCMtnU1_oPXA35KHT;M6rE1>#c(XkvTO8Yj# zE^1xKqaK9JASjiaZXPK>uomU=AW#+KP?u0jj1rTUM*pt%61nFubV%w3md#f9|6Kx@F*XZcb18-mg(sgxD zq}6GJ^&c_aMxi487#L|Btn*Y(E4mrbb!0f!o;&%f@C+$k&dz9Pz{%syg%i--nHZDE zn8qD)yq8;O(9cT6B6t5OXa(L@626@kkf@~rN1?8u`#z_RjxLy(UK{MMsj5I*;MPU>`WgTQxv!pFd^q=6H7^ufWk~!RBnx4Tu5lr=m z(F$kj`k)R<0JE6&^y|kXp7nBBH#O{e6RGrXp#mN8< zewdYo9LkQAf(WU}40Q{27Z&%XZU{Pasn~b|T8<}^vt-Y!2EPpR9pL{v-8_Beba9dY z#XnWj@nyMDoi5MVB;WoURw~9a=T)M!uZs1=SFi3LWJ#n6fM~?V;21bmn-sD4-EQ6w zopZ4&L^OfnWvi4E-WI-dy)C!J;G)(mng3bhVm%|;#F4w9A<$PlNXJeeBLrDpeQ1sMD zU=pBJA~kYpg6g^Hbo3q=7~H6?77O@JSaSE(v8=GLmVV|oR~9yMnwZ3ye?@GnH7Hw{ zcqdySq_wDCUtiz;>c)}#Di)HTCZ-a~VNT6^KLsGr92v!vq92*b#0*pz848175=x^m|!2>JC3-ed1~4goKsMks8d>-KUl&v31~bM%*loVL+Qr&vJ)L_WPL9{ z5&9bGl}P#?Vse%y%fZelf!T33!E}i`dVt8E=j^d_=lp~FYmW1yA77J{KL7lQ8}33H zV58~*#*CC!;`SA@d!D(O<~tACO8s_oanK0%%eY2EBkxZik?O#_9ex%l*Y=YB4a@CY zx~G~8N1TkZ7H3k<{S_{2?7P7HUlaR8%EZ}yWG05{*FNl!7P-Pv(EQh4n72o7zJ+13 zhuWxC(TTgyxEk6dJ*GIC`e2wk2s9`tu;7hFLn{GAf2m&WqXKqA*_`gw=Q3GPi=B1^<@Ot0GqXzF5HKI&j@L>G+1x$|kr}xv zD9qXs1k~udPb0x}8!9W6nYdKt{UWWLd`gdI`n#`RP*K~QAei6pfr@O2uMFfj+=d5f zO2|3;NSl4vJs!(TNEGU2H{qkB6O5GO7bLKN_jUm%6a|fvO6?{_;@}?B3js%g8@U_n zZz2dEmAJd$?teTuIDjRnzj$~-xk*M&Jd8WSp0zaxxmwz_A`;)fo#C8BPx%gJBvaDQ zuD~YOcet%EP_nhZdgmlad+r>>`W!|kCdpsjL?V&%c5BguH~jp5UMHXJ(}Qw4N)y%7qI;ZaG8p z9Uw#S@WKsN_Ws?s>BD=GBTC}ssd`svA;qeUH#wcq=(j-gzSh+n=5T0Sv3LS3 z+Tk(tY|6RUa`LyP;=c7$bZCM$ywo3;iGMsxrQA>cl&8cbsoy-aigSv?Q2FltH=6;1 zl>5FZYuREB`K7MS8ZY_KQ3d(uDX)nqens*i>1`PEgv4~Wp~J284D_eD=D{J@NhR|q zUn5)#s@TnzNbv;?xuktB>juJJK6zBvac~khN=WJMD|+>&{9UHJtrV+*PzCaP9==TI zs6b0Mep#HIk&rRV)gf_{2AY<7&(q+5R zY^@>@cf$`llno6Hi}$F=8S67V9a>=zWItRX*&nM{QE*YI-uc-XB+Xsm&X*D7xHxV!BH~#j3)sH;qPu&*=XpJ)1>A41>qzi?{}n&-a7$w? zLu^-Rh!V(YMLzEj=aS9LSr&p{k)eDYQC}fl13A?@pi!Iatr}11m&uNH^_Z)!(?-QX z!Z4o=`Ri1Qxkk{f2v=5F1CMI66!}BcyC@#y!2!$p{oX_pLIMJN>)}bdvrh<>(Fh!p z=aH#yvRA_L9_g2F>AuA99L{&$W2~-I>lR9BjSp@Hb1H^CnRlB!)zl)9Hw4kskIX77 zDJ^<-n&!&h$w<*c4^>Yjeto3=_UPOE`ogE=xGTmjpi>S`?5~P<=gCf2=vjJsp!>qy>#qyEUEzc&wRD zNkW$>-%{~?>RBI=>i-BgX2y4$LEISX#w1#u@+Aan2HTzF*trU5nf&`A8(9eX4uh^X# z@NX$;R59ynP&&lN#SC2Mhlq5a)zTXt$qkR{bJNi&?4zTsE%&YW{Xh9~w619T=T+-m zriCZj3v$-J4jqY%CKuDa`S>z*IA*-j>@qbz$M?>w$3|7=VPw*gCAZeRK#qXRf7JLr z&M7nX-mQ7!3FS*uYZ1-JB8b{pm*Nu;$Z+&xSZ!%Yn6rq>8y~mldclJ4Wf3Ygf_oZ$ z$D&$N$gvr?G`4u=q|B3*5`A)m)<_Lk~iKzbsjgVTqgTv7HXq+6Ba@<;Ae!j^95;X1FJ&lj zabo5AT2x0LaK69D-(ES6&ZXzMBPI3V5Z|F&szEgW08pI~&MCa4v1(>!_dMM9qV_!# z9?N-a)N4gVHL*zz*!N85UX@r4k_r267TqubiX3}$}M z;U8~&K&ppC!HL}#6uK~m(pioG^Qd{qtNZtQBDT zS56}c2_4OhNJy51A+#w*1wU-sv~jc&`2NF*wn;DMOMX1B3N`lM5IpykrrmX z`nZRtv=LhClf2j*5qP&&Caglu?;+1*iO2f|PFtIdiPj%Q3=+ zz$(SJ8M2nP+TX=&#<$Bdy=OBzevefyjkTSmolUi!v*l>t zy2Y(B6R@XwJQi|HcYN^sEbZ)tVRuiDnoH1e8bYCok0w_O4*TXxj~0@ki)7+x@*>o5 z&hnkN_fDmF}ubx0tee*GA*Ex zS^g?yH4Wj=Q1bw4l9kAqAB$f|SXS)eF!cg3rW-YYl!g(+X7BVQv-Y05w!wFQc*U9= zhS==IDtjs&eTScNDth!JvP`{q!EhkeV~KJ&KYcQsBd{ASH>@deik&$E5oCAT|J?dC z8JS^Oqmo^OcOJF_^Y|gm%eEkJmdfL*G^nCTR z$YC^lQ|yRiff}`4cs7fyREH)Rh~zFS{qf~mWrF7adD;5f z-so)0v$2D|UaW`p-!D`MDt*jzjq%r_Pb|ySey$91<#^9W7kE%B$29zttH9A+Lky-> z8v|43q5ebYaU6}Vsj2Y2-p>UU^;%nJp)q?3^Y1EK;n;ZM76y63IJlXg&xs8+nt@Ue zZK8j^^{ea1qb)2JYr3t4>muTeyM5M7err~{JNaJv4TH+2mjMTg9>ri*mxFq2D@0+5 z@}pH@O^x#ZcahB>fOo_Xm%puP^dz|#BzYH)s;xY}pZVvo{qDhAMaNv5ZT8hRd)rrv zerp3rFDF?P%E21{tmzyS?d+Of?O;`iKyc-+#qL4;fS~4|+hu2y-?Lh{;PZ%czRe<) z_ZDI`<e0{?3g-yo?e=14KMiSY(L0V? zqLOneAz`2r0GaRoy_GPhE6hwc?Qu$oLg) zqG!lYL-TIw=l72lJSs(uZ#KsolAR_I>Y%QpTxTk;9fydNba30a$xEH9&H`c^A0PKc zlGQPio^p1fC%G38uof55FF+ZKl5Jl`#kz_~@%>Cr!1XxE0`ceLJO2n*7&Q;wY!AC0 zcI4(j&a8$iRS3=IwOt)tMH0%(4;Kt8QrO)U>6r!kO%g#b0~*(>XyT4<>wqIekR zjY|pLP!31$jyu=Ga@dJ1D6V1AVZi<*1-^fh>2CRpKKp3Ro1EEixmc|Pa%FxLON0ou z+W{*=d+j`DLU<^(7L3v!qXpyRQ_wGNE?%5h*13RL~o@$9?0*F!ZPI5J=;SRg38w>6W)O z)Ym^{!vH4F`x`)Z=ehqCoyTaF>>`+#k6?71cR-3u-e5TL*$&4Tjs`?OzjMbc^^PeyAH?bCpeLpr2{a5AxBLjJV(s%!eGcHyuz4})-Vei!Z{eSM)|N2KB zt6I?AdnX&PU!oW0W;AsC^ZQ)~SJyF1^fH)JB>Rs5MpO|8H z&8Hd>$A_$o9EML3lCz=!v16$(M-z zhZo`BWkrcxZGLPNg}rDc`QP z*L$X>uU}#?#+g9g!Mu8?k57H@mV=CluBUBfIEmJO4GcJ2iXpGV1SRsZO}h}Q1p9|-}k{!f4ZRABv+gT|iOm6wy*euo4SJ%4hE;3h8)c&MvtsZ=PNhyNca Cdv1XM literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 2404da2be6..bab81ac1ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -20,62 +20,118 @@ ms.collection: ms.topic: conceptual --- -# App-based deployment for Microsoft Defender for Endpoint for iOS +# Deploy Microsoft Defender for Endpoint for iOS [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -> [!IMPORTANT] -> **PUBLIC PREVIEW EDITION** -> -> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability. -> -> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. - -Defender for Endpoint for iOS is currently available as a preview app on TestFlight, Apple's beta testing platform. In GA, it will be available on the Apple App store. - -Deployment devices need to be enrolled on Intune Company portal. Refer to -[Enroll your -device](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll) to -learn more about Intune device enrollment +This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your device](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll) ## Before you begin -- Ensure you have access to [Microsoft Endpoint manager admin - center](https://go.microsoft.com/fwlink/?linkid=2109431). +- Ensure you have access to [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -- Ensure iOS enrollment is done for your users. Users need to have Defender for Endpoint - license assigned in order to use Defender for Endpoint for iOS. Refer [Assign licenses to - users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) - for instructions on how to assign licenses. +- Ensure iOS enrollment is done for your users. Users need to have Defender for Endpoint license assigned in order to use Defender for Endpoint for iOS. Refer [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses. +> [!NOTE] +> **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).** ## Deployment steps -To install Defender for Endpoint for iOS, end-users can visit - on their iOS devices. This link will open the -TestFlight application on their device or prompt them to install TestFlight. On -the TestFlight app, follow the onscreen instructions to install Defender for Endpoint. +Deploy Defender for Endpoint for iOS via Intune Company Portal. +### Add iOS store app -![Image of deployment steps](images/testflight-get.png) +1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** -> **iOS/iPadOS** -> **Add** -> **iOS store app** and click Select. + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-1.png) + +1. On the Add app page, click on **Search the App Store** and type **Microsoft Defender ATP** in the search bar. On the search results section, click on *Microsoft Defender ATP* and click **Select**. + +1. Select **iOS 11.0** as the Minimum operating system. Review the rest of information about the app and click **Next**. + +1. In the *Assignments* section, go to the **Required** section and select **Add group**. You can then choose the user group(s) that you would like to target Defender for Endpoint for iOS app. Click **Select** and then **Next**. + + >[!NOTE] + >The selected user group should consist of Intune enrolled users. + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-2.png) + +1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page. + +1. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully. + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-3.png) ## Complete onboarding and check status -1. Once Defender for Endpoint for iOS has been installed on the device, you +1. Once Defender for Endpoint for iOS has been installed on the device, you will see the app icon. ![A screen shot of a smart phone Description automatically generated](images/41627a709700c324849bf7e13510c516.png) -2. Tap the Defender for Endpoint app icon and follow the on-screen - instructions to complete the onboarding steps. The details include end-user - acceptance of iOS permissions required by Defender for Endpoint for iOS. +2. Tap the Defender for Endpoint app icon and follow the on-screen instructions to complete the onboarding steps. The details include end-user acceptance of iOS permissions required by Defender for Endpoint for iOS. -3. Upon successful onboarding, the device will start showing up on the Devices - list in Microsoft Defender Security Center. +3. Upon successful onboarding, the device will start showing up on the Devices list in Microsoft Defender Security Center. > [!div class="mx-imgBorder"] > ![A screenshot of a cell phone Description automatically generated](images/e07f270419f7b1e5ee6744f8b38ddeaf.png) +## Configure Microsoft Defender for Endpoint for Supervised Mode + +The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, Defender for Endpoint app needs to know if a device is in Supervised mode. + +### Configure Supervised Mode via Intune + +Intune allows you to configure the Defender for iOS app through a App Configuration policy. + + >[!NOTE] + >This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. + +1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add**. Click on **Managed devices**. + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-4.png) + +1. In the *Create app configuration policy* page, provide the following information: + - Policy Name + - Platform: Select iOS/iPadOS + - Targeted app: Select **Microsoft Defender ATP** from the list + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-5.png) + +1. In the next screen, select **Use configuration designer** as the format. Specify the following property: + - Configuration Key: isSupervised + - Value type: Sting + - Configuration Value: {{isSupervised}} + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-6.png) + +1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue. + +1. On the **Assignments** page, select the groups that will receive this profile. For this scenario, it is best practice to target **All Devices**. For more information on assigning profiles, see [Assign user and device profiles](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign). + + When deploying to user groups, a user must sign-in on a device before the policy applies. + + Click **Next**. + +1. On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list of configuration profiles. + +1. Next, for enhanced Anti-phishing capabilities, you can deploy a custom profile on the supervised iOS devices. Follow the steps below: + - Download the config profile from [https://aka.ms/mdatpiossupervisedprofile](https://aka.ms/mdatpiossupervisedprofile) + - Navigate to **Devices** -> **iOS/iPadOS** -> **Configuration profiles** -> **Create Profile** + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-7.png) + + - Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded above. + - In the **Assignment** section, select the device group you want to apply this profile to. As a best practice, this should be applied for all managed iOS devices. Click **Next** + - On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list of configuration profiles. + ## Next Steps [Configure Defender for Endpoint for iOS features](ios-configure-features.md) From 9a40aca0256689b346742cd326cb7827392cde62 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Tue, 1 Dec 2020 12:43:07 -0800 Subject: [PATCH 034/210] Update waas-delivery-optimization.md Added support for Edge browser installations and updates. --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index a50997dbcc..02dd9f8971 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b - Office installations and updates - Xbox game pass games - MSIX apps (HTTP downloads only) - + - Edge browser installations and updates ## Requirements From cc0364cdc2779def4975a6fa82910a63f1f08af0 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 1 Dec 2020 13:13:20 -0800 Subject: [PATCH 035/210] Added DataCollection and EventLog policies --- windows/client-management/mdm/TOC.md | 2 + .../mdm/policies-in-policy-csp-admx-backed.md | 22 + .../policy-configuration-service-provider.md | 76 + .../mdm/policy-csp-admx-datacollection.md | 114 ++ .../mdm/policy-csp-admx-eventlog.md | 1588 +++++++++++++++++ 5 files changed, 1802 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-datacollection.md create mode 100644 windows/client-management/mdm/policy-csp-admx-eventlog.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 559f7b27a5..5bfb5277ba 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -181,6 +181,7 @@ #### [ADMX_Cpls](policy-csp-admx-cpls.md) #### [ADMX_CredSsp](policy-csp-admx-credssp.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) +#### [ADMX_DataCollection](policy-csp-admx-datacollection.md) #### [ADMX_DeviceInstallation](policy-csp-admx-devicenstallation.md) #### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) @@ -191,6 +192,7 @@ #### [ADMX_EnhancedStorage](policy-csp-admx-enhancedstorage.md) #### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md) #### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md) +#### [ADMX_EventLog](policy-csp-admx-eventlog.md) #### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md) #### [ADMX_FileSys](policy-csp-admx-filesys.md) #### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 4d5d2f3728..a866b983b9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -76,6 +76,7 @@ ms.date: 10/08/2020 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer) - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) +- [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy) - [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) @@ -166,6 +167,27 @@ ms.date: 10/08/2020 - [ADMX_ErrorReporting/WerQueue_2](./policy-csp-admx-errorreporting.md#admx-errorreporting-werqueue-2) - [ADMX_EventForwarding/ForwarderResourceUsage](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-forwarderresourceusage) - [ADMX_EventForwarding/SubscriptionManager](./policy-csp-admx-eventforwarding.md#admx_eventforwarding-subscriptionmanager) +- [ADMX_EventLog/Channel_LogEnabled](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logenabled) +- [ADMX_EventLog/Channel_LogFilePath_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-1) +- [ADMX_EventLog/Channel_LogFilePath_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-2) +- [ADMX_EventLog/Channel_LogFilePath_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-3) +- [ADMX_EventLog/Channel_LogFilePath_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logfilepath-4) +- [ADMX_EventLog/Channel_LogMaxSize_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-logmaxsize-3) +- [ADMX_EventLog/Channel_Log_AutoBackup_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-1) +- [ADMX_EventLog/Channel_Log_AutoBackup_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-2) +- [ADMX_EventLog/Channel_Log_AutoBackup_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-3) +- [ADMX_EventLog/Channel_Log_AutoBackup_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-autobackup-4) +- [ADMX_EventLog/Channel_Log_FileLogAccess_1](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-1) +- [ADMX_EventLog/Channel_Log_FileLogAccess_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-2) +- [ADMX_EventLog/Channel_Log_FileLogAccess_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-3) +- [ADMX_EventLog/Channel_Log_FileLogAccess_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-4) +- [ADMX_EventLog/Channel_Log_FileLogAccess_5](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-5) +- [ADMX_EventLog/Channel_Log_FileLogAccess_6](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-6) +- [ADMX_EventLog/Channel_Log_FileLogAccess_7](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-7) +- [ADMX_EventLog/Channel_Log_FileLogAccess_8](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-filelogaccess-8) +- [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2) +- [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3) +- [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4) - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression) - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 9a2bc98925..4a90062fe4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -377,6 +377,14 @@ The following diagram shows the Policy configuration service provider in tree fo

+### ADMX_DataCollection policies + +
+
+ ADMX_DataCollection/CommercialIdPolicy +
+
+ ### ADMX_DeviceInstallation policies
@@ -695,6 +703,74 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_EventLog policies + +
+
+ ADMX_EventLog/Channel_LogEnabled +
+
+ ADMX_EventLog/Channel_LogFilePath_1 +
+
+ ADMX_EventLog/Channel_LogFilePath_2 +
+
+ ADMX_EventLog/Channel_LogFilePath_3 +
+
+ ADMX_EventLog/Channel_LogFilePath_4 +
+
+ ADMX_EventLog/Channel_LogMaxSize_3 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_1 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_2 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_3 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_4 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_1 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_2 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_3 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_4 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_5 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_6 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_7 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_8 +
+
+ ADMX_EventLog/Channel_Log_Retention_2 +
+
+ ADMX_EventLog/Channel_Log_Retention_3 +
+
+ ADMX_EventLog/Channel_Log_Retention_4 +
+
+ ### ADMX_FileServerVSSProvider policies
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md new file mode 100644 index 0000000000..06baf9787a --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md @@ -0,0 +1,114 @@ +--- +title: Policy CSP - ADMX_DataCollection +description: Policy CSP - ADMX_DataCollection +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/01/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_DataCollection +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_DataCollection policies + +
+
+ ADMX_DataCollection/CommercialIdPolicy +
+
+ + +
+ + +**ADMX_DataCollection/CommercialIdPolicy** + + +

_w9l zt2j^(Vjd8q0ePg?pCy#nJ-Nce6TGihSk+v@Zo zn!=hJ>o6EuSnv8vl&r%0{vT`LIYc)&w>U|vBq@17a(@3-BQBb9#$Fdor#|6(yrocy z{PY*JCX~;VHSq$C7N`9=>wZMr1mCt^U-6y78gsh-z~1V^n*M!AU=Bklf+yM7iap24 z##&J6Uiu4YSaWW9bTveWy4a@hMYDfi(c(2)EfR_d^+u*!?F-mwy5Dd;BPD4He^3qm z&q+omfTW8-$mi#W)S(hIg@lbpcX=N-vES+cxLZ?wuls`!o|8p$_3|J-O+aCwxM_h@ zPO6_1qYl%Fmj62h+sTN4V)8Q_YjHLl@i+mFY&IR* z!hg+_`&bsO<-~+SGwoCHI!5%|P*d8Q)Hgqhf6A42iU`EJTPSg$)3$w6Qb6haS=Cd* zyA@J3T{)pl95*dE|^=6{U4sZIIL<{e&iFa_jy-Co)ltwY_yk5 zC>OKL*QDpJ;m0Ot&9*oB;InduJKp0ej6kD8i6PpSfjggW9;j15lrqBeQsrnd)6AGN zOVyysNE!<+mD~ZEUIPOvC+yo{Kb-gl9=>^EX^G*ss7*f-^t<0l|K0C6)`q^cw7c|& zdj*o8GP<~O7F9ZFZ_C`_#UQ?kqr7rk*#c`l>L#sE%6<*4k8=1;+Onwz5P8g_u51)oOtfnyg zZXzL$tpY`oMQH3R@B3LACIlSWi}zTHN1NfHpWg#9Awjt;z+d{d-DolV=E2e^J-Be7M7=<*t8hVDBi_Ac)jN-JlJYylClb zH%lg=hU(%bHT1d79hgLgikBCyGFZ|CE zwkT~uccBK0yT7{`_@8cOvPMPF_L>+pJ4Ng&_pq&KI1^-N_ee;TdRO8SidFTznHaMu z3Ulg;_(Y+QSd=>*&6qQQe=@?^NApD~qe`RgDk`rf5HA{+77s=^|LV$Wf9iDIh(CDE zxfUBGK8}R`qidh7g+{v47kcbJ-yu~QWGLoU2*;ypp@B%hV^W5gcv>I5@A3rLC2-3`9gogg))KIuwmh_WTJ<=bzH-&Qi1Yfh&~_VLRLpPpy;co`hE$M~#YCse1KKt4$Llx2~zv)akx zRa7~y-3NPd9YY#!T+DFCw!!c+oMRyaPa$P~4=kXr89f%AW=|U(t$%<_-8Nh>08mypOrLeNVcLk}HtKIyxqhqx~k~hMj+Gt=i_MDc&%rH`!Xh!6noE zXs3B{O*_;~k3U?}+IpSx7`#TkOK-@jo>UNqY*@?o7gTtGaqvy`WyFA3|CVg~_~|iH z!l+sMd%aIeo|pLN4eI+5`oFXJ`^W#E-0;28=J~?v8v1zQFwVED1`=;CtQXNX$&IL` z`}g{GMR6u$RpCHXQ^qg`Zep8A^3?oCTA)n4pI0v`e#amF{R?-&Vp-ymtk-WCJqrti z>op<=vkLxv%GTq5)!OeL{Nxw- z?_Pj-#s8}t&aaMkcp5i1FPBcv3YQIMq@Lemj@Ipz6L?^XE%5dgjaqu2e_Da-$lztU z5=^V0(q1XMl1k-G=2PJ};n{EQ-o2rFhnW;z+#)nCZW?h$wj3*YN7v=!_%Iq)=o!(m zTmP|JqjKL`B4A>ABlr9d_Ax3x^&$Dq;y>tU*RBbCZ2b=q%%>ZE|3WWbyLJ1~pVBSV zAKkr2{vQaXhfl=*p!lGE^PDO==MVaWj23;BY=ulwJc8J{KC~YeHclyiN4(KH0mJ*k z_3Ye}fE@3=+|tvulnsZ@;;ZP)EM`_`?WBbc_aNy;jDL*)&K&JpM*<13$4-QtGgt1Ke-awdv`|saZkdW{PFyAXyoQmq|c{6p6w3L*h zAo*Y%!2Kc)lCI)0c|SPa@clEqAB4bsaQfoVDjBy2;@NN#cK!T0us)a;5g$Lj*vQ4j zg#-t06?$#=42+DR=O=J*O8g|^?nBvY@ISLSfSGS?AHSXBkhe=aHF6wbKB=(HpRNzx zY`{M*(%jq|F)X09k&o&4UhjOsYQL%Y<;#~1cn8Tiz*kh?E)PpTJhYnuJn}B*@Q#&( zQ&xAR9f-|GuzTJpKOO55pT?H`{(dmh6wl+z%Y!Fty}EsIkY=sqRSPu6fcg9qtszqN zC~P_|q_IfxJc$FAB76LE8-ZQa`ez++N|6^%>J%Mp{_tGw+B+k$>(2iXmP&SSy9)FN zWZlSic6Op3JhfHKBL@aK(eu)of|3#nHtQvIr18P?M41GqNzDa$WVgD($px0nWw$*3 zck!Mj#Kth)=;Yd-@nt4W1Q%~B4E^aJOqJ(OU#m@plmrTx9ob&-UrvmfZcneJ%FAE} zL0te`4GdH?C^|WvkS3Aw@@io5pCki}kaGpP!Bqj?1aA1@X{D(-bwLz)@1)Ln<73{K zk7F@`cY?Nwa;mMuJZ3p0;0rGo5w`;V%-lm>F^!5J+Xxdihm2P*z1lNHX^Mt2R%+N3 zd#Lr0hZ|rnV|krz;u0Lt&e)xuoT`ak)=9YtF{P9E6WFm9H=g)Wx+W--gVsmDW<78Ab2tf?q*XQXpV|`deDOdk{kA0XIT+GG!;!xGtRq!qeGo{wR zI6vRei(f^Z+BG4ni>ostGLnXcMFCL4D7m<}#GM%$8iMy_z3!o5VG-ZHrS$alBwvnk znG?4T50+)5%RukN<3|!^!hBkPZdiz6uw1UOf{wR1M_g|!I=m3Q3(ATncea-crClR%a~>2T1cjwYU1n($dc z$;P+Mgoi&44gZ&u5r!qUr^QocCcD0t_=Io^pAc@d|b6@eOr&l zR$X1)ht8!TE{3XprS}tToZU9@NK!>b$c+U(r?550D@$E2R$$D%(>mj`rd2=aM1o+C zbBsFdhQKd0dF`V-Y?b0?tLtscxFgdIsxnMmRU39y+4g7$5BwM4rT&!c7W^{{z@u@S!=n(DvkzQmXwiE zQc;Np(r9XwR4ndwso3tl10dk8p}-K?cMrtXyEhT5j%Tc%3K0&GVy~Dbc7RSK8`Phacjqk{uX=F1(eRI62$=O$UCoy8_bjmb^1BUnwHn>FP_=qb zX`IQK>;0vf{hMA~p(iM7T|j5@!SD~nUjHLI-F`8= z2M_v#eXgoR8R!{Cw~abBc9(dnPPV2X3qwC0ZC31D5p8rPo5Q4v0hNkXCtQ<>NevJ?urK z0_?Sn9bpXGQ6^(|>QEE$K78o0AY!U)=`ao?nQ(v6W$gGX5$&UMKCQBE7bvV2s)0?F zW7#1mK4fr_dZ=a?vuaTe>$6=9f23~$|CLHp_0l~$YlVlXG#W!9;K8>EY*9&*YJtoX^As5U09{j z+}dW>&M2R^cCGe zd=Mlwot{15QCg2pZG9I__GoXJDPpY4rni<|RWprF^diw+dwE3jARt0{L4Mr0OfR3b ztH=(Pw!01HQDnGqC)L_Lb<(~Nr2r`?GBnTFWx_@h`>MmkpRBB{4X=g>#a%U4lajtu zTY3kUl1sZ!*V+Mf(@?=Ub9cF$QPApKw2jo{;(+3(7xr`Y(^WT!1Xt{w5h0cYdPt)gGBrLAdyj&`_{gjooWc+K zQQP^0r3q}v7GF#kv-fDKQg={NhofmK%YetUJZrL`HG6g2Z6X+d`>|HR9a z>BqwU=6Bhn^@51AbMeD==Jz-wrpQ_e>2=F6uGWDq7B(SZ-?^Tk_Knfn|!Hh+jypY>)nI z0W4z}hwVK!AP;xqmD5d>9r;YjzL4jPEQ~eW_h(D-3@0X<`2PAver{i$5C2S>qtf>9 zm3yVKS6Ke09*{m@}hYYP+^xyjTq%Av+y=Y=Zac*+6@Yk zn2P!KCl6%JpAn6hVk$v#0$I96a=@KP0 zICeA>ra+g7FTxAy(qmoE9X7kHMa&A}7A&+Oc~oDUUiM zntzP_UY=-=4VgAWa2*B`)>?CfT0^d;zN+sG;atrYoW|uI!m*B?CSi+q?@!~;@D-^% z4HFoCX*ZfKFlb81iyFvP)!Q!i!m0rstC4lACN7PH^hJhRarv~!sq+qtY4xnU*FT55 zwIeouBw`~~tL`GUpXH`#wj8eX;k%bjrO;wNJKeB5W3|+e047Qy(IfYPcTzz5gn;2L z@~o2udjZjpE`G^r{_3jdLB!>SW}>$%m#1w6F(-poi1x2RlH;K5`2@%cQr$2nu`xRg z<4#WfSXx$O>H(sMBT$ zQGimJz|t98;IEjflH9g;&*!!rjDaNgrtmT8iqO1~`GN&M9ePI?7Q;lO?lu=c#Ep`s z)J#v^88#!6Q>G6KtHcS`~&FyxFg9DJc)U-K=AJq+pQhAlqL zWQLk{G`iTA#2~h!Wv(YoNf)_V8RcbOl|su*PD9NMrE5w9P!9(7jC*ATGJCdc2tP!` zE@a?w8aFabDf9`B>4;>M-B7gFH#J~IESj^uHkrCN_GLr1lAS^Pg6GR-3{yh*Qz-g+ zeo#rQT?dynGakXCS~kRNavh2G8uv0>BF$C!Bups?;p`w0jdVnoB*t4LX=!NDh$F`# znsydp)IYx#N^X|( zR*772dz-!qa~&o9kw4h*V#V&PT*o%Tv)pvp2vL_uTVD5Lbg_(^W+XeRouU$%&mXG7 z8+}ms1?KmT=w_%=C}{7Xv=KXbUgM0WYtQD$#?eLv&Y9vGe6uL(n*Dnk3U+d2% zetjZ0Ck;a&ERU(H>a~irBhzWoe%%P(9%oXN4c^J-4pCN6QU?A-=Tp-WHm@|GgYR=F zcW)yqoI+$J%T47{5y>ms>gyxnqc{?!F^Glq!t2(PDwlOEix=AXCtx!Tk3%+*q)aXj zQdu9~+bd?j3klvzo<%2(g*Rx{(Gp~uPiroqY{86H6*~tBmF83Z7Adfy6`R+{{(4)V z@ce$SE!JG4_hlQN^y|ba;P2H+8$<~F6MBO$PSEPWa9a>Oom#w$?InOe%2L|4Q4wiT z^bQERJT#F!M-XTB?iYIi9S?si9lL*1c@GoBk!JDj!X>Dh8=7My&UsuSeYFIuzxZl+O) z)7lXAatEkCdipf8w6rvBw$c;|#d-QvB<^*)`K1oGXbcX4;SjJRAZWUaxt1N?unRY6 z5KVj{`?2}f8_=#{6F<7~1up7^(%1(`;E>eb3=Ju0v#)N;F8}3i^QtF@dy85^7HG@4 zNYjWhCp%$J^|H79keg=yC9$lIX`0Swk1^5s^TNywXRKU$NMGlLkUtH1i@f|bqxsIW z=h646?#&9lC?T&$1^DAxE3KL~<-)j!#{3W+eLa3YQpL55FI7%kA7qp$gjLH;EEBf+ zyrIv4cqflj)m|Ap$r|L{Bi065v3k!dgg3q>MfWXi1`m!OI^vL;2WJ^wK~y}83mu^z z$`?o|pee5_&zoNHEYSa~T1TsabZ|7UIxV(^EXOw$1yeDSLMFPH2n$ z-m$c}_&Y7F*>{#LAUGf)E1T6zvcx|3b1m#>tQw)I1w3Caupu+@KdG%K*REJOM?55s z4{1WbFpsUR6}-=`oU<07{*P&@9=}>z-39RZL-;#$EXIg26%}?PreF%$7-&IIF9DQ) zxoTDpvyAyI$AM%P7=Per0oO{r3okER@38O3JOu6s>g$HqS+AdLQUhts}jrHZRSlvb?OK2GcLsaJaE`s~4-ii%d>UQ^!m_kHu=&WBl?)8y*V|G_TC(C_Qkiz*0>jrw&vr)Fm{Of)x$i|;|<^8pVgHP$M z>^b-v%HMi+PiJLChObW;P@oJFt!Ht+%xGl9{VQX`pBeCrowHezn71LmlIJPS3<_Nx zPY_G1tLN0M;ck4C^|yx&r~uE3=tgEL5B4H;>wCG7>W6JUSDZ9IH}+}fcI4lS0cb6( z*M~+BrH=|Q|Ac*~jFhWigR6}P>`Ex9)vHIz-0C#I78bnB<;Karl`|YfvI3P(DN~K( z;p@!Z-8T)9H2bWM*<^vgG&j&L#7xotV)$~~Fil_y`F2wq+J!RTUY9h1?XR>lZn|hP z=);Q7$~=;73_VM-|KsK$o)4dW*`Bjt6hnDvq~c1z#TL`v$sdg3fr2iMC5bwY*bC`R zj6|VuiJx_45@O#b>eFEs}xO`ava!bl^`OH7fgq>I)&rIJC}NHsVe1W_yLPPxsIxtYJ*OkMRd(QsH@ znH&@;0}aQ9$fb8N&`7-u)66l7j93SXbE7+fE!NfD-=#cliC<+A=GW~@{| z@iF^|PIYanyC(q`3QynQ1d#=fas_|HbndzL;I*5N3%2p? zBfox44h+OFFf=5#>qMpjEJ5#;vff%kyeabPvXIW$=V-HlZ=;z7+m~ zUs3rpXJ4(Ksm}WsV;K1TaORoo<`Dloq^@kjtSV%-P+vB}X%cWI$X2oDzpL1|Oe|;* zg>87$p7y8!&ndR%yN6=ps3?AbxoUlZ2+Tje*4{W@tCsxTjGoYq%tW3c2EKC9=r*dn ziDY2%PQcU(3981kD(C{!1JPN4g*BAfU{6y@GFjp1%LuhA5?g`PhSyA`phP=xf`JTY zOIBDXbr*@`;svn*zVwT6qSc>rUIM6?4+n$nkpG;WLTGRPaVbrCDG}L{OvK-a`S+mK z-;cuS~dp0M&D;d6?iSKmz2-dSB90IPr|npr!$xp+!{$yNKs zp6dEpO2nl7IHD`htkKZ7pR)J#dm+&oX2IjvorYs3ekqeBMOwBV#Z|v_lax1x0(WV# z@@9KPyy$mvDZ<_%U03;6lq>6J#lcVyk15ei>y7+6{P|&@LL?TV<5=-)K}~*XtmE~s zsaHba4q#hWIGZm#O+%@JV|(dXR&iZjT^D#8E(q+a%~*o;c6@#}r@Sd5Odl;bxG)H; zn}GOy`RUTYDpXSogemPyRAVW`-1#@cdLia7?*vDF^m{-wHMcU_H7fYY6kfUMpdB}A zHn7a1k3(XyUj(5LZ&(x>$r8#Qdos2eu+7$S9;=uC@?te#MO;2(Sdy0w4&vFs^FaB# z7A2(S{45;^zwpjqj2DLDL1(_e z6fC=UMPizhloHT@_*w^%#@8i-sE04B-bQs?-KUKvt@8$=ME50lQeiH4QKFjsBdZx4 znUEdrYEgpYv5M16@X(bB@^y#L;_ zLtQ<=vB1P->jb{!wK=s)X&Yxr_@$gNOCm2W&}t8vjx`3^{IX)eOyom3H&CeiVA%aa zE+b@Y>cV_@4H}&aAM8J>R0)=~$&FCoxwo!!j7(>!9L?@oc(+Cs;CV|`qguQwi3k{; z?iMK^>V?+&p`Q{QONhc@h|ZsM}Z>e#b*(2RNG`5I(v^V$Vy@ zC(#o6J5B%|OEo|7%jtDiLBYrwl;*q$NEs00t?*k!4Dii)O#y%yT zzNN44)RB`26!v=;Nv1ZHVeOv<7A@{^Fz@>1Z&zQ~Ip93?71M;{P3?XEl|sJNb6T>__F{Y zK0vS$93>#vBE*rh4qud3$BBm!nzIZN$M0KVqdm-E0csyJyiziY7MF=qK6Qwq7Y`Yd zjB4H3#5%yryL=%S2+U&gi1AgEQyHJyrecVu*;8R}{EOWMxCBQcaT=wlBSy4gml^AN z;(|5OP7=~=ABXY4-a*MGdZ*8K{C>Bjy8D$DJf+q`tQ-|^Lj|r{scf6i66feN`U5wf z>@{wK8n%akZ%!frmtl-7gf|t9#I1NHV03L|<&rLD z8B%O#f29<%2jo9Z10D3g%d{S0op88!bwqfuHat(B_c94DO}P;>unq)NyP$l?mfPr{ z`xz2M9}|WSI3Om|O%6FArdgu%E4pB4Ph>h)tGrQBKyo-|QL$|1O(ap$|5=uAT zFVPsA*tkPGm=|Lpph*Lco*EttvgQ+^@3&L0k3Hc=EYwP9h7xDUl`Z%JEe9g8c!P9; zYnfkQFbyAkx1Keu@0u>F_oCZFzdxUe!7c(vIjDsJ!v7cBrL}!|H|ivh zF+!Aq7us}|eu_v)dYXdEu#xVH`vf+7yA9cr+OUal9{F8ouR{r}?m~PWDEz?u$F(?* z3+t49TFqJyu|Stfee-UKIT% zPRdrDtFhZ$c1tZk2nFFXh>zq$6-4WAR_!ofqbhqU zEi-(m?J%k;J)8DpWAqE(3&g~-qI6AefLTiKE(j?o(KQvsy~Hf11}gWc)CDr`iWumB z#Cq)g#NLnJ$pf*vD(fNu}fd?(Shw6OCwnEcwJ;FUwZ(NDdR-(X-xQoeV_RLJuib#OyF0k3E`O0Qf>!I2 zERBosS4^17iVx*Br_ECktQPMN-bnA6b5K66{%Q!n7^3h)ZjR5e)+(oKBziA7Y~?8f znIx+@@-Dzq9C|!rDBnUA5$Dr>r*%Kr9U-y%Fx9b0YA7Ejk4Zc6*bF{WrJvo{&`_6H zo4ur)1mrG%Z%*X!_OP=FwnS+~Q6fr&b6>1}P<_=T|&ljcJP+imI3A-VGU zuR16a!Lqwp+bnc35)|UaQLZa5$d@4^la94@_tydxCz7-feMT{$OR^puA7Nz2nH$)b ze!;h&tAQht95W+L5%zf^h(JYCDPLaxq;`ZKh8Q79pV4yhGUIlEHEmY9Ooc^KA)(H2 zKot2M-eENRO4F7GK19|#BCvwnFBo9ZVWThw1gvcF{4A?o&F*Z%S|X@~3dHWXDC}tp z;OlGdsfVLQbsLwqOIS72-~XP`&yVQtow_yZQ28DNWZ2A}_>y-bXKhQhoUS{rak|iz zNgekvjJ3R$M9mO4X;(c617KUONrXnuL}to-Th$-ik&u*Rvz+AxhB#7NQdU+OoUH@h z3{g|d1#a_IxC9;^9v~hJ1wS*d!40Er67`5u{2V}-b2aF6swXeYD?+l|vWnOgk^^F0(^$OQxi_tN5 zDP3F=lA_rLS16#1!DoJdm&oDIqfj4o%?ISwlylGJI1}WdPCxUP8EMiVprfPX^SQ7> z9j>)Le)H!<{~F;v8-8wW ze~+_By&84cZs}14Iw=FTGl(wzdKJq`rREq9{OE)N@`8W8b=B&QoC{V9bs;Q~DG&eCZ*_>_g0fnld=I*uj%P_xtXMS{=wQsLHuH3~@EG~$n zDNEStnzo#x;*$t~jbjz~x25x(R8&+0NdWC3PpQDn+SS6M(8ksl=MjEtSwGiWx`c*v zgBA`Bj>&11HVuz!kVVsy49F`=crv~UcPh7C!*s7Wr!}9c6~^K__XXfE#(SWZK7M}_ zu{u;tOmY%WhL^SzQ+M9WYik!}B_Yc|TH15*&FPvlH~u;FcSrZ>pXJEz41`^~h82s- z1%O%p%EcQtqN1P>u9|UBZ#JfNHOSa$*wrdfuTu(T)oC_ibpWYfWN-f_OzE3#gi>4= z&jSqRuoNGXv0`1LPSc7m7$P^dUISWMR$<>A8MZmupj9+Y+>fq$w6|w9V1f~O^6k&u%|ElL(de28eY`hWF|L($(0>(k<(M{@U47z&vP#lKf>MV- zC#||({7FP>W?F_jf#fKHJ++BOW@p|+A+?U&)KtNP)xJ^6q*o(j1?m*yV1{aSmc^u_ ztug?Z5oV27gXM6>ajwgvs@t$E$MfoXtP|pGg8LEIJ#=&vhxq%DI^>BqO#z>=4L$r*XKs6>rSIO0ee0cXJvM_n6f69fPBk{OHt#IT63(Nk88qN zR~PG28Xod6Ojc1&?s;5q=6%tip-QW&~Yo58C{dvLris2b}#peHC3~l;o_0K-gc7&sbEkn@^@o$FZAy|8(kdE-Rbu zd39NkXapOhL$2}c8lN3)OKVN#c3hoAOGrwvS`9qEfR{A8{HlOPCAuHsMMOqyj;UK7 zP)Y(<{SqG11V#Fgu)8KrPiw5Ku9^`Uah$sRDWEF@AAwXEl8UutBks@nk z36UiPMA-@Zl7!^+k7IA9-h7Y#zr2f3h=8vS>M$*(zw>E8x|pH*OCj{9)6Y&=}InN^R3$8T%h`N zWf;hRq*COWh|iK!Q)yrevzU1|I(qIWp$r9_0MLV3ei2fEHG5^sZSHktKES&5G3k=; zg{d?3p$jgML5>A+u`f+TUyW9SK#w_6 zc4jQxhT(*pjXDT-0EtE+A(8h1fdsUhq8VnSNB8%qy+O=ir=M^zcitV*b*rx#f_J9r z@gz$eKH3hE|3ga*G8v3&Ie{Y`$!cp_NaJL!?bfSd8*ze*z zdrmLi#wIO%!meO_VaR4{lvF|a&gGuci6HTj!!_PlTg-@y!!%3MW)WzhDhU{}H^bw1 zro*7N67BhNrG5lO@wZ~j&TnU|MWKl3!M=2mk!1a}Jv_y}x_72Ilxw?-n9G!7gy zxqLJMMgvf`Nq|~k+=rP56#?arBH;RDgRA=N^`{h)t!;4Jw17#Vrs;^!3rOo%z^_+1 zc8swysekeofGxX!njUtpAb-L9v>enMP}Et#sLBx>TLrXoMx;T%?p(`GM8_q3#^06z zBE9;GB4z+OSF$+5+^6vXb4TpSUR~`h%S9mcu_$_V_X|f`+xR;Fp*bjGq^_*Kpgp!o zmHU`V$5@i^{Zrj?eqVn-5K8unjBAGjp7F0?Fy#WNl`_&ElFL$)vk(1BaBz48JRw$6 zG|Nqlk*>(TJzGNll)RPn;9ZajWKN)??pvc!n~;B{i^`92O0TDD`uFY~O?;6}86)>*SBi%9#BO_*$AD{)3LUw**l@P4464*euc*?9_M=^3$PCi*M6&qU!u zv#Sk#J-kuW0Fik-o{wnMOwK1R4GZ4L6XBAK@{H3HMQM3h4jFV5=V+1ubc7y8OYL)pJ`5cW{pfU)6BGZPZ3RvO>y_2G2YFoxGv7=F`az)E$l>asZoNwVXdbjNV-V$2K_X{L@ZotHO2a+JB#(@2s2SZ z=uFH198M2EU}l$PG>ZprUz{48UFF%_811d&O7{SxWv~LLK3)(qu?VDn7!^Lpgm6gL z8t){GY#yulYB-##QCw1DEsT(sfr8vue${+JS=n5=5V*s!z~k4~(RM!KRsDAXEDhs_ z_8nX<{}EBRp;c1q6rONdKj zAM5PewT;aDuy-JVT~%es-kf8EE%Ka4MhPHG%w_BSfEEpk0d#~(is^4d8Z?n#<9Y_V zGQWO&g1GX!a#64IFDI?$K>0&EIi(fE-0X|k8XI}j6tx%Xht_6#kNVg;rM)N4Re++b zrP$4I?cmC{y42Mvqfj*u@0cjE{HP8g?dlKP%%mFwk_@IaA5@?+Cx%|bLVzx|>3TvI z40!-q0UBnXNGHLRmGdxck~oC~-WCLM1@Zv+=4*8xn?!Ucw;lBJQ2F9DliAA5;XgY_e z)?4!ko$|xZ}tWAu@%(#PxCS%S%p*S_AsRpOeAiuW$?t^d?U%zxSO@EBktt`HAZZ( z%BuAnGVG?Fu|w?q`b|iKd-9{Sw8C$q_WF*}((%jV&AZ!LTU%!{ak;z~_nm#GC=jEx zln0pZn);dWZ5GUAp)}H?udi>N$${Jfo8ldfJ1P}Udtb**-rloMX`sdj>IHtAWfF<` z#^Q)G-<=Y5G2wVIb1Zx*xPp=zRnfFaNf8>3nZp-t$zu&&Q zRr??8cGc9a?z!D}rn~Pw=X}rSgeb~Opdb<;e)#YKMM_ds`NN0Lbss)_+=YjGKO#cX z?e*S#{G}`*{Gnou=-_<^##~5F=);HVD5Pg2*!O(|2T848A3hKV{pa&BYUjfA!-uzg zDN!L+cm3nPu)4Z~nT@_~Yb$PdK6f2%cPp)4XCuTieyuX!(B1xL+Z4vc#M~soglGKo zfvl;ul|AD2?yYnR z1^55u!0Ed1@c(@GpDyXH2zc86XYZbkI+-S@)Bm1dsMj5k`2V}qf0`3a#=8H#R*z+p z17zoahm&swBQgB{M}F_VNcn#snsMX*r9&@`6_uBZsi`F#Gez>nCn;%Z(LNoq{TQID zEc(+VPX4rh7m)8`>A?UxTCZ|vV5k%_GA%!jtNe^xQF)YoiJ-&R@*qrs(~t8Q09MpegNDD|9~g zG5|j1A+XQ77|X{+KS7CWNkj8@<|P} zeMxZ`er&o{f(fgoAEL9@%1qeNxV5M0^DrCSbLUnH8!0o^br|VfZvEOsq%Q7uY5%#k z;eMX)*eBIL*mxnRgQA|DJ-G1sYmA0i_2ds1$`#H7a`)j={*F2)n2DEx$-D|=guH9? ziKuxtGKQe`T%W^sr0kbiL?9t?+<#}=TAV9W-EqV{+n(rthKzVkj&xBT?qG-(zRx$@ zIjkimED&s3p;lDJR_Kx4L9#D5D!)R1&;Cy$xXiGDempIQLg}m~ zONP|#Zyd$&)R~kXyH-0Ts1vqlFe zTU-8NcueFB405*zg(~{Gf8_9TAx;3)Ab%NcJhEGIhEn(`1@W$DVZ>D&DZvW#FvDL0 zM7~ReL3e#8O>K~)Vab9vHyR@CAd`tZW7bnj4MfN8-g3X86$OmcAw&$u#Q~8ML;7&7 zOnw|Rm7&I$v0kID3{_nOMse?p!d)GNP^8f6E)GQL)?Da|EV*kt?dvGGA@DNy=t%Rq ziSJVstCj^wg68FN3W?>w`FqPkK1G8pF2OBkIN0}b2j7C&{DSmLE><;^9}~%^1x=2Y zKYU-{)QcTQ$yl1n5eId???=Gp2N}9VGhF9N`Ic00*jd=p_2z$<%ycHXR=mZMAp%{u z;9fzyNXVBezaTob_8bc3>}F<|Ad1DTJX&%=LDD2fz3y7`ae=JqSUyTovme%a@StVv zKyEwO8m2|OGM&@mBqrFwhk9ilE&V@9A3YpoN~3+ci^QyyNz5|f2i6)TjC*f>+JF)Q zY~@olJ*Yn>dUZn_nc?<&h7>E=0FK27&G;ftP)lFrL;<-0jy-xCP)wi)=T`MRyF!DB zNeQsT(2bKIH3&0CQV4w~j_(osTeWWLcxfr{Vq59^>sqLTtXHCc#@NFAadITLhRH=w zpyGA)_>X?`eJ8D0y6*WGGR2N81`R1{7P-LzzBKq}A00s80;NeDJ&F2?oM_VD4Mjn8 z|0zg*QO8jcYete5IG~UMYH5zW%lGr*8_HFV4ua-6S1H-pBD~DmT&2O*^TU;-oLqv> zqhjX|qe#+&7+v54WldmDcsP zQB~?~L1@P3ZztjT*49nY1TCk*|M-?sf#L@et;k31x_&1?J?93zTUGtsc)a@NCP$^n zWi3g;9|v;Ii4*w!Po^;9?=DR1!J7i}Ot6Bs@B@DwF6j8E8Bo~TnL=kuk$5y_A zR;AW7^da|8sp!vj?4KkkL?_Ro{4|Wf0oW*d8}|f;c#*5h-gQBZ!0fwG=VPbAF7-ki zqU#|EGaN;I?GUjq{ufbR#?=|^CQp^VseUm7x#vlv7@B8l|44}cYmlES>fUg*F&ESB zaxW@dx6pGXEu^T7bEgcefXLK29Vie}=3-NZm@FBqQprd=W)Gf>@F`RlXq}X}CvOBJ z6?bH0WL9CmdSKlcm5?KdB{2haz}GIU3pTbM$fNOjMlzJCb9oEno=|FR%GpxJ%2bSU zj7M}suwl}?*m$GX)2c*Kvw$XtlI9;{@4vrB$$OBdH)9tyoJ_&6fc^@1(SN*dV%(>E za-CUoDt!WZ0jHCsLbOn*w)AsrYZ-)ypDf-uP{Ae;U$Zhr6~)D zqARDyuKzc@$G0-7_n}~=iE@U9w){0uT`;h=_NvmZn1O+2;MyN@4^jYxyNPZow|VCc zQ9yjcnD5}Fp2pzuNkaU++K)@^0}c^&t0MeTY{hd|;bKcziFk!wb|DMOg7b-8l?j=|b@v#O23Bv2(!9E|sn{L2*Cn_O7CStf zDiC!G*h`T8*XE?utj^q!K^Ph5mweSOgz*w|ZF8%D>Opd&<)1%M!$=oE$d7N6lhQB+8t^Of z3+)qil~FcpKpu6rlG2!DGQysO+Y1xmj?sbooN`)b=DSteDk`oJGj6~i%%8*s&gP%j zt9*L(vE_38Yi-0w8xxm|R60tw@8l2sbKMv`X?F0y?Ctv<)>e*kc5?454JIL@+FgZw zl-8J~kH616hCb&AtnMN~wEC~5ZI(=WG-xsrUDi|IT$}y`2!0;e|Ox zJd^)%jA!xJ+0hY0+e$@Q`Dd0l(J@aU31S~w5@uBl@MuNy(|jqoAkLvWvGc>)Pnwu} zyXLqLVK3E1)<5xv!nzT`Q!gva16DC{bIh|`p|==RL?%0k`EoD`#AO$MnXp zlw)X+#SXdOJ_R2mstyg1<_mpI&=87;BbSalyp$HrQ(j2aj@<6X?Y~uaSFT;S5WVI@ zr^o_r?WKG`!Cc&v3rM_`EA)9eShhjRxnwY4e6}&K4(?8p%9{EWz)$CQ&{Qp!r3g1! zpVx1ebJYMp-xqp5ONT)0+S^$uImsmp&MUx$d@P2pV*ZI!8r7+Xh47Pvb}Z&|wxjJg zA0FXEp;}WIW$7**yZz5vmgvnU{N#JvOD1O2C+!zM{~ezlOPeFH5`T|4j`_ld$TK}O z=w`v4zC9}tPxWg_Y4^0^PWJ>i0*`sz2BAjql|n4b`cEQy%Qt@ghkyA)z7C=sv-5qq z8Y_F55C7t_&;ug~WtsY8Btr0Qu!2qtH<=%$$twcmv+FEvA1I8Jt*x!;{w) zCs#2M&c=`U?e}*J68YYvcw@d>$-cTPN9IDGF9y=x&DrGG(}j40>Pp`TN(Pe|XI>g6!Sb-s=_Xu9J}MY7KT zG7$Ew$UfNH5z_5DRB%c{m3q+ zR`PS-*&vY@cfJ-C?kheuf}rMw{HA;IuN3kFIlO%*%)m}n>;vYLsT(J!sKSt2SE#S-&XYxrgFgbrP4SA&CT(gSx#F+fn%dD%5<)gL^K_gUM zX+GnbmF12#BW*L>*5};~UJ0Xz8E#Q$s}4sP?S+?)8a_i>KL>vOd*D&iRahi|x`;@J zMh`V+bg>5&F>izbZ; zBi?clpSldSkVrD<1WP|4?KfpaD#P~C5^^wJKUuTvSFs`D<$`>YpxxcV>3kl_$ux&5 zMd%48=+>G6`;PRWRl=xmN+N0jE?-@Kh4;Lbq4r&u0^U@$R*zEsbLCT# zU0FiG44R)1iwA+LVnC%-&ldH?^TRJ9K@broB|{?>Fo&xYxyKF0Bqb$D+xmnGg-`Zk}e0KuO#H*w>WQkym@yxcOSxCSCX>IDZHg(BzVTd0e)oYUbi$h+Sr>r##>`0xPE$x*1rUzy}QRw^X!|Bd_8G3Z8@piR9>VI!XsMojc>J+*eX1bj`7ol;{{A zwGwHlO|J*~do-j6_|I5BCsX;{3r~Khz%>@^uN$fP-hwyl!{KQpchte~W)QoPYgs35F z0e9UPXbeBN=Lj5ko$_fuHUj!x=05~PAavX^qgpLdFmK2c+)fD$9Dvf@7}U95t?q;& z5<(n<8-aTV_}779#iCY>?hmrBukg6*ecmkDe!v|~>< zo#?q_FQtBe0wpxS0j)-4S)TF! z4RPa06VzLe?F}Cx_MtH8>Jw#b5Tpk5HG!#6x2F18oiCo2#PvRod6JvbX5`?={dubd zUA8u?FV*XS>sWrzBNnli7^27%7mmL$?{d4jeo!h}q?8_!cYbVQx=t5s+fw*Q8rjRl zYa-OxR$ISNFye_Bs+mMlk29Q|RwH#!fq_H)7+*`EuePbI&HV%bfyMS5w_w z{EPo=YK?rV9H5|Um zJ;_Rl|8hiZH2+*-M4P>QZ-ak|Jh0n{qGz3w=gC98IbJHva*V15*a5Q60K%;0#n)SN zr6kR>RKx~HDL(qh0^do+MvFBy-0BL#52}KAmm1q$z zHd+y&5WYeWW;i;c+6#fkhx@+@f68Ts%>-84eRyNz;!Lv|B6uKb?ZXwd1b3vpn`?MM zhR0jWk5y_RbcQB)uq(fc0m^C)Zf3@`)OBTiEi!)YJSm%L0@+V=lmbX_@%H_Sp5I9l zWNOs3=z=?ti1#`Yl~z4tBLb6SzcDa=(UVk`;2W~!GppAQ*NHN|ASKLo;0%}yI~@(W zGr2%hEqEBzK8LlkR_v1nUnmK^RJVOKKtaSyQyaZU@KlM4I+UecKujPJ8j+SeapggcJ@e z4Z^Pc_3+oSzcF?;l3QM^N;ggtf0H(fc5%qd&s+61d9%R@63d8wC&Uu+m>FQecx$4< z-a0jxF~EeM?w+H-c&p|?E`;4Msm(SY{r_ynPr5C7XD@7`ubSiJ^CL# zd2DZQ$pYeo9wDgIXIE^J$ZSoO#$9hT+#Rc45I$C%{me@wqyO_?61P!9k3~3nSqtTI;DAM+lQa-{#t^ z*rs&2WQ)Mh5_pn}X8c-eWN{5v#kq<>@N5t5N8bhP5Tu&K0negY!u_;hUme1LBoAkP z?5K)Ug!_RRjHZ-DO&KlgcQKO{RDd|Ua%}~XIUQV@*sr3-H7}a%?cYZ_Mv(<^TRl{cOyGyp-EaV7Om$G z2aa9c(5~?`;fY}m9Q&Q5IS7H5zNf(BDPkY61Fqia;_HH_MM@Emvi{4RsnPvWrUeA{ z(0ozTZI&1?e2LX3-Kz#K$JiC-)?DQ>+Fda)SOu6kw#@pB+da7{EW1b?XcR@TU5=^* zLJ&Vi{L}xr7>fIII}RF{O?`w3ToEJdE~^zN24HP)Vb0X?db8)`URHH8qGmLJyZ2Se z^#{YQsXO)c-90@K4~Q`^$lm{#WB><@w43DY{#jd|4gJz9Ny(SZb*0`@B?Q)3Ni)|# zlPBJie{o>0slU0isupMez==0h6(zVWzOPv;j_{U7+J+6!v9&5hukv^6YRw@YV5vHN zrRV58Pwek+wvOr~k4hw|J7b9jG2c2lVTmQ96FY{)KM)E6ImP2fwY~53kzaj$`N-!# zdyUhpBZSR$FvlNzBmRN z7uK$mIx^(aHIU(8k$Mrf#(M7!{4?iHqsCX`4Ua8}Jtx%R-w*wY;XaJE_2sz?!mZDu z_^(DjV8wD!U40XiG^t`5ng^$ z_S-4C?6t+}WIxHd{b$Sz!P4CIZc&x@7;3WELMw?4j`u7>!g+No^qD>@0=n+&FlV8kXuwE!QFFuAJcxz;UW2(*nM2WK~>b%@1V7*-P4+zEp=n|`o zb!N&%(Zk#Fy;|CSUrv)h6|EsS$@+69i7Y?Vl7nlCV|+EEnM@Sg-Fbz;wcR(X^m2Wx zMO9m7db{4`9~>SY@AK&R9cMANP1&enEi!3RTTef*KAndzxIap@`d0lL`6ujliPK_5 z2%-lmW>E{iak&eLP5Qy9Cd?30^e0I9k<)Svcz`icZk7_4itb&3kK#la3LSR1Fd~0k z=ruf^aSv~l>nuX5hOQC?3ZPD^_dH+o6)AbrU)!t>riHAEV)C;u;4e=4u?jtd+M*Zp z`l?xEo6ZCyyP~iK@NQ#8FxUYQ`za$KWori(91jN3xgbNxiK@=Xl3lgNQaoUW;jvu>mUaXq!wTac{8uv5Sxg@KZ05g+K9ITH*- zZlT^PMlL_{!TQo;!gBAS17pT5rDKzkM%@fsVP5yf4ia8_e0Vx;Lcjb7jMCrk_$JAatyU2Bao}1tT*K#I0Re8NqqgE_|b81exf@29i%8P`)(36}#pL?I^dF-OW6EGUXlWXe$a?Gy9bmN?CX{ zZQxw&9SgLcDkxvXMTRSIZ5*@T&-OjN@^nOG<0*_oADc;A!;N6U94bLT$-zIv62_7p`;WN$C-Oh3V0Y#ga6A%>Cu-A;zEAJn>^BK z#33*4?$e362YC^#4hGhQ$_!P#$Jc@Uc6?+S*21Ojbf{en$bA*%6#-EipVF4E zqE$78SjRT&unAEEdKLvFq9^@E`1Vhbd+3vPnLMPOq?w(~;lG6yN%t!mq`aWbeM1@$FQ1>CUt~Ps=o&jVc0{ECsFtcf z6^snLtZ)a@TC_0^GV~|wL6UcY#9x5f@zlWfUXh;_6eXc)RiMJJhkoTW)z?Z%WQaydTcPo7}{H<`cyhWqf zhGn34qb}xR8T~aSM6Vy5c-ph4u=$=7+(e%Te3~EG9;@7fLfQiw2$=NyH(Om|l8=&Q zjO@7@tNs?8du?xseG16RR3T%9@Dr-c1w3vU3XitPy_s4AaATFuVtGmF#^;vh0mTuW zADivENii26O}*^?Mf?wfu}8O+hPkLd2T8!vcC_Sf&<*co8i++_;FO`sZIc9#njf_O zD*k7BldcZFb+s1uiWR6#gszbv3lM)CKGL$)ugPbhPxIz5sr2{%Y`50V5dQU9bzXCG z7l&4$F^;%pk6kL9ORT4fEC3glkOE^vuMNjlb5e(0nZY zVS7jCFgg-~QcNl`{CG$yZrb(Jnx^bz5@V`}GF~Yx$IoeAAQX>En1_V%uiY*AH;PIk zSUD=e5_-A;sV5red6A28)-O9V;B#60lZb8x4n}2?5=lBD5xTUUrh^)Omnx~y3f-uF zU!@l8S&3>G%VKW)DhlisdubgDv3yERPp)(TAIgE#LrO%Kw+zl|WT^;*iBM#ClZ=~+ z5O+z$$dM97No;iMkDRQj1kPKB3IT~HQ`nawtQ0^5_vLT`GYzSLH)as26jkO=P&zb} zHtO;5@!h#1C1rZLo+=^~S^8E7^P=F%m;X?}9NvnFLX7#9X#t5qNE8R5{25;xlXZ6U zbx$s)346-94Fa~qT9g#kL}I|w*5HPi>Zzw}Ti75DME+I|RpWjSD&9E0S{+e12vPm0 zmkX!hjG45sg{SIZ%sZnzcU0*0RpuHKV@LR+Hy~38pg9Tl6A7(zsbPn#IPwvh0rE^E z6z1Rvz_XW#2|*Dc0~wF1PmG`g<^pf-YkiK;1rOS_Aej73`z3Nmrec?gI7D0FT*iR} z9An-3sKC{fX?1EQ<2#EqusZrU_A_4JQ&)7qo}CQRaMgh~%&SkU4Kl+CAxX0I99D?+ zU_>i5XF!N)1~k*i#L6_w7x~z9o+r)0!a$XeNyOF;Bk&Z-e`mDpu|7bMrmid?5!|pq zKk#2wz+0@&3u21%kI*d_tQCpV096j4p<=~pkr8pESJu`tGs(zVHSe_1!53ea_BRiO zKU;VNhfp>>e<$&5&2ivSUEHRGzv4fjABvF!-_HJ}c|M~E`Da01N6jR$ZV)*nP>5*# zjgYXOlITi*cU`UozRS7d_ckk6&~6Xs!`62V0OrQ(UoYV!8x%EnL1GS$GIW2}wxIgY zGws-&+C;1FfKA_`OIOzPZYjqDG2thJQeh((Mg-1oX)ufJM=8ptNAizWX%tmz4IpIe zuVrc2B~Jk`%ScQ@-%bc6pY%Ob;Swbf8_t;4HIvX~fFh<8WhO5*q~}r5xiu9z2%7V_P^TyC zR5gp<8B==Q#oOr%msQNXJ}|(MBnek=*WGyoTQDp5e{|{_|c7`u=bW5t}9-S2Goa zqR)S32e6Dti#@Auda+KB8g_C!x!_#LH;h45U>rP5=kVxAZ^l2=JG^g9MzX31a^Fsf zB=PEoCICknZe-PAWX{&t4bugD2tqr(QiKq>sz?%>wdwNJ-9s7!|f+QlyG}O-d2yR zh_&tQ!(I1qM);&Wj1f!a_e+t=vo>T!GH~H0eh1HpY>-B0a<}0aOn02%f60kV(Az+E_fdqAy|7DZQB}gcKF9E@i{r%_ayUUd$MH$1zx8#|Dk>r|R#O zNgQ(cYVY*PW!(ZGPcz>|XQSwneyFPYsZmoHI`AOeQ5-z}bX>ozBBD7KexO3?;6(EM5RjD-*n9cc0CAe5df`4TZ08H)^3Px7sYN0`*wen_nzXJ& ztX8odXx2N2)uM((P8|K|24#b5wVS6dEE2rVq|y9e_;Bwi|E2ML!oQs6YI-*ck~oGY zzC}-y3-F-K0!+YZCB-U5VwibJ!rINZCXQ6;J(qfoqZ*wb5aD=VeM-P@ z5s^%5pGE|H&jGk=S<=F;SdhOC{BUbo^5TidzoblIPyb5#4Yo^aW`^U;DjvJ>po%c| zZh49#`H1Oc7ZpirCW2jRpV_NIWgWh$WphZcjnILu>?yx`?AKEhZDrP^x-zsGQ0MgA zN|yOX`xWDvK(i|HdHb~XC?=8>Fg4~{lk44^Vxg}+hmyyjl1H0_T140YYaU+;<#lBijCmSS?MNv&U9g*zY*bKtd`~a-XLy`=Du( zAeKAI`I?Uap~qjTyNQoOeDqQhKri2G)N0P-#!Hc|vb3Ag%nQXr6&z17`_#7Xo zW$BSDyf?*%?yqmY$#QJWH_KIEcmbh7{+pq*_A9$a6`bp~ncWy9+8;RiXVQ2i0fxwB zu*)VkdMwI`K*Qad?jrSP-FP)k=$DqL!_5r`0FR2c-7U@U=TJs^pJM~cA3>X4$ISVh zeg51#UrH&I@SP}d^cP5z3KuS(pPvORyP3q|ae`UiEbzlk^-7NnS7dwqCyiP-2{bSX zx@q92kKB`wLqAhCfAE@cIRg(d%%L)cfi6K9eh$GEk0r%t0x``hI3OCHR=5_Eho zGTsMSE5;x3NuQ~TWDKC7WW-||7wbvxHj?u&LQfD`kry`s4(f+5Z#&zJoS3#+TvrcU zO|vH_5N@2Y8dWoW@{}-PPMl=W1S!|5$3)X4ZTwrHdG26PVy==xH-m6;V|+f!RjT5{ z4a<+@mb7A(A~{Nk#ZL1dETkPLiq&8H(b6t}9VC-wN-pE-L(ktqRd=H@;7mkC($A!rpx1aOyE2^n7t zc#qDkuccez5S-Je#umD{X5vnp&!sSC!mjKi&|i~39pBJfOm{EGA1(sjzie-GzoSLd z$^kLJQDRrIo|H{m&ioG&88uaL;5`@bEe`J(ZDFEZ?Nz(Qx%|O) zOeqxQSVYIJh{-><-13fFNk9#Xmy9B8wXK6C-8L(MeZ}mW;Cj0q$`=o7c zQ82L(jh+h7%OI8Py|AWLZsQo24;jqTGOAsI%%rF>J2woGpHv^vJhOt{Gx8*y(qGI> zRS#V9+^Zr~o-gxTG+`t<0^OT-HGYH5R;o=UOJWk0g9)({iR<1#bGlsO3Bv7i$9Fl> zx)FHJ8A&Fo2Ig`p_>qvlZe}n~@;pGLz5a%_%;1;0rvc6;<_eRkoSj`r5pra_L4(S2 z%}p9{t_-*$>zIqy+4mo5;a3}7cSXiq=u20Bi~x$cCC!%|G!DxJlQW{@p96(Y;U~H0 zIDe8Shm*R61{RNmFGyGNc-gwNJJy1Bw#+oOeD0>3ee&k$o6?1F#dMitYFRb4TN zs@M9}<7yR)H607@<=t}&Kb*SgYWWaJ7a=PsFyK~DLnfH95yX<<@A#cIQpwhAHT_sy zNKg3pd1(0NXr3S5$?1Re{W$in$P0F?B{Dszwf$jLP(T}%#oX{W3tc7bR6*h${1STW^m>|)Y!qb0$P z4N2Zt>vV*q|I79ZAmeGvr(u|Va*+a`wrg^k`D6z)6yRpsG$+fkIP5X}FUY@#)ESUC zWj2prU$#gz|=3xPZ-Pxa)pNC`AA@NZeTW+@Re}2w?G{}zsuLvOM|FQHzLY!eJ z6iG=@5j;e&Ad$}GpGS~0iHVJe11V~P*-22VVdAnagv+VH#8x809o|$Ve=7J(9y2XW z4-_&Y+d*onn7ou;;7q?&U;u_rZfsp+3RLQMj}GH`;GFOefb0N8+0O>#R+SI>e$t4( z#YMumccfSlA`?@#1QSZcA?6V9(CMTxw(?gEs@-t`)SxSm_gCjnUIStZMkbe+1GVch z&+jL@E}F^&pTUQ4RSI58xYbIM&Dc>4qUA=kCp6-LQF9Rb;O)A1u=aLAfA`)EmM)hM z@|WAwzAk?WhnWi$>BWbzWGhFE<v`uXw(H4i*peNj$o8859hCMa(6#7bwXz0AqaS}P z)R1@ZI6=lUH*W)-_(k8BMS*_Iswa|>cM@0r9PpGIaB^`GaT40%{D;#w$W`xz9uK$+R>MO&d=!q5ONRc4Sg%6GM=WLy~dKA?6yPk!`CG!P%<)L$qqFBjL&BTaCdY`aUn zTug%k`pB7z#iZ2v+Vpw57am;R0qYGp?N``urIM*`*48D_m^e_tTJ6>>@e?~AUmH3$ zK}g*QU%c9LC?}Pyh5wmRRUjfO!TIC_)0cNBb^#J|MP6BLbR|z8HRHy0{Xha>paQa`DmT# ztEoiCB;WbxV&!7R*Z0en8Xj3iOh?)Q$rwWaF+}|StmBn9?rud)j=|S}F^^aN`TR^T^PDJFhXJG&S zs`Uq|@#Kh`w7ZSXnL-*#?!T z`^^qa#-XN94Jy5q2VCuCf~wPXhK7dViL~R6clDblc;HowA0m1OJM4CNNU+cCh=qyc zJdmIohVi<|)nfTVJX8{KMYA-2R{uR;XX;FoyQHE3k$9!r{h3h#eQ@Z~d;T=}$3we+ zSy_HtMFsGfdS!ZFfL(lzEVt_C4M%$O1vUmP_dTGT5;6*U`yf&`!;(Ct83yVRkg~9* z8{Y7>MH_j0#Zo;;omP#{&Y^ECrV-K6Al37{9oSAms&W}8TXx?LKL;bLg8Hk1WE%b;p9L3W2AX7zIab1 z=Q%)Lh75(RYqRN8i@FOc3z7KsZ1)c=y7C5oat$O6-aazdtC8R9>Y#lt+1}qj{1HVg zBS9EQW!ALG#8g*SYC@8kwE+G&yUW~o9LaqY^^H~GmU2%+Mat6C_R77;Svj!1U0{SJ z@;!q8Qz&oe;N}s4r=T0Hw-*qr9lw*m9ub6fx|q?^Ff)K2|7zO0rWVZV=)FSYtg4)_ z!%b{q9W&3`oM4+u08~^u436x0_CqD+`5`g~{}QOsTQTK^o*DbpM>?wpAa!eu@V5$* zhjK!Ls>RUg=be$q)Acqk9&t|Fu79{{Jyo!NhcBnn%f%44ZMm>TvbDvTe6cesYNncI zuZNVD!|DN#!dtHgOwV@tl@GxUt+!~3WETnJS=!pE(0uRV%gX4W;^_lEa zPShxWLh$Y3DecXJ{(S}su?QDxLW=6GRqQ;F&c#o;5LI!Gy$=kVcFxMRv(@Uy20>|m z(*oa~+`Lph=2O&3K0l%nM^>AN8%-C*;4|1zFgN)!X(kg0>*#&$c)tGp{d$zebCGqP z_mQIYo{l(cNWYV+t*3eAsOkX<+xs)j)SwPaGifW&Fnz5SH4QaWOjZ3sgPNH=ffD}0 zrK=CC)$powFD!vU)e0?t$b$L~0GW9heRnu&;K{}m9Czo1(tWYR7n$5o zQ%hLEPpuo1gZx~M1H=g({!PEQd;v{RkSQ~S|8EuVG<%()WP&!9iO6FTPzNqh(`7=X zVJ;{-JLenj(ty?vF%d%XKsaV{1ZL=*e@HWIMY}D1-6tGa_p3|PW1>uQmM8`Bs|Q1d zbuvv(alE0!NoS&#d;A(5_l6nukc-n-{p7=vA97+Tz;%`N%xlv%02_qA8T36~^*c@F zLCq3@beIj;Z` z9;uRBk5GrwbX)TZFs1BIjrvAdl3DdqnF5}BJS5MA4dwRos-}N*gqL75V^_cTet?MDQNX$~61~;O*TY;Fz=yqbj zKo-!U4>5H_2b&fw-fQWRhK;*>cm0x4Oe76Zi}PGB%t~N(IkQz|KlFTG2?RLT!lAf$ zcog5iV}n4T^SisswfVKx)z$OMOU&2urTH}h0fC#R>ha~}<@M83Mxw&D=ev~n9C?eG zX?7zEi%`&umx|ceO?bX#Igu z9n`5EP){R&*_Q*#$gar$;zOY_(sV9qg4K1&h5~SDXBcyudflf{Q znc2sIAF@*ZnAcQg(h++p#uM0{#uf5BD4# zuMq|R)VoiC>c=544BzQJq51z(hAp8JLk}5JRM!TF=V`hNv_=Nxdd5vl>-?^-N2%UF zS5ftrUGz4C)E`1I;CgVonEtlRm|*9LZ-tx)$r2bM$l*|0;JfrRl-dElu35Ej(gdD1 zrlZrRLQ#eec{FXVp3!LPoKKGp>DlvH2YzRgCHb^hLB)+{>hx7JtxZm2z7*}gGr!(S z?FbN@u)Zd@Gm--Nj8LUqaii<~iJPS+$1P_2RX%#nsvq}mug?$N4GtT^Bboe!CIgXu z!59>VwktRV1qIA(Y*?VX!x_4T311xoaAJMpSHnlY2mFOvy1IHv2Zk@}e#1e9XeGem zo*M?N?D7Ic5fzz{l_nA_O*}rvx(*~tDS_lAm9K}3fVzG_oyN228chzOeMNa7FrT>e zXPR4P5a(9|*H2U)?>QBQr|`^hs5-HB_RUHgKjmNkuNcfReUA)vF~yDi^>#8<^-3iU3*#CbygrXcJ2f z_h0rl8LOkA6j>^ZIj$4U>+%2jlX?iX6tb``c1j^2`LLJ76p+ID_r*`32}U}<2>vVW z1w6vFKVh2f6?RrtY*uaV(2XiH-eCDvLS8%3P~=*b#{4AKj~p--GC-vm`!;?18)9}pIbox0`@mwl$j-rGoqt}8 zcB{d|>dyK+20|R06x-u_LVICYV})DeA`Pq=cfG^yaMb+QOs;lDs37 zDTe}IcB`GsOH?bq8ZD~pY-9gi-ydOAG>tP>S|zPN{4})qvre@iTg-TGepOXodXFTz zWdr_FP~GB7_;2$>V@P?48N(~A9CAv|34JLyDS^Qc5bWeL6Z zmfxl(UD~8%C@dxsKcG>7#G!z7uy2M~h%Dyc2!oC5+O%pII`O*L_=3jyWyJ6O&o{S= zhpeII69=`FF9kaaakT?asaM zBBw{5)y-U~AixoE;h$CKyy^{2UXSE_R2Z<79mdNQ%y&YV-g*X#DQ7`-ZT$nrcY6BD zT)M=>7mH{7m%Wqc)d>EZwDkJj>|99Wd73~4QPQ>t06NYNIW13oCZQe594U5Sd^lfl zX;k!@lj(|tN>u9c4P5Ro#P7Z(=Lj1X7rL@jhdiss8|pBaa*hbn`(kvy(3#o87M zzwbP^=E6E5e)x9yGVWaI8$*D)YI;y!GV{IC$`AOgFv3;1fNw1PX`70k`iX*D{@%r) zE5z|rgI)leh{e}r<*$y2cA2WH6KClM9wf2JbM&b5VU69(vH;P5P6<1Mti~?qNL}Ea zDesWsMFz=>da(W87Y!B{Q4I^L1H7-$lZ&>}v z&+P@AoPCj$Rn|Nm>Zq+oQFMX1^m7qh?VBBXGywX~hxLSG$y}7;#MjbmrmkRA!`)?z}?FxFUs*=#MF|^Hv zwyHb_H`Yyr>W@DQErUHqPDN--)-0(&O88scJa-T)=TF6;o|e#2Q-P|AG6|bLdiNiR z#oLaa}HGYa0 zXT`(i@m1{FxB`=g_l2o}I#iUEh3?oUR=qHB_CoAGbpw8p$xtvUs+5{?#J~5%qmL*Rf~gG9e7cdfLM8)l@am*}6L> z%vy$nr>@~mcnaj7FBN5ZIJ3YCKm70`rKLLb^rhpN*-HvNs?f6YD=T$`Iz8;pc%(uU z@eo}NI^t)lsA_6S$33%s4Gnalp{fiOrB1@+G`drFAn`M2%TEG zu0dz4JNsJpZDS-AMF@N2h?Be4VhY8hp_aNZTd_Jxe*aNZuwnNJy!4N1BQ{Yr|YvKZlhj;NS;>n+_6COwDYMWO^{8R2j^y&H4J4T7mKo>Cpg zovkr(-fCQZ;)z^YB~>BSWr%wF3dgsvz{Fv!`>Gn{BNgaV9vnA&C9Xa7K~`=$POTgW zWz`Q0ZFznwyq;XemX-4`ymx14tFio{3_Vi|jGeI+I7{SDA@;#`WvG|2MtWxaa%fB4hd?E>v{Cn{vN8D zBXHX%qs5ASX-*Q{A796g)eA7He>doADoewtsR^?l12K2met1RaH~&3*7KFIt^xid? zJggV=w3N}QlM=M`j4^o36zo2J1^!X#bkE85{|K1)#Cu#uU)}FW)P}*{BdyW-*|I*K z7uQ4Y`yZe=VlliZj*3!(arM|XOro$DXsOUO&@;){0u$!0#-)dz$Zu&ecoMXPU{{L6)J~j9)8pymNGeaeRu_X)-A_43ZJ>YhVcARQBj4dbx+J*z74lt2BKKO)Y-p@ z&{A3^yz{_?Lt8L?d@jE?s+L^0Li%L~+0lEiOsK(dqs1%in*L#sOVF zivu0Hm)SM3t)sdg7RryQWpR+729HPAv1|QO=`%!MTZm^i!@7}WPt2e=xc=e|3gjvu zRiYx?+&&uL)t##@zO|^lm&La-)nTUWagdIwrTS5d|7{F2{vOKe199P5Y>N|BNvg^a ze0w?c)qbQhb1GcZDx2l;s?r?zzrKt8o0eciUu)=Us0r7nsjH9f14m=+_REMX`uK8( z!)XtE6GEGml!W;U7GT<@y_k3MI_4g`TEERabQu$N+F<CeOv3Su=#L%)d4ALaR>#y3FP-igIJIdYAz{0JLF1(y;YL zfNbxkNFdIS!_G<8P^OBViPcct@J>Oz+i7&B2a#@zLYs@5o2Ej$qcXI$wa|C$OoS;A zS|$mhF1N63Y(MC#brfd1Ri@)ISu-&*q=H))8p^-mM=dLycrEK1U0aRRxA!od$%L*B z3{1?h|KS_BU04I-j^E=aItG(r9laUwNw14nzblN=)oW3b`x`kcc*Z5Ku4+sYLif#o139CZ6=1g zQ0w?3jC&13P>JkE^+=GL5D1%%v(U{*3!Q%ckt#ndocb^}l7>N3jVe+U1{DfJzj2Fj z%PqP-43(k+*sdM~9TGNE6JtTd37dkcdsw4kLeogH@QilfMCB8fHS zdGNe@9Ao;JLFJbp&{0_pMkc1Ppfq6D%JNKyjw)2io`P$yBkJR@qC6XCw@!w-rmk@P z@^NTPaZwkCCfx?Z#wlL*D+(5gir2jp7~9tz%5*-qY?TqkAv>R$F*{!e+4&~ns#93w zd_zK;6Y&z`*@RbgJ-RyDu z07ZQ|B-LdIalq|{cGBgkP3i8@Im zn?2oRItj{KoLx;q^3&hxKBGz@RlNGo+ljOm-xB>gm{j{a?1Y7mGPJ0|XFX^Zd|3Bg zlD>?9+ZfqJ6B=4nR+x6dwyS>4Ds9dA4O(c$1+ZT~23k}>WXCtQoQCINAJJ|1cNbbF zRpoFxF_+><1twkl;o7_6Ccl*+C;lz=EEz|YW~u}mT43bF=~%L43Fgn7ihGISki*rQ#=aL3h81 z0fs+AOK%MBy;0C&Na4#*4#$OU^I>hEM)$B9ta=Z`v{`epWbtAO;}i_-V@0CU6-OUO zG+s8RMuafeo0vVk8`L^=fKk`Jm^y1dmM&g|852jLs|ks_k}3vF-3YhH<}Gy}LJ(T7 zD;Q)%;ny7n2e0%-$6!M1ZMz93zjTED*d=)C>yP8hMp2n=j^SgcV$q_-m^*y}`gSp* zGV&+rSoFrB+rAJt35cXdjA%D|%o^5JD0j@d4Z!r-^RRS@^!I~$nnPR75_|8y7p}j$ zq7-g7_G9kc1z0k78hTlqLQhW*J%@~@bX|reixvs#d-}=S`uLL2{TcRTE4t{Bz^ZGb zYrmnGHiP1r&M|-16b$HU0%a;=^t+D6=@-)T$n&LzR>EFPc;ChR5nZ58abRlQA5&*b z({k>N$r#+z5}NvkSbRHNICf=u4xXLfi-mLN(>4XYjP;>M&{`!nMd(GZ#w#PH51~y$G}lSd@p73O~*KS-v`y~H|&Lfz#WV<{{?h-mrOPU{x#IJl7PAf0>Ahuaam>#)KDf=(l(i zW>25``wJ}xEj#9;5gSB9?S#6EXFl53^>3L4lc@FHv!fB(?)y#mxL6u*spji%? zg%_c@!tbTjqA1xPD+U{(BZ<1MzCL#!P`W9Yc)*u47?PSCX;qcAL*J_^?62GAj~QK$IrJZKJ8a;0IY zsS+dP^&MQicoAm~Z^2LtO-egG7#JF1;KJ>&x3j|)TU%VUyN;0b5>)5M;qDDvT)J=p z+ZK%y;#Wv7lOfoC>;kS|y8>I<|N2Wm6t~ct{Hc7h&{7H9Gy3*EAi-EK8O17YE zO*M(2$77s7e-RgsZAC9DW9YE)m3pQaJ97hUuiN3O?PdD+4gwRTGuN{7y?=HV1I*OW zNp`+5b5_y$?1b~#UO0~B(}p&jZ@?_PjFwyBnF(#=D@;^ZhZd7($~P9>dQydOCM-yx z$IV%TBgaqR#NoYIGGipn47G&{3zJ*Rp$p-k+oYx-sX(@Q z*yG0aYdCvkE5=iL=&)I+HMB8ig$>fm8;&6e?VYW{deba_nVC++?tN=urA3ls-5Vo@ z55us*12A*b38c5y;`}QR7pLOb{Jv15N|(OA0miSrflA>zB@h?IV%N0ZLMx)4u0Dp% z--nbBiuIQl+TwJ7tQ^`En!*@vZCH$1fq?85`dljFD-c@NMLo{t1dOy*p>5tBJMPPm zQI?=ACmJ@(N1{^)C3G7y8)xsmM0C1T+Qmh=2y}gj-HS#;SG6MydrzhNrcQ|2i_}PL z9!{d8rjJQ$&LY2s8gr#657#!0BB@lzpauJoB+Hvj2;#m`c8s^v{*PfoW-mm=1?K29k%!=Qd;WH*#c6by^0|w9Vq-`aNApf z&|cXBb7d76P(E8YcLMs8P@THvgyei_mz%QOBnpQOruH?5mWr}a7J4RBG)|-JP^=r- znXW?#_&3+_Qt$SaiAg(`}(;Pdzj=8fnEbv0#Jj#`26!kR|E|FS|`i;}GO z*gC}uN*&cOWac_N@pz9s5qp(L@l%kAAh%~YeS9A-xF~(f;>C;Lon72c@Ekdi*lF&*}oEC_+V=SanLX~`z zt^=_CxIID=vmmbTqec7Wq~fiY2i`}^mT_q!v_?h-=+&neEV~ZEj`I%?8WoGUs0jEw z`yi!+9^O?Ya5=jM+Nzxd0W>t~jG60>!9OOG9*ojMQize05{{e4R-?O_me8$7n;wp% zmYqOd9aCrtczzs4N*x55H8$;!<4*$VaoCvB?0EQkI3iK5g|?=mNa*@#OkvR0)rBER z(L@Tvo2WF%CP*c!k((R_`(ta-%UD-f>sN;)bl8#;$ZRrvu_7Y?3wkR{XE`=D#Z0>( z**A&_v|lSXDbzv)%6s}3;M0Ycep{M`6BGIf(r-Zd)vU*Sc-J){OKMS&=!s>6Owfrf z2}IXEdF=@jcv*LJ8JQ8TSUbKebTvu(wG1(B&x2;;^s4jxFlIpAq)?XFaLTQDJ%r9z znBL(J%W>caUZu04+TX^orTvm)KGeo}Yn2Y93PO8(tI*OYv~(MEL!aKA(R1WnTzue)=(q$#hX=#U{~cs?*v|{= z(jE2`qm0#{$?h%F?l|_6;!GAm){5wPez73rdipvr>NXa4-!<<#-I&iLv;#-Nx1i~7 zr~;jxh$l8H(b<5#l+va0#sJfITt(5x)C#`_p%udL5Ce5Ips8<#4K`lF^OI3iSqjf< z8(~JW+PUvU-11ITSm`ZJ@W!%X=1^1D!~A{s>z7ult|-CN6Z4@%<-GaOx$s~jCVV4L zEs9foF~65K)bv^F`K&j>d1n2&Cn#=Fge0h_q{_bR z|HXL;IJImjR7s*o%-)5NtSW_Z7WUi*157laW!x9%U&krD{+4Ky&|ckw&dRFLG1P@+ zzwx*i(70Q&lq&ez?Lb#uRcPs3WA~ka1}UqpM4GQH%r#YE*rf+9`{gKZX_Hi-w3MVp z_NNp!>uwm9OzI(sgtqx`Ty{=sh#z?<4hpG0(G*c`2v(R&Cxu#VD-&7;u(7Ziaqkci%F;;j zKB13}ptqhf<(C0C>lo8aL`4NrSUW>1wDXQWR6Hq^oX~3h3ZZ2!@s6h#L$!kvdX8TR z|2)M*HEPOBAgcI?7jYa;JK`G@+6u^iYisubd51<*Bz?5%E1<S!XgtQAk+s0%jQdNz|w_Mj|D_rcu$`ocqitv5Pw+D3%r z%f4=kI31VP4Tm0ULDkiUq4i+g43KuQWEFQGyA9~5L=S(uZqv>);F8>y^kie3-eU1U zeJHao-Xz2QCU2uKD0mn#Dzb5T?O153v-HxT2mCRpJ#9`S>8ZvC4st4!RGXhj)#}_tj8E*d3$$n~~6xq><3BKK80{S7Cyk&;8PB z7^_jGlFrv{*gUwWD}H!KJv)N#`YO=W)*+FZgTNx$`I@!RlBnt#VeINN$Wc(S$qu}Q zVU{{{9Bt_7m|)Rf2h=xgQe`D8zyZTLYe0i_$<{Z)qzxC5r?7%li{M9x&{I!cxX1Jr z2(7p%3CHL4hN?29lYt?|tv#n$s%pw`bNeLdsIdE452H8SK$UF22BDR%y~D^uG8_S3jySt#CHk1DLz~i2S4#_){ioqkaNfto*Hyh#vD+e1uS;q_;F1WTF-*gPmi)&%5tOUymEATE)b`7j|kl!5) zr+CuP>xKglgPR>gQY}Wu9RWNo_ z5rSyCUPd4NPSEc@8h793$Q`#awPh(dI%@#b=@~n2&uwX!&^FRmp*2@x9Is zyXsdi+f$kL77K^!L0!`rTQ0jaITm|?P}f4MgE>d;D_)28GYKu5#O>bxspzPzib2zs zBdnw?a}RJh-xl=D`Qr-h?3ZyES0}S|Li_mZ6Ixc?V+DEequnsoP!^=qa_Azwl^d*B zTP23C-8vX3ccSl&F?pN4u!M@Fy8KrPEmal^nccJx&g{jY|<#^wcWHzOd&{9R6 zM5EuhHHdCDW|g38jC*wmmIg}DVKe8N_QdYn!LlzEK*vt;x`XAqgt_LCFZ zqs@g@T$G4?^STM=Ga%s`v)&ekl%9&tmlbpuBYNu7@kr=;4Z`(zvI}k^w89G*%f2}N zB1S<4fpxVE#oA%r>H6t@B|)3A`6LQtwTzkywx;j~n6usnl$OR_2ja3+z>GO@z`2f?Tkm&sjQk+2?jVSX;$Ynt(iXdBWA(la5{Pobuz9Q%G$_9GsGORm{rT4mt#mqf4LR*l+LE z>I}gO`C5cF=O>$xDcSoHtTa_%+I1{6SCRxHg=@*Cx?;=(+< ze|j1NSPNOV8F*el)3XE>1<}|utG6&i|A@7hAZk)EuPn*L`DMePPS3V+8?K^U?)z4S zmcp0lc^2kcDlq8M59d4;jjvTqmADv>j?9H-M->d7vjdUYRVXcPa$Ul;m7pLe3lFzX zg|509dQLfloJJznI&Bi#D_daJNg4WGM&ov~F4YZ)%aUowFGpDwf&<)suyg~-dvMp{w=BEo{<_QV#Gjr5_Z*BQ(A zzxvIDmI+|yyT_Plr3N)^Q_S6Zf#RS5ZEJM=RH3E3T~6g}VIlG<4pNd6gxR&-A793V z0cOyoy2@f3HmO$Q>y#JTMqQ5O`AkA9)En%#Ltll;g)W0}(B2cdMIyRl4(E@tT5gkvwC-;2Z$c@42&^#=M&kNZ9qpYe)|gL)PV(!aHIWf^t~xg5p2X8}sS9)wD?rN%Z^9SdL>y4rBkm zeK=6J?ca|B2M%E0=B4OnVMx-T1zoEFIO!tIzf#&Fv~<2?Uo7e^J)a?+ug~<>&bJKR zEsUh+>(U>`oD-#oQ6RKt{YK($w4&*rDDFy9abnB>Xb2*ugOMu_BTLqLR7v;Mm2Fd? zp~Pl^)RRA11DDWr+c;eq)_YyP4r6}7_jpg=)uUS8y2kDjw6Q;HM_op z2lr$B!tt=sm$oYQ7&I9HvaYm^gqG6F$ha$xzl@`l{0*Q=e}cOm`YIt7X0#gkYp^LAvMK7FoNo^&Jzg}pC3CAe?R6G5QjvaoHZ5@OeN!c(D)6Uiy zF>wJdKJja4f&Uo32BEF3M7qBntSJoICf%^rp0%Q~kIRHHliCz6bIZP1y=@Qn@7aaj zyBcqMcJIR8J-e}H!FZVIuz3`QH-yI~qo}+!tNU1?l^{Po0YP3auseSg zdv|QbhBd3OV8%oY?$?9TUqg6Fr>EN)i#I-PXhkNz^rTQ#rD?dfYbK1fl%TF*geepU zHy*npGCmoFt*&?Uu|ivm!mLCD`8wmqh2z+>V;eTFU5R-!CSiELZd7JyL5IpQ_H3Jb zysn(@7$p+e=RS#PY_cSe}-FCjHsZde$H^X>A771{;P@eLx|E`*k< zd6flta%e8}sKTJ5r;nlYk0OVak*rYkvPB<5O`)PVVA^KH%9eKd^+H>XjNpeDqpc*& zNUCpQh84Hp%f4&_O@x-sa=hWL;@?+M1@q39SOVMTw+&?6mW!SLJV7Xh}4a-7urK z2{bjegz)xWydSKmJChQ&{LKVSRoPfnJ?N@*#NYq^9e()X`^MYfzsHY1{Y=NufEI0< zroC|Vx%@IbZ4g=}q7g4KNwaS3Ya7l-c}9!&*EH>kLr-NbuuX)P$&uB7(Rh`pxI$1- zl14&1P)=x%)C;YcDqcrd44}$1>)D`>L8EsgRlb(ngo=`MoLDwM;X1SuCZcS1Vp&&V zLwy~nboi03ulcpHe}Cyn6(nsf;rhDt8w#%+>2Vr_R+_&}OvmD3aP#r_UxF%80UUNt zrgUL5qwB%E#{e9;{Te>*F0!?u*&5R>aC3FR9h=SQW6FA7P^DSl7}K|2LrIHq_qkeV zO)+T17>pk~24lyJ#<+14F=NhLEM2}9M=#z*aJ<}5f{*1Z5L%Xpg70jmv{!+lbw8Z- zlXkzYsVIT>#p%$~QWfG(OI-!(YAtPS!a4Uo&9#0sdYlPiJK5w(D>S06WVHV37#ID3>_+y`wZNJv_^u|I^vR49G$NR zH4R

+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organization. + +If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. + +If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its telemetry data with your organization. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the Commercial ID* +- GP name: *CommercialIdPolicy* +- GP path: *Windows Components\Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md new file mode 100644 index 0000000000..97b2384e47 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md @@ -0,0 +1,1588 @@ +--- +title: Policy CSP - ADMX_EventLog +description: Policy CSP - ADMX_EventLog +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/01/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_EventLog +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_EventLog policies + +
+
+ ADMX_EventLog/Channel_LogEnabled +
+
+ ADMX_EventLog/Channel_LogFilePath_1 +
+
+ ADMX_EventLog/Channel_LogFilePath_2 +
+
+ ADMX_EventLog/Channel_LogFilePath_3 +
+
+ ADMX_EventLog/Channel_LogFilePath_4 +
+
+ ADMX_EventLog/Channel_LogMaxSize_3 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_1 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_2 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_3 +
+
+ ADMX_EventLog/Channel_Log_AutoBackup_4 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_1 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_2 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_3 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_4 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_5 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_6 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_7 +
+
+ ADMX_EventLog/Channel_Log_FileLogAccess_8 +
+
+ ADMX_EventLog/Channel_Log_Retention_2 +
+
+ ADMX_EventLog/Channel_Log_Retention_3 +
+
+ ADMX_EventLog/Channel_Log_Retention_4 +
+
+ + +
+ + +**ADMX_EventLog/Channel_LogEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns on logging. + +If you enable or do not configure this policy setting, then events can be written to this log. + +If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on logging* +- GP name: *Channel_LogEnabled* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_LogFilePath_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. + +If you enable this policy setting, the Event Log uses the path specified in this policy setting. + +If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control the location of the log file* +- GP name: *Channel_LogFilePath_1* +- GP path: *Windows Components\Event Log Service\Application* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_LogFilePath_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. + +If you enable this policy setting, the Event Log uses the path specified in this policy setting. + +If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control the location of the log file* +- GP name: *Channel_LogFilePath_2* +- GP path: *Windows Components\Event Log Service\Security* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_LogFilePath_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. + +If you enable this policy setting, the Event Log uses the path specified in this policy setting. + +If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control the location of the log file* +- GP name: *Channel_LogFilePath_3* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_LogFilePath_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. + +If you enable this policy setting, the Event Log uses the path specified in this policy setting. + +If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on logging* +- GP name: *Channel_LogFilePath_4* +- GP path: *Windows Components\Event Log Service\System* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_LogMaxSize_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size of the log file in kilobytes. + +If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments. + +If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the maximum log file size (KB)* +- GP name: *Channel_LogMaxSize_3* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_AutoBackup_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. + +If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. + +If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. + +If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Back up log automatically when full* +- GP name: *Channel_Log_AutoBackup_1* +- GP path: *Windows Components\Event Log Service\Application* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_AutoBackup_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. + +If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. + +If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. + +If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Back up log automatically when full* +- GP name: *Channel_Log_AutoBackup_2* +- GP path: *Windows Components\Event Log Service\Security* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_AutoBackup_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. + +If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. + +If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. + +If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Back up log automatically when full* +- GP name: *Channel_Log_AutoBackup_3* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_AutoBackup_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled. + +If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started. + +If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained. + +If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Back up log automatically when full* +- GP name: *Channel_Log_AutoBackup_4* +- GP path: *Windows Components\Event Log Service\System* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. + +If you enable this policy setting, only those users matching the security descriptor can access the log. + +If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log. + +> [!NOTE] +> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access* +- GP name: *Channel_Log_FileLogAccess_1* +- GP path: *Windows Components\Event Log Service\Application* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. + +If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. + +If you disable or do not configure this policy setting, only system software and administrators can read or clear this log. + +> [!NOTE] +> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access* +- GP name: *Channel_Log_FileLogAccess_2* +- GP path: *Windows Components\Event Log Service\Security* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. + +If you enable this policy setting, only those users matching the security descriptor can access the log. + +If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log. + +> [!NOTE] +> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access* +- GP name: *Channel_Log_FileLogAccess_3* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. + +If you enable this policy setting, only users whose security descriptor matches the configured value can access the log. + +If you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. + +> [!NOTE] +> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access* +- GP name: *Channel_Log_FileLogAccess_4* +- GP path: *Windows Components\Event Log Service\System* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_5** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. + +If you enable this policy setting, only those users matching the security descriptor can access the log. + +If you disable this policy setting, all authenticated users and system services can write, read, or clear this log. + +If you do not configure this policy setting, the previous policy setting configuration remains in effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access (legacy)* +- GP name: *Channel_Log_FileLogAccess_5* +- GP path: *Windows Components\Event Log Service\Application* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_6** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. + +If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. + +If you disable this policy setting, only system software and administrators can read or clear this log. + +If you do not configure this policy setting, the previous policy setting configuration remains in effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access (legacy)* +- GP name: *Channel_Log_FileLogAccess_6* +- GP path: *Windows Components\Event Log Service\Security* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_7** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools. + +If you enable this policy setting, only those users matching the security descriptor can access the log. + +If you disable this policy setting, all authenticated users and system services can write, read, or clear this log. + +If you do not configure this policy setting, the previous policy setting configuration remains in effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access (legacy)* +- GP name: *Channel_Log_FileLogAccess_7* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_FileLogAccess_8** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. + +If you enable this policy setting, only users whose security descriptor matches the configured value can access the log. + +If you disable this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. + +If you do not configure this policy setting, the previous policy setting configuration remains in effect. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure log access (legacy)* +- GP name: *Channel_Log_FileLogAccess_8* +- GP path: *Windows Components\Event Log Service\System* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_Retention_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size. + +If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. + +If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. + +Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP name: *Channel_Log_Retention_2* +- GP path: *Windows Components\Event Log Service\Security* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_Retention_3** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size. + +If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. + +If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. + +Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP name: *Channel_Log_Retention_3* +- GP path: *Windows Components\Event Log Service\Setup* +- GP ADMX file name: *EventLog.admx* + + + +
+ + +**ADMX_EventLog/Channel_Log_Retention_4** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size. + +If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. + +If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events. + +Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Control Event Log behavior when the log file reaches its maximum size* +- GP name: *Channel_Log_Retention_4* +- GP path: *Windows Components\Event Log Service\System* +- GP ADMX file name: *EventLog.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 5c278fc35fe6eac42f6f53d1111e616626319c3c Mon Sep 17 00:00:00 2001 From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com> Date: Tue, 1 Dec 2020 13:21:23 -0800 Subject: [PATCH 036/210] updated ownership to robsize updated ownership to robsize --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index d53f7dc795..1c68d554a4 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -8,10 +8,10 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high audience: ITPro -author: medgarmedgar +author: robsize ms.author: dansimp manager: robsize -ms.date: 3/25/2020 +ms.date: 12/1/2020 --- # Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server From 2ad29089da2e35427958ce9500d083510ff6aafc Mon Sep 17 00:00:00 2001 From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com> Date: Tue, 1 Dec 2020 13:22:14 -0800 Subject: [PATCH 037/210] updated ownership to robsize updated ownership to robsize --- windows/privacy/manage-windows-2004-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md index df3f9bb1e9..fa26bc5140 100644 --- a/windows/privacy/manage-windows-2004-endpoints.md +++ b/windows/privacy/manage-windows-2004-endpoints.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: linque1 -ms.author: obezeajo +ms.author: robsize manager: robsize ms.collection: M365-security-compliance ms.topic: article From 1d464ea3686bdfa9eb7f09facedade47ae51ebd4 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 1 Dec 2020 15:01:48 -0800 Subject: [PATCH 038/210] Added SettingSync and Programs policies --- windows/client-management/mdm/TOC.md | 2 + .../mdm/policies-in-policy-csp-admx-backed.md | 16 + .../policy-configuration-service-provider.md | 58 ++ .../mdm/policy-csp-admx-programs.md | 568 ++++++++++++++ .../mdm/policy-csp-admx-settingsync.md | 706 ++++++++++++++++++ 5 files changed, 1350 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-programs.md create mode 100644 windows/client-management/mdm/policy-csp-admx-settingsync.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 5bfb5277ba..639e9356c0 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -213,12 +213,14 @@ #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md) #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) #### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) +#### [ADMX_Programs](policy-csp-admx-programs.md) #### [ADMX_Reliability](policy-csp-admx-reliability.md) #### [ADMX_Scripts](policy-csp-admx-scripts.md) #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md) #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md) #### [ADMX_Sensors](policy-csp-admx-sensors.md) #### [ADMX_Servicing](policy-csp-admx-servicing.md) +#### [ADMX_SettingSync](policy-csp-admx-settingsync.md) #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md) #### [ADMX_Sharing](policy-csp-admx-sharing.md) #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index a866b983b9..b04813d319 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -482,6 +482,13 @@ ms.date: 10/08/2020 - [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts) - [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting) - [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath) +- [ADMX_Programs/NoDefaultPrograms](./policy-csp-admx-programs.md#admx-programs-nodefaultprograms) +- [ADMX_Programs/NoGetPrograms](./policy-csp-admx-programs.md#admx-programs-nogetprograms) +- [ADMX_Programs/NoInstalledUpdates](./policy-csp-admx-programs.md#admx-programs-noinstalledupdates) +- [ADMX_Programs/NoProgramsAndFeatures](./policy-csp-admx-programs.md#admx-programs-noprogramsandfeatures) +- [ADMX_Programs/NoProgramsCPL](./policy-csp-admx-programs.md#admx-programs-noprogramscpl) +- [ADMX_Programs/NoWindowsFeatures](./policy-csp-admx-programs.md#admx-programs-nowindowsfeatures) +- [ADMX_Programs/NoWindowsMarketplace](./policy-csp-admx-programs.md#admx-programs-nowindowsmarketplace) - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp) - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents) - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile) @@ -508,6 +515,15 @@ ms.date: 10/08/2020 - [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1) - [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2) - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing) +- [ADMX_SettingSync/DisableAppSyncSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableappsyncsettingsync) +- [ADMX_SettingSync/DisableApplicationSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disableapplicationsettingsync) +- [ADMX_SettingSync/DisableCredentialsSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablecredentialssettingsync) +- [ADMX_SettingSync/DisableDesktopThemeSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disabledesktopthemesettingsync) +- [ADMX_SettingSync/DisablePersonalizationSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablepersonalizationsettingsync) +- [ADMX_SettingSync/DisableSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablesettingsync) +- [ADMX_SettingSync/DisableStartLayoutSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablestartlayoutsettingsync) +- [ADMX_SettingSync/DisableSyncOnPaidNetwork](./policy-csp-admx-settingsync.md#admx-settingsync-disablesynconpaidnetwork) +- [ADMX_SettingSync/DisableWindowsSettingSync](./policy-csp-admx-settingsync.md#admx-settingsync-disablewindowssettingsync) - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots) - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders) - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4a90062fe4..8a993d4783 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1740,6 +1740,32 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Programs policies + +
+
+ ADMX_Programs/NoDefaultPrograms +
+
+ ADMX_Programs/NoGetPrograms +
+
+ ADMX_Programs/NoInstalledUpdates +
+
+ ADMX_Programs/NoProgramsAndFeatures +
+
+ ADMX_Programs/NoProgramsCPL +
+
+ ADMX_Programs/NoWindowsFeatures +
+
+ ADMX_Programs/NoWindowsMarketplace +
+
+ ### ADMX_Reliability policies
@@ -1848,6 +1874,38 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_SettingSync policies + +
+
+ ADMX_SettingSync/DisableAppSyncSettingSync +
+
+ ADMX_SettingSync/DisableApplicationSettingSync +
+
+ ADMX_SettingSync/DisableCredentialsSettingSync +
+
+ ADMX_SettingSync/DisableDesktopThemeSettingSync +
+
+ ADMX_SettingSync/DisablePersonalizationSettingSync +
+
+ ADMX_SettingSync/DisableSettingSync +
+
+ ADMX_SettingSync/DisableStartLayoutSettingSync +
+
+ ADMX_SettingSync/DisableSyncOnPaidNetwork +
+
+ ADMX_SettingSync/DisableWindowsSettingSync +
+
+ ### ADMX_SharedFolders policies
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md new file mode 100644 index 0000000000..97697da52b --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -0,0 +1,568 @@ +--- +title: Policy CSP - ADMX_Programs +description: Policy CSP - ADMX_Programs +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/01/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Programs +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Programs policies + +
+
+ ADMX_Programs/NoDefaultPrograms +
+
+ ADMX_Programs/NoGetPrograms +
+
+ ADMX_Programs/NoInstalledUpdates +
+
+ ADMX_Programs/NoProgramsAndFeatures +
+
+ ADMX_Programs/NoProgramsCPL +
+
+ ADMX_Programs/NoWindowsFeatures +
+
+ ADMX_Programs/NoWindowsMarketplace +
+
+ + +
+ + +**ADMX_Programs/NoDefaultPrograms** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page. + +The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations. + +If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users. + +This setting does not prevent users from using other tools and methods to change program access or defaults. + +This setting does not prevent the Default Programs icon from appearing on the Start menu. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Set Program Access and Computer Defaults" page* +- GP name: *NoDefaultPrograms* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoGetPrograms** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from viewing or installing published programs from the network. + +This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them. + +Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable users to install them without having to search for installation files. + +If this setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Programs" page to install published programs. Enabling this feature does not prevent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu. + +If this setting is disabled or is not configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users. + +> [!NOTE] +> If the "Hide Programs Control Panel" setting is enabled, this setting is ignored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Get Programs" page* +- GP name: *NoGetPrograms* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoInstalledUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task. + +"Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers. + +If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to all users. + +This setting does not prevent users from using other tools and methods to install or uninstall programs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Installed Updates" page* +- GP name: *NoInstalledUpdates* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoProgramsAndFeatures** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer. + +If this setting is disabled or not configured, "Programs and Features" will be available to all users. + +This setting does not prevent users from using other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Programs and Features" page* +- GP name: *NoProgramsAndFeatures* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoProgramsCPL** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. + +The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel. + +If this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users. + +When enabled, this setting takes precedence over the other settings in this folder. + +This setting does not prevent users from using other tools and methods to install or uninstall programs. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide the Programs Control Panel* +- GP name: *NoProgramsCPL* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoWindowsFeatures** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services. + +If this setting is disabled or is not configured, the "Turn Windows features on or off" task will be available to all users. + +This setting does not prevent users from using other tools and methods to configure services or enable or disable program components. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Windows Features"* +- GP name: *NoWindowsFeatures* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ + +**ADMX_Programs/NoWindowsMarketplace** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. + +Windows Marketplace allows users to purchase and/or download various programs to their computer for installation. + +Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. + +If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will be available to all users. + +> [!NOTE] +> If the "Hide Programs control Panel" setting is enabled, this setting is ignored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide "Windows Marketplace"* +- GP name: *NoWindowsMarketplace* +- GP path: *Control Panel\Programs* +- GP ADMX file name: *Programs.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md new file mode 100644 index 0000000000..42b649433b --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -0,0 +1,706 @@ +--- +title: Policy CSP - ADMX_SettingSync +description: Policy CSP - ADMX_SettingSync +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/01/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_SettingSync +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_SettingSync policies + +
+
+ ADMX_SettingSync/DisableAppSyncSettingSync +
+
+ ADMX_SettingSync/DisableApplicationSettingSync +
+
+ ADMX_SettingSync/DisableCredentialsSettingSync +
+
+ ADMX_SettingSync/DisableDesktopThemeSettingSync +
+
+ ADMX_SettingSync/DisablePersonalizationSettingSync +
+
+ ADMX_SettingSync/DisableSettingSync +
+
+ ADMX_SettingSync/DisableStartLayoutSettingSync +
+
+ ADMX_SettingSync/DisableSyncOnPaidNetwork +
+
+ ADMX_SettingSync/DisableWindowsSettingSync +
+
+ + +
+ + +**ADMX_SettingSync/DisableAppSyncSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "AppSync" group will not be synced. + +Use the option "Allow users to turn app syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync Apps* +- GP name: *DisableAppSyncSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableApplicationSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "app settings" group will not be synced. + +Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync app settings* +- GP name: *DisableApplicationSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableCredentialsSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "passwords" group will not be synced. + +Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync passwords* +- GP name: *DisableCredentialsSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableDesktopThemeSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "desktop personalization" group will not be synced. + +Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync desktop personalization* +- GP name: *DisableDesktopThemeSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisablePersonalizationSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "personalize" group will not be synced. + +Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync personalize* +- GP name: *DisablePersonalizationSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings. + +If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC. + +Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, "sync your settings" is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync* +- GP name: *DisableSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableStartLayoutSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "Start layout" group will not be synced. + +Use the option "Allow users to turn start syncing on" so that syncing is turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "Start layout" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync start settings* +- GP name: *DisableStartLayoutSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableSyncOnPaidNetwork** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings. + +If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection. + +If you do not set or disable this setting, syncing on metered connections is configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync on metered connections* +- GP name: *DisableSyncOnPaidNetwork* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ + +**ADMX_SettingSync/DisableWindowsSettingSync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings. + +If you enable this policy setting, the "Other Windows settings" group will not be synced. + +Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled. + +If you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not sync other Windows settings* +- GP name: *DisableWindowsSettingSync* +- GP path: *Windows Components\Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 46eea2f6bd8a2de718ccacdf2885c0c000a3b50d Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 11:42:47 +0530 Subject: [PATCH 039/210] Minor fixes as suggested --- .../microsoft-defender-atp/ios-install.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index bab81ac1ba..bef52a91a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -24,7 +24,7 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your device](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll) +This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your device](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll). ## Before you begin @@ -52,8 +52,8 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. 1. In the *Assignments* section, go to the **Required** section and select **Add group**. You can then choose the user group(s) that you would like to target Defender for Endpoint for iOS app. Click **Select** and then **Next**. - >[!NOTE] - >The selected user group should consist of Intune enrolled users. + > [!NOTE] + > The selected user group should consist of Intune enrolled users. > [!div class="mx-imgBorder"] ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-2.png) @@ -87,8 +87,8 @@ The Microsoft Defender for Endpoint for iOS app has specialized ability on super Intune allows you to configure the Defender for iOS app through a App Configuration policy. - >[!NOTE] - >This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. + > [!NOTE] + > This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add**. Click on **Managed devices**. From 463b63b581349f7115a3fbee8ec477c03094acee Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 11:50:35 +0530 Subject: [PATCH 040/210] Fixes for Supervised profiles --- .../microsoft-defender-atp/ios-install.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index bef52a91a4..55a8c44542 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -104,12 +104,9 @@ Intune allows you to configure the Defender for iOS app through a App Configurat ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-5.png) 1. In the next screen, select **Use configuration designer** as the format. Specify the following property: - - Configuration Key: isSupervised + - Configuration Key: issupervised - Value type: Sting - - Configuration Value: {{isSupervised}} - - > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-6.png) + - Configuration Value: {{issupervised}} 1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue. From 5b6d3ce4db1ff0029adbff5526ba6bfe0f73c9ab Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Wed, 2 Dec 2020 12:06:19 +0530 Subject: [PATCH 041/210] fixed screenshot --- .../images/ios-deploy-6.png | Bin 115478 -> 129510 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-6.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-deploy-6.png index fcb075b91252a959dd07d78ec4a864674917af4a..082e51ad2c0c9e90c7ebdf6584b77542b91d9be4 100644 GIT binary patch literal 129510 zcmeFYWl)^W)-DVoKn%CwNpKIr-QC?ixVuXrc(8#92{5<~HrU`2+}&Ytm%&{>p6tEf z{r>r?&Y$z|^wdn<)!lbj_gdZ8y4LD7k;;lvXm5z#ARr*1$w-T!YsirfTB(!O6wZ!rIRKgPXUL`3G|^YYPMfuldpxYnO%cpP^4?c+D>d zJ6t|%Hj|#8-tlE_%to>`6~!h>XG>$&br1@tKD0jZYz1B?+6++VtGW)%ozm3I`fV#f zM>0H~JUN%1jxw6;14tiSV1qUt{@Xmco+C7Rw`Y62Jri+nm#&=F_np;@malJ#b}qVn z|77y{E|rWVZqx!Fs|i*)$yyg){l>F>&L7VPZ!af2Dj!skihK{pWy(_88hna8x57|rkosG z?gYC|CzgSG+()XVq73_+L~ z2k!FyyMDFFIKGze_?m^3wzu}u2Jartm=Bj~7w;6b>d#!#_DDnM;H?j=fw!lvH>}(8 zp}lm!n3lC!Ss)D-MEz-x+l<(2!winQDAx~XvaJv5+DY_;@?3*JWDmadkCHAzHViO+ z)M2?ML8c9P9SGtptSd$Nu*$e$3j)BvF#b`rYi9)@b9m4{A|M_y8DJzo-h)}m)ujdT zbyaY_($Da_e9wNaH52q$sv=SgOa-=|8_ zR_)76($(GNnABDqf==q{!G~%QQ1XB3Swo@Ija(pN_wK#4Wu7nhuP9>KPib>vId60Q zEYhsEbSyyjmz!GJe>(e%OB&|)7Jj3t9@I??Hy$)B9ER)it#&3V3T{qLC_eShGZeSp z-xKJ#LP~B@=|Eb7mE9_8{l2egxMlhY3D3q7PO{%Aj~en+O?B-6c{T?*jTtFNC=*@G zeyVj#o4|$()&*UzC|sYCxDxk-Hiw>=TqVJGPrYd$-CMWdsU=J&uqHy^24z<0w?n>A z4lg!Y`>eXQan4nlToZ}Zvkz%GWn-R&t`nVIP(f^4DjlYn=}V9BVmk%biHG=e`^IK( zsmEzMfn*NOj!@9L-AV>AuuCbqXi8$tzSQPi*Lo-c4E%bk+jhumGaTHSgulbRNEgbd zibPzu`PM>0V0c`s$XsH?Ye;ep37cRTgZgNlXl$XTJi-rmivW2~`C01M= zq%rQQmNvp-Qr{UzxknOe!K^iSue1w0s|#iohu_u7#cZa1fme-tOT!F*$Pls?O9~v+ z$ntfO_P1ef3(^{q`%>rkK%Pzm8+(fH-uC9SuY#**j+GAa{>aRYvn#0ap!(v34Gk zI+>6Zw(%W58nfxA-EIoCYf2|Z`XYt-nTuZ@nbDoLD+uk(1 zz7#1g^DP|QjNL?BDoX2t zKH?WloPd_iV{s$p-4%hK`_CE`KC$R;gEb&}cz)s56pKab!-z-bv7^JVr@} zxm5nwJYwFZq&`|@$sc8GZBxqUZEI%@yc0lF^dGJdNlUtsS-j}iE-&uK%;@(27)~iH z9gNDQeW$b&X7KP@UCNIk9K|&LEu;U=nw96Amtyi|OM4l@U7B~bj6c0pbomHM=e({N zY9C*6P$!SDB-{E2lR^Pi$D-=A#mZDC5qva(ag$o$2j2`Xjqo%&%g%AGthcz?iyPlc zf{sxz2j4+q(!j_FFX!Twdaa5qYdNW<%e=d~S5XgJQ}^)i5XjrHDXC->$y`hgV*y&z z#rVoD6)UcAcG7bpEJ2(!3CmIXmO^=i2f^IJ1P>k;d_tx5)mVM_`j$W}Ac+k&0t3GDvCP!e zL6&qVwx!~!*Rl(X_|v1zkG!dxs{Ur@Gar3)td&>3H@3#C%CB#lc`W0HleqR1D=rv4 zje@CQ+jj3{Yot#cJ>PCnEsebiRm+*+Sho1N-;`f6qxI*j26oxM0D>h0!w7$`Nle?r zb%G2h>%#wR;4g!hCXNxfsN20vO zer+<3=ls1ehe-QyZ0qfZAJPEio!GBRUmrggjDGKh#9Mvu5beW;BEQ+P5y%wvUTLxk zo=W)U+)?7yWE3@ZUz(DTj@(6AZrt9Svq%4sT$zLL%0#F6LuslBlQGH3hU(-`$5ij> zJq-!<_?&)|95Ld_Y6caF@S#2#xGUEifbs81w<99>w=GN1232sLm2Bq1 z`r8A{S05~9tW+eVLxc1>LtZ2ey;&S4PVhiyDONgvXErCO`H~S5r?Ba5$7{X{nipc7d_}*%(G;j8Md+s%&dHmTyBL?f z6VhaZ*tgL#0qyVF9Rf=&U! zUTXP3#AuL|LI708IRW=Pe&~>IqcX9Qd?YRX`le3~(V!7K~q z@L%oiMn+XGX>Vw|XX+*5=|eN`Gei4aI*gQYwAShti9f#;Ak$AmCk*7ke7Ds|$-qbx zWuD0sq(C{At*BhXcw|HSL9^)TAWPP7nTyF4g(=jISZh`RHX}B-gZ^VfxBP{)U%iTK zJ!;IAd-ba<4YB?h3569{9;Rie3KSP`#fwD-f!^uM~yZ` zz~^_usK;~+4d6SetGIN;Jjse9eMGypaxsPRTa%yjQ>GF6zXG}XxMi*0oZ&DHeE!DM z5a%iLh|i&br&=8*$0;Bmzsj@|GyS6a8{w-wFTPBlK_5N<0q&D7T5KaI1B!&XbTm|| zIqLW^5j1reYpZSs+~@lwsn5*LVA{i|iT}OTz>4cdP(!$6-Ou=6G}IRqysC3(5Cq|| zgQ~9?=r{l|I$;k&Bt-Qf;-ub>J=-<7yuKgbe;}9LZ~SbfCPn)#olZGGC1}Qix7yl~ zO$8DC4{GSUTL94QWv{Qay2DF0<-|Ww57f!dWAB!fHb}%;mr#<*bg5@b;xUo<@bL@f zw?r6eSc8$ew8+1)^q4&+Md!SA^|gK0aQQx3Vzp=b09-d_lO5_i?XazyRsjHBIG*$+64pEYWwLe&m)%kzfrIUa#uu;PYg6O20Zlf8VAC ztTQ(vi{|cGr@eV~wqSmJ=>W^&AEUa(Ry;GTBv;iyT5MK67c)iNQ9>kXgE6uojdvi6 z$Z*OSkfbA;>J+L^H_pX9k^K6my5} z1|;eCLunrW+L!~0-#ev%+s_I#N8f!YGz;TlLald;{IcDmn*30;1!jA6p0j{xgkUuA z{P~60c3F+T^u@e`SB{5k~6{~sXTq2{@e5Lk+tI7AG zr1+7gJcAg^_NK^EY$G2`n!YOU_3+h`+eeF*D0uA84@8zaeHt^ShYIt9hmM$0>Ury_ zyv{IOU*P4N@ZMv(@O&9$c$oN1-2449g}j`Qg)lb<)bWa7(N}m3@ASpJd%DTT!gqdq zW56K_SvMTG^NMw8$(zAIeihJ%-?jS!ZET3QCuA_#SPn>_zf&GdLy5fV=90RePBo2h zB+fk*vM!itVQhmS0yjkb-o4cE{pv>bM@F_~3t?AJv2I0`RnPf$#WjjK=w6&G969xT zneo9as-(HU+gBj?73NBQA>G3%?||2AH^pV1sZMK@yX_x6sDW>+moVy&*mUP=mBx9) zI1J@cZcc6q`2P6qbUw+>8J79-pmvoOFC1qq zr?zdgZYY?xbJ?_XAOVD0#(~&^q|RH30#?psOp8xPSanJWV50D*h>=QSy*FicuzZ^` zOLMQ>iR@i1g+)%Hg69=q%-wCFZ&^AkkOG^ueERePB0>Ce=j|xMejc|6lLjO~Y=b1|7=f@SjF%2?YU5|Qld}RZ_$38+_#iR883tFBeoduS{Z^^* z=U!gge2D~r(wM3860NgFemBLWuo5kVmid-6mayI^^HB3G{on>U)z4eOLK3CkXa%fq zjYdo0=@8)DPlTe*Q_6i5V-dO z*-}40a`P*8POG9C^}LwFX@$F>K|3;rR=SP}<0v zq-yAdjg7=o#nf`>ZzP)?!+y?Q!O8f_h1-~W_aLvXJS;XMa{*(m5=`%#Ia952LWV>k zokTAyJhI??+kVs-H`p1H==z$zd|bMfk$DOuI>vH=?`x^uE@HmelDT~orcpr;k;aHg zRyJ+AaqgFMSR^mUeEX^?`SF+e-r*pTM0_cG4Q%zAbRE-vaOZ}IJFGE1J7)FG>vsaS zNWyv-^Y2xNgbWFa>0f$y22ZRy?%iv%+m)7N#L^O0!e08f56``R>+yZY39t80{Wlg< zof(7=3A8x;WZz2x5}CGd$WR$<(zBvw%qq)h9t%82O@52iewI!!wGbd)jiqRR$csw+ zWAi5@sdz8s%c2ia5GYR1EA6v;o@!nI_d3(pimsm(=u96mXd#G^hQy-lY;H_N-@~UHXr6X&| zOaO=?Y--=U>q`t8vTu$5MVA*IFNbr@gN5E=`td0l1$3>S^ zRC;I0T8&oer02uB>-~uhDXI4r?B$nL=;4I4vZWd~Dg0M{1ICx{YtrF0E1C2mym25l zqFD~Um*P*xM-`WfzKnG>=R~h9az7^EyEUHuf>S7VSv%x9ep%HaBpq+ff6*7eKf}0` zSO&OIK&uWTbD`*)nTDW|VkaNNqIroTl0%!`%q#H8Cslt)5}3pnwWO4-4R3<>`IBRt z(}zih&y*7z>hXFp_DIKL9D0iNg&M+7T(Zy5ac!J;oCVawa?j_V7=uM9C6FxM@m%&| z91J{DwH5g^p}H*2qsSP=^=60(q0f?6 zeMy;SE0(2rky8m+!b@04dNrOObT!hxwM~LGvX1CXpZGcydsh@Dy4=&I58Q5 z`@SFGu2+qWaD9j@^fC!_*>jP$JA7rb_?5CUE^&^gAi>+l^?gcmNizD6Q<*ycI*bt$ ztSnD821RE_{UhytF3jq(BCm&6GxuN4W{#MWmQi#GQjU-w5)OsLC0h9;pr$i*xQ44`&lQ zUor$BzY1yuouEVSUO{yMn4c*{J{Q97-=qW(Z)xDQ(nUGa-~0FaMGA$ta6+EI%)=v# zmtzTA1?b|zG<}$d>+vMbLH6JZFG^fm542;81kF~$=xrxGzu!=ttR2O3A|Jxq>9+C}z%+_jnRy%ptVCer5$&{a_>hapEIzmi2!&|| zHu)h^LzZji)xPiCsP4EgvL}E^2c65@Lk*XEedT7rb_fdL>?-inGRlj2fpPtJZ9EG^@DA(d^-ucA%CnzTe`FXBO zH0TwTxtJL^O7Go7)}+b?m|LBhc^Hoe;}aBmBE>pQ!O@${7Up79=^xP5wu>ft#Ngss^Tv5!OOXaf>3^xGH{Q?| zMteqFj7QW~OI!Sc0$8r`yB+@uc%1Wx^0(DQH4pxF3#B-Jp5EzOlLnT)9`pw+?O3f+ z7+Vq7)g4-$k~!5Q{ovmPeB=RS{8VOqab$U};B9=3|6bd5ds?t(7b!kZhiMrBHC#AX zd~ToY=JnP7WCeVV{-c=6Nr@vo{qxCeE=YW?dF>>vdq3{J9drO&lo#*cvMA3YAbdcO5f@SSnm<_dcT=Crx;i2M&e67F{P`0L zoqcyQ4I;kCd{{K~xGk+ez}Pv8qfl5y1dNjV;>{=iKN3rCf@$06mE}YXO}pAOupO+| zm=qYfCh*_m$6GTcM!o(Z?;R=mg=*u5VwK5N)IyY+N2VnMsy~o6nC5Dc;eYx4fzS8I zW0}lJ35f9W;Igb%<<;{X|0zN7R!Ug^dVK!ZZv_Iy^To%%i+u3PKldMh z%OA>D|E~c7;s019^W`~GaW=c-dGstS1)u9Q|0747&-PBP{19olp;n zzsD1n#)4(eA$?;*?T0Fk2k|+K6*|g}BbVN780o*q`ENHXESRvWE6R(fanua`_(?^= zD_x3dfBJdEZNG@WtUtgE%7wlr6?r$P$P+elya@mneNx#p{-AOA4So352h z)<~aM#EyRr7a-#@?|6*pndo%cCQg`T3FlS*(k9T2Hm{j5nM%F}8S% zL(EaDJ4mn0HJHH7??|Qj_GG4CP{%)DkqOSuI9&u5Ish+Cm&fCec zblP9z0kCAi*zfg0HfOJp06=-R0fh(S|CG)9PdZpG*VoroUm<$wDmn$|deHz4b9&k^DY9jPWU% z8eePAPvJG0Abg^eNs5F1sM_tMx^f10Kh}O5S|-0|TEEAklcCkx-5VNct(LDRP}vXk zuDrcJgi81LYv_8eq}?(;s_#dM2~}qINxJHv(;pcFb3ez_ZBGxRqWW=(_5m&r1w46P zfi0y@@8k6Rm$*wKyMVllSsF&~dZ=`<y#WD6FXXmKJM&TKfZKRAVTAhwmg$k0~WoS z_ubn^_ILjpV5Bj$4<>D1kO6SQZ$%;Yd|4(^xmuFyty`l_Ek!9aV&pKDvlM-Z$OmW5 z1x@ma!VxO>%AMu{Gj(VtMDVxg)FX@G=ygm_^$fx7sZEsd%Kf9Ou7{y&a;)s3^At&iLw3B2erR4j`=H7l zz7o8ocQi#WC$;%_z^uWvSFB`lp)nQwo|MRDtQo+ckugEr(`UQvaZpJ8c!lgedDst4 zpVI2V@7mo@Zm{j~r+a(o8-S$8mZcp10o9GTHFp{u0HKVd_N4cW3H5^PU&@oY5eO z^OloopH_x|9nJ#u@w0-@z>2WUJ^?=xqF`@7orZpim9cSDIjnBHxF!Xa-H(q;Sm*fe zG?xKdcp-!BEUD+%X}s>ThLGBXE8Q%mORb%{T&!ids(`}0c`bdt(M6II1b!oGxi>da zW14YDe8N;Jdsx(4Y$+bSm!*{tD>DaC8k}2e9`^BGI*I(Y&7mMrs+^hJwwKY4aYg^@v70YvruU@cu2MOmKA! z7FYO)^_&)9K74z_H$WF3z3x+q++ACkA+3usKgSiIlR5mv^|A7`o5N}?x zp^r?n&xH*PDeXZt6$Y3T$!S?{-HL-Za#??;^nV0aDos~Gm_bPiqu^MgC5`pRD&C>F zyIROzTEhV_OJK4w7BAxy>SDGvDOF!VQ>(#i7_Uc(j$^M@-ULA^#3%gzzc?X}I+0;A zlj?5QU;9FP<)IFLl69|JO<$l=%u{MdaNyz+D<84BBd;|rS+F=>>Xe)n%RFJo^xjZ! z_Cg?@>ZyNuV*poaws+R z{PIKfzmYI#I!{dRI=*K_Qw9KN44Y})>V=cCi;mYsk9+4V*Csm@Ig(GKN0n?-d0RgD zZ-!Srl@Y#H1*<^FCkt;c10SN$e*U%zgxj^b@O5~fRj^C$Xru6I|lPT95e8rj#hIM1a1L~TDqR6O<~O!O7698qn$^K z+0HTsQ;XR6<30*j|ASUazEKFt>^hjob3FFEq@DXCfu;PO<`g8{@(HAlb{I&!hQ!@& zKO)EGd6vhsu(0~;BzO-SGj$r9_E<+sbpm;2P9guZU1gw=SX`uhHHqqZO%pA*M)zIF z_KCT%@TrPE#n18rHq1S!6Q&%WigpKfR53r$b&3e*UE=>_Py(1X?(Ea}7#5_pPSy+t z?yZg#S04nnDofhMg&8EO5u8U-LLDJw(_sfIX|bT9$JV7Ow3olY?}J@lYc zruk~DmHkl~h=0H3>b^@-4E79%j{Xnju(Gi??No3~&GU&#>oB4_YM4{VyCf?!^lND> z&GF%ydadg?9;8RP8;nj4u{%Aj=Y8e%Ok>1|Up_<9LGzT_i~^iMLkZKh3V^CUV&VaN z01ATF=k4zfiudJ7wZP4&ETztFYNRvOqTzy#!`5j6#Rq19NyR=-x0d0z9g`J$o-w|+ zskbY{0QEd`U!@w@e`n@m|EX?wwzVqXJ?R;ds{&k`4iz79GHmCT=w;yS@TG-Rht8Pn zBv`ADdUwgwqkej{f)*zg>89ZDKYfVFI(u-{UzPZOb<)-|C*JL zy;)4^Wi7*c52-sOSLm5q%(6Uzn=K)GDy`aC>!<=mt$T9z4YZ33N1Em^(&^j+E8h>Q z5D$RcsoY}iJ$e7*!GNui(`r*}pk~ovZ4|UNA$IOuL^xD%&Pd=k&-Wew?k5Nh2iM;sI{t!(FUiRVh2wnCN!PprI5;4fa+4UYW70 zAz)xg+T(T6Gj5w|vnLVm(V(SqJF)q$0Q4nbRt$1phIgN&VYODao>EtOE8ScQcWWt; zO_y`G7EZE2d*%51f9UHd<9sbBj);1}-;=?!8-8mXBtgL|)1XZ{?^gTF0cREG6R>h% zV*+?{`g!A}$TRP_rXa zR+62}I|B8CT#7ZjzJss2o*7hQ9;o}GQ71$GPDs~1aVFuUk zoL~dJ&Dj>CyXfc*CdiWAE`Gt|@h?0ieker;y&_whZiA%B^K;!iY^F(j~3O)S~ zQ#&?#xujaF6vH`9$_z>g^hsAad>egHTyrF$r8w$cRM#_Gd(s@wCtisY_og0CtB~}J zI{jfb0B+eV7F)G(ltIm_ew@Gap!iXT7&M(dUK|WGyU6IHIKR&>?dNl&s!n*$H~Pfm zN%He*d<69ihxcvXs3f3&!_PK2-<~0hap7Ht{*nB6bh0S146j<@6iz^aqZV z1pt)LyS@BV06C+;fe75IFD3c^Yu<6<&_bq0;c8nxs=;#7XglVbb<_aWbQ z;1|ZoF;4q@|5&xt9k0^I8z@v53tUN~`qpW^B+^s;F?;@4M@d;o_ z2WbU;Y@}fmcOSm{NzC8O>y|D8eTUfHa_9&%=kOjN9mbPc3ORxG5-c#YdJEh3mEwR1 zLU3(WJJj^i#hjEjF;5TBJ@UKQIplrh?9X}2g&f=S)QHVn$V_d&JGH(_NRMsXz&a39 zW-J>^oYMOCvetd!{M)KWJi{|^6RTr`+CL!W_sDsdk&!GuQ$Ns+%RIl|i7a&anYk`35Q+LOvMW z=lezvx(h;=h4QOW4KzAxTTCT^=Ocu1Z#?`958^;B1bBU})(th%sivs!)aS3p&xK{1 zvWY9XyYk%q(gG(R1#ae#=$_Saa0+2sT>H8|AyjUb=CpG&=}m8?{5p25F%Xn}jWArh zAzULk+^1Dzo5AnkIMiF@B++%L)$W-HymU&zHcR;oI`iJ-QK#L`xE#~ z!?RU;x@M=!r)DTMs%A7noT4qgzSOoaG059`G<19y*HFaYO_lMo+2#`~eNTP%$C!mF-wWNzDF_hHcWfMt=p^B$oMuyOK< zWz%}uODdXtI#wR$x}$moNDgE&?*Oh>?dq9zX>_Xyz6pQ|v8#e3+ZHE89xsg3J-EKZ z^^Y&8{=NTAB!-A4qBl!7JE2@QOxPQVp%mhBZy73M`tJL1pT zp20QX@Yf4%x^r=x^#v(5R(|5q9G(E!OLR}PfKGZJDx?nMYHhmoi?P!U@{yI$)YU(L z=vuIOxGZfhZb|CPsvP2u#1mjNQDr1%r}Rvuq~z_2B@NzJB~uJ+Y@6)-%Wu3FL+5vy zCx@@_2e55t&Tm)-0Rtiy>Gw5Pn6;+AH9*95 zoD*PO9PT=+M705N>HAvC&HF&tbz9vE>YigZBO6ct@Td(Qb=Me*wXYfX&q#$uKHIEq z)a+R{#V`@G_n_e(FyuldA0XxUBPLOTTI(>u>}HU60b02x3fEUF1li&EF2L?s2p|*XDal`Kx92hRb|`s!Gw#L-tuR zR@IT1a*hS-`kA;XrI|^rmdQ3xtI~9NfBCaofCo^ZJq3p!%67@cUL8`qw>Q48_r? zeUB0%ZnZ)@v!10D@0$&uebxuBe2O4jrW+XX`F)2O^e`S0O3D`Bu&U8!8@G!ZH`M50 zwGI)*yO=atF3`JJ8$H@DU~qkLJD3b4=&P_QAtPzlM_wYn^P(bG7!SdD0lqSKDf5$$ zgShq4;4lnL-H%bcu$!UZ2yg_DrR`bGU*^}hBBem>tv@aKmA)5Hj~jtuI;93|`Z@r@ zgt!%SGM0=LSUjyIg51ZpJ$AazWn7Xt-9_nq4W2*H*2N3P5n5q?b%xW zxVYh@;wD7%auzkE!IIXTs_drKjJ~rmcBZ*8aRCk>m5aQ;HcP;Ub?@(fR)2uz!CMh6 z5A!ZGw|L);UoG0PIA}#G^fy*T)GrBN7QynSM&zf4@m&XnFOO8FCrx}Fo3kY`82s+O zTy)|@13kA;E?1W_w=)cvGVinj!*IQ_KG(C5Tf6iNSLkJsOit=EXOd5&mU52Ytn*E$ zeySXWeN#6JKxNlk7#EjyJzt|ptR6EMJN8fOn*z|}bMi~yct(=2WsG$j@0ohH{JiIv zQb<<${x2cDSqkp*;eY5BOs4GfX+4MwyK`Lr&0rbSr!beU|I{jX7o#Fe{>b{*wXpKb z2hk6$4|B~Dm7!v%?DuuQ!TVYo&+w}@iI?4e4durDY)W44bh7+~%lbK3D!|*86H}#W-CIK!g`wkRsc~PP;A6FeN!2M;Ts)=guefPWf1_6uQ2#ZQ zBmk6jqg&acY|Vo9&c=pexeYDlBH$6|?vJv-AxL#|>cg~@RIg3VcrB0IErn35Kg!CU^Oq z&9R1ysHS%h1BGL4x6z|_t0s+-s%EJtO;fdwoLcsS-WYL_d3krDb1#C{S=MO##QC77YxIGs#>Qj3>buinaoVXQpc_-z~5$ zAIkHf=h^7vxHW_~{XK0_F3-#chuXfhs=549Zb}Se36g85lKeDG>%3iT>|1jhWgEyD zjZH=Z*i zHtG}2&80D<%mn^kt4)VsV^4nwDopx4*v>5@UJKxMsK_h~3`KkYF~2G8Ma)E!DhAKCjR8 z$&jTfW%Y`^*w$b10&2x*(#+w1#@x&Yjg6hMH6&)bn`C0p8k#O=*4EZ61&{w7E_tKQ^BH zBlagtL9zUnN`BMO<5eYY>6oJ<>nr=R2qJ!oR$UHBPN=fTvl;PSz?SVIw}IcGtQriy zZ*Cr@t*)1as1F%F<&UFDPA8Q-xrgL;Mv+~F1#ocm)s?=A{^`H^rDOfZ1CR62Q--a& zam!|#C~iAv=0`|d8(X#YqI>_zxMj4=cwHa3Az$K6v|7J*h*Bek(cS*`o)bashD5*Gy%Ia0=$qFM(DcLV=AGR~DRyA9PcXlki;`indp|RQ3H79>{X!oN2 z${yohIud08gM?%3#RZKEuz4V}hX0EgAtIxoMZIOVp%-Nna-ccNE$JxCUe2n%hFF1+ z0J1xPl(sjRlDoZ?OH}<--@in9(9eeGmn=?6H&wU2a&pM1&pj`jm_C=^ZLRX6>iPr#05z8cdw8UJcOy3siIbqj~kBCo6a`o_5~F zy#5+R>)0Z)ZILF4foA7VHelfVNct98BBq8}d^=*{p6e$t)UM5GhJ5-~DC;T0pbt?1 zY@?PSgAJ+1LQ$(sI-FU>p%$_L$*Ldg zg$&oH6Q-Q>qQwpz*196mTa0Kb+m zNy_|IvRHj^ExV8A&|N2&edFZA5RFYvv}`)_{na&JX8pp?co({5tLmXqDIgKfwP8tL z98qjA-E0+0VfZV?xO~)e1MDk<#oPATvVf^&; z$447-Kb{jIcu~e`C}nPD4ySx&-&|Cc0R@3TjUD}66JWqr!h~8j07=oCpRAskqR#7s zVTB0eBgq1b&Ul!v-q|J(H8?dgPKN*@cY~tj))PyHJ;_7F>oWV<*vraE-|24mXXeIB zaOQN;5fyV>Q`FlMrl|LYb%uyjZW32O^}9YtrO2iz$E~q2j*Pnrzo!@hc-S{JkWKJz z3I3Hk;kBo5RV`DNx=*L00EnZC~;~P@xs8HI_n68Xn-SE ztx%y_s=}ZM3>bT5uj2}Bw0J)ADr1J>Z6TBt=1LAfj_y-bh8oLAMb;NIXs^WA_rJ0$ z=>DVmUi-fS{`hr#r8|3AfNDxtSTkId8>H0?n0gxiW9WVQy>0f_Db(k5!Par*nu^z3 zcLr{J3T#MfX3#@!e6z{Fkw8a11Ln8ph8wgU9PRT}5x3}FMPm9rM`UHuzwWQ6`I+;* z-DF0$e@(sQZ|UTCy+taUbkDcetwHHDwoa^S;&Mn3QTM zx`MxMw%VJ|;$)blE3a^(OC*&NwKRX_8eH!67Dxi=nd{tb89`HD?)Z?N(5((@sB&Al z*F5>8o%aGgk3oB$FgSUCag%sKKduwAV>J3_%{n^$TCj(cT2>Ubb`O<0ybSzo>Fg}g z39G&7UPn3RhIIhqOU@%oXA~!N_LLtB*75eavWE*EkkMOD-|&+B4L^R6rbcsUpzo)C zT9I@hr30?{a(2*NG>MHNdQf`D;d8?4L9~+%-V@b6aj*H1lz{ycFC1PTr9*wpE%MVW zb(a(lc(yduJWDycSqBu;zs%aGsZ%gs>aVfBC&V@ZLJ>&=ryZODHVTC5K8koYwzBFC zGsdpsa%iTaSEQr5^Y|SjXTMdV15$apGVMxKBoi!#&dnLgR2>@^co*suPl+@t91Msd zvf3#9f}FZKjzIm17JC-j@w!>vZ$BI}P6dlJ-aK^EK4<*@&8U0Dlvw7BlgD@ap2^sN zcDv2u4UJvxE+@`U_1~`b0cpG+gGQgDkQL5R{>HiEs8VWYEMUe&*UeWCEA*E_fv6@V`>NP5be0_$E!tj>p|^Nz6eQ^J-xgWurjS)QoIk5S%c92vpt0i ze|y9bFBtRzT<&X*?)_UV-YM97W2`^(e9ruRw1X8+_cDK|EUAxqJ4y%^lV%r26$1yW z%){NK=18xT4#el>%-tBJIh@&gdab;>6TBV6_=RMSdt0T_KR=*hY2{?8*DLRx+{8oV z!xRg%E(qcsHOJ7CTS`yM(btSkIu#Y`Oj&XhH0;((yQ=1x;7o@=9CnuatwD)sJ~a_$tJh%?*0)(pkHS6`&5(Zl7W0+h46Oj zJ|T)ju5xOVvx7!$y{B}XxFf~8{(`Mux4G$3oo!XtZ&yqASURo5gt}O}C-!~GYn-y< zf7CLdAPJl-c8$S=O>)3T>Sd7ybbFolIt0fCH`F`4CmE2>?(2`zbp3Is$LD_m2BEiW#;W>*BV(9WuHuD|>g<(mcc1c|DVp&NEbbsMQw5-{Bq+|gz4~^qCRH|5uM_tu=Nfd6!@yjK*N!~nWPESX(5C(!;W{_v| zxGFr~UI6l{R)hBo`iD90z(5{XXw~JUlGwIYTaLm+1<`>tvQol?v2F0-j`cHWbj=IQ z8`~#!|3*Klq0O192c43jc_>lwy7U^mF7I%1YbYk!y+%nD68Pl!xsi@(?9tee+=SzR z|I#1NI7AmrjS-d7X#d(eF(6gty%B9K&9$oFsb>g>?(OVk6>umMzsRH3y~fo5&p)|s zE6%`$%OjeTTcHnHQ}4kCskRJ1wN*&OFMGD+IP-roA?3Sw2(b?EJ}03&+K^yyVnc&@ zLJ&&ot`!(Ej2`|5gJVr3DmqEaSI-oH{lW{ox^vyGeY~8`q5MhHv+Z$(*H`S%8QADG zJ*%_v1LzBo>hz%bWSws@{llJ9WEzjeW9l6x9cTZu2cjmQW>oN7U4V2gMv`l~@opec z+3;dwQiNw+^;;VpFk4$YzqChUFvZbbC@>5OL`yEV1+wwgp=;Y}bwJH8$x*wusUze6TYYyl% z=N4M(IL@$XbnIPI)S=MA(ML@;RR2ahe@@sH+NIJW6|<-;ZKa;rSrv}DZW*+lMq?-P zyFpN>+TSrLvEAvHP(jm!F$bP}do)$im`6Z~t%5%Z7sa({y=sZm5(dJZ9UO?jC*Y^&l1Npexl4@`UzMSB{IJpwaZdw^ck@J z(Qz?!_e?PQgY>rpzCHK)bZs%#vxZJyO7j|`NmR*paiPOpbGwCy_e1buH;K?)8U37` zv2D+iqJA(d4XAsFIM-EFgiHC%SdWh$6G~?dF1Odp-nV(LI3F;j_l0Xw4V^0##&?Lm zH8a+AV%bTK(&kgT#;z8JZXBn>jU@jp(xRPe|DR7}ci*b{RJ3!3=#0fw7itW10J^zet*hloR`*q>TBnydd10+&a|x! zD2NJfiu3GOD|kH=KsQ7XZN zW7PVO!Yck(jc_WP{PagbEqPKNBhj_xZp~clfu}X2dqL)i>XuQ8Z<->g;$vwiipuevuA& zJ(;q{9W5{yogFTfk=eSz>%Ylk)~}fxZFH@UPwUEn50#qy)uSPGA$*-(EsgG z&$D~e7!#ju{y~@L`R3CddHK;Q>uLS0^$D0=9e4B!&eBh`RgFNF%OrERJNBUbGOs6( z=QE@GR&v?Z$J3jmj@lT8QsmUFzdabbg>+Tk>G0H;9!Bnq`{pKwiLyrW;A77pY&!&N zo4m3Xy`-1+vYKqs34K1Ei%+pK-YC}PM|G>WMK#|_-pc%^N3Ytn>83Tr288<>!ph6G zXf}w+7h7Z*@k1H1??v{%BESo|hF7Q6&*($t|kDb0P5?XXtOKeww9G#M1yCn*_p z=cbrm66euYqFk`Su<;-1nSC+k;w#tGCTR{b!|#R{DMzs9SuGrvrk4E52#Dp z@nW5olE?Hb@Hi4)8?RSwmsM{X-wq{Tw~foBU!uv~v{>fFNeF5B>g*jw6%}qfPxFZ= zMPw`6dN%91(DbT&RGbf@i4~BGBU$sTEiW>mviQpOI~~T za4r>n@EH*it+%V53>u1#|Hv>hQ*q$S>V#!;2$no8v5$HpU(RL}?6zAHv(8@Rxj5Vq zewqHT{_EyHeB_l

fSN`4AmKz2WU&m;KyyoE;2ER4enW3O0*xWSiI05A2U!Bf`ca z3m@;cTK`!gZas`r)GY`R;)TGl3l7Dg9Rg!SqmWqRcCz*7d^qLzF{HcV4Mvp~5WPc= z{V`nLRqo>6RT>=nZaQJqu6Je4oR@Xj(C;f0eO_N)qM|SBKRSzDza>Z>8f_ZBwl`_4 zmmPGD$;$6*D6P2D0?iO#XMx}PzCv0l`86UP`ft$!9)U}u`b}Jm{k_Fz1@HS*`K?!? zqe*JD*|!zCTdU~~Jc}jf^j9>$?geZ9@q6y^WzeJCR>08X9WC;7qzmr5Tn0-p>-2cF z)`rJ`6Q?wTRY#lhqT`3Jp|{j|{U)hqitgv$oOwK4ZJz8t&}}cuk7XW)z&fYrHsTzx z>;eO$Un}NgzPgkzyx-j3R-|-BYC~8Vo^@m z-Of|!kyXIRWDPtB4Ep$NUp-@zt!pcdU2FVpA6w5hfr(F+L)YyGHq+AL92wj<4MeXi z=zbrpaP5})!F#Vb7~vY&bDPSqKE@||ZkfON4&OI+G_#WFtl23yvC4_I&4t@2YV6Ly zUi2FN0wa+oofc!~!2<`La?>Kg_moe@JUtMBlaea@=|K&7m~jm8GMV<|C_nGrdb@HC{$Vlx&HAw@Udfhl zk}=88Ceo-pOuf0btBuhn>MR82P{-@XZHL3ediO@j7tUvXCl2g8Sp2WX#nfM)mGo)m zZmqe)Xi=D!vZ`D|;OSd2_G@x+`<2-_JYTOwUE<5)98FVnk!BSe^xu(gVmp|@;bj|Y z#ANE4iq5lBl#;e~aSr@aT@MZU2uk8+yNi8lq|!UN#B@dax*{x*^ywkNtHrrrDZNb> zF7nQ5mTgiajSpBqyq5;I7oqRaN!OE08xm71wGi5V{^Ysa93}4U<8_kq4)-2dy*DNL zHtbM0-ab?~6!x8%mo~wzi-Kh7(gW1UVWpAGSti@uVwZ-WLq%C(gPIZ{$td(3U@BQyAH}viqh&b8qM4K>DoZPcr$>F}4PfkI#Q1E0I};spXFd{oO&^z$bEl3(3yJX?}b{5l%F0?;%vSfwB;jr7dbUIm2D}Jh)FX`Rii(v zJ%HEiEq$EH#`|LRuTlA+*XExo%wuWOJ?|XC`kVChuVDYqrC2|1K6T=^QNcu**}`zY zP6UrIR&l6SRV1}Y+T~Bn?#5UAe2h&%!kh*FVn)u?9XdjZdJt(tn9q!VhekDMS>BfA zdyJ79I%dga;T)~WRvtdd<9#RXFL+7yB8+Rs%e-|K|GAA3`CPSf21e9))Z5B!g4eAb zmMpYQE|~odT1&c9{KuX%O}Nbcgka-yH4`4T?lSbNUN$H$JH8K#UaB@fjcxK&_Fmf3QMV)!xcr>UHS)L41xE9gGc z>XQ8)@jaybh?<%cFMa$~jQnEqaQZo)_{;WHKeu1257FE9cbqiyLzaV8G2cjG_s<3x z5jKEYg{iYyzhZK#=qri?#-X$oReet}p1HBvvE0_(gb>v8KwW=K+MO7?{EjrE?w^Ya z&g(gLOtJN{u#|(Xzxq~k)ahf9Z)nm_Q^&GoQ9u62sP-d#_>DoHXU_SP)TMV7ryqnG zeb#Ll5qSLe*P~Nk7z!mVEPJ=ip$(H#}(lD1ckCCxohv%(n+WaPJ~sv%ERR6HttpysBxy;IJFL#d7oO-91w) zxsVdI2Y;_s-Rj>k{QEcf7ms+h+~4IBzHsmCOX~mm#<9p7aF_r6^MAhacO(AKmJqh# z{{+MTSHbZ6sLTVirWvz+)Qqv1eHL`#48z4!w|!(z5vM;dsHpUE)Nd-GuOk|E=FL zqoM(A_n+qi{Qr6@KB=Ah(vs23TzxWv`Nr#8LDbc{a;5Su?kxQhl*gsdojP%jDB#@d zhwmQMP=^lL#`If9x0^?f+2?#Xh9|=R?Lc4N+;Th_;v8h479elE61AU};gIko+F31Y z&8p`!Pb+B-Q&{uusu7N`<_t#x-#$AI^5BSwh^WNG!puyDb7ZLwsSbbRC($w6l7}jb z;(2#Y6AP_nxX{6By?I%nS;eDgT+(KIZv4wKeVLBmGgSr)pZqkjO^Cmt*b>8Jt`;M} z>+0^FpOGQ?;=vcs_6f(I_El}x6|E-o_Vg2uI%z60FCIJ)OX(aOu&-hh6*bJu%e%_- z0P_Iz_ooUxg;>r|2+|(zy;I@tc4S)>I3shW_38PxXF}dC@1+#iPjjsA+MS~zoqU!h z!|jr_`KXngnYjVOnbXUHM6=1tDJW=ITj#@)p7GHm@~UJQZox`BIy&f9JAeJsc=+(d z>+@awUH{}rAngn4Cs*^FmW`fyc^A8SlbVG_O8WTJCMxAHuyAv$Q&Lho zp^T4h{*$;er|bg_?d*zT*mcuY?qp6*nkXiV#6A4#B;0jt*=p|4!@E?O)W=e1d-c3d z|Af0tg!%hbqdg*ub|E35zTsh3St@?}#E8hqAh#p?D*Yf*+6V?SGcy)Z(WHmObJTPH zpoYe83YRXVG&MnY1Wy*;_7PM>jsVzVX5sk zZi}w?`J9wbregbDlHThr%=mr7r%%)FHtb8{f4;lc`tzqJrgf$(O>(%-t4vQ{A2%CF z!ph2;UV1?SH$m(gNh=Yj*nLU3c<8ET>FwORNW*?5tF2d8ToPp%2=@uKx$1Az7>I+z z2KW8=z1E+#C-57yX%%*jdTl(rA2+#j*oQ_hzF!?LE-k&UTcmZc!z|uiYSxzbdG&T| zfsa#mNXP|U_89m9KTK4mqyizn4erL4mX#^*aE*+NRKQug-2=Z+YJMg8*t^j~`-h^z z6FBeCC>0zI7tduHxa2MzeR-3F`IE!k!a~m?vf*wDay5tj^5x4>k&zj3+!m~CY;1QA z?TJnthfL$;*|o7GYG*jr>Um-rLs;fC#RAQ{ko5>_a9Z*jUCY|yyM9cPUYNpD#+IxZL*0h zi^Pp|vTK;He<4=Aa;4@Ze}x@0lVfjJS1K{xXJZ?5;rzxnA$#)kBgB8B%jbJ%90g#T zb`Jd9+}va%9;SWZy7y*VdCBjB`Mp0CXrtb(?e;lK1XQ z`$d7I4myd1%}v)L!&>)80eooVBVEMIfIg#Jr-7w|jrtniM09H|BR@B{D}YQaHF~>9 zL(d!kCRSNZEu#J?KsfJC^TY@FbB{Am>05p&v*Xh&Ul_>o&dDyYc3M11R@^U{!rmjO zPQ3NK2qNtz2ZMiCzT{migW*4h`jFf!`(L+xGP~PaTh&%})|xs)Nl2{i>}a=~NrD=O zs~l4J3XPHL>-WdjP)BI&Quzy8eybh^L$7{K{DEoM{LAy4eG!b;Rh%%=bYarrGLKqX zT2A_<*XQN6%r%E;sH&!kAFhSfYz^B)Cnk!dB6Qiw8JU^emfhQ?))Kp3cS@#x$S)`` ztI&gQ7ruW_%FDx3hkQXD{3D%FK1SsdhS&(H?X$h2DJdDyA+*R2(fas?ojHiTEvsK2x#9(!CimPqp+4fe z!~CM;yv`Nm<*DlG#@X^w`*XvMcy4;bky}P7M;%gO`BJ$q%DZCrSKLN@Qsj`Wmbq4p zR^bkPD6Oy-=5VVDH!x7d%Erm8ICQ7q+w+^kOAe8_Z92---I168??2Iqpd-T~ugLpR zmehk^V7u92yS29eoVHKz&V?vBecLiJCMKJH)GOz1-6xCq9383(MQVOhn`$}{PZiAW zR#hLw^H3R<2JKEB{Fs0AkJp%EBR21o)0ah@Tu&MS^DXmcE znzTqE0r{pnn7@1S+e9KEN!UX!0^U^)1%*TB(+&F$r>2m&c<14(uOHro@OSK$%6q@! z#57cRl5CV=h{Jnf*2U*ne)Ti0VkQfZPKsQcjaF)kokNr6_epJzP-_;rdS^HI$8%wk zIK6~MTfW5*?vAb;@eN9%bgmmEuN$shzD%^ATw>ZxB|$A)I%F%fT;3b#OIl)@GWYl= z6s2nyhZ2dc@-pTBmTBCvi!hMLb-V1+XEc0d0nqp0ZE$51TJ8xsr9 zw1Phu=w2ioUtqJ`XrgxbuGuwo zh@!&MVDeL%sk1?i&K{`RLnS%6cM42b_-UFsD3*-QTi;vksf!(1<{PMOX>Fx)#kUQX zm|~r8?f8oE^7FUZ^09GpDnr6RYtn#DtEqVnF0!dUt+Z5aq{=~CODm>BY;WmiN~6ps ziFD-0k1~%bj*nE@_4X=@i%yq&6E4{?GxEOXum?PucEwGr{^;Q8kg>G1G;~g=4db3u zp;P$F{^_5`?5oEN;ivS?2e~9QXhYN(`OPz;wuTF!hO0v_HZn>U^W2@O!C%p4<1Scr zQ-K19+u!J%uh2Hugmfy@DmZukyjx3F?7~6;lFM8QmT)j9E#Aj=v>Qf;SlT|wrh-uM zKER}@uIDF*Jnh@rTyWt3Y(3!t1D}VP*E4sXWGU&3Yz_p z!^82%?X)#CGPkze$J`f-hAV6=!qBF4esecPcc-sJ)Sxr*>)Q3{Jv|8T^|#CwUK>o+ z26x*(a!DTTWIIJRLc*0~ z7f6RMm?Nk&+CM4)VmTMo$h;&(O-0q$-=7r~b=5R&+Vi-6kvxE zTUf{r3H!jW!T86I9}$^QaqsZ+qdhT|b|V^kdij7K3|+e)ukZSL?=4sL4-Q%`G4u0l zZ(uvM_4HOp->)JX+Gcv-#eD+!nO`St zA$<8@pbQ{1#704BY0n)b)TdB-aijC(>~p+}w=bTt?9bP0!5iu&#E&~djC`K&6FH}~@I?_rK&7zmf@ER-ZE78E{5 zjlc5t5nPpd-$Xrr4=xQ5QglpA>#{qwo9WVE32Iow%q*+YcIZ~w&}cytT?=-@3Vt{M z#duzum{};WfW@y}zYer%0fJ0bPOjCdA`K8_ZhHDROY|zL64s$vpw%+(YTX*eg7CA) zRJ-K3FArxCw$!-3PMSKnpz}4N+_-G05bm5}irAPACbytK9@%hM<13az&Y_pNzwe8} z4d?^b*W{t{Q(5Asr$czvvEH!m+N?n9`gSznZ~@`ua55V2y(l{*R0c;ouDr|w%`36&xs;MP_-#LjJc)vwbns7hT3n|hx;j}Q$?-Jk#- z08fNoZ`HogUvu<=SW`u%%d~;BVZU?*g(WazxHYYvo!Y=KwpPa2f`8;+V>`6?!cqhc zuhIciOh1l@wYIM5tsYu-pTS}aDl4_%E^0|gyx=-E*3*+Nyt@CQWL$PBQD0vlKq+fd z!}NaSUB@eLHv;bsGd#Z4=wT?^(o*yL+xZIj zWj)!R0%Sd_|BY0n|G{EwTO0kK8-4Pe2l{NQwMgmKSh!!b!tR#M?`egwqb_dSW8xtR zFMe)UrhP>DY%lnD_-gZyyGGjAtz{dXx1bkrd{E_&9T80)CpmRO&)A?4I`o2#@m@{3 zbhQKmC0-e}JW|C%abaOn{;nX)3H}m^jEQ?uI6ISH=4B7ly3W>i)YJ$)zIAD4dYS^U z^4V!BDk37iqk{kjt%u945cO5SFrX9NTS)D<)`Zf3k0J_CC!uolaStwsG0~7Nw)0~& zpz@ZG%G>%YDk|z#SVwmVOobd@E=Wt0(66%Bg!h2o0&fBaHU;BO-&8{f&!3fs{=d^ z+GPYoh8X_951{lsuot1D{f#g^b3)^Rj1FBtOBAracQ9OL5e9UkLwL3BX8*=SU2M)n z%y0Kv9BjWlV7BYVz9mY+%jHw&MnfK9x>A6SS5#I4_1ca**RzPr|NMDShS-8H!K_5* z>IEWAZS9=wY$gta&s{qP0)B7+AT#sljPv~OuK@={_9hauP%0GTd8{5_g$DU}0C;O^ zX|+zR!Ao%Yjmyi+P4z%-PP}-4Z15;q1gYWuNNW3wlf>nABYdV!F)hy`V54BW+Gf-g z6+JZqSV59mpKq}4 zYoSu1izKffF3in!1(Hxhu3o)%?Hb7l1_2p&gDwd&?sm!rpWiQt8LWPOP0;BgY*<81 z03RVyI>e9mKT}6p!sohl9!M(hPmsm)``6e1d99DXkm>4L4xmN8%6Cm(uhKS-t9Js{ zU9(s$jO!S2Slq=X_ZC%+nfp@0;}p@i$;26g8q<7MP|5_>_QQnheQo_`ommNy7T}{= z26%z$YFw7Yl0C~OVF*V!CK3C7Zj*5=X zvMH|CDl_lYO6bjlQl?kyzTB4`N{yRa^~-VaThuQdSr%F>e2vFB_(2IK5?%k(2sNGc z&YiB<`u%HDZ!s+D+0dgr9*mF-*dS4?RU<{vR&Bn%JPplKufY!mna?1rEQ*UFXTQ?} zH8o_ryu5s_nQfK(%%o4*6dC|1RxGE|uS zIG2@UafjlJB|sBajxmp(a>~e-%%2z2Lrk0B_ZL--TW_*(*6*Z4lidWIDASV~z+dv@ z%iFH;@nVQ!AUHEKDC#$E0yM2HE#VMyARYmB@+qQ*W~kxpS!rT#U)&*xrMZoW=)|f& ze*8G>c>7m-fA-b7jrWjzKk7YuObV0oxan%knIFNBi&S&7ax&bz{@mx-5; zZ{f>}lh9$cf%XBtF|{Rtf2S!a0HX!@`Eu&n3Iv^?1Ot_d(EOI&*?4(1v57A4xdw+| zb&w(XD3l=-5(rb>6f^iBZ&y!P> zQ83_k`|ysKwn&tNW9^tXC?~+F^9kL3Wwg4{nU1;CVQ$gE40^ttyu7BaZXT#0FJGRR z!EXCLxCP)~ti}yO!C8O?HvaxgcInDsk8v;QxVShuMaAWA3=aTm>;`Vvi<|rzov^!Y zSY=O2T6x;9UkZ#&OwjlXva+(YpQnLt1p+8}a8~DUr6t~i{`|97n7*4GaImrU0+0!L zj!;z%ZwjF_^_40Hh6o~5$|?wI(dfl~FKkkdY$Ovd*T1>f0tAo88L9+=;ezepHTSA9 zxNA4~Ndig{fikbJuTMJ)5NbXfvaWQG8#56Xx0-axGqVcgr@yzo8r$-$2k2NDr~<9l z6|6L*Hml>PrVD9>g@reX;nBLso_GJwJU=?>hBkys+f!TtumST{-4yX-v0jn z+m@zPBe?Z8P8&eHPEJY6V!N-x1LuE!tyMp&i>pDqd1&(Pon%Z(N+O^_Mp^oU!RFA^(7q(@!=Eo!B4uA{t`jM~lM9fG zt;|c;tP;~S+20Q(Q$Y6zGm*^Gq(|IRjl3M>m6r)(H)2n?ij9{;u@i(g(9{7+cu%~( zPN*pJ`2}M6)DCqeolyvAL*APn4FsB^r1W0vaHm;ld;K~Y zO}q&rKt$&2^Vh9r5Nx4*9I{wW-CJQJMX!!`L@f%zA8RG-rFt`#F+H- zTSZ1FJs=06p`oH%4IZmT)noRMMOFlo)yj7Jwj?N~$xaA>hlmc}Kb|6bpPopBx!YHb z5OxxXQ$;#On0hDx+)I2D&);mYJa2fcj?g;GpsC3U%g6 z`BVK$+j(5gm_2&5+JzUGixJxY_m|^luWwUE2_=iQO*qa0GhTJW z^!D_)&c;~)meB#kb2rxJOW9hO2zC$??6onA)3NC=DX|0{iU5`x{2QP%0dl@r#hpb+ z@F_DfN>1yU*65mpt&z|adavnAW3Ii5qCF>R6t%Tu@7C{_K#o`F;UB|H%`3ZR|SnV1%+R^@GeM9muEV)J-k^- z=s1}PGc)rdHD)LK@Xz;1(G#3dHvNzGFq`wr{&LU)P{T{{{RRD9T{mR$JIrEfyBnQL zYkNyewuCffkfp2AXLLYayT0u*@$GTVLTiC{-}dcJ%>~jGP-8QSk-D`_bN=-^KR9s| zze1xY+KqP}hLr~%IJwnKeSp9`YASRsU~Ykya{2A13>uvRt(1p^ganESyrLiA?%rq$nu2a=VrZg((j6{_iCp^#m8GGw)u=CFhDd=D98AS&`se8s2z=_KAu@m z{!&?4SsO~wt?)M>kL-z5g@lBNofHCCG1VLv+ehn3Wm{7O!M;hdhUTYHgjPzpjllg- z+9Pl|p!{m^P-*)4`GI*5zI>lgKBuIlJJ-jwDMS?vvu_ihK-2U=A?xdn#8QyWdIr)i zB6a|Fv;o3HV-X!j0ho}M4g#sob=WGW<=Oqbl9G~Uv4r^et8X7gg@<#^9cz>UlCKH@ z1ddb1ldmr&j!+$~tqa`IV{2QwB|%T|VBnZ!deO9Ew}A11{GXMby+!>20M>^wd+6tA zu7Cpw&o7qlJ!0wQ&NFhd_sz#ewgychhzSlyn9#ke=Z9^_>xL-)ctQ$pz993xQCz%= zUlcDu(kQLob|X_m_oEl-I}Z&x>;Al~KdeA5_#CYs%{S5?${-g*r81yEp#htNG+g}d z-MQr2qIJIZAI#?cTHS{`;Sy|NOae(3hvq>oH#EM{Jg@m|%Zlj^1kW zyKKC$hyC`6*}bj#*#!F@to>&Rc}@eN)Jp#0!DV+SIlBjk$1$rFHfU?WVpITGJd((W zD(uIEyij8j#l1?xb}A=}O1_M|&2`}5;D8+hr4xmp8|2zpU+)7r78n?4G#`Bb{{1M> zlVf7Y?S@JpLsw>HXJ6VjAg(`B zrajqnr#E(q#&SroD3NRUK)6&z%x;GV7_!ic`Nusa;Ztj7<84CxrVdu9O+f5;c8bw- zo|xb|fkT< zT+j`G$pU((QF$=!Iot(J5B#0!HBZRd=+69-uPh+u*9knY1V;*C96*dEw%kjL>(H|n#{l)WU+Bm5k zFaB8FruO>GO!6e=d7tQK|7ACHUfWof_|d$wUiG?|=+5txHT&yr1bvj0G1Pnl>T-!W= znOBAa2v$X(DId&d^jBk(3vi3*0)SN@Ds~kc*7ATk(4H(>i~fRsQYEfO*-XU0cmCsd z>e?~CUwy(Qzm1k0^cgOPV^;YGR)pdm#SePk;`R9qw%0Wlr~^mdE>Yvx$2S82rx5H` z?>-wS7LEdiATdEQlh(lRnY||gp4D4>gDZ?UkkQFr+e z;74S?Y|7Qo$lrtAB0Ge^!G2GJ$n}46I)*hbV;pKe7i2$|4v0= zGfu`A5ZpOYTx^c(oQg+&0wLEBP9 z2x;uQ_5(JCYFhL>!P&IsBlCIw4ajKij%&&?|7BH>?~pv+EG#TFOQmfZ#>Pl+B?u@V zV2ZV^tp-6402z%=Ie^T4&va{#xy4&9qx&DKOfi1A{~brtZ0%5H(K!IjAG~NcfWt{n zO_Yt5M!{$p%e@tnFA=i7(l=O1Rfk|H)N+=`}AmylyPo#LwQX-a2 z>8Yd9HlX(Ld5|fT3)Nn?0U&_y^gmRFIKnSs#d7rRcPCScIZcAmMxGO|^O4BjE6O5i z{$fXU;7^lnb~T1sb|eZ)BN{;QO6H^ebtAKn_5-XCt!ohQ7dOQQ(mWlKJi}M;h|6t&8cu@|60K<#pc zn-3CN5)68?t$qu89p*_DqZ-WYe0wlw5f5BX}Y2bsbj7%3}tik=vD5={Mo~tu? zef*nQxw)2I$H%UW@zcnI;RkLwL3f4w4UCx*$F1c6t^e-l-!CPy{DR{|yh=gDnRXSL zaj!Ki8-j@lX7EZ@@eIuABoK0K_Ej($11^+4)GS~>)z#Ha7L8!Z=9iaiK!5>(B7`;% z)v^o8N6%e$`n|;Q{{CzH2raOYA(Q~Nl-mxKJ|+1{@72z2{;O+$cVjo36iSnN{H{iI zS2UaU!q$ibzuzHN{3tKXe}4)9kmyT3we7;hZmRO|nqIb30b?f*bmPVr6M<6P*4~0T zkGAM)nsLr+oDrHmG?j<~t5I05WYT}yxjLjm_I;Cinbktn3iCyb??$^=Zz;*6hYw!@ z3b-}qg8@pzY_l<|*i@0EaE{bs1)gX6?veD}BuxhEh!KlLC(_&C5dq%bK5zwLuWi-n zLKO_y6)EMwLf+$zVU{UZ;WVGQLUt1^-J^p1Vl6K(uaps5FcO44R%p7!V8{=kVRp*l zrXK>H#aRvaDxzv!$ZA-DJxRgGXYYf{64_$`8a{FvI%~OvjJ)Dv0^;!Y#&d0pgWe6+ z2}n+~LauYUBTT^8C%(NVjOb*pJoknfp$levIt}y*W?iGBzJ29T6=~?gJg`xmpCQZfiCyq~8SRZN>U@@uu zQlLH1lP<8H#;jGQfe{FQ`MJ6cj5!}T3(QxIGQq$BpiMw%kpQ;F?88PhUT78ce^m6F z>q>i?^wn8pW?5)oG_8Txvd(Dr!^mJbn#P7O^!Fw2moKZ~QfoAuTQjW(h4|4%%8`bI z1Yx3T3dXjS{njHhwy180zXAK&4NSZI)YJ!&%ECoxK7?r6>YC@~zRS@Ei;E}ufp@(Q zvJknz)4VANEq-mP*=DTfXd#r}h+d6!=_BFqCVqYmi>E`}^GL0nW3GnA_svjN4?QxZ zt4&vpWU_EeX>@dUbDiUFIIIB8ac|#b73Ylutt$_#BAErFT9z35@6YaAb*Gm_yY94f zVGg$VhbszJQ(u==Xo3X%O_f+kNZ9bC_dB=L5t5w5M4I*_VPvgc%^1NhTj)w_q8p(R z>dQ42U3YA-8(73qRZsf3;?2uIi|RE^oqqPTY6KRT4HJ?%y@DpqZbC_rHgF}>TXFsb zSEFKjW`@>#3H?9`T3cJis;mGs z+u1GW7J67&S-}vR%AKn{^@u$wo_mgUL_VDJ)RQ?56uH3Ep;f3xXn@ih6SIQ*1I7RV z;H#lh75+zuH%}A6-*e+5H6B5;ORX_vOn z&R7^vb8#sHO8wsgQ2X0w6;;*z3p|xM@BOuAT=j8wPr5Jwn6SjnNP1)+r~le{*&gQN zdMPijG487XmUzH7lI?*ElZFyZ8Nk!t-j1K)^eYBmgF0YRdiawcD!fyOi7GU|CSMNO zuvP;@4evUHY#v|*VYqJ0b)!8ZGkSY0hxzaiF?a&rzVkjdi&_U$Ll%r~WSim#=!X34 z>}+Yrrqyj5+(JKL91Ao>7&Q4DSz52u8GYFhx<9=lp{zOL4!ibEtM5@sAXh5TUhbFI(C&8?!|qnQ?uL;7Xy ztsYs0-ROEyC9JySURzwZz&b@ECnx9H-mh&lgVO?Go zX>e3#@|w=AgsaO2@75JmMcSB?jO<<>TH{{#+*>u`-*fzbOohpd&aRba!LN-5jA{{q+@ z4{E2`vuAfMznxpI!mMzqP@KO918@T}814lznYeaBeY53D0A5~h-Op<3D8h8{Om1DB z0obN<+^OCopm0E60$WK#Uw?${7b@v0=T(-X_7(jhr{Rv_ll6jEzo^=Az)!dieMao54Pa64+&mb$%opVO@JYf*#r@& zmP*zG>TBtk+SyQs13bEcPE#U*ImP!O=>3l{{6KEB8}Ph{{V96>o=2eC8#?_6s_^b- zT^_HH*Y=;h0@9CC#sJtXx@8uNl}JBD@uQ&t)E2sDI2~O1s*+WhK>&4&?cy28(uIwb z233m`#MbkUk!SbkCFyG((k|0_PlpHL3XDb5jSm(sK^uZ8xB<^eJP1B)c|NH}(b`7c zFxJH>3wap<6#$HA2CId>yqcL{V-YLj#6okcty5Mu71QesKW*Q$ekB*W*$g<{*{cQ} z5GR_pH^{7Z-i|a?vov#}0xm}b33b38=K|YY4Lmcw@wR5k_>py?) z)Ihv{^~xxK7&tq)P}Sjg&C$h4Qa8+Z*Mo^rV{dtUwrmko378%f4C4S#1crLF(<~l> zQBD%l#2kH1!Y>-9ER;u%&V{c6t%ct z9pqmQ)GiRUH3?HAFq#Ji%PF*EPheC{T|F9RaDnlHsHgxwbg2$|Ye&ZbIDkPoLaUd? z+|z;TA1~yV4+BU=Kn(~48#?Ly{JhZKQW;?c06?fUm}*kAg3f$pjT3VoQd%%^2A2Xa z%>-X>e}5mG{V6+1*lNK1G0^5=7!p`R$_NNp;05Rw4bbKF1qQ$Yh{g$ufkT_|Ixo-( zA$AA81`xab`7M!QV8X3$LS`QN$m=>eIRv*B07imE2rlN|QHc+*B=cV%VdAaS&%zNb zep#T9gh8^IXzgcZL*Rv$d#;(lEFy3UO8`Bf6@dvjOc=IV8D#+-3oxlEUuO%xiyV^W zqN%7Rr!R==FtUXI!ReO<4llN5CPrWCfEO^X)qIZ`ey~}*7^bMU^hQiUV8S1)(xWkl zhx`W{yI6uB3G+LM!zOAs9CPuC2O@z$4VlGv8-_nUMZs9HhNfl~l&vJUfrp4qQ~F-0 z|3tiZo|forHl*OA?i$o+9C>c(LKTw&Q-mAMi>$&icu0ja82?UH!<`c%8I{t6WNKgf-;Fa zpx=K$ue)~X;K0FOTed|X=6iV;cIvz~aA|DC1mx{gGy^{IX51oD8^~y~_W~!(1x7-7 z0r@=INdO6>WWwP!0g3cIA@jYsO>SkIergApz99H)^mY5rh6is82wI$QV)1vvNfWMZ z%T<2N{%JyK+uM$%dNJ_r+e1Ugudiz+8|mq`BnmvkqoOiluVE$x0Hx{_RNAf6Q)Bj3 zC4mZBS_5Y(kJ(#Ufq8zPJeuB892D++z$=6hhVgrFLLiDkvQ|MLP=E-aKtL=31=CPb zNuBS_*_N5%8C)jr+2TZPsu6e;K$IwO+V5P20@X!ui$MRSRQ641pM7fh$2;>XIl1-d zXQ$y3(;zUvfWyN0D2$~&_oHIJHZD49Ub9X;)Az|K+DY8YTjjzY< zPRzM>*hVg{lFka7o}QklxlNpI@+rN&bhs-it+5 zgz;b)`GAn5YjzZ%sR7cgX=GGh8Y`a~ZB-k(|KTCS&qnf9>KXRFd#GMI%icOfB%X|)!I9M;Nr$rS^%C17D zNY8{&|MzTCaP+NXQeki7)b!HJb5yODOLL3ZRNZZK-oHwvsr;mnouQl>{C_(SHTa+N zQ2fb2mu;pJ92VY@`G3}a7Y`uX?dSmMhx>WE$)+vlu4(EgGMLkZn1X5s<<8pDQU$_< zP}ZZOTz_qv09Qd!lU3hrSmO z#{Op7j0v>}Bq)(<$xeX`EEH#~fe8=SdLT=d3CxOc;9&SnQ3JOgw2Z&!%D&WE5z&$c zExGSa@V=}Wk%kF0aOZDaoGbZK3i0plEp)t8f`Gruts)7`r6rPi`;Isa>xlYn5qxVn zh6YU*`uEVMyDKFBo&}SlKEeOxj>k_%-p`q{N-gw4_{y_dEX!&Xxu)Uja|%xUyI;)b;m65l{^z9M7*e-gEy7T)Qa+EJn#=mptxJ&6`bZQ$p3h;t5XNI( zKO76MhLzZ?O>Vf&o5g}{qnjBmL<%V5>k}2gli@NR8KAp?lL1Z*+}o=?_h8~n)ygUl z6kizrxw<#^v}_18-8`$_Y%5UG?#C%yCI9zwazy?g$3~m~^ZQ1QO`dx3pR?u91tk9a zdx>u-UHtDs^EX#c{r8s?|1WyWD@c&Zu=(0rmQx|QbFI2p|NXt27l}VQ{l7UJ`wiG; z#?}A4^2=Tr<^K*xXW@t`2&bPO65Cv5Wy`q%-qAqp%C}y#B%bh>P-(w>5tsb;6=pN* zh*|e@C*XXFBe3AVclh3&%>O=j;LVj^gb--nemYrcV`g|S3_jrZr>;tmtN5ATs|0~I z@D>Jy8Ibexgp5Ed~(sMW_X+W&jHQb zcUXGU1htjs*T!fv$Ox%&Z^>l7`^+#b9{#`71oK1IP|W+%|B_VEVL5T^fe0Y)?kzjU zVJ)@v0OEp~HBSa00N}wq`MyRa?Ho{D^9U~(?g$>!m7;Dr- zaw;$mvx+7RrxFk>=)wiLxiVxTe^N*3!d7Y)m4@v2#ts_k;e6~y6h}sJ@!cW=uawrU zRrCRwNbbv*FID{&0kqW2H+3%lodp>6UVKAW``I&TrFPp0u{1@G#-aVS$b(-85}qCV zJL)?XKeG%}#`=RIhlNp>j)9?I@`dQ5eQB_G30Gj~`StPv<_P868msEGCWQENGIoBg z*&pdBppZpLl=F}_SSn+<)GXM(ewQf;Wtr9?inS%+t^bR;w+ySY`NBt0NfA&GklZTL z-3)r9pGtbPLnYHfw zUTe?Y=#`v=FPe6>HIW{zHXaUcLN5*=%K8cs`>o)*Ci|3%e`0`i?^#!aPhRbgSw29Rp$>S|Gs%+P~pA4i5`YGfiHg|M<6%FBY z`CU1AXfgMmaiK5B-(RT>!I~5hY-N_;{TG}ABRIfL^G4#w#ObEwB$%*XdqK1Zu0s;bq9zzuL z^dTWc9BEAQL&Z8?`ANG=z-_mfsSf9?bzJYj*P(;*7;kJ0LfIW}uN)?dHT*(CFv>Uk zvORCF?zVTctKGi8QYCv?V|zx-K2y=zTADE7z!F((<8mNiu``h#ST(75*{E55MY%_# z%HS|0+A%kmRJ!VYxwabi9=w~tW~rWYi~52sncvPAc>L}jw`|@V-yq-LS8O#6_x=Wv zxy5{KbmZ``dXou&=i&uCd^MTY+Xsu0cw05ZMgJI!|E6S<=PeTxlP=KuMGy#?xRO*$ z_=lOSWCbLJ2BeFI5I%aw^-YCdL(j;vNE;*=^1c-jv8CWpVH|N^?ZjZvx+z8_fFp`w4hG`64N0bfE>Q&)A&(-Q!V@z5tBl9ur%H zyu(-cy7=-q{a@g2`xyg~e3m#==w%?!oDk~b&+S-~i-=!p2cZMgXJc(GIII{V zh6%|~JrEe#{W~Y{jt)lAm>O7Gh6DwngG6wISI%VinX#V}0rUjyNK8rTDIhKk$F_z? zP$|DWUe7Z-e3pP5w%i$CuDMVirik7+{$BfhUSMoz1}V|iA+_fyOzigFr()}04f~y; z=o4nC#XqeF!`uA0NO8&S=KWt%M@wQ7Psy5^Qgvm9W-2Xo4G)I{mGqI-V&m5hjo$wL z^|fC>k*eJfkWG1-gVnvgK9CFdW|KjyhfOe1A%AVEH1oSgUFc}8K{eq2!J4|bx*7(# zP0$-H8mEH=qw{^OFJFCauTIUPdaie%i|)Jcz_Qn%it_*gh_Bbh3xtzKSi)QqvFF7y zisRmtjJi4@Nbj&e81}K6uQkxuzuyefcj7oKX_k2%^UhfvdYAyijAGce}3%$MAMAE9Y55QW0_$F%^ zg{%rR7Ukzt+imu3OzL=L%V&zZU#?qx|6Ww%bte%11&HuJ^l zs@~_km$6W%R-S|wFlrt*`}4I0cPi^&8Ma}$J;iJzqa*L@tmt`vT2pd!6M$ronF`C^ z=FdL%jh?DS>LRBBIEKI@DAwj*aNnh$sdU3-Wo0eunmz5MINMw32P$JG4vx;YHXp$M z4lh?ujtP^9iHI;89zF+lJBWfcsH33`D>K6>#d4c<&93{~{tKha-LSSHEfG+@VPOvc$R0G#W4@~6L?CfZ{YB39nCD{Kj zc2`6^VV5T0EP4il?43Y;T|Z3woiR1@^)g+fLdDzxVt&`CY$-e(BBCI0NB~sv5iwgF zkHb!0mAo<=dWvx31Pp=AbVyF?GhOuogO)a<{T{9Aj}o&{QODnNYI!d`)_ZV^qNgKh zY7kDEU z$3#TED;+`p7q?CT^B>26XlrY$yOlqs3)Au9f32>bAnHlVRnpXLt}%(6n2|RiLGIp# z>CmSCTK757x+x59X7-#rm`^^zg?6?1awEM<-~f5iVEos^gwmnRp9a1JEVp4Ny!KgiOXKCroQehL5@VA~b#4pM|P?>c_{B4A~;3x(VX-{%x6 z+?_0Dbvb?&O2QuqsF2Ee^T^mlDFp>=Kx1SnZVnKhhbrV7b{wy}-`y%a!U)MzE2QY` z?99r^VzORP-J7oSGgHi6-doAABLtvJJck2Kc=(fNL`17A3Xy~|GIRB|KENc|jxDmD zRM*%n-)~v%vOQW6dHN8?flz7JdiH1Z8y{p=-KFN2O;W22n!26A+rTMVlB=Wv+w&^{ zfs|<-Pf-7FlYrNe7*KZ42nqE~%*AezF~r|Vyr8GY0C{#a(^G3+jBy%K&Yl3??t>kp z!=rowK^#RKtA*;83tNNj@j}j?>z-VdPOrOL&P7HoA+W!GTU2D_WW@T^5rkK&-|^8w zfJdoF(pVH3{DQ}NShu)0rF0swZ7}3{qgDn6!eB^1>pOPC?2NGOa3(x+ExTAlN_((>paH83yhA&-QV9wctuXmygn*>32nXy8g8GM zP-%Gg_AMfgcNeH2;0w+GC=uHdtl_%7vs0meINY(gv0#)q8tFjiYb&BECueX-NX_Y_ zj{6~u$=iE@jFS^ZSU6L^IP4q2D11=I3st-N`jRd#r0BHDzC;dF#y`Q%2nW9kTP_Lu z)f>xb@N1=mFcl5%Jo<0WuD&4x@@E80Vy@>cMCq&zkLHs2-C{sq-u?RzY;E(^ay*_| zSje+~Dxk?R8BAFp6udKRyMp#5L0!V_jKJhj1PHX|v^$)pufZGv zZ*FROdKp;BrvVpv(sk9Co*D)Wc|dw76>F0`5EfQYR6xa;?=vUi{eWo2Ms!W8g+4=g z{Rrbxo=Op+%UV8BkEW((NlAs$W-h~SRL=J*3p9f(lT`TzSBDREb&&}Xt&s5Wx2aq$ z?GlmO;OL9lH6R)lO!QUASBmYrbvsupb?2rGg)o-gYvd!epzEV&`;qT$q-$cH>nU8T zyZZ1Gm{LsT!jE?g9x(slwW;AuHuHrfknvVfJUPO4#s9&dcW{JUsvCfooYkbfu2EB? zx$)3TeDGAvJCWgF3COkm3g`=d#GqN-oSP~`!OmVO_h7!fx=YC_iCaoZ95!S+K6_!X zz12M(Eol3prAq1O%=JS{V*8i3NlD4}>Z-BnBTC@^s*~cVn)ZbXf6xB3-P@8!#vtr# ze&aLtW(+tQ`uh58+E0J=_8I_im`?qa1f+9QQf=`&ASmZ6mARZSg0&>2Ql#ENnJJ3< zu=_(KK(sMu_!4Y1;ydC$>^4#E&_0ETD!abK{KHwyge7Ts~}05(Yk&(8hE4Wa#R=2 zYvN1tpPZM{-l*%a4O4({Kw0p%9gt{8$H&I*HcT=yGCQZFf}TmgBH_i1gvR|A)z)=7 zHS*QUDMn4c=vrGBm-fNF;$OJJ?$+zrSq5Vza!$h8tL(yblsO{s+V} zlYxZnO0jqH@I}r3?ggvyx0sj#kmkERmmPF916&e@AUuz*J;o-wGWVw2Ga^9rscg9` z&B8$Fg+bIPzUUWOY;0(FxY`48K3uwoj>iBr=^Hz-!az+l#wZfK253dP_e`kXv^PG!-!(4{!rPpq;5&2t3)X78O_}sSdt+k?bbLCh zvX@$<*w{E+PB3Dia7@3XEjDGN0W}Xs8r-n%^CBL%qAQPGzGq@=6%r<3vU!dG9x2m$ z(Q}8CG?~YNp^S29l%}anX&~t2`k-s7)`6CUr@nK_c6IE89};eLV|PCPtR; zx`E0b!)VoqGSA1GruKVg5Kv(Pi)`zGc(u;YlRS9vAWD)P?DIWJD&M;=j#@zEs4#zF^LvKf*tc)UIZ-LQp3q|Er@7cHNM)TIqZJS!Y_L#r z;XNoUMny;Om>din&JXeG42^(!J$ zgV^;aghv<{@-)%kueK@i=;8*wkxqVj9)7~3*T8;yN(zn$!Vn8kk|Zs*qK1ix_D$moLZk#*Us43&$97u`Q zagy%_Hp=BB(Bu>k{8n>Bb&$#Oklh_*{FGb$9;`S%-}J%qGq_}u!%UN-+L|iG34am} zbPi#_>6Xv6`t@d@!R_oZ0YUiUA>RsF$m{UWpYH*==i~+bbPa1#5I!S|bNAybtY>LQ zvlhC#uiJbv;BO@cTnNK7M9MrdQ zqT?UWhLf$c*egm(J_KnIUE|}?XgHJ#V4Dp&1wL%l5*p4ke%Dh)>Q$hoWMN??V0R4` zb;+*>nN(i|Secm8Y*#7jS5}2DLP@f6a`1NEXy9GF_e2^!Z9##I6uCKty!MHYClK~U zJUSmQ+?%T@A39@ZW(HpU$Z9_)dU6=}5Dd?YoiM?vN^?pQZMP77ZRgMClRs>?N63?s zlJZptg;$+pVq%=#+;*c@3R6#`fwt)3<9$^3fa_>W>f*5h5ZZ zvgkIy4!Ldu+ET;@&Zwi+PVkg%7uSM2@ftC93|m!;p@-x3F60C26o1f~6s!&;OC@-O zm+e&S0XEsNvBG==;ILTwSFEiW0zTE&(b4#LO%`~ap6P*RLv9Dd*}c2qL@jX|BrUpT zW?|9qo3h|E7F^T2EX!hR(W|Z(_jzStLSU+fZx7-do4HQX1}|jl__MVr`K`~ zaZj`RmQIHW;dwh)<+ifBshW5011`J0I?t8FMG0}QC@EQjaxOGaO~nOyX(@492<9JC zHGS`su5ZvW2CxgEK~o{kCPEVlcd$bKtPMSLu0HUzH^_@)$KDVr8@vHwu8pJPgt%8r zXQQ{UWI59F@BZ{+RgqUt7!uASpPMM+f&I66j@TZ*L+FW$4Ldw%E1; zO|->qZ8YGGMZ-viX}!Ecbb}fi_zk*3a>HXFWLkt4_AXLd_$C8MdSVxt2^^L^?E#Sh z{XqEX=on0ViPoRMY0`D}n;3{Ih6I#CJR$B}^>V9fE#|#onX1lKsc!m!9Si6aoLyY( zcqou*Y0Z&OA!(kpoJ}pqwFSv77EPGhokOy!Z?D8m#b(=PeBeL{IJsE+wROX1K3&$mB<2xzMfiF5SVhSN7yQ)H zQ$HF^;8|)h#M*BeT+Y{cB$A1RF753}gZ--lGYDwqL&J)TCrrkL{V+4?y&zt96Y7Jx z3fYpty^8IXkhr-$SB9FLot=TB*=9qU&Ls@0J3ekL7WyqZ{ue00QShXKIt~I-#V1hl z@Ekl$-S%y49Xlr`V$3It?e1W=lsuc>35}-;@nTqi!IwLRg0y#;q9OjFp%a7^)EC4q zK;cZt{-GVC{mtr&^7hOeCV=R8+V3us0FSd(p3sM4X7bz9MRPmPq1k1uaA?M;4Fd1YnC z!a_<`uLOv6i>3LqQdBOt)ww6hZPExww!^vwO=o{5iyr3Wou2=mES~BF63VlW+|&}e zRTaI8kreN2#v_XHVq&UmCtk9!c<)Y*j-}>iWj)4)qJW@_&10Lq=(?h+s%w{=QASh@ z|LR3qRTU*T09j4+*U&>bpL5Q698Z7f_}1gv&rP1w(jh;K##2>~&N5uO zO_Z!>3BM|Lr&_R^`VGjSX&Uwf1Nzn8ayLsS6cW z^P;=_sd3)~*A~X871=hXMnq%Xu7IcTisF@A?>H_BiXZl56DWo>`9mvHCYfhSAjv?K zNO|Z5FK;3U0QmTc%;}0%`on2NhzIxd4!8E_>(o%E3z5A>}3=% z0f#&YWFO>F`km+Lq=J$zC;3?tsXfIX*L(V|T?NcliZ{9-sw@EFpwq1W1hA!Ne9kuM zdNpY`MAs>mD?h?BqD*{37{Eiy#XVgt(Kk2OSj(DPAE#29Irwhk5XLVB1aRwf)8$}m zU0PeyWVq%d#m!!*a&C+R3XlgmoK|yGwzq43!m(y<1g#STp|S!59c~90MvILNbk{I9 z5MFm44<@*NJI-N7rkk=d9tS^7_?d-fddapVs^#sIR zYa45@RkOh0U_*esPEF5%czl}8awIAc@LBk8H@t4409ywqMYKHzo~oy#V>EyX6jr1# z!vxXCigi-0o32CQ&|0+~87S)X!uf^^ICWia!hSoabl(ya#jLEXn0xI2j@B|Xl&5)8 zNVoY1N_+t$N_l0P`Lcyb{;9Bsv=W)DEPyMxpOD?^_hl^{!NvqhFMnB|pntX}Tt=jsb#d z(A@m_%fVd79=Bb-Mir?>Ybz=t%iCSUErZTbgY_Or(5)9Z^kD2dc-%GI9onfP?CrP~ zC1|r{U%_5)3*Axn?h0G2vu+x9NqM0)*W?9RZ!6snYP34`D`w_k8Hp?0RC9?rpDG{A zGJ}=4)%Dn3bhY_mec03B69gNrjpwr^Ug&0O2aJ>^S`uuVUrS4w_Z@bg)}&--lY^p( zdgD9n_FIR9l(H#?z$@8VFG!Q^%U4|gh>3@X_g+oSc7IL{NW$#3??6D3g^%-{hATL# zy!?cfo^qTi1AlcTP!rC)yn5A+U&BXE{uN{_{WfyDYjlN$kHDkKI>+B{UG4;MDBpE1 zHnFQrOzfn+)7B;h&$^z1f2HF2@auh$ABK&+0t$M_gzuWsHa*0pk^421P^hX{11d?y z9~g*r?YMKfbJ2R;JTWmbnXrC8czM!+(x=pLRIL4ud|h(*tS0?g zY3(P4eBK;1ESn)iqKu$M>--!XjkGfv1m#MaqIh)EKUi=(!8A)T`X`HZDB0Pg;gu(* z>V$P@N073$-;MLQxX8$0p6}1oE6%K}FxUWj9f+^G#2{hq)6;61lOnL$5SR4?$d$Gy zNQD7FbRfA@EQ{%oE|37eZ_;aU)n7Wc+H;$bmVO$i@!p1;xwKnX9kgg`iyt^2X6(~1 z%fmUfB{W_gk&+_gE+kaCOY!Q}x8&rI@^Yz~voq>K6Wg$DACRB2y1Ls1*bs4Py2d_t z4~?bW*^DU%Y#bae+Z!%{M$ZmRZfaNqA)AFi@Iisl^DY0LR`xr4dp2-VwSj<=GB?66 zt*oRZ4IrWjph!c3p!J2ma34M0RJl`F=a9M)PyzVG#&Uw>N5IHsx0?`YO*R2w4tUS4 zL5z+5iXkSvh6y_ziSurbcE8n^@vY&&I?&2joLMllvu9tmEffN%jr#OD6@X&PWPU-9 zcAkO|&JT!7^-WaO%#C&qnu@WXJdxjn;{;j-%kQA2H+y?~d5TpGz;af>!7_Rk>;QaP z$Af9DEjuzYGD5+<{%V6RM;4Y8i#&iKa;jHY9zSHSS&V%(9sXR1oap8 z7Ru|SC&lD@uK%0%OgmU(R|u6*Xq6A8&hhw+NpqK4G7y-;Bo=( z`4|u@W?EtZF=FK-{$$L^>1He(#cw7;cue%VP_bmQG9TIUR+%1Sy=RSV(iv<-qub)trlxL0L@ZT zR@Pcb>?h!gJ-9+Tir?UR-U7frOfQEdhAcsQ;IUIRM)XkwP1eIwHqEKsp9Sm$qzs)x5JH?V8w z*LDotPUk!zQvA5Trv^mPZ$5sE=yU`lee;CimoIeJ0hY2emyHgB0Xm(Z!C+Kv&-XK9 zX#gz54R#ejEE0v{JKzoNK)p0;6f&zMz*+|MSBp{(?ofMQwN-RuHx z=Egw$JJ-)CBH#}2X*F78T>px%JyhF3b69TMh75MBY){gj{(d+gF#)@=i}%H$owC!P z97rbQ=N}y%xo}&dZPi=PbkUFlDtXdvuRu^!Q|UL8&z$;z8+S9{@j@_kE6xjBE>7?FtAB z%XJGQCG3)iKJ^b3_}tXgG*P2qua?WFT%Z(icJK4efb({`Wa4|0>%0UEUDGR^XNk88aErIrm9TyUE~Ifcm%@CdCUQvm4w1 z7=3#OdmvtyA_}Adin-EyJ5khMAr`?QE_b(BsE;0vUGRZj4)_Phuo68&yKmV!Spa_( z1%%n}2lvNzX`epyMMMgBCy#IQ!?XoT5~w2(n`&O|VoR=j04)3a33qjEEsO2QD+-yo zX0QpioiBRH_N%iqb8u{Igb=-=q+~TaHiTXQnsW!bIe3>K5`>4VzSz?fSi0J|y1owG zYZ|1ZC*augV4$QZ1Bd6?fnb`9^#{p^SfqTq$GM7A4Q}|L_+8K~>A_-gF;A2ALiHOk zLBie(1|7#nMzxOjdF^$<0Y|4*`$fld`in3q_R!>%3aFS<2-7F9@s)oVmsPKV9zhKN zcGj27nyABJDU_b~dQiJzYiPMrKddlpeexz+^%m3?xc`S5LZ{Py_!=# zm$kCO%!}yV^Rnb87wR;;@HesKrL9t$s3wp zZuGx25x}BuwsKwl0Ob7d_kPlZ`Jc1m_=Mz1I7QM8zvKpA>cRTKagcC+j zC(UUx+(Pl^Yn^fpa%Fg$a5d!sV`MtHuRQVNHeR5?EuXe9pPKr;x;o2oq zIp^7Wu8xL5YC+X7pvAebX06}9S6|uO?OJ*vELkbz!UB*Nu!1$Yyg~t1W6qXiWNi2t zC|tnDB~?`>ou}J`vjQJVBr=VQ)R71+U@t*ApG{;UEfBRGFZ;FC*j;mgD0~T&<=e5x zv(R*@Gm!;(SqF+(&f6#aIkG^^BUz_9TkbX~BN}q!&kW3OEo+t!3&gKGX(2!(Qv4I^ zn+|j{2|#?n&&#lj9f0dC^6~`7PCBZqtCtpQ*{$o3kjD$S3w-uy;HS8--(oWdtzz57kcNicsj`CK)S~p+o$k+FEEmAJT6a0P?4w5y? zz+MJGXg>*1DSfSSl4m5}j*^fa#KU*3=!}PFv;1gSi|GPRyu7^kA3Sh5DdGfprB%9H zCDp>h0-a8&H*T-$;chXCe@I9NC`HP-=o$np8@(;}v`%}*4(|{5BIJLp`+YEg^$$|~ zSVvG0@T#u?UY#UB(gygG&o?hRcP0w`ii;UR0kjUFFl;EQso@4oSqM}W9S`BnHP8nh zN`~2JtTVX3*~Ir6?LOP|hL*K@)_GgCoWjy2E@qN=?oo{!}bo zj>)|pb?!r5snu`wq7W((W=_t{)o`+Wxt2IE2XGNwL6uqNC=(@!5sGeZYd)?A@{oY@ z+}YWA2oy2c8p|)Q^^24|3i0q1;Wz_1k)UZ=wQAja0C#Qa=_!y~{RZe!PEb3sGnm9L z_PlrJg{o_#Wc2xXYc zH#DqA^1^d#ITHn(RnFrCw#VzRfI#rOHWUZQxzZ#?b1trarrAbPs87mDOY5HhNG2Ar zM+F)MWK2SZJ-H7nm->K62DWNCS1pn6W#ZxPen@S^_zr-FuU{kFySI-2?7LDv_QBcj z-a3zKfoQ1m>`lo>qtabaEITT1m9m22dZ`WT68!D0u-4$^^~Jn}2>Zc`hswY%8ez|k z24bh8rezR;obHS#YB#u=&!10N&Z2u5fB4XIy3H!t7YUpPW)D&E{J}}E&jHdBP|1NX*1r1R) zPR?{1=sv`y>Ov#S%R74sYNO;qMV?A+4I^%oPe31&D-}Drj;`@XzK1GrjOCXV&q z%?FdC!$?4i2A9`9F@ns%0KA`uM#k6>FEl%JbYkKHabJIye9ambA7rd$C}-_Qz8$Pk zNZ3mNrPn!~JYaW>rUgq-D}l`=fZ|=EWV5Kh*K&DZOp%7TtZXhwwsVJ*YM@+{IfnIN~b18f&&lRrt|@%>=5Bsn0= zHVbR)?rn|chIM{?@r5cNch?e z@uL>J=Na|CdTjP)isGD3q3!=>xtWBu0WWBGd+)FbE*%1=t`4 z5c#$A&Juw%-FWgp0}eZZTA1;A3WzU>$^t_DlgmjX1shvbBxNQy3C;t!9s`ifIl#jj z`{)o&B+G{b-;KMw;|@u9xjcA$0S^aIt9&4}qgSuU0_WJ_Jjbn8xZ%n^L=~;2_vQ^c=@LzZ*8GRe$Yd{ECHA`#b+XZ zJ+STooZaZ@3Dma-z>$H=0C*htsN!FI8QQ)l|96>#vASR@i90Vz zFUUd>HS5C$V!^pv(v1zXo8-hq+IaXw`hQeZNb3YzV4&cDdR1DIohBk$f%j3<%U8VV z3XCpW5;TuLG4iS6YYJBxJpXgsJ1hGA+uQ6i#!(KZU^6OPf{9s;dWceA~8U@SafSx*>?+ z`ZGW0lGX1~#g*W{f*tf&s z#*vHJR~T65@C7fawD(}XjT!8lB9)Q4n=gJjS>XEUV3^bAb`-oJP zU7MNITwNi2TYsck@UOcncnyvw#j4DDeT9YpYuUYfbbZkU$#vns_8zZHyVd8ulV~AA z+t@-un}fffAzmv`l23X+yX#MPKrd0#b)Z)x6O-B6cY6{`f0W1Bu1jtgVxO_l1t0&< zT!aL7j*xb@JD`nEuHcG5&=^$}%A3Ef!e2eU($R^nt@Dih+nqr7>e2NRzE`I3@&D7K zExX&sihIQQi-H<|P3X%2mg{;=%D<0MUt}>bKKyre%3e!x9H-NNm!ck7>>kYQ>?wFn z{?GjWAAQ^1Rq!&G9{~OiE3aR+D|Hdfg;+|}+`k%<#cJt0*7|2j$J5-IlI``>D7omu`3=l{(<6gKf)h5pXcHQ*My~Bm2#$GCdH9|;xW1nt+$9U@6pT6PP!Zt_8P0vUNKWT_f5jhC|NTkeo zbv7lsvQHCmz5Lh~I0%2A`E#k^=Rd=XAeS=N?QI~L$NA-8)4uIjUbB!BV{M%;jws{J zTDkpPo5f0zTY`d{n+ z#uzo6@yH!fvbnq=%oyY|%p|5+S3N#W?GBKZvCtNOpT%j_Rzb({G2^5!#6CtUNAtZa z#`5gYiwO9Z44?d?Z;zt?syYzl79@~f>lwZT`}jYr;3NAtVgFu(ONMY*loH@CQ@pqd z+DYb`uad?5xl+WD)AIIwolf>oF^{|6$va1$#@S3*&xv0=8NY%adI0zAL4$1>odzK` znN!(^6M>Au_Ha-9635ojUOxtYw`Gmh(zk1K&m9L{C#(ZrUAcP#F)fPYu8g^=WdK)O zhN@V}XRE$hcEqq?E=M|@R$rgtR|^Ws!h+tluKI&N1=RgOWF_KrcOCMQ=++T#9m*sv z4&BL_XN{(&#yKw>1NIj=ZcaKJu2~UuP;^&RRlJZ z8tqko2=*M83VN@ zLY8+S>zNw3OI9?tUFYRn7f)n@HCs>5FfVC|RN4pTF{=C~#jdoFe*TczL3T|(ULlA| zWr*6GWco1nP#=Q)Xnqd&Q$#y|5P`$1gfO2EPc<5Og?yPeb&=zypH};Ymgt>5X>~j^ zSU63o#_fg}^*!`ODSolf@P4AZsj*vv>}cgl>zUhVT~VUdHly>MK%W#+T77-0NM@*w z{u)z~eT_h8ux^_J(cA~FW#eSgm5#TV#i_rR4bb|oe?mwDDFrvh_8-?-5N1wL7GO6g z6JOH&3)Qz|{y7&v$gPswc7i06T>JDF5M=3;t$%G&N$}%HTp2v*qOgi@&QrGKs=V{J zeRHompGS1f@Ntz9URx6yrC~g$dDmr{Vi(amK}=Xew{P#$1%t?o1_jeb0gt~`n zh#L!=Gtb#5&WHE3!fly@rw#BwI**&?aQ!fJ)gYor2{D9SBy-(bqs`9nq&ru8bpGmi z1gQ*fH=sooJdkB{LLhP%qie_a*BVJ#-fbyAFu`(**|PU;hp~l!^C6(ptYdbWd0dZ< z*vc{hSlT^Jym=2-BjPHLC&Q$Wqu)sgbKfBvrkk=ueV+DKYiR?1-Y!p=-H`k|I#!xazvZ_y^6^;H=!8Z^TUyRxlv4^p8q>9V8{wDa+cQ&k(Q1K zLr+r&<$1KS*kF__-Xc%ym2!aY#$a`P!W$xlURVB0{STbPDe44bj~#zFc)FH{uPDOYVifm(fH%Y%Lx(z^`w;hn4DD3;oFr88`+<tqnIDGTWusT;~IkQQv%Q+nibR;BnWs6af#hV5rCL00I=% zl@Y-&VuSn_ciVzP{wJ)4MLO4K^qLQjeK4KcxNYTUA6nTT*^bucN4j|mR~<|85UhV| z+YY~U$=RAh(lP(NOGS7&JhQhQ{c(6*d89J@PF4Rn!D@5c z)qFV-wp?_(V81^b!~lcZ42`@@Oo$WQQfS|+GUKefxHX>hkUMTE?y|k2ky|(7E7<-v zMTGWh0cnoE@{H7FO>gLhf`sM@M&9{_jYfzKZN~C@J(cBUw7EBGn3svJ)PjTVyH6(- zet!~v@ch^;s^kH5Uh>%ly_m#RbWnRo=SLp)kTF(DiTap=hT&TYAkxs1eJz?b zM#w4tXwY?xM7Mz5;yeAsBF-|vBWspBPbGE+}+zKQc!fBSZ+*S_Fd?@qL=c7Qr;k|GpwT6$wIt~ddEFY}YqReT=q8twQmDK?!@0XSSh{8+_wR_L5Aeb;CeIMpuTP_3Ns#${ z$77Fw2eI?Zf38+aS^5Wz=h!2otZ842H^(9A~io=D}#D}JWUl=`MpTiQVmp(o_aca-U*O=KHy!Y`! zTJtjLQ#3s$0wo!nt9w*6?9y~4P^+n#NrBxm#f*TOh6mxX2X*OIbW}ilGMyFUlUF%- zrCUD~>{gtUjUJa8k>yiu3Ao@jBygJ{S|UVouO|_JXUf4ndGLyoG2(sSyC`P~jeBak zn+T8Joz|2MDre>?gf+L6Ul?_WIVZkZiTV0Pi_Wa@p;ASkprfWOT2q9$eU0(^%cS!E zd}6eJk)$=Z^VQNlDo#d27wO@Us-C#wk+NQY&0n7kYxpOzwUVERbwZOqda^F5<_X@vl`Z3xVYV+*+bWFI$1IW|YbDcIBLEYtJ z{2HjEwe83z=Qp~Nr!K!gr&jwAQENQ=eb0#nfzPIFvh2bN(a$leBJ8czoa@8&TiKY@ zY?Ksj1idf&)Gv7)ITJ{TD%Z>Ihl#=v_GYWY+9@&YmC@70o@z^?$_(H{&`UfI zFMv)-W>iH(uc*o%_n!Y1On~tF(cd@{^;Vhw6HJTb(_0QiulA&5+bnzw4Aq6_R-2l> zDAuo@AT2;nTNN`EMUYETG9^6f!?}Q?m??&EXhSu$+ER)02KKO;s55E__pOeXJ1==Y zvtHkH*6xM+L%uqU-UFi&Pqs`?e~Q~u-=*M_Wecv4tHW2;o;Rkqse|8+F2LZ#u{a_H za1GyPT2=G!rjP6(Jyyc1t_@%M#HZ1;zf6T;5xA1QR@#^+KEeV-IIWa#D@9j9a8L{afzb|Fi&!w!Up$ zisFv@NGemYdzU!AP zAZWZOO>*|4@C&0iG@XQuZTAnFP}UB{`;R8H^wkt(uO*!78!Dh?;o($yKC<5X*jf~L|Ko^wz4HS~V~)T`V7ziS;5EDC*0IWPawIcpF2G zJQm+B5M+~!8?A{J6ByJS!lW?|l6r@d(Muir2eHP_B%9srn=>u<$x96OP;=y#=El#% z?jK+YP^2YbqH&&3n7Yd9`%FHra(QX}yP~DYmjq!uc2&G9F%18l>?oP}Rm?8Cmhb-v zv5&9*VjNqXWGMG3E!Nim1h+zOr9Fp`j(wO@`gw*k?acWKOwAFi(vEh8O_R&RwpeZ3 z=aJyCqF}>}Q?3{~CmrPANLM8chCZ?6WW!!K@tbT#UlS%LJt0$lX-`q&L8DV3OgY`%oj1Fjt|N>{why<9Em>zs2Kj zg}F-cSH-IwTieQnwtF=gdt^V0Eq=Y3vLOqa_=;o87h1iW;G*YZYL)|RdT#Gl44z9O=_2@L&zxqRU2akF&y_Vz|vz&GW$Z^8sgK{?`lLGYGv z%{fBP=N5!#j42Q4-MjnyMe>z0lxUchyX#(Lq_NVuIv^4qnjGhpUZ_ik`hWcRH}cOL z3A6Uv3rJk^ABqh;Yax5)&c%A?bh2BzR(T=l=0u98485?udGNp|jVh2gV+lDU!=HDp zG2K`tCt4~xtG+Gv1Xliy==mw$_1(#(T^e`WOs&2rQ*?*P=~6|MGGp)9KL2q%$+7{ zFPtW4eJq$SsSS>>-_OHLei!|UV0XTFQhPUd26^Y<-&U94t&_{iYjt_i6}>NDPjvh+ zxGc;=DG`dR+$3UBx$hpfzdb?4+IKH7D;(L2{~f!xDwUzh7fceas7w2=GX;<#%{Tl9 zDzPe+%Ar4zKx0do!hh;ZVKb|kXQhb|Qg1!kxu0E_fnpD5dgWnk8?nU4KDHEnk zj{1MRM}0If#-l#DJ^KtuR+_nj73(|&#DAQV?q$@dQb9zrucHa@->`J6BO z$zBH-?gdA&z<<}d?44Ashik%*>RJV6_;shhpD2OyS_pw5@aKsV@BH2ofhW~N>@%)X zb`#C~x9fqvf2{KFi|>g1@Fv5jCyHsWix;D~$%I*?2vq$fS+lcyqf#hLd_jq@=O@BW zK39KRcEpmv1w)y^GUgate?2HXp`c<+DLP**QWD+^1OzJN!beup z1PYS1QN}BX_YiDo`NoiK zqyOg(@K3W>SW)F~IY}N$xIz5+bHfR~)^=$6-|MBOo*0_{ULcfU{{Luh|6d05X|`(s zYkjd*7MA)}0UzG!PrTT0D=kqEPrWeml+YO(B!MA$?!;h?7k^E?(csHS%_uJ4`!UFt z23|g(G=C>FQGWE0G*(&10}4&a*l#v|hgDzuf3f$TQB6hPo3IsBKvY0PnuU%OQ9!za zG?Ct*(wZDQ;#`H&h6CH&c6C9-=qR|UMv=GxV zNn7HHVSW@O!{WW3kkIs{pC98`a)T8NNm?!YwtHW3HSL+i`DCX?uFpB9+%4ElokftS zOTOGCsG)NuM1rr_*=0-+5P2E#ZPaO3=JIzB1$YvZe`A5r zyn8#hszhUk&R}F|Gn3*UR6_eL8;1h+EbgQn2_-6r;cRc+$AX~KV)&L4L?2ykJ}44g z!E)bU@Gjw6zc~I%;~SB5-x3xyv) zK9_%o|1jPl2@$YI(DepIc^%=jIs5*tMZwF2G5!VlRf%L$Bn_t&RJQGD6ma{73_61s z*vX%VzE(R+IE*P#mT8>9JYaXRDXG$Tt*?0F|L980h^F6!mex~%Bf;xq;$LksrMeIo z66H%G5n>c8WFmi@E#xtuW@Cv2^U5V`{_6{Q<$}uI$b)SPiNos6sI$c#zSJK_a?6Xi zeYS14(j0o-OkQb>;N3kAw+bCjMphfpxWO{H*2Lm+Mg(v%HtbxBMuU{fw z`3IAcyy_DPbvym#VbJ}4UDj={mz^+Z|!-|<@>~2rh~KJ`BvpJQaTD-qf1v)!nIu6T=0Yh? zrZ0uKuH^HKepls;D^N}_rV^d^QPgA1f}#T~S9b3SDQtVc|K#KKa;T5|iRbjxPOXpE zgkYGOI@M|85kDkmNn~3Ae)iG|_Te&Pwwu2%ui7HDPj(zNk>%Fn3`~2rT8cHM@IKJr(2c^>z78>s(mxT71$#&V^pI?XbS0H6Q-nG(Qwx!Ab2HCkn zx5qP-q#0Q&k$cZoeoJsQllhA!h9Z@nuT#gs5dR7~gXTgf;f_9>-dBsqOW{UyWk*`O zHQTH%eKAr33?e#@@;ta(l4I}mI8nYSe6ojb?w_d1ItqW>_e#CKBSG)ge=bxE( zIDnkJfo~$~44ycRS4s$dt*DjxV_^%&AM&S#L<>!gVWD}!OhtI9d1*4HJum30L{7)S zuOqy}2>6_dMxSc4hl$K7GW`P)r)Zea`zGpj&4B;;C%Hbw z#CycX7n+1y;jf6o?GpzTC z+g)^Hp-4+Sk}_+oT$+>50YTT=_2Q!6g&6d&H*GSOh!>Gf6+9ea$cyWm+F_B5x?S<* zXAuzQ7m-d}QC8-pfP@=99@Yh1L&Y#K#eOQz+_E0CFrQ@&wp zH*5gE5NufSTQS8a9?gt-$-cfF!tvKmY^JuUSo}xxrtUd%O$Y-TC;H;t`tMZC>{`@O z!D`0!p>(ezn0kGuly^w<1vbj2kLyvoLtS!L5OwNO(U_-lQtM>H$Befv@MwbyH%Tih z@elUuXR3a?gDcVrwJ zuOyMYZ$V-e+I6SX=?~2)sHhmy#tzulcr3zx&}woMbj3NLzlxjko1Z>hRC8QqQ%!T* zZ92mt=9Z0!s@3U!8JLpuP*Oy>f$r)bXunk}`39!Em;`5i)1%{#9u66p5d73?-t3xB zZY5Ez!mBHYeMgh51e2$Q!8=8HGeOrmj0&mLD}C25g(T8vA7s*@yUJs{$le8gFVA)W z$oAa14qAe~e;)C4c!j({;|#E*cW*T+k9KpaWoAe1{t>f@{H@pzr_AM7Z+dzbGLEUW z`|d@OIDMy{-_BaQH-RqykaN#sPR_Qq7;nfK$uyhew`5u)jY#A$U|+#icws(_UlKc( z|MA`Mgx`MQ%4L41sPZV3=H)P~R^dmK%zr6NpC5|=i2YPa(#*yKamaf_uSl0Cvq!9`&jFT=`zwI3K(4?~zTjbUCY7$B}oEnGFmghVwH0qNC2SiD679 zneGaXU&M2oo}R$MDtH=s^Nmem@@i8=(l6tTVT46 z`j7I}+VJQ@i2P+%Ka56|y1FazWe*|tTpb;uxci(J&;878GTLA{L+*Gw=Qd2ACV45C zNHKiE%xWYwSVgq$Pd@^-Pfbl*QJ3#QxtCw{*M2X(qpz<=6HL`{n`N#~Sn~ws_>xse zPTjIzUHjo;yGrk+Uy^;s^E%IA;8$E*zGljcPpS=JuZO~CQ%8;sHZU1kpYXd4lGk0A zhcquTIt?WFv-5#Gba=t^M@P!d1g*Xm9wavU9jTj=QRw%9sPg^Q9J5;XnuKamgR@2( z#5_M2gY(Oil_1Wn8PXa+asb9Zl@q+^a{HD zuH!A@3@? zDoKUcs3Qh3s(w9(4=cc(1tV&JKj)NK;SoHlM>?$^C-}sR$Y12bO0O0w{7gy4)rqfZ zL+2J5>z=DKY{nEUKy9G)rre1OasP19))*iPEazVv@PChmR!T~0TBnmZAyqGxJ~YeB6;S&c)~8YwY9a={Am~X z0Wk$4zZW2^P*zzP1L(6+vT9Yc9lOM zwtH{ac?kKiU=B3_0;a0fNhUL zDR=++x$NI-$@5?Ap5 z&lhhp%GjxY6f0#C=W!%6CoQi_pSs@Gw=(c(>68y$v&z-Ms4j*m2)&%|e$^Pr9tLc6# zo^QCK$Tqa?`%<5K#4!uj+XNhH;hV1djtxK3WEmT@4K5syF#l5aBi==LZoEbm2d?p% zy|)`WGkM@*J^ayUdiQso?bP=3_JqC5t^(!bg_@kP*l7!>TqKdW=<65`?fJWe2F2i2 z@K%;;iEHcCSD!15Z!(=zQe0&;lgMhJnnLnJkz8@RyY)|`ITiypgFUR?QVGSe!(W5E zUisO+Q~lqKk2C=JT2e9yl}*YDR8#umtZiLs zuW1S<+YidkDwfcfEf=sk+Bu4G!3wQsuP23Te4(-2hw@@ayXxvj5;NBSo<=Khj)n35 z&A6C%+!Mlis~^Y?cE99n^2$Xj8SqlM*U>EZK*+5Z^*P!jl9Do&#oc5%rD6*#%5Qr( z^gOW~$t|_Ee&Tl@3|ADZF%GAlYGK;pkQ^L_Y|)+xFR(&Q;*X`*r?M~aG$KfN;4&uM z&!0&6av4@7c$e~l_K>10X75*K(v8|nc)FyU25DV6o#7d!~+Bzk>WQ|8#K&EftLgqX~JTIJ0JZi%XqXSgdI zg#j&2XWTc`51-mtu0kHl1L@0GEsr%!*v|ecw)dsV=2WkdNAE#Y=gWuZ>}0!mP1(f6 zl7s$T=%eO?n$GrO6ZTf!{@;Bpll{F@E=sHm#yGuAV}A3MqIu3Ls>fG)sillFoX}()*Lj4_TnlBmLsh9(W!DXRM%#O6n=b zb>rOlBrR8WiUc)ujyZVusEk>dni2Y{xEM3MA&zUb4d>8ufUiIP@`!vCh)JcW&qi`y zY&%c=Zo+5$UVl~nxb^5>Q6fLc$0uA_PtOmOtPO3lw&%cYANfy_C*P4ziAwSr9C z$p&3z_;)QcKarCS8zk4h7m2;lZ|@Y%qIf5Rd)mXICCa1{f|ZCBuB_zGg&aL6V-V2C z(Ry^ZvACXd0~@MZ#|;_2xPKM{@XWd%}#_Sy|DA}!{$_u-O_~K57M&qqtIY#OOr7pFibpV z=_eX_*Zu_FtBqLqOgqVWOu=7sP!_>Qd zPIPXHRO?nvr#T9WiS9mD(ChYqu1%MBm#xF$A_|dr51%3?H+&P;+=B5w@(K!wuZ^ST zoeP(ROKiikipboZ-giRdwfl{Zvha+7$)zhj-d&Mhv-SIvWZjp zMWQ@YtP5;n8#kc{N{dm#_?|DFcr*1HAH01rD9A0S#ob-`HmF>niFE;$gf1HsdA4T0 zHn29A^$95{Mo-D&n1c7V!!$I)4ol$#6*DPdTUIX%+~JhIETan6U0t>zU|m5B*@u3b)+W1A>30g6kpezNlAk*z>t2%_v5`oS>;m%G^T3z=-PWgX%ZdHdCh<(-2v6L3Yb1Wc!?VHCRD5J+%9qg zec>Q8l*PWTvblk9kGxDL$&Ny}i59ly-dFK!O||9{v--d8Wd(FFaAbZ{#h6 zH6g5uy-)P0m8HzyL;=jcse(qOB|pMyE@sWRmeaV7MO;t@J6fz2!+{uixMIVP!wu(A z*z3}i>7QAXs_)$9D!uMlQvxsFte<1reVmm;RL(?&}wa;G}4&-~a<52X`-Z($^p zp?Y>qpA9;&=f9A$l^;sGcvSJ&I(g!<(?E5(8M{}r5rN|pLatm%z5*%^>mF1iB+lMs zYqKg3v<6?j_GdsEGI6=Sh$hFVfk8Ov#w=ji^_;q1m{rXIQ!{2J&RGN>=fCBG=^nwBbn>RW91zH_B-=HY(_#`Kt^-8g5n^(yA;hd2I zSBXmUKR-Z>WZ$=IVjw1Ad&rTnHd1hRbFKCb9g6g&BSfl!P?+)C4ypl`y}Adk=0jgf z@A7**b=CQ+5T=X)Ya`zsQt9~^4igc@N zazYJiscRbq3rS*>O^m!xPWs1B6MQyO3_Q>w?0EZ`>TSrn?dnOirn1_yQRk6>?K_xT zsGCEfq&9TmJ9!SaTzLi=owv~e^YS;YOzlXX#C0CocK5=o43my)MMbeXh9bV)hF}7K zSadXM>YdcOeG>Ruq)surJU-E#rSR>VUZWNcBM6*Rbb0PVf68EFDs}ERXsThdfS8_~ z<6e)&I4udXncc}WaM?>p3J4e`9?fc2fL&}4#q8!q!A1``ow6)PorZZDi~2?rGoC>z z!OX*te)m|5$pf}FaJAtPZNriZeuDV<4!ku0UV?#$t6U_*-R(EUJc!_0a;x(`#KWZPWf6YIwX(4wqbtUd8-exngpi8~8%Gnof*^_5&T1VJ@TW$V zY1s_gy)uSXMyyE4s83^)hXkcnP{lyEZC;!hcRbM>6U`Z!*?ab-KpnlFu!VAUaB_-d zf^3xQs2jPzNcF}y{8{_Mk1HY{NjJ5U9}1V1U5O%}83gb&XbfgRFXCDrZQ;a=Y3+m- zScUzxZioBMHF}s1mFvQ{$@y&-I7K`?FT4Cn{}pNw4Tyn#U8Qr)HhlcoO-*1dUYns) zmN2Y;oT28Lurnb11wT+j3YYhj(7{DkJN3UJ1U5^(U?;o)hjKilSr3GW2mzi*^>Im_ z4gH4C92y;U#8NPaJ`c;DC*xlY%BuzQwNpKp)Jh|-GmI60D&uY|U>rt6A&Iz^Kvm3y z7~AB4?B1TtWtSD}tG7qLp5`sK8$b0pzSJF8rb8XG%%#gwVnR(o{-AYhwC?mBYcdb7 zr4{}5;XDO$Ae5Oaxy`R&k%y*Ou%-ah?Ke^EXg|MEI2;aoChx1`?%GV$nnr=<_(2tn z%?!SL$QyDYUJ01fPvqEx(mRktvkcT>WtuOCFs4K%)I%4T+;Rgah&2QlUS%A{G0eqg zHXZJH%B2M-XzR{?lJ`z_1Lgh7eYYp%)LLH^V+QiDh!g9=>|R|q2ebfll0+N?_9OS< z#L))#Wv7+GSH&^Gl{~=q5C9bn;h+sGLzTg`V6PC8WKp+$_rCiW)IU#g##&7|QaB=< z0RoKW>4ZA3s-=IG5E4M%&~LRU060<;TXlYX<|1%7wzu~p0?gpnkRsloT5?w9HVahH z>=JMm$jQBXZcXS<+5rC#Zh@=;y_#^1XD<}YqbfHPy%M|o8)HHlgH?~m%bD|c7CJmq zwW0Ibs*5a3mYhna-Ikjr?I_e*2F|x=6n0SVZzG5_lx1|Y%Vh>sHf@Sth+2b>eJMgk z#bTajBpP(|$s-xa>Bvk_U%FJQw2N_6E-vYUhX&Ns@{dMH5jzX5I(+Nb1`rTDo(eFp z{jc5Rokh!xDD*kB)aDG5xx#2Y4s#umDN}O)d>cxN--_ZOhF15mDmmIoUS9fOfqQG= zvO$fVcs~;8lf18b>+VMR8hQDah>dbcfd{l?9DCev_y*jUGnT)`0{IN+J>X-oXxG^R z4U*^yiGR|=m-xg6kDEW6MXzlqmls4@nI2YK7Jyk~<6d`5o9L|s6R3qt7!ROwVpDIs zbx&~LD!vGF(h%gJSmV<8 zZ%S1}Nn>Keve&PJ5K{%uH-&@DUqA-go44%O0Mv#1yIe1fvhAA|w+TGKZJBq$oe)w6RhPTkpLmV9KGd=D5 zJOwyb%-nlFKpR#~iFW-L$VHuMpS((hL4?R|W3{3BpDmNf%n4^vjrNQbuY>~*CsVly zOy;vAJIwnerp}_+I!%3}jAm6t203$0!#wTH@JPh4{>v|C){)k5yt^d2_9bAbr`BI39h!D zWH#l!qtW;&jv(WnF0!{h%C@A4_t?Rp@$c@j$Cy06OaIxAExN94|DgVl=JOuOhYm-f#8n(ws*0H+&{_hcaeE!{rdgx~Ht(~{sx%DJf= zI(*_sL@oRSxbi{z8(D)|VQnw5@ami{nAc_RXC@#5YxR!(XaZ&(l>claE`9V9a2t^U zO;soLnDX2g7WSsS_g(NKSK+6lN0!6f1ALbZLB}>>$K~h+&|x0|xt(puZ74TD{X}AP z{7DWh;_s^e6?9{4%J7QK_RW#PLTgAS=}zx-agpM3m4eih#@Kw6p=?@#B;{C|WAWi# zhgbD(FAB83b~Kk8run5D-ytOuis33SkCXYQpq$XhpMT&4L z$ods}dB4f7R#;GJBtpu)&s06h#UQ$>)_22(;Cdowyp(}dbnWQ^#mmfWP&2_ilvZT3j7#H%%vuX@?j1Z95{ik*h+5<-h%;$7t^m#=1I=l)X@UJH~UPHIb1CMeT}xDS}^w zMuUZHw&(TRwEQl1QClPrnJ-guzV*(ra>ofsRNpGtl5 zlYUYFyMB6cJJ~g>q$`$-mB*HmUbx06;^yUjHlQ!nraj1g*>RCNt1_i!^4FP=k%39sL_vS-!Bz(FVHD2;_Xp?}H8FBv;~k)DX|e%f zY9PY9w?6JY?MyI$y12U&cdCk8(8bRn{KA+(rp{L8{qRqZRb?MF=S+8aZ|3S5aZ_=w zrZzTj)6HPFvlM`y;w|vnnC`(!ftEPH?X>>{IXi|qPQa~l>hJP{{!5j%I&eCPyBPp0 zXy!-P#SMNNTLke#eU6RlL?KW(0lt_ zeF|x3a&wAuF0Yuo8Ye(TK>SAdPeA*! z>%=rd*a?%5C#w%~F68E>LO{)G!WVG6`p+gH9>2y4% z3V^6d+N`=Xq<|sCnOR=%bo@sV7lV+Kicv3~sedino-HGx(sFfoH7ZELF}vkRrLHRA zSg&$0JA`(3a;Wu{fuq-A^~Fmgt#A2;`wF+)72HOZ;K|JK_l86h@OBc2}(It zJda2G=-F&76lHjXsob)QD8A}C`vkPfZ6mn5%lUC6SJ4%xP=vN0qUR*&`&hBMSwH*w zh!C@p{J-FJje8_ClMTFMP!s(KWX5(YYw;u=H7K+{&$|SHLb4cOy)Bo~Jo1)H!!I-1#B#{b z_Olrn9U2o3@OkpXA6_*?77`RgN1ET=?UfEm+qzg!h`amI3h?I%;jyVHs{(rpBWKJ| z#+!CP?2vJKk%*mTInW2c<>`NXyRd3)Lk&PiVRt?yJ;Af0U~29aKN=&dys3u$DQIS< z!ri?AF+#Wquv>$6REbV+&kWt&Mu!POZ)=#t;iv_Omk`3jc@}wiGm{?#ybj`wPmlBL z9oUvc>D^Z+9?B6QKae5*gHLrR5TGU?ZV;}X*hJnXL>rvfC!Xk?RFJRaW-0g#36`6! zf~Xmn(T%v4)hO2TO8R!b&Re>I)s^xnbWpoExC+w=}p_{`Nyq?EL`g)6=EF2+YL8mDtlW0!pcM+Q^Ez z-|hVNOdMP^H~8vR!f_tE4SFE9h!*Pq9_MNT(<)ByH}lG!u5-yRRM){>snrwLzPNxz zbdx)x%~yVU61D{D>%E;8UKTcu7HOUx5$8$e*yQUqeiC+BEgp!uFYL7WG2y6sq;=;i zA?kWT*hT9&{t01Y1kKV=SZ10G)E5=Ct3IPrYBm7){BH-s3-pf9N(8tCv>4(0*%-my zQIqD>$SsV%IPK{*M75(hGMK0F{)P+;ZQAW|QhGDP3CZ8w+1kp0EL4_I(f{*Uv%pZj zp;xbCrqA$fJyhlO?oEV~BXVVnLSwi{t7;p7U}O$s0|8bbYAhVV(Neg(Pc^UtYb1qr zg(tQ{6|kWpHQdJf6%bO4h{{m^H2E~K_nJ|omSf`~-%gUCbtVxRJUTKG_`xo#2ZMKT zYZA}*$=pg*Aj=br#rj$KKzKSk2jwGfPR4+pJu@RWY5wUc0=K>LjIW+%zGlDHtWKF> zTxL#c>LW8VwDl22r44kJs#Xy~ZwF1m3_uga?QNSv)87(iBHB8*p=`)cBGG5hW<9#y zXDDvz=k%4p4nq`r&NvXj_T1 z1Badx;oCs~+G+2P#YvrrWZW$ZT+HGXCuX3_Cx~HHZ(_v;=7xGD)-6||`rc(6 zToyp$S0}xbAcWIjggn!Z3haw2qIz6u(D!E&a`>vShzB(LFR{8eS zb)w2N3PdCx5O$CDEYjzdzZ3MsHMjxrTXz2hLsz={#jCz(avduOG=9s-h+=u2ls*c% zQ1O22LJ`@C`s(UxzG|}~a9dYr&Xacm*cs8~sug0CP;SY=^O72m;_STrg92VFRcJV#;Wby(+bSzoB+BB2oNtW!CCEgr!x}F%-0$5 zyJDyAILtKk7c9ylr7kDcR~|qj5JwHJINY%FFVf4X#nGA{M42E?i62t;KW z3!G1J2i-S_uPngrG`SP@sRd^aRlpwQ0BE6q!Axc_oMnxWE-G|mI z2svd52_47;(aIwEOrN7zzXuMtu!O{+%osUAaMKcoR895Sr>ZqfI6CA!h)XRqpjh{u zyMGzC#v{*x)lgFY?g2_LG!P(!$i7tlmJrQ&C@aP_`@skAvG@dV{dfP;TSho%G`Rb(mCJJ|f@hKz$KFCf5n7QUh5Nj;?C=VA1MivwZ7u z2cRv}h{Qx+D|(-Rxi`uch}x+^7U{5idS(!!51_(4AGOXcBH~FC!d_O%zm&i6NC#?m zYEw}^lV?RP6w8$pJ{xNeoYwp~HPz(0J(d2SJ`+{W>cx(xLQoeM_tAGgXt*T;L)hCU zpg8|x{WNDQE!`@@jRCzG7ZRda><}VDEcO_00d(GI7gcwq>CPl9};?Lk1B6EN?B>x>i7uZH4xk9vYF=TJqq4GGKu%#0hUlM|GNUB*&U zDhqZtsgV{G{@mr0K+=$YwHC9vrY=yph=!)rXU8rVipzk*kj6>5W6%YU}H!9KNX%i}Dd>h^OQ(-vh-c9(a< zP`a>dtayQH%T@=li%$zbIVDBp{x*s_qej(BcX)WMHIDlbN-!b_xfP%jYdqMRihmu8 zE{pAi`Mj9C6y(&ux4{j6jFO%{`XzODcYv3Jkj(#!{-Ie-BxeQe16xI*#Fr;ycbC*g zN4NF+=7${iS~{(0Yxq~})vt)#T*tq2A|p$2UZ|Z{eC09NV3+@9^e3YX@?OPn2oLc2 z)}|UX#r)Q_n2}u?9gsedeKR}bi)cYAYjS93Nve$1$&F7;d>}Cbq4Y;D`YK;2_RT`2 z-TW4WeV)n?5-hZ#X@CB#<=r3*uxm&A+UI~*b$k1Tc5S09`%?ln-Z!Qw)#`{sbx-RP z+q_&kX5S50$>wxyl}h<@m%Gywd+(X^OVUp5{oN6OsynDff^EGyiO(X>L39!z7|vW< z--hGku-QAyR89IvUVZy@I`L8gAEqC1Nbya+H)3rZ`1*^8*`9qXy$W(7t688K7honf zK5m~#$ncu$J4#B~*{^S+r5#@yuVXP&PE0~ARdY>wd8Kn*0HC(W8&(A}nF``L`{Qy8 z0jixT5rTY7PM+%M_$x*m^bhN{nLQCV-YGq@c>u){^#8u{^)A8L8saPFX&Fhq8BUhCW|FzZht z+gI$aT`{`yp^)~s;^Wt}Dmvtqj-%9RSMm3c)A_C)!Xt}9o<93opMt?i@_+$SE7l(* zY$K6S-=b^)d)ze|BS6hX!{HHK=hrtA+tPPyVJ_F{LWuwPST7FQEfWBdamFUjmz|$q8bH5-wCXVYZk;w5*n^9I)9hTA(T-F%W|nS_ z^7`q8&J&&3@pd4Oo)oBh(sMMeVrUN86bRp^G~AJQ(`XkD}fU5=Q@AO~dhp zAJ+3d{Ec^baxbBC+)t)!=7`!wB$}pSPbZ+zkp{9_z!J>y|h7y;}(`b6t>FcbE*!YzJ~pWQ*6Wj_L=d17ZxO3~s;a-8ed&q88+?L-)iV_WSlFJ&}6( zpI7GnXZHW&ua__X@8AD-JpQ-!z{bY*tI3~)*L?0=W@cu+E1DYgp%*GQ``tWEW>d_4 zWpm$`HFUDSpSn*ebaQ71Y+P_WWMw5@Y!7J$q`%=&Q4bF{0B_Zs8oTr2csnM*kTetQ z81nu5m-48GRgh^s6xOh@C}h+?N1A$iQsTP75FH&|5_T9@wHnkXYY30i7HFx-Tdy}_ zx;4K9ZEPy=6igEH{CZilcPlh7KUR)O^39t&*@}tR1huK%YU<_zf$)thmwpI9I2ukd z3cx37e1dLrQ{<1~xuJ?1LX2FTta9eOPB&&WZ^rWaM<6su8Li0#YierZb?vjh;xG9| zr}9gRAy;(JD;?ff9X&lQQ!q!n9YD>I@`Rev_xN!|Ma6p`0njO*WVv6~$%zsK{zJrP zW>6D57=EiksF8%fuMr!i@oFUV0Tvo;XJ;P9rB|H}_|GGK!@hrS8DWnaoNXrtNl!1< zCMw+rPqQvvIRD_`gYfwHZ?uBx?<_3xZnmS)=wPbuIL>2t9bD3kK~`4Q6*98c#rCk9 zbd=x8#qV@l9fej~q>#hI46pdt_?!p>q9HrLe?{nQE<|+`PW|%1O~And?oIzH1OjSg%yyuKQTmxgVw(KfLIXScX?qwS)`+@>%uueUG@`F=d!uJ z7-9(bY#ta0k4XqTHCz|wy@tQZd~&}u$lItJ3~<)dmUUM zBE6G)v)vU?#RAG3(rTOOp%sUx{QRw%-=cmN6a+U*FiKil=1+Y&h)!i}YHpr;^7dS< z3zlWak-9H6K!r`?VBdDC<`eM0wam%DCids>aH}`9PVyn*RJI>J5CIOPcMwR3QZn7_ z;ZE8<)8NqP*Th8HyMi{~*A1st0X65|W5iT8f0pQoyZB3tR{O7WpmTGsUNyI5Oufh%g%)6n=r zg6@~n){djn^@DpI-pWxdom(m*Bwg zQsZ%hz0^igdin!OO3LSYda@6N4_xC@QW#{yXf7%!C>$If-sj^h({FNKnR@|vw~VI_ zuA*)kKX!E`r=+_5;MXjpw6wJC$uyu4nmhL2+1%az0y5KiF5Ue5VlONyxzcp(WsWts znrcou`@qc1{LE?PUMQmok(HGd9sZCvyZ^^0pcWLS8}k5Z#6%S&!1hDm5?}etU1)RN z_{+>2;3mG)N}LDZLMQ5W4%VL{f4T;3JZ)+XrY1=A?%JfbjifbLfgqz_zs?0$1YL}c zj-CTizVr1Sx&{&77#{q44OvG-L_Bj?y7GvNtMtQ~tNCy?8Hs=33fTstB_uVKCn=e3 z9>_Kb5rY(FDhk%`0f_}9qEpknW_yoX+S?UQdaH``=Km}O=Bcw>JO{KCxf!eMGZ7)< z;~INFBOihHQdPbA+0Ty`GNDletNk_JdDEo*dt08mj~gIY@^9C8^Cs}((SC**InRIT zLWh24F)?~TF4O$;)5Y+}$Orq5?V$|*K=leWV z38!}RocUqz-)H0E(yV#iirQJGy=@HoTi=ne(f4mZ1l{oG0vN00L$kn@09`m&$J`4$7l$ukJXnI(ClE zzk#yPVyPWb-Dq)^oKkA>WxR1iWu8eJaNAv{7Y)4G93XGp3~u@cJw5Xi0Syi0$;ruM zU}oK1ww`}%lmLc7#)nr@E!Erm>=$4!APgv@&lpQ}@wJ_u$2*BO`GrKZ}3?AbqvxI!4I3JYK*UndISitG)>?>xe~ zQo%yQ7$w?Plx5zvY`z2R3vtH~85vD6(`9WM*Re z3GViw-?!lx;2=URTV_bmFgy0*IOBK}Dif=d!-S1rI#(eCu^Y)EuA7Gy7GN>7Y?~^S zTCYY{w<&FvdI`Ib@;!M%C5{w4GPBpGxN^z%M9*~b`S>1ZX!Fi;pL9QiA>o|dFo~v! zhXJUz@UBosO8Vgr%VAT;Rq!wmd3kSuioa_iStB$BUCUw%jjLe(CacfB08+lr69ef$ zlfh&6ovskizGRZMlK*D?he-YxS!h&1$7a_o6t`yJ|}L z4$Vy+*1B5YK@PptJce^4>=Lg}|2&cRBz!q%EKl4dc^4LGinwZubq2&-fXXNY3i^ZI zGV|EmY^sMjnlgm(nS|%B)R~4@wK%UVv<9QvJQ3p`TAekgxGx@`%#XKT1i&iNYr9vN zoyVs;C;8Ee&*c(6`W?=c}#_iiI)kPYn^*-hL;N1H?{R9@q z$U5VI^uvubKjLl_PojWLG_8ULJF971Pz;Qfm6PRLKYDAiJ%*t?AHUCISpN$Q9wtduONg-H8XVdc=UZ5U|b45v_N}aY+qi zDZHsMe+-BjOc{m&wRnjqk~{B=g}~|#xS#Eg5A3IEoz<6R-1}1{+EJWw?<_5Y)~Df2 zwnBk|EhEFjQr%ib10y}8hwkn*47WZ9ZrVN4uejnzOrE!m{389}Cg43Pb=!IXsQdug z%`1mTzQ?B`+=exPJAzscp0>5rNdaiRE+M5P-vSN?5F@=26Z-(DOn`}uH^c9n0}3P1 zUj+&!_9P~zyiNIlpa1g2#Dw{HK9!TRb5^khP{?3=Hw^B%|Ffp%&hqkdiL2dnd;7=h zGw@)*OisY8#%r$FC6-%VhT0G=uBTR`qz?i&RqlmH2fv%Hjl}0#d!O1&;~kD#qs6Mr z&}S<5e#LUlE;hB29JsVrmsFIgVG;}D> zRcm^U84A?OW8>rV$A^x0MBiU|^ytz1(PV(6M7{Bp&9dJ=eoA{+*$&QlZ#`2_L%u#6 z04S(1NN50(9pZDAQbP z#$t20YFx{gONEB;Yd|o~0edpwZn_W7rWLgQ1r`Ob?aXoYy8mwR{$q^IaDKF`&T?ofPc=y!U8-(D_FM!HTEWXzKy^WItN-%D{Tmx4iuD^V*lslNG5%rmd{nk=rjwqLQQ|iE;L4>70K&`R2cG08Kjh#m zYvMoSjOq@4`5;Ne^|}?ZPzF$L57bMO5Y{qq2!K9l0n~*hUWY*rrW)g0e(5H6JIOG7 zN0$SS_)jMA9qxEa;OR8444SBDywQM^=39Gmad1R-Nf1{3N-o(qk43&~&3z;sl0x50s^YxMDV$L7?K0)dOz*=0XI_Of5@v3Q*# zdO1q`==D5b(f7}vFBIyO-#veN$_u#N!OE_vs3aWPmnso3Fo5MdGBs_#hr!g5kdTym z?sFe|t%Q%%$V?H@J~cn5tgI|QuIZY{|CBe{GS0Mnq-AWWs5_6uU($N2grT9KLGzaK zY<4 znywAWobK$t$r*KaW6)FF-f_3%CP8KR9^lh-%0EQ@EOqI<3mjk~Go@6SqrEle#MBT* zi5F$6yK}##HgUVFsD|>)%u58b26Fu8f_YB;9-FkM19H%FhP|R2Q?QE?jKW{`)_FC`)j@#zdaIU7vD~T%<4>7OQhz+?-D>U9a0% zx;_yNFP6b!O?oFP&l!sOJI?*`dGw|xck1U+FMbLL*0IO7V1@Z$y1w@*@B*JbdnVT< z10oB6QL-IyGxItu$-Pe86Z)?Bn(1mCbc1oM=H10mI-$=x@1?61MWtJnAT zI=cQFdv6(4<<|C(Vu4#lL`0BOKoF4bR!|WTkVaBKK)SnBln#kSN_R_li%3a#gLLPj z`Cs?m`+45?j5E&Xb3U9k_89wlw#Zs*-g92@i+TOd9Uu%w?OldhM^E!&t2bK~ySoMl znUt77_x=}jD-l(UqXpm$@P`Ie8^%q`x{KQMR{|$rOZ1pr;2O9+f^G5f@Z8Om9wW2n zc&%5x5=1=3&gQ$5JfTtk>$C8K64P|N<8EdsDg^QdY9XYOOD z*`as;1Sz>jwNzu7;{*oj!qD@J7*Ski0pzYH`3*Z6w2(28&<@j*$w^2^;!{$-K+Cr} zUWnzizxp$eMyjqc$yfd`^S1k(!9?N}UK`72=H|E7$I9Iq)hj|PgWT4Z6$lB55|uV4 zf-h8*lyJTXIJqTw$r-{So|rllaii4Xp;nK6oPxn&Mvo`Gido+@tUuCxP)kL927pCG zR8%x`vIcU!2M+m1nBP`|cJbpKEux!~3HzAvV0Deue5vQ*n13xjhlLz~3ybM5`*PKZ zp(cc-@aRKBRgFtbd1T&Y-o?+ceOwfkt|;@4Na^V{2BLGd!R zzoz=@*RMyVmwl>qGG015@(yHc_`|Za$JJtpc-%zwu~?{1lxew-%shF68-(lSRzwc=z_PVYyFl^^VH0Y&z0*0;v+W0 zLvdkY)R9G5%gXrp_+R{q2a;fRo$~j$4=S7-#9A5I*zh2zGooL6QTX`ye4jhsuviWy z2T;X>$7;TA?Bx8oU^V-(@$j|)QhFlogVpx&8&gL3v|r8y1&8(<1B0EJ9z3{Uwb1^; z-kuOp8EAQHOUVKgby~UFELVr5AMTYIzrnnGIbPF^JcCnhSWPOd)sI-AMYJDfBq3Q4 z9i0_wl$w^NGyUoCrGy0ipkP~UbF4t67L3g;j~-JKhUv%1 z+h4-kPg1Y6O;^f`mDRargC768bKktbzcETBHH!}v_(*}3#=xVUP*bNL@sb-{Vo`^djYNlDvdxHMVo zE?~f1t5?S-Rxmn@f|XS`A?41*>YbC5lg(*Sa;=$UvEcYi7&gm&^${#OS}>^1YT=?T z{g8^Pgp^TrKqTtdP}Z$?BRMeHv1z7&7;qsn1t zdbl`C-o>Ol@d~wc?8SuFUKr@c0lk>NFar!j6rNvDXy3hDH14rFA|*^7)_|plUil{XY8o(!c0A|K4vI91wZi5f^%A6L_Q``&A`)NFRHEnF7w z8LUm-5rBP2EYxy6JD+^(azePZwe`KQH2iQtLLtMuga``d7peZtFp{|?8GCd2sXshF z3J679?{>pybS&(wl-{d5K^Cd2!+^)31!l0V`d>k^<=QZwkJ)CKy_{>9KDsR}IT;F+ z8W`JWR4!<}Ugf|HC?jBQ$(F0FXQ>4`L>93K-uv8_K%&^lVl_@cKcLl&m7X{YBAxmC zt^uI+?U8H*0*?EkbbK)0vpu>NgOtxk_DC7B%B6D*H*P*YovoRNvRof7)D8W(4Bf-0 zN>8kl&e-Sj^77>yx8@fb`}?s&s9mU08^s2_n7xAMGYV%`d*Z0oLYRE*>w0>mbKr#= z>2eb7ea|=~V z<$&Imix*B#J6rwJV8cUmEQ89qA=AAl|IF1@aK1eT3sO|1j_2ayBdRniC5fsq0wIie z+Zf(1#c7igILjwn#~TPRKM6w};o-~je1vT3xV!2NDM9$rotcAt9afs9PzIXkw8W|s z;^Ldl8?}@S43c`UdIknO^apdl7ZzsiTcpE2*}r)cj!kAC3(CZfg{3rQL|u1>oWjwQ z+EjjeW`<%X18dd;ySqSF;+>F-&qAja{+Zwwm6(jy1IPW)fBq8A)AWpq8CQ*~V~D=WY0@K~nUqa8Q*Zx# zVf=S4DICL~&~Kl?_bCkV-f|o|`Yda#G9!!a0u=9LVK?B zNYl0G=;?XDIBz6G0JtoB9tNz8T-pgT8k13---yZsc$3D;z|!^-jY?aS-PK`<;P_uE za%|J95C#$y3qM+8oCP*gD8uvNn9hyIEBr}L99{wz45*fDGifC-Ly`9^AS* zHQr1NRj*fIU~>}d@fe(Dz&GO|KFYf9FTWl)QBYD+(i^?ar1cJ9nUz72Wa^SuGT%fq zRl&}Vrv5A?Ahf(8d9%j-W@mntad+T9S^(w``h%tl!EKclW$`*#!#t(Xw2cYyBM7y_ zkT_{=#%jboL`f(pkjFY#^Ty0fKW`hetMw-x6r=Fyp|_|nx6+TCG%z&07XF)&uE|Er zRZx)dFk$SZKHb#?K>N}$s$bDO(b=WfvmY~P85{exgI{Pu|J888YQKbSrNLy4NO^(0 zC}Y}<=Rf^hq2X*VrjIuAY3l`ietSRSF$@oVN+8{7iSw)PGq25Zd}KM#<%>_thjJGQ zpT)SK=ce8QTQL(N{i1PXmY*(H=G{4I>o_<@q8C zO)Hr-lYbT$Ka*(){He*G9xG>qIj5}xUde_$3Sm_+wP{)eXn`xR+y_(cLD2Unu{s|e z|57U`hZ(=`dy+HcE9FF?j?n$766N|qB8(Ar=xFoY*w{oD6U&5@v@cf<3n+{`boqA; zw6q=obOCwjA@Qif$>H{-$$0Bgj!`eHYgF}Mp66Q_VIEAwd;9in^Nk6CS23KDdNVuQ za}r~_NCj`fXXeqprF`*zP>)ga#Oei1NIjD19WfRW+C8&PsGIj0{8G0sF)5` zW}dGO7ZQgvsy9UB>vUx)nW6CRI;^LSV_^)93@IL{q#o!!H#8*rEUZ;dC4*YYeC)9I z1{%W=-jTWG!hA09f0lS?C*8UW-)MeHzt_^#W**+-XSbUnn8FL9VX z-QD%^_3n_DKLGKS1Q1(rG^dP=jF+!(BnA zVR>7J;mp5`2UE@~S|>u~xB#tUja!6`^(ml4s(e4&@J6neeZwBKt+;OJ+~jIN8$N&e zQs2{ao6PKS8gnk%b|vT(H~TJ|W_3h!iOTWpl|qm*Umv?yUtj-HO3cH(F>5aR^WkBctH5O_ zI=+Xq&@xCU+H#T!IbMb|M5wfRHzZp}MwD?9FeNc3XF2e}b+u;?uS9E}r>}9LNPDSh z9#(U7b~&BK_sxn1X7VcvIBZ`A@jOKT9OiH{y@^*TWv0f)H?mmUp0{ahZ7t_i?fNO< z1?pPe1J*I3?G2s0v?lq{(b2EYHl>3#d>d5CK~y+{gv}qz?R4J%NyTz%v1YzBGtt@5 z&>>+XO)8-OcJuXX*I*X1A23e#yPLS$+B)|S7UC?k%tKRt5k6CQv3vUTLU3@%Td06+ zZPzB+IOzk@Oh!wxg6)qu@zpz9{Yb5?tzTE###jzkWX{+;w-6^qM^{xFx!_7bDSL%GUT>23HEciV4HT>$(5MHP=t%=rwxt}(}%RAWBP57!O( zi3XB|Eq%@I`qg&_)&k;jUI{CGCCowU3>_xy8W|yiF1xAb^muc$B}BQ#_#V=Z0`jB1 zOOuqMv7+e7Yv#~U2<0IDguMJ-g`#HxF>{+_g#3`P0QaM-uC6tUyI@1uv=T4c4iV^ec(j*Rf)Pn=}QHDl~8 zx4O!f*93K|;&rzU@R^XVU7HQ9dRMvX@on3T>es}RQdS#vIQ1~EyBRpbPmnF9=H|Wt zyEY9y*;Q->=SUKTrNza!%Y6n==3Xi>9li+p{^01Sp*}&N=3wS}Sw(p@8y>d;sr#g2 zfa&@=x9bU^uyAfYVBd?2i&OQd$7L3jM3*pcJVw8>x3%Tu%+~aThB2|MOgWQmq2)XUn{h(-x*UeIVKV0xIF^QtP zP+uB`15+?E-UL4YUEZk1@OH-U62te(1Rj=QKFBob3Olqg5Oxj1jZ}DCGyV;tH^>uq zConP@vt)cDLWw1u4+ln40r}7J-i;-gFCw55G4uYIEt84`T7EI5vIm zx}$DZ*k3+opxdh03%KNukV4v)78vuPaCo79qFHNUu`RTHmS;~7;N zL;ls!@(Tl3vj(#>`a*D8Z|4mk4{8!vfQ)3Q#Dre#Nu~AHWAu+F_V(N`ef|QTj*jtA z8SZbX-|71AsP4Tt9jz!gbQD(Bl*k(0Z!~ciUGmI!BQG|_jfH3VB*Oj zhSkA9@msjK0h$5ip1!_W4bg%t&=@X$*Wz}Y=4bpS6bP*yB{k<=sCo!Fmht?_-Yxw3 zGX*$Ux?Ea-cpi(AZZ-Ym$4Kah^0DpV)Ae;S&{o-0L4birr*)vN$$Fq2X-o+8hp%2olo%!@wA=?rS#Sp{ z&UxuTbkwpAd$Hu`&`1N^KUxsjaf*e;B_{CA*J&1pW0IPh3c(rXo6dZNR>aTGnu_}2 zw2;fO!te-sLsk`^N$bwtyB5GuT^;_ z372AMprS%4sNTtnW`j+Aka`38#W;FDX^KC<7_ORVCS0r3ir zG%M8X*GXfRGo(@8IcD_dc4Cr$gr03sn%u1)?ax%Wj=enCoFtm3p_#p3U+R8IrNr3V z>(^C&w==ci4;AH=5)28uP`G>p;Xz`9@MDdFI|5GopJYytg5#NPd%u>=95HI#9^ho8 zqibjjpVKtSHhO;*?C@iib~p|Wnbj&PrKajP?y=qx4Ipd$aN&~0&b;J7oB*V2e5QJQ zH>R3~`tuMP=}oB3iVXY3XJa*-N6VYWYH|iP5XK+q;h?ZE51Ayvk2xl)7Bj}X6Y3GBbJeaHgyrJ5u%>0a>h|~BgC=EC&a*Y%R@G`1zOjvK&B``3jXFdfA{YDv9gwx=$9VAYX}QB2$UOXD{+8i!Fp`~9~dJq zfB)x@!9Wr6*2w6(sA#hxA0op6eDdv5kM4nM+g(CJ!l@rjwNr2`9rBJCY<|3bGAzL^U&yUQVI&yrw?U60KtAxvqS&L2IV_#zXmv>WmM>7j|k~T z@I)h+vV#RrCS}bG3j(|UaE`-~9U2~$*v~I_S>cRQRj&KF-ycin=;*jOltFnrB={@n z5|RhovWhmkYJRpp#~U#m=ADIlYN$*(IXP8)Kg`_5;%W3i4*nULfPesk$btrrm5Yx+ zLi|;BF!$zWcjGl}X+c>zxwlZl&*z2XWq5D7A9T>X(Y?P9Y$x=9ifvnqD=YPNUAKVP z3_tD?huZWu9-cf=G#HvGIT&&pI>82?0Q_uNm?A5>$zCa)FI=v55GVWqGd=RGmw8|lTG`nIZqW~>qD6Y_Cp=8BSyxb2_jes(~SDbD<;z4J&qPJroK=u+W@KpSJ}ZUr`p-|TRFdwVH-fCImb-?Vu0ZJF zwmM=5+wUB;+{X)`|F`2p(>duDCqDJ18?k$jb4f%*t<3)Ea{pNCE$?UCc8s^q^gA1x zn(z_in~EHP<@yV0pr11bg0}YjtWr4I3(mpm(OzS3nsmO&C@09M@YO5q6BV+eTbx^qW6VEEYW5AA1I?La4SK6CYnj7-<;nmbwt61)4XJhdZ;6BFFQ!daM ze_GAX=EAK0a&Wv+YYt+$V)AIf=XQE{1}_ zg6}qMcay7iLt40C_E;TUoD0X{>dl+MRo579dm|rrP3ZKh`uH~eI)EKGlpcX_3$l78 zCL$Jf^jD#}{eY5^)Cs*FRF$v=S?cp=HG1^V7tr4di{xGUFxFv)f)q#ZyjlMefwB&_ zbzi=E^>vv95gx_x+17!o`t%r$VEDzFN?UuC7L+PE(XnuB8`5fVW;Q08mix1SiO^t- z^ty`E+@k5GaKMLF_)yQHH%7K0vrI9Cmz?zlznrZl}_Yh&{z zDG3hFa9kr1~S<81p94<C+JZI zT!1#bpIB6MC!F!rpJCF>BO`+rWE9kqyNJRPaDPmY_^giQlcq@>qAD{YQK&DJqBkkm z7^Lf4Dl>-TU0r}&#Kps-=jy&=7U2RU`T^DfrRF1fgGdrx0sBpid={3ukzx4mz&|s9 zR`<0b={|_WKzmwBA2yqWBib7CA3 z=bgcR_%gp%h5oQ)s}ih{j!=SZTlD7n<9?ilg$14F08%f1Ulggn{9+?2hbwAceOV{7 zLNY6fAKa5~0ST0Iixt+^rWhL+NTwcW3Q2kJ;DMKqU+AivT!>+2PAi3LBPai364*PI zfhiP#C3r}?kpl>?-G+{~Sn8RSwOB)F*-E|Qu?WRswKJd>4oufnT8I^9lpR+F7_v1> zZ$AI><=|jeM%E^;q8SI;i^Y)~V$+GTk8l~R_^Ae@vEQ)*$P-DgqVg|*eDcBd)CEFQ z^O4PpIs6K-I7C4i5%B>d;#v)@!_j&&>|@=Xjv zA=giR$))g|VR3@s9bx&Vn|#mRDyaeYkLEIKpnS-cJ(#6%-Jd9O3e<{lNW$pCA;sx5 z9%19xm?%SA5>^%H*emq?Ih9L9`~TdqDAYc*%vP>Zo3G{JE@}?TQSE1CzT0VjzBl+B zB#Dosq9W^yWGIok69HbJ?u_8Ex;x(y;|^70!{DG&LARpT(+5z!yjD~5!=KE}4z_&X zTfqSw+^wmNz@t6lcqh9&%N32~#l<@PI*e~ZZe$2w4pxHzP*DWWMspk77Cd-M1uBH> zUH^Gfz7m~*_DE(fE>RFJ1;vGXuC5v*l7*Ag(;$?>Sw>`RwWHSdAKIZpeXdmLa}~po zRnLnT3JMCk^5tlpxwl2c^x^I=1LwWDa9Ls+AE8ljBb*+gl_VVC6TEF7%KzmM<__ZS z>DfTR;BTs+WCI2csnnrWdi&GuTDdgl%!4m^k%Sj7r8ve{XMN zpF!`}Eon@UC;1`T&ep=!a>-c!=Ls8l*S>IDZ(@M|1Cc$L+t`FeSGh4;QUTrT2@(?R z?wNh}2oiyq1J>tnVqsySe)E9>9F#qlSQewM2e=HXCGv}vAmYX%CnwKVMU!%x zO;Gg*0MywHqV-o%yOBM3HTf$_Kz9tqnR|KC~Y#*Mo8DAVAHxJm^ z?_B(d0WODTSReL+b9qiodaIoxCp#uJZZ|Th4?9|7Dw7$D4IF4V6BZ(61#Xl}rNrBm$fGK~8i6MpMM`uc}4rTltq{+)Dq4Tx> zi_$_$$aXc2ZcTTgJH?kO7u6xrG+66)eipGcc|KFirkDQkW+=z|&9_LcL+-*YE4$Ei znwFc(SaYG{jtH0h+4mzQS}o_v6EO?#^G=NqM(ZeBn9B>YNEh4aRAi8%? zYvSaJxrGHSK`#<5pgh~!Nf6oG*#p7y6>)J1r0c?Y5%2>LW>nNw7H0MzA3nMR&CcOm zsm%kB2IW1wG|-Q`!EGM?#L*PY%&#erOralZKiD|`8XoQ`5zZ*)l6Ii7zqS9O*7cO5 zqC-)EKd0R#H0pJv{V8-SYUP$!KymGHK3uriml4tsLIrB4eAmVo5U+{4yJZmQF0Ab^ z8~7iH$PW(BrKF@HxZExbcNPvGAu|iC-S-b;h~_IwKLQ0avo$1v}AIoIu83zki20m-zc*4`i$R!Y-(X z^p-Q|Jm3BXv_?!v`)i({|NHUt$CJ%YA#>Yxzm7?_Kn|l?dbF)~1t9Q55}-1!v|ale z73Bl>fg}1E!^8C#{zO_k^BehwdqjxR0RUl)F*VEGw|J2=lyL6IS`v+D!tOsC0x7^T-etv#n09hES(V>BcM}e1#i;D|MK!8C( z`B(>d)w==xEh=^lKnaRfa!UdJ2O^rv;i4i*snD7Iotxx56mJ?tyLSvAEPw(5c`VTH z6OHE461$_O7ZVD^E1lI`|f_EdK!4|b+VlqCS#sZWf-I~Ge z#DEX^;CsvcA}8aOzdAdc|Io^9uC=0=4XE6P1$2+i6_)*}9SDvhmW_K+42a>P<#zEJ zFkjVs*&q^=BGqJA(lIikA3je_?Uz?YJ+Jy41i=JK^9*Y_DQH;YBxC(xb2f}OUIKzf zwtO8lm0EA#rk8Nvx54ZD&X_74_Yp1ugV72q$TI|g!SvcV0TvEv1E?KP4pI=0-uGwX zgKEzk_8d~gZ`o~#=PpcBicYPsYpm&Hm+#C=H2EG>+I0iGE_8N)mns#Lx-GW=l&Nyz zKA-W~nN!9Vw64R8{aIZ5tK+_rZ2AgDrWwB?3Rt-m`y<;FY{$~Y|E{K3%TuAMh9&j^ zT=Y6DB-KOe8b(i*2*~3BBm&fEe$dM2>nt$ZJE5;&{Ag-=sw#0Ec4+hN65H#+*N3H+ zPJ7E=;!4a!2TjMp6-aA9uUca4QY>FwvRrDGnYh6?ia9R84_p2G<;>{U2O=!66=coc zzt@h=$+TCAgbK<*`W4Dv9qe$hmGJ?G^yvI>LA-WY8y<5E@Kb~90))KQ5q;H+fVXf% zQS%wDJTurq%Wg?RL`Hh_prq#H?FM8yKrz`Kv872OXeoair!ONhKQS|ZuVW`eDUS>` zBb81mie3rj^h=?e#a_30GqWTvs=`ftSFroGLcbo?vu7I--@cKwM+lN)^zC!T@g5!? zYBz1q0S-$GJ;J_Jn8kXbegvETO-P=fb4Fc1KoF)U!|kqp0(!bsw^Mwu_I-jpmBDVH zh6iFQ7Ms?0uOgUnHEVz4zO06(&IdGPvz0b0-D%R~cfCBaULlWw(@HXPJzvMwm8`^g zoEkl?^3#ZdLKc6r>;XlhAs*hbq5CS(a#=;MZsOurM?(=KqM||svaQqKuSQXy5_U7Q51^fjeiwU5;?0xIlg^%oz^N9{^If_gJ9?fe-~6tEd& zKnjjN`*ttS+bfft#?;Fzy%o`w-M^323!czZ6d4T$e1WmBOs}B~!vp3dJ^c|tmb;qy zp*K!zk?meODMf)EF0|ZhfQ}IukBb<7q;b~HC4$>K+Yqg@|3B3OI;;lp-T}uadw#k-_x50S!?POfD#^)zs(B_44(!__1+J5=n}TEQ z>4#dkl-k1hc#P`=jCKDw1{=ipV!i%r*KTci&FcDH1DKhAUe(9k7D-P5AjTyk@@Wnv zr{sP_2tcVD({Es3Zp2AP`^3lJFM6-_7uZI?Q|(ai{Xfey5#L79MFMUbb1SRHrt1V< z<5_$FXrO<`g+QYZis2_9R)W(#JvVoSfq~)6Sqb!opnt!^H(AvDY&P~j0?vD*(EVF+E}Zuud2gH?BCZ%(+LrJ6`A zlHQ3ex`0%tGobPF^7DFPKs(u$A@%q;%4TV!7SYpc)Ht^^{P#&8g-`#$R>%O|%|C`# ztdWsy)BoJ50RP6Hjosf^mg_yXnUvJEgWa}>UBmg65_h2OsB7A_Rqh$fW zc*J1;Sgi~Ljw@?z+dqE#p%T!&yLEz!5Uljfu4CMP{`|SmM}HlW_djsQ5_2`{Z$&{h z#DtE4zlK=sq2EFL-BtEm7ZC>nxZys5*YjVqnFV^C6quhcoqVjUvh(?24B?<5`_Iz{ z@0{0kqd9nR;Z5WZTo5&`%Mm-~!9iU|{}nhp;_89OkH>N0xKtk_Zcf-U2itAuQy{*) zgOA^GG9EI9DY9o_8{;R?^n#&}(C=eW%(~I4dj~+jk zU#$8uxd4VrNFbLmQl%mv(;oY1H|%}ACFTJ3S1mAb;%nIH&U#g?eAhnQzBWpQ@nf?3 z`i5Zj7I+hXx$M8%K1Q#PH-d3x3%)|I70KR~C>Vdg%bIMMu;5`pZc>@H@LBoJZR^#> z%*!i2FZXF9 z2QC4H2-zaYnUjeL2eEc5X}Z$V*80q#vX$)s<;&nMcR7}}->-0`%`DIj2FD*YYhI9T8$3gj9F$-tGFwvH}r;ko)~Dh}`{0 z(QrD3svOwJ#%gf@+3m~IB!?3D;1oT1>yGtb^h!A%Sy@@_wH=PzmxYW+eT)Wk6M!-Y z?^_*sU!cVhdENC8e0YS=M#vkw5xhYpoA7y8$1CBq{Kr1G^?&oa(V5yRlQpP49n z88x*VU{97^^{@otBar!lpvA+$P*hYzd{$sFd-mCL7L2{XGk|~T8oOcNRgC!m?bLg| zY#+^Ggt>ODRTuzoFfJneGIYx#kM1HJc#tk28x3T~GSI_Z>y(6Y5wTQWrQpAF^(zW>g`S?Ca3JS826LvF{JI(7Apeg> zO}MGy$kHa2)gt*ZRDN(-#C3S$5R^oq;n0np1pqrJCdNNQ&Z!afa~Myot=W--;Y|Y~ zP~fm$h+DG4+$=Artu4Sd1OaHvtg03Juj%hHaF$|YpdJx^{rVOF0Y-jgY%dBHB6yF| zI88?C#ydzMp_YMl2kuvpU1$4WW==4tz}8pD`TqSDq}PT{&zr#1DQA*UHZ*p}KfPq{ z=qLoFV>u#`PR;Sr)R=+R&-Nd zY)`dRkmKY8jy@lr{Czz4gs(rC1~q@rTTrshpmB zA0G;zYnNXqe<7j}__8|@B1X;D>HF)~SK$vBl+HqVZ}rwAoun%xcWM_%92|<*-fC!R zeblQxDR>dbr=q0hkiySTgbCPt*51C`c@~bKz2>>gilog_&vSsBrJ7Y9->u&INxVE! zT^aWHu%3najjC!^9sy%t_M6TX|3OVTAg=nsf{-LAS~;G}RC6EnTCPxE z8z*66k^_%KqQmjb!3BJrN3~8HsLIO9-YvK)ex%$eO|Qf8sfZ`G713)$G5A>x*QJLp zr+dNxHwmN1?c%hxM|dWf=pOgAG1VqN_r1H+ucT>l<28DzS81afT?5H$7hQX*@Zdp$ zqr<-O6--RBeLfJB=P50;%ScN4lfktqCc{;4I{A-{3lEi46jRgU9Ay_`xLz=Ix<1#? z&rR7{Maf*`!BK17#~0m^ilSFs%t(vv%U(E7g4(*NxtUy!PhflC{GL|SOa zFWKWB#m;OU)BfUhDVP>M(gE18ydmz50Q~NXRlB)bn(V zj8fjjobS)iPL~IAqI-{ZQ&Ir?i-CKwIdP~!4#9|rx)9;>@+6D*wSI6CMQF#T0l;J|n?k=rH5+{q4w6vAUb60t*g&O3B?R2xr z8WUT$?fv}$Xda75BSY% zls@Z7Pe&K}?b~Wm+UQo<T8|75vEB?jB7Vrf2_LvK~tWUNdEM*bOE8w2$V$ntJ!?fJL?M$h=TI)S=# zes1}^3g`rkVCOYk2LQrwWPL`%yD(<8hvr+izEMJUklPZH_WsW=8I>C6NZI{0BkPmS zEX5_Cw!AJ-`l*n@P@hTHW64RE^O%|0*}XhBff@FfkHqR9JUD6=I+NDNCe7Tq%QW!Q zpIF-7B_lIienZg3y0?Ri53@1ZBW=X2e6PfV7gf|@a0oRy6@yyYYq#=US#=>Dk6sJp zYb<9jL0Ip_5qd1+>gt;Ho05}LaZuf@8cNF;%n4^_XZF2BUu1HY-Q)yy_@6_zzIylm zfq~^Vrkd9Z3aIs(1!UiRk#awQbF%QwDHoiQt_lhYOCf{VGUga? z>FVl6@$OL|KOfKuGc;ms23||n9vLbqC>riD)slo)nB^;5PoCm%f8xZ-T?tb)gPoFX zyEd{EO3*wKNJ0lZKJpgu(2L8xE6SZZ$v{Reb7^)K9~XDpzFIo2CdzfMUusVw7(PCS z!S)}I8XBI%vVCIPN_F463_TM9PP=uNaF$o68)Gm>`K%Y?iOs6S;L{$RRW=2r` zq*rEkHvjr00SQTVzRpih9%j(5Wmt8RGGu6N)@BG$QcHd7`x7ik9U?~gBH(LjV4&^B zgv%?VAsT8^5Kl$D2q2-IoD7%ZjVLWG1y6Yjv>R)k@2m1&s;Pa0k8bsB(&6pq_sjy> z@K?tYg>CBxSeF-1b~?jhGD28Kw6u6kB(tk<)feQ3jD*U_nnYp>S9V@5lGD+WHkAR~z zT{JM3j*d~$!QoBx9;GLY3j`+fdzFhbfU~@5Q)&=m6myjyh!F`K@t2pE7cWPF+<{4~ zwWY(rb~32swXAGnoKlWqz8@4@{WUI5Daon4xj8xOpc9uNV$n_pol3D)^UX9gR3AlP zkH#ise(mCjwp}{2hxVwovvUw%Ni73(t0ZzNaGrbuyb&XB(%XRxl%fH~mek74L&{gM zu=w`&nkC-8jR&A4G&VMM(pAFL0w+Jjq89Wo@N#oyESDb{*2htDcCNb1bfyTy4=YZ# z+mJo{LgHC5(uaNd;#s=s`We0&>=q{9rkOkUq4JiOx3(^9#=LTco`PQuAd>>+$5PTG zWZt_))?z(6Z2HUjk!-3b#=5%ClLjjQv-|VJMB?#XU$}Z2A2v^br-RQ)-CLsO?arz4eaCof~n>R%p$5p2%yPkTqK#llgPmrsVE=}*MbnvW$Rck{*%XpE{ey$0y!PEH<4(KpE$fb{X=bZf+|1aL1>_U<~orM5WaVe>RHMi5Olao{R5~19T zjP3~+r@6J+Bn^w|fP*18`?RzM(Uw-0s3HL|xT~kNy`4X^W@5Zigp7<#%H?$HHX&iU zFJq0ewBXj~^@<%Sq{>m!a6lcQHzv~s$U2Yzxn+~vru^L$HH0&yNFjII4VrK}7pOkj zmWX0oP>_t^mf;$=mP?w`3P5$gw^X56fMYbVy|ZUDuiU5=uxA+Zar@HEiR>yKEVKJ= zPd>QS$>0z<+1vj*jn_4Zx(&}YJw07WX^tzpKVOH&!QPQ%{%Bkkr2!c#_PovA1nD-^Rklbd1#t5J!G_{R&Y*LUwbHsoHS&KBXj&eQg+Ey}TE> zus-47@Nd3Ndf43~E4R1XD{XXoWD_tbEG&HI9)8Nf!PBF?!G4;@OgH$#LKJl za}q`#&7Eeb4(1Xuzl{gEc{1D#*Yx8@dTy@NU-Y*@XqpN_Q;w*XIiFLD54E+<&MN4) zPvG3ncb-3kT9pB|6;JU>LO~`G|s}T*a)y}A*EVwl%RU;*-_R+44=}Z^Jy`3etB;SHOz0^ zjJ*n*y0xPtC_H=+cMXS93{VxQoD@BWhA0I~XwgEO@g6tsSqir`Xy>QzGfQ-ahH>&& zn{pPDd@z5Al&8x}X@L$7 zLX2H(ti!wkd^=id>K70MM_}TER^x9|OOGh}{btT+bGw=oPyavq518P#2F9ldn@hCs?UBBx3;$Sed;7wgg@yKId^_NsNoc2TD``Z zHYKS#VfJ@WtIOz|6CD!Z=ePdNv#?leR-1!lTX6dvt?qOZtr2vOk>Ll+D-3U^E&?_W zOKrM;s?KL89$aC)-m|!L3=U%20UoCIcFAC|RMInx?604=7fX;%Lqy z2Y|7w?!X?YV?lEkFeP$+cIl4muiGD>1nhwt%%*>LsbVWN`VKDc(wzgo5#8LVQM|O8 z8VwE(f3)rP)>cq$Z7t;De(hre-(xumu=T)MeS}oW#l^(|E?zfdin|q0xAMp6RSm;I ztHHCn(AL&g{I2CTpxjFdp5#bjP4bjDLrY9VwR-Jysjp58o_l?KM1*a{>~FrkiDU9d zP{GByoJB(2^S zIdE}bod@@#5!ehRO_{$zRYLA|By)ClwhSD75;{jQD~w5V;LlqfDE*K$1=FISSQbnj zzUk7rNN+|?ep<9kGdDl~?JGYQ%tCZJxEk4^$8d1MhJWV{`(Zh}$0?AT+i3LQ)GRY` zdQo15 zmDyy1`w^Nv9w-z#t>?mp(N;93L-Bw9yu&6T%!50G@HF(ARTybhCF=Q=mPHW{wBxQr zX0dXS=^F1tD1Y?yQh)l9jy^Isj~8ru*37PgnGMf}UMZJ5apNX7wgLblMfzwmU`g1A zOI%O)24Ca>K0upmXO@zj3{;;2gDJCH5jt(a%iFvA>jQm55Os?Wmr4ue9lb$H7`-(T zBe$`;aLr-0D2ZAP3LgcPgKXV{wgoX+6_rfDE9@IalvEeQKy=Ds+4m@|Iwj!0HQo`_ zc!hB1CM+R0cJi<>r^!SW(vMxk{>z4+V`FwDtH$LhGd=w!x$9<)&$a8M&GL$h%l=#w zUHgC57+m9qjR(f;CI--xE(=9t63|6yIBSKK7*Ax2h0tVyRz#Al(tKLjWwZV`Gv`!C zZW@wq_1-|VO2IpCPy{5@y9YAFcUL>%ND>M?<+EGul9LulX>Y%ghF)1&DTWKST+W8| zO;qjz@YV;!9tz?JblU~pZ_VJXpwHJZay?ZDS9dK3{%&No5{ExSP2o*Oa`IX;`*+85 zz*ASU6GTwooy#>MPYdL#gNVW?k+uhJbs5Rrz1jZcO}X}$-jD@2n1B7%#(|D0g&92O z>^7U`4jXH0Ic<4m!V?n{j$2;{itM+v)9MYOy@t5IH)hpI2ayfl_>iUZ2X7QB-+(30 zo15)^!&MG)(WXVN{Kr8+%+o>}42@wg%mzeC&%LGb%I*c>Pa;$tH?+ye;`#;#456^! zTT6T{x?8QKr3ILX=l<$&PN2}4a(};Ddu|I`!}=KU#~w$0%y)W{7QPXXk&9PZ8QaWQCDp$?CVjpbXYXrjV(xldc?81$iL# zp=V){LEa>Z7X>Ho%k^4W05-tyf*8PL%P$U z#A|BC>De1p&*QPuFxfu_XGh9kc+^n!$Mz!&^DF()8^g!ql9EBtDDW(NOS;Eq`rfhx zZqbd%t#tL6ujW(QnQ&2p=pt9$ks9i9EDvDQgv-%lK<(rMP0dN2Ryy7u0s{&0H_sog>ivH9jthd^6~YtX~-%LnlLiejp@Ze(rLF{1m`VJe&c72Nh&a zC*F!FgBe!({-jPdNb%8|SJ4xsC}msX?BcQ)cwVWL*Y0{KEr+EVf<{ijC7d(4PX5zS zvcthf$1|Z$9!`hOmfwm%A|)m!?&gV-8HBiy2BiL-Ji>qq1k&miQtP>@SE~rt)DW>a ze>SZ+)C*q|1*Hdv^N*|5d-Kt((H#{lxs`L1KeBz;eshaZzVHJj6g|gY!}XY>6)2*Y zYL3?doe}C=-VnI;Z0x&M^@Q7o0K>^LeHy2EOOZhozpi*leYzm5D*3rxUaa$sg#f2j zs)pm%b5T-3^G+!4W8e-O3wa1(ytj6bCeP==sPhWC6+?F7CFSGUk}@UE@N>Hfn^HP} zNxpual25z&trz-V4%0DvhvS3yGs!I~)sDqvZpNweH9I92-9O2{kx78fG46sExQ2t% z8~jj0>LnlF2!BR;dRJ25i3HRv%YEgAa4CJ#>5wt!xZU~b@>ux}>{O^mR4Q$ApdH!k z4HR0QS2dkxQbaZ@h7={^y)qs^N}&8p`SAmLBsP=^=Au9^jX(yHk(N)BB$N4USJQd& zs&mUXs*>>OZx=zQ2F?5O&uG)0CIZbwa#!w?`(0&Qv;Am4w%q|$GsE$b;(}pg1o6-f z*X(|u_fZ4@Iitm{!rhT?Jjk~~>Y5x?F3Iw#i|Wo>4@HZXY$U({wKwC-WH4Ny8+G2& z3{656g!+LD!Ne*#jV0;Td}3_-MxW%F+BvUa=F}R18~! zKr)K`jT~b{BK-YQItJu?I1H-8X!gqVNa70z~Ok@~oL?9pSE!Ljr z@Z{BGB9IegeG|ovKqVn<_+2Nf(?@@119e#=``qe2Pzx=P-->UJvlotY<<-1idn69Y z;x#M?WA!Sly6uv#xR|8C%tk<9;2^PCO^V&Z?|$gI0dmWRFuc_5*4ek%owPSkY{u^N z8>FlQA1<77Y>Ydo+aj&4)T(6qFDb~|gs88OFVfDYT>AWglQMjBW zk@F+()hVyxHQSDu;{c6lHc@GTQ$MI0MN|LY@fhEJ`n`kSN+bRB>Brk)OiBR8VBREo z>GAKM&R>P$A?CMpG){d1m9Y6;z5sw&=#7661nv%8m;y3IHC*jfdd6iI3rt8Nh#0v> zi2siL7#L~fY;Ry#kT-N8iOuBE8Ge4RU^^k@sCw^%bZ4wNRi3`2F)EAE;X1mX5BygQ*<g#{|~I#R8he@r7t&dOb1OgbwlpeiG5YoQph9NPanMQ z6soFaQ>CG%o+q}`bLV)K(WJBZ>pv5IF}O|2ji=^I@(OhA%`5ft7?VRkBo);bNx5i_ zP&T@c?)7au53hB&aaN9H9w_a%o^;uENIW*^yNeBP#7FECxOm+5m@@`#n+fl1#{QZ~ zOtrx1&i;=8>dD3>U1_Zx#WV%_>SQSiwBpwX|11`_3Ck?z0p732S-k?2^NR`O+X0JZ z`xi_d|5TYr`t|tM-Z3h!F`-lX{&s?+T&M39-DdFB-u)6*v1dvrNHzCeTNR5rch=x49#zqZ01MRYlay7yCm8V+Jbi|euyzDrEAcyl*P-7M$-u=ke%Rjy6=IJztl z1re2y6i}2#x_!j7(rW%Q61xbzHcrpjum^PR{8<&Dxvr{$DHfQiQ!4k8&#Lv{wHmIj4B+;LmqA zZ28NVw#z;e&rYqSd|Mrlh7Nq*zhhud5YE(QJNUFe_`NPd)WqO-*^NBb8r}(cs<*LY z;|;%6c>nvJt(}=;w>ByBhG4bUTDsDy^0T8V;$*^HPS?C`o0*@qm-KzJv$n6}os!Kt zVvRIX3l>taXLYW5Z0{gq*+uv;qh!pLi%3qzbReB%bENvS$%Wl(k&|iy`;I6T(Kp%h z)3>EAoL-AKS3QpB9pLz*A@zJ=Jptocdu|a`<3O4zD#}{2?Q86<@l!JP{hAiHPM2eU z^{#1E3b8tgzb`doSzgK-wz0y>iI; z9|oWKgY3R)V=L*@{bh?6ii$A`78E|h4*SCwsjuucm9!pXKEB;Otz?%U>(vi1?|2P z>N^X|7X3(bZty)1++|uHJLaD}kqDj|mruFuOJrn|(~c`KDSeVH-lAJKMBgqqq^K4) zG7)J*oyWPHFaK7yxr<1_GAvO;=9^S`B#i8{WX%2hd;XEaB%ye z7eH8Mcm5fjaYNJbo~CK%`I#p?#WY&iaYgLI8~#5%;g z2MlX%li2us4zcxe zE}+$HxagS|Zyi&p`6?XbRJs#anRYbhDelkKgnmto75>j&qo*WcpA{f0%V-`9%AagA?v)akejE~d*@Uw|r+}UAX@2|hSv(LPm$%8#MEuJv- z)x59zVhA5^K6^`txGmk%(_G@qX>F;<)wnVZeTe|_xoi#eF4Im96fJ-Ktu5_8-NV;d zLi!75{;KWZgHv4a3!eYj@yt68eS?X-Nv(WSzApK+B$ZDEn={e&x)ow*lo7GKe6K@j zyGC}DEf3g@tp0v}A;n`Q8QpEN{ften<)V9baQ)N`kTUWd*jzw1m z^ol)Jn6$MSKHzFOGz;_0@$B-8{@CqBsZ?)#MqJpaJ$J5QLDw$q$r>I!8Yp|2EBwhZ za@|irK*TN|8z+wVlvIkT?ZbL&lK>+=K1#SDUDp5;+O5-upH;9%rm~oPU9pcS`7l$- z8EhAyKL*1URNB95<-+KpZ<1bc%>Mf8e*eOoNgIQr`E1WPjnj8x*%n&S`L4LjIkrVL z;O5NjG`V(7%3zC-XiaI#&7TvVP`=InXg?BJ1YBm9UtKJ=T!_+V z4}>0SRy)5bQhj*Cgk&Z|?DTkj^}}^qark7JAk;NSY-MIo)9h0r7ZWEDOZ^BHDI+au zY5gIMPd0YemV7+ioSl7J?X;|uM;Zm--`-$egl58-AMB-UI#xDG$5YNMMSrQD1qX%8 z*_@FGpRLg;6K~I8%DOK0;z;GE3nSZrHM9P)aV}Hs(x}uV)fm-mQ{Jw@_i2nl8w>ed ze!itDXDSJb=@;qtqLo#t!gl-CgsuajPcmcZ?iQ}jFb|}6>JBvGN#%pj*EJ}U^C0{c zCdAdQ0ISq~d9Cf)n~I7o#hyYM`RI_hS{joAKA3A2;7v0X}S zX&oO@BO?{^srO^>l%xPkssPeX!S6_mTAPPS#p22j=jOF$jL>~HVUBj*aSmErNHuH~ zVMhshW^Bbp&%?^9{w2^g@-d&Dj(MOL}QeXpI#z3Jbfwy z9GQ`gaAS{g#AyRo@~N1XXXZKg&IeZ$>wL``2GywjzmBT?lynoXLxM1(;QA^8QT#3x zlkQ)VQ?VQr6O=~eZ;5;+>@L3fX?Ml$uTg|ZP!|l9%#$-0`&*{k#&FRJC-YLcm({6L z3VDWKAmhhq^^8lI#M6a9hoH#uz(Y3Et!FRs`=`V{IfSqKPh!)JD0T|_Y!MTuz*WJ| z(hY*q9BFPiu%kw*e>!AapQlX^UR=F*2-e*%wq|GUrk(no1M3dey1k?!350!HgInj^ zpItn3KeXEK4MlF?Ukv`}42&E*=)V5xvZ6R`c8uO~d9a7@&DGD}Ut))!^AnVq>`%3R zrRbrrE0x^4e2{vKN1y3oBLAGE&Os-fy9>p=C|h1g;lO;@BXTo;aD!3?f9Ut}$4K)1 zBZf7wAaGw0{27HiSokVTZ@o}Dl6DN*Tys@#x3$#Cmkl%>;%k?)p6&K-26rN{y67l7 z@NZf>Hb#k6IT~Zx*FGqU@##Qz`d3EO+T*b%wL}A-@}$jXf<{!2%XkS$Rs5 zOdT;A6KzrgnzWcsQtRu}3m(|+WZa9(I`WcL3M}>__10&lyxmP$**cVYyk9V+Ikh$ruMu>e7Z^-dNLqJ?6R^-z||O*293AFg_}BCbnLh z`;D|xr$Q{rl3FfksGtGku40W>hL1fwdX0lK{-a&@f~o~s{d@_bA&f=K?27COn|CLZ zEI%|JR-YM*IRw>DFA~NhkD3XLpGb$8ZT;LZ={}so1&{ImWVye=Xc`mixgGlS;;ZV= z!gtTEvUL&%r5CxKIk~5(Iaj1-g@hBW1)ng(f4{i+syOsc+CdkSFQM-h-w<2B+*zPW z#HDLvCGD7$nEU+f=gqa;t>i7$`a;FFND=sQ9H~a{LH0x4^b{p-%nx1UM{Ud{rBL)I_i{k8Vhj-p_(j;G00F(Ub@Nfl+jQkgM7GNu}clk+8O9Mdb*k(H$ZgsZF!L zV{Q{cBH<*guCI%qYnlA_QiFc5ptl4Yti^X^raN4yX};FL>z~T~slS+V-g#%2(b!QS9~?ra3g6d3zV?CQb4|H}2EEX@ zVMBT9iU}&AGKsTQf>r0igCcjYxK_J^Ayd=9@S?*0;{9(!1|v$p7j2mEnUnnsgSBhY z$sgcuC4&{LEo$AdKO~^6{ucF5c6E$bNFK{$SKI&J%@%tiUmcB*3M0EvtxtQy$JU0> z)2P$v$$Qbu)L{9C_AN!~VE44d=8cJW%vqzOto6jgx16fCK0Mo#`ONQ9^H`0$yKOS- zp7&N)J;|JTr2lBI?&;?BPR3G(=5f+qi44VH#PdZ}yUonUW6=r&S@+OC9}bRP40REk zGUBTe8U^o|R}(u&V@Py=vnkM9Ql#f`NI@orNzWrp%#^fvSm@Lv%2*-2%u&g`bC86F zCDAQwESmI2Drjpi)wdzScs22k#^AWtt%w5`Q;p)3i>_(|?HOx=UwnkAO}%r7+J?;H z(I>*-QKxmTKl$Qe;Oi2nmgU+-vTninqIY0$Y4iEm)k=+vPqNO^3~aJf2azf|K5~9y z10UJIwNf|Bbibc2)V!_hl@Xb7zrW#92${TlZaG=S1~fpl%H9G2-0OQWknGauc5yDO~`q4X8o5$7Z>$PVY^-HPD1t~oujz~>`V#$ ztQ^zmph5MWjGXR_&hMNtpTCaUEs)2xaJiT^?H}%%`#gRTqi>Il4Szf1Ofqq&>6|cn zvWd*-{4Tf?_;9vfveGCcV?rN^^w{1Osa#nC)}jUr?NESl zYRq_gXe)Axax{6jT2t>>MUIr$mZ}TrzdrFli4JB*SbYm}j>XvJe3v1qR-QzTO){UZ zQ#^J0EMF9|`?beQ$r0HRV_K@2B5fZyPP^uR8imqrZ5C!*Um`R0u#UYlNCN3j7&N3l z2lYZKACi?{X7BQ!aDrcr^Vwk~+CJlNIP$wjS*QvMEQel#-#OKm%YNl9?sCn3fULTOSQCt(w#vbQG1iEH$}TB6XX{xB=Ya?+u^ z37oJN_=IW8&xLd3LTd)hu-0`V)l4n6p&Q^TX`vSX#2IghDNkpV3A02Xnb#mf%}lgC z-}vR`W)%w(viNPc!l-f1osXpv@2N~nm=>QJy9>97 z=P{A-sKt{yWJOOK=I4!TO)gBaqi)dW%Lzm%)HTOx23s0>n3uHS$`6@}c;u&CKvuWl zFfrEiWfvT9GdmxIoCjj65mct;r)1gU2|kl78M)hNT$rf>_!He?T9Vt}ZYkM^`v1;? z>=QDwe6jzX>ArGgRs*y@G{Cq^U*@Wc9hF4ACk@5Jjaq~t67PlQ0j10Ynkcb6u(Sdi|8?BN#J?=8VFd;`bx9+Ve6E(%Z zj;`@~f`I3-mXhVj@>_jc;s(xq)p48Hsc3E;tq91d6}N9=+GCnWbLg_-GqZF{QKaqz zWx9SiYn{KOfPNkCggTWaTPnr=u^vCy*mNFz2prL|gpaxlO95%o_pjS(rpl!mChy>{ z(LiP^5Jf?toO#Jh^W%#lijSSb6+edYcDnspF3e%x%BLgo1g}bbKWlf)W%59x92wHA z(DAO3Y&y%X+rkIdPs&U!*u(M{eCi{>S(qE*=eVy}HngO?wkyqnJ5>nS#AbA~e2#1eRu;tl({vz0U-nA0J1lt;6sNK_58rl+HcyA$QY9-2TW zKfBmCdjlF`Ryv^!p3H!*YvfQ}EVuvjq2+DDx{6}K?4O?K??(XGD9e#fvM}ekEem#! zahEXxWoFaC_@rKRvYtWAp0x&`xSS`2dk4pC}%``y2BM)Ct z$?a?M5Ao#~HrNwen&GKEVWKR>{z-IO^V9D*W76%b4@=ND`Cc3wA{Uf$h%ah^vUeb@ z0TaXerhBl+8AqwR-)S^5*IFKIH@NW{HUmp?O%ix|(=9*UA!YMw6aGf)B#i?&uX1H` z<4>Qy740rF(o-yh4Jf%Of2!vo-(24=+(snv?>X5Ru(0boF#+J=);UGy?<0!CouN#n z@+e5MlnyX^%j5CuYOAFOcqg|1q-lP&Y0n4TSSjf?CK!RBY|GR$wtM&b3s;A#O=W@; zMPDEhH9!SysMeTm#Vb7|^ZSo#Btv*Ckh#OgT{8Q&5svE3T(gV$arHLg71Uk&!L~H# z0bS;q7Y6d5H&#-w#6R~U6Wx&%!VBBCiR2e^Yc7il%Gh93r3NT9nD&yHe!$EjnJ;^! zQsX%tuF?LYEC(PM&3M9Wwfatz!(&LNa|@;lu9X~7wN6Vw*wN-3{kfm72W?=Goi9@l zqC6LOlhVN4BU63R2u{9=aceV)1c}G`_KF^q8xCnc(8VngJ=T(4f=g2v& zAfHb8_1uy5?DA-&%>;PFrdM(1l2>nBw>wH9L}vVC7oC!eOy9#Q67g|o<$3ehXo669 zI4RTt_dA_#eSqO&pVaK$1wr9&lM-aT#{R$onbxz>2U@URLB5)D@OWr#e}b-T&oL}B zuCK2Zxj8*#Kj=}`%ny0otAkX*19>hHpHNCcB?JPqZ?1m+YmrPo@w{yLg$+yQG{dz& z9w5Ug2npw>*Z`_CKCdy}bztHwIN^78iT)gGD^STv$aurb%~7jMRUykc07@2)>25rq zV+UK5N+^Vg75-;?@3 z+G~4qw14S+dN_8ElWSP*=g`5JoRLgr;oG|fYu{je@ylQ4vG_6VPz$_AX|#?GeE=p? z|LRE7xK)O{4zLK!kb83d8X7F+aoaMPo@XjeqSd*%bUZCufZ3C~!zqqTk&`Sp)1c6k zFN!owUnR%hI&uPopBoSlSP0cw5E7!7br(_1(c`@%@XcIP|d?OBvsv z8O4)s$h&|%zV^5G#S6ZY$j+54sRE-+rg7Ko%4$tO7O1j|kp-<&9pSts$xp^Mz4ex9 znTk^rZ=(`t>A^7_;tc1c3}>7P`>xO8ZZpo^k3miV)s?W(OF_uae02||NTa{qHukse25zLjio;N>j6tt)fb?>J%+6mk-V> zYuCKn+`~?Xt97J9BRfATz%~Z&q9Cl2;PSy`r2$vO^!MlBAOoVZ$OeBI+svOU{*Q|} z!OzeP`*~2*bmn;X{R1=jOYl)N=J}4;^&$h5i?hF9?N%ROj@gOePBOg6>f7}+pY*tg zEXx>31;~CVRDm3>JwHn+RB8VE=a9eh4ZoPMU9kS!3*gtd>1*xrJgxRj(1rcrEi6$^ z`I!A?;}i4h)K7FgNOiia|+n8S!^=Bd7kzK%A20 z^l!LG!1VPN!fW`LqfAuI#)KITRfu21{w;MjTJz7KAgq)jr>Lu|SGExLDZsz~WN)=J z^67tm-Re5B>RBKkqIqXo#{R?i*{}9JPAYyk15=AFZ6(S*BgJTT| zW%NjW4$X`iW&O`}jenaz6Cn7*&`~JMDiz@*EeOFJtQh&3qv1vH_}|ovPz0rB(&9NZ z2mJezB1jB1T{QH^{dy~sSh@oda}yP zBRju_$HwM79?{A)EvQmGny{^C7ZuaEjEDXjX6JsvpO}Q-lni<@?q8dEQOD?7K8Jd* zcj4{Bh_7E?K|fF9wzdaq(vqmCsNE*Z$P14d1kZjipMsp+YiI?M#A8yia)Kcn(8LBt z>g-5*wSvv@FhWm==l=lr)4|9w+QUaAB=ljw7alCv!kp8j=X4zvHMMQ6qPjW_w7`G< zd=Wh2xHXZTlS5TiQ1(Fxgf^3p==TqPU$$kDC2(O1u4GCOFM0Ko&!B1CD zA2aQbG+auc_#}_&<>ch-uaJiTO?~?A;orX8!fqKDti*Jg_?;xYTn-7&oAQl_Vy0iH=-026)B*F4+ec- z8Dj8=f$S=DJ93_F%pwP^%FRae#OQ0puVwxw(T4`sF`%cYzq)kAAZAnsA{HB$1{n9O zKAscXzxcXs-}e(Y7ly-_;kkLEqX5keJ`HrA!yqA*bqfm2MgSLY)~FslP3YHBd@H+M zIkh%eJWrV<1-->Efgt)uxnT3{+v@F0RQ0)S$Wa=6PLTJ7K=iWSo+y1n%c5}QvY-V$ zhYLVH-xmg0@&@HcRArw5O=5Nf-%BRr{&yD#mY$~jPy58^8{Ebs zmZ6#VTbn_5_|pTD-iE$2WYhA>tp7o83#Q!3wV9`@(CG)vV!36e!!I~ER6x&14hAht zlBR2o!(d+N*;^R>El|RNHHn)W9VWpsfj9(c#r;Bh z(1F_jTWP8MpYERR7jWH6{oSXtme7*_X3F5bT?yJ;1gTJ ze}{!$ETAFysUqfpZBMz}jfB!- zL%@W&JDWBwkfj90yv_tBR2X1{uSg3w{&K0MZ)dVZWR^pT+fU#I>Jw0FluF|L8B8?p z>+a-=(Y&Qm6PlEyWjH;mOIQoDLf|5g!AB1e!0-?u^_;yNA=C zW^cQW0y1+5ejwuLPBR%<3#1w;qtUs;s+~rz~sR*gOD{2|78FKMkH* z5k0xP)jg=>(@~UXz!ttY%8xXa@g_6Wk!m9K$?{bgbDLQjmMAcfjg5T|9KkyMZ6tTi zwT}{c7?yJjt;oq4B0VJgeWy;P-J zCC(#EgQM5AHiQ)0fSDAEqdW{u%$DX`cb|ND^C;52Cz0o+XVWWSVcz{D`9HJCBFaln z_SUR(y?a0?L}?EX2J69t&$SckK!&uxHc0@U6nNR&1}Wv<)l2b@PIw#kB!ak@r{3lJ zTRXeEiqR<*1u(z?e325zi!%aM)4#uvH_Z3&_2_m_ID;Tm4*>@;oOhmhmCgdd7iQ7+ z6YZ+p(JE``?h1^oxz*)tJPQIh4|C=iBF{x$Q0G3O;KXk@w*mg}$H+Hi9yb0QK;lVL zD_^+M8H0F}F6(wYi^mS+=k)X>sF;Kx!h#3w_kYKeUjrkWA3PWk*!?>nnP2I8bPt4n zFc2%_74#^WkMAIiax#zl=kEd2)EY^>zdV&MsD3~@b#F%ruDl@C?R$4xn|x5G-dK*p z4aal3i*9Yh%;5_vI^ps1&7I3%N3$Cn*MVyb$@>iRa)RP^%+OgsyX^Sr;d2jkxD*|a z0U_DleH*6&Yt;#PTpmTy zYrGdEYueTCC^FdO1bOmbo6Bz|LHUZHk&^;NBI{uj=9xyz<9Wk?O%i(#+4I~#Yt>@Zyb`SkP7W%|?d1tSOPk`*p zOj}pn->!;j0g%xIW{So?fADmR@%m)?oMIDb!yX7A&*d^x1Okiz1QY%myb>(@F*PMn zxeZQA@5c@n<52=cl7hmQVHEkm3#Z=`&@cN47rSM6_}+Gi8wvD?`@y3G76}mIHhJ^( z!SUHys@RAHJb-Oez7Tlaq((qy=}#$_nF6E8Z{B{<9)}I(xkc!~;dCFm~fH&bDEItg3_kx@`XO&^wbloQm;MQ*Le*p1@x1V2z z_{E~C_7e{-yW1dEgS|!%!kkFT*ryNBKu76TQV;LzP&G#y-w%dyZtdw%ldlPosK3S(1O5Ye0N*e zlN|-7%A11-u#_7th(L)0NjC*kPQ>swwQqrS(Fb-)6X=tN9=N?=L?HFJThD%Z?B0YC z1%4n!1ih?9mm3^hT&W^GiP1c!6hCxddR$#FxK!656@zWgM5Uyn)(=1&)E8(l39TzE zW|z8@(=sxef!h4oXGV@%Gd=6+9a*7joqRvC^%m0 z7-g*U)AEN=p+=Y}al8B}u9N7q8zliFJznYQ5#q0#fB#0?Tk2{t-jB*nfY2)^sjrlRnzw0dB>fKZkog_doqSp8ti_ zx%2mn>4$~IrRL@d^^E7?VPOwrnfrdi7~m&hcKG1;p;mSV=oIik%~=3WcFyrX+JC>M zGu9Qf_Xs_Gpabftj3Z9KZ)cR2ALMMi`~=wbfE)<9?}3R4+#!+fUrkbTndR;TUw05Y zAq6oBMDM_4UAL<gS1g z^_!@uvxC3othQG*7rC#2QwAC^e&E5xXX!^lFq@=d0B0~vx+p74X=q$TY>z_L(*)@e z2*EyoHOh&6$|1x%e`Br%2)>80?}t-9s4c+1DVzQ1>}d1h`?u3qMfgB>j6i5;{6mG^ zlZf2}!5lE--=MeL9=VhSw!c6347iRPM(%+_aN9-#BV02E=`jhle)n z(J?VPKRzD$imt+z$KJ{XLgAIgQL!b`$u^=3*+YG_#!a&QO0SzRPFf(@@ zQ%cIn$mGsy0M*hJ1cctoG;kHCkV3Tyv)HMa3k3a?zK{ zc`{L53BN(0x6-R)(=*NrVudi_Jo@R&hnr8IKfm!p%>Kb6J0b*wRqvBh;{o9<7l(4n zyTk!MbwQ6SRLh2ptlVc5%%ZY&a|WWF#+H_cK-gIjto%|Uw!WUX+HspyT?`mSs=i5_ zaLA(*8@w~99X3@5?Qht|Wb|yfuqJrSzr^Tz^+9)tHACM%yT);A`1AsSg>_M5{i924 zp&@j;j`Qo+2fnr0pgWvX%4T_Xhr?(4XB)M8rUFQIW_`0sE0`+k?qOkKlKb`662=Z0 z8uGw>fNt~dSjQxMB^L$sNr-S-Hpi_$1_uj++ypYFdlVo@7hSA~qqRuK7gvdlGjOG{ zQccBOduoCsn$1xXn?6XED&bEBtL8!CWU^0H^Kua^6?my<=W1lmFO>X`!SK&3ooyr9 zlVCYhaC`Xzgwf>S83;fvm!d$ zXrj&*w_?tMl;s)r(f0G&;%Ve$=Z^csPe1WCHWe06F-dp@K?)T_w|)^k#OmYn^Nz#K z%FS*0wUeY%jKxOQTc%clAN0iOiN}+3PlX6BIAK6A>zDY<85y>I1RJXh>9c1-$DVZ= zE|v$JwaQIY&m%;wS4Omoo%b@>zUtv2kgWfoKZ`UUnDu@WNS{u?>B^O){FaxOR)p)M z0Vm6cUTFy2b1X9`Xm9bj{Hn!+p}3!sw0v_Ful*M&lH3QVhEbPU497<|3y!O zg@ttPB}C`KV@;4Q2uV3Q{%CClG5H7ZNw5X)!D$FXuZZxVL|I@%EDr!l-;rEJwAALQ z$iQna$;eW27_3tH+k&qaMCzPouLF^WYARtS_DFtCrtHr|o&$lOiFD6?KC?Vf#;0=n zA`cq{22!>7K{5dW4_?v0Pt^Hd zz}-_@#^}0TH{07g*jS$A*$T2K$)HIP=IQ&W z3bxaubxiQp@DaDbW>$Old>hcP*KeqmUp@_6zLId#INAubzbPR>i_o`43s)=BCiS~V z&`J-`#J|g_iezhUYQn;gjs4ZxiOgL%qvOa|T<-7M*n&J78W$Ir&IQCBNbXjMM38YO zi5tTm2rn2InLlJi;+$WE=#BQLTW*{UgX}7#z(|?bbv843c9(cy2eO@bp)E5@3ThT1 zN#zzou#{yLh0!6b5DWZ_khh|`cekRb)NOqkJVzo!vYxzrcyl5*5^>Lqy~`kW@nSz0VJ{S`e`W!0rS7suAa^tlaEmhzAf} zz}NCr>1)&##M@3!aBd(}2?(g;H%{zLdcR$34JPsz@IkqT0AZ2Y^%{|-Go`=kb8{9$ zPH*Z!Yh_}h`UV05NKn6{N}I5@U8m~|dMzk#*z@l0U1eTRVZRT4PdF)r--InKEIbVh zBnP#wk?S|EAt2If1}@9ljk)(gQ1}W0f)m@6QUmOCC8u(QJWN3$q4rLuJ&M|Po--XA zMnKvYFX`M(pxKAoGEMjB#h9v&jnWc}2@j&;wg z!Il&($8{Wp_EO$x^zq-eqSDe2<-zxWh{OcD=wZO+WAE@NYLcwZ?rvdF=CkosQc&t2!gaLW)WCxKxfqQ zCW@wlda>yrX(#W8@brHXur0K&ZX_9+y1N0z-mfl7Q+6X0liMSi>Sp5N>0xTuy%M+h zTBb;NT;w-#jTTo8+Iw`SHMJJ%dVOH#8n5BX1FyJPKTMUAgHu3EY&}TpHF#+8q*-$D zo7JYvlJV@b^zpfH2Ib}DT?=0v;PKc{4$>@8h~MD^l5$*nbwPRgr_9VOv$Lxz#>A#% zDPtxO<5gExMX*>r+?wCdmIM3$Pyo#Q4x3aZ1@ctb6qe?Hq&1cjk!Jy9K54^6A}hJv zaPODfaqxX|6QL!D2YidsC5->2gJH&NyZgssB9&j^&y5#g31Gf$!lizydqc z#yYw{c_i(mIV%I0=GE(Ms&J;`BAd%9-4?&^aJ{(d20?9X>pRySU{1cMjM}ttd2wlO z$FgDQ1-~fJ)8ESw&HZ2+MR&YEu==Oem>kJIOib)oOcDf2(WGYP<~qIKpCQlq&>8KC z2CYb2&tJXCh;|qJpmXg3#es6WC0WZe-^MjxSQT=c z7oc-VA`<+~c@M`ZFVzS6zdOcj+Rb@f51O?+FML5K5Hi;JOZS(6M)*=xSO4nh_zB86 z)+hbX5MFh4JSfi2b;a?Wfd%tQwoAH)c`*kb-KSs;h_m$seQ<#3jU?=AWc+ zD!s%O29n+L^Wf{D82IvT_adfCK;-E94WG!Bp&GVCUiZM32BPNQa+x2N`R(i4OY%YE z0RpnS0BLyvnpS#skrW!63jg@)*RMt&R9*F2D=Z)}1>xs}93^MdUVbM^GMrDvu19o0 zAxp->f&q~^Z6<7RnWuSrtj#Q8nzdg<4`XoY>^g#fF(~dSNks$AK#q!}GW%Ggv4hy==`Ezm(j+69pU^*iKKBwc^vu)A{ z(PE%D0R48gg7<8uhi2%6>?`?o3!Z-$fq9T^Ya+M>%wsWF4U$lR!zz=kNPzPQFqij% zfg9gw*($cI?Cf4yS>0!3WGr&tqtJ-~BjPFZ*=OBPgAA(T2`im`Bb`B0ujJa*Q z-1RR`Xa%;O{9Qw);qn4|OHBy9Kjj| zSYde&Jd{_=#NPfna>?4 zh&+<4Hv5H^wxRi?xud>)jTcd5^jFs-JK&#e7fwYb14vAO*033}VGC{&%Ji&YBSXXI z>Pf)qe|+3|oOwC7<&8G~{6$`pLi*b<3Mb3s+Yl0_05?&F2FMrgoGfcSVcbQze*OBR z^6ZBAi)T1=svo0QRzy37#;VCh+26-}TuJyTZ>)eF{GIXiU>mbRudP`3r>K*Y(<`a% zB%M~I$}1?=;n1tRKOkWJ27Zzed+KP4Ab2|D+#BuT^X9ZyJ&K?xD;~{`)j)D`W4n&6 zRx>@Szqhv$dAcm-6hi5MR6Y*^-{Q6rTwu_9wWtaj44j-ni&PE(r4vy|B+~3B_Jejr z+V8Nx7nr$ydCq%Eob}!}P<7`sx~#11K7c7gN(FvOXJCn>@90^bW0}3(2edF?>$-*j zG|0$&qFOb{+{ox71_7JyX0^SQ{U+JQYp}qA0*xYvNlp;9F4o+~r_SZ(n%kqVhrsa_ zfKc@(E)k(oqk#LJ9g=v3^cVth)qOuFpo44a?!Kqh86WVN$>3K|Ii(Wsti7}T$7r(7R1dm?1+|9SMWNc#M)s~Qu`Sz%2d;1PCH=gNm zK^SER2wP}}6w-s6`J#RSsN5|*-qYKt_XvLg0Pvd|6Wl+rW(1HZ778cvx}T&|{Nqiv z%YC$BV8!A!)HPK_@|@h;8#-W_qIum>A`6wTL9$b5r=hN{kqofImp3<2MMTUdN*{wf ztoK)&#lnft65=}pQha)UzdkDhtPrqsE6L$uqL*;yBZXb;{s?>pt4Wt{zqufP0~BA7 zC9v*zG_NmTuvpC|p4OtLIEu*1J}?l!dITN=dAFbn;u}Z-SvA)-@HMLJ#Js!#N?4HW z^Wo5`%Nrw-AWGhZZw<_DD+jY5334Fec?6N-bp(3QXV5(Dc;$?GOSA4yu`)VjOaSvU z8NC+#;mQit#qlO2+qeA(Z-TE_1O%TzkuEhYP0&Kc!h+6W>knxs1`^B?4;J4JhJ7~| zlIn>-5E2sUnCt(1MM^fu6Zg+215s@XCz&pmv=H1*^h-TXGxJRbw__`2=c%xjtx2xq z&0f-{6cpDH0NOQ{-zuUwthaG+AOwj$pqei&CXS;dtt12mYYiVF z16XnRcJl7%6QQqWXLX>gDOcIqK8F7Zm(~v;io0t>NO5U>v8YSi`TMY4akW5j`-|`Y z%gud+n*%5`=wO`<1Vb^ctt-GEpab|ffW(6FxSbdX6XL&RWVANB_-AG32t0itprY~^ z@(g5Lywckg&(rnsqf-yXKd~0va8@uSFsns=$AiEB?={7%k8|xmk{|#4DRa@-2nsm= zd&%%L{r~u9QkQX5>HQ~ILXKOzqW{w;0kHX2ii0_+$z#3=dxZ!tcuuu$Ep@lH8FRk?p4 zeQ{^vkG)@YCRgE||GpoTwN2#_-)^H%42pw4AUQD$gH}cYzt3WhaDSZF753u%bOWDHRty7ljGEspF&Uvk#jCsj#qQ zSl~Bjnj-AD(SJ8K9^5NbH(s=jMqaH2d(m-~Lwuj}eEB-ttm{K*dFAWtq~^VQwrb2~ zDXqD%qvQk5+kDv@SPAs-TZbr;3Ix4(<9%nMbI*Y5hJu5B-AaAzP0P8UTueUadv?05dakp_3dDKP@p_?DF0Kb zbAuk|A2XG?^&sFT#9vMOQkkSoOkuZnkqs2c654Icu-+j6gy>m%14ihRQm=!7r2m2 z{nM$%ydTD~_QKh}O&R);Kvk&?zZ}irK?uRintrAvn8io{M7#jsHBL2MgL(m!JM_J4 z1L)JfGlGCsU!Dq+-F6=l)TMNj?_&+UvYL}w5G_%@U-o0F8NO%1r{Lh$%z;aP0ItE& zdztv4Fm_yBuG72yh03+(6)$J$HUcs*gcoGC;3E3c#c-ozW4}L{_VUBW2SrKm$VePW zjPKanA9((>c4XN0>X+3%z~pO$4wjgi&w+t=ps(WN;2<;TQXn8jne(LpfO<6n{EECJ z=&k{~rLI6Nh=NaAuh}``+{BWh)%Z9aMC<)fd$bl6=YaRBkS_@!oQX;-Z;)ptfBF>f z_wU~b1Vk03pyD+($`OMCk;PpyG?X$hy95y-&L_Xm1t8rj}}=5UM1=SCp5zf@?Ogq9{~DwxeJtQX{O zG=@sxeTWngUVx`-FZ{xs(cVUoBs~V4^QO!GN>g`&;C^?hPXHc>bdjB6Dk`$zuW0AB zRC`{WaKk00idP6vPtPiSh|Q6zBPB~+eKk@fq*h^Zai8YfLdaQIZb42Uo2!|*Sm&!i zz^rYlLq_JZ3?fTUC^^vJks1N7=)`VqE%!tNy&tF=s#chET~AdV7#Z=;52C$(UGgFF&OLa74ni~%LhW`wP|{q1i-`S z+4&nFq(aKSw=v2DG4hMF% zZZ{19i{^XhvwoDy3FvxIpTg&WJJI$c0 zH9J*;3is8Q=}1qbRxSU=S9QR?WBeD8(7gt-wr0KEJ+7Rhpp&`c`akzJ25NAj{lI%+ zAx*TW0t#agejVE!(j*6QnyuW2My=GH8d$g~kZVc;En2vB8jbIGph1P~$pXki@iYdo z-egC5DK|!YDyW5g;SdoT*Ee{leRgQxe1;Uc68}$glpK5DGivI)^{$87&{o!b_KDuG z=N0sGKwl{pt-q3Fhter4FKLXIFB(B)2e027UGClJSl0*wjFQkN)tX zoU)13?UFv=f8N$1A>L>^}iN-6C zg2f1FoYja@Mg5OH9NYQPJl9XJS^f=gys4MbZ{i z$j&z!^&+T@-h{U)`d%&!SeWE-62G$1N&}rG16G}0gu;l1l^M$dpS31ORTUDB3@c%> zv%}we^$<&@Y;&rP08wPvLtI%?GxGaaT%bT4WTa?G0z+XS%{#>B76RDRE6DqVg@vVM z6@>!@uk$seg5*^wL&IB%;e2W|w4)-2P1UEoP6*JiUs+i}ZV8d#^WeL<-FiRU6|8J* zzK#l0Md%(CX#6SG;|h;Z&>m}j1lSkl1GM2nEq}hN(}%$0=wBQV(A-n&x_l2LNzsax z)yo?UduCQw(XQs(upT}7Q15<5xe;%(*pB_qz(BYCkrb3ZVI2ho1e6&(6MMTW;NC$r z9JF8h`g^4*CTS28Rko;m%Uwc%xdEQ&dqA&V=>-yfGXqkYdi(w)?Pkb3gmT<0U=Dy_ zY3u6VVXb4(AETaw^xku#{VzV1bSo zBgfhNoQ2NcIUyq*Z7<+bX@SxR?2H$*v_kUok0NO_KY%edwYT4aM`n}cy8D4oTtcGQ zW@rR(Q(P)bR@U-LP`X2wOaTY^rC?L2S#=#lLc+<(rQS| z2HYb#Cnr9<7};8A)jWRu4tu`id3D6+#%_QPRl?f{q<*awpZQNsEiC|m(B@l1aNo;7 zljO0>5Y@YP?{v2&oFV;IK91krRJ_``;dxU~-jX_(r?d6Suv)gRVr{D4VTOCdzvx zyr1DC=X_*Rzd=C`frNyi_V?=btI+7^7kl@vA>b$#fDULV_RXHYA~+L*$o9{A4J!2Y zwPbX~f%#FDy4%{=K)>c){YB3Q#nAMl4d#OkaQrX`X2;S$6`ezeoAUQ}FCDfft^p7W zk5T4@|Lca!K&^Yk9{_+}>PiX$v%K5UKK=aT&p9eC)5!2}Mb6kvGiU3Fj)0GwGi<9+ zh-7y?%-h)pPJejpGtdv8XBP+PA1Nc__vVr8kP0 z?l(bpp>-#46%~~V=Kf!`eRWt>-`4KNKvG3T5fl^<1f-Ep5fP-jJ2s7UNP}2_h;(;{ zbR!@jDM(5qZaS2ZhC7!2&UemtpXdB{@A|_B_u6~ywdb01%n|Q9UX^^K2oTO|{PwL% z1q9cji!+BsMu=>tY~-SADxf8jo1g2ijC^?en3{WMXR3(}mWXHr`6*OaEEhOXDi4fh zz#)TDd=q4QiJ(aIQH`PZ5#fz7K}t zfQrcI*rdOES9pAt8|58VQX-YE3P~c^Wgh{iDWCxgw9Sw)pqlie0O_nNzMQCD5XeKY zhiV!c-vNmTT6y^49p2vkFQ8aFkgfP@^5+a&Vn4h|Dw>TLh65Ag{X$LMJ#zRBknfq#VHPLQ(;&`tz3(>K8_?O?XV^a&U8Jt+*OmTG<3W0HXp(i#Zf@kSn^8%7Vp^6zs%jDy&-?^Q<%- zSh&Q&nTR@Gr9~I7hp;74D)xz+2x^Dh(6x8Cm{7| zT3XuVZcPmhJn))9eeyMr{alJgg*Dr7Il%v;ILz2KHa2Yc2PBd`5}^QK*mkIAV)Fbf z{xv+2*jMY9O}zH*aL{YDT?3HmZE&sM1zx~Jz+@GH{3;zC-DBA&v(iB?mc;mW!EW1m zJ&~3U$L&&jA03@-t8QeJ*5qWkSG!a4=QWi@7`$d z2Tf|^xf>{4`ua6Nyr87yDQu)9WMrwT>yvnjO=f6x5{%Lz(M9?AsuS*0ojui5sv0HN zBu=)I2vM-pPQPY0X#%t*78cg-v|lLq;h0T$kNi-sv(4`QS_{{dCq5KR92Q53$I92e z3)gilM{Cs!PK&i96kKD{d4N{qRw>X@&fl|3FfyH8R%XyQwF&9RGA(kR@;r1~xcGZj z2nDDjz{K4KaU_#iu;2iQCjy_172SI)j{E5;$j|!2W#i6s``vjGVX&^FtA7Qgs0V{o zaVKlTKsVw_=4lx!fRjy3RHufPmv?O(9zMGvct{2vg=gl5w5_Qnj5WwAJSWc+h(H!E zK3`MS>Tt5ojlq&H2e2&@6Q@xZZ{EDqH3i$;DR4f_G}XXJfXpWXUod!gc!LLUQ2Or5 zU|7zd4+a>RbuP4-|rxA|&O=+NcEqZUPt$ewSOV-LW5(dz@p#!vi`a znQ-HEuCQ`)J_7sp*7l^{R*TE}q42${sWuIs;TeS`#ij4ac$7jN+YtUoAOOz!pWSwW z%p0elwVM27AG&l78=PO5;v_#XXFsUD z`9R?T3IY+|0TYDhzA$7oQQceXiceB%slK=Y@Zr8%b#_2}U4#basE(9+%%V}X)6)Q8 zcZ_?@wg!voSTi9gf=4|7TWbRIJ2QVBQUu+AQ8qLLgh0g4o!Z)3^9$=tg?ZcSLMWJ( zBY=GtBxT2L3*Ng;ODk?Y(bV(+fWA<^((m{of%m1Y3O|7`7KAXOf76`%I&nm6Q7m2ll0CwbX_Ue{{Ga{-DeO!pK-QAV1 zf6OlEaI01khZ_aBJ%VXw6R;mEvk1&iJfuKPFNJrq-6RCDhM&+pys>4FnBBDJ-C}fZ zULJJEK4_jV`LdUKi_(oyhhP%&Ewv7@&a7xfIXUn2Cy{zb)s9hMwH^hLGxjF~Qwbl5 zWg1e&Kj<|+sC0Kxa-RY;tsm6uWD@v&KpeLjaur5OY%%3DuvJ}U)DUiX<%+9OiarlZ z7}*L|7tVb@hw_GmG`*$$C=g`;5RdX6*V=QkfQitX67Zd)2)qry*CqIrlue<#(>_0U zV95Og0-B(VGNb~%cnZNT8!i;-BO5k2B~kY+XaGfm8QsDRbAn|AP{0CaG5O~+Ak6^0 z6|0J;s!4FIB{GO+skh#*sV4-Lq>)UOK?&+EEjvPakHF=r#U{Km*TXmup6Po12^LI5 z@OS0Gm`;OvTb-^LJamLuZ*g9TI&N!VuFo(->M2^NvP3&)!Qm`Q; zpe;~!w2Zb8RaDIVT5RX^)CWpPdeh3uc9FZ&STGc@Z0kDkw8W4pQ15XL9!L4TfBo-re9vv(4MGaSTnXXup|JxohIZ)T|18D zovT`K3xJIt`&;tdp$Hle5DvsWcf=n)EG(dDjCFRDiTwvD3CnM|$mTU@OKDY0+Su4c(^2biI4sCT%Xpcao0EVZ zXF4dSEH^`!^*I{|p#mc#uQdp-;}E@0DktVM20b?7f`S5IS}>izF%qIkE8Em&ifz&p z6F@{YdCe_$z-VH46~YLY!(CRuPj%L1k+Rs{f|_vdrs0S3V&DAyn+3WJ!BDXxAtn6| zx+Zt;-t!O4G!4>;T3lMxAIkf-`y=e6834rr@qA8t!#(jh_=FH^>UN&-+1iRR7#!AB zTMW{G@k;xVMlYUy z${QRoF#Jf`rq4ow-1}RJ>4ou$iKlDhJR>6`pYt{gu&um{gF&(?0o|WLnBm1s2w_fN zwj%BApe!gXf=rFi5CDpKHt`XxLVt#b#;U0;_~)#@WM6u!!5PT|#=X-iM!s>tK zoZe|}!2m|hitjVcMu(oe&Nuj7E<)7Y0@L_cJHSPx#DNy4dQYRa z^6UA;GBa98cBG_LZph?9<~g9DK?qzXVnlaw$AfonJ`ivwddRKK&9#zUN9NGcE~rUA zXKpyW1ZD~n*N_S}3l||vvgCbv7XRw>TsPbyXk`Z|YAX$-ieCU9ni5PHKy4QWvM)FA zuU`zVbR9gUr1A*RU>{t5T|&~Yuty^c&CXTbqPXB8WwwI>y_tTp)cV9V&}~(%W<*ib z-hp@mkTee~dC+F&h>&%K&6G-%+lsOo0H%SS07oSNFaC*~^6us9nHwnNdYGG;HIBKn z{HEZ3frMOOcex!msJ)AI41ydTV2l+~Zx2B6R!&tlQ0*B701ERR>HtKt*Fu{ztYDU( z)7DpWqtx{m#;>aCEF=j2c%Nx$B$^e6FAjFrhik`k7Z&%cmF`Q1Lw@tkMkp8YX%5UJ zCP`Y1QKJ-Kr15XxN2Rf}c>?`KAI#9phYH3ArEIX|7QU6xmRn5)10n(ZzUhkQ2D&)e zvg&0Or#uvp$W$@EjEwl3AR)}4?a9Y<9;G+bDix)g0l^H)dm$@p*p4uU%jP`z%}@ds zxmO6>Fl9b{?^rf>ww^*TEmc*|s_$nj;Q>|__B|h!e9cYlN1vQ*>v#iY z;&~g}+ZWSeCx?etR8bLFS9kQpj}wC+qkjDOl+?}l!Y7tD1y&$n*(xh5Q<9Q|XWq_6 z=I0g^oTq9oo~!|Q)O)gRc|gl`sxqmnzXVWP6VS{UR#x9Z`UdcY!qk@<8=>?~H}JLh z;_7IHIQlV;wG!2^y;Y^-`gw4~v}&%t049TfV4$+Q%T6c#OPw!)gb}hmpbmOUlg}OX z5f)+Y%{PFT5Cu@;r1Te>Z z0Z;++>=q^eq3+Z1J9pBRGb9-4=tLxN#hoq@)mgvtfaqQ8{Ha5DdOXaL`?Q zqfoR^(@;k|gGeUr94GqG9!^d`y>TDRtHV$1WMpP!Yyll}q8$vKK;MFgX^hX1491bpaui?BTYY zloZ6y0y6IGrL(Da0g<9+X4}VFFJ2rofHTR0-gG+)LCpR8Vl=lP|LptXg)Lk;DO*QT zpW})2(BQz=2ja`YP5gI>$2>tIXr$Va!N9;Uho2KL81a1N2ws%U>SNa%f;{aKQb=GS zJPn71UJ#DKWs1_&`?KbF}&_`0VYDkGmlUd3`qvA1yI7qn)z#lrf@(=zZ_O_U2Z*Y~ph0Hfy7%h^h_$NOMDcH3s zS#O|Q*2l1mlTfOLIbwYT?9b6Tf{(up+gS7uxq-_ltoQ_9J%j>@ZWJ>-eE}4#;%2$O zzfU5hPwBKi`VwA1;Abs&?mVuHL}iy=1XyPjtH*PxA{^AX06z<~Ca|2UCuBE~3QR~K z*WgcNrV*nQfd~PifB_+~jGo=m(a~Xj^0Zfi06xS+GtJ_kyTmuy;HLm!v@Nqg1J_vL z*9hRVLh6t9ahENY7xd=3)T1^BBe|dLvILV0;6d#mD?1k#qpPIkZ`>K#`79VfuMc>- zVt6hi0IBh`mqpUhJ7RkCo9S*>TcFSxO1J#*A!Aeb2Zy`Z=f#;^foXt{I7K=m!h3L$ zTr(^f6yU`>GkXxnCqclS<_E?r7Ib~RgKzSE51|sb-S~k!LPtWXtEKg(#47<@UmA^a zjvpaDFBS;1xaSG|I17i%K3eP=Eh!}jokhV20yOb@yp<)3`4;*%!$avIWgs#^dee6C zs~Dt@r$LO0#mW$m*w~o*&Yi}|NvzAQvL9j3r3dLOd;BdxG){T!Fb)-H`(4GxW?OBA zdouX`Da3fLLS9+9<$bnd=poB>_z_K*Cz1Z;<{-4%i=D_}W|!ZY2UP-Cyw4N8_HiM9 zo9OY|HK9Aq?GM3YcZ_f@0tO&aq*bFTH#VdmVUEYPCjmkfq%mWqWoJfhV1a z0Z7CbN-{K3aWCw>PJ$rgi1G&X@uT2F6qOJOuBd3LMn3-gv)pq%@dz(wHY$+H3-qPnvS|ey7#bfR1p1PVonvIp&+9U6--$r^S}KPB zy7k0Fk^8VUVqn1d0UO;9N~tt5ha^Y)J6`DnCgtVjEbQ!}P-*~#*bf@VJW1%?!2-!1 z{&u%Nq?-mWikuwtqLPZ{yhcBe`K=kZ{RJ_MUdX!64W13YU<$tHe9mh)7$Mu~TQ08d z$@ZpXRd%~BU#SsDrTfmRm>QY{av1>q^GWZFXl`ykEni3%$Vwz{48cuVaZG5m4-Awc zaEM9xjc|ZplLVFu3}{+Z2Fq#`1XA(Eu6HL$8)(c7du)^KS+*5A|)Fox&JxxLx3upWF-g_1HmJ+?VXsjCO1<7Q`?5v;ig5S;<9 zeUFimbuKkz8iQf%m&tFh#;mS&3t2bz+~l*JX>$E^*W_0pFpNn`J+Y`+a4J#2 z3gX!GO~x^k!*lUFqj;UfWNs&rwE;)z%G=YPlU~~!ahv?}{PSCG34!bU^FJ`zP~fe0 z-*=FX`pMw2(cWe%&=ATsk;YJ1Ey-M8`8c*=mdZh`t|K9Dfg2xcUZIjDAyiXR9pVh1_FfDY`e&;Y;O-9&%!PMB;tY<|W+VFhnU%O09oGv7ET)Dq} za3W+>IbqEhC8XOK!ML680!8DY<`DiA;J}1OMlSmttVdFJ>lO*?>u*nGdRBXo_D?~| zY^mOTJ#>Oxr|=LWLkqYr^v9XwbCHHhO}@TvV}J}HzTDqkQBBOP z+eS}cYB9_NYIqR*WKI5tCAr$ut?W{%Jw(x9amL$~#g=ti*$i4I6@i92$J6iB(sA62 zal!b6go8k3<**;h!|v4DSjsicuSoW=?QFJ9=qf8-0fK$BTxZ8%qYKi0Q@ou0abjN``5xu=M z81rkIAYDd!`{*tfI!{(`PmQ@@tN8cYMC#PZ@dXg6t+!%|e6n7*&~@>)u15G8+}vHfgP(sv66#Gq z#70$S6@ABs5kdu12o*T1)-y$o z;b5NL{pLD5@r@f&epsm9CeqCbKKPy?VMHO$7R%q?9}Q2)?WAt!efV}XaN(&XpbJ*> z^NA!7NwttONXb)SfbATPk793NPeM(f`nkEOSg2FSVK^t%9mNv{lrrQX{EkfSe-3Ps ze+$s*T|Dz2C;HZW$)0@7ev-ql(K2xsl|*EI&^0Rf-jf7{+Sf&)76N^S`qvVq+JtMU z>1L}|2{f=!=udk0;ZMhXxqW?jhZhzqi2_?AB)v{s?u5@kxj0>lPxUH#zT?yyj7`w> zi)VJTPi}tLYKDb@x;i}~P)ZGB8tmRYM_;Ro za|9pVYJg8%IGukKSKjs-Z=E=0#{R(0`OmkZypONJPqV@kYWe$X;Xf=mzVO8UIs9%x zPr!eU|9zr}WYNgHeD!U1N?gsUf8HT{nMbr)rY7HH>^$k`q&LLlUAjz{ch3BC)|lv#{g_7`u{vIqiVZ+PY<#V_LD`SN*0`66p|8=JH)RQmd#Sg{%E@JmBHU5tRAWCKi zS-1Zj|NUwF*T?j~PDK26kq7^9AmdAklA2mlObqE78;Bc{;i%mMRqy_3i?9L6PMgq` zdGFI@**InEOa|KtpDU4IiV5+z* zBD9XhNfrce{i4JZKU(eh8ZjqvH@}hcu3*nKqEMxMt}MNmMklzepUhitn_JYg1mlbwhP#(B&!}jpNQTy-`LUg83GWhL?0$? zXL_I&2kI$ovht zP?3@GDAA)_M0bAPVr4`Vu91WbU{wyU<7bd&1JU0+^-d;cW>s+T$z7(gq~m$RTfue- zm(0dff+c$k+~qQen*g9SB(O7?3Zcc2>&+Ojnqb!)HltXrJj)1CNv_65MtAx6G@-f* z3eYy?b{3+sKoEpidwbzt(L{)0`}kG{0l>B*fY&<8@b(j8r&l>h*zRbVdm@FDu6w-4!kx6(M7%mmkc1n9pX zyjLjHy>Ya&HFYEdU1qGdT#rEjUL!F&8{!=EsrnI zwoRtI45P^|Dw0EXRHxPPJ0WeUlfUW^4PwxI{%pi{Uu`{Gfug(_Dp|=d0vN}142Z?@ zt?lMNcpysV2;FPaq4!hHcJy^*hE-Viy-R~egUc;quS*>}RVEyFCh%}^&H6Ur?AG^` zYf##u_VUWT5qdtl`)YW2#8PUA;K1N%>?}Y(+i_DO0>JR`&P9g~*!EA_h8rA<9MJbXOTZ`3e)yq91^BgkI>ID%D`dc5&&%%5F#9>(=+A{>s+_~ILF@y{ zHu>+2#=|>5^q#K5;y84^^y%y)%-q_LKknuC&n6sAwHRlAxqwFUiOP^^;vzJH41!A1 z>R3Zgj-*Y)QMusZw8!>BpQvGLuz*FBZ9N8>EH3Pw9A&~{R9NSRrxRCLuOKY!&Fj3D zcjC5iTUk|gIX&_?y>N5Waq4KNbH+AK(cJ@RcVPh?Ek#qM#gwm6rNE$CpG!!_xv&KMx+^zU z_~vTX>jzWBm_L(~7etqs&;bXQCQL%7P}O~BZSeJLo!*@A^&I${u;4eAcf`>9pU=Sn zqEPuhHpmihUK%aSC3o8;A|&CKBPPaZ)b0{@yZjW%*DiSkGn|mT#CcuE*u-S1b%tvx z;_2*?KR;yD07~#4ilzX8p}7eh_`G>rL5wRuIXFhk0Ew(N9%tMRhL)F#Q=UhVeHy;E z`opg3eZ6%&tc#3sL9t<7p-FBpQXrEevfkAiC@fT1;7Z$);2 z!&_x@(`FJX;fdQMf2MrtRm3^aLjzrFf0lw`AZ&9kTleI+9yQ-5PA;#blTfQuXro&= zoD0ou?38ObAhO=u8>Co5z)ced1`Z29Z{HNyKf1mwIJE(tTEgq7Gy$SX%DM6!JH$dp zJorXmfi~YDpPiCWB8bMs;g{|fJN2dU;(?e(9{Mfc_Z5P z@AaDppc&m&n?y)PgGpLi!a5B*^v}|RZVbk3TD{cNE7O?l@MS zY`QCoRdIQ!VDM}DlkMNIo?y>des;OlvK;aJr_2QmT~%_uQkMj#HhlejjX!8r&Zv0b zpMI0;o~M$#62H=|V}nLVt<21rPSR3u#MrpKK)LPY!jw4jb)tC6DHpa;w#k``T zCo%bx9tZV`&=~B(9dFL`-?3a}xt4#1P4CKIb6i|uqbe`oXI8-%FLRUMMef}IrkE)c zo72}J@42WS9kSOxFjzMbY<+wec5?K-GDT5bG#QtiV72wIok zYieufGiufkK)R63k$he;q1&WCs5!9Hq-3$oxX|oqUkXguloMFUmDMq2Il1YBiqS!V zo(@TmP3cCS00HPoOZ6ytYcLXGp29lw$3E~)3M)Ik$n zx09nC((z3Dc_v9|Y2{2Ar>TasXU{GF9$W8iI=fj0bYpNN{!Y*E+-eP=+`zuPbs%(@ zEI)3T-X4)@Z8}D zM#cSV$Bmr|^bct+@LBfq=C4ywtmm!=%qI?iRgE0VW#;GCa+Xb;w46E)P4n@?Hapz? zrBP*+L%tRGlO`FBb0(9qD|x|KBf0qUu4hcBx%Dy;K4^K=UVSSaxhfd7aZ z{c@mIA^2PO_qBR5`62rRotz(mL6>ve=d~KGl!v}W@CzVvl~K%)l1G;D4f_^i)rGai z{_R9%hB9F8z@5^uuoTJ9?{4mwKif+OuK=7Wm~ZI-@>t%#EsEG4lR8;sy`FUH=9~;3 zZBKel_JiZ8{IgqU$}yOXOJ-QhJ>S>Y&o%2$*oN-9G3Cy*K7&4;;IZ#TE#c+1K(xk$ zLS3sodFI$|Ao0~kF|#iVJeefVFjpj0OhoJcS+OuWaCnPc{C8J&k~9B~!~UP1D6N@p zHTdxO9jx{rYo{PKD)TV0q8PmbA<{b~jKkL=6e>={N>_dC{|ZP(Mz|#u9zEjqQ$e9f zS=G8fKQ8PK%e_y zIQ3R9Zr&rldX>fYENc4R=|Q+D!g|i^Z`irU#zQ~ED_|5qOFR@&GVb^mn*aTs!KoW? zvwEDd#EUNm!aWY|^OWk76QG2bzxesg4KexsPvq@g{yBu^&qF}|VZlbW-G7e%9+Usq zn5u|m)j#;e_RW7p>Svt^l8Hudsr<(S_HSR_b~8gp4P#coF`RDN46=I%W5Plc- RRS9`TLQLji!2>I{Lg#W{d~XNo3)ax$s{wAJ5Bf0s+{r3j@%^RWjGc7fOs!_I$n++ld)u*Zi1hvWJ7uLi#+jl%3n|Kotu*dxK zBurk#*%1(2f7aGeeF3%DZYK_UY1FzCT$LL*+J4fC$u&BgOyKMDh&ki^FLpb8ra>4dQhE z?}Jw7Xh1G-Xap3$SA@>^-|@ICWa-fVp7iELLx=|`_TM$AeUkkDct>^C^t5qbf4_Xl zr8gZteQ)?Gp7+0t>-pHo2QT47EVfBxyoG&ahcRFMXAsc6gmg>Ir3LrJLq$HgHWZ5AqF?bG z%lt7(Eq_*^bzGEDv%f}L&Rjil=u|gWpMHEnETB2K&xDkc?@d)PCL&pqTHzZHOGE$47Fmz|AxYS_m?nc z2}ql|BqT`t0|Z2sQAKQn|EuWOfS37OafJA*lLFm8d=E8irj1SsyzQ}U!Qjgo`Yt`e ztq9XVV0IUc#~QOKa>k13xR;zh39WdD0k=Y3dBS;s4lybr7Cx-(lXJaT)9QStQI371 zrxWVu?nMLZ<#PA-$Z{IzABEwjJor%lV!mv8mSjDV5nN3y7i5Y_%8zDw*G^w$)i-bF z%6Lu(DwCB^6D_@(R(FvPT43`d7kzbZGxzZ^NcK!ghN*N|`n;kgBAPGn+@1Pe!N(AB z>X?cNburcd4PPX53(|%T`-Fjso4#H32XfFy9JRU^^~D~PNgOHM6K{*#d@jzlKx64M z%Mz(|N6Y&BN)cZ+<@BNe9iuAjUYvg_i|O(fP(0_e-)V^g*Hss9gy#rI|7Ff1vFOuX zaIn~Vr^w}~aLRr6GK82Cv!L)X^bp<3>)%iRyW{i4fKU$}fM#@VKPEzaDMxV1z@^wyEpsJ?E;X@fJCLcF9~J3N zl$;c^+Z-r>I$_Ipqv$(|HSUA=^MICt_LaDZsYjL~ZO79s*ef1CTyj;Zfz7EBiY&1k zooUPl3Sc%-C;(3ajcR&!xj5i(p7jucZ`6tr`{Y=zcW;h<@=)Y@)A}PUd-DUw){-6> z8#5@d0?i<6qGs_yZ)vq@6+9Lnp<3P!)$-aAS&(bYq;vp0$GJKRK;RRn4!nJlO8!rr zam8OKdx5W9BD{RJTUPF#{_sImw30?=bH;nSX-1b$WY~^pW)1G%Rp+R~uP!z}!3QMz zy7x$;G>T6u5(X4{sI}CFrNGhX)+LOATbv43DNf79g^eRp8T_mF)2nuUc?PtU{cu+* z|1Lb&@4p0wrnX4~Ll$CjJ?cpA-89zqx+B6C*R}#0nK`X$(W^4hW;iWe)-&vzlne=d zx_R_$rnB4@cYH}iuYp^i{O{MCj+gVndsO2`D#>xox%pgjw?4wUL~0N7Q$EQ6Gn-cK zc4PvX+(^^40ilBTbO=2wIuXL>V*%~32(x0|43DRqF4prv<@3T%j%~L~iTgeaF}% zo8%nPFzEKf9qw;p9qyO&c708=?j4z-M_KP-2VlKt3H&!$B=|kKDhckh49*bQ%3BT~M zkL&Y-2(KrXD*QR%8?`PwhyhQ=74i;+pMa%|ok0~pf7?vKMfL8n9 zaLDD^QKp@wv~Y zgxk=sO+3Vm(dzOG015id>@BWBkFEv7jB>1!fRKx?4yah1pl}rr8mh7_4FOFj_bwt! zPNN@*D6>a5Bh-P2$W#8Fnn_tYKOPIWOqnSB%Fk5G(+P`=(Rp=jH)af~PLQ5&Z>A=3 zVk^MJL8(z$+aVya!$kMR6Jh<87Ci$#U3$EC;Mo=+O<l(fHcd0q4k-GO0VB^QYXv4$)cw^5K=xu|aNh zWXa^ffny7hECuO=f%1r;hp(TLw0Ap<=GH22yglAFK}=>m5W7d8ZUL?WPI+=4&UBp- zE!PAth}vTPXuYdErUOB*T$`dh-zp_9=z$l%4krbM3kp~F*xY3QVJQMcg`PZLQVB5c zTBoN)=JOu|`NUdbY`xWx(0B4;GE`%=dity^QLlTE#lPsT8A=INRvSFg;NcuuYHALU zhYRC>Sit&VvJanE9yTz!`|$NPh35^lxaZAm4#qA`c}PA~y`_9NQ3J`+F(AK9N3u=P z6+cmw*}O$1#6oE9{8i-^8^=LqpxaVO2Sx(DT;~u=8UHBC5VJQ2@51!qoBBiW9xHY( z)SrwK`@hV|rUWh$KQvuU*5p^KIkcq#yS5~*miE3MpP6SUIKUtgHwnmQYLWjwr&~aJ zkD|kp{T-Q+s2f>3bNu+Fe#!7SDb(@7{@6IiP)7PLAy(EY?5Hp3iiSE?=% zeD0dY=}&u`%DXIZP|kn<(?=4z<^RE?hc_^ZbpDQds(c6_aL_Bbl_o+|(XD8PJJjs0 z*K;irEy(y^R=oY8-3qHG%YtrGymIR;4@^;|G1~Lu@b-n=xq{4G0AB&RhqD+l?!4~* zU|Sy85rANSVd}-okDrsEV@;$y-z`4F4-METio4s7b}R2 z*W)ThsysRp3^CqbnF~!?cN{hgrF_dY*V~QeMG1+0ePW3Ed@_QeQ<{_kBTiGDS}O9Wimd^dS4 zM2?js0h+281TWM;WUa&}^#`ZILw;^E|98J|7^pMEtW6AZGX(bUr34S$b1Pu0y+huV zxZexRcsUjI9|`y*Mu*-7)f(4a+--|C(=&c2Y61ZUo!SKf@sd=e+W#XWeX}?c+2K{{Mw-g!}(T z{NleT{l8^B8rl3D)Kvw&Ytq6sR^4VICe17vZp5a6YVMX@+5O(NK1Z)ml*tVZaVmUQ zo;1hq7Gd%S8B2Yi1CuJ3KgLn@;(~J|+_5ghIgJ!r$a$bRGeVh;K1#~|dOORz_8KMK zCnxi7Krf_H?fdcQUj$}HN-?R3q~-OL5;@QPhhhs&iLv~nO!+jsvMDFkR`cumWhS55 z?qY_bT$Hnxu!d|UOl+D#hvvHL7M#sWb19;J);{_5B!=HO1n*OkGF?QEM}6nfNw2^c zX;bGOhptTXTf_~N1IDXJzBk#ui_x;C$gC%?)gOY0h;6@q_r?+vRocoLfA#CGB67iR zoBp5h;W50fakwV_rXUwqzNGb-h7s1~^WDKhjoRwHKSr7c#eI!s&)S(@*SjU(A)j2f zn5IW)?{a&_#)X7W%L($QfRZDst%EWG2GBdvx-61_rS-5}`Suifb3%$-Uz+4_s*<06 z&3iNa1&asb<3$>&TumopMhR28W@ZnIZ9eRGgRSjbH$C)E1eLE3>1{<{kPPV&%N@rV zaqr(HX*lCx(ap9W&ZG{8?|RUo4UJWr$x)qnA{NPzc>Qt4-rtlCMU(pf%xc%$pICq# zzFQ(+C>;~N_wRQjCfKoAQuhcyP_c}cs)G-z871u>wIr)NTH*}puVpPtl3HLd4&Pne zOM03Ks^BL{&WYdZHcV1dd$5Mzv=;avOfK1Kr;5GkAM+fr-By6o%ucz&$D|r*Sm|N? zy^71_W)=gc^|!#{GYRXV0a5gcrXBpXZa7^E>=Yw;Bl{Dz!~Ui1^ep^WT~)j-GUm%1 zUzhlc+ojhGRLG{7RhH}VekqO^R)p+whEV?!I*;*X&I#ftD_2tRzhnBk?Gqu8BU#bG zukd;M-2pvXZ2BE6797MN5WdeSTymx_ZP;n3{=4dw=i4ixm|My$hBf<0IiDSKskLPf zuaO67L#d1#op``%&fDHqf;i6LwGJoBW=GT?js67}J$sY=(8bkuN23E%oyfodTh+kp?E=Sb?wlHv|-K^lCvb4O96%IZBps1G}ulgdk$ zHfq>mzUHva_LIjoM_Wh__Ut4emp+ygfGbhxX|8#J&yVpC#Vo^$W) z9Q%Ae$3S{DQOi{aL!+97$g`4?0zeAK7T&Ik{t}QvOG_rpwK;~yFj2+F!@5fNf#Q38 zeaqG_h`71AaeF`OoWDd)uWQ9VoN62m&h^PfqtSc#F&+)gC~FL=NWeZ{%KOV<*?6(= z=scC=Y{~GcVQiB2d^rmztE&>{?!k(*Y13FThjRNdnz^sL@77rI$iZs_II})J`XKFO znjgiSG*G4`ei+b?=wCLp{nQ*SFEbAEt2j_X;{@W*x%cptP=7Rp!*n%l%0XUR@P-ZH z*n|^v2hF`SRQ!D}dJ)KK4~|Q@L7`HSRBc*LR-5trgP%ssVXkKM@+irkiCEmRjnRFS zkT4&Xnp1v~HMVh?$!R=w$@7rY4+{#(^q|D--{YiDj2TY#SX=1DOiI@5Z*iSuVSoq? z#DmL=TA)6SoszfO#d2=OxJ;;uf0~Eom$-vEDSf((+x*L!9Cz%v$Ln=|e!RPNrCU%~ zw{BQ>t4+#5W3r7{!l#>WD~oRVXvHaO6{jl&=igjHV+Osv?5;`C-jtDGt98v z4LnO(SHlmkp?x52$8%_9Omcw|XI$Oi{z%Z%Zgew^!@d$1l5QVSD=&Zb2!@!k8;*2X zJ?ZZ=u@mCj0100>>V<+LCqC4x{dn6A{^myLEnG*z!>ic(ogz~g00XaAm z5@t(_eK@G0EMc2VsjQWurmS!~Sz_GS zXKhwsyiKedkVCLm*GZp+NUl7`W#C)QjHPSX?G=|BY>=3{a1Z4byUShqm#R(s1^;K@eP68Z~dVjkVZd9?|?NUb5rRSY56 zN+0fD@4g&scXsgEnPl&U>vgxV$9RfAjMI%x>=~0L|5fsqwccsrhNA5flAgddmAh*5 zwj`|k9v#5g$4Za{x~5Ge4i{Knrvva@CyXUHpx8C%)w+xa1Jyb2rzxe*I%Db3yCg>& z(WB-qRs&^sj2pM)ZgF23A70RM`Bg)98-8RehXBqFtwP>v7O3`01pd62d(fKj;QanF zC%R=9=whr)%@afMNH!Hbr+Y@tDor&ci-rGDR86{V9-9mg`%^OZ*~YYfW14+pioI4w zi+H{V`!+#0-~^m8ng_I+-ZgGLkO(i%@ATj6r_Youq*m~AiQv>>($eD;w;f8MUkxdX zaZ?H?e%^Wvko4uMB9^%3sc|}n`nb(9u`Bv@f5=08pe@Jkb%qeKrjK;HUj`J_HHUT< zmDG4`sS+v0BYJZ%z|W!j^-h28UTP)vu68-}Hk4p3yTiwBk2Sn>_SyKu8Hil)*!Isi zE%k#qX6QLieBq7O%}iv~Q}0A`#Mo^0aIOCuP0Je%uJJkXcRsK54g@-Bgr+Xc)j|=# z(o?J_SyM10sjn;i;wxIB#?Q}3+OF7PAtY1MkA*6)IUXSvwKe%Q5AY{rLem_wCvP3VSSkQvYDQx=18bX%P$j zQg!I@`(rm>-m8k)B%Q|F?4&JpF$tuTHjhfF948v2!J}r;R>wmis_t4PRteAFkILB& zx35{(a(vOR3~YOx#MR9n>Q$OYTI~ESc8#IRZ1X99$&cnFS;ALQW?nbE-mvzH*?p zs@GQhqS?9Nu>9mvq>Vl#9D8QHoBlFWCTYh))@Ng!@sjj1T3%;zX*-c%(U7KL_?mr3 z*Z+@@9ht9>(d<{wM(#Hf)&M++y6=Gaf%xzgHUcucFJ?^=1*t^ zE}{&J16bJtK5NcEJUlF%ZAT7eFIIO83Uv>-{K71wE(9&+6<_xjHMrS6^S~2OVxO59GHJe3RXc7Ug&2qf6CSbGJENpD#Nb z$r!+XWGM)~@Vhwbyt*BFI<&B-89h9ZFGc-L#wF%ysT)W-fRot#5oX^X*Li)kfYWY) zf$y(qV9lBr(J3sPmzU!B(Cd>0Tt??=cN3!nyTb#I-Emde`o7c?hT*8;4Q2Sk)leT! zJha1 zvRxN>!?klh8Us?LZR||Wqf6Q)04X^mr zsHww_cF^{M?0PHolGAqYP(v&|BUgSgW$6ZoUsGRSEnG9sTT1s`2{X7;OVq1s2D#;9 z(8!6Rx#`bwoeON&WC+<&@WiHF%GB$)%jZFk`xl&?A!L39w;UA%#C)qQBLAL#Uv~dO zwQ}}_``9dSvWOwbU*&b$a6;!bCX_3}NKbdxYq%DX1?9PmD5+^aw!GfIHYj_-!`6Pf zeXlmW&3M>eAjPeXXgI(5`RJWgd%Hv`WYdb$tC81lrc%1Juax=g8Az5`idXb9$cZ2 zF6H|h1GGhMfV6h%&`tt4*Al)=RQDwE5U^9kya%WHbO zoTIMhA!Z2&M^lE;eBy%OL+T*>7-ArEhEiGnpvdBU!Q*UAC;ea=VLaE!3sT0jUL7wX z$|h_;RVqzU@)4%XLu_pbQv9C!bN&g3cYc#>0w$li)?6g)WLSU!2tO70p-YrkKY7;i z2zx<}+|^v#IrY=4CVwb*XwkCcZ#RO5ytWOw-ng4$!#s&p{d!oiRQ+WhBVbB>UiDxs zj+Q=&XA4vOa!yDfO+4n0a_|M=*4DyaZJatua;~GC6(MAq6LN`9+PgU1#s8{jp3#x* zR@N%b7p4t4AN&4H^#Uz^9d@X!33R~pt8Bmj7fd`By%7$mTm5NNjKso4vZQzt^xb^! zwcbkk35XNtBhkw6>CR}D>K=)W+N=z;>FbgiNIkU)vW`rR0j_s^dqE!K#v6;{4`ap! z#{3YTLoEcM_WvX{cTplEg>um zp{JaC&N)fz^X-ZX4R4|)H4k13cR38d=lHyJ)aQRqgtXHAtyICLLc#vGUL%6DQ+?jW zBt^QMIX>t)(}?L0ty15eUqzQz+sgh^3i+U>Hs-vo^za;7AxqogaChM;wbC0{Q=+5D zLlMuF0DLp?`Q%ZhZ;6NW`f5jV(3@UkyzScCcEj2L^ZKpnJ4&s7>RWs&Sq~4tNB?pd zOk;dXD)wlRhyODRee_Fph5Mn=x_q5Mzba-4D7JqAW|UBSb{m6^s84q`UzEQKngK1P z^s{G8l&a6WJKKz;Y#~`Xxu&QVGq_Keu<2v5C7eK8ynC6sf{LWWNW>dy)<-2Wa{^I}ZSgc+h%`xbjYO*HqE23Xu0~*gMWF(U|)+`4B`{>dcZm|@JzhpU27@zlb7G3`JRS?Qv?1OiiEzh9nIum z89A`K{zmu3O)d!orv(5zJQk@3mOiprGaF>#mG65&WG)x&snk;Rbg01aN1xHa20GCN49lo`cAH(-;>YP{-ZScg+nogP zQ$l$CHz$n{KB(PL7{_xXmOJaZY+~D)5u5#WIruLzrfa$b`PVuxs%ObYSY;nIS9@`# z>ifPp#qqxodJUMzW*MT=e%zKV5KRIs`vKTHuSu{hlJ`q#ZM^;ReYS5*RR`Ip>N9N0 zuTBM@H!|wYhxjH=myu>pe`Ns8N%csDI{5%3@6KhXsVl^T{HP~LY&CjAQmsy(6cAax zKeu9Q>WUw+id$*GxRr+om3rPztlEK-9 zZT{)oUy@cIhPORSJX`<$RqD00dm=6Ui9j`ZiH#5KR{pxi-V8|n$Fcn##J#v5 z$^59N!DW9JnSI>NshjKU`x_UswjRET75bdOonyoV^>5({26NWmYamihwk*zN1$J0F zIxu+1?&SWwhVQi6c$~Z%upe|Qau+W4MBA5{wsYTI*^7>mkA5qOocdD>U3iHg&iA}V z$<&{Ieem7bvIc+4V&Ewu?cCrX$XgXfnEH%Wr|dCt`@l=D3+-2 zWGX8U-y+gZi~odn7dayvD{;x{HE$=a(gqzi%eCDnXDa;fX2}#)eXSlbs6O-Ks{|QT z^^?``QXkDle_18(8X2L?pGmM@j(#p?rxNy@m9N;0Q2aob1viI`@D$xXHT&1}hUWa^ zY#l7B1zDnI$%tfE2281>CVA~vN+XGY7IGP^ZFLy%*oTE;Xo^~yaXI5!#q_%oRwL_~ zZ;VY$XGEUBC1a_M+xxb_aH%?3p+8%&r&?lM4>#{XiaF8qKMwHi4m>M3nc}~q!XfMu z%td-nBnSMc1Ek#}XrE^+{_fu*ON2(=cnca)B#Xb!Ov+3e?zh1TZ#Z+Z=a$|B047)J zYLAvfGYW#ZAPT20xc9umi2XH-MLy47Armi}84_EQ@L= zC4mo1$jlU*$=kDEggL-{JceEob&8^LDoTX~M_mgN?OheDkH76S1x;|K@VVtia0cuu zywbx)eK@V-N}wH_>HHSq+M%~#;Tww!0>d0eKGH{#uV{7`GXkylpXGM=u-{k(U5Ub& znt(H!7Z(cRZEZ?R=|9>3C?@xc^4IDBuMRR!7dKWDgVyey?lU}8`z-ZpM>#3S4~y=& zX3v#xV!V8P8JTO+p7?HvXgAyrXfu17vG15S3!-G~JOrM)M1J$5df_~NXQ*)-@p-GU zvT441Fqm%r7;$IsT&*vXQ7XxO#d1k^t4Z8q=$o zUh+I*aKL(hY-GizXi&ulaY{OQ%9IYc=9mcvy`PI+XOs6Tei3z+`NLPdYOXnk^u%qc z@0i!o?9|!z==fc04ylkdHfDE4?h9=i zhX0B?L1d;&r~HXEK~~Jr$Kf7dr>?&`VQsP-b|fm09em-Objo_N^zG+K*ZEbG&l(N< z=#1sG&OWSBUq)w}q56eXEui}KEjREmM!uxK#`rRk*Qy;!@?_u#nt!{37 z!=WsGbEw#H-u1zx+g})^FtgQB)$Kd#6(v~f<4i2R`TX&=k}t`Xsx|at6}?2j9Fh4P*G-t1JD&1YRKhZQD-7P(USr3BH#3%281K<=k4Nor4=6a(AXB$Q>gmxL!!&%7!8Jju($W$KBKtMQ%Y z_B!J{58@%&9vO_+A`QC#DM#R$t!4*m#;_1dOp(=buOptlmn8xvs@<(lshwMx3ZS9M47)`q8Nu7*}Lo} zr_L*?Giq#l--wvBlUs|dj1gu|))9WsIa|VF!_F?(xQ35fLu##!C7Ou6T7sh~IEa6R zUb%t%v%nhv2&v1I2kCuK&}c8IE7Ee%zVMfEZZ*+@ZCGx@F zF3C#Fd5P_ELlP8wbI~Mr-aO`KJ^}_UeCeFJK}fRBImZ`YB_xAz#PKhHaNG|EZ+Xrr z(#5kMfpIanOhG;0X*;&XCH|`8zFpSkLOF z{X{1nZlDal*=w=2ra;9u{p23KBeQ@rZa zj))A}EDIBI$nuvuBvDN&-~?DaBzCoGQ_mJq-bsmolEPMGaYvXGRsaP`B=cOz0jY`-3Fa@)G3b>5$)#o@%;I(yG?6$6mL_*Q)<-8mnz)jT~a zpvA8hRz+V>@P5(6x}Aqfbk`mr=gUc-k-U;z~Yiql`Nn`=bqIl+)N z$nQDy`m0ug4*a$^!`E@5Kr#8i6$`4WV-9vks%yn5&$UH9ALkc@Gv95)Gicwbr*rtr z93FoKARQxPSUaj_h)dm@pCk~4i|=SmJULA?cpFoCk^$&E#!pbeh=BQ=`D^#GzK6sq zOEsDz(=r8I^2hJU2cZ_zxugbV*W>E^QacKSr~F3M|5SfB?fve}Tp20fN=H5PR0Bot zQt*e zaWu=V#FRR#;elUZ1FwpO?6+H2r)}uNwN<7hA)s!ldC%p|zFrT@2XM{>c$)It#np6L z6Ij>R1)IC!A57SAhtY!I-?ma}f;{n^*1%DG(924B-}BEt-ICAOY;0&~_X(!NEW6e; zZ46h-T|A^9t@snLmAU6vb;FFY(pOQXkf6Ttyd-vHY8xQAx60`f_tA+TrF+FxImYC0 zk-9}3-~Wx))vzlDVc#wL_I&x94UBUq*ZnM&k-%#Cs-whuQ%-Vzx*z#k#5mk!NRrPBJ?W zKG-ZI#C3SH-S9Wyk%&^z-L#%GS0lDSI=NPVlEKxV;o_13h1N)?ri>TJ?0<-BpK0HE zYam=Y1Ct{GtbKfUHXWPyD#ZPv?>(f7Z zlh_ptgUjv940_1^!YsQ=R`iWMx#NgGT6FdPB4Ati!PI#@N$UFgD&C%Qb2;Y8s$qpk z$jWFI`%K;Wedi=IKrRe`bkTT{r#z983y!2Zj0xyl8EE{EReSZNweJRvBrkSNszYChq8 zEY>pSO!I*2`I(RVD_G$7q_aZpldsVCKGeFmaJ5j6%UhG;`SJ5}iiMg7_GOmk3WFJ9 zVQT)~+!=x;7ABHKc{6tF2vHxHK76h$jqo+Z=!TYI-+UE1G7t(ihOt^xe(^{T}A6rf}A{oA1NKAX99 z_(19(lz1I=2>vYv+tyNh3m`cZrsUmPV$}d!%Qi8n+91enFDU!OpD6FwUzRkmmG!e; zTmIJ@{4wP2qpzB1-b3&Eqf#H~uH!}9+S}i!hD(*lNNY@wL=Nk#^9?DY zfA;@?0Z#S=<5S3w<*T|hF{4&$$Tb0r`}`nOqT$v?)D6-{9h(CVC{jzc%=W zGO_CXZa%KY6fxGkDGR0vxYwO>+ob)wG0ro|re}9}GS_)`xPT|P_Kh+0!Dn_B&nDj> zsTP^a=v(r-etM&(O{L)T@a`CNdw)A(c>J2HG7^FW%)sIf;PIYHfS)vjqyC)NlePSITpy%+zvNxNp1rwP0d`KT&g9jcg0>ma+NXfL- z1CZ{0&@~Yb$KTE%EMIC3kk${_?CNSeVv9wuMo`%>h28G9sd864c(ctm6uV6<1c8%- zZ>0p22i$kp6I)x0`u2ka-7**1eq$vk^=xvvzMrZu%>uOSF&t++e7E z?W>Ba1#dcRdnD~KMGOG>@ea!z$Z%tdt0}inZm5Z0HFNs2NE@u{2=_D5>*Z#V)^7g# zOr2r?h&iCpp*nwktUX~yg~61HpCSvE*k;`q#BMv3HV>$i-<#7<1bU6Lxy<_0@FUH- zDov+qY}Nc2B%|MeWyN{mn2vCON}St5D0%X*+dw|Q_&4c`{xh%_(n1?i>(H3Aele@T z){*|5>&n{bxa4J`dnNJ8_cgJ1e^vate>V%)Visw0kJ`g?jPxP4=bHm5yh@oAs5vM^OrN6{uM<++(OlVT(;?1d>tZ>jM`p{{$>x6hg=m5mp z_2GYMBC8v)U36&ao1sRn97wP;$SB3Fkk=d{IQ-XpmAW75m5-yk`QaCU_zQ{yUtV5# zv(-FB+9eOrjmYhbi)Hb7y{I;vR~dVUN`yVJ*xxt?wYS>1P~^QZX54J8n3O9QH54-C z5rBO5TQG|~OX^do)XkcUr?8Dz)Fvn?05G4_99$K3phaxf>}`8zFfRHAawJqFPFjv6Zl6JAri(Sii9G64pp4))J`=5fEHc9 zwRqqMp)nh*mLQEFB+6|dqjwIJN{gn9UP|AI3w;T^dO#<9)~Gf={N+*x(&o0S-E<_m z8&)<8nA{J9+UX^`5D(fc70piCFYMGAaD|cteNa~Xn`n_#T1WbC%hou}zdqUBzKZ-K zSQwUsQ{Qhz;5D(gubIboFiUP9^rqyPQouhy=z|97K3JoALncmb(_}vwmmbW_FZkg@ zuiuc!3z7B2!wsntmpQDQC*n^{65_b|(m+7V-ge*u0cqQ;)~0;k8Ci5R*v+G^VEgkW zpx21aXWO5$Po?|sPx$+WX#Mj-&rX&&W{re9U1?Q6Dv%xi7hwQ*IV=0`5YXY7>cyE2 z?H21`{(KbBa|h?ZFpZFE3ao|)2#VXI@J5!Bhf1xZ~izsvoz>C3eiXU$kr#$t1pj{+9^ zT(uxyXn`E7ehhOVXZK7bKWnY!YDzfbiX8kmdiq@t41ah~*$%$vN&!$GC`MN;WYmMu zGk2N#D|SkCwe^Q*Mka8Tv}lo8aR#&rdCB?j5$$+f87b!14-4(BR4@62;20-UI`JUp zl~#7jjuHFdv(3a<&s1z3$<>=+F|mYJ{!QP4$i)@9QICKlkD#0d`Yc@&;b))e^^|H5 zs-N-!jWJ)Rwt!52saXj$p1TkJ{uZ%Myjse|rI7nRSW(>*tgkkmyvMte`hzTb_(?!_ zD^YQ+kCpj~q@7}&mdtOgG$ZQ0Xm$%+Ae z%ZE>oozF$e6xPK#LB~-L66tb7uQobXv=;u60My!^-dG&6uK-n8%h>&>whFE(i+m1& z)8{%aPnIq)a)`Urf{f_gm=@>JM+}F)vfLw-tDAn^acNDuqRTaIqgE@(bYd1%(68mj z2a$#@G;7DsH;NeykK5CG2IG`~`y1MLOavPLc*$u-?wR70%wg5t6+OuxjRFPzDnu}V zpkXvnK?v67&BEqDdOz7tE-}#FdwHpB>}0gixpExbWf$o;iux(OxVDt!zIEK?bp7cM zKJEv-p+a&DtrSa2iH5n0UVU~z2-NFnoz2p^%gm-;@mQXo)9ZGx>5FLD7@1ZF&APAy zn)ky&#ztcItc{BdWSr$fN4f2QP6z&od}bQvM5P0gqCyAzCKj$&6;HgkThfNPZ9G*o zXIiGl?^NA@>*?knbr*ay*bDt%{hc_|aZ3A|U9FJYvoZs3T!7LQLf6`pte zMLW{f(T%$2hks}ehLsJ!uK?`2_BEBN!;)X)zL$SRSYPL=3Z(y`bTdI27OL@VcjO*E zxrj~Z8CHJ!epV_~ev-zmF|slz`$J*bL(--#xKUTD`C=aID;~dGPy;vcCk+)7{|xvkkS!6wbK%lG$39 z5qrE+4Tj*$jgW!On|Y_e`<=CRm1-9iHRk#I7U(g2=IntanX2`%5~S95lt2gOAbEoS z+6yIWn)b`^9Z~g-tU)-S#4$IGAv=&d+?f2l*BjXeZ_z4J^OHn1>dIU<+6A&k4_A7L14g#;+$sjYBM*^Pq99bE8(kG%>zm&X5F;OG#Wo|H*QyNAya+98G{7fA%Y}*x{^cu~m&r4*Esr z#q5MyxlZeQ9oGt-ydHIHm-n8_$bGzBr}C$-DTXxYMvY&3PT;B~q86*eX|uAEx<0k1 zh|fe&bE3K9NEo&q1IhUyb;KujYM$>{ut^*R`o4)(F6weYc9Qpi9o_kwh9 z{*d14%Ex}FTE}t4^TGN`w=W$5MY=n_)9EjQ6BASo-hHhGR^4F;YredfBg0SMA!0<& zgGko=+%rG0_>nVW4GaBBYw+)o{rc0C5&dAfLp<8AETY0h()1vq9fV3z^5eQNXcTNY z*-YT-1zQ~sSOb1nQ@1p@M-5tHz_o8iJiCxGYtO{s=;DYPTMglrJ&B&4*k!ZRjy|M$ zwAIntoSgSDn^>-5GJVXkHSREF9aSWnz8kn^s8r{6cW^~2x{NmSG(JtEdI7V%{*`=B zDe%@7GfZ{o$-;eyeAGayVyg|ItP%1?t98wa_G0*J0p4B{jFwU7vze_@nr^p~4XWlH zmJea@BJMSP6?P+}gD;?kk8pR_Wo)?{wv{8jF~}Ub{Qf1SSqWFDO8t&9!@1a}z1e15 za!rtn;))FS*j(&4$f~n-&+>?z_Y(IghswJdo>pUW!_|=-`sTXxu356K6(*0NY+?TW zwb5uZ;!beu6}rZC!7x`T_*Rb5sOC8dV+wyx3~kRwN~M9_@a)EUZft$OoT3P{nr)`8 zX!s-%X!kQ9S1ymk!6v+KUnKj}+0s5(n% zT<27(jc7Mk3T3+&Y9do5S?iB9G;8yr zC2gz(SFbIU7=)n)3S_nRAs{gtwCOA9o{72G zj<$UFo`1xEOd-zFmERl9qW%%O5lt*CyGSt9Jt~^1gEvc+*1SEs<>U04(f?`Qp~UI~=P<9#23*DS zQo;j_*cYGbn2I$MR9zDfGGn38e8JGTZe|5nq(0s3#0x%lilg(d%i7Q8$ZziKsUZ%` z>-g%1r-$TnpAWCG2)GkH+$wMUTK!pQs@t93;q}o`;n!+KUAE|BZ1lVh6Zf9>GSU95 zBJ1j1d+F6L1W(ehNM_okiaeUZ)4p7urB(k3R~oOEDib{E{IBW09Jwb}AF$dWMd|T^ zg}N-`rUz<*@i#s;k4*~_H&a@$*xPwUx^HwztmXdKLW&2@><3=TWl7;mB^A1o6fgnm z6~pkHV?`uh`+?|<39b_0#R22lUAv()&1T8ZxTj-110S&JpALqj1Wol6N0&3a#HeGAI8vJO(rc(^< z20cDmvRr)C#wSzo^e3i+t|>G?D*J_ii|FrF>{?Q;KY5W$v!npdj)TY8yU3)mV|}KD zWFKnxD7``+XsbOALCqmZDgXLuB^Nkz=Kwpr83n>6KX+(a^L#)h?hV-PBNdTG0Eyt+ zJ?0dcQg8TEWoDssrL)7GxO@FxTqUit@u8-7c{|0z+0w~mrFHm4mmN=>M<#}jfP{P$-a?o0Ha$-x2W{F~vqnrD4 zWo4~^gEsjCrboEyPB2cK9Dw`CQ4o5}@*TedM!S`G0=w)4T4~YbBtgk8`QT6fYv4LA z@|$^e=Nl$EM_ag{hfzZQ4p6z)TNd*(BDl+!-KYWl3`W4PM0)LML9{(@XLyeG0VJ+ZZfn?|;_P$r zQP#td%lip}$*1JOaS%Qw(41tk@#oh7g+g(m%nM}Nl6Ts-Imr|NCWAuYx8xavTBD$L z0!}W~VfM?3Dp!FnUk97aPDGDpr)u+eUPFme=6#0BcZ57K#d;fNlc+<;#b{GGKvwc# zeVrug>fn54bhI2j#?Gd- zL?b`a>%CYo$;!ZU0?Rr!25W>SI0$!&c_m*q>-1psycOOXi#zQ#7#2=w)>3%!W}e3c zsN7-hdNcp7-C*MUFQaW2x7^(J2C{D-y>3w7olJbMgvJb{Ed2gC{@LJxrCzz7y=~s` zOF%ncm6{{ngc3J4Uk1`b<>lX;)w190#60)3)tHF)Nl;?--4(TT3d?`iZg6RZRgVSk z3lX(i+?>7JwcIq%!{j>y_&Tl%62$e*Ue?L!FOvIDwu(4h8}_xDJi2&0W2W+$N4-V- zeg7=tTQzSyvsTef3)o(-zQJZj3YqQ;+To3&jIma0C+C*b`)~h+Vd?KNj*eysF)@-}&oD1AOWhHjD}R&?;`3t>edR`D1)0o?AP*}5^LT&|6MuHI zs-k5Rsu%x7zjraJ7p)6>uKok57Sk4N$|PaJwt14)TPs3Ww7b;KRBHro54&~J;2Hn; zb26{9DW6Qo(QvY}KA-8gi$B*g&G7f%4b@Dc5_nOak>ZMS-&3Uesk-5P>r{-@)LOI4 zm;X5axS<#rS-hj89x?3qB@$ZOMY>eZ;YZ*Yd3NfY;s(~vMxIX7{ho53s8n6(V~3v5 zDd=W5>(nAyOVrMrpHv17+--MiSu@&VFnUqyD+a1sC&OE-GQO=}X~g?f`+jbw{4OD6 z2q68tdlNrjiM^boKf27U$#Zsa6JKiP|Nauv-<_LU)e^p`q~l+ z2Aj*aHc|^n6EScBo7&Se*@9^)s)ZLnV>8rFu04$Mh{ra+;=frJ6b4M0*3%Sf> z8K_>|bm9mcSpEROH-Gg~U61*s*h-FD>AP*pD&n4Ws_y_ORIVO76ob2N;=8`ZCCWa^ z&EFaD=O;DWYmv+BqmoD}UAtCBUb;-fI@&u#)sFiWMlQx}>>c6-LnogWak^0wJWLW6 z*Yzw9`;xf?b=!jq7Iph>?Oit3>F}7?jxTFf`zjSNVp-%yG@-zbe|$vrw-QB8RwXc+ z#L5_F(q>u`j28G}|IeK^GZ-jH;#`w{u2BVxGx}`muWJjvrUM?J0ik5S({=n>CNUUS zb&@b7Wt=MV`JdXfNBKZem)9;>in_Vlw(nvNUE{V)DQefjDPmeV&{P=abFmXh9IthI zMd8Ujd7Qg;?TdZ~QA-#AjuvQ`Kh~1r&^+j_6alw5iTp3j53CbxgJh zk>X*AvKpQ`rx@#BIY%-gy$DuM&jrE6WSX*)zEXBGHFj-TPs@Ka<6rK}Dze-^?RrAl)6W+su4ly4HCJn^w#FD&i7; zCse~L_a#Ni%@CaZD{0^LR3&)3bO+iK}4P$Zc2f5f4SJ?hs7wuo! z6kKemxPOP?SNDC7*&6mC3);yl`OQ9^*;bx{mR+ncp(S{kdQ!~FVXKzh>VQjn)0jaU z{$S~>q|n?g-J&i4lx_ptf93vTQFNd_9yl}OzDC4AAH>T ze5gX2FiH*!V}#Rrz%7fse@*12S^1o8IE^0&jON-ia;2LjG+9Am&w(16mc>hJC{4Tn zEh{~afpDvOPaf_EchxdaAtATJk(|9N`xN_u6M2ECu+_U>IeU@s0!rO5%@GX0ZtXl6 zNX<1W3)1H7EPTrn{U7a%<{JU(|FnDwsq$Rl(`m{jiRkaFcA?wf95X_c9yp$V@)CMI zGQyr`{dtXb7O2WkmWlt)idPVyHpp+kjCK6^+pgmMrgYefR)W#cHrNRN{=b}jM#I7S z6Lk_HIK2fWm`I+X;o;ZIMBSZzSQ?S`cH3`=_)v6uH1MCP^5ZvD&tQRf2Z|Z|oLKU* zBoc?&#`uD3znKReRXJw-&$S-@pKGnwaF~N%P?sTXGlrV+ygNoROV}l#t}W)vZ*^;h zRz{-8%4lm_i^U=ZzMc0TFS&3gEsC8Xr)P{Q1VOsen{3DApwSF^pHraN!!xHwsJu;{ zJ*YVTC5x`o)s12wi9AY8c?U@%qz@MJGD?NDluj4l#C9?X+xOXp{yjbjOCreYtUlX2 zt)*5TgMJv!*#GUkNUmETNzVvRyT70>W_YpwYMbCw-(kJ@zKu9ud^RcDg3b`;#OVN2 zXO;(K=^sbc-mrEyIP+;8u)n15B`bkeQVuRJr>Cw-Ew1xe+Qa)}kq;=ZFxF4NoIL!M zNYOvm(b==^&9lf;93HFKUeNMe*v{I|r7T8sJq7v!U z&Z*S`*^`tm?>d|vee@MN8(rAWrcCNU$gTyKQaG9#Y*_75y z_=hk!^B0>^sbAS5F@8=%AN?BHk3QS502DddsexeoQrjbJpK3QkN7Lwd-9gB7i6ekr zf#dK}C*Ij^x}ClAsdxgz=f@u{D@j+C{3vOyTd*jRD<*^BbsHpZtQ9V*apsLVTN?*Q ztWZ}i&^*|qVkUi(o+J3C1rx?yZcyBFoMLv9^O!Q(7ABL?L*z4uzk?`LN~w27_8ivn zaKlzjp557G#%3 zW1A8C$mxHpOo8zvKGpia9{@}0|4zyO4Tk?nqpSTD2!@B>wuRWqlWuIqT@Th^yr4@YZbY#s1-8)K;*M zk7SWDbP24PI7PHz6*OHxRA_VHwb0>tURif#Uy;}l+t(7p_W*t^o98b1wjR#0W`E3a z?84b;*T^G}&YeNU zA{-%{u%!-qp2A5>b5V-vV%lQTWHJC$?7z1mgkOdp{(U4wB!@f{9$6~MJNfe7cW&QS zfA!y%<^4X29n|4EF7S6GpT%(?)z^dG`<0-U8CU1^3KfnNl}Mv3)C+L9$gw?7FLtUp zrGIpNMRDhKC!^u4VWPC*yH08kXQ5=FLH^{vp`M)=1`#3Cb=nv&D!*OYfd4Vud1P}T z+;@~EX7yUwMBohFdCmctHDFNpY~>qV6=WjXH512AH}AnR=F=NAjBlJLQYd@JC@dTn zVL#p((V*Al)yp^aYv%r8+v6HxIV%Yudw;Jz zd2aeb(JBAASp^(7^s2s+7_*zP@iHd^6oQeoNn>+$!g>oh-9fl^@4{K>30 z$Ko32{ukmE{V3YG)P@I*^<8DGcF+~old8_d4tEKMfo}AqYUs~R?1m%sqKpazjzIeo zvR@ATd&8%#8+xF%{P>p9x4+F_EI&&L=;zo+tgJef@D{uy_n$-5nKro4?`=$D8{eli zP?JcgWNv(V{P;|Yr^>F=E6}h&DH!pONr$$KFM*wmghZhUrd$vld9)3wuP+4_{mWPyaum1gDDY_e<@bwLrfFA#2_j*#?Mcw?iD)uz|*-w}=Xm-Vo)rI~xP>up!kOp8(YDIqZwQy_d7$jY=nJuviuUK}X?;d4bPC7? z-(ygaU1Tf%waM#B*#Ux?-L3o4XUB%+L7p;l$EKej^UJtT5=TZxrt@90KKaAp+Z^zd z;fc@8Hn&Vq?jh4_IYIpb^-O^@P{fQ(pO5hIAt$9tD3ijS+rmPRn8mGKCfe!wwCpD< zEV5R0Xv03Qn~7b*768vdkTZg_KqYJv@TlxP8PO+;pE8;nzsJHZLyN$WmaX~4J?vczvahI-gP2qd3)p%@gIZt z&$s35IRe+l_}%}EoLUD1xgHFi6a42?a6q`P9R?HSRRyZJ)fz3O(;DoeJfpvwl!2S> zQtNo3%V_fCFOTVHdZL(b+<95qK|lqo{8Oj~_xkcRv2Y)14?T3Q>6Rz=r(NjR-kj_% zpJMiq=~Q?=cN|iLY{jC(v5S`s;|ktvMCaw~6Jor;o}~34*Y6C)`g||+_~eAWJKGO$ z)Oj^Uf2srpNgLI&9t886Ak7R1_Abj)Esid3`0Nf zdrK=N+m>w@G2v%h$3v&URL?0p`JZH&FB2kSkUvBBtHRG;;$H-%`UIo{Y3CbLopFbP z0p+kJyLgqbgDy0h z<>x2amh)ZBu6O5XF*olm=FJf(cEW9^FdHB~(9I+S#y??8kX94PUx z)p3n&A&T!tzC>S_#PR4z64-g{!{26p!x9Z>ruRj9@Z3Upc*7B;dxlwD%nj~_m$1_f=HdrZToe;t14y8VQ>NY#Jl2WebS ziDrVRW8r?1*2#}R_sRvGN(FV~7GTm^^J2tpw#AnSvceiV@A3!UuOh+-tU~!^Na1p> zTEOsh0@(#{>fr4f6NlbWT4g+2=Pt>r$CfE4*9!bD(X zSRVj$5b3l@5Rj%r%}avAc#k=&dI=U&AriJJeB!L$lfmd1g#YI5YDqnQ$T@)d&4KEq zdlUb`SwNc&By89j)A|#NgVGJ;A|I6eqb^Ru89i5mcQel&>>oE$ga%s7AECM5A{!d< z-fB2>{MzstlwLPwy589e0&{I+yZmdEQAw^N4^im@8BQGe9&^*IHHrjZMqPL|k zCWa7VVLk;`jP_l&jv9z|9Ry3MO{WvsSXtWUL3*f_8K=p{-8k27oO9mJ3<7VZDuO0z zQn8kgpYlnUM>eh#4K>DJ0x!f6tDM82876Ev@8Q1*syND9bt}I<$3~nUSaAD_PilD& zu5a&{7ZI4nBppuz;LPly*_9>hfL|`ujdQnO)#bOk%ojVlG!EH@mF(ax)b-|6%zYPg zQCk?RUcQXnDM!hQfvhfPR6Vu2t>fOR(duX^+9ZY#;el>(<+D5+o3h7b6dh}=*s4u@iRO(Vg|yRu!`2P>|AC7-c`U*r)QBtA^-u!cCUc zv%^j7--=?z`QWAxr=&x{?m(+z*kcMBn)~afop(~&I8OG~JX0G!(fE`RzC9BmI5zTZ zZ^|#2ziM-Pf6u(#?S11VYLxG&!|m4JU%5obJ1h4I4*kFDma9=UkeK)0(A~dHO)STC zl967Mf25e`Hq>6eBH1YgUK*y6Qg-<=uCLxMyz6T5bsYT>D8e*cj8trP&frF}#qZ6^ zc+K8y^~d#P$5C1I&XLisW_+}})&26~T+aqD%^6OA$)nf0qgl^L z25pst!I5W2<4s9-QVvV)Km5it3ay~%HQx+)Zn!MYK2LU{q&sa5p+mr(aYR_i<pt*__8)YlOCkA8e;YOh$w^%-39vaUGAbpUL*2NOb?5CuuX9;McE*1$lU zC>qmV6msM*Z%Df=zDo zFiX%jq0l3EgW%l*Hu0E&BHZgXP&W#W5erR&&a>u%N3?#-YZZ*5b~=HiEj^0Jx?d+* z#z&mtrm9Lr*k3aC+RVk#Yw!llF2UkRH&tYvWIgsgTr_*wK&c2OKAuOw94n`HZ^b@Y zJ+n?Y-o;r3rXRjgCLfZ+!`-FQa)K(ns|x+Ek_0#V`Ab)`)XR%g{891cZdA|Q+*~N8 zgPgsifbU}A0v*-+npd-e<$V3+$FIxPVxsgi0joEuIlBV zZf`t?fm&Rj7bpfY91b@k3sfEZE;4eIp>Lg536{HB!Kkf~wFV=Vp6{ts^=0esKs71Y>$Qe{5jZ_hHtJQ_%CL}Gm8gI&Yw=*n z><_1U{!i0y?w1B4w^RhGBQ?Gn^NSH>XerP@lK00xKeo`~(iSHsB{e4%%MkNSw}GU3 zv4;$6vin2*a2n<5T%x6UQ}*zbgtmP84ZVt1oD4Z&K|>>9K9QopX zHJ4J86_?sX$0hfcS1zb4(XXej2R!w~b}sRA`+$oIBuS2);2rZWWWW_X{?a)won7{q zR8^)@(elN!J}{bseUgbO=om-N$c{qr-2_v{X({yIRU%=PuzI&`M=3;Uy5(5TT%30N z>&TcGwCz2g@hV#LP43|yvy@nfILYneH%N_Ibt5J3dF3Y$wj)#NF3VV(hVDKj>u1Fq zNZihV*f`Hibto6XC2KOHU&S2W4QJ+t*L8a;$KQCf)W3CP&&gUHLq?~XMid8*YZkK( z5k+%k`6pWkX>3nh$mgW%QgQc2xZbbXR$wjvw0N5Gs@{8{!*n*+p!577|GmDlgm4Jr zd!la^#R}JM;xV$}#f*O+!)|d+q{$vgEH_9us)Gvkrg!goIW-Ay_3|uqSnB8Q#y(w+ znup`YA-fX9{6&bw3XPJGxvKfak@8-Tv{z6$Nd{zg1ySe@jiJbJY_C=Nd_g`*HP6@D zU_jYqAc_xvp{h0{90$hsp4P+a!t2r&rE6$SM0XXA5YA^%(du4YEr~3ec~Uc|&Zkps z9!h%%5)&TGjrZVT4fb;G*oNj_C}%?vI0$<9tbX^(Ir@>#+b*b%HZbXe7oB|C-(JAAI4l!#1CB<1HL*Xz$BGLW#f6`|vu3x;PGwDze|g?H6i~ zpnN~5*OjP4&OB@3>(aDL4NXS|BHI>kMZ%b@nL?QU>L$33msu3nGnF8?A^KQ z!Rx2_M%P=Sy@u&MqNboGe5O>CykDRhG(s^XFhoJZkBMC2sCLcfx@aO%Dt>cnJ#<^i zEN6--8^(i&OkK|k3!S!jfdcie12(sgwtv@NK%E8Yhcf4W_8(@Pf0f1gEmLBpihZ{(5niq%ga0E$BBO$$V@As3CT{xWgirVFJt8&&Mq_qjH?d43Cxm)17g#~SN z`NgmOEg<`Ehlb2MxrSYrXK!TsdwJk}84ox>Sq!|CmN5#2r;jPDlXup=uT1lb|EsxRwc|lo}7j}5?9bWr4;zjC8-9U z!5BZ=n(WK2tsGSX+IsuySlaVM=Fbs9JHTZD!TMr-A++dW&hv#p1q=rk(Tg}f)VWMp ztsP*wY`_NLedh8?GUy+8Rw=Bh z;)@fp!b8RJrWrc559$}NtS?@3-#*`3tv%Qqbco1HB_<=W8mGAzaX9CHBfaO-F>=JP zb}1MM{hY~w-AENa9+3w}ZNacYLBBZblxNRR_}@(sumhHwQ}XQC8MgGAMag{t@i6a% z+EE^8kWekQQ7(&tkfS%fsj_e^6s(lgRb>cC-=zn-Ig*&K+Ty|gDE3wM^cw*UNavZ-1?W|9~I7J7pD8Zp~90mlwYONJ!|o zLc-)AM69g>G{P!a#=ASY1#?tb1Z@z1T>ZO1Ey^fb93Bh;3==+N=NqQh&7-*8Nu5Cm z?DXiO^~!Pe9Iv_&!r%M?^|QBbaA%~eP7g1)&Vlbeix^G3RwkW+^A(le2)A!_RB(j) zR+1rVc4GqhTSt{dGlPDB%T<(QP`Nz~jpM1&YlF@W*dgbu#Dai%#86ghqn}$X+6Lnu zkExm8ok?vg45C&}M^BSd02IL2B&hahPmq2A3E=z@<<-7;?6(}=41gDw8ZZE~Flbk- zW_$wFT5FYTQqy4Xy%%xBygJT;$PM&WLt;*{aJ!S0`C4CQ<(7VM0LSYK8QZgL(n;@5 z8rfGh_ekm3U6P24@S+2*x<;uIwheale6TU?$)yeQO3|XUXCK&jDQvkX z@=koe(#dcp{)Jml*qDzVBJ;t04Zd7g1bCcWU!R&_Ih>t+E3ATOFU!cj-WF7&x7Z15 z{vMp>6ulJfss+;Y?P-dWOq*_1Ck(6;Sgmpd_y^Y50^+AI3P7+De7p>V@8$^Xi8ELw zDum&4xDS4ZIlt)%>So4@+A%$3(t$A-qa%YqFQx#00aj| z$GZ;IWxqX0Kkk=$Ypvj9OUTLQ@^nb?U1_zc@-z@_uCMS_>c6v_z2=^6pj3d7 zb6VJ%n}(?NgNOJqkw6?eLyn!={YJtl4bWDeIF90ssTa9Ur~RH4WW!Ne!EF&blx4C* zd2`o$qHA{(nmx@bA9R-|MS%2OB!6>^JR6gKK4>pS`Rs%G^|Opi zg4%BYaw~sz80eVdi!;c7let2IL|PHrCh53mn>!pwju+)*+^ibiT$d(gf42DE+WPfg z1X2v@acMAmHx29nHVL$wm5_f`1J^SeX{ho6%S7|u$=0Pq^xw!9dMplG1IP2G3s}Ar z8%x}Jv@Y#jAm~Ms?O1`;U34CiE0%YVAbiA1#JX}nrv`K`IqYtW=+6Z`@dJf zTp&BU`3!be@fDuBeoATbRt?1LL>VcBXF_&cYqOR;yd8QR@*2?kx#{sI^jg({#tyU7 z>#iw;$nz5mE&g(`=Rm}L4~w*~pfge<}3d8BH) zZ@Im#QtMNU?D_7b^YzxJuNwZIf3|ywikn zg{U9H(;v6CSioIX6JZ~!SZ?rmQP#8in?JXasPV>hAu|(HS9%`K)>bg%GbrEQQ9y;z zXHNE4l3)!6VrQq%5$cI^znMjHYGI+4Q_jf+pre~h1ejbi$QI`P7?M{n`uR`T@Ikaw z;Xd5L1HFCxmI14)ImthD3dZrTGY@t8Ur4Kwix_ z+W2@@!Eg&dqvp$_jLRAr#(FkQqo4<;hrvf7cZ~gM4}s%T1>jyGS0Ifb=>lTv5s*vB z&NO(%0rV*An-u^9d13LY+8?K%75xC;7wKr|dn807E57)w+SbOMo?Vs2%oLBREme@~ zzKv?~6uD=1hG6GLlFWi*-xSw<)Q%w~p}BWz$ysDptzY=y25(~$$Ve>$UHk1MZ4gHc zbW|~+-(o6aTv|CIT7jkE9DH`NK%$vV#hG!%a_guL6~)|u0vXr06pUh+k^WJz?ws7~ zYtMKW!G|ep$V~& zR}g#Y+e3^D2|IMww9QnHN!S|o%aLO~#lH_Kjv=QKr_GUe4%*wAqk57p2GR%z|NHYb zu0WyAar?u4)8iH&jIw}!fqh^LC%A?uVz^ep?|FUE=(E(%%t5U$5+=U0*D@3WLn1tTum<^Kw2aO6dnSW5_lGi0J z_GckB$>y}KPKAE~=k;udtQ$q}9oA&3B2B{5y#e74VNP3t zP`ftw)`#zt*%$|k*%+{UhurO<3azd&*BoqlMMA|B~JJ#WH|42LWR=BhENRrRcS zc7wMqat|d;yb3UF>9173(&nnYTF&4Sqeejc0vr`V8M*1HJeOrhPGt1sZ-T z%7}HDN>O`tSQ=b(=zwEHI@{Yg!mnZBwA=%ut-7`8k~C}^JMdlet<9sli#nJe$B=3} z9)J?U>@z4afvB~dzPY@JJ$WabDb_6; zFnH5lt^JEw)cGy7aJz}T;$iQ1)i!Mdp~t(q0&FD@C0ulMU)6l%)vWCzX$$Erc6-{q zA~){eGl8;dc5|vcu(^W!FOQua%`0W%XV8S#ioLDau(Xvqdt%wR{ZTX~s~K$(&_?Pm z)Ykaw2mKPRwDz>F6)~jnP1L2ucNO~c?SkcQW#_#e{$KCK9HHM8-gd`36~tTZyG>Le z^WKY@urK6?VtTETxsj3Vpf*LJdQ=vhOvam&fKu+c%Fy!Y;hX~&3Nj8k8xC$Ez?vj zqeoS??TWwNiO1DBJ;5gMd~?|QVx&Vk`X|;^2U|d}SBPZuxZl4h>SBBYEtG6CsWiYV z?BZb(VEpMfs!YL& z6BHi8t>h+TSg5kNq3n3ZdYJt+n5jOMV@T^UX5WH)Q|ecX@k?psk!Xd4&SzdFQK65* zd7C@%6MHJpWdAJpbYo1tw5PdtF6pfH(U~rtsz|jXj%-M6y)44B2zi1;h!c z!|<)e^Zb;=9PDppP+(=`1Z#+WDg%ON<-FQfk5%r8=4)HqP)FC-sE>ClZ#pC+x%s|K z6{a-B7g)W@|9BSkYP*S~WgpEud6Iowx$6?Wek%{+K>vOd%}oaMv|C-IDD;cBR1j|E?+6?W=| z;r#CB1nFv)wY6s)yW{9pYINR1%j6IF_q`yhJGO}9L3i|WR<~?1Me#(V?T$^~QG4o_ zi~4QbAmz;;eJwk=Zy#&+fTc5zxSbUK)`NRby276?E>MSyf zzCFErw7|=`FMj|QHLn5^A5+B)6e;_PKxmH#s0?b>|7mV?(!0{wsRc;iAoJF;>}-w5 zoJL~P7q0a%piA(w^cZ?@=-)&qrU5obNkv6ccm@~z@Y#1u|Dj_YSnzd9a!LyJCYh?~ zc*E7-tW7lD7iIVLcn7h@_dblVd+-&KNIUA!=HkB1&MH-ke_4sn7-`2obE}q z6$||)^zuj|%D-*1vdl1a%DzBh=9OlXLPbvR$Qli9+l#h2@IXEJPjBM}!7fW_st(>M z{A;2Ae?$|9bXOxwlDne>W@vGWJ$`>}aYn%HT;EdIY}#`@iP#koV67&G9tlwaAnb8nU+ z<*&}7fD8`73lg`bQmTINajaqei}G%~#=ZE*Ce@CZpN4&pU;ihWASdYm_od835{%tH zuKrFL#q=oGir4p|U2RTv>B1}J0oGc{F>!TsN{o;uv$fsbBm#nk5Z;2#pV#8-(Z`t37Qo4|#)m6Q^@wQfP$4{J( zPmj)nOZdX}U$x70B1QuX^jk&K`}gnjiY15<(K`C&PHfMG^g=A!FR$8_K6rdg1mb4f zzL~=A-K-3>8-4T5+W64@$LZsKwOAHl6JUt0T!=DM{<-kk}nAzBR-Q0kc_A0 zj>UA+^bfO*``TYdK8Q_FN)OL?%^Jn;kZRZxb*T#Izf$!R`%ASmD$)xYC>LT3fbIP3 zu}zM+Zt>vYqrUd|lanI?<2tl2>?#bGRPH-iJ8;sab%*@jh7>6K-k_(aZ;3ot+?s2{ zq4E#NDJZ%D-W|vQsi?`j-iu_@bDbZk9pQ1fgt@k$?uCVg+T}U^vjIKpg63-mwlR-X z19$EYq_QUwu#xbpLM5Nk!y9K+w*3HiT@yO-_)PA(q(B-^f|b0tA|k{fgvj9x$e3G# zHuLz63rlWdJFJ@LH)W`)Df{+Z$A6avx^K+YlabMKb^&m!4-UZvr+1}F-UgbM&m0>n`Rs%(v^;F$MqBrwWp$Lx^WPU}JIRvt*Kt9NG6UaVs852?^S7e4C*r6yQd4Z@&EhMwl%R5S5be+o-&cY~Sd zOvAv$cQY>Sb{iBScmq{i?v%U#HL5d`Rp}tO4@P3td*Jiyo$yiPLn`-w@ZxAEfI?fS zcq8Ik;%@@Ge-+B!Y;HpT-l+jLitJ2Scv{JyDo-mJ&oN>yrJ#ljuZeH`CkLCmGb&ka zL7N(zma?_bU1nnCke6Lu*F>#rZjU5_X!i?L+?f#t5dtvbbUnp^Cv< z)_}29UoAg~z8SENt$71h^Ar#tE=XIpd;fCb*92JMUvNR8%q@eS9!~AD)Yq@=Q`r?b zznfP1c<9`|bB9yjdp^X=MFN+e!6QHUO%0!BwndZZ8zdRDJ~P1{ho#;PMtOHyaAn}{ zmGG9VqDoYlMRV{djoQ4hjS*p!qw7lCf8n_{9;7Zd3n+1IP{$lR5Z|c6t{~T{Sc|Lw>3e<5+R}3Brtsc z?@j$sdRsxJR8Mq6(And#*_KGIk*JH~xErFCW6cIULs;x^)20;=d_yu*Z@P|Tyf37K zHfPpQZx8HM&iAL7QFYLI$0rUw-m_g7`g1j99uF%-Z5jOQpZ8Mk;`5|#`Gli{lqn*B zZg+u0FH+f57{gzu5{)DR*Ii|d*f^@m^XK<_4DbLMnJB+j~ogMq5 zeguAp4#Xt-rK;P*fZZ$!QK-1YVlo9Nc-)~|jt-6$CsBa-^#PwYBL8p{(0cl8FLpoR zV+)}zmjR{YM%tS_(RoY4q{A_u0_Xb0icU7cn4UOOL7=`(7UdpKbL={}b|$pO5O$4B9|>6^$?a3$H0Ee1-5iKamybT+;*IEG_RZtqVqP zsjdS`sY*tuCRTF?Z4GUF>?b@O~tphDFG~!WaL>0yvR(` zL767Wmz_F>l=eaXWTo-n&mVYqPjf(8d;0@@6xcMQ;GeZ*Sw{DV zYKeo5`SU+tFxFs}=B&Q`u+1ii5^`c}Yc59%LsyS7OJzAzkLG-j1`XV$VO1krOZz~NLsA|Lk zqoDo=6F99vBtOBwzHG979)#P5ISpl56oqpPI34FsnEhj6bq$4}BlF z#qKD1xHd-x$Pnt4@e)f_ATVyY$TRIRtBTt@*{O+mEZdKSYL1sWuFYkHP z0$ggQlq9m08_>f-y&Xe601N_9thg9Fi8Xy*U z$UlmqP46;&S+768|KNEfqb`)61Q=cO1BZ@QCz}Vtp5PEIFZ!e&0^}>+aD%<4w+H09 z^gu?&^S+6HvAB(*<0s)=8^yr7fAkh!Grtz%X(PP;_DAwiy7$ zEcH?3DEJSI`ynt(;m$Iy4r5KOj3Sjkg4f*|7vxeMB}_8bT=8y2(S(M_%~fWX@d-+r(%?Qwm$P7+XMxXcb8lOw>H?BRk1*8j57y1tO0yVeWfbyMX#N@4qaN z=p%75vsf|~o?*o&SMM|wU+V~0Ob>zH9T5D-u_49J1pb3T+GA+zH^8OL#T)?b*0gPYySL=hadRP)`4iPcXUb-=RvB=0r(8 zpZ`1Y^!#vi;H8KAgOf*@bnT+mp05tY|45O4e_9ng)93~nUNu4i$_H9jzW1coaXZTu zEn=Vnj^a#*rhbW$;vjAxeNQoe?u3rBi&It+F5p+Gf$me5r$0v>wJT*lTz}H*KX}tI zC(n6BdJM>|@AI{PP8ug?3})YyE;ER73s=;{Gp7v#!nzu2?-doSMzxjFZa9!LN%^v; zM-SMqe4(MFXhT$(*WLi4wst4o>9sEmx+`GW?B$f!lB4KE8K2is<^14&XJka>!#ttq z044gIdfqK-yH3fj#rAr_Pk*%`8j{g#Ch@K>$NgnzIjzb9gm()@Dzq|gs0c4PIQV`- zs#l0wFl&=hcPCdr!JegBq_+zvxJrhj3=5<_BHyR5MAX_}SQ9HKs(J|hnyj)&n;!TQ zB@vS1aMl%lUZ(QJJy6mHw3OnIvy@dce6Tt{!ahHY`1B-O+;YFn3|WK>?3vysf!9ra zh_vyTX&H61LQMxxzEkKylqxp5a}YZFW`I{7$#?EQ->s%BXW#z*Zax2JZoWO#+!q7# z_#XMqXpZ4)cs8eEz~H^+jfUr82wH(qFRSyD?-OqxF(d3=0y(ZlVS-0*$Q-TKwJhly z^9Nq_TS3xG*;5TA@}1GHJV?dKU*;X*xf271!`v#NeQxXKW~^lTfey~xDh=TVJ~ot1 z%guV|F4`fW)D81DDbv)Mg9LkfoV%XrjbQT?@hZ5-24B_wo zJ<~J9Kgkyt^+a)-?w670^gJxypSgzUl;~ZHGk-;?`M`+t!odZX>{4sWFCXP-^{ZoLqdgJ?L{pcep`YQNSUKda*V?f zh0^FBEbWU-gEAjoK7lG-QvZCh<>E{0)>$PSw^~RKox1m~2S`srw6B*$565*Y25z{p zecoF%Z1G_gZ07|Mrlxo+acM2f7}9+)#{{H0_8kGs8Kf#mbq}wJq|4xy`LOD=WT-cg zG4;bERwhkHyo|}ckL~c;x2K~!TDwKVhx_YOrGVs&HZVTpH*E~=XDL!lk+h5 zuB5OJru2EIK5_4TC3ts6re>O612ViGpL295^D&0opS?Qh0;nEhRm;WIc0@-Y7eX&| z7zGz=6%ydviaJoY9E6N^9eJK*oWs7>Ci(@X`BAIz4SLJ;(j5zX3;UOg@wscY!_7-W@D*(?k zNCSeV3ad6!69I!D4=5a(;!vQGy6->n>;0s+GwMyh5$EY4zFv#irZv2Or^T4HSTXRI z?;mM%1L1;-&TZVYq}>N|!(E1IJ$eK_F)G!XT;=6R?|{J3xBM$ahV9ZtKfntK^^macovsk6^PV1!%2CKhc&TJZ_}bgA z-p&<9#vUfDc2y!>hp*PBsB&zFwL@npI&bzg4F;ajsA&%dlP{3Ou8r14gvAo8t>-v# zkHsK^GPp8Fbn|@fGHAaXy^Rff?J26wK;L1-F7w4XkTdz|f3QljVc2_N6H)+%Xr9+Y zY!@Cl6SwxYK%wK09#L(`JHS?W5`9+~+vTqqG>rH>S*RvETkq=uAsS}dkA_ZGB%^JD zCYg2yx6^qUS*;FMYjRfI3@ZySup#$6Yx2J(rW+-UF8F`6UDYts)Fse zbZ$kOrs@xnuiUYQ8*nyj(OUmF@(@zP$;-J<4*&2r=2Qv&vvberuW^NOEFi_B5*^dtsicbHr64Z zOA$Me-Z)m&JLdYya#xSbT7Jq6{X=#VoVLBVzxu2^7#TnR&|N0lWL}EKJbmr!r|$Ff z!)KL8jO>WL;a2fv9Hp5aU1uZ_C|&9te3!{67;nK{l^wm?txbDLqfN`>=K&=h5=?0N zfe>+GvyhD9UKuIGqIS}EN&CP``CwSC(;v2=9>b%tCpzXx6lSpG{~_xupyFDVwa-aT zLV_m{T!Op12MBJ#88o;%!5L1_0E0UWLm)_ScRL9%$RNQT0s{*LH zE!JZ1-Q6YK)m2|rO;f7om`CCwsEMg8nHFYxqe0iqilh#c7h`0M`{MPpHV<*3XX+08 zPj+b|8C{o?d^sM)?Y)mA%&T^sDXKV?Y0UFo&m!7uri1znX=I7SI7c7F6;ZCGV8xN; z^`)8`+6D%38I0Qb+|YkI>eM5fbsJRh)IN0P8F}$|58n$m-g7c%0SjGzFG-*PPvO#^ z&dRsKdhhQmvhgV=X1#2R@eUQ_)zuiAEbx)emPqF-SV`;OMBYSw;eMAZNL z{)mycxM+;Ke^tfV8NBW+%}LN1lNeIBuxMU1Y@H2no-H?Ong(2sdJ6*$f0hQ_OR(yf z+r>`5@8cC4Dbu}P-dTK2h}@fW=a^Z;dGK;6GHgxWoGrMyz8W0(~i$%o5yu5U!7xg zwwtCA{``sd^_errQFkqZSF__PUPB@=kP5RDXLrV^OZ##3&MQPZ=yDsII3fEk&%ao2#i^{`{}P#HV6ix95|sybq4AwR2{ASTBWk;Yj! zui%};bBBF&^xQf_+io`VYD+WZllLp6v2WajjquG%WbB|MCJz=>>MDVfpgU{>vo_IHIQ-ha%0b~ zusCGb!L7N213u^NHV8R3q_)}^e5Ggf-ImtLRphj{#qy&wjo2FyXN%;YVoY=3x|~Mh zc4S*`Bek$<4(z(#LZkismkHy8^EUL?ZNL4yLgm!&cv3eB<@i1k6R27so9hFim`_^Q zv)?urDIS>`p~g8SmK{T{vSrxVXHQC6gvd&4Hh*mxAr}4<9O6y)h~+gw=XoG@!Q=}U zp{^-=p)i7_TjMrHCyU3q+8}H^=6Asusn)~?=Zyscn7ajpk}y+t_e~n7+Ar2bS^1tH zf zJYh5)%f|0nM3`sozp8s4L9`WlZ}(gF=o3kVUS+HV`Vfuq|84(S3!;t9eQzQq)%WC5 z*mz~?S3!-K&5+$>nLg9l4>EFnpl8UDUk<7ySrWCCkz{)dO11S*qB$o4D;35aX71ZP5n-54!`T;0G-nDvWG&b;tX{8FcEOAA<( z<_Jd-2}H1O{92{zqUOt}{EHfFo+T48^=JB0u2X3JvM&fKs!`oOkPx#CC|zXdy9@F2 zUS_d>^n@cC>u^?iMvi;5Sm7e7Ir{>KGxK}43r<}=zW2|O@YU;5U9}~3{Q2_3lg`@E zH13?)Go3QM{Sw6@5>&p!h;@Rq2l0fdf*gbK_3~}NMQ;J=Og#WtloLWh7AWn2O~x`q z6qS0M3C|Rk@aReWkaXEivvS6|W?UaZSqb1QpF3M{dF{=vZnq!zX;4`ruRdG=W9qd& zAqOy%`-?4nPjSe8EzV$Os4w#hHltJD9^wkqD}@QPU~W z+7M~GjsH9i036d#Vd~FcBJC9+1Z4LOj<;bzf~ExrOg8Z?7i(ADu=&7^DozL63HZn7 zFE#K~R}n~D_l_?u zD*jk~e}sLQ=O^!s?q7vIF~=8vk~msqX%v(RKWLJEvaCZv{*};P;SO(zXzIUkpzsl4M{{IaWKiS=J=B zdyj?An>T%i4b?KNCj=W=Wb9@aJh`4v{7vOj$@jk7FKtKxb$NLL6g)?V#ZcDZdaSZx zKH5!InyIv0yl`jMZmoZ@@;n~~7sj#h-g4l$jv8Sz#rRUEGx@IRq6U}nZrhSzEsl9) z>M_)-(Xo8=%%>ORyM^mBFHB>iyT;U=1OmyefP5fY>bI_}2P&E2hbi_i|< z$=dbU5?=7~KC6BF(fKjTc7bxpiHS_G+_fX-VkC>(JYtUU8sQ*x{GStY$-w3Y z*we_X<6Ca0S#CF6QFF1OL=sh3PF@kmY3wp__Z@=c8JDJ6J_+7S+6I^fB~6YK zPtOk-NF>f~JQseh)4F!}pZ>Gx_q@B)erPCD0`bzXT|eGsiCs4Nd#)#~)8lx`C#SJI zN})*+_;SL%+&Dxst4fdi=Zus!RYK#A*IC#jNxsSAJps~&ni-EHA`A+nUscfjP1w2j z`g3{=)-}E)8;VCu7%fT>H)1{qZF3BGx0SfzCTBa^e2U{~Ne}GI(5Ez!n%aTm* zw>l|G^ARB#A>ELIB=vE8cTA21n(&bDWhKmggl%PwUn^vRnG<#n@yzfqE0&!h<}$UA zz>7yJVvubcQy^M~e(`A;KUwhu?`KDh!W#%8GV6t_gL6wlNA=#J#J#+AoD8~fgJPS_ zuS8G_Vx#2v$gtBaEaqCe$Q4cidprNA zu?%peSM{KiauUW2l}VkkBDIW6z$pfb_XFX+m~zD4*ZN(0^I~SHG20l2@5BPV`6iVt z2eYOJbI0XzZlxF<{oV^|vn+iymxP7JuW~3MgpFsY7tcqLlf=_4;Xqlp!%m4b=B5DD z9InTo>HrwtsDJ7PB(+tz)Zy54y6;IwaP}!#F*(ACJXl~YE60lv$xk*5`lhZ(E=kbU z|Lq(L`AvgweqUl06BQUN>;vY$oinY&QO5N)^pF(KbsSu0DN^gSk-*w*^em=Q7@=R+ zbu4=vjx{|;iRWZ=ITi2CcsQpwKVg3X*}HK&cyC?2gtk_x@J^z9P0{iFR@GH3c&=oy z%1~GXOBlTO^%Pu-?5ST3i2G7;5&m3VcCF*$xl*ks3fD39VqG+}$MK;M)Di485A12L z@M@rB^fx)6so^KeCsD_=ps?={7$v4Andc2>6;A9+GG^i&B6d1LlasgePZv+gg~~XzR|(AMQMet8BtGPy5xN1M9=V}=_U@|3+o9XE{_soO)>&61Cs zv=`mYh5Vt+UKcDhw%w`lAO4o?6=qG-SJ~ITkUE7=zrZJx9y|2+QtlZWt|px&5b!4DaE1p(p_|i*A3&y4y6*7j}2anNO7fLfv5H0#$k% zNQ4p(;PREVxH&!c*oIA`qrOoEds$?F%%%w0L z5Xpru9A2^T(%cbpvB0-^bQDGLz4P6rg*dU{0u;jft1S0*3~Q{uwvaugu9-wE#vZUiL}E^f63#J8(_(w?oW_kpB*Yd#s6CSfX1*8 z|NiMnPOZ`Wy4rHu6_pN=S$ngU1N2@^Xz2Xoaq;3?;i6Ic4{_hiFupf%UBr5i#G_`| zM{>o^y$sc~P|WR*Kl(B8R00U3IE-w+4??6oV04S~A>XD51Kf-VH)p-wW(05Zk=2>Z zo3(vu=@F3`Xz+;0RAuh$%e97I3KlogAtWoSwDA2BLd+;x59Xz1RmHf1I9*?bN5}EU zx0Dv*BhNe?{|gsY^L{~DkPs=x0!KcCiDiV7!$^F_SQcUoi@T==jzd>Y##5^uo?$>hCJd$0@MCEpM89e}5U*cpq0U&KZv*nJ0h~W-a~M;N!YS$0 z#eor=E6#C_jR6PuvqV~;?~~c{O0G|lH1Re0x9ZpkA!33-_TJ`k6`o}l2wQLUUzV>3 z2?A9I%!9SkC zbMwEocQi`+7sBkcdYj_FWFyO%=Tl5D*i@wZI>L|f0UW3Jf(svMoS3yT821TNdL8-x zt)$kwckdL#@d@JkKVf{j?*o3fWZ%j^rFT-5?@j3+P=F<`WFWuJ z05Y6INKlP{>;TjCC6;;r_i3hus3?#~`#$FATq)rp#rRSJOB@oW(sn*(1es6hp)?M0z-bSFjY`|M0V|(0xZ44&KwU^zhGiw;TcJP8$uHQ_Wk?Uj}BH;(7nHbg7P8%{~KLe zvgB+fc{_(#zvWCOi2z9<-y1If=+UG9xt`UJJM(CdU!0PZF&y()o4i2V34C=FCe z9a1-3Kob1E=i+gcI{??5#QrxKnuA9_9sTnL_~ygd&#-KHs4T%^F-O(a+;o7GOv&N~ z=n+K z&deaq7ptEzaRR~DVuT@~kMOC;!UBXiR~Iuqn}Jxx!AeV>O@HhKuHfqS zA;w+vw$BrvTQw?CSB>z0eE+&w=_y2{yPs}SCd(J8{>2#N6dmH1CMI;_c73n}bd6uV z1vv3r1l-Ob+Ud%G=!E$?TZjwKk_`G(S&YINW?NDCk3wYe*YHihNq>CS?)k(>u;Tl) zW#=rl)@v{ihA|hopm-69P=4fbFx_|A z7cYoH6zM93F%~+hdX2+gBqzqMjVfRr|)MShst?WK&i09e121jNJYyV|*`93ZR zTc}UC5S0IZJhRVe1`AL2QfXbcStW*g}7(qi!p;@bD6{~et} z$j{(Y_QrBk2#BxP@@V{naPVmn10f4chI;Y)Sk5lD>!!|-Q8Tu}h_PVEl#_-`g0`aj zr;8l6;u`xYTF(x9gJvfIb+gt3{8JiVw+Z65X^w8=I@ggKxmnMX`VAIbyyyJ+H)IAkgY^&SoZ&DI_=b3#SK0E={WM=hA{*THJff!eI+7Clu) zdM$%$=wbJHKa~@x3v0$@g>R-ge&V{(B3EQ{yd=m#+*Yu0Pa@{$4~%Ayoj<0zvLomC ziY&&^4b4A&uD6dXviXRH!8f=KWDR}wPq1pvw@Ck5>MqOxiFQGSc@)19L& zp5=a0ONPKw!7W-q&rq{GLhJA4t|$UApP&ESO*Dfy=%+bg;iPq&?`IPErfoq`G2k+E zO!0y-_wYLBTbeEwx96s+(`+kovCmMqP(!vzPji=mSB}iZSz+?D=Ma?VahcHmcO1G& zksz9$Pw48;ZNfgjVre7UQJHl%mJ=|#X6pB6OKowF1DebaOH>$f#izwp`h%cSwT}Tz z)jxZFo0;)B|I9rOsBv5{7w6u7>2;2Yn}w3{zIs#%6$wkl@?E5*kPI3ST|pOU-(&~2 zd7r)3LdWJ~)~gmiV-C`|~gV|2kHG zW5@AnUzBjceQ3`HWEX`S9(M=SzXhBa@48H#C(BQ<(hkI<+>VnlkGrCECosOa--_D3 z>!RA3E|2i%XtlVNHX|su^&G2sLqkRN*UBy1Slb8L8=bPW78~cu5+e)({R5%V7g1s; zZ%g0w&9ArG9Q@^G)Tg^QVObx@%*V$mpFP9vMt;SZ6?Oj0A^mHlIa2T+tF^HW z)cnO!an@$bPQG<9r`|3V zroLsYyH7E={|v!~f0XOuVeie6N$Hfwy_mQUKD&F=UrTQ^AzNkTZ<90!feom-zWG9G z&rjAqzL>X=-sY<9{y|!gf$u**w(?rse3sw+caJ^AJ^BU+KvTLPO%Q0e&eVkT+R1JH z;I579JV<#wsd6wx(}Z8mP;p^et?*7iR|WNrkAaazo0kff%wu9Sa2R~rgkCt8OoBVl z4~(1GGDsYyVLP5Rs2cg`p!wqmG3(ahiKpYm&Yt$u)d&_c$0{cv!n{ml7N<)=UF3E)WP8Y5P^<`fHyo?$y)|AO>TPufq-0{!g$M$2b zsa^-;Dsb#Q&fvMvp@9wSrS!$Nc80`Cd#AFz=59>(bL}NXnx6LK1tr+oE%GmGF$=_{ zbk$u=zK%N4R4mk|FvfPKxqKn&M?#EQl-n6^TZK|9V{jGaKv5|~HiIoWF$G`XRf$DD z*^SPHqyH?AH%MD<&zd(D=t`u9T*UA;s$gx82V|(`@@lmzDKi>ws@8G6k9pY5?J5%aH7FqMm$dRLNGU9Mv1iOiSqktY#z3;Fpw3a z2UX_;UA}rbizyuxZ7PGNgGg5jOZayMG+iW>62IS2M0Ewdeae4nAbC|94-Lr3vk=!M z!m*>fWvtZYfthi@eMTubhj;N(j`7AfkI}oH_PyFSg}NF!Kw@MaBEz0hS#g&7Wdk(0a%x}7&z8TiC9TF zMz29x!J&qM?8A{m$;}XPq3-?T*IZR^lz#zSN(lWXp(BVny&17kSci$;h&)gPfA=H(bxJ&LyC^!K&0~_3 zOdo%+l#U%6Y`XZ0bh51Q#K1!lCRLUch7db#5pw@d#MuRm%DIY*K+~qUxSOHKP_U7G|>X2KTd*38=R`5CuKxh0;Bma zzve*wp$wygm<8?mS}#W`$88&vrW9NqLP0FuN;M?d9)sbHCV|(cr~% zq}rGTGc0iR09jL*t<$sv^ovEVs=*cI zCXz;m!8dH%VvcoI#qj`{G8t{ChLrBWX`_yO?BcIn(#EXArHYyH>;b1L&!$J3~fSagIWf=ez-KDkU?P zwe+ZT=N0_cU5GLc)CpBd|mk z;%{B1b$h?4^+L%MN)<+>NTT7w4+|r_p1rtALxbtx>oIuiW)3%+a;K8jb3~OQah(fg zuf4}RomIBQz>SN6DQnY5qCBwVvNb`IGfoP&iiOxD$0OE}n1=4kM=$c?uCF=>91GRD zIctx#pqM;hgqvfK3U6-z&|R+5At;-^OISmlJ(q^ElY+fz{G|2KtG#&xc#aWMuAm)5 z8Lo-$stHZ}s7r!6E1a0R{mUpzQnUk)q?`pWCd1|r9s7yO5@_^*4i8zD2&X=cpZf&% z_Iyn)w3+xNGDZi22d$MJcherli8_*~Q&2`!lLS|un+UXboRD=GOwem!E-_mBC3&IB zhsdRLo}TP70hxFSl1pO!Oo#WW*e31z(K`IZMazjIkHrQP1{`&*(v2k;=yo`06ci8jMoN=%12@|`;iXAJrfZoq2iTXGdZ&Xy&yUyr|e%Pir zQeRG5JL%(f)xp>n^^096O385aH_7*avX99jyNsE=t9lz+tjLm3++s5{6eIn z%2(se3U$wVUc$kk76VR|TaXCO=OiIG@-k!ITd3?~GnV*UI<> zf@A9M^Gn#pycA%1L@g_rm@x&yr;XUI*BGSVhI~PtPy<1eQF3M>t=iIF-@Um8^mB`w zUk$E=$a7tYlq8Q?R=pkVwQGT*pC*i)-S@2gO&li~N5$fhuifxP{-3dheHVqS@R$Pb zt~W4!tAR?8Y@vJTM~`nYM=vM~M>DLG5>nZEdZCb63soZT5_y&WN*E+{4HFbs%nXRFu1cFhRit1(YZ_()|9~VU5jGZu#o$(w1 zJJVD%&}s3PfwIR7ErFb zAj#&KY*Gzv9#ecGBthC=`GNGe9m3bQT(61nQl%yxnIc^n z?Eh#;EM=V;@y+jnGbqMIAN>@9shr%o?EjjfR;p4eV~~5|B4?ksUev2(Y>^c`M$TKZ zJ2U5J;rAyslU@h=mUvE`Hf9MdbMFv82bT1pdic6Sp2OV&+TO3x&WIEZVl?UF zOnsDYm-^B(Fr5EliOcF|$dcAqV5_?A9Ma2M@tb8=;wVijO`;vp;u*<00%fZ!D*3g* z&FkRDvZSStB-^SDSO;}J+eoHdhAt?_R3g_+9bhR|QYlZC+LXJb%jkM8-dq+e{m}36 zHP=jB?=wkz;k=_1vkc_WI&_Mcv8T3&W!L(?*S?%M&sOYU&}X2lGQfmEQ%pI!5?n0P zl>9XdH(gV8N)yzTeA$&sGLv#(%t}g1TE<%H^bB`B9`+|kk+pY|K`hFh9I}g9M|Am7 z^g?GtsZ~O(B9d3Y-I4BjzcvYcCQH&dZoq6;=TjFhe$D+<-Hyt!PN%FfKj0*I89 zz!A{JMn!)g7rLeEvt;RxHsuBNC99>xGS=_W497n0kArEV7^uGES!nW6Koqkxk72y7*(w} z6I3}Mx(f0etfOf$*>but!qF#xA-d+!W zu<&#tW&LJ? z&8c3Ljf%a#uwMh!8GUTMf68 zj4l^^67Xs|$Qn_zo0RA)`&8&sxu`bV-@PPdqqslugLa|ZZB;=K>VVhn4fXb1OGAX~ z-+K}P8p=9Q;)0drIZ83*s!jw$8M=^UMYOo8ea7Q&WB(NP!asRN-l&2!Va8(BGV}Zw zs$_yQUR1MY5xC^61d$(-@6moLmsWQSN=h^Qti!3t3&cv-5oQkH`iYD4G*gMTfuHUZ z8-~V>>%C^ly_P^5OZA+>`=1}jJA&A@r5uWS=xtRr*L1fRDx$nVzHdrd5rx9HdF8N4 z{mzRUtnJy3Vr(*T1Nk^omLQ{sBo~uS<<{t!qdDz^`XYyH>L&$~nHaSe_(p@B<1u=%5kA$rUL_Yp%FRpx(_CpR1bv84G4XD^<&eSYdF~TYPnao z*6DySlixm{-Ly^4MM^#8QBOK%U(YqM^#rnzug>LQ8e*9iTp^cWwQqPynDf*#`(j$Pt`%msIsV)Rd_`(JV^wp6^)@+IUZ+=? zrFSn7BkuTSpeo{y+jYrQ{V;)J>zf`HkDoV`1JjPUF2;0BoGTx;5iV z+h|p&uryJ{;%oiGUVAXAh4SYyufTnyYpO)Rs7f3aVj_?ss491!10l4Z$TVQ@Lf8JD zikn#rn#&nGX6?u7iPegHS0c(2Z;u*^@%xx^S0`1EkAF*S=3 zX*Dw5;IXkO0OD)S_1Y2C(5lBKE|5%+T@dUa;}gfqBQ z;A^lhS6g%_6#RjmMX>H4PuoF!zTR>N_Inlxo(O2ZrYU#<`*^*v-POX#d~&SQJk=b3 zZS>@ePx2_H1o58;(KBc{_N|!Nga-LstyW3-I3b5hlANq4a6%=otMl^pvwELOVhg{9 zJ;!@Y5;pwY{NT$uZtwL5s+*fwp(F128OBW8Ew>~Z#H=)a8Tf&aL)gt*|c z5kKGldhL|49|s-weiWH$II?=q{0Q&GJ{U#i4_-g4GWZFTJ|g7>AD;)D`l;8;MOXZ) z+41Z?$1_zS5y8-RnQq8kYyh26i?9GS5mMTkI1xpDbnA%G&NLAt4Hd9^B3!_&%5BlN zF&NzN{=<2Yz(_$^OemHN2r=YFQnQyN|aH%#43_mj%3(o&1hV zpv?*iW|lcWEef6qr!&e}(xd#q0Z0c6q7OR-ZZ?%HuSTYXgvS;Ho&Q<8{Y&?i%b$2p z>vCbhZJ3WQpl_(BIm*488=}w6bGHd0HIa<{a6T_00$xv`kaAbHfYB>zYTD)a);kV$ zw$%i`(L)ooc;BT^jGah+ILPl|Dps*~zboTAvXSBdl)=X4EG{$3od6kOPEz&W;%1m^ zw@4*Arl7W6hZPZBSnxN_kNjN6v)kB)MQes$&JH%^n6Tm1{2bde0>Dr7KQHNw@L&>4 zJ|XsbR~y%P8T;V~m$6`>>jB{N|HIGuQh)uo_1YFr=SZth=BaRXO`WpN{A_iQk9a6-np5~Rd8?)+!r4zkUGB<@;6&98h z0(D1#8QOd>-wVr4vij}a%HjEscdPg6R2_o2zmST)nFwY@YurV(|2m7muMxjjxM#MS zr};f7Io6bf%jb9Zg1Vg?%Q2P6F|11urWM*d0#hc&Xpy^!n@Sp1Am-pHw>Ks9ua^;@@iktYHS@EoPVYnC2)l^^g75rJo>@0*I`on ziQnpd7BGX``f^1MF}8^ZYcN8S!0d8@tT0ucVe8Bs6xnrFADrh z4d&-DefRGD!?pv}?#68P|L(?4isGhqY^m~l={gQ2WinHSAQ&rz)NasrE9P(&qK z`Q+{IsbeF>%q?y>@R9Vcntop&LtXVX;2fY?6Jsr$m5=iw}Q_~0u*kw}2gMI3bl#OrB(5Cb;A*!dShBYPhd_F;|sfa(HI z0Y*Ar%!4>Q@UCihR0$HC&3Mq~g2Cp2-1spUlaygZCTa2eIStAOfdfviA=4TmR(P4m z#z~|7c#Sh)pB7crJI=@(HrX-eFmfh`g_QnMTIs(xN z>xk*l4HttqvRAQ7zMR4L8{< z4ary<=%t#llvs!`Y1Z3zLMWr358#e1!ZM3QKKSbA}P^!9}H%w^cG7r#Yl zS@6F(y!@4fD=OXEGD|Uj06~8}hc(k2Mn>xV{=$Sjvy|02@Vm2`pHd>>tMpE2A^1pj z5HrboySx*<{ZlSU^BukQMrxj8w|E7+Cyt@LoSOUno_(s0o`mOpB{N&%cr7N?Ip!r^ zyh`6y?%*#54Ba!fLKfa)AJ1)muM(?>$7er#{I{1cf-d(1%m#Y|m4sY|nWac_%=bh0X9~W4EfB@|TuPgw*IT#}RJ8mcn2^Kx|CYh* z98!HA$;POYoEr6flcRQig}4J_&RsmSB#asL{-K)CLWM)=TAP(8EPAn*`Sfyv!~0BT zL1zJ%ZSh@6oJ)~|r4^{}=l-nr@tla-Im<$`m1SOs9okpl2K@Qo4z=XedhBwxc%QZp zQB7zRRV}iFv$}k72QL|1mP*@-_(_3W4zlQQ$acG^BW;>!Hv6@VU=wilYxA+XkWmEt2_k4Z><;s?I|xxeAlb(K2l zI4&On$>Ov<*!nQaN`JQb9K>%4#ok&`c#2KU);7ABh)x$>`b|2~p8u%y-f;BMUm%{! zl6q=UU6&pP#lS#l4;-!{ubx2YGJ z_%?Tr7nIfD#44+xmiGKhBqG|RPxq$+F;WZq+B5P);@OhFa^$A7^|z5Sf$4-k3RCtR zv4+&!;&?>=$iCHdnkUyxl@wRvQjEgD-#o_~zwUI$n=Q>mz%!$edmf9M7JB13mZdB( z$5NzfLbwVs0!lgo^b3Te(_`BZi5bQ|deg}WUY{H8Oi7=-asyGbryuM&huc&W7D_g> zpk5|=L(~kXl2-9-3uQeMva~KI2)lwM{X@f&Yw*}_6XSJtJS~y&f zf2-uq)Bmy0A+)WQdWz6O!RJ2X)%I*ajJGEG9~)lhDIWK@@mC<;U^hO$s@`XQ8I;Rz zdvcXShf7+bxW=zR2k*k2Oa!%dG-h9eY0u?A(Lv~oB+_x@9r>MWc8>etI zWmr>!=>Hrs5Bn;+re3@&>#3o4id@;uV5>lx)dpI?<7Qm8iDy1$jWAQHDES21#N-9e zp!2*|yk72RXngj~h?blfH?^v-9QV0zA^SnfiTxQYaH{kRHnoUW1P(Q0cLa8VP42Dy zJYFWPQ?IxCf|dQGb%L?d4N>l20eZ}BsMsX9*-Y~2j!)99z_e{-ukS9S$GUWpj z0Y}!rI8uZEk;cYigwlB9wXo6@eT!#cN#G@AudmCE$oA6LoN^HpPh>;8(Zc$%ddFi& zV51tpWvjJacnWIuN>n9VmX*Bzb!h#q6YF56xTVR;EpnuG-3@ZRkeo}z2EauoPR!`* ziel4&D4TMtx&gBQ<-zZR`YV%z zTl;@lV{|LXP-LyB%%4%x)*Ogg^wI$COtn*Xmv5nTtZ=Dx&c_Of?}aMX-)>rXeU^~t%`%XwMW+xU5f(E0kx0*9H` z0aJjh?T#7O`q`Mkc!!Y?sgQFVyHSH7(I^>1Y}ZW(`=ZZs1B)&zJko2AT_s-JZAMmp z$evW}Yvc(fk2Dbnh!vsFo(AKPOmImiQd(^r8+kD3;2M|&NGVw$DbSX!A$WjFo;}AZ zd8w8)JLlo@VDD-Q5lUU2&{HwLc$bhsa>yQbhBTvZeAS1%<(&YN652W84iV1orzVYhOD!V7fSJ_)jT$Lk=!2vz$jovYzl8o5;?JqDA6Wi`o^IkC~^uH4PVl#dmn zgX6MzODkk_bAsjx^)6yEE-3$%5D(CJSE3h{mkZM^Q=tXBg6$~{7<8x_H zNhD-sT%&(VhopSX2sF)L$LjM+`7`D`oa>ppn~RVAl4EtxPF;g{(rt{wAQR42|6D*+ zQnr3RYv)_Q;e-!L0&?;u{1 zFiYtfoVCFz7!7OiSC7+?R6zCQv)S780cU#m+~)_%IR z0z13*olBjskw}|$v=^n|wt&kH*ZN&z;rK5Em-RrNkwA~TE*Po`M0E{ujOqQZ&XX+> zg_dnZ9$Tgc5ViqgA;sdejt#3tM18ZjRaD?oXV-Kw4G+xQFP#5oYjh*M%TEJ&R}+Z7 zbKOX%4&B|UYHq5<7&lAlwCaT_4IS|Pxi8( zd(-(<->emfimfbdG!^FDnId;R5`J)*uf^$-&1n{NV`RSw{u|m_e3|N@&4}m3l^d+5 zVd%ZZ=&4tksuV<~yi%evr1slf0sjSDe~=aw=CN2;d14#r@!v1l~sQE(O!A;JTvmG#_fvB?Mpx${t`x*Vm+Wh;K{Kah7q1 zzubPQafgRorAff+CxsevFnuL&!~6oPDQGUokaAkjx=xAjCJLIXV!A`n;(yuNQ?#x# z`c|rnIjK3)XMHdg;cQhUNgf`l^G*1x?+JUTh4RG+-<214I* z|Jro$)I3#ABq;;G_;d~7JZ&bAAy}}Q&I?3 zUG9Em}#m)R1Lj|Ji z&*t}jd8aw3a00CXGv0xSB?`e}6Rx+{@-gcP#WpTXmF&!Yd5a4e|8c1flQFChD}2E9?8U3R-{ z061%%!IoL_7L#lmBQ6$%<_I+e8?1sb=<&gNgyE0j|I_^iD|8D#xN>-(bklvrOtMC3 z^wb&6Bh$RKo02`;nEm*-jg_VZcUG{EpKdA=qPn|-W zC3Jx7kJ&Hs?rz~!RNiqqW4_md^0ZQ+s_v)^IO33#Q)NQ%CP7fpq{IE~?eG<(-r$x*I7Cc1seAg5irOy8*xos`?DFbMIA z*cgavmKxv`>0qn4EY9C}A@Zdi&%*9wFdl{A#|t{iR~uKz7_Ml3rS;tdatd*`KuELO z66n3nR#s<~*Pa83G>PN87cMagR@{T(T6>vCR!?kdPJQhL$M4KicKYD3o|dD`dXuo^ zW(|iw8yN%o4j8PP1=%h*ySeK4CAS3IN%+<9SxbBB0fD z+=&JHKEBiU%$j#ZUey2h9`O0TuhFB4+9Oh8;H4#wi={-`0eTOxRLM##f4+E?%8FK4mf`tOVT-aP2JT)w}I2EBC0SGQ!!^l5QVjD_;|2 znveSBA;fvOTj^J!6~t_{x3rQ*3$@e=mk^EnH73VTN!Gg^@))}=R~VSgVY$R=k;GXu zOL=uL|IN|ktr-v18kj(+S|s84>&#Zq;jm*vV5g}8)6N8kCukiSKjG^K8LwmMVc=OSreU*0+g!;)Wl`(t}y`9w&JlV&b0v z_%@M3-@=XoDv_>qmX*jQ&V)PT5M8#yfCmc{d!1B2|J-u2)?|n_|5U(n9vc2Ggc*`k zliBs;a_26rN6&&iy&X&j6k8&NJ$iXB;Fxscd(L6T>^@ z`&Z#s23OU@Z;&`m3a({9K~i5|{x4fIz*8SOvW~!Cr>pMBi8~iUvT3JOR0hneM?f`& zfs(aLc*Zo;mx=Bwt=8 znF8Ft`*NeIi^GFl@#$C@nSzSU^iG6STuH8OxkdtCD~s86S*Jm*({R~(1DugaI8@Tm zaJB= zCR39Ty7U=w-3saK=Mzp&O=ik$c1s#w@X#r8f4y%MdF{3aH5lada*@wvF5FVGG12+= zzT&}SI=e2#*n3hkIpgnWd1;mt%YyqH&OY2aZ|SDB2pMZ!fg+2(V53y`t;) zM;zmCvxR~E62SFs=PDrV3khRIxL8&{eOEFKaDDt-tV-`r?Ca2@GyyBWMKEN0P1=Y5 z%H@0-lqO=;hI=|mQN6Lak%4L4OP(HQ&6)K$CbrQ*zfLw59rd??7JI552U5&tz3SSz zBJvm1;;d|=hH>sx^-3<5e!ys4Wz*nNBdDB1Z&#Dsg^e^hw;_~GAF%Jv-5Xk$fuyzZ z<#e%$*m~>p-XV&=%f~xbeZp!4KfBqW+aQbBf=cKx5m(2d->!AkUyg%WhpwyXj0Q+x zO&OCCmQXa1cB=F9l%K0vx9)JB2hOVEywhZHP1~);T+tXVN*`r3D4q+da_WDIItoA*C{0+tvATV(H1N_1rR1%aA<`=WxGHUQ zpa>b19ZmtpJh$lFq~SJXQ%PsnuZ2`i`-HUd6bW$6lrHR-GvOun8(tGO*D&+Y^%gZ* zF>SvZ<(Mf2Sb!D-`(4f^MRZu7PgEItw<4E;<4vmiX%adW%0s2mRI7jhdhhIpbvwN_ z?^X_1CWWXOE2Bvto_G!+Gv-$!TFO8FvFd}54c|suSy_qk8W|ZmnBMfRM1?z(u!SBs zhTv)`N`-RwP)R0&XN07mzKnXP6K1H-}SZL(bo?zp7L(m4#qW1w7K2`tU#b$I54FVda^@~0$t$$EQx)+uCX>l|Y zs{0t}!e+UqrP#|_Ao4}Za`7EtQi&9y$e*(8k9uYy+leC4#&@7sI3;8`AK5m%g5&E$k!=T(PR ziZ)sKVqE`(Wze|NM4R#qg1ry&Pg zG3WbB3feYvpIhu|YiuUedLlEo4Th8mEfav&Ub??L(>V3&-Z$B_(Wm0pt~eQIwU?i# zp)9!75?c`x-i_@=kvA?|abv}i$IeZ}nT_TX}pbP7E4+fNIu0?cN9oMy*Zh zr*jv4#u6G#F`iDi|1h}k!Vr5=1@OA;*#Yn8;Nb1keq{qxe?5K%K-90z>zcOFgX@#_ ze~fdftobg_51|?4cYa=ZrUr)r z5c)`|&lfQrr2u3NCLbN*@-VgE2^W}h=)VQr4vUC=qNbnM4H)n~U{%d1i4|wlQqL~A zSL$Z!IX+48F+Z-s=^#3Ms=UfL$V6{L69AGoswB3@IbCH^Q2zS4>5~MIn~+XIyHfB^ z*o$|?U_sO88kI^h)qbQ@+6+F#xlJ))FA! zU^NyQiHSdjXSN&{8Wp^e2)0TkJ%)D5XsXd>n$vgbC7}i_<^@mdKC=Cw?O}O8ng#lV zV?VV;I+(-I3HdR^!|uVi+9+r728fW^DH-kODNfW!(oH>sY3(QBS2XFw{ukC%ffJ45OrEl26t8CckI=h3lq@$RvKZ3={8Q~=U^K@%UH+0-`- zBsBP(Z%*=~Z^YRM4+k`G)4@`5Mm7dd8?V+e7J4h&;G@^BSlw|_^hRfp*3u^iZqX7g=f?Qpfwqy6TX=Sy~5wF`tBLqU5VG08oJ zfRgT4Drw>t>EUSU@g{fuM&wIzAayj=3}d2q$!}3GD!Dm30*vBIld$p|`XCKD-;@<% z!Zcxr zS6`*WllCJGGkz74cun2H8P!-hWo=R3Foq#2{;$kt0=Ed?grfIiBn64YmRm|Xf>@8% zezYgcr5klZyVH-?ev(yLc9QClR^hT6Uea|JHJo%mzkfTeKQP=J19=MtNvWx2Ls>By zD_sI`G>d`;`4%OD&rg{P~4h6IiqJ@|T-_C^9`zY^hL$3S9f*`w*Y zSOzxskY^Bw&(qHrMFQa`QO$3xkDOBK^92GJ6N-joD~VZ~g*yst0ZY}~u!e(^r-%2G z^?vcv&tUS&ejJ>74{(tAS_q`&TQnFE+wD|EsVWXm+Xjm`KJ17!zHs5I@0#>Mrqy8+ z(l!Ap{w}hAAqR`M3t*PT!OV)w7<4{w*X6-FJ8JYH@mC+Qme1y3ecq8uEJBN;9s}gk z-kc3n8~R@t>>ogKCbV{||*9Ht-fZ(K5e$>K2f=XMBfN87KEb_npEZ;RW+uj=xvuC&4N7B3EDSSbb|J1E+E*Tc1-^*S@L=C|59 zxpT8GTTi0~)Awfvp%l}qe9fY^2pJMMA!OkysH9#NRYvB#6vR=#RDSCGDs8O$a`AC| zk}5?!wJ`x?qMn4$D!ie8Pq8Un0ig6<5$`25eS_Q zne<^IXiI=4=YC7p>#V0J&S64>b&T!r_14m;c<`=US(XnTNW_EFB|b=WgT6eh)kkh@ zwz7>YpCm+N}tBZYzqo?UzPK z9XI`akS@H+?z^^c!PY{y%U5STr@OaSZ#XJdw)6ROo?Wb(9i`$tw_fG+(&0%Ia0DK3 zsi`eYM?fP{Y~l7T{MekW#kt!mvjGeimS2vW&R5N~ytlW-rjo^KC#f(yYS^~%=&bCT z_jw9rQ?j5=W+J6Mt6`lJGdu(r4!h`JiA<}Wk|4dw2tc8PLe7OM&k?m(2q(w3xh$Oy zz^?Nl^p#owR^ciidNcy`Lo711T*U`J}JHhTBFPo zZ0d5>!=vAh9W8U`@FHsa8(xP5Dh?k;hIDyC+{TU!TRarxEK8qGwp9V{q_-GVJWnH( zS-6_t%JoO=3QUoI-t`zVvzcltBaUQAQeQ%qGFf4{6+K;vgvhW>TaD^(8zd;9TH@cN zRrnJCc4f38?Ft2TJ72tj^I451JdlW~?KzkSxNOl6&2sXb+3&NnO(%03!zCGdy;mi! z2}7_S8h!o{$wwcbY{=NiLgFp{3ComNvp}n)&Y?`qW_A2S1%rJ#%zImK!|cyPq&4DT zaq`@or)Ta%6g;%4HN9d9cot_XB+J(jC?p0|d>XF2j(`iZmDVF>yUhf+2DN-*w2s9L zPHPvvbRx+`Mhb|Pu^V91nb!q66>TnCMv={Q7A#`W4<~27#d=;N9QQOn8)&bNSjnf* zphLDLj(?h%tlh%janT82YZ%P^@$a6unT|TOi}Dv=7lX?x{P-=UDH~ZWczbma;vgbj zk7(Uk$?ZH*0W&=|ocmMNUFdXsJFCnq*>|A))|)l|d0ShR%AmKBT!C`-&G+Z^GY`B{ z4R!Y|p-M9f$2J08!dZBpnnx;Km+wf{>=?;jz#o2!gn=$~M+{oNTU2Exr;(%O;3OF@ z4Vy2VlqnT^FDE(c>wjOVEb%4jcWm=1A1eeG;sGOWoN))cbeK$T!xl(&#MI}PndO6N#C#-Vc z>>m>IkE}`>?A;ZP6ve?Qs7p%mmUQlRe*6LJ*vOK%#0Zu1@K_aTz7K9VazVJN25b=> zxBENiJ9qmm;!IR;NlN(4x1`hFI+nB88H_r2+zbg#PxTHgwzl8V_(;xN!WwjHdX_Q3 zCCs)TB6P)v!OFxZC2^pS!_?8KMgnHUBVr>$36(>pc`We_=bAhPZ6uxT>%EY1XT8GkIx^U$9$)0v_!lYH)t_#khz1JP8>~k^NQ-=uvkXx)TwkfwRC~e5 zU3Vz?gV7?Cn9a?e2)-X4Z9V+yegL`20iUf2QK4Oa5CfjW5_n(mK&Ef?YUHrg5#QnS zW@i^Dt>1RKG$=Bgf9l{5n%PeeD(x^$<{Wab)frh?<1k^Qmeu-_WWLd;(L11K#;W>S zjBjt>vsE=Hci})HmNqa`03Ny_iNQ6oBeoQX3pIGX{_MGT8|NdGSey!7v)xq)3 zY3>|mG(BwO7Xu-xt}_~#f@gno8Fq`$xbKZA%PoDa52MP+Ue)^D>iBimS=#a!6N5l+ zK_#KFyXbZ$7iO?@`enYJJc!}|EMA>VrTgZK?WL;Q=qmDzY>7Vl`~}5_JUGO-lLIwr zu7)>9L%irNXB$~gfzNYoT1eQ0X4Z@qTy@q;h10#l)LWN8rOS^hj(c}tMRW0AGDtukg zBZeULH%mE>_Eu*cX4kqTAEZa!Ym|i6d}RG`Y1IQ>>N$wVP3Oz7*3b#^AOVZDu0!a z&d=ZKi_7b^$fS*kQupZ9DK}tAsaT4g9HMSzRp;Il7)<6#!59*XmJYeM$Z}5oIu%SZ zc@B)?Ns`y;W`Db^0y8g5=TgiaVzE}CP&I=+L(nlU#CtUH%nr$gWEQvu-K^W_wOW?h zE!OBI^UR1c`cz~95X#|_DWg1DA^_>lp)4+3QqIXOt`v-l-eC9O%;I^!jUK|69Nf!R zIDn7#gi&F?z^5}HQ^pH45O{y9&#wBj*{*DBE&Y)w`8OLn)aF-jM+ ziXO_4GS;@9x1Xz0owoJP5&=rTIYY8JD`8ePw9`b)3L|R5|E)Ade%K}I5? zy2~b{5;?=`_&L&yg&k+07F+7jI`<}EGiC`-1V)B5y^%UokCjQRuG)1QUYcBj?n%T- z(P5HcCU6vd1R}<=h=!jrx~Z@L9kzXB)(~*|s-_0QD6}`s z>p=}`ut+iA&=Dp|OfzPusz$<;%X?Ycegg#c!>Ij)9b;PeH6RM@oX@1ohq>@|5qA@oz2l9{Xpw z^lqKJ+-o^3t+v{^Z$T9YJVnTo(VZkj9n5ZI>sce(oh|q0`XQkEGR7R9tIOC}wMWzR z21q&IYF{{0xS(bbbX4fe#&t5MEo-EmS!&Kcti~^3~NGX>%M`ynjL()zGE^-Z; zPv0F>CUx6-xZfEzxYhb-LH#zDs2h>Ya@c8q}`40DEwl~vBe>gP_%-6xEmIV66wJc@4XShVL-s&h0|{N-qPM=09^>6C6-=t zir(-BLR|kypp#VewUuim49z6HF1~{*_K?Xq$ zbYGA*9j892&$=L^BB{_U*qJ&RmSbR?8KIdbWcGKf$Y=6a=Qcv(JCB{BI}3wgFq9jO zBWAPRQGR#6(|5{P0jGeBf_c$%PbBWBY<>e~mN2xKvzZe|WOG(8TBL{19|?y+6q=6h z5Qm67D9UFOa<(W_FYi6GEQ@fwi_B@-|g&-j@q`pfec)t#Us^Iu$^rX z#Ga+#7}XJvEbN#yzV)!%YYqR~a_AQWvW$56EtRO0=JWBB#mZhKZ|I~rKph|@fav@k z1++9Ryk1!1xM>DkLX2W0lmCWbIOhVVE_eb{~Uc-8XWpCz4%{sR1+jkUMlE#f_`@q7`? z5)}sV4LVo-$C`uLZg`qvz}PT^ktXzP%C$F0h-q-+}>(0eJXmU{+*=u zuc_>X?T?uRuISE4WYBTq_7k`)_4gQVcS{?>jzt5RZyCCTd*WBb55#%Ijb4HU>3M5{ zZN|9Vh`cB1Sql1}N-h zj5!6=nB7XY!(nIo{J6m^Cn5-PxhckBsr)^fa{ZIUE~V)vehx2KcVS z#-bnJ5d`zjqi&HaypA}Bu|c=PYP&c`LpM+RKYR&QkoQ(AX103q{&}HHTn~%UW1hQn znOUl}*YnWK9ay_rHjtMUqf57=v-xeE#W;ym57e71gqYyM(=Fwy*qLF+Yk&82X+yi63pI_lJ&AKg#85D$Z3hE5NRnSn@hQ?#q@>WN`0(v;KSSI4Zep zLEGpWyQLoccXLguVo0vL&fd}YKlQmyckKQmU@b4|(hhN1ECU}2gYwrS8E5LM%>@mw zH6C~490S1G)V|54)UvTmrP*uGOYT6ix1XYycwAwOFqg)67Y018G7@Dgjl>5&lw9+m zq3=}H;icJ|*XzYsE>nVomxWPV%=sG)>P|~d$SyRE$exX*%?W6DG#dM{NHrWoB%eF} zs!@)Q%e_~e#^CI5fyKFKQVs4XZ&fg#NH%n+_@<9EGn_Blb=0W%cf98Vim5EPT*;rs zL2zayiD`o==405|%My!-WELZi0a4jy;i({esVCN)buMA50o=e9AbZt3V}o81j$>qd!uveEPvSu8~wPjFp%MuwLm7G#p{UcW!1Tb`pU z3ZVtn|2_xmoj!McJg0egi3R8%@hB@ z*h$W7+?q!#J0wsuxt4rHsByJ zJS9v4*IAen%_;<6|Jz#3K2CcH@DYRk`IoQ+)ccV5m-Y0|2BOlGxZ=;p1{3^y@_(9u zDP@eyc=$g=hyVRpEsCL{{Yy#u_u4S~-P!*VYW{aviP?WE``=Ne(f<#H3I4xb7=#>5 zIvyZ}z5JP%pdcw1kN1B~#C!qPm;EwW-#Pt7enWAj9dW#sPPCye_n!TKZT|aZS&Kuf zE0w`+I~ujoE(~WdAZG$p1@P`&+C=FXmqTbJD+jl%D^; z%KvY4tQQ7)ucQ=~pP#Sz@nd{-SJyiwW#t4+?C*#|%JAg$)cmfkH9kF^Qt|}uv^UL_ zCg}cif3{L{V34Cj0Zjf^DMQFHFvbVW&cVSVA+eN{q?jcE-1LPvs%J|kMMmPO zB5#f=#$NGoU|`~SNbY;czLAkS>7R~D1_lsnanBE!SO{H_dKHa$#>`<9ZZk_ zdJJZY)psf^Q(LKJCr6}kHvtY*;|kB=nC396cjBjT8^%ApM&7+VWODD1rV(Qn6r4t9 zCL}NcJr0xcBnYUb@-3u+=IT#kOQaxB51BR>&;-Zf}URSMIM2z1P!sIX^V2pxv3A-qlr?$j@}r2p2TnW!MN>m zpKoWZwYjUeH)QnE^65EC)P&mj0_#e)xEJTaLajUgK})Zy=6^ zx6Ok~HbiKA4(}8jD>hS@EB=n?UFnA_jF;+Z>a~8gxaNa&f@CrSB%{1$d?I_!FUUPwWAV)GWZv}Nw(Bt`F_t;|1qQIC* zuE{-2xYzmfJ;Ogaw=?tgd+b{ynZP`M$o<#zG5hDC}wHkdU-(7`Pa{Gy8~gz!$o^uF`kfQ!PQ zO=J*77p+9oU=oK;hr%wY(WQlQ%6oNuS!ZXB^Gcz|$n*k6uZ24MRi-t|$Y4UcLXw@` zzjbezBN2uUIh&!IwIO5U9`*};EncpfeZKjO>z#y>vCzwIp7qOP_-gf6|8My%=qcmd zAOjr2_?5;#`Oao@m1fOVB9|9h!PJ|HB`M`%pCW^GG zzI1x)wfX2>_U)~LEWep!6auR(CRkB7gxT-w%MF)?Hp&gfmQ?5hFmf2Bx^?1zU*If> zR^WL&2#5^EbR#D7nG2?+N;6JAI-d1Hj`Q2gW%LQGYOxq`$(Fjj<6al^l{=eLF^}Jf zhRP7yk>yvt?GhjGg0l=3-l@<==azr;GKUX`(A3nR=*1zUu*ZHX$F*ds6w8t1_EK|- z`49S=SHHg@@|B1oiUkf{mq)pUK_j z65AetrR1R2ha1v9wovb&+)wp$&j{NhDebZ=u@z-TX}!WI^2WOFO$WyWV$oxC z*0!&jdYVHnikFReZ$DAZ7APn8Ve0NsFbX0_J4_@(eE;4-$tQ4wk+ym>qhuw|?$Q%X zmZH(7n5zayj1~~BFSlPmfGR8#3TG4elhxfAeu%vr7{sLglla+v>6%5+K;T(;X!mGU z7*W2+=h+tG#A_nmkcTFCJYNYZP3pi@wNz?xL}Ad`+Nfa8_6^n`^<^c!&sL(LlksfJ zHY8JxbB3Wu;Rm@fUAg&tWo0A%SI1Pxkt)}UeZ5bJdz9-P3^VuM45jiKUR~^HO5oDE zO390zXKoDgNCJ`=P_%(SyXBg>sH*Yyo>t1#SG#}OTKAWld(mjsSW?O1n^M*FQmm~< zgJc^#d&ufOx2r9i6f95F=5ZJW-@>n>xV1I9tN^ z#-P)2?4&#F*cT1Kslcb>KAC|r2?;5%ex+Rt`t3NjTsFg-1BOyYku{tYnnL8M6t`xQ zgnZc~jAwEZ9LB~2ZT)*e%Vf3&{*LsfEivJ=JUwC1QQR0{@0pQ$r@Q{MJ2fXYX7L0- z@=av2(Ad!--!tspKi0>%GA*p?S^J^^;-f`mhf_DG)1MPBt0W0d?8hme!6#uA#0~8y zT~NQ8R9;Y1I9#$Ev31zT4<~mfq-ANLCY15{rT7eV7`|IA5Vr4?qhV@4F*@3L7OE3`)w-MRzc&hu0XP*Ae7o;__?T0TBpCW z|BA#V&+%>HRbb%eAvRRvdEFzdoxo+vl^}f$WmGi*t&GvXpBSMmmK2B+Pfwu;6st&(*Z{AgYO(4 zf*KiQv6L|xa6ctVJ)r|BnHz*Yv>B@2HpX_g5QmJ2OTFO1B-!p{J&I=~vam}>KuOKpgE78?^XP-oDk24}-U)y%c&j5kkvLq9oj5mbm}ro_!V zZEh>Ctv*iuo;kVH?9rH#DUcYzf79@$&U$%q_zLyDFXGsCro0L2T$%RTx5Yff%JAEq zTvv${_O|YLzujC_P>sXX$7D{Ub)!!!X&B9B_wtn}Dxt|=$XIvuy0l3w^=odmD>$)#KWoVAM&$QN^0&!|O9d@t5pPOID_(5jY%f{zK5|(>L_h znTP+2XK;+Ab3JVeX(t)DH%RzWb~r;IA)0;j6;B&AUz3={fVq&Yl+#K!XG;=~KS0~Q;cF^h#}Gs1Gw%aXn~y4?qlY{tH)DW}xh z&V15YE)CnFZKxX?ll^w;aMS`tXF%gerLKpxZZO7eJg=GjVA+De;Irznbx=)HM})KG zYri<#lLa9J60wwY%-*1HGsohnL?#ak!KYz|qK7Lm8352x5n_X^ZCw1JL%YYmsI6~% zE77zEYXhS2@_C$(%gLO2258y`GmcAD-Hkhfw)2zjp%kc?o_=Ds#g8E-R^NIcJ}0zv z4bM)N>&9J1fl`1G$nM;vBCjvJ2S2UQg8Su4-=XtW*2?4c{-FW4YRh#JB&1;H&@jAs zZzNj^(}G|8Q-C^9$c00h4Zrnvk!r@;^z4H}u`JmkcFt*^uXEoUlLG`1NR!^4&gL-S zkt6t&3UyEcK1jy?KK<}5urFpykKnT_euVZo7F&WAF(|6$CYD z_aVDj8M;KBZW&xJsO+U?Ni;WmOal-v9W{&8+|NfKbJd2P6gBw=xOFp$K+DSFm}1-_ z^^DE=*Ypr^z{F=%E;x#pD(<3=~p#T{oD-@W%mHp7~b4+!ag(`3&%58StB zAG|2E_9EnF%eiG(qKMr5JdnndH1Vtq8k6KtZcLrl_v&YSaIm>`DM{`HFu{LfmaTmLr1GK95sV z`x}cx1R2-3OVN4xroe$w`tqLpA{4BCol9(R7kQ#WH#MUZ`g)n{N~bGE+@fwW!1j$r z2q5ZY``WAK`rBpUp*(C?=reSzevKv{EDM`Clzs;hUT)UGEO5+ow!A3jXx*Yh6Q0DL zY~^MP*v)>J;l6+H0KJV#QrsY3nEjTPh%LG9t*NO$E}#49Rqfs)(C=Vc+~VV~?5w4Y zUg5|psB;QZmnMBSe|0InO{HN30$q#ZNFBWJny!+=)fvT}(XU?bOJQOy*ycfQkCllo z*N6okAKq>{uES#_T`2tot`fmlZ7Tf7Mt>BR3J&x>^lA3mE&ggZoY0-fx}`?R(wz7A z(ltsVbZ5 zkh6x^$M%u?PBf;B+b2Vn7+;{tJz6{jD_;J*>UJ1hoFnM4xII!ZjvIFT$6K~TVT)t7 zPjYgEmS?g*AyGY;dzrNw@Esh*9Nj`p(YW8xg zVQ4OL39c_R?<~w;jbOYF-(&U3WLrUh9JJZ`XyxN{Wu`R~VJMfv*QE zSR9`0vX(tI>y{Yc)r6?=bU%k^QJzASi%eGS223k5L9L;QPgyZ*+$OWgG*a!w!{={% zqkL!zjynY6MhH-_?dL?LWP=gQL^(tjIi^QBe&v-#oslNL&AK9j=|iQkxD+`E*CIez zo-qw{7Iq2Ahsx|11h%pRj-IGktQIM0UNwctV6?A^%{{8IF+ExG2U!9*hAmhxQxeB8 zZgta}w?599g$Ui;!*LAK!@S7DXy@0Xi4NJ2&@FocSVonMp+eTjo>7P-T$Iom{xH z=q}!ivBrYsT!M^3RQGiU{k%>6?VU$)DM!?nNv}FN1>U~?NXDnD z+KSk78F&5G6Lb+C%^{Nldj)hdfM02~@+>v0Hk~?XI0}88{FCIBV-^~5KFe#iCdfLYnNV2SKP;D`2NtRr|9@tpn7*UKQ=QPcU^jQ~yoCdXZ!h53Kk8^3amfqGp zSWCRftWs^{ToOBEeOMMMxU!ThVU`ow;J93)v^#S*fd7oB zhm0qyxhC({^mm-gzzW^DU5yJ)qQ2;PV8m65FTp`17@H!rGa&LzE--V#_g;V<9{Z(W zq>D^*pL<}KuqGR$?+>ZGVUH7scs8Ai7KlNEFFKu=ATR@&P#5X_7+}!R^Ogjezr<8Q z@n|KJwVXCf&WN!gwLb<6)Fx1()7bU`^z@lc1(e*7{vCDE9b_8EVR zW>HO<#RDv9{f~o@+n5VnGI_ZX*LH8!JkMxA6vP=gz2f(9NleE3k5JC2jM3Yc&HE3h zCi(L36N}>g)Kt*C_%T88F2|U9ca+-QOB$7nA4<3-vJu~IvgRs(8dF!7abYWoK1)GCqEx-Fco5LAR?ZScVXnCw$YXG_$ z2mZROep^3ijn*5se2qRd@RqkN@jtp&v45D>U~;tK{zq~w#*{wQ2Nyqw(0ykEdrai^ z76=8P-|rd@2=Gmp$`;Y7w93+S-Q%(NcE&>Zil=7K8f$>_oChS5ZInMe`AT!CS^6rA zpg!OX_2)I-=U6BZx$jI&EKNi>X<>Cvnf&Wx2$9;A?WE2=SQeZ)=f3-Z^`57CF`1tz z3D;}WODB=S4S$ztY^sBxikYZ-;<7=Q5wDtTzy}jF;`;E;NOD|0KJG2MJhaCvI^4lB zoLu#U{<-JQ$If1B`t2Jp!1Je^ney^?8H=@X7S^k6t zk+n)1$Ox~g(`%*gN*E!|^d{UJYfdLA})Sd`8Mu{Jj#et!8DA)a24V$U&L3{Zv(JHE9lx0x#0@New{j)CC)j~gL zflRe>iW=PO6{j!#LxGh#KpN!_6{DhtY)svYO!}hn~ z*#{=iVkvM=7;p{=_&D%x{)iL~@$q3uF*srawA`avlanvFvNKDpXlFOlp*!mh07kAQ zck3hioamftX@xX`PN7x#<#R8*n|m}KEst;B;(s7`$r0J45WsI#>Q0l{MemkRM4g{& z73M+kqk6W0YIPK-(DK7oBnFv@w9N}Yvwj!uY^m|Xte67_C`-Z~8fVSNF_^+N18`7r zmz0z7eccdd^2k!nQ+?<4b(BkLQVu$YlL)ITPu*%@q~1fbqICS?Yc!SO5zXts`iv-o zNz_||mlKQ7)~BA!4D{$9`r0-U2dCjT>zM@sSky&K;#L=>l!yKyO(Ej*6&3@U#j6bX zG8oQCR5jJ)!bus2?%~5KuSV`w9n1Q}Tc$j?xY~s}d{z+bqD7k6vEv1@#ZB zw*gA`rGC*qL1szVCKFdlZ!JRH!^U(7W}ZZ7I5M@RvP1>C<*2>8JjNq@$l4WvO#X!}wE5jYE%QB$Z<39XaOvC4 zoB65_nerfYnm+pU5dO}*-@PdwX~3fGRW=Auf^zSmJ z%M6 zD!V0+nXiI98wJsHWj+zMYz1XLI6GF96_>$b0_~389u-5Lc!J(|s?A@U1;*Srl)6W< z-nhwj{>)1Ww2RHUEyP$?{C|=6)?ZOYZTL3`3@9~-bc518beDukC@LWx1Bi6Y&?(&@ zost3q3JA#1NHe5#58XX9?|Ht@^Zf_j_s4fF*8Id;v(KD;_SyTsug`U11zozW3<%b; z)zzuVT?}KG=s(5V*CvKOq5%|r>^@@EimC1&3 z{#D2$h`W#=;<6>Foj~ksBHvauY}i3m;Zls7e5+KTL&=JGW=7nBd}~}wX0*RNbC=s~ zdwynLX+}lT!0k0W!DcY1=KW}%`NgA*e%MG`U}ezh2uA@*?Zr!rcH}Ug%UD{f*xP9I zL~Af_c3d{4<1VMd>})(91EU^w`ezE;ts16NW*7c!+fRRmJGz1MMyPat3&EHs zjpvF@H~gf76^{3g(~A>F`Klfl3My#7vxVzc8R{?m%s-V=Bx_893>PXYuZLln*FKYv z6?@5EXS>iplyftRvN?1nd~{$SRCT6w*WRZCP6W>Z;N_ z>s6fKipson^zZRymwCcpThe#0Mfg!&ylV+f`A=D)wp5lu?wlE_Q_HGs&OMzN&Klw+ zoxLX*{eaYwX{y%NLNp^Mm4Z5dldkP6Ctl?}f>fSDC56%L-%XYzg^M?|I20+9U1KxB z+WnZt3}s~VW8HlbA%2kUM~-Bn)(pA)OorjlT^Dhz?MbsC^*M;~dOKN12ALzi+fPHM z4!j4)DNKA0K=t3+qbbip!N$o9AbrYb<5^Cvr+xm4m%m+z1uF~=PG1w(JuxtsQzL&?$I z0ehg|YP3o3++XALJ(l*2>0rX@OvSMI`ys9|zC3)2WO+^W@V$1lE8T!`5W48zOgUTr z=jL!-i{bBi9u;0av=Lujk8;Guz zwfty7fxnA9%YVi0$XIp24g{+pGY)$6#W}9;`yJ06I$~eaSp~k9?bef=l0wAUR$c|@ zubBEO`=MV4MmWnkg^A$GQsE1K-S_{ZCD-FHOM9i_*0yU(1pRKs*ep3z>g1O~(FAeH zs%b05$fBI*e(*W%DNoAMwdufMrYhP+*z7Cp+OR(vRQA`JHP9iKa{}KVIH#LU5*A-B z#Rq&V68-nuY?fbmo& zzU_faz5q%`HiP1&4Plg4wjCRbPF-`UP)kC=r+55=*H`J1^KsxlX`7JmX9_Eehfvln+Us;#PVnk$+)N^0r!`r;uQ+_a zC{XX5-dzr+sC@7UH>Jksw3N_x+d$Y^+dKKQb?a7D9!!HpB=mQ)oID@bh`sytPP@Xw zVYDLMHICV#i$oEl8L5%&_IbSQ>n<(-&P;|lUFLZKXc26pA)UUv1NYEeKYNrOT8%#3s~-Z-eyvw*N2EL;WlD-1TU`s4)R0P3HmRA<1pP&(X%b3UsV|D zT9o_+?X3F&L}YZK@>rmT7rbusJu!5f{n*(7ssgccii~gyT|9So1<6jVM}bIotoIW- zGSP68OBcDjZVU{_S;Mat5%k_wIiz5;ODx;^FoiJr4Kg1^NjMfGROtE)8;Cc@_uMwS zNF~xV_G>x)YzD&7b(Ijyhwr&!=`HezCeC&>P)sNLF4E0wa%j1g`FaP6;$cNs0c_x* zRrN)ghc*SD@zxGe$T;N>Qp#jHSqDRRw$o#j%948YxPFP^t63e~Bg4aNMg4+#e*QMV zjqb~Q!D>_XM?Z{Y;jvZYt_qezVE|?FMz2>#+V9}^`w5le+JrGrHIF3}>}lup;_t}G zP^pznZjQ_Q%HGb}C`os4%iI@HkS+VE>2GGc8Gqy?Ac<>tiDLg&xoN~$;rF9HOrPoS zPHs-zW|`5`K);4K0Gx+Nm`X6u+O-*&mhDn(mh;Tp_qy0?Y|&9S?8$QSq6~pf{uU8H zddst=HYoj4l|&}XFDj-K2~;yY6Q3Xs$9`B;=@1l?Sl)v?#b%0~^E}E{U=*O#G6{U4 z>DDq;X+)=r@~z~)_LU5ZH*WCLaX4PHcmSPze;<|d?^q#ON983Edy>{!cIgAWgxxj4 z9&VytBps{6=Tr@i)N?@RAipJqCH@lL&9fxvMA5xe3zrRW*nE_82;HG#b#}pldB8-J zb3g9gtZA#z+vubcc z3MP8p@UmPMW0>S3!7H1R&FAc#g3ptq`!W7u2wvf<|hh)`{qexdB}4NW0M zjYGmYFA)*G(>q)@TFQKlkUJW|cs+ss za-%h(sa0(j+ZAzqe`iOAl27?$fqczi6&V`sKH6XfS}{5XUcpX8R}Al?<7ka}pi;)s zkXa-K?XC-pHBIYdY|`8h--yh+J76g!^my^hrhOIZHS?w^6ewRT^DHU_>XE#UG*4-r(g9ih1x!<|V5DeF%{-J))^lT*{?WvY+hW z!tO(r^S2PpAscs@E6s^pv(Sq1`b5mo0(;AzpQKzB?#%Nbf2<|rDS&M1G8G*VqWpX`qRf2Dp@YyWq{?~R4&%a0 zGJ%K0j9kmkn&M5pfsIy0ouygXawYNkRnc5u0$jV_%V-oP^)nQK@#PB=ZqYmk(|}3E zh2VfqI-D-P%u1Xa>*d{~kpNFVH2nl<-Db7xn0H@FGum$EiPvrdakz8qL^7hFiqgJ{ z0=2I^&@;DRd?3Ppd4fNs=Qy6~S@Yp6dSet1lMaThS6vWC^NdV_44Yq4&xD3NB;?RZ zP_gsRM~ROJn=m4Jmm0mn#OozzjT1DSPM6ong^;2N0fLcPV@Jm_6`V%%%|3a+P!oqs}?x&>3Xs<-975#D{l&Zev^F z&a{~S)Frtawv_EC#d4JckOft@Hh7fHhgIg0>88rPB-BD~gGek}tuU*p%G3kF(dBfv z_)=OhSy$W>oP@T#mtZKC-kf?#Xun%tcigB(WkIm|?5O8*y()VR{>G4dc0^u75hk=d zNtwav0cvFE^uc2Dg6<@>_43Qy)}W%|UsH^1jXVpR7exj-FPwg)eyQ&q=`8h)sx1gQ-&JMjo>gr#C{$1KkQc2|xaJ@KER8 z@$@zNj*ZyV#s(y8ZZtTOWu*h#M3nm`!N`k1T-E-=el0`ehG5i*`gb76zuqZ}Nd$wy^ z$~9<2J$5gg(Mo5lDH=Urk>roCF*g^6R4w{tR+gHqtGM{~#0Ghn?`iJbDDn7mgeq1f zy^>+(NgMm}sg-WMed?7(oqdCBbU$s}#e;H?-0mFOJpznR4Y4Bdx}+OL_;7L>o$o-l z(|LjTxC+6y1qDG|jN3bA`Z(tT&ZgR5Vs*T*!Ks(&hfi#UXduFV^ zxwhWQzQ_s*dvY4qI-A9bMoq;J&|RF2V zN?n(m{9^51?mN$s^6?|YM_8V2Znm8taHPz|92XH+NcCWs_>`0#Py_h*71gr`HXZmivqqK zdyz0^d&-a^9`tUEXOEs=n<>d5an94T{OJW6G?ThA#w2_8XakOOCqScsMR^D4(2J73s*aY%5iXD6|NgktYx#stPf6si2>4 zU$fDD5-Bkw#p1M=NX!}@_!6ZlY0qdIPZfiXVarW3Oa40arsXlz%GuVkN0%=xV3T)} zNSu(8*X|uB zz!du(BRz1LUP!e|R*aL_ZMqMLX@&Zck(HA{j%Xj;;tRz?$4ez&~GVS8mh({E*_0YyJF^fF;-2fC>m#{3nOhHRo$dhc=@TYwDO)nQ8?{Q&0{Jq9;23{UVn} zv36xt{tt7|txF>I4+=H>eud}hROt?`tWf))Lph;d$u5OV5g-PU7z^^bOf_sQEaJ?H zKRK2?+XiV7&^H{Pz>7x)3VzJ8PvWc)t^EKmMcHVTmZZ6VLz*j!E;j>OsoylOA1gF{ znM$cL>C=(eMlj&vh7b(ovO6NeLddEp`{|wNf_sz6h;0>ml9Apm191-EROQhiW4Kj4FVmw`~>76}!)eeh< zrNa8Be%AI8Xpek&3$=BPu(PLgx)z-fO@<)qC>c%p0%|rDf)xoe;tvrIwLG<*c+uK( zRQ(?pQ7yjLWt93GvkE)ULs&alX7fD3C)u?Yd91%;t>Qy&ocTmBXi7W2wr4Ikss9mF zl{ax3SswXCyc*~PnBDcM&ySM)tL>@PnmA16IJ63)v^wJYrP1RWr2nB`)E)ayV1Cz* zi=p;-&p3AZAaA?7jqR|GV(5%-i_3*Cr6{50v*G3vRR~4q;~GPxqSvooFQ*xt-H244 zk8iX6lC99THBJkizg{9sG*HbS^X_;TA&VA=INgx#)X~ktTnXRnce+y}t!Km5zcX9( zHIW19HYetRPn>5znreqX4$BL#9COPOwhOhx_nmiG{Ijhjbx3m;g+*{;dA6q)U7>i#2WjMentd1RkD7^bLR+uoLXu`{E zrX9NOcb0uTW{EO6=-aCglL+)B4^mgR^**vJLT=Ep5E_fZEfI7!_sz}bv|F!hKS}O@VAtsBdHT%yqFp-3gRo3bv1*L(F#IN zQR-kDI{O28iTH!tOm|3CVbPP8W!FaH^`0hw5)+9kw+7z~mQNh&qhqQ4iJDK=6EP_| za#L>v;{vR;zfXOTzuv|3wp?W7Oq*G~Z}2(RR4OhBL!2JIKBDb^vCe5=9kY3CxY%TR zX~XXv_~Xa%(UBzj;*ee5o(*j43DrrCRps?Qi#Oh3i&4?k=kdfAYfTJ~w_m0C>V;#uyYNfH ziO`#k^reVNTAz)lxqnm$ZidNku2hf9pMaWTNX5*Xwf<4=VJomU1C5 z1HYz-6`0$NyQ)2P*Rq_cA{>i2>~4KZKlXA-8hY$mpW6yQK(3E_Ea#LAZ?-0AdmQVX z&`U32n|1H!Ttpz41}ApgeI9|_ZM49V>+5{GdR@%9ROZXcVmhpSQ8w|$Qc>s}SLyq^ ziXYN=#l%;tMjNsPDh4_#PDECL{x>K6KYMRnqTLE}@KQvT@DDlG;~OA&!+Bj?o}`$= z-}c6paR%^4{KH?Xi-ZPOyb8WG+?pV(kIl9g>dU4Q|etC7zn<>0u)BJSb3;Fn86W{J1$Dp%sh?+y~+7tQ4 zd}DJFNVqrgcZ-gdM-MsJH(r&)={LXVD}D?|@}JrB1Z4-3^{d9G9y)Gi;}_!}EJ$VY z!^Of}eVbnSb_us%C%HB_TGA-YyjXNlHc0a7sy1_A%z}eGR>^+wQ9QQF6$x<~_mBIG zVoJu%hY6kJgb1I|J^8n}T?Mp$DRd@pohx5xe80hiZPER>@^dn|z8l^7t3Bh({(ZIu zQHcN)3DyV0#Yr=>uqTrYhBRedc8j@gg$#1~B}R}%KOw#)2LR}l6+UV(-Jh(tuYJ&? zd>k{caTgZyBsX0SN?))aZ%5f3hfk-FVt!N<$xyZ!fz9_w3TC{S_#o10T28@0e}S{& zs(VjrBCG4v`uF3JJDq0;`2h5ree$`4sv~sxc-}i3H{y7KDQ24i8<*`$w5A2F;WHjE zLX7!``Ip10v;}moDV3&sn2hHEKuu8^3Y*vzlFE_(c++6wdQS;OSs}M>z3u>Ya$cVg zqLkfpSaf=Z#kd!Thlb2|(0A^byXrG0&l?8UO0eB&c3Vi;8j?}J23s2kKWQf6xfJ9hufEeX*vLrR8R6Zwj;$f_pFX9=4P-=oOfxE?WuN zuEM8aE4~)u$|&WS`Gb>$Tppq5T$=w3k1$x0^Z+J1v32^DD|Nn@KB4lREVjelBBIeD zILC&!E!6C`p<3CyzfjGg72M@%6ga?Zr@Z@#^Gh9kGe)dYu9vU@*t(7NLr59Vd# z%E^bh>fUuMd7CA%9>*;-aFqLHoFTZoP#(hoO2Pf*h~ZsZjr(X3uRVKkmm1W-Yw~AJ zq|dSy3v@NZvb`yDWJUR(xh^Qo_+`#I zoh&Vic9ur`e*ktLQmS?K0r~pc)v5JC@SP8Zz=g_f3ujZ7!`yET5eGfK#>S-s?{S~v zwXC9&O<@E` z;8H?T)Ka4Dcya&P_V~QD*5$koa2&S!SN49zWH)7g-VmML4IRp8bb5JXh?8r-k_2fV zHeu?zIo}7e<(*epWbJGBUcGsfzqYov)!K>M%HmUAuTv76n3hHN1TlVT#&96_0 zR6qif_#e0pAV52Tkq|M+a5sBhB=^KIgvI?|y7>)oyIWuAuxh0MN zlILRFsTLkb%;4!A9v79QM#?sUH`kZMR`{O|=W=`SQ369QATfT0c38MC zJw#If9|D`Qd-!W^2&KwratbmvwLbNgKG7%XK$zp|di|4hj`g&MVrGBc?WLpF!zv9R z>&W(Oo%iqW9Q`(>?&&PAYi$KBy3clMSEv#;F{UVN^@5k&&xRQXDK{^zCqcvQWYU6s zy}5Lfztww)=+=Oty!j%AZgED1y6w-t1i-R`oE}$_!@C=_YfWpGqL^BhjgyHV9}f>9 zgQxU-*s13S%RfgI6vK)=4Gh~fuNjs-?)t|rT@ z)aze&Y`!oiYW7A~@M47|{33}dD_Idku<|{|no`-oPpFtcwPZOP1AHr2W)~M81O;Gz zWjR!A_xBRSXg19R=Z%?su?Ym56Yuc`dbXcyIP!vK7`52G`95So*K%ef%f@WOF*mg; z*eCz9Mf<6uZSlHNE>${oI7fQwCJecrp-rtctU^4@RM|p{IlQcAIUPJqSd8i9Q0w*| zcpdoL0qy5DFPKY7OB;Qt(97>ANIlydH6o&u*ou|)y3{7;HPr5WDG7n-Y#_5yldf31 z0Tet2&r|tKQhGuWKlABlDRg7>h-jAa%wST8>u{Z`9<`SDD?k)^UZOL5?a^PeuOn;PKRRjqh~@eypKQ z@)LCHb&-($tP-nc*7B+*9O#sz`meiVXpE#dAn3y-d=n~W4vshEgSm%eVf=5AEI2ga z+%MF|Cyea97Vq_jvjh}@d&u_n{nzVzy2J!(h7Rdhxv;z0x=#t4f5ot{tJTJRdSdB> zbHcpu0OtES7uUeu{>iKHPbY;D8L`<`h?KawdPm)*Br810bNXNq(TL!v{)Z}qtH``B zrv?C%lIO)Q~m*ZS@e*i-@#1H$EC2M zDzdc+;gBDIWc;9+SqqPC%Bgj?VL1z+)rzC8`v|2t4S#mHyt}-59FejTJ>zy3)Hvyi|3!Sz2`e z#Ps3sI{+&#GI?mxG#rzMF2I7XO$Pqd*)8~jZNjM~+E35#ch6^W@Hf-}_$xc@lXt2Xmz79=G+T z3w4bE5Kp05@b!Ph835~*`|Q~>o3MvpwV!4bIt9B3MXEQNHFhU8Uwb(N6+Ko!n(eHR zx|!rqc;fkCTIR!=I z4I{6Zi0{rj{U+#-Cz<^c8r+^k3}HS*--&9EbyGgnMhr_p}wta9C>yQ> z&yst$(*F~1SK!fwSp8hIj!Gc}@<}i3>kwa{9nF+z8k$%d$;rQ|u(r;-Sv!5zSFc?B zP5udr=lRQ~m#=5L2zj1Zit4$W{C#jG8$aC~DyOHl82S9;zMj7y6heRmD$etSJ8(h4 zv7)$0i+)n)nMT(V$*?=;?m7MWG z5TgXZ`$0Ux_3rxoh-C6*uInR`<1I5~A`+jCL0h!wDvkWpDq9ucOsNp0e_|sUGwzA5 z@sYb?`k~6;FM~yb=Y^n^3O5M>+vQ>kAoCQXHyUvhR5F-K3*?Ol$9KUA^w?xUP5|;N zd~#dXT~jA>=rmo!{FJX-=Upk|pq``brwMjK*HD_?UL7-G&y(k(T!X&B&Y()WrQbh3 z<5ijT)ZGFe0#5W)@~p4Z@;vAN7(~0|iq}{-#S9;fg@Yh};ZLxw6&~|FqIH9N6kCr8-o+$qM_EkqGc9CDF!PsRYd>` ziMh{7p_-ugWCb;lr&W{rM5CX#hsvh2^97se)RzP|CLeqtM6Z8fVHpF9T%NfT6PSk< z9hb-doGr9LOt~o;8wXL#hUMm>y`wBDwXrs$(ik+UMT zv6X6KXS5*9(z^B8S@Po!0ACWM$n6SIO6@6>#EKu>K}DGUcYaL}I@VE^Scv&vyNROe z&HtWI*DQxSLz@A`f>H&nO#=Br5Ui=d9q=CpnD(8ti%#Esu^ z0cqslw&=wk2H!1-HDJ+pt}$$|^S?e;aR^OD9*meNW^Z}Xg|ErX<`)OkV%JYx?9cY= zlfm1R^|K{B+Z^GnhYpuwnDx7)&2~_tIU9>=9g~tu%opTh+99yi*tpm&gec9zdBU=4>95ZkO`( z^&3p7_g`KLv6o0WRz7hg4rZt*AtqA5@C;}YgH(?m0SW|Vk8%~-sfTO3&Gf)1q3zMq zH;OzaMrECsdIKz;!=@PYc>b4bq?uefXC7;kH3#kOk&Fam z@k{O5<9+HOJDp*CxO@#c`g_gZu%;XIl*@n6Eg>!3CP6?`B*!L2Qq(A3V%N(2ryKHs$JHio1h+=)6DP*>v-Y24z8%p-#TuAG!gg6oBgh1ROOy*#Pqf_ z3(Gj2wP}p-`QU})d^OYUu4t4qs2qF?x19i8brYO@`x0ddNQY0hOLBV?Uqmf9!hiD@ z_yMjLXwf4FZO0XJ2Er~eGoXcz-q+#j=KJK?O=FdovV`i1dry3(T>_knUbo!dLN=Kc zXNo^F-m7g^Q~+T7{}MJjPd`LC%PBD>&%i6PpNxGHb%%D>k% znQ-Mxnef2k>+4pUg>Zo#Gu9aQ9X~?oJAoF-3H`+evjU+v`Jr<1(SX-V$6YFsM7HJp zdzCUqE9HB4@B!xRHhTAmbi*I!NzG8}egq{NvOX#oJuVKI<>O+8-S`|yOunpPoh6pw z*O@8sMr%s}HWy#Jtp0I|d+h1Gqi|dmb-2}In*}PioV$}hfGyE=qx_e>>Sc=s&K?pG zdTiWB6ch%g9?z!sO=m3fuv5(^<5hx>7`r!zGAU%9W^Ai`UPUs52>sRYovff*VG({D z>3l)o#*;2jZP?bQbrP%p9vU;_hEMYM9&68~<_9ZZP4vU z2dnaCVcOo=lqHB3&Td7T1{~Z{05;2}k;r+Dq){ATKUCx=YB0@}cAd31Cnro1(mrrb zfKJkhdLNoChhc!vqGL0iU`O!cVM%12h%?xka9bmeLtY_hvv1pTIaMt!Gf1v zKee*{aWDs*gI3bR5J))U0Jgj?HGc+8RSK%}`FVjT+4&^uhI>ltxZ3g2?w!6&dm?5(#W{zw z<%rAB&cA=_LF>Xj!u|z6dj4nrbC2+vO#iJuHWh7BH@@ic3h25*UT3a4b$7Vy( z2#lAsaM908GjUmU9WQEYB55SX@FcMDAvN+&b5LkfET59A4%$4+z3jkmHX>Hp*tjy& z+3=^2=cTIKJk*HiaCGTQ{F^^BpgR387ZWr; zO=5TS4j`v7C-GfF^bN)srT5+h=jQh1=+dgrPHiNda%E zwMF|A-^!Gi#8(5epG5o#kVoFCseZsyBTdh21`d*HQ*0wvawbLqk?l{q#DZno3FpfG z!g(O5J<)c_%~Vp1Lk4%FT1;7yUc1q6jp{TVLe95v^mpa|b4VsY^{oFOM}>=HKd;HE zVDPZB^G3S_VYY`HQA$|GXRfq(o`#Z29Nrzk{wYKgangtg=tOQQHdK2HI{f6)t#qTa z$Hsv~1FjMtl3!)vV3rcioC$AOJW#Uuv?=~PqXAuOn@>2?5UTIVx0luk#FR9CvD?hp z^MILw{~*eTT2spA z=Dl^qa20j8AW)0*hEUF=OP;zZ-?$rEN|AvfaMpnYGLss_Ldm zDyFQgM9}05scn1Zx>Vemaf?r*tA8UILtH#&GY%|=X0;W0oU!1T`?PH+ zkMQo#86F1tXi*$Ucf(T_H&qs;5!}PpO{hbl(E!j_UIsl2di~a{`?a5TG$5nU&t3R1 z;BIiKszEOUU+x!ZGJ#-p<^j3Z-snmPjDAIlpZRo<{kBxx>8`kT5|N-L*PGv`0jAxx zBH)C1#LuGUhIX1hY*jex6XhKfZ^c4nfPtq<$hl zSO^G=ucYY$%)PxE_ox&!6EjPXluMAuDl?vZ-cf!V#y{(o^i3y+bbJa0Qoj*)^O?j z&Cz@t92jE#0{!FGsXuXq2LZQcap7UqTG+C|X~~d0hgB~8h9%UApVpGAR51HMn+v6g zC4t|5+keYE@KeM;;GRW!b2bs8zV&CAK)vp`Niz%G-yV{WKXEs^D|j z!4vTifO>>ey)ZP3>Zq(7ME*o(&X__MujpVF^Xc2qytnp{xeT+Pg7)N{naQm8HOw9YG4{+uosqZ|xY5Ahs1t&k=Yn>s%>QdMcWmxv_935s9ZAeaQ7( z{|j8U=a<;Dm8~HH4U<{^kdLuxpf2v9m_Q;WH9Ims08lSGC{+ov<8K-f{WLui;ok+? zb-Q{FWW4xv*agkbi@VNW`*&Rfo?Lc=do0~*Iv)PY0iw2Js=(oQ4LV|in|opob5LT- zjSXH+e9HDMz3ydlz1>tdVKFu?6LWiWwvd(e=Qg9%^L{*E&?h`mNaSKU1|N>$J%=}3 zjen%g|Bm~<@pN+`!@jkqF%0ts2tTN%VlZHpnx5NH9?o`LcG+2yD?wo~_Vwu3;?$uf z(dWo+UqlaRc)Ex=RsWoo8h5i&%HcC1CPPdnC+)8P-TN4$znCP0cQhh4%Q-`=mI#wV z(&cVoYPanODPW**H<9zwzfKmKDiu_>QevK;gYQ@8-^0?UW z=>C-V?BAJ`(~(?EZ4`Fku;vQhR^ghqvDdF(zZMutgK}<|w7=5?(LcVWaYnX0hQH!( z5Hub**cvUc^W|N7T(bAmBTEC%mrm!+n{Cirr(nmCWjl0^fRnrwd#;>sw+tbkKQX;z z@{7YCPYJuED|gmN)zzKEt!={}60s|n)O^?a?2qRTPLw?bKFzbux1Dxx?_g5ZZr;dtwNE5IVS#Bw==F3 z7eN8|7rSy@%RA}_@IV5@rD5^c@5bNh5&S%a*6~9dw9T|D@1_T_=(kQn_xM z8NEjN!A>SnMe$U5td6j>RqC-Puua0<$)+<4w9ahC_QY$9x>I_jHcL&f%|hPBMne7MfsFU(yM;#WwO^$4`Z8O`4w8^LZl_ zL%8%N16;u`+i$dERS$bzgByhW&U&Sz_^%NJPn0S*W$s;_=|idp2EvG+b4iwa@t2D< zXq9zK3dUg!KN_RXSEf`YmDTRbuuJ)bJs$7U~NSN!&gzR*;D+8^bO#1B2$7$A4zu~n1uk5sg!a+3w6QL^6=w&){>3%bYX7iLfA&rSnomd-7=6 zl=ZUXFaAowf7=0}#~vq|zp+Qf!8*x!lYU6z9AM~Y2OEyF+x}%7=J2J-wszk?`M(4C{hxvScar|+6HfF04-?b> z*H@WVZxG$8J;3YB$?-*NUEH5imQpJ>>T{D0`whdhR$<$0lZ)5%P~BIa|H?5r+5K6y zT)2vMX7D-6fX@2>*OV$EG@7AEZ;U@0w~)&ZnrDh-5euhU)Q)ZnyC{ z#-;S#IJAhQIf))V{jZtT&F~-Z-`q0JEEtpS^`0gyXy9^%T_^CLlkYFL#jhJv>wsk-yDrIszey;8RQ$?;>y}x>?ceAg!2`VybtAFQ z>$biN8K*uUntY-Dwp|Cd_vux-(1@7HYag_XR!P)#2!Y50I1aQIpU#|-oC&>q2G_?1Syhq)5rsn7kDlA|IDe_V0 zy`fd_DTOS8QcKr)-t1#pMMDaM%n9dTPTHn}*GaP3$4U+*sbO)EpAqlbA3Sy}M3aci zD>nvm&;IZ{n9Z^@=3Jj37-<~H`*Y8lSswHc|8h&v`WiAnd^%ASKg#R9yW_37@kW7cnsD)6~-#E&UBwn&~0Hb8Xs49>q9ST461BHeNl zONNKIiRk?4$T*=36$LpTO3{PdD;Y;|PaqNcUb)tR7V-_O29%zh==J+yAp-Ftt)ki! zD?QG0G3VjQ8-JPxEoh$(Ov8$i-#D6BEPmyl)kv(TMDe*)>W!rf!yPPMP(!wI>KB>J z(|+|;RodlOuhMVtzKKz}at}0So!;6kE8myDJRURiE^AUTF#CGzrG~&SX}v4ky*fE8 zk@a}wdmF)>3YBN4_#sl#{~*1d;DZo+^A~OtdSUrF;x=_g>s_+Hq^?~*jx$zARwWP` z4jwCi?n5AY6NESA*)K3fW@CWO#GCKq=V>3Bf_uV6P4JGfg5-~UnUL>QjO9jaGTVXV z{_Eej*~MsK4YUFw*2*ec)oF&0^{~Sq_t-q^tb*`B?G}FE+AM8_K^(TkrxDK-COCf+ zLJ``NJACtog8qMbilN89kCG@*_2XQH3%}o8#X)k#%!JpRLP_faoD5vVwfvfdjQ#z& zAM7O+p_z&6^--vGKj@c1iBy(OBI`d?Q%hw>H^e#&Y9D=- z6^y?&0rjadm#P=3Cs|GCTutx2d9Nh=GRysQg{$=rIILn9>83VnkrNbYEqM1i_O@B( z=HVaz{oh+LDqrro2tzqOV%fwOs95U(c%AH&Yl>~wGSr~4c0P;QUu5^^?UcBdWk^oy z`?pQn61jS;8lpwL{*!Lk{!l3oNKpeZmN{knoGJ)lZGR$L5zqH{bb0s8fugU0l*{&5bK=JI&DR z{xoRqdxeJ~gY(&Gw{p4r*PTtL#`(n>#fVlZ`PEYsWbX+Ao%+J&x}?9v-~-rS{`V4B zBC+oCSE572mA>G6Isr`s9~yyJ%`87w6%bu-GGYCb_Y-UlLbuxE+gnMgQ;rS#dA4aA zV@DJjY|H8l`Zsub{?!4FzyqD9kj|-?dWz9d($aVMoqsLD zr1xbY2P7VM)d5~gikYGcnZG^H@`P5)_~|(th8Qmlq#6}VQMYx1egy={w3(W z2A22TpY%V~z4-T4i}(=V3jRCAU)JVnSCsSOOC^7;Ayg5ymg$ITcK2N{S-umAY=?_v zfuUcK)r~*BpUHjSG%oLwJ`4#2Me-$T>9YMfeQ@!s*c-VO{%_|hIu~EoR^a}5(^y1@ zAFklqWzy3bFBM5NrwnL&Df}_igTip|tFY+FdfL5=&fj7G_wp?gd(^%HKi}OO{%t>e z-#a9c%7x27-b5wcHPM=OsjW;mj} zef~4^2P@*^;j=%rY`&|VSR`TeUwi#CY1kHoVlH;X@ydR4u0DKt$y!s%uZgq1$@wcy z9K9F8;fBS!N!maEdY@CHN;a2eJYDrSZrHaG|27zOtd&)HS+|NcP?+TxG2Jevuf%PccL+}wqFjc0!sf)KD$ay zVh|ri-qqV&`+xhEd&V}*0inH7MfJOao7Og$c*2u>1@guC`2&{ky^MYpEB`x5&8vDhdQhTum1dd;pIqtTu-Evvfs6;!h$XY$@4t;5 za8J$tjwF*{2jiAwbpA`RR>C?yE*WR|PU*$Lo@Vr*%efd-(;dEdy_;wV2ToqInT`}8 z{)9hQpe?t$WSRtwa$IBr{s3UYR6Ro#lryuqORcpUtEbo{aJu!yRVaQNPc}qQAzY(j z)kP8gS8{oZ^Fz`j=jU`J&UWv)nPy4e@rV?O=~`=rE=Hx#V%{k79_VOVsRy5{C6a+r zHw@&B)l8QGR5N^2&wY2@yPDp8z7GzBtvd>HC-7e3zdsWs9gr@`Mmj$d`G44Zudt?~ zu5FhZK&c`f=~a5~9Ra0^sB|#&F48*)LV!@EcR>UM=~ARa2)!!31PDkkp@#l1zyE!& zZ=dX=eY%ghLRRLSYh|s>Imfui^RTx*r&}Yz43;QTPO}(D?|6lYHiJoS!|!m1*RI7j zJF~VecI!BEhut>?(Ictb4Cg${$D?PfW;mLKVIF|lS7A^M$Aq72=Rnh=%b8aU1JJr=G1HNm<^J@sx15qQ zK9=KUs7Pyx(zT^qb%ucy4!X}4Mo(9xA0yAi5=tEXdvZ>ik4r=thPZ=**%lK#P&h}t z9fgOnd1ImR|DEdTF9%}WZ=V~xX{Uw=AB2$`c9_yv74j(E-JWtDH=bB+_&a81ySFA9 z{>8zrTUy-A-vM^~5ioS`SN+QX3P+_2LsPGSt!6XtPq4Ts8V%EdaAn^9M-)_$&b~0B z9~t}bT&X6w_hK~f=CpR;^fGTEqI63)K7%5DpyGWvre@EK*mKUR3sY)ubn7A&lxhX};3`ctKm<1=QAynVnUUoS8 z&LB#qe8Z^i@@K1hW{ zA#~Su?E756KXa2c!FB*x|0y*FH6316I93Z#%pErFbxrBrB?15xm+4wM8 zh0nuc7ZK9JG&*uFaS>R6<2<_@T-2HX zn^pF+*Pr3j8I!jnV^NHw$^K8(Sce2(e$PX(5%^*BiGbfP`94aCd&z&S>HKw-R-dr`DI z=+Vd36EMBf$jMx*W6^`}Oiq<`uBM;L?}%Mq8=fQX^`Uih#)oa&I)*1B`)=5D!$Rfs zo{0QFX_LE?3eG8(hRm2jgaiFt%~JS+$ZkDNwPn<)8eMYnmn_5?oniKU`!^&$MQ-P> zcM(3O2b!yW64=>Knd!9PgZ!vTLj3$AeEDg)CqU>3Dlo$_ z{l3^DpshffD7@M=r%A9stm)aGjuK_@s#BZ!T1E_P5Mk|C$~R@c@#*iPoF1Gr?csGQ zj(+-@1SrWxJazn9xi(vr>GpDwOF@I-BxO8gEGDC&-W zV{1K!hR$`MIBUz7M#^QSdot1bm)W0cYIm21yviY{^M&8v zmxASn&uizhsXinP|E|8Z9nk!O_xr5*u&il>c<;TuDK62$V#WP4(~G(EgKo)7gZPR! zWbyXT3~N`Z^Fx)hL|>y8tbF|A#zJzZszu622t}0>iPkk(#VKOXFGX#?-Up77Z`X>9 zH1mpR4*&gdZ#&4!2`0<-rM(egJsc_s&*bNm!jrh0e%g85lRrLB_lo!4ecDRGWQ^8X zm4PK$H}bMcq(5{>wmYbKIVx^9xM&R>!g!%L${smL8BS*5FdNOY3B#T42{3FKUBOW1 zm;60^uzKHz#&fl$*0{d^_VG-|_f5JS7HQo5QfG_n^h{6X8NP|Y{M_l`ea=y5&|yw( zFWfDq>UUPd1a;~5@ffGPr&B{vD|JL?T#gb}hQGAQ@^7myv;9j6nVI{a58Oac`|ZwU zR@@H1>6#;JP-7gjp4fVe`KNtExk|<3C2Q~bNPaxGdmkyReN`tS?X(66T;C(MWXKjv zFo@;BR*mYeAjU2oDLmMn#puKRqu{6f{;hJu{UUVnO|}C#;YzY}hQz}ATJbzlDGy~I z9f3PdI!CU6Y0ko4s>HMg`q75%D=yu9jps)rKTrng<$ps!9xFgnrwN4oJ_0=mdC5F* zumEgpqIb8h$K-@O2Cp_d%%~4-E8TU^!4JBYb)P*f+>8}_?)r_^U18hW9(2+0AcMc< zw&KxM4}5hL!aN~4CpDjRxw8Ex0a@~@B!4jGSt5k^l^hkA~a$}lb{mrt#_k&1SYbS|Cu7uC- zf+HBF57$g}MX<<*u$UfC&=WgVMd7fe+0#dzN8Cbx{xO3p!hdWzkFOJETBh7H@=c*1c6$V56v^C?u~O%TCDPkR(81`WM-Q8F zeteua8fX0s9VFO{Kj7Mgv&Am0@XykF1hH}2X%TN=deUoM+-58nkFG|gYQtE+SzERY-cvMxZ6 z-E%A|n0;JnA-o+WWL1W)VbO%5qbedDzD~jzKKNTd<;?k|a_umL6yUAIMA)c+m0$$M zEuOqYU-;xPRK{j_O|oWd-NofNGKd)&H$Y(Ej$xqpM43C%q!v&3Iv#Rg|_Dr zo@tSx{ClC*c(U^vf0wle&;CIqJ()5-a|G#etzL1jWGGjhMsrEy@kga$rJHqXB}?p@ z*t5odsI;9PCXD#NCGOaL@qqAJ#poxp8SjxBj!NY#2VPaC7tq`xKg@^+FuB?@8%&{8 z%kzyJ*+IXWd*!`9SS+#=fx+8L1z+jd*KNF<)G417AJ_y5x9dUxJ?vhrJ9o=_$+wc` z^gOiwb1aOTxVs}L>f&8Vw~Zi+9J@gN+To2U`6UxU~S9(RV z#^O3-P}(_=GT5ntLjAMi&AB8M+Jxuu5K8**iYI2hNTotX7~nGTzqAP(jQy|>r+`O_ z+~SWv_IUfzYqvCwEB85P#Qz*?!2cLH5(9z?mLV?=_c6_MI?hiYZuvAhAoB)v_~MT| zX6i^ysSMz7SifvcI7Br#Xife<->ULck{Ea8rx=5^6ZAy8qdY22g>Ny>+jv-7gdZIy zga+(gEGIE7bdMh;yvX^Vo=D%S26w%_N ztCJ_o3>b|k0@UQt(YqdNz$xMp6`ft%T5nQT*3;kLbdr8~?Pz@Fh_g9dR-};+%m}<8sypd__P7pa_hkH!ACO|M#FhxnmhNWMW*dHTfyd{)DMM4MEv9) z>4*0ZjieT-Ckz6qSnKhEFkvw4y-}lUE*s64o5JUUEbf3b^RdH{^yIJCniT6DUWfdM zz}ugys;Y)n-)Yx3Hl9~XNr=-)I44Rh`)a?bII3+hFbfO}T#q{JNXN!IH!;Cyo{CP_ zfpW5Q07XgU#jZ>9$6a`bLnMeGPDEDNmub#?$QWflr|q{q%6z`%<7Jt{!HkKbjlDUM zM~sYipl(*%BNHBO?$>sdE=>5BpDE*GcsZLur+E^`t)@Cg?VWWsdA<-WZ!ugNFCL8jy0qifP%gyPB+FI9_ z8WBKc&bR(%k4-jtese3r!;x&S!m97@0a>#QQAMvjB94co_Yt4W{#_99?32q4DhvBF zcIK~FDE(*@FY-n`j-J`A^)8E$LDWzuU!HHm_Wj2#+3Neyv;-_vq2YW9UB{X4 z#o)T9$iqXY}{0B}YpbiwXTfN5dEa|E2SnwMVUccn_Ok2YP6@Yz zoJZF!j^|;wM6}};H@6K#pB`?Cg}ceTttf`?34^q=>+22b^5<%8M;vdLEQitqvih9X zBmLwChkW*qW@gr?(|L_pu!rx|<7jQ-PYTG|K0O89+}?b3_zZsv2c%6|02n?UpnWtv zJyV7=H&^daL`W;C z_lDPkfBSDsdQ=@Xo@6E9gVS$FE*fFdjm>TixLzcFQHk1`#2Us@X+oM-8UK9oO*@-| zfPmo27-OOiuekQpy{nIHit8R$PaU{vm5=TwP+Zbd0Qo6y4mmF z3sa3vPcI?dLs-12G(~Ap=z+n7X&WS42wmWbG2GzfAt*bju;?&P&jq?v(yY})$`a%` zSMCA=`P)AeP~NePjaM9Wr%9PoR*^Zf?#gw8F)3D*!db zrJ2q@L2Y^6;1VBFqOfRTZ(n*Pgf0OvF-NG7!?FN{@ z_yt#}F8?Z)_lmrX-yBsqodGIo(yicCIyr*oK~(ZRe&EMK)Pd)YE- zyk@nA7U7`xKb?ZWFjSA$YwLABit43b-l?YK&YK$>FG}K{7#Ol9h9G~w{kccC+Yp(d zR0()58plj^6H0P9bQeIv9)x*@U!9#v(up}2tkGamW3!BQeSgh!c5;-PCU7x%I0v|m zY){pd+#K~>9FNRcP{alk9#iWn+~0_p(Is>NPY{Rn_`7bb?q*(Rp>|k~2%$!MyU7ON zLGowP4Cm6`@Y4W6MS8D%z}XHrBIN!DvG=D>&!kbI`Up9lV())tj$;Zx$~(eOnA9OM z_=|N5=%fVe?b>2seo*1?{q7PNn_dzne|~zTm;cc#M=szr(U>vB8Fn(h=KPBfUS;l8 z(HJ3FX;RWaFNQS_Dx@QK;u-mg`F@|NG`yO@7Hc<8F8H$>^d5D5>~Ed?V1^)`U{?ka zaAB6KwYOBB?%IQ6%7+XGKxOMTO0%)$}FH+KQer1t&`x$90WuL{&aeouglM z3!s<|w#0xfli4qy!^&X$2o%|qU{`@STCsJ1b>*i7TJW=-sUGN3epyohea6=AV)19& z`j%{TiAq%d205~k$r_2I5AuqqslofQ)C+Mo?SZ6|=671;D1m8O}Q1TlV>`tzRlNKpf%wH?hhcy*mS9Q>a{C;ID>h?X@>TKur6>Z8mYgrAr_dyV0 zqGhMCCz=w&Jzny`9eH2)MUfUmYQm8pa6Dcv=MeVD5)IM+~2hvzOX*Z0fK6Z2k#;taA@vio`i=DGvtUn zF9P=6LK{UF;GpYak)K~?>YkBZnIwcY)#GB~|*yNS`t}dAL=>bis z6R3+Bs{smKNKVe-RRPIh$pxA_km9q*#DDv2SQKy7+fZjWYHtx`Bx1L<`#x7YQ+5C+ zo5(ZyQB{vuJn|XEqd@-3-+;LyUH)m_l{#7m{q3LY4N&;ZCIUc65#|2o!Q1o2zLR03 z$7>o|T8RKg`NG2^mpwD1Kz7AP@DlGGbeF;%ciLOPsMc^fVAF+lnVvj4KKek{Ym(SX zVvP}|nSqnz68N~YT`-gQKEmlq4Q3z?+{L=!B@Kj78cYeJQIDse9t#)P{@s!eC*7U- z@jGbsK!o(VK@#t6mH8`#6nIuJC?_R_3-Dx|{@P85d<)q9mfhjGlS~KoG&0>OjWGl& z7~ro8fyK0TdhA#TLS2qt1)T3CRkfp)MW!+OLVuq3>#*{7`Aiu0!uZgpfsCzHZ^syZ z382l;iYZ%G$Cx$v;4hP%jVwLHs|l*aiVgHEem6}u{>!Au0$NNk!zS%Wl+c_dr&5FK zlA{g$37DQJdV+1Xd5_^WE}Bn}8*2qAlo?6@%3+1Q)^H584Sp-Dj_>|NAeUO5>EVPS z1AYXZgkz~uSzw8gmgF&@3c0gayl>edrcB!Po#@33T{hFnj73XX4-S4BSx%n&AY5fn z0==!yhaGjKRzQfkOPIrKo3cMF2@7jjR|tUiW>A1dp~0mU9c3}I(u`wQiz4ILz%VhJ&9 zX#Q5bux((IQB<5qdeT4NQ^mwowd15oP!_+E_MH^jbk1Zvgv@Hb8{ei!@^WmutZA7> z5Y#ht+;ZUB%76(BK>TJ`)q{AN$ZDcgCkPcr<$hKBO|5U)T&|3tu@D|vLIxX~q-s?V z#O_)SL(VyoUhxr5K|QVe3&Xobv;@n^NT7!kDi(N7H>;4T%$>1Jpj zjt^nVLHPxo%T`o86a~{G`o`Q^w4WnFXI>9X%nHX%I$?`ALldmOy`W z(|xE2VNsGK-hok$&(JC@d-NT+9Na*0r_*Sc@wNkw0!%Uu^W!8q@a%i4e))7?ZGcax zJgBttW`56OV6E3bCzg_b+%Y^j=-U2L8Xjr!%X{ip`YjWw@>50+?RHt4oeY9cou7Pp zNUR<7_~SaKXmEbMukBx9+EN`y-})dZ$AqyUf!2dBzgfq+r$k$khOySa6mlI&2D^}d z+@EYDk?}fCAtrvGgCR1(m0;XzpCk_w5~@*yTCH_5!#(2cpM`U!OfBS-FnPAz&ujN? z1AENVmUp&Iv3@_Eh+3Urkdt>7@sz~z!B>x%y=&4Q)O8kP+bSq1EHT<9y9mXHKKV>8 zZb*_4RwpYIKPi<%K3igINhjo7YP*kV>nwz}#CR4>sVX5HV0f+IGM}>MT0$)aNYTjrBU*$^9GI0%=otT&UV7B4H!^Nj)$=kTs^O zfff*j9E#&}F~i-R@@{TqjHSYN=&k46mpT)3yXPm4v&5Na)wsU`yNv$I5F739U!df7 zoy62+fyz+i>>(mV5;Jm`<_0@(@in<367BA?M(wHny*aOj-)o}qQ&tyiM603T7a~+N zl#kk_!4Q;Hfc{I@mgZs<_mtYYs>YU1 z5{A~xjZme>4S_sDr}8|}Ty?INr$x5$wI`**-QO*>i~yTPv2UFbGJuHte0?;aq+!w_ z5V{4sc=lXk`bPqt%o|QlA*tDpkd8Gp-jFk?+ZWnSI3?2X9D79}Tdc=AM~U}cEW zxJh3U&7l!X!{qEhAphuFKQR3i9%Mo=i9kUb4gt)mrJwuzXTc51-&Re}l6Npi$mOZv zVqBes)(Rs@k&+4Gk|dCXYV(dxdU6gMg`1-wGfE6b=L@_}V~@?Bml27Bo5f^E%SQKl zU>c^nyxcrbu#QKyG207;$DC;!?m|Kq3baa>Nfb(tdY!7w+rEPrrCvR;f_e4!N(v(< zvTmOV#(AxcicHw&9bY+B#q`zMT%iG@PY$ko13N(%{v3rWOp)bs@FF!#aDuoFRd34pzstfQR(Ap*yleDm;mT`OZ`y6>esg- zqI@wu(MiNYBZ4^35)2(iBVoQ8_NDyHidHfy(05F5s0c_n5U)bB=d!~Av~mnYz5aw^ zIt?Xx_3*mcEXt%N+TqSInHHI~c%~(>MwWF{2a$2a>wSj=>@Tb!NGH`bqus5?x&UW1 zFJTg&@ait(_bIU~dMfWFowxKZCm?^f`V4SVK~n-Y(e7H34Q>dXsv4lI+n$27om@}I zHSj@Ykf?VZYUyvecFwpp*KahP^`^h)eJTY{L=)+v?b(Qg#f;N*^Cgv{76xYQAcYo0 zrAZp$Pe^`c5qMq}-(%?LbNuHyMY>bYApA+@P7DO~?kSx4C|u>^#&6x-9pi&*T$1az zyvEgvLDUiaov?fk&WaaGp*9{Fo~kOw1>i+=8c@nl73&@-AgULBud;@{B2%c2%YoiU z zDH7u~5kxze?(~uJVvi;}ocWENRz63_U4lXxGE2s;0Th$5)LX%1`z#65qQkXqRQh~( zMqNbTJ|;}f72jXTOD5&{d4m2@~#*l-W5Y?97JZz6M7EATS-r6ug|uN@}mx;EUD`{&o^0D zdhebnFPMm!Z^14nq7I$(Tu7SG@rE+rWKh=qy3CrxMk$=$zl8D8xiY% z_!lioqEa}Nmd|Gx1L7<$-HkMKUwBNHa)O*iUD{wWCt$iv6h1R1jdNBw)*D*NtTSpDro``2B?>Qq z5_GYo(C5BY8|K3HD;ROyEBWK96f>Mpw^mr+bK*i&posH*Dl)2|cMMgg+oVv8Lb9m< z?2-0rM!|WAGfbNrfvGAC=7Zru91`UY+}1w%3~zP`C|XuoG`=|$`~qGy771R$Ut(;( z*6Edx;JRV>zHT0}FGl0Qhtky2dL&x-tmipQ8KZ`mp(u&R-+}2)ahmatYQd$8Fa$kK zSG8NiOb`~073fwG8#RuLCO&FAvN4?YSyN4fJCpWmBzLBFr?bBCjQ_y|U;XXgzW3p_ zw$tON5n?vJI7xXh8z21=?aL-YdScn!xm(r#eM%RDJU9LtDnmQ4I$Lc^ze(o)=+Vog zd&8)N2W+9#I}24Eli%7PK`*-^W=T?CpId{NVPe$zm&XwI&;`u`)q1}=+kb&u`=i)7 zC2Nm88fD23qB>50s@nstaMl_vLVoBF)j=DM!oyV~2c=?hQPGv#T(4?-j{pl_z?dWN^#YJX;`185fSr(zqwmZ{I`%PH*~OmOmDGUfMrn5QEfuEA zON{*K0!g&Q3j!Y+dC-$gTh0}mykE1&2zNai&2-laWbzegTV4c-9QH#OHp%D2J+;*R zcz*FBTdmBfq(3XyTPf}V>K6=j9D2^(-O65_szuFxM1c`a4@I3+LSrHmN1Ym8CBLfA zsnPjiJpY(17=s-_T8AIgwKwPSRS8>^-P78SbQoOt@UY7(>{!j2Ft~Hno0+ROXyT>gf$6)i;MP~_xq>PnMtO?% zpFdD?>Ld!o9ACn6+PoQjR29X`TTpiD3G#tN%|XgK9w?< z$HaeG!3p;z3<(okH(UcHf!-02@=S@$bSy1WbW#Cv8lS97am-lP9%(21t#Q3RePI|L zt2%Ldg9{_S)x!?@O0z#?_nqpil|);**eJJ)>MrU8jyg$7>yimJB2AncH!VR7(Qi%@ zt<8kAf(3?9R@ZJe8zekVG)>V;k~h8ULVeh#Pl12{MXTO+vD{)T28lnm{}y?$mQh{Z z^}{)dtIJR6Cfp-}-M8#bkx`%mByiIggm^`$ z)2GIbJc{~3qmqg;o)tcrC3Loa`GO>!a8<4;mT;8f03tG;^I6Kn*5OfqB|jJM(?8K~ zU=6cAD&&U^PBUsP?XRHZYsTi%LayPX@czBE;Ff+2t2D~^g-p7cs@*KQ;cn@NnxU2y z+7dZKZ7Z@9XOer9#o#bsp5wF?^Bn3G=l4#G5dDBoj9EsIBq2RDlU{8M#zK1(M<=Q) z)9M?!vWNgl?u5XOzmsGjwXHM!^mip8vG@g$zhd(sDq#D= zkE{L)R%bVslHoig5{xrsDCqF%krtX(D=YQfNWyJdFC=RBe62TDw>6))@_B^_>@3o0 z0&ZR#9`I$MOR9PXYL)pQp6Y^L?Pw?PFoaGE%k%-!)C*R$G+J!a>o2gl!fwY52Hjx< z_qRJm6CHE`Q0FtwhcC518}86XCUjkctr+1Th+XxFUu&dd6p6dJLfq}z@_NH8&MYGb zP?$P4IQ%G|PdA;IETf~p50t}_#@oxI&c!vio8+Ls`Q*- z4w%De&BHYIwH6TWlbM;$DCVTqy=#oL6(H9fFUKpZby#T?KK5*iZH+|+q_P-kuDWxm z*~?R`q>LwIsiiegxhwg$374OCZdDA}bY`FU*Gh`_2!Zd9y2O1+)&z3|V6V|cg5D|S zg`q;&`O!OU22bB1B1mVBCu30GvFODjYJ*73F`{CAZf6YGZ2$e-B~@<}Yx^{RI>_2g zhI#!`DKwh@u%GZ<;V_K}l(i?q9Z3E%;K6uYQ9H8FNy4IKzFQ73zCaK#fBmK+bYRQG z=B}`k#%J7L@9@ft=+U5zd)50Ca;dS!);ner&mnOjr7`^=RWW zi;=~ko?_5?L7#{i&(}NrXcXQ7qL$*1R}b}ss?Q0W`X(~{SGzBJ+1nx#sjxrVihhQD zU7ci)W$$sAizBKvu~JJ&o2#=+H7o>D+Z$o*B3qO3KZlM4>$TI5eWGF=VVaV%NBCS@=j;DtR7CYD-Pa!) zpLtLqFT&%8ur(>CJ-^pekF`E#agZ`f&dbvJ&ou!4)YIBKJi}FkHWpBqP?!8~BU$B8 z@M58K3~FI}AUQMjsnMJRaMjLD)7)i>wG>|Et)AKJM**YEn-&&%#V+^5+2U0i^W6aW zMx|)NJXFr*=A)&cpdb3xPe<7GR=`)h$LwR?lT{t2>;zE_|U4oM?gwIzg~Q!)T68 z@q9#NNA6`5~SK7T+$Z}Bp5}QzpA~rJeD#-I5e{L zaco6cWZv}|j^=vKEn4O8(FW^3IG`{-<$-PF8Jtk>w?b@ ziGRm=*kAdLXuVd22G9w$+nsWAH;r~dSoC1I*X?h6I zIuMxxY9B@*RysB?kOYD7Bt8*fh=GH0wTggQENYMvNg5dz7PfY{X$N=jGh=c^ zwDSQ;g-LX2=~ft&PDYIb%J}w+p`e6>y7wV*A`ojI`lr;l^N0Jx>Kg9u-1m{zW)GXA z6{X~)q<1cUHRwza*>^X-atSk47BjwkKt=8q{n|G`o^PnZr9C-2y<`F3of9}CWHCAN z<;$0~wr5Y9-A}&#EDqGkmF4d6+-CtK&XQ|v-_yF{TqbsfZ%h_zPV;={r#6*vHWUD4 zOKTfi4Ihj!$pg3v%CI2?oMXUqd|=mqz;m*$c4g$G`TVKL|Ijl)w3r77$A6|6N*@9) zKN~xHuYUuW$rlj2$N*B$qyOjw0)qx>1^?4h&z;$qHw|tx!#;orYlZnw{a-++4`3xu z#W3NVN|p-TMX@m0*J$#8T8n_PBo~d;hlta|nYZErZk3eoT>y;GI|Et0xfwM2+vI>$ zqY-^yu>N;l205?vn@ueg{9HN2Ef!g|2ue zCJf3#2lBvjk{A!7gmv!&T6?5aYgXwgBWD&#^yE9X)-SRKNlrgMKU&evztX_EEhvTG zt+sLQy6-;sK5ndA@2k0MskRJQ`k{U`4k zWqlR%bu~3V1Bx=wKYU1*=T872r%WNMU+C-Wf1FM#5zNlnx#FyJjmfsjYj>Kwm#@@W z=wN%hti31RYUMLLfsS)ojdb2hVGSok#5-`Mbt&Kk!2D!1?Cl}z8-E>gQr@iS=H;@2L28(b?O7IwdXo194T&Lv3WS+B2} z|95MfujNZRnttn-!wU|{xqc@17FSZO42L}@v%1@x+;Bd}U(|iHI{-iRn56Xm;Fm97 zYMrgx2qw)ZUGu^pW7`6%S5_ptw8Vsuqez|r zidR%l(+fakeLbUK5rn|ar+EDMYnT5@p4`YfZKPtQ&r>js_VNvvbCVE9rtvPvV1!w zJ8C&|pK3xCxcr&&7#NO+1k5(TN6!X^hsT+Sl%#J!P1cn&?Lq##4V+;sBT^7{;Etse zcTV&_+Zh1hr3yY>5E3oP>J7+Vmb-U;{`ZZ)3mktT;=0hzI)TpP{>(WPh8<6!^nPzv zNGkZo7v+?!9k{Z;&-bcCC#^S@a$DLd)DXuARWYm;WJ(J&kvD13aMptU?5$}93C#|W zbDj#VCGIaYJcmt{f0%|$`JMb7%#o^#doOnj$xzFu6%ZiFbX?=IK>RSqwD$mhkZy?q zfNg^M->$LNd!LpyQ1guvi#G~|dWnb)LCQ7wdc(9^Y~WBDVW(-{=J$7jHJwo%KdtJ4 zG#`|hs(`v=P!+FJzi+}sOoCL?YX+BQ9UgDX>+*%N1Cf9cPpE#(`{)>Fsb1?RRArDvniqp z9Wv&OuQ2Ec4$_3oTOy$gjZWnssV&C=z$us4w5fA1AWJJt^rc-gASPY3`wKHicADr+ zND2M*`DbYVlPYpd;K%&W=1~A4y`Ul-%D`6?r=2DFl9JE3l>M}11j9P~7BFIejYkD> zN>QKN(B&LPG4=O#VvrF{#EEHPbkm6-0VrkKieA_^vHjvNQ6E#}Sl`O@>Sn%8tCVg= zZ?AloxC;vqO8>^h^g8e6qp4BwuaeWV>!O_4v$}>fZJTHm0EIar2+*0eoz`=J3~BN6 z&uVZB-aot48=sHlzHr#9z9!~CT4rFtteI%JK2}ulk{g1Yj$-#sw5y}NzHDzhT(uHa zPHDbN7sY_7g0-~jK~)k^ffX;Uex#D~I3N*xdHP#-qm|527Yj^;yv%lMFT)zA^iC+M z?L{ANn5!iU{GP??tYUgz-3QU5gN)3nL0O1n5)ytNJ68NqTf|_D)b}9`L>1PHporI^ z@R8~-t`m9Q^3&BUm#OApF-~<@D6sBO?O2J%0xFuHgW&-0=sDtde|P)UC0o2U;G)N> z+y9(d1yr7q3y#Mg!UNn`zG2ZaO@v14oYn$UK`4iu|IK+eAUCXFCcrG~(o)u$oVESJilxN-UX_4d3%(l%w1VS0s`J_dE?l!7*Nj;yDu#OQ zFBhGchHDez3*yZbgQ44 z$f_^HJ&D9GS9m?QaDfFNTkPJ(#tus*{kMn~GlR0~eF|;&?V7N}iTBu>ow#zt=!@~d zAU*QuHL=C9rEy=r>u#B}ve*iEWA{P3xDo?Kd z#`Ap7Xuh@PPFG<7Mu3dPRzi!5K2{E$1!SzZr^=&rD&8d%1&yMU#AQ{Mnd)zQP1GiRx(YI&ih+0Kfs_T;vSo$skjd*OLb?h zaNGeE#*MUBk#q4$ohYlmVvmyeofd%IHIP-pucQqlwuoS$5huORII^&fwuaoM@n!A$ zdn~+V7SB|0%Zu3txQi?!HCd}`nNX<28jDG_N+9dBGH(6|=)@o5Eh7?le6-vauldtY7Bigm&rf`5jhM@-$ z&FZ@QV+sRf(-y!wA9>1_O1gH}KpDjJ(;t!^i$11Yl0fNJED8kr%B6AODc|@8u)+|@ z)nCJ>r)&L^siU^qDcz0y@6O9b-R2Fm#9g@_ZjMb6Hk$bdTUr#{ELO(J&op>xqRvoh zi+frWi@qb@Da0_>fb4f88{kgRCV$<`tgc=D~p)wbBy}OJds zp7Q0%*#6JS%{#fitbRa$Jrm;`??+%wxQB8-GHiV3Pub@`-(PF$7;a3Du4JjH-NZ>O zk8e2WssI^1^k;yIvj0nUhs#6jLW1E$TT8s)3=k1SYUql(A#Kqb1RT z-(4dkGh=)<_ z9-BJ5OT^v$pB%&qvDv0ONdU3^p(7=I{p1+b4|$VQArM`~CtAmNs?WI8O?t}|B@DhGHX0P@w!^#rghHd6m)t?Vw$5S7$u`_brgNkj^5mZRCZ;MaqH6eY$h2WNQS| z*l(z>E-UPw&CZHvd8u0kEr$u->uxp@MH7m_zbmkS3$GfBB*>Lghu#lpR4KsEYL$1Iozc^$}#B~%mt6DdxL1X3{at3Y{! zu=oC_&k$^o}k_`ogZ?X{)=YYekul6Dle!lA)g)Jfzlj1rlY^fIdr5GZBNa7mn1 zw3THORRwmAtiX5jXVxY8G7!dX1&5~5sL>;(LL*{|UNy6}5U+5S&`c1cpoVVK!!%iK z4K=+@WiPToms0oH%?r_{iL)rL`=wR{iBcc%7GIoZ#78Ay9o3< zr(I;3eWw4)ftj%PsYa$$kYlFJj?>$!l$WfL(dm8q&0ffPR-2uZ&CxWWBDGSzzF!|U z#WsQYS|FRcF$^2=YfAl}MM4zulS!K4TH$A0o85eE28$q&V`lP+7B46l(2-2*hpMbw ziOP)h3`=A+rQ(8yYhh?J4AVnJ1euTyoabV&RQtK6dD5aE{o@MlP_`$AY-(&sPk)PQdcsIm_4<83Xkiw-=(k3!n8Ka2!MpdV*S9P-KkY_E8C8nbqQ%LDPV+&VDa8Y69^fOc!`)5+6BMjsO+$lN5D zes7`iEwUsC@7!tZi2?rHEV$JZ3)JrYHTp!)FC#1MDFBl?EgD`0&K4Y#62x&i@ihS_ zNNQn|=}S@^U!lvz^u96#Hb*ZU;oS-;mXu(f-*=Au=9{E`~+T zoP93Uz?P8di32$kxC5ajJE6GEB<_S?UMinta3mQP#*jkO(M4T!<`3)g!(T#8S_#4Q zPH^TdX8xk0LW4vW(q2OL=~v)3agY%qrF~&U2%^1Q{ZgD;N&E`8$GajAwYa_-SbXld9;&=t=_7m;ms)f^;)Iz9TMFJxW+p4a|7 z41tY}n^m6bMOP#jaK4qrMu;<;&zHdr&z*s?dc-4p*sxr)BQU*2=Ebh4pS+au-YTfu zK(`J<3HQ&T`uux`D_^iDD~w*v{cU-jfQ!Ix6umsiuJXdDpOGh9(}`a;X6kP3_;7^58aU~HtE@G4qjEj$`vT7)rcFu=)YyVKhz5IVgy;?>w! zlG+7dlJjuFnhRSua#m)J54>e6rjxZmMaCSk3RG53F>j}@3=*~-%_)vm_u}hC#hd?@za>HR=6Zd zP{7*S+Nns0E5f{0R<1saOo;YI=qVYQ%Bt8CnfjR%$N*>$Ia^aS`Rz3i1#<39G7kA; z`z>1p-~TD^ETf`qyT7e~2nH$ACEe1UA_z#Aw6utTgaQ&nNDo~C0wN_LNH?g&(1U;= z5(5mSLk);D^FPPiJD&Sl>s`|<;Z=b$C?CjZ`H-IRf85!DhGzqkdN30>2;v!UAzeltW5r% z1sT%yuQtAQ?mfNXwhq@#T+6eDhlllG(7R+(&uju5$JjLu-U!^g+2P|tF--B&mt|LG zLOsu)a7cH=zi(K_x~JA`(#k8A+(B8IDk9F|!3(D_@{3_TXj`0fu?VKos+CJ7tMq4q zQY6+Rx5S@B9*n-?Ed^p0sblDeVSFW;;Kuk=YS=0Nr#B_}heW;O$e&JBc;}x>ySj|_ zUx}0uBfu>ug`LB@>GRgIP8}%Oi<0p%>Rk#X$xZDGE|2F3SZUY%)I+w~<0)tEm|;0P5RBUyqRbTa0Yh|Fey z;A>+YwN(7{WJ`dv@Q?U+igj0n*6!%NvX#OUeTHJvkL_15*nVHkgn~8_YI4zvK4by` zxio7P=tV34wGJYBnK$mC6^CMhL?+$`64Js9^z`{vcg z-OSSdeY`5a;)1H`&vM>~gPyZ_@{PSIF_MYKCmW#rjV*#G^%@7zy-kzEDAw9)J_CaM zAAUfiX$Ft75PYtFhZo&B>p_ygxAy5){jrOHT>M31h6FA4IAuxM%`dnM@$4_(aCa$R zP)L@b%irzd<`$~Do}H?;M&+I;R=&@^MSWhF!B-TN3R^sz>wRcFaV-Qf2L!h9 zbaG0Qfh^8p@DHo$6bEx6L^RHFq$0?(w4YZ5y7+~TNQUf#PZxYwuZRY!N(8p(63)d4 zN%_mUdakq%)8A(|j(3~nci|4pFmp_N8(K{rgg(g_D`u1C(U=TfI1v=qDkWP*K2?A0 z-{+w4%h)wfUL%>A!z)^Ajk$X@q*4a}0v*>z z^1kv>&6{qG6&t(f-w4|O`EAy$Rfe9LbB567>v)M&iI~sGeQIe3s8}+}3CCK*#_r~w z-kMOs>$aF(t%ruqR95wOfnskjC+X$uWd$$A$SA0ZZnM)XyS=@M~5`1 zZcvY41hMl)50PQe)&5-n>;lVxIuX+`WOKcV3{4*y8~e%jgWR^o2q#fn5Yxx1Hm^sa zgOWBP{^^$~??R1ASs8B7!XQiA%(6!Qn})ly8=kRLWP#Jykq728EexpbjBzHoM&h;p zz6Xqi+8#5{ww>}oZls5@)g0tfUO}CE6PRga$dyXvu`Ao`|d0;#l$7~D9v2$ZajWPRcWVFJ<;H1HT3IBD;~^;LkEyT z4+?V|x@(0C8&Z#Hoc&BFcu9^xg&9{O1L+S2nx9FN>##q?|CN;jHRYCluYL$4UTS+^@pzt4TwE0Go}#9eEo9Py?XUHxu}_ouF(B1tXAJ3sRGwY9`a zOOYs*;sa|E)XQ822deH-BIi_~kSz}1hAmS!YzFY6jeo$ZY|=IT^MZ3AIY=E~dTCRr z>=uDr_Nw6_-5FDYT9%0;w1U3r``J5 zzKDV3y`R+O-3~U#N#))h{1&^daikQ_%fv*zqOIWNrNV(kHplK=RfuGj$X$fhL?Fm% zZ>U{g@zw}wbL%bAI=0tuP*976rkB5j8LUv{G1PBG`<$$C_`$M2??<>46TklSK-(?S zN{jz8W#y6d(#Xjek)UNbqT~^FA=I)tdD@J`I5s@*&75c%WK7KEbz2e`pdAIdV0}|u z`8{T7Rr=H~Jc3CXCV@tDX^DxY=RN0Z$%#6~UX7mtQNr7gD;zoUhkYxEpXyy8%AS#W z^hM|s^v5+dVT^p$N=W&`rZG}XN|P1#HbXKFF3LTCFEOb#QWv8&O#+Lnu?csnDEBWe z!b~3)D`4t&cM6olv1b>4foA+nj>0c#Xdd=VxOB+OmYFn6M( zjXOdbi+FR9j~d*vCJQ(;X6mT^NW6z1aLA~Sl9AJ+wW-f~C{zSpb!WRICiIzac0?t<0zls!5NWLH_kHmaB;0Qw#gUb#S4qS5A*fqBX z?u?-t)bTmK#>1yY1%<4COAlz?;+vL6qgSpW4V9pi6>sIcvQzB(M2WEigx|UdBhR<5 zY*jx8-R98NgSMnLKiP{QAtoke1UiAgloOu~rft@1;B^0xXFyizVZ@3cbN>6AYSUp_ zFW)I!4;4R*MvFQt_r(800r7Rf4vkLZEI%{=PV--Sj{E-9NOlB;J(5O7IK*!C*arEYN3@bP)^9LO|AM($%@+rv;yP z!|^mm&>&+Viv9nj?3-x#lyET{o8;6EZ&#{;pJ1HrEIA3t>WT{pn!E?Gst4GAs`Dd4zRZfw`;+D+8akd-90&}${!KIB2m+N_i)M1 zF{T6Y6m4E#@F*Ais3>YFEOV*@XKA8hW21fz^srQzUyrxfU=OCg6Y86=0lv)94Ko|6h zDd&5hupHc$8wfev{S1@i zJfwocn$U%sT1cmh)W+tj@wWf1X7MX{5QVY@;u zUk#!n8*ljfHa(Mx#|3p0ONgO{dYPs6DTr<&vSxQ@XS~02j(GBG^7k$fj9S_NC>e zfGRXn`RlT4zU0Ifde-cLG%lz3n}`u$3%v%)1N9Yn7Dt&;MM}c_{Nh%uqCaA;&12;U zb(7b(r1Fob6?nQWEH3rMgZC&v@~{Wp4v%C(X$8mvb4}DdH*k5(rx@9R?x9`$_U*8% zudKKCj?X-~$~j_2F@wpde6KpMo5Yxw&)#Lc_ikGG z4`Fos&X4fn;Hu5`7?wa>!}qQXm(S9P9PJB(Blo!&I}4zfAMM2 zzN^!SkS=~!nPat~fD4NELCXkMMyzgA!EJF3l`yyWN3qjjKKjXfiF4I5u zK&OW!Fk2snlT<49KtLoJ$RpUN>W7Ru$nlA&m=t00sKD*!WDf02+w6RD+(4B`0n4&-mbr(kBpxF?c%HnRMoughJNwgG@c&fulG+60fj_U z2Xd=gs73^JbpZv<&gcNWU!vCv3U+|5RUQe8O$I!aduDWCDJ{%+a@_U>-W5g8Dm$wi z9pj1f2}hTRjGX+*=s6Qe*1>^9hKTQL$q1qkT6dmUPgUCkO4{HHbgxh{V8aYWPL>&K z1JR0u%Uh~{55w!obEp<#2ANkkyceINxqZ$H^#fIVGPYUV;_VobUHlI*SA<=i@O94G zAeg|@{b1bVLhY@&Of{?82YG29;4kDXK(dhy&`V6ofE8lNbpX^0b6;;sE)fx>1)m-djF;#Sx$}!6+^QV< zz_ekJe!4!gPokIoe($gaajFH9S>rkLN-8HXMu`(ZHEjgh=i)Baevq5~+&whKIN4smmprBtR{3R zdVa=NESBb(n!H`l<0R3ub@^{l$F;uGIY-5{3dvJ1H`_w;^Mof^ljZl44FWWvtTujLn5%mN?7O~QrPkC zr0C`s;^&8lo{kz`5RQW8;3z>alPwUUvUG&w{`bbv#pSvecK0XfI9vdFzzVqzQt^G} zCo0m^iHGh&zm3@ePLI&T@jEP*j#%W1$b1AOe68EmJ&Q-h9CSn02w&J^QT=`v4`g%r zMleA(4h|GwpGsE1RYtM9MOqm*CRv*t~iMfivMpdzGk7xYfihwFm?gIdPVFs;t zCska`hJvo<5p8Cj`uOlB2U$pKM7pQE1$`y79}{~95fW$<6Z07}%K0}sOz8F#<$+m^ zAH0s-d~5Yz>kx2$aYRAOWntu6HIxWx-$waCRNVqi#K2rYYG6Xux zDMhyYQbA(pv+hRsLF&K)&>oOU0NrM?Lh%mYTo(5@_2I~eP%JL%q9E2n1H3Edv%qQA zIvkr5Wt{}jURi~fjZCR`H%O)Icptyth|$gY@-I`;s^h6)8m}p5pPJe)lj`Y7gIltT zS-?1@Toe*8r{sivWGgO90?by*JB_^Wq1;Iua^4`cwZD@9VyC|hG};UMm!Twx*Qt_S zb-)_V${;Tj37?Hla2bu#+<-A$3#0aj68Q(*ygz=k7f0+$skHu&ZNdKR2D5!bx2MV z;6T(CizDTs#7%Sz`~YT@7U3(T78T_I!Y$;O^@LgbgFozi=Cdi!#?=kS3hmyk6`13E1C(oRRLU08 zoY(D}?H{EML-Vt!TkPxw*L`Rm%`O!{U`E{poETr z6bT+s5@4WFQ&a!rGV(v)X#vnEvn}VdNGf17re3Dx@BNgo%ErkV37*5BH&jdG2uwF! z#ZCSf)c^F`G#tNu`)0@^9JjYfvh0G9&%^Zze?uOSi*3fY=` z7D50bL~)|Rgbg)Wk!NV#=~nB6d`3vv&KY*$!bIhP*ELxmCX|4~oqSQjoiNoD|Bc(8 zVF3%IT-gDO%U)MFzWgyPO4J)~L#>F2$>H_`tdG5eUJ^+01HAP$hQdZ!Q_IYR% z6Lxs@9Z}@Qy?2(}5g=z-N|j^YQSZ?4EtDT(n}EOEYG>X_C0$0Fz{L{(cs-ypv(X%y z1y2UO9sw%Ojq6=?`4^S4X8djM1r(A``t@rimr>{jP;q8aw?XH#5r~MOFpp z?M!xlT(%Rb`TeR5D4-J_pxyKSG`n<;?l|dw5W;0u3xb~BbawHT3ddvZLjaDi|IO~k zfvc-Ckvq1!e-07@ikTZdi59a9tHl`h&$#8gh^kI)4!xYPJU=Lvsu9ov?l}w}T4i7u zi-B>39ajbYU{~h`d}C3di2vh8O6jg43zT%A#AW?<}n8vWbX(|*k5FkLmeJ%Ewq zHn&u~C5bvjXvQTFW!V(=Wj;9EvK8offqYJ&dePTEPWpo6pL5+Xj)t#?ImB;ooq4Nc zKW@Bizs(;rE3Vg|Mej6LnhJ1>rj@01qhn+C<8Km$K)=vmPNI=jX&se#$N`2Sz{DsU zp3o9T%*xfEAmtk68EHqCe2DSpdCex=afhFMX#iDIDXm<48c5(Y{c``f(Z!(yBeYz4 zSK`Hu{C&0od8K*jt+7;<-^<>e)O?i~^!T{Jw~+-$C!LOVI@xCi{P-8a_Q11Tqb;9` zCGi;ZTh&{dNG`3cs9Rd*?7exWKihpEPb1jQ_G6)-H|)UQm*O>TAqtnjFPcq6nNuK2Cxv>6Q5Y~uo|4T0j&+|^#+^n7=R#Ji^bYUGHBiIai!tJH_6-A7kRDddSX zh}S0u0F!ew=v)*OI_`3hn1Rk;H;z%>=msiaYtBM4;3%c8Qikwy3o8&WbKALKz3}=7 zwV)})+fy=ZQ z$gdpPAD+}fLzvI*_dxS)2L8))#!e>pn;ZopC` zsU9jhzOEo(rm?Cy=LA4FK!H6uwe(ZyCDhUq>$mBKN)e}-djRLhc3|^vyuv~Qzz9o^ z&v6E0YF+6i{SV$Pt*&ao;^;+q;yq1ubeMKmhEwC^e5@R36d4$<7g2A3=bI>1CzlwY zvJ^_eW7ONS)%w=NlQzVQz~xSimp{^}+2ahAhitwy2k`{u@YCD+`dtzS z-QtR-F3{AIkc*}jX98eUZI0ey8K$>6i65)zlZUqQ&ZSrX5Uq(T?7O(@);}M_O0llW zvb)3xvq+p!>80i4cZ_}KR?DuUrLy`BMVkrfkU};O3U1wEKYQ43L46mzFJ{)eYjV=K zAsCc2mYuU~_KI3ZbZ86Dv#7?U$YZ|6S9`7!$*RsmHXMFV>4D(IlGYhLP=gkGt&b>z zqMNsH@6B=D8YGEbgX?S(Bc$9BFCdo;)vH^5)=in)2LyI|{^cfZDsujq0KV9U4|q7r zXF%mtHyAMdQgY|aZ!0PyBBHCS3(!@~A0|<4eWw+`^wGhZV=|6>Mn7CTbTWi4&G6_6 zo>eAS_B+P7If+RNwkQZAG>w$|DyJ9OP_BtD();!;6L z?j7gDYsS6`&uy?=xYsG`)l1?u{w`QqRXWp0k(XF-dhTq%Z1lB>uoIvw0sx_MCbeQb zgi*>%Cq4iOdrT+dL>DJ3EI!9=3=E!~pGfi+vT4mCMfz-jY;B?IhH16WC#8Tnc41+C zP<_e=%7#V0%6&H$J~ijP&e@1ww#Ai?$I0n!|qknm3FT_GBwST znd!REtb%g`@`{#+eD~%uAh#+CXOnAZa5CIkHAkT@+8=ct$ZJO@;FrB#vRuFglQAiw z%b!rIe-e`$)xr`y>AA!MH``GMTBg3mEVAr{dp0CF{>En#$jsJJc;x0;o*pC?xkZ@q z1Cld;&)9MWZTOGX?50%JN+tEyc$IBa17%IOPu9d+;N4j^TN?<)b z-`hGr-5ZjVPwy1a0CG=JzjoJIQzyGKdNQ)taAxTW@JMb!BP^N=l5qecb8^*XanVN9 zR_+m?j?L1rYyT&HxK(}kYp)B#_ zpBrCGZw}WC(*r!tcp^0n2 zHHf7*BG_kBF>d{$hx<;GOG$^~%0G2j8Zi=r9|_PrJ5i)7Zm;s6AxI8Kh4u72E-yX& zZjs@|X_(}BX<6k+*4HJ?x7|DPeyYvC)r_K6Z#zc$RZl z^DPo~c6RkjhK@cn&`$;wD*g3VgwE6CgkO3Xt-w-Y2xZZj#UzcJdT6|Ml~x~e%fNI9qQXx!F*@JAXECX% z+z%~N(Yf^o=1AH5{1(>^2TS=UP5LWevw1Q1f7YFp+m7N}jA2?x4No0sRa&Wc<*ACfpHQp`_O@%`{@eqOQ`2sTen%g>)xkF^;i36#a+H~CUa<}GF|Q=U}ET-HrAT=k<;&!3RVFhjc*7dZ(o6>N z$MRVl80yzg@4s6N0SqYVl>5ez(=}!PftJj%VRQ;}C}H zchsOnYTQRq%kqk-A{6C_r0OT@`ssPlvAcU9UO(+1ztuV$c$!?_glfrx7yjwJJOnW% zZsk}Kq(Ir<_XeU#6d^XPG_-%&D@4)mdd!?XWmW&rgBl{;38V--^xD2Obz0TC?bb2K z(ud-ZEmvLyIo|Ha!?E-+1%IBnblyXdD2_pvx6H^#&C4KVrai!HbZqp2;TNGnH!swL z=57{WI!gqRNyp+?)tX)NiKwzQMu+7JGl>&_O?w`A!{&(^QEXd|+J88%?u@RaNRs*K z`lDU|!s_yz(nIgOGPDP7u-zx6q3Gh`LNoA9q`4MMF5=z&h*$z|0_B;V7^6e6gI|Vn zhOda>&Si!+O1VEmB3-h;5e@~_l|VaEWZp)@4EDc5tXu81yK)s6>Ggqajx3T5I&rG2 zeZjO%9^33g6!nOgC}1Ue6bGGB|K(0={&p;Y11Z4s=NA1xM=W+h`~(h9Z*7%9k^XUE zV2`&HiT~yGb8&LMV<7$QVlyw@1_%G1uE11UR{A@z^q=hvfEpU|$K`=?J*9QaYYt)*O{bU)<(0Hu9nR{#J2 From 3071ea73312f0ec94504dca1937020c4f65c026d Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Wed, 2 Dec 2020 14:35:10 +0530 Subject: [PATCH 042/210] changes for GA --- .../ios-configure-features.md | 12 ++-- .../microsoft-defender-atp-ios.md | 57 +++++++++---------- 2 files changed, 32 insertions(+), 37 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 68c6dfd43f..a0de02a421 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -27,14 +27,6 @@ ms.topic: conceptual > [!NOTE] > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. -> [!IMPORTANT] -> **PUBLIC PREVIEW EDITION** -> -> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability. -> -> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. - - ## Configure compliance policy against jailbroken devices To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you setup the following compliance policy on Intune. @@ -73,3 +65,7 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i ## Web Protection By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. + +## Report unsafe site + +Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit [report unsafe site](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) if you want to report a website that could be phish. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index 1a4cbac837..4fd8f9ef9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -24,53 +24,52 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -> [!IMPORTANT] -> **PUBLIC PREVIEW EDITION** -> -> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability. -> -> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments. - - -The public preview of Defender for Endpoint for iOS will offer protection -against phishing and unsafe network connections from websites, emails, and apps. -All alerts will be available through a single pane of glass in the Microsoft -Defender Security Center. The portal gives security teams a centralized view of threats on +**Microsoft Defender for Endpoint for iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on iOS devices along with other platforms. +> [!CAUTION] +> Running other third-party endpoint protection products alongside Defender for Endpoint for iOS is likely to cause performance problems and unpredictable system errors. + ## Pre-requisites - **For End Users** -- Defender for Endpoint license assigned to the end user(s) of the app. Refer - [Assign licenses to - users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) - for instructions on how to assign licenses. +- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements) + +- Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license. + - Intune Company Portal app can be downloaded from [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). + +- For more information on how to assign licenses, see [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign). **For Administrators** -- Access to the Microsoft Defender Security Center portal +- Access to the Microsoft Defender Security Center portal. -- Access to [Microsoft Endpoint Manager admin - center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app - to enrolled user groups in your organization + > [!NOTE] + > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune. + +- Access to [Microsoft Endpoint Manager admin + center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization **System Requirements** -- iOS devices running iOS 11.0 and later +- iOS devices running iOS 11.0 and above. -- Device is enrolled with Intune Company Portal - [app](https://apps.apple.com/us/app/intune-company-portal/id719171358) +- Device is enrolled with Intune Company Portal [app](https://apps.apple.com/us/app/intune-company-portal/id719171358) + +> [!NOTE] +> **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).** + +## Installation instructions + +Deployment of Microsoft Defender for Endpoint for iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported. +For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md). ## Resources -- Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS) - -- Provide feedback through in-app feedback system or through [SecOps - portal](https://securitycenter.microsoft.com) +- Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS) +- Provide feedback through in-app feedback system or through [SecOps portal](https://securitycenter.microsoft.com) ## Next steps From dedcf7bed7fd94008f896ba5c3b2c45992be5fc0 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 14:38:41 +0530 Subject: [PATCH 043/210] Added back the screenshot --- .../threat-protection/microsoft-defender-atp/ios-install.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 55a8c44542..f37c4359df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -107,6 +107,9 @@ Intune allows you to configure the Defender for iOS app through a App Configurat - Configuration Key: issupervised - Value type: Sting - Configuration Value: {{issupervised}} + + > [!div class="mx-imgBorder"] + ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-6.png) 1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue. From 6d5e594e818a4a885ba8b25e88ddd9ceb6baf889 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:21:01 +0530 Subject: [PATCH 044/210] Minor fixes as suggested --- .../microsoft-defender-atp/ios-configure-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index a0de02a421..abe9bb0a7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -68,4 +68,4 @@ By default, Defender for Endpoint for iOS includes and enables the web protectio ## Report unsafe site -Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit [report unsafe site](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) if you want to report a website that could be phish. +Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [report unsafe site](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site. From 22723dd30f904fb29c351f117ce6accb7f5bce2c Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:25:31 +0530 Subject: [PATCH 045/210] Minor fixes as suggested --- .../microsoft-defender-atp/ios-install.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index f37c4359df..3f4ac6bfb7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -46,7 +46,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. > [!div class="mx-imgBorder"] ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-1.png) -1. On the Add app page, click on **Search the App Store** and type **Microsoft Defender ATP** in the search bar. On the search results section, click on *Microsoft Defender ATP* and click **Select**. +1. On the Add app page, click on **Search the App Store** and type **Microsoft Defender ATP** in the search bar. In the search results section, click on *Microsoft Defender ATP* and click **Select**. 1. Select **iOS 11.0** as the Minimum operating system. Review the rest of information about the app and click **Next**. @@ -58,7 +58,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. > [!div class="mx-imgBorder"] ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-2.png) -1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page. +1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app should be created successfully, and a notification should show up at the top-right corner of the page. 1. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully. @@ -81,11 +81,11 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. ## Configure Microsoft Defender for Endpoint for Supervised Mode -The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, Defender for Endpoint app needs to know if a device is in Supervised mode. +The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, the Defender for Endpoint app needs to know if a device is in Supervised mode. ### Configure Supervised Mode via Intune -Intune allows you to configure the Defender for iOS app through a App Configuration policy. +Intune allows you to configure the Defender for iOS app through an App Configuration policy. > [!NOTE] > This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. @@ -105,7 +105,7 @@ Intune allows you to configure the Defender for iOS app through a App Configurat 1. In the next screen, select **Use configuration designer** as the format. Specify the following property: - Configuration Key: issupervised - - Value type: Sting + - Value type: String - Configuration Value: {{issupervised}} > [!div class="mx-imgBorder"] @@ -115,7 +115,7 @@ Intune allows you to configure the Defender for iOS app through a App Configurat 1. On the **Assignments** page, select the groups that will receive this profile. For this scenario, it is best practice to target **All Devices**. For more information on assigning profiles, see [Assign user and device profiles](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign). - When deploying to user groups, a user must sign-in on a device before the policy applies. + When deploying to user groups, a user must sign in to a device before the policy applies. Click **Next**. From 36603eae838d45b970ede2186fe4752e1480fa9f Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Wed, 2 Dec 2020 22:27:10 +0530 Subject: [PATCH 046/210] Minor fixes as suggested --- .../microsoft-defender-atp/microsoft-defender-atp-ios.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index 4fd8f9ef9a..5b482fe1b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -48,8 +48,7 @@ iOS devices along with other platforms. > [!NOTE] > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune. -- Access to [Microsoft Endpoint Manager admin - center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization +- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization **System Requirements** From b934aa913d7a799d5f26a20114ef0bbdd254db52 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Dec 2020 12:12:37 -0800 Subject: [PATCH 047/210] Added ADMX_MicrosoftDefenderAntivirus policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 93 ++ .../policy-configuration-service-provider.md | 284 ++++ ...cy-csp-admx-microsoftdefenderantivirus.md} | 1407 +++-------------- 4 files changed, 569 insertions(+), 1216 deletions(-) rename windows/client-management/mdm/{policy-csp-admx-windowsdefender.md => policy-csp-admx-microsoftdefenderantivirus.md} (78%) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 639e9356c0..d30cc12164 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -202,6 +202,7 @@ #### [ADMX_Kerberos](policy-csp-admx-kerberos.md) #### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md) #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) +#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md) #### [ADMX_MMC](policy-csp-admx-mmc.md) #### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) #### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index b04813d319..f2b1c25bd5 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -232,6 +232,99 @@ ms.date: 10/08/2020 - [ADMX_LanmanServer/Pol_HonorCipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-honorciphersuiteorder) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr) +- [ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-allowfastservicestartup) +- [ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableantispywaredefender) +- [ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableautoexclusions) +- [ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableblockatfirstseen) +- [ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disablelocaladminmerge) +- [ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disablerealtimemonitoring) +- [ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableroutinelytakingaction) +- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-extensions) +- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-paths) +- [ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exclusions-processes) +- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-asr-asronlyexclusions) +- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-asr-rules) +- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-controlledfolderaccess-allowedapplications) +- [ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-exploitguard-controlledfolderaccess-protectedfolders) +- [ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-mpengine-enablefilehashcomputation) +- [ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-consumers-ips-disablesignatureretirement) +- [ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-consumers-ips-sku-differentiation-signature-set-guid) +- [ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-nis-disableprotocolrecognition) +- [ADMX_MicrosoftDefenderAntivirus/ProxyBypass](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxybypass) +- [ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxypacurl) +- [ADMX_MicrosoftDefenderAntivirus/ProxyServer](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-proxyserver) +- [ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-quarantine-localsettingoverridepurgeitemsafterdelay) +- [ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-quarantine-purgeitemsafterdelay) +- [ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-randomizescheduletasktimes) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablebehaviormonitoring) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disableioavprotection) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disableonaccessprotection) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablerawwritenotification) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-disablescanonrealtimeenable) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-ioavmaxsize) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisablebehaviormonitoring) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisableioavprotection) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisableonaccessprotection) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverridedisablerealtimemonitoring) +- [ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-realtimeprotection-localsettingoverriderealtimescandirection) +- [ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-localsettingoverridescan-scheduletime) +- [ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-scan-scheduleday) +- [ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-remediation-scan-scheduletime) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-additionalactiontimeout) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-criticalfailuretimeout) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-disableenhancednotifications) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-disablegenericreports) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-noncriticaltimeout) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-recentlycleanedtimeout) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-wpptracingcomponents) +- [ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-reporting-wpptracinglevel) +- [ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-allowpause) +- [ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-archivemaxdepth) +- [ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-archivemaxsize) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablearchivescanning) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableemailscanning) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableheuristics) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablepackedexescanning) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disableremovabledrivescanning) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablereparsepointscanning) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablerestorepoint) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablescanningmappednetworkdrivesforfullscan) +- [ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-disablescanningnetworkfiles) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverrideavgcpuloadfactor) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescanparameters) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescheduleday) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverrideschedulequickscantime) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-localsettingoverridescheduletime) +- [ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-lowcpupriority) +- [ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-missedscheduledscancountbeforecatchup) +- [ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-purgeitemsafterdelay) +- [ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-quickscaninterval) +- [ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scanonlyifidle) +- [ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scheduleday) +- [ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-scan-scheduletime) +- [ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-servicekeepalive) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-assignaturedue) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-avsignaturedue) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-definitionupdatefilesharessources) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disablescanonupdate) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disablescheduledsignatureupdateonbattery) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-disableupdateonstartupwithoutengine) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-fallbackorder) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-forceupdatefrommu) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-realtimesignaturedelivery) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-scheduleday) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-scheduletime) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-sharedsignatureslocation) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-signaturedisablenotification) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-signatureupdatecatchupinterval) +- [ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-signatureupdate-updateonstartup) +- [ADMX_MicrosoftDefenderAntivirus/SpynetReporting](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-spynetreporting) +- [ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-spynet-localsettingoverridespynetreporting) +- [ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-threats-threatiddefaultaction) +- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-customdefaultactiontoaststring) +- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-notification-suppress) +- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-suppressrebootnotification) +- [ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-ux-configuration-uilockdown) - [ADMX_MMC/MMC_ActiveXControl](./policy-csp-admx-mmc.md#admx-mmc-mmc-activexcontrol) - [ADMX_MMC/MMC_ExtendView](./policy-csp-admx-mmc.md#admx-mmc-mmc-extendview) - [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 8a993d4783..1e3e29a308 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -940,6 +940,290 @@ The following diagram shows the Policy configuration service provider in tree fo

+### ADMX_MicrosoftDefenderAntivirus policies + +
+
+ ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring +
+
+ ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction +
+
+ ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions +
+
+ ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths +
+
+ ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes +
+
+ ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions +
+
+ ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules +
+
+ ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications +
+
+ ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders +
+
+ ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation +
+
+ ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement +
+
+ ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid +
+
+ ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition +
+
+ ADMX_MicrosoftDefenderAntivirus/ProxyBypass +
+
+ ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl +
+
+ ADMX_MicrosoftDefenderAntivirus/ProxyServer +
+
+ ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay +
+
+ ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay +
+
+ ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring +
+
+ ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection +
+
+ ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime +
+
+ ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay +
+
+ ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents +
+
+ ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay +
+
+ ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime +
+
+ ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval +
+
+ ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup +
+
+ ADMX_MicrosoftDefenderAntivirus/SpynetReporting +
+
+ ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting +
+
+ ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction +
+
+ ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString +
+
+ ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress +
+
+ ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification +
+
+ ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown +
+
+ ### ADMX_MMC policies
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md similarity index 78% rename from windows/client-management/mdm/policy-csp-admx-windowsdefender.md rename to windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 5e550c9817..a582499424 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1,344 +1,305 @@ --- -title: Policy CSP - ADMX_WindowsDefender -description: Policy CSP - ADMX_WindowsDefender +title: Policy CSP - ADMX_MicrosoftDefenderAntivirus +description: Policy CSP - ADMX_MicrosoftDefenderAntivirus ms.author: dansimp ms.localizationpriority: medium ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 08/13/2020 +ms.date: 12/02/2020 ms.reviewer: manager: dansimp --- -# Policy CSP - ADMX_WindowsDefender +# Policy CSP - ADMX_MicrosoftDefenderAntivirus > [!WARNING] > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-## ADMX_WindowsDefender policies +## ADMX_MicrosoftDefenderAntivirus policies
- ADMX_WindowsDefender/AllowFastServiceStartup + ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup
- ADMX_WindowsDefender/CheckForSignaturesBeforeRunningScan + ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender
- ADMX_WindowsDefender/DisableAntiSpywareDefender + ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions
- ADMX_WindowsDefender/DisableAutoExclusions + ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen
- ADMX_WindowsDefender/DisableBlockAtFirstSeen + ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge
- ADMX_WindowsDefender/DisableLocalAdminMerge + ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring
- ADMX_WindowsDefender/DisableRealtimeMonitoring + ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction
- ADMX_WindowsDefender/DisableRoutinelyTakingAction + ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions
- ADMX_WindowsDefender/Exclusions_Extensions + ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths
- ADMX_WindowsDefender/Exclusions_Paths + ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes
- ADMX_WindowsDefender/Exclusions_Processes + ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions
- ADMX_WindowsDefender/ExploitGuard_ASR_ASROnlyExclusions + ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules
- ADMX_WindowsDefender/ExploitGuard_ASR_Rules + ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications
- ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_AllowedApplications + ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders
- ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess + ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation
- ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_ProtectedFolders + ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement
- ADMX_WindowsDefender/ExploitGuard_EnableNetworkProtection + ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
- ADMX_WindowsDefender/MpEngine_EnableFileHashComputation + ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition
- ADMX_WindowsDefender/Nis_Consumers_IPS_DisableSignatureRetirement + ADMX_MicrosoftDefenderAntivirus/ProxyBypass
- ADMX_WindowsDefender/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid + ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl
- ADMX_WindowsDefender/Nis_DisableProtocolRecognition + ADMX_MicrosoftDefenderAntivirus/ProxyServer
- ADMX_WindowsDefender/ProxyBypass + ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay
- ADMX_WindowsDefender/ProxyPacUrl + ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay
- ADMX_WindowsDefender/ProxyServer + ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes
- ADMX_WindowsDefender/Quarantine_LocalSettingOverridePurgeItemsAfterDelay + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring
- ADMX_WindowsDefender/Quarantine_PurgeItemsAfterDelay + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection
- ADMX_WindowsDefender/RandomizeScheduleTaskTimes + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection
- ADMX_WindowsDefender/RealtimeProtection_DisableBehaviorMonitoring + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification
- ADMX_WindowsDefender/RealtimeProtection_DisableIOAVProtection + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable
- ADMX_WindowsDefender/RealtimeProtection_DisableOnAccessProtection + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize
- ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
- ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
- ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection + ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection + ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring + ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection + ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime
- ADMX_WindowsDefender/RealtimeProtection_RealtimeScanDirection + ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout
- ADMX_WindowsDefender/Remediation_LocalSettingOverrideScan_ScheduleTime + ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout
- ADMX_WindowsDefender/Remediation_Scan_ScheduleDay + ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications
- ADMX_WindowsDefender/Remediation_Scan_ScheduleTime + ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts
- ADMX_WindowsDefender/Reporting_AdditionalActionTimeout + ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout
- ADMX_WindowsDefender/Reporting_CriticalFailureTimeout + ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout
- ADMX_WindowsDefender/Reporting_DisableEnhancedNotifications + ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents
- ADMX_WindowsDefender/Reporting_DisablegenericrePorts + ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel
- ADMX_WindowsDefender/Reporting_NonCriticalTimeout + ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause
- ADMX_WindowsDefender/Reporting_RecentlyCleanedTimeout + ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth
- ADMX_WindowsDefender/Reporting_WppTracingComponents + ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize
- ADMX_WindowsDefender/Reporting_WppTracingLevel + ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning
- ADMX_WindowsDefender/Root_PUAProtection + ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning
- ADMX_WindowsDefender/Scan_AllowPause + ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics
- ADMX_WindowsDefender/Scan_ArchiveMaxDepth + ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning
- ADMX_WindowsDefender/Scan_ArchiveMaxSize + ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning
- ADMX_WindowsDefender/Scan_AvgCPULoadFactor + ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning
- ADMX_WindowsDefender/Scan_DisableArchiveScanning + ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint
- ADMX_WindowsDefender/Scan_DisableCatchupFullScan + ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan
- ADMX_WindowsDefender/Scan_DisableCatchupQuickScan + ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles
- ADMX_WindowsDefender/Scan_DisableEmailScanning + ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor
- ADMX_WindowsDefender/Scan_DisableHeuristics + ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters
- ADMX_WindowsDefender/Scan_DisablePackedExeScanning + ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay
- ADMX_WindowsDefender/Scan_DisableRemovableDriveScanning + ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime
- ADMX_WindowsDefender/Scan_DisableReparsePointScanning + ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime
- ADMX_WindowsDefender/Scan_DisableRestorePoint + ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority
- ADMX_WindowsDefender/Scan_DisableScanningMappedNetworkDrivesForFullScan + ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup
- ADMX_WindowsDefender/Scan_DisableScanningNetworkFiles + ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay
- ADMX_WindowsDefender/Scan_LocalSettingOverrideAvgCPULoadFactor + ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval
- ADMX_WindowsDefender/Scan_LocalSettingOverrideScanParameters + ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle
- ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleDay + ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay
- ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleQuickScantime + ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime
- ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleTime + ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive
- ADMX_WindowsDefender/Scan_LowCpuPriority + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue
- ADMX_WindowsDefender/Scan_MissedScheduledScanCountBeforeCatchup + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue
- ADMX_WindowsDefender/Scan_PurgeItemsAfterDelay + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources
- ADMX_WindowsDefender/Scan_QuickScanInterval + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate
- ADMX_WindowsDefender/Scan_ScanOnlyIfIdle + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery
- ADMX_WindowsDefender/Scan_ScanParameters + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine
- ADMX_WindowsDefender/Scan_ScheduleDay + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder
- ADMX_WindowsDefender/Scan_ScheduleQuickScantime + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU
- ADMX_WindowsDefender/Scan_ScheduleTime + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery
- ADMX_WindowsDefender/ServiceKeepAlive + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay
- ADMX_WindowsDefender/SignatureUpdate_ASSignatureDue + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime
- ADMX_WindowsDefender/SignatureUpdate_AVSignatureDue + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation
- ADMX_WindowsDefender/SignatureUpdate_DefinitionUpdateFileSharesSources + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification
- ADMX_WindowsDefender/SignatureUpdate_DisableScanOnUpdate + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval
- ADMX_WindowsDefender/SignatureUpdate_DisableScheduledSignatureUpdateonBattery + ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup
- ADMX_WindowsDefender/SignatureUpdate_DisableUpdateOnStartupWithoutEngine + ADMX_MicrosoftDefenderAntivirus/SpynetReporting
- ADMX_WindowsDefender/SignatureUpdate_FallbackOrder + ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting
- ADMX_WindowsDefender/SignatureUpdate_ForceUpdateFromMU + ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction
- ADMX_WindowsDefender/SignatureUpdate_RealtimeSignatureDelivery + ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString
- ADMX_WindowsDefender/SignatureUpdate_ScheduleDay + ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress
- ADMX_WindowsDefender/SignatureUpdate_ScheduleTime + ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification
- ADMX_WindowsDefender/SignatureUpdate_SharedSignaturesLocation -
-
- ADMX_WindowsDefender/SignatureUpdate_SignatureDisableNotification -
-
- ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateCatchupInterval -
-
- ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateInterval -
-
- ADMX_WindowsDefender/SignatureUpdate_UpdateOnStartup -
-
- ADMX_WindowsDefender/SpynetReporting -
-
- ADMX_WindowsDefender/Spynet_LocalSettingOverrideSpynetReporting -
-
- ADMX_WindowsDefender/SubmitSamplesConsent -
-
- ADMX_WindowsDefender/Threats_ThreatIdDefaultAction -
-
- ADMX_WindowsDefender/Threats_ThreatSeverityDefaultAction -
-
- ADMX_WindowsDefender/UX_Configuration_CustomDefaultActionToastString -
-
- ADMX_WindowsDefender/UX_Configuration_Notification_Suppress -
-
- ADMX_WindowsDefender/UX_Configuration_SuppressRebootNotification -
-
- ADMX_WindowsDefender/UX_Configuration_UILockdown + ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown
@@ -346,7 +307,7 @@ manager: dansimp
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup** @@ -415,78 +376,7 @@ ADMX Info:
-**ADMX_WindowsDefender/CheckForSignaturesBeforeRunningScan** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur before running a scan. - -This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface. - -If you enable this setting, a check for new security intelligence will occur before running a scan. - -If you disable this setting or do not configure this setting, the scan will start using the existing security intelligence. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Check for the latest virus and spyware security intelligence before running a scheduled scan* -- GP name: *CheckForSignaturesBeforeRunningScan* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/DisableAntiSpywareDefender** +**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender** @@ -559,7 +449,7 @@ ADMX Info:
-**ADMX_WindowsDefender/DisableAutoExclusions** +**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
@@ -633,7 +523,7 @@ ADMX Info:
-**ADMX_WindowsDefender/DisableBlockAtFirstSeen** +**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
@@ -708,7 +598,7 @@ ADMX Info:
-**ADMX_WindowsDefender/DisableLocalAdminMerge** +**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
@@ -777,7 +667,7 @@ ADMX Info:
-**ADMX_WindowsDefender/DisableRealtimeMonitoring** +**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
@@ -848,7 +738,7 @@ ADMX Info:
-**ADMX_WindowsDefender/DisableRoutinelyTakingAction** +**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
@@ -917,7 +807,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Exclusions_Extensions** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
@@ -982,7 +872,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Exclusions_Paths** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
@@ -1049,7 +939,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Exclusions_Processes** +**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
@@ -1114,7 +1004,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ExploitGuard_ASR_ASROnlyExclusions** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
@@ -1194,7 +1084,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ExploitGuard_ASR_Rules** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
@@ -1290,7 +1180,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_AllowedApplications** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
@@ -1372,127 +1262,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to: - -- Modify or delete files in protected folders, such as the Documents folder -- Write to disk sectors - -You can also choose to only block or audit writes to disk sectors while still allowing the modification or deletion of files in protected folders. - -Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. -Default system folders are automatically protected, but you can add folders in the Configure protected folders GP setting. - -Block: -The following will be blocked: - -- Attempts by untrusted apps to modify or delete files in protected folders -- Attempts by untrusted apps to write to disk sectors - -The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. - -Disabled: -The following will not be blocked and will be allowed to run: - -- Attempts by untrusted apps to modify or delete files in protected folders -- Attempts by untrusted apps to write to disk sectors - -These attempts will not be recorded in the Windows event log. - -Audit Mode: -The following will not be blocked and will be allowed to run: - -- Attempts by untrusted apps to modify or delete files in protected folders -- Attempts by untrusted apps to write to disk sectors - -The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124. - -Block disk modification only: -The following will be blocked: - -- Attempts by untrusted apps to write to disk sectors - -The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. - -The following will not be blocked and will be allowed to run: - -- Attempts by untrusted apps to modify or delete files in protected folders -These attempts will not be recorded in the Windows event log. - -Audit disk modification only: -The following will not be blocked and will be allowed to run: - -- Attempts by untrusted apps to write to disk sectors -- Attempts by untrusted apps to modify or delete files in protected folders -Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). -Attempts to modify or delete files in protected folders will not be recorded. - -Not configured: -Same as Disabled. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Configure Controlled folder access* -- GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* -- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_ProtectedFolders** +**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders** @@ -1575,84 +1345,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ExploitGuard_EnableNetworkProtection** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. - -Enabled: -Specify the mode in the Options section: - -- Block: Users and applications will not be able to access dangerous domains -- Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. - -Disabled: -Users and applications will not be blocked from connecting to dangerous domains. - -Not configured: -Same as Disabled. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Prevent users and apps from accessing dangerous websites* -- GP name: *ExploitGuard_EnableNetworkProtection* -- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/MpEngine_EnableFileHashComputation** +**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation** @@ -1726,7 +1419,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Nis_Consumers_IPS_DisableSignatureRetirement** +**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
@@ -1795,7 +1488,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid** +**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
@@ -1860,7 +1553,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Nis_DisableProtocolRecognition** +**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
@@ -1929,7 +1622,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ProxyBypass** +**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
@@ -1998,7 +1691,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ProxyPacUrl** +**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
@@ -2073,7 +1766,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ProxyServer** +**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
@@ -2148,7 +1841,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Quarantine_LocalSettingOverridePurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
@@ -2217,7 +1910,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Quarantine_PurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
@@ -2286,7 +1979,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RandomizeScheduleTaskTimes** +**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
@@ -2355,7 +2048,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_DisableBehaviorMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
@@ -2424,7 +2117,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_DisableIOAVProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
@@ -2493,7 +2186,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_DisableOnAccessProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
@@ -2562,7 +2255,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
@@ -2631,7 +2324,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
@@ -2700,7 +2393,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
@@ -2769,7 +2462,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
@@ -2838,7 +2531,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
@@ -2907,7 +2600,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
@@ -2976,7 +2669,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
@@ -3045,7 +2738,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection** +**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
@@ -3114,86 +2807,7 @@ ADMX Info:
-**ADMX_WindowsDefender/RealtimeProtection_RealtimeScanDirection** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. - -Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. - -The options for this setting are mutually exclusive: - -- 0 = Scan incoming and outgoing files (default) -- 1 = Scan incoming files only -- 2 = Scan outgoing files only - -Any other value, or if the value does not exist, resolves to the default (0). - -If you enable this setting, the specified type of monitoring will be enabled. - -If you disable or do not configure this setting, monitoring for incoming and outgoing files will be enabled. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Configure monitoring for incoming and outgoing file and program activity* -- GP name: *RealtimeProtection_RealtimeScanDirection* -- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/Remediation_LocalSettingOverrideScan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime** @@ -3262,7 +2876,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Remediation_Scan_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
@@ -3343,7 +2957,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Remediation_Scan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
@@ -3412,7 +3026,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_AdditionalActionTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
@@ -3477,7 +3091,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_CriticalFailureTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
@@ -3542,7 +3156,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_DisableEnhancedNotifications** +**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
@@ -3610,7 +3224,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_DisablegenericrePorts** +**ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts**
@@ -3679,7 +3293,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_NonCriticalTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
@@ -3743,7 +3357,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_RecentlyCleanedTimeout** +**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
@@ -3808,7 +3422,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_WppTracingComponents** +**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
@@ -3873,7 +3487,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Reporting_WppTracingLevel** +**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
@@ -3945,84 +3559,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Root_PUAProtection** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. - -Enabled: -Specify the mode in the Options section: - -- Block: Potentially unwanted software will be blocked. -- Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. - -Disabled: -Potentially unwanted software will not be blocked. - -Not configured: -Same as Disabled. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Configure detection for potentially unwanted applications* -- GP name: *Root_PUAProtection* -- GP path: *Windows Components\Microsoft Defender Antivirus* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/Scan_AllowPause** +**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause** @@ -4091,7 +3628,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_ArchiveMaxDepth** +**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
@@ -4160,7 +3697,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_ArchiveMaxSize** +**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
@@ -4228,77 +3765,9 @@ ADMX Info:
- -**ADMX_WindowsDefender/Scan_AvgCPULoadFactor** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50. - -If you enable this setting, CPU utilization will not exceed the percentage specified. - -If you disable or do not configure this setting, CPU utilization will not exceed the default value. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify the maximum percentage of CPU utilization during a scan* -- GP name: *Scan_AvgCPULoadFactor* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* - - - -
-**ADMX_WindowsDefender/Scan_DisableArchiveScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning** @@ -4367,145 +3836,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableCatchupFullScan** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. - -If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. - -If you disable or do not configure this setting, catch-up scans for scheduled full scans will be turned off. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Turn on catch-up full scan* -- GP name: *Scan_DisableCatchupFullScan* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/Scan_DisableCatchupQuickScan** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. - -If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. - -If you disable or do not configure this setting, catch-up scans for scheduled quick scans will be turned off. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Turn on catch-up quick scan* -- GP name: *Scan_DisableCatchupQuickScan* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/Scan_DisableEmailScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning** @@ -4574,7 +3905,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableHeuristics** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
@@ -4643,7 +3974,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisablePackedExeScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
@@ -4712,7 +4043,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableRemovableDriveScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
@@ -4781,7 +4112,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableReparsePointScanning** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
@@ -4850,7 +4181,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableRestorePoint** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
@@ -4918,7 +4249,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableScanningMappedNetworkDrivesForFullScan** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan**
@@ -4987,7 +4318,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_DisableScanningNetworkFiles** +**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
@@ -5056,7 +4387,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LocalSettingOverrideAvgCPULoadFactor** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
@@ -5125,7 +4456,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LocalSettingOverrideScanParameters** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
@@ -5194,7 +4525,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
@@ -5263,7 +4594,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleQuickScantime** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
@@ -5332,7 +4663,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LocalSettingOverrideScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
@@ -5401,7 +4732,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_LowCpuPriority** +**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
@@ -5470,7 +4801,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_MissedScheduledScanCountBeforeCatchup** +**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
@@ -5539,7 +4870,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_PurgeItemsAfterDelay** +**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
@@ -5608,7 +4939,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_QuickScanInterval** +**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
@@ -5677,7 +5008,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_ScanOnlyIfIdle** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
@@ -5746,78 +5077,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Scan_ScanParameters** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: - -- 1 = Quick Scan (default) -- 2 = Full Scan - -If you enable this setting, the scan type will be set to the specified value. - -If you disable or do not configure this setting, the default scan type will used. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify the scan type to use for a scheduled scan* -- GP name: *Scan_ScanParameters* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- -**ADMX_WindowsDefender/Scan_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay** @@ -5893,80 +5153,12 @@ ADMX Info: - GP path: *Windows Components\Microsoft Defender Antivirus\Scan* - GP ADMX file name: *WindowsDefender.admx* - - -
- -**ADMX_WindowsDefender/Scan_ScheduleQuickScantime** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing. - -If you enable this setting, a daily quick scan will run at the time of day specified. - -If you disable or do not configure this setting, a daily quick scan will run at a default time. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify the time for a daily quick scan* -- GP name: *Scan_ScheduleQuickScantime* -- GP path: *Windows Components\Microsoft Defender Antivirus\Scan* -- GP ADMX file name: *WindowsDefender.admx* -
-**ADMX_WindowsDefender/Scan_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime** @@ -6035,7 +5227,7 @@ ADMX Info:
-**ADMX_WindowsDefender/ServiceKeepAlive** +**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
@@ -6104,7 +5296,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_ASSignatureDue** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
@@ -6173,7 +5365,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_AVSignatureDue** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
@@ -6242,7 +5434,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_DefinitionUpdateFileSharesSources** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
@@ -6311,7 +5503,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_DisableScanOnUpdate** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
@@ -6380,7 +5572,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_DisableScheduledSignatureUpdateonBattery** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
@@ -6449,7 +5641,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_DisableUpdateOnStartupWithoutEngine** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
@@ -6518,7 +5710,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_FallbackOrder** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
@@ -6589,7 +5781,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_ForceUpdateFromMU** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
@@ -6658,7 +5850,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_RealtimeSignatureDelivery** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
@@ -6727,7 +5919,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_ScheduleDay** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
@@ -6808,7 +6000,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_ScheduleTime** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
@@ -6877,7 +6069,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_SharedSignaturesLocation** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
@@ -6943,7 +6135,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_SignatureDisableNotification** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
@@ -7012,7 +6204,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateCatchupInterval** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
@@ -7081,76 +6273,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SignatureUpdate_SignatureUpdateInterval** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify an interval at which to check for security intelligence updates. The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day). - -If you enable this setting, checks for security intelligence updates will occur at the interval specified. - -If you disable or do not configure this setting, checks for security intelligence updates will occur at the default interval. - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify the interval to check for security intelligence updates* -- GP name: *SignatureUpdate_SignatureUpdateInterval* -- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/SignatureUpdate_UpdateOnStartup** +**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup** @@ -7219,7 +6342,7 @@ ADMX Info:
-**ADMX_WindowsDefender/SpynetReporting** +**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
@@ -7302,7 +6425,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Spynet_LocalSettingOverrideSpynetReporting** +**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
@@ -7368,81 +6491,11 @@ ADMX Info: -
- -**ADMX_WindowsDefender/SubmitSamplesConsent** - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. - -Possible options are: - -- (0x0) Always prompt -- (0x1) Send safe samples automatically -- (0x2) Never send -- (0x3) Send all samples automatically - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Send file samples when further analysis is required* -- GP name: *SubmitSamplesConsent* -- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS* -- GP ADMX file name: *WindowsDefender.admx* - - -
-**ADMX_WindowsDefender/Threats_ThreatIdDefaultAction** +**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction** @@ -7513,85 +6566,7 @@ ADMX Info:
-**ADMX_WindowsDefender/Threats_ThreatSeverityDefaultAction** - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken. - -Valid threat alert levels are: - -- 1 = Low -- 2 = Medium -- 4 = High -- 5 = Severe - -Valid remediation action values are: - -- 2 = Quarantine -- 3 = Remove -- 6 = Ignore - - -> [!TIP] -> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - -ADMX Info: -- GP English name: *Specify threat alert levels at which default action should not be taken when detected* -- GP name: *Threats_ThreatSeverityDefaultAction* -- GP path: *Windows Components\Microsoft Defender Antivirus\Threats* -- GP ADMX file name: *WindowsDefender.admx* - - - -
- - -**ADMX_WindowsDefender/UX_Configuration_CustomDefaultActionToastString** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString** @@ -7660,7 +6635,7 @@ ADMX Info:
-**ADMX_WindowsDefender/UX_Configuration_Notification_Suppress** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
@@ -7729,7 +6704,7 @@ ADMX Info:
-**ADMX_WindowsDefender/UX_Configuration_SuppressRebootNotification** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
@@ -7796,7 +6771,7 @@ ADMX Info:
-**ADMX_WindowsDefender/UX_Configuration_UILockdown** +**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
From 10c9e4a62e5ad199ee047b3288a0750cf495000b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Dec 2020 12:50:39 -0800 Subject: [PATCH 048/210] Formatting --- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index a582499424..f01f693b6e 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1053,8 +1053,8 @@ Enabled: Specify the folders or files and resources that should be excluded from ASR rules in the Options section. Enter each rule on a new line as a name-value pair: -- Name column: Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder -- Value column: Enter ""0"" for each item +- Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder +- Value column: Enter "0" for each item Disabled: No exclusions will be applied to the ASR rules. From 597175655841106f558a730b9db3caacf3b4e036 Mon Sep 17 00:00:00 2001 From: kasiak-msft <66700245+kasiak-msft@users.noreply.github.com> Date: Wed, 2 Dec 2020 13:43:34 -0800 Subject: [PATCH 049/210] Update non-windows.md Added section on Microsoft Defender for Endpoint on iOS now that iOS is in public preview and soon to be GA. Also updated each section titles to remove the second "for" in the title after "for Endpoint". Did the same in the first sentence of each section. Changed "for" to "on" ex: Microsoft Defender for Endpoint on macOS. Updated "Mac" to "macOS" to refer to the OS name and not the device name. --- .../microsoft-defender-atp/non-windows.md | 33 ++++++++++++------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md index 23dd0567e1..102bb001a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -42,38 +42,38 @@ non-Windows platforms, enabling them to get a full picture of what's happening in their environment, which empowers them to more quickly assess and respond to threats. -## Microsoft Defender for Endpoint for Mac +## Microsoft Defender for Endpoint on macOS -Microsoft Defender for Endpoint for Mac offers antivirus and endpoint detection and response (EDR) capabilities for the three +Microsoft Defender for Endpoint on macOS offers antivirus and endpoint detection and response (EDR) capabilities for the three latest released versions of macOS. Customers can deploy and manage the solution through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft -Defender for Endpoint for Mac updates. For information about the key features and +Defender for Endpoint on Mac updates. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS). -For more details on how to get started, visit the Defender for Endpoint for Mac +For more details on how to get started, visit the Defender for Endpoint on macOS [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). -## Microsoft Defender for Endpoint for Linux +## Microsoft Defender for Endpoint on Linux -Microsoft Defender for Endpoint for Linux offers preventative (AV) capabilities for Linux +Microsoft Defender for Endpoint on Linux offers preventative (AV) capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft -Defender for Endpoint for Linux can be deployed and configured using Puppet, Ansible, or +Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux). -For more details on how to get started, visit the Microsoft Defender for Endpoint for +For more details on how to get started, visit the Microsoft Defender for Endpoint on Linux [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). -## Microsoft Defender for Endpoint for Android +## Microsoft Defender for Endpoint on Android -Microsoft Defender for Endpoint for Android is our mobile threat defense solution for +Microsoft Defender for Endpoint on Android is our mobile threat defense solution for devices running Android 6.0 and higher. Both Android Enterprise (Work Profile) and Device Administrator modes are supported. On Android, we offer web protection, which includes anti-phishing, blocking of unsafe connections, and @@ -83,11 +83,20 @@ through integration with Microsoft Endpoint Manager and Conditional Access. For information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android). -For more details on how to get started, visit the Microsoft Defender for Endpoint for +For more details on how to get started, visit the Microsoft Defender for Endpoint on Android [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android). +## Microsoft Defender for Endpoint on iOS +Microsoft Defender for Endpoint on iOS is our mobile threat defense solution for devices +running iOS 11.0 and higher. Both Supervised and Unsupervised devices are supported. +On iOS, we offer web protection which includes anti-phishing, blocking of unsafe connections, and +setting of custom indicators. For more information about the key features and benefits, +read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). + +For more details on how to get started, visit the Microsoft Defender for Endpoint +on iOS [documentation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios). ## Licensing requirements @@ -95,7 +104,7 @@ Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five co devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). -Customers can obtain Microsoft Defender for Endpoint for Mac through a standalone +Customers can obtain Microsoft Defender for Endpoint on macOS through a standalone Microsoft Defender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365 Security. From 9de8233860f5a995b4dd9f03b1fa931d7514fa29 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 3 Dec 2020 06:07:39 +0530 Subject: [PATCH 050/210] Update enroll-a-windows-10-device-automatically-using-group-policy.md This is my own PR , i read that article , and i found latest administrative templates of october 20h2 is missing , so i added to this article --- ...ll-a-windows-10-device-automatically-using-group-policy.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 4354bb8c3e..fa6f14f888 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -183,6 +183,8 @@ Requirements: - 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591) - 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445) + + - 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157) 2. Install the package on the Domain Controller. @@ -197,6 +199,8 @@ Requirements: - 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)** - 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)** + + - 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)** 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. From dc3d2ee64ced0a08d1eaa5f74f61aa66743b525b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 2 Dec 2020 16:53:27 -0800 Subject: [PATCH 051/210] Added desktop policies --- .../mdm/policy-csp-admx-desktop.md | 203 ++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-desktop.md diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md new file mode 100644 index 0000000000..11256a18ee --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -0,0 +1,203 @@ +--- +title: Policy CSP - ADMX_Desktop +description: Policy CSP - ADMX_Desktop +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/02/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Desktop +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Desktop policies + +
+
+ ADMX_Desktop/AD_EnableFilter +
+
+ ADMX_Desktop/AD_HideDirectoryFolder +
+
+ ADMX_Desktop/AD_QueryLimit +
+
+ ADMX_Desktop/ForceActiveDesktopOn +
+
+ ADMX_Desktop/NoActiveDesktop +
+
+ ADMX_Desktop/NoActiveDesktopChanges +
+
+ ADMX_Desktop/NoDesktop +
+
+ ADMX_Desktop/NoDesktopCleanupWizard +
+
+ ADMX_Desktop/NoInternetIcon +
+
+ ADMX_Desktop/NoMyComputerIcon +
+
+ ADMX_Desktop/NoMyDocumentsIcon +
+
+ ADMX_Desktop/NoNetHood +
+
+ ADMX_Desktop/NoPropertiesMyComputer +
+
+ ADMX_Desktop/NoPropertiesMyDocuments +
+
+ ADMX_Desktop/NoRecentDocsNetHood +
+
+ ADMX_Desktop/NoRecycleBinIcon +
+
+ ADMX_Desktop/NoRecycleBinProperties +
+
+ ADMX_Desktop/NoSaveSettings +
+
+ ADMX_Desktop/NoWindowMinimizingShortcuts +
+
+ ADMX_Desktop/Wallpaper +
+
+ ADMX_Desktop/sz_ATC_DisableAdd +
+
+ ADMX_Desktop/sz_ATC_DisableClose +
+
+ ADMX_Desktop/sz_ATC_DisableDel +
+
+ ADMX_Desktop/sz_ATC_DisableEdit +
+
+ ADMX_Desktop/sz_ATC_NoComponents +
+
+ ADMX_Desktop/sz_AdminComponents_Title +
+
+ ADMX_Desktop/sz_DB_DragDropClose +
+
+ ADMX_Desktop/sz_DB_Moving +
+
+ ADMX_Desktop/sz_DWP_NoHTMLPaper +
+
+ + +
+ + +**ADMX_AuditSettings/IncludeCmdLine** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. + +If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. + +If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. + +Default is Not configured. + +> [!NOTE] +> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Include command line in process creation events* +- GP name: *IncludeCmdLine* +- GP path: *System/Audit Process Creation* +- GP ADMX file name: *AuditSettings.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 50dd5d2bb0ba7572375fd1698897f5057c2b3982 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 3 Dec 2020 03:21:14 +0100 Subject: [PATCH 052/210] Endpoints/Intune: update broken URL As reported in issue ticket #8729 (Related Link - Intune Infrastructure - 404), the link to "Network infrastructure requirements for Microsoft Intune" is outdated and returns a 404 error. This is a common issue for all Microsoft Intune links after Intune moved to the /mem/ directory hierarchy, and will continue to be an issue until all unchanged Intune link URLs in the Docs are updated. Based on the discussed options and the current conclusion in the ticket page, it seems practical to use the URL https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints as well as using the page title "Network endpoints for Microsoft Intune" as the new URL description text. Proposed change: - replace broken URL with link to the /mem/ doc page 'intune-endpoints' - use "Network endpoints for Microsoft Intune" as URL text Whitespace changes: - add editorial blank line between metadata and the page title - remove redundant end-of-line whitespace (blanks) - add MarkDown table column alignment for the endpoint tables - standardize whitespace usage in a numbered list Closes #8729 --- .../privacy/manage-windows-1809-endpoints.md | 187 +++++++++--------- 1 file changed, 94 insertions(+), 93 deletions(-) diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index e29d853c05..6ff4c469cf 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -15,6 +15,7 @@ ms.topic: article ms.date: 6/26/2018 ms.reviewer: --- + # Manage connection endpoints for Windows 10 Enterprise, version 1809 **Applies to** @@ -30,17 +31,17 @@ Some Windows components, app, and related services transfer data to Microsoft ne - Using your location to show a weather forecast. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. -Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: -1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). -3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -49,70 +50,70 @@ We used the following methodology to derive these network endpoints: ## Apps -The following endpoint is used to download updates to the Weather app Live Tile. +The following endpoint is used to download updates to the Weather app Live Tile. If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated. | Source process | Protocol | Destination | -|----------------|----------|------------| -| explorer | HTTP | tile-service.weather.microsoft.com | +|:--------------:|:--------:|:------------| +| explorer | HTTP | tile-service.weather.microsoft.com | | | HTTP | blob.weather.microsoft.com | -The following endpoint is used for OneNote Live Tile. -To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoint is used for OneNote Live Tile. +To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | cdn.onenote.net/livetile/?Language=en-US | -The following endpoints are used for Twitter updates. -To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoints are used for Twitter updates. +To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | wildcard.twimg.com | | svchost.exe | | oem.twimg.com/windows/tile.xml | -The following endpoint is used for Facebook updates. -To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoint is used for Facebook updates. +To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | | star-mini.c10r.facebook.com | -The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. -To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. +To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | -The following endpoint is used for Candy Crush Saga updates. -To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoint is used for Candy Crush Saga updates. +To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | TLS v1.2 | candycrushsoda.king.com | -The following endpoint is used for by the Microsoft Wallet app. -To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). -If you disable the Microsoft store, other Store apps cannot be installed or updated. +The following endpoint is used for by the Microsoft Wallet app. +To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). +If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | -The following endpoint is used by the Groove Music app for update HTTP handler status. +The following endpoint is used by the Groove Music app for update HTTP handler status. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. | Source process | Protocol | Destination | @@ -123,7 +124,7 @@ The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | wbd.ms | | | HTTPS | int.whiteboard.microsoft.com | | | HTTPS | whiteboard.microsoft.com | @@ -135,28 +136,28 @@ The following endpoint is used to get images that are used for Microsoft Store s If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | backgroundtaskhost | HTTPS | www.bing.com/client | -The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. +The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | searchui
backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | ## Certificates @@ -164,13 +165,13 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. -These settings are critical for both Windows security and the overall security of the Internet. +These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. | Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | HTTP | ctldl.windowsupdate.com | +|:--------------:|:--------:|:------------| +| svchost | HTTP | ctldl.windowsupdate.com | ## Device authentication @@ -178,7 +179,7 @@ The following endpoint is used to authenticate a device. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | login.live.com/ppsecure | ## Device metadata @@ -187,7 +188,7 @@ The following endpoint is used to retrieve device metadata. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | | dmd.metaservices.microsoft.com.akadns.net | | | HTTP | dmd.metaservices.microsoft.com | @@ -197,21 +198,21 @@ The following endpoint is used by the Connected User Experiences and Telemetry c If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | | cy2.vortex.data.microsoft.com.akadns.net | The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTPS | v10.vortex-win.data.microsoft.com/collect/v1 | The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | wermgr | | watson.telemetry.microsoft.com | | | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | @@ -221,9 +222,9 @@ The following endpoints are used to download fonts on demand. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | | fs.microsoft.com | -| | | fs.microsoft.com/fs/windows/config.json | +| | | fs.microsoft.com/fs/windows/config.json | ## Licensing @@ -231,7 +232,7 @@ The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | ## Location @@ -240,7 +241,7 @@ The following endpoint is used for location data. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTP | location-inference-westus.cloudapp.net | | | HTTPS | inference.location.live.net | @@ -250,16 +251,16 @@ The following endpoint is used to check for updates to maps that have been downl If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated. | Source process | Protocol | Destination | -|----------------|----------|------------| -| svchost | HTTPS | *g.akamaiedge.net | +|:--------------:|:--------:|:------------| +| svchost | HTTPS | *g.akamaiedge.net | ## Microsoft account -The following endpoints are used for Microsoft accounts to sign in. +The following endpoints are used for Microsoft accounts to sign in. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | | login.msa.akadns6.net | | | | login.live.com | | | | account.live.com | @@ -272,29 +273,29 @@ The following endpoint is used for the Windows Push Notification Services (WNS). If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | *.wns.windows.com | -The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. +The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTP | storecatalogrevocation.storequality.microsoft.com | -The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). +The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | | backgroundtransferhost | HTTPS | store-images.microsoft.com | -The following endpoints are used to communicate with Microsoft Store. +The following endpoints are used to communicate with Microsoft Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTP | storeedgefd.dsx.mp.microsoft.com | | | HTTP \ HTTPS | pti.store.microsoft.com | ||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| @@ -302,48 +303,48 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op ## Network Connection Status Indicator (NCSI) -Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. +Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTP | www.msftconnecttest.com/connecttest.txt | ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. | Source process | Protocol | Destination | -|----------------|----------|------------| -| | | *.a-msedge.net | -| hxstr | | *.c-msedge.net | +|:--------------:|:--------:|:------------| +| | | *.a-msedge.net | +| hxstr | | *.c-msedge.net | | | | *.e-msedge.net | | | | *.s-msedge.net | | | HTTPS | ocos-office365-s2s.msedge.net | | | HTTPS | nexusrules.officeapps.live.com | | | HTTPS | officeclient.microsoft.com | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | system32\Auth.Host.exe | HTTPS | outlook.office365.com | The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| |Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| The following endpoint is used to connect the Office To-Do app to it's cloud service. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | |HTTPS|to-do.microsoft.com| ## OneDrive @@ -352,15 +353,15 @@ The following endpoint is a redirection service that’s used to automatically u If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | -|----------------|----------|------------| -| onedrive | HTTPS | oneclient.sfx.ms | +|:--------------:|:--------:|:------------| +| onedrive | HTTPS | oneclient.sfx.ms | ## Settings @@ -368,21 +369,21 @@ The following endpoint is used as a way for apps to dynamically update their con If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | dmclient | | cy2.settings.data.microsoft.com.akadns.net | The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | dmclient | HTTPS | settings.data.microsoft.com | The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTPS | settings-win.data.microsoft.com | ## Skype @@ -390,7 +391,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| |microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | | | HTTPS | browser.pipe.aria.microsoft.com | | | | skypeecs-prod-usw-0-b.cloudapp.net | @@ -401,14 +402,14 @@ The following endpoint is used for Windows Defender when Cloud-based Protection If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service). | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | | wdcp.microsoft.com | The following endpoints are used for Windows Defender definition updates. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | | definitionupdates.microsoft.com | |MpCmdRun.exe|HTTPS|go.microsoft.com | @@ -416,10 +417,10 @@ The following endpoints are used for Windows Defender Smartscreen reporting and If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender-smartscreen), Windows Defender Smartscreen notifications will no appear. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | | HTTPS | ars.smartscreen.microsoft.com | | | HTTPS | unitedstates.smartscreen-prod.microsoft.com | -| | | smartscreen-sn3p.smartscreen.microsoft.com | +| | | smartscreen-sn3p.smartscreen.microsoft.com | ## Windows Spotlight @@ -427,7 +428,7 @@ The following endpoints are used to retrieve Windows Spotlight metadata that des If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight). | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | backgroundtaskhost | HTTPS | arc.msn.com | | backgroundtaskhost | | g.msn.com.nsatc.net | | |TLS v1.2| *.search.msn.com | @@ -440,22 +441,22 @@ The following endpoint is used for Windows Update downloads of apps and OS updat If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | -The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. +The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTP | *.windowsupdate.com | | svchost | HTTP | *.dl.delivery.mp.microsoft.com | -The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. +The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTPS | *.update.microsoft.com | | svchost | HTTPS | *.delivery.mp.microsoft.com | @@ -467,7 +468,7 @@ The following endpoint is used for content regulation. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. | Source process | Protocol | Destination | -|----------------|----------|------------| +|:--------------:|:--------:|:------------| | svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | @@ -478,7 +479,7 @@ The following endpoint is used by the Microsoft forward link redirection service If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded. | Source process | Protocol | Destination | -|----------------|----------|------------| +|----------------|:--------:|------------| |Various|HTTPS|go.microsoft.com| ## Other Windows 10 editions @@ -496,4 +497,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) -- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune) +- [Network endpoints for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints) From 678b680a2d28ceb58c54b20c1d5a51e9134cba06 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 3 Dec 2020 11:34:26 +0500 Subject: [PATCH 053/210] Update enroll-a-windows-10-device-automatically-using-group-policy.md --- ...ll-a-windows-10-device-automatically-using-group-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 4354bb8c3e..f73e248d75 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -113,8 +113,8 @@ Requirements: 4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use. > [!NOTE] - > **Device Credential** Credential Type will also work, however, it is not yet supported for MDM solutions (including Intune). We don't recommend using this option until support is announced. - + > **Device Credential** Credential Type may also work; however, it is not supported by Intune yet. It is not recommended to use this option until support is announced. + ![MDM autoenrollment policy](images/autoenrollment-policy.png) 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. From cbea7eec6d7863d6968676168c3c46cd8fe084fb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 13:40:51 -0800 Subject: [PATCH 054/210] Update automated-investigations.md --- .../automated-investigations.md | 27 ++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 42a409f78e..0f10f2a7b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 10/21/2020 +ms.date: 12/03/2020 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -59,7 +59,7 @@ When an alert is triggered, a security playbook goes into effect. Depending on t During and after an automated investigation, you can view details about the investigation. Select a triggering alert to view the investigation details. From there, you can go to the **Investigation graph**, **Alerts**, **Devices**, **Evidence**, **Entities**, and **Log** tabs. |Tab |Description | -|--|--| +|:--|:--| |**Alerts**| The alert(s) that started the investigation.| |**Devices** |The device(s) where the threat was seen.| |**Evidence** |The entities that were found to be malicious during an investigation.| @@ -82,20 +82,35 @@ As alerts are triggered, and an automated investigation runs, a verdict is gener As verdicts are reached, automated investigations can result in one or more remediation actions. Examples of remediation actions include sending a file to quarantine, stopping a service, removing a scheduled task, and more. (See [Remediation actions](manage-auto-investigation.md#remediation-actions).) -Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. +Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. + +> [!NOTE] +> Additional security settings, such as protection from potentially unwanted applications, can also affect whether remediation actions are taken automatically. See section, [PUA protection and automatic remediation](#pua-protection-and-automatic-remediation), for more details. All remediation actions, whether pending or completed, can be viewed in Action Center. If necessary, your security operations team can undo a remediation action. (See [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).) +## PUA protection and automatic remediation + +As mentioned earlier, the [level of automation](automation-levels.md) set for your organization affects whether remediation actions occur automatically or only upon approval. [Protection from potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (PUA protection), included in Microsoft Defender Antivirus, can also affect whether certain remediation actions are taken automatically. + +The following table shows the relationship between PUA protection and automation levels: + + +|PUA protection setting |Column2 |Column3 | +|---------|---------|---------| +|Row1 | | | +|Row2 | | | +|Row3 | | | + + ## Next steps - [Get an overview of the automated investigations dashboard](manage-auto-investigation.md) - - [Learn more about automation levels](automation-levels.md) - - [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide) ## See also +- [PUA protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) - [Automated investigation and response in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air) - - [Automated investigation and response in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir) From aaea6a38018b0669e1968dfe271cdc0a6487ccca Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Thu, 3 Dec 2020 23:57:18 +0200 Subject: [PATCH 055/210] Update microsoft-defender-advanced-threat-protection.md Rebranding some product names, adding Sentinel to the list of integrations. --- ...oft-defender-advanced-threat-protection.md | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index 0969e12f2d..3b7db4d517 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Microsoft Defender Advanced Threat Protection -description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise endpoint security platform that helps defend against advanced persistent threats. -keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting +title: Microsoft Defender for Endpoint +description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats. +keywords: introduction to Microsoft Defender for Endpoint, introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Microsoft Defender Advanced Threat Protection +# Microsoft Defender for Endpoint [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -123,16 +123,17 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf **[Integration with Microsoft solutions](threat-protection-integration.md)**
- Defender for Endpoint directly integrates with various Microsoft solutions, including: -- Intune -- Office 365 ATP -- Azure ATP +Defender for Endpoint directly integrates with various Microsoft solutions, including: - Azure Security Center -- Skype for Business +- Azure Sentinel +- Intune - Microsoft Cloud App Security +- Microsoft Defender for Identity +- Microsoft Defender for Office +- Skype for Business -**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
- With Microsoft Threat Protection, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. +**[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**
+With Microsoft 365 Defender, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. ## Related topic From b998faccc7005b45a562178805e8551813a9eeab Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 3 Dec 2020 14:17:40 -0800 Subject: [PATCH 056/210] Added Desktop policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 29 + .../policy-configuration-service-provider.md | 92 + .../mdm/policy-csp-admx-desktop.md | 2006 ++++++++++++++++- 4 files changed, 2115 insertions(+), 13 deletions(-) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index d30cc12164..3c50425e06 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -182,6 +182,7 @@ #### [ADMX_CredSsp](policy-csp-admx-credssp.md) #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) #### [ADMX_DataCollection](policy-csp-admx-datacollection.md) +#### [ADMX_Desktop](policy-csp-admx-desktop.md) #### [ADMX_DeviceInstallation](policy-csp-admx-devicenstallation.md) #### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index f2b1c25bd5..39282f0498 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -77,6 +77,35 @@ ms.date: 10/08/2020 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr) - [ADMX_CtrlAltDel/NoLogoff](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-nologoff) - [ADMX_DataCollection/CommercialIdPolicy](./policy-csp-admx-datacollection.md#admx-datacollection-commercialidpolicy) +- [ADMX_Desktop/AD_EnableFilter](./policy-csp-admx-desktop.md#admx-desktop-ad-enablefilter) +- [ADMX_Desktop/AD_HideDirectoryFolder](./policy-csp-admx-desktop.md#admx-desktop-ad-hidedirectoryfolder) +- [ADMX_Desktop/AD_QueryLimit](./policy-csp-admx-desktop.md#admx-desktop-ad-querylimit) +- [ADMX_Desktop/ForceActiveDesktopOn](./policy-csp-admx-desktop.md#admx-desktop-forceactivedesktopon) +- [ADMX_Desktop/NoActiveDesktop](./policy-csp-admx-desktop.md#admx-desktop-noactivedesktop) +- [ADMX_Desktop/NoActiveDesktopChanges](./policy-csp-admx-desktop.md#admx-desktop-noactivedesktopchanges) +- [ADMX_Desktop/NoDesktop](./policy-csp-admx-desktop.md#admx-desktop-nodesktop) +- [ADMX_Desktop/NoDesktopCleanupWizard](./policy-csp-admx-desktop.md#admx-desktop-nodesktopcleanupwizard) +- [ADMX_Desktop/NoInternetIcon](./policy-csp-admx-desktop.md#admx-desktop-nointerneticon) +- [ADMX_Desktop/NoMyComputerIcon](./policy-csp-admx-desktop.md#admx-desktop-nomycomputericon) +- [ADMX_Desktop/NoMyDocumentsIcon](./policy-csp-admx-desktop.md#admx-desktop-nomydocumentsicon) +- [ADMX_Desktop/NoNetHood](./policy-csp-admx-desktop.md#admx-desktop-nonethood) +- [ADMX_Desktop/NoPropertiesMyComputer](./policy-csp-admx-desktop.md#admx-desktop-nopropertiesmycomputer) +- [ADMX_Desktop/NoPropertiesMyDocuments](./policy-csp-admx-desktop.md#admx-desktop-nopropertiesmydocuments) +- [ADMX_Desktop/NoRecentDocsNetHood](./policy-csp-admx-desktop.md#admx-desktop-norecentdocsnethood) +- [ADMX_Desktop/NoRecycleBinIcon](./policy-csp-admx-desktop.md#admx-desktop-norecyclebinicon) +- [ADMX_Desktop/NoRecycleBinProperties](./policy-csp-admx-desktop.md#admx-desktop-norecyclebinproperties) +- [ADMX_Desktop/NoSaveSettings](./policy-csp-admx-desktop.md#admx-desktop-nosavesettings) +- [ADMX_Desktop/NoWindowMinimizingShortcuts](./policy-csp-admx-desktop.md#admx-desktop-nowindowminimizingshortcuts) +- [ADMX_Desktop/Wallpaper](./policy-csp-admx-desktop.md#admx-desktop-wallpaper) +- [ADMX_Desktop/sz_ATC_DisableAdd](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableadd) +- [ADMX_Desktop/sz_ATC_DisableClose](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableclose) +- [ADMX_Desktop/sz_ATC_DisableDel](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disabledel) +- [ADMX_Desktop/sz_ATC_DisableEdit](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-disableedit) +- [ADMX_Desktop/sz_ATC_NoComponents](./policy-csp-admx-desktop.md#admx-desktop-sz-atc-nocomponents) +- [ADMX_Desktop/sz_AdminComponents_Title](./policy-csp-admx-desktop.md#admx-desktop-sz-admincomponents-title) +- [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose) +- [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving) +- [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper) - [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) - [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 1e3e29a308..84380cee7e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -385,6 +385,98 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Desktop policies + +
+
+ ADMX_Desktop/AD_EnableFilter +
+
+ ADMX_Desktop/AD_HideDirectoryFolder +
+
+ ADMX_Desktop/AD_QueryLimit +
+
+ ADMX_Desktop/ForceActiveDesktopOn +
+
+ ADMX_Desktop/NoActiveDesktop +
+
+ ADMX_Desktop/NoActiveDesktopChanges +
+
+ ADMX_Desktop/NoDesktop +
+
+ ADMX_Desktop/NoDesktopCleanupWizard +
+
+ ADMX_Desktop/NoInternetIcon +
+
+ ADMX_Desktop/NoMyComputerIcon +
+
+ ADMX_Desktop/NoMyDocumentsIcon +
+
+ ADMX_Desktop/NoNetHood +
+
+ ADMX_Desktop/NoPropertiesMyComputer +
+
+ ADMX_Desktop/NoPropertiesMyDocuments +
+
+ ADMX_Desktop/NoRecentDocsNetHood +
+
+ ADMX_Desktop/NoRecycleBinIcon +
+
+ ADMX_Desktop/NoRecycleBinProperties +
+
+ ADMX_Desktop/NoSaveSettings +
+
+ ADMX_Desktop/NoWindowMinimizingShortcuts +
+
+ ADMX_Desktop/Wallpaper +
+
+ ADMX_Desktop/sz_ATC_DisableAdd +
+
+ ADMX_Desktop/sz_ATC_DisableClose +
+
+ ADMX_Desktop/sz_ATC_DisableDel +
+
+ ADMX_Desktop/sz_ATC_DisableEdit +
+
+ ADMX_Desktop/sz_ATC_NoComponents +
+
+ ADMX_Desktop/sz_AdminComponents_Title +
+
+ ADMX_Desktop/sz_DB_DragDropClose +
+
+ ADMX_Desktop/sz_DB_Moving +
+
+ ADMX_Desktop/sz_DWP_NoHTMLPaper +
+
+ ### ADMX_DeviceInstallation policies
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md index 11256a18ee..3cabf5f777 100644 --- a/windows/client-management/mdm/policy-csp-admx-desktop.md +++ b/windows/client-management/mdm/policy-csp-admx-desktop.md @@ -115,7 +115,7 @@ manager: dansimp
-**ADMX_AuditSettings/IncludeCmdLine** +**ADMX_Desktop/AD_EnableFilter** @@ -152,22 +152,19 @@ manager: dansimp [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] -> * Device +> * User
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. +Available in the latest Windows 10 Insider Preview Build. Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results. -If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. +If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it. -If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events. +If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu. -Default is Not configured. - -> [!NOTE] -> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data. +To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter. > [!TIP] @@ -179,10 +176,1993 @@ Default is Not configured. ADMX Info: -- GP English name: *Include command line in process creation events* -- GP name: *IncludeCmdLine* -- GP path: *System/Audit Process Creation* -- GP ADMX file name: *AuditSettings.admx* +- GP English name: *Enable filter in Find dialog box* +- GP name: *AD_EnableFilter* +- GP path: *Desktop\Active Directory* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/AD_HideDirectoryFolder** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Hides the Active Directory folder in Network Locations. + +The Active Directory folder displays Active Directory objects in a browse window. + +If you enable this setting, the Active Directory folder does not appear in the Network Locations folder. + +If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder. + +This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide Active Directory folder* +- GP name: *AD_HideDirectoryFolder* +- GP path: *Desktop\Active Directory* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/AD_QueryLimit** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory. + +If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search. + +If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. + +This setting is designed to protect the network and the domain controller from the effect of expansive searches. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Maximum size of Active Directory searches* +- GP name: *AD_QueryLimit* +- GP path: *Desktop\Active Directory* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/ForceActiveDesktopOn** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enables Active Desktop and prevents users from disabling it. + +This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. + +If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. + +> [!NOTE] +> If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Active Desktop* +- GP name: *ForceActiveDesktopOn* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoActiveDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Disables Active Desktop and prevents users from enabling it. + +This setting prevents users from trying to enable or disable Active Desktop while a policy controls it. + +If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it. + +> [!NOTE] +> If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable Active Desktop* +- GP name: *NoActiveDesktop* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoActiveDesktopChanges** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration. + +This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit changes* +- GP name: *NoActiveDesktopChanges* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoDesktop** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations. + +Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent. + +Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide and disable all items on the desktop* +- GP name: *NoDesktop* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoDesktopCleanupWizard** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from using the Desktop Cleanup Wizard. + +If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard. + +If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs. + +> [!NOTE] +> When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove the Desktop Cleanup Wizard* +- GP name: *NoDesktopCleanupWizard* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoInternetIcon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar. + +This setting does not prevent the user from starting Internet Explorer by using other methods. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide Internet Explorer icon on desktop* +- GP name: *NoInternetIcon* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoMyComputerIcon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the "Up" button while this setting is enabled, they view an empty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment. + +If you enable this setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user manages to navigate to Computer, the folder will be empty. + +If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting. + +If you do not configure this setting, the default is to display Computer as usual. + +> [!NOTE] +> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Computer icon on the desktop* +- GP name: *NoMyComputerIcon* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoMyDocumentsIcon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes most occurrences of the My Documents icon. + +This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. + +This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder. + +This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. + +> [!NOTE] +> To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove My Documents icon on the desktop* +- GP name: *NoMyDocumentsIcon* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoNetHood** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes the Network Locations icon from the desktop. + +This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network. + +> [!NOTE] +> In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide Network Locations icon on desktop* +- GP name: *NoNetHood* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoPropertiesMyComputer** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This setting hides Properties on the context menu for Computer. + +If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected. + +If you disable or do not configure this setting, the Properties option is displayed as usual. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Properties from the Computer icon context menu* +- GP name: *NoPropertiesMyComputer* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoPropertiesMyDocuments** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. + +If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following: + +- Right-clicks the My Documents icon. +- Clicks the My Documents icon, and then opens the File menu. +- Clicks the My Documents icon, and then presses ALT+ENTER. + +If you disable or do not configure this policy setting, the Properties menu command is displayed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Properties from the Documents icon context menu* +- GP name: *NoPropertiesMyDocuments* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoRecentDocsNetHood** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Remote shared folders are not added to Network Locations whenever you open a document in the shared folder. + +If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. + +If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not add shares of recently opened documents to Network Locations* +- GP name: *NoRecentDocsNetHood* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoRecycleBinIcon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes most occurrences of the Recycle Bin icon. + +This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. + +This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder. + +> [!NOTE] +> To make changes to this setting effective, you must log off and then log back on. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Recycle Bin icon from desktop* +- GP name: *NoRecycleBinIcon* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoRecycleBinProperties** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes the Properties option from the Recycle Bin context menu. + +If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. + +If you disable or do not configure this setting, the Properties option is displayed as usual. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Remove Properties from the Recycle Bin context menu* +- GP name: *NoRecycleBinProperties* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoSaveSettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from saving certain changes to the desktop. + +If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Don't save settings at exit* +- GP name: *NoSaveSettings* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/NoWindowMinimizingShortcuts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. + +If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse. + +If you disable or do not configure this policy, this window minimizing and restoring gesture will apply. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Aero Shake window minimizing mouse gesture* +- GP name: *NoWindowMinimizingShortcuts* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/Wallpaper** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specifies the desktop background ("wallpaper") displayed on all users' desktops. + +This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file. + +To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification. + +If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice. + +Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel. + +> [!NOTE] +> This setting does not apply to remote desktop server sessions. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Desktop Wallpaper* +- GP name: *Wallpaper* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_ATC_DisableAdd** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from adding Web content to their Active Desktop. + +This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content. + +Also, see the "Disable all items" setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit adding items* +- GP name: *sz_ATC_DisableAdd* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_ATC_DisableClose** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from removing Web content from their Active Desktop. + +In Active Desktop, you can add items to the desktop but close them so they are not displayed. + +If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel. + +> [!NOTE] +> This setting does not prevent users from deleting items from their Active Desktop. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit closing items* +- GP name: *sz_ATC_DisableClose* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_ATC_DisableDel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from deleting Web content from their Active Desktop. + +This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop. + +This setting does not prevent users from adding Web content to their Active Desktop. + +Also, see the "Prohibit closing items" and "Disable all items" settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit deleting items* +- GP name: *sz_ATC_DisableDel* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_ATC_DisableEdit** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the properties of Web content items on their Active Desktop. + +This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit editing items* +- GP name: *sz_ATC_DisableEdit* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_ATC_NoComponents** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Removes Active Desktop content and prevents users from adding Active Desktop content. + +This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. + +> [!NOTE] +> This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Disable all items* +- GP name: *sz_ATC_NoComponents* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_AdminComponents_Title** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Adds and deletes specified Web content items. + +You can use the "Add" box in this setting to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if settings allow), but the items are added again each time the setting is refreshed. + +You can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed. + +> [!NOTE] +> Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again. + +> [!NOTE] +> For this setting to take affect, you must log off and log on to the system. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Add/Delete items* +- GP name: *sz_AdminComponents_Title* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_DB_DragDropClose** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from manipulating desktop toolbars. + +If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars. + +> [!NOTE] +> If users have added or removed toolbars, this setting prevents them from restoring the default configuration. + +> [!TIP] +> To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars." + +Also, see the "Prohibit adjusting desktop toolbars" setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars* +- GP name: *sz_DB_DragDropClose* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_DB_Moving** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars. + +This setting does not prevent users from adding or removing toolbars on the desktop. + +> [!NOTE] +> If users have adjusted their toolbars, this setting prevents them from restoring the default configuration. + +Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit adjusting desktop toolbars* +- GP name: *sz_DB_Moving* +- GP path: *Desktop* +- GP ADMX file name: *Desktop.admx* + + + +
+ + +**ADMX_Desktop/sz_DWP_NoHTMLPaper** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". + +Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow only bitmapped wallpaper* +- GP name: *sz_DWP_NoHTMLPaper* +- GP path: *Desktop\Desktop* +- GP ADMX file name: *Desktop.admx* From 7cd92fc6368a49c3724222a3ec0ca7928fc16405 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Fri, 4 Dec 2020 01:07:33 +0200 Subject: [PATCH 057/210] Update threat-protection-integration.md Rebranding some products, adding Sentinel. --- .../threat-protection-integration.md | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index 6d2a5bffc3..fb51bebfdf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -1,8 +1,7 @@ --- -title: Integrate Microsoft Defender ATP with other Microsoft solutions -ms.reviewer: -description: Learn how Microsoft Defender ATP integrates with other Microsoft solutions, including Azure Advanced Threat Protection and Azure Security Center. -keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security +title: Integrate Microsoft Defender for Endpoint with other Microsoft solutionsms.reviewer: +description: Learn how Microsoft Defender for Endpoint integrates with other Microsoft solutions, including Microsoft Defender for Identity and Azure Security Center. +keywords: microsoft 365 defender, conditional access, office, advanced threat protection, microsoft defender for identity, microsoft defender for office, azure security center, microsoft cloud app security, azure sentinel search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -29,41 +28,43 @@ ms.topic: conceptual ## Integrate with other Microsoft solutions - Microsoft Defender for Endpoint directly integrates with various Microsoft solutions. - -### Azure Advanced Threat Protection (Azure ATP) - Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. +Microsoft Defender for Endpoint directly integrates with various Microsoft solutions. ### Azure Security Center Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers. +### Azure Sentinel +The Microsoft Defender for Endpoint connector lets you stream alerts from Microsoft Defender for Endpoint into Azure Sentinel. This will enable you to more comprehensively analyze security events across your organization and build playbooks for effective and immediate response. + ### Azure Information Protection Keep sensitive data secure while enabling productivity in the workplace through data discovery and data protection. ### Conditional Access Microsoft Defender for Endpoint's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources. - ### Microsoft Cloud App Security Microsoft Cloud App Security leverages Microsoft Defender for Endpoint endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices. -### Office 365 Advanced Threat Protection (Office 365 ATP) -[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. +### Microsoft Defender for Identity +Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities. + +### Microsoft Defender for Office +[Defender for Office 365](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. >[!NOTE] -> Office 365 ATP data is displayed for events within the last 30 days. For alerts, Office 365 ATP data is displayed based on first activity time. After that, the data is no longer available in Office 365 ATP. +> Defender for Office 365 data is displayed for events within the last 30 days. For alerts, Defender for Office 365 data is displayed based on first activity time. After that, the data is no longer available in Defender for Office 365. ### Skype for Business The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal. -## Microsoft Threat Protection - With Microsoft Threat Protection, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. +## Microsoft 365 Defender +With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. - [Learn more about Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) +[Learn more about Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) ## Related topics - [Configure integration and other advanced features](advanced-features.md) -- [Microsoft Threat Protection overview](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) -- [Turn on Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable) +- [Microsoft 365 Defender overview](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) +- [Turn on Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable) - [Protect users, data, and devices with Conditional Access](conditional-access.md) From 8daacc79fef1b70e9c374e128732b6bfe7fa7550 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 15:38:49 -0800 Subject: [PATCH 058/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 0f10f2a7b9..7063b553d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -96,7 +96,7 @@ As mentioned earlier, the [level of automation](automation-levels.md) set for yo The following table shows the relationship between PUA protection and automation levels: -|PUA protection setting |Column2 |Column3 | +|PUA protection setting |Microsoft Defender Antivirus |Automated investigation and remediation | |---------|---------|---------| |Row1 | | | |Row2 | | | From 1a92edcb02bcd30fe8d8439c3e00f9a3096df6a3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 15:47:42 -0800 Subject: [PATCH 059/210] Update automated-investigations.md --- .../automated-investigations.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 7063b553d3..e9d90eeff3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -32,7 +32,7 @@ ms.custom: AIR - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) -Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation capabilities that can help your security operations team address threats more efficiently and effectively. +Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. Watch the following video to see how automated investigation and remediation works: @@ -48,7 +48,7 @@ Automated investigation uses various inspection algorithms and processes used by When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender for Endpoint checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation. >[!NOTE] ->Currently, automated investigation only supports the following OS versions: +>Currently, AIR only supports the following OS versions: >- Windows Server 2019 >- Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441)) or later >- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464/windows-10-update-kb4493464)) or later @@ -96,11 +96,15 @@ As mentioned earlier, the [level of automation](automation-levels.md) set for yo The following table shows the relationship between PUA protection and automation levels: -|PUA protection setting |Microsoft Defender Antivirus |Automated investigation and remediation | +|PUA protection setting
(Microsoft Defender Antivirus) |PUA protection enabled
(AIR) |PUA protection disabled
(AIR) | |---------|---------|---------| -|Row1 | | | -|Row2 | | | -|Row3 | | | +|Enabled |PUA remediated by Microsoft Defender Antivirus and/or AIR |PUA remediated by Microsoft Defender Antivirus | +|Audit mode |PUA remediated by AIR |PUA detected but not remediated | +|Disabled |PUA remediated by AIR |PUA not remediated | + +To configure PUA protection in AIR, go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. Choose **Settings** > **Advanced features**, and then turn on **Always remediate PUA** (or **Allow or block file**). + +To configure PUA protection in Microsoft Defender Antivirus, see [Configure PUA protection in Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus#configure-pua-protection-in-microsoft-defender-antivirus). ## Next steps From e85f8f6b9f651cb8b1c1d70a325ce098e2b14918 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 15:51:40 -0800 Subject: [PATCH 060/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index e9d90eeff3..9c9e381e83 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -99,7 +99,7 @@ The following table shows the relationship between PUA protection and automation |PUA protection setting
(Microsoft Defender Antivirus) |PUA protection enabled
(AIR) |PUA protection disabled
(AIR) | |---------|---------|---------| |Enabled |PUA remediated by Microsoft Defender Antivirus and/or AIR |PUA remediated by Microsoft Defender Antivirus | -|Audit mode |PUA remediated by AIR |PUA detected but not remediated | +|Audit mode |PUA remediated by AIR |PUA detected but not remediated if **Allow or block file** is turned on

PUA remediated if **Always remediate PUA** is turned on | |Disabled |PUA remediated by AIR |PUA not remediated | To configure PUA protection in AIR, go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. Choose **Settings** > **Advanced features**, and then turn on **Always remediate PUA** (or **Allow or block file**). From 2789d509eaf8e2176a4507ad516b5829364af929 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 15:53:05 -0800 Subject: [PATCH 061/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 9c9e381e83..ca920f0e2f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -32,9 +32,7 @@ ms.custom: AIR - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) -Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. - -Watch the following video to see how automated investigation and remediation works: +Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. Want to see how it works? Watch the following video: > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bOeh] From fc1c7de7770e1358fe3749fdd8efa56cdf8db284 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 3 Dec 2020 15:55:06 -0800 Subject: [PATCH 062/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index ca920f0e2f..4a9f9ca84d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -83,7 +83,7 @@ As verdicts are reached, automated investigations can result in one or more reme Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. > [!NOTE] -> Additional security settings, such as protection from potentially unwanted applications, can also affect whether remediation actions are taken automatically. See section, [PUA protection and automatic remediation](#pua-protection-and-automatic-remediation), for more details. +> Additional security settings, such as protection from potentially unwanted applications, can also affect whether remediation actions are taken automatically. For more information, see [PUA protection and automatic remediation](#pua-protection-and-automatic-remediation) (in this article). All remediation actions, whether pending or completed, can be viewed in Action Center. If necessary, your security operations team can undo a remediation action. (See [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).) From fc4a18e9f2a73bcb63e25e45b1d50043a0e49dfd Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Fri, 4 Dec 2020 09:29:58 +0530 Subject: [PATCH 063/210] Minor fixes as suggested --- .../microsoft-defender-atp/ios-configure-features.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index abe9bb0a7b..c45d5983d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -29,10 +29,10 @@ ms.topic: conceptual ## Configure compliance policy against jailbroken devices -To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you setup the following compliance policy on Intune. +To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune. > [!NOTE] -> Currently Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. Some data like your corporate email id and corporate profile picture (if available) will be exposed to the attacker on the jailbroken device. +> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally Follow the steps below to create a compliance policy against jailbroken devices. @@ -68,4 +68,4 @@ By default, Defender for Endpoint for iOS includes and enables the web protectio ## Report unsafe site -Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [report unsafe site](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site. +Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site. From 31a4e8a69e1dcfa582ff398edc1770de6f7357fd Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Fri, 4 Dec 2020 09:49:07 +0530 Subject: [PATCH 064/210] Minor fixes as suggested --- .../microsoft-defender-atp/ios-install.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 3f4ac6bfb7..dd3d8d8f5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -24,16 +24,16 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your device](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll). +This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll). ## Before you begin - Ensure you have access to [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -- Ensure iOS enrollment is done for your users. Users need to have Defender for Endpoint license assigned in order to use Defender for Endpoint for iOS. Refer [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses. +- Ensure iOS enrollment is done for your users. Users need to have a Defender for Endpoint license assigned in order to use Defender for Endpoint for iOS. Refer to [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign) for instructions on how to assign licenses. > [!NOTE] -> **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).** +> Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available in the [Apple App Store](https://aka.ms/mdatpiosappstore). ## Deployment steps @@ -41,7 +41,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. ### Add iOS store app -1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** -> **iOS/iPadOS** -> **Add** -> **iOS store app** and click Select. +1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** -> **iOS/iPadOS** -> **Add** -> **iOS store app** and click **Select**. > [!div class="mx-imgBorder"] ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-1.png) @@ -129,7 +129,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-7.png) - Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded above. - - In the **Assignment** section, select the device group you want to apply this profile to. As a best practice, this should be applied for all managed iOS devices. Click **Next** + - In the **Assignment** section, select the device group to which you want to apply this profile. As a best practice, this should be applied to all managed iOS devices. Click **Next**. - On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list of configuration profiles. ## Next Steps From ae6a4046203574f30156705ff037f544b8155fe5 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Fri, 4 Dec 2020 09:53:34 +0530 Subject: [PATCH 065/210] Minor fixes as suggested --- .../microsoft-defender-atp/microsoft-defender-atp-ios.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index 5b482fe1b8..c964bd1182 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -34,7 +34,7 @@ iOS devices along with other platforms. **For End Users** -- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements) +- Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements). - Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license. - Intune Company Portal app can be downloaded from [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). @@ -48,13 +48,13 @@ iOS devices along with other platforms. > [!NOTE] > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune. -- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization +- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization. **System Requirements** - iOS devices running iOS 11.0 and above. -- Device is enrolled with Intune Company Portal [app](https://apps.apple.com/us/app/intune-company-portal/id719171358) +- Device is enrolled with the [Intune Company Portal app](https://apps.apple.com/us/app/intune-company-portal/id719171358). > [!NOTE] > **Microsoft Defender ATP (Microsoft Defender for Endpoint) for iOS is now available on [Apple App Store](https://aka.ms/mdatpiosappstore).** @@ -66,7 +66,7 @@ For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-i ## Resources -- Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS) +- Stay informed about upcoming releases by visiting our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). - Provide feedback through in-app feedback system or through [SecOps portal](https://securitycenter.microsoft.com) From 241819b507f08adb9b108019fee4ec1e992424b2 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Fri, 4 Dec 2020 09:58:17 +0530 Subject: [PATCH 066/210] Minor fixes --- .../threat-protection/microsoft-defender-atp/ios-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index dd3d8d8f5c..6f0005e8b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -81,7 +81,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. ## Configure Microsoft Defender for Endpoint for Supervised Mode -The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, the Defender for Endpoint app needs to know if a device is in Supervised mode. +The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, the Defender for Endpoint app needs to know if a device is in Supervised Mode. ### Configure Supervised Mode via Intune From 40662b254a1be78de831d6c76ed617a17279ed02 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Fri, 4 Dec 2020 09:59:34 +0530 Subject: [PATCH 067/210] Minor fixes --- .../microsoft-defender-atp/microsoft-defender-atp-ios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index c964bd1182..7aa02ac093 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -37,7 +37,7 @@ iOS devices along with other platforms. - Microsoft Defender for Endpoint license assigned to the end user(s) of the app. See [Microsoft Defender for Endpoint licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements). - Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license. - - Intune Company Portal app can be downloaded from [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). + - Intune Company Portal app can be downloaded from the [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). - For more information on how to assign licenses, see [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign). From 269952bcf126a1c5c940b7627d869669de68cf18 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 06:45:34 -0800 Subject: [PATCH 068/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4a9f9ca84d..0c64c56f52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -100,10 +100,15 @@ The following table shows the relationship between PUA protection and automation |Audit mode |PUA remediated by AIR |PUA detected but not remediated if **Allow or block file** is turned on

PUA remediated if **Always remediate PUA** is turned on | |Disabled |PUA remediated by AIR |PUA not remediated | -To configure PUA protection in AIR, go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. Choose **Settings** > **Advanced features**, and then turn on **Always remediate PUA** (or **Allow or block file**). +### To configure PUA protection in AIR -To configure PUA protection in Microsoft Defender Antivirus, see [Configure PUA protection in Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus#configure-pua-protection-in-microsoft-defender-antivirus). +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. +2. Choose **Settings** > **Advanced features**. +3. Turn on **Always remediate PUA** (or, turn on **Allow or block file**). +### To configure PUA protection in Microsoft Defender Antivirus + +See [Configure PUA protection in Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus#configure-pua-protection-in-microsoft-defender-antivirus). ## Next steps From 3fd8ab03cd4b5817602e080a90cdfb8d657aa887 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 06:46:31 -0800 Subject: [PATCH 069/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 0c64c56f52..4210e8e8c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -104,7 +104,7 @@ The following table shows the relationship between PUA protection and automation 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. 2. Choose **Settings** > **Advanced features**. -3. Turn on **Always remediate PUA** (or, turn on **Allow or block file**). +3. Turn on **Always remediate PUA**. (Alternately, if you don't see the PUA setting, turn on **Allow or block file**.) ### To configure PUA protection in Microsoft Defender Antivirus From 935e2cb1b7113e8e2f051b98e9db5ece51a25594 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 10:22:17 -0800 Subject: [PATCH 070/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index f562eb572d..e31974b861 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -353,6 +353,7 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof | Article | Description | |:---|:---| +|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). This feature supports OS installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | |[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. | |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. | |[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. | From 26e1dea507b256825fd057f4f29e76fe5f900d25 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 10:22:28 -0800 Subject: [PATCH 071/210] Update manage-protection-update-schedule-microsoft-defender-antivirus.md --- ...ge-protection-update-schedule-microsoft-defender-antivirus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md index c9d0582201..add2af0433 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -12,7 +12,6 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 ms.reviewer: manager: dansimp --- From 29181114b99113f31c53acf5380177bd00cbf08c Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 4 Dec 2020 10:30:00 -0800 Subject: [PATCH 072/210] pencil edits --- .../threat-protection-integration.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index fb51bebfdf..133bcab341 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -1,15 +1,15 @@ --- -title: Integrate Microsoft Defender for Endpoint with other Microsoft solutionsms.reviewer: +title: Integrate Microsoft Defender for Endpoint with other Microsoft solutions description: Learn how Microsoft Defender for Endpoint integrates with other Microsoft solutions, including Microsoft Defender for Identity and Azure Security Center. +author: mjcaparas +ms.author: macapara +ms.prod: w10 keywords: microsoft 365 defender, conditional access, office, advanced threat protection, microsoft defender for identity, microsoft defender for office, azure security center, microsoft cloud app security, azure sentinel search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: macapara -author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro From 731fe61c1b17b719771cf2d4db38feb5c88eb346 Mon Sep 17 00:00:00 2001 From: julihooper <65675989+julihooper@users.noreply.github.com> Date: Fri, 4 Dec 2020 11:44:11 -0800 Subject: [PATCH 073/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index f562eb572d..1f38d5f49f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -48,6 +48,8 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). +For a list of recent security intelligence updates please visit: [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). + Engine updates are included with security intelligence updates and are released on a monthly cadence. ## Product updates From ce1c062b9c6f12b9a2960376222aa1ef2335d736 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 12:01:49 -0800 Subject: [PATCH 074/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index b9d89c6272..c5a613f705 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -27,8 +27,8 @@ ms.date: 11/30/2020 There are two types of updates related to keeping Microsoft Defender Antivirus up to date: - - Security intelligence updates - - Product updates +- Security intelligence updates +- Product updates > [!IMPORTANT] > Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. From f8e9ae3208087b68f1108f259e8ad3b809c21b11 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 12:04:03 -0800 Subject: [PATCH 075/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...e-updates-baselines-microsoft-defender-antivirus.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index c5a613f705..df4f121e50 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -77,17 +77,17 @@ All our updates contain
- November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17600.5) + November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)  Security intelligence update version: **1.327.1854.0** - Released: **November 30, 2020** + Released: **December xx, 2020**  Platform: **4.18.2011.6** - Engine: **1.1.17600.5** + Engine: **1.1.17700.4**  Support phase: **Security and Critical Updates** ### What's new -- item1 -- item2 +- Improved SmartScreen status support logging +- Apply CPU throttling policy to manually initiated scans ### Known Issues No known issues From 9ee65b95a4c34fbd797ba04ce5009cb48124b298 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 12:55:54 -0800 Subject: [PATCH 076/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index df4f121e50..227338c58b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 11/30/2020 +ms.date: 12/04/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines From 6d222c3d0bf29cbf557c6ae0a41bae50bc4a40c4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 12:58:18 -0800 Subject: [PATCH 077/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 227338c58b..fd21ceaa2c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -369,7 +369,7 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof | Article | Description | |:---|:---| -|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). This feature supports OS installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | +|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). Get Microsoft Defender Antivirus updates for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 installation images. | |[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. | |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. | |[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. | From 54dd14aa06ffbec813e427e2c136ab430b7c6bcf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 13:26:27 -0800 Subject: [PATCH 078/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index e31974b861..d1c32f3ad7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -348,6 +348,67 @@ The below table provides the Microsoft Defender Antivirus platform and engine ve Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet). +## Updates for Deployment Image Servicing and Management (DISM) + +Your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 OS installation images should be regularly updated. Keeping your OS installation images up to date helps avoid vulnerabilities due to a gap in protection. For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). + +
+1.1.2012.01 + + Package version: **1.1.2012.01** + Platform version: **4.18.2010.7** + Engine version: **1.17600.5** + Signature version: 1.327.1991.0 + +### Fixes +- None + +### Additional information +- None +
+
+1.1.2011.02 + + Package version: **1.1.2011.02** + Platform version: **4.18.2010.7** + Engine version: **1.17600.5** + Signature version: 1.327.658.0 + +### Fixes +- None + +### Additional information +- Refreshed Microsoft Defender Antivirus signatures +
+
+1.1.2011.01 + + Package version: **1.1.2011.01** + Platform version: **4.18.2009.7** + Engine version: **1.17600.5** + Signature version: 1.327.344.0 + +### Fixes +- None + +### Additional information +- None +
+
+1.1.2009.10 + + Package version: **1.1.2011.01** + Platform version: **4.18.2008.9** + Engine version: **1.17400.5** + Signature version: 1.327.2216.0 + +### Fixes +- None + +### Additional information +- Added support for Windows 10 RS1 or later OS install images. +
+
## See also From 71912d942d08028bb6bfa600ff615cb78586d07f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 13:37:04 -0800 Subject: [PATCH 079/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index d1c32f3ad7..ac8ddf1eb8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -350,7 +350,7 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof ## Updates for Deployment Image Servicing and Management (DISM) -Your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 OS installation images should be regularly updated. Keeping your OS installation images up to date helps avoid vulnerabilities due to a gap in protection. For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). +We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016 OS installation images with the latest antivirus and antimalware updates. Keeping your OS installation images up to date helps avoid a gap in protection. For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images).
1.1.2012.01 @@ -358,7 +358,7 @@ Your Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and W  Package version: **1.1.2012.01**  Platform version: **4.18.2010.7**  Engine version: **1.17600.5** - Signature version: 1.327.1991.0 + Signature version: **1.327.1991.0** ### Fixes - None From 9ba5a4bf498e323127b164afddb8398ce31ca4d0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Dec 2020 13:38:56 -0800 Subject: [PATCH 080/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ac8ddf1eb8..8791191c7c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -355,10 +355,10 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
1.1.2012.01 - Package version: **1.1.2012.01** - Platform version: **4.18.2010.7** - Engine version: **1.17600.5** - Signature version: **1.327.1991.0** + Package version: **1.1.2012.01** + Platform version: **4.18.2010.7** + Engine version: **1.17600.5** + Signature version: **1.327.1991.0** ### Fixes - None @@ -369,10 +369,10 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
1.1.2011.02 - Package version: **1.1.2011.02** - Platform version: **4.18.2010.7** - Engine version: **1.17600.5** - Signature version: 1.327.658.0 + Package version: **1.1.2011.02** + Platform version: **4.18.2010.7** + Engine version: **1.17600.5** + Signature version: **1.327.658.0** ### Fixes - None @@ -383,10 +383,10 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
1.1.2011.01 - Package version: **1.1.2011.01** - Platform version: **4.18.2009.7** - Engine version: **1.17600.5** - Signature version: 1.327.344.0 + Package version: **1.1.2011.01** + Platform version: **4.18.2009.7** + Engine version: **1.17600.5** + Signature version: **1.327.344.0** ### Fixes - None @@ -397,10 +397,10 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
1.1.2009.10 - Package version: **1.1.2011.01** - Platform version: **4.18.2008.9** - Engine version: **1.17400.5** - Signature version: 1.327.2216.0 + Package version: **1.1.2011.01** + Platform version: **4.18.2008.9** + Engine version: **1.17400.5** + Signature version: **1.327.2216.0** ### Fixes - None From 922017ec1684b10935e1de2b463767fa191cca09 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:35:50 -0800 Subject: [PATCH 081/210] Update windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 1f38d5f49f..3f20c7f60a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -48,7 +48,7 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md). -For a list of recent security intelligence updates please visit: [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). +For a list of recent security intelligence updates, please visit: [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes). Engine updates are included with security intelligence updates and are released on a monthly cadence. From 01ffab00354b5297726bdfa77321ec0dff0d9bc9 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:40:26 -0800 Subject: [PATCH 082/210] Update windows/security/threat-protection/microsoft-defender-atp/non-windows.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/non-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md index 102bb001a2..d401c3b594 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -91,8 +91,8 @@ Android Microsoft Defender for Endpoint on iOS is our mobile threat defense solution for devices running iOS 11.0 and higher. Both Supervised and Unsupervised devices are supported. -On iOS, we offer web protection which includes anti-phishing, blocking of unsafe connections, and -setting of custom indicators. For more information about the key features and benefits, +On iOS, we offer web protection which includes anti-phishing, blocking unsafe connections, and +setting custom indicators. For more information about the key features and benefits, read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). For more details on how to get started, visit the Microsoft Defender for Endpoint From 688436d77a78ca879ad3210f7ebfcc85f01074cb Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:41:05 -0800 Subject: [PATCH 083/210] Update non-windows.md --- .../threat-protection/microsoft-defender-atp/non-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md index d401c3b594..0cce3c728b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -96,7 +96,7 @@ setting custom indicators. For more information about the key features and benef read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog/label-name/iOS). For more details on how to get started, visit the Microsoft Defender for Endpoint -on iOS [documentation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios). +on iOS [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios). ## Licensing requirements From 446deee5f01ec4637891a2a77093209b6667e498 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:43:50 -0800 Subject: [PATCH 084/210] Update windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...nroll-a-windows-10-device-automatically-using-group-policy.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index f73e248d75..03171b42be 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -114,7 +114,6 @@ Requirements: > [!NOTE] > **Device Credential** Credential Type may also work; however, it is not supported by Intune yet. It is not recommended to use this option until support is announced. - ![MDM autoenrollment policy](images/autoenrollment-policy.png) 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. From 32a997f041ac1eb2a2a12942434738d23a65d9e2 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:45:34 -0800 Subject: [PATCH 085/210] Update enroll-a-windows-10-device-automatically-using-group-policy.md minor edits --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index 03171b42be..2642cd7819 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -113,7 +113,7 @@ Requirements: 4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use. > [!NOTE] - > **Device Credential** Credential Type may also work; however, it is not supported by Intune yet. It is not recommended to use this option until support is announced. + > **Device Credential** Credential Type may work, however, it is not yet supported by Intune. We don't recommend using this option until it's supported. ![MDM autoenrollment policy](images/autoenrollment-policy.png) 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. From 2c3c815484aa5a95db707d15287339fe1b67bea8 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:55:11 -0800 Subject: [PATCH 086/210] Update windows/security/information-protection/bitlocker/bitlocker-overview.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../information-protection/bitlocker/bitlocker-overview.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index ca3e14c35a..91df6ad467 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -74,7 +74,7 @@ The hard disk must be partitioned with at least two drives: - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space. -Partition subject to encryption cannot be marked as an active partition (this applies to OS, fixed data and removable data drives). +A partition subject to encryption cannot be marked as an active partition (this applies to the operating system, fixed data, and removable data drives). When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker. @@ -99,4 +99,3 @@ When installing the BitLocker optional component on a server you will also need | [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. | | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| | [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core | - From 7aff2313b2a8bd2b567aeb2e83d52bf966a995ce Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 4 Dec 2020 15:58:34 -0800 Subject: [PATCH 087/210] Update windows/security/identity-protection/access-control/active-directory-security-groups.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 6522607d9d..ad2c68650b 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -1950,7 +1950,7 @@ This security group has not changed since Windows Server 2008.

Type

-

Domain local

+

Domain Local

Default container

From 66418b6c8b87c1dee134cf78048cb125035305e8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:12:12 -0800 Subject: [PATCH 088/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8791191c7c..ade235d1b8 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -414,7 +414,7 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind | Article | Description | |:---|:---| -|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | Review antimalware update packages for your OS installation images (WIM and VHD files). This feature supports OS installation images for Windows 10 (Enterprise, Pro, and Home editions), Windows Server 2019, and Windows Server 2016. | +|[Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images) | You can update antimalware for your Windows OS (Windows Server 2019, and Windows Server 2016) installation images (WIM and VHD files). | |[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. | |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. | |[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. | From 218a4bb0b33b07bbff900c81b0f0d23b3006cd62 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:17:11 -0800 Subject: [PATCH 089/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index ade235d1b8..a4465f83c0 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 11/06/2020 +ms.date: 12/05/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines From bf56cd3b8e111511adc503e953d8ec9d9630e7af Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:21:52 -0800 Subject: [PATCH 090/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index fd21ceaa2c..8ce6b4e9e3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 12/04/2020 +ms.date: 12/05/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines @@ -80,7 +80,7 @@ All our updates contain November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)  Security intelligence update version: **1.327.1854.0** - Released: **December xx, 2020** + Released: **December 03, 2020**  Platform: **4.18.2011.6**  Engine: **1.1.17700.4**  Support phase: **Security and Critical Updates** From b866cb127fba13b9e7594accebebcea794149e4a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:25:10 -0800 Subject: [PATCH 091/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 8ce6b4e9e3..df7d01b605 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -32,10 +32,9 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u > [!IMPORTANT] > Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. -> This also applies to devices where Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). +> Make sure to update your antivirus protection even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). > -> You can use the below URL to find out what are the current versions: -> [https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info) +> To see the most current engine, platform, and signature date, visit the [security encyclopedia packages site](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info) ## Security intelligence updates From d8029adc4cf7ebdf18cd5cc6cceedad8764bed69 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:25:23 -0800 Subject: [PATCH 092/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index df7d01b605..68cd22e20c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -34,7 +34,7 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u > Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. > Make sure to update your antivirus protection even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). > -> To see the most current engine, platform, and signature date, visit the [security encyclopedia packages site](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info) +> To see the most current engine, platform, and signature date, visit the [security encyclopedia packages site](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info). ## Security intelligence updates From 0a85ec52b1e50bcaecb0d43a16021c88b06a6c59 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Sat, 5 Dec 2020 08:30:22 -0800 Subject: [PATCH 093/210] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 68cd22e20c..a0d9e8ebc6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -34,7 +34,7 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u > Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques. > Make sure to update your antivirus protection even if Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). > -> To see the most current engine, platform, and signature date, visit the [security encyclopedia packages site](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info). +> To see the most current engine, platform, and signature date, visit the [Microsoft security encyclopedia](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info). ## Security intelligence updates From 875568eadfe78cd14ab87461f0013a8fb97165bc Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Sun, 6 Dec 2020 00:33:16 +0100 Subject: [PATCH 094/210] MarkDown syntax highlighting, whitespace cleanup As I mentioned in PR #8704 (**Format of resolution for "The TPM is locked out."**), "ps" does not identify as a syntax highlighting code keyword for PowerShell. The keywords "powershell" or "PowerShell" should be used in the current implementation of GitHub Flavored MarkDown (GFM). The syntax highlighting added in PR PR #8704, "ps" translates to PostScript via one of its filename extensions (.ps, .eps, .epsi, .pfa), whereas PowerShell can only be identified via its filename extensions .ps1, .psd1, .psm1 when not using its dedicated keyword PowerShell/powershell. Secondary IDs like filename extensions are discouraged as long as known keywords exist and are valid. The Linguist project here on GitHub (https://github.com/github/linguist) for a complete list of syntax highlighting keywords: - https://github.com/github/linguist/blob/master/lib/linguist/languages.yml ("Defines all Languages known to GitHub.") Proposed changes: - correct the MarkDown code block syntax highlighting keyword "ps" to "powershell" Whitespace changes: - remove redundant end-of-line blanks - reduce the spacing between metadata and page title from 2 to 1 blank line - add missing NewLine at end-of-file (last line) Ticket closure or reference: ref. #8704 --- .../ts-bitlocker-cannot-encrypt-tpm-issues.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 7d66ced22c..121d7cd8a1 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -1,5 +1,5 @@ --- -title: BitLocker cannot encrypt a drive known TPM issues +title: BitLocker cannot encrypt a drive known TPM issues description: Provides guidance for troubleshooting known issues that may prevent BitLocker Drive Encryption from encrypting a drive, and that you can attribute to the TPM ms.reviewer: kaushika ms.technology: windows @@ -16,7 +16,6 @@ ms.date: 10/18/2019 ms.custom: bitlocker --- - # BitLocker cannot encrypt a drive: known TPM issues This article describes common issues that affect the Trusted Platform Module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. @@ -38,7 +37,7 @@ To resolve this issue, follow these steps: 1. Open an elevated PowerShell window and run the following script: - ```ps + ```powershell $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} @@ -69,7 +68,7 @@ To resolve this issue, disable and re-enable the TPM. To do this, follow these s If you still cannot prepare the TPM, clear the existing TPM keys. To do this, follow the instructions in [Troubleshoot the TPM: Clear all the keys from the TPM](https://docs.microsoft.com/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm). > [!WARNING] -> Clearing the TPM can cause data loss. +> Clearing the TPM can cause data loss. ## Access Denied: Failed to backup TPM Owner Authorization information to Active Directory Domain Services. Errorcode: 0x80070005 @@ -81,7 +80,7 @@ The TPM did not have sufficient permissions on the TPM Devices container in Acti This issue appears to be limited to computers that run versions of Windows that are earlier than Windows 10. -### Resolution +### Resolution To verify that you have correctly identified this issue, use one of the following methods: @@ -90,7 +89,7 @@ To verify that you have correctly identified this issue, use one of the followin 1. To review the TPM information for the affected computer, open an elevated Windows PowerShell window and run the following command: - ```ps + ```powershell Get-ADComputer -Filter {Name -like "ComputerName"} -Property * | Format-Table name,msTPM-TPMInformationForComputer ``` @@ -100,7 +99,7 @@ To verify that you have correctly identified this issue, use one of the followin ## Cannot prepare the TPM, error 0x80072030: "There is no such object on the server" -Your domain controllers were upgraded from Windows Server 2008 R2to Windows Server 2012 R2. A Group Policy Object (GPO) enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. +Your domain controllers were upgraded from Windows Server 2008 R2to Windows Server 2012 R2. A Group Policy Object (GPO) enforces the **Do not enable BitLocker until recovery information is stored in AD DS** policy. You cannot turn on BitLocker Drive Encryption on a device. You use the TPM management console (tpm.msc) to prepare the TPM on a device. The operation fails and you see a message that resembles the following: @@ -121,10 +120,10 @@ To resolve this issue, follow these steps: 1. In the script, modify the value of **strPathToDomain** to your domain name. 1. Open an elevated PowerShell window, and run the following command: - ```ps + ```powershell cscript Add-TPMSelfWriteACE.vbs ``` - + In this command \<*Path*> is the path to the script file. For more information, see the following articles: From de220ad3acdb54c48e8bbee1245e6d811c96c3c1 Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 5 Dec 2020 23:34:20 -0800 Subject: [PATCH 095/210] Uploaded file: education-content-updates.md - 2020-12-05 23:34:20.3646 --- education/includes/education-content-updates.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 3c22125793..36578af4bf 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,10 +2,9 @@ -## Week of October 19, 2020 +## Week of November 30, 2020 | Published On |Topic title | Change | |------|------------|--------| -| 10/22/2020 | [Microsoft 365 Education Documentation for developers](/education/developers) | modified | -| 10/22/2020 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified | +| 12/4/2020 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | From 2e9a06292e1d39d90dd0b6596e071a322a563c8d Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 18:01:16 +0530 Subject: [PATCH 096/210] Update microsoft-defender-atp-android.md Currently, Personally-owned devices with work profile and Corporate-owned, fully managed user device enrolments are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready. --- .../microsoft-defender-atp/microsoft-defender-atp-android.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index e71d9f1081..8fe16c9e8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -74,7 +74,7 @@ This topic describes how to install, configure, update, and use Defender for End Microsoft Defender for Endpoint for Android supports installation on both modes of enrolled devices - the legacy Device Administrator and Android Enterprise modes. -**Currently, only Work Profile enrolled devices are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.** +**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.** Deployment of Microsoft Defender for Endpoint for Android is via Microsoft Intune (MDM). For more information, see [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md). From 46075540db7e7b4cdd81be6e41423fd2509dc8e5 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 18:13:42 +0530 Subject: [PATCH 097/210] Update android-intune.md Changes made Currently, Personally-owned devices with work profile and Corporate-owned, fully managed user device enrolments are supported for deployment. --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index ddba7d596d..3cb1d6cdca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -112,7 +112,7 @@ For more information on the enrollment options supported by Intune, see [Enrollment Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) . -Currently only Personal devices with Work Profile enrolled are supported for deployment. +Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported for deployment. From ed2d5885f1203712d5e876db279f72bf7db9085c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 6 Dec 2020 17:49:27 +0500 Subject: [PATCH 098/210] Update customize-exploit-protection.md --- .../customize-exploit-protection.md | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index e0f6337ab6..31efaf211b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -62,13 +62,13 @@ Code integrity guard | Restricts loading of images signed by Microsoft, WHQL, or Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] Don't allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] +Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] +Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] +Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] +Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] +Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] > [!IMPORTANT] > If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work: @@ -234,13 +234,13 @@ Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreS Disable extension points | App-level only | ExtensionPoint | Audit not available Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess -Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available -Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available -Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available -Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available +Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\] +Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\] +Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\] +Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\] Validate handle usage | App-level only | StrictHandle | Audit not available Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available -Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available +Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\] \[1\]: Use the following format to enable EAF modules for dlls for a process: @@ -248,6 +248,8 @@ Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll ``` +\[2\]: Audit for this mitigation is not available via Powershell cmdlets. + ## Customize the notification For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center). From f42effb432e45587efa798d39bad7354bb3431bc Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 18:39:41 +0530 Subject: [PATCH 099/210] Update android-intune.md --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 3cb1d6cdca..4e41aadadd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -112,7 +112,7 @@ For more information on the enrollment options supported by Intune, see [Enrollment Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) . -Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported for deployment. +**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported for deployment.** From 19ad2c7ff4f79c408f8baf7b1b56ddd72fe4edb2 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 18:48:49 +0530 Subject: [PATCH 100/210] Update android-intune.md --- .../microsoft-defender-atp/android-intune.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index ddba7d596d..27d5a07aae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -254,9 +254,7 @@ displayed here. > ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png) -2. On the device, you can confirm the same by going to the **work profile** and -confirm that Defender for Endpoint is available. - +2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to **Personally-owned devices with work profile**. If you are enrolled to **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available. ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png) 3. When the app is installed, open the app and accept the permissions From 70c86ca87adeb55ef885836bca7193f2d12ea5d8 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Sun, 6 Dec 2020 23:33:50 +0530 Subject: [PATCH 101/210] Update android-intune.md --- .../microsoft-defender-atp/android-intune.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index ddba7d596d..8df0232412 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -244,6 +244,45 @@ the *Required* section \> **Add group,** selecting the user group and click above. Then select **Review + Save** and then **Save** again to commence assignment. +### Auto Setup of Always-on VPN +Defender for Endpoint supports Device configuration policies for managed devices via Intune. This capability can be leveraged to **Auto setup of Always-on VPN** on Android Enterprise enrolled devices, so the end user does not need to setup VPN service while onboarding. +1. On **Devices** Page go to **Configuration Profiles** > **Create Profile** > **Platform** > **Android Enterprise** +Select **Device restrictions** under one of the following, based on your device enrollment type +- **Fully Managed, Dedicated, and Corporate-Owned Work Profile** +- **Personally-Owned Work Profile** + +Select **Create** + + > ![Image of devices configuration profile create](images/1autosetupofvpn.png) + + 2. **Configuration Settings** + Provide **Name** and **Description** to uniquely identify the configuration profile. + + > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) + + 3. Select **Connectivity** and configure VPN +- Enable **Always-on VPN** +Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. +- Select **Custom** in VPN client dropdown list +Custom VPN in this case is Defender for Endpoint VPN which is used to provide the Web Protection feature. + >[!NOTE] + >Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. + +- Enter **Package ID** of the Microsoft Defender ATP app in Google Play store. For the Defender app URL https://play.google.com/store/apps/details?id=com.microsoft.scmx, Package ID is **com.microsoft.scmx** +- **Lockdown mode** Not configured (Default) + + > ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) + +4. **Assignment** +In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups** to include and selecting the applicable group and then click **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. + + > ![Image of devices configuration profile Assignment](images/4autosetupofvpn.png) + +5. In the **Review + Create** page that comes up next, review all the information and then select **Create**. +The device configuration profile is now assigned to the selected user group. + + > ![Image of devices configuration profile Review and Create](images/5autosetupofvpn.png) + ## Complete onboarding and check status 1. Confirm the installation status of Microsoft Defender for Endpoint for Android by From c97dd827aabde4bd7021025f0f3f1b46f7c5c0e9 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:12:26 +0530 Subject: [PATCH 102/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 8df0232412..9ea37593b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -251,7 +251,7 @@ Select **Device restrictions** under one of the following, based on your device - **Fully Managed, Dedicated, and Corporate-Owned Work Profile** - **Personally-Owned Work Profile** -Select **Create** +Select **Create**. > ![Image of devices configuration profile create](images/1autosetupofvpn.png) From 87ec63a50d87e0001bb5c5db22f13cd0ff913174 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:12:48 +0530 Subject: [PATCH 103/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 9ea37593b4..1149d15bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -256,7 +256,7 @@ Select **Create**. > ![Image of devices configuration profile create](images/1autosetupofvpn.png) 2. **Configuration Settings** - Provide **Name** and **Description** to uniquely identify the configuration profile. + Provide a **Name** and a **Description** to uniquely identify the configuration profile. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) From e08a950b16126d263fef859ac6fcd248f49f4f1c Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:13:25 +0530 Subject: [PATCH 104/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/android-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 1149d15bfa..124eeeb54b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -265,8 +265,8 @@ Select **Create**. Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. - Select **Custom** in VPN client dropdown list Custom VPN in this case is Defender for Endpoint VPN which is used to provide the Web Protection feature. - >[!NOTE] - >Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. + > [!NOTE] + > Microsoft Defender ATP app must be installed on user’s device, in order to functioning of auto setup of this VPN. - Enter **Package ID** of the Microsoft Defender ATP app in Google Play store. For the Defender app URL https://play.google.com/store/apps/details?id=com.microsoft.scmx, Package ID is **com.microsoft.scmx** - **Lockdown mode** Not configured (Default) From 2975e8acfa91749298141474876992b1cbb89d0d Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 09:13:53 +0530 Subject: [PATCH 105/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 124eeeb54b..c895bc6d61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -260,7 +260,7 @@ Select **Create**. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) - 3. Select **Connectivity** and configure VPN + 3. Select **Connectivity** and configure VPN: - Enable **Always-on VPN** Setup a VPN client in the work profile to automatically connect and reconnect to the VPN whenever possible. Only one VPN client can be configured for always-on VPN on a given device, so be sure to have no more than one always-on VPN policy deployed to a single device. - Select **Custom** in VPN client dropdown list From 43796254aae662ed3a432c4091b81ce8bc1ae4dc Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:16:19 +0530 Subject: [PATCH 106/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 27d5a07aae..4f62a74df9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -254,7 +254,7 @@ displayed here. > ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png) -2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to **Personally-owned devices with work profile**. If you are enrolled to **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available. +2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to the **Personally-owned devices with work profile**. If you are enrolled to a **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available. ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png) 3. When the app is installed, open the app and accept the permissions From 4547ca1ab9df74e061d6576bd09439c8f62e7ebf Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:26:44 +0530 Subject: [PATCH 107/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 4e41aadadd..dd2c89569a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -112,7 +112,7 @@ For more information on the enrollment options supported by Intune, see [Enrollment Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) . -**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported for deployment.** +**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.** From 385d281af5f89c8bd9a9373993a8fc6cc17fd6c6 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:27:14 +0530 Subject: [PATCH 108/210] Update windows/security/threat-protection/microsoft-defender-atp/android-intune.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/android-intune.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index dd2c89569a..31113f8337 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -109,8 +109,7 @@ list in Microsoft Defender Security Center. Defender for Endpoint for Android supports Android Enterprise enrolled devices. For more information on the enrollment options supported by Intune, see -[Enrollment -Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) . +[Enrollment Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll). **Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.** From 33a50f238a6992b067d42eb91c6aed32f4022ec2 Mon Sep 17 00:00:00 2001 From: Shravan Thota <57046359+shthota77@users.noreply.github.com> Date: Mon, 7 Dec 2020 12:11:42 +0530 Subject: [PATCH 109/210] Update android-intune.md --- .../microsoft-defender-atp/android-intune.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index c895bc6d61..97fbc058cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -252,10 +252,10 @@ Select **Device restrictions** under one of the following, based on your device - **Personally-Owned Work Profile** Select **Create**. - - > ![Image of devices configuration profile create](images/1autosetupofvpn.png) - 2. **Configuration Settings** + > ![Image of devices configuration profile Create](images/1autosetupofvpn.png) + +2. **Configuration Settings** Provide a **Name** and a **Description** to uniquely identify the configuration profile. > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) @@ -272,7 +272,7 @@ Custom VPN in this case is Defender for Endpoint VPN which is used to provide th - **Lockdown mode** Not configured (Default) > ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) - + 4. **Assignment** In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups** to include and selecting the applicable group and then click **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. From 2574972b52d98a7fe77975d8128721cb97eebe13 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 7 Dec 2020 11:54:50 +0200 Subject: [PATCH 110/210] add note about 3rd party AV compatibility https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8695#issuecomment-738723316 --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 09984de193..34544835e7 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -95,7 +95,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). > [!IMPORTANT] -> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. Endpoint DLP depends on real-time protection to operate. +> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. It won't conflict with 3rd party AV solutions installed on the endpoint. Endpoint DLP depends on real-time protection to operate. ## See also From 8c5c4468c9bc020b635d54775702f7bf4b40899c Mon Sep 17 00:00:00 2001 From: Ikko Ashimine Date: Mon, 7 Dec 2020 20:58:59 +0900 Subject: [PATCH 111/210] Fix typo Micosoft -> Microsoft --- .../client-management/mdm/get-localized-product-details.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index c2e89912d8..5fe5a162e2 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -1,6 +1,6 @@ --- title: Get localized product details -description: The Get localized product details operation retrieves the localization information of a product from the Micosoft Store for Business. +description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business. ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901 ms.reviewer: manager: dansimp @@ -14,7 +14,7 @@ ms.date: 09/18/2017 # Get localized product details -The **Get localized product details** operation retrieves the localization information of a product from the Micosoft Store for Business. +The **Get localized product details** operation retrieves the localization information of a product from the Microsoft Store for Business. ## Request From dfcf5cb375e92405a70379a94cc20496ca9c19c4 Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Mon, 7 Dec 2020 18:13:16 +0530 Subject: [PATCH 112/210] adding images for auto-VPN --- .../images/1autosetupofvpn.png | Bin 0 -> 76811 bytes .../images/2autosetupofvpn.png | Bin 0 -> 23782 bytes .../images/3autosetupofvpn.png | Bin 0 -> 27188 bytes .../images/4autosetupofvpn.png | Bin 0 -> 34221 bytes .../images/5autosetupofvpn.png | Bin 0 -> 39309 bytes 5 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/1autosetupofvpn.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/2autosetupofvpn.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/3autosetupofvpn.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/4autosetupofvpn.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/5autosetupofvpn.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1autosetupofvpn.png b/windows/security/threat-protection/microsoft-defender-atp/images/1autosetupofvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..00a76300e93732b3ec4693f762894198453988dc GIT binary patch literal 76811 zcmYJa19T*h(>0uAla1|-v$3(UH?}s}*tTuk+}PH}wzaWs+nBF^|L45t>vPhRnd#}C z?ykCZ>(-rc1vzm9}0L5YbT-Z2nI&N@!uaft6Gi+7#OHXQbg#No6dQsu^Ya03O)Ch zXZL2i>*o4N`lUHPV#ym*#$bZ6iOIOkU!x}SNMmMJR#s_plmC_w4_ewWV|5m(ziUkf z-uhgmEI5y=Jgl^PTSLRcB{(ul3jZw~m@uw>;>*)}TVj4Qb(>wEn_b|ir3EqEr=^~F zO9D)skapAu)SuQ)PQTO@Z$|P0OXRb2|9iI}rj5f@9GR%i_v&(cn>bY|J0LFwZ>ic! zqgzZQEa!h)aG!3j-&m`;9?pkjE00^BWJuImkDL6z-8)j!(7D}oKo(*B-z%yUoe>(B z>k0YuKM9=Y6`NPHT1rdfwpDLLZwA66!(m{p+&@pH%b*mG$fve%-{2fDJQv` zaM#va+d)vzSY&U%xnQKkz_;ikKs);ThxtEj4{%V&yCo(3kc}By?wev75c`866wd=H zXpaUIIM-F>P?F)`D>v%pxmkH$?)8O8NOtHANGDWoCevix21KD;F9k5Lc3m%)<%EQU z&|qUwF;Uxy?M>|T{G_SndlkmZ5{J3wNkjVL9ef^SP7Fw81~Wv{d?Lbaa$KE@GHZK= zWbqbZ;b3gGXu7u1)>UN$xG5<5-n}OqNZL!mwme9LcCfJ;m#wz~z&FT9=^8F3XZ!Q` zjAU{K!y-F{);8<+5C)5#`+nBoM^x?NfK60B|82%{p1;B09}RXiB^u{Va(@<76p~ZS zwuf_wtxu@a!P|4Pmns68-~?d|Epm*VXt ztpQgUaoL^su70k7vFdU#D=G^068dySu-qK#JLiFmd{f}LPX8zY>^)N=>ltatJZm~>5Hdp7#zG`P?POiKu4Uv=D;BG z#nyKQQev`N$)CIHJ=;t`fEn;NGAYNL1cs5l_l_up{6?YvYx$&8mcfB^wb8W;@k>Nu z`_H|hs#8?ej5l*0qMoHabKMb)j243SDiC)u7n(YJ`kI5m0~}Y)4Gwd^IFVO%?H)ws zWVF1-gU5eQ=kP+FYB(j6{Ho+KBfDD@PT4kzH$Ca4HQQlHIUM6b7+kD^uDak;F`nu) zpkjLWd?HFn>1eY(!lG+}`ki``_CN#UZKu!coYU0r!Q*A;Yw+`@jg5`IkbgyFeRFC_ zNxP?ngq@tr@zZHkKb?D}qznYn1|^L^rAAb0v| z)iR?bVaJT6mODg$DR>R+gwW#`oxgl`wKU$%O~meS>X4O`$)jK6 zw~jeyM%{&j!?H(Op>2`Q@b|>rC#*H-f6Q^A?YTtHHyYP(4?Q$DoKp^m9@O9;9qpYj zh$8NB*;JRLW+Sush{0|KM3TYPV@-}q*i z+?c$8w)*uls7^^C&KI;vVAkM;w*+ssTI>2$o!bLu$6DQGy{2=Si*Tpg;h`-ny23+2 z&$#&(lWCzN_D&d&`1|VQ*HZEMS{FHW(WWA3>M;;oF%gv(+hkO^(Q;c}LbUhdC| z=5Kk}aGNft6W&V7iD+Vw7&y2O9kC)wUe)fuvlqx`b|Ha5a{bR}9CWRK9!xX?8#`Ed zD>RI4Y;;sIjw}(Vm**FD5`Po{bjI49RMx*CR*%r0&w#sm#7cdXx!-zj=0QCFP9%4F`= zDLPbv;))B7>SXslYT|;)3#GpyMSkDh5?4CfH?cGfB~eTPg}t~Gh3-Sv3^P&5PdBqJ zalj7KXF0Eh42cv2J)oLoWO%(x7+1!Vv$_7Cy`nw|>W?65txSaAxE>Ag&;I1e#9js# z;B4aAKyo4ZBBhyd}*LG#GNf z4ZK6=YF->`iF|+*i3N&?XAC|!4%W9eQ5nd*7i!&$IGpJ4=8b7UX;6pz(ZNK=K)_6%}prw_Qz4ijSJ7w|hFvAwxmxjjU zfTp44br54Er>3W;<>Y<5?gl;smmFxmtvD(t2b+K6{$_u&VD+eFEgCcWu|_)aD_mc@ z{ObTR#*x+AVWe#r$YoiAI^T@kuxIuqKLyKH z9#7Y-$Ou^nJJ(q0$%!e6HpiRm__?F;a_*J$liPfmEWFg<=NHcTK3l?c&gB`Pv>DO) zUL0L@^SNsmw>Ebdxi)Z)3LEu5QBJK#%1TU5j!H@!ZSdC1ix~OpNmOQ(h)c*Q>Bxm- z-&)t6+&KOw-Ai z>dEt|T#RA1#WN?_G2B57-|V`CHBZNdrCZUQ&F-Cna_5REmJi~n_^Nsep6bICm_*)GJ)UkdHmKvz} z5|h)K7?);twwscWo*0ks{PG;*$Z@&IhWvMBZ?KgbIfiK2dEd%SizS4QV)^2lVaJ+h zT2zF>FeAy7I?KY@Ru{l@_3yJ8rU@5=gpnG95^(~fkqhr zC@9?S&kIo-Cyt(|GZgU-@>+1wFKsEFZCkAKF;&``$3E{^R#{tjA$4_r?@uUsx=2Y8 zx5#RTj@60BOE*3mcs4IR!#SbJ;xG7tSWr+uCLwz`#aA>HpPrcp<_?v-d)QT7zTf}W z^!riP1%qO<+gnre@wNJ6_!bYEo0c`nm`J=ZMFzQs9{z-Zmm z^Jl;GMRe$#YxT#>?ySPx>-0;-M>pN7uC~9vP86Ot=hXw%JQ@t=t*}IvUl6q;{Uu!@ za>~L=%`Uc`x)Nu)v^h+c&$HVyDdp#BxG7ep)I43Ro17&xvo7sx75H4Q{nEmi@~|?3 zCd%DZ-L!<9#jaPcx||Uv=|*7S>8i`8t}(TqJ`ky8Jz4q6){tpEhfkHfnVH0agx=cSQRfWANfqL zo}y!3H7W#@7I8Du*}c8Ah32r872-2;Kd&G8?G^3q>n4A`Q%-9;*f({OyMO1bcCu-> z`6p*zvOTd9uVaXand&ET-H@@uhFT{rymy|L;^l4KS-eU8cwXCHRYyr1IZ4>*^XvSS zo)W|J<(#n5&&@4>fSwM&W2a8JZL&FhCV?IP?t-6GagJ+NBfhAt*uvDnX=gupy{&qk zYAIvZ^~_Ujmlu(ofr>=h+NZL-&1RUYoov+kDCVMzBpAJ*YUt0CJONkE?>QZmz3=XK zHpathVsR_g1gX%)%ZY*Xk0#tl$QS6Ip*6hOadv6e%6EFKc$ zX|jfeN91bptru10Eg?jYW?B-p`pI_=ry8@{VX!j5G7Mhu85jCjY_2*tZMw2YZ&a=3r1n6x{w{!Q5Nd>#l8vtL|xzo~GsIy2r`Q56|uR z{S@1-*VDqFsb`6!&hY@t#T({R*ien6j_;Hn+}bkH^mLO%5(KLqFEY}MJoBPYw!W`> z-p;WrWrX3<*pX}E=w58yAG`I=?{74C;-p%(@NhX6M0#(l<-RXZ0+BWXOFS%=hPP?S znu^&d4Lfg)z`=MNrzd8r$3CE4Fxel9*N!jOyuGbLtjm0krhVTdT#YtfWiy+XU>eB|=LcRlI|}%D=WmW5tHx3o2;3!`J5Jl^bn9dVF4jFI`g;Zz zHVO*M+6!nLKvQ29vgT$8i*rCP$j$o~CM$EPa#!f6Th+zJ`=`4)N-L_m+3u&s@6YQ= z)f3^<=X!uXYWU*EsH%Gc7h|D-m znoZX3&(GoY^^QswI|FLNt!K?+Ji`TA7~LO7rWrxV3(j&ctD6|8?f(P@TsV^7&P;u8 zq^R&MN7ml=wjQ&TAd<(VvRdpm0{ED{ZtiWIK|$f02^;UaAhND*eJk!M*=XNA4?2-g z#It=iq0#=|F*cx^P$Hk#&kVfS9K91Gkzmf&mS2ret|mk4t(Cm&!>Y;rA1kK1?qW$z z9N0CWn>F!rp?+`CwHE;%vZ^o16s-IsGoy|9`n4qtFUzQ-)g(qUBO3X0C+qZp$zP&}<1FeLCjwy;`CC@F=?TPG0sO< zn40y6sg3U$i^H;H`IePv&T z?1eR5MN|IdpYE?`o<1b%e(u$H#%vL08D~^z@eo(BPZIv>>IS9e__TR#Sb5}wb}(;r z7p=DyBQ5lP`YNUzALV>}MEbs8e{ih1YJF{d=05fUO>)GlbW#krP3v?h&GM&wv%2q3 z^+nyJo|$LGJ*1-_$V&n9oUHkLJlYt(ijl3CWh?CaOLJPEALR3Lm|^Sdf<*t#Y-+3C zR8!xPC@*EkyeVci%eMQow~t@Hw8kd#+CvT7QP~vne8iWT^*y-dxq87nh93F6k|Pe~SCyVT~Ur7nZDa3^-Y ze7jnF6Tx6x!o05fP*-7eu&TA71Z^Qpu_9me@zD{Dk5JK!Y;}9z{LAC%479TR5Xa-F zp13eP@iONd&lc4nLmyw~hv60zzzw6fXvzw+y8tA^?6==vj@K0KamnsNK4>q$j zo7fkr;M}2J*nL13OT`pJfFQXg6=vwE!$}#R76-;H#8pl+CItSusgqq>p)fVNC!UCg zt~X34>vd6(|5(0**2A5XE1*ruFZ?ac@>7$P3$YfTF)3oGj* zOw1)#g+;sfoBegc(ccN!s*#XhROr2YMVk5QJH@iVh#jKSUC#-{yAx8radVI)-* z_@TLN)ZjZUYxHBr{r(|!YpvCIQqIK&UENo53@jeEZU=b^f4B{@(Q5n1b%KU~MiTY; zkXF=DKntG!%UTMm3x;$gcP^f*&TXR6g{`t%EyEKn=7FekxA%_n)lN}>g_4v zaoIpPJhgk)#e(_QuS3z^=zR1=YfTqYG?sW*=60_3qYP%*S?9`Ko!(F8C)qo7na>L7 z-xI+Ex+8g-D>B6ToH(7$DDQqkvX+tlV_grBHi5>QKzNvwK3zVqOB8?9e50&868plJ zWtb2-!>g+)sb5E{TyN!Sd0^Z9!SJKmqm9>hX?iQOwKB9Kwn$#5%^Z6Apx)D|k9Fny zf%t&$rqi|)d`8x8$!N1a0Zo9(-?NdjgvGASLkDEn-zl-fMSEzt3k0&p>W4!i*_)qI zzvXk<^ZkGBU+KI*W;o~FG-S*I`2J#v|7mN?Ddz15WQ|SD2l(uLIM3Lz5V$3+TMO| z7LQ!!-StgUSFLY<+e0eZ)f-gku$cHU&BkiIcwhg9^y@7wDhY|czbqxg`t?0xL}au} z!@o5~2C~2Ik&TI-T3T9hu@(1&d+%OnE`+=$7w4#W*n4Ldt~(ry&AeCpj_weEUeDjXtCMb2>nwnm(t!87G}GaXR42l ziJRvXyiS0Hjs>vcB3s+su3+1b&F`jKnHP+N8(oSDA`5+sQo3?MwjYCM$PmKcy*3E$ zW$CPCR9tP>jE%3V$!I&xKic4b6S}##60Fug3>0PX3+?!4BZ-N5EMigY_Te=Xaa!!{ z9vqp}7@za9a}`p0J|E>QX(f4V6XA#S-rF$&7t}#TYP5ghvd2cPXg#Y{UF5nad@hF2 zrxHb1xRX+j!6o#`26e4#sc(~wom)#+bYpBx@^dqMG9#9=-HorqS$}Q_5lCN#5N@95 zB_dvjjq&lj_i%4<`SqI{Cq56mH)l~lE#qdE- zTxjL1=P8Ll*{u1lk8XrYUY)rdOiWd+#k9A02qf_{PEestSN%HWcY(g?1jdPJX~(M4v4&NPsM$5B;8%l2QZLk&)mk%PZ;V=wOiH7iMOEsVD{n z->Zs16~H+;=WpqR&Kwf)xj`6o2*3M^>y2h{h8}%0Hj*kjbQ!828;+uQp)*wA|y? zCpmPL&k$uII7`n-$aT*&czI#Jw$_;LHs84HOz14Ia+NLuC=Hx>P!MFZ{h0WYgyOr` z1fNKQy563L5J_)U6l$%Uj0nzP1f2Em8Vr;W{!dJ2lDaUeCyt9}+Oh8VoE+OV_69AO z)BzDuS1ZiW*qoeJa|+TC1f(|PFX=BuBUsEo#MC6>%&Vw0+K~)tD1r#94hnlYZBe#5 zly6U~_TF5ru(mF<;&?b#eGabKN%TX?K=d*zXCpbLG;|XrlkFd0&Gp7$;)q#YCp=TuXI-q&v9Z=iy3N1e282m|tDDT9=y05?LC5Uv z(-Xrx#IAumN&Ll@^TJ;PPZQP^7BTiI2-v#Vo1p~~U3^i2?71SyEq{wG96q0Q#MrG-{IIfK#s z5JgoSt|4Uc>|;8K>qDfKJd;sgFTZZ+rz>weP&Ma~={$TwXR>g&&1Q?w=|J7VH9G#Y z!_i|^tT9n~`X4`yDd|ihgfT5S->ouD?fJjfk;_f=nz8uY4YnL~5y@WH4-EJ}60&$) zv-#bXcJD{M+nZQy4d|qV37m;)0@Wain7&qAM|Pt>e-bQ<#@T*{{2p4xPM`RD`yZns ziT{Bk*k4xby>*A4ID1B_mIP`Ll+I4HPWxGb9giOf{|KZk*hd5jV~-~<51{IusfqVycL zT6=3PKt#uJpQ?r$B3XKzVrk_An{M{q*scOlG>WYpSvk?a!P88{T^q}N%CF*T=f5`X z44?4dK5P#FG1Ff8b_l-I*vJU7j&Eaw4+A5IskVNwO|DmKdxQ)0d-@KQQrJtd?y!|uK-^g9MqT4e~gZfA$2e?;H9JcK}#E1 zn5P!3_O)?hV*SZ_;`FdXk(H-tf9=7<>i0>Pzv|gl;GjQBcoLmRomQlItup@m6a1? zVvsHyRs8Pnow{W4K-X_uS-keV0*qI~L|xsEZ&hMPtxiR+xZV5;TK2}4o%Wkd{e06n|AyeQ< zp!)<-L84T>u1eizRSk`Z!ovT%_)}WW6|5uYv4HMWc`RV5tINi@w!r2vULeHKa1kKw zZMLy&xAhNp+@fg8+mucz+iMM(*Xk;%z} zui2!{h0-Cy^ga9A%cv!<**E4-15Lxd)=yp;d#7SieSdgqaT2vS8dkdP1UU+eyc4p1 zZ@4a0?dT|2id@*K++BYGnFRk+Jvg3<@t5rUS1e9q-L%q)pP%=9-%Fk%I?uw%2@|+C zSq60yOT_nj26|mcq%3c2Y@|Xs0Om!3Xf4z!p}ghaJ3GvBH%LpU646DPJPK06%!K@5~8ZA>d-IGoTH(aAmPSN zk^FSkSpHD+jXBDSZ+{^{apsLF-_guXYqhz^(oAZmxwY7KH^oz11G-N7kg#=WBjPls z`rE3xDuD(s)rHcT4zGl}@dI%GuW&yT$_9HkKYxQ>e0ykt;L24qH7)7s5ws%b;aMvz zBty$d&9Ka^u{APN)6n>705*?@idtP#VQFME(vFOefk9>ec>Y`0hlJW)SXVyw>7JRM zUgfv=@cKkUadF519oTC^TAW{g9Kskb$D{lH(Lo+=XJ@CgbK}sEn5t?@$1IS(^b?cH zN=hCcZId#xk&%&-UM{LwGz)Wc(NR%kSEd|4<|`@$R$BBw7U_2_Y{CvxnJ z|3fkYOPe5P4bw;U!YAjb>F8KF4UuLE=!VCCB_9=E7z?pVS!_k=M|{qYtbQBmCZA+Zq9`}-BjKt5^THiECOuSk9-{LwV%eJ=Lx z@zOu-^KI+%^xz=ejhuWi$LIB?gvb|VdvA@jtF^owE`Cf(3iSMLyVh)rzJ2ue*?zTa zV2IiZW?>=U^>J9i=jjp&1OM?N?>j%Uc&L*G4G(_@dYP6`mnG&F_4WO9 zg2WXfF>9@=LOh224Vy)mi^YUKOKh@Kokc}-gKq1%7r$#b@VE4!L)qGaa`;V#&8Y`4LvwAr*w0mo2i5$x-{C0y?xJ&i$?fZRcN2HsulYb<=5hnwiz5jT@f6X6< z78|LLFX>T|la;NisW}25T}bkXA@XZ`CjS@JaonSj+pd%J8_9X&j0J2B-ha!(KZa<# z4xqEf4(rq(_xA~!hf?a)OIlLSe5#soJKYHkQMt07gjXRVzRsSCiwzf(M!v4IwoSMG z_z|mUp^oW>+lYXG(81M6T$c+5%GPd=%K`2jl@X}RI~N=`U0mTkuU1@C>=U@AwRKGt zu!3Bci|-IGkza#?L;3TYf>)|&i1|B?Ne9$v#+?=h$=F2TK+oa^6<^?lCju3>yP z1C1t9vPXvJugKWT`#-0pnQd;i+JCINZu!hD4jsGP?VRu54-35ST;~aslarUiV?a&u zI6R}!h#FikHg9<$&XwoqLu@oO*1go|eo#_bxVgc6F*db)%g_Zi=LbNH`JW5o$>s0| z>k!*YOT)LQs)~J0JyeE=1NR4TJ+6VBn;Y%}ZkvgAkTS|xVSHW7;XwhKjB_t%vXT%e zq%|r^9Hm4{n5v^mJnY=*8sn8Emt8mOfF51NkQQ6&C7Z;h|H22_^C%*3RhwQQWeI>$1wOu^^9r+<*CGdW?jh=9zB=NOZ`Re`sq zGCOG}Z)Kk&XZ71_Jl9D29{=^c{)m4!G^$X+Ou)y%`=|a@ms{`$sJsbv} z-c8)szyQDSVGnt$z}nSji{IlO=6x`-^uOXzlk?&3qqF}yeB@hGQE_p3DTb9U9xK6% zW3U(U0Du9hPyjGB58P+c!r@k<@2H3@J4k8x@lJSo3E+h-&>9ibheD_RQc>Ydr{Y&v zu*g%>RztM_kBW}=eaHcU8)xEWL;s`~kHy~!Sven1W%zl%xX>3yczJb&hbJ6dP`WX+ z`t6&yloX4ki?oKtUWoIDchth}+1?im$$j1kab;v8en=izdi-zS0@PVUNX5jkmStvU zX1YHvY1RQK|`Jx(}4wn{Y1W?_QC-Xo3u%O;0gln8HyU+Kn)|~mid4f ztF1Q7Vpw-4dB8o!u*@6=z8R#^*Wd5+CeUqfS1X<|<1im!Fyk#p5h0J2q(P;Mts_Ja zP+(g*dTnj(cGs)-2Vc!0&yzJE zO<`?oGdGytp^%UyqeGjtlwykK@87?F`D|%f*7bQ+l=+pUM&H%dH3D(j>mw2f)JUJZ zGY|_0>v#If@^YDJiBMC1uZ~X85l8pq(_LV9VGE7}(ci8@Ba%i=9+$EGCLcV_8SBKYt($}}Nyc6jDwEg0JI82)x0X2Wy|Fm^e z3e^PLO0u}Q`8Yl;aJk%7m2yY8`n;?L2x7L3cW&Xk=wFMlA{K&^^RaTP0hMldBIolt zQ~-2?oa6i1JPrD6?gm}dn43>jsG?M^HCvO9g3aF^&-4qtf4YWk4YxKH5l^S_1Vce} zzrWw5>b^SydA3xe9sK?QjLJsP|CE>0P<;{;GArs|FAh9EKUgmHfWLcXJYE9A?Qh-F zvlE9gpOD3r6zjF7PoVN#EjL~CwK~>{#&zcE?a0UKHxjoO?nhs&HHU}6^jfVpT2d|} zr3$i-FgPnG6hbnw=n*8>XLG2cx}1fDMFiGN(8(#Os0gYCQ6)Kf zNK7oOmmG3twPjh2fWR6DadcEtq>B+uq$xQ$IX+Kc+|v`7uPeFGyzLg+ zgKipXYtumb0k5wfnwpx<&TPoYPlqOlRf-Yvc>fD&)f5eWF+UCdx4WF#+1VC-xCmFU z|Jp?OBn>NT>;Fi%UvTaByRCa&T*FV4$~^)dUN9Sx(MY%*EQ@`uf%#%;1Kkq>4y* zj%(7wq9Sz-jpLIOkCyiCbL9+Mn2~niCSF^wAMc*yV`94R4L!t*IzCn_YHE5uPNZY| z)Sc=^u4iWQwYvhAeR4`l+~YIcZ#cwgR&~B0{@+X3@+d`Ea1l>_$iW&ve$4wk0Mo<@ z0Chis{^xx+$M@xYS^#uk5TDnZa0Qd`Ck+U4Q2jIF2WBr2xIl$y^*>TnR(8BUM)m2E zEs@J^@i_QfS~_wdok~2|lDb70Yit}#$cIn{4U2<;<90B1FzDE{>$fi}FKxN~9)(m| zRVL)Bhaa~M4N)2W@%C6oMT?At6!4#e)^8kDfQ_%ya%n16_W%Em#2A8-~6p z`g~yY9i5)u6RTU1jgF>M6;V~Ch=Yc5a@;#DrI_979q+ zlRxS4;IrkGmHXkC$5kgMCt+6B2MOTd-|*4V5m(xthbMZ*OAlTfD~4kU4!-I@)@lQ& zrJ(Td{mT!MsaYlE8|)46Rug06c()0}*T0rWNPrhVFfh==({rZgyt49z9Yu_ei5P%2 zq`CN%6fvJXL~~7TZCNz1=;-K`m30<)I5?Ed%rwB&*@sW^l{FzgKIW&}aIN7nFCQ;p zoCOf~=g$B|MqF|j-2^Z}Wpz4LHM8S)dC=p-L;Q4RE+12^l(e+uJA@vJl9Cb=R4L2{ zxsO9QZp050s&9CBXuEsv?6e`YoK#fo6eiDQZGPb{E)IYpcz7&4B0}UTzPO_UKNU+E zz72(tFa(x-ufKwUhli(UizqOVEml<#NG~;Nx-5-^gakrfw_GqP8U`1?goN2dN_jV5 z6=1q)Yz&-i>q`!FUdsKEFUk4Y-rawsu(g%?-SM0YkTY_8-gl0G)$3Ue*;IBgaUj_1 znJ$03oBvxGso)`i;U70o+e`prfIb&|Z~3pjVd7HLklq5-^>ZOrxANt{R1GZ*C{Wxj zzFPnyyv-pCyx-o*>*(l&1+CZB*K0T1Akw_vM*8Y-`uf~lRAMW^%cMA4E?svSwBy7@ zX*OGNIbHVvL@XE*3TQ&YkFBiDQBkn~rkB`8?Y{e52Yfe0bxBw$Hnoes;5#bxuLGld z!7A4KZ@$&zD(I6)>t$sXe2eaTDwz9j-9Nwp?0~|kmp9X%}G)9 zaOT7F>GNfJx*$KlXA2-P{C0XE;JED8>$z1$!9Vnh1EG-sL!d=i=*Z>esYdf5HWLc< zz~m(6VP9Q=cy9s9C2s-T{dX!VJsT63m)XJoP^6FN{--8(_WfBe3~Wr;>zlpV1=`f< zO#WcBshmXOj)nPovM%+B+1Z4bj^tVed3odz2_3l@udnu7o1L1?VI_7xXQ}Dwb*4`? zKOBZ*E|zL^@rdx+9p4r&G$%@2gjny&$ho;a-kPe+PCvch{wX`CF^XMHWv%hJUUK@p z<5jcLQKM zEBrk~fR**`%J+>nh@}!ejZz66#3M|N9G!2s;0bfsc)kEmo=T9Ult@{nppt330Zps!E&jgR0g4 z;D!yapOlS)Lczv+nq1NqlIcf&c)dSS77Gcv{sNHZwI*wFaw-}sL4!U>e+S361U|2|e;kb~0)|)Oz2UzsxsXf^ z1%Y3b60oMATTVl-y1P9d;M`Nb@PXCm7LMR+g}I}mp+Tx28kriBDZ+3===2tD({N&* z1^LcV+++8~Ji1H}$BqlpBNH(}%S@JF&65K(Jux^jsEU{oSsR=X8rn08O#NfqFluOI zgz3LBl-xI4M$STdzBq~Zbh+i5*Y5aqX~^ZS%*u+ZuKwK+_!o-a+8VKu@^XsNr{(ph z1@*{us3M^AL!dSpuCX7NAR<2OKYoLpdv&%fDJkj2`i~rb`SK->pM>NSFmego*`d5o zO-{Kw~@o=k~#K-cYCZEbCW_`-k5C@At7u(6L$Pfr0rK-Q~#O!dut z2%d*9rzNBMx3DmXC=g3oUjA>g6&wjror!N|*o=188kpJHLp=Q_#X35(=x>BIIoNlV zB5P_GzkfZJ!HJ#-6=rlEr?DXU`1KlVso$5o_uY1$WLB=8Yvcc); zD-O_yZX9aAa6d4O1ETChW27+0XP_H!`JvIch>P=Z*ScK%S!=c-;XB8>Mtl+al9w_e zb4Z3DG0NBO!c0E(C92%_{lhknkt#X~R%~W=*00#gT>n2z76cCk2tXbbGGk#%$ka8V?-vr_|bhY}JK*ln@!2yjm>FGEC=KkiZCiR~Yws_36oXHS$VqY=_w zEx>=$Unixc5KE&EkC9MO3q?tw4~u{`nwgs?xbm9@qBNvgA2LwRe<-`>g6$fbanAYYG42ZbbLlGH7C;hPX>_F2=(0Xj)$02z^eyh=_2EqK0(A~cmG1v#kSKH4r9JP{ z!8}Khy3N}G%AwGi0gA=wpC|2tvXe65P$aLLK><8GyqU3RyhS2@r`pPxaV@VAEqBL0*J!m? zmi4lk3FhY}-W^SoV7q5Gcs^AtOoje?dws>yq<42mXcUy;;o*vRgD^Dw?jXo*BBrJm z_oPQu9|CctX$XnX2y@NB&acUvM?wPBqyDc@ntmE1GiqRN1i~6BDxv|9CGt5eY=&Q7 zWJ?b&ftgid(d*kQQ#e>D{9I53Cs$giwNylez{m5KZ-P0E3JR6PDRT7XH*9|uCkU>0 zMo;1*;7yimULi2?ySRUYQt%)h2S7DN!qp$YW0nFqU5G@`#hT7 z=GoeTJ-#K>ZJ=nH>Pqhhg~5^qwp9mz|4FDK(C65ihBK_sX;MV zE><=!B-h&(=pl!_iJc0%_wlhQerG3YBI>^mbRSDV$W!y}d}8AG_;?>OH3$I_@$*ao zl(?>v0hB{{u>Ww-t4mOxQuzGfWOTZ@to?1};;%F|BkwN$5p?)h2v4rY%s=wvFklGw5!Xl%7saO8Ntk`;qC3v93uE z$KT95dtUCMCLxhmk)?rjqw)gU)v>YZ%kEyzzyzUl$|yXmENrFmE^p6KL}tJxps$}7 zKVvHW?e|S;C1gOwZ)Td*9q`}(qll=LV2!_AVk?_vcy`l$r)rMH=P*j%Q<6fu>bpdL zLr7OcCTqdb@gFFw&G-JggR}6z2LVE2Nm}U$AbycB66gNc_yFqt`gmruiSNq`<$&~N z%jfoIXQSmJCy%4EX&iVVp4;*DjJkF+kBBKqC}G$lu|)Bxe*G8M#5qKtX$VyxG~l<@gu=&-&A3!@V~qPzQB-BR#kX1M!5BQ)6|R%OL6EsQm$W~KkNAT_&lG^ zx$N`=CLlPYUS1s0(jc^?WMxIg-40=%Vc&-hn2~J{0k#RDdRS*D4m9ZA-rmHE!NHK> zP$7>sn$0Qed888Z^198BshZ7&AMfuI6Ee)M9dnqy!gz}{k+HGgg^o#Ql_qY&(nOdQ z6?vw{&CQkp##)|hRL59CT=$6MK+}wKBY}Ir4?2dw*CbaT_Jk#&rdYd>1+X4q`&e?w_n5j zGYk2M78VwmWMc^UJZ^TOcr-OfI4_~t*8s&DD9t2yn^rO5;auLQWO*oH_kMI}Owe*U z4o-H&v$*9Pkc+_NQ{m81UEP2~u&b1c_WR*^`rM+bs`s4_Zh!xHX)xGWJK%V9f;@zX zg3Ukwf}WUI`Yjsx3HPF)ZueQ)!ou2`BWP3mHUj|yP(`vu7H4M%wo!Z?99ZbkHf;j| z0agE1@87$ZH-NRxwri_n?#f7lW74H3?=K?~SR=RL2oDQ2y|1L zUm?xDPIT>-2&4xc1W|`TlYzeuKoH-Ub(DoO7ZWRmod`)qRFDxKd zyI5^KDoTi5^9gKGZ2mUd6c8lS+EVr-fIhCdp{7zrqLrtw)hISO(txI14Z&IB|G~_~ zD&2HT2^@gKhR!YNBO81N2M;eJBZFuB1qbuFY@R!nH+qog^uK$m+uL_9j zi~6Ozq`OmEN>W1U21%tmC8Trc?nb&Blq`j9|C?1CQhem_dHj*AMCHQHX>`L@ZQlf8S`YzDFRh zH)!f&R#SSX#Q*l~;@TP+A)$e_@%DQ$v0C-Tl@&xdI5gI$z-?VMxep6N#MkP`o#Lfa zGuiTL72h+65eM4BSN_Ne5^BzD>dvfl{z>QS6JY~=%axwmGeKT%u7AJL2Pvtzm{(pb zegd#u5kil?|J>l~oxgsiqo;?1hYwOwR%XEi@Ch<9GI(ZSw||mzh!Tbkd{V$5g$hZ#s|KM@|zkgh#ItvkZ3kwMj#9~c;T&CIM! z!zV9Ri}D{LX!xN7et32+Ye>kWq`G=xdioU(8Tw%R9qzb-LZ7j@_3`$0z>#z;P^tX) z>3YJI^xf?d_F- zz9pp96HFSbQ&X|o+1XiDc3-}5H0@*t1_J%eC!3Q}HHL(EY#`Xab^cnx!WxB!t^(w( z`O7$SKYpkKaF~R|8W`KXg@w({8Q|d`F*l*qfG7s?-y4w*j@K=5+1znw2=|*Q)huaU z{&jM)&Cj=gD1c{i+Q879)IyEg# zQ9d$*km&aAhO!z+ZFQ{567r4h?ARcZlEFZ417>+(^FZ?O@F*xM;`pkp>@@~}(n|yj z8xsb)+U@Ok(0l|0QmZyLC-U-R&dxXL>a%bWJlMp`$NPLlB%^kAdv{N}2PY@9^YdG$ ziLo0wfq`yHnD<>>U8$+5U}&SnlaL4ilm4^64;dLfU1ZWzivVpyLoGt7o4bd)hB}8B zb9q))R(d+I@+*j*Ue*Rfkupkn4AE#_^7Hfa-Q68VI3{drME}p`PiW}1)q1A?&i{=+ zH~Q+bp8fjw&3hZ+cT#IkYwOC$jH49_FJ{2OLCMX{OR*9=9DUm)Bfg>130jkS`lY@O)&A+-0N0!sQH=us*GHWh6IjuTq1%j^A1_uiPSy5iTOWwb@u+ZJW z07~ouOwhWzIv}}5Qc6l@q@zQ`s0qqAKVMo@h!Op{ww4oAjY0Rw4`P>>Mu)T51SCJF zlqb=Zy$BhHCTZ*$E78Iuh^Ra_VfY?oHVP+o7Ek8GkR@AS2cv7jJw-rwi)0lKfoK@_zJ-{FnzA;pkPpXL(9dx($SiI92< z0X<#u59eElUilV)IU7E!R8goBJm>OzESvmVeQRYKc*04TGSU3T$?W7(X4V#>clkd zPZb9MnA%FR&rFBI3c|f=3EQx+0c2!KrTxoKbF*)_cy!4YJ`wBa9@ndTo z-H>37Xq^!OhBGPWNclIvWYe?0B}APJS#7PinsM;qOrkhD+@m0&4Y8E&Np>*p2?>+Q zrV}{M8EEFG_-+jCd~z{rD*R@wtSoB4Xl-G`LL*$1d#pXE!(4ab)!XDBl!}abi5?Y= z92NerhUbK@heTEG^Jg;LJ0Q$kU)MyrF;$jZ*|^#DYtW225S41r3NC9d1WF=Pn6m+~ zSbk=`q#R9{E+*nX%~jCW2PR_j?}#Kk`}7CcJ;JU+aR^!(RwSs7d2$PA>csBton`5D zJt9b2R%K*xF;jU5k5@4SW zW+1D2ilc{z02*r~a7G4u>X23{pv$wY z2=L$CFqfLzxkMMHa?V@_zpF0D(TdU_$iI30d2N+F5= zEVs64c3~}T2<5x$jjf$!c3`R)yVmn%^BDU=T>{NkUF!K;?^!q2`hwzOPj`17US5bM z*i)Np*?V2FS5{m<#uu9PJH!>kRQG)y&du-upgZC7e=IDud)K6b%3DuGH~FRXT{B1>>{be*Jn!zbxjU zZF*QMTZix$w%5$;$&?4(tO37Jfvn-F%q)6c5nrcYI}=f^IzQQ>{=|PiNH7EffrKO# zBsb(9!d59*IehNu4@gH|qql75LcLK(;JP$iKl9(TtbO({({Q+~_3!S!WmOnP=0s)+ z8+dvmg6FZUn5uA;ZZ{-BWY#l8}G z*N~+gsN%ic=F)CS!5FB()?<`U5=I-tN=k3Ic$L)_FwkO%NVC(3j~!gTo{|}h$mnJg zjgJf&I{J>i-2b8?$qygufBbOs@Q9A?*jSo#(i%XoEqX2;eYOqk)Q>zgMCV`1JTgx< zD$CApBv4CfF8UGPk(M13lF?}Iq!y6fXl`M#5g@oQy4=#+wsvI|B1xiJCHMLE2Ghl{ zMrMMIda3+6{v^|DgXp}BYpRZYES&4ki0Z(mAX{a4k^1&=dT)Z<7O#Kr$qs3GF;!!p zN9XOL89~a>I={Kisfn%W`b=MK*snkxo&TChTxLmD)&R8`s?#(D=uQ31%QNraIis=6c zRf;E|whCIYu6cEloPJz#=~(5nAQ_41)jI6ck0&~&80T?~&ksnrCcNIwAIMn68XX!6 zjff}*pxX5{31O=1pd)9p6f41B9sLiiHZF>p=deUUfjhG|KX#V)?r5{2_&kHrdfIIx zZH47z;hFtB+VzHkZ*V}GPoOogl=8FM63Qh#eTym2t%n%`{8!s~ z1go>|T6gy)?{?BM-PbQuhJ!ww8#16Yhc#pMLt9z|u8>V2^YimZN9Ia&$46E_XJ#Co zob*5UlNcEpQS?9dO4y)%RPP=|SVuH1EXHxX1dQgUW^T z`P1huE>!yBqU)LMKLHZkII23!p2wr3#LI*{PL4m`QTI*u@-E3=e%X6q72^*zTDK)(DIA;uBIhFGdpJE>0Rn-VBuu0X{W*zk8%5BCs93~W!pI4 z`>({sm^=pHV`rT?o=d0oT$N&yJ7Rn?+Bc2=q^GAZEiE-PG`QXqc6Qjy_7v~d+lMBZ z(Ge3J9FY(aEY$O+XyWg1{N(21BtF`j%ci zV|xnf+8Mlh&HQ@r-xd!Yf11}{_^zrp-*Z4$g$Ffj>;LK@U=hQvp2o&E1c-xxK)4r- zAH=A?7G@T5YL)Ucd*-60mH8Zs3rAv_le4{7?h$?bLD^oAc)))=k37 zU5zC`hxnJkN5jB~Kd)zr(s6Wjj6_3c zWo1>tjZI1-!ovg7J&A|b9|e6A^Yhcw-3x=}&d%ISoX{FHY<3 z?_I#e#)g870_g-THz#NJ@(8xAsL&!aB_-6Jim55xvbKtfp`~Hm;G;JqKIZGnvYjJC zTwJ+<5#`a}2^8#It7COB!F2jgPjEFovs&{L`IXGY&2mWj8*_p>Dbeio$;Sss8dHvk+wi3EYR7RP7qyC9o`G0gc%Y~pvN*c zG{i7EJvssM71LTRG1A}pEiKC{qo@t=Xz*}Umw;~E@b8mi(;}RnR@vM%EG-?g)f@8A z*Wc@h%K@lfUu;~QO0WA9%!I{mCSg%=xga+;oJc@>QdX7=&~^C0!g_1HW~-V|$dpLz zHqW7O17@I~KY!ZV+Ds`pQ_Moz06NTASz9|jH}^q9V_qA zxp`?(1(yP?1si({qw}TS=fH`t43fMjpVs%8#OSpyCq{WqYrde_LPTT4oiyZ|l^hXP&i_v7gJ$Ut~!f8W~Da(-@J;O$#2T~0^R zxFL9_?%BSks;Y^V6=rH`A&>@2`}Qp}7iv#?ZU;FUbbd(Uua%YZiVAgIT~uuGTC<{} zAs&AI!lEMHx7-$HW+*?4+uAZS{KbRl3$X=z5YW208CAZmB34BJ=;? zMpX|72Y2J_1L_M~oix5AP|l$8xKy39vS@za<3?fwlWy91;=~Y+-5j z^z=Z<$%0MD8G3Vb0d)`e@OyX9Q9pF>Be)yQgE2fjv${Gu@z^-6tu0tY*w~OxpfsbW zAIKq9FDuR6+}}q9+D({88J3C{c*5KJFIb~+G}N5p z`LOx)qaGM5f1!S7*gh?)7m=G-tvs0WU%wvt3j?DarxK^461QWo zo>-loolu^UlCrQRUX$J2vG4x?%tkhjb`S0bE5?&fu(+cGURK>*(NR&G?2{5(?`*BK z(JDk)-bISq+q2J;@FhbaMnqZyKo7e3t;ywIwD$vk zXYJ(@XD=K&I=W9sN1wf|>D=s4CLp$O60)+$H_m_k>bzL>gw)lknwy*3`57&3sGx=h zS{wrjBdAnZ6@mS~!gX>U_;`4Dxo5Y34Q@^8RFxwh5dwTkT{9&mX?J(e2(HQd#fgRh z02=bD2|jXby)RX(McK`RjGnDN^S{mppC1iJeCl()2{!WaT~2iE!@$UCYa;`w>y}Kw zEw1^k6r&KDOFCKRZj` z%E`F4i~?6+a(HquG%?}PJ5a52Q3Br^G41(qu?aZgg-TrjA8}A)r>w{7?CqJU#V7Ri zisNi;Z*3c8yE-6~HZnfQw4?-H!&uG=Q%Yva^A($I{AZ>u_^=Y01>a2F}6E z*cjb*dT3~9d0AFX4K@WU44{_0N?Ae<&R+;ADEN5a)Ya9^&dqb;o#~jwUePX+Sli1Akb)K)%!OY+L$-Az0}q=Ms~mMjhFp>M`mGdyIbT*4mRb93B`-9%>#e)*uT@V8maHKGi}+P+X+FTu;rmAb_W&{BP)I+vJ}PIn zVwO8D8zI!x)=|?2WZc!8rT6RaA&AJqQmHMu;zq_a($8-$GkL|nRg{-+7fQWJWr6*> zO5jEbBP}F@2Cbs0E0=Yo)&@hU*F#a=;uK*2dOkWF%x{ zI19pK<8RL~_EyJEobI_~kXZcwtys%tl0vdu$IM*klHLj+v_G`p?%PLAuoITU`)1!c z*jafX0B4$8Q)8pO)s=$2NO0084UMN|b`-F675ZbNqSVAQGc)ghXMqRS7NAt^9}IO> zV4XsMfrV{`j`rC&Itqu8smZ04lbUq9V8TPY{SgHB)a3ri?Q*9SgIOc)O`4f`RhGW^ z-B^Y5)p~~rp2Fv(ets91`CJ*IN`{fy5S*M2q6tD$Xri?nY7nx5s5fx^j&@j}{uI5_yXZ~2Q& z%$oRhGgeyfqT8m8y=*dm-=B%7eEg`Y4)(LX0XA`O?{=WScTiCg7Z>;S?JNyLp7UYU z0DMpdTbs2NG)Ni%W8~0J)OYVX_oGsqGZUp@X|@+5#eej#ER8U~jmO(5vfmcr=bD>U z&%gzVKZfswX3C3;6ExRWHFQlZw-*=ZmjpQ$*Ohat?U$F=aL)F32r^{CNh~VGO}x$R zP3<80O3HSUnNnZ=>{wJ+wyT{l;xY^;1|;ddH*kT1V&i+GaPUON-Kd`I1>a@wRhVa z8F>NGb}+);KG&ipFhUaQrLy}&L$he~jmi1YgI)spzna=wlnfqAEmju%(f7{7rqDEksFC5s)sS zmte=imlC@i_J8Rj1Pha!n%yevXfFd;94t9HT3T9aNUrb&N+?`b zU|*mg)W4Y-Y%rg~jgJ9!lAze@-Ca}Hv(<+0-?=!Z7*asFk^!#T&u&t)Z$S116>8Yy zQ8uY!G-fgF`=^JeosS&)A5+r^!y{18k&x{V$+OZ4Bh7;7i%fA7lYrVaQC&US$&TPF z???ED#{#@$O!T{yq&Lk1x<{kO>1oy$y+fjgc0QjznY{lrvdDd1&{4|0G;5eOl$B9c z!gxrMVWt#?n}i#sq(opsUuU%S{R*Y!H^S?3=9Uop;NJpQ5hGHAgQ(x%WRUziSa<+- zctFmrLcL|;@Wbo&`V6zjXa(&NAfn+6z>J(nyU%adh7wqUK^81}R`o_D_Z|f*=9FEtjJ*OS57P=2CUz?V7TVi~bDR zM8bdHF~kEMr4R*mo%Xk7c^NEz2;@(0x0v1i%YQ-t-~STT)wOnZHnEZCzW(|Y)1O;U zN`OQ5L8O=hZ#Xb8+!L;}^?gV50Bt z@9ypH?QF7x00zFv-93|(q-62PFRr6%ZSeI#nSTIWA;-sH4R#$K9T5}#RMPgE0vARd zbNT%Z7eFEL*G*myT1fRAk6M%+t{;3R94>J-Hi+lQHq^-ebE>96548QY4P&*4uHUTdU_1a!FSOs$xHi1 z`gIl+4NOk*@$;uKkUBZmfkvRbT>o0}=rwd5=OEfyw zvJOI+qeIlQBJ4!+&*PK-Kqe($0r$FuBOX3J=L%R0N{G zoq&C?b+S!N;DKgSSU86i44=S{@$sWNR^P`HTSfOz1_>GI>Ec>ot12yF%s0WoG3Me@ z!^OiUMeEGZH`dX4&3AhQ++i5sy+&psdk)^Xxc>wy(CRZ$Dg|(r8|K<~LW|TqP@ML* zQRA|b0h$FZz{JkZzzJe30Oec}iX;K+jV%GC2Y$%R!eV1->yM|ZI_AZ#tf|QdI!kKm zPf}7OeU2TvRBF^TgiF6MI+9cox!Qb06%*~|@hRK=jF-&$9f8m3vsJg+p zEZr5g1x1YAh2Dl_fxOTtl*6^Txw%MO%ESa@SP$9j_4yB)hVUi3MqVpEzv81b4q>7n z2Y-MF50{1pa0~&k%(bFH(;{$SYFB?t%=D|A` z7ir|~1!aATSFbL$H1HvQ{LXb1EP{e0CIR4kq|a0(dM_ynBnx*pcYedpU!9fd?|c5| zj#UWN;}Q^vQG`c@b)zthk_08l$;imGv5O|GG{8yoatQ~V;=dwqFrZNEIC%f&N7C`O zpQgxpm7}FhSVF>2(SM@A)!MSXcO)DBLD+&z2IwDrYCc)<+wZtA7PwS?IAS+r5}$yt zF2avyRjtacng`I2QIEJp=C{=ANPmDuYZIkaO-z)O3@vKyjmiPX#$s&_{*;7=$1;#v z7#ruew(2SyFkv8t{-8CW-CNy+R{jz6J;A|&v5}%cbC{4|?5s{}FKU1p6cPmTFx)-da!Tv# zc>wvYwGQIc(#R=Bf`QifxI2KHQ*55{Oa;0Y7-K+mzAYwU;r`* zqu1wa?XaISJWt&jnVAgp!u0j^t4nHPA5wzB-pzm=amB6M&-%9gP(Z z&oBdMZCc(6=0XD_$MEp5);=gT1{Lu$*vd#q!-FfRW*(w`zWTnMz|qg*#vmo7OvV)T zqD|7C-P%5GJ+KmI&8i4T4H2qXjjGQN^3D-ngOj2xQD`^M>G*yM_E}EA*`(s3~~-W zuKqRy$4gC}BQrHM8aBf?N+Pu>HNTSis?P}ty_q;(k5`4WJ0?Syk&%%<)c58hhli2B zVAHoWl^|V~mNJ#ZCB)RC0f9XJ%`TY=Dzt!+t*N$_vVn<7YHTbP4$fzN{p^GU*s`uX zcws+TfUtr&TLO~SI|!vtM!2E$N7VNp6cP;&&m7RV1iuaI^MTIqg6&7;^|rH9G^4*} zE8JI8?8!0Q-F_X>FOF3J;0+=|!o}qoBNGcO5(3n$fUlu)V6`HG)mn0J&s4U-GR|Um35GS{9rTE%hQ^zz1=xt# zJSdFsU^B~+ieteaLj}fF?#YD(20A*TRbCNZ1h(O^F}MZb&NO!Qvr#4(L;9j*DT7?* z^5qNE-&jY060@+5iNQ|Ax|u+kfqoCx*Dtf{r?z%lSQv6>2zl@u0FAG%elmp3MHln; z4+YUQ@AVA`jClY4@xsBu0kGdbi6ppV#Gn@1j4mIQgl3y1Z$hD-fpA}T5>A|m41YI5*5s_P4? zL^~h}1rQy|)fI3$>!1p)9wtnBFcnCbOv@ZbP;!LOWrbVRSyrM{u)?y6AEf@2Yh zDDHW=zMOxF9|VZIJ#2I|Bm?iH2znchRd-YWV1M_qQ3Jp^ml;O6HAbm7XwM#q{^?TG63v}g?z6n20hSR zT8iw0CP%YhL|x|R9m6S=c0im;?kbWi^h5p`2C4ZaN3LY3a|@B{)n zWnpLy2d*zxWKv;aW#u?9x`O@P{#Q$o$=#g`D3uq|GHZdazTBUY(Ma@yV7!s=k;gT$ z+OBZ5Q9<~~tb&3Rk)DE_2Pn`*eFbY4b?g-f^reIe$U$hV=fr&H)#h#YsnbX83c;NO zD75L`vD<^}p%>SmaAXotaD#eeS(gau!*gjIL^Z@*S=^d&kHWG=wd9WMHcYu?xHZ;UDXYqM;rjKfKLU_H#$v~X zLQ7D-eTOcjprFt;fb}K$uVZP@HF_=PftvzKI3{|cjs^jxYBSuGBTIsg$QPCno!B@x zY#bbbhXa3zqtma5(ak3KxLK8Zv6jq}ikbMWe%DB*dan`CpvqfOxdRt0;D?Wok6%tP zgU8U#FDy*c0UdXuj@!*e!)(v!TYmoL4SEs)J;S{8$Dsc)4y98@9S-7_o{TEY$#Hx2 zGGKsTVboKi`t?OLqJuy6`ky})=g9sHip}7_z!XT3i%wBN4T&MNg2popxVgVql8;o1 zR0CmT>|YXaa9*wh_`^e&V|*zRfKCu|14oP5ARZv3alirHy`GhooNRXWbY(PFj30?9 zPm1=E05)3VY{g_panDAM_L_v6?V^++$C(1eF2Fo@{v)|(P+M( z>`dH{?A$EASbQ<~lH;4xS>0LPSln9PURht&fWX~*x^k^0&$@~VFj013hwG=UTxd0V zTlkfw)|92zoh8>j@!FN8-BzAIm$~!wBfEp@pYocz*{e$!A%79J&0s=oW3Sj$Pk$hf z`vB1K#r-=?bOjpAeVF3ZEY2Nruc*e8F?qC@1VpK7JdM_ z&#+uKW@RfX+V1TnKCeh6$5&R}SX6Y7Rcr8xBEYrQjvr2*rCJdg^F@wv+NJ((G>*4T z;!>V^g0Kn*@`Zepv7<*ryD^qacvxT8v(el_9O4t|VwMdL2Rj-OaIUws0C*!H02ZuO zP=f&9`8iQ18BUfpkTzL@m5{>2hz7pD94PykPSOsuOd6GHbO#s5X(EfgGuPhrHjI-D z`M#=m1G3}kqD$GM3Z?V>2{ z;uvAH(`uM~7Knd`kBbX0;nsA1$l@eeN?~DP7hs#rNK0SV(ls|R0Yituz0stuj+V)o zpsljLQX?MA>}o|-m6?@MUDFz_J4-II07F%oZn zz;TQRw=NLDU{Qr#GK=I{9g4Gc=dkPO^922e0q~9h?Jbc$x6@{0yHhCb=P3Qh7yk9% zY{kD;oxcbP!4hYc7ha`v7by&1kI~X~5Sz2hzF~q2b+QgHSOx|LIKbop^a-@Zz!OPE zMtWjnyBULo$q?o+*VB{v09usnk}?BsnW^Q0;6%~OhOV-$sloD#VKvmt3YL0s{LXrZ z_c3rr?F{)n*3{PrA!nte6oc_C%7Z+Oi0J-&?RbxL4;>JMT{%)K(q9U5%F9V`ar@A} z_)UP8@mH&>rk>)&ugMs`Hxao-ceH^1W8<9%M<|foQUko8eXEO;jEv0ppScuIC)Lyt zI8rP2`X>@GF){b-TtR^y&;+;TjmtqL3#05K=)qX@z5(!(+n0B2Y|$k3w1gx?hGSvx zgjgcw(bdga70}-VH#G2q);aSSb^6yYcIN96uqsIQpwb(G%X}*;3hlRk)ssOtfTDgZTJ#fS!^P5A=#UDXo4^uuXb83f{`sHkWx0n3Z067aUOB9r6I8)sKnIVC0En+p|v zeTw_hf4wwqf6q@(|2B3$_y6oA1ESq&VB|hq`c9G`(o*)Cd6gTOrN@@=Jk8bI?CGkygbm%hEV~4L8Qi4U)jI_sIGwt1U%(3UO+z) zPVIxG2X>IivHYPS>6`NWe6qNbs=U0mh~A*eN>H;tUgV4tuxGkDeHBZ2^&WPJh)dL7 zpMu!$(&6h@Do&xCyt=wKj^fa=UGEL7q>)9P)YKFdZj(k+rf9KYqxl^lY5=FG)Bf|CQ)ZuWbhkfr!TVD}lZuZsvmmT?doVigEa!VD!|pW* zpu!+u#5|?qWg|Mo+di#`S41qZ z6H`ux0Vh~?ur0P!R73)CkaHZouD8e=E-p&?CTLy~I`eTsCA2PH8bkz%5%v-SYjS2B z?`-`ZuN=J%yjh6e@zIg!g`snIMtF28a_ZBD~np>N(k*jiZG5Gt3 zM?e-tyXXEyz7(d)2QM#{u~0zZtOCN* zlk53vL*w@kQ6sY902>WizAdvGx$VmJT@h$mkE1BtVmTdwX*ibI((MfiQfD!{Bra zE2BRb-QK9EPFM{!u^S-3ptc%-)&>Wn0m06a!{Eq9U{?fbV^c8Yrbb??Kp3yB{kR!` zNcfRiP7XJy=T)DwaSQvWx0tWIZiWoAjB-n%OK{$C@Ct$(~BDPtJ9T08?Z7Ut(1Fi4mjJ4VnH|{2Xt=XCjF1{#%ghvWrR2X@NtV*) zr6;AHaxTeB`ui3`OEADF0y@G)@~L!TA)%UGAfyn5Y6>jOOi4j?7fV!N{KWCEyu6%J zHn?+&}NBzMZw0(BU&N!jtq|kke4Jk zz|>xYIfNiq0pvO~p=<%%mx>45Pls|(hyOJh0^AiUw)?MjVT`*w5Tz5C*ym>~5UUA% zijq7a1cfHdFffOfE;2G&bSL+`#%IbPmZ%7?&T^rO%mNApF$OZ{)z+?zbnx?MZ-5DH z7cMS7e$Gch*AqVzDI;ZE$pu+2i(&PG}(`l|w^b9Za4O2L}`m3Ie=omViSK zAepbJ-M0l~f6mN`ZlBuN=5FL0LPI|n(bI!C2CR7#XjqHfA2;JoOChXJB(8k z%TZ8*i`;b&P?!T6BxJG327s591;_^KoveH(iTDDN4K2uv+jfoMEAYc(kk0*eYLMMs zsUjnzC~sI<$EZNkU_DJwuR>&0t`|^yG&i@1nU9T(1wza$44|f$R#$OJap6oy`j>`> zhGOq)ps}@OR8%yj7(kuh(o#~IoLnH7L7#!kzzXMpLs{IatzglD!~WC#*OM}1F_n<< z5G3#|PBOMN6!FIQtH!1b1`kF<#9))qpFWF=3xz|FdNI^h)y3~+3Q?i7q1qriQ`k~c zXHH1W%&3eD(q4}EYw>R(os?OL5>1-=2mB(@|BxIE26oM=yGd9K6tu?EQii+~KYd)x| z{e*#mow8wse)4E3fCGZ1lKl;YgAGD_Elhy^EE8Yg3{V95t%(80;@C96)8aG@Ks|F9jc_QjSy0PhAI091zw<$(6{~A%ZpnP>gG)S&wr`@Ug+@rxw{K!D zx7Mbusp|<&KrVN6HrW~39VL{IXA~lA2Z4RLdh(>HML&MrfD;)u)MLRIuUX4sC-dva z_r{=E1os?nx)1PUueix8loFwoKxNi}SORd9JQ#Hr;}|7^h|X{2#`!Cd%NQtu){@Jw^LZFnK6F2F82Hv6MCt~npw&QBZ;ri<6b`HP?AK*eez zE+L}UPb`6oi!ZUzY?sceNcvNeg@yd@8Deytot@j-+d*&7&BtRZ0g;vw$G5h&+}+&; zWMz&(>ZA1Dn0rqoT6MH`LW#@ceLMj~NZojkjCPAmu?f-QP?G6lKg_aS1@2 z7=s`dWPQH{Ra6^{^?(AGoxmYb%YM#8}^yv$wam>VI&@A)xS>BxIB`7of?LmS)5Q6@(Y5&LY3yRpd0V9Ru(Ux-qwyPypBQ zI2rc_84Gp{mrdYzrUx~!a&DRsM}^MaRh3hFZlL2FF$W1 zq{?aMg37Ii$dqEZ3pjobKA&|j`Vn(-uyMzU4WCtQbtgPc&ikK9u zolNd89{yR#3>MI05o2M+#>a#CHCoaL+TgFKcK7o>Zq26`Sj7!<7J`m^ia2IyXorwM z;ezm^7$}@=&{$YQx!m3PrG*P8+r|mmF#u3D_YX2C3r5Mgn{g(pH^^@9bpY_xpgv&lJHD$q;=rsE_dDEGmD5cwT-! zCFNes#YPuYIwGcO9tsi@H=&q~;t&ij#0`yXhnV^@MVkB55#(-t37O5`Lr+^9dK{~DHJuhoU-zAGxJn@koF|@Dwsv$_cS>- zLR{wWH1`7GxsM+SB^(1@MTLyNCs*{F1}9`^^X7nrVe*8~0X;W z{23nS?2`4}-LX-arf|c3+Wowa4h*yIDJ)~7c!UJ_fFsHd&LPI5c~;8`0d8P>gqGdD z#XXcsBg8>NdV=gxAz{|WD#Ii~%}x~fkOO&q8z)>WHftc_xFq{VcR^Rcw1u_xF0J7Y z^jSqo*m-wvVJ_m5^iS|pd&zryVKQb1HRMyM*fA`CVEvZ4v9kkrNH0sD1?0jA(Zq-b zszY-4aH%YB#GumHXT-)7Jq5qFa3m4hRw&I#MIxkC0j?tD<@zB8AjUV0!3i`+0G|Q3HZrh&{%%}MIno`a%dN={|(Utc@|Xv zgJn|D{-?P61_5Fi;BXhm2Jw}Q>r5}d6fH0sp_0*urhN!3H5EY`^fTyUql~=2Ak2ms zCB4XnV0MgwOc->fhjM;$(takZXw~n5N(}7W*HWQ?sQu9fD7uc04nQgaIXSRJ@bM8y zk~G>+2K2K0_cpkIlbM*PN>2yEeUGg2%F6O;dq0dJ1+mM`T!1nIdF&ls7u{7tEnhd` zzPU36jVLDEMm%8DfMx=?qygbdXuH}WjQNrPU=M%trs|w&Jy8b|5b*C2iy4lZL4F_G;0>U``pNeY@S*FVRx(I7GQa{9I)$EaA7=$oczV?<$s{Ki+o#V_+y*h z_ishZQ~wqKWtKJ`&(+z3%Ogga3o>G2CjXqPf<)vS=Xb8O7yx!0DGiE+qr!UvcXEpi z_#Yh4&$cBP7Lw7)Wy}W1!0?U+;8K7Jy|1>oan4gfzebx2H2PJ)zmepVhP!O8nM@(__8h% z64GyEYRWlSdO0;ai(7YK;QK!=7RUR$-p|Dg?i#|}qirVNJjZ#@TNEbnLbj|2HZ?mR z?;=LRgY1b6&C}CUON8BxKyL8Cro4;fC=#F_oHb+u`vl?sSPp9%Y~^JYE;{(L`bdt4>Geh$w%t8D1UUL zkHOAUsh!Wxj;Ka}$k(X)uX=V>Kn9yg<#_F4@g>%V!-$&FSP4_Z`hMqUa2$T#;^WaP zl#oO|5R4pzm18I^!9qS`;P&+Ux0FJ8+oqQb&b z0P+$MgI&acIiAEQE{+9+4lzg})-#kv-1GM{UsRQX$Z;)gndzx6N@{A-t7rg6)lgH{ zWxwlq4!XF$R#R8!;C*9du|ckIDIUAc=;kNevGE6w+H2F_uv<`tv@5SCeNeHh&MU3^ zQpd{S%NL-mqV%yPvt{`l`TbjER8X_Kw>Mb3I7Ytys7H>20y;e98bE-6bQ~a(0f89ZhM<1(&QrdTyHK{b zkIC&2`QsQvK|@}!b+Q9$PI7!^SJ_+oy*jVobshJ89QS?xRY#qO&*%Mqjpy_63^H4o z9ipwc@2?hi>QDA2K0ddgKyeDmSk(X@sUxN^+^tUd4!oifWPu^b6)j26_oXSpazs6m zke&#UN#ozY<6twMz=*@jG=L|*tf&E_=EV(h7D1??nFSd?a))+8${z&Q8ULO+^=ZDVimT>(bqEuDvIYSn-yY0EbA|NQq020_(5z2rCA zw(fe#&?v;ofFudVX9)-o*wThnS2OZ90-MWQR<7Cvt^#&xU62S12;F)1>{$SYdIQ{8 ztDbIdi81weOq9IDg&m4X<1HcILE!6GrH~NqYH)`zNa5gM!+stZ&@hW*U{`xexXJI4 zXY<6yCJ#;Zv}#Nn*2tSb*k=|-DQYO+%li4<04Q~CZZ0x1k^yvWzJ!qeLxAsZ7iN$R zGRDnC7r?m!9rDxkCn${FNm7uH{JUmfLEa=lRzDJn&$|kkY4E^RSxikApYkJ#jURJ$ zZH_dSTdMH=9Zfl!M$l~(i1wtl|&|QRsgF{A!AT+ij<__=Lsx>G~{8zHX zuaR|wEHDO%tv0upQ3l_)wPhRgkaEEtP=>#kZp<*?;Ls=|3De<_&YQ&!-_3Pc-@!T^ zDu(zx&^-imB%jS@(t_gW(3-~Wf$1+S>&&3m*61N-CPQR+|2cp=T=_T*+6tc5+dO2{ z)R!=H4Oeo}wX?(Qk~;kH^Cu$?W%%sNds^!9CNoYw`@hL-9m2hw5OTuhOZjr66tYjr+Rlstx7g_OobCX?BWC-6-J_QDNtY2t< z0jVe@m$@$^`K_woBlN$6(IUW7K@_Iwhru~zoKB66eF%pyO#X{;h^MA{(D5bi6x(<> z8R+PAOiq$1h+uIwYfHIsc{td`0pn`;>xj;DlAu8&hloayfeK@p1q&PKY zVE!JkXXN(o?xfLV4qRNDS5V6GlR`1tU%^I-h(a71E0_*ipIq~%A(<2*Ey{8~m_qxVkqrSZBRe`$g0pidS%)&fu z(r{tS&LB$9c6LDAul|}(-`>8wY=Q-qF5eKsMBa1}_mIq*A7h!~KljNaP`a0X0d0RA zVi9W@dC6ip4n!{=9*G$mQU6u{6|yBZlNN6tz_!}x5>EicE&$ak!~ef>5fls1WFTo2 zkc;>v4%1oJ=3LFmfGB|pn)DaBqsE>Lw5Wl|&E{T2Q%r)X+;VDh~|Q^s_x5vyy6k5+N>wX|uR-#x2MnPopMxAo=f2g0KPe5?sGb z{}_~bzAj)V`Rf@!dL$q?O8(l6&gTpIDS=GY*{`4~bntFkS_}IeZ%!bb0Q=yt0y`B<8e^)BiFO&#J@)IL<;u@p{P)RG3&|JnOau}w(iV54_A8aF z>5omkI+YByoDBNEKYjPEbA4rnWg~F)-M{dG(0@<9Yze{>4@kGw-QD8-jSP*@Fo$z5 zA<;QaXh03EXFNcg(^S*`akzg(8K-f{3tDM*Zthid=tOb;{kX<@&n4|U9-}>$<+-0- zg+Ne^K4?iX1}Z&_YU^PUU22ax=*gz*p0oY6L?0l!5t%ZIHWCqkURF*aEBu5Y$nx(|a;fG>51SJzb`ec0UD3K#`Krkp85BUD_F&2^t3 z?tKsI1Q<=9JbQ-VEUm0;dwJ#rZE<9zU{d?|_{2m(!6#4qZSm#}p8cay#}NTZQqp#) z*E9A(&$v2`%g6TtL8K&M${nupf$R#u(c-Hjjpy4AN8iY&OYrr(Y24QbwU zB~xc9Qbiv#tImfR^-@?t6nq{55%lK_l=Kv^ElrJ&_m8adfwrSx$^o>eRSz?>GQs{u zy-kxlB`zVMsH99zMrJ{88N_(+$&)Zh0x2rOC_w!YU9q;j8~u#|ySiS)$&j9UfcAMa z^}bdKA`|&`Q$xc;g?llXWCWDdl>bObKHj|2^e2<4qzmI^6wv5zr4yFq2vN;J?YioA0 zj*htHB!s9izsq@Sk6qh`40=q2mltU2xgTmHBI;^t9PJ&uru?@E=PDr7`6)OwPaifX@ZuX@7X+tmJ*~s0qm)&RzD3j@DO=T0)H~6IX0^7w9LPWo zR23alQ-nwF+kAG`BjWv&?+p5tIhK=FMiXu;Juh}O&#MP!R(|6N=mG_u!P# zCnMW*7!!3?pKqsAwtoD00T|v@GnSU`7#9hh9jurE4Ib8fm!mc}ckx>{4oHZ4*59*&z*wGVx;24&3K|25CwTd5 zHsD@yQ5iGOZN$BOc>l+?oYXWxwx+BY4AgDHpI97u;{nc~WUljedf)oM9(hLr-!c{; z9F01TB535tPO8E$?%ZL=mV(m-NmW4g2y`hR{V318xk2WpftBBLp$GdhK{fXh}m^nYgrgTk^sd;@a1%pt5ih8;1H2ulR3#k2zLrCo`EMnW3Ti?G& z=cY>*8e53F2XikrzB5W?3ncY}vmkts&540-x?*H@wxz97OF;ouXnJz;j-Uj}Nm+F@ z77a-&dWPjrhp=@u6Jc&OC;}XwzUr!$xGNAR4MFJEvgB-6^YY1Mm_4n9cV-jm?t9=&h zNK=;pVr~~z#U0lB)lWjX8?M63UIfaN0B-*_kJF*2j^bSkbR9pmANa@@BMf9#F8vn2``DLp zRAnADf7mxyuwOTHDa$nUxkl(yRH^YYFeVTStt_ob!f!DJ{m45KN_ z%ggPEeLX$B_}+87=pXPcM%xv8O96-HG($L>f1+Y+O;}fNqB2gi#9aYWb2+WYJv7@p z9cFLu8J>cK)=u9J)5;6FW=oa!^DpN?O8oe5wX0Zp1Elj(EXK5%F)5$Ns5%NbB3Frt zC_(0_Lrz8;>G=3im>>tc7zkF)55^Kdk~EJ-?&viPH8`yc|*Z*Gcc?nv`OVwWS}j4I_-|A_+`8Iiqb09Y=| zS>-tZo^b-r_)pW*Q4}KzbW*SO8TdrM_Y7dmvj(+N*7{C)jR?H#Rye?>ARGtkhi3#}0T{++4v zifnBSl-#!OS*PED5e=pR?7^89T1Y%(2_SJY+$2O>WGM(1`2m(UC;wo1>STcSlob>t zXJkY%EN7%s=ly}<=$BJA=N8$e+lk#XX^np$>6#1)4^3n0a>(!z;3=@wsj@pvhbf1K zO4eT{_1*;qPR;qb=b<_6H~>j)z)^x7OlE1G`{6@Tm;hS@vWXzXzft2Kq3Fg*`hj?v zaR);Qd4J;j_YU;##2`+8V*Wipz%v`F_#H;pp3~FyOAZ66edWcz>i_=jayO7(SHCrGCm;0_#6rUm zDzcSA^do4(vcDf%o?le|y?(NeBn$=e|NEiM?(;}U>^}YzSy9lHIXeAwaF~oj^w+Ae z(-Tp9tE1iXr9|S788qJy%nr6UJ;||BnC|znvA(V4P%CJ@d$px8jT?4AoSOQad2j$4 z8r90O9V3=VroGxFzS70+=YE4o2WPxfZ}V-%}f?kmqXpK%N9Vf^Cd9c4=Jhuhd_ zwbFF9_8=_u?ZZN^gUpwYC?&m*xf5R|Miy<<_C0F&lwjUl@6ed=v*EcjdTeYB0o|*V z^Q{K->BGZOri$`U3BjxE?Eii|rKrAB^6ku&RXCJ3z}~H`JrcK1!;n{Qo?km&WsU)5zYLpl2n6g&9uvUscyIUNt4w(qX^Js)7a2n+Q7 zey^D$FW&kg5JB9-1Do@H>{!u1YXW>IRdm-Wg@Xb z|B(&~I8uo+n z+@NoCbacd4OCDUDSeW~9F%eH49GL&P*=eC0k@S7_F|);Ual6$w)pLM@F|009pomB4{xVV!8Zyw5h|<@OpMZw#-}%%8UDQ za?*P&b=}1kHtW|+SVgdoKoIF3Q|ZF1=ve6_iYVj+xsi-_hW;?vVy6!TQFCEqqc}idSXtA3 zEJFB2M4+_>OQj`9{SCYL{6FW=vv?|cdP3@(s6Aa(ag|mTgAS_!b#z2(1v?DV)&9+X zS0{Y$;hlht7RqCI0#qPdMSQ%Vh1vZC&4i3%^l{c1P z%?9nl@ER5l7zA{S(^9hV7;i#$1voh@y8Qd&hvw(C9^d~^R$JTBGCL+qf7_ogCMG(T z{%&Mj{!2;>E)5(v*!Oog_kg=(_@{HTYZp;YqJm$ckHQXuXQg5OyST$*^<(vU*+(Sl z45D+A!C_%Co-U7J)@OM90r9alDC<_8mScs}JVt7E=jiv;%<Yp(%Mq)`1X0SFO-C<9BTfPQJf6EOV0L=Ew_2}jg5c&99I}Y z>s*LDbi=ePzb{M>(Lt_CAai4&r#B=cVJ8i3C_X;^{p{i&?T*!TXrk;~T&7~LV|P)& zqv}QOBIBZQ)>K$ztUd6o;q9-NIl_}d7&LtTpm5i8)P#LoDH8hS zRa8`D)o)jDb!aL!RdD_rlB`aCA3xbQ*K$*UNiP=4_l^!a zWn5cY>~j+R$*$nw(gF42B?*Zixfp$xb_7VaRM-J=aiYssR+ir0O$ji-CXFUEkVivHz>Q93b356;Q5s@ltOX#r8`hb3tC%3${gHa;} zddS=D(nv(|Xk47^E#-U8@;uPfgCVF3w^JAPO|$P8!IRCAw7RRGl%!{siPw|c=8`<;5@=~L;E?|J!AAM!X8Efii&8~NyscAMQqEA zFBzP2$K;OVS2(`fdLMXzrD{%VC~=8X4( z_{aK@8t$2?%DUbZ>qqxfb~o5G=If_+^u@fr@AGXGi#mHB9uK*X1c+}Sp`+QNt)uay zn6n}UBB4?up)eq`^8aJ>H8=k4RLU2h8^*_#nj5~l`=aj=MT65EXKveLUrc?^?W?*U z@7}#LSin;|aAcaoz(Bydh4FZ$KhRlwdS+&7%iYu7#Z5~5Y4?RRb;HMx);}9L@eJ$ zM;f&M{rO(lA0++aNhwM%HLSyDj3Z67_;<6*qjAZp%?ta2;~(A;6*9u9;j$xE=!{j; zWhdN^iV6|a7mSUWYkGmh+=1`t1bG1^bT1pPPM{*i{;TWnZI5A;uYIdK>9tmAkUG zwm9l~H6iK4d2arNh|Isr8L(#-peW!%39Xr2CzP!^2{4 z3^>U!L*A|(U5Ggsmlw-ADrHP0lV&c~8gj1+&^2T<&bT=J9vI-HW^j;WBBrN^3Xgt5 zIOy@>1sUl%-)vOT$y7xKesk6klij6L_Go74%8NUKf`PbLPmcSr;%E8ki`Z^=U})or z;3Wn%jMXs6(05R9ZJ(N=%0PwuLAXT>T*G^_Ue_5)_w}O;%CgeanQVlE9#qrst5+5m zw+n~}2@Nl~>?ihc@;@>#2wY0Y%iJjFj5|7dC+ zd3FA@fA1#Ydf{f?&c*QO>x-49zke38)&@Q=2>u=So$S1m@#o~uB`} zgD*y$_{5pNm--Z?v}Ak-mZXkBxn+w^OhM{GyX>hfD<>J~=+d`z-nB)ODIh4g>mmk| zdv??PYdf+xpb+t1wDQ-Qr_Ye3q%Xm@LC0Mrj%n8p_l~ zbL?%1t#iIT$(8gVN$iixTj?recG3Ye{7UkwrkZcpL64_yR$dG2|Gvuld-_uG?~22o zh|%lWwF~h_f>vHbG?pN)q2M!{>__^Vwo8|*_Vqt54JWpf^WFj2;otqiKO1s_;$6_N$! z+`F*da_&rA5m8ZQ7X63%j4K>GJcaf%gN&0XCcLS}6|D5`OZCCB(cmV~%B=pWrd8Wg z6OGonuORUjb-|)Xh^nM{l;pQGHOICNpOuI!RWX_@MamhO# z@ep4^1^M+?Hi=%GTZm)aj>XBsalCf|Bc}XOB6j{^NEhY5b*i{??eny=6BJ4i(=k(_ z&VS12Fms~Ny4|~(W$qf=h5VD=9dK~C>?O?D8biIm`pOnv&qzKc; znf}qXllGR5YAUR^$K$U%X{+c$-xQg5RXml2X3#CA_(owNp{Y=E8(S*R1?U!9g)!gr( zS@#!ye)tMX79a}*!I@Kol}vmXdor8sq}y_?J+dNC0eW5%nztA#<6AvxG^1@S`;rf3 z&F%-5ik_eJIF&X)D#sr)X@C0+F=k(nb#Ndj*8sz-uL__OQFYNaw&!eOin1C_DyyfX zG<5scw1+rKOE~9c{u6DE+F#!Twd*Z>4D$P$nvTxSy?vr-60|EX?IbaoIf6Oebu!<_r~7yZKDiF=)}|yNLW0Zc1MdZ z%+4j}O$}<@@M!+>r4zzgYHMqHa6KN|)9VL% z{)kpHzGcB0v;IBn5$cYJKG-WhLZR187wm< ztO5YAYGYoW8B@Z<#Dqzcd&HaUSZ}lvp(oNYaZ%m*n7>!a-xVBe_VuyR=h)WH{Np*D zPR1#5K3jJY10@ji7YI#B0vmFi?@M$>K?%-ntUrYHxCD4huV|M*Awc})i*>c+dgL5Z zOb5w?Zv5jhrquj~x0{=AF$J810cQ2%O!=`en(H@Q*#;oQjL~8J3BJ6PK(iCZ!NMZK zJa2HG1JVqvCIb1*^TF++_fQ|yNpqm?fkeH;Qp+5FV-{yA8z5DltsAGnQhXH7; z+VX8&7ZNXVMZ<$TBMw}nS;RI)lG9RC!`O)EhKGjiia$IuI~}kV^b8+dnzntmF_NVu z<)~+1Y|Kpzp3v-}sHg`>@UE>GP6m!oewsFP%Q%}zw$4O(sHcaECy*wmsVR&d?j4Wu z4KX3hvuaA=f1MAPZ-_)h0o0v>0s--Cse=b7N{bLd&|b574TD%w=h-S_?p0;1M)4uM zt|}!-x(}eb+NVo3lt=3VE4?O zjpCZZ$Dku;t;06ocsR{VrAnx z2h(ruxMQoL^cf5~N$d=Cb)$2EtQa`{Ty>3~e#J^De5D{-gqvKWh^EPRht;x4lk*;s zqNRgB^|q*m+w|*DkdZ}%^)XqxK2uTgxqml*Zz_a(Y8m4k9_2k@VK=<Q`F~b03A1PlA6WcET?^_ z?VTE$a~Vb*MV1icw6AEyXHALHq>=oVD_NAajn=Lw$YD zH`oT=-Z?2ogmUynOPV_>=3R%1_2w)Aqw-@|8Ck6#KSu6jKX@mg8#Wfd*cZM(1!^Uf z1Sw8IVrF-VENdc4e6y{+J?9h=D+2~XhP)1R%P{jtU_=^Oa|4SGF1i$H$VdWRVd48+ zuAmNWBmD>^m+2lw6}60vB}zka<{$)y<1;7Aj)E>l%+LZpw30e;CZ^2B)VA-BU_bCS zUR%#F{8wjfoJB5jxd(WT3qnEeONkW<#Qs=xRrcx^-AqI+;nzJy*OZcX;^{w94D+ix zI)fAncOMQE&ghnK zldQWo7T_|lgalsn=mDnm*|Qj}A_ab>Xf7z~?U!Bn&)$UwyLn0`MlrB6?-KhUqpiK& zw6pUcwq@SxSngL-v+K8b9^MpgObDF!X7`|`o$r+vKbPnPKdN|@8pj{+{@F#F!7@Tv zihh0L>zc5tTtFNo7pD1u-Y%#c`DwJRC#h5}`h5%$@}F(12OmfYEDlay*jjx>QeZmS zad7BE=(Ov^pa*zUV&1acw@#_r3`$OzPiR>0<5w;0{bgikq>N_}_PL;{dg=9-F_F6( zbxQ~Q6qhVH9t8)yC$T!9FD`7RW_gG zzJ8t4Z{4L)r&1_y_kbhq{=LvpcPefJ8yh8A9z*O4WDfqQCr{#H1U~3)Vp9=dQ)0<8 z_NZ;wQ{!Eu(J*3Lo$8EHO3Lx{Vw`HaR`eTTrs*D!jZdNbNI zdau=Ja{k%OCxB6m%*|$g>A*nS%?%*qi^e0=X{#Srny9Hp@7XzrxoNeYOii77STY^; z=Y8fIzzP0;YsG<%$-pm%f6f+~-PYVZ45kuaatI2(Gwf<%o}HU~akP$Cp-e(fz3tKL zJl6uD4;M>e^znsA+qW%URaN;fR^tx?^X!rJct{7T-HJuK=D`^58aV`l!z}n}U^`4B z>Vz2*X!c@svh1M=?{_x(*U=(-pU;3LQ{v=8sPR-d-TC#^BifIDF-(#vaP@KibrZ2~ z6j~TR)@J3TQk*N}#Y#-C^_)0dzhk1UwyiAz3yA4~@8e)m>KG^+)YY_D!+xK&UCp)K zNY^l|ArvN2ijCQmt>F74PASF>{2- z;wAM5Kga>e>FW5Ecu;AGyce%oov{l)8>D*rl__~0KoQ@^@wW`KhNP;kE%p@x0BuVy zVy`|cyt=-#R05xBV_B&z*fJ4wJ zA)a;3@Lx@)U61syNBIBxH8kHL{>S%^d;q{-z$K^0DXFKU6Kivim1Mxu^;drHe3G2Z`On!|VezL*jh_rzlKQD> zsI$iigf^wVKYXukMhPv@a|@>d4Wx-c*{#=3*?k-D$fJkX+-`{t2~bb_T~00Cx!AynS z`*d!LYTEJRP;_+ison9zFo5ef7!&Xf{m}f0n{v0@WMaO~?8Y)yJ_-DUVkCUjt~R4?`Gh zP;0!ansL1B5pAoap;Z)@lyvm)upP1eV$`_DYxsblkeZnlUMxshb~5*GboIrLE7E39 zR=*wfhE5C_Lu}aD(NT84qOufp*SEjYOKG0-3I@yWI@Iq}{Y+3!^08pNTxp?WBwK@d zxHU05Ll;oH+Mm}731QaL>`RJ@auln5-St2R?oGiqyEfU+62iLS6%m)_-o zX_fn#K0QFbFGJ*MNr{j1tHCvw@JLyE^~3%B_;<}T0c5{i$ss`nkH z(})rRIwi55ElEKn{II#%i2^-#*fFTeAX%8Q6Ee{F6M(*waGWnwCN68`^?7Z4-tQuE zNkwc*Sz}{+2MwICtb6uI?jiaNa*VowE?7PIboo{1klm$uPE9SMAbNz)w8hXkQZb}a z^tp=9-BZTxYDT67seMqfX|mQDS16N*8#&%NhM0#@?v`epYK#1MF|%fGvQcJ9d*N6) zaiFGz7(>eO)fOU!oe%AQ3b(@dO-*f;_#I#Eggcqukdb{`Uq6Y#6GQ5h#qDksNz7Qi z5^Yr>Rhp`4Y)p8Q7Leo}{1iVmXb63P2s^~{4wH9c9qQ`-C-7H&|L}NtbTle5nw^uo z{o*bV9e)7@>)A7eGQun6^LvvZa-Zva)<& z(3#Jd;U_7+lYy5_5)qoLJX~A~P5}ZcDoShX>jP^wz|ph&Hx>n#HfV61Qn`eLP|HsF zwos#vKA8mMsut>6A~|||RAlOr?g)eiP5;eM#a=?-Y@096YXFDz_TYNH?`!>SQL|OT zv1!6>OD+`qoG^pUvY!vf^K`)dJo_%RoPcpIC4Cjr~Bz<{*AX> zY>Mu6ne@P5J5;+%dmuVPv>n;4lEX+%PCdXSy7ootcm#>Z`4`JHRgL@1zgz`lk5K|> zicW`K&XH3P;eDT)8Y2jebPWAsOMr)$w+72(N8IOe7K--uO&Dy4nCao&nB}VX%(<=Q z2?>_(S}RE0*9=#&o7y>1Ef}LASBwn01kx6u#N{N}txWAiBqSj7DbDpW#pf+s8G`cI zn>XxU8)~Q#t)e!w@c4Q&nHh*CzA^W`u(d_U_c`_;rj$(K;owk4Zp_kVXXoHOZS@j+ zCX(?L$pPN=2|I5_Tx;=Ztm#)1%s6s?H>;|0bAc)mp`#Ji^8USX-ewO&>cbQzCPq3X zRtz@Ss!Dmc!=R`mZ^H7xvB1ujhSkKaOvUy@wcd%v&!h7B){i(?-1~`F> zjkQk*F?1>`DjHpGB(eJ*x{$}cHPqHddL&Cji{JbG6-7Uqn)-y4R00uE1QwP=R;;8V zv{G4jeMG)uT)Zj-t}cf_UR4!g0(EWqaa|`$kF{7Y#59LFFR!e8CD8g778V8>Q3)8w zPwVX%Qv2baw&LmYTSPKs4dp_&!H)E%2z-}M~}Bp&$EVtT4u@6rba z+p6Ma^I6leFY|7w@^mf?Oww`GS$)PxKg z^M512H1TBP&rN;=rB`z+GUj$2L?)_iP{`+jC*se}HIj?QJknO#0`?H0oE#hKgeRL6{ z#kdKj43VE1%$s;u#nYhWZEYZ0plju(Uh#Xa;_jq!(aW5dU$%E{!(jvl<&_m%;`&?o zcWD)3pJehgxg@MLCnx*)X~VN~`Rjto$a!ssugFF3iaWSv zoj0k9irH6Ks5dHn9uP`KZkqE`qC6>q+rzt+?#TyC`VtNfkLFtewm;9tg`%w;hx`*3 zuT#;O6*quGxZu_-G(OIngoTqhlbS0kAj;9^)`XDEe7 zQdt88(hf7x-^TMlN<_rzujB?Ve;6w&p3m3%%`KY4RSGYMytsie#QYpsTUSBEF#<)- zMVm0tJjVdMH~oCeVWDV{dN8ndI1(Fsb0cldV^~mL$8zV6zR9EJ>b3w|6l9sr(_cVP zZ0OBOOw3G4f4BJ?oG~M#gM-8U9r*#GX4nw;!Q|mVJ{4~FZEo@nA$_m<{n23?Klh%I zkx*kr`Mklc-QT|fDL2x;bnpHs9Oo@&&d@Ml4h{_kH&yW-Ya8pjy>cGA1=qVj6qVuz z_=V(?vu-~pbZfg!pStTsi&L{*8x2}bF1t16lG6^}T+GcK*XbpF4VQ-%bD)onlF}mw zuGowCMTYBN+uP+ys-)^l341DL*dgx#^AYd?DnMjY?n)(-vEx(n)r~I_{Bi(-m+u~n z=M@!gfQevZV}C=Usqm*4J1MFxl0K(H0H!Wkt*Wi&#tsQV2&M_&&J@Im66k?9Jp5VoP8#X%$K-*yMNQ?E-2L~w?Y(|l1UtzV9?LLE4L45&`0)P2jv`jy+V%8dN zQODR?TGBcwG6kN7Gq(lseuX0oC=FVQtTxmM|nRp5aR!f0@}J*+rXR*#N2V0NQje0hUU{N zt=$vT+H*Bkz_Ua1N?PdW|1Kaf9%_8;TmHLB@T%T@bMW@i@n2FrxE$CdY0`W@o@DvT zjE9QHV=vOuhq2rKI_*wavPjfi3|BJjMczFT?ByA-8~^&%%vAr5lSon!l@&;BdKFlb zWRn%O+eKsvR-bWk%NxIQv$G3NCXx$vZz?Rr_^iOo$*p&G%#gf0d%$KG&W#?Fom@>C z*jMwC>b1aK@uzn(G}*1lDCz90%#yzL)ft&7UoOv#9}SK|L*iC%$UV00r+M$5QH6o~ z`Jw+XMxQjY8Ip27(Gzho=8mIc-I7JRzaM?cbBzA=flr_hOf#Av*lf6cHuC;y8i&46 zMrFM#I=~QePX5$A$!l)b@Wx#bf^uFi`Cv4YKUSM(OwvsDJ`&!scdLA!EdFI8(rctb z0$f}*7m!!`_%y?YO_in3{QBqVf1hCkCG7KO_neLM@->7%v)AW_&jhH4bSx4#X(T=H z1@n=i8L>P^CiKwR$~o}XvGogPNvdxZuDfivMcG8N`qHQYok0tDn6!9NkJ$g6gwGFZ z%0k>$X>*MCEju4)42Ldi*pJB;jZ0a);G<(Klw7NA}@FfgFY`G)Nt&&$2}6HiI8l=zAz#=2t}7Y1m` z^TXC2bTEy#Ej+Z?ARr(Z9U6+)(9vek!THyltY{B{$*$XS>A;f~AIy6j1ts0TJOG@Y zDSosSaz1=0hz z@7g#`UYzy6FFLt?@lC;3J1yI(z_5=E4X_l>pr#>Qd-ib#j49Bl?=@@Fbtzy^lflb0 zt#be#^J;KOGx6gSqTElBLHQKOF9`DJ@qg!Sk$c`9a#GBD^D^;>Nj->jYTOD*RdzU3W4%_ zpKB<$A-~tanxrl=as#jq?oGqy1FLiEq_A| zy^M?if6sw~cJ1)J67Wxmxi&lk*n?QI6woz;UZ<%l7pWFlj+895qd$M@`6k0dNAw zh{9iZFak!6fu{}}x;!p_KhV;^)~X8gl&4%a){I5KbD-S7!Ox6N8B9xIOBVTyqm~Jn z8J}8PVZt0;92i?m*ptcZ0dfEm1{U1kBk^e*M z&f}|{$xKfiT5*L6?37=SfD&aTA}R)kNvf{=G(<$%8DBKCw5V@UG5Ri>uevruWZ-`A z&$W?}kznHVjP%^d#6(NCV-aCtbE4f13AJ0wm>s!vKf^oBpPMHK2cree`wN(}Y*u{w zM5*B_=9r)=CL@}f9=UC8INTtQy=EsyUGMn2e8?N)k5F=I2CSTyxh-dtIvOuD5L(m7 zW~-iC3dCZ6!fu)JQY7MLp06;%A)4|;XV8?MJ(sEk*{LC8NM0mfeUX~b@GeU*N>eA& znD{_3qg2uil2%cWu(Fh6fIx1`OP*=$^${n`%b?M=jNY)&O|q(!@agn-xd40RFB_+SXcRr zpUCzvV0@UD$LM?Z+3do)O4ZgjbbJfQUV%D5edM>)*4L-uT_R~r_?pC|2ODNb{qlu7>)yo%X5d0mrZ439F9uw1MwKL|N{tsnjTTp%oN@$) zwW6X}!E(;R+_Qv1Kw`tyV`*gx<%>3ZbX*ikL@>l*QYu);$@%%w-GqjOS|&^KzO=Pv z6=q?%%Y{=N*Sqo#@9td-qHT0>Y3;?02`y) z!z%}HbvVjFjbsLIlN=kN8lV%-!k5eF{!?MK38w$1ou|x~RDwPQ@#UN85f5xz?0k|gXjd>cM3YfRO z5|@llVP|%imzjTx|Vt;CQ)b?v8yfmpnZL!?FXj+`(YH4UkyyhG(B!L`m6H7+u(?@ zNY!V}SX>Zbu3=Ka4k!tzM;+Ac5bCZiBv&`ns9t0h*rfR9**SJNw zt76@YEGZ%aD&0u=ls$P;RX$Q|MC`M-J=TICvGi`82jd{<;mW$@9fbu2Gjmcw-WU7g z{@Ak>>nL`*iO~it?X0 zDU@gwh2W6TE=83uRH{ZWk%9n^c!@;@XD25*I%;{L0RKIY<~27jYei2`s_T;A{@WU; z-0Aezvo7e!Rf!BzFl9{wg+T%TX9}87Pk2JB&b!VPpWTb`a~Do%^h3}2V&NnC8^Yyk zOv5=~!bU~Kjh`_$J?5|7x#9)`N_q?Q>T7W zu3<{;PhfL15elfJZY@H8`VSq z{97t~B`kN^=mQ08){EQz&Y*{eeW8iz=l$)HVwq>)D)ZxoHJ zgO2E;O;(dJ)G&8sHz!8~(|zaiE4lr@Pqs=fx%neO_eYUA*U!lZG*JF`#geasvql#9 z|6efl|0yJ*tuTf%5#rK0^272N=dQ15a~|s%8uE+uysB0jFQcQQW5v@{wp!d_Bpuip zSeXoDCJ4)N{xLr@*X@44=;xY?hl0Y^vA8DSdezl`j|?qFd^%bz5eGe~`XoxM0gtv4 z1P={vDH;{(t*@^_jQV_w7sQ%#a!n$65iK3~uH%z*I-KTdS@Dp4xrkow3INNql* zu}ZeaZq4KyqSBWxXECCi#}`^>ek-B|LPjGe`l;i;UwdS~Ha0tq&KTyYsPIdYMA47> zJokiA<5v-Rd`=GNFm%joXS`e6^7BnO-&l(9i8cUN0BnZc>TIHva1!Uh%XKJM}O|3lVUhjp25UtdM(5|I`ukuFI= zxh zr?va_u4{evm@BRq`s0;;ERWNFFip7G&KXF^^T3EtfKHVkkPgr$!EK*L*L#tn~5N z(Y?sEm|58uWD5K077&#CR&t?ZKm_=WS&0^J^t*Qm9eWP|0C|&CI#!^@rSL7Hla{z|r7J zzedP4_HwGOt2p}^FIS{h=Xr?wMEjd7D=jPQGe$-po}i=%eq+L8e(DQGvLtm)^%*r| zl{wFo!Do?Pjf>7!1x1Agu46IJkUW?%uN)@vV`^nAx@kz~zq=hBmXA20Tefc4O?vq} zG`D5Ar`#PONG0@FzXVCSyX&L;58T8?TAX($!U{SOEJc#?%JhZN!_msY_Z<8)_x7Uu z0|cnMm_1Z~q7fOJN=U3O9iWevR5s3_=-5r>FF&Hl`I=K(+r7BQH$1lazN%ryY;i_M5 zt6~2dXNX(Hv#IZh$1yIZE_REb8_V@=;c-p(ZYGU}$`!fs-?IYc#@nEI|BjULs`0h# z>~EaQXTQ4ICV#D*{c5A5_}v7+l!=~|GoqUE+G-tUgGUah&0f;+H5leXg=N)sZ`$Z} zV%xWLj1}LyeYofA-MJ_(&_NpWlL@??zLhmbj^=Wbw5VUXvWcDJn@6>3 zw=GOnYB!HCuvYx)N5^7H5D$u%j1DTQD@uJis!291dP-@E3iIR6r~HJ!IEf&HV1zhC zu2jVpr`k=mb>Xa&Xf`oa)wLaXrca>%?;k)_rlN_vrYdIKD#Yvw{!xF0<}~56mv=79 zWD1`(3}*QgSPF zJ|;$MD9@InV>Nopd=8rTT_Fm}4sY&dc6N_>jB&Z}i_KS%yS|t#@BX95kA^#+R&vEW zF)X}V8*V3>w)L^uS?F;!x6ij5T`rA3sg6Ir_`wr6#cIgV*T1raW{ST#g=TOhr`+HnUp4V^%XB z87D+TT&LHM7U7j~aooSVmy6TpJW0l4IhBEHQ@yxgTKQiQvMYV$a zX@;Cs(~Bq66r`ku z(PV<3;C#7Ph8Q3*N7Ya6&2v24M^Wxnl8Le5K+5g^m^Xv68H8gfIHlE_e$G3BHOgP0e(Ny=osjH}w@N$~9>ihQ? zJP)VwZ}QQx13&VT3Bn)$&eONw3?7p{l)`%3v=n*stT&CZ+FU0*M&Y} zZmqmGwenJaM7vr_FVDmKld!u>xnkG|S9yDTyG1lGCxmm@f+)BYOaW9`*Qjgv(#SS#lXBzZG%5+&1Pg^!qj3QuX7P`}bz4k^NGkf3`JM8IxE$`&VVn zO;q%g>MN3(({*JPy+0qvP4Q;1dL3b~wlA!l*%LCKikp41HmfR9eWp*y-1VW8DgV<~ z0_fB5ax`DuQYn$G{jMK|!kd*CcP|}D=INPiLMC#dndpcuCDjjheOl>Y>3Nk88yZD- z-iB(nQTF*LGAL98|90picB!mw9P5kaatT6H=dv~xWQ;AGX76FBh=FFp@Znb_|JHQ% z{1^l4_r;|-b(!JHU}*dvPw1llvv68N`;Ere=l4~a{Not!UF459ndf9?P&_L#ayfp% z`k3~9e54cK6aFu$4k<+iY*ZXJ-Msh@Nneq2J$l^oAvC1*?M$}K2J2d2!OJ0sCz0aX z{mXJQk$Dni1+~2MEdSruuhhNrk+R(DLqWV%d6gyu(}aIn=Vnyslb3#-cGY&Wrtxm@ z>cm=%l+iGCqG6%De;4`^Gt>5dg<9v%f>$arZPpD`!qZF8aLXc}qPCT`>)iVXzuHt{wd7@z zl}MZ!-y}sRbkaLA6|8Ys9qxygk0>8sq`!{6d;h+=%Fx$}I@Vk(=Azglcf6M9=qDic zNZ6kc>pu~6F|ZV6qaR{n&3JVmM#3>l(s+0eKBt|p5d81ftkhjP#cz~!|1d$Oe1(ni zccs!|viw9!+4vS(*u|t_Ywb57D``iwSK93>ZNJ)nbH8?N-$8cp)rC{OPQWV@G4&^h4P$3NjQR_(xjbrQ zNOdn4@jR>cJIm@ibr%oa+rHAdIUMh!roDfLaWQ15TInL}CzzPU$=~q5JJitdLVbYR zw1~M|<2`%-@{#Dnk?3BIC2}kQcdC0h_~~ptHVQhUdA4VT!MlzQdl>Z6(cLa`r>k94_j#uphw!AUjc9Q0a!Nwb$p9yT>4 zN-Dq9H0>tw;~uY_J}zn(`>S$LD~5y3_&!7;Cw=}bo?2fom$qJzoo#!z9WNL6mk$jU z4I`(hh?tNtLXzqVi6&|+xINFkU((cNw63q-+JW1P`qM;BzU}>_ zt!U$->j}53S6)_5o}MIEyNOG8vo$WZ_|eqO1d1&O{JFbE!i43KD_^sSNO}3l z-@k>a3fi)hZ|)tE>OXmN(lWvHd2}2^&r2l7Ck7RiTC{>`C@GuQZ4Zu)-itPY8!qX^ zaUZV@1RprNI0=b`W2=7>cI*A)QjsrzO{t2e7zuJ}Bf2$thQeCsLpl<_vz{K=>{f%4 zgM;h=MD<{KGO}P08P5|df{^UVpYFX9;~Z22AOVSt{3!og$@^?5*|k=O;bVM+e&v)D z0SvUhWFsq|Ul=ib*Y zMADs2C&BrrV1|L%?}br(qdoz1JN+}oJfE|of0APIK|{O7c8@*h@sb0W!+m2g{f-26EW$W98|%iQJMh>*(+;V`!{!`{ z@nD`OKK`YQPm1R08|&q;0F`S;*JUin?kwujhs5VQGu4_pD&FU#jI}dlvE9%% zlk_qa5rGI-R3|4V>9=3X%f;5tY2%fsp=~5i!@$hk%s~H4n+lhIahK*?Xyg`V5uTz* zsyt~o`3$z^Ii@nfXQXqYP?$is#9&*H)Y z(XWV%;fTQW4wZxi`EW@p>5S6a+JbN2x>RQwBHn@22-QpAPJ;plN^4si-&3=$GSGQq z=HOLMl~Hv5y<})~Wd;8JtK%oN+o$zP{g)4?(R{MXX4%JQAC_L%+0V~9_FbBd zA7*RVs-eDZ@;^BN??$}V%3jqyoCWCMDA6fH6m_H=BL)V>ug|1nF2@C$Tn_fGFm!s6 z1vv0|pqE`l){8Nv7IP=rL!8-Dd2mPYokjEyru61y6Z zo-tw&pO{!SVQD6(_^`_tnqq%zN8u-gV#Ui+$97*liAoFj=a1W+jkok@W5eQ#uuI{; z@>gRev_AsVzm>Vde_OczI*9)B-|eX}kZ5y>CxC8UIW=#q7hYjnh1uG+qK_nagg|TP zQ8JQVgFk#O6UM^Db!>J+=v)G!H*HR8Ff3Gq!S&{gIk)(vB(J9TG|YbljF`E2woB$< zLUdbAs_geXqmAtrO1_#*6Qsd4GBzd(F~n!q+EslP3inPqfzzdFmszQIVIDEubq{e$ zxPg!s1^wox=4SZ@mE>o?X{!%(Utkv1)y*8A7*@G021w@|^q;)8E7Gk$+H21m^wXGL zEb<}&tpa(Y5a`MtJ!*xPB4psT7aj?SyN&#JPm@tHGBOcw1G1o;&;BC#2Zr_JLeJ|= zZOSH~=PDr~G1$Gk%R(ylID2f}kuBb_`PkTDvbU;U12e9e}u+hULr z7DC9R`^~6aqXboHax0j-TEdrwW#D>x#}iamvs&4vr6Lqfr%gw6t3OjQ+r3m5%7v41E-Yz~<1g9{lUyK41dKzS#9U26qKw z0;-sci)w7qJkwK&3g7xl>zUW#(18noAwep98f#PciZgM8>SOZd!DBTv!~lf|j}d5^ z;TY;)dv4j(YiPbKGt+G$8ytz36HuSkbAADn*dyX0{N<6qw8(I9YB7SM;ayE}ho(&( z#4N#}>IJly-M9?C$djGS9M?sHqyPuC@AETC9Mlq5^;fiA5a|5P{uBqZDSU1&PnC(1 zNtfFPbJ5p+d~?%f)=iU(TTNLxK0e+z{}J~)p0s-RLsS)fe0)_3oCsw5;o zE7pTCC6F5{ws~i-R5UFtM7*AbwSzlLda-zd z0LGp;M@x`5P@JdW#}C@g@$qrNr|C5~f2^L_8VwP7j~E%Z&Sx+CAbL*beelSy&oZm>Hw}U4w{<8A4%=37${oN@3ylS-FMRWZih&8t7u!a4NeG zM-%Hsv4AKb8dYz9%67{IF?eKlHaR?8UZqPbbO+Xzc-{Ue^Q^xH5X&O4?07!;`@8-T ziQk+!aW|O5zn>{cDJ2EF805M2+&7u9TpTB83z8@yp5;G`Y1Dg7Cy5B)zpIcUpMv6) zhDvq>;huhZZhn@h*inEygIHQ8yb4TY0_{rK#QE2 z8UJuiD{JU-4M_m5ay$+zFQcWam$c7dIe@l$cefZ;?}ydJp@-lXaGCWc?r+UX_NKr^ zp{J)G8d5|@yo5Jh=iy@wf{qTCm zW5=9Bqh;++Slbh5YeXfA)Az) zZs?v9MFn9#dBPU1Cip3Qq2K4I?DUi;Z)Cr3Dr@(RFK5TOjZmeHZjI~B34)LJe;@?h zZcUJ-W(&p?xLh*CRiYc=wW;6I)=%RNa|MA;G%Q!z@_R~%z+qd4Xt|lIC`#bD-$S1JdWyf}=!`26T$de~S*!@|_o^OVZ zE-v`c5sBm-T?|>k7SVKtg@XA)TDr#jQUmzuaJ&h5U$wMwpCTJsTW>Q%-#9QJz%$SN z#y+tT`A+RQrl>G~n^|_A1m|mEB_mM-ipU7?zJSkc{47tESwu#S67jW`k*!|C#v#Q+ zR4^T4eoKmp={i_j?3@0cHFIVR^SiDsE34VF6)uvx{#V6f9aMdvPDLkwdam|OhllHZ ziK&WHOB?K1wojq4#5V^At(I88?M&*&C3u^ro3ciNyUW!MrX$aujn{J7XjM+(mzaiU z3R01ile?Nr%Sbb^*nEEkPC6;9DAim4xgOe=&v`z)JTdhobB>hj9$d}b;ccWL2*s(F@pw0(aYKj!6zVR!%=J-eT4tAl8&Nd15dOpr7AF&>M9Uz-DA((37}>ms*3f>6L^1S(y=} z>p`L)@V_MoAXaMyG*CrL!z7OLm`9X0nOBMNMg$t`HuA{6fqb3^Kfl-H9Ms8g_t_k5 z%O%Y%X1vdnyfismTa^1^XmIc2M-X(v=nD`3BFixBjq*2bCX(!{Q@=MfuNe|Q zc|N<{7l+MeVrqJq?Ls*aVKDHMFF$HuG0dcsjU75r79C2es<63Pe`48JoNvNaMpX&a zx1W#KGv)d5fpd^*|5atslqi`cpy>BoYvFd2#N1KIPnjEjoq+l2U;EwBj(VqT+TKdawbkpOkBmEr{I); z{HCPz3q|)XloYS@3iZvec8i-g-F%8MQs8W&Oy?Xs$34`P)v#bLn8R^Wyw~ zt)P!E5skS-gjI^r?4rc2;6W#rjpm zF%&VDPEM^RWvQ>-mmbm6=Yb+XI>R2`=rIhxp>^26S_cc2=y2}E+Z=$n1O}Hn%xUaU zkbH(?3&h+Qm=)y}kO};;vZCZyPL34rji&cIbunA-h-fGW2hBNPk+~uZNlXt7O-{af zGhz;EsiC2lRGE5PyDe|gR=c{pioZ)%TIA)i#Vf6zXT)`yLA_W)5#{S;#|k2r(_T<# z`um%tKV*1U@?7q@zACJgv_aS78Ey6kk$0Y8zutw}QDgofcL3tJj68M4UEhcc18aT# znPum_Q?dSSg#RgDyk}*Tdx^(*6gb(F(~@3QR+O~k?!abh{I9S90}-D3xD9`7l#`1CU~Ag-&gG!IVq?=v-MzLa zxXDFLJ!xJZ6C3?rlwwJ6{ne`s(0X=Cy*qz<=gzLQw>Q7zkDouI5)u?uAFpq2c68|J zPiWXZ_o}^~=?o4=vlVo929w^MrUQtGZ3P>dt*wubfH;kn^@<%2jEljtb?fFsLmFo0 zc11TgH&~UiOxi6(CGX!{c!o_yCVYG&?4qg)LUK-!#1bh^&2IK-S8@|=dJW5xAsB4G< z!VV~sp>CFxe5Xo>`%W|+(fuXOH-*?VQ3KeWl%*df_QEn>LOVGL_EOf-$pqnU3S1Ub1z#s29xI)EI%fFC%m!-r0DP4N zUdBq}Ha^C#?p^5+eSPEKFG8Kq6w2p1M1QAkoBAU3Y35d^Tat)o?0Y$LWIvAQ@4Z>q9+m)BTqoSz1Z73 z$oIl;-eUd2WAF%Xwz>=?_+UwSWWc(9+sM>ZRaLoj**@FY^XG@98_{u$ex=efumtsD zK~@~uDamh8bRgSFy|+n{ zk2Z*XO4tVXbiX&<sdomtI~V2dGni_Tb-zil+IjAW^sC+t_#N>6f38bp7icj&VB-1-cLD1pEyZ zWWxHIP_Pjb6Hz}dkc3?+dg)#5v zPxY!Tc zP>kAx^?QtWMLn_H2CU}D{ZoNFE$TdLk1j)srSY-tMq))>n`fL6bhpIC1Q9H6u{Y?K zwfC-EawdBs-3-T&ARpkNAR3ko2$Z;qYJ^8iwqJI5*xueE0cH5O?|8`)PsSf}>nFdw zI}<^MRu*(_{ZP)z}D(sf@Z$WKgA){pp8+ylh zT%$?Zd=-VZo98UKsD2Mi0Jv3Gpy)t6BRo#YgB$n$hIUlRy9rBhlSt@;VKN%GD-Z2& zL=C7(+gl#KsEGN7c)&ccx)r&1G=uJmn~A@{(dRxeTRaP z{2tk0<6Ay=Zt;gQC|3(;LNM!&%x%UKvP8a zpPt57b0HfjlzX2)H^O5S6BaU+K2L8i`{_`EJ`&jptB`Po-ByhEL$Sglsf-mgR<(=Nw~QBuifVI~9w`@}tp zG(|KL`7ue~k5xFGIV;2F+J8qGf-LAiY6(B+m9G}M>hWiJvDKL5D^xbTD);76KI}DG z_NjfuydJ;D^`*x1pZ5wHRGZzJ*Xy|l4{J4lw9IB&u>+pS=Cgj)by{W_dNU9mvOVbJU$0{Se`-3hHXIG6mxjs(cFw1^&=G7090<8mt z(mc8S$-I9y@UAak-T)XBnotrDa7aqJVmp2nzk1W+m5t4J?=2#fDCrC~$PRx>rPgRzU~Nte{fv|$SdR74293F@rGKi-#%_B=H$%6e`Y2p+*KOz*o5=YO;5fJ-9g~+ zauAz-nT3YL92CGZW$fAGv}i{FHrw&7qlt-l=#zYhB(OjiVd18pgRc{oP4gJRj^HxF zUFz>;tvqR^t(T`^prgatjpvo2K75o$Hp#JhJF^@9i_thU(8+%d+R}44~>wZ{E~a&L<=#8Q=P<6}r{b*4I1X?ydwk z30q>)R%v>#hD-u-1H$_3@Sk%VZ~ruWzr;*W^B!+oZEZ3X6*4gjth{i+MSawuKWzWF z)OquZ*$IR0W5PImx-5k%ou_Z=QHK_7q~0LQyipYstCpl9;!1?>HfYa*?!sp+=cuIQ z=B5tTCkPiI36H}rQlf*HEYMLx1|Xd7_fhXGxITB{z>`o8S ztxwV!vNAHQ(t|o_gMxvu&ye=xT)l5CAC z9G^Nk*pnfW{F><5^04R(Sq>2g5^9bt-J>$(o9nM~V8{c|9k?KRdMm)(L6pMxF_3oN z2aA2~&%I;k*`ueXqi#~77N@PN8<;0~(mdClR-yO z@l6{64o(6z_iU`J0Cqx7xvr4Ym&_X+K}Ahq z-M9P2D@hNiP3b!N6XWCC76}RSQ^_BcEd|5x&Zo`Tp+!mIe7)K4EO3VGz;a#d>pRWt zIX{D6XM23?bG?0iru)5x$-?5h&*j*6pIxLY+VJ|%0@o=&Tr`@=u=%n*uf2Sh*Vg>H zu8*%I8JUMlpPw!lu@kvm?_ym>kE6~;cR53z zMEza}QpnVl*K-#an`w9X_^73#mTqqO)8EPG^o%jn%-(~#r?c1R+m~D@G*N-vQ5sis z2?r1BVdG+s58IpF%UR|U$hnp{_xylmi=KRXFa#8^sMhjwfz!?~OHN`;dn3ko!^ms$ zm{Qa*frA6gBs1$&ObjHzdk>`06$x)!$Dz#M2znz(R;;q9zM&obu zgKucV%S0ZPo}Ny&6%H53yAG;uH+sqBeuRaNO0{&5&Q+vLRYpjWq0!PY44apOgA*zv zs0iZ3P(MaT10BF|`A0^`;bG0spAeECfin%hYI7lOLw@XU-dlvnrxAi9`;O&g*wKUgcm~`Q1a6=~zw_UC(SyDC6)dezd2@ud89zR$eKkw9Fy4CVYFw z*byfi>!QurXi3O;?o~pPm%N*RM_WYg)Q^Rt&9(8v%XGxVl03y{X0o0L2WLppCS~>Z z*4yy4_oTDGmXGM7JQ4D}L3IATekvnbK;g*N790yd8F!MNTeImhKDc|_Z`%2|?sNJ{ zV%7F+J;i;xB09*0cyXSdzJtm(t^+n(d33(0Q=N%Yv0&zQeFlWTnAvW8+;v1JY&wTW=9d0ekzn z%4wRYbCMDb9T;S(YHH^Btc(*75<+joz|@q|cu%!f4f`R?E1jNBcks`p*5U{HT>eoG z@)&e=$M@^OzlB~n1GeH`6y-<$o9wO;HUqVK@2HNHyN@`3?{!u?VDWeE3dMXepNMU3 zMbgzzk%wV15pvE&swBX+&>n~4}ZSlANlI%FEO*{wc4{T zthfGv_+s9k-kHU}rJ3x`N}e`2J~XtL%=2`&MgPV))%67_1QmbN-R!rg#m$Y0yrYa3 z(eiS5-=hAgMqS3*x-W!y3=j)V!XkNjc^BnjhT!>vAYr&&yDQQ8HO?jPT`uKSs)pP> zTiw%|t%lGd{{l@lH3IH!3rwLHE}OG%T;M560S`vfK)2k|O8?6J!`7lL}X~0K3%C@@@0HnYFdJIt{j-4L8XV@M9JX?mEA- zx$H+tu0P+ouC13%g{RB@=jp;U`=1?CNc8p!+u>fX*zIRt^mm2?EUh>y9Qy#kq9!JS3de zpTLj?T+0I}4`Z8!1ZcFrJC|pOS(j@7Juy6`rM2xKcO*`%4CX-HE&eaE3=3V^Ib*ON zV&w_FfLK`S$aMg%#)X814Vke+>nE=PxkRqx#^+ zowOYU*3&hg2SQA5Z>LbB z9*bnl0+fL{JCkD8mGn<25v=b8#mT4+LyitRdr$Ag91!ZdFlHIql8Jrw;7ptSpO1T< z`?iKWz+tyROy2V^vLt7sHmK%V2KpE6BN7A^U|)i}1oDQYXfZI??BV?z4PHW2M`lAY zVuZZ`y7mi`8l+)?F-u){{h^L2oAAF&kxG6!mm{RA#zMty1}Rh(g8WN+u6oob4Y9LE z4cH~DgOVS@)8+(2!-5}>5D*X{Rvnp&KD}`@9u2{Q`YdX5;$24R6H&x zIoK%?T=~T%TzE))z`beC^Gd!PTWT{8Z=dz5{vx*joYgxl_c7#>`?Y@TOg9T4I%qq4 zuj_x~2K|ndsF2cf@$daO`eXwgbOtsb)$*)>gOf1dv064Df|-GVtiM>J;1?-}djoa&_a|{5#FtnN>=*|L z(%E=de`7^vIl=L5NH)0F<@B!u%N!m%S$WU04!)I3i^O^a?82hi64N>2g z#!|lQZaaE#zMnZ#!pU9!b?s0$F9L*%Bf?aBxaAicKE0la&R9mYxiMbxapR2izhh~m znzN0a93B_;xyBTolglK{a@<$UxK7(BWuA$;K9l%($&@R1`ZLv>{NuPP<1Xsvep&Lf zs)`yc*u=W)qM|mh0Ao&x??50_kT#QKx(pGj8?fAsWx z0Ax#?Nxg_h){q^~vCWTTJ~H#D*w`c(NEor{tH3p7d~-M|3f9Dr8!+y?A1r!aK!lEk z)$Misjt{n3hYl~TTMg_uK})0#0?m(oZ>XxM1WYd^`@Hyji^r?=KDN19X`KGnq3E$Q zwtvfp`w~^JWb1V#0%mKQP||<=F7edql|4d1JsD?j~_p7Ur_WoJ3B+A zw7RrJb_5YYln>&|CZuI#JQ=4LVuGFq#kCsTd9gZJty9$B+e!F@0K!d8to?TEt3h{j z_xZpL+U}{W7h+=K1|zlRPU47p85wuxGwX|({i1ag6iQ0J!8UUT?U#fEFYnWzO!&9t zy}X`%36rJk?d}zOmL8WB4UNC@>h ztU|IV1T38&`@B01d>Dw!r**zE^I1)T`FMmxJc^a>F>%!#7>KX%Y+InTWtjIe$ zzV5VFd)5tIL_WM8CsJ**2semSsjcON9tr88Qr-DB)2TYj#}lsE16A+Kjqkp?>wy9M zW?D|y_H4_`Sab--i$sKO@~5Mk+yn8_7tfr23DxeHvZ5;}VA09QTt;(nV9|*PUjQkw zO@z*85A8bX(cXelNwKLHBMoid4hO}_&ku-OB=gWGx2`1Sc^<4)sFDYsLUGSZyHB4!F)-o5jvd#V z+0xRIlarH~DekQhA*whvIy#!B2p}4~`5W62okop9mE;A1ir5kI$mOnlq@g=9$FA)3 z^ud;8HnllPNlDF=%>Yz@st&k7ZQH#-rAr?_`ogF!}rUr$PMRh1e8DGBZ{ z#4vH`38i!Br;;1k71+G}4tO6H3{+@c7Zu4-;2AQ?BcuC^LAP!Y=St+-Boaj%T0~Syvj;Z3vN|TvG86>>FD*FiKI`S z@w$-q!0xBlAU!odBR=5+xm5FT3$bRvWLGc=rw1htVShI zcrscp{yPQdh(eEw04t{jd2ICJ5VyB7dUThqbySIvm zTUuP<2Cf)5IjPZsFi3LqOI;o2UAK#}KbsIGm3b zOeUB+zGb+bTA%stDHXS5j?ynjKO9}7&K^B|e*#T&4LSqt*yd`NV^W+bIO0c#hvAAv z6Um>Lcqt;b+|cm)Yqk2|bcp&}MOtiB7_E#u_u%aXv#?|c-<(K4+s-GEYyyvJF*)4p zIm$T*inW*wGqTcHNpC&a+A1caeF(h1WOd8~_3jz2mWvTw)a5Gg;Fc^a zjbLqHLP6Q{^Ya6%H}W*RUqNaTX<&Ah%o zv*qa|`zu8{>geeN7!2RH+67R?uATCV?%yZBS9UW^QpX=eJ zrO97(&SGGn7Zp2uNc2N_Vc5wFvkGb0NTM8 zd6IeVzE0z-xIFUvc+M^^0Evlv@Zf=vr^K5#aSeRAgW>dwWQ>B2FdTy++rAJo9RgW= zF*DPb*S2K1$e{D`@T0b5=W0j4UrWB=;^;UxNE(fL3l5Itq@-2`En^mzU&6NlnLR$0 zCvGeB^D#YJVlN=4*YGHhojPB$Bg>RmR#s0l#mger0^veL+Z9=coI}U}ysm>;tp>g& z@QzD}$Ds{oDx#H5o{)s^HvBPkH?br9uRYB~PQ^C`U|WWd8%Ulpew# zqU7S@oVnYrgWokb;C!_zD7cEJyhV)&y-I(mN8bE}6ABe$jJnYw)A1-hGzKBiI~R~j z{~#s*x(WTIhlLWR6TVz>A#V5$qS;FF#KW(4Pm|O*zBN%?X`n81yvbcQ5*k@>Xc^2C z1Et1c*Yey{Wpux-_LqXKf(3)Yg@rGIWDU}n0n@^bS z;V%L|gVd{|maK7jDILNGRR45>CU&R&PX=W=p_>jG#K&mx34M2CjbUO( z$wtA)#l^+PCrgDB5OBMD**?Dnm|-yW3T)S!CFgo<+Gj%F(Vv`{_}c}Ls^b4tiJ>B} zPwRB{^a$d?>8_~KrWHg_M`sVndV>M z@VwV4db|uJO{U4pt*K4R6;yF>55vNzi>9NeFRQP=UJ2QNt|T85zPZr0@GN#(P0W9P zv=$?1jG9h=gLnbtuz7hhOs3ndHypShVCIb|YQ99+6P1vNj*XQN4}dEzP@z^o*Jrg)cFMBdygX3EFsSPQv0bP`OhQTfA= z^==D6Eb}({$@0GbUS`Qw(t~TmsMz~|KTNbg+^@!wrtaR$QIFLbjQ3uvD#PC!?PlGN zBf(nz&sYBaV!&>`fP?cQ*3moHKFK=q+1Pi-Z^c2q2Fx}SQ7@CL^Dkv?pO6I8wa&%cuX*_=R{&VCA3uHEw@%%B{5(>i@WJ_8%Ok%}ps>Vk z+-*f$V8)zGxD4SBR!IY|DUDtMboJZma(v!F(<&js{JO`>wg*V8{d`!k<j)1{QXKbhh6$%i%E^c{9QF%fCcRKqZU4!NKBcU#01!jkNa@Z|eND)`=h@tB zaFKmZ9jTauJ2p!3?Q|Os?GE^mjyCbBxku+c!D`0%Ui+p%sS*WYyD%@*QrNos?F)T+ZA|=bD(b#f!V>S zacQrKh-9m82wSMK{}WKE(}abD0A3@?Zk#vig`%#C$|OYp8WJx9XO5KO@J2h|m4VDr z+nuZ-AtINrm8vRHl+Fxi)<19kwC2)SC~BT>V8C;!)>k6r zx1EI@#A{e}0KkzteAjUKgv>*1t@w#mKNs>k}-|AjMUR zglmfq+{S!fF0NQzB?4%UFMOx9NfHIBVRAS&oc@cF*4agYzI1e5&q$9ao|yI}8E*TB zIX;Ft*nAw7px#f*zMc-6j{Y!YEC|(khYP|_kpVPe6iwyuV6;3ZW;!$V7J%Y|#i2WmYRG*nb5oXSes78ea!ElN>YnAUa5~!V}0UFfq}g zcIEE4>jU@sfgba682Yh_$0u4?T0*x`jJwWtPuS}DbK8NfkLR;QYdbp-04O96$=#j( z-N4lWtqt!KZvmsd@9Uz$1B&TEa{yp)5ETS;FE?NyV@pySfy9Uo0|hfivL%*TSCIx6 zLJtrSE`1x`4}gpHRv^mlH!*lTCK17c3ed^)UCPXoxN{9DGFx8#7{q9r4N`#90eBAq z51oEXJOq;Ftk=}k^!A4QUhRWz+Hlv<5V6HkjRg|glDIfHq|Gf@B|qThpx9THoFBK% zPEJDSp_Q88;H-E+zEI9-Db>{Xzo!-)_3SEbVO6Eq>g@YICCWbPd`D%Q-=3MfT?A6R zt61W%gSm?dwZ+6nYf$wyxijY%KG_C7^KuGX$OTDxcIyoEye6h5kbWmFF1~760arbE zc*3Y4k20F@z2f)X8Qp`f$-8Ng(s$6Y@bdG2PK<;L4B&IfKC}fOR;A~Z3|0-D}puMfDld;0cmPtpasQjZ2THK;!BrovpBg@q3ZSu^~(gTp=d*W4v2lDPw= zxuwDxN=nMgh;?3p=(J3noO&EaCQuTlUx0SzA8Tpj2+rMm$FcYZv)xwj&3+^;a9oW{ zytBk}X_<%`yT za1JgnFH3bwaVBCssHkAunY$ZaE=Xzy0qoIHQ8YL~U(zV_nf%GKG4o_Vf<$xw5HK?< zaT7+u&UY>asg@Ga$5%m%3~eqWDvptnU1>E*N$sSiv+_LK@v}1x5b!%Yb0+KJlH!@L z5QIxMey50lG|0>%xs8p*co@U}yB3)Ru7h>Y7Hxbs67|U&b0mk%^;%eH^eRo}nc4tzlr(qf7v7ibU)RZn`6rE;uB&A>f3ctZ$p z-qp)Xn>w08p+TtcV9g>xGGvp=_HZA1q?v62c4dUdVN+YhQzeC`ZY#VRYlJ~)2YzdU z`~^bp!{g(6C2H7a@cp4hBlzOA*&AHcRHS9d;e!g5tr+zGwaFK0^d|vPtSmJ8O|c6% zvh#rF+fAWoYHCd3pNiu%NSars!D!TcQ;}pGd8;$_PC#G)OWgYUD}#aFkPu)Ypf_xv zv)zjMv5u(Eovz-~)DP(N|D+QAxi)ae*6M^!y^X6{axP+cGP|E}ur~Sl#AWB%P&xe^ z3Q*pEUr{V6grnD9)Q`64VAKd4@j%4Te_g%Z^NqeCey6(%=m^xNXHi-I{=eib4H{M?}P;5o6o>uCM!5EVjCUj3$#(P2LQ!T0tL%KlFy5mEsFm(AI0f%s;YuSmPNV4%(PSS8R&2%Vg~(JY8H zrLB^^85R!=r#dBJ;sC&)wg$Zcz_>wYqV9L!R8n2u)%b&>(9qDzS^l?y;Vt0^Dmn6y z{h${PY#f>f!E6Q^nv;V_IrO?IT?m-t2Frd&D$(p&r+mIcuI(ejDZ3thuCwtbt%U8d_Y%P z$nNRv6cS>xfvm^|hA9^mRo~ZGjc|01qngZ5PXpK_NDXS1=%WhGB|)eLvuoTI!3$zf zHrKG#O(C2Eu1_$`wVgyFF$xg za)`##)znj5T-;%)7J{~wHpJWVk0WH|O`XoFFfURMF9$2& zb_QX4TS~I8?-ktUaymQbQd0Kpo{&a&8kv+4#-nmRAtxtY@9XI~NV8c6s`<@-KNSVu z*vIa=n~uRox4f7bdLBcNWi03LSfKAfIH1Y%AMx}R5ljP!6Uu;{6!fBmYIHV8{8CbpI$0$U`vC{KhqZv-_qJu9QPuO})h zs+ea2c=8a1D;|6s0#v&VO32)#<>baT;$^}B3ytyb#}Xz2RsDH<&ljKkJ9iE~WJo?b z+vDH8F3M@F(KXGCJcJqKT zMH(V3_E#ikuMgT>B%&p$=N)7S|ePxJt?v%XJ)0L?aPz`*_@u=y?^zWY1X^( zoU!Mfn8r3!2#b(!PO^>ybK^%duB#6{N!Q}wk@ zzlJY%cfStt@QS38;Q4Pf=e!*`snz(+Yp49M{=r`Gu}B~8@LSG;E1R2`Rm|7tVB1j8wthl|-APqg<&cEtr4GdrV?8 zmbFfsUU@9H@MKDM4vwn}Qvqe#XxjkA97`LEGFe$j$@>boPFflo(6EMtzW)aIn1h2T zXs5g{j`@FGU3omz`@1K*K|_qBtchgbQ}(^6u``G4DQlcU6j{cSY-K$nBg&e6sqBQr z(ZNi{zKtc4tXbzi&hOsWeckJ?&+BF8JACH5JkR@iFHpl>l~d`n@t|U6XT++v2scM^ zpFJC4^!9OcS+K#s@M!`5Bl+Of&!fZU=6(N=x-X>F)D(vgmYAnYUIw4z^{YQGlyR_^ z%q>VR%m@DID<%Fbpll+-VPQ^8Put@NZ#Nz^8y83Z&FiV9CCd_}b`>o`M@n=n-1E&| zALFQ=h?ycr^Km?hbf6?5g=?19VZ!OcoHSDv>hiKw8%J$a~CW+RJw>g$IIgyZ{6 zzR=Cvw{?#N+|Dz;m%r-5T+hvoG2Rc5J1QRB z84-Y&`l!Z*{d$)m zf6k*;jkZUNl^JSPW-xAUqIaRR#Ga=x;dj&6PE5;;UHfrQsr%ekQpkOOe~pv$%Zry`M!Tz* z{gd+xc+hF$JpF2`t2@2{*}1HL`WG6>_*=@x*x{IwS}F9K>LG2Q-(}kZZK@1IjHR#! z4(Q3vWeH!V6Z5F6t84kfHTV@3^~%0g4GbEnj79cMZ^V`}M4K)Z7V6tb*)vUXsaXX| z!|h8){7z^xDNfO^y-k0=am5yS-Lpint1~xvtq5XgyQRvzw-w@duK>yE*q#i8%IVgO zBxFfh8Ly4F)@#8SR$~|PbZq71k-rvaSv7f@Q;6L4Gx)E;?L)%u;ZWERHLx=^;?}EN*Io|-w z+^Iy32j(0j?J5EE7g>2UMNQ4jl;l;iAc#Qyb4liVicWe*6~=oYFn1qt6Y^(`q{@k4 zLLmmiJigw#kV5z-oz^8HA+fr=3|hPPJJJ+q>wvbTpNX_67l{4zJfpSkbmAd@sfI;z z=8JHL7L)RGBRN_gGS*ArH1}l?A69j$;FJHv2GZHOyr$;!OJdNN^Lo9lWc!@od#R$* zaLSsoh8X6_>~wXaodNDF{aFh-O9XD;_uj7B0e*t_Q2Qvexo?+nrP(86-{<4TTkD#^ zQ%4AaA36dkyQcfU2z{B?^4W+KyIa0l+A>#U2MH6p@0jCzsbchfO>%>icZpIcjYV%S zx3;9ov9USCSS$pH1n9#k;6B}D%5@HB3Ah?a|K3%UWd;P&1pS=L2Ovzqm@4rhWK*#7 zNdbq)-P7|^r+{Zqw|$18ZUobuK(}S&edV~H8wUV4L41$`Xfr?&<00cfA!6?Voq0l+ zQ&k^$La5uTsEAgVm6ho^ccQ@+R_Einam}Z5PUJK&QlE(wE))`vGyXDs`Ystc_eYn~ zKOw{hw)Aox=jH71tgI^mp42oB?LVzbMfR63CR2r4PC4K!n;PE4xIQ>ovHhoia(}f@ zmb{ULAn)|6?ydJvW;K#o2DGLgBqY-;Zv%wpYyaCdn^~JKWQi52dXV4G_FDoOS?&KI zeJf4%x;+QI;YnuiW*vKPx$XXjv-XpFG?i+?w&G1U&-p!eRoJg+s-3r87Yj<0!mT|w zbe6i(#3`(>w%a13S~HfFt^40!mt&MUf^vGWrim~%##bo9k;YN?<*yyYVsby{)#c#O z6)^fW#aC7|={AJjbs_FYFfao>8ggravG&>Iq8j?Nk@X zh7U!K_i{o!4AsmT_b@AQzb@eE@s(5(`EPK+k?Z4 zYe>e~3xXq4l0)n0{(U0=_R}c;(+(jl5Es@P%YKv^u@fxd^dcA>c6KU@eil>K&NMQU zo}}5xMQw>pOOE8Eimih&AA;lpvgG4dWd^??Ph2 zwnaJLHEj4J@Id@2w7B4*5R0FI@lCjfnzXc++!;W>o4>1KN>RVs)c#a56V2Ba zSY5fJ7eyOBZ7q?Kpz^-H{z)oWBMe`scRr%a){nJ`X9j#dyzh2+^Py}%^hJaCw%f9- z1poHBW9}Sj5s2)_9vH0e?d`4jeT4MEJxyT96PCA>UT@Tm(uuM0@&cF&Mzj!1KRA#+ zDud!cHEnEPJiC$C2ibV0CeICa8KT|Y=X@c`L2HU2M(G>S04DC_UVaEE0f=XIb{3-8 zt*RPIn2OfaYSr-O<`9&Gx}>5k`aC5YVy$A-=R-U~AnMy<;T16o%rO>w)HbgEyQ@Eb z7)CUP)D52MI2lsEU)=m*`PXmPi^*C*5QV3H^A_QcYxySmCj3U9>u+K(X8@uK{SGnm zx;#4A-Q9;g33_7hj6Q~J&M3L&ztu8^C%{`^BNx(&CWXJe;$K^Dr9JWlA~7V=GBc7w z*P=vPNWLIBR!~p?n`LOjG7JesB0~*VT(8kfn0r0;VP$^i(Yf7Wq=3FEG>(J z0>MKdUdkxVwo_c5Mq|_2t==SNj^y_-vKd$*6~y;tMa=9^~Odnncn6IZv+$tz4fv+8# zH+}lP0FoX#Lj9=evoi={buhH=1#r@teZ$@|8SK^w1xj~4h|XdLC2H?q*>pvzt|o|< z>zlE5&L>tGGMct);B(2fz?z$fTuZJ%u@`dDK2PJC>Eo$i7G2LbIa_?>x6|tI5-!Xq zO3KPJTN2DCnGN#$Fr^AGf3W2jgtJ`xDTUKCJ^Ay^V2=t6j*{(bD}jJIao^Lk4-AVP zrR4_4$33MMSvg_c-|H&AwbgBDcFo1tWMFFQIN|D_(t`Ta#nEvwx(evTS0_294V&}w zA~qSy-z|SDYt@Aluv;xL6j-V`O~Cl#SLNB#KUaP^7J+~%NkJ6DlxXy|e6y6)( z4L+WguB7Q{a29IOOq!ViAN){U3G_F3THwkgXhsgq9%}CN$T5{7kjb~Cg8z`a+b9={iDS5Pc3ZRj8p57LI#@L2B(jIs%uTcK=5Qi+XBo zG1~N%X5vSFzyLxX*K;S_TC1Kds9v}*-~XtitIG+M@_&D;aUOIxdiKD9GSb&qPyDoE z5Uj<-edE{@m?Oawarr=`j5qqNYL%4wdHO=igBsPEoQ#mrZ!G#QWtQpghF)Hp#lvfW zgBN_7jEDEIpLI+yMzF}9eGn~~{DR`|^G`w|kGFyO#t72<;M)6s?jthbBJfI9P<_JU zvLjR-u<-3TCWOFW9epfD5`k<3D0E?wEEoxN5?JWL{NQ*Ie;T&x_yE%X?*Mr#t4CzN XnP?eQp3;2^_%YDAq5V$NKJ32$Mmi^k literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2autosetupofvpn.png b/windows/security/threat-protection/microsoft-defender-atp/images/2autosetupofvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..81cb6070a34d2737251af858c1101f5c49c25e8d GIT binary patch literal 23782 zcmbrlWmFq)`1eUmTPRvei%XFr#oeX2Q`}vGdvQW>ch{6+Ev~`c-QC?C0zr3v&;Qjv zXZP%$-Mq<}oMFgh?n}O(>wAa&P>@7NAwWSuKtPw45>rM%c>N6l;S~q+Yv2hAtCjx@5m$cY- zRd@Z9mYs+=G9?YHWpp$+?B+9yYta$Y2Ts4HW6l(^jgEi@oy;z zqVkN)CD7T}*v8y`Y7`6L)O_{OX5hKKp{pxCWB?!eoO(9u2&@eb4u<23Ad`*aIyyQY z92~5LhlL%SoDk#T?f>_2CYn>gzL9@?Gs>riF@ye0yi-EfNw$-S6HLL`vgh0a`$9k`;7fQY<>C+<{~lh40?p zCe?bQiP z+gvSML&;6Sc5k#|kT7{$Ov5+nH9Cgt4Z1h6Z#Y>`cej*Z;D=89%zuxGNp<{B9$^eD z?Cf4{IUqlA1e77|!p0Pzn(|?a;wV#n>7m)sM)dD$Tl~dWR=jg?wbtr#^6HLF>Yr|| zOjl)hr|Msd~E78K;Iids#6(36DO%ZgW{tL?6DcBEfmRMyj$nRRzbZRG)lo{^CKtcd@DK z)1HhB5jOimQOYcNfB*hX2%!x8uzBRrYu`Fkqu0j$@cFjrHd?jiOzF8!yg_N^i2>bK zv3z7LWr84U>2iCq`FBxv-gJ@m?v5C4Efb%z)6Jjd_GT!$;LcdR+W1J}Lj;aE7crfs zmxr~H?uq4E{ZgxsmyuBpgCo)QUet(qLn&ui|FE6=bZK+WzpL8Px37XuUP*J$Pal=>PedN^tg74r@Ltr)DnW4ImM?}YBh!{RTKCzentBKY|K6bTAyXQ|A) zj1@iJRgKmRVjz)XXE{j$tEv?P^i60+t@O5pi92;=H)ClxVd`=-*uQ=eyp}o`<9#Ui z3UVIKvmyV!&q|Qn^g?z}mOy_+Pa&@by0bGTTb#jXrx$+(bvyagmR^htvX`l=m!ZbS z!^0yX0bfcf#6tSJ)8}H;sm*8fTey8?giit~b~G3U%59FaYMPLZmbO(I1&VWv%T5A( zlA=mia-pBpNpPDeHa`36=`(ZuhHVApzi6uHYA?eu>5pwa9 zdy8xBn|AiHlG7u4QHNF&O4qmhKPp9%C&lbqgaWe3)HPIjGm$rc$1aZ|&*jVhIwH28qsvwMy9A+dDWgi&o~hMS5J7F5bV>)bJXUJ#xataWUJQ zUTG+!sjsK_Q%_OZ93lJcIJ1S3sNlp@d`4>Z*TTcs-ppEZEQ0V#MaO0ZE~c^Cluucb z$JSg=(J<)k%7K@u?DdlV=nqvvqot&zq@wCg#t}hgamuWGOym%%Ify7HiCl{Jt@-Qr zyACuQ?H?1Z%6MJsZ3dFoniF>S?%_kCUsY7lU(vC{IV*(zIS7*v@(BpA>)1IvW?K8C z*T&Y`dX-n^%HOBwsVr3Q1z!3Q1#T&R* z4HUZSbS0mne;GjfbUsO{?>Ug4;{8G`^n6BWUk^Tr|7vSn_hC~AdLDauHehOd zjA!sM`c<{Nv&(z8a&&%v?)y^r;&s+?>*D5nL9twz2Zcf_D%z9r2t1!^=bmq0?q8Od zVe^wf(2VtI^(*S=Jm|Ttdh8fHH`~9o{{H=&LNc1(0D67KwRTPVa>iHQ%G=n|vZ8)^ zd~kS(f_%=z#8jQngz#Y+iPU?2fSRN(U-2y+&c~0LDJdXXNN`ovWOsfye{8+XaB7a6pJ0SFOpeXpb9*}*Stsmkm8mdjrgq2%W z=h|3HzUG$#lt)7GQlqw?H; z@$nxMAc={0qf7Q1a?5UK0y=dzJUgkfva)9l52s_hqXPp2tuL()y)lH=myX=}-WzW{ zy*DrV99HD0#vit&6YQF9k_qkVN#geR_vh>E*FO8g*)FfBh~>>vTaDeE!5ytdY=WIc(DveQu1SY(v{QMPdIy6-0|W0~?pJ-m ztR7Vj-G*h2m*M|~0-K@`2l%nR>9mo8oZSBrSgHmuhqzoT?p?B)QE_y7K} zW;Q=IuRX!IVubE#T8DOg8;`p%SE;YAi21wXQ+yZq1dx$Lc1S7QTAG&I7) z&yR&ef@%Dghtsq%f|m|TN?4pvBV23shedQ12c$mN8&&zTG!0(2WwK09ui&Pv$39-S z>gwu$nwVm$d`y2H&$FZ(tJVi#_r|n6l<|p*iatF)(wr9#Jxg8YVhYVeZRx)54X0f} z)}CV4e}7SNT&T*A+_Rs1{JA{O^6B}E^yx#XjG|EQ*I68+*89WaY~SYwrCfcH5b$#~ zftLzcj5G z*Ao&DjOX-`_)NRnTI|;fg{}(=lN817IbM5C&|IBge&W8oy%$FLTS% zsqcDiW@e&1t+cUYIV$YkO;tb?DYAd6;R9sY2s zIpC>L z9x#Y`1Aj`GZ*CgX!aGsNHjomNv|5ds&#K43umn=-uV1lZ!or|Kn9A2%FV7QRXRV^% z+&MX9+-l{`kC$;>ArolbmdB|vjvV{~F^e)pNO1TNgsE?-!dJP<_Gp$=&vPJ88e4!L zLn&nr*T9{GA;;9p3MDSXz7=b)prD{PF=TO3`-(H`NwlEFYh~Z={@Rl2y@!W~D||po z@nwezEO_{JXvu{-HYq9W6#O_L39ZoschX;0yH9kUJ?*(+9RK_W0OF7xHk{mI8&^ ztUg8nNl;Bg->)xV^24*|OcL<84}TQ@>*+RORHE9{oR=i={JVDV2X}yfCuHtJ#bu-v z%zS#d-4IPpW_p=2D=>>stV`ln_-@o;=KI)nq<+>>;c~HQ@Vx2U%3oCcBPB5KO_`^= z`?Bj&snk%C#-rIvW34%HEIEac+~DH7)v;_@CiwFnpKB^5S_M(G>C#OxP`=?O2w{%$8%T+Z*KI`(m zV{oJ0iS{XSvFFg5y`cA91uanaaRv9th1Arbbzx}kpIvHzX#N8DnjLo+2F+?_=eJi68~G`6 z+3XjA$tQMx#1umI&2~y}yMk{Bna2saY%FYTIet1$r>7H~oGM9z3L%g+QA`1;N+6lU zi>6t>xQ>Z!ft+A#An{0!YHJ7-)tk>USOFUMO?LN=l zwp#lZV#Q_xc@=xa&d$y_upe{C4q|RB@>&+O-S@-5plxpC1gJrx#!B)R9XkV z9N4CNz64z{5&_Smv9XcRzIo%e?Llw+LUGsHs_5wGsHmu@tnqL#!>+lqzP^83^m_;H zOY+pHp+6*@^+a-rzjBUrP{O`p!lQZnWM6#+x6j0kv*C#Z`;dm0*z$y_#93XmbE=& zw!P@7s(ym&>FNE~){Ks0EAn&tu7b9KTKBN@@@x+)M-Wy}z;Legy&73tJG*Ur8c_s4 z<|;9@_9Np%_mqbAl<7xr=JX=$uRE{CN_FazGdI?}O>CU^MvZzjX}krsA0{xFT7YUL zBg?SHAvxn<4OH=WO^@AuJxcT5euP4oVSOYSe0x*U*wpLl&riFAvL)%?{)-t9nGi8C zad`{uFw1Rq)Z=kh=lS`(3sXLuf8f&ohr&JXZzN0-@6!cPWro|@Ph7LA>S`O@k~Y(; zN9QqP#gT=z*!cLz+YEbcp5wKr?(Xj2igk}q=J%a+MdjsO@YU5-JPXw~AqZwN3JRR? zE?NeLmfP&6k&r9b)V(sjrfkp4_Yy%43J}54zx|sDJ$-#SC|oNJh(11d9S?Un1^jsh z1*`_%zbj38W3MkRB*^$Nd@hu*pQqlxoKn-$hIP_opmrmi&&z?Or22v8Jb;o(zb16M zH;Pc}RbaPnkZ1@-l;?r?HD;gVM(0~s9?*z^_eBs;jca^i3E*SAM(b91aPtNy3k6a6 z!Bjyy{(G`+@eZwi%xldyhhHP+vFJk&2uKCFs7MN>P3=hQR~ zjpbk5+_E-tu~X+Phe%1k39#mFJY|w>{zt?7ic5iv!l0+wY)?}lkeVhkSvOa3bpm9uv*x4;)8``Q zheFVcpB~FW;Zxo1K^RNg+vK%lmb>E>> ztyWX;mO5BCIQ%XzZ0NZZbwF&%;^3%#n)N+eP&HUuwt_$5p>T0>kuKbLxTK$OEvFAT ztC!EKt}HK4FHbJ@IlOD+TO!P$XK>-tC^M*~tZjdsJ`mQkwT0BywzfX6o|er*Vb6XY z&#T#ujhd(Ty56{F)u!g2` zz1nZQx%J~CNX2i>)cg5x$wnxMF|I)Y{wi?tjq<%gQ7 zAPX6ifh`P`P_7)_BXw@WJceeLBruA^mS0)X?2}?L)bE+ zBnIgPN=Y&8N{g+V=-v-W+tJ{kd`L*1m^KD2bJQh8{BC_P;_qZRMsXJ{Edod@uEcb9 z1!WIVH9}XCbDqOiyJ8(3$&iO^1`iHBQBeUe=*cKuX;cgv<~dId{7N)GhzELzK-P)D*xmC)cPU`*{U39V`b0f=U>f{)6>Hx;g{iCYsh#6$7chA$sa!xebIu~t54)v7u!@@fTJ0OMaMO5D%@4YVYeThcrnZbGg zNd(zZ>3k#>(lOcDyo>SlKmw#*i#zjvfUk!}p#2YK|9{Jd{yzbw|9^iJ)#{hy_gzO< zmm3WOqe{~Dy(3XIee>d^h;HCx^^hV6h|!TBR`4I%4LcmwPJeT{T&3%iVK7*5aPa;8 zePbi9zK)JgzUcVE!a!98mAO`Wdb+2lr_Eeo{olL7WXNSf&fR9t=6%j=Sx$CqPIPuo zQF6|9RZd9}S=Ki_WF4%f@VJx1LvoCjm6iDgpvxtPioAHQAK|f_0_5W8$VAK2%S*{D zIY>i?jEs>alSXI>YD*~KS;OGCp|rsNNrQiS1th!p-JSItgI%n{`{Vw_#YHHTQ^ym} zLhrzz#c99jLe(2h z?fd-bAqP9(=z6$4sou$^tC^hxT`bO)8>FPh8nU(t)>zj4=tXcW(64bYlJsgC;K!`s zV)ljQzJE72HpWCw{u6a2uMP5!$4lsFwb{}le00PHQmK&-2w@+Ylv_NlFYKC3N z9<-)r8bF33h6+3sv*UAfTvSw4G&D3!Ok>Gjo|^bbyl$)QL|K!FIBS%ndSC^2yyM>j zYtOJcOd@VWS;(819YELAgT_t+0|Nm`U^G{j1w}2)DXFQcs2ESiBb%fPCWtB4_j2bK9;7El&Kf?PDFzLvD*gEJi+I}ux+H`22^V)Poo6cfZm~qK ziIa_ODjAQ5AA|Vv0!F2*VNmD2Fv+z0lcY^Q=or1ur~W%WKK`&<{fbScv8*@#F_Y70 z92`z>=Raz&hKgH-)xEB)ch0HpCv0kR@fr_&U}|?fSRSo3!xYCrW@hI6yyk;cFy@v` z4lZW~gHb-PJa&iEq=Fc1eMl})N0@_E^z}(TeiQ+lnB*1~7AlFwQ%5d4bRwUaDUk5g z25Y?O^JnqCPh@xV%iK7UE)W=~Xo!KC)vaM&$oqSFMqgHgpYHb{zR!US_4aFmH6a>0 z_o@|L**?2z?Z1A7hlkG@_%iVFhRfMAmA}XCRm{2!Q%VmFJ-^uM1@n4w_N^lL`c8e> z0e+t6SsnXx)#?e2Qr(MZuQMQoH3y z-&mEfIk%n6>gapjsNsa~P0`~@g12p9#|!M@@qC`=>wZy$oZh@%v*&e1nsCw6(*!Do zYZ#1tU;!UuGh31-9uzb)Go$z)rHkSB|MzEegli>qtxF8Ui>Sc#hvDy#zMRi=>amuB zJLbfAFX^$mXQs=f!s2l&n!~z7+u{j*VKqK zVhu-{1++vX4uENgj^Dgrb2E&k&t+gin@u~#L#zu{Gp@BvI6xzP*HbUHrKF@pd60Ga zaC-&{YUplc`S@)zu~zy5-H*^G`Z8dn>G5)i)a#hVOI&Po?fGO4cDiC6Ul?#XCUA8f zfVu3u)^gi?{^(p<%D_*ksY4RrXwujGFv`cz>@FUH>6MqC?_`nAwl@U`sfq@O=Ve$L z8wfzmq_VOZJkIwKO#EXiaY;#L*0(nOe~GMkPoG?F(U%*TkN>Gnd>+X{?3=lES&iA7 z$feVuulrhJhyu`)5DDXq0>zBOqaz)4_4{q?7?Ykq

YZX99BH#%8+TW4l9RNO-Eu zhRmIMqlf{9De_r;eSd<2c3_|%p_GGtItCE=vNaYHosL_*m+O_U`Dcb*06^B{da{{A z%;!41(G{Wka+zslUKUeXq%o zKyvRDS#!-srj%7ca*)-<*+!d#Nws2iBV3ECfZMe`)46F?Usey+&nfi!{2r5e%gf7e zQFn7wfPwuomJ2&I^#gn_8yy+Boi|oRS2xg%-6xAs&Z>UW@Q%CmY`Gypz-oxM4 zPG~47*<`NYs67%LHDaXa&bUg+ExdBA!fyDJ$`Hzrpb_uweypO3X?Bs%IDSpNTOG>I zTYoKT0=+`Y3_UC}^=ZOt48O8Gk&uvVQ*3|wP3|QA%I>QUI}J^!eq@pm(qF#ihwra} zpslo9;mziFm~!Ji3-M!lTf&ct!Ikw|6@*za{TEB4@{R@tjuvm}L>HwqmY(s`(3KL) zDLIbkqY;)x_vyS+O5rav>V$We-P?$2nu>uT1qepFsp3Y5@rs|*H%T0s>L;eZBH>2G zm+*vqD>6Z+k!EpT<@NC2+}v5-L7G3M8SlarlG7s@^?jQ2{dum3$j2WzCV0i}g(1pj z#IG=lr{XgZFMihYFv>Q@zp^?Tyv7VLomAOD=gsV^gTi^#?Y1ba_QuhCTc z`}b#?;^g*3TFChqqj(%9ZLyDzi*@$p`SX)s3)-Q!OYW=v-|eL?O%*aYlR}(#20zcE zIx!0%VG_;PI8t;ryN(bz?T%%D1Xnd{t<22L-`QCJ)LFVcYt!{Ia0?vQU7E&f7T)kC z(sVcSzTH(|w@#uqgo#-~_gwjoD~K0Vo6{+AGRYiE@K3vph_tYEjPZt}^#Z|$ z!YuWP9i6PIs)6vTK21|be82A9$pV&IO4{L9$Wy_|xpdnV$f-84Z}0*>*WYmhRxAd2 zZ@r=zdSxzUs<)k!yd(u(v7IfOU!l>N7*g(eyMqj`Ex2ykqj_K#7c8x{e)_?5b;R#_ zktf7^$380I;_rHZ3i>Je667{DJ=nBinAXM+VjPJ6-_cJ$u<}C9w&zWCg%P{96qMqK zWrw6fPyBBZsBy-VD|na9lkgaBLrG4$3_GMJ>r+y2H5&LzguX5uZZm&e1d+p9$XZ`{ zGr(WD4$P=Cwp=TZ?m~4#&ZPkIuab!$HU<$|yL{GBoz8Mw9(DGA>wO&;f>dH45)mEU z2rx4bwAm8-Mry8 z(iMwYm6?0$5I!3{Z{XwIz2@rncERt6=}u?z_iP1!?@<3j{~HRLhD$fBGhq8h}C|B7H_)3wB!z^E|-FTz71h%{^OCr6Vj zgsRyi-U{suvSGcG3k)(Nwm{M&n~KZ~M@x#^GD;2lsvy|~>WfT$ZT{LmEML@pzPIF8 zEu4wD*h-ctWT~Sh%4P~zXQ<@kGdi4}PY;2DdH^Bx3nzPz3*N`CS`w-uuKny>BHkv3 zvi~gw&Z8)<)q1lb9G&~(^-7Q9N=XR#aG-A0dn*Ttbe+BD-=W{bSq6vmyLT7Bz`2}; z2_oP%3p6AWQJ!H>jlcvECYfr-J zNjobIQ&`y8QLi`H*LjZ@8xnqYaTqb*kvFTWsX2M~2INpiM0jcFtB>ZybR=};_J~|C zk7eBAdsc&PPj6SfaL@b-9XszFBXAho>)S3Ctv_j2dh-MUhttu^gAe2))VjFpX*N-*hFCffH`=?lVi%{u?ZM3fb?{Hl%JLLSiO5}sudsNgzC>k^ zG=#tES!VlK6CM?Qr-YYg~~z1`tPj>yprZFlO+CXwf` zN{oHS^~iiAGsXM;H*}&bTQy2}a5808)$URL1>Fi6sh$CB)3@_v>_aNTbFN|JYiI!h zuS+X0ulxUfiZT_@5^fYdtba?-S}ZBOYkU}P|Bm8|5D1kpQE%tyXzT0@BsBi{^Jj^` zkgMS<_lgZ;6BF*JbS~`hi15ox`m+#W5pVvCcWg2X{YaMfdhf_zDS`21rh9SN!7V?0o}RC@j*vuQt#>;p)h6PS0r& zy|_@4k!2T0;4*RAXK7&;3eq@QTE3SJ{9ea|F^f&1sU@u@tB0oR;P8RdzpygDXEK+^ zq?g3EVt@r4aTEd*)w%BJE5~+=gQse6} zXmC>Y=g_u}gfrwq3WnGHk{4|HGbVaej7d|&RI)?=^>E7zVppc{c(|J1Q%0dpmA7o- zi@34(bSlrSVpRyjjK)!`x5_3^d-`+oo>m>ho(wO0xZXjp;mHtGlt60GynXA&^)%m$ zLBqNGR!c)e!v^DUCW}w~N;8e&BMC_e-b+yu9cU!o1KPVU*S=|3UBRuX(|&JgBWAs(oOvz3DE7}rUX{2xF6-#wG3z$}<= ze0*VTdS`Il0^Miy-a;5St(w~n?r~(;<3?Rzz{)lhw9#g6>f}1rOY6^I3lxVFT=%E|%&31H^#5cX`rk><-spO}p^BCcTaGSZqTGo1 zWoGg3F`V>G>|>~NUSZ3ey?W-uLylyxRq2#qhcC z$$B)N)G_)~pvId~*_y9_t#Jqq1C0cqbVAu9XK+l|fK;^RYqxk1Fm~AZ6_*G&S++|` z=&|iBEc(aBxGtPc#_y3HtLx5eq{i5JHa9orwy7Bz%j)arlexY80|IVOmgbh1ZDeDJ z0E&W5C3m--pa>|{#igZ%mw*7M$q!&~X=!O`V?(d!<>8Sw4B&{WDpqoSDu7P_vWkjy za&j`;^YC9+2`s%DlQJl`L|u&4BVdA`x@y~IIuKO zwvlavby8B&#>NIAr%i<(_FhVF^yM~+JvON{JWarQ7LcOLi;FV+R8;08hci?!%NCJhqcG*OK%%!#AU7yg0&zI81{mm^cXZ2gr zKmj`22q6W(Jl%SEdHKFPtRApI&sqjIv42HHjlflw78fO=2zCw*EQbWb5)%`F5${!L-RkBk^KE1#+ES3S z*>Eb$Pzn<@tJ~=^rqE-ol&$SaUE7nbdVGCM%$W0-0EpI&AQmw3G*I*LEhUo>Y-&1O zjc~Db_K|o+e&>ZMs1z#bL2dAFfvOy}+_%!?*7gKjf?99#Pfn`U(QJp+E4w8SNy8T! z&4x00Aa?T=+3v>1odxoQVe20mw3^+IW=r{#fByU_xTxR&J0H?#V8jL|NZ+X z#{Gwc&lRn3W3KI)14{VW=&V$?!D+TctLx-T^5V!y6f(#|pJ#?qt13`bKsr1J2^q0( z_3vLAlR+MzYQ(URz`zQ!y)lS=^y<4r^VMb#hz|@uprgi!ywWX^U4zGSEL$K08C?** zonZ04{1ZhV4fdepRuq?0E7jgkiUAZdg+E|hw-S88!IQydUqFlj>c$_)5e>m(WBgrv z{Gpfq%a>pMvP>=A)9&odDX2K~Kzx5;BPTb0fSrUgKHbCN4B9oJpD7@(*qnwN5Bz_c z6bxgG{i2lJJ35kOGPn5z-VCEoVm?4J5KWl{a6aV8y%hU%D#RBQZkHsj~a{AY6Vnj1QDSDwYRDS-96ynjMTfo~An? z)TCpc2a{j#rWdrdGB~xj3x9us=(GYdKL81%qRqhTWQIK+6<02mIXjBm_Hep8@Xe*r zgN>c0CQZ41mx5_pMjhyEK8fAe(L_C(K~|UFJOA;w0ASy+%iy#n59{fc`IyFT`7uqm zaU&QA?fLQLWjX2SVoek|Z+-pjT3Bpb+e?y$K9B3MX7}&v>M1<#$Wg$L6PDF@Gpm!r zs3-Hrh;2$CoW-y(hKrz`F|XP&CT$HNP)lt|X3X?k?{jEQMIDjMx)ZbTbNFoBy;rRdiO z|5uo8jE?_KIyt2vwE5w*2`yNM*{Ji4gxxakDXwE)^iJm~1tjyMrknyITEOd6tnI?Q zyuhUq87H@Wm+SqBeO_5fqc@h1cNg?bUmbm4&O?O0d_xOn<#RjjuHLo~;fqYr=|vYu z#b@YS7-DRS+!41{>Rz&M%i9vE^qZ*)M*$mn`orU&%ai}gl` zOB2l$xcK-N@V#UsV%WLi?fP{yU}G#+FU^~u$d#nG)jBwd416@Wy&j2>iC|{MH7W=eQ2QwON#%zp(mJ^igyaWDu>hw6n&CJ^kT; zZ39k1IgEE0g@N0EFE%`_>x0VB=@A~YZT)M0!PL8Gj3J?`-CsgJ_bxS2WNEDLcKyu_ zvnD102c>mcgL!WxekkMXF7hw!y!Gy#(S;+!)q3*1O}*7SVR%k+mIzf)=H zP)2D)!zI8L=;9p@M(%R2zB1C$b@p z66{fF$3992e%Cpc+SS#irREa!njRIg8Vd4IOyZ9Ejb9UHb0s5)rMjHB5k2+RnOy;o zF0v+fR>JGo#k$)h@lcRI0S7DObyZ~VS%5WM(We+za#BZ6X2B#2Nic z{oI)PZxYFeP=Al_m=d2(Ezc}9KRmiib)?iFNhpIO*F-6qnGJzb3^=HJum!=7+}W8x z<*1IT;4W4#%M%8AYmKnuwK_;HO3XOm>KmyXYK|jseZ`$jO5!y-0T58YYq-Wxx9m^W zMZsd<(+mV|ubuJQ0vq7(`^0QtZFmf|ud^|B&0Rt7tf=Z>*31Mgh;Y9#HGZD27vtVA zMyfQZTX7}CAvLjDee8&zY+abK_^2%Q22sZPlZlSgJL*0R$vdD{VylP~S<6zunC4O` zn_9}sFzgZfid$P(b^ZTKal{IeXzk5W!NDv(!*m3egLs-Bs5&Vmi7Y!@E|;-bN{w<) z)?5(SgAYG3Qxy8BhsBlaw=DK!%0x2x!^SZr!Bj&iY~R)2!E>1CSr3Qq5nju+Z6jh` zznii@>2u=y@tvFq<8RPWh1;3_F$cjwcLPPU6UOhS)>c6Uw0f~+dN%Vif&sCR*-{;l z<>6eFt;iHc{?I3fj&6Vw*PZZudkpp&see| zL$_z%F>FPOfgWSeKnyjZo0g=`97vs-4k+tFPdDYhJHO6$cU_-u=1fE#WA@2eSS~c$ z?q~ige*mVag+HTRSDOlE-cc1q!KMynJoxU~$!;%U( z3MuS5MCftD!8zC%A6riE6Eb2{Q}BR^4O7c?JgrGP1q);x?*pc(Ay7Vtk{L`|LzdAKE)&nU_jzUON^9>><0!0Mzf8CE|Y*3Y#P-|=Jr>+(Fh&|Z3vl0_O zmw(GN-JPqyv|9^-XnrD1_s#WNb=(CNX!z={~#xeL&e zSrQb^#(=LWDD3f4{)4PNE0obV)GkZGf}r)yE$(;(T4if?CSDAZ@eMkqf?<{cz7`dB640} zw@dT4gI80JTx^%h;!x@70ol~CQ}!zoLh@OgA!BHRdZer@U1aUu&* zettgCaHW1UIim^I##4z_Ul97kRZ%;i?23+vVnXy!JTppm@|flgT3rBl6GjG~=e5PK zwZdo^Da~a1(_>&5I|Pi0q+-X(9K~k%V86PWS~-`ts7Oz_?1T z_0>yQe#O@kQxGUunJS?e&yzgTFQ*_cPcuT(aCTRRaNIBm`8gy_a8bChc@jhai>O&U zYBj4dY6S-1fM)I4JQ9thFo>Idn11MV;ZHJ#Z+s& zaN#mBHVCCRg`;aXiR46~&}XD$`L!1xy8_>KDrMcI9L`HBGFJ++w3Sk1hQiRS|7J65 z{3S)VL+fQR5+fNm_k8mS#jid>mfkl@lOmatltP_ax~Z34!KVkcJj=!o7USMcmHHC5W_7=-v)=-NuB@MuK4_K<3IJ; z)pe=brscS*^5>yZp_u+Zg}MDU1!*{{?mvY|c^xs=NvoUc`=24(?|0iRMdts~mk3X_ zDjW3wZM#8=%zND4**#sVyIt=<1m-``lIpz1A}auQVerbx$pOy3%CFr)QGhCSeC_eG zlI*RHyf@G%0JiT0D*5GR%PF8$U`Q1zFD_nk-H5cbwvLF1AS5EH$&XP{*FHQuQ_Rb& z=cb@oF%3s00*oET+&xkMsvpnf%28Mc0F|3WrvYqjO21ofa0c3xP|B}g84RHG-1CzL zIyy&y3z4(LU~O_zWOA+#G_ctNEP7yE2@KT%y~4=IC2=XAwmjLGB`Q-=>bIPJUg6bGYG%hE!C|g2c!%DM)kgoHE?6YJ%GV7 zcij9(YC!EyEWq=L`HAR}XCUBvO9KM~omu9psw#&9+py}wzkl}u758{tJytQNS^Q6> za50L*D^+Fm`d~^jir}Ubm5EYk%?b=CPhgND5x7!s+!MZ0;0mPVx;5|vEt1D;pwoAM zhVP|K0K;ipEeZe?jF`j-%&xAE{%UDyv27?c-urJ0))iU+{PAkcR?8sZJvJ5KE=cZ= zCgxjSSqXD-bMw8Pkj$hAt6l`2UtJ;}`uv+A5DPeUuZ>~eR812RXal1!b@kokk&GyfK*T`gG}+EtKnbniJ#SMB zd0Y-q+a53l^n6F??CPpip1mYM)IO$2jq6&x zgw?h6)KAf~eWRme`-$I9SKjOd3^o(qJkSqISrEyM4l%VwuIJd!>3iAA$wfAJ`iHV| zV1LJuM>QmE005Dl?`%T5KESRfXw?)YVZ@ZwtYW<%j^&Le*4SKNPk z(-vL~%=XzXt39rEK@gv0WYCDc&yfygSZ)&_ipui;{@ezhG?m?#5OI@vA~oss&%fo> zvuTf4no_W4=jL>Vz$}grya@rbr`6hMP+g#Ea?LRc(U&jq8+Tit*lChHH!H%54xx{V zh^NwJ+!t>+<1eed;jE{OSgr&0l_uvR%a|l$Ui0@h7}b^pgoJ`{Qzt{iFF{f2l>u?2 z-UORFJ3D~Sq9gQ2L4V^+GNXQcW@0z3`$+l>rDGmOLlawSPXxmsnT%@C7~r2@uCY`x zH>ctOmT(K zYZ#mcTt00AH`6NopIn}Rwq6kE+_w5+K=VYYB;dP^5E9RRMg{hdL_~6dtCdAImW!s! zHukKbvFs5P@AD2Mek~WVja*zF~1pASoqYZn9qz~q)95Zs?D*qT0A*0NEs@= zaILstBT`iZQnhs*fDrk_7}0=6|FYEpNb4xKemrh`W*`3eCA+4Rtr#IHYzB7537}UV z(KA%0#G+0{#YHMLrv7p$mq|GCb+<<>QZ2_@SC0$8>*BB(Gko&0#k9$%)$o7(M$VQ||z=f(5_}N#=!PB!$hpH+X|O_AN8+WB?R- z1R$fH$4*kJlI!%^%d^`s3oNLbStF{4(%-S06RQKy$cTc1qP+Fq3Ju>1bo?cSSvj>+ zm+tRdjR1dtW+T^sT^3HWyTSqhNw_lqBr1ZcM6lj2=9bEH{AD&uX<-K`R^X}!AB`O3 zkS_A`!}|hP_)ZGQ%uHz|u^Z8_hRu9fc#?TJRipVs$&11BB`$&YMi4H*)v&YQs{iWv zBElaZnaN>vWun7U1vHxOfhB}Hm5ZqwB&4ibyhRD!mduv{?rhTo3DhQ=9tv3RXJeCr z=#Pulv1~+m&4D8+Hi|~E& z!2YWUrq)nw=Mj!MLm~?h{BmcXtCqXZVTyLRkyy|>6`5d|D#rkZCyAYm)dHd{Ni{R= zeD4B-ZqI0uv?t(8!#8^OcDH}ibqP4Sz8{m&(<637IS*Z2ldDJ^8`=5PWi-X_=h6}I zDgu|`8v`xFw<>PociFtzNM6!3^z;?JV5!g5w3d&7x32<=9q5HLX-d8+3Kk&I{Ynz^ zs)*6mt}uM19*hhP$cWb3Mz$$s@6P!Q8R$muizeRM9~ns37#$@t80H~R>G?{YX)FKc zA;K@$;Hnpu55>zWdTgF*nTouf1-~iGlCvz580EKZ=G4OQu_)SC3G|SFD9MixL6*CQ zqdzK#x`Y-;xa^4RaF#C1noe1HXx>Co0DZ>*i(yk`UO#j7?tw7Xgt>W*&x5Ng_Xxon z^7;SK&UHmK{d8ND7J6@jKuCaq^qL^O7pVcHN|PoXK|vwX0tApQy-EpPK}32l(gP|Y zDAH6!@Q;8<6z~pr-KV?my5GZnxG&%PWX)uLGjsOYXP^CMuLj_&i=?D;YFRjavncuD zv&`YY{DWjaFq{hY4^bX9x|ozOfTWyz75(48jCs4TU=j75AnL%_B^$Cufaat^=DXa+ z=&20ntSx2EPG9t1m2#?129`K;bB`o|_B1m&G{s0l#Vmk*S`bTtL z_Nh2Bhw0r$%`Ig$cCP4?uci-fIb8@&Z^f|)%kcho*A;{O$~KzX0tE+c8(n%q?R4n_ z4Gw=UCV$1`q3Lznff<(x&;9Wt&LEI4=~9zXMtB=M2x(f+Xe#jfDAr%cR6c|I7f_r)Mc1UWsmus%Uj}lKD^&b@`=^d3X+{ ztztn-+1=iQ%Lf#!cphKA@3|duyF=;u|8z^`0g5?0Jl`m)TycR;{+ys^8Gg~vXQ;2= zuT&@#Z(gDM?qlLmrGRjl5$!1Af=MhOTQTO}_c9sD^tY_tW` z#qI^-TvpH4x1s62Bt}=(PlBNn435E!R|7s!37^vqF3z?DwyaIWDe+6GTOf+2kNCNe zr?mO!=0Q?yOl~^pWbbA6Q0698NamSB6lTHWGdp?eap}V$s)q!vMgEyp)9 z#A~dwV^y9d;iD1yu|!$_q|2#m)sdtMKYD(x44Jv6h9jgteuh!MhN$843udPXyt@7? za{{7FaEgc3#N{608;3a~v%-6|?<0OHVJIj9B@mhD0E)Cr1wkra{n%113 zHh#$c<1cM2Wa6_$*RwYzKpFfkOLN zRqhQLS$Q=7;5rcEl%^7tH@IGLppLF4T4z+=UDp?@aMduooHg`a#s^yuYDYknJ7x^U zbv|R++um_{$Mz+Q#vC)O82jX8I~s@rdXCqV+lJLt5Cb5>V9ndAu*fu!VLoe@`b4QW z(aiu7E7t z-iC*0Zf5+*SV6mW<8{v&6j~bT1XWrZ$4q5{qL(a}FqFvj#l-Y}z^CTlb%(#}QYe6K z1S_d|FVfg!W3}J=Ipx3fBKe=WoBuK}DY{B}dfKC+($jNJ&fp=ClxdqH>T~7>xNR&i z+u7R}u(7hTn$U|+8(+SRKke{2*By|(#Wz0JIj584$~$@*AKtE;zF8Ev2{PhLKCr$7 zjeS^AEGhA;SHQQ;zN~#yh+}avs}l4TZ~N;HZ&1qkdY0?G(8L@#ZJ}D!o`w2?cZ-%PY5lbKMGxvoi} z(2`kQwr9$vYl5*rXGTVL$6h2&B)D2wXlh_ec9(+0_;g;hGHMiEBt2<)CS%-t{5eR8 z`1R{|YU;gT%Ihv-NJ&R)K5WGNOM2pIWRG@4WcQ_QpK(PKT5J$-C+WnYX@~}FB%#SZR~EjXs8k! z8yi76L)!}~p`fH7)LBshlZB}u2z_{bLPSv|=;2vex#5$qDqy*0;pD_OtBkicf{BYG z*qMTw0}Y7-Hg7GjlT#kUXsZNA@_a2TYxvb*#iyAmW3l9Tbqh^pt{ThRXe}LEZ+{aY z{gK{g=U^Ki8|4=sE-bt>X=o(2JvTp$6W*|~(>EirpFvP}T)?P4qzg?U%c!YuTx0H% zkVoN+TEm@7xv#c0_okX;Wih8#t?A3Z5{fOCbl|xee}LAE@bwO2s;Fx~%+5}_TWSa5 zx2h^@(g#>M*hB8xdSv7==03{zmz%m~t)VgC!igf{QXuuUwNU0u%nlX~Q?Ygy4%*+8 zA2Y4Fh>RQ5q`t`gGB?CKqJw2xEC2JW)4ZXxj`}k77&94p@S)(>ja@DdZnUE@Mm@se znpqUz_~N1${WGgakE$hu)@~aTH3FXgtTAxGU_va(-1iTH>35b3i}MF+1yRzx(t8I# zb(7ZJD$>H*E8yi&jg=C;McHGXGmPqMI(lk-W0T=^%Hu!5syGNul?d6+>RC_Xh40C8 zBx+8QM>mt6!%E_LEi#PsoWK?_3Ez*&$g_VyZc{Ggo zXJTrr+_&(}Ku6Q@x~GP!>{>kyf2K?N`kt5AP^a z0fszGoKuR_(K+e9e%`u{d%iDk2BgQz#x>&IhhhD1@sGP%*J|q!o1@u zBeuV>;kQY7m)cYijtB%Dz}*e3#Y24S7Jh!AR_>_vF)FIlva6PqSXpt#+9&l@UBkyV z5fz86mPr}f!HKWmy!lNGtE#Fd$gkx6i9QWeJGMU*Aex&YpGiI5A2M&QtsRGFF|!2v zGxExjj{n$Ko`3afh)P=cYH~ebDQZ|V`bqwl+?ccvl$U>FQ`ItWA)4vy=SRoD0JE^S z9~yscDV+r*ZI=wW(bc(*YW^R>4g64ia z-6b}r89{0?N{YN`Kp@AMrUaKMzOiEKRV{g`V`|Fb&m#Enm)6|{#gE&Ku&*#au5Y`$ zA|euCL$sjj+}qYx)>5>GR0b7N`&zv^5q1UU9IvU~4avXgCg$c86l5cjgwot#{wTnaPak)`KX1zleJXFB!Bi_Ueyqg9(ACvt zUeQm|*VeW$I2e-%N$!M?j_K*?SVWEGy`9fo&+|%NY;A2Nqo80M_(MfQ2i0_}uvve+ zdXqR{zAE9#W2EI6sJ&;Y8AHkl+W%K$TICei?(nmPDL}OD+tXY>xP4nB>f6S*T`m^3 z=t2tzo2W)T(Ll?+oEl~h?%g#^lx$K4U+cjB8&V&15k{=Z%Im2k=3ZwPIKE7rmvFcw zS~{xrEiJAP1cD%-ma;H5$#PvtAcf;WaAp<@cp_3x2pp*_r!xBMURGX#{7c>{YHaqA zcu8ZRgIlu%|C{ogbMG6ERsMJHU%y^iDPiOrD}T?jUUo29?s09ey*m-rV^|Hr;+x0N1V=>JG3OX&=Kv3%Y<5HLreQL@ZAlq!BJL33~Rcbse?MO{4o(0Rq+RZ)$bIWtg5lj){=S80Ty^RE8tUDr?GW2$^Y* zr8t$jsW;$E_?s>om>}~D*bYNxqL_#%+?4_dZT|BE>m{xgiK&r^J^!G@Jv4nq;X?_0 zkY-!+eGZTHNW`Cao6D02eBssIJ@9Ba)|j}4-DQ&aVW_@1^+kmY%{e}BTQdNJB?AF# zhqi@{=w{ly>-WX)`@ltvEWk$6#sK7;fS#BgVNU0Y5OT<8*#}REt^`00x7%wzB{-jw z^L5BjQ_s)SkI1U?7GnKf>Hwcq#Ez^ZA_R}E}oI1fuo{EfE0x14!zv(OYVBGh6o_1{n{ ze~xYoILkTOO9a!f3?@!6(4oA1kPqqT{2Cj9m&GtJ9NQY*Ob(zGo@7|)ZZ209fvPGf zCH+lGrZ(fJJSwio{Rn!O&-KBvSlB@+L0!+-m~Ptm;SsO5g1n%Jig;){qg|4G3(7u> zj)A7OzR@M|s2<=f7ze-}^J!JYKfl4l!5Aba+<|%rVo7)h3P(jH$IZmMu(agbb>!}a zZ)%#!VdP)~(_8m8R2~xsPEoe`Tx0XfX*?z-hWxjWoyrD(A1p1+r_2dkSlOD}qmAQS zH#r4YyEO+l7r7PPYi1sNW`0tQZZQy0!2M|6Q4#no`nSHRsiCo{#R{bwUz7NBVqZpP za?;SgfP1{z;dz^L@pAAO`2RSLi$K_=p z8JrMQ^78fF+TMn*eE6{YWy8wGOg&b)tvf!RjGGALm$&?HwX}v7ZEuUJIX$Va7TPW_ zmnj2&Ye1SHsvs{vj}<{7oxjFJWU)$o$=*lXS@7^|eFR<&AKxas1s$hfJu}mC^t-8T z;}vM8V=I!tTv-cHR6{FVTppz+`J%EN(p8#S#JcrQAtQ$o3`-sk9f&s1So<0Je01yJ zo|w42l8k^fl)jJruP8!_UlvxJge51krar_~e~bO|i}whrJ-Jo-JWzQTUG@Th^$JXd z@KI7ifx>grZ&u=gQvfRhrqYPL{BBWwt)FDlimb7^Q&d$!NJ2a-JBbAg^y;vJ|9m|hTn{rvoFk`ng_Wh8$mKt*M#py&Rbaw|4A zcLM|Ve}t9AvWIR)I$mZ7x70@78UC&;C@9pv`z}8xhnbtj%E40GMEAG!HC@ACnIlnA z0RcpR+JUe@oCq!{B{4P0Hy}VU6zhWm;8=ju`{L-O!W#~jiB}@TqpHw5&$d%BZR9&b=sUAM}~%{jhzKZljArMAXPnc42>;HMDj3tZ!1Rc59u zh!tZjPQHYf<$=AbH{@>Enx|Hl3lhUo5C)ic z%@en8LV}};3UW_BS!6PcY+#)Eu(&LAdhXrBL`n-ogYGt#>V~qiz~54t`z$lEJnWZZ zD9j$liYA!tXQaQ*z9|6oofj_j#*&g|Z`%6#`zJvdDr|4q+u6mCl1_PNdvdFdE^RX2 zU@}EAnKZn9Y&-LEi;f*Ce6{eTwbfG7d~hJ{*%I|>17KG9-9e;lW#KD2hYxWqt8_3#)nSTeM2nu&G^?f(7NM` zoN}qlamY32pllaCtL$7T{4g&cLu-(njGLGo=jGWNdo%cTz|+L!+N!$NRk`H8nHsO8 zrusTj?|g~9fQu&)=>oSND1sHmIX5eFC1FA%Ix2ath`NW&xQs z^py5Sm@uRX1Ct$u_VAzY-*p4Fw|z4BPS|8>ZJeAELdtn~EDwTjBi#JlUJ9676QxH0 zJY!kkFbJ0WEN2L6)_JKAC{)8?dSc3}<^`R4dk%V%0Tcg1I2H08!Yk!ZO+>0J0z5lg zf$yTZ`(^bk63Mfran16kiM5BJ#l^ct7pEUS1h@{PdSmOtoxa-gl52MAvgy=E-1}N^ zalw3^R3z($DE%+!FH(qsLx|YMj@prolH9DNytl2firieINdK`t zE!B0AE3(A{V`C$5!C_l%1RNqgIuW-d!Igi=3VT|O&T6*RJ9JZvN9`EyABc*t(aJ|-tFz}rX~p=t2I}X9KNX# zW2>sSb3=JQNgg;|Q_J5ncERx8DYD1GVjk(`M<}PQUn^s&6*1T%Qz%9!_B~;+@`9s8 zGWN>{qCsv3_m0awUfkNBXSS=aZQDueCs8X3sP|zu&U~oXu|9b5Nrhf|=Vm3@aO{z6 zYL#tO6$=9erP8QqaF}MhJ1xJ2LT7Dld1u}Hd|6*9lMw*Ku3cSMuS^(ixIQ)zaP;EE zJmN|LQ7<2xkyRQKb5iZ%#DfqQZ+_tY@EJUnetX{Y6kFQe{T>*2&dkgV#>7Mq44j;F zudML)H)!kWI&)kTC%u$Yl&4==+dQ{?fFKp%<-YtVF%*ZZCikf=k2z8P_C?pb)h#&A z2W5-7Ce_4%!4VhZdEg0C)uR+yo6k2U|MF1Qr@G@wMqc8Tjm=!bxbBz1?-xiUqNCyq zFMS(-Cg)?!o$D1Q<+rqq=k!+$y8UL!`3fELT4qm^KR;jt$GF zB+_%{@80DL;eMe#PYYt(oxzLcJYkGP-45H2OT;nE@?pj|Y15Wz7GXz5N7q?Uj_=Rz z4OX%2Pk-Ax515|p63oQrGgx`p#&6(mb;s!TGh8xF)~oR}aFJr<9pL*g2_-lP_|){V z=XhpdAo>V!2U!?*N5E1<6XxH)o?F{0^)@_L#C&|~`6t@^9K>V|_D8{N|L?A^t29KY z$0Q5jREnlnSIcxTpxpteGxP!4Vf+$(c6J6@$pZw1g*Ql;&IiqqwySK-yzuQ!2mV7r ky#HeU#Df_E;V(lGr`YxH`#TQ6o1DZz$3(kH(>dlp09nqx$p8QV literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3autosetupofvpn.png b/windows/security/threat-protection/microsoft-defender-atp/images/3autosetupofvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..4f77493945c65ad00cffcfa8d0bb631dabb4db15 GIT binary patch literal 27188 zcmc$`WmH^Iw=9agyGzjE1P{R>5Zv80Sa5fD2_(2D0fM``yAve1LvVNQ;=AYmdE<;X z?sbSb>TVv+{k|Yl#|L8|5CsK8d_wqyz|MIKgU1#kTV+=5#3}0_>)1y?K%f*x1OvvwBH;e8+mHDF+>eLC z1b3DFal$DO0^`x9lyZLm{v8nDTUJq^sjGXqzrTajY~<=%S6&{+hyniRoMO)1oreoo zZ6cjQ#s`Ou+sYri}fX+#IB564fK znCrTC_nJC7{0@(|ab&*qLacGcZx8}+7ps3j$tftb-!|iu-LD6=-(6j_d#%^Ed+sDl z<=m{^WX>6QaR~`!TRV%Dl$2x$`JrX<@bEaPRf%X=SopX5xoO~Qtf0vtM-})!SJ%|2 zmbE}9CO!^?hj#@+sRu*7HE2A4bQ(XFn501nY>+!F6z1UI@bkS>h|eAy8(Uad7#tkD zZ+fpsnn^Br8)Wd|N!7)LYwnl@D(hs$t4&QqXZX9Dp^t55lq)SC-(CCjg^+GWX5+ip zlZk7PE8PAxT7Ks(s6o>=HMP-p;{7l)i2d)M0rf^mNJxHu{`IwMSxe>Q>YRp-4l-5m zcOGta4Go>N^uLSZ4@4v+HrCcUy1J&t1W*Avzbh+SeXO4b2Bds^o=#8MG}@33TPrJb z+YK)JraC%0cItH|EX2gb?Ce-IR>a-hc+_*9dgiH6785q910y0Ll9KQ;NP4h>MJc%@pO%(LBK7q2&o_mlZ-1>LNQjY<59tG^Lgy%*w8QTYS+4F_N7^yx&e$repYIzy zZ|r~njw=Zdk6>@baD#)kVPR`~^?>geR`yz%c5P?(dwY8iC#?_N@Z=q3e)oyws~4qq z2mk)%Zky3a%=f3I5!J0<&V0+tIxf%l!y`5h_Pe_n4hVp>!R2*7t+w#Ji^}Wj+U$=N zxF3ik^Si{1Cg14)v$MU^_Vh>$X;%9FeE`s;C$;i#w>iNz42&U*^XmyP{`74Hkwe437)`P=7*w#3xb2m++bM7r#r zLo#+080uY6$S!*mBKn$|QuY;gUgeCK)R$`UIzyKO`sJZEOxhR-bq7cC(|Rqv@HM zE32zVM+Q3DC>X-fNduYq`1xpPX=CH!Oi=tD{uxk+zPMk+Oc%%#5fU;-;Ue6BOG*kY zTRUJeP;a`?S@qsMs)vSp{PBkB>dHARG!z`)rL#*eqXr8j4K+0zkJI*$Su|uD2D_&q zzz(-IpOe(-0%H>sZy%pZ{EWV}9EuXy{y5SQ&!^2%p3xCmDk`c~zn5081$hJS?Aawcff0$a`*m(0eL0sNGRysc~r641=5*HmV z?0wedv9**&G|B%lDhj#$k@W6yT&j&e>%Gglh0q|{zV`n z4orS2E7QfTd+&iY2C>-jT?ift<|Oc2X6E-^tF><5%Ly^*NTd>klF|~g$4=;Z6CEAK zlKDm_i$>gZfAnsD9l;lGn6Zw3 ziShJ%zslp#i(!U_G}g>hpnCgz*O}P)2RdXRFhj5d$$q$>_aI8yDJoLvM0I;?ob|7< zV(#v2c|WY!iD)e_1X6^z4ui@fyzYJ?|L{EjV|jVm#l;0d-|I?^OAUAArjmr;6{pI` zl-`jcKK|k4ftv(zBQg>R!T;BkjIb$ zj0TNRkYdAW#ey)9u=fiJevWG${kk3|-K(qUL>_CKajF%BaIV|$rg)rLxM|^B;Wz!( zyjDZ(q9S5f9{Zx3(uksE)M$7T78bO^X;G%Pwy29CWdq*zAenyt43YXtR@ShX8=III zxwuA4FcoS&n)1(|sjg5RK}EOA0i%qOB)qTBqynB>yFw4YxA^EjY?Hs7dJRyvkYD_^5z&AbdZ_sw@lPBIXRlvDuyR4Up@G-LjbKYB8y%&n`X%Tl)iF9IMwBYs?^tV~ z1C-yN2@20mB;8VBHk$JG>$EMAH)}ZbRM6~R)&&g>;iZcswYUg7D4x2S13v2M4#$Ut zhplb;GZ09ZQ3crv-anzJI<3$8h|8X@0SIa%SRoFfQB1@{8|HW_>QFZfOs+i|d=Dp@cHA#d{6( z0hpNcyNfCa3k$;#3&`?4*iDE#U9WY&Q(zSdnCFm%)5quM|9i6Hw`#r*`uV(=cL>ze z&fIu?Z7ro%TwGj~V4BP0eCv((zpV)D!}Zz6E~uZdTKu%{J#B4cY(ow|@QnKymsV6@ z(C!a?A0B@^$IqptEWxtzC8y`2f#rLe)p#CTp%Q5tA0OAz(t69v=(QJy-lgZ_>ge>C zl$5lwVT@+>mlo0IJ9ldG*S{0CM=h46(7kAjMF zE?1jz0{8twj{yQo;xA)k@;5%ae;F8t=mRrx5Sj@BKB7jbBGuH_3S1Awq4{1DGQM74 zW>?jm{r&yb)>9qL;N7ezTxCA2H}6=_Gs|MfcH+dTdW9Z}4UF1e4vNbuaNnG?pWRz0 ze2d|Gur6=)eDPWJ0EBDd5ixLF@Zqu(p3J|F@?%py8_z>0^r~dwbHC7v`nRbuoMxn>&n{?cP zk(tZ(mw!Tu3A`3?(7{G8r|{^)g=~iw*>^NQ(XJ|d*f`MzZi80aZ}|(6tyuJ0AXcgF zf@&Q_!Wkyt&C1beWo+4Po>{`w$t>CU_rwZFqWUr%gvo3&^EH)(3~%2@w;jA8=;| ztn7yBZ{Bn{Gyt9*q!0+z*<+}hzIqfF5y1x-#i#+Il8%mvjj8+AfKfCX2UXC*TSaYc z&%3Ir+#vXc^pBupgU)C|-ex#6H=CN4Lc-^*sei1jYPw~fSzTEv=y%LitpZUF`RJ@@jnBEa?WHd1A6-@Zdr|hTB^g@ z0_(G}L<6t^r0x6K7{OlT4i4K$)h2 zj*fvrdS)u75Aw5jX-LXhDybHucsq+iEgm{ei%Bh1Zv~E1f z4Gr}07WG*XcfAYihUDWp6ZT%ni8bf0>-J&IQLP4=mjm;fj;8j8IqhKu3MS+8BcCO0 zM9E0xq@BYJgmdbPTP1~={*iC>gu25^CV%^ec4qOh`QK88z@~9`#!`!9K0Y!w)VJB% za|WVTpjAP)@-6DKb2H6l)SKD2Jb8u}G@v#MVbx6N)-Erp8>Y zb)6@L_UD(9K5FKw-uf< z`*tzmqx-gRZ#E;^hN|1!I+l|kh!o?A@r`#6N%6BM1UpXbSRAkLN{8amKfV2;M`U-g z+nbYuu|wU#3fbAe=8q{RD6ghkXbAnC(mHB4n$NZrc`Ujks zjtTa~zv1dU6^ZtQj+3(M^9Rv@sUM=n?;FX<4+;n4j$((_=-9pw^zTXrX{qdgV$MJUYeSo?t=1hDqe&Y8x?7(Y5Z-Z zK^Ha?UBYGuuXAJXQ2yo})l+F^O9B?Qw6*r%e^Fg|PKsJ-Sh$H=t?zhjENrz_K#70d zB_~0AqA#}8H^{ucI@^s}S<*Ul;Y5#>laUKQMG4o|)kj3WJisgw3kdXqZvIGH6d8qd zKE2#31`p>Y_V{#;gp7<7MVH@xEAr+49FWRpchHY){?M!MD=RCY<$YC}ET0>Zk424% zSa~@)`OH*Y_V0vzO#wN1*CMpnx^tw*&_T(_$wJ6@1|2QJ*Vxe0Ca0mMq@di-{Wi(~ z5i1%s2?rM!XN#xiYGiaYIy$l`lZc!&HAQq{6>uV!`-r-gy3nq?1i`OCTErwIy868@ z$V!yY+o*EAzi_K%@>U%Phz<=fwDPXjJ9B%tx5svx@-`fwOZH;O*SFaEROXf{tA?I7 zpkLt=8C;O6u>)QIg1__l?Tcan5)TEg^Px)1Yw9`2^&VKizoP4cxgEnR+E(6B{s(=3 zLjO;|_opxbnqX&&|36>aJ*O0)KF3XK&T~)814qjP5Ofjn|` zi;4I9YTI}|haz=;dU`59zEpun7nXrhiQmYD3JrQWiyVfbvZxyvg?&OZJTRs2!{kSs}yVXeqZHI zY}WLqOK>N62+q7pJGsEk-C}NXa=jdACl=YhRbW)&;CR=tXkFFRbPovU!r~$Y2N5CB z%yMMV(C}!l4L+p2rL!tdaSM&GI?%4PbPedBM9d^Y+Oo*df@fFN*RpsDRCS@*+1Wpk z*;ONm1aRZ?K>I{SM~h!?4ea4iOKx7hOu@1V3bxhM z^x$%TO-|NOR|iM*Jt@gm!0mnZcsob=twx|zc+dt?kKWJ~1ID|qx_X|iU9Z)LmD&Q0 z|C2@b;#mLvwipw zjL7;dA)sp_;lby14`cg0oNW+#O(7{8h3P_9monk zr;a4{%6|1{U*A{ZwAQ6|?`Usb?A+0j09_v$1qYSFOKM4Tc5;$(MHMEt{#PR*bf}gQ zS3|s&l~vtnkilRQOyshenHelRyxmv}?`dZK?mSQ&T#Srz#q}sGZEbB2sSO#UGvpHN z7q#e09Npbhj)>?8pEkF05@KLXgz0$EEAS6tyBa0@)%-J2T^G+hbJ>Y1R08ygh?fGoacp9*lmX|j-Hyf)6P+WA}Vx7A59iq8~gvcS~-@+jNkciIR zD3mzrNroQ-1=6VR3bmkp*)fK=SW#VnmtbyKe0_awTY$jpTGBNrLhKxl9a|mdi9&E? zqYP{R$t3=e#29ys5-!>(C!FIgA&LW!Ln{&v8QF9B%Y8WjHeIceg=&kF_Lt{!@4B7s z?ft{UXeLXeFQ8e4rfqGR^6L=$__S73C@xL;`nH*y=T{(Cb8rms3$Cnu#>T<xA2RpV9}RD%O~0Ht?QjLiLa1N`B0>S&J*3snT+9` zrFl6NetT;c*jC*hIh|>8XLx%Ti}hw#XeP7pIM_O+{{f{T%#ByWj0ZZk*6Ph8t_utk+2!(CxOJEXG^z zhgNgNHqIhDtlbU=FeP9^ApHDr#6$zZpaW@V_1VzBnKa?z@9N`XSJxXVs?G21FGp8% z`f{H>g@$)sMou+((^3^TLRtpr}k9tN{g&=_Wg%HqU?qP~7C(Ux0=)82a$ zYW>d{0t3)kEMw?nWN^`=QBhHqZYZBP|14Ka1jIKlFD+qVVL?Gbac5^_;uL~gRTb7Q zq*yP3{V$^r1VXWBFB>)0=|mb#v1sQ(7oqr2MgC%aYpHN+h7P))@$m8c&GkOJ*5(@< zq+6h%IEQ38Om0xG)k=N()ENc))ZI4EQh}?FS<~ZgkERsCNH`Vl6poLk9A;FV#QQ7Z z4%@-aKl#ctyKBAaCE4!|Ul*?g;jZzd?P30xlWn~0SDsoeY`Y9XV&!ay)?%VLSLi+=tzslrRIc;_z_kTo^zt;(gv z+Q!xNrN%tmi;=$C*5jb)F*GA2BP%7P<9jbJA0L^JD^9oA8?T3>dix+X4Yj8;^!EOv z0I?vP&Q@j?CZMHTvmt$cIp#m1K&GaleUrQCPH7lVc-u9K6s*QvS~_4hE_A~rj-NR` zI=Y!JCnMvv9p?^G88bPuI3D=lrmUM!ZSmd}1~ zW?>!WpIcB6rB^{nbB+lYAshTjAT-7_nAGQf5b}?*j?DCIFRX~CHj%TE?hn{fQHCCw zAojJwRgYa;5;S$7V3YDWBXF^KpIYP{*&(3FCMZ-=MPrC{^@J=Sz)fw}sn}5e?&%RX zeLsLWTu{Lu4^zk76cR6$g(ViiHr&UBKHg(RK^%`{>H$*%w@ac$fI2@dmGpqI7EBdK z6=UqShw;$+f%Ks_DheeEZjbO2Hsp1eEZlpM&}CzMSL8CrPv(-*C}gChM|*qW)ME^g z@@V?7Wfh2rq(_tlhlFq+VNp8<*i{?oZ34GqeHBfU@%rMVNm$LX+?Cj9x+d2<9KH%W z+W)5Nh>)n?IOem*%p**IMkA@`)?kDqeWwF`I%Iru_(ohNL$(Kl%ykFT#C@I%ZiJ}9 zDZEn#E+`6*t4FV!1qVSm`1xq{8Fg-AdpLRBw@lL4zqwf_lsCXwQaUoSA=b8}6dD@J zy`_RN`Fs3E7#uu%P@gGD1O-1MvM=%+&vh?1e8ZEwk&#sqgO--TJEOVruJe!T|Ew&t zr2?cM%x$ZiuQqj5-w>M|^c97z#h4>|1xsXF|9w8%Oywxxnwf0~B-rva)yFevE7>~P z4f~7ki_rUPdmC6g6Mq(wgl-m#%d1p^Kg7xcm@FXpSOLn#*Hl+fAUj#Qy#ka5!hDIh1;Y8uKk7Yan5!npON5uE7w}IMTkdio^ zl})Nk{=(oV9f=?s5@byPDoU4sarht#?aV;>fVHefJjSGE0{wzG@sY#1QqRgHabM8N zd}+YGkTFb&f^J6z#Xvf*vJ{RylOs(vf=yj4M5FS#4TNNXo}vDDBoD;9XY)$P!T?bx z*vcTIIHbmNT6;wTZYbIs0$gV(&xp?MQA6wucoJB7UMFn=hFDSyh%kSXo`}H59KWBw zJ%=;v?)B8D8BQfbV`HJ_Yo?C1#uWw;I$bf*Z=o)%KnZuTRJdilX}OmzW@DqZOK=J& zqYnBSP6z-9+0rdr{PgT>q26v48vR2@{>ofXb+w9=RE51OHv0GvXb^k354sFkZ??9`QnwXhi?0W*pj(I zWZM3NoC$L2V{cM~#DIdI;5;3Dr=ja`Uz{uGLb6Q&e93W?(;`i{^ASfu%9{c$?WYsvX&>QIH%es0FLc_y@ovRe? z+b4cutd=&Pd0j6N#yA#V+aNmuOgx?w2L}vFhU-seHy)m7CwqI0J{E3nIKsqH?_p^f z13<6_VE+;SQ_MleAEUAbo=e+R98V>lo{_IV1*ISvLqki|50v(iM>LyMR_lV(T^~Lgk)@o&N01Ht^b@?mbgktpNfR` zxfjvMj^>?A7?r5dJm!>uYp`=1b}w4|5k9_;s5I!Mc#Hd88AK_kbPw}S?#;z7L zeS<^f-6UJ&(T@Vgpt`~_C^Oz?Fy_mCrr--}7^y=EZLprNg$k&sVAIXfU4Jip4cttE zmcZNq!7tP^!hNc0YThladKsB>bANn%e2hXr2z=NHcG})Hb8v9@tfH-*SC*fjTeh;e z7`Xhqklti0wpeRvJEo$pO=*_yK58aGaI#r&gU&JUSD^*>FOT2fy?C6x?4gC3C?QT+ zR`<-aWNFEBt}mAZDIqpKJ>IkSo16g>+-Ea= zBo%s7*)0)jLFd2^17Bb=yf6JT-#CaRDF#s)eWb<}zg#gJ+%Ym&$kfil2^2RT zV@~r6Zq*GE`K|H4(q&gQf_`)6|CI`tvbTrxGB%G9*%*e47N}Py~ zhbH$6rczQ->GjSoZk3>z?J{LE2-JERMgBW$$bgC+^p;zgY}e`ricL&0=dY(D!ba?w ziz>z2uAN&q$v+(=-sZbuLSBJ7#wCb>4MzXHfbXq`Q<&KPZSj5jB+Jk3Iu=XYYFGg$ zo_j=~iMHv3pGq;CnXWDz_$2?cY;29vJ#vfDPSW@k2=Y5tZ7fJLRGMSQ7&~s`la4yc zODslOFCRRBGf);*9`&DuQ5D?(M8W#YI59OfwY0SK0f=BCOPu^q2?N(i)EEeG@bF8ULz=VE3S zqSGql>DdG(7R-^cG1r=UDgrVhW64){K>Oy+(%>K_ zu3Y2 z*2XIEg9Zq!PFbyXc6JOaG>P|mMn+JeY_@lIElfW8&h73HCT(yFx)|Y=hDp z@vyADJkAB}{{Ehg0ESn%P=l8hr90?ASVZ#UM@`}iifdO8N+LikhBPsrPtiiX=H=q* zH3pVZIbX9%4v1LYta!0fQ3WwZDXFOejbLF=)7j09%7IEsO3L2JiGzzvWK2O;7Ca~R zD?7WqE-61hG_&+L%RkRC_&$^DEyTAsECL@ww#7nB?JNnh5a50;nZSE1_S1d%fbx_29zsL z6vmdMhDLJl-#{B=*g!pdXJ>z+g@r|Mq51jwXaCG}C|O!t=fb9So^9>yfNWT%pi9CX zx~Y?$ot+7l*gS%R!kZjnkf||+Mngshnn}Pp>3jEzf@Wf_j~_$#EiDn)q$FVPKx^Zz z>*x@kIqm8)&ik=00S09@YHX9u;9&Pdgduz!oM1SV&u}%7y_1tlfH~~JKnJ1Z_I0k5 zwUnShKAV}N4Vl{51Vf1Sy5bOFZ5;1}vIEM^$;$mvJB`S}p>lL|bayQ4yCx%8ZN_up z$l%}vZ`XppeZ!d#w;o3C9-f|F9UuSm@mm#;qyz*$#4jW#B?krtZWx^+dx2L(>j5I`zzNWf z?cqL#hO*&lYL>xQyp|albwK@;zzGw`lL-BxC98;fCB5LfKt&^a{Xj_X>5me`hp-Mr zHHriBsepjQ11d7A8JU!Z20WBMBwIZv4^MqnmyfCfwXw0SKN1`qjH$UPg{GdK$nM2O zo?C+9jAKqVti3#Rb7(0eZ`)VrllpKmmk7B zkXhs0TwNL7GDry)QD7i!ZL{#r|Lttk)Y29v$obUw@uO@&Xqdza^zR5VlmlQd=hA|b z=H$c?5%u=Al155fnAa3D2e470g6hIm2%9~Q@4~E}GckdIYi5Rw9CcjALXs2ID&Pte zV`*h23Qf|ruTlV_U*_iK-@cdMx_f~o&dbkl1OSZcLKrM)V5B4Dygxs8cY7_J zig32KxA*1MWeq2nz=x$&-dF!OeZd4NSXGdZuW>goy*RNYk2NN(SG$-a8) z;mvUWy{QhmA~=~u|7nSDcwO$^{bj_+9zXf_j~Kj~B0N36z1`p(8!~-i68iP6dP)OT zl3A-;|I>eajza&-n*YD*jQqL6K+u8;FdRM^SXKw9^mlP_uRsbEk!dREnjl|SppdDm zsv4izjDt%!IJ;tQZehX7_*Py{&cO^ogy{8rCKLcG5DRe#kpn%@_O8(y5g;qk0SHU} z`|*RyVm#~17po2RB@F&2qa(be{g+a)iNZV+v)MQPoIJN;)|B44j1ek{zuN0Rr>dqjcWXvQb zg?@qtnsz*;)WGjVI(7(z!NtY2wl+alCY0}rR0amwDSLb0zi)Skp^3yO28|k7tA6_~ zBP~r!M@M>i^g5`x3EtcL`RbE-BA_BxR@H1>&{b7e$CB~2B+|crl&TI8+Y=66@wr*f z&CLbV&j7lzP`xpK3e?@h-LL%ol8E+f7IyZ|!AVSR1nod$clU<;d^k?%7#Zovb;H0w zD13Z;a3u}DfG|-|P|&(BAT8b99`>qi!X>+%ogzS&2EFo@@-mtTXFVQ6c%-J5bKmEc zVQKAvv?LB5UfboA44pz&OWh;HXSfz*usA?2wB1n)QA9>2s_Gn9osWa#2asZoOe8>x zRtg7-k(UTL>g>!xiWH}~vC#vdYE{CUhu;z4!<6(xP-q_pxrV~s7m81;uDadNXvD>U zT8@9iQz#7K39$`qC}`NJnTa(dV&eFC#$;A86WQn(phRnEXgoc717{^B28I9q`*$4g zY;0{uMr2h~lqcqUd$p8A$V8;2&*|U=&9low#ikTB>Z@x5hJo{#m6|0Ic9=|8R9rls zEo5PBvbnWq55kQ9S#nxCeYkt?F@4%{+OrwM*DvluU}5dKe^61;8=vs;EdawY9OTlR zs;Vg^HbRM^0wA~$0FAo8_tc{KZ24tuc-ZW|zNKYpZjSB_vTc1m7qptrt*wCpgsm90 z|CG{z?f>Sh^LYRL694ZPXPpK`fG``ly^=x<9*{R%s}sVkZ-vU;2f<~i|ILvxa0YMS zY|Op>E3Sk3KjGUyg$)9qC~-7iapVh~n`pq$&`@+tbeXQYw2aJVk*m3nPiE9l5q0zY z@^bX3U;J3FD3!JR7URL_uox351QfsS`Y@Qf85kI5W@b1!XFw0OujR)W+XMjT0Bc#% z)HH+^jNkX~BzZ>)yvebrYk@F`-tUfQufE~N#ltbca02trUlyOeG!OZ3^pq76Z7C>thkx(2N8R^-%ySuYt4jvsG1Y{I(lWAa_oPa>s z%*n|KB>uo~7ya$qx2>(8&(F_&eSP=$@1w<)LV*3kPG!ap&bh+{Kq-F! zWtSh{h)NCFwO*;~>5($(j{;En6%w-aD~g7OhW7qtysV2(_Q(XBaZXNgJvm!B zCT<8%*H0}`k>`%l%#@U!ohxYRVt;{10BUlrdrDb_QtI>X^74K-Y+T&!y*>Z6X=r#L zd;rxlCmFQPysx^vK%S-eO>fXSKhf7SA8sr0I$dG8mI`+a4(@~PA_!nrtolCK@*=AH zp@QTEh`N1EN%7zMl2eZU58Bp$O1J|c)&-b!I2dJy@f_?FnXDNZ$yjCe^~e7HMMknP zwu!z6iybHq4u4TmU26CDE%AWPModHmln@a^#czqtrk0igqabcUVF{2DsUT{sOO-hkwER2hCxPNw_oZEp{eheeFt&9yks#yL@5S}K7- zii@feA}pr{Dho-(+#HS@rO=IIXk^gDB8*sP?Fo5@Sb32A) zzGY^XfKv#MX>=PzGaKvD6~fi+TE{R6to#OTWyH$GCx1a(Rg zaOHY}Vd&*lO{t?b%s=)46LLPDMZbX!s6rGpGz*_}p(T3a!AOGX<>8UZ>npoa|4JKx zmdiNd0@x$;%lhGAaP)YVu?ROyhETt6X<QIxxM-#we}|E=0(n_^@CDz} z@PUb#FillSKXwQ#=dtC=w}jyp;Ny z1b<;-FoCngj-H&IJ)Q>8;m_P0l_AysXFJIZ;2gmu01RpfS#pJ46a`aLM5U6dDvm~y zM~?T921|WyL>B5Rj@HNXmkI;J2V7EJk(~e|M@MHc-0lqh=K^fXGrneLMA-g&q2s@V z0wXWjw9HIWa`IiUtp%e;j)R@Oa+|S~@GoP$B7F~cB6t$UVOm(xHTN}51LM&A|0Rh7 z+L&mrqL`S8w|54kA8ux5=JT^JFs-&XvfsD*eEa?#77oTfWE>L#=GxUYfm{^?nkh^J zfLaBNM{GLzf#G3tL2q~9h8HiV78XjudNfW<#8*sAZ2hDzyH1({v%H>Kh@r7@UUPH0 znlu;@dfCg$%S~zkR|Z)cK%~^b+CIgWj3YxuMi$FRO>Ojh@x3Lkv(nK{OJ~gx0v6SG zp@N1&dP+fG8yl1}(68JyH0%@aZm^SjQWBWS01{h%`I42L-oFU8 z))C_qJo9#6%noy)v&!GQrbqAP-u&=wO@3&1qF zpdc?0>OLbQ<8iAaASXwdU*|8N1LaJtKqMm-aO8deURzGBcXk$6$ISF6F)<ov~nx$pnOzskxQtYueRecOerBPzbQG#W7_3cX2UT#6fp!Lk4}Fos_g6 zzx|^DjCgPVpaPhm3%v^-o}TxI3mnD8)`gRQrUHLU%gBY8=kRiHyzXYvECix@J~dtU zgl=02*bIY*hc~o&*5eZ{B`v*mCSF%UA+$O=3mcFh+IM(p^U>4OP`Cqd$=ra#`k_c9 z9-gmRwKbf?d;chboEdq0iCLs>k+2HJ4)8F3@u-?eX2<^hu))sc!#LhxP>8v-5sH@u} zARrH&0*sqr`vR5!nY1hrZCpYi1K)Q&<-Fse>+kH;uj%XyZEPg0nHU& zZb;71U{Q9}^3MNt18-4R!^z1BHarXt58~qEg3(Sm159$1Y>`MvC9P#;@<2CGHh#ki zCn1+v3&+_u*uU`W;fR}4%nA33d(bROy|CR&cx3O(XW@boZKxg1}2eYMBAv`>+ zNPGnY7nhoh3iKjeRFGZ@0WmmrF0QVkg*^hcAoirLu1=AHjnwV&!5NCLroQ^>>`a8F z?!EUOhAZePAbCZW-McgfMNQ4Zq$JvhEuPm^i`$luR09~3 z1UQqy-)__XlLe%7`G3W;|C7A_?-}I(@TJ!fqPZ1~jg2`u6dW8JQ4|Q49mj2Xd3hig z^XnJQ@lFdL_=Tx(_?{m>ezdo@H+MBx@iMs)rek*V-9I?7`3DjqRyGuE*8t(bVu6E& z6^U$UzN7_-MAKxTKM4u7=WTSw#9V#9t1UZ!4vps4K0Z~>Uip(S_m&`KT^~1aem*5F zP5RR(L_|bDFLh^8MUcb?=o1qYv$C>$pj(NHiNAgvlpZG_c{u(aw5rVOjLz)l+{q_& zZrke=XSqmvdHnlmSDy_0p2DIcBm{(pR60j6o|6R#Pt44~G`|-V98<$=HU+e{f78X; zl}VnJufL{RMx<)tgP|MN)5J8d_Oj~CO5SlX} z2%>Y9v^*CH=7xq_UYHa&zw_1PI%@F+EegJ5-y)OC(4eb+GIesVffrr$z?xq%rUBuL zzB^_Y5p+;EU#GwO*&cfFZ9HzK6_mf#tEv(fIcbibM5~FeNVZg96X53O=oEOXt*4(! zm~D1eYSv)FG+bZ!tFXGZA*#5EFYWv^(P{SHi#8=$kFpTEmhB*4Nt+&Ikm_6Gs<(F^7kTU?wdS*5v^zw@D%uYHBHbI}PhF-ugsqBufEQ-vcd23zFkwB-gW{ z!)f}tWZREmBl73EH$=kPXsgBHZ%W2Hy>OhMWTpj>R~~k!!;Y1BA8l!->oehXB)5F? zk>#+2P7;L9{NG_c?dT2sIS;=tcwyZ2Wl8bMyoN%oOZD`t*UK>Y_+e6r(DK{JLA_$) zpPIV+-ppp5KrRyeBuo%-T1{+}&hiRKW z;JT>YP#%}<^LTc%k22eR@eC-1{hUFp*o9-}Vbn<7)D*A5&U#JrLl0Z*=tu8YHBwvw z`akBJ#4X2)$qVm>@z3E46sd4Vw!^-0;nv*npq7`Hnq&nK%}{mx4r&aDE0MPpHj#CZ z$tz+=JgCGoR1?wkF!`brtdwBro~Aa$3(|N%t7CMGKz4TMJV zOkcEbR1EK?1_szDI>Jz!^@ zahy;h^_T1=a$v3Tzjx`?K2bFWbzd0w1#eP5hFXZEdFeM8DLaY4GffV{yLo@3yMi@F zj1j*#XH7ax+{l2&jbM|vV*Qtuo)yQ5w;a9gP%A>jo`QPID9LSFf6axa<#z}vl9s)W zgTN&i*|OA;5E0RvSAZ8FG(4)2E%gsL6 zf@_J5FNT;cWLkZ5t5+N+U|70QI-NSxtCc@%Q5)^5Fzjlv(G*O_$f%;A;AU(rDx-p(rlhBLw7H2rwz=?k0TmrxK@QO# zZ^F^l)z#LPnVK3#bPA+^Pj>$u9fhdbbA!Rh?ANcNA_iXT4W)3lcbwwYla=gZV$e8% z%>wPw{AYoVmiD`=DmI>M0&?I4WTvGB?${O!gG@KbAT#xKAR!@XMo$xCV|N>Gc*fJm zudLdb83gFc!yCURu}p~m#Ap@yqX-~{Q3R6c@YjM^Z=J~}UHcj>BtKyYk;rQ4;Y${8 zuT{it17edETek_~I|TV~A$qBc0fn0JG@^8NkH1<;arc+qR;R9{+j)&ISriNG&A)S? z$GT4(d!%;VOVo&zCF4CgIcN$IC!-}WtW)cFZ+dm=9RBQ&hAc(b2{v&K(rUC``(3U`4i8{>VsGHQJL;xxZ zeQAOKA6*>zB97Wii54b4Z_wy#W`YmcwRrs#s*|SWWyR~-wGMwQdv0bzIHsV$0x)Xdt)9PE74(ykDE!;+ii(ceUYfUW*#(&8Y8H|^5opwL!qk;0n^+*yd!zUZ9klH0G z5$TmaXrw>qQ|`%SsJ-8re3^HX-DUlgsn)7a-biHu`aIj8?s}oaA9o2M*Td@getA^G z|*?*Ed`Z3FP?#c5of$-7sg#ieZZ7kB^Qe4U>FU*S#saZhyv>=3Kq5vhoM!j zur;IgTNXYHV$R`HdU^!rASjRFs1@k4;m`6nBVh?ff5pQ}WKW>#IRdPUtpS5;kVo>s z{X_0mgX4-)7u%B(WnMWP#b_^d+SV9A(|}b$wK|Mhp`|4lQkU%^x0)4qwCrdIH#N<- zzQnAoLeYQ?!hzwCj6gS}rKJ{^l$?!R%?)T0kFe-mT+}{XP6i=jAQGlfi$VJ&O?>}` zvoKu>Oh9O8pFPyS>QF71Em2unWnh+S!KCgPoc#JW{`;?OunB%n9>q#lPF8biW@c|= zW5k$EK)}|-HYS44I9CyT@a}H_?PN+5*LY0*R*Fo04ThyUA;vXEVnN`#0 zKbDuF-4-u&tkvY`{C7D;QyigVbdNqb?rdUK?HoakM%lCz56z`JVxeAfkr1od|j^b}cZymdlY8C#MI*%+YHh z%L4{J<$twymO)j&U$m#CIW$P4bhjc%gD8TCfOLq2Gzcn4HwaQnr*yZ3Al=<5Dc#Z% zcl&#PXYQT(`;r;J!}&hX-g~XjUZ>uW&-<6??j7l?r!BAfgkIHu)F8oLO(hO#=AmtU zivLu~-B6!UM()jU!X|&h#JH?2h02i%Hj5m=!2yF9c<;!g3<8a-N^mJhd6PiR&8eG9Iq%+5kj{{D+_zo!-}ES$yhh(+t&X6 z{;R81A13f)dIlHhXV7RKUkl!k9S^@^2p$QgZUs zqwP#8^{mDx2oe%OG11<=gy+|l2iZ4{io)}W0R~Nt_;dM=@LM-vjYaeD7 z(iO``J&UfSpFb*Wbh}6<9D`BfXiZjOPfc1P-E>|{d~UYetr&2x>;Bq=5tG3H z>#7Mt|1Kc)$QxSevm=k+53eL@2Fz=GaQe^9=A#2rH?PP1>(iulsgyo$m1{rOb3EYD zbcz9CX?JHw{DJGT3eG8%j$K&ZaX??%&CJj5>FCJLl{>0A>1x<0%b8XhNay6y-d*>0 zOeTLeu2p6B(EaHwGMITdI5^;EiTq4+N8MILXKZ+giRK*}8_TQz@`L*M;906+m`YEQ z0khwwebeN^pdsBsWj0Kf0Kq_oVPf*Df8Z_vLY=E;L_`Ff58ZkQ)9p6O*Jbbg=f%aR1Y~fyDmo9F_u`XNE|*R%ozdA4432;S|9+_{*Yle>k9Cqm~mhj!=riE-In=H$2M>iX`O7gRJE0pS-lFr1m^j=bv!uu5a_w{L!;#NY{m|JZl<= zci3PQP3mlmqibtvY3W`rEfaVCW##7L0%tWeG_33~NlZ+P)(@b67(hhnkl7xNw zR8cWIN>C2m{0CPTlZ@R~G1mbs|unkdLtF12A z2FS=v53I<4$)EFr3ADXkzDN?$%FV{c28R9$c0%LZSy<9|f;|_dvIrf2NL!qnsf#wW zjhn`=Ur%u-&y=ZyMDY);ZkNJ)+d159+%ph4F**vOLzBe$#o6ficzOUB5Th-IU@$pB zlm+A*b#ygH*W~39wJAO{kdvF5o3l3ls5{!mjD{j*m?{x6q^_sO6=G&)X5?co?ba~~ z%Ol8=?zMGwHHYo(`}>GGckpUK5+Q^WF+DTW*3m(LiwkKf+n48#pp#Y`8K-|MrH@M` z1KKnx!|fd_!p5yeR0hfTM#EG}Fc*0R!OZGpRt^j6^@jK?MG{Pw=DEH;7$mj5(MTu| zgMcIH>ysfCKC3NnZ4pzGn7n!ws^#e6G2a$K4gwx~clUw4J?hm}i53*0xjDT84lK9& zdNF;9kce#f55L4kxx6AHXH%SGs8Xlz6^24n?G5_Nn_IVB(ZZQf-NdU`dSbqSXIxiX z%WF|mQQ=u(sIj=VwY9ORude>u!X`N~QA|k4Y3b}>I{r2fPw}6%{xls+jvhPO&&P@g zU$l%RnE-qktx6e9Pr~VRbX13bH7CEI&%mXzwhjyiBhS^)*vjhd_BvswjI8XvU{%!! z`_fXBrVM}o3xL?*GL!Y9=L)AIL$&4MVMUaw0Fnn*3OF2~&<-UOhCVegC{9a5p8oU+ zcWYyl9uo)0+Intvhp{x$o)%M|{ka&1=iAl2H5psf6|*PhnxxLAGhobKP={@Ko2(;7@sq zXeA4GAfOckl|1n6)kb!T4TprG3Ok~ab8KK>;#Yr|__8!D8#|}xepw}4V?TH!*c6qO z+oQ+(#?;d#foAx%wA~_!VT4UWLjx;&+1c4T_%bgvgzv!&H;bF%E8M9Dhz;hC`uh0z zDvtnqZsDwg3bdxpX>BvJTlt?tgZg{ENreA!w91#n`ST~{3&~X7TSM46tf|3@!fh?- ziN6gyO&E`qcZrx0QeIwQ*yJ=-_?+vJh|kV})DyQaC?wPBydvXbc0}1_iovzoV+VeY+qWsK#{I#0_Vh#|YoTyE>_QGAjEj#S9vi}6 zI{;cU+(vA6HcgO;scldogQB3jySH~>Kmi&ScpCkl@}iHAK2v}iY5wL-a7{^dHV>Z& z%h8eDz#|o(18p5W8cN!*uwYy~EJoC~EK?g%n08!w?A?&0Au2izGX%gWkg34j-YzUW z4)j{Jieb=#i+zeAX%;=qGXdX=a&w19M|p*W_(TM#;2$NWy|c5tErQq7&F~A#!_x*d zDc!#AZtR4ComPEy`tbPp=7$fF^78VSS$>`cqVwbbHAIozojg2X@sdPPlfXMtUr{kS zJnYRVi!SP`4y6nz4iL4Z(-7LQmlpu0mzD_=8Tfos;j;C*=*$yZag^A83*^`Q16g$?|)x48bX|a?G*iHGpAOGwRBDhVv%;dq0KG?j|h&~Sa5f7(6yJC?e zp^!{(SkKsO?WB=R=<&TtoVG zFKn!qY>b>faP_3~%QNsOe!Hg_MW$^YvB4x&$a|@zq0+_s4s{QJB5C=!^+a0Rl-ql$ zeq`DvE|iwUm>o3|X;WPP6U7*etA9)C3?WBf!!kC%W>J03r1~-fwX*C-#^#sR2jkrR z!R{WG-=V1UcTjuqU0P`<>`EG(n;W2WRSYuDJUKV7di~m~d_6$&9nQa+t8~&k$TLdV zN^4x=A~qN9p5#@{kvji~3H}0C@|)I1CMMMx)zvvUCEvdX2cm9^i8&C(yz7;yfGoKaD<7FECcPgq|*Ktn;+Y`E_q5U_1!T_^eg;{0aE zI19Nsi@D3*tFS*)Q;Pyd$gc)GoZFg}sBj-adDC6=m;Bn*-!1)2L;H=DiHU^~Ej5WC zNXg^+c>W}GM^}$kMg%Vs_ zQ~Qq~gfA2o@^Id}7kI22p0c;O85xzt zwV9o}(Q@?{cEpL7mQOwQ8$cE{*@GotfDqu?3sj{9+!8b$HdRZ@Cm*yZMdACJ#RH3= z%q}!QaW(2+U0pkLa9nKDVnJhgaD=saJfd$y$+6Jw`oasehzNcJ{g=t9sjAA#_=LE4 z3aWQbLCLQSU%TPUv~`C5`PGiS85wuQ#r4R|*0j>hPvWCv1JeTn>R^E0 zeYt+i=KY;J-y$Q8hiqD*B&VC9L3|sa69q(F&F$0iZ3(%>`4CfK#OJIH&g#-(*)WPd zErSim3_Id2iZfJnFy3%tWVN-~xe3m+IXHUOb8^0X8G~M_$@}c$0>A`VIi4SHhhTyL z>yRHFC%qe^(IlN+Qvzl{l2UK)fE88R4bVp|ijj=OD^WKiQ9AO|d@W4IXwwJ`@W4&dh$y! z{4eODz@Ti=AX_yBQsf@c>R234o@|p~yIhPaQfo>}d;8alR@~Z*O-v*qCZ-{$;-Gyf z^(d+-cQvTSy~tBnR4YH`B)jT>r;KAV3fs3UH9qgL?E8Dyg~i2y8&roz;MhG`wgDl@ z+{&DSjw&G`0S6k=VCXz~%?PIW(08}CeC`2}1}!_q`WEDJwT$c5zDK?=u{9$nCDl?_ zXX0TI5ff}Zsnqhq#y-?ya*<)-{Dtd)AVP%X=W&#m%YEKMa`yTl7!owoQH6~bw@8y7F71g#Ap*6oAzCD7{#}7ko_Ufo{K;JY{Vu~cts%dcUYGlMb_ThGsCeIvjoj2m zq!T2xsHN`5yS@Hsw~kMbOX1){8$d%t1MQ+N@~^hZ>fBsHDKj&cEaqk{hLMD{G=_i8 zTx`6g9%8{MF)69(*b~W-d=mdfx`@JocCV(qzXCnWb{8%9Q~QTRQ{RA;>H3XatgEgb zgmm?)8P?H5-J#)C9hsfAVza?OC7ALFG9tpXds>DxA#CO1=ol3gw9aS(9&rl=gPntO z>v0g0tCw+8>z28t6hG6z0j6|q#i!K-)B5D0Rhz_f?V0yjnsq_qxsux!s3GXyis&Ei z&$@=+(xaj2WdeV;Lteq2n46m$1MLjxre)gQja_aYo{5PO8788qva;_1)QUC*PB}|K z>m1v(%-!zePO->)4e+)F%(b3V?&f8m4A;gm2e5({~nfYV1Z|zs)B=pg#8Lh3oN)c|z zvG>7hHI9U~e38vvlE5cDGuOz*R2Vp!uh7B7I>g7t;S&((=x7;LnVVTgMMQ+PuI#Sn z6=sq`{YfqU%ox8R-TJlyZtV$)6kkR@26TGNwSzD^2?+BGPM#77PXdPj@XxWL@?$6! zKDX0ER_JYL>>vE=*N|!&z;@}wWj-U0^(g7ksCJK?Z?kND6TZuG{;{GJ9d#$7;5G87 zpHKn?of*&8!U8?B$RK+`eB#PCf8+$lxU2|DO#wf=E7wU?CFiM3|0)(q z>ZW8Xt6ly*vu<1gWd*TYIxQ7{j8BA}f*_w)d{Yy0tNHxAihsf+6-W)W@m!y2!Zjwj zxTMmNBQM6(Rq<>l;y2%@5fgX0^*`LG;Ocy;<6J>JGNM*lDfIGe$x3dPvgjY=(@Fm> z2xSfl-jw$C=|)Mqs_e>2zkH?>{{LEwvkP`aY+T&N-j-n>0%J?ZV{BdUY=X$2TFjPKh@ckhI)X#%q;G6qtn0K?dO~X!vd(vS(IPc7G^>?x1yx z+)Y=P`g2Fi&miA|$jIo}TeqZ*`LU@4U^giGzbKM3!VBGQ~;NUtI|urm;-!_Zd|x}7MVt$L%YG- z?aMH!Ki}Ub{LED7nfq}$ns+7LYnP8yeEImrXy32249R!ia(r+YAC{Gs!4Of6!jM0T z&vV&ZWKFUAjD z!KHLn;sup%PnI3Bth_Ji03{)d7|;;b1O54mkq#&lBBJKy19&afq^&~W31Q*l>Kc&W zzZOTPo;m*HERU<%NbT_YwXty`$F|f(_E!(XQO52cd3a@Y^cL)6J8DJq+2bWDa=Np_ zo?OrHf9JCoJJvkEnV){@VYhRU>-4w9v@pHi%A%y_cghPYT0Yyq@A}#k_BNfl1|QW- z4_-_iXMXVTxT&eRzZ*ZvH2i`-?b-XJ(2IBhGiGbMm*C-W;e@oCT~+m!qf=NfDG3H2wdc=AhsIa`oI}7)Yg-#+<=Xj$ zhC(L@NMcdRt#d&u!};_0!Wu?z?Za zZi3$pc)SsEQ%ordresz{weN3hzKfiH*HZmi0y)(H05>X44Gipk z{pi2KZR+GiS`3f@r{-5{=tW`WYw|62@gB6P*EH1B(PHnCAa{9V*OZThRY-`GyfNct zzPxh>zU zmdVGG8(KYd@_4(oxxyoEF?OADJ9K{3nv5;j;p!Ec^(j@=WsLKP$SBo~X7+}GkgWI} z&+>EfQ2EiD#*AYRr-bkhqj!iWBwMQG8YBXuCi-3_x_JjViAf0*&3=7F!E=mH(Xp}c z!Sq?eUW!hNjSWvoXaQ($b88a>9N5E)jEamMj*f|0)KGx<$N0DiLTZv|fSMS~NT*Fq zO&M2Jl#Y&%87S8G;3P;R-3Z?AQg{u^OVZMptE2uOkv~7zQHzR73N?lWX?+`R9Y3+i zq%U8hV_7ZcM<)a8LCceRpsK5{4+|b_?9;zS8n+&8-*}xOZzO9`Q^_SPjR|ic;wc{8nSARw$kl^B zV9v5=ueUl(`E6xj%RH^!>gP)(Htp*o^segOIqep2Up}bV zcU#u@$=;OUUjMgW{jWMUegMH`bJ4dCR)kd>axvU(zDD!dQYI}&2Z2oagtS=*eC6~9P;diS-20-U)wQ*$80j!j zk{}l5M@IuK?zAE?uB6rCc8$O0aK+ zA<8-it38$bTXEx8KmFVsiJB1qu2QsXR9+Pp z#B_;MO1QIY<@BNj_vFmmQS)!>ut$!d*w)|_%gbMT^Z8$dr|;FCS-kYHnV@dB`|OS* zHubsC&+V&}HuQ3UBU;gVkQam%VvuPfDU+uIv>2-C-&ak&;UGCm0}>wY&^JIXE=ze`p;ueC)+GreBH@8xLDTj((wd;5LIohE|=C zCQ_ZqYwi6-Gdu>+3q_SDuTu2&^!1yRa*B)Tg3(j%@~{MiU<+hajE>eHmUcytYn_C( zjThW~5c1ONz0=6yLCZcJuQh{^+RKK_dEBP6Dk*`xD>2SAZS{^fxpUD&4>?>G+QZfz z+?=!bol=tF`aMm`6QvSZ(PNPGG&UR?&COxh^2Qo+HO$VV31L3smmg9;9&G+;E-0;c zB+$M>H3mmAjd-qr$E#amz zhK7bRGq*>|NS8l};cgz3j7pWfaH%c$CDBNS?OP}MB3;rnE7pSf?p@F!04`aw`CeAR z$;07;qNS~!3L5QgG$sB%YAUMo@81;$M`rqdkY`o6ySu~1xP5>Lp(tKoC;vlUzQsl) z_v7HSD5|NclX^&}qY7xjn?=DQOif8CB_<%yB1mu}{cCdhwlRyLgqVy_*7M;(!fiepb!(R=xCnB z9bub1f(S-0WF-gL@97l_pg<+Mvb2QTgR!6IQtI5cuOTs(|1`lR!tthOA4D9BybMRS^vYqDsq!3w&=>Kvd+ z7Z!%zJ2(utO;KvzHhr?Be~Q80b*JoFtGeg7^X$<<`U`G@I*A+=2}fM~Wsi!4Pvsqn zPnhj7ZwRq9-k5#1`CO(*V&Jgl??8=D z_kJi72Oo)f_38Ytn{kU_C8{fbmu0%y+K1R1^Y7AD>l+_-FgCb!WBTp{WEGxLRoo*v z==;N5GO|YVfUexir#;X)8ajTLZ5*lfNf2qBrV>;XdkuY zJsZ6ww;>%_Y;wFYvMgp<%s*dX00YKPetv%XuiL2juP4g?9k_VH%9m__~ z2}&=!Rknz5f27)BMGB~NGB;;dk|#cpgVQ;%1RqjDd}RT!E@97Du(63Vnw2V9@#}m< zIi9_&RpF1bn#AAHULr%Ekq$j6#P<3JxqMHrdCBWaPRGPZ`QI!T^N_;={}>oy#(&<{oF)7Z&b2Rf6ve1A-5-Q`j6oj ztZsnr1Hd!eo#IG<-+c;ruvjq41%@Fi5A>y)ZmNH?vJ-3*gNhA@><*)>L6}r0^Lr;o zi<+JoyP=;EgrJszq5IuL{t>q9HYIFM_yQb2+SO5QgZ01kGX9bH|8HsMjOcG{Z96<* jDo3+tv9Pthxv?w5&8zsst^=R+grq2^EL$XP=>2~Hb3{8z literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4autosetupofvpn.png b/windows/security/threat-protection/microsoft-defender-atp/images/4autosetupofvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..50c34811857ff68645e19abace4979fa0eb96053 GIT binary patch literal 34221 zcmd43bx@U28!t+CBV7`L0s_)VNwv?|l7^3u13KNYK4F(1VQ$|``1qKF=2nGh$4+Rb!AW0s7Q&zl#Gz?fj0~dK3Q?x?Kx-xSSj>@$+BvE>?0-29@_-&lyEc^7j3DyOSXwg7)H#EQVp^ z%a9a@5x$*&FI?Y|#y&7`l2VNE!Qb$ECE*|-DJw|RDn z3o9!taySSgI49zIdMgtX6W1)1A}sNPanf{_;3$Hf+05*0CehK+5f*HDXC4X*ugZT9 zb8~ZBXVEATONG8f@qKxW(S)Uf>-!R=Lxxg`V6C(S4FOJSJ=4&{M1l^F5AP;?+Tx3* zW_15nB&P^YmzeJbBTbwvYl<**KT|{3eXrY(RRD6iiwl838yemhs~@~xV`l3Ter$(4 zZVE%H=n45NDDk#;wx5rZS01O0T2-6m1kEk19{-vNI~+#v44GEahP^~tH)wMs@F|Ag zoOtd~wVd8TAJ3w^pDWY7p~5XU-H`jQ%$Plq z_5ilcn4ODzYG-F>rF*Qjr0DUuw$*KGD_*rgL2BmP`~vCjiK3!h+)7h>%kuIG1o~iY zZEY(%NACMFI0$Y>P5dR!<0%^y8*I-(%p}*%?zjtJi*P`t3M2=-dBaajt#ZV9SwFH_r1?ID-CrzOAGFDNa8fgW@bBca|zQODb)sM z3=9m7jg8Y5T-q>J*4EBWPQ$~)YXU+hW~1$%1_mvKg${;>I=Pd46^HJArsKC?gd)B> zOwNyID!tB-7ZVfXcL_3(S5R1=*xzSNuJjY9**n_v2`giXc^Lwilam8|1}AyN3Xyc% zeZ`)m^5)(|n~Z`47cC${nu(D|~P8)XEmcR+dDh0XQg_O%N=2LXeA*x>id^WiR1dm91l^;8jtYCW z4^B?T2n#*`tsM0}(rdYoV}0Uike2z_QcM;71#_du^RqXoeY1sl6|PN8+)Dl#I(C!`nA@g`UJ88%Jb*!9*-=<1CtHuSpK#`~Hh zJ&*xbgpr9!tTH47)dv>Vd}d{o=+jxc@bem#H}rvGF{0n|xy^z2Ws+#$a6edW&q1u7 z&&eyd8dcYj=e3KKhhvv+!|}r*jN`+{I|r+`O3J#=4=YcEJb_vXqxij1XRZR*c=u03 zxxy3#Bq8-3eXXZ=qfdvq!o{VfW~FF|zMmKry$_OC#J^PSt*wo0<0FVP5goRMw&mO| z*+4G9=D@V~HC9quH4}R3my2gvmrsq2#SDWEO)8RMBBit&`05GYlRj*t)jZ@7={=su zw;)7}A2Vh?eFZJ)YL>pMYSv#&*S5Nd0%#dtMpi5 zdh@2e{vl#k4+?g37+hUd(9fU7bCcjE+>8o5{Tz&AqDW1xJ6aKVw$wDkK*bvC4kHq} z*i$qyHO{a#Flf&ee(E=}XtGMg_(c0Oiakg z$Os4sP9>DsSy@Z#^ZU&?+vkrB^tsDI?6q9SB$850lT%)k(; zhVTbk3QChk>v>#G&MTqxDEz0j&eHcK-)wrj#Ki>e-95h5ynO*4I5hQ1k~MxXpsne- zN4ZO_V7S-&E)3k9I^9yK^YsAqQ{^9c_=)#6UN_hAuE3IPnPKtlE%-Ttc zot=H`4TAnoOGjs?&{Mvmx|({0OxQHsEHY)_w8hoM#nVF+l;VYNGlC`)272VRp7-9% zWK{ijgL}x`pw#CRv|#b|bWoO|kGaAm5t38x;Ah8eK7W1VL2wv;w3nOqIIjrlSbj-N zLGg4R|4gD4R;QBh-{JLS31t`RY2q>RY4cn^5!O}J40bg!*&-6UsV7QB`E3UBN2wIxq}ouq~v+n+sc z0Xf?pg*;|a$>gZ~xk@&#PGU&EWs-jzxtzP~d9m4#Zw_VBd&Z00BpudHuP)2Z&0S+2 zZRvw6E0Dr!4ecnU;PY*;`F$L+v2x$T)AD4q@}r~_8yg$CSle>Os`oUI6GrsjSz&m8 ze*ofn(ul0*>b+yGr=s&XKkB(KIvb<_S3Z|XLl`FU8t?g`6@onAc;M2I@lNsaiq)2$ z?ZIlqnjkSD;d>Z7pD}Cs)Xa?ceQf&axuNcs$RnH0__*@nE10c^pixLkeLd>gSTs)f z{*LgIjH~8u2VDHy51?aEmO~jQmX;zM-dTP_Kfm}-Y1?RhCb(dg#S(B?tv53u*AsNi z%k*&z8BI(Lc+={6hqn%{>JgM5+=t;=3Id;}?%U@Lj}?!{+1BNYH|3%%K{lY~LKl3@ z(yMEq{$7ky@m>xL9$S~}Ypc?|eTx}bU6%1(p`)wyay@J;#4OEwK>4Q4p|t7zyc>OI zo{Wl;(znF(s!;E_gGk8bY#ni${-Szmv7m29_#v^&AAuXySrx%#dwct(y+_ygtz$-Z zHn#7m{;wy9~hEq}w zm-HL}AeqxU){yYNI?&t0jGSeMq3q;P6prwNkt)|({=WUu>+P1PYI9u?7!bn6mPOuw=4 zGXMhT>B7rT_92Kjh)mGR^k?JA5=H&mP-Yeu?+Y^M{o=}_X{{~&t5@ESMv(YuoG4cl z2}EnNTGsWGo!TrK=7jW;k`gNDt<-7ZFY6XtT5zo{DH^yBtweY2tlnq4LqnX*%#q7+ zadD9QjS~asrN24`lFCTM(Dm{3&KV62HInclxySj$L{Kly{hA|=hK4X6h@vAQH~cH} zcm76F5_6+@1}wtYE)aAZQ&Ur(mdtt>G`eVY372Ioh?7ki7^CI+QDxZglsGdH{&d~68VIlq<+u1*)wwix=eVOrwm&M4) zh@a80T5B{#=<0^*f#1fal&hTB=wNRzP#lueB>bQEY3|qtY*FDGunj@uyB(>89$D%=G0HExv^*8hB_vS9z$hq0tUTA+ zWX^3wLGSZHRoK^P@m%jZON|#bN6_tq-ls!1>dn&U?}~_XT@!|=o=%aAxTefGcSh46 zK&!n2yFc`4uvAaTV;kc<^Bvn*`eWA$-#{J~ds}Z6p}{02 zg@s0?gam}oH_&Scz|IviFg(Z5r*tTM3ySGs{O+@vu;A(6%G(uT$QcziTdg;n7%10z zyrnc{SIfG(L?h|^F4u>9leq$de+`zbpLRUHcdq#d1*P$NAFc;n0IT>>UWu z5Va|T#eetp_3`KmhrXlb(r@SUBVbt{2^wWb)$ z{mBf99dE>&{`}eApB^NplkDLAc8U1b_vNx2*tCEz`MxBe1}`Z=s{Y`OE#-enl$*2! zIEb=C{r~td?Ljr>ZQ&8cGhfFaPq7@g1C8v%b}ROMOq(ZsiDKC|pYq5XD_HS zzL53%3VB{i8Mc_&ySl`F4Sw!A>_H{wE_3_#vZGdf)w$}|RxP$XA6{)+aylg`E~uz)8pV$K1RWmz*Zr>~e7$$#2@eNIn}77%FuJ-vrPAJ(2Ro5!u;DiF8q zZ#kUv^^9*zwlThvMdu4HJABROA*~2^1!k3kYDquc26`>r;KV;grp4-&^t!SACI>$- zH+QFrJ887PWJR;EoXM+C5CWp+5^=#;(ZZ>$yja0Iuc1EZiro~_Qs?h~em;?K`yxiZ zk~%>_QRdAXCUjI3;*{->KOQu+ouQTszkbyP@FfOF1mu7HEN9sLIH&aKAwivGXi%1w zktqxnow4M=WO1b?@gf$l;#_v|y}PR9hPj59p^Bu8va`jC#3JP zGBPtV_8lbaEJPP|Nl9%J{ZjlG{)eGgV`}QpD~2k}5n|)P5WAQ}M769eF$K&o_PC|5 zc?z?eJS~))Ms^5^2!8#1p*B_hRpF9s3Kgs+ijhKT4~dViI;I+*5*3wx_S7`<{{5At zVO_qkz-X`SexJm6j{GOS)~Y6{Dg5~i(Hi1qVNgA9VaYsbd1&O_`!MuDPS@$dRZr1t zP+HGOL2WSln`L2Xenr{-HrZQAiFFS9P_4yA?ufv&`yUlOB8AgG;(xF=RtX7@DNS>= zn5ZxWB2PPEI#0*S?n~48eR*Yr zRDXUFDl&fdMwH$>dRD&b3=69|eojtDgW)re1#n5h9$hj7@A7$6HfYe8EVQ)AjA%NM zc4mL|JQOB1*nKUluga_}E_mtTo_KfQKkY^$NK1aKWGRMy(JN4ZUh%#+L2t7~VEl{H zw9xX(;vDya*5{e2QIYKr4kq3bWHkDNMNHDeTDlI85fR7t10}c*ClaG0X^Hql*Qy%M z3RYx4%QM?C1;y|;Xwe0zZ4BO*hTkm(hsNa>`Kk5Krx$i1ww z=Bv4v2|cw?OJ?;eYWBK}q!=2cWIi4tdX_g?O-=UJ5@WMkEARRqkD@Dziu&DRjO|`C zGe$DuU{*~N{#387b+Nr86QyKm%*L|FBpjCTM^c;NG0A19y;Lj=;JC{n*giUnm`+^( z-Qbj&kyTwxCtTR#Wo}~4$)B51oYf359+0Ps0Af*-T#9Op!ub|?!{wG|yD&E-^1S@ChY@y5iE4j;-LMe=*|1MEDI`p3` zHX`<)x4hW-C_oKc6Ue3k2mLSp5B^ZVI1giysp6=*IxO+BIY@r(%HS@MEejKT*42#+32DD~&ZgoH3<~ zHFk3`-6?t%t;EswsCrXkPRjd-FC=SD3g49yaB9;F-Byf6O#XlJ(*&R@r$YI`(scLB zH!U|E=&T9y^isbnHH&`TtSF`@B;20Iw|YL^J4v~xw_W!L)oK+3p)BRW*wS*)uzWR_ z_G$T4$gv#Rk^AjJp#KM9B*Y|{5N}=UlsM8Lgz#S&C{qy*rXd5$w^>Mkv8*=u1#z>+ zgO5B5+YW6{qVPtao^M#s);6A$aD6_U`cXZuuD1KRyvM(~bd-{m?CI@RkPqjtIF`5m z=nR3R)1I}k2?;&Nm3nR+<5g5t{D_UkCm>M!^u;TlqLGZ#<7uI~VPT=FO0`<+sIOW0 z1)7AFRgwHPWy|{be$|;>x$B?E%Lm_qvL$vKA0oJUV!g?3=MqX;vIr|Z5?qTQe=TV_ zB1QhT%K2j}Y^H(15Pl9pE&@u*Ka)b7K`tqIWkJ*gkyRAr3#+NTcnN}WXy~0W zbBGoZ5fPZ+4;I$)AbdAXdQy@-osju1Z8~z$jgCZ@;n__q^a&mrYxU(uUjw2GPwnbz zMpILhQSWj>VxsfrGAv~j^3GC>>j_X#C*oT+*VosjS0aJT$ze8PoSmzo`ZNC5PjgPv z-hf6tO2V1>aoDF-d!l1y*JA|tqQXK61nc3Bjz`L5dtv#HA0s0pX$;G?z;pi0itwdr zlvU;zPmOjx(zV1)nNsp!CRbXI$8^?NwU2VSbndPU@SaYKzMq|fW^*jptAW7z5GDM4 zuvBwZGc-D!lk;ca>EzC1c57?P*B2Sxa+r5}j(xk)y4?eHF2nlF-MMm6OBa)WSSZCM82hJKwVB zW8o9g(ppFhftd@{dp?h6)oVGFUcsuDcYgjmU;eIV>iADQsF1~(BY9b<{chqxj z=GmpC*gH}`PYw_JMh4a|?p{YHCtm=`iLw@30bGwES4ijDrm& z#tJ_ERhYEIn0Fk*yFB|dQ&T_Ve*NYjI!)xr)fK*9*xi+O_%x{pJ&(Vv;xzt^uG78e z8)vWt-v!C%T?+X$mdPN(& zDW~Qe3rGnLqWNAc)sB$8av2LA3Lm=I8CjFGwY0+eBgnu&Ci8G0ZhEHAK0DK89{`6P zN%59j)J}Q)@X!jPNA))aD4v=nB_ksR1+q0TSZ4{GQ%A?ghNNFD3W`lgt8U67XyF!g z;@Q&Y^hL`=k&uwebly3Qtq#Vs3Ib(lZO*6AmZE~4<8w@nh8K}}^}>=jl2#A7>gqTrsZ)HHfs(@MX|)+S$;!UoEGd5J{VR87cMi-M2~Q+y?dnVne;5V+fnJ-KzHrd%_~Bq7-o z5%D37AS^^^M3?fw#=ZegM-iDK_RY`D&4B?~%|gIF0hNifnCx5=h-TH`MdF5#4lMN07uG^i)ZKHSXx^8m?{vGda}0%+y224P=P zs*|oR1j)UVVc|ynN=xl;JZi?$8GAdH6ZZjn_W8Y|pYz)@X>>O3kAz5lu7G?eGe;r4 z5pb~+UD?n8hkA2-n-*SX|s6dd(9B#Mi9UScXX9o5M+<(D&7QKau`AV}+c(CZuC|#qcUs&|zVA zc4ru$!L}kKJp2}TQ{kcE-{*|3^VDs}myF?;K(qG!}>IOSB{UAogyqG7M}42OeRowHY8fQ{}!cQvB&35t!4X zmf}5z_{$RhMpRS!LEmX@0Rg_ zk&)*v1|eAfVBWvRuGG=d9(O9g($i1knBvPPb-vh?1-T!0h>D59AL=V9jU~Ar0S>Qu ze25nk7S>6_QuQL%E?6a^g<6C2%6dsUi0AUAiXSLpg3u~%0)X3K3it8SgGPqQP@ z!omU^JUlrnKd+Xqi=FaOJ@HJXF9Bn5+niVDXgk&Ex>R@3u9)l-0vK zg_z2v-W{=V9GE5aNPN6`>q_B`e)EPW%310+*OxB{2%F9a2FXX5{kwV>$&%HI)e(`A z4WL<*c8ze-%Tr(*-nMJQ5m?Dg~X8k}a%DJk#{lfKXS`1Ez zYT%2CO1NCXutNA`#;lRPtF9&wv5L7g8_U`wN^>v1i-S{KNhvLI?|$^EexgofBMU22 zqoNeTDZ%1f^g!xNck%3_jlxl)(MP_96J+lruF4A32eP-jvdFVV%}Y|PV}ZR?P=aF$ zsR-bVy^~+<=n$}Sm$g9iXyJ1{#C*MV&c1=Uu?KW^*cj>C0XbF?r|3^=YKUf}mM1+C z2bw{B?Gde)6Cw%QJc?=G+*T(zdxBg@%VRd!2rWV_Z z>-{cK8Ya^BEbJdvL@*P7OMn%MF$Lt8t z;IHzd^T+2S#*-CI(SQ9?V2+;{gJoWuW?AFl+gXI9`t^;v9)gj zme4G+QzW~kWn{J&85xsR5xdC93W+nolX<}3-<6n^xpZpkMK~K1M^RA|#^;p>e{zGH4&K(4^}?FqDmfpYQai zt$@cM`O}<{p>J-xJ1tha>YtW?gB=sd;e$NTlJ~Qyc#W-Oc8_hEmv=)~R!+8}A^{&h z96fSvZgY8A*R=7?;ofmODh2L*kEEW>MGDh7b{G}nU>6Ag!IlNwdKia;?d^dPGOOJKDZNgC4{WOq)W{BzK>^abx-1Rt zkI?<{-c?P8SFgIedstZCN=QkG3@YpEXFzj^u(gJM6%5GM<@Uh>N=Up2A^@gT^Nnx| z-%UD8LMh7hoEy1t;IEsJY|1x*M4-!}=5Kz(?{QbNFcc+BQi6sov z3;EfeYDkIG-r^U!ibs!wHE=wO{rbB}Kew;J%e^}N+3!n?aJdNGIPLqsbY+ZiGGa~` z7=ofcNl8hovmGC(kzcLh8EhVYFULB8Hi`1K3l*aD4Gun(La$nd&bsh#UQ@&L;9i@X znl21qAz^*joYyGT(f#tphj!h%Hd!-+O@)XhrT4vDa8xgxC<3w=2Ej+38A5epLPv2| z&3!LuEEY&rK+pA_2l-pTn&rpj-hHgEY;G2`rEvFfFW;s1R^lHyWF{}_@bw*5*aD`J zrW`3AsgAC0Aj%<@jT=cCAt!twhPn_l^NU6}=bgiO4s&h+<`*-_e5I}4oUA-VjP_@b zZr6fbO;rN}XjXi;G;?$8^GH828dX{1-Q3(d-UEz?jDV!SZ13Q(`c8Am6eB-BAJ^&N zV1KplWrweFc^Vbgl&xWgvsZI7T+4T_c}!HFbf2pX)z{aYQj-G+4hh%ry>b^7fwhIK%hyzSMt?=*t!#jUnlsO;8jM z4A@U2P`F4jxp4kiDoPDKvY{+}ZI;4@LqOoR+E&RXzqIs4AtIvnev8#kyl0Q>)6IUS zm~G7|4)iu?r4ymCvA*TB<6K3x7#SZr**Xqi43 znm2FyZOFYanV`T(ct=*2i+Od$E7fV@LlpuyXZ6oYVB;9GmnMx=V1w{>Z0P&YdEh~6 z+l=Mtek{$n@yrR$ZSs5fTWg-_zZGiek)cXPsq}dT8#a`75aY+y=FZ4=@H+6E?a6gO z^X)Fton~wT{-M&XneEbQ(n|;I1P4_YI&0r@14>&9aaMDL?G{f<6HQ|fi`Fto_9Hd@Wyw;O|A*4wwp|!)-FV$^yo?aZR%&sFIq_9Mh z(w|#7uV62tWG1!x$V($AIJB45T#Ok=5R-OnZS^r2?cT!j+r{N+-{@fDQR2ZDSPxij zw_HIthW&kuCr>W}!SYmFbT+Y50#7fmfx{DrGEBf@xR3O3eCK_aYBlmZ8+yN&pN&xr z7@L}`UuvnSz~P4*=tKPj0!1UhH+y?~%Z6P*%QLM$x&=*IMPbZvi)O^w?I+r_GuZ_p2l zi;q5^In(w|4Nqd7CPHZ0Un|{Qkg#T(ELS)O^On;OE38|_19+UT_SNcy%rRr5f&x4f7H)4{hcMEV#a&&+#S!dR``75kmzM*BBH2H} zghfsJrZ;N0p`0a@b)HluWIFRQmF>7pbt_}2&CRM46L_F?DdC!Fw>_5qf{lfrj1t30 z7SGibC=y1fo_pdO#xmcj>6I%=Y^q*# z@ee%`N-K71|68MPwL!XAzdb%(yy#AS)8E%84beN9+S~*+*Fea@J({xjo6olZ0;IAl z9PETCpdvi_v+>H}ba}w%_xZs^Y8@XRvuKo>nwXaLHUvci!Uk-W61~P6*7Up;R97yv zr5f?-=8|Rgl>@m+7fhXUfR(Adj!-<;A6#r#cvgFj&R}i{FR5YAo3Y9#lZb)VkHjtu z^sgvqVtL>jnHak9SIVtb>}7{Sm4{N`*pYxkdTu%#Tx>acyVzN*>#kV zlr%6h&=59(g765C$+hA&NZa6GzZfYDPEOX=(1@qCGXn$*2^pC@WO00DW#@R?ndqO$ z*5G~>s$1%k{ZAD~M%q#9T3LbE>VL>mW@R2y{P+=A0fQ#&*FQeIe9g#wxci||TUj{< zAAbW*2x4M_7|+eaV`gePXXxeS1uS7THMLA?YAdV;7Dh&`c{zHdFgBgz+r1y4qwu{sc zIy&Gi)Kpb3FE81KzuAO!uXl8aUXIZJN5bE1Q8l)5e8GJW0L|w1cE^~9yK9@R7+r~8 zDG2N>F|_67<#`_aQ^`Wh z%VTdb_L2st!7UfoTbWBB4ric$PpTCVdi3qvKSC#BNep6YGu`M!r27W}qSPswRaKlA zZC2cs&Hv=zn~tXf6thSNkXDH8_fI*PEgc;Ox_MBivi{)r;9%Q4X>V_D=a1Y!KE=k0 z!20Y?PhTMo@z?`W0T1`c!=0@J=SnFkxRk5d8Zy+^7Yu?MFA~zyTAYVXb{ueb2~}lt zC#eBJq`=3ApM(JYC^7Nt<_88qjBtFk>gwx9Mn9a;xh(xXq4!X67Nc3 znf=;0+Cq%ld93H~F!lN8Fc2MUOYo*-WPG4o!@0e`4UdSpd$=1Jwwq)Bu7-O{gBXA) zEsCe)4Z=#DovB_j(<>`fczDb>D3LAKTAJpsJ&9bgKYfY?RzER08uMFL(0GqMS$tVm z8_Vo?NzUx-aEPnuD_U#LudkCfc-^tF&^k~){fGr3U(Dh0abRc$+fT8VtF&fLCWz0` z^M<;gKcj*)3?`~_zUp-WxRG6gYfYhbjrBmI6eakpWAj1OiaU95x)4ZDCOJ8}x@obo zu}W|WhZ$`!;th=rfRgbF3KEczct1aWp7{yV1jD1FjSUST>lpCcKOo>&d^{^FYb84l zP|NV}D%gan$jBTncP;r(l3t*7gQqz#ILMnak50tW)!W;SFS?NzTnHjyl*iV@lEB}O zs;yNol#sawx{D-i6_?naPb zkhgl~dJ4nH#8^YDVO&_1jUdClzILpu6m3(jwTgUtSJ*c+GJ=MN0i?a+5<{UJoUm@{ zb`iVscU)Z4U<>udNYg1RE3-Wj5Nt_Xa34+~3+65aa!ZTEkCDaLISBss#XI5U-2|F18J<?N6{9u*mmfsGAblrui8QKNT?iTT0*aG{0Grs?uF ziG9S2cL(@Y0?|Z*hUo#F4G85iA86%wG zOfF1RT*!S`##O;J6rNXQv@BrUo4v*F5>xQ71chknnPtiv7#dIhz)KfG5YS{agc8su z^S92X-r7325Y!(DPnOSvEZnsa6fvsb*bp+z0WN>^A(w_G<~99$t*mk0iCVEtrGIz3 zb#q_$`?7S7ij=SGTwQEv5l~SiBy=0MCyb#_1C1cd^QONa2T$tWIYT5zWlj2TWX#%H z2i$hNBtC*26K~E^x6+DxxCc}JwL+XoA1>M6|DNr_4qeD^ms@nV(6`g(58DQry4V^8Ct-T@(Z za#Enb%;#c2L_skuQR#oNQ2pX;@>vcuLH;sNdn6(^HCP0Ful>k^xtV)SQLy0*T$P!S~6*W zcWtXL4sA=)YjG@JdYiVXLR{S5-db8}9Aa}j zo2Z!YIC_0wm)J1yM+Sjb3S>#?MHx9ckLSA`zFJR;122`B=jZ3TI$m-PgB=YG_3^QJ zj$8wZG7brvaS%=n3JS!DAKaQ70ZvE4?k*5UQuch|;4@e}g`ki14zELw|1K@fiP0qJ zCG>6wl@n7^p5I)ERRSprkud((99);*Q0lU|9T6dj!yNDIFvJwKW82odSLfH~=arq_ zS6gaYvHdL@Pot!aizDEDuT$^o7SP)nV(jj&RiEEwX#UMIz$7S4NmX<8zlJ0JGw z9A95w(88G+tpZbzd@7|yJ%LCcqm>gH5fOl&HEmx0Qc6ma)57U{y3N1J0(QpC^z=GH zY;vrh)*OFbf^wQC>F(p@5O=oAq%}}95T1w}#K`crEVsi2!`n4qT z_l~`7at_g?o3w;6kTU$?eQK-{;ye286t@9R~@W_y9yiw0ar=fxlMVS*&#( zRv;%J5)K#aL0*6lHdR{MTIw3=NXSS!Hh(pBHt+B5fZAh#xN#U2hfhfu*olx5-tHq} z{QGesiP&O%Wj5#&qLvZXD-j<}{qAmwH~lgbS56^Mv6b0f2q;lXufI0{k-T!LoyZ6M zM_eK*E6^o4`I+zw-@RtT@edNs(-^tC@^(6@ze#EO#zmWj+9S;wW zy1x>Nilg)MpD~aur>}ahdIFJZynJ2rd>kORr)y?uZb+7kF;3_wL7^B}SnDtLq^)d- zhzJzq<&BMv+i)(gt_>G+v*~D;m!<=J03N6;t@riw1E$bRM$m8B2&bo~^TMQoJ%U!I z@R|8nc=#pAn9jld4FT0kTKaTqlg=aVza@urLkBY4{fey(;%p>&bs#@lcu(XHgLSR&v~f#n3n~% zS}Wp$9ugNt5mrg*5rU{eQJ#G0DesHo7!ZMvE#%^sl{0zpt?~KgyP;ZxSu_J$O%47X zRQ+mA7j?LS!y=F2#nyznPo~H--MAsPM?MmHNv2=g2Wo zm&)yYZ-Y<0^Mdg&Z*IV|b8~a=u%kA(EwjHFm00HalbZ`fhw=q>4)*0~ePeq!N%!~t zNN2b^uxhv|dt-_6VEsQvyAm6yZ61%DKltgetk~{1)|rbC> z*Rx}=%tVnkiu(fYJU9qq3eE@ zk(^wZ8^oXFtW(zy<{|9umqlPe%NraR0PGQ$fW+-?;+53Dc;W4bc|`)Bi!(6G;*Wq_ zF5^n@J{7A1v_!u5?|sR6G-}s>(}?%<^muxCf`{k${_T$qBO|b)L7(^Y^Mm}Gjd)mG z0gbhjwtsZ=;{0;|;6Mz-{_*kgDex)0o));KB(Tu43#*D=e0f1gxVg2J**h>0y1xD! z@TjV>sVUc^BsnXqq3!KI-G(xXa`-3+d2z|9%^e$Ozv9u+(LwwDV)GZI5G0>(Z|l-a zZS3tU#?7mE6aoAC8{y@hHNCKK-lYe%-#RzRT+$2*^w)8y2lUDTB-p{EmO+N4MFD{6 zk>uVWe7+hn8%0k~_ww$LLot_*p|-a6?c2Ah0(Or>i5z7oc6N5atREO1^w{3ZUs+Tqe;n0X~MQ`i-TcDSgNY30uP5A)zw^pXL+B8FibH{ACywK-S6ef0$u(50-MUa zx~1h97+!#=;`{(XTzgkn;%Z%iTTiOv%G#T9z31QHnbGkQzpB?ct{fGJO-Mjdn>@I( zdickIzRW>KCB|qx1BkF&*aSJA*29p&3>+0D;XN3G3k(VbML#(?8DNh!TX6}=H1`W* zM@LQ?KvN?J78ij7R`wkHK?{sJ5Ks~#_4`PZ^LY}J`gx*6B^MSpGk1b@08SBygp&0A z{eoq5D6oa{3W~(BXyUGem0rKU?YOAq-~g)e3t#_~ScZ=nn3z|NF6n{}NHV9uoQ#YN z2UICl(5oRUtJ9*o;_kmEyu+i#J2JRsA0vIa*bDihq2Y0V`DSh_;O-8zgsgtoqXjNw zZca{e*W>#B5L8zNv;Z0g{)fJp&I7yojh!@7jBiZGo72OnO?{HJIFbLxASWL6J&PXAE`i5zAKv3P%=Kxu)moDta{+ zS7Bjc^gG^HpnZdx3fKs2EX)pc+|xU)V#3Y`Fw_Nx3=9_;{_&Cy?*bIgmozl%-G0b= zV8jr(ea-D-D=W~R@hlA%y^)at-<}VY0D(HaPmPafAV;LKIgtQb*KFrZR%m=~u58Z! z;o;+C`m?5nHouUN_hH0rsZPt!q#tmj8DN|Z47yxiTnRedJ8GKeWepx3O;5*VNkxHF zGHP-2+5Lg}T2h#t3(tiDTV6K^9mlvm&XJu8M8~G4K3#rNG$0PbY6d<$2QTj}7%l(_ zl+zT(fx&ld7>ir`YT@EEF>}fPxr!d4)^T6DHmB7K4T`;^Zvi?ZYqqOQFR}2k7k9+rTE&vHS65fjRDYSZ^h*sf94;K9#kghu?Zeb3 zsLrOBsfGRdejHN?PYIR#7QxI~ol6EyJd3U^-9Pr{GAdR|b4q4vW(I~1P5zBjrYYxh zBf_=Ng4mo$lLw{yf1=DnAO2sH&Hpp@oT7?b*loz2_*yCBgHJ~gYg-$?)sx_Ab|^81 zd$DBBWFDZ3|2}xrRzr3U?ekwCv0`DPf6+{E(fL=1l|FSUL+PCF?29)O z$-Q-iFXD}bKY*IP>IU)}o14b`6V4zoW^Mh^P_zR;@*i??VPJGiLLva@0^G^PV96!s zrpe37awZSIPE3spxSg25lP#Dk0AB_p9M!S`zqGZq#&`!#&TK#_QBhHubJfJ&*C)eGp!5Q&owhzvwR28RJmvbDs#!UXU`c1s%~84pBD>fg5Z92u#1pVqG~lFS?u zXW0Y-<{LjJv1ODk)X*N#w=AC{9^`8^IJbzouaT8t9Q-{r)n}qZ zQa!FNlvQK>O+hByI^v+-DEYeLX2823Se3Ea`)J{~l`n7H97G2|odWw&+5iI& z4(_p#k%^*saqoB^d{YdJ4!{xs8PBV!S>3e>sE9K&Gyb={D1rUPqO4$Mbu9Z+?y?m? zZ{fkxA7$MY_3FSAZjzcB$%mwNp_|91mAt5B`8qrG%VGM*5N?iKr@MT5la1O<7@cnW z=C) z%*BxOgP<6YDm~i2-LgdcgVx#h0a`w;9NQ1#JpMg)A%j~;NC?L@&q}zw?}J@kUF#Yf z#iU2l1Ub04-o!{VG7f;&?d9b;W#MEljWUIDjOBhE}CGbY%rK_M2A_xli(l<1VizHD{Yb?Bz-CspgY8ocOH6QPLw^cnioIK7wEqe>ck6KyFe+p65dKv=EIqB_vu-`LEgTxRaRzh8#f z4n!{LJi{U*vGSy4?B4wVh96K*$_@c_cW?G~w-{Ji!G61{;_0d5;Xy`2js;R0(<70Q zyLovaCbp?>6%&KosD_}iVQ3VCPfV<&ruGU4C4=hJNr&ToP#fU7gZvn}0kw9LlaOV*{PPak7}}_7RQPBy4BXSC7xsWH)P#21|8^ zFO){OoyEN`k|$SHwVyiWi>{ih(PJgRM88^MYM_1f`vCKReo%d8ciZySZ#R<3;0b-P zat~whNZWip+}z#W+;8t)cXqZ!h0pCB01yTmI6nS*Oi_Lb%Nqk#gc3q`cO`9(6P}KWMtkEUltb^1HIu?bbFgOD=X{x*t+b&2llx#<#P=y;VsSCHILS* zhk&492G6PMDt16nkd%~!CkWc&NC@=9t#V+9o^})o2slJsPe}k&({V zOs%H^K>G_2g?+^14CWUlGOhefV_>ad!}c;rh=>}D@{5;LmM~I4;Ea{6e^?Yp``^1^ zHsSbn|KXaSD@1E1Soj{SYJ^)z(imEJg`O0-Rog<bd7H}kNoVwSD_?a#wWnd z9}+5_*f9B>#1}z(KrayRCPU1kY>s?yF|*bxAH#*IthKF$2}2!NQjTYi&qrjDT@>bD zCSGAO0)7y~o42bq&WHE!DhYuHovn3H*!{cC+ifPe;+sq_WvksUv#9;bgC3(Tn$!?n z)XfB!)HAzH9?gW6uX>#IB+G9X9Ui6n1%sYa;qt0?CMcEcZ=9OvYZ@QRlpw`+UyP{m z#*$amiHj_YC-G>>dgBD)#Vm;(`l}Y2KkxUs^A|C}e=c6nn}MP`kf4{BDe;I$R7+9|wX}aGx}seq?sE~J-C<64FI0cpS~tjqHF4K) zDvb{vQ7^_ky;3wiYb9+`;>|ZK^ouk(vg{U(cMs8ybriDu*`y$q&pRWgyJtI=zZOLW(8Y)`EqiVta_b2`pQce>h~B8(5rZ93EA<*N zW2yRNT49xg$%IW1!dCDGm4oqDqLb11Pg$d?0LT8024mK3R14nls8=eVbx3FQ7;&7> z9j`7HPOb0i=A!uqssva$B(D2#eICh~@W158Hfg@x-Tb=dmlO3`j}=$Kaj=TV>EHig zvDWQIFwd#U&=sf==0A+CmEW`8SN%!2^iJ%4|4K4{!93RDE$b#a8oin=Yvj*hLT>r8 zCQH)6aXegk=l$sQJ5Si5OQwL1dqhl{11&kn^hcFq1cLb)SJ?}6L|>M)8Z(KTN`&Pf ze=+i1*^{y1zwnd_sWOujkSN`B!>xr*V92aWleDf?tKg=DUm9$E;`7{{iZ2(KAyd`;O2CcvVAA8 zy&tep-A73>Aoh{bYhs>%Hmz{hd38zQQ-REO{NSLdis7lcMX=eI`CqdARKz z{T3LP_8LI{&Q8~xLaSITqF$i3l2u>oU2s^n`zFwf*9LF*EzK)1YKoSIggo1l_1Y-uQpz#j;XJmUO78GR1`A5 zEXTN@t=rg8$+p6@P{9bn^YD+a$!}<6wBC|Nt~k#5vF%ZLXuyOO8;<-W&o1|YW7BnS z<;&VF*;*7fFKV98kZH+$ z%$wEti@ZCK?Ssvc4U}sg)vZHClH|&!PECi~of6(#`rgE_4N}u&sP#-vW!lkwMiCr( zH>;V)aE~ijzFgV*?jIXgTK;sI{-sLrk5O6e5#zYmAvG-><=#tc0rx27 zc5UtkHzu8zRuRqiIkZqETOX@7#}R8knup@?XZKCE9+?G1qwn?b2l_w4_QN`>3@9Hc zLdf2Q@>J;Ft8{KQU??YcRNqsc)oVWy#+*owidn%8K7Y)4mEqbf29F-p*z>`&P%Zl0 zJqgVjCh*EWfeuCEr^XS|!y9C`k2Q}j#D0+6H*7nLo%!smN*k5hbc@>W9pbA}k%BLq z^4`*l%6QU|jE_-MI*M&}<}sP=FGD(gX8$Z7b4n54!Unmr7;bJ*tb3VDzKnF|uH34h zICxe$y~u^9QVtHX95`81#!XJrlTW#?4Upc2{wjveN9G9aXtb{Bu~{u#<*DoYeT`LY zpL1R$^8TCF#$PlZXqlS{OT1U(WY+5@o#)9MrQzp^eKAHws2zn!2{zRap-{nW5MOcQ zjT-?|*P%~da&fu$)z)XeaY*9@{D_-OO0XY(qgBC%HnEGWrHV`<$32S>{O#+YIs5SM z9DNZHdCDwtq9K)f>e=!eOpiTP%=YU@%chxSeLh01Wod;1BC zw$+PqKpXFJW%#+7EXgPonR8d<`R1S)U?B*4)8E`&S7?;W6qzu;H(^VE+oOKo8>Gc>e{-j;qa%X) z^yT5)p9RQ=%)u?L0#C*D&+w)Hoh5fKmB~5yZ-y}k(-0#BfHTMB?c&Rb0gngUOJkX zy!l#CSFjCs)P#%GeR7MSOo4@aqp8`~*Gr1gOn^>;>Qgyuli>24Aq%SFN2(45=tU}E z3)iy?4JZ6zN)}jM=F2seP5}{PXJ-ep_zGhWNDt2Uaj>us_l^*xe@ssPy1xefB4rw^ zWcB1KZhNCwpyhq&l-DK1#Dv=5NXtP1-I0`>3s%TG&^P9tVy*rFg{HA#A{EGZfnqsK5>gC-8c~%}YyJr>9^`>c9*{8}iW@bZl(= zW9}%HWOQ_Fe0)f67FJgNfU;B`8Tc8n=l&6Bk>^pShWHOT4NG2UXH`kt>f|IEHaLj_ z!4oWF;9N^fYrzRN$;C+WC_l+$-#Q~R_mB}wx21{C%jn-oc>JUHwZ0xR6fXr=+Nuwz zWkHcNh6kFInR(J6^7SW#a%0{4$6nxF#tYNV~Pp|p( z{3K@L1d7XE+W76*G|<6772mUWjO~fx90Gc*iI%(TUNsvR)0|*~Vu9ImUi5m0pnN?%uvZ*ZKC@UOMQ^ z$;OA(OvT$WX@WTjGzYhucX#*oT3uPGc>jRGLVW+o%*Z%k1PUJ)e~Zk(yl27<<`11B z9X-9Q++5wQD>b@gok|nurba*NrdI>+ zES;kVLms@4qx^n_Cf}D$uWKkPHicDwW*W!w|H` z8gv*(^2Wb@?T?JSZr~iAc%HCCN$M*J0?NcW~zYzgRZ9eW7PKl0`937o8Q-Psd%4Q=+ zGJh0o%BJ#8_rPC23=i@s6+{pFe7j)CY2fy1byYCVi>z7EUYY z?)4rSWL#^{#~r~Qy3c|`P&=QKEmk%f?b(HtNnW?%p}8uGQ$5^Ux8!Dumw3G6Vvp9n zem8U3QyxCpY}aV_E*eAVI&4`o$Ix>(q9x0Kla53tp8pzmf_!pv$5O8z@q-T?S>9D= zzA~x@wyj7_73An}c}}+>~?Hh)p`kN9&d>zg^d*=)qa9y&H{)f+26R(r=~Jsjdu z_~g&5ZwwMc?T(6t^Bc}OTV0qTto(&7l){snJY;+iZAcdpr=6|TpW>t$MDP;M0~3z_ zaHUOWv+>wTao;U_iHk%;V+%!wVv+tg%6!UYI@MZ)-qSm&Nya2hmQAz%U?dnP%VFI32CjpAGYH1=wUwS z3u41`Xt~_F{(So7J?t-vtBL_Obq)Ijv0`uA$5VohoCWtmRV^LH#SIJo!OF81^Vd1q zGLw4Z4^4OWX!n*jHdaUBQHmAc?6g*w80ac7q;~cF$b0YP-NOo)&fy=u?XA`QRZWzg z#J?-6=@iZ_8%ekm`0CS4@&9=2ZQy-ArK zVK8LCs`${*(@WBSyI{vJQaNq2X0B9YpC>^ena-Fb%t$j-Y>edAAdxw2qPtri5;F8- zp0{3qo(Sd?X~nD|R&g9QL~Mk!IHF8DeGs}nq?|V~Mqs#rIc7T2LOJaW{q-ZXr1Nf} z@ORk4P#uELD5e&%vfk{7rrmgi8vGMqN>NjZ#_O8;o;cXjb!JmmjMnSXmKl4HXAFp; zl=6iw@EmO4!n_ss!jkx$_Bv)=&Zw956*AOA8s<>Pk|pv6iB9)z0dL~>#oidwpw*!< zm)iH0y0ONaBxmIP0tMzA;enO#izPgIm2O~nPPrH!Vc!$^0OUoZALc~`Ld&y(|S>Cs@b}R{3T>~WNn=A znyj>*G{{)CiIl}qWu;x|U(G1o*$NIw~H_pAAfXUWz>frojTmc zy4etu-@`cx)98F^a;Q}WI4*Jb2eGVt84W^y`@)-5XOj5E0fDudR$*Snu!Lk|bamBm z7H`gM33tSBO9#GNnB~BHtDtW%O=L%makF$PU}9HOV_lBMIjQ?dgohCr7GAtWcS;Hj z-CN{|_4(-21eomD&Eyu|XZ5#@PAi1{cvEcdDC`iLx9sy=`DW|Pq*~3Lfn3Y@AODUM zTXw-bW*JeEhAp?_oM0Fd5uit1rP;??T6W`2?jjEfk!lrL-V@ZfoZ2F2E(a{Ad7Jv0 zIO~ZxyUEMT`?1&ilbdLWov_#6*g7-XN4CHeid)u(ii^c4x)@1w-Ep}aj@|rLu9c3b zS&Gk=?pEnvTC%PcvbT7{s>Vo?`&0@D$!TWb<83zArPHRyy3eM5m<#^uNP3%n%iS#c*v0J{ zhFrh~WSp6a&tvQQkOB^go{GuINgNLYCp%FW4~JwJQ#uAmSKd$6%2UnHrLD)r7IH*G zQw5I_Wp#FHZb^hDQ8kT=m74!_**~^M*46$^!E%|dvI4u3J{}VbBPCI@UwfCb#Nz6A zZ{4>Q`HqM-vTqgE{q?~&=;-*wI3(CO5!ep)C#Q*Y9P@7Dcisyi``z4{2{ik$8JePDnF(f}l)`v;jH2Eqg6*;HekzP- z9VZIo=fXtdb*Qwbo?2Qt(tR&gha*A)q_}V<8YWGv+vo<9=)B6}{10SwRFsVMEgh2I zlyH;tXM@v2ussL0H1WDI452YKG}OaVhKlzyS9xJ<*|0uO_Xtcld)0Ukn9m!dCp1Ss z1_>)4Gt9fmPqR9u!Bwbd6=Hsw?IkbZi4yU|P77=u#ObsW5TwOs{O)?+TmKF}Hzqo^ zhhw{0ReLo+lAVQjJPnWC7v0>&HVmSwX`nvIKQ&b|O^b>{jRO@~WVx>}SxrGv!hBPN z&55EV%ahahJEMkWrIoDEM3fvL3NTp$(=gYp?LSS2%7m?24wiA6GK&rLb2Ykmf89PZ za!!NeX6gMdG=LBn9ucK@eSMWm14zm|o2K|i5uxG|XvWht*%30Kxtn^ay-VW3wRLyFY2w7EYO$RvNaman#o2(Whr z2W|zT#wzp}2s7r9IsRB_gLQ>96_(caG*g@Grm?{Dz{120Lzu=J>k!?Mro|U8N?w01 z6feR~n0DGzZ_v6KW2?8HbkwZL$55R?lBLU7;jJ}(45MZl#$-oApLR-XnvT%^At5gB z2k}+WydX`b4v&zPlAgq>7|o|V-90r0+f#~q(Q)6>zd`!qf5%$BbOnyRYrB5u6?COQ z;^qDqQ!<5zjJ-WYK;HO)u3@m|M_R)02mZ8?4Bpd^{EH*Uf7G{Dl5OqTU2d$?wI9Uy z*8M(z`r9MW(NT47V7jw3qx>LFNp6~Wp3_;w7H`GBne{}bl?2+rgy#k>dIk~}sIkZ_ zy7f1*e*^OicXrk&HyAu9DH(0u?R!QS4a;U@)CJ@@UWIaz z@d`5}6jX;6rz|v1Y}S-|<#Y?txO#gRS5$0Y&)d>Heo(e;6c&*grQgTFQONCpM=P#q z9~tipYimx5&r()X>FnMM4HmycjV`v_+qrz>6XUWy#{nnHB}f}Hs*i|>dU8Y*iCp(At4++T8%UFP=&zkPIFpRcbiB8G+kRY#Sq-|E}YLD2=l+f$-wWnIZ% zQ$IW<6t;S2Y+UtJWOUqpxXBNe-j{E?aVr`Q=4S4}hKVc4Pa3p1claAA)s_t=q98<_ z9v!uuAIG};KD}Y9cMjg>Tq0k)_~u!d-@r%8gB9xI9qMvbhh%9l$Rvo*w#?0ePJ++Z z)g2QZ*~1O-{sET3TBi`<$#Kui|?zivU&EVjVS$j~V;#awOm)~{-b zQIxA1 zk`POCUJX1{fQVtIx2Y?{M88TzHEnAE`*pAqnW{m@{>IG4^3ojgPZKZmd1jWc{*G40 zP6!#PX<4l7UB|d@BUQzJUTQ(~W_E9*{f*#P!d8r(alCvzn15EC=fuaeWLY>q;?c?Z zdi<19FdkmMNlgh+`5CYo`EBJqM^J6I^7^v~8CZK(+Ptek=iMlejOD6DoN}7=DqDYj zah;!M%{+_ci|UMH5PJAxZNB%PKl?4RsyF=2jY#dB%()+b6PeD=Dz#}(@TaVeA;Y=j zPgrdZJYw${yA=%i0jgBlyr#^+RH&A^Z&+5C8cY=G5%!!TvcX3kR}zzswHP z4OCEHx$UtstamZH?kRyq?@XnG6;93_)t#_`3AmK72sjxlEaoqq)D=nGETC0Yi|C|r>nM)ZfLPXst=8bB>y=N3w7B#!A)bCK?-KH0qdOzQH3T zAPOX>&OuSg;3+lvEc{@)t%_~4ez|musVLY{TV`W-Au~B<><~t+rzkhPImQSb5=vOP zkls?%pER~Ih)Q(nl-$-1J{~klHrt6aFk}b|rD9a6xa zN3yQ26_pU7Q(44B#{N^SUW_U!J7b#G7;>zFc+tF89SaJp)9_MhDH{h{$`@3RlID8L z0BaU5Cr@V_dcwV0^_trR1PLk&C*Ja^%9|^sEM2W=d8q_@o1#qb(v>$J_|$}z!_n(_ zsR4F|hC0e2bObvZQl7Wpv|<_Qk|5nRCKO9*5yR;$1|kt0EHp#|$GR(o1iF$#CHZDj z5<`?Zf-WR)B3=#~%In-L$UdH*ys*Q>k|kEBmWZ%1g~qoADZYOEP{W#+SAP=~!ICG! zx{uhAN5O<9&M&em{>CMQ>u+f}fNm7<-hq=ozIkS_grPdCQwP0wu*5~oI+SzeIx?rch^q=$Ut z)X6)HqIV3kC8cJ+8EvM`va@V<^k=s{IqvX%TH$Lmy1nCRUJ;^?jaJawt~SojBa1zF zHSxOtlT9d;c)zwx*@C+IqJ;QRjN&9~CF_tGIwaRh9|t=T+C!C0b92L%Fmnn<)t~UD z3x_Zl7CTTgrsD&bKxR(1q5e-T9fO$iEOEi&H=Ud5^#@ThqwlR5iJzPOf{z~dzJ4ET z{R7L5c0r4Z#@=n1XcI%VCaY@eW8%#F&4EBp>*_sfj0n$R+dDOvT?8r(t<+50dnx3su;1`!Y=`jMgJNY;uEa(n{oe~7B&o9k>= z!5bsSXYG!a6pMbOuh#b%5FOIUNK5bI4TOVIyuDpU(*6KbhL5M5zS7-}C}9{utF2W~ ze>2KM!AcAPd~{0G=vdRUEgJ;`Cy#%$tjzR`9JPd%@xR)BsShYL0F{kcVF4)9r8#1O z=h9@=fEb}jDTptdf<foU9*XzJ11;HTZW^S|#;wOb^R z65Wo+9-ex?>?TEjiPTXGYw6pqxpy(_h5P5Ib)&r_zt-I>R3kw${$^-- zr)-9?jlH>qY5z?k8yo9gn9x&gQ6b#AaIIpe*NR#Fgkx&$kfX=hI@Be~DxXj7v!e|O z!NDd4w4}qAzQ6&uU$>dM`=&azeOpo8(pee0IcfSh4lK;vH4VRvqR70dA6rhS zv9jc*n4VeOYy5K(gk$A{W++kNv**iX}2 zu8(0WdTS$w6CH8_sgqI?p#Fgp{2Zs)y?F>7$4ro(*6I2{uz*ig5hG8Y!bZffg!@}` z3L(m_ytIO#g!)ie4q~Et@d}wFHgG3V)ymN|QW+gGUG-PED}WT)+1MI}keo}<*w^My z7A3mV$$cKV|A>$p8@OvVSIZbmjS0Ggj-d&|?%;Bg09R@*EMwPgl6 z=oWi>ebl8@w!IW`6HbyPIA3Mt#avI=0G&bnNhZa*7V%?Afgt#>x@=YnQFhXqWAfBRGT`j@MOFXW^T{SKl3m*Y`bJ zz(cueW`gm$&;-L6%lA3R`!UR79|umN*wOPHNiG3iHhL9%E;f7pBKPjm85%W0Yq$&4 zS7N%NdaYXic0VYIL24UnoauW}fty> zd9{tKbH|~@-J5Sc=W&@0dTx4Mu~XH%C$7a*K*7)}X9I$O5*K(yJ; z*)ytHB|p{;htpS$5)*mAu2+icjf75%Z9B;)4ObKld^;R7C9GNMS!yj3mv}k*8op1A8zB+K>$s=h0s6%H z(L*fmAW^)h`eA(3*uIYE&+~3E4mrH^%8*_O(?Q33k((&!x%aKb$|?Lpj%GmUkG=p-E*~n87{XTZ2%g8ujh^PsuB~YehVr8t(lcGp| zgbnV7I+0l4bgWg2O}Wxiopo{SEGsRuw9l=jqwh;3YJSuzXl4!<`=o4bYD=)jRbU{ocqA%wrE6EHYNa5C7{kx@n70SRy_sJ^+O?_~%=REYF<9l7CdQa+)8dXO% zyR%dL^ekO{)mVjzdsNgNsoJ5G4aMJ^>d>#vT)+K=&A7THQtK}Y@G88^wI3s7q!4m) zwN^3e{rGFn1WMzwRU|bjqk%z-d)3kTf~ndb=ovNp>-O&ji4rVYo)%&SJG{!jRnfBX zcD8n!t6D-%2sR@YjJ>}d>p-7mT0w_?EMC|d3(sC-=ZPF&o?Ac(p|7mKl})a}%}1}@ zQ%5PcW#d=Nwnkz?J=OUn?Imi`RJx^3boBT2V{zW?xRTjl;cf;3Ve8^?Z?ZuXk zM11(_MpQ=VEPdid>gMVwR!YrGp9}GGvjn*W;wU+IxIUk=JkXoKNSM4^QnNB+Am|x6 zBEjo*9${t*W3;e?v#8E5BBu7>-`o8TDGSnmC6f&Um$Z?uOvEr#=lt*m<$LtJ$vYeI zf2N>4tYN~UE7nBd$1;2qslNyZI_7DkoA|MfsT?`)oT0Hf?{`gq^;i#1LsMC~2M+02R!9(WUxgd% zI%4ni7i8$`4SwlUPdYj#PS@5_CLC|}%aWOHSb+2i4qyzBw$R%?_a&-kQSxguXj&nk z!zkK)(hew!V(F*}+NdRUV#ezmEXL7*x7^ld(#zcq{(9?0Vrcr^xS*enQ-WteJHSn5 zbPQ9uKg_wR}%Npc@{69yvD z8CRB7_bT&DH;6@ZYiXv@aZpg-{OD&Ja3zOB41^yceTR-^#LVixV2~4&hq!>E8`^RF zI|9zZs1rT#OL!qJ9#Ya!ZR{D6P=XoRJ$DWS!)>{GySte*uSU;KTMGw%03(ads1t>2 z|1(>%v8^@@cKG5TwdLmQ$EB$^p@GI1$go1wq~}3rZ#*IwHs?%NjdbFNmzW<%5v5>I z)eBXL`juhMQP*}ae>69sd_XkX?z7eI zK4Ttpbg*4YW$#>&sP#L>RtwwO+3@>>e!ur{Lh0xm6+zd0ljzd?+OCl%5d9~!oAia# z$Dg&xr_XFogqUd|mWB=|GV5;?Dc)96QWPa=%=g56lx`&d-nTZ5GuuXPoy){ucXgz# zh2Otio6k9CB3qzs@p|H_0de!lL_9hE= ze%vJE@=f&my{p8tjP)))MizY|>~$ivN3pc>d%r-P)8Dn;#EQ#;AC@?qgWtp&*rPgF zvMpo(xa}P1cj7A@#i~aOwZoKdWZ~1fH)cKQ-(b65mJGfA9YKLeK5-wF3qR(0s=3^H z8l6v}3rz?IRYP= zG}dVQLf0vme`g<`E1c5~S3qS`R+o+mvGCAxy2v+1SVs8r?|0@8gQ{(F`K8)Y$%KY+ z-+9j_24M}>apuYvW36on3Pk#;|F1B#fIZ|G^UF-@pU~w=YIj^ysMQq(XX;b4bEX<< z=S<)GcW;+=+HO3CJS@+Lmt7Es*HhgM*IPma)bDpst2(Lc_()w8EBUZjBToBSzhv`} zM2b~OOOFncPfXCOSf%?j_8XY=okv12glcnfHN}z}pLm~TjE;@TSxOE82oxJo9{~*=eCZHS1g-K zSyBuXQ)*j#do&%0adGKzg6b0~)?)%r%{rY*2)Lqu|6&j#YX zgimX7>E5vW-Hq%m#&r%F>YKYrNJwrb0lO~&CNav*+18e_hK>yfK7f7b>pK8-l@kc9 zS;55H^gm2aeSY@kUbR@QkA#B2nl1+nQNS+R)7ST0^cfB~ zbe8V}wHSE4uKSnkEt&M&9f7G8Fx!u|KAkSHDx$>!%iZAuh;GSqD$N+S;s>t+ew0l% zpO1yB8Sv!pg0#A*aCjjQdJ};V@iw{iM|c!2lUQh&Ee8QW7yunV)9DQ%W0A_y!NDU4 z9==d**7TCN!th4>PV2iVR4{Q(FGAcyInrvstn)Kp^N=habB)&C6e0--Li z#IJy^GA`;fX~)C9G`uKq3(?a7CdBCEsAxLKmAv>=h)skAoh{JQ%E0|yHW15=9~SW;rCpnysSQj0juNcs5ag@hbjU2g&Vv+7bK z9#BVx2Imb@wg3wgXl=uhZ+~^U?}m%y^SJy`Q}p0=Rv;2GP*;zDzlEB&w6tW+X#rK@ zk4>SWp)Y7C1D-gFxs%NvVE;bY?CgI00Ki!pTG75Q&;1;XY>*!SFJU7iqhhkHswfEH zOV|V$&H%8nkb*<>WLyS#mC(3m78d&tP;daHx|viVO97YVfzz_-qi4uhov9aD) z1D}y@kN^0jjJhh89h?hknqEYoP2s)J0? z4B+YkAnI?G=E48*?EUV=2?&mXGyd}aIw(dWR;N-yD*V^&WocPe<1)mpq2Uy%sH#c< zP{a>Q0nkS3{_eiDbwf%{4k(uK;;ZA(2BGC;q!lFA0YmaTGBp&FthbI1&=i`ALe2h^ zk3>W=H7x*WlsFKOq@t{%*Iv`@tAn~&+WKu|e4JB2fcW9Z7865v7cB$B7~q{P;td|D zmekd;ZL(~oRBF%@0G%!{N4KAGC%=H+1Ws=b$S#C{67kZFii!$IIo|iguK5%e6ukKx z^MCn&Ulfbb^-yi?C zYC@n1jE3#dC|t1qAFg1!7gsQESY;O+@DWE1K)CS7sWAUD$2-E1Gqm?D{Diud05+Td zhn%JV5+({p(wT4&{5-pe@4}9eFl9?8diihT=pHM`09*uwJwf!y66O{cwJSBa9yX_d zM)%*4f!9DoTnlg=lJ*J{ONXT|58z7KJXf89m36DB>%q<6@ZB~588I--K`j2>Ax``S zR#=?!0fS>ku4I|vm5c$Cz@=AWyUr~NLr?Y6V!`)aB}hh7P7yJA!b#tkA%GCjHUyxo z8%s-$6sL!G-h#OfEO<*_KXzOGV{Z@M1PcqQOj?|%WEo0AI4h;b+Sfu*cV;3+9$Zn`eDEeu+?+6HP@9(c~FF(3W#nsKsfJ`$rT1Lhrkjus; zCLv*AX4b6N0p_%rr`A>-S76%hJ%-lO-WnL}{|}@tU9PyUZYHlg06?3OE6UsWxVdr7 zd3jevMMYR%RXtyP2Y|O0FtVi;&X13Mw;rItGBm`$ypp#<9W z==>-#5r7^9mSRHgs>S(*-ks%#!Z5&B1o!}u5!me{yaOniBCz~x>(|%Uj-LT}4&amb zMsY!+M?oQ(s7O!(J{BHWs#!_06*AM}Um3IOjseo9S4)e!dh!8CBHD3OvT#Z$SE5;4 zUsDP=d$ER*kA5nbl992MjT*NYcr7F(R9#x5MEVvQ2Bz+!!J^m_sEf5knQgWPHeqtg<0ueEBOl+(LvoJDXOBfF=qrKle;o#jZBjEs%V$Vm^47n2YJ zX7)2*NY(t&$mqzX=tn@}r~^niWKD7b0XqweRxnHfi*EaNKa*NEGKzg>77h*$2?^20 z2CpfU@&m1OH}1z{g$^$^0Y+?84L7&DAD1jo7>%!j?SSJt29V}_&6X{(BVuC88dgmL z1OAzjeOUtmyNm_|4Is$*18umxJc_PL_2T1i&qXy&W(Eemu1~-o>*no^X#bkY4gvvA zXAd{`2{}dJzjw5-G~PBfF;TkieQ>!H&%*~GX2}O&F*bbnu0@XtBf@AFWCg;E8?9>6 zVS~(Hr`lTShzLNy>k$qFM9v?zX&?`ITnUCG?qFvxgsEAN>4|~|2cWY6JM$366h!wj zG13NN0d{;(gNQhfG}w6o0<;)>kjHhu(~F5E+)o3Y2NCQ>AViXnNl92@UsbI2^cXk_ zzkU1SCZnaHskueJdvG8rF5b}4fDqCP@J9DDPfvPMj*dnFLXTufyyzr2hyp(*#)1fX z&f#F8zZO%#K|^0RC5gEjv$eabDMOQ;yeytufyy`!B}gi>4_ z0>bCQ${vYhTO)zn$T5B`yaSFE!7P__`pYhfkdkrW-g|hk;RAI1F%lO*7Ne=e8xa zwbKc14&AtA6&3%1M4-i@sfarcF4{CS{dw7K_xJU}mAwQi_4lFv&l_*BL)R!zes;%v znLOWre(nf)5p@T>0dFM#%R1i&1L1p|JSE!yo9(C~o~MR7P6kx!f_m-mI$v^{gkSxC zY%@A|)0AUxN%u2~WM`b*($zhoky^YW}(&Y`Rd70X@aAdX)hjMc3>7iy|F z*3LFw9KKBFvf_^41|PiROy5sy0c*Xp1h+13gI~Ef7iO4ic0_FsFz0fQ4Dhx^TFG(2 zhd%Q{u_b%clO2)ET;R~^TEHclxq$6vmS!ddB9`A|a~1;?g#wcXKk@XttMKczMa`0_ zyBTl!>plCKjsiaYmd1Ry!<6S^-4KuXlZuLWwd^c~=23UwI3x(|->NzldsoI)i=wVF zk6bj9Tz2n&1-@XD?{O5zb=)91{z}QEt5a$u{>}Y#LJhfE`afx%I^#~B?^z16M_Z9N zZ4b&pKhry>*R|0b1=d3i(yT}SL6z3taG^j8ctjm*5A~8kl!rfW=0D8u*S2Y~SKpMT zDR=46v;z!5i{YY{4o*YrF$FilqBxz)O3ihH$@CV6@^cU@l|Z|0V}Th_)aFFY1B&VD zmx%`D;}r@4EmESlhj;sxOP?NqS%1zL#&-QZ6yB=P?};#vVN$LHfjZ#l=avzV$9Z&v z<)H`uwGz61gYg-+O3GG6)IdE|UH%OGvOXR(Y=jq=sZBF?bzC*R^B@=8L$ogyDjfk1 z$J>f-szrNW&yf4BAst1WR|0k$45A=`W#d=izx@!bH`noY!%g5&d~>5sx0KI znt;*Nkmjwu74fkaXL+ax%${eV-0mV(wl=p2eD#9t@jj=hh=9c_g-|tH;mk$C#S#kG zixiY_IJ#C2DVdTvdA(x4HJ#<}$07W$$%aP65(KV;5az2BHBOXwaGJM*D^QzQJOZ*LYiH~e`#GKK7}H2eknEhV7Y#{(2uumNPS}z&O9&E z+q&1XlPPGYA~}9$N3n&;11w9NE;dPKJBx%1#&zrxNeIu*6rcIb(+g$pF*0lnX9^0j zVN6pe7o|vLt?10dY4g}t445%1Z7Y^dM}RdIkUL^AUr{<*Ye_;2*&g7Zplw#4`u3tv zGy3y;4OCh`L*{j+DR$m>XjA=ldtxI~>ZxHGQfg{!s+yCfT15V2N2t#~m@Et}sJ$If z@Z(%lnggd<32**FMU#0!YBREhv+BYM`(;A=;ny+ErUj|FC?9FcE;cS3wVb=;awPHR z4HF`r>e8b)Jvh-!wn&?90T~}74cJ8wdm_e|n&e9yNZjL&sGGXTh-ts{brMmE--UV1 zkK>xFV(h3cKRG45-Y3a{9-%;^B|BwP9aipAp$PVv8J{I)3YF5DP>ZOSNWLK)%%!}f z>W_|WSEIrD#xN{8!ai?nlZX;4i!J#acB|gZ26-eW>kIUKf82}fRWB0#Ubu-gek2o$ zCP#&s7M*ceKFT?9qn)#RQM4Ag-_@Ns06YTs8b%2f_*3KH(%CUgrAo${7S)K1Uh{26kEBLlQ(Jqo}ySq_9=?kt9!a)ERT6U75_;POnRk`AC00 zvr>1%j!+5JQ{lZnn=6tRpEA{_4mmxx%7RJYd-W`B`Kh>g0X=cb_m2M+-nMSnZ)m>G zNBXXsMwUYe(LbvZg-f9eh=#8fx}#u30&Ol*1E#Of{X=RWGnJj55yKZ^jb3rI&0gCh zTS)HbT!fzGu{+eBoqo3%U|cDr8pVNim^77`s7vgtn`Ow1$~{e80E;1s%?3U8vZPUA z-)0CFA{s8j$v#o8?izVW;`0~ZQYCKT(Gp+W7B=@{+<87S9<&M z|6Q3sBmB=R^Z)zg!!-l(_!FrYwnl$8;O90eCx9}`hnLm59djzG~2L;i}s{jB1 literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/5autosetupofvpn.png b/windows/security/threat-protection/microsoft-defender-atp/images/5autosetupofvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..da7f1373297e4a02037f0a785a48e58914dc2f36 GIT binary patch literal 39309 zcmd3OWmJ_>v@O!zDGdq&64H&dNViBFI;6Y1>j2V?bf?k{(jXzyjdXYOw)fumMtY1bUT-ZqZe=!^6_S{yd8RGQnkLDZzvHkr{hwds;2+DbCXyws z%)_-hN!A4qkG>{+H0! z6njOqcjnYmvr4Q5i;};Xij|&~)%9{O@%pOmK3n8@SJCI9CnkpMXzu`j>;6l5d3g#k z>G05i7rE(k9EY&5jj{O~dL|AY9(uVuG7nEro8{IuecOiitDinz78ZjOU2A=p`;VRy z9aJKex)x$$0c;A`y{-hO&SZgil#i?TCyCuRM@Q@Hupzg$?WcE&J`Z_#{V^h9nqx$1 zX)oV#y5CpufUjVgn1I2Ol8%SJioQ=9l>PmEK{D{7*six9`N7Ml&gq|8#2vDdl0WNy z2|j|`*81?Fnr)ZG$SCjd@X*M!*WAXX{>P6W4GpelX3{CI^xfPV3kpoWd_i4nUtWen zq0`gq^)kH=4_@HMnwmrhrQpNoXy@eD_oPLholxHFrzf8v9v*I``Q==0Ztmum76AbP z5l?f!3|`Lqbx!Q1<>kILT-^2Ni+&M(9Tf;9W?{gCJ&d)|-oxYN+Th^eau$Wo+ddL< za#y<@PZqMMsHnxJDPdl=>bf5JF?0+J0s_MJi**q_x1*-+0N4yRCe-Kph98G*spuJl zot-crZw^>dBO@bcP2StJ!MxreI}#8TdH2r$yq}<=$`&~uoKBtFQvRd$gI7_@A)4|~bamwo$H>KYog^0ADTmSr<~ z-ha2jA+_~APoFAMNK8tqmCt_7!?WG-biSR;q9-BkaQ9nAM?u1kcL5&<$4CEJy5sJr z@8i0NFBA_M?a|nUBDA`u#%I5R$3A4I^69kuTvAd}Npbch`|*N)r^n8};{m+=1Zl-6 zo}!t5e&u=D7yjmcduz*(lzn7$bo$Sqhda#^h66e++dGEQjA=QbPLPNIj>Aad@^|Ly}Z118l$Pg z`oC65_KS;)=g?Am-*m0hn0-*D3LtB1%m~&FiVj zEZg&n#MzlkS2we}TWqs`&F*E|%a>NJi!yNDkJ%45(v6yvDqs8hq$nx*qIMupXJ$#1 z@B1h4$ONmOZ)%K+6ta55+wPA9c-PZyTf3UoonnvM&#!!+9*P=lmYrN(IoR0+9X8qe z$gErgs3;WM3CR`Z<%6+1F1OOH3^(t7l!@F{;dhIQii$iDIVDhHapq7xqXWDcJ;Q7mbbaNyVLJqXt1?j zVP@oKMEzVy#oC{H9h;ndzb*3kA{f%x_CS_($G$S{rHLg_g_+> zAiL$s8H-=n)lg>)y|39B#7@b~ltem-+0M?+NYPLCD=I=dN>3`Ji!3ZCFz`C*M*9`n zNBKreTAMW4_hP4?_l*iWJNpw%>hq!P_+z!;_>LyT8zJ!P>@2awMD*jy{YnqApEZK4 ztZd^KgP{L9sd#vJISlv9?no+=OG}r@AkSaU=Qx*57=7=obOmiP|Fu%EQh51TskwM=+DL6KiZoJUw)y5d{UM zj)Q|2o0I4^+x_nNe%U)T8vW=6Kc=oH$T*f37C3Z=M`^^4ZO9LA?+_E%_y#ji2Jz^9 z?$aT8oMH3Yw(T#7usERB-QGtknwpWS1n3fk!7{Mq&vPJW9UW*H=)Bj`BAK!;{QXBG zX(z*GskN(q8P4Nv;YMzWwOtH!cyLH8V03i!Q^Gq=&Krw*=N z`__Ste|3Aj@_2Q>a*yTqB?+RTfvAE@KoV}}u0_%+D92N`eZAu*CpQ9$H{Q;rUe7Qw zC8h6q^vr}==WGOK(63*mQExwV~OnU+Q@E--mddQqF%)^EA7%w6sit)Hs$qRqS{f0O9hG-3K`&V5B zx;PwM21UA~w2w72^X4t6^ij$Ph)Be!)mC5;>IFT>R~8q8JcD~@=jW-?va%5A(IShg zs*nctDUE2wB|x&9WeE=tCw}T7rm?a%xy+;V5n+r-cX$C7!R-_AtF7OIc)2pfIC*(_ zwyjSu`O)0@_$K_L&@rN-(7%1-;NbYrMaa$)a`dpRf>Dj?jU-|reu;|K)!#ci+xfnu zDK-5Vu~D*5O3JqNl)sleEh{OhZ;~=+gW~9@yAdW1TBnt;KU1}ad2@eTTXB67%nucV z`aHZVzYvOv7f+5M6Mld^-#Xq{N~A)w1zcT@mwMFKFH$JYjLpnsWn^+!eom9~d41pv zl)&!Y7}T7$=g}lGcwkY2NA3rOxV@o)Xd)!!4iwVs@l&LS7k9sZ%l;!PPY&vfox&B`n!auGRX`G#%*)*!_>v8);DBaXm zRq+~EdqOd5wU7%p>}ox?6H=iqP0gqqut%wy6I0Xv=03}U!c(V25I2LHqXeNwGd;bAZ^-pMAAfN}TAo2D#K`!>-w5A%#Tv_#?l3&!l7c=jW>r zO-&1Z@Ao0!zX#33A5EMV6cogW2*d6(Qrl}^>^MnFBMF$v%A%Q*U^dK%X=rNtF5?kh zPoI{Tk3dkD-zn)l3{JT%EiEMy5Fn5I`gQy`Jb89j3whp4K5oCq^gL-TEPM$E`@zQ6 z7Hb%WqI~1PRe@~Zwd0YCg@gCahYKDF0s?{qBDEdfp&-$|wOKk4#XaFYF&!rljtB_1 zZxI?4;=Ni7VJ;(Syi`;p5bn}9Tf4#ncGtHz)h58Rjo*MN- z$%UGamt3Df^}b*BeYj_0ZA(bGDM{u5mwGy6^$pn}n|;Pn>v<1(&TLrm05$M>tWE4s zjlc-)@6zwzB~lo%^8gBNxxTfxlB}ondG>rGs;n&f`SV_f@ALgE@sWLGc=#!8C{~ZW zc(A%!0!TPxnL=;{W22)c_sejeJ`bDW8=lTymX5OGx)_ro=S|N0g$2RE-xGdU`JAF% z;Tbxr;+5BwM@9Wee4Qb%d08a#gyZ=g@jVj6{nlh>w+jv_zu?uJ;~aoJjm#`#*>`~@ zlane=FrX^y^JBh!J5oa{yc3!;)(`cGLNoR~3v9=p30_9y`3Dyod2MhPmzEBZK&qNJ z-%#=;w`SfHy|#OtSC_}Qyk1!d)%MqIZf^cWarJPM%29N+$7}qusGsG9$$CVrp|#0t zCfexSr@LekO*OAGcz&?F)L?l>NqL@5Ryv;VSDsLjB7QMdwR$}*Y86j=L*$U}-8b&I zc36ASS~7Tj1R2>Ksyr&+vWj=;2dzQp)ZpOw+n@8Wp3k;Lre|i*;^7r{83u+$w|vg` zAwuUDE4C}m3}+omDm!!@M2(&q%Sgu^W+oQ5?zRGhzkZ2xn?Ejdyx@Jo!!z?p=^cbS zyV;%_AXc=BLXzNn-sen)--D^cHOBXr)9LuAgn?nFvU(%?`2wkMBLwk|7~0t4eFh7s zq^AcJ#I}rs1`Z4i0H|sx5fBItisiUQ91klilYspLF+bm8XBhI4y)!H8uYd59xW5`5 zrU-|a*w2Qb0qu3`x=FZWHno3y+8hctDZfYM4yQ z_VR@WoA9U32vBYbPo2FC4Gs16^-owv_=Jh;hs`KwjB^s+Pc zq@O^OaTRta1meet=;}iw+pbUNc5cw=>3zp{_%Fhoyu6&8->+jXNv2d)-$2;9&cdl8 z{5Y{Lt|M6-LG)Ht#R#pj1PpVqv2pV^YpRg&9(MWrw{aYx4{%QQ_w~)bLP3?N$!D_?Y1)&AsK}}AN z9I(oh|L>a*Ax;^f9bSq3k5-uUzqP{cU!kn5%+^cW$NEPmF8M{@ZkK0*S9;F67au0+ zediimTBbg0a|k{TQm$HASIS4nL`R`xMMqVZiwvnpk(9}z)uCNKwPF3ca?A~XdmC?l z-m7FS5vnL(Ve;35P(7UPf$i~6X{w)EH1}N}tjbY83*V-n2@qJMmClb7oyfwMfd|DtSOrL7WZ2ebRcEpIq$4uPAsA zRwJ?ztj7BB(H|~$ii4xy{6iIwyz`$yzlTpwYHe+h_GzG^fo)Q2-_Uk@muS`4WRD;V zny`tj=&Fcy?Uyp0*p#mXam8}gG%K2wJ973&)I!+}t{5MG$Y=AEPF`j6g|p5}%Tj!B zRy7F7RMmHMbhPxG={vF!H;9OgRCEf;Zb~(=zMfsQOAk*9fYvz6sQ%hp{Lq+9G<0=> zLXx@iiNe;=+5X(ceyG%ZP!aVK6BP~Pq`tnM+4AQHLm|e2>FFMUH~e|+G_2HlE{@hL z)Nea`mR`T%#zQ)^d2?#lZ^18JlxQW~i;fGno+l=SUwBE^!eYCox;2CRh$6O^`9R=P zwvpA}@2yQO?2}d&8_m_V>)Tek6N4!B7Ak&@Fb!F4RTZLYK6n?^G_QL(Xz=_qe`slH zM<$&X?2YUs~moD_5IDve#^9|kyc((xqY}nfc+8;3zA4^bxeTP zv!t48xZlN$oJ_u!r8YJ?k{{HF_?nRQEsJq*(`}JPrF{MFUMhy1W2SsUsH76(^~=-n zF;q*W$Q7p_#U6z|yL-mfaBCVj`ttt7t_ZjM9bH?my zqoIMZYXdJABVV%P|1g# z!Wo`qQ;+E1T*J-6ryI_56BME)`}_Nr`}^7p0+I}CH6)8exEs2EU9Mh$2jvSj{bOT$ zoDbh3X*y$LW6eCGz*=r4cd5a5YgZ=cN6fmv`ui+8dh}}2Sl~Kr^iW+yv8a;7rZ2ye zikh?D&e77_)6>HGu!J{#IMV${FVEV<8{KiG zv}Hb;f1LYd<}LRHGglxo&;O}?ye|&Q=t;^{)mg0%sTz1?Gdi*v)+vCu_|P}jC*}~8 zT^Ctbmac81PO4IRu2L&&w^&g=3qy)jwA1@W)3c$_Us2D0Nj2Frr^4*m*w(@Xvcj{h zmX)dA%d94{w6aQxjTD}_Q~HkQ-B`)t=S)(JGY8Q@y{B)1fNscR?wVL+?4jbC9i8i6 znd$jC_Os5?$-vc&kDsO(5HLISLmA&6`u@)8*_shyu~yxb*H&a^W`&4JBT2hr#T0M0 z68uZ=6tcZ%pkKaz>r*{ga8P}Tku!;0jV_RGIn1@>D$@0VG2OAose5)q~ZE;|~wponHo z3&k_Z%DT=R<76DPC7eZ$XcS=$|-r+xpivqP@3 z{r4^N^jp_Y({DhPI=;2}SFL*Ek^aw$)_?N182_JrsGTM0j|)AKYY|}+%;}{lpqhJW zP0h?2Tpb$nJ?ZbqOs_IAy3Fte(({of$*OMOTiAYHQoI=iAaJ z>h%^|)c6`Zg$V-D!U`KIk}nS`ZIB&tV9dFD`tUn3x(pW3CV*Ztgz%z<9+;s;a8~ zUaqcYGk8$;Yk3U1M2!}2(Q*ZsS?l6EtR((aPOi6?qE|(tSBjmluc~qXd8(RC?xJ{5VA_VHgnwb0^DsXL&#BINeRQk0+!`lR5Y~TYU)YJ$-$?` zxByCtM1{e5xt}@I*3`UX9QwHTr4%%8-5A-w0OFT*Ja4f4f{%~?w443Jz{8_S{7kmB zz5Vy^-|6Y;+`L>dabAioSjio8%c6q9^^YwrEz(j_K_w6pw}+shpiAdUbqp-5ODEU5 z3uy%#1qBF%5-qQ1e{WB0)&AzLJvNlc{$i@Qvq&*hM@I*rPAK-Yrezav}%!9K&ez(zs6A^E0y-j_QRGI1o8|>GG%db zT~+Z7zz6!5c@DfYba!ux`?l6#vr8doEiZ2fB!IIWH)HDIq}`v%t6 z$l4?^V`RE|dOESrOhHjWq4om&0Dxjb(~GMsbS$)fQ&Q6G2OD;7Zp2WQGgmk`xY^S( z#ePi?a_C6gCu@nVZK3D_efML0*OJ@9)=I-`OdS z`mW}pK?o09O5aSQBLI&xgQgT%!}^(_?3#3cAAld^^0%x;Qx6Yh8JM}VQtD8RS$mU{1c`GlrUDs)bs9~Wcrobe z%Ee%FiVY_wJRGNw@`Jc{TSfGbz&72_pG(H`|LFo&A(c3 zbFl{woRP}1vU?FAVwG1^5cC~)OOP$A68lnd|M`Q1v(`A=)Wk=)WvZQ?-l*W~DBdqR9725*^=k`j>tNFm zR^lFU5Qw_unH)um?fs|Vj{%R1hi6}Pf zA|xtm%gTz1>V5pml)*(zPHs&vjdYU-E-Ni5Nh1mWy>o1gkVjia`GqdMia!6V*RRK~ zQ_|DdT9C2OJP)Teg@ql6xBcV+12-Sn6Dk%E2nhJoOKM+rlY*$I@7dX`&@kIr=gDya zuZhO@va*rdJhu3R_^Xju*XQxc$vuaqB_&(X$2Usq>W@GI(p-E27&5uuyj;+ivUX2Q zym0+dQiBsnpAI>9zpzpHOGhAJlUU2;x}^0 z5>*`?iZU`d25%xuOHm!ycUH!e>>LrA8Xb*Z)cCWvpN|QMJe|f!Dj;=+Z|voGci+H? zB8X|@N*#4ivpI9Q_>K>pnn+7Is45b%>gb0%|M;QgyTyLt=4JZN}J;C!F{6kH<<>hjVQh!**_){$d_nn;W zMPbO_+bLngrfa9Cz1%zKZ_{qDX>NAVR!(Qt;T7Q#h-8C>`>|Ri!BtcYnvo#E41BKY)&(PpQieJ2dq1G+++hY1W)- z*5r!=ZXVKAaQC;36=~SgQLxECGJjfO+vb8DU)5v>tjip9Bzz@4&WJENU9r*p* z-5N{H$KuMukSCazNR~0_A|gD1hh=1?kNg;1VeUaZpUe4ylo3%Shn-glD06wg-oxa? z2VKzmO+D@L`=SpwYs_#B9C2+aE6m!lN3Bl~|q|kRQxU3st|yuXt}; z>mVF4dIW?IqAX^>-HU*oex%tXNHswHr`-LvwhCxn<_Pu^KtBc!g6*AEKbSkgHN+Q6 z1Y|f{h;(@yW8}tC91n-KK8FXJvvYHC+1b})3$~)=cF)wK|vVA~#)FIfh~E^w5_*^*+?R=jl9EMnTk3Xen7)AuBpf_m2dGgq?>pFdc)f zBKa@IBBQ$uPL+P**x9>CwMlSwvmq!WdPyrQcHVH3=I`v81M!w@Jy^m^^!4kX0S7wSy*>(^GexD{nZ`2qH6hK-`WrSt_K6~{ zge?t-(s-Lb;YH3O5hd-?pmYIP;SKoYUYO2y39oo_t_kUnMi#l=g!1}2q z1Fc@dDuFl4|$;Wh8lC}4>#X>cG+X(%33zO5&%=2vp)6g5z|4}4zH<>hbF{5v|TvxHv#(fA`H z6aF@;6pI$6CdBo)pv3&jdwcQuFerm^&?qdXX4XMv}Xuc5d597{7zl|Sr4%Z5Q8R?=IKv-O7`r=co`WH?vPE>pQ`#rfas2^^_ z@#vo(SDpbjefi_sz-M9(tyv{Xb6mtfHddcO2IWt;sHs$6;&Afn7?+(O$O5)#rTF8-TD1OmBWk(JHPE62ik@RGT<@tJYB zTw-vz@=u7&dfiWF{N`|teT9g-sVcfTGO{pYbXph1xD=|Hk@{bW*aT{LB!`Qrh z!Ci|pF+UIcBN&gU&(*a@O#IsS0w;s3yZU5@5!9eLQE90Vrxy~#;PM15Z z8ZNi5-?!~y*0!)p*g&<$?2r(TKZrj!CiZ##67opk;o*@tu%bztW$`wen?GMP?D(%~ z0i)On!h7gDbFrDwcfW6Lcx?!qHD(*We^>L$BQDZk$?X>NnydZ}dcpz3R3>Hye>5qP z!7VRJl*Spmzm5Fd-%bnsM!E{_Zrt*C7@3(3@YwaTvW6leh}}C!MHLOCl>ApE`1u>N zm&W~dTkZT&gakDM-%D9nRA{YKmVASHgkOcn(K4bk!e1qRjXk-#`eJ3(OLYf)7Xu;6 zufDLs!URA`1M+5PKV=JcJ<1H9ov};(-H9JBk&u?I8#?^^H@Ii5JR+j8PHakyCJ5!4 z@WoE|-$c z^XL!$xq~P=1YuAp=lF~`Odo0zDpA-Imcl>hk}mQ*$~-PVhk!O|(({DF!_6t{e(#IQ zi|$)T&vY8Z1Z?t)nGb$l}-^Ke&K7tg&pT$HBoNDyk8OxEIN$Sh6VNu)b`9$%)j z_Yv9eZ^^^wyxsnlEsoEFCoQoN0R6Ds&b;@b9hGCaWtVy3wfCaqIt}@=L~kh3M~~!5 z?S^gP=TM=jP`!tKw1Xx@wNjC%>tlQ7;%wWFM~zRPh(l%??YLb;NgvKBpWU`D7`SQu ztI&N&Sm38G4;z->WB7wsrip`GI`IjZBLd!`cN0S&o?JVY1mIeU)bzP+-LZBOmCGj7 zfkys~&ZrmN!Ur@3T0C=q=I@SLj%VlQbA58@iOET1o z9$5XeAJ`=oGkz&8-Tsw1Iy4d$9Uk7Xf2VqNdGY`dn zA8O{{-tFw}*0b@17O1Ez6M8!;E60KGA!g%7-Nc>#Inz(78Ns$!7TO|!PiWxu1Q#$A z-O}qrpr!MZ&+l=+*D{KVXlNT`uiMeMhtUho3aK9(+ek=ucg#~A zr5F6fyRM;#u~~hWij6fpjA{vqY#)MDu@9O_SC4;fsZKnU(7Vm?I2dt^s zH(rnCW?mjO!#{g=hinrEU0B6@M=+(Vh^;4yA4F$JU!}w$v7Nmo{T!B;2Ul*cpio~E zN6iASj;28_&Y5yrbwqiLhRK*V>gG1|QC3{|Q2;w1Y2zzYfSlOQ+~Nx%AwCVxyuW7v zOZ2EvZf;+{BV_dME~F(rJs?1^o#;0}UJ$D(O*1ze zo;GKuD$6DZJJA!(%*9YXr&nUV(iAu5=odI`yrhA!H#!3}uu9hG`~;hS0loBzT>G<* zgnU@|Rv!yY1;8GDTrO^Oi*h6u42p`1f4s&UzA;ILM%V%L(vDx)k&R&3eX&`mPvq*# zgI+El6}`Q^Z7;!#`zH+M04EJbVRHH>g0}rv8=FdAqzt}!+W6kVK@^})U(A(R@=mFn z(bM0ksbO7BmCXVhj)E75)#Br$i@x3Jd?M3Ez-}Zx3f+4c@4iH)arEd}>}yt`}{U z5@TKXEBQ%+Yb5z9^7#YZzYoQPa2NzC>Xx{FEc6$K+&Q*wIbYv*klY(k0SR_}Lg`P( zf$BRvB@Wqa*89_njKN*p=i_*p|8OAx-)69Z2JGI{R7gj+Woqhr^c@YjOsT?b$?Tng zOSXT0e(&*mnS+x}NkuIRP*pZS5~gam@0~aWK8S{8FWNV6VkN18F0&8fI503U4ES&9 zUcaUppPfy~&IZ=0t%FTYK0ZEv{`FOTh?0_@JZU;9FpdrE9v>$srA6QZo@Q}r5%@4` zfQyEUnR#@6i19TaiE?aK)}O^id`ild`AHhyaTweg4NY2F8YT8&aUeY{Nsy5vRaUaF zc3gZ-Pv2i(r^!7(KL_l`XFWZZ?(yq9N=nhrnf~p+$$A$TCyj1v-Cc0^*5wu88d<(i zb9<$wpe8h|_{b_~^i58#16N#Pa=f#X9k0VpY*4SYxrexTU{k8rC-WVDxch%h!|!RP zWD#M9o5i_0E-o%`6#aW?YpQefpPym~2???3fIu`xQwR;b_|Ca=8A|Cj{^t*3sL#%- zKe)C09#%-R+Y5gf-{qhDMC zLnw~9jg7GL8GHm_tJ|FSP2E1t0#9*5B7O}DKhzKh2KZS)+spLkjo;n%#YMFQI3CAu z*LQCA_PziIn5d|ayZi0m;bi^PhI($r3|>r88ylNukH15^s`PQAQ&Xy+Kco6DFK6+r zxMf;YeoshfNG5`%^tpL4I4MvRQu9UGCeJ=CcCHBlJL{b-rmu4p8Qv@Yj)Rv zqESho3Ob$lU4HvU9mG5`y0Nj29h;bFVPPTKIfvrOOXau0$oR&}$|@l#DVN?a zAw4baleV@|d}XBqu#Ce-b#?i7JRY((@$vmL9`(8s+dJv>j*UUtE=E;8DcJ#Ppy2gs zax&O^H^Up?P#>*pYqK`7XtG^tA=%ySe)VsixCN)|W0TVte*bF8*> zduVBCL9Wn31aled2H2|o-d`Rp4x?#Z7eSXZ(?(11xD}nco!T{cRuK7Yp17XSrk`^cwV79?o;}lw5O$&>SJMo zEQTxuTU$HHW1|C%Bw}vf-a?FwXTTH8@mnW066DVt+^~`j78aJ7Du|JRw)TSSvX7;= z_vpd`+SB~dHBZ(56Xc5xgOk8ZRh0Vq%@^Z<4niDV+sjN;Xm5iyXzNu5|xs= zJDB4Dt~(EV`_sF-z7kdX7;=Fx*4CF#p7$(}=EfgCOw4ntDhe3v@Bds{&geHM;uFk1 zxEUF3w7ahGxv%qX3bV7<0wzd9LkbYTtNxFtr}hW`4p46oRUy>X)m2(j3K0oGQd&AX zI=ZH}q@?8Jq`J9z9%y)9Cvo%DG&OH;Zwm?wE32x|a;FIh76X~|Jv{jN85y~`O?`ZP zTwDnM!XqF~;`4$3GFejYpPPw_0`LEI2t}vxFE33`&(G6D9UMWUqcO3tP-x*#o!R;M zRkXAiqP&E2P1-3tFD{%w?om?G2PcVb*U|_$_FujFq^arZ<3lk~QBeVUw!}n&dV-uK z40LoLvG?^#Y$Sl}&&|UVC(O_OH939w%&)1bDJjVm7{1}bnR@aO2I!rH0{4rn$LB9P zI&abNdS@c);-`=(TLI0=6y=Nf#?4MCmhJ4;$;s)>z_7Nqc4~U+PYLN2&FgqvJR~Hf zptve25U{`ydojX^Po_+!pe~7EI9g8=5ijZrO0DC;jxs5!r8ToWC{|#X9$H(UpB|5a ze5o}CBnO~d5Yi!sr0`P^kQmsSZ5-{@{`e7XuHd2pFc>UA3E)$=?oILWcwsE8tUX0o z=odr;1l>AsnVAXjH?J=*9VC%=b{gZeV@BdZ(iMzNO(l^;5os|~?e-fU>gogw zsI_%yaS1{*jVuFL}X-~{OqWg7D*})ufW}a znJpJ5r;Lo0fuSKVpJC_ZH2!DO!PRxevY9$A)?!P9xOnnpYk65Ob_Rf+h={YPBE_}$ z;C`vQx`66BP}kfXkq0ILT%DbDTO3|fQFShl9sL<4<>Hzy#}4Vpt||-($qNkpnoBcA zl3P_!Vt>|q3g1=2PIbi2KDn`>L%+Fp1OQM7j0eJ>mbY);evp;9y13~4c7JyRs zyGKRtO|Z*rj|B>elKy*lt-1O6wD6j>-@n!D?c<7tsO;_R#=A%GnO{gPEXsY_jzYg6 z-P_0h@KNrAth~Ri7%&*vdupfWwdtxE^A1a4W4#AsF{KfHX{BF`jA&s2wE>Kv$nU$< z6B53qU|Z6Pi|6MsGBPnhp;1)mAkQB!T9_F~X=^j-ux)-N`9fgwT0{g=+!PoHY7U}` zj;<~k@WMexMURSz5QE`|>W-UH>1s%&UB13`cL(PgAdj@t2=;Ul(f#-JqodJ#dyE1C z+DW4DcYZ-ZfWC1_Kfj-w(?Y^JkXBPrppzSS%r7X&6?y+&QNJTWlr3k3w2I0QHx zeSGvZwK;H;fG70rTX^OO6WXv}c^y^9f!8Z7K8N!_1iNm#udJ)X!xdUw;+UMm@oNii z6z})1gkl=wPsg}_3JDH&2P`IAZRki8x|UWdkWyt(P=H4x#nsdEzO_}*s+is9km@z}*B9WCxCvitjc>;bU*in76!4Yh39%>o=_ zUKpZ+Fra6oq&!A}+W%Go0`FQQ7)?mkt*9z%v0Ed1V29Tg1!S|lUwwHwzBYA0 zLa74M&;qezWe@+RKZGt!=pH57goaDgpZen7~Gy}CK1SpiI1_s|+ z%J%mXhs*0*TAJM5-Kje}Yw`>75%2DCDoaZKC~X(|jlWCr>XWv$u{H?uw<&3COeyH? z@8=T`sAHq$>M1}3UXmQJRITZ zSam;YO3TV51JBPd4dxymz2+33`R24pc6GLz=U<|6r~-Nm-Spi9{w7V>eO+s7d2abg zLh=jW%;a>mM|HK>e!79|uesf4XSfeRZEcwe37b1R$T}SPWR%WaKfbnn9_(xfzyKhL zgyi_q!9gk1FThLMZOLs_ER;;9-I~lM2rdfCZ(&vzCVM$r+ zYXq)6iV6wl09Gj&E{rXrA7}*O7zb2;K|fh+VP$D+%bJk9usuapQ`JC}s6b-XlA(<~eQ;U#9>Luus!5(1;JRf0sGsy^>4H%NOsLi+=^o^KxAxU6ug2Mh$Co#naTV*LjGoL}!Dz6NWmw&9|G0dcHf74V{w9|_5m z@QD!E>}82sF;XTL7Dy>50I&jHj);YV%ECU4eDMfCf1AhAF5b?j5PNJd{WIu-ghhal zJq`v7RaLEREjM=8uGmJm&aqqX%qV`mCw}JiX&1J%%)o%?ea3Bzj=UK&v@o#08Sesv zum%qt@9{+L3y*(&O^?qjrh=%b=%}c`Uba>dot|B^PMw;E6!8Y_yx#CcK}YwpU1 zm5`ZNWUK2X4sRTput1y<{{x)#+vX%MHY^zbQ%6J&BAzD14lpnUcIk22-yT ziyaV^br;Ycd+X}Tb2T_DfMVq2#0ljR7S2kIi%SMR(W>h?lQbeCqDL=pfKUPg1FMHe zM!>}J#kW8t@G6)O{_R_qwA8d*vbq-8ABoAypwwYtVivw~WTML*ghxVPMpeUQXbh^a z=eA^G0yESCuJbiqf^VbRRKUDz6f<)|W@bfEQRv05D>?J`fBt|9AT@3%5%=PAR2G~r zt?_40I+)q~+;TO@FD~tTCI&`;b2k`Qd$mHqgq>4T852N}h`a{$(nka*vuMFs=z?j9 zCE=mcUjH`e9q#&u%GY={hoC5cXTRw-@$%(LBHY{?sA^kUD!TG~NpDHFlyg$^_9l18 zaUg!V6C45$jxstXCNIB((O~g_oe?b@K8!cdJNAqe;^W<2&@eJGF-a!JreJ5s#kIHn zINVzgG6aAxAP_bX_OXVRAC6W$Fez!PahBLqAiav67t9I3!olWvjH7|Pb;Yd-#$|6B zdEs-|Rla@&=CEqm1{((^4yr&v(FOA+s7iHmzX|04YgI?>I)#?H=8vtMecxViiK z`&*itNSfg-C|>466leoLRxlDDp8WKG7c)jROS$xqwAl7}DWCnX68VgE*SsigWzFMD^YL(YEE} z;#&L6$;C;v2vS$<4B(bBNIlR%2LIC~5fqAmfY3#4QC!Bu$*HEUzQlnOlWS~}UsuZx zhC<(AGYtHaUa!#RvFH5`M9G5jSnQ;D96~}=cd4A*+<>+@99KC|K#h%wXDaiH{a9hm zf?FbzDob;_O*KFCcMwoSL;L$AwzrIX>dh@J-mB!%(Ee6ezq`LnU367a#Ca8pamw+)c*!XgP=xOquvX>CwcGhpI%FQl&J z?mPYRSVi%~6;l~+bWt_E4`!7YSxjCR1i{;MnP>Qw*0NXPxXLIf5Z2ll*eC$LiMAb@ zjPj=i)()e3BoGb`Owh5gKu=~)HkOujty2EXPe#4d)G(C-__->EX8|Ecs56VB3!w2u z&VDBH z3V01Ccq1<_7TxB7@3_$PU0x}xkz7Na;=GDz{4k;shK3@TH_1ChO>Lc~dMzH#hF&^) z3M@iGZGeG9dWlm$W@Ti(G(S{9h9*M6{K<@@8F4f?SJYUt?&PE+#5I`oz2o(lTwq-q zLsh@d(z=gZGcbQg#-gCTeq{~JsjoED)oV=xRa8}4+uC}1y6^7qCp2%}Jb_gF&8!=S z=G{9SvA5t?0mv6Wm=+ci{3XbRNPp|Vyt*RBe#^{4GlJnuN(wAG;~3QlC8E0472)~@ z=6HBUE(O&lvHD$oifml(`dD^ykLstC-`p%u3)=0gsW-Oc82}gU#T#Hd4Gdh&U_6xv z6t8&PTC%67r;_Y}RfSP*6XWv2f~AGcpQWW}TcY&(`i2P(MY*URd|tj;R%YgI1|!bU zp-{nCQ(}zoNC&)vg1uYnIUB&wxP$xhqQ<~6J@{TFV?W^DJ)bH_u!7W04xbdlU9-H??KvUJv7U1VMG%|!z z3ZUu+O2#IAEid2Pi%Lx`2@M77qv`QEtv-qFo)79z4(7o>YiqBs8~!ym(bUw)ASVZn zLypE9j9RE*EH`i%%mzHP3cB;nK?Pi?E&w$qX68TdbN73&wwC=nQO2i_XY`6H-*ADW zr?Y0g@x_ZLE3HlNyF%Ks$UC=>oVkIH2aMV$TUNL7oVmcdxVD4bGq3`zAY2_qMcSbD zYer{n09I<2{TU!_%_UI8T@cTVF!ia+bXFAk1(wKeq@ zS7+r*92(YNto{deZyl6%`}Kb~#myRNl9wH(}B9Ne4&lBGMDS^C0-a1Jjd z&N`-#j-Ke#u*0*FuztU$Gbzbrx*XhfbM34Gj87i$l3I@BLQB zzP`RDCddnz4)Y)<-Np`av_l-d&d<*Wt>yS$cuNbFl`s-O2FpRN8RLbyd3lauI5%b82=fXl_}Ce)u)tkLab`Zb)O~Lp){$Rs7oac6LGW^Jjbhy`If3 zK5k}aj&E-sr>!DFOP#lJuFnMNHsCBBUpXR-d-oqCU7zH?Srh+TPyRmx*#V?UPfrK7 z2(k-6d(Y>4aq3e2ZtQ7l)_9OoeECsf zIX^$&^Yri26p&v$S38P~+}W|r2SG4*++0i|*zAHQ)$xSk7L-m`CanF_B*!H-1lptK&vAaW3VV7T)v|d=A6?{2));Kr1nLqkK& zKK5%}hR>#qm35opK7Gg91@pilAe=)`nmfg{|IoD#s;N6heb3Vn9oELY4he2)32&mv zaI#^!xY1JU0Hd3Lwl*`foH}u`_}30~u#2#1}NH{IQw z?$OZ50NIEpG_R#o^6BwAh?a?MN2Jo!R9z7I79EM1AF^$XAUkNTT9EMQwNzV zQ`3U^`B#qvJ+A@ZfUiA$SmnNAC5LyvYw{?5m6rWw9Q1{x<{u*tIr2r_#(TyHz(qp) z&9tBZC+K@IoTEF}zH2OF1mY4wToWpEz42y6=WxEUu_l|Vstip`v=pSiR8)`(z+4)0 z_pX7+{-Wi(k#*39&bAM40GalAMh#L2UM#kXfNy(d#vPp6 z{QH0{ZJ(`obb!MMdd?Fk=eNIppIHOm&p`>W(Aaiy|MOIR3hR=900f(l(rUwTJ_bDVs;l*1rKA+sp%%ldmkKZLk zK|vmXl{Mq+CB&PXN+D9VjPS*cY^l&tO*Z|GetH`to1v5_iGKJ~`LAG%da&*Q>bxQn zmgdM4V4>lL{0aSBYN}FvqBS0izx?eR>G=3_Yo?+>z%!j6)S|;BCH&8Dh-1;QYU`_O zYgSVttt{khpl&Lrr)MYbvv@cb|IxsbPwBN98FSGh2WL6k z$R5fSomk*mkozv-iZ<;qNXtWqfE1^m{imE{kW+hk=~0Ko889nGBO)Rq8PyA{jhU$< zmXxJck;Di5fJnuc8`FVzK=*4Cqd-WQn6_gnq@y#dSGSYtNsM0gIYGrqg<$cCPAFQQ zOkE~rm!^U`v8$_zNk|LOsq3qbIft%HOaAHF&`5#H!tNJ@GdsGY4X z)nz$3t+c5jmR43qKM@}?FnsmpO78s*P8cFTeF@#aAb7MfGzA#55W;~_MQcOx5yy^h z6%wc|A|guq3k$DoOIhCHTo6%qX;Y_!m$il|J1EpTT%>LnH7{lW`}$0O?VjetZmBBe z*Jq(09NnEwYiVRmq@yoKkjP;$#lpeC#Kd%Qa|)`w|Adh-a)&>kWCCPZ0NE2ey9ZLk zY-;mW#Q_3Qgw{+b+%g&+-qzw_Y!O$ z&0;kQee&?z5s-(*^mgNN{1)VvmUUXV0bc^=__#R?zO8IiN5{m>6-GojxN&+l3X=8R zZ{N9Gnt7iWF3QhAn_XU~p(B_05Q*q9Hhu^KP@D^c^zNe-R|w0^I8$YHsCVhP=$BST zdzC8ht&Oc_XO{CO-CJADZm&@*|4>s~_dfmo0|thk?w$sIp`5!eZflT8H36ahEcnjm6d0loa?7Ms!~#m zoGaK`Tc97HAlnAl7;tFf#h_`}SZ^ra1wJW{hNDw;D`CTSFDfkILO`LV0GxbU%-_ABX-aC;jY3v27S zg@y3&(6wAGpgQr5b}v7ipT9M!m|)e)AUvZu5Bb|1N&h(%Ir88U$H%LyMfS~(hW17v zK13gC$Aq5W#*rmE#zP~dt*jht)j7RfT2v&8v1k`GKtgg4Gb`#v#ACOvRRX4H2jI5e zeKd#Z84&K>9NMOMC{&OH$ET?Yo&IAdO-*z7|HSy$)dqP8)}ny7K2>kS1|G}L)t}=H zjeTL7N%$aa^Az)|MiLi`g=AlVs;>Tzo(~TDLls1%#GW1vq(qza*bc{U@$p-qJ|#;| zpkde-yJaH9g`J$8KTuMI;s<#UL8w9(A7-?G^qmfLAjbclnBN$Pohj5nfqosfFF|%?~ojN1>270i)=HM-TEpe!P2%wc>pp zij9j4;Dw#=X+oy{2O#sdE%rY&X7#SFW|x!REn)Toy$YD}Tx*@rj9vr_>iqIssfsNJy~oWnNdlEjOr_)faK> zY;5#~w3eH%niz#{F`1b7kP00nF2G-k9eI0s!BaGs8;Wt{c;&e$&YE3a zombfSzQsHv@EqgI%=m;TmzXlBpfc z3CYQ(_V&FUfSCY%Zj*)*;AjZrJQHdM6_tCcRi_?AlvRL2bml$1`o_*{1t(1;8S3?B;%YihXR^uZLSp`oE9 zr>xfdL8z#IuQtlS!2u!d&+p$#*&rjJb!Ns1Jn!J7HP_Rl*7=RL+Stx#(OmtG_8i7h=bz4)E|kFbwci>av=XhIbFG!;ijM?uZPLORyZXzVGNK=nf~l2b2B##YlNV1~^-iBC-A;p375ymmTaTGvE06LF5ax8-s()Kr4YZ3SgdnJG;{@$Msg27~*wxZCTl0 z;sPyGSEJ*gWB_a=630Cak}dZYrl-bcR@li0dwZuRXJVM2nksNFrv0})ET2E2jCq@b z*wq5G#os^+0k!~wW?^Bi+2JX2UbI@uzlfhWf1{F`ujLZ*CthDK?(efvf;FzGMDC?b z$=QC%Xe2|Vw@Y(DEy^+4H>QV-h%XUx)HGFN-bAyoGgsHuiKBuT=k%1@to3$Fv$LCKYjoeiip%lv*vVyQ4+OltUk=-*dKSaDEd(LYj%74OSQR;O(~2T2H{ZpzDzmS zaHEu%zIXaYw6PH{w+Ud}icn~7etvdAK_n6w;td)@i-QD2Krma^At5c@6MFKaw5*i& zH-FdR7+&LDYddnk?_sERRmP`?HtN}hh0-P)=izr>DgcBI?%z5NQnuYubZqSCs3-|| zcE`ZCGEth7!$zjy1hW;x!-rotbY3~g4I@S)Ody{LKN7rECO+U#Eu4(}bBiK9ffxUu zK5F2FUCcbR!&)1Wj&{=C4hHRjHh>?q>Z=6DL$XbgwILrKHIaFCA&bmhK#)L77fVySOU&u*3hy@?&A0w5~!-!JW6} z(6J;YCW|3>Q4w^MiGi6Lp@eO=@5&Kq^o-QfXl|XD2!+$D-0`l z$IBXVJQxKnhJy71V}xI8E-L!x6jgK*_Z z1P9A%s;G$yK!Nbi5(tcioB=MXUcE}(cpE5d&^qwn1~LMl;488;Nn|HjP+WC%{lyue z7P7GU`B`+#_N)A=sYJl!>Av^T;H}140N}hR!f6~~U}Y3U)L^gWt#J3!>8z+vHlLf1 zuUhINu;qg;oE$~s4b+T$7!iw_?nkshMJjq(;;t!V((YSY=6g&(1aZJ1IUvv`l91)~ zla$lKL#Ca}JtKhY7(#5%-|*jILnZzY>E!d;Mp{}>ZgjX`npr&R*TD}GS)xEgdtfO4 zlAPuT{T`c|LV4*mO85w2V0Lm6y?~?#W%RrXVHdZ@Z3q#;V;RsS5~*5A%Pe0as_%QX zNWLvCP&#a;hM|w#3wqzfi^y*m@FqrZR3%=OTZfZ}C-gd(;bp^(u?4zr=(d`pGVAd0 zP+fJA1tF#+g_v2Y%PAqtTiT~lse(5OL7!f0DXkjV_hvHPA>S#k{J|m*f;OsfG{L7l z0_2oLk2zVg^EPmX-rcGRkCwvFZey827V!TJ{`p^bQvYx3s{d!dsa1jMpurg|S*U@~ z4yPQuRzfBRwr?;vG5yO(rSO27_PNbtj7G<8bNo9$$Mq40KIm&gDX4=$45qH0{7&EN zi2!5&SbO`xfJ(#K_*WBdK87E&y)@O!>*zivI<9b^Y> z>+HhZy?fiB<;SWQK?VaGd+TKfSU1k6HT3lKOie=_I`a%1E&JiFwggh$-^OO|-L7#f z5zzghkzmPqm-S78^V@0DdcIo%8Co5ey8oj5p{O}KIc;riX?cNB z0W>CXQR~_5A0Be3KxS$T_FWLHC~9a-FJ221KzfCina#k+fOt(sMSW8f1tT1#$B2Qz zt~53__D5ob{KQYquxa}?g1NW74XGtyJ(chG^9VKp5Fs!h!2OQN0zo$wX zHsQ;eHQ8wRE1&VbTM!iH7QWA4KN1_eoSC_^!15Tv?J5g8soMhr||J9 zqL;q~1u7k60s(#io?9v!8hfzJZ)|J;U?J?Xy*eHj=X3b=4`@zh0nGJ;^hk&s$E6ZJ zgj{8@1KP3PI4bY`Idi*}Mi`iw9skt9l?bgsMA06}7n6|cVpWzzESpmcaaZ~+R+7YOElp8G$^rS=PZ!fO{z_~hcmt|&xB(d=wG#C^qHI?H1*RFoRR5JdqZ*Wkz*<)>f zirFwHCujq-rou#!{B!!7hFv%-GxJgOiWC43kPQ(3puq|97a+-xZoGT$3eJC!pRK(; z)l-+TfdQmQ@*VOqp2zeZO3rNYDN5;XwZY83hGh zd_qPusLlb1MVDJ_Mfr%G6OzTs$cS&UsIIF1gquSYL2%!|J`Ul{@5?^?!VQqC;bLNM z9{<|k+T2`haMYF2`LiC11wqdeFW_lXtkCD6NPPPiQ9&l$@Kzwqz&va04kG_DzLhSA zobvMh+tld#z%GDE$xKoL$0sHrAMy)W&Ebb~&y0;Bxaq({{z3)mBZ%~3B%eRWV3u2p ztI?QFiTKQM%t1Ayq?!0G(Kxbl0RTH_UCG`>fJ<6z!^qgt6;SHR^9Cs!>d61`ds zKqNzY3BK&PA(yIZNQG_-rgdC#J8x9siZCX^+(p2^bQyy}f8V=r#5AVh%9U z;)l_ggYf0&3D}Tr>>LTdgV6181C-~`=Eke>3LX6T>Akz}xnEFIgPhq?Q$zG4%&{G` zn46njK<@mZIs?3ncRC~cPDUkoNk~X`8VbW2A%I&>*nQtdR1|@26Wqup<)6ec!|?eN z0sKorh~js-4YVw zw0V%51l865_XbS@0pZ(-JP$7qT7%?I@L39@Pu^z{JFEH1_DP%9B90#srUJ9b#=>E?t}3{7O+}r zKflbFnA*Hx2~SUfYkn0_>*;2ESo=EnjXt}%RQ~i2-J*-5BR&#jk3h`zUUA%HQWDUd zU)@qyRLsp8&Nmp+Y0&y^VfN}baZ#PIvXSVx_BIv*>^L#8z-{CBhUVtzU{EH#!QtcJz{6V|Ep*@g`SalF17XVCz{EuNTrtRJ3ff=f z{j03|JTN>whnI1^xR~+rql~NrM~4o?x2&zfkl9cU>P$DHO?f%On|M4@(x^m}wXP6k z8hiWKJAr>`=uYP6?={|qiPgl+J>mALxLt=}QCw6MFa!ZA;h~{lQ#I9u(?<0r3V|OP zrvq6wIR&|)P1VJb0-PuILF4=l5UI*QXoiQuzsQYV6_te0;+OY1&d|>N(HZ={9~TII z{gwtge4`Vx9sb$HMU%v>m%`R1C41(2@B=FPHVXa|6Z-B}C-=XI1pPmNu>MEm1+NPH z0Uadi=Ahe+gB&RO6#`I9w6wIOr&Dw^7(A)l*(tud`U0QEo8!+Tigu>_970^*mWIo! z`XMO7NREpzju_qmkih_vzGG<_930#+iKe2V0i)NWX!O*K4EctpR30&5PcTU+$pZ1m*`p=+tk zUfn#(1HUwjj;e89TsX{ORRM7$DtsCrfbb9Wm4=caSdObBsc+{K z6MhT77ZkRjjVotU+;D&Q?)2ou(%w3qjAmtab?>l47!8S;d5}XAG;7h^lQW&P^w{*z z`1ryRL=EiRNWeoyy}dIrK_Is>2o%1tgv7zp!#F5-@wP55H3bD%nW2$Um{`rii`pIz z4(;;;1c8?gvwJLde{aAnC2^-^r?~j|Gp8ycJ(`e?8~>>&;*HF*0F%1lAt9RiIcg?2SegJ@nkuiry zIg$b6$W{39SX)cW-KVh1;B5i8kk3zD!jVxvtFOUy=F=>K9}ob!_Rwn~qh4P927U3X z)3fvYaUa9e4cc^{(Hwx`V6T*AyCOWD*$X{|ZC%m3sjT*4o#5<352i*fJ0l}FhNGe) z>uNYaF1yV9J>COSm8YLP=;~byMmQhn9}zb&HSM14!_&b!K2cRosOIDp4+@Tty$Nu+ ze)2$2aA3LzbscLAEiO8`Pgc&`(-SZz*%z|%3W`R^TL%aBc4mdSr9{N!fx1S<#_HyppbtYuON(`PbAgLiJ2m~Mg*6W^FM6yfUNaD`S!tP&t0igRWYn=dZRYGu zXc%!S>JO<)Qt~cDD%pMe!#v-xaRuN=(t~V1|3ev%u+aR+^pca^-A`ZA zo-6RoAR^d=PD`|oBPj;~1?Wu3uy0YrJFRi&&R>vJDB_&6aH&xYr-zbnD+B9?-~Q!m z0)4=Uw2o@$%1rOT1my=zl`-2@Vdd=PP)~PF&6oCkJD0}b^BM5|bFSOw_G@}L{qNtu zWIapGp2o1NBpqU8?oe=R$om)ge*Ln6XnMP)2AuR@$!!mqKJ({RMn6{N|+{o|@9(?7+kHb|~emkP5ScHr4fh~V=C|cEI^~X;NV&dB7=Dn?5 zD{JdJy{wLZNERN_iCvbM$;-PqIB>Yogi(bdh*y;4-IXi<_%TX>1y}5l3Y@Us-V0xs z>i~S5z@DL`A;k)mZp?}U4Lt=?&Q~#|o~o*Gpu;X#qEERWH1Z2U-rxOrJeuAN_MxV@ zdWLft4kQSrFhwnw^{82fL{Ea9WqN5bp~L~NdY@qsX5N{Fg~1LWqg*x3&8?ZE;2}>5 zdP>jC6&y+qwQLXVWdNI)z9z*IY7{{nE~KKhK7IYm2+W&eq1v`b$H(%|p94D1!}CO} zrn-6q>>KC?q!RQwG~s&hl9K`JN=;2Qi2qoeqqm|o%8TDc7|bsSxzu*X!+$;cv|hd9 z=6aHuo*sN)XT3rFuWw{va%vs5%(=Sy*oo7&Y!O!p?7<{kg*kL$b-dGS?!@2v$Co=l zq(78d!6T&lzO}x$zonw8+ggGe0 zX79L&#ix>AzUN^c@^Cl>EC100ObhZZA5)l|dZgW57r)(Z8!|8u)zIi^7hRd|k$&}p zVCTru5%5JS$~|@Uq@#oLX_8|y@_R2^hK8n*+Xbm~ zZEkLY%tFl@R<9_Bd^~un`Si&X9Gb2UGNKDeeJo{(%2W#^CoSfEZvn}R`Ky*Gqe06^ zcVC|R{D!yRn+&zmlZ=EU(0Nveh;yR`pgQQTbH5=(d=9sY=*9FI2S^p_1f}jGD6!4pUk#>aF(2(#9;$==-5_#vTBDeegT_S&Nz#Ad zW!oSKrUCIgdhMr`D&6kLCv1SsZ~1H{!4|A;Bm= zTN8*?5R-kXC?Paq$mG8M`xmwmh2SG{;DOpwzEJ0VdI^fPY)ovdmzNh5$*y1cz``sL(QjON@kM0pxtnTYV)+Q3uVUfBxTBWGjYM8)2nzDip{VDNM0bIU$ZF^bTvd(y&QVC9qy~E%kSzueH1#yx&IZ2s^`WD? z8!G33p+`l<2t0%dx$BFIuc0nNKM5kl>+5Sknl?9nQIV2*Z~U$W^}fbau|u3Eu0D>2 zUk5sT;Jh&iMLp+Lo1N_weW^1zKfuZTzyqF5My2yFb93Y4_*{g>+upJcV|r8vzjgv` zNu`mO7ni1pNs5cB-j*F27}*e!+)Mb7yaUpc{jE3Hb<-NKTx2#W>)qhAOjv2PR73;= zZt5Mz=g-Ybq`=WeK~DbJvZXHq9c0$qU}UiY2jXCW7ZTTq#=y+PgiVXicZ2qvGq{Fi zO&Edd)74!Zs0s{3gg8lnBt61Y1#wn`pr7(-Zb>B#b6A+y0*@RZR8`oJW1S&ELnXz} z%0oUuiI3kyf^7uK?9V7?(Js+5?#)n zokcRB+S-;8eLXI_zuJ4|;yTy-!bU#2$v}iLq6vI6uRU)QH9|l&QNplmWtA6n4?QR- zXnkY7v8l1Nv|*}L=_?feSGJ~f*hZZffeJQe$WRz7|K}eR z#5II9_yNuZmIv@XehozITisbhU5RlqY3IKu zxW8)9>&Mg0k3fZibmP~$V_7`gl`Jdl$j!@}Dd5Y*MGrayBL|1dva-8*q5|4!&>gDr zqIe1bl|IR46N<>k$sHZBDjojf4Q5Qt-7&A1xbDCk773r~YCkV-YilbgKyjn?tb7Nf z{D34sZTmC9_bIxMF5g@V#+n&e+dlL{z%PTqfp`Tk4zLHrbGo`$)#T)e-4Xc!ubRXZ zdPhMafmhn8=H{kf<78x{Mn;ES-CXhu3JsX=G0o>B7kmNE?H<#6Q%Onw6YVMWWR{m; ze6D&c=BP}kNqO`DR=0tf(ev*-54mOWrpZXUrn<(97cXW(pv^B-@PHxD2*Ne{2m8G| z8meo5gID39-OBFXUe_ZsHxv}lBqcfz%5$h3K!PAE1&*UtGUS2qANYNITJ)#)TVtPz zuQr6{{P`+9hKuSOz#%D|BixXHz)Q!5#L4=J7*{nEJ*Z8Xu8gmYzXrTB?ulLEUg^-iuZ^s6A=A?-KnWt>qu2%A{vibCP|#2q>tL*} zF|w?Zpb|(^Q-K4ImvetIO zIK zAMd}f(a}k_v@8Z?G^C>UWu?5|J^0a^f-f_ysi6XZjx;#=U%%diSWuX1FW9K`U<2F6 z#qH39;2Ad_Yu9ORb-Nx05%d24Iy54&0hbXth} zz_7Eisj1;e&&nF@9~l{v#XUT^i;E@Y1*;!mmId*>kI&xXBFlrO^18Z$FLND>;58>Y zBS3w<%=-c}7GscegzAy{hBeRO6gDJa3cUR)AonsF+x5b2DWu0U23k^Jg1V z%i^5!*zLW&((1%SfVTv3dDN$X3{#T=#hcnvc6&Qehc47T(qXWkk)Jt3$4(JvL{(Se zS5M4OnEN9!Fn)|=ip_97p_@F~E_$2<9%OJa#aQ_G2usokf(^T|y5$aOMNZC$qWVis z2AF~Xtu&9yP>hX@U>h1`W@P;QogF<0lqcb#VUL*^XXmxnoMkG7A2D65t|H_wPIjRi zg23|L*ZUXPWVi5vJv*+NW6I|*wNo<-6okY(+XlGCrr;s*Ap8evP`cX&dD8+HEh#yz zxVXG$k#OS#0`DFl;*Tuj#od9PA-DF$>T>|l1qB7QCdWkEVBjt(QB_b#E?8`K{0k)p z*~h0Dimldt4n8j9s7~U|A0>~O=>l?T2Xu6FfQbRSdr?)yn-{3@H~A0jzK%{$Yut6^ zNkLc8R8tFJoE{$!+xsk;WNBvA(E*GTo++}Dr6Ue{w%x{dP>eW;pOh~r2!50r28?;` z=}Litj9WzHZXoPRBPKRQhWB_31K_wm^Cs~?MhOlF(W|p)tK@DtIW9vo98}9-b1By2Oj|v$Uvtx zUSA;)6Pb}~-1)J(wN+S@jW9E+PvLq>~IdVMtrxy1mv5Z?C0dz($ zoQ@&H$YR_aRk8NdCxSqrvfz3{CLtwJLed!-8y-Guzll>qdY4SQ4@B4>SWb2&B&}f< zR?jda3^9w?XRdU`i=PI-$HD+%+!oZ1PoDJAP?NmDL71y#jjMV4b>e|=L)Q>Uq_6`(OB1@lnCmjq*~xbE(1*dA-O zwdycC$FCYl9>p*-GQoOL9zH&hXwfrF-etnI4|EU>c;-Sm2RWKb6fp114S4`;nHYQr z3A9ac-d_7Mv({GEioFSJ)l)Nhpu%C&)dnQ}R1ia{11;n8NI>EzRT^w0?%YA1T@QlF zRXO_iuP>;Q0S%gE78Z_9CZQnQST%@4IMo!>qxOpVW?^q1Tv|PV{qHs(?-UKX7bsz~ zq~(J^yG%uL$#nVFcfHS*fTUVv4nt&Ik$D3O|)8eE9mPT(Y6Jp#6@ zf1o|=2gVix#Idd(DZg(@r{MhK;XO6&#EL?NJ%R`-4jHs??fs{zIYMG@GBeqP*u*#h zsEL+%Ce&bjM=w9>ln4_?O4`8w=AjsGK8I?jnVBSFX}Wgf_xIyI=i7Dw0iil>2ja$s$G; z|5~DPEVR~7=VTh|8%jDLc}IQ7%96ko;v-^q_|9xYD53U#yTSV$5%|5pn? z^q=>Jhlib<97E$1a)br~Ktf_-kkCJb{m&4Y6jYJF@rj8EcGdnph>pfKybc6s%Tl8& ztn~t0H7dlyGcvORH%8n8JYXg*Y_u95ABVUry;hg!iW<_Xr&>XdqK1ZR3-&GGC5@@% zNCsx$xtI?XF8X1c=Z2TF^9j(5PdND72~<^8f&KE@IxU7VTGH9s$!@X1?|3sZb=yJ` zu4elC_wnG^tE$Dz@U8Cb%LK_#<=s0T_#=~tg%l_?`+x7aqYdWnhPTUc5BhMmR<@83_1JAQ;(7_M&ouwzGuTWQ9E4OAl~Nd%-}MX9QsC+3GFP;> zw@*)df6M&#M1m^*?_Ya=g@`ziXJBLCNcRKuGxiq(-TM1vHx|JX2R~j39Wt0IKzKnn zJSy@B7XF!nd5Y-jv{+S^lAJtHMeg|v4Nb>qW{Qf6)Q~y_AxRJwi6Zo?179NI?acr) zyQ_;!Wfv@D?2s4yeTUxynYQ7i#2}#fs1Y@?H z&zC?$1YNenk^j|67FgrTSXd$dElzlK;QMV?kDl}{8S>xI_Aay}?m&2mH#;{sQ7D!Z zKI}NB09|``H~FVeuo9e}m6gu%Pq%;b*u+H8X+Z%jc%FfkiQjtWF~@7qTvLDg9<&-; zS;0|uUI*P6%>g9H+$JzPI4CJi?1M1jKD_`{_zmZr6x}xN>NH*LZCDhb%>>n)T)5P; zZ9td7rms>EvUF6m-Mk0jPQIlnT?dv%tH{gCuP(ktd)?$U^);~iAIjC$nBzFh3q?0x zR6^jT(*eL_gvaJuijqoSTif&ELp_w+FGM}?ONZqZV19rzMM6qSOuPw%umHrdv)qE$ zqCxd_b+MFB_xAQe;Ie+2l$Z#?N)V@X33=25TjrHmCmXXU-+y3UU&^uHKz;{Cq-Alj zY)BV9i|3z|oE$_XzH)t44Gp-?35ODs=%s)t2TcNc0DSCKu{rq-WO?DB4(soagtlTX zZ4UaW%M0k_QxbtDYm3O+0FV&Q|1R-$dEepL(c7ekrRC`!zs;n#Z>8xRnjoBm-*-1D zKmYb&`~3WcY~>G}h51)G^B@k1i9io$kByF&%uUD*f(HtzataKSZ0yVni;J6u<0mKa zT97Ruxz!7L1jr@8C!?kY2f4uSqqlPJ*rYKq9i3d%)RmM9I@8Irk%t*z@6Si@0&wR`mXZ zHTq0bU7Hc&$?(la(cd6lYPu+y5PnAnykfzdH}dl@R=kKUb&ky0bkJmdwFVfr0-b1X zaq;^4%2_3WprY;k)7u=nd|lX~4Fx^H2TKq~T1EzBLjY~S)fsxb1bO_rp9-t#&F=3VW;-5tdG=e-9N&?EgogHw{zwrm6@w{AH7H{Rg(QZTiJ99h5SdL>+ zh_gAUsfP^_61EBo0a;n_+Lj>VRyH)0)Jk=*c6XQddgbm;8nwS?^DZT6 zRf}KJg{c1ijUER}d!Ukm{mapj^V`lCXGuvP5co4n*n2Rioz~qg1;}KCqM|(ZDV7ZC ztfQqR#*S}GOI{v*-}J=d5N{c{#z={C-o4V&GGOd77T41&&&b#_*L8r;86u89VMIYf z1Yqw|larD%QdR6v1O#?w$Kya-4B9aKU;DdnBA^8uAP_hO0omACd`}oENz1oo=!H@s z>n!&oJExqD^Bk&2p8y9(0LP2lv7Jag*7n!_J~bto?8}!GMUQ1_YHA+9Q2tu@s1IMi zm#!RLOFOkQy|=p?90cMw@haNNhNhN~PWBd$w7#(s#`A@h6*OH486nB#rEFp%V=*xg-JKo71m6*nR_7t;Sj*K^6?98cu_`3NY-nj^ z6kQEB)A7-9m)`jJ+rREoSswCZ-=_YS)=5iAeJcLs;pMe$VGXtt`iG2+w?E6U0`xK!d|;PmXn_3D61#+F?V)n7D96cu9LGIW#-vP(;& z;n_t3gA|PIK*$GmKtS!Gy6fUdPh(j!S6eL)4}d^Lr(n{Q2o4TV0N`IgdTbSPzRA?cDGF|HSgj? zhmEx}p`e|u=~vDMet|bEb#e9P3JN@3B7#go1z@JiU1McqNlhcmyP`wUSn40ArovT; zPcx;bW+oyg+Wq;I{5%lc%7D+qi6sdYh4t}3J%b`5QYBS8%{bA)q0JS-PmGXcZQxmpM=u&2HZT zxEBwkeUTvk&aSLfQq)K>Rnkxa_pVqfEj2N$X9idq8h=PuwF+UE{_E!Cf@gx?;X>*6 zI)4LVMbBJom8OcCKFv?glHrqtG1=Kz;Neqa3Q-aghVCP>KHz=y{`*(9HNzYhZ1@`- zvddWQyj+}}JBO!C!P8J&`~(IY#zP?>1-RUG*wnUESP9zldQMft!V5V${Pwn3oYzgF_J}7S^&d`_!iz(P)?;O~ zz9_zA<#19$BIA!;QN@Xa`v&sl*H(~LF^-*rSR&QM4#(FAfENo_VmI?S(U+vT*n`1I zp`j>R9@~X&>>rQgw;)v?xqYigTBetZOLc@jj}qW!>{oM-0*I_(wBBXn?f?aih^{T* zpA@MTXbz_qDd_E`b91kt7{RA#R2smQk&!W}q#3Fp(GNCosGCAfO@QM)rU|WdbWzIw zC-RNIs~+d~PPO@H(z|zSav>ynn6RSYMg!9`jh&&s zA;7BkF*`fMd-C2kn7|>T6umvagHx&BMf@h%*@CREUXH5Cmh$u0eFy+4$(|< zj$vpYb$3ak2&v=dgKj+;6d-tdvjY>t4<1GcQb%q-P$cr^4hdXhh*MK1tG1>35?N%om@ zq7Ne`Gb`(0dpkZcdHmZH$a-q4s>D$B^|PGBxW2a8l`kGh9Nq?T6j`DZcI81LSg$B? zV?WZK48^Qg2nvOOH>lS!%tI<^gAd>3&ZUt*Fk)UH9U2|3>Q@+7dUs{Y?@oeZ!Bwe? z9&x;f^8GgR!;wC~dA7kDCwixtv92Nl1zjs{QFD3}myTQn{0X-inypWl4RdlpEqLj(#uN&g_r2OxTvV_* z4zvthBZ~GiJn8`xB`vzR4HYi-Av7JWk10(|P3vkLq7J}bs)4R|HaD~I^T*GP-Sx?p zl^HOqrv&u%_h)9TE}kA9I+#fdA_*-BX{V8oD8_7mX7YOk+E+i1t21wzJTKyO=oC3!m~?vq6k%2SGR$YEfV9! z`FTm+bJQ+~i@E=`DTkSPfSH+D32CGbMt{bVk`iFiK%a8ud7+eG3#75ZsG%_pYb6=jr(=HxI99lQKWf+OO}C!gJc%fOwspES6-ELsi=Mk>JLxM;bseD);^D(aO)2kC|D;W;>U7cpj3g*x8$RF5hHiW&QZI6N&H} znt?%}#eq)-(Hp?dU0s*Z!PZ6Nw@5|7f@4bPO&{?0jr0i8J;kYe-=al+AM2s5rJXqc zBPLFr%3RF6PoEO5905ANX?==pkYSih_f|3X+y=uLK?s{_bZBU7W(o%jgy}ew6H37q zGK%9~VM=bwet4u5iD~^;UXbcF>aw^z;${$_bD!K-!X@8fhyU~mj$7TJoE-JOoeh3K zLc)4Bg56Q}>Z)j6hCqO)Jvd8CO1_g&eEMV(*;S9;`pDXvnSr6Vs_IE}xdDnzX_=H9 z=*|%VCR02(A1Vpx2=dXkWaO>J$0vCO8J!b>vb`W`osG-=K;`~gHzQ{Q=e#cW;zCG3 zP_!4gct~snA+4a0U|4wgyOb2lU%yB|iidc$cJZG)AmANn}bE?~Z3S)Vix@^m|W znEO2tX7h3LQWkb0ApsT)jq(5zWK5DbQ1CvL72|IP@m-V`Z;@#C6d}!Q|J?9h>1K|w zhtU1Vx;oy;eh9+`%Pe*oo>Z;_7idF%@*}f>XrZMAj*hFNV_B&P*RlA1$=+AJ6uGnjhNWCLmHt81l4VOOGwtz}h14L?7BfTILJ)}d*|7E@%P zEbS$P#n_Uxo({dxJRYuo`7$?Vl;4>Q&oJ%SeI++`+zY@{Jr39JD;gSxr1gVf!kCa9 z?pkGhe2BT7fS{ux&#%T?aHbu8R!%_@X+(K>dHZS;zYx4z;sa@Xq{_;AvETY+Uj~04 z9UYW-VFnr2OJ}$sZOK^$?Fj#q6eQ!=gii5bXXnpyZ@#Q~s;QaS$a5%ZFnfA>xM6&pX{eMf%T&=xy$E2R=%yAf2k=~)Xtewtfn_7BSf~Cic z*m|0s-_?e}LP8zPpoPE1o7N2JVB+uSBYa`uFa|6t$1!=5igZ>&srQSPv|gHm!hgnN zbb*60hJLmZy0+62_(tw7? z$48#bQ{1yMwnPM9@P-~vs>l7+#MsdxdB`|Kr`PAw&x>W|efn^reYk8RZ}Bv#$DC96 zGFVsb{k{Ux#_e1C5_2UZ7H&5%bMIJK@BIAv{l|9( zc~4Ju&vkTMgI@sf5E45N3kcDG;VJZOMH=idBBoGR`SNG_Np0pB|IE{>M`;|#NopeI zqjOvjl*~OZUBob}cR3C+oGX4zB)`9T-f}fE`CfauOSRrgJ8$SDY&kICC75EhLwApM<-{$e*Tm|n2*6$ zngU+c%?>&NF)=Z?Dhmz$ zDcKjPlTyWbsQOU??Vom;HeZyte37GzIwDno(T20)(yWQT@R@sW`A4NK5gDJuaM1N< z6156Y*;`ofgGT^#5-wK|pg8~P73c{6T==_e4MFBk|JoWIj5k6$3t+2P{iq0y4kZ0S z&^@Nmqpse(J6bwAO%6A&flS=I0q+$6f51)yfISMXQct_(20IIj08ts4UI4Iz@*X^T zL@De*E69Y|;}1(dg@V~T^JW~spys_+4E4A33+I}VRkjTxpXp!EyiU`eJAV8@<0VD9 z);#A3Sq0^5#vPp-{r9Y`Q(Pkj-}b+A^*J-yC~+D47+Zhzby8q;B%*4cJSM3Nn;so5 zxA{8)J1w3Iz+o0<^l=tko}T`_%gip32kQ&GU}!ZRE?91NU}>5h(|cY4?1>FLZi zmr?&b=pH=Cha8K&v~RQdrKQMOu?Ss)T=ewMp8e}vlXxB3)O5H?)BNx007%B_>eeJ7 z4hs7p7nks?ojEHR{yKfqw9aUv z@tkS{2)yt=9k~DZYnq+CTthnmpyKr6qMC^81gIijJ|6mv`1r$pA^YC$9>9|d3-f75 z2L=YxzI}wvQlQu4hK+2(V@IVBL+Cu~DTc`Z$L$m_-4c+P!|W*wPid#}EFI+URSr&- zXm(we6jXG^>A$(x(fXqUEi0jD!>r{?@gZv2kfZF$zcGuee?MzS%IwTt+4L|dgb8^) z#+oir-tG5{*Orbve0(|4!#jDc@A7I(vtIuAQC6c~`cy4Hf4w7*)wW94s^7nxe|0<8 zPNP--<1zcV0WI;LWzY2C*Ial{8~)Mf(=UGe)^f1qZjcLOr2~@9y(LiUk}UU)DaHF< ztcRZ99l=<2OIWOoR^+taYz-Iy`s_@i>ankiEC88@BMiPipqr0ofP_vfzirXcFP*sDpYm5<=Uq7%}n2oZ|{>UUngbr>)W5Zo4@fcAmscKJ!`NAK(hZZ9cQ0#4vI wJz&kr{k7Ld^^ZNU@p90g$OhBQyLbPK@2S4}Wi98S$qYc?>FVdQ&MBb@0C-iizyJUM literal 0 HcmV?d00001 From c04def124c4584454fe898045b992fe6f3b6d859 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Mon, 7 Dec 2020 20:53:44 +0530 Subject: [PATCH 113/210] Add MDE iOS as new in December 2020 --- .../whats-new-in-microsoft-defender-atp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 9f908b83c8..edb4582787 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -40,6 +40,9 @@ For more information preview features, see [Preview features](https://docs.micro > https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+as+well+as+security+features+in+Windows+10+and+Windows+Server.%22&locale=en-us > ``` +## December 2020 +- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md)
Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for iOS. + ## September 2020 - [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android. - [Threat and vulnerability management macOS support](tvm-supported-os.md)
Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824). From 8cf4e8e20404d68f958119d111301a13c5b57168 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 7 Dec 2020 08:52:40 -0800 Subject: [PATCH 114/210] android ios updates --- windows/security/threat-protection/TOC.md | 2 +- .../threat-protection/microsoft-defender-atp/preview.md | 1 - .../whats-new-in-microsoft-defender-atp.md | 5 +++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f5d0413d28..f9ae070935 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -274,7 +274,7 @@ #### [Overview of Microsoft Defender Advanced Threat Protection for iOS](microsoft-defender-atp/microsoft-defender-atp-ios.md) #### [Deploy]() -##### [App-based deployment](microsoft-defender-atp/ios-install.md) +##### [Deploy Microsoft Defender for Endpoint for iOS via Intune](microsoft-defender-atp/ios-install.md) #### [Configure]() ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 5451caf49d..5c4b9df8c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -54,7 +54,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md)
Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, and use Microsoft Defender for Endpoint for iOS. - [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 9f908b83c8..7370e8c3c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -40,6 +40,11 @@ For more information preview features, see [Preview features](https://docs.micro > https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+as+well+as+security+features+in+Windows+10+and+Windows+Server.%22&locale=en-us > ``` + +## October 2020 +- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. + + ## September 2020 - [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android. - [Threat and vulnerability management macOS support](tvm-supported-os.md)
Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824). From b4b7f81ebafc3036319275ff8a171a20ddd08f24 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 7 Dec 2020 08:53:40 -0800 Subject: [PATCH 115/210] android --- .../threat-protection/microsoft-defender-atp/preview.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 5c4b9df8c0..ef3c2f75b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -55,8 +55,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea The following features are included in the preview release: -- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. - - [Web Content Filtering](web-content-filtering.md)
Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns. - [Device health and compliance report](machine-reports.md)
The device health and compliance report provides high-level information about the devices in your organization. From e3e6b3308124792dfaf51790b6a9540b29aa759f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 7 Dec 2020 08:55:54 -0800 Subject: [PATCH 116/210] android --- .../whats-new-in-microsoft-defender-atp.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 7370e8c3c6..6017a13811 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -41,14 +41,15 @@ For more information preview features, see [Preview features](https://docs.micro > ``` -## October 2020 -- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. - - ## September 2020 - [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android. - [Threat and vulnerability management macOS support](tvm-supported-os.md)
Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824). + +## August 2020 +- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android. + + ## July 2020 - [Create indicators for certificates](manage-indicators.md)
Create indicators to allow or block certificates. From 556baebb004805cdaf52f2a2175224614d5cf04d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:26:03 -0800 Subject: [PATCH 117/210] Update automated-investigations.md --- .../automated-investigations.md | 32 ++----------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4210e8e8c1..78c8b137a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 12/03/2020 +ms.date: 12/07/2020 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -80,35 +80,9 @@ As alerts are triggered, and an automated investigation runs, a verdict is gener As verdicts are reached, automated investigations can result in one or more remediation actions. Examples of remediation actions include sending a file to quarantine, stopping a service, removing a scheduled task, and more. (See [Remediation actions](manage-auto-investigation.md#remediation-actions).) -Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. +Depending on the [level of automation](automation-levels.md) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. Additional security settings that can affect automatic remediation include [protection from potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (PUA). -> [!NOTE] -> Additional security settings, such as protection from potentially unwanted applications, can also affect whether remediation actions are taken automatically. For more information, see [PUA protection and automatic remediation](#pua-protection-and-automatic-remediation) (in this article). - -All remediation actions, whether pending or completed, can be viewed in Action Center. If necessary, your security operations team can undo a remediation action. (See [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).) - -## PUA protection and automatic remediation - -As mentioned earlier, the [level of automation](automation-levels.md) set for your organization affects whether remediation actions occur automatically or only upon approval. [Protection from potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (PUA protection), included in Microsoft Defender Antivirus, can also affect whether certain remediation actions are taken automatically. - -The following table shows the relationship between PUA protection and automation levels: - - -|PUA protection setting
(Microsoft Defender Antivirus) |PUA protection enabled
(AIR) |PUA protection disabled
(AIR) | -|---------|---------|---------| -|Enabled |PUA remediated by Microsoft Defender Antivirus and/or AIR |PUA remediated by Microsoft Defender Antivirus | -|Audit mode |PUA remediated by AIR |PUA detected but not remediated if **Allow or block file** is turned on

PUA remediated if **Always remediate PUA** is turned on | -|Disabled |PUA remediated by AIR |PUA not remediated | - -### To configure PUA protection in AIR - -1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. -2. Choose **Settings** > **Advanced features**. -3. Turn on **Always remediate PUA**. (Alternately, if you don't see the PUA setting, turn on **Allow or block file**.) - -### To configure PUA protection in Microsoft Defender Antivirus - -See [Configure PUA protection in Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus#configure-pua-protection-in-microsoft-defender-antivirus). +All remediation actions, whether pending or completed, can be viewed in the [Action Center](auto-investigation-action-center.md) ([https://securitycenter.windows.com](https://securitycenter.windows.com)). If necessary, your security operations team can undo a remediation action. (See [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).) ## Next steps From 006a6682a293269eef0bc9c9e2c13242d1eb17d3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:46:20 -0800 Subject: [PATCH 118/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 78c8b137a1..b199a3a2dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -43,14 +43,14 @@ Automated investigation uses various inspection algorithms and processes used by ## How the automated investigation starts -When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender for Endpoint checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation. +When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender for Endpoint checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation. To learn more about what happens after a verdict is reached, see [Automated investigation results and remediation actions](manage-auto-investigation.md#automated-investigation-results-and-remediation-actions). >[!NOTE] >Currently, AIR only supports the following OS versions: >- Windows Server 2019 >- Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441)) or later >- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464/windows-10-update-kb4493464)) or later ->- Later versions of Windows 10 +>- Windows 10, version [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later ## Details of an automated investigation From 9da6038c28c48136b4f5dd8ca68c39eff6f6d018 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:51:12 -0800 Subject: [PATCH 119/210] Update manage-auto-investigation.md --- .../manage-auto-investigation.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 501b9ea75e..a6463f2487 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -17,7 +17,7 @@ ms.collection: - m365-security-compliance - m365initiative-defender-endpoint ms.topic: conceptual -ms.date: 09/15/2020 +ms.date: 12/07/2020 --- # Review and approve remediation actions following an automated investigation @@ -39,13 +39,13 @@ remediation actions can occur automatically or only upon approval by your organi Here are a few examples: -- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (this is the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation. (See [Review completed actions](#review-completed-actions).) +- Example 1: Fabrikam's device groups are set to **Full - remediate threats automatically** (the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation. (See [Review completed actions](#review-completed-actions).) - Example 2: Contoso's devices are included in a device group that is set for **Semi - require approval for any remediation**. In this case, Contoso's security operations team must review and approve all remediation actions following an automated investigation. (See [Review pending actions](#review-pending-actions).) -- Example 3: Tailspin Toys has their device groups set to **No automated response** (this is not recommended). In this case, automated investigations do not occur. As a result, no remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups)) +- Example 3: Tailspin Toys has their device groups set to **No automated response** (not recommended). In this case, automated investigations do not occur. No remediation actions are taken or pending, and no actions are logged in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center) for their devices. (See [Manage device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-device-groups)) -Whether taken automatically or upon approval, remediation actions following an automated investigation include the following: +Whether taken automatically or upon approval, an automated investigation can result in one or more of the remediation actions: - Quarantine a file - Remove a registry key - Kill a process @@ -55,11 +55,11 @@ Whether taken automatically or upon approval, remediation actions following an a ### Automated investigation results and remediation actions -The following table summarizes remediation actions following an automated investigation, how device group settings affect whether actions are taken automatically or upon approval, and what to do in each case. +The following table summarizes remediation actions, how automation level settings affect whether actions are taken automatically or upon approval, and what to do. |Device group setting | Automated investigation results | What to do | |:---|:---|:---| -|**Full - remediate threats automatically** (this is the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions) | +|**Full - remediate threats automatically** (the recommended setting) |A verdict of *Malicious* is reached for a piece of evidence.

Appropriate remediation actions are taken automatically. |[Review completed actions](#review-completed-actions) | |**Full - remediate threats automatically** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. | [Approve (or reject) pending actions](#review-pending-actions) | |**Semi - require approval for any remediation** |A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval to proceed. |[Approve (or reject) pending actions](#review-pending-actions) | |**Semi - require approval for core folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval.

If the artifact is *not* in an operating system directory, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)

2. [Review completed actions](#review-completed-actions) | @@ -67,7 +67,7 @@ The following table summarizes remediation actions following an automated invest |**Semi - require approval for non-temp folders remediation** |A verdict of *Malicious* is reached for a piece of evidence.

If the artifact is a file or executable that is not in a temporary folder, such as the user's downloads folder or temp folder, remediation actions are pending approval.

If the artifact is a file or executable that *is* in a temporary folder, remediation actions are taken automatically. |1. [Approve (or reject) pending actions](#review-pending-actions)

2. [Review completed actions](#review-completed-actions) | |**Semi - require approval for non-temp folders remediation** |A verdict of *Suspicious* is reached for a piece of evidence.

Remediation actions are pending approval. |[Approve (or reject) pending actions](#review-pending-actions) | |Any of the **Full** or **Semi** automation levels |A verdict of *No threats found* is reached for a piece of evidence.

No remediation actions are taken, and no actions are pending approval. |[View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center) | -|**No automated response** (this is not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) | +|**No automated response** (not recommended)|No automated investigations run, so no verdicts are reached, and no remediation actions are taken or awaiting approval. |[Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) | In Microsoft Defender for Endpoint, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions). @@ -85,7 +85,7 @@ In Microsoft Defender for Endpoint, all verdicts are [tracked and viewable in th 4. Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. - Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details. You can also select multiple investigations to approve or reject actions on multiple investigations. + Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can select the **Open investigation page** link to see the investigation details. You can also select multiple investigations to approve or reject actions on multiple investigations. ## Review completed actions From 5440b4b872346ffe30570875d2bdb3fc7871375e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:55:51 -0800 Subject: [PATCH 120/210] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index b199a3a2dd..fea480df60 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -36,7 +36,7 @@ Your security operations team receives an alert whenever a malicious or suspicio > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bOeh] -Automated investigation uses various inspection algorithms and processes used by analysts to examine alerts and take immediate action to resolve breaches. These capabilities significantly reduce alert volume, allowing security operations to focus on more sophisticated threats and other high-value initiatives. The [Action center](auto-investigation-action-center.md) keeps track of all the investigations that were initiated automatically, along with details, such as investigation status, detection source, and any pending or completed actions. +The technology in automated investigation uses various inspection algorithms and is based on processes that are used by security analysts. AIR capabilities are designed to examine alerts and take immediate action to resolve breaches. AIR capabilities significantly reduce alert volume, allowing security operations to focus on more sophisticated threats and other high-value initiatives. The [Action center](auto-investigation-action-center.md) keeps track of all the investigations that were initiated automatically, along with details, such as investigation status, detection source, and any pending or completed actions. > [!TIP] > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink). From 83f873b1d2c67e1e851cb43d0aeb0e6b61bee171 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:57:28 -0800 Subject: [PATCH 121/210] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 34544835e7..66c40be243 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 11/06/2020 +ms.date: 12/07/2020 --- # Microsoft Defender Antivirus compatibility From 31d5be927b8e5e94fa7bf322f0674e88fcedfe2b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 11:59:27 -0800 Subject: [PATCH 122/210] Apply suggestions from code review Thank you @johanfreelancer9 for your help! Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 66c40be243..3264d39c1e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -95,7 +95,7 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir > You should not attempt to disable, stop, or modify any of the associated services used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md). > [!IMPORTANT] -> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. It won't conflict with 3rd party AV solutions installed on the endpoint. Endpoint DLP depends on real-time protection to operate. +> If you are using [Microsoft Endpoint DLP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview), Microsoft Defender Antivirus real-time protection is enabled, even when Microsoft Defender Antivirus is running in passive mode. Microsoft Defender Antivirus won't conflict with third-party antivirus solutions installed on the endpoint. Endpoint DLP depends on real-time protection to operate. ## See also From 231e7e47b1317d79c6e1ccc5148abd4b5082bf72 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 12:02:39 -0800 Subject: [PATCH 123/210] Update get-localized-product-details.md --- windows/client-management/mdm/get-localized-product-details.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 5fe5a162e2..52848ed620 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 09/18/2017 +ms.date: 12/07/2020 --- # Get localized product details From 75e1ed4ac70e8980dceb1c3a4ac103b1237a7a6f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 12:04:43 -0800 Subject: [PATCH 124/210] Update windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/customize-exploit-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index 31efaf211b..b75194d814 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -248,7 +248,7 @@ Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll ``` -\[2\]: Audit for this mitigation is not available via Powershell cmdlets. +\[2\]: Audit for this mitigation is not available via PowerShell cmdlets. ## Customize the notification From 8f2578792ed0500ce8c860413782b38f3c683f19 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 12:17:12 -0800 Subject: [PATCH 125/210] Update report-monitor-microsoft-defender-antivirus.md --- .../report-monitor-microsoft-defender-antivirus.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index 9b789e6a59..a82e35334c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 +ms.date: 12/07/2020 ms.reviewer: manager: dansimp --- @@ -25,6 +25,8 @@ manager: dansimp - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +Microsoft Defender Antivirus is built into Windows 10, Windows Server 2019, and Windows Server 2016. Microsoft Defender Antivirus is of your next-generation protection in Microsoft Defender for Endpoint. Next-generation protection helps protect your devices from software threats like viruses, malware, and spyware across email, apps, the cloud, and the web. + With Microsoft Defender Antivirus, you have several options for reviewing protection status and alerts. You can use Microsoft Endpoint Configuration Manager to [monitor Microsoft Defender Antivirus](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune). Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Microsoft Defender Antivirus issues, including protection updates and real-time protection settings. From 64a1cbc0885b94e9353148f984c7cbd86132c28b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 7 Dec 2020 12:19:28 -0800 Subject: [PATCH 126/210] Update report-monitor-microsoft-defender-antivirus.md --- .../report-monitor-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md index a82e35334c..4280ec563b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md @@ -44,5 +44,5 @@ For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, s ## Related articles - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - +- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016) - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) From 1c07ed33c5fc8c5c56caafa3c5407173fe529075 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 7 Dec 2020 17:34:23 -0800 Subject: [PATCH 127/210] fix images --- .../microsoft-defender-atp/android-intune.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index b52aee2bbb..d899f7568a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -252,12 +252,12 @@ Select **Device restrictions** under one of the following, based on your device Select **Create**. - > ![Image of devices configuration profile Create](images/1autosetupofvpn.png) + > ![Image of devices configuration profile Create](images/1autosetupofvpn.png) 2. **Configuration Settings** Provide a **Name** and a **Description** to uniquely identify the configuration profile. - > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) + > ![Image of devices configuration profile Name and Description](images/2autosetupofvpn.png) 3. Select **Connectivity** and configure VPN: - Enable **Always-on VPN** @@ -270,17 +270,17 @@ Custom VPN in this case is Defender for Endpoint VPN which is used to provide th - Enter **Package ID** of the Microsoft Defender ATP app in Google Play store. For the Defender app URL https://play.google.com/store/apps/details?id=com.microsoft.scmx, Package ID is **com.microsoft.scmx** - **Lockdown mode** Not configured (Default) - > ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) + ![Image of devices configuration profile enable Always-on VPN](images/3autosetupofvpn.png) 4. **Assignment** In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups** to include and selecting the applicable group and then click **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. - > ![Image of devices configuration profile Assignment](images/4autosetupofvpn.png) + ![Image of devices configuration profile Assignment](images/4autosetupofvpn.png) 5. In the **Review + Create** page that comes up next, review all the information and then select **Create**. The device configuration profile is now assigned to the selected user group. - > ![Image of devices configuration profile Review and Create](images/5autosetupofvpn.png) + ![Image of devices configuration profile Review and Create](images/5autosetupofvpn.png) ## Complete onboarding and check status @@ -293,6 +293,7 @@ displayed here. 2. On the device, you can validate the onboarding status by going to the **work profile**. Confirm that Defender for Endpoint is available and that you are enrolled to the **Personally-owned devices with work profile**. If you are enrolled to a **Corporate-owned, fully managed user device**, you will have a single profile on the device where you can confirm that Defender for Endpoint is available. + ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png) 3. When the app is installed, open the app and accept the permissions From db84674324f84163081a89c3c1287ac77e7ee1c0 Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Tue, 8 Dec 2020 15:32:24 +0530 Subject: [PATCH 128/210] Adding VPN configuration details --- .../images/ios-vpn-config.png | Bin 0 -> 67699 bytes .../ios-configure-features.md | 26 ++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png new file mode 100644 index 0000000000000000000000000000000000000000..6b809309ba166d83442edb38584ce1790ceed6b3 GIT binary patch literal 67699 zcmeFZby!th*EhQ9?(Qz>?vQR!N>YhUNNl=ON(4bdx=U#Uq`Nx>q`RcM;ahmeb3f;M z&U?Q1y3Y6Ci{QmtYs@j{9CPGvtWB7@svH_JF)|1QLQ{~JehC6WrGr2){)q6v9b|F5 zArJ`H$W!x`^GjnlN_$6$xs?r=(%HivObK?kG6#X&XD5?&9ccvPWgfqM(1YGI79=De z^hEf6Cp4|VL@Q%vp{4&AmxxWI>V|L>BHTJLBmTHm?{}mjxyP0;wflAQG**t>;Uw#J zdc^$!J|m;0OzPqRx0%AtAU0hsTI%NPCINDKPEOx5P=+GbjktU3Fuk|CzF9S9?bt<$m=iltGhleYTo%L4-0*Bx8`L|S2eeul>FJw$S`?? ztikIUE!Qrpp7*Me(hoO31fw7sG&4=;O%{?8&8&xO3%6xZH~8z?OG>vy_akcJ?b{jmBo0w05}23mLS`y8(32pEE{<{TGWF4KL>nzZ?y=(5iZUo84a%T3#_ zQm^mS6`#Dl!xyXB;&pcszo*~mfwZ{qb4b!MPY08#Ca%DHExP?w=9CNncuDA{Jn}7F zk2G3D++!8b&c-S?R!DGu%s`PeGQ$aJq;`!65<1+=VE-0%UfJq#AmMhY`A*H~V6g-f zZt1l{Hd~^OW@}Oi*O!)58Oe5^tr8Ka2lu9l!8d~eF|JT|E(ZjBlyE6zR9Y>;VkTQ3(( zm}0HxKKzkx>TAavoG`|Md|5l$WLoAe$@{ALf-K#aeR*+udOM{NT-Jqk@p{%p&~-B} z2TH1D^>%HmW;8~c&Sv!wea-||<=?y^a;X~YA#{@EC$e-b>${GnVJ@vYc~(?feM4+* z*Ke_9=(=EgDS9DtoC~9z>N&e(k!saOByT+PLCbo|_GjadSrz^z$6ec+C5J7GsrCk2 zzvhR);$XL_)mWyqX|c-g7t^yntnZd{87<6MHYK`KxFnv-Z46$1a?;$4;})k@c|je^ z(*IHTIT20pj3f)c_vV4l=0izi-S}fkV^_;Ss>ZJeajq@-g+q^9si{bJJ8>c}mn@TC zI16r4U;|_>$3+oWi43CCa)X=R&WXdV5kuC`V34UOUA_Y>gGGq;K(p5@{ORgNB#-?j z(>3(Vo>y}8Z1nWvrg5=D@AJNXN$KjtEt<62sCGc+wsXn&7GJk^C@|1%RmsX&>k1Ez zp=5aHHUd8Ro@aj(`7N@~pQKrqmPLL34%yq{irblI-^{ql$izVE+pfv`qO-Ohle;%|w8CRSZe>3T@ZWw6 z3z~PUS+9dbN>qLyPZg)@lr{vZ2yGg(_u|m)>Qorsu3p`n@ag8AD$DoV;*Hz*akjNc`GN4*(+h$hb7an{k$~SEijAq&YiK zRg_VRGpE}L=iyDgxQXWoW1@kRsVQ2h9R{V#Fghmg@b{42Vp`XA@2 z>~VLzfk$9ZM`np`hxJ^D^E0!=fCLwBeP3c?kkb^vvP&nq}S}n2c%*marO%&+{O`;W3ha@3{w1ZX5Pc?@KtejTk@d^Sx1AQu?J3 z5PNjTw__D07?H;yctiV;Rzk=PkFD!0hGP7wzC8P#oUY1iz7HUW3Is>TQgD zHlzJo(C}oO80zH%R6q5RYQL!-QCzsR-tv^Ab(Xr3A(QO15uvK&(RPu#*mt^zGi5eB zQwUCAeoOa46DKi$z%Zb3nUol#kaau7!%8R%3mZ<4;{6!0)nVPM&dkUSZw>?}%u@MV z)lJKVZ;3HMg>T8I5!sp5c6{94AJ1L;Io!NAD~ad5>b@j>miGpsnjgyNQ#S0)bInoS zwzY6=;VTJhq*D>1RH)g&G16ylS$<=Iy=b|#g`ewTT{1g#1qGDO+NYX5o8KdM*RGO% z*dx`#BMY3BvUDKkqNl_Xx}W0kkJG0LsW>RdZh{hCQJBz`KKtQ{dh{CQEGzgTKhN~I^ zQS6c4g#BRPC*MH^3Rc!JHgb_RV*GqnQ;_{9=xVx5r!al|B~#pGTSSX0U$T4AX!k-f zyNv>I&A>ub{{yw-0!k+F_%d8?;X2BdH>ogFE7Lb`K^|ESFQv7Oy?Rj>WD&w9IQVLl zp50$M+*;UMQYa`9%7(p3lH$+)1)q=c^=EW^DB~E00CcO!m}x70@F?UW6rG&WCK*a6 z{+QfrobB0pkl5;;47JNx8eEhdrLOu_Z!QMZe#|z~q|6jS8SjVwW8CaRS3@$(_kukV zJTOv&CEb~;XH*{&xqd~x@H7jYIr+})s?t&fRpkxVT<** z9lN9vuArdF6uS_cgUGRo!I8KahI8c(xZmj=sBlm;d5_TOg@18q2ZR*9SBjwdDwHa= zW>j7Fvu16KBQU77da46f1_R6PDi^t9AOCyoPZXz;EB9Xl??SyZnotA~KM}$!ohV`I zC+hfzm=EhAPL(AnD}GCT%YYxW$Lv2EUS{;(cv$Q`>ggHB6baA!O_W+cqvKGN@`r&* zusZRAUw%}tR4$efDr!-oi2P3Gjx(IGbbi{m=zwfjWnwHmHFBgky!);45cQ}5#%8YB z9-Dlb(XzDn=1R~!b9u4sn!$=JZm~?CLQk+XPF=|4kt&jqy&shuuveb(a*X;cL!`~J z_j?kO`PY@5d4UQ->% z^7aTDQlDZrMSSs1xmiW6uu`Mca*VHlYmYLBHVIXP)1Ea5S`}Gc{R37K7ubzZEtxn@ zW0SLYrE~9%29lJG_raT^ZD{c*7pcp2f2BU;fG;<`5sU;xcz4Ee!!8n+&!hIfm9wL; zWPfpBE6<$g(|c1$$mm**);F)KRcX|dXGk?PMC8xyF5Ta7F>0xs8$m~$7tJoRA!V?> z{D#mnCX_w?oVvll{skt=Fucl(Hg#NmNG|4QontwoFUCfRrMU*v?89F8w+mV^e=H5(ap*?OkcZ*oON1Im%<8t)U-WoxnPgmD zv2;{5&m%%ajGH})Ot$Q8Un~(>-OjHWj}`3iD@8I9yUgJoU`mpW`aZfJbO(3Em0Dsv zRi`sSK2b34J4@N)J!;!~xKWd5disqYO z8wDuS)bJ3Nyb|7=g#yc?<@VQ+gh<~|iK%NduF= zha8kI5fl{Wb$m!%X_IZB+$A73JNonmAERnp-*hr^nJ!DO2+WYp`l}5hvka3Y#zJ-W zPIVDowlNX+e!{e1h}u&jtAn$t_bD2??vfoK@HLrvuYo9aeDWrU1+F5%SokFt(IR=Q zgcRE`Y<;mZ{#tyHj(fz1=$0Ndc3XlgAz>?39~Ca8ZwK$#LjoulnF74Al z>t_j@Uq;DQD5#`zKd1M+iRW8IW0r@Ivh<~^E6dNKeHs7attbwa|9QKYI!q`81WJ0? zn?q5DVj4uXjb<=`vW;P|m;4;CnP>0;No%f3lyE+#>8H}IV_MG7uh7H+NR-k$%<$Ro z?mp#vm-lNvo-to2S(bd%O#RVZs=@uje{xpH(Tj+a>^m>>w|7IkN3&8QpPnVf#!Kq1 z^OW<~_A8?q%hd!*O&cOZ@|oV`1oKSU#qf=OA%`c0C8-^p!$bm$psKvVJ`UZ^$)qk! z?WeCuQ)Xjz*<3(NmO+S7#)?cw5jA>$i)%-C_H|=ixLVr!r3}6msdF_dOHtwrL#5l@ zF~)XJ(b_$_;n;P=^f0AF*^T@XOB&D#DT7jP$p*`2F@k;q6C4o}A!n^Hb1y}alYPf zRO+CGV--%HQa_vCF`fxi#!ZtobNt%vHc4Q^x2|{+OFk5x;W#|T_E=c}iqA|xi^~r{ z(k|bvB^2dsW!^(w3*3Z>AUQ!!T&sIcz_&l+_$xt5V=j&G>iiYcJeDF-fHeYWLrh&) z_nr>Dodz4d^hJt$XM~`9&Lt8wrM{w`DS8>D2Z_!YAU0iX zUJjl18w=qf^Ci}8%b%rZ>ATk1$(zvin2=QwJvN3PD6k2Mu0PMVp=X~9oniUov`t8d z4wxy$P{&l=_Ih|l+xGDur6HLz#OQs&q^n?(Nng(zU15WUPvtvAj3N(%h`wv7xkH4r zPd<+XX}b{lA$y6Pqk%8wI-}q34(IJ%gQ)@sD&JO7x<|-XgXL*A z%0g6(ki2{(HSJe;QKFvyoWtc^qi5j?|3LahE97rUiAxf=EUD=Aj`s5cawYS?6!C4)kLb~G%ZWXF{F zYxYzaZ@PMJ9G8+LODVcv)r#7=gf}s*ors*)4y~Trn9vlC>9@wEzrgiJZ|Z(!e>qu7 zA6nW#_Wa@Q5Q?N`(`{w9$iXFH>lm5*cv`~Kp!)-yS|Zk4iUbvF?L%32^4-Vg9M|(t z7%UG20vM(BDBEv;0nlTxm6Vjaf|S%>NF#tRrusyS%6CW*hAibPhHH}UQI1ndxnQDX zQ%An+qJG6_8>~&H%yu70kEZY;JZD+Y{>b9nujSR^qQD|b#0P%?K_RAk`LHFrV0_L+ zhxrb#rCY~KGD@BzWnM3OkXB`cGd0`hNs-Ai9u=%rBo#HMhMGBkUNlC78y=n+(snKKcG z#8)gX-{!lDZN7F+biR<8WPIIQS8TtyTCBZW?4$P3uKrxV&pu5X7Kw!_3|G4MYtFl8 zES;9q@|@B6r?sJeKaaok(!~}*%SOWe$dq)vTlPC@s4;hVJFbG<6|hJ!_do~*-5^n9 zJh#+Sy&wd2H`4lf>UcW2b&p}^Vu4++Q4Gzs6;c=Vk+1Ah z90EKfpqaM@vhS2C2GadCd4gtdj~Efp=(Vu6(00&#uRn3HgyDzoSp0P@6$%8xw6Ox9 z-&ZQiLZ%Q~He)l037E~@)*gU{K_C%vcY9+~Yp^q=3E0BQPL%qvp@o{#%1o46hgXF| z#a;?*X(jLJ2-fga)im|AHWf6Z78gSnaTfv@*n*vnDcx;t?3{$$MX7)D6#{;Ly3I~a z`J2SqT9o>giaMnf#1Tx%!^XqL!7Af!<;q1ZhD<5qXl5?-Qd;&;7QmG#wWYJOy%0OQ zo0}V(8#f!o(Sn^*P*9MagNvPuixr??b@H%tHg;#VbE0`-@dpoSu#>5ymA$hS#E$Zb zr?Cmd#aWb^8hB3mCv)Jbsf;^t^Un#Mu79(4ayDaE04{id{Qv~)TpSz%tQ=gdT!QTX z91lEIQTcncoztIE1mwx?Zfwua$;QEMYx{2_oSbD`|25x#9O0x1An@!j!A=ktM^mtj zE7;DN=AV<=+qgLWb50j0@YAi|>$Wj7X9pJbd**+RkyB7n|9i}n7%i-9?SGGWqW&kP znd#qj_AZV#ziG@&*}*noTVNqh0B6pBqkrlY{5|5|_Ve`Qe_M#XCBzxxWC^kV&tv|6 z{J#wZ*7=`@{3Yn$oA`YoLedaZm#5V#NQ+WGZB)n%Vrpe3^!rzCb53(E9)4q16H{Xz zRvu1%Fsm^)pD8PtgO}5c&s5MDY$o^*Rtk1b&c=48;3rl9b2cl0kBJG`*c@zP%nBCZ zF=gf9GUj3x;56lDH8m3u;N#&I;1v|)`UeX&M=QXDjBWn8swY-v04rW@0b_n+Fb}J_ zIhcc$hlh`!)x=ByU}bL3&&|PUE+`28V>M3)DD+%iL6n+{jpH}--*?n)jGfIPj<$eZ zTG^RF+?@XPNYly|tl@0@BsNYy4t`*#9K0NYe4HFSy#FH720Jui{B6aJ{=)xV`s3GBN+G}a0y%-TpX+%f~?#enw(rh+#Euj z0>8il2x`A@`ub9xDQPbX(b4+XRT zn#uozPUH_gmIuZ{96kOqR0Hhr$JHM$&c^Dus3<9ayA>g0(EG$yEWuAY_oO$RT&x@dnw&gBPv0EW zf1Ea@2>X-A{%f})Pd-gWMd+XM5P9->LJCj%so`R8Z({{^{C7G1r8oaCbpIItr;h%A z4gV+EAETup_8x$7TRN+`+5MN({|CZ9I4E10g6*6j|JBm}jYQt3P@C7WrRHMA-k+ zOn;2{M_>hp{&5co*g*Ve|2qNrgXfbS|KI%jQ~UpKPC-feKa>2o`A<=_G+W0Js2eq9i8`dVKnq+4LnA zxPxRbuj>Q?kpT!YSqPM2HckL=6Tw+QMFwFV6%mmIIlf|J90Z~SDM&xpbf4Wzb4$gQ zxe3kqmEI`aAl$)5gsb*E+cOgzmNOgStN07)kzzOUY{x~WXYdjBo1F!T0wWqP)N#4Z zX$e)~;KH8KS8!K0#9GwvUdoM}4eqg(!>&zUuKAi--0l>X9u(ByMxk-Vrh)K6z=$X0d>W!;-W$s# z6r*YOoN#^l>7IB$QSc|Y{cP#G!|cBp)|Go@nwNT>t!W;;qw(kXW}-%Vndl|e^~}3h zitC~B6`l4}&o{ljUdsQyz#(gG4oS9ViA@%*VUfQ1$6(AUP7hVwAqJ*Dc7V5}Ob$hj zi6|e95iGTS=f*|wS)GTKR)*?B8@YU+!OGt&iJF!UyxMJV$rCl!JmLS4>LQs5?BI#X zUG)()A)=ym;F{BlgDVSPHm0P`D`L%)x<58)bgaMjJoCkB4m0}rFgpl4FFe@M*s&|) zPZ8oRk&-iw<;Eeh@?X;+<4EDkY6LHxT1*Eu8Oi@8McdWDw#=%`Ra=Y?^x>9AkJ)~k zf`9LDz#8uB%Cm_(ZA6(ORi$AKn;qOI*#awrkeA{4<~Zln%wHf(AvsAg>N*?H6y^W5 z>?sd9D&kV-S7tJ7Z%PC|*S*?XHKh%HW&1bhKI?0&mu)dGh=B%S@S8O0&GyRuZ!v%E zYOeJ$`{Y>OY)mi5b}f$yi&&psyd|)(|4SAy!2>~ON+MxMfK?)5R@N?Ya=xv`b%>Qo zGW~dN07~&X#mCJ%CD*iJU3?W7Djpt{N0-gDX!&2iesNU5gW4p@-8D4c(qJi1u*_Ul zJyQplL@Y>N=UZWiNn3s`ECeNM>-qZlh|VZimkSr>ztDXVHd=jngJzYPg%^_ej3N|R z;g#(=9p=ZWSOp8vcCC_}>rOe!$}Go{-=pY?I-&o`iDN3;wD~{+bW9j6Z^>KB>3UYX zGK88rjYJ)+E}9rtBC?|4KIa%S>aN-E)<4UQVaUr6=A8F}cBheXq~p(@>Ds=<5AE52 z#`(ZpfX9kFi<-g771UvDSNj0pe0w0QU234fNZN19$AA>tKJPMZD9^N?@x@}05<8L- z&5FR15dLMdD4-**xm5(2oJO>ihbTOhC7S2#vQFG*?SB0INEkMA#+CYpV` zpaVb!n#fVpQntDHElW|D@9YJX1xWJ?3qNQTX&(;@AKKp?_h`I$@thW$3KJ0%5f(AD zLpfa}iPN+jbad$Vm=aARw|eZJDD1`tgMdy;h-!0uLx&mOBmZUmYn6^lOB*OFZ@9aJ)dumM7{&z*CZ@wWjt2=$c&VF8H@K9;MiRR8kMLHbCxIE8kTDz6;ScMifvSr%p z4>g!Bn!;;6HCk#Y+(1<^!%|=BG}?y12|4htcitJa$nY_*WJ?Gi%aL>HA#*!AXgK7u z9HmStDJ%QZ*q9oKA(nW3x}~9o_hzB~J7^o7Y@*ywRw%7|$JwzJ3gM`)UCq8hYTz9$X zrCYVFq3!eSL-Mb;LN32L%Z)p>msgx}LQuw|f*m$=0qZ(%aGG_xY`FV1FP{5l{ zOqYxLj?u~V_5!3Lr-R%E_HD03j4%THCkt90ZgxSMSIp6gA2Tf0A!DCE6N^|{amiQH`GB!(z(U`kK$(kmx|S~DK+EU>>xE8L@X z(Bh&;zh_9~v7&ydn6H|qXW|Sxs9i(v@AvuBZv=R$`j?Wm%U3H=DTs5I= zb?!qly*w?p`#kxbuXva=G}Aiz)|!KSW%-FFC338ms~Fs_S@!5&9nx*;LM%@o3KJtc zv)n{g>Imc|36<{0CaLHQW0tsvZuZ?o794L{LE6Qy+E%;5_iJGM>zuY$9qT}0J^RLs zch?}mOhz2@H-149>B*x~ddR&3vZO-oF6bA0E*GZG6_5Wi81gb};vLOo3CdPLTY5fG zNy*d4o^8(rGMClH07f|LGx!0I`D&UbioX+UQ0`>)_~0n zhv1iM0}?E>yD0gf!TQ_>yaA}%y@~<(FB+DTJ!{95L79cw*eaHkwCJHY86$E&Rpd-` zGd3ZBjwJ#|_kqo@e);ki%5tWH4g`3m3Mm|3m93Ky@+^UjsO^7|lTN^0LKF`jgWUXv03C`Bdk++UZ+xx)0D69Z#^ z5o`FfdXHwzF`Z(Q#kd%Gf%eRL{rU~mZF{>b&`vlsqx9d6CsJk;zb4ZE1?sq?GL%^z&9eSL1o!fU^ zuo&?jA_w1J?SFX+#x>o-q(TqK;tLIKTR*XA_L?^~5?-5+=PJy*0B@u(!P)PBpQh#s zSbANZbV4Vrg7zyTp<^YJ4_kKPjI7=lQ$W#;D360vddv(9NM3?iY{EuajQ9|7N7y-_ zm90v;lEnSQZue^_${J6Q<;Yxc1KzZf_fJkuJ$cY?CSAy4S4UEfcKqjKj7iENKL={^+532I~wnvD#hboc-HqRLGydL$fHs*6Y)K~h2CB$t!@PM6TRewy-;f6 zc-1rlGL^j$Sz`X64?R}9P-($QT74`KV*sCuVLp^B6Gbix*r=;G_eGg$5{EIgVZHN8 zZmep*iVlyVpUQ-5?~pe3y=>O~iEY-dP?&pa-{pMZ^cs`Zw5{!91_uQOnl`&GMbax- zi-Y;Pr^sWG?h!&0B@*N4Cz#|6-@&7hr-3SHf_S;)Ck|=3=Sy-s`@L_C(1O`hk}pA}cwFS+fPp-@SA-WxS} z#`NbN-QJ^;3VaHHK^V6#Gs=BQ)X#j9ftIaPW@HvIXg+Xx?Opt^Y3+O2uoNv%TYGmh zaJ?Lektpay->_dzGHu|6#*pF76(EthJoQ%74{d@2@YcfXb~uuhql&X?$YG_s+x5fq z9;ZLceMQl~n1;^1#<|`%4`P()nnUhwgkyd;1Rr0j>m7)N5$|OS_%>8R4*!}Z-;`KY zp)kN&M@wymgtWX%q!)kUanj^tw+mo0pWc08{vvQVOh^W zn%g2$Yr|o4I3_WMxLH>p2DwNg3<8-vBWb=*gKMhWq6cW+c|zr?vAJYwX~$VFC(VIi z&9$Ls?Z&O@{wYO%#BJoE!^8UwXxqyITs%Cy#C!!Au*{gn=S1DW4)0qk|i*7}bb!lD5E9wAgb#0?=e;9a7RM=ykDvM}MF+wGRBP-+`e5CP z=99mBsOe7`uUa}g^`&+hqnos)&C@IDWa z+r?r*AWi4^Wi1avJY{2)!;7IMDpVZNz6khsauvVgSzI{BvFJtYwy%SvU_ zlu=ir3T&hpdvoI%ME~_j$3IA!Zz6ZBZ(z+~&C#P;y_uFgDq1lw96zC+iTQM6Y8tnH z#B5wT=f$l+#&qc1nw9Il+u6-ief*g0ZXFbh!8RHsfgE5(7<`SHHIwH1z^yXD!ml-E zA!#|M=}R5my6>vLH5+o1GEVzh(KK1sZs~hTunOcFQ>F6Pfonra8oaB?tv(I8nZqj` zW2N^oC76y6TvmFJJK{I^`@)5P){EZUSFbh2$p5Gg?;sg&U%iR{sE)5PV%Q_x9aV*y zq>Zh2WuuYNyaT6@)&DL-*$x>a>#Ajy&`y}v%|p$sh;6;B;r^;JYl5e98BgZ$_N6pQ zi5Z*})WFB^If6^+xG(>ze$7vl|0pVflJ>FSY94yrze*>4Q)ecAT_bbb>}L<2jV={M z;9qsA{u=LRHK{)aKWd!(pO)tMGS|+GMD)PxQZj+wJb#t_kfcYX(__Xzv4V^>B|aq9 z>Q^uM=0h7eJbo~q=KnS85HM@hzh>22;aBAM9I*9!lUB}{V(?HatF7|aeo9UwC3y@2 zy^-sjEw~cAviiI+WdsTSmKJ*1hMYW{lB`v6braq@7wjaIk?J1BzZV2kcJkMHwEjAc z#{M3S_sZ(mw0|;rMiKSrx;EBc{E3x3d>QPa>7$-_K^xL9_f(<-d#W+COXfjgR+I7V zDqtM`@+qpDEs;4oY9$`qYWzL_5Nu}7Wm7M5PHZ>dv9MnAA1ogd`nF_6g!w4~2RozD zDOQfD_|Q`1*Bc=mINyghwZu?9e{YKQ01yBa(ooX zFN&B|;#(O6DM+~CHX#LV2W@A~+*Y>9{N*gei!2u6Yu zQv!Dj=9*|1l8hNX8QZu13m^4?c0-8?Nluco4SMUp7&mff!t+`d6M<`Ov7|Jn^5h3~ND!3apeQasrJXPdF3DKH+I^q44N7EBA23 zT2)mzj;0a1tVpsLiM>;U8QPIJ)%@A`f&gCBZIS*LkRlQ!AMRf zzPUV911gXt8+aP)WqTp}U&BN3uk~MtCh=M-qK5_osYmjU>beJP1zK#T68)A3&F^1t zUd*Xc0~M0U<(?BFmB3A6PC;SuvsxM7+*_SHQh4a#!`F6(`XNT0wXtZ{Vf>as=`AE->hZ9`_ZPiU^T zx3#fqLPQfhM1m*oAb2!lv!>`rFkRg+-;**pZ)xb8G4zR_t>f7Cwo4-fomVe$9zA zxjI^ruXMj$rr3H2?l68?5Vznu<-~*-ELm*SRNr^O`ViJ*5+rHdzA|ba<*}2Oz@Z%I z%yl2`@qpXnbB7L8xaQasD>PiqEAn56lRnar9?*LXZDem)`vq33N|)2f=j3{Gr{&wV zd^-vbxSli!LeHhTS_y~!LMmtftM7-1D|!GPJC=|G_1y~kpnLD?ZUDZPr4(eyN1O3A zvh|{Z(zGtcegCQPPrrczzsH9wZ!y#k#ubeMS{!-Nw)Z)U!@mEs|Wqx`J+&3uS> zs_Zp}1W0`+T&2M49KIY}JGj&rgyeV|n`-T6qvcalj~%<{t;DiuKYbvrDbAM-#R zJRDA2oVg0mV%vL(Rm8-B!;=kBrcX)fu`Qo1`+83|Ug$Pe=yrU{0B$z0cKrE?e#d#X zaLPP=NtsV+YdFoJ&cM|Hfx?@k&kWihk69al*Iu>wiUMc+ElRh>j%;_ji~$$j|y{MT(rrXP>{Qkj3xd&=gC3?D7`jN&$)TkN5F7mvxOgFKv2+My)eo zNZ?o9cT;nZWy=f0kP7vYHx;CNk+qj>#n->1slqiqp6DI1_+-d~w>Fjqo6(Rqo6}9r zEKG^En=KLz8!di^Rsz-;v>9i6-MdPrdHr#{gK-k5!|Ysg1;t`jD+kyb%5M+6;);o< zcs`m@_f4pYt0c7yib19Zv5|vEc|JB>EQa%y=wqRW7GL8qapo!TS-&BKFEER-7Z^Nf zxh3P}odiZ)Du(BL9d1y>o`s7#`jm-3Q!XYK9* z1uQJIR#3a~_>QyPiMELu8Y*{q^w3Lv0;<^Ia-Fg!%w*mVpJYZLLTU7*=o5utX1(uk zWoWU#8Nq%4%fzTtlrWGEPc{ss16U=n(me^Bj;e!_XkNtN4$3UK5%R|&n?v6SDAfd``A=!0*c1G*%L_S)HeoekiIQ||`fJ_-^ zM%TL?s!o?0?u=%^NFrvBd4lNG(v=Mj)A~bCnKyZjPxCr*+gpM*D*E-=srI+OV_zo2 zKtGmmI`f3Og*RdnLmxd}^7?My@|%sb#APTf-`rb{Qk}K|pLo+wagc$!U3f|3mQQ8cAH12kY^Rc_Za*P_l3uz+Bo>NCtnwov0FE*%qr_R{fSa%iNi3_DaEs_ z0B|TED6?$b-hnY;w7k1{0R{fxvi zM$)YjVWC;{sy+c~164j}*D%)PhqJ$xKy5f&Q{A1`!Ox!@pykJcs5GaX~Ovw zHUvn`FZN~xb?|d1m_4K71k4qIcj}UzZC9s)j>ex^y4;?_+CgEQQ zA3}$T2zAd|qCC^-EeD5(k6bPL*X|Lh z?Yi37P4NyA8y{II$>f}_EVaepYY4X9k!0an?t4+84TRd|PW-sI7cL!1kZL3k>L|@L z$8YZ#b9`+c$}oMJkF3QG`RIFipbmEu^o7$jIwm0U>dCRh=UW+gYm_qU(|m2A|!0Zx9lW`$?Y_$oq7N z-&K^~b{4TUoV^*bb#JE91856U@+0reR5E0#zqc-J3YmWGH6)gA5k>xET5hM_LTAx^ z4Gr{glF-6o(uo+){#td(*T>_0QYS2kCPK&o_fjPZx)ms)>W;ffI4j_#LQq!#F9)}L ztvhnsiKF(@)_%$7a;8OG)D)gsrxbR1ElPYfj3FIBA;epE?D^h4c305L-ajB~ml@e+ zSgiL(18S*C%KO3Vpbo*msI>k=%l$rtFr>|6E3M~z`gK&?(cNh!@#Ow-55>s$7eS(z z^RaL!`1YGg7AJ$;BkJ1P-8!#*WrWh&dGg2*Um6+?F_$%V0+oG_hMFi`t8pkKa3d25I?$EaHEFeR!WAi{+ z9vs?@P~RypZkf5rq)akDYsDN?Fyo!lXEzuID=>k$BbAdA3ovC_r1^*$?n9X9Gp1QfbS9knBgHXx&QljbR5F1rOi=r4icz zxcJF`0e~#BT@A?ukJVT<+_ZrYZz!3s0MN2x1YxN8Br4N)l&^GvfL0j1M!xb&l0|x! zTvU3h$7Yhq*{Bpq@;(iTd-4#0I4yWE~< zmJjYH6iBczq;7Y|)tsq(`%J1rJG6@)Tec$PBj$5uo$PcdY(Y`tH@ycDQ2Amf?4XPJ zO6F-pH!>g!G>Gce1CUqAjrfV>TK)ZTRH|ctAAmzY+>ZI}EVYPhd{G5=zQ+;)tOyiA z!XIfyZR`Xzi-4dK^3CR_#-%79<(7)4A#xD0qIn{ zNXthR?~bh&%OHGY-O^TdLNZ2dzQ5iD=-{Yb3E72m2TZfrBY3Ix^3w0~Qnj~8ov4T6 zV%4dgu(4kB!qD&*B_`YRp++VfQhRi~k<_sK9{URt3@dr|JAO|Otw@9l^=U9{X}_xc zP}mOJ7vHE3DnwR0aa;|5T{F*M9h!z^qkhi}rR|Zj7o1`Q(DH2?S1G-rV-in(@pX$Y z(1E}Tldjz)9vHfK>dgUm+kDnk8F1*(`-uuP|JVux(u6O<%wOKliGpw4ag1-Ac`_6M zL)E*D4InEBLH~~0-+`e|W}w9(0erN*dd_YwPD6F&^7d|#_`Z=VMFEGwVcwyK6Y$97 zUVEHI9_Ly>_vXWBX5q6pYMM(9J!zWS+S$88fLj89)(jvhW#mK(eEM z{&{A@LV7C7P&69-yvbzHF_Y01{RjN!fF}H&eMf!xayd72!Lv7?${i+Ty|TXp zCvNkz7V68y*!KK2-;K#6L8?PHk-Lu(0Oo!FK6OBjfKJ@m8HS@I`wYk|X$VpE4yvzD zi9|hlfaC&xIWrLbnbqkVl%gR37gv;xB-Ol|5U5J%J7tMXqG*@kFJ%R@2B3ksl zwPh9&pRVKaemEI(%#r=rPo%#KUdak2Uj@{_3}_Q>*GF0rPd$=|lvlWa_QDxC1-vmQ zD$MJosOHo^eOc4*U(%l3xXjI}-U9g~j`K^=J`-rl< zlkT@>Lh!0f_*diX4fYAKNq#h_!U#R&2r-5i=p?rvbAAO9M0=Kw%SiD}%)QfeaT_H~ z9H%W`*G=SxGM&KYaf72Br=t?7Z^1rZHsa`O6*;9D>}w)oH2TYmswSbJb)MU({+0N$BEp+Qhcn-f&DamA0=qZp}KJ1SERK(9~RnY^57D`a8(G(nzWuP)VDXh@F2C#YwQ zDq8;2kU3CjIjiX@cD)d9ks$J`T7BYK@ezIa^{68x$#D0Z0cOx z-&1UU9|zzet%5qVqgtDx?h{jaPo^#xsF*+@UNl4 zk#%i5iDkDVG{ony)?%%keLfP%JXvF^J@^%N+g$4Y#aV9nN?iI%X<$39u}S|UWl$u& z^E-^Y0L#OrwS5QJbt$Q=FmG%CD;Oub&q#upbe_&yS3+IQEj@I9)=@2w7@Nc)78+8z zo-ey*EC&K9_w=>?Mrb<~@K(b4`FWnJz9k)ApPZe`!F;gI)M{lC3jmDDA#I&ryYC(M zU`ie}Eco^aZl!hro;JK^&G@;b@!~;xkh3vTHv5UETNiF0E=BvVmqx^`oKS z;)~T99o^Wgh-%xp@j4{}uhIf{&fMO8t;wUUST+1rN1+rEw`M5{Zgb^W8=&~Jz0~nN zDBZbbR~nu!(dV}&mjz0H7DFL7Hl`YZ2oI-oqgwkc(ec5AhP*9yBDGmNzJ!4;z*%_# zv&$YXHaQ3s53e+y4g(>c=l-63#-im|KW=1;xnL>tc_0TWOw`=z+||Pa#_8PWD7gtA z%N@ec{MC%SVhMK8Iz(n`Jp37fM*?4yyvV-aMznrAgeym?C|Z=65S1~lPfZ0|ilHr# zNT0%wHa^eo&?W2+3&H8cUO6*m@k#o?Z*knQ!=AIl#xc}RF4c14O^BAai(cBi`PP7q zz_dGc0La00Z?4DT$*f^u;wDZ<#35=|`Y+U}BBz;>Df16u-Xj!!vQBG{14T1s5Hl%;Yho8OiNU|^WL%y|ZYbyZ8 zw*l!G1OcCCY!FR+<-5UAx7C-lkd75fTy&i9uG-T`VUmxj#8dj~5d%Z~c+(99x{2K* zuYJv&d#OTstOie@KtSsQcqhb!ct%#mqztVh1E_{@ukL*d3kwn917Y7iC#{#-sJzY? z?pZsd=2C#}>SlmhQR1gc11HKh>Ryxb=n(Z`*ufCoaoAu_Ivq+lCB#D-HqA_%Yah_0 zrcW9-F(|)~p;>V()E(^bf5ONqz*6(@Ai{w#4q_R&Olnm_TApWUE$2-#i5++1xQ1r* znbmHkd%XhQlt35WlM2-Lq@w-nB2@z{QG*rPW?ZF`LxRlx$`n%VaM=#-d+M>JQXPDf~;`v4QXu(p;ZeY#*sFews#Y46wJX1Kp46j@r|k zd$C*f7rFs+`yM;!uy^zm0WAsjOiY~hf@lm z3k5i}4M1f~=4&04(}X_HR9ZN-!I?hw1NT%L#=PYN<;zyX?(RgrfVXsJY8_}0(Aiux z>K5!&#pKae9NnlR!TyO3| zK!m~<(Ai_|IMbSq(9I4(SwMqR*Lqk}jO24v&u~xXj-7mu(t;h)dxL5uQZOP-^SL+r zOQ``fhmu#Ylb?JJwS$TptGtmk-<@e!ZkL$P$t#z*R{0-mF^!>q^P_#Tz zC@yZ#DH+#FQL}|(=5j`K*r}Gul59S2);!b0?>qBtE!N#K^(Ax)9ZsOk%Uw=1Q9e&r z#B{;Z|J&tgU7)as-D2so|1ZY=_l122woaEZt7zHOF8Q}W9J{ofd$EV_Mlx=wPfq**j& z6i!@*NLDVjzIcH`{MYFl-Es{tETy+|a&kg%dVRHQqXQ;3n{xEWk(4+U5WhECGq4X* z_%+@UTgd*FrunkdvAJL!bYZ@$PKawgM@q8E`Ic9@+uj3?!NQZhcrCAab|h)8WWIgO ze^g?7TwUvn&Ke2NRE9NVlzV`cGb;KL9H`E!4oo+>3(QSTpHl7ueFi2B}I%>8`is5~Dz z;oFzh?S46`i}DuR`}UhpoDOj-S(A6)-dDe`)?a>3D3FSeN#@<@cXySiJ8V~_*m)j# z%d~Km2c2%%Z2#6C%ox@OF2^86OJ<=PcKtJ9ZBZv(IxXEyOfD@)Y<>Io?RJ*$?h6vy z`8Hd~JW82U$~SCZ7KiOGu2rjjO@!&$43q0?!+v>?0g`chf;%h%6}?%h10SiR96Qc) zC%1^g#)VytKvGWF9ll*mhz0w2LCd6=4 zM?002Q&nBhR*yWoM-;vO<>B)26>|qxujaM-E32ps1D>$qk;pU(a31F*E}bXrCuj?8 z_I)#&enYghqu()IyX1o)r)BsqfirxM-pH$*el7Q{WIfC2gZ_<>JzJ}c`I=f=)%7P7 zw!g^Ctejlvu(i2Ey}_GcPgbvu;zSO_ESYwp!z<0nFXuLU8K=GI>`ab{a$TFQ3vL|w zIJqF?;*n7A;!0FrTTV8VfbIA%q|ocb?cb_&!?1+1+d^H_G;N51)J{FyZ- zV}kavc=LjzrAHk`hNAc-%c3qH&QbKfWf}2Dn^AYBy#MHwweW1`rQwdsv4Yd)OQz0^ zybtpq1#oyc1&qd>B2Od~%XK7tw?OQ|Ww5g!ax31x0g^<5-|P6E?lAqQKj&K{)>h`c zbtB)n?cK`!ngu7b&)?)WrX4|ES)7d21MI=mW9G8uH4erE$*q5hr%~lMIODwkF3hF; zl;hp|Fv;UxeBgecuYo}}0UjLfT8e_?kN)yYdyEyy421mMeZBs~&G2JLhm3;%56#rY z&C2nw^Nq{hc#kd~{7Z`L;hW^BNqN{I%%68un#Jb%Ywj1aP`&K6XYg-_^QI&DlcYkvrt*pK|PpZxt_|1W<1 z|L(Qb{`IZ@FTQrtx`fEmY}mT|9)To&#wKSZrey6`>~^H=j?ZE`S~QZd26+EkE=EpOuX;A^^8!Ou^@H~LM(aX6Iex~Rklf+izS^1IJ$ZJbK z{s?mXDl?Cqh2-I5`54?T|HnL`Vq(%9tl!d-(Zx&NX_=?Dr%^yLrBT;Jg6TrY!j{vG z0@1b1nT(EUeV}rI^)lZ5*!g2hJ7XVfGU3@6#dIrtf3!jq`%T=QcudI;eLmv1FF+2I zpwN_yyRt*WeOWIU9Z_mJ0eXEl=DT8Bv)gX``+fepl_QdIlV-%|+~#4~gt-Sy?r;#3 z$ER_=|Mq-a|AN*-l@yqfo`i;4Xz4Opf4rF8Mt*3oG=2&>&~0f%`ZPQ%dHFFA9Elx{ z#^c{h8*?pOV?CC3BwvX0t?XY_4XnMhjp^gllQcG8Ps(ucEUa@a2!&L=u4K|9?L6?~ z4vmM$W@p<_ptIYfsYg$f-x%EXCJV1F58#p9cC{yb<)*k{&(NAkk+idGB8En5!rRy$8 zSQVY5Pid_1Twi7xYk5^&+#Fy~bIOd5u(ZG|Tk5gxR;ylK_O%L|FJHdkt~1zt?z5Zh z4(PC4t`ww?Gv=#0S;?SaVR54ECN;}u{mgJ|2-!M!&0-^JZR={D#mC!3wI62+<~RLn zK$6_F^z4r%6JR^_oOL*tq}J3T?=eW@&4DU~4ONxf;s6bo?z~7rhAOyNaD^6iA;~&N zreqK6{IHG`u@y}w3{IT?D5#;I8GMx&Hod-v^E@Ex9UMM zBNuwB*i%$Bo4wlG_hS6nGdpu&xppzHww5(GE?{^R0-9& z^*f8lKJH6-+%Qka+$bOn-Qerfsm+oG1ivU)vwl8g!B|LCJGR{By0#c$oU;}7)cLGr z!b26ahYhlgb{N!=$>Bw1Ub3x>iH!uM#*brf-#7aF zn8YW!u3JyH+IJ*f%m2O~#-YdU?b~5+;w-zmH?vj2-JKC77i?o;PU1jB-{Y69ZDR(; z+jvge4%z|VB@@&x4Vrzt*ALlS7S9Jn{rW}y2_EN&8slk;7K`~`Ri(+x_)>J#e74#m`dOQ|baS)B}@S}2XXAkI|X ztZ?y>ifX*OSgex4Rv@q2g&unD+C~WNpMp!Hfh&29K9S1@()j?q#H~kvjazr4fM#Gw zY(Ld$Q~gTz@V+nA)kOLN%PvupWh_Ye$M%L10SvufnBktmu=eFQhee*9UVn#`mMuWf z)X$J$mZUdv?B%>K($kGW*BZ8EC(Uyl!X&JdES_3E4u*aaoUd9ct7Tp|iwwolz2;>? zJ?W->AA;efz!HYZ4dz*TdmzZ`hev`LiJ2+QtF6qs|Jp>S2nw+N zITvDWRz^mUe(}6%okZaey8`Xpaa+l?-!dy}{?UdfQ!|67mwOhHZHF?pZ+Lm>)z9)h zJ@EB2GzuIP95)wr==6b+OjTi(nJG9t+`uE&usrCwMTf)F z)=Nu2WaJSdm1362)IKn;@kZlj#w;y~+Uc=JDE*jO#4si)pm>6@@I_LV^X`>~)*M4< z&5)=!mxvK_1fI^m-V8{%7^K8jsB@{+{t7p{9|NB^AWrC|SC{#(zCVO}3mCGaI-G}R zME6?OLF6t>TlK{D-S>8$s?agcX=5``i&P)PaLwwlEH&zJU(R-0RHNozF^>ui9+(h& z+Wb-r20j6Zm|L%8xbiAf>N#TAMDU9fI*8hrE(K+bDF^A(b%$e-DP3RP3#$J>SHWB_ z(5$)fLq}Pu#q^Y90%Xp|pg`hCu2Cm(OHUogHWM0*7b?A0C^ahsJf4FeDHW#RrsX&J z;%-N555;@_YSuDnz?fy-zeB0fxc`$f)U8(Wm0vOtqx`TNOpoXAJFhL$Xy=#)j!J~) z>Z+s!z(%-RxsjIl>eZ@53(=S#ugin3V&vu5%H(xv0zOJ9Fr19m;8f%cy|&O*2$fP@ zc>J~0MNQ3$tjeID^Bt2WP!^7aD2Aw{z=vU9dgUd#;WNXXFoV#qR5C*pS(?p{ePO^!Bo~<%I;tNlDfa#icp= zv&zcH$>yPExDuP`%Rf&%S%W&s=e|UF(AO}}8Um{AkVO9S#4<@e)zEy~``t*vW+-Ms zRaI3{G$vWbFKE2b$^eFq7*S%a$MRf4a`MspvNi!X1*0kkrs2$FZgZXNzT!%hGH*^h z;J!3o34cR1iywJapdHEQ(Q4qyZx**o10TtG_^zFQl__9Po_}%DYC8tbRAumw^);)_ zTKdk6@NcG=R9||UoL_T9p`2H^_x2{8*HXt&!E3vOy6h-DO5>cwYfZxScD{%H`T!dN)lO>!QusaB zHhS+BjsaRDZ@U@Rs_%Nhul#=Nn920dLQD)s376SxRgWuf|AbUH2rm9A^u{8jQF4!J zskKw@VEHCc2B`b#kphKTZFJtaVyB&Gd7s~&fqDhz_=1AuvMY+d8k{D<54nqOF<{R0 zr@iE^7@BzuXZ5cS0r@}tZwM3LsBUM$t~Oq}P8RDneNx}4Pp8vTh$%R@bZzch7?;l1 zQ>|Bm>V}Rm1)ua-*^DTP^rs*RKMhW~g$aq_9?wHG1}j=6>udChPwd88LTqbk%ef23 zzhJ={{BCsN+4*qGD;|p#>6hPbydA_ScGCJs%>z37osG#7U*1_8(ViML#)$ZQKaeL4 zg=QJ?{K&3e`vkV>OS%rf^U74pVrwbW&(d}GI8-uMxLc{)touKy>FCJ8aZv8J&YTi$ zQ`EIaqwjQ#J=TdY$E@@oA(Fv!g+tVC_&q*uEh*=r7|c|BP-tRj!^jhh?b8cRH%vZV zJ2~IIyZ}vZM`B}D=abuJ^h14I3lX4_%eYBn@qGI>y;jsBM3vyLD>^^Kk8^Uqn`_Y}Sv_FMe$Pt|kFW6h%8c`9>d0@m#bN5| zq?1=qd$#9VC}2(AvDu59*+YP=+;0y%-K(KG&o#b zo9$})6De{5*O}aB4LY5NPHf(Irf>#Eg#jO$*rbAjt$7_XJteC!+bc!b2sJl1gX+9~ z{W>_u!g~8Nr5>A5!)||WcyKGDm;-jQUYmTKx7W9LE_WOhys3RbFv{dtuMFhD)w(b_aceCXgcAS((c$tv|Q^zX2*K69wvua4JdYG#8VM}wfs;c1@ zzVXu1W>b7dvwHFHs{Y{hC<;c=hHMjh1`0o7_pDRreCM~8@0VV+Uya;~yc$GclzhLI zkH0__;JGFy%s`R$^2XVu$B4#U9sKGX0C9&D>D%lDn>!+GJ#V{=B9xNbObWUzV?A6% zrO$F6f0RjM59&MZ3l}gEDKkIKt+W=_!xP^&ifFJGuJOC@mZoP zSxVd*J2lVRgUphpAK{EwzFl!H*2g_nO;&M#N+L?dCW}HWy9yErba`D4Vkop69-d)U z3&@~pk;X{ouK4l%viO3q^z=TqKUc3p=4 z|8<`NLsj`6sndc{HG#Kx+EOT2@sh)|q|6s#+?dQfE^0w+)`eYe%S0g*BAmyMW4n_&Pfzcw=$s!HNH26KNfG5djH0B%47CQ4 zLap_c12Sv7k6&sM6b&W_24hv-U67Gu-M>}riuQKHOahcCr(%7i(_U(M>Rda764StQ z^}sfUTURrb6533zN6NGA@1EE@u;ONrslQAz4oRcnxh1Mcsw5yAY^7lMifNx$RUUFK z2{xrhu8NVui*pPUPrtk^d;`Wz_8(EgFGLILG zSxc5b_)0&IKXqbvhg50U(RHCV<0x9+wqAX~(yxrxx=D=$(v)%% z|D?zs^8u;`Vf|G}Nf1!v6qJD8DW^zxDLrl)tCB@J3}k{|yjA;~N9F=c2?t~1YJUAJ z<;d%_*@ci0HJQ<;2Ym=?p19v%XPgZi@K+zd%Nh5u@I$EDpq+K?XsQNZ>#!8)c4X=$7^S&2rGY?gU`2mt!-9;+7! z1i(NUrkfWw6dP3)azRpMsMghHAhgx`+ZjK;8!bxLvN*65vBs#hy=-Y55dav*|5M(V zMG8w-;7Js}m)JGC!;g5`W9&F#R(780uIQgau+#egIy$Z&V@HUrP%f;Lt2$Yjs~p!EY8H>42gJWAIUmL*qjx;mroCs{>E z&c6p4H#%L$h=JYIWcnV9CRi`UV2wJ)DOP)nXWS3{dr7rS~`fk`BK6NT`@aD!OQ=_1S8tHtYUuGmm(Ma;;hR$kxN z=K6&2>cNvgHe*`&EG;dac)g34{BBMyT@8MYm%aJ@b*$7XK|t+;*Or+L!>yBK_`~K2 zZw3nX8?CTv^u1;uLm*6_=0uewb+P4tG0(HxPEwT*vA=g*nG>&OBcP<(yt%b@+Ll1?&XW% zc#W6Y+d1OnIqqdO_y;!^Jfo6(wQHGk1M7~f)QYTCT|?awi>v!=2KMij{jg_jVNQJI zxrptAgsp9zS#1PAyR}yt9rh~(_YXh%Mk_cjy0lRG80w*4cD5Q2yn*|i0ax|4pP!=; z%w&lWz<>Mvk8cIy%{l1n{66%OL*eSf%9gIvQg+NHL%;>z`o$jM4z=xXL?UKt$6{RO zD=i%v-nOnxjeKU!&p$zEPTL*lQ9vGE9eSCGcuV+ucG7L+WNXDTwXXM-8*aOkmYnM( zO5GuT>i4}AZu*VELk$8I`E( z?4;+>M`yk3q}Hk8>Vgerv)aam8Kji*o7eJ;CW|9kFGz|6PW4X?!kcMS9aa-<*KiEe z*S{)+S*2?-tAmjcK&7F1lsaH)wvqqc>b%%fF`+o+sFsj$M^Q8Zg(HdlL*HJNl#qey z(yQ-pzkDh(Lo2yFPI*(1UcxoD?o;3xVCRvQHL~@Up&mj{$&p|Q!9Z*n*CG|M;C;-{ ztN1xoS2!IgL|70p{Fb48?8~^W_xXIoo^^R=k8B^G=G*Ii;z)qL7aOSdZT5Q2K z>#^Fl=Rum9r-<*|>zum;LaPS=uiZo)R(7Lip+b~R7LLyI;oMm3&v)J`S59@P=wI4b zI(Q+%v~W27Jf;S!hu)dR29(&`LUC@{PmX6C{J65nljx<=_=Y*g#a1+Cj_I?N`Q<|o zPi8&Oq|(&v$4328pyth|R*6R2>JxczUhH`diL;4@hc3{j=2YvqL`C(>xnC>#Zhb3q zwv}9+Ek)+-0d7K)N>Sqor~@{*1C>MAlsS$a8-PD838tr?KYudJ9iaWuYEm7x(W~rG zr0Egr0Q^}6Fq*uHiQMR}mmI$^l*YfSM$?IaHXJXuo{WDp+tD;C6kJ)oG-us@0N#?D^bBtaWh^9d&F#oztw7xUuU!cG|Qo7LXTwLEc_xXCP%4ch}7Tu$TT zH-AhC2hfz3_pFzY#nt(xrG39CDEYgW5wy^){Ah3^k}JO?^xdYMJ1rgCEBYq7dQ`7m zd3rrA?YhRL2?Sp?We>ARKi{jHN4=6rQJu||Yt{1w@B2O9cAIXlTMaCI5&UL?STm2k zI`X#d=6I*hSHwTPyCy*O&djyaJFP96!A@$CYI{jYFVCdf6h6VU7%7LFM2YkIQgdd?w2oJN^xt#_!Q;>Us1`a6-uo{w~BWXsyaKb zVBo5MsXjjzv)rEA!uMn9APQdZ^5;!Anwm6n?8m~2@90V0#@)DzlB_a4Q{(a*^R{Qp z_r?lT1n4Rz7gAz|+chN%aU=mJ@`Nb8Y+%ew`~oI$8m5I?Uyh|TBrDU4Gx6M)C5DOU zXD;0Cxa?it*OV)YWrpUhNP@6r#kH)a+47P`IeT?0`_WvhRQhAA`(3U(4lyU6Be&D5 z%ua8b94;}KZTC}uwQ1tie0kPe-9cf7piPz$31cqTL%T{k`o?wH9(_|}^Zd@2Vrd-K zP2GPxfbDUW@%4l{cd_+yiSUty>?ax*8PX{wn?zoA(Te+a>94!3e9w9-CR{njs8u)+ z7*yV;RGiX2Ls!X5uAzy6nOvLD7$Nys_;Kq>s(R@1`UJ6Ou)xB3RKNeUMfaw25 zB|0~^fm_0(F^QOp7=~Yw7awkZNwY`t_qT2q^Cd-;k50wikk(3Mg3^uWBF*om=5A6} zX1IB7(QiGY=cIY$d_wh=JuMLowORH(cVsLK)jJ3xi;u$FJHj?ON-z8Us*?!!i+(I3 zTR4{d(PK30ZKM9gCZ+_!#HMJi)(u|@g1_8Yqw-sF+cUeiXLj9VV#ua*TV0u&2oFy% zn{uShGSSFsX(WXJX}b7Zgw(o8c1}*PIlTjm_uk5st#Q}Ip578x;<{95^0Cb8=>GfT ztIPZMi%V~3DLdl5SDImirpleY(%W}1;m`m4*n4yEU*Ai6DQsu?&%gikuYZL1y_i%f zUhg?ggV&?uaw0E(rjv6;N&N%<-N%#LnNT^NSiMx6wpaR|5v90&-=BAUz{QO>_}kn6 zd4q?&`~Ld=>@U3GfBrqI6E649@Ben4|MdOtk1ZDu=!PNMz(O5h7|E8F_QRoY%1PX& z#bb0I!o_S`E6tBkHH7B^bWZy?@8s5$B#jVl!Suk`W7$8-Q%JA zAzH-N32CLzH8m2({XTntIH}VxgkP~acHlry*7fEu8bj#F0KO1*m%WifRw}#)jX{*6 z=BF-|x}7lw;wo@_oI$Da1F={pn)@qbOYY%e%<_>(p7&rPR$isZSz$D|K@BinK@*2N zhxZd8G(7QRj`hOMg6&kmBC`5`7C9?*!1P>e)N8JQ^E`~FTQkh+(=_Q-#HW51udBps zzN8cxOP}B}SUb?%teM(-zal=`-C@r}{?G=mvb}P09m6fJ#6ZCwtqxmdKgHKpx+kd8 z9wBc|v)DGDK>F6cTfzs$oep|<-Uj#tnw|@3ckB#yLgyPwc9ldzBO5uLz*El^BNo)r z<^mrAg@Sq)hlWVo(68V9!Tk%%SzH0;0{$6eWT--;Rm?b_C^fP&Q1nkZp{uxVueit|6Y}obAsN55M=L9fKL_4c^6n?7UtZ`Ex(~J$ zUiBkR#gfv`50(1`8-IU2rVVBQx{LTir#fp$)tiDNk9f88PI*^z)4$KP*y1GKt!E6-(JvbCvTpPz%dhw!gDJE@Ci8_t8$ z=X-Q^v!*6SX+wh=a*cJnc#23_15(HU5M4XWhY*Q-!sPKg6XY%W0$tH}KNW|p)Pwp2 ztLIidC9(?;8y(T^r44Ka4vqXl|)OFO!%_g1Zu+4 zv|8LCv7zgmb3qimXukb;w99C!fK~VYa^8mI@%=kucJZu8OqQ-wJioZT zw1@OIaqhVffW2+%<-!xWKki9!-`)2j*hxS+;l+!4OcJ%vZ?xu+d?&QDwD_ozf)-z1 z<#qelm?FuV*YSwrrZTlVl=``ACT_--tta06*1Av{w1t52x+mhiC?C$RnX&bjQ^ zdRKg|DdgwiV8e461yb-3+sC`9Pmg9tW?Yd0Mct_Uii}p&Zu_0nY*?3I!F>YH?Z$6~ z3tLj@uSJ?Bz|oC%BgMcKALq~uY!yt}V(t!>>tg3Lm6gkx$Gyb%em=V^24p-mir||) zB{5bd$Ikl5#I)1W2)QrK8ufixd814A*8ZunnNU1~fnqaa+#PlDn;~&26e; zhzzZ&yw0*p3(yUWzVzGhYql|G!_2+0@NfI1893Z1T4N<#4~k5i;#LX7x?HEz&&=#@ z(u9hd_HwH_3RQUh42xBIvbj)4XKAN*ZV1r0 zN(#TvpFfNKSi;tHR#Qu>v2^_a7(NjIgu5D=?!h%-9$MwRbKD%b1hR=B^ zs#3+*bAWza<=faOfLh0uCpHuxMDNPQ);*K1(Iz^=F+m!|>v1prgO?`If%{wWSB=Okw5F!+fSA@GueLnx zB(4-E8B@A4pi(PUN`s~y3ARK0w1PLkcRx>D${D4Rz8A-Nklbc%v6xoUjTLR!_HNk{ z^~=S5?u*>veU|SGsa)sB4M!S|8XFro9Z%rkbe-3@^xwWT|l;VsS)7*%q2BA9Lzz z&(RZ`h;*2%c)(OtRJWQn?*ikdDx8HDs$1`hTk%} zMyROV0=q2nA;1~Mh}tJVyGkh-b%OXdXh5JtHSW4P6%^1jX!!+_Zztq}!{7>kpktC* zYer18{Uyf&2jT~?x;a9u`X<9T{>7^2PGn?c@o~HYsM0-;&8Xh3}swC;Mu1 zMN(gc(3y}u?JBwEw1dKr|9~j)vB&CGeB7+Io3P<-R&GR!ha)uf08kf+nIBDKp`xM5 zF;Y00OlWvsZZ+JQfBe38P>reCNW-3y#v#6F6&j$Q(NWF<2Z<<@OvY7@_q=W!CuGhU zb^I3CoFo?z)>5C&`{-=1L*X&5P6}+!9q2-M#4Ni04hT1qQ=9FC8Je0lr@r`25nNdg z8Rs=u2qd2Pu^n`$u6uV7lNCeQNVpvm;o}REi>&tj=@WO`i(Q2Zn6~w%=hP;@dv_3~ z2twp|oBG_J(Yi@FWpyqy1cdF?PY)`s3nc(2p-G7#Ia$8Yqm?Xi+cHlK3$v}h=jy3( zhi!LG-;UsqGaCGQj8M28dj8UUakOE1hDm+A4`Q8rtG!|+>iP$xtc(V}9Kb>vI??6Y z@S=VPmS08E`UTq=6|%fhoejXVMIk8weJcxq^oXr#?-Ii@o1C zlD=@6JAC;zQS6&WU!8qZ-dC`YfH;_{s+yr-48G+OQ{CX^5nuetwKO{-b7=2-%RKBe za5~?|yEP^%Ql2|^4tX-Ok=9IRa3-mJ1`ZAs0W>^pR6B`6aXMn+Cr+H`i?Yhixmt#f zjs*Ysm2uMIbJag!7g|clXlmjkXK8z%&@D+$Pxp=y3s_jpyBi-*#9nz-hZ=SkIwZ(K z_DDK0hmZLY1T{6=vJwDqKRrGgaHm~a1{UiN0Q}&l4xG@<{fRdMzeVL$cJ+E=U3|P1 z7+sNpfupH@QZzgsG@6=-%Rm&E8jK1+4+xe!r^%EXM~hq57TiYL^Va!(_1k>RnKVaz znBs69Z6Ly{eOkx5tX>t!2{Wh=MU3-08t1J+eO~17ZXJ^t-gx_#@B_nxggpj~HTX=| z)>GfMccn0NH~`ZxO2oVd5d(H%I4*X zmzNe|A1iK>+YnU)Y%1Klnz+jIZo#UDhmC}G?rnPHeDp6|_6P6$=Q!=Zz-|8lvp!~4 zsjhDl@HPCbb3l5#^-V8e;K)Hf(W|`< zw>&eN+r=gxof z-~l;e@S#fyp~-~30dmM_RS&mXk--H5mQqdo-EO~f=WiunvbnI9nfI*O)k+p_J9@MS z%C*`+c^@xCQ{&$E&sQcKOGy&_&9>|aV?O6^Qcv6V+6!tddj=&)Hk(GW0meNE3qu5g zAEW;0SgRGda^0C90k#McRKW8?U!CodRr;~s{K=h7nb(?LsB&q)zU}YdB{lLJYk0zC z+{asGS093@LYs-3SmI9SS)xSu@G!TigqNIPuDX)fv{*M(T|>CaR)HY(5F{iesl8^9j>G_ZB7g7<-u znwiYo^>@2saci-rfS%X^aFdKe1hDNMNGbUAt6(YmylId4X%4D$QIB7yrNyIFsWw*_ z^*QvVCEp4sqPf61Oh$Yja2Nt~5?8ag-7V8#RJgqUe52v`cWWwYWD(zy`coBTF#jsX zvXn9^uHC|v*7>~KsEcPDwVK+%e5t>`d_rm~8r{u#p>ZY}KYY(g@kc=lN64)9k3W26 z#eq!`;){yl_uO~x+I8}Q?C21n^_@+Ak3&Mr-&rTXD8a;UrZRA!ooNVI{8l@Gh|xi? zr}I4{FVDtrDqbF8<^W-U<~7%@MgjF6t->yJ84Mika_kvgTb{hu_o39b!$L?^CqJq_ zp>qGuE%ZgTzSq~SX~hdNW)KLYzD+{1pxQrIRj~-=Z6S3Gof#@sV%>j6Q&Xui@y(kj zAjW4t?Bd~doxkZaKdy+HWHhnxzd~^Y#@88Re_E$8yHhm^oFwnRH_9yT^y^GHs^5lp z)|BnJ5L#S@#Tj!dV^SA;)g>b)nCIpYz)!OKxcYvUP7s@^taP5r(mW9Mi(=#+EW+~AK zOh3x|_feIs-3-DH?o&=0b{7q0wRya=GSs2I?_KLdvldIzFtEnUGl4#p} zFw~=Z8f^P_xXg_zV_8U02=48$a!gWwJ62G;IAm}e^&9S$ipr59eOLm*VLR~wJsvt( zqnoUENKlqE{S*3L@Nfexp)hlq752-}tGk9>6qO<*RP**X$4DqnFlu*RN6kdn0np1z zKm-7Ek3&N%;Gn31XQM7Dd_D=j3y8b&!A#1RE(w!T^g2=ViZNKU~xi?>JPCIqQ!&!<= z>0JQI6jgnFQhcnAJ&r5EtS%Nvh6c#?r19sy0Jf5~!u{mvUBM_CU5nPB4+xP6K0P5d zelz`gkh@^`8k+D1G>$xBQd&9uuh=#3I7q#Jz|0hnx&v}$#QE1Qb31D#@@T4zmkyL7 zkCG4^rl!Bf$rQY;uuFgPhrmCB*9CK;gIJW1)dyas>FMd;lb%w_U1o%PqV#F2l>_%G zhi0r{>Du(#Z84n7pd`Al+zKXVwab_N5h)&Mk`vScU8f#OQn*OsT2 zSLfOgoi8(rQA-yauT&3cNuOtl1D5k!}>=E=*_kkB3;hbpn?sqawD`T3lT-)JfdqeE@qk zU)7f{8=qy{IJSS`{SWY)`zDp3skvk8jbARs9R4ovU2<~hF#>{;+eR5v#zZ3`bW$hn zWt!VA5~aBBf~46OTxs4kym_!L?m{?sOoX7t&WZ{jcvDE%2HPfDJ)gYZbXMQV(2~<4 zMuo<9Nb&+-#LqBYOU1ES%aTRv_lJdq!l93p{QhA}hS)W!gEUm0x#n^*kk4(mf&G~| z>_&ZGbrr^KdjE!S;crE@iu0l)Dc27o1aSHjy%kxn*Dmfv>wY!?%g(2t0;9gY(p`9y z-&%ewFVnpzA(;TH!!@hl^PfN~d04}EM+Z?5n)bO-nk+loR8lC>B6hew4-cQ%A-(-L)n8r!$6iFo<5d&ni{@IQ zF#7iTB{*;_{y_n<+KExNrXQAQ_&01o5A5_c10zfC^HyNjQR4wJ>htLqs#hV7o(o1P@B8eR^oz~%u5 zG#@O&v+_UOV?DZH!o46(+?z#h&Ik&GkF&2Lk13`HXqVDk|jWzMu&y2bvZ5rg8eM zyuXntOOe@G)@`ImZ{Xo9+14gPD7_b%tfrwM3w3b>Ei+*+{u%696t-d08e;C7?#adr zShSOu_Ef^R0aE0LFTF45kO5M7bO$Bdt+7|0gP~|`6T{8|IzS;QEp6v*P?{hG7Myb{ zSlLtdft5Gro1(m{U{V*m6Y=({?rnUYzx9{?;u!qqzM09iw(TWK4VD?{P=j@FTbbe` zv8-rM5tg3L1u-EaBEnnx44Q{lS$Q-bvsdChc&#Ck#L+0}Rr&pmPgt9}s_v4MWP(Pj z)?N0k^{^O{!DM#I#x`n(n0Hj_<=QI9>aBa2iX2(%17S2tmOq9X5#^%~v~T0lrc^4b zrXXz_Tiu6BY|x=$ScP<)vmo>KBGugMFRR+iyLJk0LPe2d9{D(O`BiFaS+-K70O1_^ zTbkx%S@+AsEl~%>E5FyPC(F3X4;B!oWaTJ%F6wg2yqSjcGfu#N_bTF%fDKEDjYNN~ zy2riy)^RzXm^z>#Ro!goPQfJZ-}`qkR>ya%uWwtkr2dQ9h|&EwW@ERS zSr^5YZS8ZtLvPmK#rz*L7d(GwF6=%J6y3QUSIHFh^;cgjzs=9H`kwCln1bo$RDZch zNENQR`$)6k1N)goz!1GLt}bt(b4-=Zy9##O4u0Lx8{@d9jPx=BsaQg@ zZnjmXF2Tu(-sL}7su>@25Yc3uMy=9M`gw8PCe4#*mDVKp{)KA7J=qTcB^hJii4@pw zb~RDtjK%&Tl{GbcQZk(U0|NF4cd>t5uf3;GW}1^@H{v%tVoM9Y63eH({Q7~f{^?b{>)v}XVOPCX7pa?sm>y=DEx2Y$Hk04SBO@gE~;bnoF4>k$} zyTpLB&S@jz5(>YZ?rV3CSgcz!ij!d=VymLOy_>!TYB06F^S}XcBcH+zTDZ5rTU+WQ zNk8;f3^3~(_J5j7*DDM|6|bf?eWD253jlYnsmYk#S)zV@xkN#^@t*t<%>J6$QG3ZSlc^Tnb?H|7wb_)Ye00RZ z5HCVc8}rCdu@a$NSANr>*DVj{aYywlSH6CY;K$AnZaDCyk)_%4JW+goh2cweY5#Qf zGRmZjI#&*@r2y=Y&od`?!BMu0W)OUCISg*JAfkl21R}wT`GNSkhY-ZooHlG94`^+- z!G5~!zV{=C9KA+?D;do5=dpEbbJcd{*EN7(?R4y6g*C^EmOqwM)#sQ>+-V)V@le!W zFGVYJ7p?g3>)a*3AG_RfNF+*)Ce$PpYegj!P=k&Q(+DqPi0y}eG1Als zE64*zF)Ua&;UVDn4{(G>qqR6N3hX%C7yDVDxp=%$R@~RXif!I_MP-WvPtY4T3N#Ar@GJk= zKc%5Sw8@{(P+xz}5@v!vf$D|H?L-IE6=@)Vyro%+^e4|K9PPX1G|AU{x;Tz8aOuX7 zBc<%&M=~WC$7(V5;!N!O?EqOGXHZFi(1rf z%w&?gWC;DC)azK(y^H*nsqy9go zk*4pG#A?@ZEAV=7`2^KC45uGIcC3u|F)1Y`7tk$iewEQugymyqRK^&#UGDs!Y7j)e zzrCR~8hj}-`3x7S+b1_b!3MjD&QRIIiiUlH3=~6W#0;vlfdikrFE^q+7}Jv{Zs%bF z3f<#Zju(CmLSnkGXEhdUeHQFNkE?#3S-)y3(}Y5QU4+gq?F3yQ->qKF2Xv?W(Uk3? zYSuD4qk+1*tw!|@77uqAs%j!n86gZiJ0^4+Hh_m`hY2*5!Qy;@Ypa=rP4MU@Bt@Hx062b9%eCEEhcQWR5kPR60|Zj>b*i3g}5SylU|rl+fCo{G*Xf(xhy z!G*f*=C?nfcJAK)9=#IR>BotW4~@-_dF?nzd-N*{*D|Ov`_)^9yM%{^5&+u6qqw*_ z^pA_#nO*Sh7&uI?T`v5{^1=Eagkuk$K+cm5t@& z6#u`<_RD=GJ|;TQj%f6MyLNl7Gs3opP|w$|T$0N-X(0*yj1S;G(>nJ?l=A*&9DR_S znCJ~n{1-8=uz_3BUT$3w@TZLx^tHA?WeqXo<(EgI<$J9HwY9HZR z0DF>n|4Mh)_RW0X7aV*H4?@Y>i9i8tsTi4L{_(vIuE1Mci0$@p3?(*?+!987I7umD znwKd!rP~}od<;jPac#WhBy0!A+T9isF1Ng!GQU;ll;>h~48$FD z`K&?_P4*7GeKDkQ$`{H=@Ic47xMWqS&|~&aJO??0lga2u1`-Fc;ov_Md8Fp{l=i?N zlK+r&UX`5caQEs>DmfO0AW}eY8fMAa$(}esvxc`fgla`n*kK`<9di`1=!iXslpDmU zpXe=we1$UhRg>^J8C5DMuJ1`bzvx7EummxqT1)O6TTuUp3a?9>oW_ab7dJ|yIjlfC zV_An+`)=!)oNCjimZ+Gnd&ma})Lfbr{+oh7r?p%2&rsOSq}Mvqy~;qAtn9imuS40e z&jIz95!&Hk8->b@aNs5~1Y23)qkRsd4IF_tvLz`ss!S^R?*Gu~Ba=^}5hj_-!bD(= z>4lhHoanF>ZKn_qc)au;>gCR-u;-vDj(^ug;ZMfb1vh_8gQJ$pbV~9kE+D~`C9{E6T#dQsX3&%Fy zgpIq*D;!}*o-h+=C6EYNWPDLD!E*&Ok}U+fdW@T`x?|kl=EDAJuC|OX^0ZSOHiT@F zQ-#l6YD7%m@j>-~XzxajypCc=-=FJ+wZ4S)KH<^oEG($lFN{B5B?Cwp4b2}(Rz+i? z-I|&d&eyI}F8}(HMEACbGpFFA=ip*r88y8O+GgdKWA>)nb|IxavPaj*pp);KV4v>jCQyzrlAQ3UM9HmGou2^A=+G* zCOzuv{s1+|+n5!GI&5eI`W`pLPSjd723?OJDJ!C8mL6-dc*>vRpxG`qxe_%!&4=s< z2M-SpJ_%NzLmMghmMdh!#14Yujuzob4BF!(4QdI%612~UKb8mDQ`e~;ojut22Gt|< z3%ur?_C9la`%{SLgBG}-mNu!bwY8!G#qtEDG{fW(rY+!H8^Ur=K0s zMevnw+~>zfnIY%HYe&K8Av08~r_MNA2H^U?2UBMh%7;>b{wbKsc|U*s8n2s|0SI^Z z^r20fn(FIlIDiABwvcGKXX)urc2G_v;iMyg4%f+IKNB5N$irN~w{8dr>0zi*=vej~ zd+Sblxltg#emi2U{KYOY!6rIj^Gb1)=HzVPdnO5+{Nmor2M9*ClO)rAgATipr+YAwTon8= ziF9aIQS<(e3?^7T!iW;26dIfaTcc`JxTx_;Vx$1VS=I+{qKJ{neKxDF4IqP z=%7|^begG=BXzZgGmcYTV;0FfE(H1$yJyuosEo&2Hlnkdzgl6{AYAX-r5-0B!%=b51HWtR+ac->i=xP}O4(Kg$Yr5H{|+ zwYys+WG}bs!1jx>o0Ap14(igVny}odq32&{ea~=Ei4Na@GoE#SnSe4pe5g~2XHGN< z+?PF^s=P??#zY0sP{I#}0d&q+a2MObB3u6A@4&4qUqpqE@Qee?3POT}p49@^lm86d zY^5HZP0a08`vco@m9=D=bn;20K{WqudKRKcQI063C z@Bee>Kq;HTYA}J`m&HsIVt>{SOfvHpE}F(CzhKF>CilYejOWgmhURd3@BQ(8^98-% zxPragjs)!bAG?A-R~)pnI{P)(d6kb@C-z^!8u|*arrY2nr^_HTdYmb&bvIf z1u55dSaKd6pm_RLjHlMjXeF8-2WYo&xgKSOm-hZMQKiYtv*sn#!3*1nR4ym zRsfl*xz=FTgXxQk0~A{DZX+WM2VE45R1jA7?7#0zJNKP#`e$oX6R*R#@XlQU=8c20 zI0W-UZA>9B@|>C=UEnnxYWVf;2JYXZSu3CncQsTzw0)@TN0u6+p9}_vv#ef*2jN}9 z$i5uex?5+=Hw`x-uOr5x8BEK+Be1D4S|U#U0@6Y^oa*uJRYoi{Fu0iL{OP#M;lHzK za{RydI)iTX)2y}3V{SP_%C7O*4Kr6kzS7rsB|lPsb?8Nzyf`k6q#@-JkCCK6ux{V8 z`cX&|24Jv~fqsiNrlb?(u3+QS4pYr6A*ra8C>6{1tOIeAI+|C%%pBx*`gIl6=fA7l zDqD2)hS4nRR@s(foRGTJc2K-BDO~>?fk3!kBC!AdvpJd^dz}FB4?}c65|E0D0+1OM$ zS4zr<*U8DE7Mm$|`fT^{O66q`zIBk2y}P`~xeo4E&uM`!>wV%#!-3h{cD2HP;A`Zm zfR~v}m=`McKS?~WEAcH_7Cgo&X0{EA?2qEsch*S=rF4HDxi~;-t~1AnM&G7ipO(>E z6`koRaTg)JX~fhUgxw(ig}E3!trjHq0sCuw{52sskri6)VXs~M8Dc_e%Ttl6jo>Yta7Aaf9cQ(s9yj^C6Vs4@{5G}PFOEjy-;n;qN=-xhZC3H$`f zL!X>lQNQSDN)Ws&aLv)4{9y{)wu&Ex89L7M^gFonk{_{mixN!1ou?Pds2oX;iBo~?@|T- zP%eW!p7|l9?$)=2|5E000>e*8%IB1gYGPLfe0+QmBUHpqwUelgmFP*4++5BJ&yXLN z7L6pCj2{Kd-p?>F!Oe;v;vB|Zi|9W&+*K&#P-rw+wPyx!48fFq^m`wM5g(`%K0eLc zRlr>RukzN=f1(RF^a8d!p|&>!N@S)*|DcaAOLJrS(5-<1tVYXeq*p{mVpK>*m9@D{ zAwcFB^mK_maJ=NBY0gQz;kTp)NZXi;!cXY#BnyBtj)Ma_{W2=m-O&w(nk+Q5P_>!) z6DW8!Rn0vt`Q~mq zcvTvUmqo~wqUJYS=0$z@KztJJS&8F%ouFO98;k}*Xw3si(HgS+? zOkPFmlBEG!-|V{jC@Sha2h}xnekYrq=%PpUyY!GG_I5iN?IWqZoNoZ*zI+Ki4sS1v z3RHz%SWN`MdslmbElB#nz4tQ?4&^4b8R6$2&}H|2KeA$YDx!J-XCdzk{6zAVaYZumN5I3+*roMl%n~er_)H0Winp&OsMCt7`2USg?&6qZq zgZ2QHI1m?hqF|s?FJj&x%S-*Z@-cBZ&KNP7FArJnZs6eNPSYApj*>@FD4;P{Nq@yr zk|OU)n(Fc^zL)fU2#>mD=h&*P_rO=7oP?YO)Cbbpg0Lf1F|RwF*tB)!4ubhOv;=l9 zT949T=m`%WJ*wC(L=HbhHR&W!N;ailXf|K}AHv=Pn(P04AJ;BzqexMaJt849GBP4r z*-1wBo}oyJ5JHlbkd=_V$_z6DIs z-@aXNk1L2cY;)Jh_PpmRv>v!4uYE^*1%m%bf`jFMD(Y&yBttACvu2)!{>F;H4nI%N zU&m!FEc{yQ0)S+qJX(srdQd{~Xll1;NSk4N?43(Q*+wGu@qt_ZwIK|bFoc5I>Guv8 zi0JtGnTFH@G9Ym>`s`yq<3GUo%lr2uE0ynQOpc^C?J2Y$7tTq%Pj<$yP#xs8FS8C{-P+Xx7t;mwYAoNFQ+mG1|*zrS827Yb` zx9QKvKhwJ|8p;1n`Q+HU$~!!402b{{9i8ed1Dd39+oB#qU(AQq@#56B{&aDCDr2w6 z#^hh#5(c`3tM9^h-y|C=(cf`g@z~4rPv38RjAfJwqW2}fK7HdD)r}SAhMmOMPreK3 z4T-ernwk!zlVxYxefTMV!9|x{Qh{50hZ<596ciZP*!fCTy$r8+yrcA~} zGk78TUPoK#jGkWTby?X9LPGu~ZRM~x;(_!{EYv`#&n?dnBTn_XUw^#KitlTBS6iZ- zd@Ho4sI1DE`z6zxFL$nn8QAd?OoyuPTs&XT1&+DP;;G}5os|;%w}Z+-W}cm$O@NXN zAixeConB*j+mH75e+j-ION5a2tg@r%hA8u&k=E4K)>c(ioJm)e z)zJ8Lqk??u7E56$9xP-U z5pJYyY|e*s=#CI{)GaL`u!9D@Pe0$Pe9ORp{&Q3neDiqWfx2Ex|f zkvHvXKNgksB)iiL7Z^=Q5i|9Bd9M}}6co>t*FUG6=W-~@{`$*euh;RCt)+%$w)UJ~ zKsyhgYLyE94Kz?H%pm-}doUf2M_}C`X~FuYEX!lt-C?@dKPibpBRv4=C#S>Y?FVj~ zd{)1SaBp8KD!jHgr#*NNC$)^t%+DLaQ~oyViN#*Y_#m8@neLk|f`Z+%OH2J=gXsPF z5jWX6FC;81jOUDzIUhCBmD4r+zsVh>c`$QML1>X|$BrHFT|~d-JHhha$7i2Pin2bO zeGgG@a7zVJlMf2)eDrybde{}$rRQt?1$5Gg)&6O$2lskC8X6LZ>oW?2a|{fA01e)@ znKT)5o80!7ye2Nb8!v{VwBy@I1J%sj+%2QH&xWm2YUBeThX;kGz8e&(ze^1@;R{Gso|X>Y3+g)PDc2 zDp79611;Gw*THz!emv0=ehHPXU1mHGTD2u6b(%S-%Zr5(RJ)m7^LvMUHMwd`8dBMC zxGk&|Ye=bwy@RXI_8BsXFD4BV8N6ibVfBXD*!sA7ibIn4V~adJ?$=s%uZ!6^Sz!4o zT{q#$a$9^s@==j`zUS0suP?ExUk_G0T4-SOvn9?XD~tP(bcn$|M^=nr+wV2SMnm|7?j8M2COMVWk_S_X@kzhG?^k%V^3P}9 zB)Mzz&v*R$qW*P-yZ?Pr|GL8ezNmj+;lD5H-&gp*{A+xa2TK;~L0UWr54OTC$^zDU zLh_TN5oAD_uId*VNktzrCSq_8m#nJ#^F{@b^PrFrFV$39-geLM@bH7}fbgd&zL5yc@F?$=$}Wxvcxsez)nxbQ>J%LR}9I5BVHHv-H1Vqi_y_hA0; zxpU{P2QOq8N6}rl&_6cztkaBL)o$m`ov(0Kc6O?-wljXsB28D7dUQZgNC-ARdkC2k zkYYk3J%mA_x}`;F=prFJ90AvY+pOd1%*^Y_t~_W#-`uKt$J$RWf%Oiyt1Hn=J;%P< zuh)y%25dDSgA&+3G9vll!D%9pMTgP;up4iEgt=ja!)xy$imS%Pe?&AM+*7YM$+??( zZ*HOGS_d%fh zd2{-nI{l?fA@DUoW~g0#jrcoq_C&YrJ$haA-JEn`*bA29cu zo11ZjpqG9=oxemUu*sNCNT}p`;o-fz7!;z#lUm|i#)9acxo=YM`dm{(BOTmoi^K*m z%sV#rEWt1Sxnz93?a6mg?k0V`L?-AcJ;w1-%~}uZy@%la-PPrDRQQzw91<}^j??$; zdxKc~X?uI1^`H(dAK&iC1`U%Hs`_UyUfiU1&!>U?DkEpNHj5w_-r%Ur6A`50D=SXr z<>mYL&oHp2ozFIEybG%a!7V2bJN_u<69{jpvfwqzOn<|L3g>EbON&a=SWD7TxAmn9 z!otxwZ9>s4xa7XE9TXA4us4fUpDW^(;HoyA^jq}82+4AwNOZm1@?{22&L)Z2yZZWL z@Hl{$#}Gpj1fi+MQCRR4vRitWl1GTWkpv@AvyO{$^rR>J_N2DS;K(8r0YvZwq9X7( za&R%K515tTU-c#?pIKb2sHxfaFgEt8m>Bc>Q7kKCZZ6CnGHHD;idM{8x3qLE#L)s^ z06)hfJbv<|l$_il49n9;F^l8r;KRoahPKjWO~wQ8lhH#H`#H@vF;C6sDM9}6b}36@82gPjK4fpYIULeZY@lNxApryA4Z#RNMsdO*e)+x=zi<$?YC&k7b7%JL~FSbj4k#qK^WutcR_Q(Cz` z-DqT4@?I`KYqN(dg7q@uTOgO zBR7an3qN@L^=mZ|Y&ZS!Xai;kYrtLG@9F7zT}DPSz6sFI?OYhB4ea&>v5;WS2H!pf zad9?m0c9h=JWftdR#V;TdyhQuR7w45_2-A^=_3&`q2*S#w);M}xBFmqMEOvUUjwYo z=P*fe_!Rfoli7EWI6>6)$+SJXQMl_x%vQX(B+pKaZFy2zQ{(qR@X>FY$E@{EE-uGu zXnelJCQ16c!d>t(lx*8D#1xBf0@LihN-8_T3w|>&Jgj}!DV-;y8zZg# zdykQkm4CXQ9l`V09I2e0ruh4AO+mEU_Z}Y4gu$j9y=@TZX@5yC`6SvaR}Mrr_{t|4 zf#He)8O~U`it*LggDc_QQaw=RhlV`p1PC4A*YoIaZLD4o7DwYcSu>BC2sE(0*i9xa zR!fuW#yR|_c)pRAL4i0^O+|{X0v#=_SD^4~+1s}%7RN826%;%zBBJ}`kn&D5^#!?*kYU-A7^#yzRR9=D5SFM))6z-E|(MgMCw5RG>oDim^jq0z68C~vc z{Ak&?{7SA`VD9v=aO#a{>H)X&$aE&TAYy$)R(zC85m(Jvvx&hg0}hb2UV5ryA#IupRrc~=aP7yJIQ;dfbJ+;^0^+_+dL7Vde^ox32t*ouJ6ge6_cu=S2R9BMmwWlZQitPvy zXfpycv$N;u>7NV@-Ge4X21N^{i2G@uqcrEBtf=xkx$C3-gzCWHAkGCk9-b#)-jAGo zGheS_?k`CS=|h6Yb`6$0HIkm&tj_f<)D`@#pUF<=SSSi zr+SK>1_n0Lq~#IaOpqbJrKIG$Y4}H8pC?j1|KsNmeRnc%&y`(~8N^UQNky_r2iIrm z{DhMf2j_g3rO%ZID{4n*gq2MKpU^$(oUGOlTm;WMdZ?CR9e&@N6c>N%!Nbql)9czR z?y8!O9D!+qrWiS^d(^hk$x*7XBP35JwS}J9EuhaJPwQ&F$W^2iaGB zi^9=3h+c3fxLQ~q?4x#i$f>V$_R1B?D0!bwv+ACnlG|}Cx7lK2UB@K7PHx2Tmi+KL zcP;vyfIwsjLm)1+%z9-eqq0&QAb5nJGZ!^AH5$x>^mTE(4W9@t4smK*HKD-9!3D1B z_~)KbmUbt&4ggVz*DhM(C6Dn8leE@0;1#}R-RQRI?5ktR74gF)2e0XpS%(!uWN6IR z|0v|o*3XsQtv&zfcbTthYSlfi^sqh)|9&714$IkxY`V}XAC+XmsnVJ0l(Pu?P zQd>^>0#j4ec?oZRxHvnP*$W&ZNXjaoSpt1{ubR$({P^W79$QC|xP=3qC#9eOY2%AA zx6R6o9K?@@h(99%V(X|CHjhdg^ta8DyJpW5ZV>HfLl`uw6ITi6JI;1cNLBhcF`{9tpD z_s|*smqMM%3{#OCr{j_7hJfZmhUn<%EF0cRZO7_3%V9#w5 z{-hSBw0{bG0R}-mJ#ueyLX~b+^MWYz_!~mqK1Ff&`Twl(|6k?w|9TOPWe256?GHAmck4qZD`ycwV71?;}^ggA@|3Q|NEOO4L{R$`^b+9>y>wj zOGrQ#VYf8hSFa#)rvDkk+FT9I=$7HR*4U>MM+Wxwhl2&&nE3fe%^* zx0YU~OIDP7*Tei3Mc95su)4*FT#L;xDeAEs4i2gXRg@GIUt>kDp%Q=XVz%(-q_O}6 zmwG&r0A{fAI9-?I%y?MhrOIN3v)f+RqiSAR9i?gGLm7wm&rw9_N`%$Xp<2?@BJNuI z6`WtZdi5C^UxEObE9(Fb%Kq#|p5Lg_ZETvgXMec6ySKujS=g;GwFVJaMoVk5FFIF> z=C5B;5-K$h;)kpP(z3Gank~vXCYQm;KOF70G)B@=aIaRZySsbJ=@(p}DN0=I@mj)V zAHYF&XrSsK5ujr&@@TL^ni6Ckg|{D&f?CSn-U|24^=XfX6+RxDn&#H2xrMW5daonx zL&&f!>v>jtkB*!BIbt3VJ##QB-hW#XbX%jlWK`;?84dOCVRiOC@+BD3$h0IbH{&%0 zPz&w+4D*To*9nzBjBNpja#B)`QTU^Hq9Q_GItqU#KqyG-oFE<{G!SUq7DP*9xNm7j z1`6{(WYeTxZOp}~n##t+6hz}8__-&^DI%I}ZKB*|;P*T^|V_-r2d! z>*6VYRA<`$EnQua(BihFb-E?A=2pxsAN}0Z<5lfHKb6E7%ji6j&tv@KDUw)nS99PR zaHMdH5YM~jBQGv-na$=yJ~vJX#XJi)Q~=1mcOY0jeyq$GEYHDV`QX6=OOx$#Z4SIQ z<(8(8dVswrmNL{YdCEr>-YRi%de$R>!mZMz0kSw3wm2<8cpd=SgVsY0BL|{4B{i{DBVuEJpP!zQB-`^rr=&bn zUy4w|z!&TrblC7R?(yy55iBN%G%uVVpkBNU%yj?J3?!%Qc<NeFGagtnPqWjFAD} zc+K6Q5O1SI!_KCAqK|9x3!FyaTo&ju`6DjoirpUuyZ{_G{lCA&tSq))+nA{kzI@pC z?M#=Y6d!7O_l;R1oN9?~>j5bpco0#W>&tO%<4^tl>3MncUPj0BqaJ?0T~tt@nD@c7 zfRvnEq9!0}c42|p#*H8s?8rRm?!L8sxW6FN>W8t`ddT{+hbL5l0}~U35#|k%mh#NA zYvXMd>ZK3Z;^OoOQv!zT+uyrY0YtW+5RSJVyq=<(UY(*ck$m$U*~5oK9#0Ot1^}q{ zf{#pduDJl(B*YIhGHCkyFaI#Hhq_9f?JPQJo{^E#Zueo7bKuLDbLi@vl?-?gjS`pW zX7Viq{QCQas7Ap{Z^ql^iA$lu<238o4}#M*NNE(wB4%c+@Uc%~VmM$E4dU=oKet|H zm6T%?6pu49js^wYP&WDwUH{P6CW4v^^Ix(pdg#O1GwdgFZ$jFJ;`IBI!!hw~C;DEv z&3xGhq1Fi?J>R1QVBW&DsD&@_yAhw4cl5GJ>(yXx#P9z8e$fP(P~Ugi>e=g<)*^-F zSu8j7eQhx^StXTcxu^Y&noh)LL`TkuIp(AK)y0*cA1TDOnK+Ln%s!`>)ymv+Q(2kR z#>R%=xP}!}knFKIu}m>oT~ha6v61w|2~|3Iq$xXhT|-2SGpPTmRqUiAWOR{Yb-=Gd zVmFJz(`#3(?!=5o0u53#-*M6W7qE{{BIL}4TQzJ}%y^?`R$kpK}^ z`AC!0djIHX<52B%Q_jRZIrcSijOMO9NnVXfAZ zAj`YhF&KDsC?ULhaBAv1%=A!x9;)LoPCZUR@esiRqdZb(UJhmO&QpcdR^mA-6*-)l zD#^RTQNkUK!h`rz5*-aYyY7h-U&?{eqBSFr@+^~trRZ#^^EYNr&LEjk=3O_FO5|ekax9GD&TbbmWapJ-M4RFAi~9B7Z+Fe`ZASvIe0;u_dBz0WVU> z?)O<|MmtiCXc)1VKu%4GPSwas$uex9-*eN`b7v@6<-aa`Se-w~bo_V@*;TA(Wl$pm z>Q^tD@-WkfNbh(FUcD;zj&dU`9j=4#uu2>Y+YzM*VYl4+901fxP>`h($*eD(Y5Uk7 zqhD0N4d+80Y%<%-#_keV1=KY=#`bd}l&Oqp7s%*A*hTv=LOjTs}bCQiu1z z0$h5>%fDS^wgtIZK^N9;_pf(r_!D$78?UAy^EI&wlapVFqlW z2t?%_(66|sY{+Jk!4WNDw}#8O)}EU?ckK$j5vldJHC~Ei7~FY>E4j||YQ6xMlXID5 zdkbfyx>t@^Zs3W$@0dSK#d8Z5!lZ4y(B$>oxL5fu`o_d~WG*u{=vt2OBI2mN7z~xdqYOc|9*rPmITNpgaj%*F(VR!SEnp^cT2Damav* zyJd_JnHRSa3`s}_2|>QZMMxZjl3o~iW7)mD_%s8MMM3L_G*tm41>VuaJ9~S3R|h#% z4jfFqj=?2kP4T>;%qochtE;L@^lNx}Jv`U}ZYQ}cTDh<2iKwP7Cf;ZLt|QSh#viNo zdeijh^E=bM+sUKy(SncY;(7;1V?2fi15bkg&r3K;H3V2wJ;oMYj+|LrRanpHG&8Jt zV!tr4obLi&E;YK4XC&h@J50yhOg}IE?aMz+CE#G^ZYp-|!Gq`Z1-Rl&+oPG;cK_i5 zj2;Qs-**zw$yOQ(5VPFjl&aUmRR@AwW{8D zZjX|PK5=nzSX#HwZ{XBKFAR-808}!I{Z#V?(!gAYan2E~EOnhhh7teG0iK9MQI3h6 z&U3EcqSg;&8+laD^k1tlIgKv&e&Eee{A&`7&cA&-6hI@AIKqbZ6HI=_+9u9no%_*A zv-db`*VXPx5J)>7*)VSN%`lrh^8TWW5Km-DtDNoN!z_5m-QybZdphwjo=#d~&CAbJ ztUfFIx>_jR{nn9UPgXVAVA=9KS(|x`RPr!vne=2F#g+MjWrt^XGQx zDgfrdY$cB53CRqCbFAzqrP;dFe}1%i|L3GIqV?Q>U&ck-5oJ_5 zew}9Y?Cb$AU*1!hNs@QVyB@I^LlUi&6ws1Ay88rMp|Br}f@prX>-zl^e;c2nn0Z&i zj$i1Ak5Cy;^X}}<%167_0Ti6ZQNA)9?nMMxOphx9;)&||`UwR$9Ni|;*RP+wc<~qx zO`w+Zra3)r&yX5;C|jwn#!?Co~uP+yyjDPF;{@zV)z&H7cQVd$O|y217yS zU8RbBsjLEuWRzZCuHL+P5nyRQeCrXeJQ00aLT0*sF#`oo6gM(-+z7A-bo9)ZC()uZ zZhD(Ao`g|Afp@ny0&kKfJdHxFC_O*2Y`ZeU!M>{sW1b{3+DT8JzLjQ<-7MJ{ZQ0$N z9bVOb`iNA}fs31KLf_%iI@jX*8Xbhx^v9mP#C{jDJ60@4G7?q^FI#)=fw3_KP>VJb zARwg)4^&T=xQbNb@&L`Py$gm1Vld8&ESuphE)_Yz?sZi)0NgX$&;l|v^wNyr2pb#7PL~oN$axMW{rZD@L=OKa;%UICqI$Be*LQAJ-C6^ z&JLC}ebAOdU$*s^w|o*yGaIk#(jnxA)y)ZhGfPW`l}|@0uVk&zuMF3RQwl5@kdO?_ zmpKOm(w5M0-QyLBY;Z6{;Y8-0FAQiO!2Yxm0;Rpctd;4ezIer)1GLVj$)kiV3#4`B zZ(cm_jY0GlQ4tWktqa4isSg`Qi!Mqd{YXjgO&rRv7ch3&A`y%eB5*$-f_?F>c$x-I zv&UJ~*oP~h>0<>wqjB%hlvxgUjo3`JI%N?m7&%%ph>iu9;Wt^d9#fQN7G1pjj*@i@ zpeFuk+{6X=#9CZQzoaTYJ)GZ zfNOl}{{7@b)PjWMisT^%CO~3;icF&aTZ9sd4bm5{_-1p8WSl;I*34tEQFlP}t;A)w z>F+x-**IPQp#pEid3!VBf{w>__45hYO%la`aa1M_b*(0D9+zxG#@ z{m3?=DP0>sNQ8Ahu@NB}s$T508oQX_UV`x|N{MpJ znUvI2RD|nHMkoMrM^y1%nrfu%ldqA#sBYNUkYEphH_nDi@JoF?dd=b1Gk0bODL^b1 zPi=!Iu0A?)(k^YDt+ zDzpoNE}DcU<}=VB?94h97nf6D8pG-AIts{d1W$S3HaFkPx{+Qs?Y)MYZw16Yn4VKQ z()z9xY|+a($)e)Rt)Gk@jiF&NQ<5(OM3#zeBeJ;dI+dINFBQ=a$&IZ`BJoY{Abl#| zo}8Dh3OKc0lYBdq1PQR>df@iTAS-@F_JoN6T^h?WAr!Qy!0Dr{=R!d^lcaHe=NFM6 z97^cjoP*8Lih^+2zhKdB#me0M|AU$I|04lK-%ZvLdV^CuRP(_e-Gy<58Uy zeQG1==l&vefxVjktTn}=?@{U|2*ACfqGA`A7mHUepYk^m;o!(18DzgL{i|p5`*e{K zpU7nZKR9Gwt_w|#2%cXVwbiuoP*zp~e*(L9*IX_MM2G8ICl)ud0anld)SR9f@N2xJ zS00HW$Qv6a_NP$a+C@7Xeq8I<(L2F$Iy8MALDbTei@QS&7l#EdNL{O8{GaCII$>=N1yWu zixygk=hE7Fn%|+kaM|lGUDtq5rgPUZJdl|tse`rOn>ke6&3teA(4Si94FQl{ zo3JFIp$U|vJx-?l=-|okvvn*Ssk6Blx%=V;G5lg)Uy%LzBSUvuV4T5wUg^#qqPRHn zdZEVNbZ7CikCVj3u3bZ??p9RCm|aTI!lnxKgOC1ep%%C{Q`>ysc5g`>q@|4nkLkd_nwOM_D+nih=1!z)eKMxR z8OL(B46fqyzf1>P^}Y6qRDhP~yxfzwBY%7A1a!B)sA#^&h`82lzO!=wRpNRQA&Plf z&^2%5_?I#-n`sj&KC5HsGZBzR82T_@zGMWUYN?wP^vP98G3;zvR}^D}k7nPka#79b z{Y)FUz{0r&)Wv#Zg%fy$xXJh;IrwO2&^dd1zs1#0YyMBXTPKbWdr@%_5fQ_N!cys% zO~!C~qQn$xNZF-BnmD6rN+jB7NqKR^E^f-OU6_Jfm99#-LkJBEi={Wnh zrHX(gQN?ZiyHIHmx*4!XX=TIG-T^inpM~~Y_RgJS`ZZfL2(yt8g3e79wX_ON$o9TW zVdQ21Q()G47v%*SgNJVhMl=}qx>}xq9jV^Wv@2+g+t(kaoMS~nLdacicKkJ_+O~$z;X&L>NyDl3$%&K5ErjY%*MD zKVE$gpLh$UaT21zu%$_ks`FwSuNKb}%@UWA!X0Xho%A3ZVpEA&1xqgX0cOAgBmg#W~SRbqK(&h z69{vEmb%(twIXpW3RG+LtdZ(vwK%a}di_0-x`(L+l_M_pvjIW!@(Lwq`N<4Y)%%@{ z;O^F))HPE>tFbj70VfHqe2L(jaGN@8usYY~+hklgRs@fS_$-&jy&z?~lBcV>$~s_r zw0fP;@{svi)sA*z_pPlR5Qa?np3YFqc*F(FFI*o;eI4>9Jd)X2MSh3Lw?s18hRaMi z5t){@9zA+gmt~OJc6bAn{EvlSG_9;YW*Ilx3|F13VS0F%XLMBzFS&J8r_e5;8JanJ z(vR??Rzw9(b`@^F2`=V7N1{T3!oD1@-xK+jO}kKr0ITc(gnC|^N4sb?s_&JQ%={|+ z`k67$OwldxMx;ZXFZo1OGv9!t5wB+mU9G|3#dOtrWHGC=HO1^%K>tWjo=o~#4L8%j z&1oK^QO~frlRNUu2*|?7e$*9vibhg-7d=W2{bQ=RkQv`L!$h zOJn2FhagAd=l2)rujm2ThF-t$QaQapWS z&ad$C2GTvNtqpbimNcq9U0_73GZo9yvh|wBY{!}_vy{mwOLQ6&Z#W-Rr@wFk zt$EQLi7o&xiE_^H1r2x$U&!g9Jf8fqqIQ#(denDBK#mQopC^MrsgmPiX2uG}EjiI><2EMJO@M5o#5oq) zW>Fvfpx}=EAJjI#zXnwh0Z4fTPAC!sU$@Z@&hPAEaJ6svtmU-N&KFHP3=R)(CFRl| zf65tM#whr~d(@wbX?SQTwr%7}VR$$%jT^VFHc3yv)%#HkZ%_7M)OuEpLOH9O%Pmlq z(k}e%@&O&ON{5tMC;RL8XXKge_c;VVqt(-&m0};gUuOhUK8bT-g@G}^x)`-%$p=$& zyo>(4zJQzYk~i43@_*a(5DG3Gq2iCjT92ieYu;$0>$P}>(B}chGdq@4&-CN6Plc$l zu>`6^m7z`V$B#+K+g`#sf>xT?_wBKhCuOf*J?s0HO#ObBVRniq<%tuLW@!`bk>0%X z%zt}igGUt7`+mkQI?@ciCWH?rCOJ&7Be9Lso`(PV@n`l>y z+XX$Yn`=3Erq|56^A&q;%EmLf(}WSqjJRtxcdN4R6xjGnzP+=n4A908kVC^if`+73 z;-cafmaNpbXD&A`3TAZ3afUWlMc!)_WYyb)Y{srBNf!QO?$?!%ZtF(~Fd)%^1JCgC zJu#x0qa_C<<;jlB^bYg*Yhq%pZeqT!d3b{o4p!V03kL4X9+D4S7yeXXaX}%0UM48l zWuO>Zg0bg2Ii;>O45COVMr)grJL|&fQg;46}Z`~L@O?k!U<(h}F zF(V9pn7GAna{)Vf7(|=l5xy{)O$%OVf%$al-6~%wJaCrPe(@5SZBY=hnj5kv6k+Wj zdg{ZN>f&6Ll3G%G%!t5#V`{Zgg+D4t;g4P1(b*z&0(08hKkCt;ThS`EnOPH^f8Q^i zPWK2gv1Bk^+Rurio4LlbXX!&k)3rjwj4VgydE?Q&dipe9>SeBHSJwboEeuFo3~K_m zo065fHUdv+i-<2QEveQh;`siSZ=LZGNIzgeLX^g!a(CHfZi?qlE;`%4r=ei^jfv(e zMrSDfB`+V=NSFWHrAp=-+u(EB%6d4>=L@@*XYS;Ice8KG7qu z!(K#JU0rQ6P-*QjwGp7Ed!`0>!L7up>K(fXOs#$Kj3i7<(vy8<;k6-ssuf^H!RMi& z*!f^>T^0xy4VXOm&H*#U48ac2e*6Fn1Ul)T8xfC5EK65kYkYQbUC)2_1pWt*~wy+G?o``O%A(rI?fs4FxS#?ryy2Ivf}1f1yt)wR&X5S zqkpd~$O|zXnmwxTXW5`h8jY^W{?r4zJ;S&->_oLAC2gP*pp?_Y4rvN*je42E@ zievio*;$$EY;Hm1d#d8j)*FzLNbm4}d-kMBzVXY6Q5*7olvyEmr#r~^l+g9Zwe{;? zJjOWI^jG$rYV(Ft{B_0Huuiy1;!VL%lC1J9CvEjRLfwNa3QqpG zJahi7#F=su(;%U(-D4t^`ZK)e?^}4B{O6UP%_mJi?emc^7jL}V^^92*sI)S zt;wDSyb%#r`cZEEmAEE~^6Y(eC4=38d+j-LtQ?7`NJ~d%S>~JW8D{4?&kFkQ2lN?e6L%=}rNv})&O z)>Zj>F3|aHj1o^!Y4AHpln;EGE28zQe9u8~>esSDl>qlAj%SLxR{U%sb|L<;J?U1r z=bPF7*-l%JhN|z8W{vH*x69bf|VEJ>x zo<&kltVee0r0h}mC~Z4SK5OJ{=i~1#eB=G}acj+H?LJyh_ud(*k%jw#gX2^=oQRF=g=`$X(Dt^nAJ*=;s&jINb{h zKI{`J0CVs;&+#4ci3*~Pq2=da<2d=Isi_HiH;JIO7*+vf1OuDPMg+ZSZSAVs0R?4c zG6g|SBEPEhG6G+E6nVZ9bDeTxC1V!x^||F(F5J8c-?&A*gC`U$eBv zb1rB*rcS>*8|~@ZX~v`2d|>Ls&wz$!y5Tq9$Wtc2sWbDZ)3@&!8}EE^HEP-XhDYr8 z$Pd(qYcq!jx;V)?RZE2~fG3;WU`TuZyr*J(^dLr$B^otS@7}!|de>EGnP1QyfHrw7 ziKfZK9>oF$F#`1;&+o^?q6xpPtu0ss!0Zpg@1?=83gxEPm*2OD5|fgGqM~H4 zJ`_Q^jN^Q8aL|iR8lG)XK>gDu@m!xs8vZt{MS7^p#v9myoUW8)3KCzykaK{`G&$h-AqJy)}}PCqcUOfqDaV zBs4T_TaY?~dQN)gj8{_9J{=vMaWT(5_d!p^@-Hqf1|yvI>{$%q1HexVs06ShR7+#Q z!jTO!CMKs&`R|2zu`2jkU|^t0lBTmIcH8RmVLB$JXLIjjdxQSN1yH}Cc$U$!U-3uY zA@R(x#+9dU%D6;5FZtwo@%IE7QBbr#OBy_JGd_W4?z{1)#G?EvsDK(UXJ!9Y_&2`? zVJxKfF-XZklXZ1PKxO}$sb7KK+3m6dex4fkgic;@e4J!UtvIvR<|JSqosP&5aC z4ABIl-033%$kiErk*jiqyn6Mt$ASS0Lv@FNzkeIh-339k>Tc~2fd5wwkc~LIrGu&s zM%ZrfHt-JA)gz!I0ITVp!?oHhxx07Iv#6$tg`EMo~ z6B0@^s$NZ+wcme=2LgwPdV)?3nm;j!BY^M#;6{;wpP_hofK-Qpg(X$4QR|dT3ALl6 zV|P!_?99wrMn=LoAh;3{e~uMZAP8((>mjbpgrx0_{JzXg_*R5qJLP&caSA z`dnSn@hd;Ixb2G-Cx->T#CCgwoZcKSbrkgVU5Njx6NNKxKr}-fOoB$N<1Y^c9ar4e z$e=?TfQ9MMqkS4P@RWfMz7(3(*R`}x`@V$~WB<{kMp)|MkbyU7kt zkB1_b$0k>1NeQMS>rT*YyzTLETFE)s(mNN{6@7SluVcIvTG z!PD7?YV#~}3f`EUe(U?7Z;`x#pFVM4W`oc{J>O~vfsbq2J_TU{1Sa3MHeD&XhA2^! ze#FOvw5+1B;o<5?&0wVc+j(Q%HK1@^xH)R7`@jyl{XXUUSqJF)$-eYc+#ED42^;h- zpZcEv^?lLB)bptyKYZB5cl{e*fAz7Ow$@XJ_6~LQ)1Q0v&em>CIJGDxdNj{N*)d3- ze@wo)M|`tbH)EtKRY^fbNI^v;W=%*f%Du38?2}+)JI&Ti@!Hy&-PY`*I@t&}1E+!5h@Sji-a&?FOeAPaS1YDR{F-^m!XGz`bGi_gd^p&CMiLg9obaaymyRWjE@unx?atZDi!YaJPI@Waal}A$(=w;+PIpS<&7; zWD%wey3fSL%+1Z$+A_jS!J*?{Y*kXx(t3OLYjSb1+)oYot$MV#m${cKqkShF9Kg+%SxE-fX zvuWkuhUddOUteFlL4RJxpzD7MCrT4B%l3oSilci=WISwU7nhdC59+QguMKmAkNL6) zr%F*fgPbbCKV58VklyxI;$RLWMr}WTj@!m)zP)U!np#$-8!-4MJElZTP0PA~y=aoe zZIH@?qHW@5Q&Suq{*^k-hrU5_vG z63O0M%}uvySotlaa{LV$Y~1Y@n53JbcTv&SPQT5XI6iLD(*PiBgqD1G>P4?jrxs9o*OJ` zTN(s<$_Z9J9fs%?#WSvxQlH$`9q??fN63}27tgc=zbl&FlEOS!mQ(&ISy{Kx6nS|* z=sj1&^YcMZ&j)S%sh$^(e`T6Oj!7qI)BP&bp zS9MQri%msQkxBo#hK7dS_U3YOL4kBmP7eQ6{-7OnV|5y-zkdDla_X^3NsUZ{gSKYv zy_A`L495Et?HZPuSP_$^W&DyUjfS32@aGZR>&wUa2CTK!%+1qZ11s0-+UU*dOv8Vk zXMaHRMkgI1r`vyZr~dQj)?`l}VV)jwWIV2Dc)j<<4dvDN$S0)~LPA2&&ED(3Y(Me*%0I#$5*Bu%AyLNkSXlhV<`(G(Io*9XxAHJMQDF@1=)wN)~8cq)YRn%@*?D zb-GyoThZvojT?m%9|UrMJL`=)FJx$LIfEb(c}=ppbb12kz@5L3X??AqcT?A%IZtKW*{VL;_-ypUAtyL$Fs@Q*!&pWD@w|nLWrT!3~MSl%NJT@&H zn@=7w4X7fyHWG(j(9qD}-BkU%g67Y~0b_1-!&L7>9PL|mcm28Y979~9Jq)wPF${t- zYt`)2yx^&ll9ILhGA%}Fmp^en!-dhmerfnrx;Gl=J#T`FP{&Dl-J`qTqpznYefq&@ zmqwvo@`wC^?72Sf&$RE~V|^qhW@fF6?YbP&DQRiS z1_lYIYnq0`b>l$hz8NrR+?Im3njl*ii+^d5t&YWee`{k9opqiM52+je&b`{vww9K3JO1>oE%(I*JJZ_W#_Yt3 zAoA#^@iRFV5u95(k*_AkhI7^E?@{YmxJvj+-qW!RpRI8a#xo7NE)Ib22{xzvW}B{? z_pvQZRD-13Al9!N*m@zrS*R zWf}OnFJ;G!!8=HeE26d2C?+2KCg%M%zY6Um1sho=M=1n@S%R)lk<#=n=ioHyv8g}$ z$*P}WajrhY7^40;H(j`2G@&ECILzTeIDkIF_to*{zC)9ZZ>~s`+HPo(h*q$y6O`%vXWva}f%{U|$r-~x&Fb>=pBWQdC z%ekttq_-t8X=?3fUTMPHw|Ar5*Tyg^nsH;@nEd3)2^@t8ctP+Q83v;|C&q42o1u4bR6-W~bYn*B2O|47WU+ zo|e|CqNYulYBDyxy=7?LF|&Sd+r9h%!~K>-|6Ky_;&G<|?(>l~iy<)^`BssKsiNBl zs*I8o6D9xt{hRWhQO(|dQ8g49;ZhUj<{hXNIp%Ynn*P94)WQ1_2Yh>MfMtBV; zb(~7AiZHBHZsKRU5>kB=Q&anIoHgT_HL6esxDw|PhWUPSn(a*a@O|1A7Njj|rE@Bn zI~An?K9@y)e`MicfWQ)E4y?ugpsmr0C%@Pdvn8$|nCbqttPfLp*1kKIrWY2j2_;fG zM=y_p0@((aO@SdtG-lfSw*K-Wi6UmO{Mp)ST>V^~@UdZR>k|FBIOt#EG&`@NsygMk zS~KWX-$q40b3ukar0{Pp%@{_tw%_3Gc^7F>C>?CK)M+#Us|1e8Jj#ZN6M;23Hp3bA zn~U4(c|A+lgy0Pj{0{!lYRi4wvDEG>qCXw@Jj(}D7V`v@=PLqFFS%1UX4+J27;e5N zZ5m%vYkhfNP34_kceIC6qIRl)&d=hvlqMQQN;)=Xd6ci$)|duu#`AJiwY9a8>9k;e zxr!REI_AbkV-Ob(1C_&9+AkcsmXn(+!}S{Cyj%-6kKZ3B=gQq5;!N2i`mwRj63&h` z+G>cuI9p82x)bW^QqILcDJ>Pg%*%Vf`Q7XCfU(|Qot(Tp)A82(8 z!xO=b+*}@YmK#z064S-=0Wh7btE+o58Te;xOi@!a629%j&d~$2EACPUdU|@WM4LHl zPRE1kml~&6L>MbwHE4}5J{)1eJump?$&B`j>@T)j%L!(>O?JudZplk(px$AQ}?H$?WSfTCCkw!wNS zuII?O{lxhAEd_-@&?6Htg;Mv!1S8Us^mG-hP9H)33ZKy==AV>2+oFFdTjEVyR~a~U z3j&^}lnLqfOSIXz9NoGT`(^sKbsE{PoATe8_xl%SmGCohY94*#w4N`tEUQ~6&+%*d z|Eumiqng^XI38pal?NG~cu0@7QM63Pob3P|WmQvrnlQi4(v9ws3a z14xx90a1Yff^>)!=@5h<9i_~5=DoFiI?h@%Yv#k;Pxr%F`~1(|=brn!=k9Y(+Ld<& z)681Qx&hJde&3;na`#BTn(SN0BXrVcLO#P)uLw!8YpW(Id@x@780_sVzy)@B4}KrG zH8Vw7WU;<_dqc6Sh3S+|(>eBBm#()GlHVHY8_vB!ZCa*Y2yR?pO0tV1EqA-LRgHFH zmE=ovhoW8<@Wm|eljONl+gT3zC1?33VaIdp*7@PYd136*cEsD~p549c_uN<5LTlO| zQe!5lfgL#&v;4AIsNeXazKyN;OF{9XZx&3;!8JV5i4OkO9&C(=T z&3+8g_~DCy$m^eP_zCZ?Rh^5qb1~q)RuY3C*3(3FG&ghmb#8N2%hP$WTPj<-3C*oC; zJK-Y4JFOa>S}rqLAha>*ygfQD(CdnzXC2{&V*RwB zCeBw)DM5uYF~=WO6!( z8N3{90IJ_aX+Xm>O0fNV7sa`a%$M0#(y)`QbL}+RfEhXzZ7=OgmR60jw+WGNIYz_a z5eQd~+ZS?1Hxa;=t4zjb&l#CBI8p{pO?)^%^p@7O#lhS)Y{?u3XJlSxS&nSwMLxOg zxD{i&TWJ=4$=@ETc83jgDs*x};8GES5msq+P1Ft_w~{CIX;89D(3OLXd2{Gy@2tbn z*}9r*OB@F{grmzi$dhd59;_j`7;TfLf&8IT`(fvj#l;)O*J=m1J;NIF+fY`vACTc& zhS5Tlv=Co>AlcKDpi!u2b+sX#74Y3XksTfQ>-iK$IMqzpWHGJMyz?F=uHCprX2V4c zvT^H<`PdDM1Il>8ET(?@^j;I!P~)K$>$1ccSgN>DRg2@Id?^Q=)wO!nYhw?IahYm_ zzxLwc(b@x=qE!J3@q5I|FE}!gH&Siu3OQ7})LaT7K?J?0>PB>M$=1tbI5uc7=sm;@ zoqX?Ugwjf@*)XTnwhCNQ*?Qw+oFiV6EL>}aO zYA(B1r-04hO|od0-x5<$Sk+P~??v$ia1ZhM02?BmQ3Q#OuuYb!nxCk9RLHH_8=LL0 z3Ec?|%&V+fsE0d?a)X?-KX&e`k7Zz}vOhQE494JLx6=Z<-SxAVgEcs!Mz+fK9q+ax4WyAz7OOy z-hex0`Wx@H zq}O6{WzQIShPU+x1y&Wl3V>=}>$8pSlVX5JX3D8&Em5+T(eo12oS8b!RE!V0FwAGb z^|;MeWBw3oiuqC4_E1K)y}lx~XpCxyyb%GD>o<#@S)Se}CgSvT_GXY@^amQ0hLeY` zr`42^+N^@NIcxnbYujaw^Z%NfiVAx@ zP?^Eb;uU44IlKqc`PO7Jw^F`KD`)#N+2!RJqO#6Y?Y3!zh4rKORtrCeAp#{|f#JEq ztEkIe9bm9fODQbVN%CLi6kJ=4g^3#I5-ly2y^$%`4V?w;*8}l!n)>pYBG=b~dWoTX z1CjtFz+4ZAbw4okZ0ldJkXltfB$LTIIB%lHpKk!`TOQdr#uDQyP77G;kbz6Btz^ae z^)a&E*{)6$SWyB)iMs|tIg4Hkrk%h^S3q>_luVQ7B@o1Lq}5bSoXT`$l=|CqbB4wV zHKr}mWf|F3LU>9P=FWp2KWMb&q{{k)!3BZCZDd{jZ2Ra$!US*n z3sy2V+V!mu*_+;(*QQ^-+A7(r=HA-=0&1$3)!jcYRr#CwB6?B;ff~U=P^IgHt>%*JxR#m`4cS*@7XNh8}#^(e{Xws`4o(bXz?A zySYx!3G6&Bfb5|H6N(GZ^qsHp&p)3gTWB~}guFy(SxFet5<>cwWU^W=@R~7W9m2??A9BNAgC@!EIjZDjgPiU;39mFXNsE=!$~# zq|2iiKUKJe6#?mG5Hq5}UnryCpPH(uTRGC)&G~>!x}a}`%aeXnB0(M&>K#O)I+#7S z3#y#!T2A9ln5_cV*L0Yab#ooba?9vWcO^we@_vi8jA7zu;V2f-Q(tBn!NYf8nz>d% zhYJ<>J#IMaj*^RdR+kC8^X-9{;6yN@cVMJwz9lt9u5cA>6_V)kShhrOuA8Xux^d;B zEfk-bS6ZgDwKwoq3d!w9cYX!Nv#C>vBj{a=fP(fj28_NuW6Xz{!hOXvUMWm3^H&y? z%z^IGrIy(TY8p~ z3n%8If^OZ_xh`OGgYcFinyH5IZ47j5a~bU>jl5Gm z%Yg#Y>IlvjLWvTui^Xb+MKtnuZ#(8G(9_yI=Iq{8J|-Fjux4c)ZS)AUPD+1XWz5sjBs+V6H-1{a@bWUxJ>R}v(MSu=)RZ!)s8 z4+%jP7xctZM45|k`SYw988Lx2_y!sQl76vGba-Dp)bhFY)9ffDCF}zh9y&IeAvOPg zMLh9L9yOdp^setKkBH+n_xcyY60YP`p)WNI#W z3KfoQKs6K6>Kf`7ul{zyyg_a&Qc$7Llbdk9!mH&#oSHd?xez4Sb4hokqVGOUa!LTh z#q)gktfhsLWt-dUhWIAGzjQ(h5!f?6ZQ{c z`W}dWZ0#E$`l`CG(Cc?%`X0Uhmu&VgrF?<6AE24@kv}2ce`w~1P5$1we+c=ira$xQ zzvKOX0=_?#@?-D+SET%b&i}6+f#vU*|9z)jxy6_Qfml@abuL=|ccS^dhko2Y|I=vR z=B5G1ZMc%BVsjw7K*}U^3(`=EKH2(fJq}jlKn6}`iQgafvI^L*9Z1f **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-policy.png) + > ![Create Policy](images/ios-jb-policy.png) 1. Specify a name of the policy, example "Compliance Policy for Jailbreak". 1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-settings.png) + > ![Policy Settings](images/ios-jb-settings.png) 1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-actions.png) + > ![Policy Actions](images/ios-jb-actions.png) 1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**. 1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. @@ -62,9 +62,25 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i > [!NOTE] > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains. -## Web Protection +## Web Protection and VPN -By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. +By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a local VPN in order to provide this protection. + +While enabled by default, there might be some cases that requires you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below. + +1. On your iOS device, open the **Settings** app and then click on **VPN**. +1. Click on the "i" button for Microsoft Defender ATP. +1. Toggle-off **Connect On Demand** to disable VPN. + + > [!div class="mx-imgBorder"] + > ![VPN config connect on demand](images/ios-vpn-config.png) + +> [!NOTE] +> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open Microsoft Defender for Endpoint app on the device and click on **Start VPN**. + +### Co-existence of multiple VPN profiles + +Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time. ## Report unsafe site From 8d9ca432a1947dbcf8c681c21a917a7a638d19cc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 11:56:24 -0800 Subject: [PATCH 129/210] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 3264d39c1e..c9bb2217ed 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 12/07/2020 +ms.date: 12/08/2020 --- # Microsoft Defender Antivirus compatibility @@ -72,7 +72,7 @@ The following table summarizes the functionality and features that are available |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | |--|--|--|--|--|--| |Active mode

|Yes |No |Yes |Yes |Yes | -|Passive mode |No |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes | +|Passive mode |Yes |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes | |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md) |No |No |Yes |Yes |Yes | |Automatic disabled mode |No |Yes |No |No |No | From ffadba68830ff65f73836057d5b6a22a2506bf89 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 11:59:31 -0800 Subject: [PATCH 130/210] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index c9bb2217ed..355486f404 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -104,3 +104,4 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) - [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client) +- [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) From 2d26392f0ac86aec91def4ccf5d274972721b5fc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:24:06 -0800 Subject: [PATCH 131/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index f5e542e2f6..ecaa7bcca5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -14,7 +14,7 @@ ms.author: deniseb ms.reviewer: sugamar, jcedola manager: dansimp ms.custom: asr -ms.date: 11/30/2020 +ms.date: 12/08/2020 --- # Reduce attack surfaces with attack surface reduction rules @@ -26,17 +26,17 @@ ms.date: 11/30/2020 * [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -## Overview +## Why attack surface reduction is important -Your attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to perform attacks. +Your organization's attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to perform attacks. Configuring attack surface reduction rules in Microsoft Defender for Endpoint can help! -Attack surface reduction rules target certain software behaviors that are often abused by attackers. Such behaviors include: +Attack surface reduction rules target certain software behaviors, such as: - Launching executable files and scripts that attempt to download or run files; - Running obfuscated or otherwise suspicious scripts; and - Performing behaviors that apps don't usually initiate during normal day-to-day work. -Such software behaviors are sometimes seen in legitimate applications; however, these behaviors are often considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe. +Such software behaviors are sometimes seen in legitimate applications; however, these behaviors are often considered risky because they are commonly abused by attackers through malware. Attack surface reduction rules can constrain risky behaviors and help keep your organization safe. For more information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md). From d3ae0137c435263d5e85e9d4a028c7acfd085748 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:33:41 -0800 Subject: [PATCH 132/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index ecaa7bcca5..46951dd11c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -109,14 +109,14 @@ The following sections describe each of the 15 attack surface reduction rules. T | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|----|---|---| -|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From bf1dd1f078d9209b452fc11ae5b7f13b851e2d8c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:35:43 -0800 Subject: [PATCH 133/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 46951dd11c..e0b1a68177 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -105,11 +105,12 @@ The "engine version" listed for attack surface reduction events in the event log ## Attack surface reduction rules -The following sections describe each of the 15 attack surface reduction rules. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: +The following sections describe each of the 15 attack surface reduction rules (in alphabetical order of rule name). This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|----|---|---| |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -118,7 +119,6 @@ The following sections describe each of the 15 attack surface reduction rules. T |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From e66d6381b38f28f20b88652ffe5d178230ca6520 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:37:02 -0800 Subject: [PATCH 134/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index e0b1a68177..8acd90b68f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -117,13 +117,14 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | + ### Block executable content from email client and webmail From 03600bc363aa8c36917be87c4dd185eb3af0a20f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:38:05 -0800 Subject: [PATCH 135/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 8acd90b68f..0a1b17df14 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -117,12 +117,13 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | + |[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From 146f9a79bf75a88dad2af071012c3112c0b7d370 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:39:16 -0800 Subject: [PATCH 136/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 0a1b17df14..946f52908f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -108,7 +108,8 @@ The "engine version" listed for attack surface reduction events in the event log The following sections describe each of the 15 attack surface reduction rules (in alphabetical order of rule name). This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: | Rule name | GUID | File & folder exclusions | Minimum OS supported | -|-----|----|---|---| +|-----|-----|-----|-----| +|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -117,14 +118,12 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | - |[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | + ### Block executable content from email client and webmail From c1cdaa7c498d5384b3ff48e91c77b68467549992 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:40:26 -0800 Subject: [PATCH 137/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 946f52908f..eb9e2bead0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -119,9 +119,9 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | +|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From fa2360cd600701b4866e3f6e7aa39e507118d779 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:40:59 -0800 Subject: [PATCH 138/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index eb9e2bead0..a50eca6244 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -120,9 +120,10 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | + From b7061104398b40c1c4c0601fb67cdf568ea87e0e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:48:28 -0800 Subject: [PATCH 139/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a50eca6244..ae43672ba2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -105,11 +105,12 @@ The "engine version" listed for attack surface reduction events in the event log ## Attack surface reduction rules -The following sections describe each of the 15 attack surface reduction rules (in alphabetical order of rule name). This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: +The following sections describe each of the 16 attack surface reduction rules (in alphabetical order of rule name). This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|Block abuse of in-the-wild exploited vulnerable signed drivers (NEW!) | | | | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -118,6 +119,7 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) |`26190899-1602-49e8-8b27-eb1d0a1ce869` |Supported |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | |[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -125,8 +127,6 @@ The following sections describe each of the 15 attack surface reduction rules (i |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | - - ### Block executable content from email client and webmail This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers: From d73ceb1d037b841ac58a4c029e427d6ae07c40d9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 14:59:41 -0800 Subject: [PATCH 140/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index ae43672ba2..79f641e58b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -110,7 +110,7 @@ The following sections describe each of the 16 attack surface reduction rules (i | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|Block abuse of in-the-wild exploited vulnerable signed drivers (NEW!) | | | | +|Block abuse of in-the-wild exploited vulnerable signed drivers (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | | | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -126,6 +126,10 @@ The following sections describe each of the 16 attack surface reduction rules (i |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +### Block abuse of in-the-wild exploited vulnerable signed drivers + +This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. + ### Block executable content from email client and webmail From bdd276ef6bf647dd8cc781a979284a29b144734a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 15:29:55 -0800 Subject: [PATCH 141/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 79f641e58b..96c3a4434d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -26,7 +26,7 @@ ms.date: 12/08/2020 * [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -## Why attack surface reduction is important +## Why attack surface reduction rules are important Your organization's attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to perform attacks. Configuring attack surface reduction rules in Microsoft Defender for Endpoint can help! @@ -126,6 +126,25 @@ The following sections describe each of the 16 attack surface reduction rules (i |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | + +### Block Adobe Reader from creating child processes + +This rule prevents attacks by blocking Adobe Reader from creating additional processes. + +Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading. + +This rule was introduced in: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) + +Intune name: Process creation from Adobe Reader (beta) + +Configuration Manager name: Not yet available + +GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` + + ### Block abuse of in-the-wild exploited vulnerable signed drivers This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. @@ -381,23 +400,6 @@ Configuration Manager name: Not yet available GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` -### Block Adobe Reader from creating child processes - -This rule prevents attacks by blocking Adobe Reader from creating additional processes. - -Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading. - -This rule was introduced in: -- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - -Intune name: Process creation from Adobe Reader (beta) - -Configuration Manager name: Not yet available - -GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` - ### Block persistence through WMI event subscription This rule prevents malware from abusing WMI to attain persistence on a device. From e3a8eb5cc0bfe9e7fd82cc237cb1bb411653bfec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 15:33:16 -0800 Subject: [PATCH 142/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 74 ++++++++++--------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 96c3a4434d..a1f9ff2328 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -144,11 +144,48 @@ Configuration Manager name: Not yet available GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` - ### Block abuse of in-the-wild exploited vulnerable signed drivers This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. +### Block all Office applications from creating child processes + +This rule blocks Office apps from creating child processes. This includes Word, Excel, PowerPoint, OneNote, and Access. + +Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run additional payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings. + +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: Office apps launching child processes + +Configuration Manager name: Block Office application from creating child processes + +GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` + +### Block credential stealing from the Windows local security authority subsystem + +This rule helps prevent credential stealing, by locking down Local Security Authority Subsystem Service (LSASS). + +LSASS authenticates users who log in to a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. + +> [!NOTE] +> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. + +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: Flag credential stealing from the Windows local security authority subsystem + +Configuration Manager name: Block credential stealing from the Windows local security authority subsystem + +GUID: `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` ### Block executable content from email client and webmail @@ -169,23 +206,8 @@ Microsoft Endpoint Configuration Manager name: Block executable content from ema GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` -### Block all Office applications from creating child processes -This rule blocks Office apps from creating child processes. This includes Word, Excel, PowerPoint, OneNote, and Access. -Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run additional payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings. - -This rule was introduced in: -- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: Office apps launching child processes - -Configuration Manager name: Block Office application from creating child processes - -GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` ### Block Office applications from creating executable content @@ -325,26 +347,6 @@ Configuration Manager name: Use advanced protection against ransomware GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` -### Block credential stealing from the Windows local security authority subsystem - -This rule helps prevent credential stealing, by locking down Local Security Authority Subsystem Service (LSASS). - -LSASS authenticates users who log in to a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. - -> [!NOTE] -> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. - -This rule was introduced in: -- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: Flag credential stealing from the Windows local security authority subsystem - -Configuration Manager name: Block credential stealing from the Windows local security authority subsystem - -GUID: `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` ### Block process creations originating from PSExec and WMI commands From bc44d9d509c5a8f2e84552e9573a7ed6d224c5af Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 15:34:16 -0800 Subject: [PATCH 143/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a1f9ff2328..260513eca3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -206,6 +206,31 @@ Microsoft Endpoint Configuration Manager name: Block executable content from ema GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` +### Block executable files from running unless they meet a prevalence, age, or trusted list criterion + +This rule blocks the following file types from launching unless they meet prevalence or age criteria, or they're in a trusted list or an exclusion list: + +- Executable files (such as .exe, .dll, or .scr) + +Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. + +> [!IMPORTANT] +> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule.

The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. +> +>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. + +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. + +Configuration Manager name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria + +GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` + @@ -303,31 +328,6 @@ Configuration Manager name: Block Win32 API calls from Office macros GUID: `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` -### Block executable files from running unless they meet a prevalence, age, or trusted list criterion - -This rule blocks the following file types from launching unless they meet prevalence or age criteria, or they're in a trusted list or an exclusion list: - -- Executable files (such as .exe, .dll, or .scr) - -Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. - -> [!IMPORTANT] -> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule.

The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. -> ->You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. - -This rule was introduced in: -- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. - -Configuration Manager name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria - -GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` - ### Use advanced protection against ransomware This rule provides an extra layer of protection against ransomware. It scans executable files entering the system to determine whether they're trustworthy. If the files closely resemble ransomware, this rule blocks them from running, unless they're in a trusted list or an exclusion list. From 485dddd1c66c9cd61a59118e75676a7ed86ec05a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 18:56:42 -0800 Subject: [PATCH 144/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 260513eca3..93847cb984 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -231,6 +231,25 @@ Configuration Manager name: Block executable files from running unless they meet GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` +### Block execution of potentially obfuscated scripts + +This rule detects suspicious properties within an obfuscated script. + +Script obfuscation is a common technique that both malware authors and legitimate applications use to hide intellectual property or decrease script loading times. Malware authors also use obfuscation to make malicious code harder to read, which prevents close scrutiny by humans and security software. + +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: Obfuscated js/vbs/ps/macro code + +Configuration Manager name: Block execution of potentially obfuscated scripts. + +GUID: `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` + + @@ -292,23 +311,6 @@ Configuration Manager name: Block JavaScript or VBScript from launching download GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` -### Block execution of potentially obfuscated scripts - -This rule detects suspicious properties within an obfuscated script. - -Script obfuscation is a common technique that both malware authors and legitimate applications use to hide intellectual property or decrease script loading times. Malware authors also use obfuscation to make malicious code harder to read, which prevents close scrutiny by humans and security software. - -This rule was introduced in: -- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: Obfuscated js/vbs/ps/macro code - -Configuration Manager name: Block execution of potentially obfuscated scripts. - -GUID: `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` ### Block Win32 API calls from Office macros From 2b89caa6029ad823779b0565950d37d6bf06f995 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 18:57:37 -0800 Subject: [PATCH 145/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 93847cb984..cbe1e8f611 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -249,6 +249,26 @@ Configuration Manager name: Block execution of potentially obfuscated scripts. GUID: `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` +### Block JavaScript or VBScript from launching downloaded executable content + +This rule prevents scripts from launching potentially malicious downloaded content. Malware written in JavaScript or VBScript often acts as a downloader to fetch and launch other malware from the Internet. + +Although not common, line-of-business applications sometimes use scripts to download and launch installers. + +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: js/vbs executing payload downloaded from Internet (no exceptions) + +Configuration Manager name: Block JavaScript or VBScript from launching downloaded executable content + +GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` + + + @@ -293,24 +313,6 @@ Configuration Manager name: Block Office applications from injecting code into o GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` -### Block JavaScript or VBScript from launching downloaded executable content - -This rule prevents scripts from launching potentially malicious downloaded content. Malware written in JavaScript or VBScript often acts as a downloader to fetch and launch other malware from the Internet. - -Although not common, line-of-business applications sometimes use scripts to download and launch installers. - -This rule was introduced in: -- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: js/vbs executing payload downloaded from Internet (no exceptions) - -Configuration Manager name: Block JavaScript or VBScript from launching downloaded executable content - -GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` - ### Block Win32 API calls from Office macros From 54caf7a6057c09e89b23686073aea776d1423f4f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 18:58:13 -0800 Subject: [PATCH 146/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index cbe1e8f611..1c6113b283 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -267,12 +267,6 @@ Configuration Manager name: Block JavaScript or VBScript from launching download GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` - - - - - - ### Block Office applications from creating executable content This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. @@ -314,6 +308,9 @@ Configuration Manager name: Block Office applications from injecting code into o GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` + + + ### Block Win32 API calls from Office macros This rule prevents VBA macros from calling Win32 APIs. From 7664f71e2fc5125b730cd5469ddc0b7c812b7344 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 18:59:04 -0800 Subject: [PATCH 147/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 1c6113b283..7142e05183 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -307,6 +307,27 @@ Configuration Manager name: Block Office applications from injecting code into o GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` +### Block Office communication application from creating child processes + +This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. + +This protects against social engineering attacks and prevents exploit code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised. + +> [!NOTE] +> This rule applies to Outlook and Outlook.com only. + +This rule was introduced in: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) + +Intune name: Process creation from Office communication products (beta) + +Configuration Manager name: Not yet available + +GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` + + @@ -383,25 +404,6 @@ Configuration Manager name: Block untrusted and unsigned processes that run from GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` -### Block Office communication application from creating child processes - -This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. - -This protects against social engineering attacks and prevents exploit code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised. - -> [!NOTE] -> This rule applies to Outlook and Outlook.com only. - -This rule was introduced in: -- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - -Intune name: Process creation from Office communication products (beta) - -Configuration Manager name: Not yet available - -GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` ### Block persistence through WMI event subscription From 1f2925545a996dee46c4527106688ce68da3f703 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 18:59:48 -0800 Subject: [PATCH 148/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 7142e05183..0ea54f5923 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -327,6 +327,24 @@ Configuration Manager name: Not yet available GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` +### Block persistence through WMI event subscription + +This rule prevents malware from abusing WMI to attain persistence on a device. + +> [!IMPORTANT] +> File and folder exclusions don't apply to this attack surface reduction rule. + +Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. + +This rule was introduced in: +- [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) +- [Windows Server 1903](https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903-1909) + +Intune name: Not yet available + +Configuration Manager name: Not yet available + +GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` @@ -405,24 +423,6 @@ Configuration Manager name: Block untrusted and unsigned processes that run from GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` -### Block persistence through WMI event subscription - -This rule prevents malware from abusing WMI to attain persistence on a device. - -> [!IMPORTANT] -> File and folder exclusions don't apply to this attack surface reduction rule. - -Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. - -This rule was introduced in: -- [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) -- [Windows Server 1903](https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903-1909) - -Intune name: Not yet available - -Configuration Manager name: Not yet available - -GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` ## Related topics From d089263968e2480e06633e890c1dd73185924b7d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:00:29 -0800 Subject: [PATCH 149/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 0ea54f5923..8d6ba4c1f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -346,6 +346,23 @@ Configuration Manager name: Not yet available GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` +### Block process creations originating from PSExec and WMI commands + +This rule blocks processes created through [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec) and [WMI](https://docs.microsoft.com/windows/win32/wmisdk/about-wmi) from running. Both PsExec and WMI can remotely execute code, so there is a risk of malware abusing this functionality for command and control purposes, or to spread an infection throughout an organization's network. + +> [!WARNING] +> Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr) because this rule blocks WMI commands the Configuration Manager client uses to function correctly. + +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) + +Intune name: Process creation from PSExec and WMI commands + +Configuration Manager name: Not applicable + +GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c` @@ -388,23 +405,6 @@ Configuration Manager name: Use advanced protection against ransomware GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` -### Block process creations originating from PSExec and WMI commands - -This rule blocks processes created through [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec) and [WMI](https://docs.microsoft.com/windows/win32/wmisdk/about-wmi) from running. Both PsExec and WMI can remotely execute code, so there is a risk of malware abusing this functionality for command and control purposes, or to spread an infection throughout an organization's network. - -> [!WARNING] -> Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr) because this rule blocks WMI commands the Configuration Manager client uses to function correctly. - -This rule was introduced in: -- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - -Intune name: Process creation from PSExec and WMI commands - -Configuration Manager name: Not applicable - -GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c` ### Block untrusted and unsigned processes that run from USB From 100a71a76311e5582389479daf7c1e542a149ac1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:01:10 -0800 Subject: [PATCH 150/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 8d6ba4c1f2..7ec2e7d5af 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -364,6 +364,22 @@ Configuration Manager name: Not applicable GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c` +### Block untrusted and unsigned processes that run from USB + +With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr) + +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) + +Intune name: Untrusted and unsigned processes that run from USB + +Configuration Manager name: Block untrusted and unsigned processes that run from USB + +GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` + @@ -406,22 +422,6 @@ GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` -### Block untrusted and unsigned processes that run from USB - -With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr) - -This rule was introduced in: -- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) - -Intune name: Untrusted and unsigned processes that run from USB - -Configuration Manager name: Block untrusted and unsigned processes that run from USB - -GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` - ## Related topics From aee396ee5b7dcc4c63afc32bae55e88f3b66f726 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:01:53 -0800 Subject: [PATCH 151/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 7ec2e7d5af..022ded468b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -380,9 +380,6 @@ Configuration Manager name: Block untrusted and unsigned processes that run from GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` - - - ### Block Win32 API calls from Office macros This rule prevents VBA macros from calling Win32 APIs. @@ -420,11 +417,7 @@ Configuration Manager name: Use advanced protection against ransomware GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` - - - - -## Related topics +## See also - [Attack surface reduction FAQ](attack-surface-reduction-faq.md) From 32870ff648a54e7013e66ebe0c345c619f27fce1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:03:11 -0800 Subject: [PATCH 152/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 022ded468b..a4b6de8412 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -110,7 +110,7 @@ The following sections describe each of the 16 attack surface reduction rules (i | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|Block abuse of in-the-wild exploited vulnerable signed drivers (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | | | +|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | | | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From b5963c80a5e67dc11f907fbb98b6b92fb515dae7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:05:07 -0800 Subject: [PATCH 153/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a4b6de8412..c5af8a7084 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -126,7 +126,6 @@ The following sections describe each of the 16 attack surface reduction rules (i |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | - ### Block Adobe Reader from creating child processes This rule prevents attacks by blocking Adobe Reader from creating additional processes. From 808a5d8aa56125f51f92e4caf42c4c96cbf64961 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:32:52 -0800 Subject: [PATCH 154/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index c5af8a7084..5c8ba4c01b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -52,6 +52,15 @@ In the recommendation details pane, check the user impact to determine what perc Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. +## Warn mode for users + +(NEW!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. WHen a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. + +Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. + +> [!IMPORTANT] +> Warn mode is supported on devices running Windows 10, version 1809 or later and [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later. + ## Notifications when a rule is triggered Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center and the Microsoft 365 security center. @@ -214,7 +223,7 @@ This rule blocks the following file types from launching unless they meet preval Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. > [!IMPORTANT] -> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule.

The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. +> You must [enable cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) to use this rule.

The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID `01443614-cd74-433a-b99e-2ecdc07bfc25` is owned by Microsoft and is not specified by admins. This rule uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. From 00a45c74efca525a2ece151d6abc9e10c9abd6a2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:34:09 -0800 Subject: [PATCH 155/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 5c8ba4c01b..21528e4f76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -59,7 +59,7 @@ Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. > [!IMPORTANT] -> Warn mode is supported on devices running Windows 10, version 1809 or later and [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later. +> Warn mode is supported on devices running [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later and [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later. ## Notifications when a rule is triggered From 4b09543e092a79668803673823cc84928df9d32f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:37:01 -0800 Subject: [PATCH 156/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 21528e4f76..c626505f1c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -59,7 +59,11 @@ Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. > [!IMPORTANT] -> Warn mode is supported on devices running [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later and [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later. +> Warn mode is supported on devices running the following versions of Windows: +> - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later +> - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later +> +> Attack surface reduction rules that are configured in warn mode will run in block mode on devices that are running older versions of Windows. ## Notifications when a rule is triggered From 91b2f9dcd4daa90b372909a08a6b819c914903a8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:37:33 -0800 Subject: [PATCH 157/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index c626505f1c..2864b35d75 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -54,7 +54,7 @@ Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc ## Warn mode for users -(NEW!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. WHen a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. +(**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. WHen a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. From d5f7ee335630bb348d0c04ba54e08d4a3073b658 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 8 Dec 2020 19:47:49 -0800 Subject: [PATCH 158/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 2864b35d75..1d817cfb03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -123,7 +123,7 @@ The following sections describe each of the 16 attack surface reduction rules (i | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | | | +|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |- Windows 10 Pro, version [1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows 10 Enterprise, version [1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows Server, version [1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) (Semi-Annual Channel) or later
- Windows Server 2019 | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -160,6 +160,24 @@ GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. +This rule does not block a driver already existing on the system from being loaded. + +> [!TIP] +> You can submit a driver for analysis at the [Microsoft Security Intelligence site](https://www.microsoft.com/wdsi/driversubmission). + +This rule is supported on all versions of Windows where attack surface reduction rules are currently supported: +- Windows 10 Pro, version 1709 or later +- Windows 10 Enterprise, version 1709 or later +- Windows Server, version 1803 (Semi-Annual Channel) or later +- Windows Server 2019 + +Intune Name: Block abuse of exploited vulnerable signed drivers + +Configuration Manager name: Not Applicable + +Rule guid: `56a863a9-875e-4185-98a7-b882c64b5ce5` + + ### Block all Office applications from creating child processes This rule blocks Office apps from creating child processes. This includes Word, Excel, PowerPoint, OneNote, and Access. From 92779ec0840a7b397e3f1abc7e37964ccaf05f17 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 06:41:34 -0800 Subject: [PATCH 159/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 1d817cfb03..3b653eb7af 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -123,7 +123,7 @@ The following sections describe each of the 16 attack surface reduction rules (i | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |- Windows 10 Pro, version [1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows 10 Enterprise, version [1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
- Windows Server, version [1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) (Semi-Annual Channel) or later
- Windows Server 2019 | +|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From b6d3059c29c6d2aad1df0a842034642b1c10e6da Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 07:50:07 -0800 Subject: [PATCH 160/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 3b653eb7af..1143c590b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -17,7 +17,7 @@ ms.custom: asr ms.date: 12/08/2020 --- -# Reduce attack surfaces with attack surface reduction rules +# Protect your devices and network from malware with attack surface reduction rules [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] From 03679ef55061c9adef8c35fd7bfe1515eaaf805e Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 9 Dec 2020 08:24:30 -0800 Subject: [PATCH 161/210] Update windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/ios-configure-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index cbca86da05..bbb45a75c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -66,7 +66,7 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a local VPN in order to provide this protection. -While enabled by default, there might be some cases that requires you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below. +While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: 1. On your iOS device, open the **Settings** app and then click on **VPN**. 1. Click on the "i" button for Microsoft Defender ATP. From a9192908d3390ac7a6e62a8a5ef6a424b846c497 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 9 Dec 2020 08:24:39 -0800 Subject: [PATCH 162/210] Update windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/ios-configure-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index bbb45a75c7..7200eb8d20 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -76,7 +76,7 @@ While enabled by default, there might be some cases that require you to disable > ![VPN config connect on demand](images/ios-vpn-config.png) > [!NOTE] -> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open Microsoft Defender for Endpoint app on the device and click on **Start VPN**. +> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**. ### Co-existence of multiple VPN profiles From dc9c61f71ffe4b3a7ab935226a4a20c4c6904b1e Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 9 Dec 2020 08:25:11 -0800 Subject: [PATCH 163/210] Update windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/ios-configure-features.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 7200eb8d20..a5e183572d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -68,9 +68,9 @@ By default, Defender for Endpoint for iOS includes and enables the web protectio While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: -1. On your iOS device, open the **Settings** app and then click on **VPN**. -1. Click on the "i" button for Microsoft Defender ATP. -1. Toggle-off **Connect On Demand** to disable VPN. +1. On your iOS device, open the **Settings** app and click or tap **VPN**. +1. Click or tap the "i" button for Microsoft Defender ATP. +1. Toggle off **Connect On Demand** to disable VPN. > [!div class="mx-imgBorder"] > ![VPN config connect on demand](images/ios-vpn-config.png) From d71aad7c7d42f1800fac43fe95fcfd290c1d342d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 08:25:13 -0800 Subject: [PATCH 164/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 1143c590b6..45872223b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -17,7 +17,7 @@ ms.custom: asr ms.date: 12/08/2020 --- -# Protect your devices and network from malware with attack surface reduction rules +# Use attack surface reduction rules to prevent malware infection [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] From 262b0e754031dbf1c98974f59a292dbfbb529354 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 09:26:05 -0800 Subject: [PATCH 165/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 45872223b0..9d66ce2298 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -14,7 +14,7 @@ ms.author: deniseb ms.reviewer: sugamar, jcedola manager: dansimp ms.custom: asr -ms.date: 12/08/2020 +ms.date: 12/09/2020 --- # Use attack surface reduction rules to prevent malware infection From b6eefa3718a41eb4dcebc2289ab70d5bcdd413bb Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 9 Dec 2020 18:43:49 +0100 Subject: [PATCH 166/210] Update customize-exploit-protection.md - MarkDown table restoration (the table is broken on GitHub due to non-standard table divider indicators) - Whitespace formatting corrections (end-of-line blank space removal, redundant leading whitespace removal) Ref. #8765 (md_cleanup / follow-up) --- .../customize-exploit-protection.md | 168 +++++++++--------- 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md index b75194d814..964158b256 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md @@ -10,7 +10,7 @@ ms.localizationpriority: medium audience: ITPro author: levinec ms.author: ellevin -ms.reviewer: +ms.reviewer: manager: dansimp --- @@ -46,44 +46,44 @@ The **Use default** configuration for each of the mitigation settings indicates For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this article. -Mitigation | Description | Can be applied to | Audit mode available --|-|-|- -Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations. It includes system structure heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] -Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Code integrity guard | Restricts loading of images signed by Microsoft, WHQL, or higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Don't allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] -Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] -Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] +| Mitigation | Description | Can be applied to | Audit mode available | +| ---------- | ----------- | ----------------- | -------------------- | +| Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations. It includes system structure heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level | [!include[Check mark no](../images/svg/check-no.svg)] | +| Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] | +| Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Code integrity guard | Restricts loading of images signed by Microsoft, WHQL, or higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] | +| Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Don't allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | +| Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] | +| Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark no](../images/svg/check-no.svg)] | +| Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG | App-level only | [!include[Check mark yes](../images/svg/check-yes.svg)] | > [!IMPORTANT] > If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work: > > -> Enabled in **Program settings** | Enabled in **System settings** | Behavior -> -|-|- -> [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings** -> [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings** -> [!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings** -> [!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option +> | Enabled in **Program settings** | Enabled in **System settings** | Behavior | +> | ------------------------------- | ------------------------------ | -------- | +> | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark no](../images/svg/check-no.svg)] | As defined in **Program settings** | +> | [!include[Check mark yes](../images/svg/check-yes.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **Program settings** | +> | [!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | As defined in **System settings** | +> | [!include[Check mark no](../images/svg/check-no.svg)] | [!include[Check mark yes](../images/svg/check-yes.svg)] | Default as defined in **Use default** option | > > > -> * **Example 1** +> * **Example 1** > > Mikael configures **Data Execution Prevention (DEP)** in the **System settings** section to be **Off by default**. > @@ -116,10 +116,10 @@ Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redir * **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section * **Use default** - The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation - >[!NOTE] - >You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting. + > [!NOTE] + > You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting. - Changing some settings may require a restart. + Changing some settings may require a restart. 4. Repeat this for all the system-level mitigations you want to configure. @@ -127,8 +127,8 @@ Validate stack integrity (StackPivot) | Ensures that the stack hasn't been redir 1. If the app you want to configure is already listed, select it and then select **Edit** 2. If the app isn't listed, at the top of the list select **Add program to customize** and then choose how you want to add the app: - * Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. - * Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. + * Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location. + * Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want. 6. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, select the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows. @@ -140,14 +140,14 @@ Exporting the configuration as an XML file allows you to copy the configuration ## PowerShell reference - You can use the Windows Security app to configure Exploit protection, or you can use PowerShell cmdlets. +You can use the Windows Security app to configure Exploit protection, or you can use PowerShell cmdlets. - The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Security. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply. +The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Security. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply. - >[!IMPORTANT] - >Any changes that are deployed to a device through Group Policy will override the local configuration. When setting up an initial configuration, use a device that will not have a Group Policy configuration applied to ensure your changes aren't overridden. +> [!IMPORTANT] +> Any changes that are deployed to a device through Group Policy will override the local configuration. When setting up an initial configuration, use a device that will not have a Group Policy configuration applied to ensure your changes aren't overridden. - You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app: +You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app: ```PowerShell Get-ProcessMitigation -Name processName.exe @@ -164,7 +164,7 @@ Get-ProcessMitigation -Name processName.exe Use `Set` to configure each mitigation in the following format: - ```PowerShell +```PowerShell Set-ProcessMitigation - - ,, ``` @@ -179,34 +179,34 @@ Where: * \: * The mitigation's cmdlet as defined in the [mitigation cmdlets table](#cmdlets-table) below, along with any suboptions (surrounded with spaces). Each mitigation is separated with a comma. - For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command: +For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command: - ```PowerShell - Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation - ``` +```PowerShell +Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation +``` - > [!IMPORTANT] - > Separate each mitigation option with commas. +> [!IMPORTANT] +> Separate each mitigation option with commas. - If you wanted to apply DEP at the system level, you'd use the following command: +If you wanted to apply DEP at the system level, you'd use the following command: - ```PowerShell - Set-Processmitigation -System -Enable DEP - ``` +```PowerShell +Set-Processmitigation -System -Enable DEP +``` - To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app. +To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app. - If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example: +If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example: - ```PowerShell - Set-Processmitigation -Name test.exe -Remove -Disable DEP - ``` +```PowerShell +Set-Processmitigation -Name test.exe -Remove -Disable DEP +``` - You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below. +You can also set some mitigations to audit mode. Instead of using the PowerShell cmdlet for the mitigation, use the **Audit mode** cmdlet as specified in the [mitigation cmdlets table](#cmdlets-table) below. - For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used previously, you'd use the following command: +For example, to enable Arbitrary Code Guard (ACG) in audit mode for the *testing.exe* used previously, you'd use the following command: - ```PowerShell +```PowerShell Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode ``` @@ -218,29 +218,29 @@ This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that -Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet -- | - | - | - -Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available -Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available -Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available -Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available -Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available -Validate heap integrity | System and app-level | TerminateOnError | Audit not available -Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode -Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad -Block remote images | App-level only | BlockRemoteImages | Audit not available -Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly -Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned -Disable extension points | App-level only | ExtensionPoint | Audit not available -Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall -Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess -Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\] -Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\] -Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\] -Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\] -Validate handle usage | App-level only | StrictHandle | Audit not available -Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available -Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\] +| Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet | +| ---------- | ---------- | ------------------ | ----------------- | +| Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available | +| Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available | +| Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available | +| Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available | +| Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available | +| Validate heap integrity | System and app-level | TerminateOnError | Audit not available | +| Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode | +| Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad | +| Block remote images | App-level only | BlockRemoteImages | Audit not available | +| Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly | +| Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned | +| Disable extension points | App-level only | ExtensionPoint | Audit not available | +| Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall | +| Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess | +| Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter \[1\] | Audit not available\[2\] | +| Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available\[2\] | +| Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available\[2\] | +| Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available\[2\] | +| Validate handle usage | App-level only | StrictHandle | Audit not available | +| Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available | +| Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available\[2\] | \[1\]: Use the following format to enable EAF modules for dlls for a process: @@ -254,7 +254,7 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu For more information about customizing the notification when a rule is triggered and blocks an app or file, see [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center). -## See also +## See also: * [Protect devices from exploits](exploit-protection.md) * [Evaluate exploit protection](evaluate-exploit-protection.md) From 11f0faae52716f09f6ec1f828a9101ab5fd73bf0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 09:44:42 -0800 Subject: [PATCH 167/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 9d66ce2298..d577b90969 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -122,8 +122,8 @@ The following sections describe each of the 16 attack surface reduction rules (i | Rule name | GUID | File & folder exclusions | Minimum OS supported | |-----|-----|-----|-----| -|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -139,23 +139,6 @@ The following sections describe each of the 16 attack surface reduction rules (i |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -### Block Adobe Reader from creating child processes - -This rule prevents attacks by blocking Adobe Reader from creating additional processes. - -Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading. - -This rule was introduced in: -- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) -- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) -- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - -Intune name: Process creation from Adobe Reader (beta) - -Configuration Manager name: Not yet available - -GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` - ### Block abuse of in-the-wild exploited vulnerable signed drivers This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. @@ -177,6 +160,22 @@ Configuration Manager name: Not Applicable Rule guid: `56a863a9-875e-4185-98a7-b882c64b5ce5` +### Block Adobe Reader from creating child processes + +This rule prevents attacks by blocking Adobe Reader from creating additional processes. + +Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading. + +This rule was introduced in: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) + +Intune name: Process creation from Adobe Reader (beta) + +Configuration Manager name: Not yet available + +GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` ### Block all Office applications from creating child processes From 95910d97fd5ba84010b5cf2bd85877d62ec0cdfe Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 10:09:00 -0800 Subject: [PATCH 168/210] Update ts-bitlocker-cannot-encrypt-tpm-issues.md --- .../bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md index 121d7cd8a1..8e005347db 100644 --- a/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md +++ b/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md @@ -116,9 +116,9 @@ The domain and forest functional level of the environment may still be set to Wi To resolve this issue, follow these steps: 1. Upgrade the functional level of the domain and forest to Windows Server 2012 R2. -1. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133). -1. In the script, modify the value of **strPathToDomain** to your domain name. -1. Open an elevated PowerShell window, and run the following command: +2. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133). +3. In the script, modify the value of **strPathToDomain** to your domain name. +4. Open an elevated PowerShell window, and run the following command: ```powershell cscript Add-TPMSelfWriteACE.vbs From f8147a96a8a4103c56ef39af34146d7d92d223e6 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 9 Dec 2020 16:04:54 -0800 Subject: [PATCH 169/210] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 74a41b6ffc..54bbdc6774 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -49,4 +49,5 @@ Application Guard has been created to target several types of systems: |[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a trouble-shooting guide | +| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including mimimum hardware requirements, configuration and a trouble-shooting guide | |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| From f4f563de441c1322b9cd38e07d53f3c78d5f703f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 16:34:00 -0800 Subject: [PATCH 170/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 35 ++++++++++++++----- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index d577b90969..a36f13ab7b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -58,12 +58,26 @@ Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. -> [!IMPORTANT] -> Warn mode is supported on devices running the following versions of Windows: -> - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later -> - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later -> -> Attack surface reduction rules that are configured in warn mode will run in block mode on devices that are running older versions of Windows. +### Requirements for warn mode to work + +Warn mode is supported on devices running the following versions of Windows: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later + +Minimum CAMP release requirement: 4.18.2008.9 +Minimum Engine release requirement: 17400 + +### Warn mode is not supported for some attack surface reduction rules + +Warn mode is not supported for the following attack surface reduction rules: +- [Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (GUID `56a863a9-875e-4185-98a7-b882c64b5ce5`) +- [Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) (GUID `d3e037e1-3eb8-44c8-a917-57927947596d`) +- [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) (GUID `e6db77e5-3df2-4cf1-b95a-636979351e5b`) +- [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) (GUID `c1db55ab-c21a-4637-bb3f-a12568109d35`) + +Attack surface reduction rules that are configured in warn mode will run in block mode on devices that are running older versions of Windows. + + ## Notifications when a rule is triggered @@ -118,10 +132,13 @@ The "engine version" listed for attack surface reduction events in the event log ## Attack surface reduction rules -The following sections describe each of the 16 attack surface reduction rules (in alphabetical order of rule name). This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: +The following table and subsections describe each of the 16 attack surface reduction rules. The attack surface reduction rules are listed in alphabetical order, by rule name. + +If you are configuring attack surface reduction rules by using Group Policy or PowerShell, you'll need the GUIDs. On the other hand, if you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs. + | Rule name | GUID | File & folder exclusions | Minimum OS supported | -|-----|-----|-----|-----| +|:-----|:-----:|:-----|:-----| |[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -141,7 +158,7 @@ The following sections describe each of the 16 attack surface reduction rules (i ### Block abuse of in-the-wild exploited vulnerable signed drivers -This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. +(**NEW**!) This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. This rule does not block a driver already existing on the system from being loaded. From 36f1406f051f08eccaebbdc3dea96493e20e2cb6 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 9 Dec 2020 16:36:10 -0800 Subject: [PATCH 171/210] Update windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../md-app-guard-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 54bbdc6774..636b12a48a 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -49,5 +49,5 @@ Application Guard has been created to target several types of systems: |[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a trouble-shooting guide | -| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including mimimum hardware requirements, configuration and a trouble-shooting guide | +| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration and a trouble-shooting guide | |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| From dceb30e4c68e788afa800c1ddfe3a13ca61374ce Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 16:38:09 -0800 Subject: [PATCH 172/210] Update TOC.md --- windows/security/threat-protection/TOC.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f9ae070935..79487e7cc2 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -185,9 +185,7 @@ ###### [Report on antivirus protection]() ###### [Review protection status and alerts](microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md) ###### [Troubleshoot antivirus reporting in Update Compliance](microsoft-defender-antivirus/troubleshoot-reporting.md) - -###### [Manage updates and apply baselines]() -###### [Learn about the different kinds of updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) +###### [Learn about the recent updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md) ###### [Manage protection and security intelligence updates](microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md) ###### [Manage when protection updates should be downloaded and applied](microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md) ###### [Manage updates for endpoints that are out of date](microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md) From e5686c79e57da2aed6fc8d1b70e75d971ae46e06 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 9 Dec 2020 16:52:27 -0800 Subject: [PATCH 173/210] grammar fix --- windows/whats-new/whats-new-windows-10-version-20H2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index b5bcef856d..f1046db593 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -88,7 +88,7 @@ For more information about what's new in MDM, see [What's new in mobile device e ### Microsoft Defender for Endpoint -This release includes improved support for non-ASCII file paths has been added for Microsoft Defender for Endpoint Auto Incident Response (IR). +This release includes improved support for non-ASCII file paths for Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR). The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) parameter is deprecated in this release. From 2f324dedd1f35b63694716c8f260717aab8bd94b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 16:52:59 -0800 Subject: [PATCH 174/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a36f13ab7b..e10bf2816b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -64,8 +64,11 @@ Warn mode is supported on devices running the following versions of Windows: - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later -Minimum CAMP release requirement: 4.18.2008.9 -Minimum Engine release requirement: 17400 +In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed +- Minimum platform release requirement: `4.18.2008.9` +- Minimum engine release requirement: `1.1.17400.5` + +For more information, see [Update for Microsoft Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform). ### Warn mode is not supported for some attack surface reduction rules From d9d0388a5901654d0278d9f800aa2dd44fb46ded Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:01:26 -0800 Subject: [PATCH 175/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index e10bf2816b..6319fcee8b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -68,23 +68,21 @@ In addition, make sure [Microsoft Defender Antivirus and antimalware updates](ht - Minimum platform release requirement: `4.18.2008.9` - Minimum engine release requirement: `1.1.17400.5` -For more information, see [Update for Microsoft Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform). +For more information and to get your updates, see [Update for Microsoft Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform). -### Warn mode is not supported for some attack surface reduction rules +### Cases where warn mode is not supported -Warn mode is not supported for the following attack surface reduction rules: -- [Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (GUID `56a863a9-875e-4185-98a7-b882c64b5ce5`) +Warn mode is not supported for the following four attack surface reduction rules: +- (NEW!) [Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (GUID `56a863a9-875e-4185-98a7-b882c64b5ce5`) - [Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) (GUID `d3e037e1-3eb8-44c8-a917-57927947596d`) - [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) (GUID `e6db77e5-3df2-4cf1-b95a-636979351e5b`) - [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) (GUID `c1db55ab-c21a-4637-bb3f-a12568109d35`) -Attack surface reduction rules that are configured in warn mode will run in block mode on devices that are running older versions of Windows. - - +In addition, warn mode is not supported on devices running older versions of Windows. In those cases, attack surface reduction rules that are configured to run in warn mode will run in block mode. ## Notifications when a rule is triggered -Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center and the Microsoft 365 security center. +Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)). ## Attack surface reduction features across Windows versions From 6085c05391a266f9106c57e06c2a417248bbf80c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:21:39 -0800 Subject: [PATCH 176/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 6319fcee8b..6e9d5e5bfe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -52,6 +52,21 @@ In the recommendation details pane, check the user impact to determine what perc Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. +## Silent auditing + +(**NEW**!) To add security value, a sample of attack surface reduction audit events are now collected on devices that do not have attack surface reduction rules enabled in either audit mode or block mode. + +By default, attack surface reduction rules are not enabled in audit mode. Silent auditing is a new capability that collects events for the following four attack surface reduction rules: +- [Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) +- [Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) +- [Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) +- [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) + +The other attack surface reduction rules that are not configured will not have any auditing events collected. And, you can disable silent auditing by disabling the rules. + +> [!NOTE] +> Currently, auditing events are not viewable in advanced hunting. + ## Warn mode for users (**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. WHen a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. @@ -140,7 +155,7 @@ If you are configuring attack surface reduction rules by using Group Policy or P | Rule name | GUID | File & folder exclusions | Minimum OS supported | |:-----|:-----:|:-----|:-----| -|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (NEW!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (**NEW**!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | From ccbddd6847d80b675c6d40bfc3e606ef73174122 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:26:39 -0800 Subject: [PATCH 177/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 6e9d5e5bfe..6a73600f8d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -174,7 +174,7 @@ If you are configuring attack surface reduction rules by using Group Policy or P ### Block abuse of in-the-wild exploited vulnerable signed drivers -(**NEW**!) This rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. +(**NEW**!) This new rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. This rule does not block a driver already existing on the system from being loaded. @@ -187,7 +187,7 @@ This rule is supported on all versions of Windows where attack surface reduction - Windows Server, version 1803 (Semi-Annual Channel) or later - Windows Server 2019 -Intune Name: Block abuse of exploited vulnerable signed drivers +Intune Name: `Block abuse of exploited vulnerable signed drivers` Configuration Manager name: Not Applicable @@ -204,7 +204,7 @@ This rule was introduced in: - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -Intune name: Process creation from Adobe Reader (beta) +Intune name: `Process creation from Adobe Reader (beta)` Configuration Manager name: Not yet available @@ -222,9 +222,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Office apps launching child processes +Intune name: `Office apps launching child processes` -Configuration Manager name: Block Office application from creating child processes +Configuration Manager name: `Block Office application from creating child processes` GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` @@ -243,9 +243,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Flag credential stealing from the Windows local security authority subsystem +Intune name: `Flag credential stealing from the Windows local security authority subsystem` -Configuration Manager name: Block credential stealing from the Windows local security authority subsystem +Configuration Manager name: `Block credential stealing from the Windows local security authority subsystem` GUID: `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` @@ -262,9 +262,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Microsoft Endpoint Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions) +Intune name: `Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions)` -Microsoft Endpoint Configuration Manager name: Block executable content from email client and webmail +Microsoft Endpoint Configuration Manager name: `Block executable content from email client and webmail` GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` @@ -287,9 +287,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. +Intune name: `Executables that don't meet a prevalence, age, or trusted list criteria` -Configuration Manager name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria +Configuration Manager name: `Block executable files from running unless they meet a prevalence, age, or trusted list criteria` GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` @@ -305,9 +305,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Obfuscated js/vbs/ps/macro code +Intune name: `Obfuscated js/vbs/ps/macro code` -Configuration Manager name: Block execution of potentially obfuscated scripts. +Configuration Manager name: `Block execution of potentially obfuscated scripts` GUID: `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` @@ -323,9 +323,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: js/vbs executing payload downloaded from Internet (no exceptions) +Intune name: `js/vbs executing payload downloaded from Internet (no exceptions)` -Configuration Manager name: Block JavaScript or VBScript from launching downloaded executable content +Configuration Manager name: `Block JavaScript or VBScript from launching downloaded executable content` GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` @@ -333,7 +333,7 @@ GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. - Malware that abuses Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique. +Malware that abuses Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique. This rule was introduced in: - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) @@ -341,9 +341,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [System Center Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates) (SCCM) CB 1710 (SCCM is now Microsoft Endpoint Configuration Manager) -Intune name: Office apps/macros creating executable content +Intune name: `Office apps/macros creating executable content` -SCCM name: Block Office applications from creating executable content +SCCM name: `Block Office applications from creating executable content` GUID: `3B576869-A4EC-4529-8536-B80A7769E899` @@ -363,9 +363,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Office apps injecting code into other processes (no exceptions) +Intune name: `Office apps injecting code into other processes (no exceptions)` -Configuration Manager name: Block Office applications from injecting code into other processes +Configuration Manager name: `Block Office applications from injecting code into other processes` GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` @@ -383,9 +383,9 @@ This rule was introduced in: - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -Intune name: Process creation from Office communication products (beta) +Intune name: `Process creation from Office communication products (beta)` -Configuration Manager name: Not yet available +Configuration Manager name: Not available GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` @@ -402,9 +402,9 @@ This rule was introduced in: - [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) - [Windows Server 1903](https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903-1909) -Intune name: Not yet available +Intune name: Not available -Configuration Manager name: Not yet available +Configuration Manager name: Not available GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` From 3fa1f0577656d6f052b3d9e2e44448a3999d2fef Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:27:58 -0800 Subject: [PATCH 178/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 6a73600f8d..8a4e322ae0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -420,7 +420,7 @@ This rule was introduced in: - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) -Intune name: Process creation from PSExec and WMI commands +Intune name: `Process creation from PSExec and WMI commands` Configuration Manager name: Not applicable @@ -436,9 +436,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Untrusted and unsigned processes that run from USB +Intune name: `Untrusted and unsigned processes that run from USB` -Configuration Manager name: Block untrusted and unsigned processes that run from USB +Configuration Manager name: `Block untrusted and unsigned processes that run from USB` GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` @@ -454,9 +454,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Win32 imports from Office macro code +Intune name: `Win32 imports from Office macro code` -Configuration Manager name: Block Win32 API calls from Office macros +Configuration Manager name: `Block Win32 API calls from Office macros` GUID: `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` @@ -473,9 +473,9 @@ This rule was introduced in: - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) - [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -Intune name: Advanced ransomware protection +Intune name: `Advanced ransomware protection` -Configuration Manager name: Use advanced protection against ransomware +Configuration Manager name: `Use advanced protection against ransomware` GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` From 1b38d3de84c4b910d88cef2a82ee8b8d8a4547cd Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 9 Dec 2020 17:31:54 -0800 Subject: [PATCH 179/210] Update windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../md-app-guard-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 636b12a48a..4152b07ee4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -48,6 +48,6 @@ Application Guard has been created to target several types of systems: |[Prepare and install Microsoft Defender Application Guard](install-md-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| |[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-md-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.| -| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a trouble-shooting guide | -| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration and a trouble-shooting guide | +| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide | +| [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide | |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.| From 9ad86a573616ec14810c9b9b576ee5ce9e815a16 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:34:22 -0800 Subject: [PATCH 180/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 8a4e322ae0..b67df3ca92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -44,7 +44,7 @@ For more information about configuring attack surface reduction rules, see [Enab You can assess how an attack surface reduction rule might impact your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm). -:::image type="content" source="images/asrrecommendation.png" alt-text="Security recommendation for ASR rule"::: +:::image type="content" source="images/asrrecommendation.png" alt-text="Security reco for attack surface reduction rule"::: In the recommendation details pane, check the user impact to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adverse impact to user productivity. @@ -54,7 +54,7 @@ Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduc ## Silent auditing -(**NEW**!) To add security value, a sample of attack surface reduction audit events are now collected on devices that do not have attack surface reduction rules enabled in either audit mode or block mode. +(**NEW**!) To add security value, a sample of attack surface reduction audit events is now collected on devices that do not have attack surface reduction rules enabled in either audit mode or block mode. The collected events are throttled to 100 events per device By default, attack surface reduction rules are not enabled in audit mode. Silent auditing is a new capability that collects events for the following four attack surface reduction rules: - [Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) @@ -69,7 +69,7 @@ The other attack surface reduction rules that are not configured will not have a ## Warn mode for users -(**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. WHen a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. +(**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. @@ -136,7 +136,7 @@ You can review the Windows event log to view events generated by attack surface 5. Select **OK**. -This will create a custom view that filters events to only show the following, all of which are related to controlled folder access: +You can create a custom view that filters events to only show the following events, all of which are related to controlled folder access: |Event ID | Description | |---|---| @@ -212,7 +212,7 @@ GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` ### Block all Office applications from creating child processes -This rule blocks Office apps from creating child processes. This includes Word, Excel, PowerPoint, OneNote, and Access. +This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access. Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run additional payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings. From ecfec7b56dc664418fc3cf0e4c0af9cb105b87f5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 9 Dec 2020 17:36:16 -0800 Subject: [PATCH 181/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index b67df3ca92..9cbb770158 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -232,7 +232,7 @@ GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` This rule helps prevent credential stealing, by locking down Local Security Authority Subsystem Service (LSASS). -LSASS authenticates users who log in to a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. +LSASS authenticates users who sign in on a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. > [!NOTE] > In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. @@ -373,7 +373,7 @@ GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. -This protects against social engineering attacks and prevents exploit code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised. +This rule protects against social engineering attacks and prevents exploit code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised. > [!NOTE] > This rule applies to Outlook and Outlook.com only. From 8d2c3cf2051b31922d411b86285b6c3fec94482e Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Thu, 10 Dec 2020 12:17:06 +0530 Subject: [PATCH 182/210] Minor fix --- .../microsoft-defender-atp/ios-configure-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index a5e183572d..9d819f99ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -68,7 +68,7 @@ By default, Defender for Endpoint for iOS includes and enables the web protectio While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: -1. On your iOS device, open the **Settings** app and click or tap **VPN**. +1. On your iOS device, open the **Settings** app and click or tap **General** and then **VPN**. 1. Click or tap the "i" button for Microsoft Defender ATP. 1. Toggle off **Connect On Demand** to disable VPN. From 802643f8051f33b086187571d4aad21c73f25095 Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Thu, 10 Dec 2020 15:27:16 +0530 Subject: [PATCH 183/210] Minor fix as suggested --- .../microsoft-defender-atp/ios-configure-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 9d819f99ad..6c50645b1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -64,11 +64,11 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i ## Web Protection and VPN -By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a local VPN in order to provide this protection. +By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device. While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: -1. On your iOS device, open the **Settings** app and click or tap **General** and then **VPN**. +1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**. 1. Click or tap the "i" button for Microsoft Defender ATP. 1. Toggle off **Connect On Demand** to disable VPN. From 9d0d547de74c7302411eeec2d90bb66ca43e6464 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 10 Dec 2020 19:45:48 +0500 Subject: [PATCH 184/210] minor corrections did cosmetic changes to the document. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8282 --- windows/client-management/troubleshoot-tcpip-netmon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 7f7855bca2..672e45dae2 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -19,7 +19,7 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is > [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). -To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. +To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. ![Adapters](images/nm-adapters.png) From dbaf7752a9c1977980c877950e24be0574adb404 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 10 Dec 2020 20:15:05 +0500 Subject: [PATCH 185/210] Update windows/client-management/troubleshoot-tcpip-netmon.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/troubleshoot-tcpip-netmon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 672e45dae2..ed2dc15ba1 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -19,7 +19,7 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is > [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide). -To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image. +To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image: ![Adapters](images/nm-adapters.png) From daf4cb028fdd586c2e18fd70569c53b3cb2954b9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 10:00:48 -0800 Subject: [PATCH 186/210] Update md-app-guard-overview.md --- .../md-app-guard-overview.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 4152b07ee4..03930690d8 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 09/07/2020 +ms.date: 12/10/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -32,18 +32,18 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern Application Guard has been created to target several types of systems: -- **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. +- **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. -- **Enterprise mobile laptops.** These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network. +- **Enterprise mobile laptops**. These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network. -- **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home. +- **Bring your own device (BYOD) mobile laptops**. These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home. -- **Personal devices.** These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside. +- **Personal devices**. These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside. ## Related articles |Article |Description | -|------|------------| +|:------|:------------| |[System requirements for Microsoft Defender Application Guard](reqs-md-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.| |[Prepare and install Microsoft Defender Application Guard](install-md-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| |[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-md-app-guard.md) |Provides info about the available Group Policy and MDM settings.| From e6014e57d457a27f6f650f46bd47c76afaef60a8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 10:05:34 -0800 Subject: [PATCH 187/210] Update edr-in-block-mode.md --- .../microsoft-defender-atp/edr-in-block-mode.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 5498350b55..11a0785946 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium ms.custom: - next-gen - edr -ms.date: 08/21/2020 +ms.date: 12/10/2020 ms.collection: - m365-security-compliance - m365initiative-defender-endpoint @@ -39,7 +39,7 @@ EDR in block mode is also integrated with [threat & vulnerability management](ht :::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode"::: > [!NOTE] -> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**. +> To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**. ## What happens when something is detected? From dd00929c5fb4a13323139239f1b6341ba4818e61 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 13:31:58 -0800 Subject: [PATCH 188/210] Update edr-in-block-mode.md --- .../microsoft-defender-atp/edr-in-block-mode.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index 11a0785946..ceb116cea0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -81,6 +81,10 @@ The following image shows an instance of unwanted software that was detected and ## Frequently asked questions +### Do I need to turn EDR in block mode on even when I have Microsoft Defender Antivirus running on devices? + +We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Microsoft Defender for Endpoint to take actions, based on EDR detections. + ### Will EDR in block mode have any impact on a user's antivirus protection? No. EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Microsoft Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. From 9822f130a862bb094c70d95f73cbb8d11b6b1ce5 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 13:48:26 -0800 Subject: [PATCH 189/210] Update edr-in-block-mode.md --- .../microsoft-defender-atp/edr-in-block-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index ceb116cea0..0372ef6ab9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -83,7 +83,7 @@ The following image shows an instance of unwanted software that was detected and ### Do I need to turn EDR in block mode on even when I have Microsoft Defender Antivirus running on devices? -We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Microsoft Defender for Endpoint to take actions, based on EDR detections. +We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Microsoft Defender for Endpoint to take actions based on post-breach behavioral EDR detections. ### Will EDR in block mode have any impact on a user's antivirus protection? From eeac52a8eb5b05446a61c9b4e4727dccd7f892bd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 14:47:58 -0800 Subject: [PATCH 190/210] Update attack-surface-reduction.md --- .../attack-surface-reduction.md | 43 ++----------------- 1 file changed, 3 insertions(+), 40 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 9cbb770158..fc88435234 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -52,21 +52,6 @@ In the recommendation details pane, check the user impact to determine what perc Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. -## Silent auditing - -(**NEW**!) To add security value, a sample of attack surface reduction audit events is now collected on devices that do not have attack surface reduction rules enabled in either audit mode or block mode. The collected events are throttled to 100 events per device - -By default, attack surface reduction rules are not enabled in audit mode. Silent auditing is a new capability that collects events for the following four attack surface reduction rules: -- [Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) -- [Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) -- [Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) -- [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) - -The other attack surface reduction rules that are not configured will not have any auditing events collected. And, you can disable silent auditing by disabling the rules. - -> [!NOTE] -> Currently, auditing events are not viewable in advanced hunting. - ## Warn mode for users (**NEW**!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. @@ -87,8 +72,8 @@ For more information and to get your updates, see [Update for Microsoft Defender ### Cases where warn mode is not supported -Warn mode is not supported for the following four attack surface reduction rules: -- (NEW!) [Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (GUID `56a863a9-875e-4185-98a7-b882c64b5ce5`) +Warn mode is not supported for the following attack surface reduction rules: + - [Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) (GUID `d3e037e1-3eb8-44c8-a917-57927947596d`) - [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) (GUID `e6db77e5-3df2-4cf1-b95a-636979351e5b`) - [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) (GUID `c1db55ab-c21a-4637-bb3f-a12568109d35`) @@ -148,14 +133,13 @@ The "engine version" listed for attack surface reduction events in the event log ## Attack surface reduction rules -The following table and subsections describe each of the 16 attack surface reduction rules. The attack surface reduction rules are listed in alphabetical order, by rule name. +The following table and subsections describe each of the 15 attack surface reduction rules. The attack surface reduction rules are listed in alphabetical order, by rule name. If you are configuring attack surface reduction rules by using Group Policy or PowerShell, you'll need the GUIDs. On the other hand, if you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs. | Rule name | GUID | File & folder exclusions | Minimum OS supported | |:-----|:-----:|:-----|:-----| -|[Block abuse of in-the-wild exploited vulnerable signed drivers](#block-abuse-of-in-the-wild-exploited-vulnerable-signed-drivers) (**NEW**!) |`56a863a9-875e-4185-98a7-b882c64b5ce5` | |[Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | @@ -172,27 +156,6 @@ If you are configuring attack surface reduction rules by using Group Policy or P |[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | |[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | -### Block abuse of in-the-wild exploited vulnerable signed drivers - -(**NEW**!) This new rule prevents an application from writing a vulnerable signed driver to disk. Vulnerable signed drivers can be exploited by local applications with sufficient privileges, to gain access to the kernel. It allows attackers to disable or circumvent security solutions, eventually leading to system compromise. - -This rule does not block a driver already existing on the system from being loaded. - -> [!TIP] -> You can submit a driver for analysis at the [Microsoft Security Intelligence site](https://www.microsoft.com/wdsi/driversubmission). - -This rule is supported on all versions of Windows where attack surface reduction rules are currently supported: -- Windows 10 Pro, version 1709 or later -- Windows 10 Enterprise, version 1709 or later -- Windows Server, version 1803 (Semi-Annual Channel) or later -- Windows Server 2019 - -Intune Name: `Block abuse of exploited vulnerable signed drivers` - -Configuration Manager name: Not Applicable - -Rule guid: `56a863a9-875e-4185-98a7-b882c64b5ce5` - ### Block Adobe Reader from creating child processes This rule prevents attacks by blocking Adobe Reader from creating additional processes. From 423558a767557cf82ff659b6de501ab668f43e83 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 14:49:49 -0800 Subject: [PATCH 191/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index fc88435234..3456c7128e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -14,7 +14,7 @@ ms.author: deniseb ms.reviewer: sugamar, jcedola manager: dansimp ms.custom: asr -ms.date: 12/09/2020 +ms.date: 12/10/2020 --- # Use attack surface reduction rules to prevent malware infection From 792cee0b921da14f53d254ec41f7b0ddd50e4001 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:05:43 -0800 Subject: [PATCH 192/210] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 272d1480ec..ae6fe0d261 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb audience: ITPro -ms.date: 11/05/2020 +ms.date: 12/10/2020 ms.reviewer: v-maave manager: dansimp ms.custom: asr @@ -44,6 +44,19 @@ Controlled folder access is especially useful in helping to protect your documen The protected folders include common system folders (including boot sectors), and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. +By default, the following Windows system folders are protected: +- `c:\Users\\Documents` +- `c:\Users\Public\Documents` +- `c:\Users\\Pictures` +- `c:\Users\Public\Pictures` +- `c:\Users\Public\Videos` +- `c:\Users\\Music` +- `c:\Users\Public\Music` +- `c:\Users\\Favorites` + +> [!NOTE] +> You cannot remove the Windows system folders that are protected by default. + You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. Controlled folder access is supported on Windows 10, version 1709 and later and Windows Server 2019. From e5ce0046d22ffd7543e4c6d582387ef1f820d3cc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:27:07 -0800 Subject: [PATCH 193/210] Update controlled-folders.md --- .../controlled-folders.md | 69 +++++++------------ 1 file changed, 24 insertions(+), 45 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index ae6fe0d261..b6163d243c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -40,11 +40,20 @@ Controlled folder access works with a list of trusted software. If an app is inc Apps can also be manually added to the trusted list via Configuration Manager and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console. +## Why controlled folder access is important + Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware). In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. -The protected folders include common system folders (including boot sectors), and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. +The [protected folders](#review-controlled-folder-access-events-in-windows-event-viewer) include common system folders (including boot sectors), and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. + +You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. + +Controlled folder access is supported on Windows 10, version 1709 and later and Windows Server 2019. + +## Windows system folders are protected by default + +Your Windows system folders are protected by default, along with several other folders. These folders include: -By default, the following Windows system folders are protected: - `c:\Users\\Documents` - `c:\Users\Public\Documents` - `c:\Users\\Pictures` @@ -55,13 +64,9 @@ By default, the following Windows system folders are protected: - `c:\Users\\Favorites` > [!NOTE] -> You cannot remove the Windows system folders that are protected by default. +> You can configure additional folders as protected, but you cannot remove the Windows system folders that are protected by default. -You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. - -Controlled folder access is supported on Windows 10, version 1709 and later and Windows Server 2019. - -## Requirements +## Requirements for controlled folder access Controlled folder access requires enabling [Microsoft Defender Antivirus real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md). @@ -90,19 +95,21 @@ You can review the Windows event log to see events that are created when control 4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views.md). -5. Click **OK**. +5. Select **OK**. After following the procedure, you have created a custom view that shows events related to controlled folder access, as listed in the following table: |Event ID | Description | -|---|---| +|:---|:---| |5007 | Event when settings are changed | |1124 | Audited controlled folder access event | |1123 | Blocked controlled folder access event | ## View or change the list of protected folders -### Windows 10 security app +You can use the Windows Security app to view the list of folders that are protected by controlled folder access. + +### View or change the list of protected folders using the Windows Security app 1. On your Windows 10 device, open the Windows Security app. @@ -118,39 +125,11 @@ After following the procedure, you have created a custom view that shows events - To remove a folder, select it, and then select **Remove**. +> [!NOTE] +> [Windows system folders](#windows-system-folders-are-protected-by-default) are protected by default, and you cannot remove them from the list. + ## See also -- [Evaluate controlled folder access](evaluate-controlled-folder-access.md). Use a dedicated demo tool to see how controlled folder access works, and what events would typically be created. - - -## Default folders protected by controlled folder access -Windows system folders are protected by default. In addition, there are several folders that are protected by controlled folder access by default. You can configure additional folders as protected, but cannot remove the default folders from the controlled folder access protection. See [Protect additional folders](customize-controlled-folders.md#protect-additional-folders) for more information. - -Here's the list of default protected folders: -- %USERPROFILE%\Documents -- %USERPROFILE%\Favorites -- %USERPROFILE%\Music -- %USERPROFILE%\Pictures -- %USERPROFILE%\Videos -- %PUBLIC%\Documents -- %PUBLIC%\Music -- %PUBLIC%\Pictures -- %PUBLIC%\Videos - -You can use the Windows Security app to view the list of default folders protected by controlled folder access: - -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. - -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then scroll down to the **Ransomware protection** section. - -3. Click the **Manage ransomware protection** link to open the **Ransomware protection** pane. - -4. Under the **Controlled folder access** section, click the **Protected folders** link. - -5. Click **Yes** on the **User Access Control** prompt. - - The **Protected folders** pane displays the folders that are protected by default. - -## In this section - - [Customize controlled folder access](customize-controlled-folders.md). Add additional protected folders, and allow specified apps to access protected folders. +- [Evaluate controlled folder access](evaluate-controlled-folder-access.md) +- [Customize controlled folder access](customize-controlled-folders.md) +- [Protect additional folders](customize-controlled-folders.md#protect-additional-folders) From 3ca7c1e48fea27de53a415d1eeea584992d1b7a3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:31:10 -0800 Subject: [PATCH 194/210] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index b6163d243c..e034c4b032 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -74,7 +74,7 @@ Controlled folder access requires enabling [Microsoft Defender Antivirus real-ti Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled. +You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use [advanced hunting](advanced-hunting-overview.md) to see how controlled folder access settings would affect your environment if they were enabled. Example query: From 5372f7c669a3b4de919b62e387111d50b8242ff1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:46:11 -0800 Subject: [PATCH 195/210] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index e034c4b032..7919059f93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -36,9 +36,11 @@ Controlled folder access works best with [Microsoft Defender for Endpoint](../mi Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders. -Controlled folder access works with a list of trusted software. If an app is included in the list of trusted software, the app works as expected. If not, the app is blocked from making any changes to files that are inside protected folders. Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list. +Controlled folder access works with a list of trusted apps. If an app is included in the list of trusted software, it works as expected. If not, the app is prevented from making any changes to files that are inside protected folders. -Apps can also be manually added to the trusted list via Configuration Manager and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console. +Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically. + +Apps can also be added manually to the trusted list by using Configuration Manager or Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for an app, can be performed from the Security Center Console. ## Why controlled folder access is important @@ -48,7 +50,9 @@ The [protected folders](#review-controlled-folder-access-events-in-windows-event You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -Controlled folder access is supported on Windows 10, version 1709 and later and Windows Server 2019. +Controlled folder access is supported on the following versions of Windows: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) and later +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) ## Windows system folders are protected by default From ec1510a6960ac6c68a40bd44553e72b61bb50a69 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:47:04 -0800 Subject: [PATCH 196/210] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 7919059f93..27801e48ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -56,7 +56,7 @@ Controlled folder access is supported on the following versions of Windows: ## Windows system folders are protected by default -Your Windows system folders are protected by default, along with several other folders. These folders include: +Windows system folders are protected by default, along with several other folders: - `c:\Users\\Documents` - `c:\Users\Public\Documents` @@ -113,8 +113,6 @@ After following the procedure, you have created a custom view that shows events You can use the Windows Security app to view the list of folders that are protected by controlled folder access. -### View or change the list of protected folders using the Windows Security app - 1. On your Windows 10 device, open the Windows Security app. 2. Select **Virus & threat protection**. From 4d545467ba94a4463f74498184a84d778a7a184f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 15:50:20 -0800 Subject: [PATCH 197/210] Update controlled-folders.md --- .../microsoft-defender-atp/controlled-folders.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md index 27801e48ad..80ec62a312 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md +++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md @@ -28,7 +28,7 @@ ms.custom: asr ## What is controlled folder access? -Controlled folder access helps you protect your valuable data from malicious apps and threats, like ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App or in Microsoft Endpoint Configuration Manager and Intune (for managed devices). +Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices). Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). @@ -101,7 +101,7 @@ You can review the Windows event log to see events that are created when control 5. Select **OK**. -After following the procedure, you have created a custom view that shows events related to controlled folder access, as listed in the following table: +The following table shows events related to controlled folder access: |Event ID | Description | |:---|:---| From 3b7c523096c9671083fd656ddcfc6da580cdb9ed Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 16:02:47 -0800 Subject: [PATCH 198/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 3456c7128e..a512161c89 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -80,9 +80,13 @@ Warn mode is not supported for the following attack surface reduction rules: In addition, warn mode is not supported on devices running older versions of Windows. In those cases, attack surface reduction rules that are configured to run in warn mode will run in block mode. -## Notifications when a rule is triggered +## Notifications and alerts -Whenever a rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays within the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)). +Whenever an attack surface reduction rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. + +In addition, when certain attack surface reduction rules are triggered, alerts are generated. + +Notifications and any alerts that are generated can be viewed in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and in the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)). ## Attack surface reduction features across Windows versions From e005e8860f8dbefc1b992e0861b6ccd5ddb9ea78 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 16:09:10 -0800 Subject: [PATCH 199/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index a512161c89..b1e863e72f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -82,7 +82,7 @@ In addition, warn mode is not supported on devices running older versions of Win ## Notifications and alerts -Whenever an attack surface reduction rule is triggered, a notification will be displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. +Whenever an attack surface reduction rule is triggered, a notification is displayed on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. In addition, when certain attack surface reduction rules are triggered, alerts are generated. From 3ddc1b52199709a15a64aa29c69dad5fd96138e7 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 10 Dec 2020 16:25:01 -0800 Subject: [PATCH 200/210] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index b1e863e72f..a0586d3024 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -88,6 +88,14 @@ In addition, when certain attack surface reduction rules are triggered, alerts a Notifications and any alerts that are generated can be viewed in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and in the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)). +## Advanced hunting and attack surface reduction events + +You can use advanced hunting to view attack surface reduction events. To streamline the volume of incoming data, only unique processes for each hour are viewable with advanced hunting. The time of an attack surface reduction event is the first time that event is seen within the hour. + +For example, suppose that an attack surface reduction event occurs on ten devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you'll see one instance of that event (even though it actually occurred on ten devices), and its timestamp will be 2:15 PM. + +For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](advanced-hunting-overview.md). + ## Attack surface reduction features across Windows versions You can set attack surface reduction rules for devices running any of the following editions and versions of Windows: From 135f0882817e1737c676eca4d43864311033eb09 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 11 Dec 2020 10:06:51 -0800 Subject: [PATCH 201/210] ltsc name fix --- windows/whats-new/ltsc/TOC.md | 6 +-- windows/whats-new/ltsc/index.md | 12 ++--- .../ltsc/whats-new-windows-10-2015.md | 14 +++--- .../ltsc/whats-new-windows-10-2016.md | 16 +++---- .../ltsc/whats-new-windows-10-2019.md | 48 +++++++++---------- 5 files changed, 48 insertions(+), 48 deletions(-) diff --git a/windows/whats-new/ltsc/TOC.md b/windows/whats-new/ltsc/TOC.md index e49aee21fc..a16525cda0 100644 --- a/windows/whats-new/ltsc/TOC.md +++ b/windows/whats-new/ltsc/TOC.md @@ -1,4 +1,4 @@ # [Windows 10 Enterprise LTSC](index.md) -## [What's new in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md) -## [What's new in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md) -## [What's new in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md) +## [What's new in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md) +## [What's new in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md) +## [What's new in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md) diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index b1464088fc..09f32c39f4 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -22,9 +22,9 @@ ms.topic: article This topic provides links to articles with information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel. -[What's New in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md)
-[What's New in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md)
-[What's New in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md) +[What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
+[What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)
+[What's New in Windows 10 Enterprise LTSC 2015](whats-new-windows-10-2015.md) ## The Long Term Servicing Channel (LTSC) @@ -32,9 +32,9 @@ The following table summarizes equivalent feature update versions of Windows 10 | LTSC release | Equivalent SAC release | Availability date | | --- | --- | --- | -| Windows 10 Enterprise 2015 LTSC | Windows 10, Version 1507 | 7/29/2015 | -| Windows 10 Enterprise 2016 LTSC | Windows 10, Version 1607 | 8/2/2016 | -| Windows 10 Enterprise 2019 LTSC | Windows 10, Version 1809 | 11/13/2018 | +| Windows 10 Enterprise LTSC 2015 | Windows 10, Version 1507 | 7/29/2015 | +| Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | +| Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 | >[!NOTE] >The Long Term Servicing Channel was previously called the Long Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index aace786788..0fb947167f 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -1,10 +1,10 @@ --- -title: What's new in Windows 10 Enterprise 2015 LTSC +title: What's new in Windows 10 Enterprise LTSC 2015 ms.reviewer: manager: laurawi ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"] +description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2015"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -14,15 +14,15 @@ ms.localizationpriority: low ms.topic: article --- -# What's new in Windows 10 Enterprise 2015 LTSC +# What's new in Windows 10 Enterprise LTSC 2015 **Applies to** -- Windows 10 Enterprise 2015 LTSC +- Windows 10 Enterprise LTSC 2015 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] ->Features in Windows 10 Enterprise 2015 LTSC are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md). +>Features in Windows 10 Enterprise LTSC 2015 are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md). ## Deployment diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 63e15a057b..3b3891912c 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -1,10 +1,10 @@ --- -title: What's new in Windows 10 Enterprise 2016 LTSC +title: What's new in Windows 10 Enterprise LTSC 2016 ms.reviewer: manager: laurawi ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"] +description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2016"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -14,15 +14,15 @@ ms.localizationpriority: low ms.topic: article --- -# What's new in Windows 10 Enterprise 2016 LTSC +# What's new in Windows 10 Enterprise LTSC 2016 **Applies to** -- Windows 10 Enterprise 2016 LTSC +- Windows 10 Enterprise LTSC 2016 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2016 LTSC (LTSB), compared to Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2016 (LTSB), compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] ->Features in Windows 10 Enterprise 2016 LTSC are equivalent to Windows 10, version 1607. +>Features in Windows 10 Enterprise LTSC 2016 are equivalent to Windows 10, version 1607. ## Deployment @@ -71,7 +71,7 @@ Isolated User Mode is now included with Hyper-V so you don't have to install it When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in this version of Windows 10. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. -Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC: +Additional changes for Windows Hello in Windows 10 Enterprise LTSC 2016: - Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. - Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index cee461354f..d04340e9a9 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -1,10 +1,10 @@ --- -title: What's new in Windows 10 Enterprise 2019 LTSC +title: What's new in Windows 10 Enterprise LTSC 2019 ms.reviewer: manager: laurawi ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"] +description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2019 (also known as Windows 10 Enterprise 2019 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise LTSC 2019"] ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -13,15 +13,15 @@ ms.localizationpriority: low ms.topic: article --- -# What's new in Windows 10 Enterprise 2019 LTSC +# What's new in Windows 10 Enterprise LTSC 2019 **Applies to** -- Windows 10 Enterprise 2019 LTSC +- Windows 10 Enterprise LTSC 2019 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2019 LTSC, compared to Windows 10 Enterprise 2016 LTSC (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] ->Features in Windows 10 Enterprise 2019 LTSC are equivalent to Windows 10, version 1809. +>Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809. Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as: - Advanced protection against modern security threats @@ -85,7 +85,7 @@ Endpoint detection and response is improved. Enterprise customers can now take a Some of the highlights of the new library include [Evaluation guide for Microsoft Defender AV](/windows/threat-protection/microsoft-defender-antivirus//evaluate-microsoft-defender-antivirus) and [Deployment guide for Microsoft Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus). - New features for Microsoft Defender AV in Windows 10 Enterprise 2019 LTSC include: + New features for Microsoft Defender AV in Windows 10 Enterprise LTSC 2019 include: - [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus) - [The ability to specify the level of cloud-protection](/windows/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus) - [Microsoft Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/microsoft-defender-antivirus/windows-defender-security-center-antivirus) @@ -239,7 +239,7 @@ WSC now includes the Fluent Design System elements you know and love. You’ll a The security setting [**Interactive logon: Display user information when the session is locked**](/windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. A new security policy setting -[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise 2019 LTSC. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. +[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise LTSC 2019. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. #### Windows 10 in S mode @@ -251,7 +251,7 @@ We’ve continued to work on the **Current threats** area in [Virus & threat pr ### Windows Autopilot -[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise 2019 LTSC (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. +[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise LTSC 2019 (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog) or this article for updated information. @@ -265,7 +265,7 @@ IT Pros can use Autopilot Reset to quickly remove personal files, apps, and sett ### MBR2GPT.EXE -MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). +MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise LTSC 2019 (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. @@ -293,7 +293,7 @@ For more information, see [DISM operating system uninstall command-line options] You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once. Prerequisites: -- Windows 10, version 1803 or Windows 10 Enterprise 2019 LTSC, or later. +- Windows 10, version 1803 or Windows 10 Enterprise LTSC 2019, or later. - Windows 10 Enterprise or Pro For more information, see [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions). @@ -332,7 +332,7 @@ SetupDiag works by searching Windows Setup log files. When searching log files, If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! **To enable fast sign-in:** -1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. +1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise LTSC 2019. 2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. 3. Sign-in to a shared PC with your account. You'll notice the difference! @@ -428,7 +428,7 @@ The following new Group Policy and mobile device management (MDM) settings are a ### Start and taskbar layout -Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise 2019 LTSC adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). +Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise LTSC 2019 adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). [Additional MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include: @@ -467,7 +467,7 @@ You can now register your Azure AD domains to the Windows Insider Program. For m ### Optimize update delivery -With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10 Enterprise LTSC 2019, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. @@ -485,15 +485,15 @@ To check out all the details, see [Configure Delivery Optimization for Windows 1 ### Uninstalled in-box apps no longer automatically reinstall -Starting with Windows 10 Enterprise 2019 LTSC, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. +Starting with Windows 10 Enterprise LTSC 2019, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. -Additionally, apps de-provisioned by admins on Windows 10 Enterprise 2019 LTSC machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise 2016 LTSC (or earlier) to Windows 10 Enterprise 2019 LTSC. +Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise LTSC 2015 (or earlier) to Windows 10 Enterprise LTSC 2019. ## Management ### New MDM capabilities -Windows 10 Enterprise 2019 LTSC adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed). +Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed). Some of the other new CSPs are: @@ -519,17 +519,17 @@ Multiple new configuration items are also added. For more information, see [What ### Mobile application management support for Windows 10 -The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise 2019 LTSC. +The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise LTSC 2019. For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management). ### MDM diagnostics -In Windows 10 Enterprise 2019 LTSC, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. +In Windows 10 Enterprise LTSC 2019, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. ### Application Virtualization for Windows (App-V) -Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise 2019 LTSC introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. +Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise LTSC 2019 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. For more info, see the following topics: - [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm) @@ -546,7 +546,7 @@ Learn more about the diagnostic data that's collected at the Basic level and som ### Group Policy spreadsheet -Learn about the new Group Policies that were added in Windows 10 Enterprise 2019 LTSC. +Learn about the new Group Policies that were added in Windows 10 Enterprise LTSC 2019. - [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) @@ -579,9 +579,9 @@ Miracast over Infrastructure offers a number of benefits: Enabling Miracast over Infrastructure: -If you have a device that has been updated to Windows 10 Enterprise 2019 LTSC, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: +If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: -- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise 2019 LTSC, or a later OS. +- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise LTSC 2019, or a later OS. - A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. From d8be4c67adca40545b40b280aa796b71ba879b85 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 11 Dec 2020 10:10:58 -0800 Subject: [PATCH 202/210] correction --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index d04340e9a9..abfe43e940 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 Enterprise LTSC 2019 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2015 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] >Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809. @@ -487,7 +487,7 @@ To check out all the details, see [Configure Delivery Optimization for Windows 1 Starting with Windows 10 Enterprise LTSC 2019, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. -Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise LTSC 2015 (or earlier) to Windows 10 Enterprise LTSC 2019. +Additionally, apps de-provisioned by admins on Windows 10 Enterprise LTSC 2019 machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise LTSC 2016 (or earlier) to Windows 10 Enterprise LTSC 2019. ## Management From 90051194a0f8d1763be12f77330764e0bae17242 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 11 Dec 2020 14:09:39 -0800 Subject: [PATCH 203/210] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 355486f404..72c13de8f4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 12/08/2020 +ms.date: 12/11/2020 --- # Microsoft Defender Antivirus compatibility @@ -78,7 +78,7 @@ The following table summarizes the functionality and features that are available - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). - In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode. -- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items. +- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not used as the primary antivirus solution, it can still detect and remediate malicious items. - When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. ## Keep the following points in mind From 063e30cc429762a1d3828a623882e408cd1ff469 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 11 Dec 2020 14:19:20 -0800 Subject: [PATCH 204/210] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 72c13de8f4..bb9e88a2d6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -104,4 +104,4 @@ If you uninstall the other product, and choose to use Microsoft Defender Antivir - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) - [Configure Endpoint Protection on a standalone client](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client) -- [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) +- [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) From 7855a7fa32f450dcd3a25e30421f687b6b3cd9b5 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 14 Dec 2020 11:23:43 -0800 Subject: [PATCH 205/210] Corrected misspelled filename --- windows/client-management/mdm/TOC.md | 2 +- .../mdm/policies-in-policy-csp-admx-backed.md | 16 ++++++++-------- .../mdm/policy-configuration-service-provider.md | 16 ++++++++-------- ....md => policy-csp-admx-deviceinstallation.md} | 0 4 files changed, 17 insertions(+), 17 deletions(-) rename windows/client-management/mdm/{policy-csp-admx-devicenstallation.md => policy-csp-admx-deviceinstallation.md} (100%) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index eb36dff859..d5168b9828 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -191,7 +191,7 @@ #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md) #### [ADMX_DataCollection](policy-csp-admx-datacollection.md) #### [ADMX_Desktop](policy-csp-admx-desktop.md) -#### [ADMX_DeviceInstallation](policy-csp-admx-devicenstallation.md) +#### [ADMX_DeviceInstallation](policy-csp-admx-deviceinstallation.md) #### [ADMX_DeviceSetup](policy-csp-admx-devicesetup.md) #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md) #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 309fb143c2..8771145e8a 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -150,14 +150,14 @@ ms.date: 10/08/2020 - [ADMX_Desktop/sz_DB_DragDropClose](./policy-csp-admx-desktop.md#admx-desktop-sz-db-dragdropclose) - [ADMX_Desktop/sz_DB_Moving](./policy-csp-admx-desktop.md#admx-desktop-sz-db-moving) - [ADMX_Desktop/sz_DWP_NoHTMLPaper](./policy-csp-admx-desktop.md#admx-desktop-sz-dwp-nohtmlpaper) -- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) -- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) -- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) -- [ADMX_DeviceInstallation/DeviceInstall_InstallTimeout](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-installtimeout) -- [ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-policy-reboottime) -- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-removable-deny) -- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-systemrestore) -- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-devicenstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser) +- [ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-allowadmininstall) +- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-detailtext) +- [ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-deniedpolicy-simpletext) +- [ADMX_DeviceInstallation/DeviceInstall_InstallTimeout](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-installtimeout) +- [ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-policy-reboottime) +- [ADMX_DeviceInstallation/DeviceInstall_Removable_Deny](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-removable-deny) +- [ADMX_DeviceInstallation/DeviceInstall_SystemRestore](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-systemrestore) +- [ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser](./policy-csp-admx-deviceinstallation.md#admx-deviceinstallation-deviceinstall-classes-allowuser) - [ADMX_DeviceSetup/DeviceInstall_BalloonTips](./policy-csp-admx-devicesetup.md#admx-devicesetup-deviceinstall-balloontips) - [ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration](./policy-csp-admx-devicesetup.md#admx-devicesetup-driversearchplaces-searchorderconfiguration) - [ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1](./policy-csp-admx-digitallocker.md#admx-digitallocker-digitalx-diableapplication-titletext-1) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6483b2b718..2efe519667 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -651,28 +651,28 @@ The following diagram shows the Policy configuration service provider in tree fo

- ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall + ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall
- ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText + ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText
- ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText + ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText
- ADMX_DeviceInstallation/DeviceInstall_InstallTimeout + ADMX_DeviceInstallation/DeviceInstall_InstallTimeout
- ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime + ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime
- ADMX_DeviceInstallation/DeviceInstall_Removable_Deny + ADMX_DeviceInstallation/DeviceInstall_Removable_Deny
- ADMX_DeviceInstallation/DeviceInstall_SystemRestore + ADMX_DeviceInstallation/DeviceInstall_SystemRestore
- ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser + ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser
diff --git a/windows/client-management/mdm/policy-csp-admx-devicenstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md similarity index 100% rename from windows/client-management/mdm/policy-csp-admx-devicenstallation.md rename to windows/client-management/mdm/policy-csp-admx-deviceinstallation.md From 383591b44cb0bf0c64e321ba470e79d15fbc5e0c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 14 Dec 2020 11:28:58 -0800 Subject: [PATCH 206/210] Fixed Acrolinx issues --- windows/client-management/mdm/policy-csp-admx-eaime.md | 4 ++-- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md index 3cd05e398d..433116e5de 100644 --- a/windows/client-management/mdm/policy-csp-admx-eaime.md +++ b/windows/client-management/mdm/policy-csp-admx-eaime.md @@ -419,7 +419,7 @@ ADMX Info: Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Internet search integration. -Search integration includes both using Search Provider (Japanese Microsoft IME) and performing bing search from predictive input for Japanese Microsoft IME. +Search integration includes both using Search Provider (Japanese Microsoft IME) and performing Bing search from predictive input for Japanese Microsoft IME. If you enable this policy setting, you cannot use search integration. @@ -789,7 +789,7 @@ If you enable this policy setting, the functionality associated with this featur If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn it on. -If you don't configure this policy setting, it will be turned on by default, and the user can turn on and turn off the lexicon udpate feature. +If you don't configure this policy setting, it will be turned on by default, and the user can turn on and turn off the lexicon update feature. This Policy setting applies only to Microsoft CHS Pinyin IME. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index f01f693b6e..69f2c6624a 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1462,7 +1462,7 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. If you enable or do not configure this setting, definition retirement will be enabled. From d7b37a96848ecd758d484564e1dcdd9e912f4c0d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 14 Dec 2020 11:36:15 -0800 Subject: [PATCH 207/210] Fixed typo --- .../mdm/policy-csp-admx-microsoftdefenderantivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 69f2c6624a..5862dadff7 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -6747,7 +6747,7 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode). +Available in the latest Windows 10 Insider Preview Build. This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode). If you enable this setting AM UI won't show reboot notifications. From 133936c6fbadddc60128f1a6768e8c42e0e713b5 Mon Sep 17 00:00:00 2001 From: Shari Kjerland <30906736+SKjerland@users.noreply.github.com> Date: Mon, 14 Dec 2020 12:00:22 -0800 Subject: [PATCH 208/210] Replaced microsoft-edge-faq.md with .yml file As part of the FAQ-content-type pilot, I replaced the .md file with a .yml file that uses Google-defined schema. --- .vscode/settings.json | 5 ++ browsers/edge/TOC.md | 2 +- browsers/edge/microsoft-edge-faq.md | 58 ----------------------- browsers/edge/microsoft-edge-faq.yml | 69 ++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 59 deletions(-) create mode 100644 .vscode/settings.json delete mode 100644 browsers/edge/microsoft-edge-faq.md create mode 100644 browsers/edge/microsoft-edge-faq.yml diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..f66a07d2e4 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "cSpell.words": [ + "emie" + ] +} \ No newline at end of file diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index 3314f77577..0f0c4989e5 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -28,6 +28,6 @@ ## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md) -## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.md) +## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.yml) diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md deleted file mode 100644 index 632905e3cb..0000000000 --- a/browsers/edge/microsoft-edge-faq.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros -ms.reviewer: -audience: itpro -manager: dansimp -description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems. -author: dansimp -ms.author: dansimp -ms.prod: edge -ms.topic: article -ms.mktglfcycl: general -ms.sitesec: library -ms.localizationpriority: medium ---- - -# Frequently Asked Questions (FAQs) for IT Pros - ->Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile - -> [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). - -## How can I get the next major version of Microsoft Edge, based on Chromium? -In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/). - -## What’s the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use? -Microsoft Edge is the default browser for all Windows 10 devices. It’s built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](emie-to-improve-compatibility.md) to automatically send users to Internet Explorer 11. - -For more information on how Internet Explorer and Microsoft Edge work together to support your legacy web apps, while still defaulting to the higher security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97). - -## Does Microsoft Edge work with Enterprise Mode? -[Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) helps you run many legacy web applications with better backward compatibility. You can configure both Microsoft Edge and Internet Explorer to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. - -## How do I customize Microsoft Edge and related settings for my organization? -You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals. - -## Is Adobe Flash supported in Microsoft Edge? -Adobe Flash is currently supported as a built-in feature of Microsoft Edge on PCs running Windows 10. In July 2017, Adobe announced that Flash support will end after 2020. With this change to Adobe support, we’ve started to phase Flash out of Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting group policy](https://docs.microsoft.com/microsoft-edge/deploy/available-policies#configure-the-adobe-flash-click-to-run-setting) - this lets you control which websites can run Adobe Flash content. - -To learn more about Microsoft’s plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). - -## Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java? -No. Microsoft Edge doesn’t support ActiveX controls and BHOs like Silverlight or Java. If you’re running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and standards support. - -## How often will Microsoft Edge be updated? -In Windows 10, we’re delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence. - -## How can I provide feedback on Microsoft Edge? -Microsoft Edge is an evergreen browser - we’ll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. - -## Will Internet Explorer 11 continue to receive updates? -We’re committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it’s installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. - -## How do I find out what version of Microsoft Edge I have? -In the upper right corner of Microsoft Edge, click the ellipses icon (**...**), and then click **Settings**. Look in the **About Microsoft Edge** section to find your version. - -## What is Microsoft EdgeHTML? -Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform. (As opposed to *Microsoft Edge, based on Chromium*.) diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml new file mode 100644 index 0000000000..830ca09109 --- /dev/null +++ b/browsers/edge/microsoft-edge-faq.yml @@ -0,0 +1,69 @@ +### YamlMime:FAQ +metadata: + title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros + ms.reviewer: + audience: itpro + manager: dansimp + description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems. + author: dansimp + ms.author: dansimp + ms.prod: edge + ms.topic: article + ms.mktglfcycl: general + ms.sitesec: library + ms.localizationpriority: medium + +title: Frequently Asked Questions (FAQs) for IT Pros +summary: | + >Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile + + > [!NOTE] + > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). + + +sections: + - name: Ignored + questions: + - question: How can I get the next major version of Microsoft Edge, based on Chromium? + answer: | + In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/). + + - question: What's the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use? + answer: | + Microsoft Edge is the default browser for all Windows 10 devices. It's built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](emie-to-improve-compatibility.md) to automatically send users to Internet Explorer 11. + + For more information on how Internet Explorer and Microsoft Edge work together to support your legacy web apps, while still defaulting to the higher security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97). + + - question: Does Microsoft Edge work with Enterprise Mode? + answer: | + [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) helps you run many legacy web applications with better backward compatibility. You can configure both Microsoft Edge and Internet Explorer to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. + + - question: How do I customize Microsoft Edge and related settings for my organization? + answer: | + You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals. + + - question: Is Adobe Flash supported in Microsoft Edge? + answer: | + Adobe Flash is currently supported as a built-in feature of Microsoft Edge on PCs running Windows 10. In July 2017, Adobe announced that Flash support will end after 2020. With this change to Adobe support, we've started to phase Flash out of Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting group policy](https://docs.microsoft.com/microsoft-edge/deploy/available-policies#configure-the-adobe-flash-click-to-run-setting) - this lets you control which websites can run Adobe Flash content. + + To learn more about Microsoft's plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article). + + - question: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java? + answer: No, Microsoft Edge doesn't support ActiveX controls and BHOs like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support. + + - question: How often will Microsoft Edge be updated? + answer: In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence. + + - question: How can I provide feedback on Microsoft Edge? + answer: Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. + + - question: Will Internet Explorer 11 continue to receive updates? + answer: | + We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. + + - question: How do I find out which version of Microsoft Edge I have? + answer: In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version. + + - question: What is Microsoft EdgeHTML? + answer: Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*). + From 8b9615cbda25ba0463eed6623c22bd0889c70872 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 14 Dec 2020 14:27:54 -0800 Subject: [PATCH 209/210] add note --- .../microsoft-defender-atp/configure-endpoints-sccm.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index 38ec7959c3..aa7a4c498f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -50,6 +50,11 @@ Starting in Configuration Manager version 2002, you can onboard the following op - Windows Server 2016, version 1803 or later - Windows Server 2019 +>[!NOTE] +>For more information on how to onboard Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019, see, [Onboard Windows servers](configure-server-endpoints.md). + + + ### Onboard devices using System Center Configuration Manager From 40a0800099f88755a4f244bdab4eda45a1af4ae3 Mon Sep 17 00:00:00 2001 From: Shari Kjerland <30906736+SKjerland@users.noreply.github.com> Date: Mon, 14 Dec 2020 15:21:20 -0800 Subject: [PATCH 210/210] Update change-history-for-microsoft-edge.md Updated file extension --- browsers/edge/change-history-for-microsoft-edge.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index 2529a88fea..af27551fc8 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -60,7 +60,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi |New or changed topic | Description | |---------------------|-------------| -|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New | +|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.yml) | New | ## February 2017