From 77d7f402643b360d21eee717b85d19b41ce68272 Mon Sep 17 00:00:00 2001 From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com> Date: Mon, 30 Mar 2020 16:41:45 -0600 Subject: [PATCH 001/210] Update metadata descriptions 3_30 3 --- .../set-up-mdt-for-bitlocker.md | 3 +- ...compatibility-administrator-users-guide.md | 3 +- ...se-management-strategies-and-deployment.md | 9 +- windows/deployment/update/waas-morenews.md | 6 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 12 +- ...ivate-using-key-management-service-vamt.md | 290 +++++++++--------- ...t-to-microsoft-during-activation-client.md | 144 ++++----- .../monitor-activation-client.md | 90 +++--- .../windows-10-deployment-tools-reference.md | 4 +- .../deployment/windows-10-deployment-tools.md | 4 +- 11 files changed, 289 insertions(+), 278 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index d54f06dc77..e68b815828 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -4,7 +4,7 @@ ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy @@ -14,6 +14,7 @@ ms.pagetype: mdt audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Set up MDT for BitLocker diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index afbb20379c..30dcd0de23 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -4,7 +4,7 @@ ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -12,6 +12,7 @@ ms.sitesec: library audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 162ad2c153..18f52b5803 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -13,6 +13,7 @@ audience: itpro author: greg-lindsay ms.date: 04/19/2017 ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Fix Database Management Strategies and Deployment @@ -88,7 +89,7 @@ This approach tends to work best for organizations that have a well-developed de ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** @@ -113,7 +114,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization’s computers. +1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -124,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..28ac9a4c6c 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -11,6 +11,8 @@ ms.reviewer: manager: laurawi ms.localizationpriority: high ms.topic: article +description: Read news articles about Windows as a service, including Windows 10, Windows 10 Enterprise, Windows 10 Pro. +ms.custom: seo-marvel-mar2020 --- # Windows as a service - More news @@ -19,8 +21,8 @@ Here's more news about [Windows as a service](windows-as-a-service.md):

You can either:

    -

  1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    2. -

  2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

    3. +

  3. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    4. +

  4. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

<component context="UserAndSystem" type="Application">
   <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
@@ -3847,7 +3845,7 @@ See the last component in the MigUser.xml file for an example of this element.
 ~~~
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile.
+If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
 
 The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
@@ -4104,12 +4102,12 @@ Syntax:
 
 
name

 
Yes

-
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

+
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify MyComponent.InstallPath.

 
 
 
remap

 
No, default = FALSE

-
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

+
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.

 
 
 
@@ -4228,27 +4226,27 @@ The following functions are for internal USMT use only. Do not use them in an .x
 
 You can use the following version tags with various helper functions:
 
--   “CompanyName”
+-   "CompanyName"
 
--   “FileDescription”
+-   "FileDescription"
 
--   “FileVersion”
+-   "FileVersion"
 
--   “InternalName”
+-   "InternalName"
 
--   “LegalCopyright”
+-   "LegalCopyright"
 
--   “OriginalFilename”
+-   "OriginalFilename"
 
--   “ProductName”
+-   "ProductName"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   “FileVersion”
+-   "FileVersion"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 ## Related topics
 
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 06e514f5b7..e9f8587729 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section contains topics that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 
 
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index e5c224c42c..88176e8e84 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -23,7 +23,7 @@ When you migrate files and settings during a typical PC-refresh migration, the u
 
 -   All of the files being migrated.
 
--   The user’s settings.
+-   The user's settings.
 
 -   A catalog file that contains metadata for all files in the migration store.
 
@@ -37,7 +37,7 @@ When you use the **/verify** option, you can specify what type of information to
 
 -   **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+## In this topic
 
 
 The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d35f96bdc7..b86f415221 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index fe9b3114ee..21bedde961 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 72013798ef..646d92f8a9 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Introduction to VAMT
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
 
 **Note**  
 VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## In this Topic
+## In this topic
 -   [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
 -   [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
 -   [Enterprise Environment](#bkmk-enterpriseenvironment)
@@ -46,7 +46,7 @@ VAMT is commonly implemented in enterprise environments. The following illustrat
 
 ![VAMT in the enterprise](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
 
 ## VAMT User Interface
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index f1f3ce5baf..a2699960b3 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to activate a client computer, by using a variety of activation methods.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 64027a69f0..c363018e6d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Manage Product Keys
 
 This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 889a9d6975..1d0a211e37 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 |Topic |Description |
 |------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 75c2d8b3f0..c203fe7ea5 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -14,7 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Monitor activation
@@ -41,6 +41,6 @@ You can monitor the success of the activation process for a computer running Win
 - See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 - The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+## Related topics
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 61096c7c82..4ce4e78992 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -28,7 +28,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
+## In this topic
 -   [Install and start VAMT on a networked host computer](#bkmk-partone)
 -   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
 -   [Connect to VAMT database](#bkmk-partthree)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index a99e7fd10a..98bc193c4f 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -20,13 +20,13 @@ ms.topic: article
 
 This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related topics
 - [Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index c73cbc4546..23c0a83614 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -13,13 +13,14 @@ audience: itpro
 author: greg-lindsay
 ms.date: 04/25/2017
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Volume Activation Management Tool (VAMT) Technical Reference
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
--   Windows® 7 or above
+-   Windows® 7 or above
 -   Windows Server 2008 R2 or above
 
 
@@ -28,7 +29,7 @@ VAMT is designed to manage volume activation for: Windows 7, Windows 8, Window
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
index 234ae17fcc..02790d704c 100644
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -49,6 +50,6 @@ Note: It is also recommended to set Windows Encryption -> Windows Settings -> En
 
 Windows 10, version 1809 or later.
 
-## See also
+## Related topics
 
 [Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

From 6c8fd18af3a5b910770b227e871ad90f20a68e90 Mon Sep 17 00:00:00 2001
From: jdmartinez36 <62392619+jdmartinez36@users.noreply.github.com>
Date: Mon, 27 Apr 2020 17:00:35 -0600
Subject: [PATCH 014/210] Description and anchorlink text edits

Description and anchorlink text edits.
---
 ...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
 .../upgrade-to-windows-10-with-configuraton-manager.md         | 3 ++-
 windows/deployment/windows-autopilot/autopilot-mbr.md          | 2 +-
 .../windows-autopilot/demonstrate-deployment-on-vm.md          | 2 +-
 windows/deployment/windows-autopilot/registration-auth.md      | 3 ++-
 windows/deployment/windows-autopilot/self-deploying.md         | 3 ++-
 .../windows-autopilot/windows-autopilot-scenarios.md           | 3 ++-
 7 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..772a703dd2 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index 553be3b239..e4b97b8f74 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
index 24cf4eb654..dc01756f7c 100644
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ b/windows/deployment/windows-autopilot/autopilot-mbr.md
@@ -70,7 +70,7 @@ To deregister an Autopilot device from Intune, an IT Admin would:
 
 The deregistration process will take about 15 minutes.  You can accelerate the process by clicking the "Sync" button, then "Refresh" the display until the device is no longer present.
 
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
+More details on deregistering devices from Intune can be found at [Enroll Windows devices in Intune by using the Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
 
 ### Deregister from MPC
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index c2481e9f46..93415f3702 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -571,7 +571,7 @@ Windows Autopilot will now take over to automatically join your device into Azur
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
 
 ### Delete (deregister) Autopilot device
 
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..ff5a02322e 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -45,7 +46,7 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
     ![Request a reseller relationship](images/csp1.png)
     - Select the checkbox indicating whether or not you want delegated admin rights:
     ![Delegated rights](images/csp2.png)
-    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
     - Send the template above to the customer via email.
 2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
 
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 4bdb15131d..32a9fc9283 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
+description: Self-deploying mode allows a device to be deployed with little user interaction and deploys Windows 10 as a kiosk, digital signage device, or a shared device.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.reviewer: mniehaus
 manager: laurawi
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Autopilot Self-Deploying mode
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index ab95bacbee..307d43a3b9 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -59,7 +60,7 @@ The key value is a DWORD with  **0** = disabled and **1** = enabled.
 | 1 | Cortana voiceover is enabled |
 | No value | Device will fall back to default behavior of the edition |
 
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+To change this key value, use WCD tool to create as PPKG as documented in [OOBE (Windows Configuration Designer reference)](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
 
 ### Bitlocker encryption
 

From 871309e121b8e97059786a82842d128f64492cc1 Mon Sep 17 00:00:00 2001
From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com>
Date: Wed, 29 Apr 2020 15:01:34 -0600
Subject: [PATCH 015/210] Update metadata seo marvel 4_29

---
 .../deployment/configure-a-pxe-server-to-load-windows-pe.md   | 3 +--
 windows/deployment/mbr-to-gpt.md                              | 2 --
 windows/deployment/update/PSFxWhitepaper.md                   | 3 +--
 windows/deployment/usmt/usmt-configxml-file.md                | 2 +-
 ...-information-sent-to-microsoft-during-activation-client.md | 4 ++--
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..10ca75dcc9 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -15,6 +15,7 @@ audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -23,8 +24,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 069506bda7..63942c3c38 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -23,8 +23,6 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 -   Windows 10
 
-## Summary
-
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 
 
 >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 8f73fcdfd0..4a6d9ab0f1 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -12,6 +12,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Updates using forward and reverse differentials
@@ -37,8 +38,6 @@ The following general terms apply throughout this document:
 - *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
 - *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
 
-## Introduction
-
 In this paper, we introduce a new technique that can produce compact software
 updates optimized for any origin/destination revision pair. It does this by
 calculating forward the differential of a changed file from the base version and
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f8f45b4983..4c13ebf641 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -34,7 +34,7 @@ To exclude a component from the Config.xml file, set the **migrate** value to **
 
  
 
-## In This Topic
+## In this topic
 
 
 In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only.
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 1d78a11ea3..82f515da68 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -15,7 +15,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Appendix: Information sent to Microsoft during activation
@@ -66,7 +66,7 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related topics
 
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
  

From ba1ebe05ae281ada212a7e536e875e559738c0b0 Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 5 May 2020 18:05:34 -0700
Subject: [PATCH 016/210] fixing meta

---
 .../replace-a-windows-7-computer-with-a-windows-10-computer.md  | 2 +-
 windows/deployment/planning/sua-users-guide.md                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 1d0f3af3ab..84daf20005 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e896536b7d..2d34aa8326 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,7 +1,7 @@
 ---
 title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
 ms.reviewer: 
 manager: laurawi

From dda752b272b485db68276ad48a655287ca8ab3e3 Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:26:39 -0700
Subject: [PATCH 017/210] Update
 add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

---
 ...10-deployment-with-windows-pe-using-configuration-manager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ca669792bb..4bb5ffd7a4 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,5 +1,5 @@
 ---
-title: Add drivers to Windows 10 with Windows PE using Configuration Manager
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 

From 02418ae3f8e00014f4f7ed4d42873cf2695385fb Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:30:55 -0700
Subject: [PATCH 018/210] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be5c414b84..e89d1cec9f 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 features lifecycle
-description: In this article, learn about the lifecycle of Windows 10 features, such as what's new and what's been removed.
+description: In this article, learn about the lifecycle of Windows 10 features, such as what's no longer being developed and what's been removed.
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

From 27960348b11a645b43022b6cbddf8a2e695e8fb5 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Mon, 28 Sep 2020 12:20:31 +0300
Subject: [PATCH 019/210] add info about synchronized identities

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6759
---
 .../identity-protection/hello-for-business/hello-faq.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md
index e6d36e6967..ce0c5e3f18 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.md
@@ -45,7 +45,7 @@ The statement "PIN is stronger than Password" is not directed at the strength of
 The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name.  To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016.
 
 ## Can I use a convenience PIN with Azure AD?
-It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises Domain Joined users and local account users.
+It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts (synchronized identities included). It is only supported for on-premises Domain Joined users and local account users.
 
 ## Can I use an external camera when my laptop is closed or docked?
 No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed.  The product group is aware of this and is investigating this topic further.

From f5086843d177647664ff6ac8763cd49e2cda619c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 2 Oct 2020 07:43:23 +0500
Subject: [PATCH 020/210] Update hello-hybrid-key-whfb-provision.md

---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md      | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 73e002c7c2..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -57,9 +57,6 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
-> [!NOTE]
-> Microsoft is actively investigating ways to reduce the synchronization latency and delays.  
-
 


 
 


From afbbff26634cb58c8469dbe02ce5d33fff8b5847 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 4 Oct 2020 11:37:19 +0500
Subject: [PATCH 021/210] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 5a790c046a..f9fef4f777 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 565fc712c80da74f919052addbba798377f90a68 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 6 Oct 2020 11:23:32 +0530
Subject: [PATCH 022/210] Create Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 109 ++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
new file mode 100644
index 0000000000..e2c454f055
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -0,0 +1,109 @@
+#Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
+6 minutes to read 
+
+Applies to: 
+- Windows 10 Multi-session running on Windows Virtual Desktop (WVD) 
+
+> [!WARNING]
+> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+
+Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+
+ ##Before you begin
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+
+> [!NOTE]
+> Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
+> - Single entry for each virtual device 
+> - Multiple entries for each virtual device 
+>
+> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. That way, it is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+
+> [!NOTE]
+> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
+
+###Scenarios
+There are several ways to onboard a WVD host machine:
+
+Run the script in the golden image (or from a shared location) during startup.
+Use a management tool to run the script.
+
+####*Scenario 1: Using local group policy*
+This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
+
+Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+
+Follow the instructions for a single entry for each device.
+
+####*Scenario 2: Using domain group policy*
+This scenario uses a centrally located script and runs it using a domain-based group policy. You can also place the script in the golden image and run it in the same way.
+
+**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center **
+1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
+- In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
+- Select Windows 10 as the operating system. 
+- In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
+- Click **Download package** and save the .zip file. 
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called **OptionalParamsPolicy** and the files **WindowsDefenderATPOnboardingScript.cmd** and **Onboard-NonPersistentMachine.ps1**.
+
+**Use Group Policy management console to run the script when the virtual machine starts**
+1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
+1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**. 
+1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
+1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Then click **Check Names** then OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
+1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
+1. Go to the **Actions** tab and click**New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+
+Action = "Start a program" 
+
+Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
+
+Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+
+Click **OK** and close any open GPMC windows.
+
+####*Scenario 3: Onboarding using management tools*
+
+If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
+
+For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+
+> [!WARNING]
+> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
+
+> [!TIP]
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
+
+####Tagging your machines when building your golden image 
+
+As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+
+####Other recommended configuration settings 
+
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+
+In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+
+Exclude Files:  
+%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+%ProgramFiles%\FSLogix\Apps\frxccd.sys 
+%TEMP%\*.VHD 
+%TEMP%\*.VHDX 
+%Windir%\TEMP\*.VHD 
+%Windir%\TEMP\*.VHDX 
+\\storageaccount.file.core.windows.net\share\*\*.VHD 
+\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+
+Exclude Processes: 
+
+%ProgramFiles%\FSLogix\Apps\frxccd.exe 
+%ProgramFiles%\FSLogix\Apps\frxccds.exe 
+%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+
+####Licensing requirements 
+
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From 207f4210ff1eed1f86affe8ea7f926e27c84f951 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 12:51:51 -0700
Subject: [PATCH 023/210] vulnerable devices

---
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 85d599cd64..0c34e4caa5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -84,6 +84,12 @@ Examples of devices that should be marked as high value:
 3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device.
 ![Example of the device value flyout.](images/tvm-device-value-flyout.png)
 
+## Vulnerable devices report
+
+The vulnerable devices report shows graphs and bar charts of 
+
+Access the report by going to **Reports > Vulnerable devices**
+
 
 ## Related topics
 

From c9ef6bf5cabb8812a2b472018e51b397d13984df Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 18:10:44 -0700
Subject: [PATCH 024/210] new images and topic

---
 .../images/tvm-report-age.png                 | Bin 0 -> 50128 bytes
 .../tvm-report-exploit-availability.png       | Bin 0 -> 42870 bytes
 .../images/tvm-report-os.png                  | Bin 0 -> 62979 bytes
 .../images/tvm-report-severity.png            | Bin 0 -> 40626 bytes
 .../images/tvm-report-version.png             | Bin 0 -> 47460 bytes
 .../threat-and-vuln-mgt-scenarios.md          |  35 +++++++++++++++++-
 6 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png
new file mode 100644
index 0000000000000000000000000000000000000000..14d90bbdd15005c301889630a9b0e6f134e32a1c
GIT binary patch
literal 50128
zcmeFZWmwhSw>1o+fQTR>B?yWV(t>oUlt?Pl-6-81ij8Dnrp2&#~foU{bZ%ZZe!iYLP0^fE&f{g9SRD12?`1-EhaiV
z@<5}$4u0LVc&%)Wf`ZeC{6P(;$03CWF>J)8L@?&DFj22#rdZ57qo6!Q5f^^>-XV5<
z!rmot>8fRCsI5(4g!ju6oksFUm~VtJ2Hs^>EdR}(!g;{+9%I7OtfJTJO*)QzHWuSM
z=SD0%N=l){kdw2=o$0L+$0GX|E_|mBe_c1Nr-n|(?YqhakCtk35VG&yz5DEoytUp~
z7H+pRF)_(2DQPx(uA{Gi!=qlyXg-2HtDq>StSl-qkrM0Ht*5lKb%?RF5LIeQwYEbKX)mY+TBmMYp!+;iSXbSaw`%`_1`D{{kQMQ?>wsi`GC~t|9t^69#Wrebva)M
zuQCY=Cdg+h>?~E-IygIr#m5KbCNL-E-1qWHGt}jj5k}sUC*Qnzw8)m?;#`KtVR3u>C+GEqQ0*;78Vx^v@Ttoj#h-yq~jRc)TE_x
z_Le$zTbqdbGvqTx%~E_{_bbTC)~!yt&!thgKcu3%k<{Djfl6dKaT`Cc#O!$KGb?M~
ziQNt*N7mE}4Gkt7oS<=sz0NN_M`qiusOw{uk&b%;b3OH*$H%9vJIyi6J-?C`4$jYA
zBHV~N+cn)DF*8SUn2xfZ)LhNXudA8yQc+QvOzv~~6ERXg+hKu^Q{%9q74lIJ3JkoB
z5*;1wvUd=frCLd-s>vKzpeGP;YeS~dH$(AtiqdESO&9FoV^A5TICzv
z34+1Xde;M9UCKc6&ucRQ&F
z>n7^MgT|X0F51*+OclQLIb?6sF36-`Pp3p`Ot<4bEc-+G(_q^8rSyu5hi
zc$F@~j2SMNeh4b$E{2FvH1s1frO!^+`-4ZSjqOvo?|s+kUZ1K>FehSs!eqt?vvGWK
z#`f_qvC|hX_F-E|`IGn3b{xzdu`l2C^9bjQ-Fc
zKRfdjcc=brYY+KzQJ|lknsWC}&$T5sGpE?VKvE7C=R*@7yY=CRW5$@hy%G+~^%%>f
zc%Ler8^$eu`;QbF>~xKpa318bi&A
z`b*8PE2?pS?ozMR;fVRrUt;R%UTa{ezq3f1i%;S1@iwW2h1QCt6YYntsjd(rf|1ll
z6UEQZ$8j%k=tF-hBj=P8=}jM;{L`bU<-Qbp>8`H%g@v6<=dC>bJ%eU-{`gGMz~-*W
z_y|TcMot0*%te7#J)hIjW$Vg5`G&FA8)q50OaSb7l{l*=S_#K>_
zcGdUq^6^(2kr2P`_`&|<$rBc{aR;aU<@&*F)!}ki3~g=g;n9(N*E5bu=c5PcxIsD{
z!5Y>@YOgLyRaI3hY*xP3YdvJ6_us13eBUMsU{N+{Ci|-D?9^D-3<+%K@WKQ(_}PH_g5r_a@4t9xIWqa
z+Q7u!3armK_gy&PR!Hkubc&-n2#*QVeQKl(w;WIAziTt0p?6_%Gu+525WX~NYHqe_
z+D0%sPSH@f|4Ef{pIcx5QtMvmL_}e2ZQWhTNA>uz=NOF?<<7RY(~$rtF7bOB0fBhZ
zoLZc)Fu$Ij9<1C1l0r`m+z8bxmyVR~=8(r?T*MUJz9EnEOG*|Y6UBD4)=f;refxID
zZgc!oT%3B+{30Y;tIGm-Uib~xScz$hSTKv))l)9hfQi=B+N;#xWxg6S)%m5RG?0Y}
z1h2mM``@}a#r?fkyb-||!)-Zx{Q?8KE+_QtfOPPxNwsjQQ7cd9@A9+#)rlBLK5j~v
z{Gv%Akmm*+E-F`tG?kAJ6k*Ah_qo20l(}&O1HXsTL!U<5Ne4Gqob&z@X1+YdMB#6OD&CmWocoRA5`zDN*oC2{X8jz}x(3g6$i
z2}&a~oNXjs8OdBfO+Vuvo2n=_h5+f#%O`E`@9V+ftIqpwt&bMt3%a{QpzCX@olmCF
zaPQvjyYE3Le{Wb)T6+AdPKb+(3uSs?qcdn@jN3ws0^&Fg3)IeJsyUf=Gg-Y-R;2`6
zZ>j4+W3$=ADtq(O{Xi{?zjqK`E-EVbB_iF#U|}EP;2<;qXVv1_K7{w|^mLtklIY$f
zuX&gS*Dp2P!ci+*>&LWQzK{LO_N6$aV|L4#0U^Rw$)gj#!^I4D|zIn#sIHIjf`|8t$%{olu
z(5+jyi~|yKa})G0Zm$jL3fO*qB*c_%QwxiJW7KPKjgPzVCtcv&Ck%>Y+cgfz;dxdI
zZ&La8?=<+}F4g;_PA@Mz436=$$$aqDa3ZQ;)3r-wvkr$Xw|!F8U4C_mfr*86>Tb3%
z;_vUDr07t#;M_7cHn#f%HaJ5TO$?_wW!cx+8mIv0_Qj?{K`B!rVX-a&gp8{1l$2U0
z`7NRPhDJw=ulnJaRaAtAN4JGEKE^IvPDJnKeJ3Y}tlvB~>#fOSTSfCiGc(mEs|aSL
z%L`V>(C-&Kzv|;q2nahlIfdsAeV2)g=Utkg-<}Ibz_O|B!}t*ME=V)?Pef!S5x?`n
zpUKJi$!cfom6XV52l-+rP!ljshjRKh?Tgu6jxD@#DKrumFP7dDvEkz4PC8$?B5L<;
zVGS4P-{N;ZJiq#=5hkykb${*rc}(ZMd-o#F5-(1c63W*L5Ej)v*%N`gr82@|O|Nj?VGjl6ct*_9)^@=wn$2h;^>$|rr{PYb
z*YN15)xojx@{s!rue5xV4U_!heErTJ>^958>3yV)Ex{CqlZFWe)=NQH>K6!afwIMl
zHKn3$QXHBmckYkI`*BVL1k0Sniz2rKzteSC*$BCFa&mGAs^zi8wI&e}ldpj(@~<&b
zQ5ioHWER}g@JRgg>g(69mKL-Z*kZwC^^^6ef`aZSWMpL9dwaS^ITKNPyL4*w@jSLz
zs-&uLMQsSg+;VSHk@-}80WO6(#rgv>F01)gWrC8d>};r24-gSAxVv|tUMCf#{tllyB6X;w=pNArbfo^>}AdR*wb?dgM`cIPVLnp
z=^5^N8bqGvoy@nmIH@ta4UYot!x|m9_-l9YdV?+Ja_j5sKP4tox?PzP01^<^&>+9S
zP!rZLGYdBzt~RDgPfrKv%DAxmD5>}L{B*sEQf<8HSjpXcWRid#+*_J=4~8_Y__#?R
zMQ+yEvkEd?#b>LQpjb@JJNuIHMcu?Vrz=gUn3t=x-;0Q1(gd$}=I
zipOpA(0C|^ipS|@12cuFiwmDDPmrCYB=(S|J)<^%1)IsTEKKQ*7w_KPm7{R}UgLUd
z(bgn%tW$pt7F~OB_RpUlOYzPTm75h|Sy@?D2xQ9n@ZkgB~KAtRX!A^Ak2H&vycPw~{B=A|fITswDw$6$6v)9hf(3
z&X{l>@F|&%Sub_Wgou$F%zn9Hp?#T5XPGB7X%Oqd{RyJY)Zg2O3Kuti^Djh72ogTEKLUDm5y2T|GP>6$WRX)J=
zn4fQKte@!AyO>p^IIN7e%-uBK#Y0LM_O!_YA15yS0WO>Y!H0cnVeM~Pe
zFCbLPwS(IQiy;$n8yQjpZc95L>L?ZqjH6#0g
z)x{)l6;W>O;r$yoZWMPt`q<8{tE-Dxpx)j(a1j+1_1XwmKg-p);5{05<*aUSMpiv>
z35miiIdy3s=RpR*Z9IewQQcHTxQ}2PBX1l|M{HrWV@k!AtD^ESEuP~
z0%HriRnH6f67v%iXya$Yf(1+FRbXFgw+rEhBQlM{auu5=yMoTo&*?OonV6c5QmVv&
zE}*lrv!djpjcT}g6B-yR%7g3ZXf_*z*)~O)?xJf*2)IeUd3;H>#m@-aqcVPPSE
zH44T5GZ+q*qX)%=fU+i{%kRvraC~2Bphs$2wone0h|vO
zxct(k&a(%NpXL7YTV#KJd8S`=(!4fqd&JLhX?HV+iK%LTS7IU5YXMQaG^lDm*WWGB
z&@~t_UZtktJ||V9S`h$cb9a%{++w>(kMYsW9sgSOj;qZp3iGNH>a)X*x$IJd$Vya&
zun0!g-9z53z8Y8OW=-qc^zP~+dh-u?>^J{tx?g?}C)d&C)M1T=`Yh&UN+uXDX;dj&
zqg>|8Z7n!|yrU-&wTB8VL1UwED*wR~yF7g<5x%6QT+j0Ksb98gDXV)u(KxT8Rbc*VUy4ME
zW*rW5b8~AO8#nmjKaJ3*78A?5bUdy7{o7Z)(hh*d1kE@;
zUWhw8F6Q(OO@hvPS>{M3P0$A!fiB>ta{K!?Aw_A)&TFX@nY2+wYKW?+&^>LDqsua6
zAttuyeF5nKd!oWtccgDC>T+L>>|}{kdv8%n&%nT{({^ZPZB1-Tz;$Ij8Hst#_+SB@%bm;}Jb
zGjVisoS9h>hx$&##){l{zc$9^mX?B{%>-CO!+kwA0gXu|M`v4=;-pwU*-J}wz;&IQz9YpiQTaQCx&p#gi2W`eH#
z)Shq`GY1DpS!HF|PIrTWy!sS14UM96wc9EFFIguvt<}HjCL;kgm&Me^&1SFK*w|QEmG)XFghfQ;9okD^SjkD^d^_`D=lgqDq5))W
zG3HhEFpt28&iLQBbquAj>}=Ed*k#fM%O6X*`qUnAW*n2N2&2I~JK8EdAM5HOpu=5W33(9{bp**kGOw$zE5f*j_P!qCma%7gbXDhA#UtaWE&s$6GvI>>P1NgbWc
z?QUx`=%jG(DOBVdQgh~qZYIrq3iH(~6p8%C~O8!D*z(t8zcyrZ?(Oy^X?@lQV9G$i9w_
z-dE*lEgDQB0jsH;=4gCkqI|Eb67#mH%v23tzyn?&5lTX0)pl-fXAlR9s;R3#yPut3
zTG-Ord7Fqx(Ob>s85FKrK$KCP27|ep-9KAj11_gCNs>$Jf~`Zy%*+g2+e^K9t-H81
zzzvQR=(7RmJZ{}x4dbTas@aUT!No|b-bGbP-p@;1{`ntMuAJpI?x`y-Tpr_Y4-kupA8^I$W
z5P=cwZ;VAEn`fxRkPBUEO`f8mt2O?9o3wp!puawBd5?&wP#>}QF*vSXYdX;%9mqoa
z2n|C;HAgB4(f9A)@8B1rn^PoM&2{_xwvGTDvsCb_0SUHlZcW52Q%xz1&SlUsF)>9<
zVJFFVR%=1gjkaltlXO3H#3uF)x*Y6FqJ8{0Ef|!i`I
zs`?~G5&sHGhL?!Q6AE7MYELwQ$t#>QBVAojTY{lm($dmM-o#>A)@x4g-Md##D)*(S
z@w=Fq$oL$#vzAUWOwWU;sPKr0#FUhn*E6ECN^4p&1eW|_uiA4)GAnAbCCCqtrrZnN
zuLQ^)=ifrsz{J6U4k09#H3o7d7Z1-M&rlYlDlad!WL3zw!E9tx>w3Dc4+K+G=c39&
zGW4!$+&W)UN=@FszZVkXxwF0f)BWmFcz;a{xfkL~-oAYcq4xIhKrxGA`9z3{+GsYe
zlxD~KLz0VYSXW=aZe)bS(9n>_epR^A?iZ3V2HF*ejO&Gh0-@_;O1i2kn6{hvGq+e77AB#EpBXsHl=<+Se}5j!LU)nNCilfg@^#3@}{l
zE-3rM)9%y|bLg>HP@e6YLWOi?BnpCc?Z^m9T&LQ0vQ{&O8;#e=*R
zAZ;E45nS~5FIMit{NlIBNS}lRK@t)gaVZHPU|N+sIaOm^GLnE6rAGHmiT5XG8CviVANx5#1WbC-RA@
zBo(`hkEGz}I`~5(BAP=Qg_)}N`>-&M>Mqg9cx-&}6gA$Oo#+esC`7#;LLmHKhJ+x)
zi!5SG32VeG)0F2I7mPBy0|P5UC$Wj$;NtKVPQk>`%wcB6yUYo5iS8$
z<7znMe2s@2V|3Wo%64J-JQ^Ar*tN4*la5QK6}D^AkP?Bh!W2Bui_ObpLB`6-oe&T2
zB(l1iA84CG4r=eef8VRAPvjL8{E0o<@=_B=JI9IqFqlPRI#!JA=b#(uO%##fdI$|>gmHAi?CTM(!8H0a{!zf4kSURSGbFwXI2Dlo{?t!?GU)sf
z5*H_;t^EifOT@Ec`k1BPQ2kH#1eWI8!uWU&{IGBvptA{yb_|_s37%V9Yk>^J<;E8c
z@0%_E?ok0*khKJ~jCh;sNZqjvn5Xq_6+{ZeInv;MM+Ps3g~Kple&%BRlx1VLPZr6P5Nr%L_HPVXMgU#0uF-bEIWB@O1a~3i|{-P~O>-*~h|7GcMhX
z7`l7+u2QKTqk4ti^ZHo7|MCLVH;o{#KA*$jHZVN4@s%YdJ7W(Nc?_j2ZsQXU{iorT
z1J(<8$VXX*GDuusU6aj(i{Q~6?y7b^?8#Ez!`iDJpz=Za7-u{fk?HSG^^}tsTPcoX
z-`>>fU07TCxTlR+(31j(9UTxeglA_Ol2cQyMtXiNOl~bK=zqw~&SvD`C@F3y`Zzng
z`UX-Jy<(2u{_?Xd)zS!PEfk_6@!t5Hjg?tGhT_>i>3ZfXct^&~?ZXZu|6|X;_%ucY
zeeI#QR7nDd6AtZFBV8^e0VhAxZ7wkCeFgY}UC8@;Q0orjD^dovnv>#`AK_JiPPTEV
zn+R$RvS2{-(~*aeSbBJHxKlqc037;YSWK9Nmew8F(GT^I<9N4fe15t|peiXVYnz$|
zR>trG@fQ)B2J554ok#k8YEetLUy4Lhw9Q#u#CR$+Ao8`BZ`>}Qj+U7E03h$`>Uwg?
zwqxoo7Pt2JL0=70LM<--77V_(d=O?i2FM=W>P>?~!fv@01f
z`2v^Aj}dvqZfMVdRPfP8n_qJKf=q^L;29-%a`lG+Aua{
zFjQAp_p!Uad3t*JwXE#J?6IQ7oXSlmdx0U2XM0CSOZ6BOvw$+m0)ks68ay#5Tz
H*$%2H}t)N-!9lEz|4kuK)%hDRKV@M#v!C92|oVP7Vcjrr7X#^|6sHxQNJvgG;-O
z(YDbj;tIQsuf@f;Z{GA#D&_EQt$!Ou_5e6_#-^qw2F;oPyvJfQ%hPqufuukp=%1KM
zNb%PvdQGvMx8uQ8ECmZH^e2hoR#mqjO|uhYgU10td8YDl=a8@{jzMptIglR7x@lcd
z$FR$c9wLcyP1kY{xK1bp#)!al*9wrJOr}c0e?KA$b2w)4^T9<+sSZ^s{wQK0%fhIN
zzB>@9sby*^HNH8q?&m+3(v
zh>NIAQ#Yd3bUnENjbYCIO*RlltQpcLW4b8I^NVDO5UF`Syo!&*OsRYN_oM6Ai|Sfhd~$2f|Man$gLERlIi|&O
zhk*SH2+g}ddGxy1p#Zm!gfvJha&mGqfQ&n%2<50dxdJI^w*qS2In=fvH$%rE`w|WY
zhj4-&44gdZk8owWt;Bsmcn#d4XJF9Vis$;lX&e-3-$Z_@5A}Z4Hfz;7K9(CdI+g-@
z$diMi@F!GM&-7aFAhqYA(gF3{gmir^iNvJHZ=s<&ZB#$axUYKz2g`()r}ip2Stptl
zYyr0U`qh|I*hqghH0;$%o_DaoE+!0CyE!0wczAew)Hqi`iJ5b0>X!y=m$vryto_3H
zz#2R}29=_3fux)TZWm6QWpiC`tlI^z&cj;L1e(A5P%PG5O~|}?gM}+#A&3HbpscLS
z;&@vdm>(8m?D+&9kyXF<2((z+z)s*S*UJt^*MQV7-XFiuZy=dnyCotlJYS1|gl>_k
zkac;%3H5Dzm!Z>9GAIb@0v>*$_w=;F@o9L_x85veYnO|2rNaq(HP=pd5GwIXEB9a4
zO}d`;)Cge^GM;;HMKY!+I+$MuO|)*RS2E%X#U;TOH;^KmN^Fv^-k(7cRq4Qzmj1g<^
zFQJpSxF5r09`Hs8x9`lU*$({vNU_h8V0HfEFTETe=-s58CUwn&5f8>n_kf!00oK*5
zYKJ;N^f9brka&M|FS&Nb*-!cf2Q#adnl)*$uvkpL0MiNyp92eX?fG43Le$(FzPw>h
zjZ;@EGpZA*y1G0Y<{f4;8D1dc%A;_1cL!i84C=L}>j4$#I16f6n=sO)Q1n3p7&$tV
zOsTcOBD0AfR8vgNO(R~@?$YFdQDBK5pYL@aJ2qj#UT?>ssFJa=nxOH=VBzKl&Q-HU
zy(;SGPpu03t*)K9Hh_NN^tohj_4$77&+6vQEi5|fe7K0X+XDn&o-wWVB)icvk
zIhXStF>DIA8<40RuBz>U(J*ujEzFox>F0JR$sivZBMyX
z`;-$E_B4rr6Rp4g^$KhAOA-qP;f?ak#+BK#4l$DmS?JwQyy|{F+;pFQ1e}KAu!5Z(2b37FDOHT`GO1Tu4NV-)
z&aZbMwGMEhHPSOz`+^P-W>)Jd9mf-vkRT%}ijFks9Bq`gS6|ipkT(}w8v=;`mf-%?
zoQPQmSU+$V)el?F8QZcI@n}qH9G{(7PuIDPmKYlvDLFsV&iv#_iK=u8
zu1fHkfmHxWY(UT~?d%pKRB4`>Pa1-tB!L`70c;W=j55Y+;ZlP6FRw!tYN5zhglbZ2?n4XMSm``-FI%wC+6e&3Sxbsp$r)=
zA6LpBw~t>n|3PTvDc}r}1w$DTo9b0BXz2xfzrTz8tt`FYVC8{{)i+
zHo8#YP^mmJGa3(>L0;Mhq19rKv2=QCs~fCCW%HpD&}gCzEdH3B6eu$4{cKL?<_Qgu
z^U)@iQ(LH&`;qP2q1fk~oRJ+J9es~fvC%oQG`pc>Ql1{rmrim{xdaC1GH0t4>ukp2
zBBjbY5u$-|*TKQT*p3dpp`19Ri|7pJ0WcLQa!XxRXI*2*rzi5Mlr;5P$RL+8dv+mEOkzBDaX{4zqrfj^iz~nBhdS0?<1d62xRcL)=$hSc8xBG#&!l
z0V#B8D7;olbk)OMY{%D6SqM@n*Ckt4ZA=WQ{e&y?p1|4n=x#wV5NcsZPFJkaps>u(
zO2CCKz=F{l$fYm;_}2(LZ29I}lXOQE?DIOvRI#|0d%PbO%s3Y7GIh1wR~(bl`dnvT
zo{Q&)5&-Tjr5!ebnwoLjA$}C>`}f))&pI5%m6q=p{35_oEpAH-BIo`L76gHs0bJ{;
z?^fqd1SKG-*EQcJ1)FTDkPi;u_OuW-Ip1(73p6n-8!Kti{A*HX6+6^W*T7N28%8r_
zI3ilvBP+2xnIyI_r%Q^Bo>RTa1L~Dho|XVeIKN!a4kZ&Vv0uJ?iKIi#tJz~Lbz8Lb
z_4VpJF89|*GW$%qe@O1H^hXkDM71Ra3n-W=MTRJUwh^$~>B6L$2jXQC`nZQYdf6UTXe{n}W;
z8w{)5s_+Nb4{&dtou%XNmUcKHZxai;@#R*XvtCu2vlbfEiU753G(h(S_9Vc98oDKN
zYdg!CAI3Q|2SXZ$9m~Cvz)WmUR*w`H+H3~Gs$_$RIL;k#mhCi?lJFZmFO~YyI44KZ
zU{sW0ZGtW)GBds0TDeu#DMsPuo0dj1q~ZKPF_^-fdnkh^r
z47=+3`@<|1H3Log&HwuOzP{k*;zDi#g-U6t7>)}ALkLDv-p!AQt8RyxCaYZA)$!ucYfc0#)@I;Tu37oYC77zO6
zkILJRkB?avLd579N(&3;E-}b64yyrx*S{44+AF!a4JT4AcyEqPh#Kk%MZJ3u=?a{N>lB4c|j!GW6PWn
z{ClM|umn&7d1Hf!4Zo$`S)qOr9Z4cYb_o$>}}>Q{g3>22bt{)9Cn*sI)uT5QZ
z^J2p6u|0O>`7TWR+8F0&)Qhvdd3+fqD?KRXKlisTL3sEDJ~|RMgC6LJ%xdTC`uh9w
zF4Gi0sOvt4kL&y9bcmJvoM>gp9R=yF%Nqy$34uNCdH7v`OFo8d(+1u16Nl*->wzCl
zrg}FhblQ=cU3m!R+-;RT50rRUH__s)+@}d&$;d?Jr+?oc8~bkMA|yVNHAnefK|f8(
z`K!kws$|VpP2rEcO-bl*7?fBNa%)e&Di=;=*p!JQ9VWa9uBXo`?Kc*CTT%xd$*DuG
zK7XHU1KW@el+m4pn2kE+?qZu7I*B#d!63gT=H-0@zN*SK!<|mO;UC|)DO~D4-?;V0C!p5!
zUCN%?P()G^nz`GyfHOtH*X-;EGt~`99Twc?MX0I_$nSj@?@fvHoP*sz!khB1>=)#N
zlvdjLAJ@@=7W}`rzuy0A_D6>1|Bpit2cQ9yR^CQ_93|z_m%!ru{Ft8K-?#jb;coS6
zu23#C2%JDiP77X$HRXbXl`iM6w@;^Fx{(tV_@605{sp%X>X%-O|K9!g-w$`+58wSC
z5B%>7{tZS5b^WQD$#XVFuVeMGk7~?iu7+xSRR~75m`=X4b++^423(Zmvop4{?9!V!
zIA%Q@qGHT5(JTF^4j)IK1KWP{g^3A6m|113^I@^inCL8HnSEL2#))x4Rqt{82^_+gjjFZYgixFDtZ
zz@);isr_uqnj6USGin)wv%|hxPu#^0Dh7s*-P7`~w(>2dIr%|B8n0fw@V7D*7%@Qpc;clp>w|!!mU^$j7
z9OXGmi}_}GVl+TPI&sj>TW#Q&^3$ud(P2#B>nR6
z*_6(Uk=x7L+ZOTeZs;hW3`)iv-s?{j?AL0_9v)T#old4>)D{%Gc&Alyq^rHMk{9gh
zbPVRpi7Kx8jZOIstOd;nIckOIwQN|b)&j>r)m&z#%FvEaPUVM#fOYN`6!ct5NO-$M
zS}Vmr=*4RvYPZwGp0ji^WXb%M^6}K=!0&^63!c&4XPup$U`kJFJ^&P6{wD%C(%1y(
z^72arXg*Y(ixJ$rC;QDEODqgBsR+|UN5^vF>;Q1_v)jqdUkeQn_iO6~f@FADD&&^1
zxcD=mw*bI%z>^HIib8ms!}(|)63o>d1q{Ffo^75{AR?HMjzBmz!H_E=#ta-cVc|%}
zT(AsPmY6-YbkqyzhQRHCJVep!L&18!tKHbrqBYGqN;^TVwv
z8R1&Dg$VNrmHbj^oBg|goNQ>|V+NZW-&eSR4+-LK&=spaa>GH^VRpKxI-VD(^~km#Ez_5Qajw)2Mt#Ti%HGQ%$A-H%0HMIZFYhW`f{+`
zwTs{9LcB%zDTPo+?DXUtnOd%a%L5K{A%5e)oZF^r)NrcSdJ}QyW0A#^w4;
zs_XyIE!s`F#*UjQM|9^$O+$$Ll^?7=J*91>DJ4we^Zo0^%^WFrl6Jq6#OhO9S4Z;i
zvfueJkBGj_&fYDM9z1_h7MswO`DbuNlArJ@2n3zWO;7Md0Q?7O6hb|SQCpEKL
za0t^CJ%f`A;q;0HyF>Dgm(}Ux#*aku)X+D&kETGShY|PqdXX6IQvs16j9u+F6<$T`NLPXcD3bLtgr4~;8DOq
z4ZO#WkP-!=*h=@0&*fU_c%@;te;hcI0`!yoNR5x{GYxr7(zrYBggsl!yS{(s6t1G_
zZ4&2ev_gA}#x8~G;$&^^@-nTWcjk;AxD*u7W7Q{+vm61_sUQVs!L|=}sKCkuHa|p<
za_!Y+<$}RwRBzI-yOtn$Vg)q?fwX+D%?qb(Ac^!cCo=1b2LEYmOCRKH0D0@x`}g1V
zH8OnNE*Nt4_4JgS?o?eIs)92O@9tfla?5JlHNpzJHE(FI;gmtg$+YJwMoJJU;GI<`
zw-`8`x=V;&!4_=^4OX6Yb~4ZEzlhXTx7#~M8pLLN(qa#!c1D};cU>Om1o~{U|6=gXdTR;8LB(`mKzRx7^}Rr4I9(QB*_y-sMS5
zw!h_xR-2_%KilMAX4>}zQP5xOFZAlw_Tf(YAu&=o)|u7r>+eT4UMMX=4<6IdV1REF
z1vD@Hl^Y|OhPha#S!+iv(U1zZJN8##|7vV~#$N#2jX
zqc5$mCu(D+yd=R^xbK~JlQ$Pj6&5*z%whr)Bjasw866%Tg1s;h2DmJHu7AK0cAkmDn2G=p-3nL(Q+z+y5yZ2uiJVzM}4KQ*(m((iZSj4vY<
zgZ_Ooi#=MBjLV{~uOZ8Xs{-cYa>}P{b)?WR1tOes^)U+p<#ujs>*~r%uBu>8H9-lA
z6^s2QnMA(H-`{{oz{mIA#5iJBe&X;_B40pV8MmPzp4wJ^Oi9t!#Tb7r;u9mHsgxmgWo3nnJDe~aJXOP0
z`h^SpOA=Yedna8s97|g(EjzD*SE8pfq3ksI6Afe#3pni?QA<~aL~6RFkIpLCw$y?2
zwjOJ8dAi07wjIl(?T3)#!FQW^V8|7-72IEpZPErSbyfZ+5{Q1VprSJsZ|EaawPG>~
zV&o=z-V*Wrd1wAWQJkU|qqDPfyvy!WBr*U?II^(x_oqHH9yCFO?LyVzijIZsTZFyC
zuHW7O`FMCYzW5>OArZ
zMg-8FaI}i%qeZfQYc(rmc~Bsfoua~T3n`RbwR=nO5six0g5D*eJgCB^5&FLNn
zE_s$!bw!?9S6-Ffj3nr2P4Ij3&d^3Orl
z%paF066~SwpX?%-%fJosk&H5*BdDoyTm9;iJ;#3G2mA4b;B8Ka8lz>UrK?NcbWikw
zviK$QT5Vnnt?Hwp@6T}kq8+>~^Navq7c$!O;!9r-78Vw5tDsj>
zTl!+S$j7J5%tT4yc&fYyqoLkm|AA<4t4or#zkk06e|v$q5x`v6AMTa>@aTwF=Q%Jc
zqVXCwCh}D(S;a+sn%84B)y)TdJhp!(5o=e!M2K=`zu&_uF-f=NkI7Nbe-|9-^pv~C
zCsAE+s4PDJf{NH>^ir_s_X?t|?NJ)x+(L{bwd8#_D0xh>tNAJ9szg|O=`IGfXWVj^
z_7eZ#NMM2I4GiZ}wy-|DSouJcWQObVUtWN`lKiHTk(B%xN}_MckNq4@j=T^)JlMNDaApb~mNofDR*3nbEr??6h$Au-UBjTeDfS`{(*J#z8tI
zc3OfgBmu$1LZtLk;eNv6aHusLXL@V>NZhmkzgN$|@a;SQgg@je$1uT_5DfMw%+%D2
zu^aU4?BNKeN^B4fpoIGR`xjOb;^XUnXejI!P|e(EYHU2GaJHwIXm*|SyX19vywgtf
z;=7&-YiDC>#`BcK-!%g%WihN$9jPB68gt+x4WBQ1-E$FY=-K1oVMwfAY0|+|A;A@dWjb5X$w%OVm!^J5T)*
z4Y-Jx&$xYjqUy1?J?zL(y3gacJ_pOAjj1GaWDc}H`;yF4IZ==NRXWxHzvy1FSYrSB
zl%Ed(6M3un7V|3f$;;3u$^9RIWWlW0l08_uD}q;DUA?@z`uT}Cc%CRu&(0owrTjC)
za=1C+uf*VO!xL!qJmZ6>X?|3`$VbG2)oYoQeI`%30NT`$PCev3N!I8Wj}nF|u`?cq
zzJEdaEZv@@==F~P$|wJJ_7&l>v|o&#f4#hP(@&T%YuTKr>>V5P@9L6vsMZ*WXO5Fb
zL*e1&MMYT~$_47M+B-l088$Ai?%rZ&`<|_>t+tU7rm3lE27m4SK0opEE>E=^!14$u
zdsknrJ;)hlrOg@s_lpv#IC*%!9v<2aZybhR;P{}C2V-o(>7RJF)0I%mPoG}AP!?x*
z{_?Bp4?P*q+?wVUPtD~)Zc1$Li42^+Mw%yCZV@4xsKS?*zJgZaIEu5r$Cf&GSOJukWIYhTNY}l1en1P(31!E>A
zCr6h(fA#2opbl8aFt1-*US5`MCW_~_7X9FHF^wTuryI=g4e2S@S5!*sHXQCi
zL4mU#$GyRBHe&2sBZU~Cq%!}vun^L7>9%5c2!@&Tvv`C}QGn6_*!87G7&04oE-O&xZ{r&xE
zgytpd^_MT)-38+vW^W$5)Z7@L*Nh&Un8@bS0FOc2#qP%(sTd9j+cgvwRn_pt@t&SL
zJUl$p7F;MOu)wWzj*t6>vXI&$N*NL}NmDB}zshL)
z-}^-(Cq4ZpjdW~O|FB=n9Hvjh_KAy9wG+F?tZzL~{4f|36cmW$LWa_b;Uh;SMn*=5
zwd~S|;&(y*f?b1^(9N0FM(E!(ZC5FgQzDht|E6$NG?6wjEe%6mT^%9@QP_6iL-`u5
z5%T)_Qg;G|Y{y~2*anxyGzy$z&9j^n4fFJ5`lMLftj7C^kSo>=3%#8MvyEhm3A`xD?EkVCP8ckLn
z?CbjssvLf=QPC6J0OYDK;?!)8aC!7zMg}+D^-y_%UxkG@wsho%8ii(*bQ+$Y@ONv#
zv)*uB>k*mNMwSdtL@$t=N?7=a+;Je3tcQ`;aaXTRKF=z35H>^Vy7T49Qg45MQtZ)k
zQZSQImBhn4bzs&qh!LQdQ(|h2Q5759{bkm>2GqZZ5u=Sdk=TcHg^W
z=W-xHryzDzVdI3g@*Ydzvh?%&=Wgui{sZWxW7cP$euT@f_W4|H-_BDpb&7mNK$*}z
zH|w+1TegY{S16*@47N+;Ed>45uRD+jM#shmNCf4yZ!7mD41Dx#SosUpg=N4FBf~^3
zTV&PBk&h*&OvV4NF6+%b1Cx+vEV};x2KO}@lnPnv*I577M6Aq#411FI+Us^clT@-d
zX0cwpi+LFJruj~2zD3i2eJ3i5n8)7;#KO1uH!JGs^2Bc?AIG#U!@Vdy)=#ela^VAB
zK1ufw)_J$ZY7{d3pK3$NdQDU>tlg@dp-)cEDe@(Ofr{kgFnwMBzu|A5d}Geb7g>FJ
z?+M5pP$CKak}&_nEe3dys3x<*H4|oR;21m#Sw&V=-R1~D;s2@9dMGBwA*1lH3WVju
zCwMuBfeA^BSrX>l4i^;4N0`?@;PSEHQnRY1{R#)Fc|X@r$65>hx&u$*1-GE0)N5Hx
z&ixw?U%DF@c%lFAPh$#Xe0vXBhI4Y5AiINhi_9vCv~(@80~!$)@87>#dV1GUSU5Pm
zDK3`9P&^>Lf;c<9(?XG8J$ZR?);ln8BX@{*YtH-CBV>7ma{5X_!rzYB>KY=(KJ
zV;p=tjre&=49it&qG%B}04S@K${U*|qyW+2>?PZz!h44GQ7NJa=-N!dq4
z)b(`i2pfPn`-lIBu>w&5kis~AtW*?AuB6;%ih@|d#@rA5|K?p_TDRd
zudHP6&Hr5W{C@xM_j#WGztOU)nc9C1SFxxUKo;zf6W7Qn-;B#&!^}dc;qVxm)gvPcuoG(L6QJhQz
z#q6@JHgth+@o_X8732Gmwy#(fuh_&Vm{~TGK1GWwW@wOF{>GUF9gqV~)Mpvix
zgU$0i+axFlNGdPC<_a#f(Dd2Pc~3!v`@||MkGh%H@_0F!dJbuAZ7s6P102`M-9tj0
zb3>ya18xRTBdX>%$F?r-2L_KEL#RfT(3vDn|3R9bDz-gcc~Lu7r^q
zg?zHoEKt@eP~Jwy%3~|vOVQIGm=!%r<#@GY{6$MGrB5uR4REL7gV7b7~
zdv?y(f+PtspTPOIuu4x=cjDM2Gc#@hL
zCi!V{+Ko~4;k2Sou9B&$mT-Cr!F_xUVYEzzSolBQP4k=I_NE*-vK=3+%Dy0M(I&o5
zI2MzZb_;P^UpMg`SVHouVe
z*QgXt|Ds}FScxhH{%JY2e2fI@C}#oO?7+GPlJIJPF$nk9l>AhfHD&GW5Oc^ecsDmc
z;o#u-DSZX`6T=S%`>6}S)F2I3H>x56X$kdA=*qFFKHj^-!*c=gIc>_#-u#i-L9-hp
z(lmV(t0G5{RRPcH$nXj2IYiikP3V%4Uqv*dV_lsq>M4I5fh9`2H
zF)K0Ft?Zkp&JCC
z5FlNKplI`Q5p@8yqmvWT@bkb0`BZ=VZqq36BIw0Ubo0zTmGiXBJuPon*q`@e-6UI!_x+I^TNmfUUn4
zdQ=)Wq=Rlw&PE?tuWhZcd6Vb@U=0!K@Q6rl{ses3$dB|<<<=F3GsZvB*>rMW2#%?HOLXe_7=iC=ebF7*GWL01nJfP`0X=C)&Pf8
zP&fZMF%|~Id*$M6=z;Y$mR`u0r6)qMZ+Ea|2uHZ@(MdCp;u-XsTAQjJEHEB;KbqB-
zp_r7Cat;6j!W}&7(a*;MB}wzc`3Cq`$;hrhAp%u|H}tS#+$|_5fap>WT3h@-keyK4
zbM>s00&s9h+yYw(Fb`JNu-|m}Yub#G1CtJK+#_0|=N2JXu3&?s$Nsazz2Kq&SOzvx
z5&5GdvinOe{)Q8g39vnI?%?qiS}EDsY-LlJL(u5r;?i=tIx31JQ>|3NP_udI?l@cK|Dy5p5zunUhp^o
z+ZiBNO9o$$G97rq^p__eT54MP04Cd5;nt~+-CQbc7kl*WND^8i@FaMfBvjW6!xVGp#HJWJ#IgZ3#AxS
z*%bMJPl49B5=n~ZyS_7Gt^aYabU>6W?rrouBjIFF>pC5Db@nxz;&uu$SSruC>4YDC6mK?3h%F1hVvF6lQgIStC
zSI*7p-w>BLIUF^qk1j*Sr4M&uN2RJ@9wr52ps~8lhAoykYKI%nUof^W82KWjfIX%fQ|wurnvYD
zcK`>Fd%trmT7YESjxpJU9If&D^{{aE|dmihQ
znes!LP(BajJ^;moAP8;j8XCGFNHDp%|GlrT;KL=E!mIcv!L-bK^FX3Jh4Y4L;lec4
z-hkV}*fLW|C{Op__nA(#n{V}{|L4r0kPzzF_8(C9;nioL`IPt}-`nNVAAA(VY*3aBt`($81w&sCjo!9)P;
z@$vEbJ}^-9voX3ucYWg(%FaaDOtWQVWWQad-8_wXlkQtt^x1otq$e(!eNlU_K124OLSQ=-5gTKx
z3KBAvz%U(k2fIrIVbO%Y%z(ICebnYgI-9s=WDc2z0ov$CC?E4
zz}A-YF=2$!Ob~MjH3uE=e+)j=9edlXNM&9usMBG&_8s4F_}R~Sfea;{XDMX&Q}+!m;~_s4
zk5RxU`3oNY83i~&!OS1o8`!*lg~xir_70gS%o`!U(Qk$PpAZ;y0TR(;0`AkD{ZS}M
zr*>YISrHl{qB*&v?~ImaMqVjBEASxiQtCO_pFbNx6uXr3
z&f03c*hn?|hhMP&g_DFcRC|R0`Q86u5V
zJ_=v@03*Dc0B$Zs9om3~Av8ebA~~=J;CrdV{rE918bV-2
zAKF5*+~hW`%JSD9V3Lc7!V&mQQ2ftkmE0`^2Zhi)KG+6R0M?{0h$H%ZGVNvS3XUjv7<5#frGj`S9YG4_|}9E{}K8a-vgI
zO}i0F(_2dM7b0fViuL0FZ}#`SzexL}QoKS$rY`=z)AzA4+?;_xi0{Y8)#2%pkP-2w
zEeqISP4Hd-dRfcVS>c^ghhrWb91!4~TR&LLNh&NPIX*rvGL0aNOaj`Tnj|n0{t6ct
z*YT~j6wn4TkKS={a#ri-FQ~$GBTQTV4TOOd02QrRNSd@3F6uvl;V-iAo@2R8Q4xFx
zKa(I9Z7~q|z};25x|@`fW8UE%wBZ7s!B~d`CZQ&|Md3MGC`Nq-E>`xdwjZRdNv8u?d#K0vL2m>vORa?#zfN=$uM~Nwg
z{Gz|e_ugJFK>Q}-WzTsE!OeEPkh`MC&CeeKIP6AXVABh3ABzP`awMkg>bByIgHr)#
z9LR5|!mqT_pdtY9{rK6lp0atza&^E6ke|ZA!O_&zM4SPawUBqpr7xFjV$CZqJc+QF
ztU`f^^S>|&aiX+n@Y_rVJZjqig?ey%!LYG&1;$J9^YN*EVXrqUN-8M0^f-iE5YPvt
zx5lACjg6fh8olfH1!&wluqgkfaAqlsS*7p;L{+Ypry<$>Gz{kdO1C_C;h6is-<{=b~#aTJk`rvX~&*6y3c#WAUD%=NX-yVP36i$PTbLO1Y
z%hrWjegm5J=bR~b4Yi3#8B7WiO>S(~+FUm<;d#%3Bx>22Q?&AiHK%vUl0V8(zxwsd
zD7p=7(yy>Pg?tn&?6;}a6iu2l^7NgK)*A_f9{~{vLc?3oxfC1DAd)?RBwpvdClw}S
zjRwn|?3xFw3k$inwzsS2HzQ~JY(?(U81NO3nZ+>{?=~^c0H5+@DD$_!8N27>>)SOv
zoZdpeFHMgwNC1)5@2kl-e|cZ%OTy92&6d24pNC`uu?Nolz$eeX9}0z9jhC|y9dIjJ
zuR;WKhMOb-d_tqPV89xhw?C8T=-ui33^w76xD;xhkmfpEWp+DBD9<^|yOB>>T!wq$
zScWeA7u)&2#)PYIE;iPzXv7ls9m4dYaYt;R@>^UWB#fYKzj7C{81O(Lj#Y`EjU0=#
z6)B<)t)9MI^T{Aj>5aVAZ*!iUH57au(K7$7ln~1sFfc)2J=jnrQw7b4Zs{!Qfysj_
zlqQE2L3^Dfa4Pujcy!T)mv@|YmIQTlXdp}iYhnRVZI*vO|MTx0DYSv`fS9v(dR^1R
z1P5`Oo!tZMCjf{kC<7L27Z2~!;{a_;Er=n}pG15IL$Og5(m0KTG=Q_1NNOQ;ed9KM
zQ!2h}nlN&g9g??w%4f-2_4I?7@B$TbW
z$(0I>`pR}W0bmeR$esM91>kt7op*WE%&s}Q&W1OOBg2dqC<(|woKX_6#;Boal2;LY6>C%Ab(j5qmZEi=&eLJuEyQr4R_bP
z?FVUe6X-ml>jwB05}i{P+-nO`ZdW-uIl)mGVkb_&z=WqYlKiDBWua{0BSHnw(nY(E!cfIMCx_fjpf
zdBUS%ma;sUC;U7Q0|C7NFi~G2z*V|yKYBB<+PFU5h(c_gND^^gFFmWe#aM@&QH`D$
z6#+Rl&GEz8Ou&vokXDR5I)***#wLBU3<^C|dajnR@`M>2jMv|}`@0sbx043Ra!a$=T_x%TAIf8_wsP2ewrAkH}`7&75iL^?a8
zZ&v$6CR}7pB-m~GcO+7Ne8&br0$7E~SSj0D51lxc1M+ir
zoafAuRO$J1xzmiD=}OP{0m2RzTc>_GuEAzS!dS@fb_$&GA=!`?#vFQF*_;6ttB$Iw
z2T!ImARYYb0Rk=}SVFro=`7+iKKmTrP1dip+kVMT
zX4+VlbCBN%4`BgqJqQ;dA#6>obp=xH54mE!JLjj`e
z7FT!Nx)tHZ(Y5S2youS*`+`%VoIIQe48
zbtb6|ZlT{|jL%EAsbl4$TJ^#!c81=FGDA8fh6%t{Hh5y^SCCtfN~F5Z!;^>N0JlGyi@H>iho&*T14i
z=jfUI3609Zpn{-8kN_QA$~9oWM=Aee$;4cLXOl^{$U!E?v)V9^=`Gaa0+3fQloZRG
z#5t4U-{86-&>A}W`sdD2_>1u0>m#ZH0up2>KUM1s^!0BH+ZCY$Sn1sP^YAz4&Ygoi
z7~)C9ZEkK%@I)Wx4ULQd5?ja9kmKpBj+gt@YXf@ldz1t(B)zhu6sYOHBendWY7YP|
zgHwVizd!RiTIED2NH^Y+-+`YEUq7I7hvpin2zC1@3Y&1d1hWPIcMXYLHtob*mcG?dcPT=KYnCAb27Ks
zL~%sTe&~9!$E^hA2c>}fmg2IgTOUf^s-Q&Wp4)Zn$<3y7r<_(3r!;Li+d6Zn=;5cS
zlpickm_;wjP$l&2%LAz~HuC84fUAHc?i+Z`
zF1h(^?BeD>*6kP{n3$-Xu{HjSBSI!z&Zww`5^Y9`P#PkCO(+rA92el`_5&&4YlmwbUOg2)U&Z{WI-${UH2-S7pLrfEzAef==8Pv4A;{Y9HwnB#ks}8fg}|oaWV;hP+ikoJCKzoBnEGUzd8qm$1uk5eEiWw-G>cs++Z3v_
zJvA%V-#>4(P`yalbziWfIG|p8&9NNBW{?OX1r6ps1Cc~NHt3Bz4f&3lYdKB-n*$P&
z5djGmTqP7@MbBnZEs!aIaO*72P}708tSvxEa;B&0#Av_LjFvDa`n7uw(67wZptpEqk!vc=-f&~!$?dS(SoV?Me6
zTOe>d2B@Z9fUlN)QEY%yhAZ9Nn)iH%;APPg3EJ81md!t+CY=3MG6W%>Iw>xOh_~5y
z%ioN=&6!9Tu(%N~huHA$R>S6b8f&z2&H8Ep9p)zIPqPH02x71hNX`V|-ruhP>Qum451-$dvmkD?+1}atSXrsj
zXBlW?3_wyc^_ih)3#2k9t%~2cg@TgF5@D}T
zAxX*q(gH2?4@P*}j|>mbnVQ4_>_E(wJ2DevAvK}EtXc0Q{1&4qububI>%v56+CIzA
z9>HZ?sqO70rn}jIf><$*`=P5%L=<4Hd*g`^Lkv2CTdh7LEk(B8)VBu`ykU~0WVbf>
zbYz%9Rz9bv`%qy<$CJ#DvZ~&rbZ7UdTCfr(K%dY8=;suMNdCj;6}GYGf~0&G1|vr!TH6n@$ho)hEBa{
zf@IEP2F;~oyX&GDFt*`p*ar9At0>8QE0u1SKz6~q!%sEaHE1s&-85Zmo#ZZ8)pEFk
zhJ~TZcZx!FDObB*>_N-4>=rqE?YwU#8fLNo0|W7(HXsu5VSHy}_CcaMBWVYkEJ|w>
zCqkA&k;MfwQQ95Y6WUqAN@qfP;>qoPG;h@G1{M@qif!BN2iHT__bxqXK@xfNGi(l=
z=R`4jzo|Xo_pRHzgt7i{rmq;agaNU<7@Jf?G_@z{;8SC6=
z#7usZ!9&dbE12C9mS1)Gje~qXHse&!iHxh_HtYNLJ;xq=AMJyS;Y+%5somY_N<-=^
zkJ><=&?9#ARQ&mz6sjRrz0FERGi#?Et}bm3kf}Sf1cAA*=MzH{#Rk0fb9oua;>Xt3
zcfc%1J_0-EIkL>MuNniY%HT)yE=2(s-RQf6Dr1yz0&p*rBV;HLv+ck0pM|0thFUttzZzQ&*wuN(Iw3aymr+GVBGM|j9ozQy_g~#H
zDiVLoqGh!)9=C9-lZ_M|h3<8lu8NX}jO>Q>=-#2(YGC6uoGkqNTVXzZJ+c8J)JUn-
z8Nk7vJ(-)J-mMitL&)8~i@C{qKi&GFE`<8@GX}>U!VJWSTN7b**{iXuO1EyJ
z#@rGeN{g6iN|{?Kb)6ti9;#f`|Ma2#0@9@~4u_Vac(k7X=1lOOA2a(0{>+GENXbX1
zp8v?^t$!C^r?9@&Ou2~VjS4X?;K;Cc{k%-A;*LmWi9hlS;FrMuVt`oz0vw?5CIzd(
zwf$pPJz}lfm&<19Yk)(B2jEd9hak|KS5#C)SVMxlJGmrJi>)+!C<(K)v{d{T{y9%>
z%O4O*e}x3PWa>r9RO=4ofW~Rq?Rrp)ne#+hAhGB1;o7XVhDz_mp8Cw7;(@L2(fwLz
zrJQHbNdY`3qub_h^qdIh?7{j3ezAXnVGkXmUfzD=SnB>ZF*ND4>~VV>O#Qa?`rCF3
z;_GQ*#67oT+sGe^ri;;CwBUV@{3`q})cL73APc&uPS%rZ)CICud|n!X?tT!%AvIH>
zjp1USa-r>8#HN`oXYbw~Hz>DxaQ6(iNmq9Felgu=
ztroRpCgc(SgmSYPhd_V>wjx{3P=`9XnxG|
zl-jrU6(|uRWL^PIM+8h`-!&i4}$gCx&$sZ0|cm
z2mp~Nq{{)=1M3A0wKwe(_#0&ZT7?|-U{HlXca2LA@=)|==1BfrJ)}DGOtjIXSKl9O
zW}*bLBcA*Y^D;*xuKilUXV0EBM>;+VZ`NI_K3^a1ywT^m`)-7@BI--XP-WjBBx9xP
z?^<6%M(^RGy48)?9=FZ&7aJ(=Ohls~^nEHlm)w|L*))%95^4@&au!tyW%eVwr`@}k
z0wRxmoSj};GsUv-Ozh0G<{oX%+oZ?8Sg@#%VpA}YFWKjx9#2E6g()vrh2-#MXzT6L
z$q+}Lg|jU!<a$^}OUKt>Nx&*^OfnDgvkx;9T0e42fQ5knI}2
z0$rP_D$qK5Lxb<`D+qBN;-*Mc)U3czftK|R%Z*rRns3hg>~wT=lk4{239!mruYVi?
zU0Mt2qoTudX%DKl=i8hUp+|bEH(Dz1c(t`AU|=~Y@j7Zc{b1c<@&Ei$)!eZ@jOQDM
ztTS<8manG6%$0I+nr_fQo0u$^zC7t4bAA-pp_{i`g@`x!oep2I)ax2787MzoDWxaI
z0)jL0dd?d4$NeV}$84%ibrcgSzZvUl%wJ8((0Njz7|0HMss%L~Cd*NAs}!
z!}twC`L8uj*L8Q?@VaeK3NZNsvb~;nOqSlyXqI7i6(!15vGnFDJ7REQ$&HA?3W7}J#c%0L2KCKVG
z{|%#Cgm}*Pp5}<7G&~hU`~r<>u8Soi1})+7PENdF-)bdF&ttB!6A^0a5*kP{U{|;s
z3fikN{8MiCQ$D195bh(({l!Go-LIQ+x1IlEjKyK&H6Awfb}$+ELMGUc|Zsm
z_5~fINiYtO#46KOJh`EaH5YoyWukU^X-K%zH)wRUWcBSf3uq0@KH;#4eQeP#7@oA?
zMan593dT_G2n>X`{DUkosspK1`j9d=7dNG<$rdqtkKqh^&u8;*_>2@U8aDdywd;TBXDW>a4eOCV71E`(@=W{1rC2eR
zi8L$vp%2^UH?bYf1PRPWFf-EAJ^GB)))t%boGH&Stz=bG|hCKg&&&l7cxbd*!O(?G($Vd2y}^txbiR0N98yYFe(W6MdG^>x30S7
z4(>UAxUzeHFD#|=smSp2pO|%IWU8BEQEuW9HY1UmW<_LBZLcaFT)eugJ=a@=f+);7
zucdt4>|M@HEgL!8qv83cB4BiK#h9^3-B-FDKN#|U|Hd(0Yu3S3VpS8p|p6!#>Qt{z5cmB&2RdN^nx1Db8
z_!FlX-D&6z<2-?Rb{!o~M_&#V)Kq5WRi|#;Emz2NB*-3i+&;N1k{o#N3Y&cfof3b-
zV}?i}_81X0wQK1a8Rq*+cieX0HeEa2MIc7*OnB_;B$O@=2#Ew5951__H~ht*FX?=7
zNU>D9V41UA99Dh*Ul^_KaA167)Pld0onAw%wfNh8w>U);R}eP(!N3yo&|=*alO>L<
z-Wz|s_EX-j<+|rCL8%3WB0rxmBV~N8K>WcW&phw_f)=G(-+}ucq0Y|bRtcI!lQsiY
z3u)f@DI|ELIY)HtB_o{GEYP~u-~R$AcR0Alos%_Bwg`1kM-&l={?1h&z3Ke)0WlG~
zjvdxrVKI$|CzNU7QF>W}W?T}#U)7l|8m1pE6^gz&Lm8R}vu*g2b?
z=H2@2yunlE_wmZ#jDAg~XEAbB>#t@Y-v^$g6fU1Fe}M)Up<&hHwzjr5D!3D1N<6IN
z@teFgj#zco$50Wu&c9AQx4Q(Cf3f@jBuOtU3uu!gzazkpIcThPNXojP2DCwY%|8={
zpI*c2Al!Qv>b~3Iqaa+5{SCI54Aq0%@sslQryN$vATlRy9Ivg%r~c-Af<}8YTieJA
zHLcka-U?gfWkoZCIu6;3isA3Rm3-zUXTcw}-L~lKuT@jQw~Hgq9_F?GfWy7t1r?R2g&og&|$;e~RGX`aWTgVH%Ha{*mf-il&s2zV3F~
zfAN6C*7w&{g%8ck?55Z1aW%=oFRiN9W;XGxH3qHTs
z;XC-;jz3+I;wwFnt1V-DaV*f8pAvalKxM#D_$9|oP;2YvZDw=9z9?aLZ%PZlmKej?
zMrm8qS%sZa4YVcBwpthra2}vX4^Pib-{m~JB4UkR5h3}IJb9(n`r$qRLq6@H4+4Sv0bV3`01o2
zGJ)Oc@SdR*ErUWi@De@;97?Uxfi0QL7YCRM0%at9cv$3Hx
z=H<|whEDiu=Dad(6~x@m*k%d$BdOZz+WFCvrC8y&{$L5AhT~)L?qJZpE+Lf
z^Bb3Ingi$81o!6GdRc`RQ=}GE<@M6l3dsvvqga0qF4$nryRJ+5JsKC}*udj=UL9WT
zvI{5dvEMbQMSfT()DE~GQaFG6ReUFI!9{_G{D&XI1jfSBTF)LK@Mv>ZVRhOD2yOv_U_eR;gUs0{jQ{
zB93BcW|?tlAJkq70u_9TT*h>&5i>Tv9~=j_R-+US468K
zr`CRY3J>F=Rg9tYTE}ywo1&~Z#eVO`8U$xnYbh?jNiq;=cAV!s?I3@&`~FB}!h6xz
z1>s%?lZdpY-y(&dD?ZyjZU_mrhbw!Pk9Q^&A#g=&Qz-#!$vS^bwhMnN4Y;&cQ~
z&r871+1FXjJ(w!sReTtzmzCb|Sm5M|^VW32duxrOAHI7T8agqTO>eZd3Hn+c8%q_y55E5X?xG@-d3Fj%X61t^k{;U
zuuE1O0+7EMEeS_b3sy)#KtdSdPI(%-ii$YlQQVMYS`9c{E6##c-)Z5lz%NzYuI{kx
zGT*jp<_BE3n&&7
z`W@l89@P$@AQBGZQf)K+zV5`TjYu!sAos?8vF@}N($}VXvQ6Ym9>jrFTj5-CruY5Q
z(;4jf>NC={^P)R2#zzP58L%Bl3DidZyxg7UH9kuaS&*J>URySIH%#DAAdF}4A%F$y
zk|JcNKxbe=m}dC5vOXw^YKrC#u($wG&|}xFq9(nR^=6G#uT?J|M8+gTz-&$Bvg
z>WLR~OQiDy0S|`O&|~R>St?D&kOZKEkp*Uuq0h(=wzVzjh>YUhcw4$YaC!@2*iZV9
zF8>Oi9j+>8frX>d)CRHJz54|gEr&+gtIx~^daD=GUiCGE>85LP-8AWRCW`@^b0l!Y
z`DN$oU_Ac^J9*fabN`sDgf$n5pp}r4LPNM(9XTP~L)`M@J0o8BJD-SaRPUeH=)&tpDZ)y>}XCqCVr_s+E2GiG-|z$S)s4@w$JDxL~LLZ2?OgbPLFpN
zl_qT$trLR;mxJKj56H*4q=^mrrJYa*A(7MC&mIJ4};X$Y(LZl-%ip=+~oQj4aMiT84h
zIn7}UY1rXZ0?N)+CCXzOBtT&h$2R>r7V>I>PBx}x)~ZSG&RIpJ&?S*GPAFI2G6Ey*
zW{gDDf<=w)TspI?FWglLx}i~adagob0(EW4pAvx>b~}8cl+j{LPHH%BS9przYQHzK
zH_=!T7)U9S`{UKzNP>vo&AZ>o5Sk}-t2Ia8Q@5BKG(mL%ya}-6aAUKBvnWp|5BH=r
z4)04yeS#39YM^p|VDA&IX*&O7D?at^t#{3HR8KI7H}-#YW{zwwzs15J#v0hUgjJv5
zuuE!wvq9%_rStl5Cx$BjDN0JJ?6=$7EG$74P9u(Q$BMAF8L!GL8b4606+<4bVZGKV
zwQ1?VJ{J5aOHS%So+pS3SxVU%rl+Rg4O+RnNG@-t*k+)G^m=je2K%+6j;Z@6)N
z_05|L1VnVb($tv#pWT~=sY#gXz65^wVdSp%@U7q8mk*iQe$<4m0j=qN)ffYpKGrah
zFbS$L5nz+iJiIMfM}WzE=Z#leSo53R(AzZEy?@ZY-Z)fM%x-(X`QCcvI=+E^hfDnY
zITi|6YkJ{`bNxJ1avfy6K{;e`Mzd#Fs
zmey977-8O-^hCP=1__13p+NtyF=$&hxu9;kU3d42Eo)r@pWfZ<7
zl$Y8m(3J+*or_R+3Kex<9?8cxcz&z?UZG5x&IsG?m7#P_(~N
zxZkxre9<(RW^Qfcg|U4q-IKfy3yRa3D_XdsW2M#7(9csrh+o*qnLVK*P=gF2l?NIB*y
zF>%L9(m@kvm;;T7X45&>lkzl!UAbjKf9q!#)NCU=fWsV*D)^^pURwr5HJGiXW_Jyd
zp^!z*Q+&|Q3hmNV?WepE5;5#Ia?7%(4@WBZ=VGD5Wi&9diiRp9c~>u{_B3Zc&qubN
zRsgYz)v59NDem--A0TX8ygdzZ&f@+IE0Bvt1pfs-Q?xb4gh0
z?%=v`qPz`G)<>P6{fA$9M@-ZFKHfh}VVugsdy~s@Zsy(^&yMW+
z&aoU*Iq9?2K(;!L5JyMq?r$zzU5~d`Cnys-AM5MWiAOP|v8!pke8~kg#Y{#{MU8e|
z7|aS7Ew+AMX3v&y(5c^@`~=AvZec%AKaxRvI?8aG2k_
zQnJX>5ONJF1g}FYK#;3HSk8jJ$5s^+C
zboHW}mD$hli9wVawz@0fIU@=5?>P*KphadC>xDe%#bm;zLSOTi_j5y3@A4w0zw)b(NKM7>dE4cc-~7
z5k}GT-h3}M@AWKns4!Dk;D(c_?`t(Ku^kfYDuuRJ<@J4UM@-4B-dHxtG{i5fgch&n
z`iW-7m1r*aZm+G{XU3H(obZ?N6}mjed8Bh&y|C9a7m|&ov*LV<kc(t`K$*6hJWZ
zFr(uoS1fZF{T8&8(`yR5{>m`zxVwk3690I(L}z31pEu}8qs@xnfz)06&7e_UcBM5I
zS;f8wK556aPw5H`yO;*WJJj8`o9jIInoF)+Dg1A}c;D0IKmrI^;2qnpuPQj3XSFnQvCT)2I6^r*OmsT$TPp}1
zGhs09bCo<|M_Q(FQ@1WZs$1jn7|BahlM?I_uJaLln
zLuE|gC^|aw3j5#~ZuPJhqNnHG*cRk0Oy-BBM2|Hx;WQO9>C1~(q@Tb;W<#5DD7e0LZOmMhzZSbXu
z&MJJeBheZuxOUh3$m&8_EjS>Y
zE9}V)N+@5xd_m3QvTbf|eszl+23n&gEkR4)g@GK6$jY(G(_`}#iI|Vc3N(rT}h4ZWtGfV=Je+;W9ozb%?jl-zc8JPu|q9qcS)%Sm#+fSJo2FTP)>
zOo7H@QQy9Cf3Q*(IhFH*fCq+7Xv4qq+R(#*!&l2-Z2F73VBu0}(xQU5Y!stN;H#c{IqeLqX7sv|dKUw0``}>7Bm(V$nUH>Zdy^}Ne
zj92&8j8s+3=F!JDWkqKg-wWs%f250|m{HlEs`
zIoYk!@^XdTveuXm+GN3Msra-&Kc0ts*s)A(I#k!;(Qb0Mem=mpCG|yXigM9~(68TV
z)^T8%62q9|jjm6MlqEZ2$xaD9WVbiwl8!WrCYv2_Hy=)4s9e~W_N8G~U5_90^7Yl>
zie-zDcolmKnoRrAV6&VK@It**<8<}%%W13P7ZZs(el)K&dE{1p6bC(&h`Ic(Ga1}A
z^m=D=J+jYKV1!y)lc6u(AO?T^?p@2qZ0iEp@IX>lIySaEWhZxV#{7GeXb=L3fYEvQ
z@L^-*_tytWe>>bHUkFve&fng(hnV77s-)h|($H6*DVJ%27Gea+1RPljd1
zEAq{o$!*8yn?vUjs`kslVn!DbwI>`g`#m?;=SC|n7q*jP$GjuwYF<~OuI_MN{-_<<
zn|>Y|_P`1w17sL&=e8a9F`+!Nd2{#ERJKJ|>8ZK>WP&+Sk2>k5^2Z&ulCBEzyAd7y
zl`U2|jkO(F0y10A_($AY@M%k7wdW^axg34laYKH{7qY#RuvvQd0BMSL#BgZKemLDA
zx<)n-#+vcu0@-_?oAU*=1%+m{gU3r?DXF{pyw*x{>$TI^gJ;6;M(OM6UCX~O7h*3i
zk(p`dSoTa->{vFKISv2M5u_cI)5$Qzey(jin5*@w(bCdVFUz5v9T>pR8q#aKZ1iO<*2cla!mO=a1O3?Kk#
zU6H|FUmea4bAf-Qr5dRYe19)_(+R66m(%>3Y1T3iI5Od@p&S%b;UwAn)As7I_dV~%
zyUF@zJ!&dtChbg-LP48rrSpZm*_trOz|4FDTF^rbd2!fvB3_M;ZRHVH*7K)IBD5Fd
znJ0v
zc=Yy}g{skTF+u!s@Xg>SL($&=s3lA3r
zJOdriU(NJ=vz)%nZ9#>A=HdwGU4V#UR(T{L(RP6}o|$P7^}()Jyr2sOi5Ar7h36lc
zB3Q1mrK^Xg&OcpsSd4zDYSA9-Tw!xvTqC-^7o$0tp(5(2Ooa?Bo>LrU&~}*F#`Do7
z4Qr?IPsVnDctUHZK4`W|(QYl-wk=Pb?y8<_|0L!!yNkwprKQ{&8auP3
zbh75k@9_SBoikkP@szXh9hYY(={u$$cIw9P_>04k2wD&^ZMPw`52dEyMB=6!f+4ZTe6
z6CSRK
z*~vg8kKgkoTPex8E<|kj29KwOe)Q`rQ-PDJopuM4_S5)ffs+U8A*L{ODev$WPMI!!
z+Ag0^#?ONUsnG&^z7{=XGQEqeOD?dER
zv4t{CD4iWyZkV;|st|4@cuZGq^?9`3`buCl`+A|YFLk@$BaP#ETE3+=9qq0j?819AJzj4rH{UuY;kZC*pr73iRj
z3Ik*1AGv!A0W>x%ie2S@ey&Q7=JfIxrDV&%#nDJ{pVW;Zm6$TlRl^n6UkQnLY4w{t
zJJTmtCjJ`W=J2oY&DuH7dO3
zOYg3m>>+v<6bBa9!7k^|MTSH+Jowu+Yrh=e$xDt0(=Yu418X&JYeH0ZTN42jmYGxv
znR1zc0DvxP5IRGxG;-D}4F7^bY)BSi+-WuI%LFV7^cQ`ks!9$gF45i)@g_2I%8FO1
zXoCj9a&_l$dbs0oQ_()Ke=6U!TJZ~+hQqDBvh6GB9H_ND42SChch##aj34_Y5!&@9
zA)?)02V5_C=9gs110y7%tP+jEn1RA{`{wHU61m)lu2LPZIZyeXBusuJqQc8
zb)oWWk42Jid>8Q|GP!i=5_b!p4=;|P{(H&u*&7?uzSr9&3=J=+hu-Yf620?d)8W=F
z9)e%DXK1}m7;5I0<`dlJV(}+**PlJ(IqW8;a9)VhF?+VY<09vLRP;{qUCnK;A`d@>
z%hbxAr
z#;!3flZp3@M+>i&V#`t8
z6N^R#hb5lk-y*^(PGB|||5`ef@4|>s41S{1TYksS=;G16e&-$3_jfwIHatZ}*XdGF
zXgpkT!iQfl2t9o`s7lUYw?2xE9kVf?mx%Z99ieX$PGhxa-Gb_M!LQ~yxYkPF9u100
zFEb5Gs`}!2d3*cv5*yO-QQ()pG`U%!GIoP4*%GT+&Z~W>+Vgzc=g(C0({?D|bnSn!
z6|HBwFoyNA$6N8gp{$!{$T(6{KbOt!+;KcPI+1Jl^O~g9l@KvkdGUb#kt#G<(0M2w2tBT_Be{i`tkDkH7XGHQtZW+l4|t!h#o8C+xU{N9(ndW)mi;Wn_@@cyQ~@pzB(p4d4Jm)tjOZZ7Y|9|vLm
z%EReLuQ``0v);@!%BUf&EiN*n%bD+$>7}lu#4VGh?2SA`)XXx`LFt~f)qT9Y%Ew|J
zEiX7=Eb8$L+;IY#yULcd(UCgqVsv6q%V*HQMwUS8xn
zx>dtcSv2Q!$u~so<+T$v*If2>c~^p#*7U55FTsr%@c~t#t4;G}152zWXU6Tx)+1%fQ9`g=%
z|+^evJDALi#=HE3Dfui^`feZpL+k
zg+Cz_JEuIaBbmf~ar@qS^Z8{_?-;=VF0%BX7>3q?x01f&(Dq!B@-8$m#+Q9`7o
zJ4OTrq(r4lN>Cc4V*qIc1f;uDQew!n27SNlJ=b^spXY}P-AjO^mn_zwUx@Zv~T&D($ZMIy)}Q`mHI%J_^NnfB(N}(Q+y<7
zQNJWuieF`9W#L7(H7pU1V@uOA%XJbn~y-2xxsEp
zAN_75u8ql9h(*^U#8dK4J>*#Pz`(oOFpxiP#^S}qilT;#)ehbm674#s
zzkZV=l5?`}3({zP?ZtlYfe^x#ewCYI;>e6_H5bw7F-DK{{K?438NjL+b}ci*X7W0R
zhN0rCrFT8vA~*E{IB~xEu&_wU$gtZ?HGvXAA&z2G{W!^6uS5_lNZ{qhGzP=lE9t?DXWTaz&ZQ(d3h8vk#t
z58SQW-OKHmqxmm6cVzAntke(O!0Dlaq$!R(rB1Vh#y;W6VVWm;D!$)rJdH*p0U6$O
zvUNlLs1y4MjPZK-@VWWJus5Vsy)nA!$H9a2Ge04>9Dq7JGEw-=MeFjoWX@Qx-fH}?
zuBeOYXZ&Pa-}*NPm_5^YuCVY0D$Ra!ilju73g+@Q@YDI&uIHbWzd=DxQ^E2=SkL0j
zaOn7jiGr|_zOkRvb=x|#((!o~bhW>P(irMKT){ydn<;tvO$|o9UT&9nEUq%Hzn(l?
zWZJot?SY=`#(t|d@|f=oPr4Z8l$=h8wYXbkMec&?To2*&h6|(jzvu_dS;~R+6x^##gtcIj4;K%UVC(Py9
zG8U&d81Q|v=7CnDGsoDuC(Zaq=2pvYzf~$LylNa81$_07)FfYDXCO@wrI)l68sRwh
zcJB==D&~uB$5XAi_>!elyiaYi=y?J@{nTg~k)#9L57Za;eKqtpCSR`|N7Rx`zc6;5
z?2Hp~pzJ(xz5^$&R7bfkDvANjn6-9YiYV}#B`86*y*NB)FELybE;Js}KRuW2
zs%qc=j!)$n8&6|^JEd40Dem9(7Vay?U+q
zyx|MRTgF42n}y}#ecCs1%y1Y}v$BFJdl3_2j}*EG=X>&X?+5=L8Qii(ZWF)BcvNTo
z!q>4V)qv8loEUBttKVXJ{l#%|U$LZh8LeWbASvWVLn~zXWQKv7wl3cy%q@DkWf#wo
z|0wkfxN&X}ihA|C3Nu~(5_8o-EZ;)c45l%yj-dH=mb!?A*c%gDsPYZ
zk5an6{2qScnd=CCa>QZ+_3&ezqRFqk;m!r9aNf+?DT{zg31qOdqF@vg4?>LL*Cf9p
zn0G+RI^!vJXRDCy40YXahd;MZ4bF~ZKo(m21Nh@S`0ds$)kZkL_
zP$Cp5Y&RT*`Ug6;hlH`}aw_S2UJ~I`CG!){DV_w0pb0!0VlhU;0w({e0_@oVSy!4(
z&l~KZJd-cYZlph-XYUu7wVSgd>!jwTWIdt}H+#bc=fjJda&aVT7=EQ3CBja0^LL+H+y})-<7&S?GxO=5eeMn#8
zg>Pm~(u@;F@PDUju*Yhk8nm-TxKTQa+3aBtdL>A;Dg`dAMR4pP>0w@oxM_S_mUHz?4%;pNkl@>sMIQ@?1KQN*5
zJTfYe>yDjDzE5}3gD)n!Bf2weP8aUMzs2HwZsJ%erC3TT#E+Hng?jt7i35#g-`=OC*_$iM!|>W&0E!kx}#o2f#R~&5P7UDonqh7
z;mg!KrNt4h&Bn@$#8M~GTf$}(Z26m`4fWsFnosUjy=05@y4T6qA-d>E9o$%x
zkqsyi4C#19mg9fEc5&XIev6~p^p9uwe6O{(N3(BR$IMm<;?7+0T;OWmz$~7}!R2!T
zgwj%}1W>a3f0U`75jbKg#{({Qpo%6v&I>8-+ljj~^Ob$s^PjSvZYX?U{m^weEAjj~w7`+j`+F0dA
zWHZ%s#jEO&Hlb`@kYF*VQ52uvnULwknmz16ZFH^#B!r+B{XktEGZ%Gnq>K+UM5eV`
znps#Tb+iqwjXyu=Zq3F$uXxP6s8!wJ7JHlCJpsNsi_s2nk2%sMlgBHM>)wceip2++
zjAZ-N^U;8Hd-{Kq`a=HxeEk35-bA`6_1Wjy&S%WCvS-~KuZqu~`4M?YKR2E#=-|@r
zAC0Z2I#9%iMV}*Wv>~#iX~E|)atF(!V9!Kh=S#I(-k$7*s7@4_WTsP7)o2}C`lj)a
z981yC&y%{gsDnl9#*vdpKi}(k#fv&Jf+``VDZBuQTK!67W+}S6&@g?1{wN{7&aCFj
zSL54uu+=WR)>j^kKGfxPqVdmlAS7Fp7*R_Cqb-kdMi@`~e`C64^?kVywX|e9WUbHG
zY^;9`$b1``P_uR9PFaD^d?*uK9JW-K6Z6J-UPf%ZI)r1(iE-7Xuyx-w}?QrAHn!#r9>*1=tGNO_x6+HrS#sl**IbB>$0&OZPb>vigi4u3Kb(AsqivI_o6lH*g?vBQFq;w;TVw-wr+
zm5}uavXU1*jx1ymhC-XWRYSew0_Bq04D*80ItNC<7k@l!=A{+kMiud*>;B6c(Y4UT
z2OAxTGneS~?eSTNUi$w+UmYq+Dj*-O(7-v+@1i(PuH@0W<6kBM-k$y5P;^+Ax
zr9D}T=zWAALry>MFa;Qjrq$8}IQf`JWa&_7(Y~*2oA&dsBsgUtzXSzJACQ=t-hct|
zerkR!jIxU(DHN)eXpuE8mxv$f^v`+=SUgU8O-GJ?d0-pd`lg`UGl*&`ouYTatxlRc
z^24cEZMh=N$=EIIQ8}ep-SSx53Vj1-gTY@0GaDw=mUqwNtGIgsZ2hK@gPvyeg4OYQ
ze^c42>IV+((l*-;xjIwsYljgOylmq{LwD1uy-Y1e+;GFckX~o+HOUN@DGm
z1L!0WaA=^`4&rbyJ^md~8=xmok~YHs*C+c>1F>x
ze>VQIrfk%>=u@Fr1SbFVO4U-Zj8EO%v^(D2xTU9Z@rdi{eQ-rsrP@{g?%VhAe!E{F
zCSz>+4k-ang~w$Vz0zAv_tCXA5I!77#T#D?fa?F|QJd<|T|ABlC@S{5DNZ($1Q
zqK2ecW69g41~eD%*3*-F-#e+aGpu`af)Cll1gDNHIyv8a7CVKPr*{^Th`W6L3BtSm
z+|wL|MnP+#Hx@UkhY!DrM@k?B{FTQ&C1DA~if2%G%10XKWZBu+85v)JKqGv382>~{
zPHqQP8_aPj@?RVDOCRfa_6I@7a#QTpZ0_-g3hp&ogO123l?q~wsVi8)LzrQfaD`Fd
z*s^>7)|otCWS4_6S;y9^)e)cJu6u^L){IbRSh-7_+3r^Rf_pJ8e
zu^{H?Hg!t8KQPl;IBS_4BA{b|&ODicGT1Y~LjH)_Upv|3@q>V1_#H!QE)35F(ZO`k
z_JQ3A!1fIe4qV4ajOw^PUCjVipO>*7bb2xG9VQud(rjFsyeanEAlln{y!eVN+~nyM
z91QCUQIJ}iqOS^fTfScgfp7QK$@Br%Al<$)oF0<#0ciP45DK9TTVJ
z;W)cs?up<>2EiL-k3-L*e!bWzTw|Ytm7FUqxuvO^Nwo;oI2ere63k=1^?3CaS!PB@
zUdrGRn|@ERqcI`oxW3SMU8Lbq=J=*gLV)DpNuBngMuy~ReFVN@8L5Em59`zA)`J?Q
zuLlU?g|k&vTM;T3u6e91U+EIXe72|6GcTZMSuF4|punVtSHt|TD(;GVV)BU*
zG4#_Q8Imf7)ba4-G~4fjzW^MRX`-cF{`OyvssF
z(#O@p%mghyavB=Nbd_)o1)%Un!c1^KVMZbm@(+VQnk(o*<1&{u$(i0Mf@*KMGSt`uXL4lp1R4nD_i-wwMUGH;PEAdHQZjr7
zNCa%RZ&!>>MSNy}$~ACDs3U3cumLMC@-i$L2B7GRZPmVJTSR<3?E-~tf_2Ele%G(X
zf=k+*{b6g~u*E=pqNW^BZ~$%9<`1U3<~fik(2N36*WLkH7Ke`mqW4TpE~0lnm|*D*
z<&&x&BY9c$RR%N(Ukl$d%VAWXH+pW;aD-A~FL>6SV`R!j?ZhXZs9IDUQmgxoKy|DM
z%U6GcLeDP_<53J0P!yrV*={h_)=>(Xm-|rfxs*{tZ7)eY|k1$1SAVzdS
zJ*f+zg`G(U(Z{7WPbFX9RDLOO<^iUX@3ylN0D>5RkHy95nN&gCdwht7LExL4n^AnG
zAzTEwSc0+m(3sshZv@b-QoLwUE4uYX3H_FygP2w7EF@t{31UEoZ`g$M8z}jrpc`q#rg+KD_CE#i)rH6aJ=KbIqU>4Oq7mWIslId5!$0
zH4wgA=&pN4HK-!&6@A|s9N3H&CNAA~b&AZTJv_ubmGRWiLgAy4!27g1fkp(lM*DSyPzI0-G$|Rr!Om`Y
zxVM3YcUAbE^O&n2;MPF>kh~htF9@8jr_JwL2aSQi^0F1zQ`R6#QAx=dI^AdH=L?_I
zzA`^(Zg1Bdf6orgnT@~vNW+G=HJh-*6ciPycnzhphk?i^uwDwIh#i*u@MGJ_GXigN
z_QQynv!TFe{mL>_SWrO8Yj{3Z$U4W7zNtq>haj_;TDSz*O~A7ObQi;|e(VH0nSC2(ZaWsVxA^6$YZ8hJQcny`6iGr?g!Vi?NZb
z_Gh{0&rlXSW{s2OO9!J$>|^n7IqYxhueQv^ad@>sUTZsCcIQ6rn7jqxyQ=}|_N`_|
z3rmn8^GAO5-t!k`g}eEo0N9
zAUnVr0oE55FtlJVl9Z}3*`>m4)B@;0hsA9Hj;Xl#u`ltZ<1WGvY^phq)RHIs2%x(t
zsC=`5z#W!^&tuOff*a8R;p_4W1r)jNn!H+m4rf0WAaZbl-pggcc?NNX2;CQDX?>}^
z8{ZzF%*zgiu+i3=!rfho*&%x3AdA4NnxF*bLtxI@7Io?XlKSh{!+*@Es%q>nx*t?6
zVR$ki{&Wk^K`!^Ee)&g`$e5tdbP*c&)Nw6YLgydgRIJb`9lfE2p$!w4X!fzH<7sS9
zxJk6{P9l22`OwA1PXUvAEood3{n9U~3?q2%@`F4)#Gpv=@~aK*FZ=rDxVb)D@`9
z7?xR)nReQw0J>hwz<>@s8NRV9%olFKyd)f(pR!ijIy>}O9g8z*+h0%&mcC0g^4~A3
z#)m@M2L&qS&X6tF<#|B!9J<9;FBe;N7+H+DT^7tqxn_L_*dBw3%Ghl5c%i_Fd%-x8
z>8E%dv2=-sY6@m`*X-RUoP*`RZmPG6Bg5va`L;$A*02E6Vt2k14JGZ$B!guB`>Y>s
zyc-b(e(bd}O%1CvL}pjC?
zT9u48!ZL+eq}~TM1LTy%KlP)b->YuTi5~O
z49vOr@CuIo`c0siN;4pH^wp%Tql5L%ohpU1hA@;3NV-Aw_4PWkA#|C+;Ok~pRnW3p
zw9&q;ot>b_yLR$5&c~b&J~xQbgWYBVqX8H+kJHK{I=2M|mLlo^R^ZTFzy8UzGr@Zv
zNK7Eh`!H5=zkd^0C`UV}Go=}sk^aMx=dH#Wn>cU2Uw^PA!oTb>feBHMLbV{clf*yDtDR^?)BKe7!VE3HA*
zhq1+Rb~+Nk9!#+SeimCo$j0)8A1wqa3r|dJb$ff>r#P+*5T$fAgR#Mk@1hI!8yFZk
z4XiI!IAO1J654Q+MgE|`QI%tYe0i#6iv0^5~b2GEEv|EgE$jfyw`IFE5S4PcdF6uZ2
zl&vo&P>_*nD(c9!g}-}O1H6-v3QwS`8Z`znu(74LN}IrDZ$T9PZU)d7jjn{|g;O5o
zP>ya1*SkYeEgA{<5AEhfx1hXJ^QZE-{Jk~mXeW1xq^pg<7}ZlCbqQ^VQV7e4POma{ps+oo}H%jb;G89eOolZgmASxP)+YCL8tJj$T#
zJgO&&wciaq2Jq-C#kmP8g%t?%o^C4$W*I#GU6UR3?2WTna51jIeCCDR#6y%fzb@or
z4@*Za&nYz`J`Y`vBQqD4h+7azS&V-=<3d$A*1CHyG=0fBmqJoGH1v_y^fVJv@%Nko
z@zN!oRK=Kyd6uxbI`bk3Q&hFI$YEdqWn8Em1yh?1PEAccDtSQ*0+-$ov}uH17|%3^
zdE+)01sg!&MU#tb7_6&Gd@Jxz&!t>ntv+}Gs?AaSX6jYFf{~wDZrlhEv7dYQmq84j
z4@tBj99leHhkNX8kYfO0QhB0G
zf@%XqD%Ajbhna&dpm(BfL4!O2p8)1*2*gPm%!{T@qbdfVyI@cF5Q;y6K%;m6zVgw<
zj7`_JNt>U=R=Sv889L8z1%Ko{Ki+#!(vwW08+yz+?K_m{InRfcl@a0cE35oX1Otz?ZXFK6BOEw)7ky&(OD7~t=IeUss@a11YKcz)QVtUPIqfHYgKgYf>
z1eyfYPmA8dT|pOwTF4~ooiiwQUR+|AZ!;;>6)uS@3*dHg{6byu|v$y2cqGr>P-oxhJS#nz^a9G?C=
zHJW{_Fm`?229OO9+Dpmb91}-+j?LAb6m=|bPi?rs@ZM5At|8|I%BkkR&wiCD9XjwY
zzdwERu+J&dti_O>0-p__Eyy|UdU<(0(FdP^4ac`N@Gm4}*m$Z<(5~`5jbSECQ9Ug3)AgKGeZ
zU|b8G7-eE-(^jWMC-iyQipKxz_kn@V0PaA&!yM;JR@O~yLOQ&fKZ`w>)*?tvpcE3p
zrLO??5ncnxc#~Ub=m;``b`^-Ic}Tf6nXey>nisuKNKk=I4t#LUArSP!cqhOZAvXyN
z^KLLStI@u`83?^dFKf`w5Mp@K5CP@LsJpU3UbbLi6`8t7Ye
zC@^Uw2i_RmUJCdRW>(g-Ja#j3!28wx9kRfp7{OyXz@xtq`3}CVi&27B)X>0G-_)di
zTLp-`y-h4LuoW!#O4tYUdiXgX{q)Ug_C3ka^ES;D9Ga
z$MfXwr(8m6et)161gm{~w=u572lK|*+d}90-l9r7}Sdca(C;bu{lJY_{#{JW(B0g-%r1Y>f8P?SvbR`@L!eJe
z3DQSc1vr?ZPAhV-eaQo7ePt1}cYc4kP{bB)knUX#YCkj~a
z*q?J^ApCvuM;;m?F@!I*qt!X+&tlgoqrDT}xuG)6s-F0&cU(H=RYt~j*v>GWJv2^+
z2ZrnZ96w4S;v~lf&xxhk(GST7X6fK)^tx3NG0B`aCko(ab@Y@GDM!)&TV+$6_6{tp
zb8PZb_a0(aJm1VVfHSjK0d5|4=RYE(dUlQiB$8`YyL8aJAuu)?_wi#rw0oZ0_Kmpt
zSUs&zK}AL7n*23l_S&Vjrp)4_Kz>l;yN^kd3XE~o26Kg8jL5;k2zP>P37j+LRA9lF
zHCmUI@f?_u3@%1{umjG|v-X%8`)y~ltR>hA4oHcyU7WwWl_;z+xq+n^3tVAm-D_N4
zO1#wcbUvW3f+vR%3y+cq3)US3B7m((03D%?UE2TS4IUb0hcn6I`1`8!?7QoOwS#B(
z?r;-dW|9elMD!9oQCVoT9xN7|EU>fiL3t?g^qdAwpnee#eib@`VB2Qd5sg19_q|r+G@DR16b5{ma|k6;?5^s{jDC7}q_|sx0YD+_U03L@WdNLl=6nWH`8O
zHrdlJgds%f^!1rbKmPS2Vb1{MXZc&5Pjxj5(;)h9pC{Lo0u<~2y7+MvEdMDbpZ-?v
z!>9j$|3R+MgopAz?fvF&GyPnr_O?9|L!pAJJDI=9SJmD_`Sd47fd~H_bPQ)omw)Y(
z=MMttPnHF!w;lhUpcs13p3_|t2K4_Kvl}hh5j$=`LWbQu%e!)&9p3Ru^Z7FDUE1H1YVhrRq#OXmO0-9<56N3Qj-lZzMZF}_JyWBd5eN6u(
Y%&<5y&jLmuU}4Eit4QVCfAZ@80HsHIM*si-

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png
new file mode 100644
index 0000000000000000000000000000000000000000..3e77bcb4e1178df19c028f16d304ae40d46acfc4
GIT binary patch
literal 42870
zcmeEuWmuJ6*X^c}Mp9D1KvG0PkP;*mq(eGXN=mvxxtr=sEF&04zFQo8ssBjPn1ip;4gc1UQS&l%UkYQuOGpX_z
z;qcEjYw4G^2n4}*8L?E
zLWQ~Q`0`i3tCRo^FA+NWZ5)$Oc9s|oL%uul-zO;LLbFWbvtBAhQYHu(H
zhlWz~@^DfWu*t~C5MH7;O%^^1y&RIO{`KqGk5>;=R8&&Fe#Ogrvsj@0fD!qTmMxW8
zfh#KUUmt^%nB{^0^^qfIBpUKx{|_8{`2YL@Ws40|qQ0oe`1tpbYqysc;$?x()HiJySPkuN$u80Wp9z#Fo;F-9Us?Xcia;pbi<-^G7kR=K-cs+l)Y|v+8sbA#Vi;#Ehgh?1kHL=+ar%47
zu0MYsujXeu*(~4RUpsPZIFrs)qIq;K_#*M~wV+#s@$s75hdb@tABgYYzwh>SFTbE<
z&2fL3eze5GJkf}az2N@U1xD|{i2B&nN7tc#mwu&}pKmCrs|V!evG_hoO;e75c(WO^
zkg+EzEG@nM;4>cF2{S9JPwr=D*4WVHm0w+5ZNmjx_uZVZ-&$CZjhB^{ZtwNf-GB32
zBQ7qk-0)gZVBm7Hil%1p*6`OSVjd_{pZN&K#sm;vg4eDcpXO(7@2-aD4rGZh7-$(?
zHClf;*^{s5yK<)#nd5Ga>7pif<*uCKB~>^GP5SV`OQ_CMTw9wBVuFp0o%s5L>q)x0
z@?Yip6`?x3imHZ!S2Sx36W0#G6Uk7Cgdqw)YXdLB)Zv@g1{o&l+x9udplO)Gtla#rliF9
zB8flT+Xt(4aBw|x_a`hOF|l!9%aCfMuH4h7Pc_N}NF#}fw>SFG#C2(Kl)06^h&U2(
z_4O@JWU`i5R8V&@@$q4qH(k*w<&qu}5FBg{j2>`5cmO-A)0-YZ@3Oz`Q&%UrIr&@?
zYlL8XXU8vPSb8&NB3~)D{OLhPW^hO_sW%%0dK>qjGV+9>*yMM1$*VNef<3M4*!d6vPeP#T5c6Eq#dw>7^Wvi%iC_g3zr?%HuB}^-Ny+8@Z
zPtnn{%k)wy+1UX}4XAV{e-3vSp8x3XmMro@m<;ZPlF}Yfs1<2m^A^QmV3PbcK0@JK
zQ*(ULD+UFty1LwI_s{a*Ad=&a*yO&<=dmt(CSQeKZ_OYQ9C)`64;9NV?Ck75L?(qZ
zi2Hv_87^CIDhSgn_+w>S>*{Lst&=1rt1$fdc>MSvRYC0NjLv$?mIC^|YCsye^ZHsVFHfFA~~h?lpwSpKK^WZAkyq41#a
z_F)UHox^ckeJiUgiOya59G%P4%^i`27jv|BEB&fFbBcO;^i({$PaHNUFt7;eB>3dz
z!}}Q-^D?0=9&O%Emm(Aiy&?Fb&wS1FXJ@DQ8?`%kbQ!~B#F70+Pq%=|Qj7A<4Q*ARZFlRO0ezjPScK5C^LbMJO)qG4qz{#~+yG>f3
zL|Iw8$pPPS^Lx6wDB|PC>oyl-s=u8q?g-df`xO+>T253Gl<-ptH#RQME=8owGzMcG
zPfTd9Pd5=dJ3AAZn$7)A&YqoF4!q>V^UBJ);~x;(OgLR2w%hP3llXO4rj&41}Q?Cb>{
zFRFNwKVRLe7#Di^@})-2JB;&-3oh%K6gAckk!XhvS8b@g0rVbT5YM`wxzeAWJiB#0
z2U}JDqBuQCff2scX!giOH4es$xwQPj=qo6!nY%vKCPhrw@`IsmN9W*;l^X<
zkry-qPKZPSd&^=U!wT1
z%F6amj#D#6VmHFpO!6Iy*Y4M>yJFe{h@dI1rt4@CT
z#*1&XuU@^Xba`}{TW&r*KX{fa9T?HkWZ&L7w%{2*QhD#s%Rkod94_nL=BmD48!w_q
zsNfSvcPi@YUdlE;yvb;G4KN-)6wf9PTF0oZZ!Il~D|@F|QGzb}gzLD|A&%3DgmBMn
zI=dKObhPy?EW(N>o5Y}!a)#Xqfm~nRZ&Vsl2&j!0=uQ#}2~QLlIWy$v<|Y}heA^yI
zJ+g+kQj|2Ozka+kdNE#99s31OU7b%h{y{}|XI*LOgNdeO9Ng#6+n7<9n3$H=sAr}c
zUa9|1n8}ar9W`%N$`8i&)YS-kt@@%V<<8dOh?y#}3p&;Vp?5z~|f>67liUa&qop19YI4RhMshp`9Hu
z@bM824{KJFQD8mCeLnhUe15DVpP8A>x3ZEKsrnh47*suVh)(?P{J+*KUG5{_@zFhK`OdIQCn`5FOWH
z&Qad&17DPa%9f!ad|h2#gqN^8>g@cy4`4CBF^U2Skh;guTb}V$p_BFU3kuR}EN~aWL793l!v$D3*ONB$>nGKG7B_JTc%)(-3
zqx(v`7Ci#4mCKjwVRU$+X0A9XL*1R8{Qc3mx*i0R{^7FvYWMYhz$%$46|>w4k}2
zb@5@Z4^Vr%yBIC}B7;KGUSY0IOw^0p5l*X2si#dW97sng*s2I6>h5e`47u*
za&s$3CdC@_)gP|rS0{Y(-Q9iXcK9bdj>r5C4h{}Nw8Ua+qQ+@^1_dt9`@?K2>B#1C
zpUBPF&gfr?$^N@vbL+p-j8|ES>nBf9^6MiAX!sGIWrtsl@oeqn^(wfPI&t;)_uqdf
zflbb#?WLUkf}vR6O55W&6T_=BmUI5Z!#%oksJ?32^NKcUYlK2KX>xn_*oNPcD?3S&UmzQVCxtly)`>?}Mq5euVP0ul0tli}mbY5rsh`eo=Q{
z=+Axs>14miHqqosKVD^#JD}WHUynz4i%{RhB*!Udh$u+k>vVnU)VjZob*z2i2ik-Eb
z8j)})o8P{FCv9tc%6yN*`}4^(Q^x+mL2CX$=}PSvnnVRP&EWF0+?<@8<_6cFP|f|b
zV`I~@bqx#{HgDf;&2-1g$;+GjweVb{>JSSZ{c%81lMVr2Rrv8r$APr`b8!PPlwpr6
z+IM^JxXwJSj26F+*sRPwB^7qNlP{;q_!NH3mqeXaS-pEi*!m`~e6O2cLq>9>bg|*d
zgYO;F?V%%Y4EyHf4Fnk
z7)zj)XCC;DVS0;tH8_D-ue8Wzz5x41NS)jA8Mf|8{(BdLhA>?V3f`b%0l8JU)4MWzz-5stqL3kLn)
zgOJe^PV*?uNpiZ}#>j^$A#e47_^EEs(OQUH!sS%cn>r~ra-+Y2L>ZZxvr%m!(PQ;I
z1IWhq)P-jpTduQzYMx&6HZnX`UH5qwjL
zeCmChR%{#b8?aFl$nsFAQx`0k!27MUjGB>&35idT8T9MdFN6w4mhj7Z4O1<5U{Mq`
zhmQlfU%tLQE(AsPimO&Yz`EG6x#91tPoGGc1n*L#qRed0q5$G*Tc>f1`Uo3uwK
z%$IS-7!EFT+4q}Sy5_;u))7JLmmRBK7Q=U3Rleg*j$V#HBIcT!8fG?@CpI=*G45yh
zh11pH^qv!5R3-(+N=!O&e2Tj?)Pd$sS`~kaL4F=_R|%t1AYpgQnGXD~ue0
zZPL%4eM=HDh~u%1N$VH-(bG{0lmBUEY_Y?nz^CX~gFjW%H}BrfexWF_8r$r?)3HHjUMZ=&-|wCaY03gT
zGA%rV&@?eME$!eYRz&-1@wRxoHR8V6{_|>gRswp@Y9gS(E~L`~1szrcg}ud0jLk!q
z&YHX?CTL#0elzq(9_H(rnkkL)V-hDPrw6M}8Bm4nl!01LyN)wuqaqE?_G3&zZ{15jo{72L-PBNcU^cCs|
zx}Ba-Y%ebcZH!m)o~G!ksrg%I@y_q(M#b@);?U6M4~MbbGp!}TL;#R6Y%8@weorWs
z5ayFqqSu+PnOUulZ!gY2;N|j;EaAFNLb4;u*fN=MtGc$P<=eOGE-o(8)lpu6{z=Kn
zR56-<{jy#il(Ac#xN)IJi2#&=N6An0?veH0BL1!E=aTPsbwX))s5Uq0tlzzBj|(u@
z7|wp8*7wS~c`4Ic+djkTJQ3(+G#Iud}%wT^z+devQ+3btysQvj^qPL$t(D33eZbOmO|IFSMe
zSOw|2WPd{8b0Vor{@~PBe}jc!GRSJBsEzoHI!7-38Bv%
zW^6rXKYuzBSKh_Day|3ZD0z2#ZhpSRwF$LIMOfwb&12}@nNxp}MBmMIjd-qN!5
zKGY*cM(3R*`o>lf-HCP0O~&#__82N8QAql1f1?nL)LxmHWV%kX7*4Ky_3KKu$&oN8
z*c|@8VRv-cGHS!wIyOcHgd0SSe`O^B^og4)#81?vvb)Q;d(RJ5fQ^FQ)HgYv{WCoD
zDvMXR_nViRT$N?pY>&v*cP*=nqP(U2?7NtRbniua&ab_EiX=R&=TGgSGp44bAh_lz
zoz9%Z)#c^yCBA=;N+V!LB(Cd5T-3lz;^5$bjfeL>KcD&%Mv~I9GOo1)KIB|C)!>@$
zm@Le1yVxTjR71roFXkcq`0?ZWF8j|%OJ8#j7ir<@P19}f9H>4sI%VaaneD@;qno^M
z|4T(1=5OFUMjjnCT?$0}{rjqZr#->i(J=ttWUMS;eoh
zQMi2dC3d~-5(niYGg26RXI55%04iimJkQn4m}jq*SztlTEOsU2eEli`{Afyc
zQG_X^Q+GGP@bEAt*E>?ctE55)R0A4GL+^cjxD5YFkB*M&fBPO}Vr+zFBP$zaI+BrD
zfG;OUtfG=v=m%tgtejlm-TOp+K+*r`36Nm)=FiGgRCX1}0+z^neUz*Ia7_02>lXUr;vyxF*+UjqR-2REY5eM$M)$sk
zI>!dwgCX@xfAW3T#;d*MzE(n@1Ge|}e3Fvrbg8&8U%Yrh`QR1y?(S~hWiPLy9<`B$
z1wNpp!v}5SHDB?fN!~}
zpy&-$qux@F5me&Yl?6Y(H%%A~0X^PBLKU}o7I8S4*(4Ngh*j2{j~ipZgz`QNu#PW^ODIeZ=@q6$(NvMlE=w%BqclK^W!q^z=Rtw@-Nn`i+$vL>=Gt
z+xK(h9+;voHVG2e)I7@h@Dun#0w4;0%U&f-DS~2>N4Vu~0mEhQ$cWVLWS#wHgf@qi
zt|fKx$adwvZbe3t!nnGc+VJw8osmWK
z7<6PWUtg#CqbavG+l$`RRt1)5!>y?XN^S=>2txzNC7bz<`Sydg>L{nB$X`s?gYG-;
zlHR&~$ME9xfFJOuY|>*40Unq5(~}dU!JNM0s;Z8h$n@TPbxv)fkhO9y+}*tr$1Pnv
z8h-3_$*}i;79>Myf@1H=Hvf#eyK3j5qO6Q$YE@Lwdk0Cy`jar~YvudRtgu1breqoJVzXl&`3rbk#`oZ2Irqgi7iAXKf4
zN8+J&<$I*J9zD4eg`|ai0`RuxhC!1h}z`;QkB%hq0`J8m)mpB$-ijrCdrU?{hAbm*1
zZUg!OUs787UV>4~Qpm?3I5-5l$ExD3|>V?eP?SM8UOM9<;B@ZO|Ikh&6&-~I?B^IqRb7XI0xcrriJ6y
zltuYtKpQ@ogzb?`0Z6?n6s679<)
zTg(8M%76a+Dg7)@5dZu9-!{v{9-$HHvu~}Dai4sl8Ih8b
z4vufjLAOjzWng1xCmSE+d8q%^@ar$xHy<#f0(sgy!si8-lX2Tqr1>Z7nlSET4pvsy@~vK!ot-Kq
zi{!BJ*5K8vP~ev{_p7vWSX9nEpp`Sbtg2%@&0ESXl!2(bb0-UU8l<{~4BC&e0YJ$&
zPfgLqGsPFIo<(mifI$DnV9wOX;o#l`)*BqI9e
z&7I#}>_`m?Djj?;=&mGHb92R}^O(M<GObN$M_`UkMsBGbY4MP47K?_zrP{`PUeg9@~kM4d)=$a$gZ6>9+zSDPNdy0=bR#jrA&C!~`o~-!(QqxA}V?kcNSk
zF`)%JyULGO_p9y)RD|KThk4%kMukF-ABkO3!l$UMg8mcj+E}XDr>6!ExTyL6;{{M;
zct*V(mYtay2E+kUcbVCkM{|s@4DR_D6$ME0y3SL9tOktu-d&G9-*ZTtt$Q3uXT)ts=iEUgJ3vQ
z$78-d8PD@9dB`#X@DtyOo0YL~08DiTK&?@VTrLP$gvKkE({pp4Gpcgn>{ANBc$dMB|Z(ssTGwt*n#Bt?b|o&
zow=tO6LkU5h3fC?i-zo>BXo3xGE3RXh(HG=?Q}H-yS*HLyqo>ii!sg4h0cW
z%0nh&KzTBxs3X37NsNTPA>Ks)ZF{zLR&jod4Teh1xQ@KxirJkKY!42sBYebn!N|O=*pT}fd^GvRh7&i)BnfMpNi$qfYu|Yf28>2
z5vz@jHi^)1>n7%!jDsoS%VQfFl*qkWdmA{~5Z_s-YH2Q7x}Lg}89N<)gP9N@gL
z7%3p2X1virYY#|j6b7yYPpYGd`c7tM=CifyuZ@kxpKDQ59Y`2jY`i6=Yoq`z1r&RP
zLdCI_n3(X}jrgSW(#p9xL$;Tt=+V&+*fffX-~vaF2jqiuFVIm@Y8{W-8@H_k+YBeF
zZP2zF_~@bR8Pqu%?Jde_6mO&1Z4O>5v9XCe8OvwyRxZ)&n-<5NNe!Rgs||fEC;-|#puGHH8}8@Qex<*!mQrkEyL)?ky*___>2uIEHAT?P
z(H+OLW}kU_`+5+aDNfkk+}zVK(o}^&F(1ryFlba+O-q`YvA7(q_`t})!|xIr7?>yN
zzct#3j~u-V3+bR;SnGQZ*{MKJhoazD63GP=&dmB8s;SI14-vcNlD#_TJxoR>#+l7c
z0##L>TX(11YJOm&V`7MFJ;wzOEFEA|00C`tuK`1E|Dc4d>_ZwF8nPzBN00s>bq>n&
zIR$9^D)Nr=j#5v0p|OKp?!9}}4hJ~z&kn_ZHMmOGs1HTy0r?gl9u72;7s!1cQxzn6
zd3k{$VQmG~{J&l1<#Mpm14AFHSBNtBB^2m6fAndBF0zlzcKjW-w}OEmUz_0cK#5
zyWvcr0=S0APS}AQd)@{vmgXDQL+1Teq6W+A-90msR<6>b+#c8Q@1sc45jSpRoX0(cs
zGmIA3$cW^7o0>gh9}EnZw1S35R!ws=-WOohX~VF=Gqh@F!S~AjIq?k@IcX#cR?a6B
zHG<(oG$${2_V3QTv~*y{sLi~Au@xZ#S&v$q=->O-V!B{qGCVrr01k5I?_a!B1u_gj
zjB0yU0?o0pV}xSJRzri
zoW@pbabXf&60Q@0`ADIkw6ZU-$g|yv=o*@uY0BB%FgGkW);6XQ
z;k1G*nFA`$X=!OhkaK=L9f!NvSgofvgIu;EiHCGDizLMMT2WK;?+F@6`D2?40a9QuW@?t=qop?XJU=8yB=A|?ylO$KwqM7#x3@n&
zS`V^nI-!C(475tdlw?r457XmX`&L2`H^LN_=7Y|jIwA^+kdbL8G*s`DzSG5x`4DjU
zv~~^QyQ88hs;Kyu8TaV_m|?KrHM2ZPC?j}k6rWer1v8`CQk|%T1irGWs$YCOmB-lu
z1%PI80AB#|DIcxgZVUMtnJzUC=CL^l9bc&`OAxq8JTIM3OLhnPhCz?bMT(%n(dz5#
z2YUNp8Z|eIL7E#F4Gv?U-E3Kyef53*?+qZrlnO6Ctbw)sYe|~5Lxm`3O4tNfShe+21|D#7E
zGWnp9wzaj5HgRg3x~e-m{&u;L1EbR1(C4yZ=Xv?##e7Z!P(N-IHTnaogS0nZ4?@3p
z?`ZoXe&|_86ZetMvf~P>h^HqECx-H)mNcVHgdUfdlsqo7>B{pw0YSOf*x1=@mR_Ka
zIWDJ+>Q4G_vI^o>R(d*?u1?-1LLj-e^V3ca6Em|^;8~D_NmxEQm7ES`yhk@Wl+i7~VrN4BzaqQ7$
z21XiWdxGLfPEL-EgVTQLK8s95+o{j$cayUU^<-qOZGr{F*q9wiF8i^EkXUoS
zqC1@~PcFCDW&?x_48Ue6T4g!;;qzy2R`tS}Hi`h2u8fqz!YLDHAV^Afvhl6$ZCl5!
zdRj*GJpJ&gJ-&lRmmxjB+?Q@Lor;FU5in9&AFPteetDSN9g06>F$7X+OaCt%m{-5G
z;ZhV^tf|SyKdhPZih*eX8rGcQy!GS?74!fDT_c}y+>FG>(czD|vj^@1;`K}F#I@EINPcepv?WK+Y
zVD@=N0k;dq8&tilxX)HoM<#@Ca|9$a8Xnv1U^Lvc>(ZrMsK1>2jBw*J>Wwl9eUryhJ}dJUl)RxvkOQ
zLM9nOb&ZS+Y_cw?u8vy*D-YF@*4N*jS9{O`qVbE3r2wMfbpP7-(}T6yb?u?EKY$95
zNGO1w?fb@f6;e#8TB=8bCM|%%PEAeCrdNV$u2$4;UZfW0kAt`Fv%sp>JT``TJt*VF
z2_^vzc8Nx)ey8Xm)*i*e|a_l
z>}L9x=SO791HiTr#d7MkhpK0__VmyLdT1+2mrAH_>iS87kPN5tgIU&~X#Y8{C36$1V-xtIk-C|U-W@BQp6&CSZ3w!N$aKLwL*=1JGZA>7+h!36$Ism$=D7Wo-
z+-mHuy?gggA7)Ts#c~`qxBY*mg9{K01fq6!cromHn7~>A|m36zQ5{++;0vJB!6v}_>yJSd<3}XnM^LDVvk7yn#b0N
zfh_r=Djn_Q#lI`7tC;ddn@;Y-Y)Iw$`w!wc0gExFi1*0&jN>xe?i$gX_q6JgT+SOZ
z87ZU%o}75}E;x%hT3ESt-5HshfIwSrDyXZHZ?K32(^YSox@h9Yn>TObxT`FU#ZvN=
z6>Z0?d9I7?lV(*i?ztb98Hh4
zQ~X$vW9!|cCxz*6ZKR+zZ^%4e+sG^FD=1*~7l-4N!f*K{!z?f9@sLi?_v{ILjE8U7
z7Mq%8B1c{_o^k@P^8!Q$*oVQ5UzN$r*b--P^^P`7_>kDhrlO{Xsa)3XYVh$vki`3{
zH$9R^o0B_>>wgM#zFd(4IhX8tc>`4Kj?x9zPcfu7k=}hX?7Ml{ykd8v7;fLj(5kW&
zd+Lnjn;m4+3#esvU+<_RDk}g4orL8~nInfPbZ<(k&M(fo!Jrmf^knio{!oP46
z3OSq&Ac4=aX>K8(O*4*tW=`St-)9$cxbRH=dEI~hQcP&~BLD9vDop?X3y|yaf3XgE
zM_bcY8xM&7S-y(6_`KqZklwt}N~V9;{&QY*w5oZm_dm;@(^mR`TeA+kAlO0>`DI3z
z7@J>W|9tkJzsv?Gd;k0YX}n=5?En45|9`>1t6?_a8$!;mIrtGh0crDwgfVNZ%T*bL13o+?=pJ$xw1T
z-;n~^$P4Bm5DBpy9UWoLsr*|W{S^oQsf!DhwvG-1c?j35?VF#XV;EM8nn=eJ#M#K1
z1O)Q_obg2u$MfX(!O-z0aZR3@x4F5O$lu>T*diz>==gX(VrFTHFjwW&X{0a>b%BB-
zWv(6n$L56TcJgCBiYMIMq6=G;=HPx0rRO7G8!l|CtuO~0er4aQSTis>Py>hX*;b=C&^W7Z^k4*F2oLg3k5UflycJ6>N?t}1
zea%?WnJ=%!b2sg6PFxK$Z5_))Qbo@T3_U%)wo0jjCi&9FDzdIzE1oM|a1gq)9KdY3
z+>}?HgALOcvi2z|dW+sfAlj~k%|StjKY)c9qJAP_!PwJ(_rS$WlV&LLd)ut2zJAnM
zgVP}!o2=}oO8c!TTJwDPlKj?ecv!B*6qO=
z*NlUclheuBxq=xV3k%EFzYul%c;tnynt$3tr(&s*RQj1|I5pPA!5Tvj8JkwsWe0h(
zlycJd3bS7#iiGqp4etCp>JF&Cncg?)Yk9%2{!qa*0VvTz-3HVWjq|~x$+E1|EevFC
zDjLCEC7DRcru}+$;}zM1oZS2>2gT(ZN{YG!-oc0`3|G2+QOatXI6U?|*yvxhLzD2J
z!k3mRnV39o;77mU9vjs21G4>h(#0KMl`@p>#ju^EnMnj|gz5-78qOl8?{$9}lDosy
zq}YVhxSTzf$S3@8DMVSKQ4tOsV}5mxTXO|}%1TTJKoKK;4?nEU22O2(Ycl%M)9H9h
zz%;nc5TTm>*Vap#Y^$lyuUUMyOH&O?{>PtTq+MEI}^;|QWzLm
zdNWB8unLcijCB0!RX~cP;D1uiz(s&sF5M%oULV)wwsO7J!Ct-Ii(IcdFz|;hB!Cx)
ze~OC4K+eF=Ry4Ky#mfCgfA{Y_evi3ZpnqnKa)6H(-tH?NegTW;4{Vx8?t-LU4Yzc3V8LbBoPU?05%JL8LA}^t8PK>vHMX1+u^(zjnLsJ-Hp@uv
zxqA=B%4ri_1_q{2{oMEOn{1B>S#axqE+i$2yKln?H}oMXDf~wuwrm_fF#<^{!JNs`
zz0*NI!ivET!QOaz%KF=5jXjW4`@2ngetT&917@FnHi@Ri1r3l$}${$30_5!@l@
zg)?v<23b}8YA|3*h0~(ft`%35`Q_)c63{$GhpUH!f?E9Urz$>6OEWVHTa7C>R;r!%
z-ZUK5kA-iHlT8Ob4WVFqd$bv&y(+c%cRh4wW=3H8Y08d(7R0#Z?&PbtQ>7T7qvH>c
z`1e2L|X_QK&s*)J%82zq*YU`d%#)gT0smGN!}MJw1cT~5!C?%N-oojzdc
z$0WSbzrH66MsCn#iD^i&p}IgW+TEI#L*6+|nqT9RdYg=U1UlfXNQQ9+axMuj#l*s5
z;;YKDA$h=<@pA>A{Wm*lhv1_}ErY+mPF)CJ9y5)O{i)2o_jkD9iWs7ZtVJ9K4`1KV
z<`i$Vnd!3Zxe4(nlFYw0_O0D><5B#9l>iwh1!zM=9;yu8CLLUzxx>pmsev#kXTE~h
zK0M2$eEbTVL$4NnW=oVA(YBnp>N**BdRTG4N&#ISxQCg!^|b0GQPl?6{D+d^*tyDC
zo=R7joGHaQ3imXIR1ynTp!Z?pj)x)F?`?ijBX7)`k;2U%KfAqESf0jm=*<3I_Js=p
zaitkp4McCYBYoR+#A%~3zPprGStGL4_j!(&)$CGN+~MKjG2u#iDjx^r(;yFJZ`$4G
zQtE_HFw2*(UB^~|17Fi)Z7FxXNG5~_EAj>52pvkws-L61{?|sHFE4~8Pla3$z5(x}
zsLA;?*L3t!22RxUjtrPTINsG$6$+My%(`_w$WY}YNb$kJ!C(SMhryhmpC2qNoNqVY
zGC(AX1eD=?vp!v5z2jQ~#DK<8}{_7_(c9*ng&w?3Lh#%xU
zl~*wk6Mk4xeq%80t|Uj1gqRqLk7kb-Z-qZO0$D-8Y6fTb6yqPw4!Dizem8AEHGvH`w2b4qsS_NYEvZgZ
zX$}pHsmedS8!2sler(hBBkJx`EiGzb>~K>oFviTHq;Da2anisQiisAN-*{#xjQZ}U
z`}Z{Bw3snmK(vR$7&+Bgut3#zC)e@t@e`u0p8XPnkVMUi*Ss&pL@TN)+A-Wses;8>
zjIR7~>rQKX7A;~1$UEe@kNcDUhjLI~WnaUo*+B5vkR6l?Ot0EnSU}}Q-W7D*YcqYT
z>w&~f_f7j>xm_Hnhk5i+Jy*VUT@0=iIvObR=x}rg@Q+_Yf>xQ2GBSkn{|O;tvF;D#
zLNCb{7T~@9Nq$L9rO^J;{$UPGAtM}|UB!D*705=T^zxom3!2P;pi;ufo8exn$0j$s
zzdZ7p?}$LA;PPZ$M1QRyI3$8sh7imJiWmqu3{wo*kfA;;JjD4$3R0jfN#0&RZP5eJ
zoboeU01^>o6A$j+Z%%6q+1ZhzXDPr^)%(20Z7?U{3(i_NLxGNkVc4JXQ{I9$A0QR7
z8X`Nf>9daZ!pQ*@Tl@mm)YQ@1*SH|r!4W`0s4$t4N>*J-_)s;VMk&RABgm<38pv)+
ztH!cw+!2`aaD9>3CkMw%=jS7YzXM#z+yF9Fal)s#coKQB0$FdGO}9TV1iQicJQNFy
z4a}aRRCg#Ru(x$BrNI)6zY~rM(`4aTg(eTtA1H;r16Oqct?7d=0o@@B$`4`&utJ;N
zk7)mhJMrg#ya4@nN84VY?LshsEPhSM-JMeSNpDr^mWlZg-#-`=n}6k|&`WLckR;5)
z)Ti=jBap*k<|aad=l{_M;JqT#0
z4xpY~YVt+)iJXmJ|C=Kq1yN6F$Wwkh6azCa!5U6sg6{y%HHZRfE8F#3tLD{yhV=8!
z;?n?&xU=EGVGf*saA!i_V%EQtI3wd}(Y&wEenvFpZk#efKM9=NJ@-7^6cNrl?LNCa
z`~B*p>=V=n4CjH2GZ7gkeoAI*WTTcVg;`U&uRALhw!B7k4{BN0#wwhAHVUaFcDEZV
zhhhpC?I$yjbibA3*2%49j;GaSjejE@SHe*<&0>+fb^e8T*Y@M*-;YM4;+euqT1+VC}2)^m+B+@=BTe$i5)ypgafw4(CG~ViEGR=mP
zxGC3-3fm;U%XVs2ZABX{dB5k1o=r-whd&-W9|}ElpKrf+-?dUj;X`(d{(%Ea!_t}3
z^q=WoN;2-hO|yrOsgJ|HXQb%<&Ed7Kdr3#^Ek^`5$jRQD~cc`+);TUaP+eo
zJJE?V>%C|ys4SCo7IGF6|63Zd|E%Jrb{k9z9%x&_H1Iyje|C0Xbq*183^R31`w
z32m+aDN|Kf&(=GiqgWCWXN>IiAry|QOHy9$eLo2glK(v5^IZZ|cI4Z5-7tDMXDY4vzgqJ@ULFH6LY*;E;W6FF
z?m}mU<)lDYl8{!@aT{m3+sV7Oc^e*HUbBPMp?E&4Bv@ap0zB$fm#wCY*#LUF!yZ<_
zEroHo5Z=|##z}p!sAMrSVakIV_lVj*6Zhr;N)=W-R>11(wdz!T$cVgS8RD)ikJT
zK&`5#&GwUo}!euU{%;Fco!z6S+?2{mSCOTmeZ8W9p1&3dPj!_CPAt(A(m
ze;#1?v_#@d1dzX#3?Tm^`tM_1G9bp0$OHv>;r?WJnDC7YV|xKl7~qrK%*?0A81Len
z{!(YPx7byK=q~*#mS5OCqA+4^VbSnI-P#*+s0*1#!4Ly1uR6s>LkQSM!wA^7ZvH2T
zS!oE&+e2@dnV9tY<5Rz@+M29W$0DHl@M)!Wtja1Gf&=rh!&tc~?D=mCF8&GUrBbII
zL!qMy+m8=eGfGFM%1sASEC@IUtw$0B9Sgx8?>Dgl6FuF#&K7W@Ra8_gR0@5{DA1}h
zLzW1=XnV{#HslrXd;k0R@2iof8cnT$i09$sGaty3gESrhBjn)laLk%-ys&%izeT3}
z)z9k%FU#&!Rp_f(SQNytYh?kUgBRRye*f?j-)gEfpcEH&
z$ndYzt(0POJ+ti*;`FELBCtTv3D6eA{Nh
z{+04@8iAa={6Ys;Qtex6|86_HwF_ZRJT8x)F?=6ZgVfl!$
zYgb#3t^xPKuGi@HV@NYGk@f+y;0%-x{_*JF;L`U&t-^xq|L4PLpsYtYzb%AfNzDNm
zMv$H9hl9yjRlpgz?DjvmO!jZu!Z&EWuDVr!vY3E{t`6ZB0Vi7dU&Y;qG(SUDW#?<<
zrB^!-@Wg?3RC`E8YgcDLsoCh}Y{@xf@-XjDnK5Cl5Dh_c89x#7y}fXW2?B;jN1di3
zZmhbm`e{Qk{uj0zH~0j4D4E!
zvg4H&fSdbj?bphoXtx=1P1+5}owg8q+)t6^hsB(%wRc&~%~sLU%5QI%gt;rXv2kj}
z=AV3yWyRm)g$nR&=dGNHe)PnqG-#~g{Apr!`U+D86NVeKk
zh?rGgzN{Hf*Z+ha&^p%S*+kB%`*q9n>P)l2rQ((;qz6>w=bQD>tmaZYn>9;zU{RLo|NAov>*7JO
zJDjQryJZRolHjK}xTyTIVUk#_)~={dvSK$=`un*oBTyplA>jj)U9~p+jvukvsE1%~
zFutre?nx3`Qd3u7QhO_Ou|FU#Oh~I)OiimfHG3T61EICCffl<5sme?qa*sS@#T$!`
zvYgC7MkeSMvZ#F=oS68EflH28>%dP#x6S|0TXVF39>?-;H9+=R*w&MjjsL~gb-+{E
z_x(d5Dw1SV_7*9!$q31eY%
z3K&BZ2e#px7He^)B`)(K5f}4Waiz_TQgM8-r~hnbN3WJzlS?1TxwNgD!dQNkyXC^H
z(I3nu9cBQCiytp!)lQ2nz|u&4oBk|yVOnkWbIs&)meEBL*!?wXA^Uh}uq5=Zvayi3
zXgQi$CE;p-*(-&E-zf&FjEY2~!zO;0Ap1&ucQzF&
z6-tMZede=mI_kXzT!l^a`yS7n#GM!f8Q3@!98K7iR#)>pF+V%Fb0vYI&%J
zXN40yDBiO>Wr{2W8x(j8VI8L!o;!_?g?y>!~H?KR;A
z3J?XS)nw#8zDqT;U&_Arz;q6;4Q!O7#485TPjz)Nz)XI}Y_-g+DTbX2btV08gFm}!
zKK6RlKCi0Er=|l_jX5~7DX}vOsp@tkCF-GKtKY93%N?tFpXlXLs6C3s+cTo%^~}&x
z$}nf}KW`g(WBog34I)x)NHmC|BF~Z!o;r9|
zZ3Ts(54RFN-QoTKHU&Zrj&np)U$|Ny+Kjpm7`}xv*yYpsDd%}D<^~Q`=EPN$FbDow
ziDae22Mi^*53jwLN~*je-$XuB@yfM;hr-zcH#a70dCT0DF1r0hwe!~2L-SYVce}ej
zc2|3kHAQon8AN)K*_dk?u^CTo#GbLc`#FSgKxDT9*0q$x;DJP+K0mj7fYgO#sSD$<
z$zn|MzAllDOPe9d3J(2sh+igIIw5-Ko$rI79CT3hD|27K+bD(EmoHrntT)9AknZd6
zzdux9QEErnQNfq_<%>4x6+V6Z*a?C@`67aAmpGZrBYl<>=Fxk{(u@z#$Fy~Jtokiv
zvUGg~-kn*v`K^SLYT{G-0>5_So0~O#2Z>qc#S!z7yPg(l9t4LYXtuPo0S=NI78^;2
z?&A}C&Re={!x0igta8Tmf(lm$S5>Mmu6e_AH7{61sEXtcAbYlC?f|3NA^5)`g}E%o
zbjb0{L$kp1@ijycy^w=N<0`6P!a%MN&6GLw1jb9E@a%#cpJg4rA}4!9^>pYIw$o}V
zX@iPNI`mMX?`BJICCl0%#)AH3vj}yYcdeuCF@yn9f85D_NX-`G!c@;#`!HoZ0)jvs7|vvBSXv#Z-Y-v=mX6^c1ww
z)dQHbnQJlKo>jT)i45$ctC(ZUYv@No`wt|db)Vn%qT27CS!?-NVRYEMFjf8gmH*a;
zYm?Zzer)5|YuClou?oJ?gcZbsw`MiFlZ+U&K%e2-Sk6~_XG>h%O&6;rd0)?m{-+n2Ts93_;
zrzhvK9>n*cxw!h`bW5W|HXiuqM%?^9k7;}2m+>{@fxwn-lPqgUxPZUGrd1{8rDgIR
z7!aM>APFw4N>aOR{)s)j;LG}_ZY6MGgCui%Pi98$I;DnTy>j8MIr3(mirJ3CZSoSk
z4&>?ja;7aW^WyRheiG_ReJphmY;51q5J=DO!hicF$m9AYiMewXg`4fQun-2bChrs*
z(kWP+?xgcjzq-4V<#WQ*zTsHHnp=2A{TU`V54=}Z4)V0VJMVd&9Ld*~-(hAc-VfB^
z^SwUZ6u`M#Cs{6j9s7ST(h(hw8&Rdq
z&F=-tDPcWcc%Vg--&Jqthg?WP3~NnV&=wUEFgfD>`TY|-J@E8vQMuX)_NsPD5rz4U
zUg02@%rpEJLnweA%cyFU;9RJ58=*(?dSM471y0l8*l=+}LI~D3v+4!89ZUS<{0N$r
z-UGoKNj|qG9o-VVqd8+eH8e-A=RVtk%X_^l4wXC)f8jGXp>(}qu~
z_S}H);^rOX@xDXQegvzWBT&}Ty7T{ovj8csjzQ-$-$_zkDuS!`$#xv{*jYS#x0Xb~
ze2LnJ0%nE^Iq{$924m;r%5M>oEvm_QG)OXVTyH00G0Jr{S?dm`*}hhBI!;Ay@(nrT
zeSac}9Y6C}CHpG<4D7*xy(;p3@nkf_b@ndSwS@ot!h3fDe{K3$yIiF(FHL(F_p{>y
zcPTjy)=!iB_ym|!DphVv_7ywjN8BnEr-E;|BnGkN<^RYX;ZZ_c>-U%ytC}twCLS-@
zKi7(VK<@pUKqL9i+$i?l7#sGE_G48`_`FF3z;9O(JTCdq?-3MtqG*+UILV?j39qEi
zw?_tt99s{Px&>!#!KKy)!qjqWW)CPIKS=Z(AIr?Fgb
z+38yGKLdHH=4rrxEi>ulNCj5^^Ora&$p=1e*BUnqx#ncOVwyjY&+g{I{`@n8_h6(f
z|9ix$n9D5^Y{S8I7&t`^_n@N1k!fTYigipqcX!NX
zZW5Z3k7mPpO~$U>Md6FsA>P<~EJEmP*!iQ0NDE#Vs4ssRuqR9S{_4$_w6=FnbM7yS
zG_7!KOvtlf?`8aJs(8)*4i35Br5|H^E_ISJn@Hlf1-W-V_;3wuZr!~1YN*A=!?L6G
z&#UwI=T5wnu5C>fZdE2m==XEmLGR-)KCJBj&J~(*VN$xd5g^5ysb>(&hx`}%(M-1X
zJ%e0NQ(|_N8P)zx=-@ngu9uv=by;hDZswN54Cle{Or+0*q(#*lm+n%~2t6r`Ks3%@
zduA>k6?w<35U1Prp~uE)A-2(iJ)PlDza*gVn^Bc6DZU-gl@sRFphacI
z)>Kn9TkqrSG7-^p
z+#D>ukL|cyw5+VyQlbdJg7~{`Ur`L>pF75@ifi&dr294OU(K|`1Dk?Z)hwBnD$~yc
z3T}N-Y_iv78;f-PHCkw#YWr)>k897{ATq=$y)L(TVRijJT-UKF1$INrLu*p&+FO9q
zLWlzxLMFhp09rtte07MJ2RB=p0d{Cikida%mEyV;PIQD+K5nt3*zEM;C*_67+AVL%
ziJ9e?toGCbkx(T9AMr&^%CrfKkOW3E+uN**)S^>bv##GdEXd~6;F2XHD|-w_$eS81
z_ZzgrEXosXRQVrU;%-7OL2muW>JHYPcoj)X%cUZrd}A~zqHm0K;cIQ{d`@_}Z@agH
zBzNYXxb7%MG02GKP_GJ?YAPI`z!0?lUzEVf9PlB2BIiQ;<566HKX?tB)tEi5JzK2c
zNAQw^%gyunqf?M1!v-Yif8!m-Y)0gN-f@VXJpx=clb~Uk;K)oc?8I~(x6ce=eNMt;
zj}mM}$vxf>eEOzLEy@P;#D0v|`(>x^hLZoVhx_0aiwI+wzqPeFr7hK=A
z@$Z|S0C4R~w5eWUA*+hry(A>Q8oubcnuU;+me!~6{Z02J`<7f6x0D$64z4BkLJrl8
zXVCoAaEk1*zs}GcU!;op6a@qdG=KAg05<^4!J-^x4K?-0?9usVK>)F^C;|=z-OC05
zKRI^_pG6VCVZbrNnMVPmE8PPehWQ9D>9R9rxz&7MlAHYH8~$ab;zk@t4o>zkb^hz}
z4IzbzmadHiPmSml1h}e1LYwBrSY2r&`&_vTe`Rv9!s{OTnf#@klKGHin|C4k;TBp(
zeCR%gi&;pD2kteG>ObA=qvYF$hS}nto0G3n|KNDn9!yWx<>)(9-iH1s$J%wvA7%sj
z3^-NxA5_Os;9`Gl*5Z8Dr#OSe<9-8FX&2#jubH63J*Us-j`mDfkEzZ~evkj18Gc=H
zjD<`-8OE|*^0)o+jCAm~?{0mxJL%q9RdWoHm`~SAv(Mw8{Di(vI04SK&_H1v!QA%t
ziZY<<>aMOE?#4Fn88mDmp8_~ybyH%cb;bt%}UgJs0y&9-5m-!~_{5fhUMF<-Le&XeVpf%R&jyV8&JutA&;=1**0B1vY?dX#=K$)jOoxv$#wzJQz_coV)
zls=ewR-bh&d(So5)z>JLY|l+GETl=OWObkRK`VdbEe0ALgS0PB4BbCy(`9Z?IQ@z~%`@kgnX*{sQXMpaN`7$SHoUO2e~%Y(-f$ahNh6GJiLHQ
z10KnO^69C1H8ZmbKN|(cHwM+Kkbz(E+_aTT?ZP?Ys2Z&>p^Xz|K+h4x$5k2$)3zrV
z>*z##qGKz4->)ggj>@%fU8%xeg8>?^_$g8Zj0Q#j|fp8Usgp>p_1_IKAgbKKlo#7eBbuX*XTM`3>m-2s*?ttvNZ5#Bze@J#GMpFzdIKYL)n4dhK+df8-73
z^_6;((Ag`N43bvu@i?JW_OG@UfZcsw?XA?(FXmW<{RrcE=}FV|uNQ_$Zdv#ipAM9{
zZb@#{JbfNuZB^c+XGLZ?k^j;H0NZ9~*QUR11
z->F4dL8$b=F>Jb?;Kpl}gNr`ExE>xJ
z_+HPBpk(N}Brv&*+Su3t4e6&()cacpLuh5)?5X$)SA=C$2D!q_K?zJIu$wkuXG@2d
z%NBUSX7OyzRe438P2yWn`ykm8;}y^n4y5?G6U}aIVmmpp(dA7_MJ=}8a?}2!1+VsR
zP5&0Mp!3y)R7baQOl^0Nrn|~6fY(B+^|eFYX8~3NF5@XzfdWa@tfm<*T-11hmb!Y1
zZlPuA>d13h87}Rt&H{^;_4OXr83}bRMUaw3MhuZomd+&hfbq+Q+uK_%S4Hpk7lYGD
z(C@kue}nlQ+++rjiM1w
zi&PjOup6*EZGaqL%DGXu)1sgJ*%#}>b0^P4b|$ejp&?7Ru*jk%N*a3>SU2E4rD2E>
zCf4tqYtbc=YF@=vmC`Q6D|DM2Z*0c;4^Lui>;OP`*do@=$hE1>J1G!a&9bmfQ}BbN
zC3s0k6oVftRyuJDTwrlwQ72o)Do#QCKVxUuj8@$C=vGO?a(Jw-v
zh=sPsvZ3A2mV_PL_0ejw(^pbbg8PB)ULQs_xnTia1<3rqgM*HoT;Tgw0uE3TFMR@4Bm=heLJTim-)%FpYd%oBZo{3FDjZep{cJ++S*ZP<_i|
z4J&8lvO!S)URwI|qTh<8vU9@qms>9FJlX{Z7Em=!cW(B0
zfHZ=pf6C46*kB`ZO^n!Sc>)m&hzmSx2BHO=rIh+qWD{eTxOZkT_HfL+7_o*)-41QCKFimy)))
z8NjqtX@^kJB+4(pH3%7*-buYiTK08A{I`OVg0Xg2w9(xwU^~8w?R!`b*G)Jyi5))8
z8uS614-h?Mj^*PE)E1Fe$4$s%&u|N>RN1s+qR-c_C?EQ1sm1IplYC!EI@C?~xw?6U9PmGrTzDPs=caiS~y;HTnS#(7w!>^yp`UEM(3IfWDrJ@873|k
z!L!3s_Y+#9_*l%B!Im_Zb$iRV7U0s0M__!Cl2T)dIFT6hQKF+`s{Up;wdVStWG50W
zIm?t?g9n&NLPEmzr+Tn$LnRMOmciAHobLiE7UAIjfwX}L1cF+AVIa4|wZMKbPZ|nn
zwJuR=F`rcjwFA^=yax^k3M%f)4xjtAPilRQ{db=tq$!-+*w0Orq76$MG^@?hE`B^x1ekSG>_VDH??&PlpdB}&4FAb)vF-HN%MWd^VOG`Va=?T
z+Od(U?OqI`vA4}pyvoP*j_Vn94M+EeqsQLgHm({*p7(hoJye!k%S;Ss8J(T%<&+EuZI*2Z}E
z_KY)aU_q6Nloc+wjP=x?raaNip5!7j&Y8q*wiwZBH*w3GFNr%fYnAbE1s0l_*!iz@
z-gy3gO1cSnapVNblUw=0_?sXdi4N`4&3gmHPRaF?sWkpk*R!tYLOjMHR4PV@sv-Qt
z4vf%T7~;8n_$q7jdciGP;f(`BT{dFKndZ3;zhrF>&s1n_ex|e_Qw=oH6wv34N)q8s
zVov?_R;+>@<)@R^(A>cE*R0L7fx*_2vWnEr+SG-q)A^aZFqt(1HG_#nB?9<_o{a6D
zjIB@VK}QpQxkVe{KJUr8cwdyx!a{JM~=%?ms4
z0_dPynV{j24n8}6E#oCWd3x~`?j-h!;7kFons2I+{D`v}jn828O)DUCBZ)M-7
zU%i%F!b#@*GKmwC#
zIthHc<>X0=Lanw_>O|_Ax}MkG@=Pxl4XI>VFpp~;)K3q{Z8s~pRl&9JwOjyAJ?*ZP
z^W8R+vP`c^@$ykJ`TlJyfzk;$nIifUf|vY*{vz_Vf23;!cY=(gnW?hcaZx6BO396N
zysZZxWSLb*yZn#gh4O~XMs{{CB@jmtwY`GqFlITeBxl;ge2;Bu>1cTF+Hx4txaVCZ5M
zQUQy(2pyILLW{nOYriIH+;4zp3D0
zMP3^A;R0W`>xW!z+-@lQwD;x1mKxDkAA}!qeJ?lNbzWB?H5Q|wXATLx?Lk^=zcH~_
zNC%(Ueo<>wAeoK8#euKXR6s9=WPC@zz=gsD>sp`xf)%5VWieHU!vKP2sfMl!cZaqA
z2AR$JVaEnI4gq~C0PYsH;{=9{BHb6aV#jg@^_3dOGYwNf;D5Jk)AycTe&djhoDR`(F>j=Um)+VL)f^r|?AeHU{IKKAA(217NOUfp}IRK58!BTgk9@DZcN>HZ27Mzv+-fE7oFlhU%8
zEuI4;1BGI`t;TNL$DMJ%e;jZJeqFjC3s>5<^@pysZ~A=LAL#F8X6;8In5$899Jxts(Zj5x`9YzYA!p}g$wHE@u!KXB;pHQ;Sf^(k)k_bLjNdIn(k
z{}!hWwTeU#7I}p`IJ!eg%WDUD$i#m+-@ChUt>g1AhZd2c59`CC7FDH&)B2+3t_=}~
zZPlCyalUN^xsyaYIeR7h1HLjUU^Iu8$X$0x(oqUiH(*7F{OG|M
z=wo=}weLZIN(9N?5rFvrrF$zv^j8asK|72>~0xhOv{;o@t@eCX5*zBEZAI)ag_$NaRS3qCd_m^JQ4iNh*bf
zp%30gD3yp&0ow2{i*rN}-H5^ae`xGgfw>O&g4Ab_yGCPoRlke4t7R}`yMhg`asPv@
zqB09j%1!c~KwK~il2;&(wT~E`sF%+A#AiWQ=coQI?~sATS1JSh$N)&L;R#ULJp=vU
zU-dU1G7GQIx%>d~>>}tgQd37k$94>thb9(tC?7T%_caPOn2F0JPD^&jVPi$h>ae)O
z@}qA={2cdi3f^D_5Rp~P{^u8ghrAdLs-)(J)<3%yk}b$G5AuMiLIS9S#Z5%&bj^SG
zP*1+$RICF=3(JLVL1ICszfmQVS2_U!0*xdn(3%cxDZlyUItp_uf>PdT*k+}bCP5VC(qDWeQ?7qMB=_sTUhpY}
z$)vo7_pB`i=DJaU86vVHM0i5|@;>Cy_wU_%W1$Ply#`2RB^1OR`ZEr>84h$|P|mFy
zV+nU=yl!c`8Dubs&B7Di;ZS(!sj+qn
zAkF|K&jIi_u3J_lGmFqctobS{DN3H_FU%hkpT9Qq**DCfYaw>WLOW3wi!T==-UDoS
zA6?}QvljN=u>9fN*XLvbIi-KZWS5J>77Rd^HQ?WW@QOB$VCzO0@m6SQaw7sL9>IUK
zGZWjLMOftnvQHND9x540`w0tcj$Zc|jyV$l#V}JwO)W~`gASiY$i9~;RO}rn$NuC$
zCQ>Dc#C+6eZ|T_M43MB7sd1`y+8kgpDI=+hre=5|G*z!})_B3h$-VYCrFRgLU>~t~n294cs<0O@ZS}Cb#yc)+{8d
ztsdE?DR1(`-+K$h^E?KlBM{sBr1?3oDt`I;Cd2h=W)x%02_Y
z2*RCSoY2hN+-M73kh2P*y$YG9>N5WiBeQSXurl1Z2pl7jy=8-&zH9&a&v1W-R6RU%c+}XUfQN60l
zxjmRvDt;CfO$&m4z}#FtPj!3*tmJ_9rTk~733>6=?@UDa0W&_1?+nF#r9a~BZIp4&L>60AV-aQ~V$m%S+(VrpJqL2(`g7>z6G7&{?G;`Wp?PjGs@?(yr
z!Sbmym5hiogR%`cQw4=`;QsKB>rpf@BSL)o@#?vrRnT+jjyl1IO2LLjLxcNI85#G!
z?|~VDViF#ty5`%nFXX`e00?MkzgIVt=y~gCNto4Wd(|86wJx0m!fLr?GQ=B!BLKV_-}WSBXrt>)f*U9GODJYpK&nWN=mYs>
z*Hc>}Xy4Jr5FqNnlqg4WcbSEXBQ0h-9GU=(lCS>xC7S+z%cLyho4thDR`h2?VY-Mh
zOeH)bGF{&s2_U|`|Ks!>oro~|o*ZYiupLnJ
z8;9VrQNoP0#F_8j$=KQ19kU0P1MeIiQhgnaqa@MBE)_MMyG5cr`%au
z6@W-Ow~-WZDW}~N*pj?7_O>uOi12%uhMM{hIxqNO`ewu3{6Zto<&jcEISfGPCI+1=
zimA{9p)PXk&?q(sv(T^a&<7*ItoUH2{kE0WOtLCX@s}@1@lk1{7IZJ_gPv|sh~m06
z>ShBX%Xw~Pt=Zkh~8h-dtTGZ
z+m`!0^bDTz8-^(d)a;9TxgM0JKv_!JiTuo{`CL?F-Tht>VHc3+1GzO)-h%96*GlL0hg8x?tS
z1RxE;d)@C}yd?*dta1LiEC}l};Ose5jL@m;Q2BsBrlVs}^n^(BgCzG&mjk3yPybod
zqy-1M-zI55(gUWJ_0W$f+D9QQ!UII4IP|FK$Uh40S)>k4L{yZ;0yoJj$@}V7#xS7x
z6h@DvVPNT2sf~BLqY=IX*ri|bDg8q^bf@rvIpIc1U!VdJ1klu%EkmG)M0oK5i4_#!
zz^f-YQWIcD)8(8%3=8H`gZ6laUm=OXV9)Ga#%uLgI7)T0asm0J5VB&Z7|Dk
zvKW*lu7Ml11oDF`Kk_<92U5YcbeUOJK2+tO6;;gbN4SqQpDZK*&Hn5k<
zrlR!Q%MMygbKv9~1K6W{Tlap(IaKMwG0ZL5W7HV{l_Rwiz$}#75iq@ZM(?}t1T;(r
zeEACszJAbpKUj;3j$Vk;w|`?wiEJG09D{4KWk_VAudl!Swm#wiN`1_wtU)F^4g>Jz
z9xPH$4h}dN;3fT|aeo8V**$>rC%?7C2yj=jy;?r!E9g_JJE8w=z{Rh(AIlNE4*jFDsRP07d341kFPtP*pEy^dml6o-g#Q?DK
zarV%1Cl~t!$vjYlpL`oHEBRpP0WZ>WY{R70%#O<7zCKZOqG)mIVe(PT6%2WZQksSm
z%bu2o$hRX@ST=NDqMGPM@CYc4yZeSxOcXN!RRNfnNL!
zL=^#23%H0TC~Q;!!Td5^5I7FCNA;8_+FN0DCvrEm(Sn|?>KFm4;seyrME2=kJ97Bs
z$8k9=Km)8z%MErOa=zRGsBgTJ@GlJ@#dop&GUlcjuOm1NCEO@96~MW@9sPf?#dv}A
zpDNccG*6a5iG%zBI>N%y3$_-N5?^T6PvB;sj5u91Xb)9Gj||6OeHLhDYx43;-!<4f{TC^z#fR(UON%Tf|P9JPhD8-gRv8Y(qZ}kmoH|YG$%z;&z2|Z1|RA=#4jo;
zUCEA!G{HEb9BKceLy=B)^@nuz)51#!&a7Zwf07>Nstu+y3V`2V|yzokWk!%r)J>&+&GM0l~
z<0tljB6pk=9xU+uh$6bGU>92@nT
z7}Pwrv}1#O7LfHq^|z6MdOJV@fNBRw;2+~Uh0CeT
z{`5%+8eQ&CZp3FX9r+h?#4^?HOG1?FvrQhIj)NjWRDb`aS~_cuFq=@V8HP~iaLCSx
zH~2ts(Yw<^)v@K-P%wtn>mJ2wzkfAAY=iMT)5p2Kmk9#YosT6;1#A`8HBVN~fcx^)WT|Isy;mkP`>}qodhB
z#Ro+VpO{4;>p~Sk8bidrUBJw-lgnk0h>xo9|CT6g+|5CQf
zfYX!{kg`uQ2Y50%?|!v$2s$}{5&GO`JfVq2yfOr76Ee*=`6!O4h>y)*X^EL
z!spxc_=7nh=!4O^U_kF|%&r~W8$N`=x`QbYpuf3;j55ZXy^`Ymt|h#d_o$L)-7>ojdlGm}62&9eH~8?(7bRwo$*r9scsD=4
zsFwFW!j8a{rbPg-x~4Ay^yAw^*#H$yPg{lr|0R@Sxy>O-1k3?MVLf~o8%6fZ-uG}JE5-3CXjPM%y)JO<)aNR(CVe{Y
zcXBG5@_Z`Je`^u@KsWB|*>4MT0w6BGlO5Ba#pp!BSPt{(%7!;q?El
zn^I#w>$HBwJXT>-G0ZF6a(Ze9uE~1^U|&S&3v4H1gpjSktNYiTJ>=ZU<+02cwi{05
zBhCv7?xT<*MCqV
zn!+}|^k(XwQVONmykR9iQ&)d#)(3j2F3+DMMENY)TABUND(+m|{-#3MC&)zk!QaoF
z>ifx9#c4aVWY|zE^JRB4)y>w)JzbmJN~?}SE1!Cg!OKI{2V&I&t$X
z=wBK3Mv3KukH+I})7PhBI;mMn7OarQC#OS`Wm;E_aZvG?NZePvfyWpbgT-!Iy&1W4
z{e_JGl_K_Y@MiKGwO&^MVYcZiYtfT?SxIux;z;nE>+XS?iZLpG0XLq&C)-6>R+cpA
zGtLeBtQ5JF8fv|BMDWJh>~!{Q?UVjX&uLSRKE>G0p6!jr>1vmxfA&oN$yAP_C2u;J
z;Z5r|tz}DB*M(y`8QlR^tEqo-zUlh}Y1h!$2Nz1_W2{9_pKB7Ig&TeuB4Wp{RakXQ
zxNQ8Bm-d|FvuBJaZQ$eocEcYu2%ib%J=GR8k+F&4RlO#x`tt_TP>eBXlfVLnnlUbx
zTC~*=riO8=bvfVk@}CDqp7@6S3t628v4)ED%nM?DZo)5&eu~ui#dwTSh?}Fs#P>lXF@fAI%`?0@62eI`G
z&8vE~v$<8&PkXf}E!)ESe|ry?y?_6@N(dh9O>WFyV$dE2Q*(QxnzV4z>BP5Kr65_^
zbBFM3=F{0J4eEN#>GtKPVd*H`dy@tE+$B>PZg^{3ai!=K{;Td_mz&n7>!;@MbH!3z
zJupVJ-#e;*4NwIyja(aq;}3-tUY&Zx%PMi`9F}R^-SYZvbLo%g&z{}T{$x%jc+%(i
zz|53mmEozSP&Y2Rv!v?V6KD(O%l)12)SmUtrD*fdNv+;J%@algLqmcLjTm3Y37(cX
zhr7N$60)HLYeM#4AEzfpF;)19R2@>&ZEVag>bq@cfj}j%zqdwDlWgVA_51TRvO31A
z$~Kpta9hGs4mRRP^93$o59o8usspAy8`N0hB8ZqehF~awWqm?p){cxRi3`6g|~hy{O``y2A>wXS@{lyA6CYZ(DIMu%zUfH~Gyh
z^6=o0879Du+_zoyHZTtTcCbf4OC##ac`760S%L^T8LR5ICr^%Bv#HX%h*~mYP|&rI
z8gqQ&rnLaW(}k6X!e}pAGN09`?u(?Pfmdz`-*A2)lHe$UbntCzwl9{>)_4Frt1qpc
zcy|40+c5>xLv_1zb1i!fEc!=P8F-g=IS8;jo5RAdlSo2)p0Bed*6?&la9KTK`Vc2V
zUY4QxrpUU>Z)Rk4^jMfdRcN`sUgv1Hz`HHYdxDis*-wt&j1jxG{RJa(5$8vhT$-s6
zOECWOvOS#fGhQ?_K0p6B(_v|SXw%!s=8{x&#FN4I%(G$PDauNBPfNW!L9vEb9^akB
z)_MQxSP`TRxW9{=cAb%t$QX8}fZ1stB0OYrP5w2fmPAi4TunM|Kz!nN)0tl%LbkV`
zx}h8V_q|FyJsc-eLx1(pB%YLxSXFQQc6W88G)7Fwado*n_VVoZu8r`IADs_=GtyG<
zy<_Wqh%TG?C09~jt`K=*EjU)#Nh++x!L$3lbdr@!i2MQ^)%$U*NOA5`PKXkoboSFv
z4m>;u3?%6Z0E>lIm@RR3&1WG5n4jLTz1345j@wNOhZ)XSwmwt63LZ*A>o
z!LU<3Q>aPTbenUK&@`*jgVXTa_Ux6Do11bI4@VbpC2^>Q;w5XF1@Fbehel<`XVR2s
zMLZvB@o%X7qfvRFL+g72x9s)~U@jcjzX_Vx8g
z7s^JXqpKPdQG1WS%wa2TDvCCI)be?LvzmE^{mboxO@-CKYoR?u<-)Wp!U>LB+2Rrl
zetVC_H;34sZWDV&${%yJPt7XN@`}lI%
zfm%8baTgmKW3cU;y==vw!T)9hvr@>#!A(3a_UXToP9vtNI~3PCKVJuNlas!#E_>aJ
z6Z3<2X46#ye0~(E(=o6&vDg(C6O2jTkXejlQoyfJ*bkwKF&DV_b9aHi$-M6UP@!pz
zczH1~)l1PNv0e6C`?~`uzx77?`YSC_9JF2JE377unJvAdF9I&*(?q}VgfM{h{VrS9
z@z~{@urNIpmCB}^!xyTnEq#4~?LFyT?z=_Y7?pF+#ds;iywQQqJ*>>*)9HzIr$faA
z7R`>2GJoZEr)_sjdc5}XG&DjWD`=FHJ$G98=Y^*1^mLksaiG!zw@1h2HQ%sP8I#wnw=^20jD8}_~%vo|
z$c^pbpNL~eDx_yr^zH{8HtxertAFP=?Y^CBLlD*z_GqwMMcDkm>sbB#z
z)~_;Z84<(*??P@d5Rj)AFjEmeMv1p*$l^(#+7J^W&Do2lS`qBO@MV_iqovj9p{m~j
zBrDQJ^t5(%H$1mZM}E&|nw?=WBm~p=N;AFFXTEnzHhL&zGq>vTQk=tMdJ4CVzDovf
zbf*d}H(t%cp!FKR?lN`7HY;gm>j%Nd&PbZ!pV!ecndd2Hr#nxoen<4S(W_5M
zSXyxk-jGK{Q41ziv<|j@oI_6rf9Xk$2c9W&=4n&uy#ErC($jIG@TNMKWzBjMnzf;i;3@NYx_UDCs?)J
zf&JRGv4Df>iRP(?9%d0uO*sFYP@u1k
z9{z$en;q@Cu-3svOHQh8PTgkBGth-Srm$0g=4=(-=m!s}wri_%&6iRdp8RP{FUQAP
zg#R;Vhs?vME$~OgOF~J>Gex62B$8hV+}&sG@6|5)?ogO-ji%h3Q1zC>s~RjLN7G82
zLY3_1lwWdN(rayPyDcm*kGX5d^T}uPa{S)P^%I=r%Om*#8wJmv<-D%UAY_o-{fM^C
z4y@j1ISZ(94Z)+4yl4Z0E)VJ-71^C5JB9oqQSV6q|G4BomVVUkONcu2q3!gK>3szT
zQ*1Cfax+=`UaW=RN_#8BM)tZCzI#lO-;5O^nIWdDBOnp;BcXqUg7+FCV)JJ1YbyKK
zxK7T%In#vq?v-G|RbyHi8N>W}uTc$^yD>qlubVLfcu_*=uW`lbSJl{QA%7CJj1Fed-G2R~A40P6nqYG91*X%-NXD1ZSRd~C)JvO7
zzI#F=TXX4mwnrX3Q&y~*3YIGLI`+jiFq0VZvG%{*v;Mu!Tc)zj<$&{!SD(qoWVJ_R=Uc1mYL(B%fgT
z(@#D($bIHkh5JJG_9Plhmw??*@4onot38L8)?-E5YxgS|%45NT$9sVX{NFj~tjjLa
zkoNupjMm7;51Vf5?8@R1#y*~P@*W|jmd}`L&o(#ni6fCP9ex=7ATE9{J9nWjY}S9`
zC1cIR)2j|AllzrauXykCZ_do5X6BRjU`h#;4_632-o5iR9=C`3)D7JV$^l+u;;tq6
zHLIkQxrxx<8yFt~IL0evZceT78z-Hmmd(L1IuA4E=>%5XdffvtK{tFC`P1ql_M?Em
z7E^f_4KpTjY6rh7?NyJU}TCCpI-Qwe04P2vG-htt)ZdD
z5_hB$OJ95N7ivADckD9fOT@K=`
zJN`L^R!%Cnh|gn&z-Wtp=OW#BE8sw101Yv>eAY=d)>cg%?$^zzN<0^$;30ZcEYdWw
zfX32$I#f~hzon+UEUS8v)cM;3VH2$`Mnl)Jlor&*ij
zWx!YF2hfAL?1OH}Zq*k~z>${zefLj4^1?od?7J@qz4JRa-;1#pJw72gYSJ>3Gy%)M
zq_@*Af<-y6#bAEnjH_*-22I6fZAEo(ecH@7_HWDz1%HTrz%53l4XIW02k7#4yLk#-5Q=
zpVv2H4JU-vib5sa3W|t`z-gR!5wS&A(TTb(nh53mNs8
zHwBVL8s=6$)%SW@NJgsu=qR#rTW7b-zJsHnPlFh3;`8FiX0kBH?AhWSD7fetNxNd8
zDPmx)iC>ii>lt{c?d?ZJUw|B>3e1c)@*o@<8hS?JSfAZyc^%H;gf9DO-f$vh-W~2^
zKM;7Wq@HfJa?d+2<1PCx9N_$Gyfy%ZoRR}3bNi(&<-C~1)i`xH!W#}Y!1pHEqlPcNIDgQFG-a$v@gMGEWu
zU2?M2=GNJc0bCTXQAllVkaqIKLhc){y`_@!cewefV)Gs=8%n#x&iLgegXg;=x&!Q?mi@pJ_tF
z#6F$9CRLxuu=`CJY>J1WpzM{jf>@rh`X!L_$$5G0C#T+jY+B98S3b(yr@Quwmxq&6
z1`g;IxO`b*U8F;7?NsoK7YZ)4fkv_{MPMS3wLSM0Na7%%|1Ss$QHUhm>fc(8-xKB4
z^JfY@JiElEdhy;*8Sb2qeutkj&ApReJC$Gb5c3-zEq^3-#{0|9hg%Yx_sH_R^JX|M
zWuKR^%_^#~(tq|6Pb+{VIOGbo)0(F0&$7q3UR}|HyUxQ`<3}oK9t`BjHUDb3c+yZU
zbEg{@=Q5x!qP>?&ff6Rtg?XJRDsv@E1@sN6W8=(9V=Z%
z@7IzWkRPe@G>batzC#z+_g>P->FnoQ^2juomX=^kUjZ?~cXMsZ;EzwD8t(p%8@R^L
zPfABemp5cvz*;1xVp*i?&$M^Nx;RnhSDTQTlN{bJujz?%3Adiv*{u{6Z{-aCxbUTT
zFE{8>;x`8AOuCrK`K`fnhg-JXA9##kg}b`u?N2al4;Oa)asZXcx&q~um)b942Jd{G
z-RS(*aFJDl{>S#CuQ%Twx0Asw3TL}+BPbIW^NdiQsVJQF;x`k&huzH9-u(w;X3^Bt
zj^hfFGCf_XC_jBAWhbz?oWDu$ow(~J^fia~+0{6#$l#_4VMdkRx((Bkn@HqgiD3In
zc8>SjL04lAn@TR&0QRLi=;|7HHOGe)w}h(Z9Lf^)();AgN_Qm!DZy78Seh-RbmMok
zpfB`-W-8w@8rCsQmy`Lt>Autl|h
zOdSYxj-A2}5Y+1^UVdAgbX-&wP}pBDg~n>&Z1n@9H4uk(&r09|*jHU|z
zQ`WVIGrj-u?@&TJVMB(Wp+qH4d
zyiUl+Qzpt}6XmisU+#(LA1IEZdt)@sm6VcZq!eC<80Tgh%NS9)QP)3)jdaKj7T7jv
ztY^)wzhPz}>+Ee>eXt}hx6_?~od`{*b4;_TTP=!Xr7`-RDtc3TS(R%4Nw$@g81bL?
zS)Yj7qqfpLX}F!eNyKbdchIHcLmRKxeUs&!ozhayt3}yPe{KGJGHL7x|Dyt>lEPm@
zRDIojh2FN!^7U^PV^RH8?4ToS+v^sBWn7M@YZa|cwgL5=3%t%yAYzr4+JIue>5x+z
zO2qnsJ`vbx%xW^hfgpc+Z6Ty!-LXRjKq(!>OhBl>M%a}gWdImm9hnDJvfsfHzzkSI
zQ*&L}6pWB`BzRa10JF4=3<>Z@;3vQX_mx*{K3WK%Dhww@HT~EVk|Ah1mGHT7X2JKS
zv(^IWv8l}o3?fG~^LVXa`r=Qn%RsKxu11I}KOMFOSNDP7;5gE(q!Qg?C;n?(KQc*?Ql>oV
zzU--nbGiE^^|EJwkzxb)-3C?N)n4nYMmk|jt)ru3H1r5PKHgEFrK>yo$OKo>-+vS<
zCubooc7w_EhSt@3xMWswF@WEc$^ffU_}fC{-a)Bw*fgJc=t&kM^EvUaB;C4%Z{N;<
zTY(_JLM}pYi2(*n-92jVvraur5zIjOxws*{fDroe?l7GkUayO?l#hdKY%1M!Ro2@)wHxY
zm>}&;H;~uq=}^Btkc9tvFkHc?T(Z#sNN*BQXpC>MZ}Zx_n21<9VF%PpGb51b5y;|ecxem2O<}+*b_d1|=hJ$fuT|yQ+W%0`lbNf@6
zayK0V9QsATwnIgO^ZZ)g>HJu}gK-K+w5kuC{$xdb)49UEEs}d|7ViOTI^q{2PdY5b
zA*}2XVgZ((Zs}}&ljT4JEdhv8OKCA5AD?=Xq5U)HroUTSY}NVbj*bo#$F0N}{@oZ*
z(MU1`atG1#_*~%54XYUl%HcWz9eSE7%~suo%HP@6(lRyiY>+b8HTB&C?_>vVV*RP0
z!-rqy3SOM78iDQ(@jaxODD=>RQr&GDovtAm!aF%dM0}0jsWN7is5|t1XE#5FUm>je
zdhS}jOS8Nj`UPu}4O1!w)vjkL{z0ipq;yc`RX
z4ru8(4u;L
zAthxG@H{~^eqA<);$gI93*r4lv2#hIz3xMUO4TcmpbUky=Il~kc>x85agYGliU2uS
zb)lvz&LwWK7sS`taeBdl@9NTkun_L)I#6Wp)5IV`e;&%bq93D6S*&^h=0=>$!K%4X
z#iNIZk3;k#42$aL_hlL;Q?jrps``XpXl<<-5)D~kh<=2e#PBZ8jBX!NoX!$Jxm^tg
zw8@tNFfVO}dGn@SAGrBW9v)?$D5!6lsMD|`4=?%wmhS9){1>H1eM92&f3}Z@cGpq1
z12SPeT@ReT#Y0lzKz2K9trz;#$8L)wW1*&haX9%E6>@-H6YVuJG_+HQ255+0@URuA
zV%N>`?4&GEoIsWn{nU>>6TxH*k8O5JJSw2D_}yh*yW0zk5}FhL&jDZb!E;Pb*_fU<
zQsR8HI#i;Q>7d$PDr~p<*a|TYn_LTI_8F}OW%@6Iu#4+YYfAf>0xoJcg#mj5~@X7%|E7qk3U66Hq>^HMW1F2bT6
z<3)n}0nyg=eVSvT)iNoS?{~Q?9k@@s$Bu#)xvEBk;TqgYW|{Za3^K$}cyOpdE+0Hl
z1RV(q(&AZHK|z6W_@`VCcVjM=G}!9~Sp+CHt4mUI7WE5cw+t@6k8xh`KMn34OkaU^
z5m>f@=bFL6!N4pcqW9_KJ4JoJ+5J7QsDJw4R(5%3n&J*+eR>n^sAy)cC=#l
z8ke%J4LB*&>|e&m$Dv0x(%yGFFffpomiDd-G9<@g`w6fqi6UoadQNmy^6y{7Y*5$N
z@8lZS3|s~>8T*u;A?>5+8KnX$RrMqP=d>FqzK@Ydgf<)y;pg$Iv~+YH0rprbn;?F#
z2YA(1!?Zxd4{sPA3>}1w@DR7$Yve)Mp#lqMFH7Q`t||*Cde9Onh*{J_kB($WHoz=H(gGG}3wM|j7`Vxh)Q#r_T1Y#(x~@XP
z=RZ`z%}%bEPnKn|MH|=~ei)9%YncD_{TP+AXrr
zlJUxey8fatSg+75hg!ezV2sJ}mTLPy6x9JA?|&PzMjXa%X@I3O_SN!lmsdHXta*9d
zn+a

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png
new file mode 100644
index 0000000000000000000000000000000000000000..63ac8f881ec758d8918ae2c0c88268df22e71dcc
GIT binary patch
literal 62979
zcmeFZg;$hq*ES9}x1yk+qI9UJsB|}2fJmuGcY}0yC?b+0B3&vaUD7dxba&6t4MPt-
z-{yJVZ>{%F_||XzW-afVn7FR6b6w;^AG)z{A6T
zaOooaWNXW95dL@B=B1iF9v;cx^MCje%p^4MLqZ2>ISIl!qD%M}u6E$xDaOOQjVJx$
z={uMBwMl1(TaD=EEo`S;-dD+gKHU3+x|4z*c7x?MQD4f#FAr4-ZNQ{S($BoN?_H_423hi-@l>&mK4Wh$RgR3KH&H#Uvz5CSbbOvVZ31=U=;i
z{s{BV;7(W2GcyY)FBg>(+$Xz(<>D3EC;e%i
z9F$jv1^wXuapIIj#KgpT&UatDm}~kP5z$zGf%p;;Nt#lYa#}45H+T4joyGp0g*da3
z{Aow|)Rtn~vlG`L+?H^b*I^8|NtZ4U_2sM80n^yf+KH1f?5wn$oZj-cMvL)^khL`y
z3k!>K%-QkfD_1HO#{UtpJK)$^^p=x#;Ms6o;n=Qu^T)KeZ`a+*iml!IibJA0M1E_SjW9lD^LwdU$x0
zd+!nq>}*&3Iz?5xQ}n0HPoMRY_LR#!#Jg~K=)t*YfA?<5&cx2F+0r86lehYJF*V#V
zJ#khup~A=7LrydL2CkTD=dvPeajTlcNV~<>)>geicJZC#3dfYRG+hG&nJ2n<&U*|`
za@33SOmS>VYG*mxr_98Q-ONS7=_XoDNCA8)ru4V{c?+sqmV)K#Ch|%3eSJ6V?d^jl
z8I6r42qaI2={d;#tu9=+Ft@lE9u*}8%Vf3Tm}}qm;>DR3?Aqaa>7b#JQE!%tH47{2
zhhM9!D}!11W%H35XZBc#4P2o8V%Ju$f6+??nZ=mJ#D=aedLIKR#5NL(szW0gu?R1`
zBI1IkZH9)?d@oV=^D#)yogo*4AW^sp;uE1BwcT2F)bTo(U;Yzmt@Zu*HZr6cm*vs}&hXEN+Y67V)6!
z7Te*ulOXh_(rJ_sKO-X}n2!7NL7BkEkGW^~Z(h9k*Lk-*A(W2bw?^s4tvn`9&M@h4
zR8wF5w~Hv0N9WU>YPcZbI%C!3ro_T5?J>?kJVo`Gh@*dNc!*FKU=26Sob|WjEZ7kZ`z|2fKj?a>l@=8i-
zdXe3{-P^ZsH#2n@ki;SHdVAl%`h7-u9!)JQc&Uv`3%f^#(BM+cij33tBEHAOwE8o2
z81^@X{Ck1WzB$3u*528meWB9=T@s?4GyXl(Ac{#)FhIe$`vDUZA%hOuZZU%e7oU(|
zHd@GAS9j-MLjRr;OO2TseY3IbM;|^srR;cxIPv6dUeT2AQi=%Aiin6YdmqmQ1>nL*
z+@OCDq`sTv4
zWk4<~@G85MygW%>%@L9LaPCit9u<#nIP`OiN#6Rsza%6UNAC}#&DY(U7l)rKE0g!9
z$WFuAb_N85
zE?B&OTx>qv)ZLBnJl@wgGIAUoCcb|C&?Gu8F5G3|N~JUA*K0L
zW#IVg^W*m0Z{dfB=@FD6lGOZGZ;j{-C&!9UHYZE}SWQ+;SiU1yI6OF-Q9=j#_&iZu
zGqJYr&Io5JpAD@UsF>4sVr)8?A4&_6WPDmz$D+P_)t`j^@8qd|4?P)KC&U#MpF?zp
zkz8(0aPXCV%(#?|P0OBqoA)zi;|C1hC!8cCBq9RFSMZn=5@vdS`o;@8ZwRI5x+&*s
z)-fP)U7rHj-()H0tR}>_mq1`HbS5<`Du{+45TtlCd=|RWs{}JEDDm)&|&_t
z;nt9MV)k}+FJH<3Qe5mxGYg^S<(i~jUtiza+Pm{WC^n7%iS8piUZ{)#K|%Kg1U}t)
z?jPf(a;gZYRKRnAhfxY8)$CJCtT>J{7$2`PBO4l0-mT0MXJcbKUo2cTmgE?VX@CR=
z+hRAjsh8++M0IjPjsF_?v58CA-96FmNDT@ao{giu0VYwDR@mti+s~gbq@)U*yRDi;
zb~)tY_>v(yA#P+|{N?+{_v0m!f$ox}g+upBi&eZelSn4d+Nan3wJWU>Vj4Pm@zSGZ09ZPe}3d
zy*M{NZ+p=5bYgYj4l8R&%HJ39@$pdaX5pfqSywE_Hq%KGluAy|IO&N;mdCpw9BU@z6=NoumilVclqZaVnj~_qmbRtf1Gm?*!
z1O)}-#gkN4KA*1UA??O3OJk^|*4NfrTRO70{sd^61IlHFRJ}1NBWrP`CQ8JI)%s!S
zV3zlM^QMsq?!*P||GXem^IFMPyX~nK9uNXJD0gppE#!QewO^*KukD5mvCP@Yj)M9h
z3%{Hk%NU*nG0)gT9q+~(PxtmJc^#3e+MekKwUY+y-^QlCY&Cny&FgBqZ3{WlCsjvH)IM`|{<-&m;zI?Y*oBmBt7apOY$)?H%I$f=6TiWX%Wz
zO9Nkje-t^F;%?!?Iy6GL4S6Dhb1u^KUf!Av9S
zZ@Rs|tOYz*-o@Oxp^zljsbY_us{L>};N+Ahg~%uB{~8lhw{JOaI-X0%su5wO`@ZJ~
zKH!W3$U%@OY-}Cx^YZ#Nil5XDAxpjj>Wb=lE#$D&vTLS@rz+r`n6VaNAzKxH(%#i&
zJXyi}$9y={ZEqzaZbJsWRxx4V$UFZc=HCz+{)>Ta9&@2|
z6Q0;>iVYE(8j{Ijgw4Uzb*l+qabIO-NlZ*k#LnizSK~8R+FM#~+clH?^UpuI&Tn&H
zx)#WJd5OhP#W<{uTt`ZVhQo;4;MMYUc6EjB?gp=Zaj~x)-tlNvI?f`{-iu2G$vnF|jGT|cAZf?)SQ6bNHNvuL;Ku%W
z0s%!OV)zg?3Gn7lGiFt_!jN-xbkyN;b--G7Hc>xpoY=Q--^ws&y{R*I0B2+AMMp{;
znW13SHxEYv5IPI}GF6Eow>=tow6?zPy1Qk2a?=0GX?@~yE!ix6vO9u4m{Krvz=@41
zQOHJD98w$=SIP-VIfR(C^2WO#$~o!>&TB1bZ>g{G@mFr{`Ha#RB#_VrekP6KwST}U
z6?~hQ_trydW4*aA*8$)aO*oQwBlQ~GHmJmczfS3FPHeK$G1a{^w}MK
zNFivae-;>ACb}|pxR`kV&Ych0*({0f`)VkcQ%6Ni&BTNze6{zs|JAFPFQ;-!Q7Q0#
zX{T&mJ2SHao<}^e$`Tmu>LpYTvrbonxtsZ%dZh2~-w)4MQPkaOXFke)3)7SM<;$h|
zhN#}febfsH34Eof&hu_!exf|h|4W?}IcBIDe*JL~=6&_#_U
z0Wh+`PSt(-m#|2;?u2XcnXH3DxzSGn@3W)Ty!Q#h=?Y1FbUQOUKV2q^jJxJShIN?W
z{yz{Laof)Pn4Sd>XXM;tE$y13@^itJmyZSbf-I-bff@aH8+}`q(9nsKXrrQQERJ*
zK-QA_!Ty{xrB}D;$sfB5ar~BCo#D|gpB>GIx%B^f274Y{myZ{y`*^4m<+{3ka;Vvr
zmYC|aK9&}k8Bxq@wILz;smMO?ambMJkVlaXKIw!v148_W!+iKedHIl3V%T3P%j*s|
zw=W3={mi`w5A;pU{e4dxr<+7pBhi;`kdZZv@tT|V7GB8BwSpe=TS7#LdqR*k7i{;m
zuD9d!gd^TvM(l*(4S8B7c6LNrnd%8O?=N2@GDAvBQu3m0K>?3d-%TjtPV2#Q{R(0a
zcy=G0@f%Th#+6P5b&Jm$KKqAidD(;OnDLw9H!AF$qR2^0@{5g;r%itD4XJj8_JDYP
zyh&~{`i##_c?FX917W5(IOcB^6=TFKA4`SO8h1P=-5Fc8o>4;Lhs5zrA8xVh1Ag`S
z;2X_zsI{WqSLPsiSZa;dhF*OcC7P{nO#=9)V$AL?Z=PIS34m>~@>zXPJpk;6hK4=4
zp6
z4)>gVcFGsk@^$}{B+frjwcsOk*nE~_FR)fxqps6;F4uM?2$#<66uO$l<0hTau`A2-(C3?GsCxGDqu<3u&9ef9
zR9B0CDh(L~f{Z^w=a#6-!*X$A3O3!NT{DQ!o!X^dz`jLpdwFU0deik6=25d*WJx-1
z9V&TegAN@sxs_ET#*KluQqv+P(%ahPx4b;hMop?V>vw`_IX`L%J8KWtXt#~EW%lt?
z5)%<|#6H@%e!V-|Eb^zlmzCeIKg~&dRp4a
ziO(K+5dZtPfo${v7eajNURYRIwq`-q@0wyWGBk_klb7jTRfqfcCMH+k9m%o^3Q|!}
zM7?EHy;)RL+|bnY`TO@@C4mr4n_Fw7W>Cqk<=p)BuoKWYUNC49d$Gv&vurq{K_eWc
z*E4m;Xh><&<*~4E94|5_%@^riEXHb+{P*A%%J%9-f}cP6uQM4*E0m&e}A$+^2S85bdb`gc71L6Pf@F*%#2E|GFqT55rAoyXDS
zU{bk`mjs~aGKU
zIO3sq-Q|pA(fS;o%!oO~h!PPKK`{^x6LzwJy;Vff3wlJ;>lrc7o}6OQBKu2>E^cmI
z-gVDVo)~Xn+Rj6RB9VA7sQ2A3nU0)RtY{nr#mFG9up{XU*2X$_s3c
zijM0!y~yF&BwKTIWDYPeMqpavmkiI1?4x;#8)V&^y=$Wr{O@lTnRx$YN1k|ewm&^R
z+B@7#9_6t{#Y68`XuK{o_Qy=oivHa@KHxYHji;a09IeREd+u^Bbm~0O_M%@M#=Y5a
z!yC%e>0TQxa@{XqRNY&BU*U)e{TWy_QRONVV+1@KmH3&&=PPutb{0C-3LU7Dr4W4c
z+_j`Z6gwxxvxhT5fyb}cd1tddqO;r
zFfWxBI6x1vz=GBU)l4bf?%qhtC`
z(;;6W5dlh4sCK*Mz4Uqxost+uL8jy7_tY1&u=&%s>S+4~(8f|3go#RKP*={GFlgT<
zpb5Um#ALg$8^g6jb>-qS>y8&gX0|v?Upe&AvaT
zuBn%rJ%=8*z#s4AjUAj&#>EOTvj7VxpL{gNF6=9%^HzIiA{AjrD
ztV^Hw#Xx8)sULO$lX5n!vjsSplGE3}ka=J_?!%M;%DW3TBw
ztR`FeV&3UB6}H@5fy%OT^f)^3PXAZ3*-(`rJ$<5pkdWQ($Q$_tA!$it<2Sy_R%}RI
zO=x6}x-InhHja*|Dj3vF^7^yW<1ZmW_xboffAGE7Ut%c?^a7{hQa%x~GCV3tC5O-u
z&mFtAFwh!4A%28^aw_~5`IG<%W^xNl%YxD(LSKAlb8}i++O`2?R-E@@caq6YS_t6z
zh9YXTTy?C0WAXfpTm+up+XoxMKFSfCzY=p&_^=!>I0mM*s
zydiwD*?<+B>-Ee#=>2v(VwPa-?!c
z9MUI0p9AHIrGw7jbfSz?TU*-#UDLTcS#*_V=zIbDX`Jrw7|plcs=^_$OF%51zdxrz
z)AnGL&i0;)PE78Hh{l`46|~-p@*r
zQHhC(^KAWTax@EGhqoM8Ts9|m*z;|s`3LfJkoAj1W+vUSeb;MP;(z?OohBdm%FgZv
zLiFeo;XZ@z5FtYkBTH}|@+c6952Z4Oh{nbH2|$*7BD-9*yWO6Bo+jxw0%Ao`~q`InQuim%0#{-KLNE
z1}y4@Y7rIrQkBkU|08%er48V)qSY{SwgKfm5;cT(Vlm-|wQ
z6NH=}+`04fU0zaeGQ({Sj<4jb>NdFF$D_sO6t=bnseMY5>lEYV+~5BE;h}e5vyJ67
zm)F(3Z9q?Ja3m_q8e-HQ36b}@zP|pqN*;Z~XHpY1s+u-PNV0N&y%iepm1py2t2!EH
zBR!;OV)W`GCy>3o&JLNzN-Uen6hx$Fn?gXBs@R#+pOOfY3Zp2UeG016|p<-VGvPK6pR~m
zPovnh+O)b;fiI#Ia)>r_Nm`jR+Tuc?Pyzx1x|T*Ey{4hz;bbLFPA7ZAuBXmBmOtYL}x3IKniMjsA4fA!TLQq3bvL0=|B|_VMG#m$I+2ch@Tj>1m(C
zJ(&&XdipJrJOMmQC183jH#gT|sprGSr291n3I*WY;bTCRFfcZ*t*gT)BqRi-NJfqs
zmA>+wPDe*)V{N?j9l>(MhWVB&I#R-oIeteV)EMMMRWW5d^0W!@AOjfAHi?65!Op8)*@8?cF6J%WTj|85
z$ue?0{IY2z)9y)@c{emPG;L?dRN0Y`9xLQXxzp27b+#~0$#IRoW?(l>0hCFyCS>jJ
zFzoi!(i;#-BR+oor{7nIhK6R%f}Nz?$kO0BT>FJ6p3gUtyb)nxPeHtX?NBZA>Q%id
zPqV4j-?6b+I4jH7hsYGVE3QxqTyl1HCV98nWC7WLp(DNyczKuoate@e`6hiuSBGXN
z%Iyso4dWKXJy&iTOLAW^HU?c}dpMF+Hc7}2sA3Vmjmxy`BBqZw-bASDudVL}U*Rg^
z;$%;MMn^%@K8p~ohpXj!KUeK>Iyhn1uQ8Flu@uHgD`rROQ<3N>*H6kI)B;qBt({$c
z=VU_snuUCVh{WH08O-9J|LX-<4|bjMk_@Se+UgdUf~@I!co;9_dc&NCW@3_!B*#=w
z?}O`wVGDP6cQ}k+LINJydjRZ`mX>cqb&(KCNdbY7cTlN1*oh3kd>I7oYu-2?qScR$
zW|dI#fN;xYmywYH&^<~;CH?H##|%aJs2;X?5(RawQta|`(06D9QHjDsLqovbeFL_Bc4g%iy5`iz
z-kwoREO%n0X>6?GKcy_8us^+<&WQTuc?B!B82tvN&~|s}&5ws^mX3N~P_xa5BJ*Lk
zu~N+Ic{i{d9BrE~NhvEo@F%64X$foKc|Sl2%=QWOQ5ZlyI8p*$Cjwp})OyA|b|)^q
zrBBfACWVi3Pt4|th_;CZqQV=XLD<~fWtHZGs;fmwNJ3NH+@fed
zwse^O9c%hrb>aa^|5=#bYr0zzo!Ruuoz`V8prD{Y8xbBBBMtJ<@=&$#c&T+VfNqP?!Wg*A&E4I5clF(&;i>cUZ<|lW
zzWOd=VzF*fP*}*dcg4}p?w4}TSna${JKH>*?j+%jsbqv$)h5SJx@H8!BFMk>Xmk>g
zg?pJ;i8)C_OG~+CpC^2l6EEMsy&*4O%)!mg$aJiqnw|e+Z4dKmFh?T_%ma3FEqZVS
zGjx#nU0rMf|2fTfAx&2~(Vc}hn-Q(BR
zxSo&W59FvIq{Gp?bi_eKH3o*pJbhIX#E~r89ZgqhHuoPLZG4aE{i2gBc~Y@L(bw0v
zxwT){H53U)0FE?r5ntPI-AgR0MGJ@z85#L~vW<_E;D#n=H8biYxjAx$d_=nuXU=+WORvltco
z?A((0mc8LZBN-611Ra*HIhB;$ym@m9gDzOPz&yRO^8T@u@%_)lxh$cNa-Rzd3hA3T
zbBdiS<_({(o^0=Q|7~izL8s*uT^Fby{81(sJvi!Bu=4kxh`~-EaYXCu&%5WDnVBy^
zh-To2Na)(cPC^3$>RNjXI%t%Y1~H&c)e*A?FD8?U8xD1-U7;6=<}_$lRwZP0)r3nb
z$j`sW&Yt(eKh@^fuVg?Mj35O>&O6AnuU5lKlpey(bxTv3@T<@Kq@20YXSB_(zB^?eR(0-zEX
zhO0StCjfvbu|{_Rf)@0cyY!~{S4$_W_sh<}ccp81Wn~rL)z02yi=%r@4X0|KvS^|bx1lSvX29SvO#=^!q3>+`D
zywA){Y;Dc(<9Bi;U>{QPBT6xfw5PpAy1??jAI_9}`}W(T1wrpKkJJQ)K-8x~gTrl`
zreM#Jo8v(37g?>V+u3*brbsK&($U%4*xWv=cm9>d{ja<9U_d$?CIQfc02Z_F#pB-c
zzYW&O?vs4%TleJk>uYE>^}kT;&h;!tNtDT0K3M%0yBA~KhGF+#zkXf)Q;yBZ+&l<@
z;18kZp8>grb?}#|rKQ$JmObbvdMCu}VB?{AAQu}9+#d87k9fP`=(n(LDJ$vg-v#8E
zsy&No&OA*JZ32v+-y&t6xz
z_V$dng)xyriIT|$ee``%$rX$8;C2BeBkjlSq|0OvX4cj^CfI9!+jQ)oA2UsvTM0UF
z{lF5!Z-VP|e;735d0io8x_kE{K%T97;#p4W5T!)l;f8tb_O{vO22UvI^+2Is--9)J%9%B3F5=+$m{}i-_1i!=U#^C
z)$tw&Pw7{$47W(p{fk{S;La%k5fM~gpE&d7QE-X;
zu^6Q0P7dpdtKjk+yIG_4=e*}EFltYGYw$YCK}0N3w9@(d(2nuU?93NL5J8~O4IYb;
zYtV{Q^K34ROQ3bFth(w52n8HAZzDwZ1&l8e#POX5WM$FF7r!sy-quHWqd#8-9DVop
z?Js#XCm)l%)usE5I}er?>UZPaBq6Jz}w@*Ni&nzrRBE3$7sQcMGUOROyCiUiddrwSG
z2-S6pBdP;t!8
zO^eq&nq(^%TN%gzlau$^L_R(ciDSj)h)Va~abII&WAG{!a<5a?&&McIVwq1I;mwJ-ZT}1l1pz73FydQm`P5mUz|VH2XO!E{RdB;l^0?TPyQ*yqkPnvz
z(fk2^Vhf9D8A6`jWn}d2N~oM#URE=vD>fgjZybyO2W8B5l|ZNi_)`WKnS&mkW!Ty9
zW(MxG_gA^v8-w$yfRnT8tZCIl#GNk>xh0wEs@D6T9R5tH!4)t}cLMaL9JcjA!0zsd
zY|SY`RDU)}^jaw_QA#LOJP9fBj*W=81yu`xX8W$>pw9<_EUn>d*TYu3hlWVtkf`CB
zF_2+qSKhvBE-Wf;Y##Rquif9_(mReKfs(lZ8t5HGL{ztC5fh>g582pqX+>TSWUxOJ
zh+be-&p+_TsFmvr;(vI0LRXMLa7_Ar#X<2c9Vw~R>R=qG6jP^IRH_DcBU(c>->Q>3
zlwP#HN3UV4hQm%BI{Cx-#iabgKflbe^iWWzHa0?&bQpng=;Q8#qI?_D=^xWK72&TP
zXTVBECSZTW<2*TttS@byZVKEAQW7lrTv|#B5xg*q5KjX`;#C?xp3|W+X)^enHpKKa
z_B{>?S
ze{2mhT%nd6?Di|1*As9@8^ejcPJ7dW+FZ~!D8!vpXLO8L
zX;CTDJ%LX^c7v<@DfHh=3J*3{^Ri?OSU^BbJo)%fB&*gdNJ?@~r&5=RfT)7@iVJiU
z5(cr3A^2c`=~t;;W*3LQxb7_4ZX5ms@D_N!LPoA{AjXq>?p)>M1lQ!nc&#>T*+)*$
z6P^1r-@JKq0;;x0rRntqVduJrpCWf<#_2d;6WYqMRyu+MR(=_n}WBMyj%Y{?ctu#a(p;OQQI5vjxnHBTc=#DOcOVWbKC)H
zHZ(DXCRnSxjLzVdVg@(Y!Tz`ez|+X8Dv`5;S!XCOkE<_fh0fTYzab=@LXhq4x)Z8)
z7NuXw*LQS$foko(zqWuy4@bl{PfWxYnVGGjk%$C}w#C#;4X51HZ;QhdA)>)L~^{boc7#rV#4h-)|UU=|3j>CYz~twRJr$dQYO|P&{8$Pr0JOK1;F9?Bb|
zb#`J;04!q7%=+l~D7cSo#g2E$z^vR>QEa~K>CSLOO8EuwZj_2Az2}=oRW6oq{--|!Xv>~er$aQa
zznGx|y&1Uo??65QCyNk>{|g!ENsZlkZ(~rQ8;ti8emh`;=CSas&>Sm
z0nlgbca?KN5|}f=q$sKP?;itp>^R%>ecRrwb+BOeGF|=(9bY^Mlg4d0RKxIa)Uo8G
z_h14Wq}{FEO{n}mDQ1fOyEBPSU@7J?wJ8wmFV=9rc(o>O5Scr(oSrzf&X2wgu3I2c
zG&MCTPira9)wb<3caT%#$KCeoGru+A#=5$y1h($Gee&BHj_d^UO#&2$zEl~CMAr@1
z_c|^HU0|GKO7gl0n8Von0N=X$P)Ir;AUY;y8ekQIUJrBu;v}yl+j4Ao<~BP>sboy@
zQ`5@<#g2{EEL!UY6|r`A`7eS__tE$H!QQYEIPloPfj9b&!4a%m&|Qe*wz8*mNip$>C&Bx#ov;yp5XC-ci&gRVklqu9^+kh+?XbNnoAtiiw>oUthx$w9HPe
zz-5-LUL06t(yd+QuXIL^11EGd(8*r{1NHZ%7`{bBNG!?m<4ZWU$|ndH8Mf*VWgmvn
z>*>vtNY73!waESChdey(fjh-QYAez|v|H$olN!#Ql*Pui=?8lMqJ77-@mto__Kd=Q
z;hli@*k}=pW|8Ork`y|3({pigXL;n>u)ezqYWqe?
z%01AI5D;cCPLUFQCF&u=Wb8#C2Q<)&*OAGQGow@ETKtCBH+2a$G
zZ2siUY{0tT&mHr@%tl6pSSUdIaI{yDNut|1{?McDJ?|NNVB!K~R}+-G$qlge&O0rz
zl%M7&@^hax20*#4IkIB|Fm}1TeDQp8E#NW65^k6~zg?z)-8%@D%3_Sab2F+$z~|Olw1xEg`G~W-rS3&;k3I)9!Xwx++_&BVsn3g0cb*A
zrCkV}OG}isza-EcmPf&M{v-GxMt-jA2rk#@nD%G5IJ>^ydEV3&6>;a)>{Ek#Nq4|A
z`QgKsbgkq4U>fYdfJ^}XZqNvRgsu#78i(GD%&nRu6c{jt4xHzDrRc$<>W5E2XoFko
zP4oF%R|oug#ZH%SxT{Ua2vPqE(2akV`wusLNnK1W-XKb#9&lP7IjjusaP56rxlY~`
zFv~(?6%tE1OxY3qeCvc@2t%QbK+Iguz24@P!xYjzdO&f%DWbl+e&
zeUiEZ^zb)qx-2uVWzSTl94>LUt1{Kge6WJo9vQ2$QL(~rTHBsirM$ckrrM77JY^9?
zov!5T*Bt!lw|n_<7kxkM)18>1f1b2CC?TWXje6a(cXnPZr)Y|bu`)7hR8$bxST2;X
zw!o%Hsdhi^w-W>tIhDAce$29y(|*C&@a8WIA+tHx75
zw$a897v`0a6DI^q;~2K1{mQI*qpVk@zP<$3)uQEn>kWepSy_*m>}E~-(?ZNz3cw2#
zohB?Gz+v1$34B~fG$F$eXUzC={~}2wi<*bTcsT%S461q*V1WU>hYu)wphbqGmGjtm
zyFmw;u^3akc$N0$`dG26ZT$;H&!bnRI&WBP7COxOML^0^8tN3j`0wVRicTNM%3SD?
zM+-}He__}MfR<;Qa5z&~xP2%b0b3xzmDQ0&1tof@VI9ut#w`iQ(dmYA@GTJS*iHR-
zYB5?B1E$Mn7|&ACaSxFUVRL$G3KBB#BrsTNI^dB1WcKOv_I6>R(K+h(z)pH_tP+5>?Bd<_{c#erCh@s$>-Wjw?jIS7^OFWc
z6CJh0&&Md3*-Og*^rlxBNxgWHQUTE!NfYF-apM)(gpATEp`Y3<>W-*nlaXnE-)M6m
zj0~X1)_;o9&UFxjlIDi?60WvJR(DwMRaLow4J_&j-8q$E^XOyZSx9sC-`V6@qD`nnUSaJtoS`V)p9%mAsJ8U`WhW$D20_@IA*_?ma%
z?jGfduCb6z0<3H4?mqYN0a~4yV8*aMvJ(VOpcMu(K*89^v}vhbIbi>L6NYNeYZIpC
zG%}`0?6=K}ut3eMs+05+l^J^&tUPq?$J>0H3R$egYO?LbRfpSV>W5vk0xnOZ$oT4_
zz5RKO1zLM1h<(9k-{SG4y8|+N?;*Ry`JCmPr9#dM^F&`=3(i+v`c
z*-u&xQ>QB_;p;fqB_mOY_eo8?_2KCU*%+aaG`Tn>ce?Xem%n8Mdpk-Rx+`2+OUuh9
zkpnz@{14E-#YGK1+|kjqvXX!H>>q^qKBbwN*|`=T#)z2(nWXKMPetN;6dazrgXz;}
z{}~mX(~)a9H7gVU&yeY%^W)=rh5vl{KmQ5yj{bjPhV=g%*Kim>#+2(!{ofJY+-Se@
zEjOm=inp@BI>7^{ya1D4)hM(7&Iy<6!+a&|a#`-p{(vv=XhBANKK}2R?0+{Wj5=NN
z@&Dee4BPi9H~!ZT{{JWZ--U8+40-2YNOW*pth5dJTuK3rUE$-+W
zwzN@w$lj}jPg`{wt)*T`#kaUvsM(IdYNw|*P`DbpVr8{1Z9i-@Y|f*IFy
zC%sA)`voS%*UE+P$2cN+`bWi@j_pskIIH8ij&K>Y?;K77^OWW%5pB$buaAU0%7;g*
zCOk;i1?o_&wh?EI4APH_HQ~U=Y`dF{1-7@%NBXYX;wpZ*<9Gqa{ir%tbIc{Y-|m?-
z?j9wmtfKz;zrpe1EUP2Wp>8kZP{eCfGh)YcXyOUkc#x&u)he263=IBAq&Qw2pVd7v
zw#4{&T9`6~iK#j;_<@rI<>lTN@c_fHb5Le0B4$PVdN0m8eQOK?*Xq(r-fi|<`f1OHezq+ZS^l%(S!YW81aJx1b2#P|
zAt?(pGJ*$(C!%2_S{0m4!AK<1Y%Jt15D`E-7ufb2!^IrxchQ2edvkA(xAPp9X604M
zF0yImn$ifms&$}+Ba$DvKThb*b7B^9nfTCoSXP)k`>==gC>l2<>5L-R?OFqjg2`dRD?}jn#Y?0WOI`5av7xgPyX!O
zbV#uD|MbS;SDo(PgZJfxMLmZMcJ25#*SmqHk{h0G2l2SQ9*dh>+6a&68ea7B-ta0c
zTE=yCbr~9JS2dk6xMLY64Lz|4oa=qFxIYr(Y0sEdj}3BPmzKPpOZ@k9q+Ep@LfA-Z
zk*?0u+SZP?Fd}c`cvNIwMce|LbKG)0tl?c%GeUMV*lX>{(8}5z8@>e5O{Nj$sE52LfM1cQczAt50y>%}T>)XFc?(b1{yR%52Y
z`J`K{zIC$GeFqFtpy%{X-1?tTn3W&!KW1iOsR!@Cl#Rd~^J@w=%`XcJ#(1^M{cyAW@#8n2deLL5P-<8s9~s-dMK%Nz*{Wy~v=Z{wbDkmy{2M+vqcR${=MhrXJ$LEc`>-b}I-UV0iHE$g
z@(J5Yy{UC$pu=5ij}i}UB4Y~U
zWF<)Q*uD%qsqMb5l#PDv2S0tIUGr~(7AotzXP#T+P)1gkAD>oGe|p?p;!C)E8v$AY
z&x-T+{GFB62u817mzjG`YZFx4L@Kbj`|M*<6G1EL2Z?K@R#uWjIchBxyfR**HSGtW
zbzRe*sG@3OlFq*Ls1qjlN_Cd-lwgfPj^upeiF;UsBp
z9mv*(_r)_X(QbI5+jazb#vAbAa9?o01zyi@k*uLfYsVS0
zJ){Mx72;n=G`>H)r)O@??6h`3hRVYEV_h`ghQj#BU6=*zWJR4m(7J%`?E{Z9S{~&V>{wfNK&Y1vxFHZQCG5W)}Ri&k-maAwO*7BjRLcYH}mtD5(Zg)##
zPiE8x8lrY-dHF-b^pj(X
z^@A=g=hh^5QBhI5g1%u@&nE3v+t+X3ehfCFI%xf7ht$J7n6bU~Uii5g9FC?x!9Lxs
zFuUY>gOln
zvKOK9xmu+bGAHBeQ1)+ar5xp~`EXoctH$yk1k8`pJbqL6wy5unkn-U6oV&`&d~j!P
zvIe7to!NY9J!8YeeP@2@tFn-nQ|c9{=Fc(7;JKiS;2Z!x)K8T6FE)QnurYhb)ojPO
zqknlWJSDGY`_(-s#n*iSd>Pe1m~ICkA)J254PVR-hX^F5KwYhMx0vK{%$(qU84Hmg
zFkWLzgNM1iCJ{v5%9M~|H1M8x+pe0ag;iAaAP?t80zR!e{ett@?&qo!ok{dQEC0cS
zgzQvc(oJ*FUh|$3LE9*d8StBEF5n2muDkH`iZiC7%vOi;ni-G0qukZ#g&Z!4tGx~V
zHtIaZB-1vpkH8ds{r2r6m=xL?H{oUsjg4o%^nSUzI-G2{PuJ5~N$luYyzTA*dDDL)
zN;&J6`OrK4!|i4%M=k+aDTLS&cljh(AD(JkX}=T08hFwkkhiWm5qj-q5ygv5eo9QF
zH|;NmIhqAYTsaa=X;6=C%U8
zMSgoUd85GY$5$`U$5L_Jrf+`gmuj;oA7T&C8?g}+lg>0j(W|Q~-~6aMBZ#H9rhs?*
zRDRv>;O00umKm5=)R2rFs$Y);ucYzp>hd#e*W#FM%1oq&a6|-w2gP*59`zm8h=iJ_
zl(PuV+cR&;962KuYuHgXZo9%7JHn~JK;%~+$5pTUm*L@hzNsiJ{WI@PAuR60KYyx1
zsa$&}?1Z|h?f`&1uagg8s?gah@5{19p_Xb#e%2|rKTVH9AfByP6S`DMau7X~{^TyG
z*K0I>v$oA&RTpoeCgx=m&?R-W8q=+o~J(ZG2Zsg
zI|qJB$DSfZ^U*s^8z(CtvsFTMeb@jFcP0CBQ2YLNVi!G~M0NMccroCBT*y?Y!6KF)
zp1VlVnTQ92QOM*CHwvZ&<4}r6J=)*a_B8oL8U%(vRi((
z`y%uqZ`fP$!{?_%%Cwjf;EZF0OO^J3ue(Rkx=s4sR*>Y^i{IL6Jg
zvlHc@`UBSt33L>BT+7!5z7|?#uv8Cf$$KvJ&e@$uTsZ$QsQA4djwE^veJoWU_QfX03FT;!T
zf`}6^7m&$VsuaLQY&=nbvFf$>xm_C_9t+uwYt`G!)<&d`P2QZD)8EeP&WT}b#g8T}
zdk+{Hi~?RRuwIa_lgKPtgF4V}6VF0%Yp9(b^0rSx2854KGX1%}Kkd-L>Es1=kV#2$
zp)hX9xI7aq#!sI#BSk#NUu~qL(ab6a{X5mUf2R6YEh9Sk3Hz-dw?H5lT$2bht){UN
z9eVrCdSFVtD=9c{6vXzK1#EGLrbs@zyLSlz8da3~TP{Q8nD)xIjU`Ln|y
zCC#{0Sl3Wo+~4aO5TSSh60~(sIG>KQ;f+N*TdUW%8%?Zzp}HQx8g~MsHXZw=A7)3*
zWlqx$H#g=c2MaCxvA3UBg5_b;F2RV9-4KVDwTEhRcYf+6{^)VOr84cj{i@ezDy+W#
zp0bb5lKKxce}Nqb93N6+CH$LVxfVydvZ2OyTu)Qg0}mPf3~~$qd?+{D^Kjy*(%m&R
zB?SSdq4{plDfz%j&YXLyN2v^BX6F8*we6=XlSy%bT5Kdg2L?Ji-vRJ~3%?30HTitk
zNVs&H6eVAPXzAIShcIqNk6U&d)YkZqet{@q^dOx&4Lr)w>2$>Qru`ekHgS3R?y&LB
z#zwl+l^x&qWY$}^ZZR1sbNJ$3b+uyxpbQ%B&dw9ji63U21xGEUsGFt8vPG=&eMTa7rd*E6Ydx2y&T`eBqEqdjxU~|Q~GKPtU4|yKNTN!
zrH({C%AvD%C{{NVH6ImvLw>#Xf~i5W?uT@?npAXW@Qz+sR8**JW`J^bki=9Ci2{Dm
z^)ee98Q)5G;Tz>+w&l7U{E70T+|JrBbngGTM{Yr`C7C~z_dokUYLIWhLgUmn{2J#R
zV^AsOQD=PY3yS`bb-j;@SP#j}KdiiDK`YwnTV&-!Gav+@Di`m>q*VLtmnQ&1
zZeHGwio!yI9?=sW2+-WCkl#2tJ5LQi@m(pi;eYA@Pjc6Jz5Qdpi|Ky>
zr%ziTS~t2!0TK5Ny{~MmOQ~P!xAg2b?*J@Ez6LV%IXGJk1q~|I*2<#wQ|ZBp3(?u0
zql1YD7nzR+i>ey$9F~e!+I*PU(oxw_|K|ShLXeUy99eVQ>EbH{-FnK7#%E1`P#V#4
zaS>!@X7*Z@Zdd2zu*AH5n+CFV?XFvN;aJFp0~(^f-rn1*j;>Hu45(!`!P%MwS?L@T
z6N5ki4mw=!%m?G0qMi$$5IU>8ps=eZpx`^VE$NE5o^A2VZQAtl2ogOZ;VRh1pFgXE
zD=W33CNWB>#*X?|orQqoZZ$+CbbnZV_
zcb~k}O}XR;o;`+>xeem1ba0Y2H8o0}-hb8{VQ_;psm>PPzE~KWY=m%m2#64TvFT!Wg
z&;||RBX+GXgJ_RV&D@*;YB;9s`Fs2N{6VBb1Q_{Sz1-!lF=PQ6+UJA5ttjL=v49{K
z+~8(AV{$#jiKT=3Eyp-&$VZXf*6;vky-qW~%j)$P4_CiP{Vx4V#<^1A4MEp~y;^UCU-uVz
z2!Z%F_r(|IdmcQ|$g0-w&sG7Y^!7@k+21f9R^;y9-V`hsxR@XLZquD`d5Nyeihv;_
zS}y4rBnvCBP-=btmC}zgxs`lDIWTadc;^Hcs6R>3s96Zu+{M5A=6723HXVy29?-uJ
zg`$lS@q9C|b!M_->*|FQasT08Na>QbOJ&FNArb+8|K!J!O`4U4|eUWamg^2
z0O$+Uz5_H@L`488_6p)@zq0qr`n6I%(A}-hfWz-YRTs?L;eHwR>v!>?FJI!muj)b~
zb|WJKeeb#0R|k#Cup7Z}XqNeiAbA_W=K&Cb0IjzfeQOSBg?)-LDB-Q)WdMZx2V-ws
zK|tdR!}ZY$;JDsKC;~F%H|92OI^IJ*+i7QALQjt!h$cX{_J8ALu+nO36!sf65p&*m
zufb38yfrkWgGIJo+t7;uDW*jJ6#%%~3R&1prUPIMfk{IR!F*A&eQWL^1P(y#0NiPU
zCX%>-vV;~!nK|kAN_NKb1EV7CMM|xRT`109fIRMa@7Eu1S$Sh_VPWQHwu&2D^X3?%
ze8N3w=mlC!)cIi>UPL`q1OQjuQCdDQKQdtk-0bb`&41qapnUD?h$2Aa`5v)%*!Lj_L2d+Cw}H3^$l99*pw?&L
zsw^(1vA>s_T|vfcNGfjTc{Flz#3N{cys;2;#_HCv6`D-D+M&BBa(oAnJ9!pV@ey1L?MeF
zj5wCN>C|UTi>J-aQi%HD;wLDGy}dmqAeuD04R5EEmk-%7A^Qi?(ZvZHD`#|cc1k|c
zV65zRg(gUZf2lKM2nk%OksTw%50Fb(TwFvw&S+zx-J;M
zOPl*CaasM+HRx*P$VDAplivp8q}tDn@Nc_N}TLyvs7!=c{O?5H)8LP<>xO&tGKd_0ByUAOeUu#k`|Ao(YPULj4QSpz=;_rI#^
zR$5Ro80_}E3+aCMAh8RYr7hZE3K@_K8r%>(2uZ98?VeA4rtrx+-GlSlb_;FU92Q?6cOT(JE+wnIu#_EMR_=z$X;A(5>|3$>yoE
zTZP!_soLf!wXkbY;z?8ILSyHbS4W+jMXc4Qr3rddbNTn*jXB!laaKKu8$
zb^Aq->O+Wp#Z64;ea;UZ5%-4ieEfiUbvs=U3xyQZBk%(XzQ=Zm`W~PCi*GgF$O+S{
z!HbQxMj*gEDFX2iu@`blQvAxt(|j;3M2-0MSuX
z8u|?ok)3*k$~4U!*^ZRunTZ{uu&@qJ_FO?-XJ*G)RO30U@ETlNT&zcipkR6H_RGG0
zy^^?Iby2&QXE)Q*6@T{Is#LoW0(|#m*$q8laKRwV@uH4j8hxarf1|HAFfYIEr3q~a
z`sR@=_H-tWdCj}yo+IPX
zx}|%I2a3P5tV(~|iJ>$^;UKqScqH~h6{Mi?Vr9`Xl`(@GJ=v3JFt}`ohu)k!?YIfs
zSB=?M=-LY=mRl~Dy#Ly1ddKKwe@(N_M}(U^(o4m)MjsENjVH<8BoutMyR4cY9y5H_
zDZ|zIYU8h-3()2sl$NltvKrmKUf_G-gY*-SU!|w~@$fPYlx)IB)C$|_JmFR8Q}2dy
zE6%$+&F$0m8;b53op+;{BBtw`@CAZ^qX@g1&aRAfxdbwr8RTNpEb(1eYV@NjD+TM!
z!o$N0TsQP99>mzuV*43z<$nE20xD%GZS6SSW~8-w9KxwQb|Vu?3tIFahn&zO?;FCI
z2e|`jU%#r?E_niJnB+E%Sq*d%sIZV>6eusjJ0KC)`z~{Y#)jOjv0SU+A~Vej$IMZR
zh(B=`10z8H>ZAF1=mZr|@RlCSY+2-Ba@}=;%8^VwGr;_Km#Oq`fJP^m)o%nXGaxKN
z2Ru}L{YqeiorPGUd}v39EYy+BY)&SUDfY5J+a
z?1*Q-1-J3}=@G&Y$^|6z2b)aqOieaG&%jS%1CJoz6{q^YVWhDT#F2echP?4}Qx7wt
z_QNy)0z`-ep-zOz_}#x+0D4Gf&l){MN%{Ek3fw&>ViM2y5H-nbTgJ)NwfLd*;ESd+
z0s=jrL>VOsM
zJT%0?AtomFImo``2Mxf85T_xy;DXZnj9!QTotm()FG5gY+y;HyX)!Kc7DqyHWbv*r
zbjvy1Y{COT8wxh4V<+-{di59m{0Fd}p_doIc9I%gD7UaUku=w@$iE3k^1S~ad+B=F
z3%G*&5{F%klHH`fzMe7K5>iB-tN+VOD7F1}6p^DToyhVF=b!W@Y+hpA8elYtg#Pna
z>CmmWz_mu_pu_wE%@gRRcgg8y7c2Q-mDZfKj|C79%q44<8CylWPh
z)f|J`jEvY-11p=gL|gKKw%GK~m_9p3mf7$4V4i
zmE?TVW|7c$8_d|T^bYliIr3sx&m`-vB>W0S)qSa(Iw4*2sl_evEmK9;=?)%hQQrCE
zS{*m{4|biRWd69-)u#qgN56~AnvWV^RXm9y3*7PZ8x{FgF~S*27p5HXXDx&=r2K!b
zTT~Iug#Wt-@V+OWos)xw#6AKVTu+2mDZ2ub9Te}`2-_4&9Y5yha3h`s3}F0WkvAedn=UpZ1rl#b>1{y3GmaytEtJMmo>mX=8MJ-vdp
zwRKYf8a9LzP+%0SV_ShXHa51nzTSFzwDUSS84uyM*?`{n^XJWjkAGg^pD$_cwA0c#
zP%@HMQbMHi@$u^{vnNl|Q&Uk~s;HpdIszH;mz0*GeZGJwv(dcxNDf+bLX}}iyJ@(^
z$lrnZYu}jesJQBwf!$HTlo1<H6C!x?@TSiEBZJQZ%$&)e`~uefxj4oqxv(jj)g|
z7U)I@Nuiw|_3eCE9FX6IQ1`zS5gY~+b+TTCx3si`@FUfCLlI2Gg=<0hot+#YQ_OI-
z0lAWYPE8&f0t#j+`V$;#(YoU%LdVuWg$>?Qy>;(J|Gii@)Sw_KT>@hKnV-F*?{R5q
z32HQS@n?9-X+;Pnrf~{}j;H!Y{j!IT@UN+CI``ZPTc)t@{4Rl*dE)yAav;AvVE9LR
z8i|H9;nyg><=}F*muAfk6~FY^WlHMuUWq
zPlDAGQN1qZI2Q@BZr3upbN>mcO&J^fMBa-D4I4j|zRy$|^o3M-9(-81rdmo-(KWEej&LIqmX^%sJxP&J
zjSL8f#G~d0tQ#=1nw3u36UQ(c0M8nLu$#4ngE%Cik0=I(yd;+h9
zed48qb#(wqK>%@O0&kecF=9kI%v(L|tADb8TY+AXTPB`yG8%lA-wtoZz`B=;Ad)NS+5xbxY&(3GH*aMTzFKNeiYR>@b?Z74bZ!nftFzYp=ZY^)dD
z7M@u9G@VjjdOcu1gv;0WU$+eZGvt19)$6n19x8XBhbz3{K1+b8hmx99V4iv70U98k
zb6Of5lBWijEkB&e#cPA4Kl1sz>O*!f3wq|WV`h0^+pRYh4YPpEtNbpqUfpo^n1dlRgyXL-cNC;Tdsuq)YL?8v9e?N#w
zCU%toxyf#`U~
zP>%AgqoWauz_~!R@Tn{@?0zU8O8B)c3D(K=P-DTi7#x|@%PG4gRUukVqhosYGa)Pe
zlJ<|p@*?doR#3|?_D~W|F0k=0+u`MYz)nrr(_`A1Z>?-
z`m|n-hk3m4dbci$*1dm0@xn`JnuINoP6XTj_mrSsD66M$M6I*nuBbEiDyLY$`LV{-
z((RVYqd&Kd#9=fT0TT*9B7r~aodftd;T70`2yDRbLYkgF{{Hdtm(Z}iPG2<@VvN%^
z-&1rJ78aUtIsnQ>+~g<-1>vpBH{2#s0Oq!G?Pr8v>p4bifXiKlvhEh3oSO7&A=9a)rG@YVjO~658x9N~9s-=a$;d-G
zazZv`Y0S_QdV}zI#}v)?f#tzss0g>(V<`^J3New(TgHsXVs3PJdDDfnlVqpet9H6!tZ^4VD3(X{RjR{~`!9I0HnVywnokg{
zeC)lP`n`&5WG_UV~(ZYwMwl
z>*%^?C{a`JogP2b;%3HA(2-fp
zrq*!|>$vF~CZ<(0S{LrFP~wbO?m$=sg|rKQ?*w(^XK^Un{9fE-6q;M-JM>xII)z+8
zE8Sm~=gP2cXeSSe00B#^6{RVKE{DdD`(e*ric!(dM_TDJL3iQ=xCmtDuA9c=*t+ry
zV9I7XQqGE&kFCEqi_gPLy6tFee2vIxeri|0HV7oHOhlq9QM?Cx4KogK@&XxFurcMV
zzMF6oX8g&q2W`mf=r?a@UqJgRN&Ne7vhLwu-rd`mAZk;oy{bf%A3r+cNrnNbHU$)~
zofu{W$kNAsPw2beaiWHq)?P-Kyp=S1&4M+Xdj4_8N0nO^>z1E?>QRWM%_sLlhW&kA
zcFn!3r(Y8SEsl#Oq>k2pW;7opJ`(-xg2!|KqsXK8c?--4gDPD|CBDx+
z?|j~sePVvv!^rAgtle?8xUmuSSpC?%Yq7}srWVe17mo<5RL6^Z^1BE{
zT}cx3{hreKbBEW2XTKL-7xypil4MHE`Y3TGyA_cf?))sQmA%jB$colF
z#hzI4=knTf=eunoDHv>CmV1ADnM^a5Xx@z`vgscQpOGtKO08tgKGb7jw5tQR+jH%|ow<
zgW~m)3*tTrH^rP5sq}ReT{t0(7#arLdSk;Wkf+(`?U!eUbAXAbmct~utefH@i
z(0Ed_56IA4x{6cE-QP}__Vr;8W(V5yo#A{@@eRz~%D3k^AE=Vur&1*02+6VFiV=7g
z@HF;c3>C(JL6S}P{aGzB!V@Ui;75v#^y@-+bnx#IV)V&Ho6cveV~WwIj8nEkn8;1i
z7~=#ekj{>iwb|Nu)bXE?7RCz``8xD?2O9V@z{Scv?)Wef>^SfGdb59`so$s)ltQZ*
z$B|cdDR8zOl^enjQ2u6%klyq{Gb2312VFSv;u3=C<9us57X(7dba$z@J{*NzH00C#
z=4iZygE{1czg~QSdN6#^5L?qD;h^%;^}QGl^wuX2FJV0Aqg(%yjQocjoO9ZPqHSG^;GK;TzdAeA
z7?zC!zhE=P$6fx5j+X$|58(B!UDiEA9mebvS#$_9^DaXvBTUPk(6LWhRAE9GrC7}9
zeBNT7#z2uyqCrbEM57MAwpe#Z(Qunn_=q&^%8dgd;~KvE_ldci^2W{6lV_U=C#vga
zbLXe1FpFwH%pMY4!y;5lL
zPTIz<_>Oc`jNWR&iS&*K#FjjJHGK*QNBVNIzDE*McoK?bFIfJhOz2J90i700^=R5NjNp`n)
z$G;>cfgYjsXNub&o-gR2AUc-7I00sxr6K+(Y~V`{E4k0jtZbwZNLP#iggCz8?dzA`
zLZ_i^ucfTdpRa=DyAnvdDEQ|xxQ}2@a?v4Ias3}QmD`;ugKj_o#8^!H@m(R%JVla7
z8d&j}dVkd0A0GR3F7A1Rr7>Nsj@M9th%#6`H&QA0552=g0y_d9A_BMXYxuU`5tqla
zf?&ropqq8uAjXqa)6)4`^Jvqy9s;8iKXLl;v>ZS^a8I=F_<)|Wu($^Rza;LVloUOZ
zep{ttMN)b1?QUOJgrp<_-W$5SsYs2$`MZR8FmiMgQ7khQT(+3Vd%u2-NYQlkO4JeS
z{ztkrqYqu?aIzpSNQ3~gLfRLZ4oRu`1l&@1L`xc_MiR0P1bsJ~PLv7y>@#xLK??!Sts-$e11~56-a%GzzwAm
z86%x^shB;gJL|e=Ja%3=ee2rZLv8L7>Fg3IQ)@w$z>eb1-|)*d%Gt%h+T{V$!J%1h
zix}RM&Fv}ko`=N?+Qm;^6uB>s-gWva#T?OO=1|UdpUE|fE&jn<&$Jl-1~P&U(l5-R
zY2+@L#D8)h-0e(`vVQ5FL($=353?%@
zy%yX?B3ZK864lx`vC2HA>atqIEUffzVsrSLb6e^^lQVR7;*F1gD*|C9KZDlXJK`Uw
z{KQhak~gYF)F`ERT7_AOO`>O19qKhrGbP5U@qeOd5xBfWy=-)~$Z_#=n42t%
zP>L3T{>zBKlQl8Q_;OpR48I@&&)$5RXZb|hEk8g?X22R;?!JNfA9QW8nd9r829
z_#a)IPm}>!5N=6E1_{XR(?Il#kRQ?!uU@6x_w*E+o}O`7O^<@+joeVaO32W!)to!9
zy>|P2(^voAQkr!6LXxt(FLR9S(HVviwn<_zZ84qc%biZ>+GL;W^-Oq_CD!1Ee6==v
zo$rrhi7-l1YP?KYXXlHc_+aa<#zn_bdjS;L*at`~ycwpkQ*dJ23)6F0Ep|hRQnX17
zo4)JP{rBkk8zbkv0vxm`)A$0SvSgxbgakKD%3olZ2PG5Ue@l3!=r%uI^?6~(kGnU6
z+J4vCzJ7261pzJV34MGGANqaoH1cOlOP-9RCh2J_MP>sJT_-8N&D#K-^}qLsNLhGG_xTT)
z&wMzQ{{^CieN*R9Dl0-@mmXH3){!-Cc>O
z(DT3+x@0;@oGVQ)9bQGGyx0E&9ta2`+2`_F5Qu{c1zJH5lTmUyay!wJ)w@SNw;)c1
zCV3K;*#}lfkduV&NbdS7Dui(01nO5%b>8``TXD^!Ms%@8AuNo^17hqD$RMW#XYx&W
z5$0;-htOcW7xNWGvW+l6#?TQJbXm<{a0)&4tW?$1P!OOES3-&
z&My5Z!WE+$E`Ag=ppq|HImUDgfu(;V_X4AEfl^p6S@NNLV9I)=yni2t9Av8H9>`HZe=qR}RlkFc_P?p(&R}-P`*A?d
z9dh5u)gM3u;VRrCu+ngGsYOM~wL_xT#4Tl=ik=%?+Jh}#G2zfXaChjo91v6)Kbu71WT~zU_%rD
zKd^mhY%`vjwN7@daP>HO>Z}t1O&SFecusQT!P#%lI|@VF}m}?9-0{p+3>k+K&=3|wXgT{|NlMB}rPy74
zk7*J29Ckjx7Z&@6`hS+O(?U^Smx{P8SK)*>A96@2BZ+h`=U{H!Jg1g~4LQ&=l>$f_K?mC^qV
z2azIn@(QD(SN~551~P4IVNB?AcXzX8dc!VC`O%_BgNf~K`3BPu5G_DDKV=X}AO4f8
zfF;pR<$%=aLPiVv8@HJZO+V*^0rnC(nvLdn#Sk+K`Bw|DPHDqS0S7pW&K4mv;!wr8X(tbXn0pa$y$p#pnC`@A1^?ZF`b!ZG*2sW?i6m&k>&`45
zNDunKDu9&Xuec5YeG^gbOG9IS(q>gvQGouH%W}c=8YGN{ZCXJ+!mt242bp-&&Le?@
zBG6^;MsKYH3fk`Vf&B~;baA_+s{d?W{dIG`8}5RS5r~$n>g#`YRJe*H7du{BDQePw
zl*t%5EX|d-4Tc!k&A(Z2cl2ivTGloZVFu7dSxHJsMMrNe)NT|wgOO@!X+fDltDT@4
zJSlK~`t&IRnFO4Mdq*beAn^}y4pi>;N84uaACHsQLkGJ{`&^Nao5NKhZRIuU-;(c<^UG@(O?V}7@;@oam5ktiaK|Gw>m^t35Jji>Fkn
zZKC~JQgSb=UmR|=uagVp=h=iTrn7l9GYdQI@8lelk&hEh~_Ckd8FJ
z?Q#yCWe7J<<>wm5#^40gwvb9y0M@}Uk+6v-Fe9K>{mB?(n1qna>U*z?WiW6+k^@X`
zD_5I|`jcBHo9|9!osbo;#5!HxPXkRI0V$%^@;OK!Sb~`aF9KD{
zHz9Eh&jCeaICPsr672}^uyB%4#D6yZWaU{mm2i+j!BXG@FKpg7l)+KbIb005R}Zq@
zH~fjNDB$;546nH$
zVFog!VkdwrfJwo>UGvwX{7KligtePCLiygMkn3-;SRvp+3b2ccie4oqMgrtPyb3)x
zX$VdWh6|ZL`h61h{!dLy<&B4u=kENo)C8}SA#H#d&yCJ{{9&4}2i9A9Iz35On#{+V
z8Y)n}NkVnQW${;`TY#IkHzj{4O4l}#f-qqU#PctlcbsH#k+2~Fjk#1=h+|}LK{}<>Er6!E+|1JAl4{PQITm^F
zG6~gIQRyC8qqzO#{TAv6B9r%&@Rr4+XgZWL*fJIG>u4{I(_8LuMD_OmAd&U^SaL8^
z=`mOQX4Ji}cmLVKj!)ILGD?Qbtss1fFm=h{FX)KwnG**sIngioF&qko>?aW-9=j=E
zm=L2rCu^V>$r_L!9s50Cv)^tyD}g~9gwG!Rdl0SUX7@6KTGhJf7b)apX_ib*{!H|O
z)87@EK71uqD`WN2dxJks_ckd>-s`j-?<_bpR7G7K4q~d7x#|uj%%bU;*$}$&~_63nL3GtC$a{l
zy~_MMKkT(wl0p(Dz5*Pmjww9ke76rO+F#!Ac*gEePq
zt5Bv8{HA|GBkyO5`f;lI@s#WIud~eTLNDXGv?=fPlfiKg?Si&O1Oq!4Dvv>>f|
zR>rL+Lz>vi(=E@z+Wj+3D0Awg+R;q@ubF(_$^2jGDk~x@Jnzm1Je+c(JJ(IdI)6My
zj>~e^>ib1oWvU5IITqSx0kS)$7+>yszfnLgYzd4$x`)xr!VdG9C|Su-%Z7cnh*g4?hOpQuZd;SD2sP8h&YN6f5rM9iJ
zZw~~6@N0VoY6J5h{kdy=i3GY->$d*&cMJpW)57aXOx39jY931{%2;D^IX+4nX$NinWqi-p-?4in^%ij#bmy^j;cUU>J_SOsedkxb>PmV?O;#3!&
z?+l3|V%C=Jl&RQ$N46L-(0;Dt{zR_mjn>`rsXNyAi%LFa@u0Tr&tc!nli%H=^*f`2
z_S}^fgYVmf%2+oNI2heO&dh#z86C6pEbsei4Eb+#mo4tR--8y0WT%(BcR87Z@EdhH
zzOEmcBxs#9SY3(iZX?E|mD+Ix8VvkSH^{+WO302s>
z;?shY{pRh$q9!7ZxoGX8sGo1Vo!1GMsbwCEbmd+*VWh6U1gj!4^>#@5)up2DSO*9~svq!pI@A1SB-c
z>3bBB|EOZ|q01kmQsJHtXY<0jvfG1o=L3V8x~ed8V0ggbK-~;9DY_ncNBQ^BO}U(%
z`Z-JG0Wp-J*VAG$9EVh|7-I1UE^&)H;nl^gPrds!{7%oIM15y@==l}(TIPrsMUtj5
zR90`u&tk~AS$w%!)}HJ5mhimIJ+M?ew}?3}eL0ZiSXX&4kW?P^we?KiRz){M(g2HA
zn@_DxYPBxk0q=+r=A53M9yP09CQE+(HHt0=so3czDiFA%&w50_I#X*5dHuas`U-bW
z=uixt#x-JMG{7DU(5tn@g8Po`C_lBvpqGp-@{SmX6Gh&2wt(bW208@7F%ZzNIz_eP
zsA@+X*0BHG3#sTFy(o_Z4FhRswR3(S>a99#jWA_#MdRzKlIfTfB$2%B*fQm)`>Qt2{6B&&-}_7YgL5{*DtxEmeM2
z
zSsN-0gi|9R90PG;HAo1ncYi$ko+P3p@0RS3T+rP@Z{l5HXh0x>>|YGS0tH4|B^Cq#
z!jMNvZ9BVny`7zhCnEO+G|tBpJ)A^kP)Pa?O~vG)o(!3w1YQ1Mrrs_X(i`Ae6q-L7
zd;F>r16zuyaluX5Tu8vyel(>poKbtoh!B4lLdeS&*UOrQK{0;CIfXl~xuwe>FYA#7
zb!E`L<(q|KfjmtrHBG9wgk@@)R%{v@#r!!1g1J^y)&g@r&KuSO4%Ck#PZCGXU9}5^
z^4{Cbk*@Aps{ZyM*FwqSE`8zr5;meDOAHfn4q+M3yOoN$t0xNXSL6F#8XVEdKZytD
zBt69$^!hmXY(KxMo4s_fl*RXS;L7QM2Yfm)z74jJk9kUnus5ed=nx+sos`qj25pKI
z55u5&!jU#7Oe`$M(C-Y6I1U6|DjX7g<*2gST&@UdAE?^9JfYJp96R3!hd>~Yg#hG3
z#$!cPHtL8i;_>q$)t0s*5gR#{W5cW*9Oj_qLQV(}dgu`?jXOPJ3V@TLZSapzf)9{(
zhO%uRCFMo-g`8JGulKFktwBQ@&Be2I{HuDGdVHyfd9i%kGdHtrWL=5eYK7%;&y9j`
z>?FStD+NWp`WTD%(K1xxcpqxfO<=k4k*+x6u$^G0iI
zShIepPicLrHNZrZySUWiu2O6?cYY^DWyv~!P}7AvKYw8JM=omb30jH@x?5cA9me?0
z5IQC-Gfnh_U^0GXI5LA`8tG{p7ochmnj8VubiQ9!w*?ZvJ~)&X9(*3<+GDM&uaB%@
z1_r=rd$t`SJAq+;Q&*0gLK_KBZILp1h?pbq-_J%?HAA2{4}}_V=sGqu?uA|~*I+nh
z;e=!a6#WUG?e@Q*7E4k}zn`j{t?ljdCjJ0kMaJbx+mt<&<~rVgaa|m=c_`2p&k&-I
z_m3F>^g+98#w542feXsLw_q_}=kjA~SmK7)KO|}m6FgA~cX_Q`5?`NYXoJrFDUjRg
z{b($<^E#)ajVEH2m^a*~J=5LEOL&eYN^`S
zckyS4U?i);-OipxtuN!_le~2ZGVP*RC6~tlc<<~#1i(w{2L}eJfJg`w(^>_FD43X-
zK;XWCQ0TXH$ioQh-y3dhgTBSz(N
z%0<=%$m#BvS;sZXr~b%&Ud|B`wqnJd_h%b?t+I?&eKaMDY>BN!w7h7F5JOa!7Dw}<_WD8rK0vl&lC5taa#wBCc0!Bqo)XLc>!M!e+_~gPNbs#cBYa)^N%EK_
z{hU;^>`wd@MqGvHZ-c5HJOt?@?s4Y0(TQnY6-0^UKXTl3Zp`@-shmIHTCyuwxD$N!
z`OVYiuZT~mJcnid>DG4k6RlScS4$z7;Jl(}F%%nNw
zw_lf^mfGbW=unz>ut~>gg?Df5T^Gh-Jx~l{d}odKMAK8?9-&kUZw$>-rYm(jV#%hD
zGOSk44PV~178}Z`@0md2;vl;LVa&?~?mOn^a6mCEKFzN-WWce&;6n|UIN;C4-=(Zb
z=98PeL^}_U_23_PKpw3FB}Eoe{+$1wtzB)c0hEt{OMl*uED}*zoQQnM66v#cJGv
zfDfVmMYkP_Vb=uAcjmjUlHCc4W!1Rk_R^Xoq3sQdV(adwV$Mtpz6aqKH_sLE5{PkM
z)JSgHjR;qDv(&_eDXoQFcTTf3b5SgTG;*W>(P@lad;SrTU3M$M@4tZK6~-Y~Cu_S0wisT`wrY)+K|Ueu|6=Pcpt@SO=us>%NEK;N
z5l}$7TToh%R=QKVTLlC}LAtv^x?4)5rMpYIyWZNK`+wuTH{KmM?mbuK@cZ_+SIjxr
zT*^6NYlJVXcGYzX+gn?;etjiC#`<6Z^~A2bmI;)>H7lqJ@Sy2yj~>HPa0a*u#S%`^ORzt=t*{Soo0ET5ZN3VqdXR756I3S6iStIj8dGiV9ybE>uijX
zflwu$Hlp7lLX*F!q}9r()5;isV0kWBVjHD&!H8-@g8p}uh{5KLaTMNDPwd$w
zD2A}13CnO#848%O;v^ys%m1aSx+u4}z%v8_g{f*w0`Ng^@|jby_dp;uo`
zd>-^2^RMT{|D%7sel(1oKBiD7sY)!gRwWA16B!Tj)U5qPNksGwFGoE@fIqAIv>LTB
zfEYt~M-D&7(r)8
z#P)s~THsvU_zxdY8XD>SgIRNT1fjNjx>x_SQD=2c`q}sm0UKE~l*hUIoi6fA9^&bb
z-#bL39#*}Vf``CBmYuQ^;hQx_WhQN8IP!&d_zP{w`t#h&kM|S44JP}sCIs9Oz%$^n
zB$}>WH+-3CG!Y(p8zLDu;BX!q)0|jC2A1+N`p=T~nzlSr!ydQ&@Uks)Jiyf|RCr_j
zETvy|czVw6)_UUyHge=C@HV0)D5{@X3uJLoYENy4I{)T}ZW_aiD;8OIghMX;{rh(T
z@IkD*yx`8OyWj#C3xM{WqqzX<5xsC6B9%k)u0hFv6?-g<62R87X5=LTMJ4R22vQ+O
zkhAe>dt*Bd_j6X1OBj5InzjjWF^6q!u)~pf^W88^A%>*M|Z_NY?Yealpw0
zvQ$WT_%4jzYL_TSvKZZkoovM>L;hgs3X^c0l{U+>b1Tu|lqO@i_wR!QfLBQ-=Uvff
z*mbPj0@Dm&frOBaS0dQWNr6wx-F*weOt&?N!sTQ+oiBE{kC{wC*Cp2VK~?0r7k5uM
zq0E{+yJLe0+xUFN@Uyd!zfvs0Qt2xW>!@KB!b0sa>i(R`cO^=1NtF5qX{^=}%Mzsu
zk(oEu)y(K#%MQj-bG~+E!h^o)AFTH$>&*908HM0fY0n|Foh4C9dSQ>dL*Jd=b~6w;
zkS3-cZBI<9`7v5{|C{)#(cAqm`B9+pBIerm(85tbiYK-0Z6c|
zK^1clYDhcqO}_&PgnAwoNBK;hHP}DE@8_8L--JeJDJr&op+UO9Tqk88+Ti)HZY@=N?qC62}
z#6E5To+zfXzEpA3$i@v28>PakIcVLYiOkAB!s~O#OAwsmFrm&QhXN`oApv&jvAvO(
zZvyIn83JhbX>5veFiR%vGI4}=4{V4qQNRWe+Bk2hjtliW3A-)1V*T~n!w^YCw~GQi
zpdYMQ17Xiq5CRDHMVag!g%d1q=*xPSAMI97F1`$Id+(F-khf&;BBW3a(4pDh`D_#h
zbk5^zbAkibj6Y7x`hpGGKZ^QPRfyEIkWGesU4M&vMM1b@8TbBK`9|7)j#IP-3-2RiGxUE^Z5VwQrRKOPh(!A5;)GfPWU
zBLm5dBj6YV(9JJ+27kxO=!Lv7UxBV^#2_A7;f}B;;;B2^G)7$FsX^Jfm0#S>Pqx7T
z2f=oLmKFw<39gNYfoRv?zlMT|zmImFgZH`4ZQcTm-iw{OrCNKxrpq&Vm1td8RFFeLd>BeVx$dV_Mq!5YTe?+ag&
z5q=rXuH2G3jsDQRZ-jz}`4>+-_ggYYTGiADCs!^%t5yYW
z5R6?y#TSmRYfD7OC!R>Nr}z0b&H(WVXsEBx*Bwi}Sr@Rj_^%MB3-=4)zlZ=P6X|L&
zNw^Sg((&okr4)4C@1V+nA>5g0^V&z0l)rYD#|OnBYYC0;LQwdjUK0gqivMz7I&2Sb
zh39uPHg)j}CVwJemK89yeT;k`_j5Lp%sbw4&PMO{28EKNfy4#a9}Xq9)&
z{o>eQ((Tk#I&Ru6zi$WEt?Lq4O4b+E6hYTo>^Zbk|8EH+1NZ_2A@_O4uQ||a{6wecpUiuU9yHYGa?lznx%d*7ZdaD3XKORYAVAvBN
zA3O~`SAqqm`7#kA2YT=i&DvnJqOky6>wH%BIJqs)-X9^vPb0bKH+Va#*aqKtQf1xq
z#tsdObiVHLoSwdB57}X&YSl^sUSi-^z-U%?Zr43PoD=%5DFV#!&=@lwmOa%0bKUNN
z#rGRr0w}7O4WCwNxE*_SbVwr7DR{L3cBnpC$?k|^^=lz@mL!y?f;`$&YO3OPvP_j*
zwZR459LOzQAnSpQWuh
Y?-5N_L(;@So5`_rm_YbOOU$bicN
z5<*2150}$Seguma)0pcBa?FJC^S$lbaG=*6yt@Pht`u1C*)UO>Og=(z_2hCGo$^^nyCK(cBoH=>fGI(_Wpi^vIQEN
zpow=GU0qXC@$v2#kuY?hKG@v@9$cTX$h!U{3c0@3+f7o;j%3oiZ8G>{reY~>4pvtq
z22wTZ(gCEl^iELWAmBiIyX%`AbG3X*m`K-#7{_zE)~dAyMNd0OxJIWPx&hvljNu3b
zxQO(F`{n5rG*T&pj6$E$wcsOodV3cEzs7YM{Utk#*q}@6J|S!@0
zslR(CCLn;KoKxCW0LUivP
zftw1to%YU7Js_>V5_8_IQSU}0bNLAohk(oGDa4o{1JWQUu|pwaGg>c7Rxn|-uB*b|
zfy)id7Q)E5U+l(@yXHmc0&drDes1d{#VNPOZ4
z{r*PJ{jo>?xnQBy$^=cQT=nySIWm$*>kF>;&D&cPb?fQn{V3(7Dgjv8su3`~Inj8p
zf@_0~sSPtw-RXmP~>`QhvZ-;X6APw3WonPRj0)tW*|eq
zf5&zMt3qsB~mra|E@yO|Es46CC
zp_&8593VM$6~J`BgaP_+Q+Z6{`Ku=jXOiQSX49YYwR)bGP-}!d?RudZkA3yj^UreYBnS2S{j-P#
z0>VEr>MthCBIjMBZ+$3Gy4h3Kl=Q71YNVJ1iAGn|8c+%hn!WYjKC{`Auv;)|Shh-#
zKU%cMLBe%&i)9K$;tJO=6)OaM3Baj+{QW7PKJ@|m2gt!@D0hCtp3a-MZfz4Aun@uu
z4De<}I+I-RtyOfF6@|7^IVTOIWRejK_0}aT&{R~+d?qr+kh@PnAO^H9czdh?D+eAS
z$+9JryAS{4E=2!PjOjgwe@BX_F2Q8r=AApq#l<0@3PZ&rRb9pRs25OB2-Q`B6_S(U
zpb~~ecpKW)=Nz=5yFN{K+(1!kGBraJ!PH8hC$6;NZjs2$v(2tRaab$m~T
z(#ED{V#@!vIQq89Gu~h{6ecnSi3Fw$-^zk(HIub5I7Vfb3Old&9P}RI3{_s5wqMdN
z{u!S*SB5oK}9dV;|6UR8cU0Ou$oZP+g
z#&!+s!>&VNw=o=c*vs@joO^Sm;*(&;#TLzb3Z3#4i~~d1AZKR}hm2Lxtp55h!o35^
z2x#Dy4H_)k2Yv<`Aj5=>3hsXgbBLS|Hx_^p%DI@=VFjA)Kaw7jrJt|w3ovI<%!bbm
zyi<2A(B?s5VZyq)DS+V$CMLLFULeIL#Ba;#pH~oldbffsgkQ_KU)#_m44kOHZ%q+f
zpb)V|=v(D6x!d+v{%9%T0r1qWD*yboz@a7=-)Qj1Rbj?a8?5kijwrM4Ln>ocv|`ge
zl#sJ1>Cs--wb~^-Hp(9}&U1Cg>npY?Ji#x!qLL$+XNoJhS%jLpe#Qa?(bKo;KBk~(ZV6?@
zAlT?8vZLwJX-$w%{<8eeL`l5I>~TQpD}|H>{$BzDg5Lwa+<*NdRSt)*5MzdX%%Sw%
zZr0PuFp<{H8zC3!0n4?<0LLSb$8XS#T(+5z
zgA!=u{<`FD6kkYVz-*U}QPP{&YLYRKQmFFcIsX#WP%aQacn-&{U4U9as1La1g|Jf@
z+7<-tfryuyk>P{He}EH_%06=I{5qT&6thUT24OBHul59ih#1}vGl2fJKsg7AkqA8l
zssKx9ErKE<{;mc^-}rytv8t7jzJX(P_^R
zbe(X(KsIWG4?aN}#f8k=tE8LAYgockq$osUa
z=aeMU{e{57OyNBY8vD5{8-quf!8Ki$CsM+n&^+()Fnmh5GIO2cb8>I1UOtpR)y#Ib
zw3I40y0O$+rz3j!G846xl~kKY{>EQiQ3!8$m4%V{on0&5-J8JXhln43zAm`CgaR*XAX$J0-%@x3Bz1NU_``QlU$4$
z$`MEN^OJqpI*sq{?hbd<=j+!e0M-YRi-2>k5cK*rFy>)-Ngq%1|2(+hHNy1j>X>Ff
zykKy*0xuI8CeCo3i0Qa*wQd~aJy1
z`6a!j{aS@fAHJ}X)NEVq+~3_vZ0+kDa^zm3z~I-F*?d;
z&wQucPQNLsJ9(K0aLbtQf8{-AMw=(>uM7%G~8-1#4c}X@lg@-uL
zeacHoeoZDCHk?~3#|+Glg?1a<1;Tz|CPUrlQx3`%4^GG3Ud+Rj~@78l^%2##s
zZ!QcN6RY2H6Q56QR|<@S~eVAD=N#r5vXUcN?Sc4jWOtJHdZ0efq063qpdcp)EU
zGES%d%y-i(qsi%|F5RY1m0dn2FH5~BShcDE5Fm~w3;i>SM);E`9DaWOO8d<&&s+CE
zVh(Hp79x;%AuqSQef4FEW%uU7-q9UjE
zs6O|?PD+*dN-F%F4K_TT9_=3;qOUXLwwi2pNQ9QuwZ^O5e59Owus+sT>*|c?yE(1q
zZ$dYv1HzG}U%z$$e(KFt<9Js_|v0#qbHSK(QAv7ZMeAqtoMMh8rP
zyoBx+5E&|vg4=F{M@LHlY@aOrO)$qSwyw`PTFnGV5b#tS2PzBs6({{s!Y-ZaUrLh_
zs@R7+2I-zj^Ct?p-a8V^7L!7S`-Hm(+bi4Y06ef34!u84i2ux9e)@Hz!jsLwt-UCE
zLu-Y6cboo?<-!Khtu>;RIq_E}`p=8Yqu(0gM)bBxt9ykiN-ZQ7Qf3R0{Pm{nAgg0|
z9%b=7ioyNRw4C29al_PYV636|sHNDyKoKrN=33`iTQdKozlG
z0G$iCEGH%=0)s>h4HG~atGt8S1&F8x8tleu$6e*~d|!gET7Ei+^
z5Dwo8GBJ`iY%0?(s}xl^a(2mOmVQRYW7^TQ`EW>k+Vp&9W=Z=!>-Ii(V)@CYvZN
z4;aFsd&R$3kA1IuT&1Cs!VeVR)w{}vST;Z<1@i@Z+!`vGF&udTkGbV{xk^+uDpJr_
z)i(bR7265~`gt2DU}Q!I6&?R)mO^&<{-6pRp)I7u63JMuPyilxf0G9=IPT~Q`xB33
zEedC37K{Mew+mbbqw9%HQgSi^K*E+^CYZ0>mRYDB8eX&882^W0{!I?x00tI$Tf2F7
zC9`>NIkIgIAuTQpHXx^*CKcN@7r;N6l_zNU-VWKCsF)p!AgD-n3g}h7!}hF`^!G9w
zOm7ePD}4ZzA*3vb8;;;m_(NDFD(f6sM_<{JTJixoiqEHFEVe;{Yi5BkQ
z)jOpP)IYq!g4=IAc>n4F?XdzRmA6)%9Fle&l-!FQZNj|X2%l|`>^zwxCA=4Vb)sxr
zm_^Ih-4_qqDgC!=4t)GuY*o8#$7y1?V|b^z=9Z)ree>PVK^A7ZHC+$hyzuG8q3r|H
zsk}o^``4}~dx#E<_HF(L=oR6C{CPRRM*pod7uX%R&VAWR^xZCmVAS${;C0q7{czZN
z4DbRViiyDKxLh1BfsacJ7-ya)7*BCWAFje7NV`-!ckLnYmjZi6!uAL-(~J-tU@ixO
z%406BD45|<9AS8qDK8nxgiLTC3X%$!0
z%n^`^-R!}3&K&3)F2q$SSX9t@&QTDvsb0FMRN>9QBSbD?y4U!J_0Po56=I)Soex#M
zxMUw{lM8&+1F;2<1}{E6NxNY9QhJ5N(Y&MkZ~trV;w%suMNCzqfx>gI+tjRg=|PSM
z`XQBjg5PfYf)(P@iomXjD8Th_LPS$DA+O!I6!={PB!P_|FoB6%eK2Zr9Tk-c%6|Qh
zhMYT^`CKE7I?rg<4q`>fJcv=4AkAk*kjo`%oIqu3FI%j+L1&
zfj~(ISPp~t!+yd4p^_>^`WT>;;W-%AdA@PzJVU7@8%xnr;EM8;e2#Za_KRI|Vdipv
z-JPcoXGiU7sil1$ydX(IzNVHtUOx%%T#mC}6(vaPx1tUR(czkn^JouIMlz9+>?1(V
zZ8x&F
zGg^igSXJNvkXs6HcPxcO*!Pf-CYUp8^1&g0Td3;`LiKt$d}!T}m;x>8l|wWFutog|
zQb&LXkWuw<;PI`r5AQ>lwg^l!vPT!4nB&jTf-1{@2Uj)wh2{t*4Z&Y0T}PyXA%!A{
zIp3i5-2@1TRz|{P%cC({V`WA|u4_E_$R#?Lz2j+Ud*4kQUF{m9P0l42K5)Ep#y3Jm
z+N9X>{6pj%Q_xM+aYMb^Gk8=LH(k$l(D9wUHP>(jH8-)p)_l747w4<&Sf#f#wxDXv
zXIuR4me#yNZu4O2DETi5PgPSZ{z*Cs`ct~;LCQX4W}O5h@b
zLJjF2Ax=Wq16?~TzZ+z*1Wwb4Nva1bhG3?AFKE+{qk$I)Mou$qe*ocY
zRyMapMP`!;%OrE4sfd6bm5Ki(fwU^6U!ep?o&_{@2>0&m=NC+K^5OD)(;eXsQYG-f
z#|ylWmH>^VWMnKDzzTNY`VT|_QmXc7_ReQa5^-JKCjh@9G9Ori2Sbn!KZh24?+Ccf
z@kqo`DoA2=m#&Yj`f@XpDa_+X28jDCz8n*l{{3B4dt+I0sN%eQJ~HM{y!ae^qPGh+LlK*VzQi#p&^ixXo
zpta$KnN@9D0#j;#OP=h_M_oUh=(5x}qce*`*|&>m-q=cB{}~w8--HCnBu2O61-!J^
z(Z3+SmtUN$roI>u1tVlcI`H)?Itt(=uqY5BD4EjW*(+gT5Ene7qeD#q`ntcr--$>@
zB!G0mpL=8a3r()(+0iy=Gudq`I;Ft#3}oDzuvrQpeIqf39WEs_%npl@22fLhTfpqx
z9DLtx%aTqH;p7?ES&@$Z#6SoNh|nA0t_TLLtFQ!S2mT~fpf#ThifKGt@b?mlw_u0AO8J
zT;kBnMnOTr2oB4~2+JV`3RqB4LIM!m$7Cb`jtQ!tdYFm@Z9pQ>*L)e}$6)r4;7tGI
zC)1>goS@l(c~4J-H|Z-bd`k-tg;}fNx<=U8dvp@6`_M1}+bjwy)^N)S+spuPsNR9OM^FS6n@`07C%+4eF8x4C
z^!ratxqIm(JOJ1R`We;+fAjRbj+BiEpG{wP_IRX30A%HNy3XWLLISB;Y9*hIek*wD
z^F79*{{`VEdOyRz8!$!XBbfRy!Q0t^e}m&V&OU;qBua6hER2{rmHW=KiFeK$G~DT_6_i11W55;kNn_`+;~~2!@Kmdaj;a<*&58@BHgON;%LDxH7l1Z#_r_+|
zV9+riWD|fJUsLdLHpS^_suq6-7(sV3!R5t+K0JUX);>CKMS6_W&;p(rLrfa{x)y@>CuF>QG)f
z94<263M-I&)RE02+AML7U29?DpmK8^F=8Q%b6R<3R=G?W=X&rCF{+R*YSu1*Z~laP
z{IYujFte{j?Eb)WkCs?#;O{`F7Pou;{cO~6v>-8u}(Y7fJt&l{FN>yuhYDWAM8#nEh5my&D%i_lZl$Y6CPa
za9JIq6akS&gi|1?0Ow{`8SQ@rSpdJISssAP0F(CQsIVg@AqdHi{3`$n1B_o+R~ONF
zW8b~oo8>JSI$o{BTm@<>_)qzqKQ}(V8;?X7trkGk<8U7#*ns{Lnt8DFM#Q5JM@n>&
zn;3VTVa$^0#(TjVzD{yWpve%4#e;3Yj1T7n=EL;NYw6mc*BBKg^OBKb3?HMy8pH4Kj(AT
z`mdQ$=GgED4`D7Owsy}M^jN%}R5N^h=Bk#4ofK)!sS21yCdV7`g^zcsF+-ec-@giT
z+Dv{!y|t;i#gYd%i3fw$G(@tE*3+;$^i+NEoc9j?s1~tx?%SS}Zd12)yS1uIzk}RY
zhPjcWDc#SNOaEW;kA7VVqVU@PKlz8?P0N|Hv)yi&^Zg+JRW&}R@L&Kp4|4=9Ak%>i
zuX(b!3=~pc^EqubHdLQLLC}HgH}D}JA@m{@7VvPe>iH=&08lx>ine#4FGf%RD6{u%
zNBD+@#{mxNKm^t2hf@K<$=kLgor3!Ml(4%s1w=*&BM2~xtg0&Q2s@>B2qz+lh
zgwo~D9WuZ6K22OUM@IGQb_0?Kfl~>jWk|vW6?$(1*R@!wmPRc84*0dUDoe)&x-k(_
zM^6}(heJVW52rVP5)vABA`ADeR2YjWE@nAa=SeK6NCg{=qLCDtH$o8V9bu_rYkPYm
zSRYw%JgE{6T2rPpl4T9bPP(b|3g@;?xq*~djpLZl*lL^$la&p(Mi`Z+;Ukv73s2#b
zdro>2(l5i;sZ(~|Aer;2G+n(-`PV}JF9k}&2t2=CTFrI1eP=LXRZ{?uX!?Rn@7}AWmy?zs3C_&vFN-MIaO9{pOKR
z5(5w%=l=aBpzk2KYeCIXlKWCZLV_H+uAe^zP^7IXxwtA5z2Dqu1y%uRBL1
zO)2l*cp$@exq9E3uYH^E;Jo>PiHYUVp@B}Hg5+A@CH6bEH}y^Wxg2J+f81=?J*W`?XUiE@O7>L-5owh(QbXSdV|
zeOPj24P@%i#KwzejNQ;5$u$^>EsDG=aixBAi_%eDZ|wU0k2vLRJO4;dmv_NDke`tO
zWrMkXRPdCcWM&QqNPh=-<>2t}7Es*#0Lu*e9?)<9PuDk{{3Y63&bl3J&ovp|$jH>+
zljf-h7Rzz7<`8TWrZp~4!siwLecX*%s@GY8rO*cVq3+uKY0O0%(B99)}h#?Trzc@dx52K?V(60r7I1Rv6
z5wKYU-D3DS;R_&mb?vu}f{H!^kb$NN*#X((X8|~OzCkzX|D-bFa65QfAZZq%Aj&~&
zL@0Qb!E&}K?P-NSSRU+$%8QKa>(-)^s&add$-|v*?0p8y}{k_I`p(iZ3X%+(7ILt!BxJR
zTLtT|^5#?QF#u#ao4PzFgRQo(?n&It;D4XGBH?uw6kQ0Q&tN`Ttvtre#Dpxh($dm`
zGhi_2BA#@Z!$5(8&a-{t>NrL=eC(4Sj0(ZYm14LPxOjA>B$sh@=ZsJo6|B3yi^3K>
zgRQ?jd|4-xmq#XHw9LVh2iNb0Vb^=UVypP{>qfy-ZM7_Q`KPY^rMW{n88xL}WXTUI
zab;eftlF9ew&jcsm{bTpyDd+DweXfF#rs>jRAah@9UaH#jFFEX-MShi8Fsk4jlZ}y
zwRy~k863IGIn`YzG=la@hpgWXyH##v8tW}dZgWi?s(o!8yP}%h!)&%ZLTLr^fiZvC
znw;~3f`(x70<15TOr8Gcv{ZqaA6Yyup7d}3}55YvY9A@J_?LzT|h|qy$+=f}{P*|%J0=vdEPx2Sq!-GMy
z|NW7Wpuz%OBGA=)o9=71nWO9TvEpNnHUCDOps&>q3L5Q7>5I--uZ+jUkcG`AI{2uN
z4fQ}#TE74?AxtSMO3J(U?p+gr8qCj@fPjGHT}`lle-#7uZN`z9w?C_;1A8DUN;7^Yp{py?%2
z3v;_Rbw5X6Zky0ea_L5klw!l36XvX~J>FkA#+hjd|Cp$eM1
zqH(MC=c?d;gmjGH%Xvd3Dq})Q!`V~`r06i7QIFtD<(6}>H%*V>A-S7zRW5zX^9{SI
zNSF)&b@BWC#3H+O<=eM!<8#}+&t3rky+zQAtrcTYPX(%>L`3~cJ}I1L{`{U4RbUqP
zwydvD%&m{=GO7{1izmO5F)k7mihe5WE}v+#+aA-c?5M4W;l$nd)ycniI&DZS6!W@I
zDyhp(``fL}47q#Dg=ulD!AqB$S8AUrzmBZ>eqALVlfLi1StHY5RUVZKyiL9vnTUr?
z$|UnqpEkZ&<*Th;)`KJ-bvseRQ60479{gBz{rsk4(O#W$v@Buh>
z4jKw7u(!HrJj|LoAvFaKalZhha9qhum&$tHZ`T5`BkcS2Oi)QXu9plQt(&`#Q4faz
zunyD@*jbttxIhxDK0g?Pk(MIO`l~=Za8-`J*a%OX8QEihZ0_o%_U;{R%
zHn*6=<@rs%4?aGgaaT4xSj!LO<*L$e55;Ar9U2=SD$dwCk4+2^-t$k+JPdWsuR~Kz
z5K(;jr58)|@Zj)#lkqUV%vx&axZ|>(Dppp1E{b37@I);_&U@CuSS>x|8E^C_dF1Z;
zc#Z-v4U$dW-`^immAC>SinI@anXLDp#;AQ8UEjn1Tn~~yC`VDBJ)=5QdtGZ$Upi)^C;%J=m0HeK`78X#t0P`hR^b
zbVW37G*7M#4=0fMXFqM~w4SRwj#|{(G&QxtC(BrJPh684!rr$Ip+P
znmX&6$-q85;sDT=LNCU@ygu;n>BdQ6$yQ95!2^zDHG$n{p!U6@3Hr}r-H1(fTYUHDf^9+2GcTo^*R-%ZNm2T0b@&_)3DVC$l|BWrg{QCeOfS-13YVUnksPmL(s##1c|D`PlAPATPdD&x$<`qf?)BrxiJJJR
zkS2d<)Wt!$J+tpL0y7f;P(q%>e(>NItQd5FIjGFMyd_X!EJAo#x8!Y*4u!{`xh@qy
zO2@)QAsQMROM*@b#&Iwygv_pwj+fS~d4Ocm(6Ui
z`T3?a-SLLeGwFBk^JKAiQwQiUj%JoLiYfMAs?njkQFva)mJU`%*@$_eH}S3Z!7>2-sK00$#&eX##MdkrFUY#r<|@zxrkU@anGt7
z-!aE89*K_=uE~I!?;+2#pskeOQqS6zHd86fZY!Blc`Ve*_DVYFP4=Gbi)M|%P~+e%t1jNW(-mmRA@Zw4S;;-+!O#Y^v7P)ZynLNyBAKl@
zDR$U6;uS)0?Q4^outR_n^Gx?gKD
z23iE#oBZ$H4ZFuKctQq3#{o
z0$bG7%%~=k4hFGdHc6QV=MnHBbSDCFV+m7sNLp{i<8_EjJVQPKuN=fXci2$%7W`UZ
z5>y{>2N#%P`HIg73KBH5GLG
zZ_*(5ZbG5lPH867IK@hcAe2ZMEx%!w+^6kpJs(F@Mv+cFmf3Ahy=KjV)lD6H*4)k1
zx1CyRbW?(fs}Eg?uW=RgSQ|e`%W(J_W%W&h;@?@sb?VOn&-0T39R>W8Iv}AjM4oXD
z!^)3;(>vfa0f_|VA!s9EKj02bC0g{oX7~EBk!X{(&ITMYLVrT-I0Eh#Mn*OEzaPLI
zowX@2$we>d1oRC`}yJljKTT(@nIim2Y^WZjN`zq&&9-~Mdtyzi2%P*b$
z7X$x_ua_9#n)!ys_O^z*I4F+e=tz#p!!}jgTB@dIOM8mAi)n*-QFlMcIFwxqy@0m`
z-WOb061qis2qTP$Y7|e^;tHs$k)cOWwKLiL{WE=FYioP9(_@
zh(rVG&ezS6LZbeIhIwi!w<}ej9iWqs0XT-SErOyE^bcd}n0h5u6gM)ZekwVkpjhub
z92_*$`lEm8ATK7zLJGz1-uu8zyT@`W=~&k-$TDuFVWaO=TdnU%58+j0(p$-0ywb`(
zCyr!%iRDKDi9x1O+n10~VlV$~N1*ubpn@v2QM6NKA$gdW=H6(TD72aH;Imzus>L8t
z4?~(LQ6(#w;ooWDzX*gHHzp#Y0f3Wzgqr!_jvfOu>7Tw4u_J@%
z2p6c1Cwi1?XI-I+^t$7~UOsoaO7QswsE$yi(wXsH{=Sw8sRCymz#j!%_Z-B
zRj?M*RoB53-0rZ;=JVNaZ@VKq$hB-$-8SpA*NM7ty$w7ojp4GY1(`_WmN;i;j=US`
zzn1-FWgWMFp=xxZh3{!p#!SIQu_qi6DWOFF)?273V&7WdDmPw687IYauhqYnDYHzX
ztT>l7l<9ox*5Uej+QCW3JB)%?Ma&XO3((KgK9JaI(U7h>#y(nJ+&zYv?7%|`0YFq-
zu@(f@fpPi($|KLbBbGZHCX?ag!_e0zbSB6L(*bBdBqYQF;2c!*?}v7uwGdSaNM(_N
zB3})e@k3$()T=Nl0PN!y3_AzGcbO%$Cs{91gX;pW5y#-^TUB?q
zK<`nojT}!u%p$lL{L@AdB%4?%33swC7=L
z6lnt?yuLQ3{`FFjte>d$FtO&Qrv*mA$*pCi=sVvS7^BG;QUB=dj!|-&l{umGdYj5y
zdF|dv_ly2NX_HDH3q8!FK5HCIg?=U)9
z#GX8|AkD`IAj+8rFGMY!l5#{QJW^#(4-BaG#&`v^oIycB4hJI!nLmC!dGzQ}6YB;c
zA^}1Q6yR1ry$B=WwnMCQk;%Ej!m~PlWIPp)0kVzL)9kU-;sLu(C{f(@lF7EAjIo4T
z9443r-?ZnZf?5_%U-OR))G=vgf@m
z8!PZoRKc+9du?<43cX_%(&PHXP@Bl(7c5cWIIFi)4Y=5<8{4tm$ceg
z$Y|{Iz5AhDafJD73l8G5A@_4U=w+Wk5rYV_wVQmfhsswCv)4zhK&TH6&~Tk&-&WgnDs}o~Q*1H&D3dbL`dPS3R?)9mGcq#rY&*bx9yDKzP^K?+yI(MaY=Vl7jm@)UoeOC8%LDVv
zUjUzav`@NUx*{L}xHd?@93FB?M~Cj0_8_^r+Yn{PYg!Tu@7CqTIhY&w3=jVX_1f?D
z_J8B@+CAmHh$jxuZU-}RX<#G;NMI6p=gTiIPAfnt<_L1BIlZ%3WxZpoyE
z>widM?m_l$n{WvU{4nsp
zxQdDYRfrp~Ew}9EgCiF{7zzTTGsOK2A+nKvc5Sr84<>aDU7{&L{sxNl8%wJzE5mi}
z{B=jo^dKuvNlir*`h{i_TsJcP`>NN`8>d0ew*dCsI>0%BIs^yW1Q6Fs!6}WcRVc~I
z3c@rtIGy~p9nujLyvl#REbXxi@O&zuY^t^c3INk1*bJD1BLxs#%AAAEPSc^7Px9*w
z)MwHLMB7IAL}*w3n6JD``~mCPeNg<1puw?gu)T(VHvF{OjD8{8|4rc;LuxygT+RB^
z1(PpNHRP@rJ)&ic@f33vi-{5Moo87yc;$U^zp~oo^I6ED72bApVgNUfsGeA763!O2
z=)dx%w+#S6z)ZE_bHLN1tKJes{A!T>o5XqIqxvPvx9;rPbAZ9~669qq7-)Nxt1tw7
zLw#E)O(cjB<AN2=x#AyjE6>
zfnWRDGG|nhGYTV@&rQ9d<3!2Q(f)m;kB{=dtS+jgQ}9l-vXHFN&7Bm_yvD!vRT;y{
zx}R9I;{zPm_biGmZ;mdmluqnZT;iW8T?B3`l}>I;`=8nJ$F+Taqf{rcvPmrXDF@4o
z6^&EAqzbtWCusBsxErXAfBzIBo$brYXozC6YHFQ;Nq0fT<^VtiBENzv6T^0(viSFJ
zQDhV9Skq4XDd0FNN-@0Cg~8Ynfc(vkd}SarqJ=;-~GefMKl
z?h`$kAZzxfMg_gH&y~uMu&usim64jR=qU&spW&1m3~$4_smaFP;jNhUcQiT;TzCez*nFscVm8#Tzd6Xho(T+
zP?eg~mZJF;49&u5Jt)QMS)TAd*At#jkM3S-T-~4Db^vGjhtJ+g%YeD_o(*Y$_sPkL
z`dHtr4gTjBFmaKsn4=BOVPN)>)@ftgTZ(jBF#8?`a`O0F_b7{%>p(ybn?wjM=J+oV
z7szQ?4g%4k0!pE=@!B#5bPs5=3&4E_q^_+XtyEF7H?9f`*~laLxSequ>*Ed4^2e;j
zxObsu=)3DGMclL06v$}8QHx3@GV}nF2LlD%`jUdLUu-Glf6!=kk9WQ$R=i8MJSUCe
z;7BOb=(PE;NeQbWw0WvaXW%0iH;bsA6{Xe&JMm_2iNm4koA0nD31Tt^0AJY(WmeK&
zz@5R13F|qS`xTbMV9LY+0{pg9P0nD2DxJFH0rYQ;1-kFV$W=Z;oG-J2T=#vBZ0#gUPJpi`mHb^P{Qe{n9Hk!>C;O7(S1gI!R}l
zS2$V^SWY-l-~8qJ{jp6I^;hxvjZ;YmB+QjO(3nIm|IzpbiF5F;l>0LnArJWxCPf%v
zW*FYXX1JU_W9w-kMbS84Q3Ce!D_E-|zA%d5Km!B%oe;YGJN56>6WBaAt}1;tp~0PH
zE{!66P2;j#s9XZoqPd6QtxkiG8X~w`7JwG&B4J?Xs`#bMQLK()WMk*c1ACSmxk*ts
z3Zo{`gtag?YnPu~RIlGqpW0zz*PX1di#@gR4(-d=#@XNG`C8G9O)PD`mT#4^BwNX!
zdWvlJ4(uv$J9k11)fT(srGfN9EIjy+>aj*8Rd!%+v3X4uK+(~CY1sa
z`jE^P%Nvst8I7ph(H$#5V_nKyONP%JH7jkV5_l6NR=GE!!57h^4!qHXtz+6R7|cO$X1nosr;mD
zyqo1wpRK7$GxbWyk_5OA0kQ1!=XNxVI`=I6UvJd~KqbMH>(RY3&q+SJyh+@Vn8mx6
zJzk#>kw_xz&&hfRdbQ-zLL=2IOZaD`X7cfI;Rp8uo@G;4J~Bj;3(AO>!oqf{sg<`%
z)W+_o7z=6gP)myuqMYXv61T0uUl7I9D|qKaiX*b;b8t;!W`p+)?*x8}M*%Yxowh-MUd$Za?mB1IpTAJ_KEz*bV(8
zk2KAXA5XjlXc;042r~d|uCm|M2R}lXdh+@F8TA4tFPT8uPYUD1q_MdhHW};wJrVMz
z8PIqTD%Esdd{Zhg@77b5a|IpxssOyof(ZrHabNNzGDqd52GW?a*h1$<)x2g*kM}!>
zwH}?saAe6+t7Lz7@qtn^wZ1!~nUAfn9jk7vT
z8WAVTZ(^y8|Ja2mETBUbfVKnSgMhpow;MBsN*o0Q`M0o!7`WDD#*UG@c$GJEe8AUJ
z`m6j0B)o9FeCu*uOerPM=9RKVWZtC2z~WBYPlY}c3C_?}iA+@u!tt*A`jk!%w2VuX
zq^p*!T%^`13ttBr8?<#S#%~@FPYA0wm+3ZP@+Y@oF|dD=SePhF6!NG4@AwQRK~QN~
zH33~$wK_cr*8n&7u2i1*G}D!vTWl8-{kIt!vN<4
zXR^HKA0LKp{?5hZto?VLd~DF8JAZ-R4_QEh6iN<%6TLZL?~t>qKG+16%2n1Wemzk(
z-VjeLsP7tbca8BqHKRz%Z@?5kY5R&8aXIB6DtfV?ZUKbeM8s^h(NP(2F+K
zYx%=cb>Rak_IG{qM~}ve&o))o*$5VHl#`y~eXTTJD^k)TNI~24&Y!}N-fTC7=WS!t}3EJ=$}KFQW$Qr3p~QvsytQBzb|zIvsNk3MDV{2H-(
zkVuaR+Ow0t4*@>q<0llIibf5zvb~g}GjW)8bWy4F=M^bq;@F5`w!Qr#?TDoVV1nJ+
zU*Toy|0}!$&7Sh{As(hlwT$VxWuG9O-tekSLn}
z4`_Padmbs7rfGMLleMN`J!E5(V}JAP%V*p?D~rDSCubLWcPS5U*@hySt(HBxN2K-g
z!JGUi0kfBUp6O{g9{^yMO-~JWvPLbqCw2Cr3(ht_B8RrFB133pIDd^|C7ka|#pcM%
z3thg5=NI9v==yikepZj5Q??iE>))X)sxTT`Y>z%Lsr})d>V6NRwp=AY5(06S<0@ZQ
z*1<$DqGCi4Fz_#`2RSj+%?8ymZEBZIsQu+SzICGf2k@h%7%+H6id|^A2e}WE<&8-|
zx6DxuKc)2U2)jG?>7qG;Mf69b^&Bpu$B@q{lgy3th36-3S=)u0FRmTQ7*zXzjFYb=
zugY*;Z2P}zy7G7^^FOW}r9>!U9i^p+nqiIW=O&}fjB+Gv9GgfvR*fS}lcSnUsUeAR
z6t=?B+HvJr<;Y5t-9eLkddV>?Gjd1#KF`?w{(;vF=6Rm)`T2a_hrzWtlky2pi7ioF
zcqy{H^R@Q(i(#VxmZM;%jt?LTM<~pJs)Yq);*CenpZyXg>Wtp6oHjb2SFda8Vg2d#
ziDYSaF`xLWbWm?>va$15l&wNFg}7@3``OuH8n!*OzbPy05y+Gqsvz4jr<+4q4-G@q
zLw7a@&zvQoXw-Qz1;&j(HnQ-;6kMCj;DmZ31i}x>jGJUL)a0P0LKg>G+fPk$iunO^xoi;3MT>om&&v-koIdFznjov!m
zTF`i9ZbbA{>x$chJ+7xuJKNjljKAwSStx4wAvWmOrPD5FIS1PAr7&glmSfIiP_2fA7gFI(iqf*aVM`T_4
zNq|eq|Jq;R8fKQfYK5-%5<5n5w98T*r$*-=Z;@@-kXuyJLOJ<9dX4h?V#vTaaSe=0
zjr{cAaW7#)9%YTO)A#<})5W4uh`h5m$Tz9qS@~b8y(5p<*AGT;L{h#G=86dvKlW@+j85x
zxR+$97sGLe(YC~fl=Ok%zAh1lj<39Nred*jyORH7kH?$co|K!f$@+Zl_oRX31By2#
zM{-Z1;v|-(r1E5>L`!78DoT*!Bs_Lejn<4bMUScD_!2c_MaHg={@gE0{{+QUX7(R1
zWZb?Gld~sH@?Cs}QgiS{&w$XX0Wk-bb5O#d)+9@72P!kFJw;S?Gj~icFi%?qKrIXK7^7jx3g9i26y>
z4)T*SsLCR3UfE_4!!l3;X{49hcbcP|Oex1M-;j8LmG_otHyt1nP}jJZeeWz_Kze
z7&#@(4sCus6+4cM7l^$8l%WPkddSKj+zXiYgDsWF{_|g>clGG8zij~}lXHr1qQVYu
z?ys9)iQd%{j>0hczgNvq-jg{^%r-yT?Iv_?=Aq}md2U|V`#ot-RAPj`$iADtXP>N^
z8j$+{%CxC$Qf|>{{(goCR#yaPWb1PHL))jhBJ&Lg-yxBVY>k@1-N(u$-=Q
ziLRm53^RVcd|G=8kiG#EysPZT`e-!xpry6j;qmwqGQi<#Kn`2`$Pq-*0+L+k^fQqc
z;B27x(2!C}tgA90oceykiO7#%fznGwO|EFi);7sCpWTw_+1c3`%UDhsF}7){dpdHi
z#OGV`z`%e)+l6&X!3z4RQ>NTn;{mx7P~r)Vz*R4({_=8+vwC|SFP0JkNURFaqyIh^
zHa#Zz{^ZJd-grLkXcI~b37N)Nj9ZX50>y|m9)W@|pTIH>fFqvb8Av2-zmF*PD%<2r
zG$8NMQi*^;Me@ii9b}II52f$d
zl*Ap6o*OY$N#Ryn00~3ksMp7rhYquy_V2C)1>$Uc;LlgVvw<;uDr=_~9};TQ>p9!S
zULfh?$JU9atMi-PZdaHwMYk>n(N(xNL>ol}#2{LEq{{-X^&)?`69`O>SnR6+CZaS1
zsTHLG&U7S#aeScd^6}*rM1~u@UgfU?2)-O7tlSAY$3Qp^coXhM)0*GE?_Q8b0o59w
z*l|x!&yvf4XDPYlW%GVI5(KXT0MR621vpkj%NuSHM4T>z#a*tzAQp5zoER8{h5<|(
z6|Y=m%~UgwAqhOyjY3txTyWCl@B#T~)EEL$pp71yQ`P*rA#Z}8#0oeEbvA_mp_kzM
z->}bl;vi83){er787TrOQh18+X{i|*oQtao2?<hd_E~rjY>YMF_*$b2s7F}anGlA%_p3v;c{!8l
z?tUDH+a)R?b)k~z?d@HnmLvk`?!fNnr*`~xB4dsSJ>$ba^wkUjryx!4gt3-UNh!dvFXi2fc1t}8?Q}dXVwlenasqXzmb7D)3|Z%Zr4HLd%!(?
z1m3)$&kK-+z--!87RH~8fdLGXqGIZp3l@t9QS4Sf2ipt8QpWezckB$8847K^weiIX=3*WlKV`5@xq@cEE9VWf5
zK^m$&=mw3!_`%RN9;s@3Du&QwbneX^?tzo21CPaoGQd#|ad?-)L
zqzoQpr)N)?y`AN(Mt#fK&65N;xmH@y8S(I~d-2k={fBO6YNKQzbBBTTn
zP&dZ{&%Pua3(GawSP~E|JqAHFP`HLKa+l43lMsT&v_ri&(P+(HI8F|gG>p(l5)fiM
zKUIJ%@!ZC;>abzFySqDW8nFBxKxY7&j;Jq;^w+#s*8pGxYk2j?PM8@mm$>z1QM_XO
zyz1!k)HnYPJe3p}e;pSl>AFxgw^!I*xgDO)_thsMtgVXbJC9)q=59g7H(5&iqoDpv4&|2K`lUt9BXH&UfSqx0L
z^`iKEH|D|22t3~{J#KDLoZ7}A3)Z&{#14~1^iqz=?HDI0cK&{z(hR6((1GzL*8Ik+
z9eQiNG|*ApX(@B`Uh-wZbXBQ}N!%k;iDop8|FJv=AZlnp({RHp@fO
zjY#d#FH?tgbPJ!>W*xk>lS;iK*0-L*{;(iDy^*v1`HPYQcq6~bCO=;#C-$<&vp-wP
z)$9V8k^uGUxj3C}o(#PQIoU72pN0*|A}_vkd~QkS&Gv|e&2{aMw4$2l&W+yJ?J3Km
zmNozAgBp~|WHFUwOysi}kUC$TSN|(-Zhh3phPan5{cMUDlW5iX#46d6)+#6U;RgbR
z;}WYV{>Dj4tYGc6Hi9Q>7HliZ3Im)NGw;Z;A7Thyp#T5?

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png
new file mode 100644
index 0000000000000000000000000000000000000000..d411f09db89cc88a14dc0442193b770ba8e94c38
GIT binary patch
literal 40626
zcmeFZby!tj+bxWOlyoZ{3W5lzgmeiA0!oLpf^>IxgNUG@v~(-oAt6dPNOyPFcW-~s
z^Pcy6&-2IkUFYAkFShOtYtJ>;Tyx&{xW^cC2fvV$#KydhiG+lN{Y*++0SO7U5DDoT
z2|6nL<~Rmh2>!#cl2W%tLc;lhcwUQP!6AoVqS-x@eTp`ZiGB^^?r-#uCrC&%NYBJY
zl$^e-PdKV68j+)J^Pz~++#i+Unnikw_hNuKIbTDw+`dGEFHh_6d+DIb$FUsB2YLCF
z4i%-uEy|J;vq%cozCPE8@JCtvqUO(#pS_X4v2jsdpgpzp^XHQ-=WYz=B>pYDtU(jb
zpuZ0)zeReOr_MpFi^jM3P+-5U3q`K=rqWFTclp_%PibMbBe<`uP6+`|lDGuvtu5!YDWh
zG7Js#wfO1i=u!hEl2vjC^R>|FQmbCSd80Q`RZ7O8&p<&z@p!zyzrXm+FT*f$ZmPw_
z#e6kUI+uZ%*x1?Q;^uI?dWI}c>I9!W86BZ2!+sg{l8O1f
zn7lkSTirgv`317Z`70zm&kNq6LY>gBKg88E)b(~l6?-aeNjukIU`I+HQ3PIIl0SWF
zQ&H{MuDx26}t{U_`>6X_2$hRD;t~E`Fo1f)6;4z$K+gjk`5{)
zU%q_V>HAgK&^1~2Y}kEg_QrjkDipTbb4-_`m77Q}?!_Fx>Fj=Y*k&(YEHc`8m{i#sr}%jfq_BjD0P>2RIzpXMrWmJr@LG{%Z0^laXS2x
z(o$L?%#?Ix!BIb$hKI%D@Bi~Oe5v?z!N%-Q(Y0#=u1)>@ihGW^MMZezLxpW#-pDhv
zvwa=u40LoRnjxW~I}8p`rd7`2nTj*b)&G*wi{xB%#kt
zLNhUMViq~|ihj+QEI3TW=&paks%^f;QMdiQTktHeE`bR1hTz3Mq1*Q5^Yi0o+~b`<
z>LQ~fi`Ry4nkMT6uyW6fdWm{pzErEUxl?7g(nr^3iZL_8$G%tV*vrC>w=q`wI}$Uz
z_~B!sseBFpgN2=LMYGro!`ZhCC4BF%(pB5!XMS1(*toM?VL_w2m
zGo&u8J2l667>C8iFN9BkjKS-$ek|Oz!w!r8{9styY_jH7U0oesusH6)pR=QlW*E5M
zI(OF(v9Y4eF-?7a1OWj7R(5tjqUZyAvlSUTBNfHP!&6jpiv`Tc9n5gW3bnnR7Dx5A
zSBJ1M{jYCQ@|HO5=FkXHv&6FbK6gN-mkgJp
z&uA$*xz>^5x#_t%-!UXXTn|OdEhen?3?K6Ix-?7)A^9**rNB~Y
z!F>8XF?#VmDT&E@6%7rIc!%w|9;$+1n3o#)Lkz{tJ_i}^rPG}Zm;2)@w#s!pn=5Uv
z8hUz=xVXwX<=8tGcDYD1=jZ3AOS2WN*A`__Q20N|q1b1$8D?o11qTPm99o7J+u4@b
zt?v}+e~S%bqnAq*M~lSS-re;PrV)Pqnqe&NlQ3OWLz;o)`cyeC6(yhGy9iDQ^pVWw
z=H{=zX3ovF+}z&T@!zTas!;Oy_R{4Ensf|-$K^G=&=#h9_Zl0K&-7lu_M3D+<*G7w
zy>!ER`0!y*rlrpE(6&1@u`|h3!K-WD!Z%^|1n3AOef$1xdw5a+57XbuaqETU*-`sU
z^Rew3iIcPQpi@NE>^(*!qmlCRz@()5yN8e1*@edv_?#Bw^w_iC&%Isa@JQ3(7dSuP
zZrWoLmShlhJGVbCwr6n&2%OtvBWaqNs^O{e|GFVN1vYIu_QCceL{5
zHY-$Y%4;g=3bYFtWgQtEy@mt<`p=&~k98iXs0{TGuh2bu
zL>Ls=;&z0XAjb7#`+*C58{o?P26?2O!)*K
zwY<<7dWojrzp-GPT8DL5TcL}(<_5kjst@QdPwmgQCXS|8S5cAP>c|kt>g#&l+Ugp3
zK5Sy4=l$#BgPGQFr~Q?2(%|5Suj=gZ6*Fsba3dqEtgL>-uzaMAk!Td6K@xDiLC5pj
zE2B6uCdOZ@+JTObk6d3s0FhO?9z1X|>Cs(YS<(B^{!;B?f|+6JdBJ0ayp%B6=hO4+
zejhZ;lV1>tKmv5!{F<7aj0B5P>iy4T1?H4HM0B)*R2yS)O{>?!G@dx@qt6!Vw2k*q
ziEwZ2x^B#^-Q3y~RI9VYI9#6${u!M)aI#KJLPR$salOjPdGOdpU0uEQ!064J{81t1
zhXf(B`dDP!ufvzjyJ~m0mq+rJ=Jg!jr;OE}O}bjy+6KPT4iXE*nYoC2#9_DmqK13V
zeR*w-`=mm7?n5k@`B6o#hLN&z_|3Gm)FO)u-rt{g9zbfOvN8T#m@#6|ojAecu+Oyk
z`vU#$-Mjg(n$W~jUeG*ZA@r_wH7%>GtTgs0dC1Q075$y?Jptj&4!UC)WE>YfUMDBr
z;V!GM=@TNZXlNf|VrEWDc_8Q0va#XD-MYoj#UU`3Y)1QW6sVsk&P9^@+^Z
zu5ac7t(Ho=9e@5%z*MIp3B||5^U6%T?e~Pbt97gXDjxMVH+Oa6=#5|cNij6p
z&b6jFCe;nPChgm7un#rHQ91nT0hqj^J_3*LG`&JyT`1!+1VcM
zpXYKCZ4n9V&K)v??~egeRk-ur7~QW*P{m>R|lj&TD70@DJr6%1rBHg
zG&NlpmwcM?xtzPoNkxwT2@g-QsxD1xS}Fp`KC-o)pMPyIp5#flyM7DiSc?2q-S*Ck
z_rkAOBqXi^olNJ$P5Fmh8JB>St>)Wlom^c_c>|S{?HSYzwv=rX3GWt;1w>HtH4YDx
zBK6dJ;+@3W-EDy5aA*14$?ONxy-czbSUClFj^~r|s2FA{glaeZW*1f}uC@W-R
zV@J*W=eWM2DZ<9a>gn~~XgCxN$s)dwG57#r-3W7qnjojRtjrtW`Rwd$PjfeQ<&!5;
zAMT{;TwNj-6@djq1KfyPakrS5n1s=Aagm4>XU#?CM;{@1H8f0;@mcWi@9!roF1$QfMi)GKYPken|Ltu`veSLM_SX-Q7HadM%-BBvfw6tC5<%;WM$dJ~
zj6}o9No*_lC0tv;b@rz>a*^?z1XE0h^cxmd)|RCtwgz&`nuzoBbLsKPq$h+B@ILW5
z;w*M0Ap476OLpV+PLanIaXOAL8IF&R_Wc=sS8wJ09rT;y0njz}*W0=j{7%AzL`*T#
z>yx$Q^paSTUiH+IZhP1ackZh29(D^|_^E#vY?yx*{Vp*vLYACce?Dj?-n8b*iI`w^
zj$@;A7;kzj5O*>uJ9{n1UPaMaH6TFrZuHDaFrn2--_!HM@j}G4Y;Rj(xvV~0pQ_i{
zOVot%gH~e7l%?e5+a#$wpB5$x^yV7L=cyG_q^GC9$Q|TyKmD*MC?I5gU0=UzQ1i;B
zvS!F=;nMWXU`+*!`Y>;imw7W%iMeI@C4E$Ue8|b(qTX`97#;};;i
z6&rnZ3b#2>AoSBG+o0elflI9sh|4N=J9*eCkiWL~k`xf)?E5Oo*UZYya<`PnEHX5?kY1gLhrJSRUhy&SZmr&r<1oj>Lg8><3g6Q!V~
zMQ^eCQIUb`rwrEXNTcfNYNZc}khWV=TRt71?~PO&amyv~rjIhx(^CTKZ2kI-4K8=8
zVPm|!Snp!YB&}FRM&{k;=un4^G2`1sRr(zF@3SHyJq_7y{i>!K2Df-R=A-tHam%`h
z=D^E>p|Tw5Y$g4xOLwOG_r1DnsVg2md-unILS5sIu
zm#v?Jo;c#%I2z+qz869Sfx+wZXV+5WM3n2-#^T~rrCy>`zKZzrh2p+W8PU$pFo*rv
z+OgT>^^tN%FV{evW8K3*c6RoLtX_j6tKN@A`S0yao?mEH+T4O#6`zQxFF7jUpIS4^
z91k4@9TQW6+tTt2-x2Ny={M1HUIPP4vR@QvSsp3&HhpLSNjX~y
zQzvQjopgHq@RsGciZXsEg^&l9W$nq`>*p8jOUKLlqH{Xd6Y;s$OFtLdV`xXMfmlX29I%&U?(}xt+ctdgL0BrP*ZuYQsl`8tFbS
z+A9Ksg0h&!kdb-#p3E8AJPZk$Z*TwYC5&XZcldz1(#>)x92kp|N9JgzrsPD##52P>
z9sy9?*)Dp7l~0{e>+9=7HCwQI*p#g}Qeutla^tYo2cUIdU(V2!oA>TZNx*(FhBa9*
z!-VDKaYsiNHtOjEarF+4a;Fy-{JTjXwE8XSctu3uWYlqC*PiYBr^gTr>Qs;!v_|AQ
zXa7j#`1q9TZLm)n*&KKEV1I!Y9}qSv$whcJl@u}`-F$zkKA2ld8rJ>U
z_Xd$*$}C2&8yS)AV=V_iGLkd(u!`g-#{iJKy{;hes|s*^ICH_nlvCrdIRYGtyhby}cqHF4YJZaCI}&+!hA-7&h4&uR0oT$ZlHCuzoiWYT-zNijh6mA!x2
z*Qap4-E8vbd0nvm+OXbShAjJIc0Yw|aU~@p!INVHEcZqA^$SyKm*W$?8B!e@R@VHk
zQ?wUr-xZ>2WMpMq{BM#L>CN4(5pZ`&e`vokMqGb+$d{LwhaiQDtmp2cprSTSPEz&u
zzKpNDlK;XJVKGrNv$?5lM9H}{nxBtjF;O)*?UKjL%#3Nfdo<$IUd4elHfdk9Cvu!H-Zy?H?K8Ty!_pS8_}yoJ5$U1m<*Z1NuXhR^+%gbx%I2a=O`gBnBGAGEWXXJhF
ze6i#5{P&X*%PFdxb!zBP|BMuQXeEU2zJE`Ur*p;^K`G$#EIPBHCEYC{Gc|S0HD!YB
z!2=Sg<3!F5H#iK}dC>huKM;LP{#vq-nZfypJ1{%$*6WA2Y;0}befSguSXg`vp7qBv&QKRD2%;Xp#U
zz8uoR{`heo*Pw>jT46~EQKtM;1lHp!D?8Yn`r#VJK3B?8V=-ao}!upE{T%j+%06q~k-@5jfI6zm?jB+##3|}=Y
zN1?8s+v_IP-T%Zf;yF!oSJngn&Yg5ze(lq=ET8g^ge&9z2K
zLY076{TZ^KQ9V69fBZNn$4&qGRhT)v72?MlW$g)#!N}=q@dH#;RA6x5MeSIQi=-Cf
z=DX5Y#7N&M(5}Vgs}5kbk`ou-*GauY)YLnAYh`5xG093Rc+|#68k(92HYxdOWIoWc
z@R37CoLQg8f>7T6n%in&_sw&+%NsnrPa6CCZ$iaNe|M4M+qZ8tP~F#xp@oq>!30K#
z?D1Q?^K%m&-t3h6VJIr6=Yt8CXO<#&2onPn5-4FV_~qu3GrZqD^m-wKE{5!DVs4Z?
zv!ew37Ze0=q>g1~OWEzY^0yxoOowN!&X28Y_PVY*TuV-mb(edLtj>Q}GyUqA-r9;}
z`N&2O6at{Kpje6K?kU^=35l49=%l2`TGt~Wm6KXZj0>B4d+|j?8ka|k3A+*ne8a-9
zYIYVii@tvstM|C*DfIOG!ed>dfy?6P=r}SyJ~!(hisY56S}2;XkRn5fOop`FpUH-b
zO9heNDC{=pZJ<6KH~)x0we7Gz;%z20%i0kc5AwVS9M|J-^k;Sa4Ap2?nddq
zHVgZx<8dP*A_7j=3?SlNe7r_Bns&9r#`fu&Wil|Vh}y`YHLN8)lr$<#PV1If`c)_!ooOor-fyGb$}^&_>cf1h^~c&_F6H@bygl;-r1IWiZpoWkT4%0
z@DQ-b7%VI-VYeQUFvnmnb+-+uU)c+=oH#opA-M;mbceeZwBGn_Z)d0b_ALlA*Y@{+
zus`Gqh>0OSMY}=E{16k4Z2$Sw`!R2o$j^=p!Rjh~>je9rcP<0@-*~j1JwtFPH!Qa{
zKRsNy181j$i?@{bM8jv4r@P02KRHpI2Gqw*hem0t9aa
z+%=SKv;@KI`*B7HT?uM9AZr0mSPYHb6cu}}mo
z2$9sQt)n!k#93GdQq~hq;%Lm9SfI#e^Yb_#6#4$UqHl+{1?(O@xn)^@fSU2#
z!-cqmlcy)PM_-wMaumcK>*49>_(Q_O;p=ZFA
z>e56t^t7V`kt?h1n45Co$jC_yyyo`7LGBQ0wno|FpWH=$#(_iS64lQHXi5j&LRU1j
zv{c^>J0)~=X}%;RK%%uGVj;q|5LyMMjAzJP(5*Jp1nEpd(Q?9w{&*`fdf
zV!=$t!p7EvIn5?7@8o1RV7FThwb<_79ta*qn+7Xu1|vm!+xz=&(>n_7Ue}g;n+wO3
zs;`Tj*az9S;9-{PnVDg^2a78n{`$y`vIcLsP)iJW;fl&iF;!L4f(Hc<
zV8sB%D<~*TLrue)f_LxU!kVc^sZ-S5fzA&{mOvldKf1?j)qP3%6vz|*4B0(7gN;EjtDZm
z4}jq`&@6Qg3>4>-%(1PnO8AaGvOZ$D>Db@5J&~h)Y%!Q4z4em$iuGe$W!&P`N1*q9
z1QU)N4eNlABB8H;uyTck9jbUHII(o3J!h-3XFbf_EJYj$7-Hu_T#E9qZ>$o
zlxd>Kl2b0t*8|03KLvgJ_Hce_iJM71?!$+HuSVrrSy^4Y6*}ezBak(u&+Y-awKv3S
zceJT}kJiA#qTtrTG87e%#DQ-h;;*g2V+|kL|6YX#c^*$?Z}gA|IR7!lK#t+
zxO%X9*g1^Rl4p`4$118~kNkAX%%Ax-Q-O1Il@Q6%Y9QzJQ
zXfJSCnRImTAg&k~5WY1w7J0dEX&^gseX5z*%-p=Uu^AaM@k=EozrzhmxS0Xvnf1tu
zii({cqUI@!mKJ~{GguX)kg`9io_f$lp)W3y1cldzG&PBmk(1Li@{t3vY;`}TfA!y9
z02>>hL^a&9vN9&7c1d;hTXuGKk8NKK4>YC#wgSCV%);V#8!!63?O>&?5zIs>M9)z3t>oVs)^$K
zHLv^xN|Fbs3bt%^CM(8;cZgCIm%7l$%dqhoNkBBA!W<&8#=S@iG+HgVR&``nHscE>m5Z7Y}T?X{@veT@1
z=*jj|O6Ic0mYHAwh^ncPbtUixYI0j5q!(XQ+=6`%SR%5{PwDXO?8FE4Loy)AN&rlR
zne6v6O=50;MR9qoRI}8c;99a`X4fZ9Q?5GAQcM;xRsHpm;!mezrT_yUay=ZfLo!Au
zCnrawc0`f@dJj^>tN^PY)O3@I^!_)*j(fKH7qRbl)^$>Kpa6KAwD1lxVgJF^!65yS&zqk
zYWV$!f}6lXI9o|YnxL|xssVyPD2bU97CF^X**(;J&#X
z9B?D}OCWxV%vK2QU+%K-JbBX8Ie~3ivtyWk#y}Ffmggxc*~Xg`lVM|L=T~TnE1oD2
z3Ki!5<^&oS7Zy>W{F^O-A6RF0=$DyFQWmEYox}l@Jy@w$L
zCfjwF!yl*irudYU;d#HG%WgHdx=B#Qo(fW9BgA$mCnp3=jDdks^u4@|G0AQ0D;1`=
z_|dQK?zUF!wcbiwBeL7KQ(kBXO;kIi*7_ownQtVgrC~o(eDsBv_!_sPBU4BSD5tfu
zf>R(3S~1gIpQy6;Ei1!$A02IVs)XX>BSzCZ90Y-$X50Ra%g8%IZ<
z?or0X#d({1UV5i=OoZMvn-d!S0y^#hkUteGPjt_4Tq17l5dpJ*EVR_jPxWhk{wrK7;
z2^y2pa!h_7RaHR_z6tEAzjm#Qh_;d+tSpp3EU#L3S2Ya{{a=f+@%Rp)OXVH>x$ccb
zON(r^({uyD^PKK)go1hkK!*w_*#Lk48{kV&Pkdcn{%#{a$+KxYieArHFLlz3Ei$bfs23|ZIO)=vsdLCbv)^luhZ-5F2#cNOmo|S?-+75hc)4}RU6md-YyJN$RQ&G@h)6?
z6C7F>q$_JO)9bT7b8Qh#0|P{hh6@~#;yToF5pqF6JQ%>;si}YLw$n2;MPo5FU7xHZ
z><*{K1?J~RORVGJ&E-+T1YXD1GNG%6#EI(ZC2B9vuf5>d$z7RNiis)ZM8&4^K``H+
z3+u$Ml4;(qEl;E+MW$nq#?qbnVv>hRprjptj7Tv9BNeByLVBS^!1a|({F%uFg>kHA>e}27D+88
z+?~kD^$8nTLh&iaBKtL!^W!;ODQW2@Aj?oWKwc-L)X7hnB~p{M*8`oW>8@+8w`!h5$hZVsGR%1-~{{4HX
zbahQs1YMp(Vc0E%)D}tE9Mv57666BV)7D47lixYYsL#s3Tys^qZ6~Xt0eUek{bs1G
z-o?hE!U#1?*5Z?tVF%(|gipVFhkA!Q{&bz|E6!?eTMn=+r-$y>Gv%I659@e}C@2uf
z0Ru^`;u#6pFJ3!)qS`S~A-ySLV;mwSsciSpRu75W8s(k6AG#&Y7rp_ZAS{do^+{X>
zT`EZmSRa9pIzMSs$y2K%GW9$o25qH{+_DavkdRP{0hLU^;l8wt%uc7O&g}e8LXh37
ze=a?GM>c)9L3F-9hpSfXb}xcLFpO3nx264M8kigq)~-pnHS^bouV`S=TATm#-X=frZj!0JP6Ok)GsRGXdiN+9?c{N&cr>)zBNd+fw+XR5x3i3HlsY;z?wEe`{VQTLbDj-CY`n`8FV{T1J%
z$t$Fd&G4e{WyOtGlkT{{Q675?mLIz{^25Lh%gEdu8X7{!!9nQ4$2)CL+a%DdzW{?2td!xhO1hr-FWhe
z?8Ao-4ILeriQ3x7m(|K3Pi5J=)Pf%Xy9b5I-Sr!1<#MW_NJkM5&WY42*0LVsS_BEp+Mi{=NQl&m~XvTkLp{0pX`PAhMzTr2!r>v47;^
z@79P7y&jTS#>CSjT%TZTXY!@Kme9ej{&!BRfY0sh?e&b6k3Q`Gb*K!tE@v@;r9nhf
zlRSaXv9)@uQ{2j`=q?iiMrJ0t2gIbXurIXSdy)NNdvlVqKeImVNq}TqMEv^K$VmC{
zB`E3<#2pa%AU~jP~7KP}LCu+an?$UkW-E^$Ak)Irv0c;?|tBlDBttwPy9E
zfu)p<`&80ZjGi96!#GoJ7o3+zU3Pv2=OhqS0z*StfJuAz4o_!o-vt0JLZ-IfWdK9L
z{`Ow;mrCkJFn;)M$=dJyicczj+bjAhE>3UVw%a%(A~*k%d^c~P4OAC{Bv+g%Xi*`X
zXzKpGt=bVV2!HzgSq!RNPN{;NC*2nA2qG|#85W((=_z9JL9DrrXbZ?YCyPHkolBhn
z*gOQzi=6lF-q)-X{a#y~6a|ucx$NMFZZ!Pf=G4s0z>nG<>0R!;j+;J~vG;RJ%zuw8
zJ-+gsnPp?CU0hl4*YVU*ohu&W+lH|r!*t=k5>)2+rN1`+~losLd>b*;K0qR7{GKc+9Re8Ckj={yXhN2mIcC+Ik
zjVVo?N^ETGofFc~ReqtKa|E998;eLk8uJ7xa(TE==!jKpI9kuwi-~N$-a~px%NjM`XZL-
zaT}ghW2O#=hicm`O}tY&I{d^$6h6t*?_7S34;i?5Yvfyu@jLIUfll9$ndEWZmCqF-
zMM9fCgN())MJCAa=$8}|8Tz*Fx
znkYTg<}H0^>u{67t+(Cks0dw0sPBmqu*}8VCQfV^C8^+0;jh*
z&1nP#m6(b9`ud7IE_h$@cv69n$!(rc6-vlw&z>ExWG1~((a2Fp4*9!bVYy!VAC6w=
za-SZOQGfEv!C2M#xf?)kvbEv-r&8@+CZVB((0XrLBn#b@B-qMkHp(acK+QY3Nz%~Y
z|GhMHzzkCJr_)uI?Y+IWnvjW_7<@O$a!GpRj)fDpxDvd>g=
zx;lU=UpTA+9#h240xF5!c{h|yNUzC&``dd&*Lcin5Z8n+AOWv3vEdHFJ(Q&W*DJ(3
zc%*Xq{)F)VzaA!!KGpoMcmMZ*e~-oghk+6U8Ff5g3-#|u01l?Hnr+aPFtF!?@?lm=)&CG#!
z0PHZjpp?VLg?HfD0=jmwTL+1dFdFsa$(An~!i8jHw1iqO30ooZWInD=bPx0s>f73O
z*4x_HKt$E3;k9Q5DF{jUZnWOsqU`!iKph9TnlIPWcTS3F2pxQF0T^_l|=z|{lgIXie2
zBwjt+%X*!eA{{$a8~p-Jw9tr#y=>6TB-mB>zwL>#H;tMf>|9gb8Qt?;o7mdxMC-ki
zY_pp~caQF3=~cqk!NEa(Y|nKhP~`jq3e3cfKR;l6fK%=3vpTUg8qKKZuCtpXh`V-s
z;N+zJ^Ao~!qwb-~q{cjT_E$9(eO$rfKA_ZqK$!hOx7uok|J%bypI>F<{45Ggd0utn
zjikyzZM4*Ntw%=aTQb^z=Qh5;bJ#Hidzqq&63~$lc5S75DQWa38>u}8U-L?cuCreA
z6TPfWja5{5g+&>Ke%(8{G*mPa1DG|yiOZ`Yn$=7L!uh=B$3
z>VKVzFhF2T0Oa)Ik+kV*ZlNyx0xA=LAcmc1P0fxC!?Mo!|tA
za~}ijSm6IHWA^T>5d3*)(TuV_h4PNilPYnP~Gh{y?
zqJB`&Sb%S!{LEgVit3qV|IkFf)?=67Od-VWon00i`aK4Bg@j1K`dAt&5*hb9%nroV
zG6#-jj#P#0ch=nb@ayoN94$JKv?76|HqGeET^%VlP{Y5C35959Q{`O*e+*|KHJ`(Nirh<8T3+7U^%sYx>E^zus?_;qFy+H2I0?XTlp9A-
zEUIKjgfLEkKO!h5C8fgc#3nqgmkPyMk9MrGdafNDApnq`KYwnuKJpUfa5H?5g98c4
zU)0;)bl7Aw4loC-zaH4IL&0l@9*9E?bxN>diI&*Jvub4UI7nSR34~^kPnMFlm&({*
z)w$gQi;PK3uO>0vPmik$?#@#Gz^#U=Qd5L77$0Q<1ZNPBGXY|Q1K1Z+U<(&;M)@j+
ze`B$UCMqhLzOI#Sx_QVfLEfv{x)^EkNES*;{QW!chaR8`82)fM#WTUstR@3r2K&QV
z+o!Bhrz45Y1+ejn=NBqVY7ZLCXGMi;w5=+MBlLD<)>~z8hY_>tU{Lklmk)pXTFl;o
z^POgPz!-Xuwj#8I=s6h~nbH`P6=;rqo5?!$mqq?&1O1`oI{A3s$_C)w3r5J#-9=-ao%uV<*NsG!z+eB5>ke
z*H>3DZ_4~4sjkb&axo`fAPQ}&EFS;p$
zjyrV?O%e@pjZm_J15c=DPhhjkVI!dPGq=b~CD<_*X!5fKw&m!yhB>m_F@ojDzph_~
zF;P=%efawpP_^seS+atc2rd6#8$o;1geS&sB)7>K8{dB+EiXT>m#>KQU!e{m2O;c-@QJn<7F8PKW?R0{7X6ytj@4hR~siwQH?ZA_Bhz@SqqH{@#JgZJN@G(dA*jzWqx)Kt6I7rX|6
z1wm;AS#PX6Sxk&y?XC9GzsUVO6|=TGI(Pi`PlL*PHY%*HAGU@S%d`O6kizQ(5Rpg9w5EB2~#!CO^^UEr9
zENs2~PVN^|<#*L&{f35c=g-ak%eHKLzFFnEGN#~^mIh4EkqX>!%XjEcxOp@~cwSl+^cc+gTQoqjnz$PAe9P1<>^c+zVvIStCrfU&_qI
zt431EkxTt^wF9Ue_D@-5p|IoS<;~Z^a{0ZyvQqAVzs&La?c0H|r^#($!pSW!RU^sr
zhaMpP0|oGv+nyn3r^AkCQEj!Jv6kev=P#ou?zFW0{XFOfBI!#1$o5XX8}|nwW=b=uDpdT{oW~GAY0Nh?XAmlf~o-F^qYdZ$IikaSgxp>8rgE4YL3J
zZs1D(3z+nJcKF=535+uQu$zxP1}C!eI3rLrb8V55pdh7b=XM8RlNSLBL*4i_KwSD5
z2;F5FEDgkJ?fp+-vYE4xO5pi_H7{ytco!A>HVP>zDU_G+0|jhaD+7>nx46v5P;g;~
z$^r%g*5B4~eZgZ)Q~J2T`6=%8e|7nP4)_%YloZW3*=oFk2^mew1eQ^hY}@y2IGW
WORj>@~Ep?|!MpALsQIV1c;tC!kQM+y5()fDtZ!f?#
z=%U}+aG}9iiE;by-#=hXwtq4vCCeuXe&RB}4VIP1g~~OT8xw#ANlaSGHbitf6Qf^88TvnEI9JB?4-$_E$jPi*;RtIxwNkTab-xwOs!rtfR
zSXNEgU0-ZDB?z=r3UJr)*%+#@hdE!fT(D=29=eiRHTZay88j3)1^jSZ{1FCxmRZws+5DmZ!qb_zQ;Zjp41v=lly7gbT%|Kp9hZ?~e3%NQ{QN3|5^gK^|
zcK7w&o8B0D&w@Es=jvQBed5H*QKYO7k@sVEL`h&nyCKXHIKN-
zs4i)IX^--VLsiG!zWi!8rKaW;y<`Nx$%QUE*}(6(M{mB5+U>NEnhqCeVWRpn#!$l7
zJ!EdGC8!Q-IVOCOTjHRm#zGzJ>9P95Ed=>XC7MxwbN9SU2-ya6ZGfZZIvkGlgFmxB
z`@;t!^O2&)oD~wsHo5E+#E3}DP#3T&)ET-pyg-S;EBO2Ny$La
z?gxj4GQdHO-A?w_`XO0*cIDH^Zk?~Ln>B;0OhL5y`S~X1#<48-MiK8Cb%m`DdG745
z7}yj2cz1frd#CdK>&VdWyqNmpOam#Wr>75)@7GTig5M`!t(eYje5}+|8Ez~{64LLf
zT$X8}7r)jHOuD{2iRW`HU@)GnajrVstZrs31cqM;jwH9J5P>Zb9lw7ofwK=qM{ixv
z=>}X1jUjuDz7sJ^e7xrVF*V6*V$$<+II9#*PnNKlZ{LaK4J@VVsZ1wH9|Z*-JyIA&L9ZI>=!w^7d>@fUpyuaML>r$(=iHqtR|HL+fpQ`(1H!BNEKe)~o
zj?V5pql#Sm6p4&zn?|K*j#|Rh+*~=ixN(&%hywipy*;qmqV34lGfR-$2M6%ty;p?NtJ|7$*MwpWfpz
z=jas;4UycqO`ad&P1a9@l~w6KLmW2vLN)UcCqR{5PEu0p01a1-5_tkIYDSp`?;V5e
z7oL~z9~=HAOV7y2$;pxKOSv`(TNe(-r!Eh(mMs2MyaZ2IM^{&bxY9o-LFFyfWrt^g
zc&3ay!6~%G5zxg#7T%S+Oc*s2)4kN+=&KbuKR7t}b7}9{``8CsIbdCQ^ZK=&bJ*0@
zaFhQ{d)TK(b!6(wpJ-4(i}H7H;yJ2(dMR)MUp@PY7!hk;E$QXvZOm5bXU}2;BH$9l
zmX!B{+qaonSY%+|qO!AdB||p!cB^JDg5f7jx&92R!(dhcuar=
zFJJw;#M)54A{gwP+5TRF7rKElO_;m4h0Iayg!v!4s+
zW)>6#^HBQfXt&4R%>L1ZCsdJ=fXO?$yM-2qUzM4~kvw>n1)(A>@$5|wGmDb4dL!rX
zE8EV0|3hwt-5_qK-KYystbaY<+G#(f)?^|&5yC#Z@aRkw(A2p)9phB;?=={y|m4pVqUxe41ZoF9i8sg1||Z_7VZRY%f!}5YQ*w~P)P4q-8L7+
zKukj7;Ow?kv=${v6*ayw1VF~_7i&2aADeiV0WdLvU&2;E;o%P0Ofi(=Htgq
z30Eo&!lh^KA&v}I3a9}&lckC)w{F?+5ahvt^iEC|2vj>V+b$ccNH$`8du>kh_k_oo
z99(w(2NV$~mG9r@!QzTuw!7CQ$A%vk^CiBcUX}gBgoUE?)Z<)(Wb%Kdh8|?Zr2cmw
zd48g$^*R%~(+xQz0v-~Q90lK{-eXuuhy{gs!s}Gre+MGE{~t@aVNCdMi!OA~3Sw#g
z#}*Nx?RJ7HJMzDt@VYm!)cfxz_l5t{aALvtK*3`<7_Oo5-`4^E{~hap4RtbO>K-O)
z+8(B1@;^_Bv_0li_J1HiGMc{K4Y=wXk9z)j{v81|a&$zq!ni;BgduFOeDeP1`8R~X
zqDTDED=`RSO4$GWR)44V&+_dZ+Jse9C4$<#*-uMO57O+wHe
z+4zsM>)*qX0U2N5>U__pdScO?@IMW?De_-zu|kCv>I*B;UNu5LL{VpE6D<6
ztbdXWgeFkl@-q`%q(RluqN=x=Y1+QfE*wrBfN|@Z+sT5BZokX{Epbn|?Y*q`q&PY2
z22e+gg<73g5pHnDk?;i0J?i0G7E1M7FabH1{c;D8sk}_aSc*s#
z#{C(_m**!CH8cPPwnk8rXSZkMKze-75`2vWixAU3tFA8bnhFsDH3T_(3%KqN?XTpx
zY;Zp7^RjdkQy+ds{|vffvU@U6VwvQ_$%(l+nl@eMZc>o1tb1f}!(mG>WeY#)1A~!7
zfP$^fX>d4z)sDyuA)sTI+QpqlsnEJ#|a4s8Chiu8hsZic#2%FXkfmU-`6OS
zf|xdAS~#3LjC19js>n{J}KW*}nbXC6tT?B^eEp-7rE%
zL)>JK+g2gj^R`EmqR5SuEqjx_Nyy43WbeJ*w*PUd-|zjs&-1+R|Nr;Vlki;keVx~N
zp2zq5J-)|rng*$)YMybeZ^!7QAW#R#Z9AiC+MR_ie;_9lcl}`6LDVs_UuL-a7?4Apukw
zH(}24!n?*|v68Z~fW=Vfst&!l#i91)F4SAJST_pUwe3KrdTGPCwxOXNcKtT!F;kKT
zb*2E8AvpTz=~ck0-(T^_hWJQfd3Oh@AbYZAD^D|_=j5YoHa?3@xvh0EZ}Vv0asSSv
z_x*@a&gek-f@l)QF*$ML=}4asA9UUNx)axif7uoF2#Qe5^~8x{S0h^=wzrcgVchgf
z?&cQOiB7BD;lwZ?2RNeQv{
z*4FLc?N)Me$L6W7*)O~HNKN!$j<{?k&Yv;(xF%E*9~HxNvuN{+4>IYNw%SMV#(Uxn
zE|Z=2;rGy=K3S2S`5aweuj@KT!!5z9!iPc~>(~hNKvoqj7jEMY_SxRT&M8&Y)5~M{
zt!#_IKS&!mX;P)vX*NDSOv`u@5mQ1|mJ$$KT=cx#-WHA#CX@b-DR<;D$^QQP^LDk-
z76IxUNp?r)^sL~#KmL;eBYNkDfD|FU&#$O^Y9aONk!x!UhACV-KQqPYI5>1RR!uA|
zt;lKPqbu&D43ia{Xu07{ac=1^45OD5{iVy~6!UeJaUV-iDU8g`F&Y}d&>(>O+za7v
zVG)^WBTBnp)Bhv#Mm;(}a)^fN$rCw&y_BcVjPP5O^AZEmZ*SeC_W_OAM}P-p%0%PT
z{CnW{EEx6{!oCU<*Vyk#dR&s=v*
z*<7#DuVRgNf_C(q+Y7VcG(O^zVjp+?WAEWhb6u13ef%0x~b@$CS?2))o|
zp3meH(;erJ*|4rXJk$ppDf&A*e#RH1Xej4mr!7lWoE2~i%XtpzoqOIl=X8U%U3rw0
zUlFUnE3{28o9
zvAbz*DS6-Sdif3NF&6Yn+7t%tuBI{IuM&%F+$9sVjd$(g<(d1HuxZ*uu7y!aME=>?
zk@&cRsNLk}x#ES}f#Yi;&zzVwdKrNcD4j{9E`Mrl=>}Uz4U;SzE8doAyX6)=oRct{QPwx9TOa
ze59O&b{YnlhCHYdnw-drTK#rX_9d|%ZH>_!qSq}=;$a~
zVZ9S9-zl2;EuMKOlo#EC<7$;Z%aVCFW0widMij&3^J@C2>BG3_==%E*(~JhhPGj?n
zvm~Zi;i9Fj9b7bw<>h0C<5N>*VAC4hg7iG1ZoqdXa3I+P0A+z(
zNMc09Kz!QxqW#K5l#kKkP$fjlclBN<)ZKbwAE8*gxqNXPvc1%WIo!MBy|{H?LCkwZ
zPd~)1SZHkBvMpT!0_lVu={uAce$9Y|oz<3~!iN)o@^#`y
z<+TMOz*wwDKkrsuQ?t{ne|o2))XA~u(z3CP7qXze2s*mHY0K(7HExVQ;KBkcN?J6qJSS
z&Wemaxo&scz-4wSDaHGhc4A6~{FcbB>a!^$o(*TCwXJqdjU*)S!&f8A2?@)X@cHNx
z59)@IT;Tl7oCbQ0KWHoTO8J_cAm7xEFTXNRijSAOb?X_g$%gFC7&9T+GYADez)%x(q~=YgO+A2dnuY
zReY&*FTT9PmmqCyXNxL1K|ZrTtt?E4WUePS;@!=vXT`AKwzMh0QUkeTEi?~44Mf7ob#_9K0=X?LN%LiebMjEfAor$g{5Fd*6oqStN7M9
zH@DTvejS0~wVHouqR
zYKOmlo!TyUk%wP8fcl2e=f6^D*}EQ?(6~fzn+h^MsNt004VH$|t(KumuTk4VWUT{j
zVG$D2!f`+RddT5s7-w8E)B`JPY9_C&*Z|2{i$?PUrM-6rZ#d6R5P&B87{7nZ-?3us*afnS5Y8l=-Yk+X2y;
zHyPN#bo#$8?a!g0e>;D|yX_dK>}@m#2$+1lWZre55JEm)Fz>1Wq(v4E=tEt#4APitzMH54cp3oMp1*Ew1tf&q3wnCq`z?!^@{9
z=|Oiq_P6(oP~;n7ZhcN^-3JfoYdLYeU>lJ7IW**d)hq;NU~9b7ywKbgV|=1=cd=0b
zBMSr*o{eE2H4#EovpYWM>)+HgBmq!2yEQJdI{8@)7wzS`=j7FjY995fU`KZsn)QxX
zB=Z>CJg7Tm>bit}7sB5nP
zI8VaOiwLZjs7d2v^1Be(7{s}$C+4}JPD_9!Ur_J@fB+w&x2VQumuT-5%?qPj2qC)I
z2i6VU6*ZyRYg5EUH!P1&L(DrBcK{WF%uvnw{2lj-+Hn!U5
z9rrIbR?KhRrlc74)^eD8=z|9GK9l#qCKdt6T8!;6RjG!HUH-FNev84N?C65p^KZ__
zE}x4{65gKQ`>?W+a11q;KfnhemPyR1BelJw(hIrM8wZe4gRA^ivwF(ZQ6G{Z=TvC5
zx6?mL&r>^fL$qG-3&u=K-WR3}EFM$|i4?&{S6kOsTVhD5J6slNxRl|I;7*G%g=UkIVFO(#SYeLfw#zL(%
zU7Wp`MG_G{xc>?x(86+9)C2h^Uaf=gAcodiuOl6`y$bvlx75b*YPb^2&b!O
z`4w3B`6cTbl&2O3r<|(JND40BXNr!!$4-nY+6&)HDDWgf(AhX8l^PxK1lFCB^77W^
zwDLx0=~QUpe1|eu(E}_as?74rZ<+nC672exB(>K*-L1XQ?m>)k*qh&DG5mh4qSRH~
zIEmbK?bDR-juNrRjuK#!?p)X6wG0AQt@AEG#i
zdV4ZHwF96ej&XEv7Y|df%(T=bXIwo64KL=AN-EbyxjQ3bnavOX_WtoYPEHCveX3FJYl1H@Ki4T4%iS$
z(?1`sU^|+{%l)LkaK4tFA#J;w0i$`y)tX|a>mdf9PI2jD{Xr3j#H6#
zbU9QmklZsOAp(L7tMLv`TRY3utG9IGqXqzUGhG*lMl%Qwi1F@nChBXo^~TDIn06?&7rW-{BjVLz82USq(N1
zTfo1bZWaIW_N^{Oo`8tRP>`J)L54wtX)YRfuiq{lR6TYXf^&V7ZOAUjXI6lo{}Gll
z$k!VUtUB475EW;#zA(5sli8@GtQ-SUF1iKBBxN&~KRyLgiqpC!up`CT`_0h!2*UZx
z1%X@tPI%rvdFg)B%OfZKeSObQE>k_{`(^Qh-hSYKbhxkUtb<^+?-=Wz%DAr%yk@`R
zy};s#TLFPp%mfTwUVoLr7itd{Vp4F7WF<4#j9)kt2KT1=x5{E_C*v5h``Fr=BV&VT
z2=TK=-MD9a;=t@@Bruc%uoOXVIijKn3k521aEQ#8ZyzegP7LQ;BQPRmuae8AhGFjsY%VwS
zp-`b@wC%CbnCV
ziV6h8VNJstXK6}o%Gx310mdC{)F7u0|af%9J3z@(qI;~0Y_w_
zpmV&&MJLLa&C5Lzj_+kg3+(Zg$`^UrjUEuHsazhLd}ZCJywNIaJmTXTy>eAI+4~SG
zj-8837817pkOy5Ftqbt;YaNaDgN$jEk8mQWgxtam}V5I
zj4Y5&1KpLx%@s0|?!>o1agSSSDM(39z7M0WRbnnC_6qu0cyFvj&e+|Z2(o43tQRgo
z66G)171pl;7$S0j?8YzdegypIJu-4qo2p|3p9HcoD6}5J^V{w7nAY7Lt-0wU;Lqos
zT^3qpO9d1qJzJ{Z%I{@1s_a=e25kMZZg*?DTq$nhLfmw=h|j<~$jFErF__6rC}g9X9^3}>LPc&T`=M16W%d1owG
z9BT)mEOyr*oCDuk%88$7o^tC@lcW>=6(2~n!ip$34BMSnRfVS?)7RE|n9vTbahaZ^
z6XhpbT2|h9Fmwccy1x2D2!DA?u>WBt^V9gi;NT=gjxHDrGWK@p-@*6y>tnUYk3_>G
zlm2u~EST4{1-4J_!J|8+p_gRCl3|RVOtmExOvVP=z$O{IrY_?SyCR}>7tR&1IfH5F
z(@lEWbtP~rG=T}V;AZ2bjnVe{;_(L0@1S-6x18h8+oA80uV`7Dri5V&^?kfrOZm7j
zd-u0Fg><+RZS1Y4-Kj{fc#*Qh;1azS8>=fU%+EHx9Pq-!Z5B|A$#xaV6QGppi?il+
zzPQi9xn{}$(E*(-=mXqcUrnnkHS|N`OV!R4MuqvHjATPev805AoU?NgG>O*Bh4JAH
zZWz+5n%cga8WnYCc6Qdt*jQ0Y%8N)ZM3tGtu>_HecRgMej5D{&ZWv?3(t~)6KY#)U
zy_QzM%OQ#D_$@Xfp+Kl;XhW5a>Nr^8?h(?^`2TQYdl1pRBU~wX;sy)B9p(Sc{&Ka*
zGorS1S9uQ~I{)OmexPAXqOwYL`4JMV%|t{eTmRO)@!s*ctb^_C)y~`eVqyggxux$c
zBqI!fptj?#H!AgZq#)mGho8X!SR4efmsT3)Rx(5G0i^OXD6O!W*_^Fl+r2HI!p)OA
zvAE%7(-@koPDgn4wweJMY9!@Cn$|S!vR>E^qOS@FqSx{cewL`pvlP&s
zQgSJH;@i=S4ZK8~ar-ptm_r7Sm6+@wH%EOLT6jN~teYz!YW`(w!7!;jQ1g-H3F=4)
zcAMSG7{irD*VuzT;(S1ghqO59E^}eD#9p;8qUs<)FagYm5xrqOu6~wCG&giFxc_qB
zXvVC-BipbJSZ^R)2}iX
zfKjI-7Ujz)qUiWoA;fI__=gf8@ya)-h|{`tBBUMN-JeBuqYxiO(DMU4xmSvwXV6Sd
zwe^*QX=ZZbaKi4uf!|gHF^Tbnq-Pr&U#c@xuBwFc8sZoerrI$aG6z+4`!`oNZ3b_5
z(UFge?B=ywqC%pr-8L1GO%Rd{tIckEx$w;hyk|x#uWI9<#CtZD8ia$skqO*nY_cOn
zbZ6EdGW}FB@c+p)w7!6(0@X7fy<)6^T@$`Wa@Bw?Hk^a5>bfItJlKqna^{_L4v&sMt4f#P
zxN3xMd0)qs%X|2Kz{jxEw~$$e6j}Gi<}{Gr3$Ai5a#|m+4LoI%1R~!yj(`pRo~Z@de*s7Vvy-JE2WxjAOd#>(m+
z8tT$E3w#TlydOHJc?41)+7>UmGa5FnFRo~<9#r#iN@LY=tQley9Vx;Oyf8{kkcTBn
zqpkV`ON$~x)A8OP@52U0H+DkjS_FRl&BJjrV-PHZpBPz0MD{-7&B0&R5~=*W+Hnr{
zcd(&-j55>ttv$!VNh2p~<(1VU6Kg$RYr8Gw1~Sp9pLtS=9~b!2`E1t^QHT8+<9xK8
zDwl3*TAQw6VdL7Iz?TM^@P=L;cdc8t025Y~wom?^>uSyS_inA19Ks!{;CJyw#;CD>
z%0rk$zTa><3|Iuomk={JL(*OmGLNj6FHc@W^
z#ZPxVnmHu(_Z+NlL}kqb|Nlr#BFV?BoSek$m``A!002R0;G_GL@J{y?2ux(~b-OGiw_g0yWC4>RK%d)@a_hs9kd;FGruKQKW5AM&D+q}I>!qZO
zjPP7gIie8T{j&4`X9@T&8{CdF8;*NY;iAg}wI%zNxt6kzoYeF3Qfw%kPplcw6d-@#
zEhhm6ii_x$iSRv5;5HoOhsy2`hdWB*R+@)>{)lBywJ+>v-2UR+3xAE(cKHN6Wprf3
zCcj~Pc`~(d4%hJbs9Svqzhe1=E88D|jey~WO-M-SS3-O13@FeoktJ*^^oyK<*N&1f
zqI&{4GH;MQ@aB*eiUFn`09l}Be6Inlp-Xktd@>hZ7YJT;_pEl9=7OGsawPl*?-uig
zP)uVSnr
zrre-W#2kC*PBxvTWBXx{oc+tGn!FexZBx^o&ifR;YA)o
z0&waTe6zf&h~8g
zm7luqBaT}Mwd-$xnxV@fV{OzO97JhkjsdeRkYw*QTNq=isfima)2Bg5*o+^iElC3(
zhw9E3)ZL$ee!7=N`~(J8jfMf{*K@fU0?U1^b=CIKu@1!WCSg-Baq0QszYKAtY4@|7
zMkUc6GM6IkY753_kS$&EfsOmw~^ql`(c&9XqaG_~zmm5woA9xzZX18gB#@Ur0lp#hvJ@V%vq(ntILS);Z;*wo`{y>4=#lqOz5#+%~)z
zC*K;j0*XNib-u6TRFt&MnPOwhHXfBk&}99f>4Co+GY12X9CTVk+yeYKKc0c2Wq^!c
zOtEony1#C~tj*Tluu2*pIHXj(nW%o2#vk%WlJo*?Q#VjeQK1e!ra1EOl7lE}FU6F<
zr8hj_(zdCp=O-6xMQ#1>B$L184acUE7ENB-e{g(5pzt@Cb>;+WE7aZUt0Y3X4~?V$
z7RD#L)P;D7a1Gu7X`*AMOWpND#2D#-G;t-Smq;v^WZ-+MDT2{yhF$OFNRN|}Hs60Twh
ze5MBMYViEev5xF4c;KQr+_s}C(WrAdh%o$jBkDC(7yTF*%J04*$t%rKDc&#W89^Fn
zLigx6R1Pt&Ukha;;Kvf8nCG(0U8LYeyZ6e8i_iq3_d(Aq!1pnK(CmA+qG+A7=IhI8CSEqL&Dd
zA~WIY%W#&5e@iqLwI6sSJ-*;s!sguEnOY#Z_VQ4B(N=1ZvoJh*4Z0&ba*Khbm)rVM
z5x^Plx&xB}C9jVtOwy$r?}Q!Z__fx1`dN|f1-6l$=fqTbLRJLqohL(9JhA`VhGMZ)
z`=C(UP3wdU=7xGvUCen8k02yQ@sfHQLNDqA1JN;h2F3sa5ffqMQ7)L>s0*>6K0z)N
zNr&#EMIobx2LSDmnwJMxE~5c2z1t@Fs(6f)NLfMQLTSHS{Z?IVE%-r8R`{zONiX>P
zR}A^%{jC+nYUHw}8~A{uhZ!F)4vZYR3@^aZlEh-@5@6XJ+a?eaWxi@
z_+AuG{9RV0o^KTcbcu$BMoCWYTzDgMcq0OQ7pxtTb}obm4~&kFGhoA8C)>6+mb1aq
zb<$O4yv$2cwd0T98hMw0vPReB4Eo!Txnpj4L%uR*bQH1^a-f*QXo;`C4R{8^6f%BQ
zZ3(bwWQFu$$4plN6A)Z9223`gPILJMD=kvlt~-uMwE<|YnF3)py-G
zaR(p~6lNBwA_fx&s&bbJFMNU;1CIcy!2uaBu;Fp5KZ_zb6hjsy%Pfbh48b44>N;UCke(-L|VjBQAsw`
zWC$pv;cLS8*wHkutvdRMiu$U6)QK4X+q&iL8rqy`_l}-r1b|
z5Jc1UGmaD$mpnRfONj5m)7!JNK{laV_9zip(Fe
zE#56)+)Ql}ii04B?%vHURSSu>BgxJ+p2jiZRL>knJ+9drq+kk`);P_ja+b{#718sL
z20Gp%*pEpL9Rvji3|Ae{N)t#aXhW1GF0jUe_{_D}`G4nof6Fvr`gyDL>!eDdLnaW+
z_Bb7p-}vvC*smyYHkRv((!$}+^Th_(5N!j_$`7FE+GP1(~*;HeQnXQ
zPEBWhQ0I)mmHy(d%klzm5t6zZu@PWGPfkusN=pYYzM~fsaNYu^n6i!zn1T?Mh{w3&
z3E0McJ?$01O!I+p-v~zbJpS91=(Mw~z5c)g{S8Xur>Z!71p~m+Wb#8#=XA4qNdH=E
zmJz)SW-Z8)GTqFY%6eEqgm|GqYY+~XMOt4&R_u3?2S-|`Q(GtG!K#b7PD~VjO#sbI
z86aOJ+A+|(Lq(ZZ`^*h+XCQzgV>Zj&O#{I%ke(-ZU3!Duej<|Z|7+#WaR%)TC^`e{
z8&X-z_$Tn?RLozV)+C!)-mux*!T-JHa917D@_%fBNQ9Cor9`)+^7XxEB#WIVVLlH_
zKwnluuECuQP+PKhtFcn?S`a`}Ffyxy=>pkU9|iRe9xjz17{1tXhX7SV^AGL~M4y7!
zfrs7(&5kQ7pyDn8`n0my*azaFgr$NY@yzwdPwEFbgJ6S3DW*}d3#_Ht&G$s@p4LA1>UN^zC{^9^%7^I`
z4-8QOvu5wbB}6UKtlq@-qdO&V!W+xs?akdr4)m$-iisZlQ)QJ82c>6yxH~|aKbtGK
ze8G1}adYA6enp6S`h#cm&I`Aopcff$$O`-1TzZXYe&b9n;k|^2
z4zu7-K?oF;+-+~amBnBAtXn>NO_O|m@k!eDaprb>0HxE1%v~DwfAb?!Ka67g|^534FG+9(&T?;{wpZDt7lJj_>hu{N-QMie+P6}
z*6LtUP|q<@ThD=0s)UxlUxeZv_}sU`0#XH&BrNoaxx)FmCG7IQoqPcS0b)ZjHW>)y
zN919jb^N^SE#P>z9!@nAigadx{}1RV4^
z$Zk)Fc)R{8DXmL5pUmw^fkZgNatS1qhEq@6>{|vot0H`Se4OoeFh$`{ASO`96kyzR
zE{2?eesSLCCk~KkVsDX}a#~5^c|t;!>Njc)+1ZFM5{fx$H*(!T>O!rsE~59*1glQE
zs79Ex!g#|cU63*+HehEc7Z6Ol;qot)#bT4h-6%du5svtZ`(1J*qa)_?8uB<|p>e4o
zCA17Nz9vM}dR$KFl4m9QQBTfkZK%~ra@Tat4{sR1J0G_|=Yf
zqG>48wqjyZLyTSjckgQHQD=QCK6*hXzT}HAuc0GUj32dpVIsMBca4zyM2DvahMDZSEJ6!yFnHT
zbBk|J7zOZ8e?=!O^Ij)!l1Z_VOI{9wL#&Q4wP!e5l28B6;P3fuVhZq$SXa
zj;qREe&0UGhC9jNY&PvmqL31ZRusxz=Ht1}fpUTM8s=_%qZ>lp9NGV2{xiTOM|$$)
zL2Hy0p5+F71W)B^thK%J#!}rW<~JPSbP(!hVuRUb4x-+J<$tghGkWxtDlHMp@t-Wa
z6ctHkLv2*`BlJ9yP<8chA>rFgq(GtDN8|%|AMTWHNP_}{BCji6Re_;4*jpAcGB^5y
zteN}&l9K)`)IU(HH_Hiz{;Hx&>
z>EFvnt|ajv!|1-(-?vkpgYCo9@6qBmZ>fCm0JWel*OB
zls6*Tubq53{fU}qeU-Wc+J$edKUnJxi8+YH^-+hB)ul6TrDb_)iS9pxmy0AE7?QKfN9q7l3ZkJpg
zS6+;?$MW4*>;&$QTd5J*Q4D@jt`KlWU}494+{9bY(0+Wy5Z&@ZXZK5kFA5c#BxECT
z;tuh_G81aM**Z3v@(M@ErkwES2(S;N5YhU#bD
znXZfCh6!eCE0^it{G^kSFI*f8rYW%!n*$Nd^hvrPEvk$=n4DH_GEsSR=dAfe$7r3c
z2LbAp2Y=dogFi2@|4PofKaz&-EKYIijTNfz{nT9}dd}1!ug*F@*NZbWdfJD$3Z0IGX04R5)!52kWfrs`lu-O1FqCZdr0`&gOCp^>#IyL)$0;_m$3N*wY{!dJHl
ze9fa4^UQVzFBVpmow&|zFO_lJJ?gHj*hRj8`oeK|N}O`1ph?B{ZYF`IlP6>T#+YSl-;67+B6iO_E-
z%gdi9c6fF38tIEjYcJBuB!|s`)1~hj;bkzYj1)6HamWjkZO<6MbWm_Kd3&DVK*Ve3
z&4F7xOANcWFs{4S?=%ZzJy)k^$&a8;wGWf&G{K*AK~i=C&Oj;7(}B<5>yVy#{c0dJ
z;``HW8ZPatHfC2NorPrK<|=a*8+Y&HR(A8PdBqi+Q@6LrhlQ9RRTpO3Geb^{vLH^S
zVp|#TldZiUN3}gjF$>>AK7PI(YQGunhepN&{h65bR6{|ipmKpxfSFcFa`~=nVFe58
z{C(0hc`#$L`A?wAoZIOI7|~N(#|YD3!d6Mjgrz`<1^$QeOt{w{(0EC
zIg9xFcpzg+oc${?6&QpLm%*dg6j`)(@NT(+A%r#
zrOQG@?;r{_r{I9ireALf^!Kb@l{xpo4oYp2H+2af@jz9uIV+DqqHJ5owSFp-@}_6Y
z_&&t-_VZ)M>@OC4cQ$fM>(oYjV^Hen!c}VWuUq1T|NH4i>Vw>OTWe_CZIO*P4Zf5m
zcF4-}>~k-6QqFKKzHpjrs-l0p3T~k6REFw(aK&FEy#sa0pwHTRygUf_6Tl{O#T7kj
z_ib0V9|Bz)@Kr%!p@9j7-m2r;)=r0`YRR_i-dlbIsv0zgsrg7h6Maw>!kBh$bS$8M
zK6i;}`3V$nvY!h6qGe~t=kSWQYr`+}bk|19&!6#6xCQhJpKvF_aa$q3;P4pFdr?NF
zrVU+0UOq$ZbgGqX?xZiJcPBE#+ey+eu#SCo_PXaRNK|Gvu`UbYdn^@`Z7VQ$G%hg`-gtp*IjX@{B{_4&fMM
za7+7Q((gveBdAzqPU4H%H&t*>K$j}LpjfE#UHN*H>wZ@U^ccv@Z0+Vf@n#|+E=)mJ
zclfg#dA;{gJ8er%bn4zxAdYc<*r$h<>_aAT$qEyilT;YC=`Zm5Z>BKPfh*7`gHDR#vS;u?mOJp)s+D49BYOb*)_}Z
zjK$Q7YUfUgDDt&9=lAudv`xg%^%Mkn4W=tUo)GoKWa@qwMX3s?bhJ(ER?{mEb#N5h
zttIykvL9XSsn}fDdVLw_MKuL8aO73#>3u1~N
z0_-i{zrRj}-c!T2UDw1~;T)n6><-NMEuzOQ{r%ysr^r35Q+s_eAJMY1K4EaWAWLy7
zV?sfJIwn=KxvcEzql}NxV=Y^^+B;;nCTTRKv{Z+OhlhU_^4HxtrW!KZ`p|WF6_0QH
zIn8>#XyE>x_(y~JGvotiVo~zhxw+HO?*JPA_<^kz>g?Ko{R+W{V`o=8nMTb^l57NG
zf-%H47q?5y+=*?5S?zvwF$LVe%+DJ;@^jsql|Mg(_N<~2d!(LKy*e{bb6Chv&VcMW
zy`J>~au3BHxD)xH>RSbTS5pYe4l(4){t%k_CI{D2Gio?3KzgTCLo2plYd70{Z(gKE
zIpfhSS1xjo^B%1%9u+JVgCA9GzYl(VV*U67U56v6VfWS?Pu96tuy|NoX?V0o$||L`
z8_nMf$Y)!k!NX9VH7{mDciRkzYU9aJXKFHDo>ni@PIB
zEBI@5!&_Hc4GTs3s>dt}l+;yHabK(gJ_JbL3^Wi5ly(X&?7Kg0vMK5HwRHVe-*&Z|
z-g?=YkDPHz+OalPZA%PNQJ}AYXwHympXcTQ!H+ntad|(PXXuk
zbZzHFu~1N2|egD=xER^MaxYEn5b=-cy{Dl?8M
z@A@>ObFx591DVkC
z3xmM~wmYqWzeY)4KPJEro8JcQ*VQB)u&aTIo{f@3jqu2lkwe{zr+~v!
zbo+-hV=E&yexRX39169v7S93sOSNM9@vj1`lm|H-(wswlu=bu9KHTs!WzaQOeJnPc
zh?v+~=Es~eD}Cdn1683=G_od_UmOri)lxZPY|D{~5r;j>?R%DKRVUt@aZG%RS2=Sw27@{k*g6{2
zA{d|bD>PeEc(%Cyi&K%y&`!eqyHXtmZBB#Zr;p-vKb5x1ztboA_9n0Do_MBXuzoRL
z#?6u+p`B7OR!)Sstnwv6NlN|FVigeJpV+3Hs1PT`~6`~7vb{)gl=+@(h?9jl=ROR^jV~3wqdL~3wzsG#60qb}c^rSq~
zKRq?201+(UdROR~Yu}Sb!5W?v8Ts(XK``)dA*=V@5vhTo}VYvVcPX9_)dHuu7mZw4r^2PilX`Kr;!pt48&1!!4o997fEF6Nqc
zJ91XMZ@p3#o~bQ3Zf{g
zi@*37oCTf)%>Y2}pM;tZ(DLEa6Shz6ls^EfWNhhLb{d?gF}W~Uk=d6*F5xHEe8+=a
zI{ykSDG_$=7e7EfRny=5GvL?NfHdbyqoYJGkZp8z79@YPepsPbm`Fn@@{2bZm*=yUo237bcayDab8cJM^`l
z)cuiP$2QmGLDZ#Rl@7~$8~3IU5*=ihZS`;fw5<8M;w|L2!<^>$(JgR5Xbkkc9Z!Y>
zGi??IZlPP6qr_95e=rQ{E_TWV1j2-dWAA_Dqdw-V;=zTeZtX*0eT3*mN73EPhM0TW
z4+{VlCnmBQ=haL?5Nz-7H!l`xUGy$ehr?)Jd(-lNhAyV6rk{Svexr*FZtP}Y
zkZ`RAFKDaq%F{5&0&crEU&)`Pe(Wnme-2VxHEP*diB#9(J;Y
z2@)#kmQU9WvP^q;6G7$v^C2bLOqB*$HOyh`3^e6bx0Ag#_M6$kFO;>&`CDs)DKqK&
zJ;C2>6Z!5h&GRPa9T&p7o`clQ!xJN|H5t3UBV-PU=j~=D&vgA9;3liQ`nrSNk6%
zJzp+sS3bI$os(00g%o-?!n{$R2OGi}_wyB3M(|tKIq&xQk22tNm|j|1p`;aZ#>PpH
zGJg8!%!u3B;UBr)EyJZbHx`+hn1tXOKjqZBUUNJ8R10BX)qQhwbNtKP020oEk?eW-
zfWM30o~hn^R7OVgW)EtH^6()mE5}%Cf0M2a;ZFSB$2t&9YYcx=cvbeg&-SZujuFzA
z_L{UJvrI@6*r%zyD%${;Kno=nKJ%tK6sQ_~@
zFWt$x-|BA|1T{ykou#{2)BciPZy%BorhXxMADFK&yOb3buj_}xg!5okr$K=
z^Y59}{w90)K15%f9-W(@fIxCE8N#FBOb?do8I#jo+HKH2Q&~$ZMV#K@n}D~$yj>+I
zuBo|MSre~LYpedEIILGg84r^k;JkjecvSP5M)@!LOTFXE4Vyx~EJlE*jiD0GYiIHI
zBVm^+v8Q@>j|#db{``3v-Cg2R2rP#C%9RL!tiaxYjljCk&dQ2UN~-JTJ>``E=>6Th
zcgU>)9~xcWU_=A#nwp($$j{t>BpT94H18vY#t2(KQ$k9LG=M@d((;QK>};-%+%P!}
z!wG>SHWoyFC{2S)z_g5mae!mbemK;ZSPVV~0tS(4WqsI3V-~iboDUF&k~RA?bUlD?
zO&A{T(KGwVZ!^*4zqSz)rMKjgI)4P#A7mS+0x;U26lnJwqM}qykUM*G7pcR9CTM6J
zbdQ9ggYUEfXUTL$Xy6(gm9)jGP>Z?>D15Qf9F~r>mOD83(DYZ{RfFQ)-Q5s+
z4_sSoYm{kEj(nb2d44Ouq-{y#s?dJ>K9t<$56+85oKS!UdqxpxU-^S#&nEb#%^=k_gF|9T8n~A
zBK@hF9V+f*cjX7Se{V39QA|2TLBcjNzgaa;y%KctYWLEE>5Aleqkk3p
z8ygwLk{0s1{0!Y7&nIG!b{-X!BZZ5@Bjbs&4-y*Dv9`_(nE#~x3OF`Qeg9~dYGcTg
zLj_`Xc6P(&^4fgAc>~!YN?iUA`PlKT&=Tf9`%F2GOB-e`EJ>`btt5_9yC@#cWe#zW
zd0rj?r-#IW+Hz)IAvGnXJw_@pdBX)-3SZZs^Mj#GI)*}?xv);=EQ2a3ylzj9X)A2E
zjPJ%*;dkLC1oex5s~Nyy(Kt@cyayZxInX>5diCx2&jQ!&bKNqX=GpMR&C|(WyW$)^
zkN-U)Peb8>OX9-7I20;?m2`jjeI7q82sudL|M0%1rlvqy3UgUggP8n%c(MMc7exAr
zPX=M~rlzxRt;6;DXDNQNFl-11ik>@Ham8wl;^#v+E0M&b0v?U5@J2N3MWc)Ml<)2#
zOS$4omJ{9#mU|so0YJ=wQACEsDm#Oy%
Y8jiDkJB*ebL%xL;lewFE`@!@70|+A~H~;_u

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png
new file mode 100644
index 0000000000000000000000000000000000000000..a500131ad0e42f152622dcd817b7b5b57ab2162e
GIT binary patch
literal 47460
zcmd43bySq^*FK6;B4yD63IZzKF~mnDlvKJyN~F671rccl=~598>F%LB1{iAS9=dy&
z;djsHec!Xb=lu6uXPtF^vlL;Nd7fvU``&wB`?{`e=xbF4@|*NG@$m4-U%ix7$HOBk
z!o#~pe}f1-6Rp!P3;rQ-da37%hey$d`+F^plY#*}N$mDYMUHs+=8bDa^cGjAC3tub
z@LtJ2)AUN+n(;J@Te<4or@4Rfojg#$=m8G_hxni(L)6G{ww^xnveHwe{KD#eZ>0*N
zM@w5jYIsEbRUhF^mKSeCy6%YWq4C87$(;Qfhj-CXX(nkV_Y8C@y0*x5CS=pqWc;|M
z|8HJi-tB)M=K(C7hqT(-+Pb>BrhK$~qN2o2eSKRj30p0H$yfgV{mVxmsj024ZfqPC
zk~1#Hlk^4m=sM?boFKgQUx)awuen*xod5Z=jj)gx8_Rz@3O*AR$^OUV_vqk!+`mWr
z?=R)_^!0cC;}GApUj*s=#{pP|-@n^a{Es8Z>XVZjhyKSQUgrJ$e}56wGIl$EyB3A%
zpOLq*A*rnNn0DDLkd-^GneV**Qqt)IFYGMh`-_mhql3j&1NOW0^j1C%_4TQ{jRwt=
z!nTjOxqrS0iJJDE!-$DVjGQ#s^ZR_GJE-xqeQC$4h
z5oX*L-=9)aT58qS^(~@)Q4w6w`MG!gCDvEO;ViPJNAddg>owj77L!${MW^Q`&~rlX
zni>KE0+-G2Q+vmUketKWicQB=m~@Ik&UD9zk3)Exbdi3SLm_P)4yXkMCf3Jdv>#Hp
z?2Ns=sfQ8_TeNhdCGwVjXJsF38Ju)Uf#}D#3oCEvMhn3qN48EO2X0lR6?OqT{1K%JUsmT
zAe@(0#82$mvu89l-&t4=u9`#da(JP(Ma7N1Qi++Nw7$N?coghx`@1?O>@2@Tt5j>q
z4`WL@PUi|tmp+qAUQ8@ir>#g;!=;V>xrCj`n?L@up2@++R$|v(_2^NXhLKTZRWzk}
zXH=$+Y#U+ttK_hpu<$T1?=fWofhZv__-_UWyIVz-tF&`_)2?tS&+N1adDg?#ft7yI
z)!Y8vY!g#cDaH`!r5L58lMKXT>xW4rwx1}aySsbZtMzySGJ&XZMF~>xJU1wLD^4kO
z#(QzR8y&9H%0O^_ey*G%5qDHBba5np#h_49Qex=7LUpvm_-d-s9)9jxT2_`Me#n;3
zRq$?iH(+)}B35+HE68&en)2|)XH#=?*MSTTZS9USxO8g_+nh@`TTpRjCDDV2(&?e&
zM!hAO3hPr<8S7RpI;1oLwyR2H5m8pHpXYST-{FEuS5GhPxP;fkAWutQzXz4!-*K?g
zyEa}VLrqPcD&`!>D}9wp%v7DBCUgENFz|Y<`=-?e|CwW6Vc}{{22`@>0-IBlh%z)X
z>fg}H!>!QvWJTt$Ux5=7x{^{-&TejPb8{KTo8v=SN;HUyhb&j#qobo-2DP77dgF(S
zOacmPeeNyH)PWBm9}>mLdp55%w7=As0ts1O4vJ{7x*rrm);#ibAHyII^yecpHNecU~l5_CLE8LYd==I;wMabzQ2X>IMJgG&IVj
zK(Eq9Ml{)#tD}q?eD+W0Ajmpjwf^0b3gJ4>-Nl*nT|T#WWJ?`trsxy9b(oR8)(+A6#!chCO6|Pb+T;e`
z(}T99=%r1Rb=cME_EaZAO{yKYuRF*YZrr43nVLfV`hFXWKBX4HU?GeU_eYYF_XPz7
zD;;LSlu|@M3?gz}t+k8v<-mu&VvYSIE4v&J9vn=F)YIFVJQi*6k(>8(d2Qpn<>7I8
zOw;j{_1hc&;*ye|AXA$_jU!`Y@8T25XB;orq(PRt1_rE5-Gs&>kEAN?F|k#%sUb;8
z;^swk3KkjC%PXq~h-ev5y4MDOF3~N;9B+>8Z;ywQP*OS`(e}4%T>JR(tm2SWK%nOy
zT3k%bX>09GVeR{S_Ntp`kVG2gJmtxW@cl1N*q%HI#gLF38!NpMZv*L$R`T7RT-`bL
z%IM9T+vt-Ww#FaxZ)sNYCnhEah4VRcpFFX!woa++!i|BNz8o#!eL}avH&C!I#mWNh$cKLKtR$N#t78mtdSy@|CRWu*K
zhWP3=k9RulDKnHn_R9!;@^4iNdU8TRA-Pu+QVkCBT*7U>Cr^H1XJ?=}DDdwY8Wq*dzN
z>PSFD=!{%py+J`?);D4MQbpyVF!yolz)Xz_!}aUdU{Xr6r!zOYifQ
z-L08+2}%2&_$54?)A;J67H1=-7M2~g+Yp`Nn510v<%WDDQ!75Dw6e1^iA?_GfM!(o
zJsPT5H@?uYo*sD<84V0LJ0jCs4Ix8Hs??*JYC2J@q#}50QzBz`!*43oP!a}%eG2h3
z2ifI2h}cRUP0hVdW`i$b5sx0f=48X(#dc#3JUBS6w{`9cwhIRb2XD>PB>=dycz00+
z%_Q!U`2G96+D{(mogKCAS-*etnRmEOOPo`CY@PL%V+Mb|kUVc&a$6hxSk!nPf3iI#
zc$k#{5J}@ZON`@~r=A|2c#XK*)z+H+OR8gqMz)jCqqR5MMaJ!IU~_}|D4+SwDB!C9b0h;T#KSIAN#zPbM%0Q6
zo!@`{e5q!He2Iu4;MoyJp-|?I){e<$ZvbY6=jjOg^wA=e-w+cMhiy)C-T8JU8Pxot
zqC(jBWa}ZDaBvgCp-&|K&Q5{}bQP2#@8xfuP97esD|&(?>x0)o{KfN}Q*&~17B)Dr
zfLtY-sAXws9~_rO)p&)4{4_HvDJ!#mo!!@`3_IJ>IN6y&nCe08lLJG?P2e$(jSsnn
z;|9{|oDP=__K)%#-~IuKk5z$UX?rPXsr%lC!oor^NYz7b?zpF!-xy0u2ndOnP~(Mi
z?pmivzm6Woh>oXr_O=5HT??%f6O+kS@l%tNi`&~OmoTp$MJ0yI0tl$3+VR@DdIoO*
zn)t@5ur|y#;zp)Msb*(qFYb5d)F2eXZE0rqEF>yT_Z;K7yt=xuY1@hYMBrENzejn)
z^mNDQKJU|(+1d2+a!n9)P7a8U?~|rOzlypfJ@TLZZ3mxB+Gvk|e;@7S>~6U>n8@Dy
z+R(7=#C~dRHj~)QXtT(|W)3EWxj3~(SK8w$?&^*z6w0Io!^9T^V4qo9vf*cDu8-!4
zx}y4sOc!V}QYMY-B$_*sBPL+?ZH^aZDMT}6lThVA{Pzy*8uJcqIIc)Jn+-T25D1Yx
zr3DtU>vYz2Tf%J(Z>0PjtaJ6rO?WuzPcySe%#tr{UXgg5oZOdA
zRdsOSX>M-bQhV9-PUtNk?L?I)Ge~sh_M723IVc&Cv4RR~xWm@=me)m+wf9L^<{
zfl+uvgOuoupCA(xlQPWx=IOLl8mLNpkWS5N)Mlf%<4;id!@_!e8c{N!wE_D@+ia&3xPiN4-9H2*R$R&x+A~a4En}ouJC>YTwPPHc3`QjtOVE`iguUkjpzAUUjF^#P{M0{^%4kN>!1hVs4CXU0*l!ocS%!!ToP|i|0<3+q{t7oxMEP;i{>r
z`A4OvX}e?!EE+p`cZy?ubHC_}EEFpJ+BNoMHN|1EUv&1}k)ZAAT(vX4sG&?K)E_P2
zxpQApRpbNcvnuV7edOb6EWdQr9IByroSh*X{wGSju&&KAYr&0;yqBt~>`(Z=DKJ65
zfHw|vJdNRC3h2|E)lW)FlH5NtKMD<7jbONbcgf8{*jXl&UM(W-Bewz$4a~k
z4K?&`f2p0X>+p0uUCK968pCrTD<@#F_W+9C7R9@H^JXGu(w2-)^2@^@Vt&V2Lk<72
zLh1GKDqhURiREm4P4<#7?xG>tDw%4UkD?_nZ_&}wegFP_Z|?=={$&JRHuA&D%8I0n
zxqO3tg`Yp>1__1Lc%jih{mO?8z9&w{f8GG3kYqJ)X~o0}fu!s?EF4eDL!q$sI;j7N
zT|AFb%h%>0TJg68jh6>yHrgig@S{Fc4<^1k{$S&=o-Ay;c9-fEK!UFYQyjJuhuS(iD*rG|mD{xT>G2ABb=}I(
zSHtL9SX#z>`vww%u;?|=<34MCX2ArJAF$azQr>QPCj@@id^cJ~z7ghM<95ae)33gj
zIW%!}{O!AD(G1tcMjp|z(NxqbJRn3Vgi^2q!)+jvvf&hAPFGMO!-I<;vZ=;GMX6<
zS6z+({=uehPgR;ZI1Fg0$td{-1jKV2DO#ubORe37WdQ|-f)Qe7X4X6hS@ODS
z@C=QDeF}i5zewQu>36w6e80cz$J&|mY|0fyjd#to?-l;E_qf|4XqeZ|_T{5ZwDsiy
z@O}7@k^Z;5fS_P&`)J&7sXC~|piEouq>jH*mTVe<>@3&N@y?GIN-;`!fC|af32wb@
zN2K*?zRo+}$sY*h$Q*#iFO^g*yS^sM<0m50;GXWVZCNZDG_X-%xtt-Y?b3h>$^_|;
zNy-j917VuZ5$K7iNkBi?6o;z}
zj;}#I$FRxvsVYYwc
z*`;fb+DLRz@NAXus|OO?c(=Kl$TdV@lg!KG`uksx!i#(Iy6
zN|+%}TT83N=lH$GOa!A~^4VF3x$%dvgPX9+15%CD3YQf{z(%BqI$CwjKiiV@J|r+j
z4Wt=L_~|y-*u6W2Te`QuKchW$
z?u#GXWP&cg@$*y7!sp`UNkd((y{ziR*940`4q{pE`xZ4?Cs0TDq=e6k|o+>qkP
z#H44ZOj7T)(dm7)-(1#i@f7laBKI0VjlgJ`N8;xX)FjV^aLt0Vv-4%~0Xi8ww%YGk
zv8Qx#%-lrE+uw#jHQxdf1_rGuhdF*RHhhv}JRAr=f
zIy9NHs5Y57KwoaRtBa_2Ydrrv7>Yrc__ccy5D~dNW(&T}s&LR6Epss3r)P&O4Gt!4
z6mrkMd6V?~pqG~x^i8DF=id*)T#Pd?`k7B^^<6IY*Vor2(R~QrDc!@Bmf&d#%bT1!
zg+dL+pgL2^t~py1)*0Z5tO-u8WbU1p|v*)|I=FI=c>cZyBPYk8>i>})Aox6vVOU2wyg
zd1q&*FC9bgQR%^DRGC_HNYAWUXs=*UX}3^A2S417$#UBn4hEPbwGk^3N5l#mZ>rve
z!zO%6(5xNeR(qwFKBIly5M!XPpML5MXq|+>%j??MJyuY33O%;~$y72QtG0h|unKrx
z%Y~Mrvl5H|)TPi%(jz|stPJZ#%ri;RC2yajwdS7PM$mb}oz5(n
zS$Q0YL7%EzkM*gquU|)0F)z&2jwrgar
z_*jA%g)xCr4BEH-7A3*;p)wj1=)QMZ+QGqr3$E9}0aei%$)q1Yl2MXz@gh>B1%;nJ
zdEp3f@E(3>i#shDQIFbp4P)m84a=IEx}}X(c^4M}!t?Xr_a$UeJVtvbC(Yg6p}&J(
zfo}Huuf@gWkA(*=P>j2jnNgh!AO@T~J*@#7uc^}t^Y?wFqQoXF9PGTrG1%Zs85s1U
z+F|iGdq#!2O}?G8i5VO;G7z8dfP0shm37p(sQ}uC`&*1nePp%_4EGrs8IBqa^aF63
z1F}B!$GoYZ{+{93;d$XeRa#g3!se!urY7^EM@O2W)SFlVKFNB6Sk7bpMG###Ht9PQ
zm;)jjf~0mEucSMpnH@!PKqzTztz64%v%rMg|6;Y3R6=dpDbX@S%LHpanvP6nU<#f%@eJwcP6
z6Ir|V%aeN^YtlLJ|{jA8K32h7~tDM
zc>?84^nBvu>S6?7;rIc?Z78+z9(I0WaOsE9En7_>nzPg>Q8q9!k#O63IX#dpjrrCZ
zB3>LI1Ktbj{cCkYWsqfRKfABYH~%jC+gYocD)vmpLj=M?V;!2t#}lBKi@W#l2R8Wk&%F++xu!rI;*QLURe>iXHmg$uZl`Q2T3
z7iZxQ^UkQPsk#IZf>7OaDIl2fd2H!|sHT;HUI*IF)-;{9Pe5O>84xpU6g%(Uz1#Zr
z;R|PXcgy*vkGM|}5fS0TSn))|f%WOru))FC4rzXz0aqANo17J0yY+qB?P)p%GqZ=D
zbN-ZR5YLC;MY&aK!VS>+;;$>c39d73p>1t#pc3@{-Yl}-O_#c_Ed3I2i%$R$JvZ&=
z$}b3TV0-*HvFXDHpU&Jrf98Q?@!R*5Y1(rRgCo5_-2o~h9E%~bn<)N>-l=P}5^*jv
zHuPT6vYV*>_-iT0Did^pOW@OT$8w0C->0OZq1mZF+G<
zF@KQqJ;B=p8o~a)jna7W=iW=u&;XX2g^ew^{?g9_(-7X&^iO?517L}*cV`;_tS__P
zWqSVNg|myx`*KM1=2ATtHFH$I%)=pe+N^D+g$apa$~WPclAYRQ?4h
z1EV^R+w{~{ijITBpp-c~zX?Cd8#SyuJA}&s#(TAJ-E#@t&mYf%XobA^7(^ZTW+o&t
z7k>b0^TVLZAtHnCXEXolu9|6ovhcKXXWG&3Tn6}1I}Ipfz_%JYQp4gZgaK_q3c3O^
zddWnXKRRh6uP}b(>O9@r)bxQ)H2vtiu!l-YN+1dHi;4p6lZe9_#ZEj$Oc7z#_4T3K
zHvPb!S!-^7zQyqGO%e){g@ay&c|bC0Yp>E3p;m!lb$c|2l2ezI7MSY77hvJk0ztp!d*lE#NU3TkFZq#x=bT9dvzg$&yaMQ|5Y3
zcSq0|w~z^fR($73;@bas0j%`tzGq}~-i?;(Sx#|WK6w(0taRrDJ35;o7r@1dsWinI
zOLJQ#@JtYjeYCLj>C>mb4wlPe0NV~Ezh=|oCR4Mfj*ibz3^AXO6)g}(YpkZdfFc&^
z_}1MAY-z^^{%E5*>?+70S!#2z>_%Z}dw-l1mBo?4OZe4$i*}XBwXd%~7YJ=|8La8f
zX4yK`?dF-&S?de52?U?BQPp90Nlxxw!aeh$E=N!O_fJo!{b^zyVc)t%=en#jc;1!Q
zR|xLK+_@|M)eG-KrL?`u6y=uMgD3nXpqG=BlzPI+y)rRm-sUhjFf!#}dC)ISy@}Z3pkk`H63nb8al7U
z;m|UmadnKmk(bK?=tYM9$B#QA7{fs|5uNe6i%*>H
zV`b)w(E+@x&vBS3Jbi|P<8*YyJ_F{@aAbM+E@iRDwmy^3*=?S>ErH9+OIkq>E|JPg
z?kKJ8tu0#N_xC{D*dO?YhK4RAJ1^}W9xipHIQ&Y>U@n=eS_0C;{KFR$mF^6kq@>+&
zIEROC|L^vW$&Wb+G*BpXYp$`8eW_!%!EJX4-^4@)B>FFEUr=4&S^+;fRHK22W_zmxkf_5+!G@fVT6m{0Ly70Etco|K%#tiv})(
z9NVc%ZlH88id;NJ!3eZV0a@?(D9RsY^djMrbF0Rqls0a3|)?b^qF
zsIhJ6zS{VrwedAE32~h9pt4}9tE&sQdO*c4^n7t;CoUne;N;Ss1c2)*hvN~Tz?{}z
z-vmJA{a2#=(t#I$)6!Bm`zIv)#L}{q5=zZGDTWclUESRa2e(-_wstigKeUYvMD@ga
z-`{)>3Qkt`h$KOsLuYTLYKSz4XhNTPComaQd4s>34dd_fTY#F4#Sj-;_FC0`4k?rJ
zfbjG4i-|+Vl{j?t)mxf_h}V&sIqNl473%8hU`3b5x~oQ}W-DyPR*6V)h)cW(ZZ+Jt
zdE>?n&?YctTEo-H2M9L;c=0?=JODQXoIhZ1u}WOr!Co#=UL0@tjujY$MufGMgnk5?
zri8}p*G+)gm}syTHEOMWYi|AmrJB|avJ|-%OV(M=)(J0Q-<_HSZ&#FnOWO?=)=aOnZwf$KD?G(!Zy@?-A}<54YrJo)
z9gj&$qFYt@?fdQ(CL|;z1L3WmCaLD@8zPTiQKnTDi9}AB+1p2sc6%&uZ7HXS@H8bA
zp#(`N3X?`%9dGOO$!p}!QsK<$B!R8cz|cXU@%!}uk>cf8TeRA%FBgTsvYdq0pUvs
z8WeFtLPE)tHjV1Kx^dqb;1OwQxejP8T(8y^de_2=Dbs$c62v!vfFISU{n{pMJNWI+
zvW@{CPf?zgljFSDMv`Ap(B0qvGrzq2S(xO9N*Js!^*C(3uGnr-{M9NEzR~j+dbJiL
zDIyMSGCx*pw82xL_FmTeP=PLs;EdSR(OMyE=u1Ks4GaoZuEi3Oxnt!GrY3Fy;yq^Z
z?E&e5jY5Ba)2~GqRU!V~fq{W^&|^c-y@kKMdE-`e2+2rJ?g1?1`d9;lYE)FY{S^2C
z${{Lxnx7Gj9KOg?nYvFq;fLocJvVw@dAH`QrKP2~wDj#27Bex0e50iWWWwFU3uRAF
zPYuZ5DNj3|s9Xtg)7`D*PYsydv)@30iewNi-N?xRg6qoQ&(G^OH&3?v$ccbrlq*Sx
z7#WRO8t>_ab8tXXe#}46P*z7HE0Q-GlarG8h1frHWO${5dpl8u=rMKv3%0zo=W?o^&+S{0R6N>cI#E5nWWZ-GKoVdnQ^|HM=UIXy*zdK?HRxe
zIDE%=))?0w037i^@Q{|ZsQL~brJ7o5S{f2&&&k%#2CfQEnAFzJ&aT?^Vum1fnn-vF
zW&GCZF`bz>vh(}9zH;ICR
z!myfjNG)6L^yd3ll3KdDF9GcZz_R+T^wqk)Mnphu8GSw2|CwqT(p<*nUw|>_+t;s6
zDx!05pMC|jEFiP9lk5Ph($uQplIvOD+Ssj6772j2`FlBP}F)e0s@$N=Ha3Y1?^q_58}Ed>G00H~EX
zV77W5_=4X5DhW7nV&dZD92^SQ*_8owB;*Kqnf$kGYs=2h&(F!-y&d4pLNg=e8Ct%t
zzi)k{qgr0S6?caKXr+z9(N>Y2(TeerVV0@-uba$03x*sCF<{12m=rKwfAWheund
zd!M9g6o+-4}+5kVgF1P**rTC1$tq1Ev@!wnL>+^wUP83cvVFX4xI%
z=;Z3knvW~m_`rAab|)1HcI(%{!NSY^&Q%}r!cB?P^no3tfV+ZrV(T_GzjLy#3Fn0e
z1_s_ByYbuKH-MV=;wC96>7B(TWX9JfBhR^@nk2du(W@w6IUBH_OdLMEPLS@$^U}hC
zSsJr!4!zhXmT=$cTa+`oJtkZ~l=PM;=x4Jzn
zCS7`}e}-Jl^-7rU0iH~whust`67(hffSDl@CHb)r6;Bn{7N#Wwy?tB+Eq@>&wc}_^
zyqIKU8s*D)@Qz`fzkabqG4l!?+kh|+{j$~%v~Zl0;~GAZi1?lbFnS?513giVt-$Aa
zgPa^V^az1F?wu}eIP4+}IrV^x4ASWA7c7>bbyQwk#i$82uCCMZ~jW1v9I-{0SV=z;bK3k!2{
zcIGF4?hZ=G(5cWUPkupua-`HS0zof@1+;{q^YEj1Zi9{#$39j*zCW{`0OxN%2VC_+
zGchv@5O-g6cUM=}9?S<(3MYxE152DAKy-I$@3noNgSL;3Qh8P-OUE~)FSD
z|Br_+Ua6=wBM`Ck^S8)|NTX;Nt*@{ITU*;Cez_WP;p-4$B*Yjn6<|k{Ql_DMgJU4Gz2W|1`odx|MEEfPGg}
zOUwD_9g)mc{p9!01pwmH=Ka+Lo_3s_X@2j>MNYw_Wwk#gQPh)ynBu-Ea8Cl3Kj~x}
zLqb8ZaL6l-S{ot*jQ}u}nJXCH2Rc5`xj8{U!3Xrv(f$JDg_@$`VkV``1Hfiv1Ynce
z!>RdAam11>lL*bdd$K7a_CULw`V<^2oJg*l5EO*}^XJcO$-Q(A#QX$AY%t5!I-b`g
zsw!G7T;71;E-mfL&L~E2^mf&k@Tq5p(-hK|^BDO}yXL@Xa6`>NPYRNS-^D4jY0uPL
zo(^veCDU@xX`tOD=AFgG
zfh
z`wo#!esV$)k;3;8c*Kl-kEx(n{;U{cGBMPW_yojhxywx2>q=_1-#-nU%1uWxibzcPJ&tIXKvW3CFI%<(8WllxuTq8`*K=@H`&KV4Z3lsh0NNk{`=YcY)co2@^hwTzU=R_d
z+2tqO^A*(S<>p7U*LpDO2`6VOK+B?{qS@0TRG_q3HJ&`h#Xp!^XsQhb9Xc+>oW-i)
zFuBatL<`79mY7<195(~p`2-2Eq9hIee$`hdlpt-lT~^I4w$oUBjZKRLjr;8EEEywx
zD@eHWnA17?uNV1j$2$MzAKN?G&#ls5a6_Su($pZ|#+rd53n<0?LwKHE#d|8SKzs%D
zI1B_}MTRz}Z6FPTEVUE_QGpa^&Z`m2F4-b*djIPO;4Zw+&$(YVq?$OGNZ-3_`1vCNf$+`0|R9ALSJwp
z#~6SaeV6PgHp&}t9G9Ti;3JGnItI1hONWQ8%tvSHJaKA0@bRc($!(!7qoQ+u{gV~8
zuT)j7unRV`c3Zy#9EPofiHTO|eBdGhXuBBXD*|G|lnseTVxKY<
zq7ODNj)6Gotco#CiRJt@26X>$8s0@<;PgA}9|!59=2@CBO>cEg%}|-O8o(5Hf%peh
z@P}eziMZYveXIj$FWiVx{$>de5a)=<>HC0<{_HF>`sJ5s)Ql$z=ky!W^7toqd(rT1
zw8?l83i!>z;0h=aSwnFn+>r<#0`Nuv6V@2%UO71x6BUA5BGb{=7Xc97YtSwCRA0*}
zb^fRSN7zjFy-VOmTPR#V1p^AL`3c6$&BQxPIm|lA?9OBi&?l_&#?2dAGW#37f?!6#
z&Mn4zW~q~mVZc0ECbZdf9-&6Pw}9S#V+;-S-L1<=G;8GtxeuJ_O=c(GN%B5UHqS}-
ziU30dZ_WPDdC^OH-LOx!-D%jJt;lP3*1x01DDFpVYildnkgWDolo@{3r0yl!E(F(80lHMvcJ*}rW#ODRdhp8h8XLwgOav%t(;C$oQ7zMdeM12Au?
z7=LSNKeN`uDI+6O*svo3Qh`5Iw2S{k^^U(q3LvJB=|=Ht=z~gcy7L
zz{A6X+yPI>^AZvK>C@hpE1chRz|f&)g}RW=lYCqywJVA-;F@sRphNAs6;}b5_sWVM
z(4%nT3OTT}ZGhFRxs8Ox$c4k+4orJTdhlKQ+|g!g^llu>p!a7
z0m5~(ZHG~7fkt*>AQ|Z3fbXfLmlwWxl8Z>@;v6w7m#RHAZSG`Fv6>qldj&VX&81)7
zB~-U<2>Oyea5#R)9m8yuv>qTC;H;1@Ri)!3EZ!-TReE^z1)%Juv1_bgFD44D``~V!
z26F1+;tuUS*|?IhlkLfI&eN{gC-}fQgex1?fX+Xv+g%N!oJIX4W^QY54@U0weW
zBQ)y(Wj3FcROYo=AezJny}!Cj^edBC^dyo%RuA~lEbT%5sge6l6GoZ6;))lsM={XtRg~+8~
zx3wk&T%;iyj0pH&99f=aS*zCIMnAy)I@%ib;y^1GjgL-yj~*NyEiWiA+ZNAEP9}pr
z^15udKyN`R;wOLWfNp%5nXPT7xtb)>w63869}d*>{NCHcKk?!HUO#6mXZt0qY2Itg
zMli?#JvAkxViy;(7x=WoK4h8l(KZJS)=#T4Gg*0ILV3ug*7E=y|Ni@UZLA>W3HqNZ
zhZ*H5Mn=XY3HPUfRCo*gH~cQkR5-DV%cyoaH40&PAMqV{c1vARs@bzp2Aq8#2%Y)o
zD+xYmL+JSp;5VU_akvk>50conSTIY2s*iHyqpf!Dxfh`&Z#9tm3OK5gJUWF+O9fQW
z<-e~cAp$XKGMG<$dk$`Y$|m!80MDH6>p;W|-IL~pC%@7|lE_EhZ?;S@8nerPZ)@HQ
z=8t-S+fN&@3&Z*pG710fuDve`l?<>$w%|;F|NQd+x6dCw%wgvR$}l6~l(x1R=_O;&
z-Hg-IKYjZ2H6=l3x8_X+QcPV#o&Gns3}mMj4#!4VL|(a0Rvu2EUgxDxC)=CYLjQds=8_mUMyXJ2G0@
z8PmF)9F8lWwFP;Z-kzSna{Puyz%hiIPvA)RsYPPIWzc!IQ-Nu}FruRKi*uaOAq5Zs
zi@6V9n9~XftwyZa_w&Q_+>dQu)ywJs03CdLIL%>e&#pnL0O0Ipc_RL6yv>Wr_cF8$
z$`jLd6`0>=4q7i@$a}Mk{AFDiSYMI%{~R#2J}l#u8|Wx8SMZ+yNK7l}qa3cj8j2h6
zG`yksnAdvyY=6marZx`Df<-tlb%-Ws82#5cD7FSrK%nsXVb85KwKatehb`nRZ=q($^3F_sr^LS(3@t_5YYX{qkkxe}4Dh&;B1W&-#DFQ0@Qz
zMT7&@$#6^HzwV_WUp)2aaHCJ*iu~#SK68oC0|fBN+k|KTZh+;$?jA`naO?EuNypuP
zS3W=@i~Jt$yZ?Ut|1?bezyG=aKbUC#-@k}((&J|wrKMeSHHQ)CiuGAWTgqsnDIjF%
z)w+>@L`o(iB7z6#ko^`?co|^K*CvHiy&dbHfrd{PjFrOSiPxIY%ziIrWeFT%`$QRj
zr9Wn^$6#aX1~((xm_$YDqO+3dbZQI+$0qZeZGnW&ABKr#Pi
zY*Y@abMn!PtnbvK0Th)dM3>j?_(ex#LMAVmASd)-x*9h#1M}U*F^t*%?|VrTjq?n~
z0Gqf|<0}D-=qNXexD|Pd9dY^g&{cRda)zSuRu$3I;o+h8YElkJG6A<~X>SZ#Bmn^{
z$p>wZCwaJ47C|pu+bo`8&v5;ZMDoj(^a|@~I13k%>+V;gDTX@gjmpT$(sWpZgWhIk
zgR6MR@6<;W7L4yan3aOq8m5jrkR3J6wmBxGDsj1N<7eU(nSb9`X2->74EsS`$^>tX
z4p5UGt`-sgFrNBjFjhOoyIk>)9L0TOypCV1r)A`Um7=3lnpO65F1;3r(?MgbIsX56
z0W|e+XZJab6n(cl2WvhN#0k9I+}mJ?cQjO=dQW9sEVvft&p3sJx6P+U|Z!ao+IzB4;s3MMa#;`?GGyns!V~7qq}?H
z;YkrAFnMERy*f`gS*8J|XQx#*)vW_H0Rb`XfC
zE{CdH5=4#Nz=Php5Y6hkOCUtP6>q?l7`3iEWATq!LUNlb!?(1Zy(}GE8?nD+
z^v>q|#nudZT+C&;bK+{!_N+|i%2o29i}|r540f5eJAbxc=-ogE;eWVv<-2rKnl7x*
zXSS4zn#=!4gHO%II8EG@2re~6gt|EH(N$3)$L?2*4-cFJm*r~>ji3OpW36(TD@pA_
z!`zXJU|z{j{%BZa0>tH-k?LG``5Pc%2|crhOgpaYvR!<;s{KXNBO8urQjX
zbjJbj^u3Cx@>Q+M@fI-KJvcWj^J>3SxA@5C@adH8Lf1ED>-=>vVLP~7!6*IDd>78U!~sJx$TaT$
zY5Q3;{ZZg>t0?&8qrgVY6wN*gE*X@aon5X^d9|jHTu*(A?)m^mr8HDHh2C2K@adgU
z)8!tjRBtpRUia=?lA!hA$jJAKF}otd2j_>L3yXyL)vj_o6>1mTjsfAon%?I<`+`zR
zXbI&CX1C9FPGO>rpP51aenXO+nD~!g(tBWFe|S5ZHT_Ggg}|oK&A6|jx@3XRJ`8mQ
z6up!h+ILRuv%1mJ_liJP^m)9cZ06EqUKCoT{hw1yd~RyelO2q$-=;ypHxcO0w0J~R
zoqW}YxVdMTV%+Taj?*)*~C=ayx;4XmU0O#Ifuy>tC}z$kg`!J+f|am@e90C*UFb^^
ztoAv63cHvvf2Z%te6n@Uxq{2#EK--Yrv_(mUXOtZsMlKJY}T95&1Dl6P4;hFewgLj0x##O9v8J`eE*23Is-jJoM;khv+r(02$g5y
zKj03_%gf(lV$j$zsCEJ(?9-CsY*4)pNTkn~@8UJp?Vc=b&Fjs~-GUx$nshF-$~;FT
zqj9U8oz3od>3pGX1xA}gT+kqlGHv?(&zdP=(M8pU=RBUDlauKs_uFEG&Ew5D~cBfsJwbN3BO(@`5g9(B9c9Qx-=00PlvBoe0~2ZhkgYRw{mJ~lsv}u
zx`Rdk-e=JA=vKVf8XMo<+jE)})-WNRyP7@S`+*1z4yRrzSpA-!&Lqa{_h5VON_nSl
zSK4nEEz?v6mkMd{z495O{9|At}slSNk*tHdCS*-uG#EHqmvGaZIt@WVUj_vzD(zOTK7-Pw7482~t$H
zbQg{w$^=i6@Y51#a(BUH32VIxr|PeN_-H~o{{fZpeWhq1Ra_7yj0-RA>6%|Z;*)zS
zvPbgc1RWcLs_Km`bA=n^SZ-e)<#eJ_F{MAUiA*pX$s~X8H#%oShvJO^hFnIzz5uq9O+(n0`_U{!<7bda&(_tV
zIeUq$N^KBUhSgrzRBU%N;`a=Gzc@52Or{uQjo--l_|l9gx)esO
z-b=XyswgN-XV_C%NH8hQ#+zCe4Hcz$9`3*6EgFp^Brug)~76oe-
zPLT3e$7Rge6-@!tY>p9nzmxgleTvLYliIyJ6U-f6$t%A}%wf;=Q>TIBO+bk51YQ*5
zg90$*Rys@gx;wP}?H9RDWD|?lD|K4=pl{?{>RONQ$p%*hg6|@^IBwkxo@jb{hY)i3
ze)O-F&AF(5Lj&%A7oq0S|75NZef=fu89Id$nz=lv?5KG!a9tQA0z;S|-EPAv(}(5!
z{4AyTfp<~$E5`%6ci!+KQaHd?Kn;*TEenWZluGuH`I>sXAANN;cbKg8y}Kot)S7Ef
zTklOMuyZZu$Vf$j^n%NQ)-q^hgucf3`pj7k<^*-E437Tqzwe7W(u*{3L>d;UT~BGk*a3m|Wac^o}9_S<(vz!H$}`;YX`E>X;{
ztzc=Onp*xZ%H9K>>-GHu{@QyLvXZ2dy+;XUXJv1Zy;lj@3W@A3LMeNby+U>fiHxjJ
zM#$#5K04?8f4_6i|NlHsFXx=^OOEg7d*9c6UGM9Cy|3%m5v`-uisv*?jk5>VRgg#E
z8rszOu1lxQ(Wm}Qs^k*=yPfcO+-u8da|_VF6wFK;-X1VKtSKACXQEGviR+IFZ_f;^
z`C@N2er@-BUiLy(MNhKe1=9ED&uEzMhkT@XDm55KepyvQ65mARY60SVr2}rfJMC20
z_2N{N?0Z~;!3VMIod!(;h1S;Ah{NcNQWB^kg2o>8xFTzC?nmDj#adyCM694?p?;Nr
zXGo|29=TUmQia$rs``xwK0%191~29YepCidG!j7ITj}65QTP^tEgwhi#D6NTi5<;|
zHKkoYe9dd^wR>&y26)?|;@zh^OIi(C4>eVK%I3z1kH2vtzZHt%KH++5mQb3oF^B%c(AdtKlJzei8G+$yI!TRcJUC?3HkmQt86hZ?J)>$e2gJy
z&|S;O&b1Lz*4WLeO3Paq@|2-#$uo5MXR<@aetOWnNa1dnpySw?`WI~yIV-fQ;WMkE
zA-x_-k5w9{AF}TZWHjqJabHbsjKpYYy(|%_)2CO_>@P!qNZvj7c%+8VAa>2?Xi+8Q
z&}^QX;)))9Q~(U`$l_09l52)}NkO0xYMgdN
z$@Vr|+uH{Yx*s~k+m2YAq7Ki<+(6aucF%kk5k^2s2D*mt>Zd>Ekx^V~m<$J>Wzv^=
zofH!-EG%qo*Aq9W1s6M@XzWL46-@XN@;UPSyoG^*0ZgTYeQ5#L!}(YyImenWoj(Jj
zn9`x{Gvgd6d8JsJaJqO@?3)bVohWkYdnsMmQPnro8BRHI(8?}F&SCmD*&wJ!)o$Fbww
zPxQThrVuCi7@}L*%Em2$M8eNyU{BQ9
z4!p%uy?*JWh`676{`~oxM;$b!pZomz^L(vl6ce4WGbRk4dcV6~(0Z5j*SWyjx{G$>
z%UgGW$3=>;01vZ63w27dryZ#>nCFjPev6ChtS!-0UqT>#Fu8PM2ce5_JTcQ&C@ilw
z8y6M9Mx8c`Xm)q*(h`}&C+WH^Wxp;m@1a38f+I#lO*^{vE(4}4vK{3y(`ibczIT<3I0zEu5iy}N
z#6eE$Ut5!pKC6FDaF^083f43~9k~QAtxe`NoTf|sklzS@giFSLyeTM1<+d-^RWUFi
zYM3kxB_bxysHo5sURhjh0=L7L-?zNgY+cUMMSV)qf+taEIYj+(h-Pm!;}9s(T!tyK
zZ;=wF+}Du&REtgOz`!8Fj2ef8{++V-&uI7SlwW9&&tNo9Vda;o
z^-{pxkm8I$;U64=GgAm7C>aPU$B1r_I)cK@b0fK9E){wKxkN+=Z;%$*jR}-hB7O=@
zmSgb@A@;(TT7S05+t0ll&ShrW-u|GF-Ob9#FZGhEEz{O8vic;VzzYx6L@jkX^{ziZ
z6AM3a5C%-KyZc$&I&kn_26IMf>1nVs-j&i(Tk7@&CS2jPrHx(W?KZczjG^&=%}r#(
zM})=w?|zXWS?l-OOJZ49497BuSlZaAJv&Q`nQirL3hv`5KAq#hghE;0UN-LT9JBf%In^xxVt
z{H7mO(vxK7DO5QA_tnKG*E?D8NXkEcCOa%qtMzdg_MaYznS(|aOzQW}{PhlhSpthX
zJYFpK@2D_<&RZyJ*ImoPp)U~ed;8wphQCv9>t;RqI|BIOa_)_sw~q4^e>@>2eK<~j
zetra#oG>NkdAqS%cV2LxsKy_ztTTp%XHX1sr*!r7Vx7X(s?@L+pCMpymXBIn_
zN~Nq>-|z$`fLg?utHfPu$ry~^cq8QZn_JSP^#!%HNyC1nSMPZk)ppJKvvqa4!f-F!
z$@;Sb$%*yT?F^%RonLvc2*JY!hq;Bq0HP3tid7|MvnUwM{#|sH{AL
zcpeWW2GT~5F&4RRn9D{zs;?J?s)0roj4+}H2VFF3`xaWP&`@v!Ak3`oA68K`Lnx(&
zMMD+_iLD>ox^ura|G7B*L{wB%je$h8Mx~>q#6e_)*v6G(vHQzQOO8heyJa@8P=P@~
zP-tHor)QF%ANu$T_ce#!w=E9`OZS`A_mNm_M3&Di=rSs&>d2ly7E2?X*8Km{brK8T(E4pmh#>dmtGZGRKmUecJ*}A}nCA758Fv;C~@IVm!
zFnmFmU^-uUuda*vyj?~z$oT+_7U?7jNI
z#Yb#iaEctO^gAc(1Uq3Ri;JD46=P##VX@!~X)^?1V!!0{X7dl^@jo`^ZfCfA=>4e0
zcrMx)h6njE$t68P`b3aFRv;b60bP;WvwTff=vmluo*NUXRoru19@EZM
zMNnd#bFj;(`p2iLHbXuYD5!44%_S3;Z@GzB+S<t5-ivOo%R2!8wGvKoV0t4_10B)teqvL=~*RNmyRQFKOb#;OWbrJ;~CPm?h8d&8#7jbuPoBSXN
z0H*kx5Uuu07CHPDORf?>sT};r{%?vji{KRin49UOwAxaPt39lRBM>X{`7%`HFPlc=
zmlI*4gMA?`STx-gbfX_Xel(h__u8=5CwhJk6P5QSe{lPgBc;$-s>_#ZF6{_k>XLLi
zX*DdPB8IEy#VI>gIEGQu1TSULOKua}l%M6&CZ#zW#1@n3(a+Op)bxIc`~6K}O7{A*
zT)}U@H{k0qw|`a6$0TGFt(t6`Ibo#K{ThW^6-o=`rc}*3H?SwyU09u
zxO?|ZXuIUg^TICsopa7jbIv_f%7;XXF^Vi3Aw8_BYLfVw-KOT?LHTJ2o9`AExl859
znHd(lYtUf|hc^ttM%;VwATvK-kvf_QukZRco$L2cXhAJ#C;)(#_V%g8q0JwcuhWwl
zKK#KCvISfyf4A;h@l0||wHy;@4;6edVPfoHr?2vUSW&z<<8i7J6@W+D?Q2x+J!aJD
zEb^nas#h-A?vj!)YSA%Tc}zrh2~l
zLa&ZuDO04CF@M>}`yE1AW4;3{r`8W~NoLWP?St(l1vy9|SyFPhZL(L+?ou?~rPE>&a!aSA
zawjg{#)CLB3;~-PiE-{WhL2l}-RcZQ_P>{QY9n5NUL-g!j`I8Gasqz_W)tx95Jx~G
zDS7A4ITWIc;WalAey&tjUfyJ1IWyZ4EgUpK`Dkr)w*Du**K&fQwLld8qNOvTtmNfw
zZt-VIE3d2?^iCE(PQ(5hnxsO>d!O0LtP~4&1qMnc;?3yR
zO)(Uen6|Cy7xw#1(%DAev!vOYE7s-nRoUZ+xgf)jtG<@_=?fI8OSWaY?KZ5mSJoFx
ztg60w^r*!IH~d+1uMexN)CH{rX5K_$wLtZ)jpTSoO*$c092)7yhTD4a6{7s<<*@wh%FKA*^~plO7G7_NwfHEl^GAGW`c;go5fa!z=MY7htr@Wdd
zif6NNii}AqulUP5_`R^TW@l#eigz$kR~+UR6u8VCY^k&OnnU9@FD3FArW&&iy6Y62
zA@uOULG~~ts(l8T>stiwFE|4i*b|Uu@%>0qOcrRGS#LBiZ30-N)2HT=SZByNTzH4%
z#977^3Z5z0Q2sZRHX!d-;@+C5CF#POfaYZ8oUE87QmnJlT0&=0BdXV{a})imj{RlE
z4ijPQcQVn*^n`JynIE*#s8|apIdT(tQmt}RW{yHkO$vD$(**^d&LDCRC%)C@xRdBxNWnYh1IJzqgiStjgI_w?H>eS{-)G>ov8pF0W0=
zVr>5O#Tc`r)b9QL=sDehgsMdCxb$_)BFh~w@O&(a5Yp=E>LA>^Z4GJhrk=*dMDh|C
zJb4B(ZeUpe3*Ig$EG%qqY($}qApLX{ipnJdEJ#sUzsI7ht2>|S)%x$qFP1*zjNh6=
zl*6SsryrUbdj3W!wwJzbF1ATBC2~@pOHM%(z*Y!Vr0%K+>-Bm@hZDgZ!EZM|Y7}*P
z!zT1%8(JuaQ(fAE2wq#2#fMit?{hIjhs1R>oOzYT;x(4HOBEoC76(KH@=EMawgP|y
zFavG?w3$1quD+Tg<|8^&e$H!?ta*AZr6*TkPb)j|u9ugWkmD2z{Oo7d$JyMBe*gs}
zTl<|W^sruk)OTreE#H2i<`iSK#>;1suE8DReXjzYa
z-SLbJyLF7=*~@@U0fkmfqGqX1jVt@Jv)2NFu}ba4!>IzjTRi&FKq8a291W|tlNzGxpU9vU-Fs(jE#ceH!--_O!4)DHKh4?
zzUg%0!nbW31iRLEdrFe2u)f|fVvHFdun&q-EZX_B75HgK@uQ~ZbKARD#-gm+pMr~W
zVh0Z^DJf`aX^D%J+Tzet!dj*qp-CY|M`!ZrS0!Zf#^pJ@YQ{!JC@2kS)gN_4Uxsh4
zzrPTUk`?&;PfQK@@Fs)eyn#lsJ2*dg2CB;z*R$Ww`lloeyvH}Qx@TtTq4>x*;asrc
zE&FV2Z59IOf(7onV*bogGmK8_sO0QG-kRWGSzZ8I+LiXtoo)YO1G?>L=;$O}TzFB9
zbIw<~ez~7uioWL$VlzJuJSt&hO|7V@|5FPFpdBZwO73C4=jiI|Bm5G;%Nad&TBl9cM0scNp%NKT+QOQ3APo-^Ul
zTc82xVhp*c4`egco}%ZVdRYuLblng!=P)P37$=wp`MZgY_M(
zdn{cQ1*-2}Xnd!^;L2a6Ea|&W(D6fB!NEJ06OE0vz~L)?qx0q4_21j-Majr0UO5Vd
z8gad08;l#dwh3K%n?6CZ6gUR~X_u~Q?GpY>g?~$38Qk$8X!EFj4g+-xmFz5TW
zeN1zHB8k54Mh7!9f~7Ox+O3~@&U&HzKO(zHuM0SCdaq5DSHk9yat7+$Vj*~HZ#TV0
z)ts4Gv@waV+W($HtW&|fH|D&C7taCr_orw6D2@lai991{IHc-YeXF*r%8ZlZ9_uho
z;`@o>#oh9WSh%|(R@B7Ix#fqT>*40SmMK-RC$8){^vLv%!=UIY1B*gVqLe4Q6&>co
z&lkfAKHBk4ibLonbhfQl>iKwUacOBFgOSDg@0l7B_f<(c|**>6r6J&xA40_yu6SMqoL)p7sIUwL^%3LW8{%zE*^lo0+!ukLnsR*ZgRtU%
zPvtf0AB)MZ2qVAg+puxb2|Va&pTr4lAkp8)nmUf3H7~iGto`8otSuX3h8~3p0Q_QY
z^66r3fkIggvMZrH(TR`=3|VsFK5YeNAp25e1X;CfY)>wu@rN2;J>nC-C_};C=hWL{
zzO}|{9piPtg{
zV@9nJU?TH>;|xO(9;qkS6F&{BjT80txrY`~*KM6ryMr<8?uX-pH@-{MsEr1e-P;h8
z61Me}(@}tuOy$W;hTqEyZMML*Pj8SiZ{$m^jF}mvNO_4IpOGwl8HgWJ9VG^;+N=lE
zF&6|1e_n}wps}vwwG2}?GQO(r3O5#$d=kPRFFmKdbKBW-b~3uO*xMY-vqqTqX|OED
zUvv}o#;zx%){hu)c~@L&z5u=M&(OHMg^mJ>!^S3;XJy^ZnG^ADCF=7Okx7iIR5L2D
zB?g&I3}5l!#dV++S%|?@qWKaZXtW~6$5?%%iyq5+VZnFf`io!5;yOg6@xCP67cESl
zdqGe
z;;B<$>&3=LS5C=vtomFu{l1TVK2rlNaqq;2Mh
z1;3FD&IpG349ln{)KDC+K6f!(*z!1!i>}Xc1|gf1d*TLX44$?!d>6~JO$3;P@Ex(S
z9ix1IBgC{;lp}7@|J$*D)Q3J0B)-ezIE{lm%=kclW0DWra07{UobnNev(jn~;QdtK
zW}xMhD7+m*N2&Metsb|eu>WAipu&+ewE5YlaC+N&bvwo+sKpQH%%OVGSjvCGuv|~M
zIRl;5;Ywn}63ey4h}hnWxj)>D-y6OusgCa9;Q>=SD9z?SLhBv3h)5{ZjhB{|%Gh$7
znr?iA2^j_srK2B)hXYqu>@}9wJ?h|s7^gNfT!^>8mGut{WOSOSSpCV-{|6J?dB%!o
zHAEg^j8*DiC25^UcHdqTa`RuSlZCUguSyCj*>xWU24d4)y@xCA9H@ziD&YDF=rOz_
zd?$(t#>1QgGZ4N$fgX+b^B1LAvUSCL%*gU%AS8haI3MzrNbC;F^}qXk`NRpVah~Sr
zp4?j}_Qu=?d2g^RztZc|Fh4Emi#-m?_H!8?9C*MIuU=t+h{2x$7cf~POeq1Db836P
z*l7kKhtW__?2J%TqC^=vTQw^{J!9>AY2VjTi!_ZkX&IT~`^%b8L{HMuictYxrnFF2
z@wZ=wR~q0B*eD4s?nGKcJt4(QgYI6U`>#u-VGJ<
z{?So9ow)w7F@m6$bkDGf3Bx&>_^#N8Xg7a#&t~5zBqW>~n>-SLdf11-!2oE%vN)hk
z4*t8N=&;%7T;96*e(h=H12exn72Eedq^w&c`#Rd046c&xF9`*Qu*pX;zN5FA`qb?Wn(F{G6@Azvjw6}*)
zA|G;LYm%xx7a6vs;f4m@POhqJ}&?O8CkJI>AD#rP~P47pwUJ^qTC&y2(_VAl{b(u8pP+px2Qfy9R3_D?_lNydu%?5pl1b22a=@$nE_j{@t@Od_|*lg(IGz
zgiRvO?B4zRO~8FDylPX^v#_`dovTU~6!q+lnV-8hVluD~}zu1e9czDFafX
z)#oV+CV$tR8+A!hppa$dcOYPVb;AEhy2$arflBOc1B3if`6v(w|C)}~GW28X(ysRu
zhEYj`45Q!BQ95zlTwK1-o)JUHLo^L*%>)2O5}bPU-&!(cvr|4jFCvhG=yI5@gnknO
z=z0I~%^OT#q1^ZJLKhxpz{n;?fb+Zg*x}}LOxv;Dh(Rzu*Re+y4)d$$U`Vi~z;E&d
zCI-rUb`zol{i|Ue4eG=AcqoLSe-_PPqqG~muY;RGA${WCU^JiIF9gDx{XHB&3ZN^`
zPW%4EFev<&%EcMcF&}OfJPLlptn>edI7E8W#KdNnJvaMhZe6g|+<0Fb#e@fCN#3|i
z-2zILm;M=TS@XjVuT~YFqzJ+IC>JE=g)oPFs(DZtWv2nNlq`;Zf_|@maxxqk3e-0!
zwZDHas}%l#oid>4*s;y78Z=q7NSX>|nMx`<{;G3A}+^o0+cN^oN*LFVm%N$xcOi+lZ
ztTY|ZlJCihGNVR3TFn
z{n^&Ui+CILdnrnnD;y>Z*wDVY))YTjH3UQnv?HiGjDh8a
zL)hYnfivY?#aEDm4`N0MwyV9^l-akUnz?8~ZH*#xKv~3+M***_O@;k#Grz;ujAS0H
z@r@D~P8-+yl6exHCDqv9ijCHugy`wy_60>d0a`#_=AqZfz8Ig+u0I)^he%yD~Z#5uzPEl02n;MeMF~+(}A&b!F76VMch$UCBn?Jlz1}qwa0bWmzzmP@j_3uSZe3_)x
z4L2LG*n)pN(Pf+{0OFCfnd;94NPt!A-;UbPdHB~mE=TQ?BC?goq4_7`zQ55JiCVhU
z&k4l~O%Wa=82>i1ULRN4K&KrE=h?=Fl}S#ut=5q91ni#V)16-bP;a>OLw)L>sZuOu
zvxVO$ibiJ~qgi!N2pBBlSyI04++0U^T)*lOl3Q|ut)d>WQ3&S*~Hg=s^AHf0V`TKc#+{4N)8||(&{O4W@
zbPo7AEbHNrsh~Lv(S7^zqZRPjK-;0W7*cRSYO9~%-VX?+j&q$9h!P0GQYR$!TM#HA
zL2mi-V3G(02Ose-ldFCCr0|ZN|G=>Vg=M5i3{_{e7U7)$NZC@3r;YQ1KWDaB=u3kk
z%P_O;JSbAA2%GIIS!W`~G};pbik+9a9SA
zD>BX()(}3!@2K@YWdu-a-kk<|=(F<&EY)M)wYXl;hKTG^wZeY>ila7xEGt}ek2%$2
z>53W5?jZsw)p-c8oK%VoKo{g=GEnocrH>Dh`2XfEpfJoHdc;yySS^F3MZv-5YU_!!
z-Z7we3U;3RXLtkm+3WHAzf))T93jY|npU?>c7M+CuE@_hL-7@W4Qj-~tm?~3?XcYE
ze;_#U4L6sF7D)zkkt2xb^Vl)F?^$CzB4Xx&e@
z3IdUk<4UlCQ*aMs!~@lZkDz@P7T9&LaYXWQ61o~;hy`Tr*l!r|VwwZRmC48X^-~0553hpz+K>Za2HBzG|SA$xnKjdL|az=MxMt8hK
zFrK8-uhG|%f*CnEx~r$&yyH62ZN+|m*-^{7%yPoFF?P24??*r6I4cVc8{!PUpyoz`
z-}qZH2!6LrUPIOmEDiu~h#E-k51t9mECfPeTJkhm1#CZ|UJoV?&UEOCQlo%b(JnE?
zL&P?~5CJ((NJMlaiV2PwRLgDjvF6mkblhy!S9#vNlU1eaKasA221NE_TYLnG5DE{79+9U%2uIe$Z!=<#_P8{{a%j--rv-5!dc~ecD+JT$YxWR@-km%H^xq
zu2~={^#m=e_;7{S5R7E1C`$)CS8Re)VK){CS}r;vN8i$dTM8^2ow_R7P}aT)oS@ky
z-tIa5s}Uc0PXro`MzaHcFP}l&vbaNmBLEKqhrIG<{6oa8p;M&EtwAGPGm8cHWuX(Jh&zW_FLD#9Jq0ytG^^yf7
zmWWIXT=pZvG#YvSbl4a0s37?v#l?g#gax37Bqmj#C7pp*Q|(pUc=m7SA0o-J&9Xy)
z?0*JzS#NEI9{8014i`})^RXvK5hN&@ZK`NRfW)vO^iyB_C4_U^nGT9|0U_H@os|Qr
zL*LEwMmcEjbWieG#!kf^(+!q)7c(HzJZnqTy0;8TI$8D=#>d?BX5h>~3&WUd1TUgH
zYcsyS=qmA310lxmLZ%sv93)0OsME^Sl#y>6Dtc?Lc|nap~ig;EaU95t^%FxF~HE
zz1J&FyE-UwZA1Ly-5XmCqM+;fgAORBY^O*=L%l0V@xz0=j_A*P0YV@MVr=q>2sCM5
zGQ*wppV|_Cwgn#|ba-1J<3KI~kpO1?UWep@6ONGYa+M~em?(r3MInxM1hBu5$0jp0
zMSyakK802*>FU0SW5wAwV;JLGX}?_wvmhScPGyH6od7nPNo@TV>6e%PEpZP(L-EY7
zQkMQ7<)JE&s&91z8-Md66Xb%FXM@T!R1p;joJZ*ZvU%s;dd96sH*ctGvl?+Z|Dwp2
zfK&PSrmYbLUcdwvoNAEJwE%l#q85*H??j=bWTXEI3b#{`DnZQNWqIJ587==q-COCm
z*Pm};K-bv5gXRR;7hU=3MmGH
zaY3R6lW^1P>Ohu?$cA8ov!>|txW&`fe-RT_Y1UmePe@6<&vEJcb@nZ3ogjxW#Ef5?
zN1Z17^7Xf*4)D&iGAGbjz;w|T=s7?k*TaGX)30*If@(g%mt1G~?{#?U62s`O@2nLC
zvY>Q&g0Kma{hb#v{UfaR9
zAi{IR%XhrH^*r7#P}5Kr5`Vx_xqcA6zDa8oD6L2!P_}3OV0VMJO%(2P`b%_RR{Q&`
z_IW6B$WOWSH#X0$yYYAj3ycj!4i-i-;n`PSTV?HdcbEH7yY$9hg8JV7#X6{GJwUs7
z!BgOWFjd%_9RA2*VH|
z;Yv<_@R>u_8e23h`d|Zq9zb`|n74q)K{YjRlD7&M0xJ*6q>G`s@jn#TwuadkV@Xt|
zKm1ObY0IaMW<`IyX%M;DC@efD}O?p?|`ptxQTIR=3mi1DOB^=m7TJimp!Wqa4>&OfyP&<6BBVqAR^Y4-F7(fgebo$F_P
zYR|mudR@@SjFJvOWumAs(WEhqQpT093%qQ@>aKNI8c7(Z-H7;}D>A&<-s^13_i`ku
zi+?0-VQZhq`;O{lG+l!jEEr#p|0J5|y8dw;Kp}GqTuh`v>DMn;NVNYbCV=z%Lv#yu
zf>Oiir&yN;L(P`o6hV}S91{59Y3TKXnNBjpSs#J2K-ALUAZv%tJZ&X?`m7YBqfsxp
zLa{G^t~BR1b1=RQ7QCW4AtsCcG?+fss!A~80}f3j;tro5>T)n>>ceU0V+%DmxpLZw
zo0=gGuPBDvh#UTmNBVlaB7u;%y_1ksF?u8huPEWtYMOKXXu`NcCw2nSNO&UiK#6ov2!S%F$Yz8C*Z;-1Md_${ow-s;-gN1C_I%(&
zA;Bn3Erl{6ROx0AmKg4W|_OOO8cjXu)%&b=iRWOJ%>quTq<-A)%p1+QM`rO#FiraOC)
zc+`*V5UdKGgK&+R~Wwp(sT(Qv1nkb{g
z7rzvZ;?nu5v~j46qnLYg?<}1pR8B&4ZtJaQVrSG{RWAM2VPQ2>YQTHhdmx_~Tr0G4
z%)E*>^dI}t_Mlh_X5<~#L;DUa&tIyHCplOhSgb#L(GI9a
z6l*-m-4=YX?e|FOPXwGRyUOz
zo>z0WZ)8n8YcqSNs>gUJMAIJXbW`^N>(Hm1l&f*mM~iyG7PVw#Uup&8F=iUD=-qJM
zSbwac$)I)K9gqS|GfX3CvgB(vlJ&kV&0KuE`}%(szy5<{7uvW*G(E|*{WT|r(|uPR
zg<5NvP|KH+iV2uK<@fut
z#o9}i&9B%J-Gp1XDy?E}(9@z;hnKI1rIc@=g#U9lq5g%8o0U`EQv=7Sf-R_bNUEcD
zRG?~tu|K9=TYwEVL6DwJ!|eCQTr?xK9ffZasB5_V>lx4Ek*P$A9BS7~nJ8P@)~
z$Kz>N@TDw%^w-@U$+Ap>SK=BLtOW3NlJzu^jmKc=M$gM4H0iW!nLQkA>&71cDkd%Y
zG7zgF+Sc&#L_f&H7||gZ=KM?gr7FR4CgZ1z@biiFVG2}Zpf2k$$B1ZX>>H|YkzV}V
zURipKY8%UYKOEz-MlIvk6~Zbk^`+HAOe8~Wex|UQHOI_r=ImZHO1FGe*NmH7PUxCT
zR*_wqKeEbOv@0cfYh~y+%OiKOV*KJ__`gtoM7K7UQd5+Un>eLWD4%;I*J>p_Sa@-n
zd2vYi2#g$Co)x_4FbaWh~hKC>7_*TFDy2_}eK%q+eB;RmL?5
z{BX@`8_5^7iFh-s&LlAtn>Z&a`I7Z0>!gc?EAi)!4C$9slKnXk@YMZta^Bvh$d>=J
z)2do$fFU9n{p+np+q8|%f^8YHL|Kmg##+`4z3@@yMmCz_+aKqnB_i?MZ@I7z9Yk?6
zwoadWdVw_6SBy@^Xz9n=*1q&5i^qqTBKA#m6|vQ0X>S{(j%&rz4u-S0QE%UAc<$Y;
zz?Ff1yO@SK7wu93x{2tE=JW?pjjZJRUpii@b*4)@yq>vhoqZi8k8NM`04+{qeN0($
zsRX=T47G7f*x_A4#@5*RI582w#cF~a2=iaCbZC(llS9lPSE#swxXQ7dL(AanYvoSQ%Lq
z2rgSZ_WB&R&p)k=p1zLhKhxo5DU#|<_oVOb@!pTknRPts_{(44ie%YeN*HA}wY7h8
z34_hdzoaq&GuSM93_Cd5B(7w<@AT#NgmcnTc1^1a0)-yFX5mXf<3)0S?Cg)+?+;ZM
zs8xAa9wJ?Oh(Px)PaiPsGf*bRLLn`QO0Ri;EQ2Kf?H7Bf@qV%uJ{SO%=ic#H&GDMR
z(lzC&Rq75g>7&SV&QaKx+o(dq(uR*qm*_Oeex_u9ZWVVHjx2o1lz0^jN$I>j+E6$IqV*lmQC*piQw$fnSFXBR?p8
zzSZYI`DR(obAyu2JmOZI8Njig+_Rp7uiZ>~SZ`qt*Jel>^{|Er4%gn|Bs4V0O@A--
zT=?ZjZdL4~AjJcW^NdNi;xrm*a7IjvA@F
zeVoWqYwTHsOpLd36kz4ARQV+oq@KsBm$@+j+OoSim-wnhw`G*L?X@VMmLa0)hnwLU30q#(TTu
zd`t$i(6CT&-c46udn4qOAAce9g!TqY9hcjEcIkaIGu-zqm@gAKm&y)qox8tP6?STc
z`Ri?K#*A0JEcits=r765O{wv0JQR!ZZm^qpJ0@*u`Qsmy_=g90?6s|
zdE7MW!nMzjW7DR_yHwCg*}iaLnY}wa#v=nW?|{y6j*rVR5IF|JraICfjJ3A0>8aKv
zaGHHj20EGE{9cV1KS!#YV^6ReI8;h3%dcI^2Q3-&WTSlHcGy$i4U-47$lTb`QVTQ`
zBl2O10{613nXFWey^3&1db^~@A*S*_8JW7@9}~gd7PkK
z6#W0%syW%+zkgh=kc2*-pE+}8hrQKjE9WyU&G0v5fX}}ur<4_(qTn>K`Y;LmdIW!l
zq`zJc{Zx|ibJ4;=S|S@NqC0xeIRiAvFJU!m-eSaOv?3*NW{bQRtm!iGDXyGc+BdN&
zS5S3~m@$Lgefsg4B9JY}WuwE?OrQ(Up)UmPj{>BenUR4GM20ksf`Ust`agX_T1G$$
zkF+8HNj$#}M8f{|YCCYm^D#Fa9}itMyDE_J7#}-`jE?4J)93qmKKb7wRf&U423#*l
zy%=2Nv(cqq#01ev{l@dv7l#8i){(^olnuJaZ^!O@eAeLbyR<1K(BJi?p#{90r3@GQ^`*U
z7{*mPkXJRv^`Jkz=g8WA*ZwK7|0v~{Y~i@q15JAnmMiz@qN4;RI}0^+V$qzw
zgyEt)2(X?H%4X-}u(;JtB;1#hl49oM6pRl)d(HfrM+yt6barc!RtzqD$n~})twpI1
ze2Vh-FANMfoI#m*PxVe>RL!Za{8Tp3TDLeJ2v1QU(;|s!V)^+LC>WKiR75tB;&FGe
zD@EhBR1A)csOn#!`)qnTdL~!h(fpBpl
z;pD@$YuWbr{k6ajKu6;g$)4z<4U9K
zW9M~>7G^3+W;;u1c2C7|sxGs7c;_^ZB%Ioh{LV|umbl85^eqyEhAMQxF&MM);p-{c=Oo{h$NdAB{0?L+5w-b|GV;-cQJsvQJ?wpW)!Q;sq(ifw0Bgh%Qy>rPwWBz>E_1If&S1Ictb
z0gqt~!_0oeS`#Dc&XFlcy{8&+#hHaE7ur{&XO!MoT+Suk+fv)!)4r;tafFP}*DK1nK4z)_sXH{ln`SeFJ^|w(d
z57Oo5=MN5k7^hS*%*!bP-6YrI2e(;0c^skak>dLtLVG5V=&cfQ$>la%bJ
zd?!t)x^%I0o`U_{-;R?m^9l_;uc}boga{!fxLZATR6;R=(iextV>yK}w7oKG+fA
z1p19y0!}VWrhNZCc+dhX16S^=;uyJ)yZgb>jrEJTj4}qV$hiACA%Y__A`o5`9kijq
zX`&iu)?bvAI1lVu4*r;Nu7aZfsV@hML^Msg*)oRD7vuX~tN@JUE3Zo;jnM@0R%Asp
z!=4AVj}&$``qY{58y;*dlZmQ76FmBP$+N-ZYz4&_*Qw#Pjmn@8n*(NUg`qvi
z9WG&!T7|8Z{Xn=0f>k9)kXPdz9856J{L-f(BlGhWb@2A3I)|8
z1Th@`hJW3@6sS+O9`)lOOht)<-VMU)r8+2?hPbahBB(!YHKpjAaNTO7p_Z&MD8Lxi
z=%ql7cojL1{rkEygTypA<(zr2`~+wI-&}qwb@Mt?^Z!k{K4F-JosOaMf9+;1!g0r^5Cs{C2WesGF1gY-BZ@K)nS{6`tXcsDjgDJD0Y$Zl}NX&|GSur4P>~DFN
zoVBUh#(WPlg2q#HGUeB{n+T!}fKoDL$HtF)S9^XSjoXN7cYIvr3j4IeUhP8v!u5u!
zxyHw8d!awFDK7UBA#m_x$XlqQS9P0lxFmMz&;KlEo2=#_I9{h@^%T?t-MBmV}OL8#>ZtMeYHz{ix20E5bkS@B`nAAsK!h$DF`DeCqV=!u4
zPCL#F%AF`ELLfyF*h?B(TC{I|IdBuhS7^NE#ZW;CP%wKGL%f049@w!D$IGu3d}iirwQKhWX&
zY&}FZp1yO4SzqZzpZ2`E0Z(59E#{DvdC%ToSB6~dZvnEwLRtH6c|d5Pb571p6>=B?
z0rlcMof?i-c6pNiNzR2muYn(~?VjO^Ws&`)srJ_cgXj;GR1L%9f{Kf|Lmx{gUXA#A
zD=wfYm@)SR)t_05n#g@P8hMsyP*EaiF-3pG%U0>&nEZrCd-$gKaci>7{kudw%z}v3z1AfH*IFPXh>)0Eokwd
znGQN9&@k9pLRb17+5{i?Y(IFDmxstn*}C53=JF1bOEbzdUFG*?ANbC^7f;
zJb>H;Z9Kh*<+CClAv$8nellLXFdA6z-$&+&y?B8Fz?`annsud&Tl^RLU4e*)dfi#6
z@|lheXE0IY5A?k60#paTqWn;_24A`A@LLsMh>YO@u1tfDP$fp#)X
zu6IyspLU!AkT?IHRVU8E>j;GJwFf`DP`(&A#0bU%LFW9MLby&>N5;$GEN#FC*Sqv$
zCxc`ZEv6S
zFSw@fygPRGwF*%vd(J4wF5L+`q`T>9pV-7}oIG#Oc^2ZaWE$%}6^06UQx
zY*>HY9&!Vr2($t~w&-@aHKL-aiG70jg6Uomtd8*F82q-eO`L69sC(
z@^T6!F&UxOnF3A(^G1UD=^?7vRu%1$OW9T!@sFkjw-(8-VEFtRCPht&d6{eQ=pi=7
zXOT9_U_A0#3;n|&POqF2bp+Y&T5mt#bb?c7nFslZ0NL}eeuE1V88c?z>lHf>fc)+%
zlow!>QhH8~^)PJ`5MWRxgP0Gqp16gCEVG``)6)ycj4OBZ$!tWgmHEl{8oiu|C8w?3
z^QjAf-Ni@k4BN5oNF!@8!aJ!QZqiT}qBRlUzqic#W`CSba6;R*F(lu&P@?c*?Dpa;
zUraDF7Q~Pb(0u^Xs)k9D%CRsc9ov_SdIXn>rNG={xSkXghY}ASY{&FjeY9Ko_AOys
zDm0dw`h)d@?qi&jSrj@53?3QDgsFRokuc{Zmef*^lfQsS3Z*ny!;Fk(I+X^CK6<2)
zL-0x~nv7x3$ZaM!vl?#m`}?$LsK&!&O(Q7*pL}@qGPhA4$%CGAUg*A}d)7>OJ>C(K
zSGm@7(ei}%s-ss6{7OZVa~S4WwW8FbPpQh`p25Os>H}$-7A^8SCMM@GgMy5a_^W0KRiS_)b5lm%
zr~Fe_yaUnE;4*iKGHul_zq1b
zGUqSKHLrZBaXLQS&V)8Fn6@NgWtA#p%Z)8s=mRD=7Jv~4}d!@cK)Dd>j#
zA`GUe2alr$#WS#w#t685)3{vMxLBJZ#KRo(2C3?J$qr9_XLb(0lnOFr3IB1C`HyPy
z%FwT7rhJcH>xECJ<1|DsWqmlsBOnl1{DC<@i(IRO?vYd(7o-pTLR8|<*n^r_LueHt
zlT2B1!;uQDzd73RkpQd3*&iCw^4fO*4oiY1K8jsINB^*ufo
zvlrW)R7$CX0b2ZN=It<`B4g8ecG;u4F|FZxsENhpg(Cqoa@4Ng)^1}WQyI)(LP22I
z`IB!t;Y%wQtquFXzMC5IB&<&d)+s61d*D7o>y9R|+3vj~%yvbv4`urODov52AR9DP
zcr91gH&!5FPyygZo8=`#sO&JdWec4(N~U5ro1}j9#Ib@_P(MW#G=88>8d~=B1~ZN`>Ra!YBAHNVC#L
z*b(yhqBUfU_nMKQKd3f;Gfr^%=XeLjr(I)8lnegM!9kEFkH=Aq{nd-#lAx`j+M9?7
z-3P^7xiA^mb?!r}{}rg2!P#OWbR!aUJJ!e{*!mzrcUUa>Dk6UJ@tKd29PughWuJ?n
z%T{8w%{->{m|!q5=`pO?t}2XI5!7HGKKOTxBq6_xV%2U9XWh)qY4vq%I9?cWMe8@0f+#ihictB1eTQ^VMY;Z&Q?{W!DJdhE;mm#!l|B~-BoUcK0oM`xj
z<6TQ4Lfzs_B&{O{_RNv^(8!6Fg?AViamnpav}wm~iqx|b
zU3PFN{^O69o=Wmn&?@IT(jljx)TdQcBT~IbpIs%3Ol`LB{61|caJrwrM?+#nB;22c
zjXY7Z=WJL
zq&bbHA}*fd<#kL&#%^dIj{_pQ(3senXDx1w$sVsQDI?tIIhViqBawr3(Y1LM^<^>9
zb2R__dS*o$9J0K#KZvY6zCWqPv0iB`5iDD#oJZA+GqI#!Rvr**sBAYTZoSpg1
zI?OVh#@>7n0r{U6Q`SpqycCVhGqYQ@x>5uLGW|z5-GAz`hB-GqBPu4QM~JP+22;VJ
zJ^$l|IU^w}#4Yd~9YD-asz0#6lE*8U_mc@A1iP=Vs9zm8w*|!rBZs?QeBX_~lB(KM
zfCM#wn~lzOfd8e^xUo||tz!YuNW@FAWU0=pO!RMw9v-;?vE84|Adj3x8JO_g<d8|xj)IcQ)W!?R;|`@
zg*(!`d_NHL6G3sPPWR!rf_+bP2#g<_XtXI(=zBlW^!Ggt79cLR7FoT7lEDw)D*tMq
z&e~OGr%eUL0VAW6M6xmvTuZX3=Ov;;K(zOGUuXs~0?1u7
ze@{btw>#nlk;@66s-D@TJJJTmPyqnlO!hA_kr&zN+gSj*_LrF;H2VD@T?Y1Psh@mD
zI=hFV=YINjA{z;ik%YEOP0pFP&TH0u_dSeBnNA;91VTDMG*}Q-N@Yxvg0Cya}4WSk}^MEoO|*2AsuI9mz@S6~kaN?HEB>4xaO1p^4ZZdP7^^
zO7Bf!shveR!%7zd#F=``WBO#$rTfRhGX2b$`{c2t%U-nAn{CcFM!nOm7Cv*O)Bz})
zX2%HHG0fD|6oWuR=kkx0O^6iXOGp<>{P259KJ}GN`F4z8dLzg%V2_G@>iUyVkw
zK%4=P{AZrms`rzZw|8yr>|~){7Ff#$P9F?GQFspT(GRk?kILGWNBiMJYr
zc~2ltwM}?zDj1}htyW@!JP9b%AR;!^p6hygLD17dWytxh?+<{pOiaR9_ZFW3_5*wl$Up%x;`nzY1D8nzOub?7{HF8
zbow&M;jO`nuI_UCKHdQbmG??$(Fm-ah?JK03%8WPwP#1BU)1<5R0iW$63>okzM-MD
zLb=b4r~MeYxUkkfZKJG9wz+Au^&agEa4wk72B*ttL@BNGZ+Q)uT3t)>B}0pv08kHY
zcM*ao$`rr?=(}Ol1s4jwBGj)#X%nGSK!1_|H@A$huW#!;Q0tD4J_CU-Axin$H4S6q
zP=H(@KSRj?S8JPAbpp%+_I5lZS3Bi2of3ab9!4Q1WEvV&K>mh@_6_IRwx`gd3xsS)
zRc*+R!@t@l5JTkM-md2Avnrt+c?$YwpD8blVu9y@N-a=Pzh$DWP1EB{-h;~rb>Ij%
z8hcY1W_F9Y17*+UAcg}IMp;+amCUO?hG+%j_ngjXA7%xkXQ81JrFdb_@i}>Xy)U`p
zNq-c9V9`0W>S2=SU+Nt~KCn>5)0LApQl7h#r~N3Q@Ja+V_u!UX+1WiczF>~Cfrn{p
z&D#^_&}3+{1UHRg>`ldx6s%n*wJOC|zC0;bom3u1EqRJxOmkZDhedbkZT*So6JoLr
zkHiJ|%2KwjV|e<_cCh|&o1~5L3ztMQ-VoDHG38w4@_VC`A~n7~y`_S`gc?)Q_p-H5
z=LQu4xa`%Km&C1T7AF3bMdwbgY=)<#IFGG@k?r#GGU!O$Z$GmB4&TPc(z*Jaq9^A7
zfFL!s#!&ah4RhiX@Nxr^gRpSzdNdh%-at`p;i?HVd6N*HfAlrJT@!!=cer23!%a_5
zkNavTx|aW=o}LQaql?WU=|}kkdovA-wU+HTFD_2+YAo{7x*Xz;giz)JxZOL`wkC6ClmvgivJUV-e
zwzP2YWiZ)752x9&YG0Fvwn)0UGJd%x12XpYFA`xz$sJO&QXF3F(s)C~LUnRARdR)=
z9MbBr+Hoo5RX__FkCXTRRCU$7BKogN40LtfE>z7FHP5sV;V13@4*^B!mEqB|3I3T}
zhsOqsV^T~7NnQ^-hWZP2zj7RX>o#`58nK4(@bLJhOQaO(GSkU^P>unj=|GaAM{}ve
zSh*SItG%tQ|M0w+;vF!YZDjRBsvyjl6AsyVoGt?QSRevSk=g^^i_o~?AF0N>bPecr
z>ciN<$#bs7lqUOw%d!*xoqO4W>Z-{vMN>AE8(O|1@)%jef?gXMD}nDCPz*mOt5>E~
z5F?C|?GsQTt*JB9nWW2WP1BCZiZj!j+*bEY{#@5&;e_9aX|j0Bb%KDzpL?dm-q7@~
zRS%z=mMJs1E0%s5K|^BS#0?@91Oq#5Nn)s4HsmTyqpfIk^mV>f{2Ffc=~L-rj<>>e
zD_iw+-v>y4Hkx?_9X%(UI=A{yON#wER|qInt&CM3ZJ`$tLI66dYfx+-{}b24)GGg%@?W
z^U79fI?Bw=`%*9Iw*1uj)1{L2AM&MAg2w@(JO|J2F|6O~R|#WV9ziQnSE4UyXh>K-TT3wAK%I+a8?!Ps5x83)ZccH`sb_jz+w~
z0FP||P_Vg1J2=y75o{dNGc)T9`C(mPqm&V($J|;}KDl!eJ(E#nFLg8c_15^un{;Cz
zkHkvV^abS8GqK27i=T)T+)MbYVVY1GMc6DK^ewD}1^uxEA%fb{CsM1Uu|I}qBQvi&$g{i7A)B_ex#ZSRdh}Q@Rsq{n5MrQn
z-cfSEbgasZp?c{GhKLhWExm#z7g}Ct@(9w{mV3zdvm=*rUS#Mbsjym7d$}rJLW`T8
z;s)a||1)A2_L)zQzO}gf&2T)v@=5&uCUd)y)P?zlG8cI>6@Na@y$AsZnbDgmz4w{d
zP&RvPJottvv|lCBn90-b-nxZKkt{_H;h*Zl!ys)$E;oy>aKtgkxs|Cq0AB)-h^b7{r3nKt=gmVuA2Hri=2e^eJ>OjDF=C$-UI|
zC+4B{7Zs!TATq~RGwOCf+bxhd1^)87<)jH65YXx=`zt)D)XEiNUDe?*P{9TX$-ZZ!1c
z$1C6|o{Gg11N#RQCEUEc%5FWj5fN4lpqYR;Zz0oB;d*{a2^9?u4T$*^ff@un2gIc3
z{=!(Ce=O)$LA!Sw){~XMaY7176o`SK7eHMfW43%Y)G(}jp_YY)pp5yrqDpnbZ%OSN
zHv&Pa;4oIj06rqn^h)T}z(8>fmr^A5GM)T-{w%mr01RqAR6_&vjFzDxd3Mj!pFiz^
zdIwbbL!A$@x~7X}!9g#6Iv*nI=@h>)mFjn3st4_(PPjvYK)}X+I>gqxh2I^wK{1us
zJ>}&3ySeO!$h<2^V{oltg^vCpS_D(yrxlP}3te&G1?vj_Kf+
z?am&0M##QNa%(1I>Mel#aS@uRmllo3VeXWnBy!z0>>*>MoBLfkdAw{*oJw%lBMhZh>~XS^3NE4$9Y1lpQ5;kbZA6?A$3RI7pNS9W_4<2
zb<@`x#J^CLnA&X4>9Wb}hVmge2O!L+T+M8HdR1ZBp7L@gJz*in1qgt_R$6jxz@qG4
za-&~ovq1lT?s~hFUfRS2EcoK%<6jySLPrUZ%Al+ZCSyYXx4ISQey03Z%sh|jCFP%T
zQ$XV+LF)8GVNQ-|?{moL{@%FTvS9XidYu7!I{3?}(dVraz%Te`i`wh1n2H9EFGg$0
zgJuHzJ5OiG{P9n!yZ?UyPrkMr*i4*REVyJR3%3uPS*UEL#4@zB>N4QsS;
za(x4Rfe_=h*}G~Nzbve0fFcM|A;8fAREOU{0WRE1!rEx{)BHWI6~$A+_4(CIEs$Lc
z?GEbMNQN!FmWkq3%XV#cEgqgvE=g%F#XMp4r3Z23ltemSEIlRT?c1T9VK(K{u`TCw
z)zxtfrw#7`h9D5Y*jt2wFar@i
z1pbiOf}4jl&rC1KP{5~y5S5US;IgxE8&Xkt-H|X5LTz!cwX>qC53qKKa$Jt$@jLSy!vVFv?=q(+z&ahqRVUx)j|h(h`ne4n1q
z01I0X@57q_(xmWHr0@aZ)`dk|F~BRO=;n4F@_8id1QHrxIWI0jHhOuseF~&GBao<8
z#i{d974IEKL5K@2=Vi>yzGe37gNe(wcvjNcmIHrp0uZ{yxhY)a34NQc^;Fj{W&S*5%@-Ws@}ygm5b|3f=Fse2=#nCW4NZ(tXv=v7K}KVFK$OnLCSo6hY~5|8B*v;LFF2vW
z)R7}?qM9%!rnn=Ml9&sO-qF^4e-{-J5@OL^q^j~xq#us`6s}Y)>Nu$L;Hg;zW_R)6
z;Tl@^oG`plM1!RiMd|wC9=t?Q_P4N@EH8cyi$IweWtX{dk4@CmU7w0|(!bwmt(&y9
zeE%%PD5Omdkd)8#Ni4ZbB8{4W>2&#rQS(7%e{LHp`;EO)60TDi1`;;qXm{NDn}pw+
zPa~lk4sG>PArkW+EB5mAyso1|Tb2U6X5ctLPa#qi;sV{~F0^J!x<0e5$4b_;gaeOoKN7N8xq8=4bS{23QPt=V6}#pXs`;)Jvj~sffNGK`B4%{ZhU4y~^-~f=?f)?L<_L|8RP0bU46M<6?bl;$MO&bFn7wCXsT}`_`!J_=9lf6QBU(mjv
zmC8`*8xNQr=Q=pqAX-9Mkzn`h0PtCRbxLrq+K08FQ^RycJ3-F#+$#CA{ak{tFx!>SF)^

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 0c34e4caa5..4d2ab06e7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -86,10 +86,43 @@ Examples of devices that should be marked as high value:
 
 ## Vulnerable devices report
 
-The vulnerable devices report shows graphs and bar charts of 
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
 
 Access the report by going to **Reports > Vulnerable devices**
 
+There are two columns:
+- Trends (over time)
+- Today (current information)
+
+### Severity levels
+
+Each device is counted only once according to the most severe vulnerability found on that device.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-severity.png)
+
+### Exploit availability
+
+Each device is counted only once based on the highest level of known exploit.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-exploit-availability.png)
+
+### Vulnerability age
+
+Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-age.png)
+
+### Vulnerable devices by operating system platform
+
+The number of devices on each operating system that are exposed due to software vulnerabilities. 
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-os.png)
+
+### Vulnerable devices by Windows 10 version
+
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS. 
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-version.png)
 
 ## Related topics
 

From bc9f0d31fc68190393a64842fbb57df887ae28c2 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 18:13:44 -0700
Subject: [PATCH 025/210] filter

---
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 4d2ab06e7a..bfd68b825f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -94,6 +94,8 @@ There are two columns:
 - Trends (over time)
 - Today (current information)
 
+You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+
 ### Severity levels
 
 Each device is counted only once according to the most severe vulnerability found on that device.

From e96ef0be4444fe28b16f7597e282f6ea75642e69 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 10:22:28 +0530
Subject: [PATCH 026/210] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index e2c454f055..50877d13d0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -1,3 +1,23 @@
+---
+title: "Onboard Windows 10 multi-session devices in Windows Virtual Desktop"
+description: "Read more in this article about Onboarding Windows 10 multi-session devices in Windows Virtual Desktop"
+keywords: Windows Virtual Desktop, WVD, microsoft defender, endpoint, onboard
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro 
+ms.topic: article 
+author: Lovina-Saldanha
+ms.author: Lovina-Saldanha
+ms.custom: nextgen
+ms.date: 09/10/2020
+ms.reviewer: 
+manager: dansimp
+---
+
 #Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
 6 minutes to read 
 

From 7463080770d58b657cfc54abf5f94af2e3f8952e Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 10:39:50 +0530
Subject: [PATCH 027/210] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 50877d13d0..d4c3163f0c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,15 +10,15 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: Lovina-Saldanha
-ms.author: Lovina-Saldanha
+author: v-lsaldanha
+ms.author: v-lsaldanha
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
-#Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
+# Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
 6 minutes to read 
 
 Applies to: 
@@ -30,7 +30,7 @@ Applies to:
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ##Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
@@ -53,7 +53,7 @@ Use a management tool to run the script.
 ####*Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
 
 Follow the instructions for a single entry for each device.
 
@@ -88,22 +88,22 @@ Click **OK** and close any open GPMC windows.
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
-For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
 
 > [!WARNING]
-> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
+> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
 
 > [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
 
 ####Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
 
 ####Other recommended configuration settings 
 
-When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
 In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
@@ -126,4 +126,4 @@ Exclude Processes:
 
 ####Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From 0f29629d0bcfca0a6c0418c6f71240b4a59811dd Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 11:02:57 +0530
Subject: [PATCH 028/210] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index d4c3163f0c..afe964dc52 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -30,7 +30,7 @@ Applies to:
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ##Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 

From 9f00bd7b9243e3b1b6705a59bcd51a5662002155 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 11:51:19 +0530
Subject: [PATCH 029/210] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index afe964dc52..b8dc041943 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,8 +10,8 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: v-lsaldanha
-ms.author: v-lsaldanha
+author: Lovina-Saldanha
+ms.author: Lovina-Saldanha
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 

From c2c8dc57eab1a00685d1ff8d3b7985f7ed0fca93 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 14:47:51 +0530
Subject: [PATCH 030/210] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index b8dc041943..e63e6e10f9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -27,9 +27,9 @@ Applies to:
 > [!WARNING]
 > Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
-Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
- ##Before you begin
+ ## Before you begin
 Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
@@ -44,23 +44,23 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 > [!NOTE]
 > The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
 
-###Scenarios
+### Scenarios
 There are several ways to onboard a WVD host machine:
 
 Run the script in the golden image (or from a shared location) during startup.
 Use a management tool to run the script.
 
-####*Scenario 1: Using local group policy*
+#### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
 Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
 
 Follow the instructions for a single entry for each device.
 
-####*Scenario 2: Using domain group policy*
+#### *Scenario 2: Using domain group policy*
 This scenario uses a centrally located script and runs it using a domain-based group policy. You can also place the script in the golden image and run it in the same way.
 
-**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center **
+**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center**
 1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
 - In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
 - Select Windows 10 as the operating system. 
@@ -84,7 +84,7 @@ Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard
 
 Click **OK** and close any open GPMC windows.
 
-####*Scenario 3: Onboarding using management tools*
+#### *Scenario 3: Onboarding using management tools*
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
@@ -96,12 +96,12 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 > [!TIP]
 > After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
 
-####Tagging your machines when building your golden image 
+#### Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
 [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
 
-####Other recommended configuration settings 
+#### Other recommended configuration settings 
 
 When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
@@ -124,6 +124,6 @@ Exclude Processes:
 %ProgramFiles%\FSLogix\Apps\frxccds.exe 
 %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
-####Licensing requirements 
+#### Licensing requirements 
 
 Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From c3163f787bb73bef04ffbd3e308a4a6582956b03 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 9 Oct 2020 14:24:33 -0700
Subject: [PATCH 031/210] updated aria text

---
 .../threat-and-vuln-mgt-scenarios.md               | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index bfd68b825f..e85d9e0e9e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -100,31 +100,31 @@ You can filter the data by vulnerability severity levels, exploit availability,
 
 Each device is counted only once according to the most severe vulnerability found on that device.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-severity.png)
+![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
 
 ### Exploit availability
 
 Each device is counted only once based on the highest level of known exploit.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-exploit-availability.png)
+![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
 
 ### Vulnerability age
 
 Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-age.png)
+![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
 
 ### Vulnerable devices by operating system platform
 
-The number of devices on each operating system that are exposed due to software vulnerabilities. 
+The number of devices on each operating system that are exposed due to software vulnerabilities.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-os.png)
+![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
 
 ### Vulnerable devices by Windows 10 version
 
-The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS. 
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-version.png)
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
 
 ## Related topics
 

From 021ee87ae20c5a84676f39c2157744b933c08a05 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 18:59:26 +0530
Subject: [PATCH 032/210] Update Onboard-Windows-10-multi-session-device.md

self review
---
 ...Onboard-Windows-10-multi-session-device.md | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index e63e6e10f9..5431501ad6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -39,7 +39,7 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 >
 > Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
-Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. That way, it is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
 > [!NOTE]
 > The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
@@ -53,7 +53,7 @@ Use a management tool to run the script.
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+Use the instructions in [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
 
 Follow the instructions for a single entry for each device.
 
@@ -72,9 +72,9 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**. 
 1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
-1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Then click **Check Names** then OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
+1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
 1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
-1. Go to the **Actions** tab and click**New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
 
 Action = "Start a program" 
 
@@ -98,16 +98,17 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 
 #### Tagging your machines when building your golden image 
 
-As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
 #### Other recommended configuration settings 
 
 When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
-In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+
+**Exclude Files:** 
 
-Exclude Files:  
 %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
 %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
 %ProgramFiles%\FSLogix\Apps\frxccd.sys 
@@ -118,7 +119,7 @@ Exclude Files:
 \\storageaccount.file.core.windows.net\share\*\*.VHD 
 \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
-Exclude Processes: 
+**Exclude Processes:**
 
 %ProgramFiles%\FSLogix\Apps\frxccd.exe 
 %ProgramFiles%\FSLogix\Apps\frxccds.exe 
@@ -126,4 +127,4 @@ Exclude Processes:
 
 #### Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From cb3d1af3a0db1e075eb41bc15cae9b92afe208c9 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 19:02:17 +0530
Subject: [PATCH 033/210] Update Onboard-Windows-10-multi-session-device.md

minor edit
---
 .../Onboard-Windows-10-multi-session-device.md                 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 5431501ad6..c101c03c30 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -74,7 +74,8 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
 1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
 1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
-1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
+Enter the following: 
 
 Action = "Start a program" 
 

From 0ae16edbf546b22eb319b48325b064f163f57c18 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 19:05:06 +0530
Subject: [PATCH 034/210] Update Onboard-Windows-10-multi-session-device.md

updated author
---
 .../Onboard-Windows-10-multi-session-device.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index c101c03c30..80ce12367f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,8 +10,8 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: Lovina-Saldanha
-ms.author: Lovina-Saldanha
+author: dansimp
+ms.author: dansimp
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 

From dbfbb444a6d37079e610dcb7832f4f90a3ea8d45 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 12 Oct 2020 16:59:23 -0700
Subject: [PATCH 035/210] new info

---
 .../threat-and-vuln-mgt-scenarios.md           | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 6f340c91ec..5e03b94532 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -88,41 +88,43 @@ Examples of devices that should be marked as high value:
 
 ## Vulnerable devices report
 
-The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
 
 Access the report by going to **Reports > Vulnerable devices**
 
 There are two columns:
-- Trends (over time)
+- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
 - Today (current information)
 
-You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
 
-### Severity levels
+**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
+
+### Severity level graphs
 
 Each device is counted only once according to the most severe vulnerability found on that device.
 
 ![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
 
-### Exploit availability
+### Exploit availability graphs
 
 Each device is counted only once based on the highest level of known exploit.
 
 ![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
 
-### Vulnerability age
+### Vulnerability age graphs
 
 Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
 
 ![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
 
-### Vulnerable devices by operating system platform
+### Vulnerable devices by operating system platform graphs
 
 The number of devices on each operating system that are exposed due to software vulnerabilities.
 
 ![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
 
-### Vulnerable devices by Windows 10 version
+### Vulnerable devices by Windows 10 version graphs
 
 The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
 

From 7ef2df3d7c12a6573443e407b7f31f2d40416b85 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 10:55:30 +0530
Subject: [PATCH 036/210] Update Onboard-Windows-10-multi-session-device.md

minor changes
---
 ...Onboard-Windows-10-multi-session-device.md | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 80ce12367f..b533b8a3ee 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -36,8 +36,8 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
->
-> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
@@ -47,8 +47,8 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 ### Scenarios
 There are several ways to onboard a WVD host machine:
 
-Run the script in the golden image (or from a shared location) during startup.
-Use a management tool to run the script.
+- Run the script in the golden image (or from a shared location) during startup.
+- Use a management tool to run the script.
 
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
@@ -110,21 +110,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-%ProgramFiles%\FSLogix\Apps\frxccd.sys 
-%TEMP%\*.VHD 
-%TEMP%\*.VHDX 
-%Windir%\TEMP\*.VHD 
-%Windir%\TEMP\*.VHDX 
-\\storageaccount.file.core.windows.net\share\*\*.VHD 
-\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
+> %TEMP%\*.VHD 
+> %TEMP%\*.VHDX 
+> %Windir%\TEMP\*.VHD 
+> %Windir%\TEMP\*.VHDX 
+> \\storageaccount.file.core.windows.net\share\*\*.VHD 
+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
 **Exclude Processes:**
 
-%ProgramFiles%\FSLogix\Apps\frxccd.exe 
-%ProgramFiles%\FSLogix\Apps\frxccds.exe 
-%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
 #### Licensing requirements 
 

From aa5f497d660564371f4e6fee4a64dfae3e7d894a Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 11:04:22 +0530
Subject: [PATCH 037/210] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 80ce12367f..5ef021c345 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -36,8 +36,8 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
->
-> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+ Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
@@ -47,8 +47,8 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 ### Scenarios
 There are several ways to onboard a WVD host machine:
 
-Run the script in the golden image (or from a shared location) during startup.
-Use a management tool to run the script.
+- Run the script in the golden image (or from a shared location) during startup.
+- Use a management tool to run the script.
 
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
@@ -110,21 +110,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-%ProgramFiles%\FSLogix\Apps\frxccd.sys 
-%TEMP%\*.VHD 
-%TEMP%\*.VHDX 
-%Windir%\TEMP\*.VHD 
-%Windir%\TEMP\*.VHDX 
-\\storageaccount.file.core.windows.net\share\*\*.VHD 
-\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
+> %TEMP%\*.VHD 
+> %TEMP%\*.VHDX 
+> %Windir%\TEMP\*.VHD 
+> %Windir%\TEMP\*.VHDX 
+> \\storageaccount.file.core.windows.net\share\*\*.VHD 
+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
 **Exclude Processes:**
 
-%ProgramFiles%\FSLogix\Apps\frxccd.exe 
-%ProgramFiles%\FSLogix\Apps\frxccds.exe 
-%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
 #### Licensing requirements 
 

From 15855b8eee90fc6fda66c0991317c9554b84b5d2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 11:26:49 +0530
Subject: [PATCH 038/210] Update Onboard-Windows-10-multi-session-device.md

Formatting changes done
---
 ...Onboard-Windows-10-multi-session-device.md | 35 +++++++++----------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index b533b8a3ee..d458346a5c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -77,13 +77,10 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-Action = "Start a program" 
-
-Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
-
-Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
-
-Click **OK** and close any open GPMC windows.
+   > Action = "Start a program" 

+   > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

+   > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1" 

+   > Click **OK** and close any open GPMC windows. 

 
 #### *Scenario 3: Onboarding using management tools*
 
@@ -110,21 +107,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
-> %TEMP%\*.VHD 
-> %TEMP%\*.VHDX 
-> %Windir%\TEMP\*.VHD 
-> %Windir%\TEMP\*.VHDX 
-> \\storageaccount.file.core.windows.net\share\*\*.VHD 
-> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 

+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 

+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 

+> %TEMP%\*.VHD 

+> %TEMP%\*.VHDX 

+> %Windir%\TEMP\*.VHD 

+> %Windir%\TEMP\*.VHDX 

+> \\storageaccount.file.core.windows.net\share\*\*.VHD 

+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 

 
 **Exclude Processes:**
 
-> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
-> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
-> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 

+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 

+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 

 
 #### Licensing requirements 
 

From 3eb4e1cfad30f6674b3fbae8b47521709c5ef728 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 14:47:27 +0530
Subject: [PATCH 039/210] Update Onboard-Windows-10-multi-session-device.md

minor edits
---
 .../Onboard-Windows-10-multi-session-device.md        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index d458346a5c..067297e90d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -77,10 +77,13 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-   > Action = "Start a program" 

-   > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

-   > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1" 

-   > Click **OK** and close any open GPMC windows. 

+Action = "Start a program" 
+
+Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
+
+Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+
+Click **OK** and close any open GPMC windows.
 
 #### *Scenario 3: Onboarding using management tools*
 

From 016d149f367ee3bfa5ebbc6f836c69bd66f8ad32 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 22:33:51 +0530
Subject: [PATCH 040/210] Update TOC.md

Updated new topic "Onboard Windows 10 multi-session devices in Windows Virtual Desktop" under How-To > Onboard Windows 10 devices
---
 windows/security/threat-protection/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 9114b320d4..6a72a748d4 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -447,6 +447,7 @@
 ##### [Onboard devices using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
 ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md)
 ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md)
+##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
  
 #### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
 #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md)

From 4812278c1faa1ec6374d02cced89df04940a1ec3 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 22:50:33 +0530
Subject: [PATCH 041/210] moved the file

---
 .../Onboard-Windows-10-multi-session-device.md                    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/{microsoft-defender-antivirus => microsoft-defender-atp}/Onboard-Windows-10-multi-session-device.md (100%)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
rename to windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md

From 5ec742476631ba2ef32e026db70198c0a5fa945a Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 22:52:43 +0530
Subject: [PATCH 042/210] Update TOC.md

minor correction in file path
---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 6a72a748d4..b3c478d48e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -447,7 +447,7 @@
 ##### [Onboard devices using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
 ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md)
 ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md)
-##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
+##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md)
  
 #### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
 #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md)

From 497b1e8449c31433b10bb4c5bdaebaea4c939625 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 23:03:05 +0530
Subject: [PATCH 043/210] Update TOC.md

build error fixed
---
 windows/security/threat-protection/TOC.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index b3c478d48e..47a8e22219 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1332,3 +1332,5 @@
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 
 ## [Change history for Threat protection](change-history-for-threat-protection.md)
+
+

From 7c8d2d023f955e23a0b26cc84f6da20f97458642 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 23:27:56 +0530
Subject: [PATCH 044/210] minor edits

---
 .../Onboard-Windows-10-multi-session-device.md   | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 067297e90d..81970fef04 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -62,10 +62,10 @@ This scenario uses a centrally located script and runs it using a domain-based g
 
 **Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center**
 1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
-- In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
-- Select Windows 10 as the operating system. 
-- In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
-- Click **Download package** and save the .zip file. 
+    - In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
+    - Select Windows 10 as the operating system. 
+    - In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
+    - Click **Download package** and save the .zip file. 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called **OptionalParamsPolicy** and the files **WindowsDefenderATPOnboardingScript.cmd** and **Onboard-NonPersistentMachine.ps1**.
 
 **Use Group Policy management console to run the script when the virtual machine starts**
@@ -77,11 +77,9 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-Action = "Start a program" 
-
-Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
-
-Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+> Action = "Start a program" 
+> Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

+> Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
 
 Click **OK** and close any open GPMC windows.
 

From c7cd6ebfe57caf98fa8f28dd128d3fe29693f901 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 23:33:43 +0530
Subject: [PATCH 045/210] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 81970fef04..b0188d926d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -77,7 +77,7 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-> Action = "Start a program" 
+> Action = "Start a program" 

 > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

 > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
 

From c559f3db8193920874381af96d18f9d6afa7cb0f Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Thu, 15 Oct 2020 21:01:10 -0700
Subject: [PATCH 046/210] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index b0188d926d..baa60e50c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -22,10 +22,10 @@ manager: dansimp
 6 minutes to read 
 
 Applies to: 
-- Windows 10 Multi-session running on Windows Virtual Desktop (WVD) 
+- Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
 
 > [!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender ATP support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
@@ -53,7 +53,7 @@ There are several ways to onboard a WVD host machine:
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions in [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
+Use the instructions in [Onboard non-persistent virtual desktop infrastructure VDI devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
 
 Follow the instructions for a single entry for each device.
 
@@ -87,7 +87,7 @@ Click **OK** and close any open GPMC windows.
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
-For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+For more information, see: [Onboard Windows 10 devices using Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
 
 > [!WARNING]
 > If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
@@ -98,11 +98,11 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 #### Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
+[Add device tags by setting a registry key value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
 #### Other recommended configuration settings 
 
-When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
 In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
@@ -126,4 +126,4 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 #### Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [Licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From d6ff8c6bad5c8736d46729ebef04b01127398ed2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Fri, 16 Oct 2020 12:11:28 +0530
Subject: [PATCH 047/210] Update Onboard-Windows-10-multi-session-device.md

Rebranding names updated
---
 .../Onboard-Windows-10-multi-session-device.md              | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index baa60e50c3..94d68926bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -23,9 +23,11 @@ manager: dansimp
 
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
+> [!IMPORTANT]
+> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
 
 > [!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender for Endpoint (MSDE) support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
@@ -37,7 +39,7 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
 
-Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the Microsoft Defender Endpoint portal (MSDE) is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MSDE portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 

From 9ba48a690c095eab588fe6c9378d4c3005ff26bc Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Tue, 20 Oct 2020 11:15:29 -0500
Subject: [PATCH 048/210] Update security-compliance-toolkit-10.md

Added new baseline for 20H2
---
 .../security/threat-protection/security-compliance-toolkit-10.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 4941242b47..e8dd6ab29f 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -27,6 +27,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 - Windows 10 security baselines
+    - Windows 10 Version 20H2 (October 2020 Update)
     - Windows 10 Version 2004 (May 2020 Update)
     - Windows 10 Version 1909 (November 2019 Update)
     - Windows 10 Version 1903 (May 2019 Update)

From 20545abfd3681a634befb8ed81249c23494aa78f Mon Sep 17 00:00:00 2001
From: garrettburk123 <55765124+garrettburk123@users.noreply.github.com>
Date: Tue, 20 Oct 2020 12:44:13 -0700
Subject: [PATCH 049/210] Updating to add the most recent certifications

Windows 10 version 1809 and Windows Server 2019 recently had FIPS 140 certificates issued. This update adds new tables reflecting this status. One table is in the "Modules used by Windows" section and the other is in the "Modules used by Windows Server" section.

Additionally, this update fixes spacing issues in the "Using Windows in a FIPS 140-2 approved mode of operation" section to separate paragraphs.
---
 .../threat-protection/fips-140-validation.md  | 144 +++++++++++++++++-
 1 file changed, 142 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 262058bf1d..e86723ea32 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -28,9 +28,9 @@ Microsoft maintains an active commitment to meeting the requirements of the FIPS
 ## Using Windows in a FIPS 140-2 approved mode of operation
 
 Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory.
- 
+
 While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode. 
- 
+
 Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
 
 ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
@@ -89,6 +89,76 @@ The following tables identify the cryptographic modules used in an operating sys
 
 ## Modules used by Windows
 
+##### Windows 10 Fall 2018 Update (Version 1809)
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+

++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information

+
 ##### Windows 10 Spring 2018 Update (Version 1803)
 
 Validated Editions: Home, Pro, Enterprise, Education
@@ -1336,6 +1406,76 @@ Validated Editions: Ultimate Edition
 
 ## Modules used by Windows Server
 
+##### Windows Server 2019 (Version 1809)
+
+Validated Editions: Standard, Datacenter
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information

+
 ##### Windows Server (Version 1803)
 
 Validated Editions: Standard, Datacenter

From 77c3c09e42e62da5739a2e2a9cd2787792d2c2d8 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Tue, 20 Oct 2020 14:33:32 -0700
Subject: [PATCH 050/210] vulnerable devices report

---
 .../tvm-hunt-exposed-devices.md               | 45 -----------
 .../tvm-vulnerable-devices-report.md          | 81 +++++++++++++++++++
 2 files changed, 81 insertions(+), 45 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
index d02858e0d6..694318d1d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
@@ -66,51 +66,6 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 
 ```
 
-
-## Vulnerable devices report
-
-The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
-
-Access the report by going to **Reports > Vulnerable devices**
-
-There are two columns:
-- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
-- Today (current information)
-
-**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
-
-**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
-
-### Severity level graphs
-
-Each device is counted only once according to the most severe vulnerability found on that device.
-
-![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
-
-### Exploit availability graphs
-
-Each device is counted only once based on the highest level of known exploit.
-
-![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
-
-### Vulnerability age graphs
-
-Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
-
-![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
-
-### Vulnerable devices by operating system platform graphs
-
-The number of devices on each operating system that are exposed due to software vulnerabilities.
-
-![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
-
-### Vulnerable devices by Windows 10 version graphs
-
-The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
-
-![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
-
 ## Related topics
 
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
new file mode 100644
index 0000000000..bda9f0c30c
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -0,0 +1,81 @@
+---
+title: 	Hunt for exposed devices 
+description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
+keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: article
+---
+
+# Vulnerable devices report- threat and vulnerability management
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
+
+Access the report by going to **Reports > Vulnerable devices**
+
+There are two columns:
+- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
+- Today (current information)
+
+**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+
+**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
+
+## Severity level graphs
+
+Each device is counted only once according to the most severe vulnerability found on that device.
+
+![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
+
+## Exploit availability graphs
+
+Each device is counted only once based on the highest level of known exploit.
+
+![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
+
+## Vulnerability age graphs
+
+Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
+
+![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
+
+## Vulnerable devices by operating system platform graphs
+
+The number of devices on each operating system that are exposed due to software vulnerabilities.
+
+![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
+
+## Vulnerable devices by Windows 10 version graphs
+
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
+
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
+- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
+- [Advanced hunting overview](overview-hunting.md)
+- [All advanced hunting tables](advanced-hunting-reference.md)

From ff1b1e6b9d5a95a5749bbaad59675d90388a6045 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Tue, 20 Oct 2020 16:08:50 -0700
Subject: [PATCH 051/210] add deployment ring table

---
 .../deployment-phases.md                      | 21 +++++++++++++++++++
 .../deployment-rings.md                       |  0
 2 files changed, 21 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 147eb07fb2..98afe5e640 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -41,6 +41,27 @@ There are three phases in deploying Microsoft Defender ATP:
 
 There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
 
+## Deploy Microsoft Defender ATP in rings
+
+Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
+
+A ring-based approach is a method of identifying a set of machines to onboard with specific timelines and verifying that certain criteria are met before the deploying to a larger set of devices.
+
+Adopting a ring-based deployment helps reduce potential issues or conflicts that could arise while rolling the service out. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
+
+
+Table 1 provides an example of the deployment rings you might use. 
+
+**Table 1**
+
+|**Deployment ring**|**Description**|
+|:-----|:-----|
+Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing - Focus on the security team, IT team and maybe Helpdesk
+Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
+Full deployment | Roll out service to the rest of environment in larger increments.
+
+
+
 ## In Scope
 
 The following is in scope for this deployment guide:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
new file mode 100644
index 0000000000..e69de29bb2

From d2706507ce70c61026d0909d51f9fcaeda0b9474 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Wed, 21 Oct 2020 09:53:16 -0700
Subject: [PATCH 052/210] add line break

---
 .../microsoft-defender-atp/deployment-phases.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 98afe5e640..4e23d893f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -56,7 +56,7 @@ Table 1 provides an example of the deployment rings you might use.
 
 |**Deployment ring**|**Description**|
 |:-----|:-----|
-Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing - Focus on the security team, IT team and maybe Helpdesk
+Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing. 
 Focus on the security team, IT team and maybe Helpdesk.
 Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
 Full deployment | Roll out service to the rest of environment in larger increments.
 

From 1e194317db2d5aad0b1adab0e47401829a98bfa6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 21 Oct 2020 22:04:44 +0500
Subject: [PATCH 053/210] Updated login user example

The login format was not properly mentioned in the document. Updated this info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1656
---
 windows/client-management/connect-to-remote-aadj-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index f25c37dce5..13ee43e312 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -63,7 +63,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

From 45e02efe854350367849904b29e4a4cd7049a1a3 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Wed, 21 Oct 2020 13:36:06 -0700
Subject: [PATCH 054/210] new deployment rings topic

---
 windows/security/threat-protection/TOC.md     |   1 +
 .../deployment-phases.md                      |  21 +---
 .../deployment-rings.md                       |  92 ++++++++++++++++++
 .../images/deployment-rings.png               | Bin 0 -> 37348 bytes
 4 files changed, 94 insertions(+), 20 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 632fbafb38..52deba3ff6 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -16,6 +16,7 @@
 ## [Plan deployment](microsoft-defender-atp/deployment-strategy.md)
 
 ## [Deployment guide]()
+### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 ### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 ### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 4e23d893f1..9d66c621de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -29,7 +29,7 @@ ms.topic: article
 
 There are three phases in deploying Microsoft Defender ATP:
 
-|Phase | Desription | 
+|Phase | Description | 
 |:-------|:-----|
 | ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP: 

- Stakeholders and sign-off 
 - Environment considerations 
- Access 
 - Adoption order
 |  ![Phase 2: Setup](images/setup.png) 
[Phase 2: Setup](production-deployment.md)|  Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing 
  - Completing the setup wizard within the portal
- Network configuration|
@@ -41,25 +41,6 @@ There are three phases in deploying Microsoft Defender ATP:
 
 There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
 
-## Deploy Microsoft Defender ATP in rings
-
-Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
-
-A ring-based approach is a method of identifying a set of machines to onboard with specific timelines and verifying that certain criteria are met before the deploying to a larger set of devices.
-
-Adopting a ring-based deployment helps reduce potential issues or conflicts that could arise while rolling the service out. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
-
-
-Table 1 provides an example of the deployment rings you might use. 
-
-**Table 1**
-
-|**Deployment ring**|**Description**|
-|:-----|:-----|
-Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing. 
 Focus on the security team, IT team and maybe Helpdesk.
-Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
-Full deployment | Roll out service to the rest of environment in larger increments.
-
 
 
 ## In Scope
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index e69de29bb2..e43f88673b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -0,0 +1,92 @@
+---
+title: Deploy Microsoft Defender ATP in rings
+description: Learn how deploy Microsoft Defender ATP in rings
+keywords: deploy, rings, setup, onboard, phase, deployment, deploying, adoption, configuring
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance
+- m365solution-endpointprotect
+- m365solution-overview  
+ms.topic: article
+---
+
+# Deploy Microsoft Defender ATP in rings
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+
+Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
+
+![Image of deployment rings](images/deployment-rings.png)
+
+
+A ring-based approach is a method of identifying a set of endpoints to onboard and verifying that certain criteria is met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria for each ring and ensure that they are satisfied before moving on to the next ring.
+
+Adopting a ring-based deployment helps reduce potential issues that could arise while rolling out the service. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
+
+
+Table 1 provides an example of the deployment rings you might use. 
+
+**Table 1**
+
+|**Deployment ring**|**Description**|
+|:-----|:-----|
+Evaluate | Ring 1: Identify 50 systems for pilot testing 
+Pilot | Ring 2: 50-100  systems 
 	
+Full deployment | Roll out service to the rest of environment in larger increments.
+
+
+## Evaluate
+You can use the [evaluation lab](evaluation-lab.md) to gain full access to the capabilities of the suite without the complexities of environment configuration. 
+
+You'll be able to add Windows 10 or Windows Server 2019 devices to the lab environment, install threat simulators, and run scenarios to instantly see how the platform performs.
+
+### Exit criteria?
+- Able to run simulation
+- Able to install threat simulator
+- Results from simulation is displayed in dashboard
+
+
+## Pilot
+Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
+
+The following table shows the supported endpoints and the corresponding tool you can use to onboard devices to the service. 
+
+| Endpoint     | Deployment tool                       |
+|--------------|------------------------------------------|
+| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
  [Group Policy](configure-endpoints-gp.md) 
  [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
   [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
 [VDI scripts](configure-endpoints-vdi.md)   |
+| **macOS**    | [Local script](mac-install-manually.md) 
 [Microsoft Endpoint Manager](mac-install-with-intune.md) 
 [JAMF Pro](mac-install-with-jamf.md) 
 [Mobile Device Management](mac-install-with-other-mdm.md) |
+| **Linux Server** | [Local script](linux-install-manually.md) 
 [Puppet](linux-install-with-puppet.md) 
 [Ansible](linux-install-with-ansible.md)|
+| **iOS**      | [App-based](ios-install.md)                                |
+| **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
+
+
+### Exit criteria?
+- [Run a detection test](run-detection-test.md)
+- [Run a simulated attack on a device](attack-simulations.md)
+
+
+## Full deployment
+At this stage, you can use the [Plan deployment](deployment-strategy.md) material to help you plan your deployment. 
+
+
+Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
+
+|**Item**|**Description**|
+|:-----|:-----|
+|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
 [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
 
 
-
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

+
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

 
Version 10.0.16299

 
 
@@ -2520,7 +2519,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • 
 
 
    AES Val#4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
    
 
    Version 10.0.16299
    
 
 
@@ -2559,288 +2558,288 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • AAD Length: 0-65536
    • 
 
 
    AES Val#4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
    
 
    Version 10.0.16299
    
 
 
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    OFB ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    OFB (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
    
 
    Version 10.0.15063
    
 
 
-
    KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#4624
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
    
 
    Version 10.0.15063
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#4624
    
 
     
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
    
 
    Version 10.0.15063
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported
    
 
    GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
    
 
    Version 10.0.15063
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
    
 
    Version 7.00.2872
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
    
 
    Version 8.00.6246
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
    
 
    Version 7.00.2872
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
    
 
    Version 8.00.6246
    
 
 
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    OFB ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    OFB (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
    
 
    Version 10.0.14393
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
    
 
    Version 10.0.14393
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
    
 Version 10.0.14393
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
    
 
    AES Val#4064
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
    
 
    Version 10.0.14393
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#4064
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
    
 
    Version 10.0.14393
    
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#3629
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
    
 
    Version 10.0.10586
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#3629
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
    
 
    Version 10.0.10586
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
    
 Version 10.0.10586
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
    
 
    
 
    
 
    Version 10.0.10586
    
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#3497
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
    
 
    Version 10.0.10240
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#3497
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
    
 
    Version 10.0.10240
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
    
 Version 10.0.10240
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
    
 Version 10.0.10240
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2832
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); AAD Lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96BitIV_Supported;
    
 OtherIVLen_Supported
    
 GMAC_Supported
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
 AES Val#2197
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
    
 AES Val#2197
    
-
    GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
    
+
    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
    
 GMAC_Supported
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2196
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
 
 
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
 AES Val#1168
 
    Windows Server 2008 R2 and SP1 CNG algorithms #1187
    
 
    Windows 7 Ultimate and SP1 CNG algorithms #1178
    
 
 
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
 AES Val#1168
 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
 
 
 
    GCM
    
 
    GMAC
    
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
 
 
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
 
 
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
 
    Windows Server 2008 CNG algorithms #757
    
 
    Windows Vista Ultimate SP1 CNG algorithms #756
    
 
 
-
    CBC ( e/d; 128 , 256 );
    
-
    CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
+
    CBC (e/d; 128, 256);
    
+
    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
    
 
    Windows Vista Ultimate BitLocker Drive Encryption #715
    
 
    Windows Vista Ultimate BitLocker Drive Encryption #424
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
    Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
    
 
    Windows Vista Symmetric Algorithm Implementation #553
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
    
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
    
 
    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
    
@@ -2891,7 +2890,7 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: AES #4903
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
    
 
    Version 10.0.16299
    
 
 
@@ -2930,74 +2929,74 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: AES #4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
    
 
    Version 10.0.16299
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]
+CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4627)]
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
    
 
    Version 10.0.15063
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4624)]
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
    
 
    Version 10.0.15063
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4434)]
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
    
 
    Version 7.00.2872
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4433)]
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
    
 
    Version 8.00.6246
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4431)]
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
    
 
    Version 7.00.2872
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4430)]
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
    
 
    Version 8.00.6246
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
    
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4074)]
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
    
 
    Version 10.0.14393
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4064)]
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
    
 
    Version 10.0.14393
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3629)]
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
    
 
    Version 10.0.10586
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3497)]
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
    
 
    Version 10.0.10240
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)]
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
    
 
    Version 6.3.9600
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2197)]
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#2023)]
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#1168)]
 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
 
 
@@ -3133,16 +3132,16 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
    
 
    Version 10.0.16299
    
 
 
 
    FIPS186-4:
    
-
    PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-
    PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-
    KeyPairGen:   [ (2048,256) ; (3072,256) ]
    
-
    SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-
    SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+
    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+
    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+
    KeyPairGen:   [(2048,256); (3072,256)]
    
+
    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val#3790
    
 
    DRBG: Val# 1555
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
    
@@ -3150,16 +3149,16 @@ Deterministic Random Bit Generator (DRBG)
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [ (1024,160) SHA( 1 ); ]
    
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
    
+PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
 SHS: Val# 3649
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
    
 
    Version 7.00.2872
    
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [ (1024,160) SHA( 1 ); ]
    
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
    
+PQG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
 SHS: Val#3648
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
    
 
    Version 8.00.6246
    
@@ -3167,12 +3166,12 @@ SHS: 
 
    FIPS186-4:
    
 PQG(gen)    PARMS TESTED: [
    
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256)
    
-SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256)
    
+SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
    
@@ -3180,9 +3179,9 @@ DRBG: 
 
    FIPS186-4:
    
-PQG(gen)    PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3047
    
 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
    
@@ -3190,10 +3189,10 @@ DRBG: 
 
    FIPS186-4:
    
-PQG(gen)    PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ] SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 2886
    
 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
    
@@ -3202,12 +3201,12 @@ DRBG: 
 
    FIPS186-4:
    
 PQG(gen)    PARMS TESTED:   [
    
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256)
    
-SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256)
    
+SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 2373
    
 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
    
@@ -3220,10 +3219,10 @@ DRBG: #1903
    
 DRBG: #258
    
 
    FIPS186-4:
    
-PQG(gen)PARMS TESTED    : [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 SHS: #1903
    
 DRBG: #258
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
    
@@ -3445,7 +3444,7 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
    
 
    Version 10.0.16299
    
 
 
@@ -3615,7 +3614,7 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
    
 
    Version 10.0.16299
    
 
 
@@ -3649,12 +3648,12 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
    
 
    Version 10.0.16299
    
 
 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 TestingCandidates )
    
+PKG: CURVES(P-256 P-384 TestingCandidates)
    
 SHS: Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
    
@@ -3662,10 +3661,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS:     Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
    
@@ -3673,10 +3672,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS:     Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
    
@@ -3684,10 +3683,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
    
 SHS:    Val# 3649
    
 DRBG:Val# 1430
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
    
@@ -3695,10 +3694,10 @@ PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
    
 
 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
    
 SHS:Val#3648
    
 DRBG:Val# 1429
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
    
@@ -3706,21 +3705,21 @@ PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
    
 
 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 TestingCandidates )
    
-PKV: CURVES( P-256 P-384 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )
    
+PKG: CURVES(P-256 P-384 TestingCandidates)
    
+PKV: CURVES(P-256 P-384)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1222
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
    
@@ -3728,9 +3727,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 3047
    
 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
    
@@ -3738,9 +3737,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 2886
    
 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
    
@@ -3748,9 +3747,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val#2373
    
 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
    
@@ -3758,16 +3757,16 @@ DRBG: 
 
    FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS:     #1903
    
 DRBG: #258
    
-SIG(ver):CURVES( P-256 P-384 P-521 )
    
+SIG(ver):CURVES(P-256 P-384 P-521)
    
 SHS: #1903
    
 DRBG: #258
    
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: #1903
    
 DRBG: #258
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
    
@@ -3775,16 +3774,16 @@ Some of the previously validated components for this validation have been remove
 
 
 
    FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
    
@@ -3792,10 +3791,10 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#1081
    
 DRBG: Val# 23
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#1081
    
 DRBG: Val# 23
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
@@ -3804,9 +3803,9 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
 
    Windows Server 2008 CNG algorithms #83
    
@@ -3814,10 +3813,10 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#618
    
 RNG: Val# 321
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#618
    
 RNG: Val# 321
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
@@ -3886,7 +3885,7 @@ Some of the previously validated components for this validation have been remove
 
 
 
    Prerequisite: SHS #4009
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
    
 
    Version 10.0.16299
    
 
 
@@ -3979,160 +3978,160 @@ Some of the previously validated components for this validation have been remove
 
 
 
    Prerequisite: SHS #4009
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
    
 
    Version 10.0.16299
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
    
 
    Version 10.0.15063
    
 
 
-
    HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
+
    HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
    
 
    Version 10.0.15063
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3652
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
    
 
    Version 7.00.2872
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3651
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
    
 
    Version 8.00.6246
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal# 3649
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
    
 
    Version 7.00.2872
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3648
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
    
 
    Version 8.00.6246
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
    
 
    Version 10.0.14393
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
    
 
    Version 10.0.14393
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
    
 
    Version 10.0.10586
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
  SHSVal# 2886
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
    
 
    Version 10.0.10240
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
    
 
    Version 6.3.9600
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
 
    Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
    
 
    Version 5.2.29344
    
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KS#1902
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KS#1902
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
-
    Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1773
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
+
    Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
 
    Windows Server 2008 R2 and SP1 CNG algorithms #686
    
 
    Windows 7 and SP1 CNG algorithms #677
    
 
    Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
    
@@ -4140,108 +4139,108 @@ SHS 
 
    HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#1081
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#816
    
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#753
    
 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS Val#753
    
 
    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
    
 
    Windows Vista Enhanced Cryptographic Provider (RSAENH) #407
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSVal#618
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
    
 Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#785
 
    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
    
 
    Windows XP, vendor-affirmed
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#783
    
 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#613
    
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#610
 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#753
    
 
    Windows Server 2008 CNG algorithms #413
    
 
    Windows Vista Ultimate SP1 CNG algorithms #412
    
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#737
    
 Windows Vista Ultimate BitLocker Drive Encryption #386
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
    
 Windows Vista CNG algorithms #298
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#589
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSVal#589
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#589
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#589
    
 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#578
    
 Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#495
    
 Windows Vista BitLocker Drive Encryption #199
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#364
 
    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
    
 
    Windows XP, vendor-affirmed
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#305
    
 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
 
 
@@ -4325,7 +4324,7 @@ SHS #4009, ECDSA #1252, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
    
 
    Version 10.0.16299
    
 
 
@@ -4778,11 +4777,11 @@ SHS #4009, DSA #1301, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
    
 
    Version 10.0.16299
    
 
 
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]
    
 
    SHS Val#3790
    
 DSA Val#1135
    
 DRBG Val#1556
    
@@ -4790,15 +4789,15 @@ DRBG 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS     Val#3790
    
 DSA Val#1223
    
 DRBG Val#1555
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS Val#3790
    
 ECDSA Val#1133
    
@@ -4807,29 +4806,29 @@ DRBG 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS     Val# 3649
    
 DSA Val#1188
    
 DRBG Val#1430
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
    
 
    Version 7.00.2872
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhHybridOneFlow ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhHybridOneFlow (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS Val#3648
    
 DSA Val#1187
    
 DRBG Val#1429
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS Val#3648
    
 ECDSA Val#1072
    
@@ -4838,70 +4837,70 @@ DRBG 
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
    
-SCHEMES  [ FullUnified  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)
    
+SCHEMES  [FullUnified  (No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]
    
 
    SHS Val# 3347 ECDSA Val#920 DRBG Val#1222
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
    
 
    Version 10.0.14393
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
    
-SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)
    
+SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 3347 DSA Val#1098 DRBG Val#1217
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
    
 
    Version 10.0.14393
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 3047 DSA Val#1024 DRBG Val#955
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 3047 ECDSA Val#760 DRBG Val#955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
    
 
    Version 10.0.10586
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 2886 DSA Val#983 DRBG Val#868
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 2886 ECDSA Val#706 DRBG Val#868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
    
 
    Version 10.0.10240
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val#2373 DSA Val#855 DRBG Val#489
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val#2373 ECDSA Val#505 DRBG Val#489
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
    
 
    Version 6.3.9600
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FA: SHA256) (FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]
    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
    
 SHS #1903 DSA Val#687 DRBG #258
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH(No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS #1903 ECDSA Val#341 DRBG #258
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
@@ -4960,7 +4959,7 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 
 
 
    K prerequisite: DRBG #1733, KAS #149
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
    
 
    Version 10.0.16299
    
 
 
@@ -5017,11 +5016,11 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 
 
 
    K prerequisite: KAS #146
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
    
 
    Version 10.0.16299
    
 
 
-CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    
 KAS Val#128
    
 DRBG Val#1556
    
@@ -5030,7 +5029,7 @@ MAC 
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    
 KAS     Val#127
    
 AES Val#4624
    
@@ -5040,37 +5039,37 @@ MAC 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#93 DRBG Val#1222 MAC Val#2661
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
    
 
    Version 10.0.14393
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
    
 
    Version 10.0.14393
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
    
 
    Version 10.0.10586
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
    
 
    Version 10.0.10240
    
 
 
-
    CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    DRBG Val#489 MAC Val#1773
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
    
 
    Version 6.3.9600
    
 
 
-
    CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    DRBG #258 HMAC Val#1345
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
 
@@ -5092,12 +5091,12 @@ Random Number Generator (RNG)
 
 
 
    FIPS 186-2 General Purpose
    
-
    [ (x-Original); (SHA-1) ]
    
+
    [(x-Original); (SHA-1)]
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
 
 
 FIPS 186-2
    
-[ (x-Original); (SHA-1) ]    
+[(x-Original); (SHA-1)]
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
    
 
    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
    
 
    Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
    
@@ -5105,16 +5104,16 @@ Random Number Generator (RNG)
 
 
 
    FIPS 186-2
    
-[ (x-Change Notice); (SHA-1) ]
    
+[(x-Change Notice); (SHA-1)]
    
 
    FIPS 186-2 General Purpose
    
-[ (x-Change Notice); (SHA-1) ]
    
+[(x-Change Notice); (SHA-1)]
    
 
    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
    
 
    Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
    
 
    Windows Vista RNG implementation #321
    
 
 
 FIPS 186-2 General Purpose
    
-[ (x-Change Notice); (SHA-1) ]    
+[(x-Change Notice); (SHA-1)]
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
    
 
    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
    
 
    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
    
@@ -5123,7 +5122,7 @@ Random Number Generator (RNG)
 
 
 FIPS 186-2
    
-[ (x-Change Notice); (SHA-1) ]    
+[(x-Change Notice); (SHA-1)]
 
    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
    
 
    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314
    
 
@@ -5228,7 +5227,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
    
 
    Version 10.0.16299
    
 
 
@@ -5263,7 +5262,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
    
 
    Version 10.0.16299
    
 
 
@@ -5637,7 +5636,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
    
 
    Version 10.0.16299
    
 
 
@@ -5707,34 +5706,34 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
    
 
    Version 10.0.16299
    
 
 
 FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
    
 SHA Val#3790
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
    
 
    Version 10.0.15063
    
 
 
 FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3790
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
    
 
    Version 10.0.15063
    
 
 
 FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 SHA Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
    
@@ -5743,11 +5742,11 @@ DRBG: 
 FIPS186-4:
    
 186-4KEY(gen):
    
-PGM(ProbRandom:     ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 SHA     Val#3790
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
    
 
    Version 10.0.15063
    
@@ -5755,14 +5754,14 @@ SHA 
 
    FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1    Val#3652
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
 
    FIPS186-4:
    
-ALG[ANSIX9.31]     Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
    
+SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3652
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
    
 
    Version 7.00.2872
    
@@ -5770,27 +5769,27 @@ SHA 
 
    FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1    Val#3651
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
 
    FIPS186-4:
    
-ALG[ANSIX9.31]     Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
    
+SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3651
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
    
 
    Version 8.00.6246
    
 
 
 
    FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val# 3649, SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
    
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e (10001) ;
    
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val# 3649
    
 DRBG: Val# 1430
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
    
@@ -5798,13 +5797,13 @@ DRBG: 
 
    FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 4096 , SHS: SHA-256    Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e (10001) ;
    
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3648
    
 DRBG: Val# 1429
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
    
@@ -5812,231 +5811,231 @@ DRBG: 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
    
 
    SHA Val# 3347
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#3346
    
 
    soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]: Sig(Gen):     (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-
    Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+
    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen)    :  FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen):  FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 3047 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#3048
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]: Sig(Gen)    : (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 2886 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2871
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2871
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]:     Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 2886
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e;
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val#2373 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2373
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5    ] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2373
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]:     Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+ Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val#2373
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
    
 SHA #1903
    
 
    Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
 
 
 FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 SHA #1903 DRBG: #258
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
 Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.
 
    Windows Server 2008 R2 and SP1 CNG algorithms #567
    
 
    Windows 7 and SP1 CNG algorithms #560
    
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
 Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
 Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.
 
    Windows Server 2008 CNG algorithms #358
    
 
    Windows Vista SP1 CNG algorithms #357
    
@@ -6044,81 +6043,81 @@ Some of the previously validated components for this validation have been remove
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.
 
    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
    
 
    Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
    
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
 Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
 Windows Vista RSA key generation implementation #258
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.
 Windows Vista CNG algorithms #257
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
 Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
 Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
 
 
 FIPS186-2:
    
 ALG[RSASSA-PKCS1_V1_5]:
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
 
@@ -6209,7 +6208,7 @@ Some of the previously validated components for this validation have been remove
 
  • Supports Empty Message
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
    
 
    Version 10.0.16299
    
 
 
@@ -6495,106 +6494,106 @@ Version 6.3.9600
 
  • Keying Option: 1
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
    
 
    Version 10.0.16299
    
 
 
-TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )
+TECB(KO 1 e/d,); TCBC(KO 1 e/d,); TCFB8(KO 1 e/d,); TCFB64(KO 1 e/d,)
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
    
 
    Version 10.0.15063
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    CTR ( int only )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    CTR (int only)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
    
 
    Version 7.00.2872
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
    
 
    
 
    
 
    Version 10.0.14393
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
    
 
    
 
    
 
    Version 10.0.10586
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
    
 
    
 
    
 
    Version 10.0.10240
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
    
 
    Version 6.3.9600
    
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 ) ;
    
-
    TCFB64( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2);
    
+
    TCFB64(e/d; KO 1, 2)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows Vista Symmetric Algorithm Implementation #549
 
 
@@ -6603,8 +6602,8 @@ Version 6.3.9600
 
    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
    
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2)
    
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
    
 
    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
    
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
    
@@ -6707,7 +6706,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
    
 
    Version 10.0.16299
    
 
 
@@ -6988,7 +6987,7 @@ Version 6.3.9600
 
 
 
    Prerequisite: DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
    
 
    Version 10.0.16299
    
 
 
@@ -6998,7 +6997,7 @@ Version 6.3.9600
 
  • Modulus Size: 2048 (bits)
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
    
 
    Version 10.0.16299
    
 
 
@@ -7009,7 +7008,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
    
 
    Version 10.0.16299
    
 
 
@@ -7022,7 +7021,7 @@ Version 6.3.9600
 
 
 
    Prerequisite: DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
    
 
    Version 10.0.16299
    
 
 
@@ -7032,7 +7031,7 @@ Version 6.3.9600
 
  • Modulus Size: 2048 (bits)
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
    
 
    Version 10.0.16299
    
 
     
    
 
@@ -7044,7 +7043,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
    
 
    Version 10.0.16299
    
 
 
@@ -7110,20 +7109,20 @@ Version 6.3.9600
 
 
 
    Prerequisite: SHS #4009, HMAC #3267
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
 
    Version 10.0.16299
    
 
 
 
    FIPS186-4 ECDSA
    
 
    Signature Generation of hash sized messages
    
-
    ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )
    
+
    ECDSA SigGen Component: CURVES(P-256 P-384 P-521)
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
    
 Version 10.0. 15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
    
 Version 10.0. 15063
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
    
 Version 10.0.14393
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
    
 Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
    
 Version 10.0.10586
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
    
@@ -7139,7 +7138,7 @@ Version 10.0.15063
    
 Version 10.0.15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
    
 Version 10.0.15063
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
    
 Version 10.0.14393
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
    
 Version 10.0.14393
    
@@ -7158,7 +7157,7 @@ Version 6.3.9600
    
 Version 10.0.15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
    
 Version 10.0.15063
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
    
 Version 10.0.14393
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
    
 Version 10.0.14393
    
@@ -7170,7 +7169,7 @@ Version  10.0.10240
    
 
 
    SP800-135
    
 
    Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
 
    Version 10.0.16299
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
    
 Version 10.0.15063
    
@@ -7184,7 +7183,7 @@ Version 10.0.14393
    
 Version 10.0.10586
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
    
 Version  10.0.10240
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
    
 Version 6.3.9600
    
 
 

From 08af59293939817e1e09369356adb3111322cbd9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 30 Oct 2020 08:42:27 -0700
Subject: [PATCH 124/210] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 200 ++++++++++-----------
 1 file changed, 99 insertions(+), 101 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 7196ffe3dd..5f3d865cbd 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -2,14 +2,14 @@
 title: VPNv2 CSP
 description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 11/01/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 CSP
@@ -19,19 +19,19 @@ The VPNv2 configuration service provider allows the mobile device management (MD
 
 Here are the requirements for this CSP:
 
--   VPN configuration commands must be wrapped in an Atomic block in SyncML.
--   For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
--   Instead of changing individual properties, follow these steps to make any changes:
+- VPN configuration commands must be wrapped in an Atomic block in SyncML.
+- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
+- Instead of changing individual properties, follow these steps to make any changes:
 
-    -   Send a Delete command for the ProfileName to delete the entire profile.
-    -   Send the entire profile again with new values wrapped in an Atomic block.
+  - Send a Delete command for the ProfileName to delete the entire profile.
+  - Send the entire profile again with new values wrapped in an Atomic block.
 
     In certain conditions you can change some properties directly, but we do not recommend it.
 
 The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
 
--   C:\\Windows\\schemas\\EAPHost
--   C:\\Windows\\schemas\\EAPMethods
+- `C:\\Windows\\schemas\\EAPHost`
+- `C:\\Windows\\schemas\\EAPMethods`
 
 The following diagram shows the VPNv2 configuration service provider in tree format.
 
@@ -45,7 +45,8 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu
 
 Supported operations include Get, Add, and Delete.
 
-> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
+> [!NOTE]
+> If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
 **VPNv2/**ProfileName**/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
@@ -64,8 +65,8 @@ App identity, which is either an app’s package family name or file path. The t
 **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type**  
 Returns the type of **App/Id**. This value can be either of the following:
 
--   PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
--   FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
+- PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
+- FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
 
 Value type is chr. Supported operation is Get.
 
@@ -99,8 +100,8 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/RouteList/**routeRowId**/ExclusionRoute**  
 Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values:
 
--   False (default) - This route will direct traffic over the VPN
--   True - This route will direct traffic over the physical interface.
+- False (default) - This route will direct traffic over the VPN
+- True - This route will direct traffic over the physical interface.
 
 Supported operations include Get, Add, Replace, and Delete.
 
@@ -117,16 +118,16 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainName**  
 Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
 
--   FQDN - Fully qualified domain name
--   Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend a **.** to the DNS suffix.
+- FQDN - Fully qualified domain name
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend a **.** to the DNS suffix.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType**  
 Returns the namespace type. This value can be one of the following:
 
--   FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host.
--   Suffix - If the DomainName was prepended with a **.** and applies to the specified namespace, all records in that namespace, and all subdomains.
+- FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host.
+- Suffix - If the DomainName was prepended with a **.** and applies to the specified namespace, all records in that namespace, and all subdomains.
 
 Value type is chr. Supported operation is Get.
 
@@ -138,9 +139,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers**  
 Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
 
-> **Note**  Currently only one web proxy server is supported.
-
- 
+> [!NOTE]
+> Currently only one web proxy server is supported.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -166,9 +166,8 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList**  
 An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
 
-> **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
-
- 
+> [!NOTE]
+> Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
 
 When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
 
@@ -183,9 +182,9 @@ App identity for the app-based traffic filter.
 
 The value for this node can be one of the following:
 
--   PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
--   FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
--   SYSTEM – This value enables Kernel Drivers to send traffic through VPN (for example, PING or SMB).
+- PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
+- FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
+- SYSTEM – This value enables Kernel Drivers to send traffic through VPN (for example, PING or SMB).
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -205,18 +204,16 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges**  
 A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
- 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges**  
 A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
- 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -233,8 +230,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType**  
 Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following:
 
--   SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
--   ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
+- SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
+- ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
 
 This is only applicable for App ID based Traffic Filter rules.
 
@@ -243,8 +240,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction**  
 Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
 
--   Outbound - The rule applies to all outbound traffic
--   Inbound - The rule applies to all inbound traffic
+- Outbound - The rule applies to all outbound traffic
+- nbound - The rule applies to all inbound traffic
 
 If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
 
@@ -265,21 +262,22 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/AlwaysOn**  
 An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
 
-> **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
+> [!NOTE]
+> Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
 Preserving user Always On preference
 
 Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
 Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
-Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
 Value: AutoTriggerDisabledProfilesList
 Type: REG_MULTI_SZ
 
 
 Valid values:
 
--   False (default) - Always On is turned off.
--   True - Always On is turned on.
+- False (default) - Always On is turned off.
+- True - Always On is turned on.
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
@@ -288,15 +286,15 @@ Lockdown profile.
 
 Valid values:
 
--   False (default) - this is not a LockDown profile.
--   True - this is a LockDown profile.
+- False (default) - this is not a LockDown profile.
+- True - this is a LockDown profile.
 
 When the LockDown profile is turned on, it does the following things:
 
--   First, it automatically becomes an "always on" profile.
--   Second, it can never be disconnected.
--   Third, if the profile is not connected, then the user has no network.
--   Fourth, no other profiles may be connected or modified.
+- First, it automatically becomes an "always on" profile.
+- Second, it can never be disconnected.
+- Third, if the profile is not connected, then the user has no network.
+- Fourth, no other profiles may be connected or modified.
 
 A Lockdown profile must be deleted before you can add, remove, or connect other profiles.
 
@@ -307,14 +305,14 @@ Device tunnel profile.
 
 Valid values:
 
--   False (default) - this is not a device tunnel profile.
--   True - this is a device tunnel profile.
+- False (default) - this is not a device tunnel profile.
+- True - this is a device tunnel profile.
 
 When the DeviceTunnel profile is turned on, it does the following things:
 
--   First, it automatically becomes an "always on" profile.
--   Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
--   Third, no other device tunnel profile maybe be present on the same machine.
+- First, it automatically becomes an "always on" profile.
+- Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
+- Third, no other device tunnel profile maybe be present on the same machine.
 
 A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
 
@@ -325,8 +323,8 @@ Allows registration of the connection's address in DNS.
 
 Valid values:
 
--   False = Do not register the connection's address in DNS (default).
--   True = Register the connection's addresses in DNS.
+- False = Do not register the connection's address in DNS (default).
+- True = Register the connection's addresses in DNS.
 
 **VPNv2/**ProfileName**/DnsSuffix**  
 Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
@@ -445,22 +443,23 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType**  
 Optional for native profiles. Type of routing policy. This value can be one of the following:
 
--   SplitTunnel - Traffic can go over any interface as determined by the networking stack.
--   ForceTunnel - All IP traffic must go over the VPN interface.
+- SplitTunnel - Traffic can go over any interface as determined by the networking stack.
+- ForceTunnel - All IP traffic must go over the VPN interface.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/NativeProfile/NativeProtocolType**  
 Required for native profiles. Type of tunneling protocol used. This value can be one of the following:
 
--   PPTP
--   L2TP
--   IKEv2
--   Automatic
+- PPTP
+- L2TP
+- IKEv2
+- Automatic
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
-> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
+> [!NOTE]
+> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
 
 **VPNv2/**ProfileName**/NativeProfile/Authentication**  
 Required node for native profile. It contains authentication information for the native VPN profile.
@@ -512,12 +511,12 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   MD596
--   SHA196
--   SHA256128
--   GCMAES128
--   GCMAES192
--   GCMAES256
+- MD596
+- SHA196
+- SHA256128
+- GCMAES128
+- GCMAES192
+- GCMAES256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -526,14 +525,14 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   DES
--   DES3
--   AES128
--   AES192
--   AES256
--   GCMAES128
--   GCMAES192
--   GCMAES256
+- DES
+- DES3
+- AES128
+- AES192
+- AES256
+- GCMAES128
+- GCMAES192
+- GCMAES256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -542,13 +541,13 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   DES
--   DES3
--   AES128
--   AES192
--   AES256
--   AES\_GCM_128
--   AES\_GCM_256
+- DES
+- DES3
+- AES128
+- AES192
+- AES256
+- AES\_GCM_128
+- AES\_GCM_256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -557,10 +556,10 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   MD5
--   SHA196
--   SHA256
--   SHA384
+- MD5
+- SHA196
+- SHA256
+- SHA384
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -569,12 +568,12 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   Group1
--   Group2
--   Group14
--   ECP256
--   ECP384
--   Group24
+- Group1
+- Group2
+- Group14
+- ECP256
+- ECP384
+- Group24
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -583,13 +582,13 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   PFS1
--   PFS2
--   PFS2048
--   ECP256
--   ECP384
--   PFSMM
--   PFS24
+- PFS1
+- PFS2
+- PFS2048
+- ECP256
+- ECP384
+- PFSMM
+- PFS24
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -1318,8 +1317,7 @@ Servers
       
 ```
 
-## Related topics
-
+## See also
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
 

From 8e7f2e1b7ea7ea32c7569734753c224d18f4962c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 30 Oct 2020 08:45:05 -0700
Subject: [PATCH 125/210] Update vpnv2-ddf-file.md

---
 windows/client-management/mdm/vpnv2-ddf-file.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index d29d533690..ea97295698 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -2,14 +2,14 @@
 title: VPNv2 DDF file
 description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
 ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 12/05/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 DDF file

From 3965c127243c72fcd4f6a9eb768a4afbf0c25364 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila 
Date: Fri, 30 Oct 2020 11:32:25 -0700
Subject: [PATCH 126/210] Release notes 101.10.72

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index f14a0d3752..bccb1bed4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -43,6 +43,10 @@ ms.topic: conceptual
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
 
+## 101.10.72
+
+- Bug fixes
+
 ## 101.09.61
 
 - Added a new managed preference for [disabling the option to send feedback](mac-preferences.md#show--hide-option-to-send-feedback)

From cc1d0620d126f4a56902766a9e65df9c5580f8f2 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Fri, 30 Oct 2020 13:12:33 -0700
Subject: [PATCH 127/210] enhancements

---
 windows/security/threat-protection/TOC.md     |  3 ++-
 .../deployment-rings.md                       | 27 +++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 4cfb2a5ce5..7cb35259d5 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -19,7 +19,8 @@
 ### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 ### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
-### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
+### [Phase 3: Onboard]()
+#### [Onboarding overview](microsoft-defender-atp/onboarding.md)
 #### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 #### [Onboarding using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/onboarding-endpoint-configuration-manager.md)
 #### [Onboarding using Microsoft Endpoint Manager](microsoft-defender-atp/onboarding-endpoint-manager.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index b9a48bb7c4..8ad96f8300 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Microsoft Defender ATP in rings
-description: Learn how deploy Microsoft Defender ATP in rings
+description: Learn how to deploy Microsoft Defender ATP in rings
 keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -50,16 +50,20 @@ Table 1 provides an example of the deployment rings you might use.
 |**Deployment ring**|**Description**|
 |:-----|:-----|
 Evaluate | Ring 1: Identify 50 systems for pilot testing 
-Pilot | Ring 2: 50-100  systems 
     	
-Full deployment | Ring 3: Roll out service to the rest of environment in larger increments.
+Pilot | Ring 2: Identify the next 50-100  endpoints in production environment 
     	
+Full deployment | Ring 3: Roll out service to the rest of environment in larger increments
 
 
-### Evaluate
-Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be less than 50 endpoints. 
 
-#### Exit criteria
+### Exit criteria
+An example set of exit criteria for these rings can include:
 - Devices show up in the device inventory list
 - Alerts appear in dashboard
+- [Run a detection test](run-detection-test.md)
+- [Run a simulated attack on a device](attack-simulations.md)
+
+### Evaluate
+Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be fewer than 50 endpoints. 
 
 
 ### Pilot
@@ -76,10 +80,6 @@ The following table shows the supported endpoints and the corresponding tool you
 | **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
 
 
-#### Exit criteria
-- Devices show up in the device inventory list
-- [Run a detection test](run-detection-test.md)
-- [Run a simulated attack on a device](attack-simulations.md)
 
 
 ### Full deployment
@@ -92,16 +92,15 @@ Use the following material to select the appropriate Microsoft Defender ATP arch
 |:-----|:-----|
 |[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: