From 9c4a5e6193eb2fdcf8211738f6e5d169fe874561 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 27 Apr 2020 18:22:26 -0700 Subject: [PATCH 001/136] exception text --- .../tvm-security-recommendation.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index c3e900103b..0a890f34ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -127,12 +127,18 @@ There are many reasons why organizations create exceptions for a recommendation. Exceptions can be created for both Security update and Configuration change recommendations. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes from **Active** to **Exception** (global and all machine groups) or **Partially active** (specific machine groups selected). 1. Select a security recommendation you would like create an exception for, and then **Exception options**. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) -2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. +2. Select your exception scope. There are two types of exceptions: + - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges. + - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options. + + If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired. + +3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. The following list details the justifications behind the exception options: From ae8ec06b5c176e2a8eaa0910c817ebcdb02cf52c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 10 Jul 2020 21:05:56 -0700 Subject: [PATCH 002/136] devices --- .../tvm-security-recommendation.md | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 4dfbba217a..7dd13f87d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -96,9 +96,9 @@ From the flyout, you can do any of the following: >[!NOTE] >When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center. -### Investigate changes in machine exposure or impact +### Investigate changes in device exposure or impact -If there is a large jump in the number of exposed machines, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. +If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. 1. Select the recommendation and **Open software page** 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) @@ -141,24 +141,27 @@ When an exception is created for a recommendation, the recommendation is no long ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) 2. Select your exception scope. There are two types of exceptions: - - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges. - - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options. + - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges. + - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options. - If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired. + Some things to keep in mind: + - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. + - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. 3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. The following list details the justifications behind the exception options: - - **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall - - prevents access to a device, third party antivirus - - **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow - - **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive + - **Third party control** - A third party product or software already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Alternate mitigation** - An internal tool already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - - **Other** - False positive -3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. +4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. -4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). ## Report inaccuracy From 7255a9f4730b625545760cf13e8710fa7b17dbd1 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 24 Jul 2020 15:44:36 -0700 Subject: [PATCH 003/136] new images --- .../images/tvm-after-exceptions.png | Bin 0 -> 29069 bytes .../tvm-exception-cancel-device-group.png | Bin 0 -> 16894 bytes .../tvm-exception-cancel-global-400.png | Bin 0 -> 12719 bytes .../images/tvm-exception-cancel-global.png | Bin 0 -> 13617 bytes .../tvm-exception-device-group-hover.png | Bin 0 -> 11884 bytes .../images/tvm-exception-option.png | Bin 159108 -> 0 bytes .../images/tvm-exception-options.png | Bin 0 -> 4753 bytes .../images/tvm-exception-tab.png | Bin 0 -> 16105 bytes .../images/tvm-exception-tab400.png | Bin 0 -> 19531 bytes .../tvm-security-recommendation.md | 84 ++++++++++++++---- 10 files changed, 65 insertions(+), 19 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ae7c83186b37cbddfcb53477d4a6df5dcdfa70 GIT binary patch literal 29069 zcmb5VbyOU|*DVT3a19>Z-JM_w?jGFTU4jR92<{MqySsa^!CiyQ-~@Mg&F{PSyX(HU zp8YXv*7S6DRh_CjXYYMZMJOpqq9EcULP0^HNK1*SKtVx=0Uu|0Sl|lrSDZQE3&BxJ z%LNJwb>Qs-oy>qr09=G~m6jKW+l9l!p&=UHRi=l6B88F``>OUm>v-K?Qw@^+@AZ~; z#CXA#&9Y}{*QsSq-^Lo@{fUWM37W7gZd+}5X4TgbMhuT!G5ENQqSeUAkE>_q*rIIf zHs$-GYQ~x05cC@30;{memT_Q~61-{S_P(|R$e54$K7yT6t1l|Ep^52h$83--) zC3u{O>LHR5m;CGt%CKj>!q! z3@XrA6eoJwwyyLzqj&Gam z)PAe>w0Q5L+x7ATkxPwQj+~KE?hzMJ5T|LJjrH1_rg3Mrk2^7-b(QIhpbj!@%G0be z{Q@P&ydf$530JJXlZ6F;Q;3;CdStI5sWnK}w)|u!#q!ABFLN=W$oNhj=Cy6PXAPyt zdo0bG_3HAI3|cCxgVD%1ZA#KYJH)RhgzA&q__Gs3b`ue$mOlBxb1 z5`i`IdWzm?nOgok+W7jJB)#s1l%1F2s?}1?Q~kpAX)$_^T%Gdc?zxlN7`HP*<%J@A zY*t`87wEFNA+7}p4G-Zn$4}9}HpH!t{+_d_@-3Co%2?#r?S!PuPy%mcPp-6hHy_ZJ z9EEM8$3<;&$h`OacUAY%9_QeGg}ASG_amxYx8lQ+@S)xg>fRO_M{;^R@R)N_P?JKT za;CXNXkGvB)3Aj|WS9lI$MOdL?mv`fcHin#9O_jrLz_?~%s?J-S1RT0g$;9OY8M)I zDmOVtD)#sCm)?6kTvReI8UAWz8U7@!#bjKXTwy#uHZ|+Ri}djYbnSlmC%0+jg;hGr zS;HE;(S&BHh2IWr?bO`O#OVu8RWh)}4=S_^#n>gaJQ}nPj%~l;`)8E`KbNhYs>kZZ zWwI~FS~p4w@0k&!Jm_%w`IBG1=^iFkmX;?GS)kG%Wes=CloEP=3UOGZ1y#)Lm{+RI zuCKChcIZKred8f~yB(oRsMZjYNVa+3t_Q+mj+vy&>uj0&?wtkod@L&n83&m5DE5K4 z5%h$bvs`96t~A*^PQu+LB--Pm#echibEdR-`I3{pn4G&nr<1EuO~GNXl*efeacVY8 ztvlqawAEidZaP+Cw-7H|{LSM|r_&ir;d?T^v$8dr&Ag`pw?N0xee0h*>;7tyKjSOU z*ZJtSmrSCDYCQ4RrQWe&No0ngTng#vtnJ!X))!$l@Yz-W3_Js(+>fB#8OB|1#JfBF z2y9HP$8R;ZiWE2A*`^(fG8Ps@Iu`S_jOSdj?kz41{L`a#>u#Jce+H%(Inr8x#}<%q z&FD5pgHHI8vM<`I?~P&2va?;?-Df^X)mSVkG&k|)Vg|@+`p*Z&@kp7 z*PYSSbY_aGm=hK8D9o%ZkM<5G?tj(m-jaZY)8Rj;*o-_FXHU=dii`p&b2*h@fPg z5d&?4dusFNUO}Ld+l`@@6LLhAnBWj`W9@tV>cP4C*QCKl`=VkKR_yBQ@63$a%#|K2=j&Mi;7YjHIHzknnLNF={3o`0 zg}21pe*U^%7u+=?GvuA^>Oo9)GFk`K$T4vzOvb#kT5)&buyosx=r;}i7PM~#!9BCz zqp@?jZ~wOGqok)L%2t%&@#NAK{>8$ZMvyEoSg<`Mt6IcziIO^a zs|*wts>%CcE-3AQRZ63q7T>Ulq-o}#nSXscW(UlKVPy2c)fxtS4Tpyrv(;=rt59<= z=do^`w?T$zW6`^kMB(+qMt?GjMb7LnH&7h6rH}e>fyhp$+t*@?gTx zTG$~`_EZMbD9>oz#~$I+4g29Fzs5}LtQ4j!j>QjOX1?kIBcP*Av?#}^H6E_BzVBP6 zr8N|3^ZZkK%jUjF+M$X&0Cynur)7wq8uRN|Gkwh-8>?eyy_p%Lfy9u{6qQ4qKn$Oj z{FUNh!sW(EPbSF`vhha8VPyaGh$x~RS~OP|S_X9qfY#;+KIo57(NITE)uc0OWd-;u z3Z{Ck4x>FIObVUReEAL&x-UtxbVk^hR=*TpS&HPRF*$wt^U4dBxbiw)mF-=sZ4;E| z6**@_pb0c9bH?R`Hx=?PaK=Onm@B;#UPglMW25 zl<6K z5)q9a9}g7mZaO%{(6M?(p%fR|@{?-2xVF*yY5S@See(|d*+y59c?aFyF(}2mWq( zCGzP#`VgBnI{Q5tDg0?xle`r2yXtUdeghFNBI~#tFW_c!i!I>>{4t|lhfcOr%>Iy@ z(YHES^2hfh{ti#eG+5Z;2p3HVGJ1-7OGECO25S6OzMiQZiDAxqwyT?4>&x|8Kn|w( zE}_22Gyy*?Eo!0R^(yh>61m?;>ND_Ydn# zmRpl6Z{*YqVXHjD6gYd+CGbz)pKRqp2!6F`+o6AoI*;mPI)bR1n|>Kr$H$&@DcRI( zE-tRUw&YkRNsV`>OKq3|wovo%=DHsGCk*_j*0m^mJ<@}&X_$EQ6_IwdcXjp_eI*US^$-B3; z*%JEJhd1Xk8Ef@H4ovLwjr+CfyVQGZkf>V~U(zTejYpRrBw%p7arN}L4`tErThlV6 z9$yF*?EjdJ(Pi?lYs`K>Sx&_2P%f(S-=o#(e&u%Q>W*&R7(B6iMJ68;#&*1tK@$vS zw~}$}wsul|KXCL4p{jfJ!-Mn97vXu5b&Erq<1E+N^sZuT%2C;DD*4^Dk`^fgt+lh*DKAS)HNSY@Fja zJ0sEZvV|?G$fIAiuE~Og)hA87RX@QHD6m7WIpy^9mW~f0sD(&lwG?w!2QfvI;F^%% z{uPVK!|6Jd(oq~WSh$vp(aguMPT`Rz&r2NIKQy0b7%KecIar~BmUOIoKksdg;1_~T zV^mz6!xHl4dHmKYX;0in7hsMWHl){OCYlr9-L6U#aDwiN?tSxm^;SiPEJq2zP2}Q70m(wb!2F~q&oUF18@}xiw7;=WLal& z8r!g&;6EXSXOiYmqc3rp$rp&Gt_2|r2hgwr)IAu_DEa+2SN zZm6~v*RptZVOi?u16_0XIj5@`=~2|%pPcJMBR{EjDM6HW0TGif-OK~~-zIVTb@3Ur zALm`kU_mdZ7)9nos4pywa3}JxI8Eus%df^1G3D|>-`ak_9$bGi8kdtJ-)CZ{&)IhH>tR`a24m<{Dda7n-_2ZXz}qd=?fQOuK0pwe{plimqstD@<+^ zgt4`g$=~mUbJ;~%iMoB@6ig&4hX&VN2iU2F2ZU2rwuCm2G4&HJphy(zN9$r1V|ZCH zZKi3*#YmY0VCc62PCQ5c**Ca;QZ5DrvS2*<&}o)}5J2L<{cpVjkT`~eyh)iP1U-GI z2L73|;sq)&^nOK76T*`+L^r-u#Tumea)rZ4$r}!>+_B-dgN%wn8H|^c70`3N@_oGl z5KF|m58n5!w|lgDoaG$len21##q~wUSmJ*-I=$CgUBZAzUiS0OpQc4I_kC$8$p##! zXJ>cHq@xKSued009p$xw0c|-REieK1Aqa5apXV`Wpp(Pry6f&NRO$#k{p%OFni8#Y zS!ur^6%NGwI?IC%3~X|~0T{9t(Ek%JiT&MmEXKEPdYpWPXR8C+EuI8XU=R-c7zwf< zlPEF-=^>yRf9ddlq7KI63*_^s`u{2&g$h2FUgDwpuuHZ2_N4?~sx_dgxWAv?7*7a{ zDQJwWAsaUbI8h6x%}Z1+*8)R%nvP~y@mrhu|IrD zsDLctpJTyc(j26?t0>RBORxWv#ZEa$pnO~m;%Ed{*@M2{K+s;g%7wSi+A-c!0ke*D z2=n0vBHaHKBEGXNY1<0Vht|QF>v-|>AtB}60$kU*G987M$8^`-$IwXggp2%e!WH8P zeLx8lt?o?!#)YP;aYY5*hX_AYEkNIJyVbq)@PTtQUYSRILfsV0{k_-HK^cK{R|pz7 z#A8JQGB#b0f;XoEG~aDk{SH;}6N_t6AM78j9L%Lhi1f#TTd~)FEQb74pqHttld~Bb zmGX-Ws&5d-74G|0xubQexTG?r0KMgsT4?~+xJKNt_wc;qVZhq!;V(?9s8~?44a-eB z)2{pQyrrDzn!3pI{NYwe$RAr&{&C8;Nm(o~2+#TE(tm5JVwiVH=lA7F*0>L>S*g1d z@3b6fR#{B{DZF$+(vnH#Ol1D%7J*PMtDtC>g@69IbzK#bzIsz)(^{68sIHl?oLdxO z57sXJh2<;V{;N@m%?2Y~b*{&e^?@#FK)Q!UEeo*$RIJt@oL4!Enm+kUAg1Y1nqx)0?o(zL-pK@GY0Kctlf@I~va565gp2Tm;J*k-QeUOxVxdCA1ru5* z=6z9>UR@Lub;20+9l6lpzRME`2gbI z{v&qsE~2fHiE1%o;tCfJiaNe^&UZQsQ}Ay9cREp7Yh)gn{?|fIQeol`1^Rb>{+O%^ zt>u39i;x4R&JV%8)NkuAY~{fzP!WMDg`jFAFw#XEGup)y-o0nxg;m;*CCNieeaAD; zt*qHy73-PGp8>`SV<^1*kjVFu2vuC}xKm=c6ZOlZTMou`?=|O}ueyir_T{_0vruK|EAKfST{s?sKsD}1apmDs&uoFf9h&CIFX>+f|X+`AUU7*z5Lr(Tf3wJEFi+ zQ+@gv0y;-XFkipcRQH!jwU@zy;~+8Dig@HfI}F;VBZj7TUZ60|dY#+x_;?MsLYKx> zd-mn#N-T1vx_GiI_A53Zuw>QrRe3@y1@+`1HbA$smtQH3x4LP6Bmb2Jx zA|IgInErXiN7R?t@Iz{I>Jf}VGZrQMzjU~55Q!bC{U2l-sBNBC^h6^*WLNxj~B zFWjf(9BWqP88?$bG9I)B7~_Ku;@ZiHc={w%CrmhvX6j~t0!Aa>U}q;SIi|&Qq&T2l${>I-+v07w1hru!x$!e>0nr?W8|+seiNqgtxY!@ zGbkzo<3i8Q=N=W&YQGCYSD2}wlxP(6-Y}auOuc_T^PfBwJWI%Wa_c?-cWkY?NQc+T zS)&@O@$1~4jc49+B_wt$Oq6l}@zACuigF+v$W*YE0TC(gd}o-$@9De!X4^zRny|o} zIEJy<&y4@1B2-+^O-46g*0qWK?#SxuIX(&d5$+7fKo|_t`Q`>OjF;lKNQaVOkX~?` z9X8D;a}b$zAHuyo&T4rDlXoevzczkABvS+8S=z;ufgs$Mjq=UHy&V@zS$eGwt)d9>rZBF0tEl_FXqvu!bFxO$CTq`9nE^*t_7a z0m;8S3s~F?VmNyNiFI5X0CM7_&soU{rSi-;vJKM5IQm+Y$GacQvI$ zv;8_aFO2w*KM&pH#|L04J6=w7jdSkVH+7l|H;?q&7pAKX$pUirP z9XMUfcID3Q<;K5z$p7{BT4*-)q;!j+-u&XY-oO{C5YzZB5$I@TG7A$8A6>wG#6cFn zN3TOhyT{o@kpCT-|LZz=DHnVm1%NX0S3<9C*zj}7uUR2}TK8GrELxcVtm^0c zLjLN!Z*ZS$5c7BDUYlCc&$c9rVW7rH3HE_rmJJM~+?AL=P80exKb(ru_MfLb@b;=VJ+vGU@;Wol~kI#w|%3~vHUteDuuM>G* zUS4o;upuj+zy>1#!#U(i2^lEn3T39-6?ZiG)#S|8dO%dG2%n`ya zU##Qc<1=v*uKr2JcFx0-iw}rhC^Ftw?|E(HoVK+3J*^^7o+~g_hrqTH9Tmm(F;yet z{oKB;inLjd`|VNI+4e7XmXHaH+XNyTWADV|6JigU6;~aqdn)w`Dp0$n@Ac&9&C-|q zIP#AOl%V?QHP}Nxms2Fji;9h5GH692;#)ia#fHJl0+9`J#n|`Aw&3%C#5C1#cX>JU zbDnioqBBUF4K~$-;8O2j-LsX@rc7tPC%;+--{Hqr>m2#PfkOM= zIM-``svl62J@p%hp}3H2A|js3WUf1=KnQW#C6eja!$H!Eg!%l{9Si4wHXFwexz=AB za#meQ>H#xvzsq^uk9E1eY(h6oufI8|cOde+F*C^Bq=zW`(?$Ny@@A0mynaR%uO(5} z=h~wWJBi%RGO$(daHS1%X{Li@sREsy)oePrh&WFp$@JDd_@}*??3eU!3HPRdw7fMe z8C6^v)Va4&9Qj;xai{~qauXhE5qfQHHg51OD0w`pbXoE7KSGW1zCES$INSJUztK_Z zbF*wABP$!_{I?HgaC(FLpIr5``iSOY0s6m9J~O@kVwubCY>jA;r^B({yw4G*wm3Yc; zS*^R5)ATkl&m4l^-gwoTXjcq z_ORVQt9d&w!ZYo**jtxmO}!l8$wQ$@zQUzlH@VC;vy<=sncnGUncl1Vj|(oJ(F|W&o%_(Tz8;;r`mtW#Oa=3&^!4) zeOdp2%>1`LvDH~Srhj3U8^a>Z=02%@g>OMd4smRfdv?Y>R8_l@f_Xt~EwXcNMf=G@ zK;%Rx&$o$uNhw2tSKWHlW;v^DLUCQ}WY4^EC`lYd?&dGgF;p)=lkKQ92G z!Aw9Jbgd{QJ-!G!z_idEj^ux}Oql4J)u?KVEBiHLz3MaV8S6clbk6(Q zZ$X3U-;|EiquiM2+h&9O@xYcg+T*NV+-7Y|7xI-P@Zl*WXR(pZjTmJd^7>I%>|I3a zSnWHm)I?9Vcl(uay&W-xEN&!s`4hm#S065!a5&>Ew4ss0@y1`=@{~rnnYwB|wKO#x zo*CZ%y!~sd?K6?Cp(CQjc`P-~Z13MSEaU19QIi);sN;!PqiUf80SY2_f=2(0K3`ur z8=x^P=OU(TSCC_*DffqaD7Q^S%*QJZu=rm~yCQdq$X6E&i6qEVIBijGCAe$DD|>yQ zZ%LlGKBZYC(4!5wJbRoG&7*KcrOL2sGSN1fBks&%Wr(b0N7?DxKL2-MS#YSGp0a;lDJ_J8BOE8o}W|rD#OFLKV=@ z_tWLy7f5D5bMwCPIh4FhUiS9W;m`n!vrW~1rUg4svU6*%Rl;=svuCobowxSaS|)DC z%s;A6h0}2Pk$3-;zt+;CiMgDlT1UI&?a75_demkeI;jAb;j5y?fEriI=OSSeh#xrM*c~_ggsz#VImS^6-_^POox5qeRXv{N7!9_h|{u~oclfGPKk|9 zPFNYlPZOO3k^J(Wwtmv*B$Q>}kQ0iHj**4u_VEcNH(So*CyC<&1)tbcL7F5>m!78*uz{Uwh0x`@?Wk|fBTD0vySa)mo_IONwTPP>*C5E zNqwu`br}(OwxOr?Jr>Q2HDqdQhXT*Lk=GH8oGUp1m%@_`r45S;?`~%LZQ9_!RS>Za zb!h(lGE3ku4=Q>;_q^!VZS_`VG=O(GmD|~~dUj$w!BKgvl`glv`HHnlA~5?_a1>s< zpC{Fo)s>MwOh3|nk5l~`1({TMlb8lHxnB@4FuEfvk3xrS|Eqzgjs*#bo!##v;d{^P z>bt1oV()_ZO}@8AT-r}1JL-zQe<-vM!t(xjON?m3JZJL zhm9r>9w=1VG%_7K_cEEAOzB)ryQeqR1k}?OO*4O9ptyOROGzGiU}3|XuSYn4o-xtU0;S+vqGy;{w#>tl z9t?jSm=ojjv}28-SYX+&_nFs37Tm&3d;zTbI@yjsQ2?ef*j5M^*$mP1sB#$SLB8kt zg)1_ws@h1o#zu4y)Lqg$eV<%}9lc;o75DD?`-^=NxxKMrIDs!&J9^&R&xG#aBRres zTc6}`@w|u>KWCV_RN}xBX7NEs)b}I!k4l|HaPUG6e4!wTY7#)=H!Z>9N<9NTEtLFLVcuT6xNYPLd{T|V;7_$w1l=^J|^s68d-Z6 zTrMxcaB~PQZh5I-S`({m%?jNJeT)t_{ycGd;LPE)_weByZ?#XFg-Ihb*fACjWuW5k zU7v89~=*zrewrod1ltmX#d!TmfXxO9hlEN#TN29T8dgGHtfGP8WF5RVUk%pI7z z`w^-cLd~^bV9#qp`h{E~xn1ozN6b0636ji623U?m=hvA4dvb2h_0nk~KsJu3mTK=~JT#?@m+k^~vHR^>}LRvH-gl<`o zEAbHG%hb$HAXP0^|F9%+p{g2QpX{=>BpXjYL$|yxm(_(ZrmG+-WE;m-KiPWSXDwsg zup(kq$;}fb7-L5E2cKXIWabkg893 zt9k^~jL?N7T2veqx3>by0`UKjipghqR8;!QcgTL*b83Wh{1y^CaLJxULK`6z!RY;& z0GU!%WpkpM&1*L57hn~{s9Bhs^N+qd?Et1(S_wfV^$6qu>~5BM&(*@$I8#&0OmR3#D3iU z+orn6bXg_u>7&1H;lkbAn(BSR@oaImLUaF3o&K^Tg$ui!3Hg|6)!RS9Xl%Y>!0H4^ zzLM;G3I8_&O{XD+hPvftR7QFg7efe(_Q+KqmfMS!=IJ;SwRm=}Mg)a9$}p0h=_6lw zFnrEi1W0gs#!OJ$L~$l!IKvXzK6aeb4*ukRloMb0z>iZor&J|KQEo1n`8^+TMwaQA zt-Nsyw$gkX2mv~&+yK#VS8l2kYz!SRS!qK2HO^I+d3Mt@d^pzlk)ovWLWIH_|9x_E z$^`d`*2XF0O(p9`4{hN}AY+lDIq@)Nz8JC$$O1QeF@zrW7CfeqZ*7@jV-s`Z8mUAq z!4u*jGyU9Yo6eQKY^7h!t2>0TT)@&B=EhJ2cmUH(2CGO*MsmU>Qw8W&8$Vt_+N3Ra zJ}W5ymd${G(YFG@K<&_CGyG*1CRAuRaYNRAF{y-viKPI>)N|v!m|%h|r}BK6%!vjD@HXio@MlQE7%R*csn= z&1#l{Pz`)yc5jbV^;Mo?W`r%X#7bM#75R(6QL449iHc?{O8)SbLdNRU!lJM&GL0Zj z)P$LZBV*)@kZ7Athpq8=Me$D#y8}w7v@tz-XMi{1;g% zO>O?I|G`aQ*fI33@5^eLS-qdGC6o&io)b^=O>e%{f~deyX^uX;qKx`Cyn+heubWnQdHo3ZiWv_I70F!K$nLvvcFC>gu&SLu zJl!SA;`_L-^_6o3)a1(Y9~*BT_cuwWw7U65Vg;= zOv-S^2#>m|vn|DaDfM<15~Q?yYcUGMV&P?r=oA8V&dAeFAO@%f!E;#Kh>iH7eq2YF zD&bLXMN=CX=#P@(P#Sb;YbX?EWy(QpLM?ZO((`lTgModAt zrtwl_PPNv*q5wxqIdt#IbWF$Anz`EG`&+2*EacWA_y-rq*|qaHb)Ctr4DRj6KA<+A zeJ%u@BIq|QZDb#iDc(Og_&XFs0Mz|_yuULg&V0J-VNYJPSR(;EQ!#fU$5s!yM7bh= zl~MP?S4~YkOd17BPR^vCKhcq4-@^v=CM#ql|EG}Ooa(kgRm69*}+gPfqSf`K6cc3f8w?VloCA{5ZL6zjOBg=8m#X3 z(gJdR8{e=fj!4VBe~>Sw^rQvGeH={3O_ey11t?G*Hr{|(i~!n#e#hCWhGb6to~CZU zH6q&@%x5)+4rnR{}LBlCkd}1Og^5mh$Qm1G?pjj zAsUrwK#Cl#V34&43Hd#dB7TqVsTVQ&{{Xu!DV3CZ1U$?Ck#?*AR$f(zV$d+;;`hr= zKIUTFApD~YVB<8_8j}MPS0X1RN4;#~q@FD%fC6yB>Fe85SLq5<5StK)Nq!f;1CcK~ zyc{GQGgC7!3_u88wZik>(&d8Zm7lm{+;ANV{R3#V z*?89zinRgyU!Vpm^75QwB%p6VGM_Y<7^t z2T*}T@ioNCW)%evB#q@+0Ejp+1zo2AZ~S<$#LN= zT?D+{i{}E?U@0gq44D*qjGo;L9!`Bhx;>2Ax_@q`WzmNRcmdcPKV1eJl3#|d6B`mLf%FDU;!1mX zlPYZE++fX4a*w^Qv3Fw%Pyfn?Om)1VNm?$xylm0H>8@*B5AoI1>3NXzm0bYoOnoZU zDQl?Y({^KskAwW6p908S_~<~<{5CtLkuq+S-h+5Gb4^P}cI}`!b+}_^LMzgO!)nq`Pioeh%$WkCa;t`R4!bCOh}<-(e2( z=I@L_F5a~FOZJcvUi~-Acx>Htp#|3Jciu4c^jY}A6RCnp@Xh$;7DgKw6i@eU1vgK^ zcy5_VQ-$|JIYT+Xp;90%!|gHpZ69q{psn=}%5o$oCoh)McKY#YIUl(dVKgV*wty_g zjdQ)b@ld^AX^JSIsd79eGh_wBoLAW`q-5&BIl6l?H7)p^P_P|;(o8+4LhBb^yxyF|hnH z)VomK{V_k+?zFc87N`0i7`k^T*aKC5kg=h1PNBwm{b$rOu7T!>y^Li;&1dr|nPtUU zR?w7UvmrkLZ6$mxGwT&!&Xs=M^BQ&-3%%*{UbdQga=oWS>*-y%g>L{PM#;yMOFftL zomfGli8@QqU&T+oZXEem^cEZhdh(HC|3&x-c+1@D6g`3pU@N{0?=3c!xAP$xsQvM> zIN{jhp35v`&}hVH%>IitLit_T!m`XfSL^nkVn#adeBJ!&iP74QiT$PVA2KR{1D7=NRf$Tr0C$${ZU!YLw>*{>#+5E zhH^X9@S9?QkK@H7p1ocG0`h9OnE-P=)wcEd3HjN5;ssw5^KW^?aT^(R&c(g$)c9=I z3FNulEOJZgKd8@jCtjdhN5HftGud8CJFtUFYmVY=o~DV{E}hMtI$J|a7-%&d_m4QZ zGb^<4B{B4ktSkZ0=p4U7Q0YNr0aA#Li-bPu?9x%*F?_vB86_yXbV>iYJ1avI(+TR5 z+qpwcMD!n4q{8OzuB@t|23&yxP5tE#>3dNJLba4-P5aPe44W-*e3Nvf(TPl+WWdqNSy@>rGwZhe;$2yV%{ge?r2ll3fz{w2&(F+&TfM2C z@p{r>JU4NBce~(_tR5!^q8lu-8|4#T_UOnhALw#Zklhimf4hih*Y&$(SS|YE@R8`$ z?dpCRjiLHsY_m>2VnVRO)$$%&=LxIFPt$Y0fM5S4ELlVT)b2is>$YYlFZYJNe$&p< z%D~qq6G-m0sT__~+ATJAJ=ZudZMVyJzw`BDBmaL+c~R`(&d3j1yJ^(>G>6R3czCPT zHE)oX-o3-LpPt0;*RL~KABG2}N1#~CyQX5pu6o0clDRRhWC)8i=X%I`+jzp-%Yx}s zqq!sDE0@ZfaH)ruRKGM^vLRnB)D-`uR=Kdh=4bW!??(U_*i$pl518A%|R-4oFkiClBW>p=0qVEK}nQlC6zPI?V?KA-RG}&K>vv{s`?K2T*Mp(HIdC5|> z!Bs&c)jsZGbA9sL(b* zyKw-DGVrhf9e)Nu!RY-NoNoo9|F;KRquC5zE`(=)J=?vG7+h+=x%NLlRRvOQmi_0D ztjR>z6Z>e$$35=EmT5Zfa*Y6p(Wf7GgYo7;M3kwVU}5O^S$RSs zAH?hUhU`eLG2UR{nLshv&)NXA)d{etY_Y~L`yosA?!oyU*XjW>D1gfP=&&^GoP)=M z8f1iBv8)ISj5*xUP;W?ejw%{0YrsTm!EpvxKA(M3%$;uzr)WR4t)XtcIMm3@+ZHi% z(puCU{B65u)V=yITP0OnhB%Z-Cd)jJec)(rilP#Rz!~bA!`{NKDat$Ab}vF77@Yz{8VJUWS2(3HZs>}-Y@qe#VHpY|drZ8OJwP}Vz)7hYFmm@-;&QUa(9E_(dLhQL44;+@p zBfIJ~0&1hyI=xdfc^pvHPqDJQMn+PLda6*RvK7oB!(U-x1+V+;qAG_DF$w2-499Ax zln%3)2@O5-wbm_-xc&nP=tN^9mH$r&c)hx3tAxI&PM#+p5H9>wn}E0$=TyeM4CJ9L zo~gy`KCj5eTtd65vMuig%t&J<;`#0dG~lTpSMo^Fcl8A8e9$w2H%JPUx7k)Ut1Whl zS@E_ykdTrmt5V8t_G*rAQNzrH2AkEcU5}GxU1c$DtEVmTI8Y4B&aTfwft_#CZdKlw zbY_lML17ta%0~cuMS19dVP&n-;^Hs@9{Z{JdGXzyL{Hm`o%dsE`nhBS@2{p=QjeOI)T0q6;?N$QPqqI==eclEcO`Gq~>X1Rc5-wvebdE`9% zzsCLtXWK7Y`+;Eoi{O%6e9`_dRNS8cybjM6sPITG>5u+gcG19A`Z%m@?7T-d5OnqZ z!r-47AmmEGOlnxZH$>&cSPR1LDoF|z_bsmXig6>#cE~fTL7G*Q)78QP%m-9BHsaNr z*B-xmD+5(YeB{Fc&-%X#+t>&jK5jPgjQq#ThGxRwMN`pX70&tzW5@AB;c zqHYlA$n?3o$2GauA5K=!1&R43zi&7(OBJ;s;|P}t1vrFs*5L+xw-a$Ah2H`Iz+^%(CBY<82fbu|y8R)a^^ zakd)f9ckw(f02uW_ODeYd)XpVSwyi9*=a`2Z;SxtEsIn3Xg_N6t4BoCgzIP-NX3i9 z9q?q~t`r&L+x}m7?CC0{VhnD0@4(+Jg9Rl#JC!K!o^w{K&0000oE>QEAZ`7svt=1`S+lzaVBMVA z#y#f5;kwpK6kh$%`Z#v{mu-R95rNVGd*6UlzOT{g*K>|T*idy#J3d_)@n4LUOtih{ zt5)7h7%<2i2EopHTC*c;i_V9llADjJ(fB)rn#)z~;ht*Q*&Z|iJ$qE^exCYfxBl$_ zU`F@VDcZ6ZB^C5HI>~MtPM1si2@w4SNw%b zn1d?B`r~2zYx_=ab1M6D?Jusvl3{7UnZvrAUo|>}R9RUJ>bI;_5KnUa4)p0MuhuH6 zxwoy+;l{wu%SENJmiRS^t}qw92{|02I3 zm7p+wiCMiJ6-tcF+`V`*ugolh1N}nT{6Vk{8iCzqqnl!J$-#7>Y^MA0T~DK7J2FDm zffZg*8wVDB$nRMmzWW)hrFrPm*^%QX-akFRa233IB@_x%O!Nxo!{1-&I_sV&cAZxU zgCR@S^b3Jv4M%;4Er-5}4Z?f36y(`ipFFdy zWPf1()I{eUX#5ZE)De>N3XFIh+X-m6ZqS(jKk7Qms5qi-O(!8}pz+|65D4zB0RjYf zcXw;tgS)$j;O{CS`XbDV z{RWNvE9jppIHXa?sN%~xhgmrV4*7#N7_!wBC?0SvAp2}jl{_u6TMmy_v^F1toBi2f3B(n(t#zn54vWT|F!j<;L|a9sV{!&slU z9?quKCv`5MNkBY)c$R-(-PCF4XK8c)!%k=En~5!z(zDnt1pW7E~FI^(dR5;v8URq4&Q)kAB3Uunp7x$x%cHN~!jWtfhoS0sq zLvA>lviSDSL)14dULCPSd%htTv|V;kafFa}+2)FHBMsup60c@lh4&O>pOEBCgFpaUAkENxX%PJnO$x zEh&!$%>VfxRdP}I$J=N0Gb257YmNa{+Abc2oKLtZ-PUd5Us)0b1O^tj$AJE^t@$r@ zWMrJI*rnR=Y!z1uXP*Fn*ewZG7C69 z@IzrB0*`l|FHT#LlFU#G{`F;C>`>j`TD0C?2S4@QN{8|e!&|w5@v1K^DnI{i)0oSn z4KS?Nf;m*BwUSBof9Oy_S}ihMskOlP*Tpd+lP--<;t*(gzkH{6|D9XFFlaK-#OQuZ zFhU2IGD6inmh)J~@^|)6NSm%PhCxEOK688K4eI?yGF3oTN^;#VyWJX;Iu=O_kPvc1 zfx*0KS{KrFz|}cN=|5``dlA&yxv|;nc~8+nZg_@O}dQ;LkwzEFRtB z)HT5ySytnlYJ%rf&~?f6QLMlPS6{e7n|(-)Mm_d_1vFhH|&7-cl$$Jzz407S2g}er0PfIM=D7w zHi&ZuuQ0${AHt;elQ`oVznZ7@CvkK^Y!uNn)WenwqKwp?)8^o)V+g>Q(~(oS@UMeN zGwc+-jF>>zI`65Pa9`6lpu>5cJQ$ido2s@>Ng#N2+<9bq<)vPnWjR1c+8kCLplvOR zjeJ7{5V4m`G>9y(Ur18=G zPbH-7>tV>UDXwYb4kD{*+-BhIKhqu-eqP_u`AJ-qUdaTe)dZCSQNb3ovd#}0<#c>X!6_NPFT<49iZ4-oHs22k zra*BQn)aRNoP0iAb#_utyDl92ZHJdrqUyq1S?4$BCqh>i+cFD1n&yuDrOR0xSrsI> zn%Pw+&K#Ef2Tydh2Tch;E8W`3K9Zn2M;-+D$+;pLF}x8_mRmZn;v)vbG$_d3PaY-3>zKw8LncKZy z!rOBuXKks}JrmoP!b_u}-hz?Evq7G32p>4yw`ogWqp541nB16?@-r>Ly!!l5RCq+9 zt8RT{PqJ*mEl^qZC!b93w>YH^6IFOi3*NAsyfOPk%Y#ICeG%i76YMDmN?xroXP-x6 zVA@pImVH=Mw{u)Q$3um1n-`~4oqk^Ikr`6b3UC=L(h?1Kx0PnfJRszi%M%F}UBFwy zTrjS}aZGyZ>uYDAcpNOad=EKfszj0`Tdo#v79|@*!<sC&gqkxlB4>dNMf`m!{~rmYxrUN8^Lyi!)|T{tf_))W(s zag(rDO&1lHdla!+*7*F;IYBr@xtJzZU?Mt5{aub@C#InV`5ZjpNM$=MNR?S`RXRCH z99>La{B^X#0BnsnRGm8@u%kCxX^h%ZRmOa^MPok4#jIwy?7K4iWprbLH@PMQOs#N0 ziAXae(b@8zdEP`WTe&Z5DIvz4O+h0=xImgGH)1S_n2KV)QZIaA?!8HVv7X7Fn70M6 z^F6_JR@v_m;w9?%^LooZAo!6Y3sd9;78`pb*(%96y?ZT)AR-F#BSq+9{LBSxMd(J` zCjGltfpu4=C-8J`?HH}|kqwAUN+AAZf zQs6f`NMdUhmU$gs(uDJWB!gdf|75QfPt<8Yk~g{CmpVVzQcNFA8X>fglLduvIed{q z&d{vd*y{*jWd@^}pf!H6#SRb`w&Bo+)6?55;c+!BrYc#;N<+>-u_>{}Gg@LEC_DQW zLI1nIXeZ3RvDw~2zn44OQoH4%Ap*@7+;VS)r}R`6Hqr)8Tj<2sgd2l9)20})0)}y# z@Hs1twH%`k@N?oil~AbiEYbn7c1B)phje-l*OAb5f6cnT*InAP?$d6)nW=+m&59 z1{XO$vDOfENAt*9*j_nHaKQeQD=4S$)|n51uY%fs`*hKqk+tbkDy~U(8O1HZ+CC@_ zixsgLTtg~l`+TggVHheK6u5Zocy)U1lt1KG4fuTHAmS=g9e0;?)|1uYR42y>pz17I zP_AD;e?7h3r|uvP&MI)V$FW3>x11@Mr{kway{g$iyHOfrm%G^sr_g13;aESNn%E`8 ztF){`uFgVJKLaZY`lQ%jJV={JD#a}thg1}s?}F*q*eTM_y{%u z&^ty`=DuO`9H7J%kfoIlXDZ@xT#UKOw8H9vJ3LN&azw&9@-f!m$)4T$p-m*2z=goi zPFw%?Mvlfc+66n-ovPj+RU5}<`?)3<+umDjBKM_|SLP3H4Z-4tBo#QD#|j4S7Gd@r zN`cx$8^wq{l@(N=fITCbBP4W&VD1_>sd_%mi+RPOrHa5^E{9tTnvy8#jgU?mb8zlb zFu3STxgte;JQA?XgI?sEEGh;t&k9?vwl!j`-a>7aze$;^ee7LnV!#26!$ewG12y>C zq_!~sEzJnGw8B?xhT{!F?xbRKR4C<{e4?bPwH}7O z0+&cXqT0TI&KK~UQi37Wp}@9`YKqbvF~Vy)qkLvpn2flzAg7n$-s?*=TYD1Ja|N;R z_$lv|g$7bka?heft;2%3V2b@~=`S9j<8OA_r$Z>L%O!?Co^sL~%FNV6SIO==+TVW` z3vhfym(byo{J$ zc-G2W&Sizo`EO6p=%T1n^*0nSmmk)GaHV7UT%?Uo)f60aV*H&7;*RljeXFNB4KafvZpB z0=^Xb!^6W@W&=k2$UmO^?SB6q^&eoO={(cZlJU73Nuw(Z8c%O^)SCO)pM?e4geXdy z0nnuLP7voYJuU4U2x+q_5XtYw>+x;#>q+gg4l#CMGVLQHo#&Q%z}u^1zBiN<20#c4 z*todyOYqMM$6){+lzk_Bt$(l1C z%oB(xLckTE2m($I_}J%pd04@akX0$xso@mo_CW6^yY>5BW}_`qDcqdg;0X@A+Qo=o zgLf1ZaN)gvgGOC{&fpVfbPMch{h$X%jKeNZiq;lt9jX&^+-{htCVt_Nw&$ldS!7EgtV$ zwrJC$jY7+l78B;WyVCad?8nE)DvG68NZMl;$*0Z1SYtpkQ($?0M9#bq3k`k8&Yq-R zYjPvd#&p?h*bp%}f`uvTDdcBEKEw3rc7u5@M`C(ObNIBxw^`I#U&t}$7w8HAY|(J> zjNVsgh!OZ~goveo3jIs_6nmKL4|Vw^naCQi0~@`2qDdZ1L1y-=5A-zqIA^&&t|86y zZ2|L1hEM0}I#0jpvz{^(;_t$I#(XUSiFH!*9oOR8C$sgP+03`d_g&~VTQRqRh0V6l z*RyZaHs_OfevRDca7IIj16su!+P812tE+o@dzmcfXnX5s2!aPOAd10pMgbM?NGYP! z&(3=8giX*5X}9Wid3#B;b8BQj@Ku|P^k9;Z2xv$djGClij~B@ohSdtJ!=EIdo6Kf2 zDxiB9j4nL=8vB&FX~39f7>e2w#S*X1Bsx+(sWo1@C7ZoII!fUB_=(}^_r$38wjL`! z9xkpP@F&ze7*NM(o+3ptVp8jK+-Xp)$E3-KKgzf<-o??LAvFzCJybpDr!Hw*tyi7G zgeUcGhgOZgZLs!QpgSFBX7gI--NB4~n;+=JwRJ5-u}e@e&m z0B`#qcssSDUu}2qA$hMq4snv_^T{|74XI2ZBi$(*44E_n(Ocp+0~_APPlgOyh0<UO!Ty-}P$Awpe)Yq_{xJJTLF9MKk4NNJc{`u*oR>9p7O z!B5xo;KFF-2}x|#J*cexkv~Y6e;h}QF4(<%)tx-=2U%TZJ48aezD@W}D2Dc_9@Phh z0dk3~zQ#kW#6i9m-gYyB0l8}F)NS0f@VeYaw!nP2oTwQ0s0`SXUB6SGiX)6zyM+j# z9(gmTkETc!g#OU?@kw7^v+x6_cz;Q~|kwN|pNnc2Yn+S*C0 z=S|JY{mlhr?cvx3;X0RV$}A_@(p+4{aADM@5Pd3PhsI5&(YHy}RPMg!b8I zpm$O2)(K$qOWqxC=BBZn8!_r&=klO>w*cndi^&I)0aYt85tIbb58?pMs0 zZo$OCLrB!wOE~vV)7u1)?7fN;cz*~4!oQX;ne4eUo_+1)==dj!m=E8v-Hn&{d1S^9 zE^qm7wlLQ^I=(&+<__QdHjndR%E?TzA|zViabbRW`GA0s@HYwy3hc@WAc84Sjy4-7 zNIu`&5{sRz1|~L^ zsaAe7Ud;Ty_RdGXyYeDr)B4q~c|i5^mi5}gZS9=#fbjD0sovKuTPA4D*-nt*ZhpBq z4>>sLnhv#!w=_Pg7LNXYi%rL+Y-e5bm7BHmV)u+-Vk^B|ftxN^KCPFM8G6dss488hyFIIKGm8&@mVEZ~p^CYiELx={!TC@x=)%}{WU1++#}yiEo26e66C4qtM#_r9@WBe>0e_NeUO zkyOHGDz?G0QK5=Hbp+6T#sPFQ@d|1I(6T|9^YYG4K+-s7{T6zJyDFnqX{aBkHk2*j z&pEYo(<}8z?3xZ+R`W>Um+u-xdG8nD*Sjd^hG6Ucvd}rH)=Zlw=eW|(vnW8WotC%mL$v4LY>5RFx@J}X?;k&3iftU||12n-!P$O<*6fC*Q zpL9~8yu5`)6dXSYYP8=$m}g7~9K4zwhW*4$C0J9Im&aax!Wy<_FVrn}>+T-l%^v!U zW)S~Y08eK(r%P@FnmxHB5R!ZYTttRrIwCA?J?Y3`6VunQle03WDoAg9ot0c_Thecp z#4y8?ilZ!)*QNmE1GZE!(+S#W{~)!x8b2{(kL1{RRUAd}1*94x*Br(n=re=BtVcC$ zZ(l?c7}fH=hU`xjh%VSKb7}>>p?#jc&8qZ$?E>HZOYA(k*{f3zSEZ=zH@XRopQ-zI zE80ZQ;r15Q$KH#fV<*}q0gWeuttGsExa;^q-%n7IfHX?p8e8$n|TVs!7nD(pRt_tUxC9^8qGu**Z>zy+tHt(Le4 zXkJ|Tpb=C#b}9~LflAuu!!%TG!%_!Tes$prZM9pkYB4Xwnr>*>Z19*l!>t78leD+> z%em*vt|2}(SuoJuJAHU8iIJ@eI$u*x_A7MqxFnbLK$(q|t_Ha-*oZ5zxZp~ z%I*{pQnbIa@u^W1Jt|Dx$;q$o2h$L3uQ$pP9p!NyydoyPBqr#NJ^q$J2)5o1Yr99- z#yxsTxCHs;o@3SD+~7a8LQwSzfLV4>?9EkeN#EK;Yqod93}R-wi z^!{yx%-RwHh!#0=>hftJ?=M+eKxbF$MspM|C(B=uaIj2ZW-u!M5j}nFQtJfqS-IRE zPQKZSm)$)+hN5P>4`o08kz`=0tz!w)?9;~l z%g3UOWYE7C4oB8vu*>>Nd)Az$4^u3bVHVSluW$4+j2YY6#Q*^v;7!1n7qqtWm<=Ca z>v+bd+q8r()|z7C;D}jS(Te8AqW;(sy?z~>k_eC({5T}FWDOac(On0aF6Ai|kqVkr zCv>PP1^xwaq#s3M7%wKH3Ee$BngN!@n2lm+@=SWdWP?+s(rOc-#q>RqpKjsOG!uM2 zcK|}-yL)qdJ+T4X+Sc@ zPbDEvcdFG7Lh7yns|E;>DA`9GXAb+foYRXEC#n~jFJ7P{JU=5qWDH~M(9>6X{6}}+ zIHmkwHuY1F*4vB;^^89=W4j~z-3|NpeaTEmRLsAhVw_6tCvtfp6L?bon8`Z=R^~e7 zMqikeVqe89NOCyxbep4NZyJ z4Z0b9v)ud7PT*HB|1iR6lX~_;`AkB!g(rh&T25$163OsAaCejsatF(FsimGZrrVMI zPpm4;yr9pYxn+VRH;blk1=?2}xF=2c4^%Pe|G%Irh%qP*jX}?QI+l)%G40uT;3}Fw zce}Ycy@5-lV=O@^@p$bJSx6ygLnj~`3DItA3U{hmDhWzv5#lGSFK*0HvnO?I%FwFk z`+?HS-JE0n-RA-|zS2AW)b1!Y3v=T^7WWPFJ31)`WGgKvo`V(v(mTE16_sgPM`ZxR zdW|~E4xj2IVl_>q$}rs)0R&R=bUwOrHF;v!w0517Sm&e@n|uny?U&6BVTVa5dBtv3 z^@&hNtmO2`f51;@E6ikBl-o>>B7(Rj=Oso%KE{n?UAdv7E!nxpO-*Si z3sElT07#oM-+D6_n*u*sgE`%(i&AVedG84d-GD&tex;sf_`Y%Za3o7*7?#hE%bWd5 z!!I6x5U-RzMxfvUKn*w305?~_ymdH-Uv6r^8Cl?%xA@2264eS;m0RI|gE<7(Fv;;8 zx#70*Sa&h)jzD9Dm$13Fm?~;ZQHz zr>9_C)rSZtE@Sp{|K55tz0_Q?B=ApqPTv2gO8MUmFvR)tlN(R@HT>IH6xV+kurK0A zUG|HlJ(>Ew2UeJAesOv43q~DvJ|GL67iw&)8@r` z{Y6Y;h?sz<4;UNf6ChpGsc3)SrP}0kA!3P4?ncke03(~*Cm})Y+fr8y#h(2wq=}sh zpF2K!Y>`J1(K;|$s2jfUw)0R#lL)(51gk}>3CHrWewO20-z4?RO#qc|yR?{LQ<)-> zG_8gS?0ZUL0rP}Eqd~n*y#jxf$xO)gm+YXw$yE;9x=KDCXMOIS$kUwM=>3=Jk1Prm z+YO4!Ck6bffQ+uQgCHg6(rn*|j-3|T?NI}xpm@LE>tH9g_4%C|j;a4JTU6*AfM`a;a zW>cx>0o9~r@cJ6|&xfQ$WT-+C&uUPmnD+Ba!DtR4_rBR!<11JzXY6>(VYzV}SSTR? zR~J#nczYvWI!n0V6tSNp&n-9yc-6{ks(hXnH15$Kb&>z;8X(d*MlkL$(ysl@*TozM zocm_ZQIJpUql>s7RH<6uP!l<};8TgenyKL;z%L$rHYl7207c5L)(y@5Q7&eoh&7GP zwY4-v^>b;+u%$*_*f^4P2=V>Gy{QYELVQKWnkvp9Ek#67rwdfTldQa|iMr({r%Qnx zrbyurZ#fkk$FkPP!z_1_DS!`YwK#@G^WTPOz8%>#Iq(Fy)!xa;&iVGR=lS4AM;Dii zU|GIxS)cp-=K=1-XOFf&i9o)tkPwI!`%dC-QBe zW=4g6&Sy2n=g*D?>dxESTYyvL0Ns$s$2P}c?g#r-k24XQmOTn!0W@hXEkXb{;6{q_ z|IXSRS-coYWeM)-`Mj~Q!I(aZt0Vxze+JjhZ^PC_^UA}d(!-;a?sn}13D9U@58{dk zT4f;4Sz|zeuQ-}0FT&^xTMQ3AVw3xBp$Y_@<_ZdO)>0|;=%3qt&6r8ql!Y5r$DU?3 zx3f4=+-a&Xb({3g0eRD?FfiTnveHaPgM&&<3B12cLA-2uWyOjcINV>2>m^cTO!CBA z#L2v1M(HF7Y_eMvMrfghr=t1#zg_3wSdgGsFp0y?)L}_EQJJvzeG@a+#BTOTjFw8% z)L2Z?7;{)kj&{1!Q~Y&*HG$Yf&mnVZmyV?j;x;xGbdaPOZLM`%7I2&WEFu== z4v83}1H2P!)VDl~5Y zxN$#?W0B;5Bgsm@onF6(5lO(^9||GvC)0DcZPrXPRe_5}_#of^Fyo;TIB65b%ofW(COGuY zS{>c8p~+1uQ}*khu$!ZqZZ#8}d(M%7;qPA;6q3(W^wVor5eLn}>V>4K$jIuH8E(Ap?|%H(t(Gn^35 zyUvNcQS9U+UvKcke63%GD+hf|`{|Y8or-`39t4l0q8)uMOjfqV83Cr8?z?2l+?E|xT#N0_r2aq2lTwOA~^pW+5L_# zZ5xHNieL)WE{-bzQW=4<0-9Wnm|<7^=dT9@Q_#(bCXJZ&+0%jVe@9PmqehrJxqH%N z;D!-!mg9pytl5 z^VS4e!?a$F_EFxSef-zO&AnyyL#7?+O9v@Ow{eyZHxjh;PeKOoLto@w{2^#{CH(cr z`O$OU`uUQi@qamJxzAJ`;PZ1vq&|Ek; zIKbc_y~SkekKzxbeEeDXCmeNLPk{NgJ>m#tkHQ8iG66T7$|OnPu=__kRoP=Aep49E zs@Aynek}i?tVD?#c=zrv>Sg$_lC69;UGEYofe~OH?EGZTV7eqLP=h-h^6Y%(1W+R! z`A9RF4Ruz2s2J(8A||8~lYpF3Au(jGuS0S3`};-=R6Kdla^wM)sbMf%^@ea)qmuw$ zN00t=wVl4O$(#J{ao@)EI{RjW0Y)EZ^_C*KPR-R_h4<{JQ{RtqWs>-hdu_#_(fO0n zm|zMx0ntQP&XhHMR1o?B;pTCDh*pXzHo@Pw{btIVvqkn|f`=(%W<-{$HbfS9m;&o< z8EyoW6DWkfkot;A*j&Ruh&#XQ6R!R8Wq13dz#nv7ulwYm6(%vK#yAA1szRQx5C@-N z?kc(eaK7_h7QVm`Yr7v z@<>XAD5GZ8hw|?x!{PUP50YPn8t(TA?$4AP!$_q-xALEx+6@JPabDl$$t$3IZ@_FI zhuwb>47bq8kJxRw^UfAM+WQYb*In=~vNA24(*j{y^5j=R0)<9p`?dC!!K@^eZI6%! zYG9o=rQpSr3H!N#Jw=T!miuEI(Ku-eDT@adiv_b9UoOGl zP8zR19v_)@3}Yr8!#r;!GZ`WOx*tj6E^Bf8{LAeQB_|rvLc@aHH5uwAK4LBIyw3(X;U3 z0l!Ti+3(wPkH-wNKp+S8N7X!_p3+iP{PkG{&%;854Z)8XFn&;ipY6x{V){V9gYNlH zSHge#4W6sm!WQH%WWjcg;>N~g8r6!4>1mePUX0i4_UU`dYhu(ujVHwIR?)>}}Erz)SaIWC?|?KEJ{H zVXINA-mrrakQ%gT1vIJ9Om#7a;LFZG88ZS zxo>PYF&+mvdloOy94>g@-e<+e3p~LRlR8`xLPwaurToXz)juzSQ3a1s7oK$Jecbxx zAy2pbzxX$7)4F{)Jkx7wGK@xbJGx{?VK-?_##6fqSIpM_W|W7pE+ghpfLX(NiA~vX zS|1B4B7X&jxho|E!m0vm$S!1Hu)&$XGE}%3bsFbD7TqX3wSs!8cc#<8mniuD^p|1c z*5j-waoYj81S+9%cO%LAna@3~%a4rlH`u7Bc#r-m>Y>l4-}BJUdodtzx>QN5ze%=t zsHHwMEbAGW=He}_CG@^=>>*~VGEZ&>l&#a8mF&VdYKmd_a9vhFT9;jb`#v=hnZG$a z(EeK_=(oU88>!R>90r}XecrwjLU(#ygX1<>RXP{$994{*cDsQAL0p{MD7f!f0haxr rQxf}l!E(|J^JMPEj8l!EClYqZL(dsO#|iK##TVitGM_7i^!)x8@r=h+ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png new file mode 100644 index 0000000000000000000000000000000000000000..3227f3eb0c7d9dd4c249dbd8bbf62fb4a6c24f98 GIT binary patch literal 16894 zcmdVC1yCH(`z<&Gg1bAxA-KDf0Kp-+LvVK=+%*Jum*6hJ-66r<-Q8iE-}~=Yy?U=| z_ifc~?NZImFg@Me`EK9)o$s7;J4``N0tp@;9s~j*NlA(;fj}RqKp+TwSZLrK%FJ{m z;0ex7Qo|7hLhgP4g-D=7CIH@qagvh#0<#T+i%pC-j)WTq0(}BWiHm%9OFvohbkjEV zranK@Hcq3VMAYHH^`~s53_2}i42rc#Uzc=2Galo&BKSaOY(XG~pctq_vxF4>Rk6tm zLFqf%EyMsP2Arg*G&DnBiFF?ZF$a_?&aOG>f-~jTG@L(T5>4-=B%A3QcjMjiE?G=I z`OcF&e+);XwUb)@t^zm}uG4!v4?Wo>`#ouHpc!cJzU0h*T^XWh?n_W0@clQ~BEpvVwS z?tSMU-5A+IS8Nm++<2fliVMg7zq&=>KyDOLafC%BP?VM7-cWyZxAby?G0@Qd_7^~t zGt7svq%)$%gFZt3$|Ai9@;uM*(fe$)+Y$42yP$Qk>#!sPw3%R@>AZ~zjJ($M$L_qx zC$tp4H4g7R44NW4#xn48$yTr4t#^40_g^-3(=$uGl*2+p&B!q{dyO=!gfxR7|)7^WG2QbotMEIKW|Knxy}Ik1+q= z?aKcr4~#;>OwMPSocAs4hh}%C`l)fWTjqPc-mlX>YF5;0HC%4#bdscCt1R@7j`IW> zQAW*eQ+ykq(r2RR>E>lkzu=D3#ajY;NY2@3DQsK2&(vMxGj1}bmV#>~Y|6iWc-QB} zkX*BMiVAXN7=fhTpMjS(7rM(Ge!R7#X4EbN%HvE5?R9;;cJ=~VkOW&T_54Cf;zQ%AL7=;37T3U+9Gt-oCD@U{3PJ$QeZR-C%sUpW+y zV`zQ2?$&1?u`HH;V?g@Cw#3LA7&^cQc#4AJi6+}O;tDa_tHqx9oG&BoVK`i&i-Mdj z-CvvW%*yBMAxQ)6E%|f#|M|Uq^VB`vMkWpZS#LA=JC0BF&pHp5ZM{pdqm&=l4HV@5}a1CfH2F#+zsShHCQiA%59;<}7SUfZD3 zbw5PBgaz05+6f(6L>X0OM<@riB+)gWoE#+ig{r`NI*5l7%9j>|=)6TG;&yKT}yk!0yj#vCy-q2FG_2}^Jcu}j&h zo_3;It5AzG1F{l12Qb$lF&&8k!$-?AbpOy%Gt&*penu`M z21$7I_9;Yg5=SRbeJ`r`klhXhi6iV;E24>%0yI#4!3`-%LE=Z{XX;O#z5ESSt4y(m z>?kqZMd`=?viivp-8H*mz^yocPAm{ct?3$X^$CS*FI_j|58BKlOZ3*&Vaj^HmyLP# z<-jUyD$97fM44RgFcU__|DAs7&121NE67%xSvDLZE8wN{!9XtfG~;E&l5kW3Sv z1eo$Ah4!ys8Y@+3|G6eF>dgwe29Bo5GfGLF$ zanupdp0%ZzjecIf+++;vyfo9H%>9zz;(e3Ngnl&13+p}L0a1HcGoUFw5lvw@yCc&Z znN@lKKC9k3LSh+FH`5`f(g5yViq{OSs@Y{GgE8!OcK3RKD z(ffAcH525lt?#Wf7a-GHKe>_i-p_&incZ3N93v(~=-;QO4bmPPW6PCm9TI)V%c#Q5 zy5_V^8Whn=R(>~>T^qYlc%Ah+lky{rPkKkJcttMhjx$HB+3Nq$d-!rNa)6?Ap*ph1 z4U9i%C}Xb)gwG`;%k#@v$-*)R3tvVHQ4(W^>742eWO$CIRHm{VQl*o#ICUt4gjOog zS`Fc*oRs$e{JFlEZ8_4c%lNZu4=V;&t!gD8q_sIMW6hRtCZFT^=Vqs*x2j}{t?>Je zv-3A0eCghJrW|#YP3Fo2FzF_?uA{b);dfV>OF0dhj^C9eqSs@Jh^fIa(+x=2#dplp zDa8^#n$*}`<64HAs$cjVGSa$ub_5=yo7pYWdR-1Bdd(4G`EadQ;E%eqBb}+C;T9cI z56$dc`fI#SxPle`xzrgAO49OK71957XlDyE80iW+xec`6m(?vqjB_o`GHO$mT4G!@ zRgdqMG)$?74>n-n7=ivl*zre8aq0McnicOhXa{PVZ0a>npCO@#m9InhZ5huWcjH17 zVrEuzLo3%Sv2P-Pv`6!6L$SJ#et}PBFZk=4Ptt<`lSnn#?#nd2ZPp)jAg1hh>vGl~ zL(Ro*%xDAHsDng@F3Oy3AMb zXM-xroT|2W~?UTm5Hq=}((azuBdSwn)cYI8*<-|0= z_MVGgdUe*HFry_l?Zp$u87T;1=aB_qVYn#IyksQ?f~_fOG8NU^uk{01LQg)McI3G1 z8-6W?9DtuuN@yB|mdoPniPa}cNB$@}H?2uhCiJ7Y{3mV73VQHt(hNy2vRM|jm{1=0 zZ1_17N2QKr`5p+QRVCXoW;uxrDW!FEUElW-zZ>@E%@VC5cX&Os9;acvH7q`_0%gDUrg@X`jxRTLvMFWzaqiUf+`Xo|0*?XKY8Dh8P z!;uR;Mc{rcZC>Hz)W*p3_%TH?#{HI{$K~&G!4Z<#!-8h^=K)-v%REKB!l#c0z7w!q7m+6+%vDm&Q04PM3eZ1 z;mlLlKlf#Qu}b^a@S~+XfE{oL-r!3|-OTLG5t}Zizi!ajZCBSB;F=apywbQ9i{`l; z>TsIsMcx^@rUZ4;xw7MRBUeY8ekWO-tWgy0bUyXcM1c*5!net(;4|_qfaWAJTgWq2 z9?zIC^Go6$_jy?QD=1t|cTAts^N16pG?6huFVtgfkR;+@SYiDuq!ZqGvVUC*aW>JM zF|6XN(ck^caa`r#v$~vM%*Vy_N&%H|)+BNMby_3K$o$B6!b z!EzFzx5^ydY&}vsjFV?Sf>xkDNPUcZJ!KYEgdZ(S5FtO71>r5BEEl36XrD5kL0DV( zE65;rdZ=f%)A-|}fo|h$ZD3;cX&~rs*$B>^C-taGC0X_G#|NWt>&D2?8I49^2*q_; zgqOcm?)i-7b>WtM{-ti9&(&W{D{rXI+J*eAZx|E&gc=f!xTL)-#Bc->FUwI(ykJd) z0V!bgWpp$9HJ=s%X=}XBmKD){UXQm+`;!(kh$B7YyYQDs$kNO9y`9=W@qQS4_(dZ{ z84mQzs=sgZbN#~Z3kVlXBRl)1dLpqFKU^%kUDWYehxRmG%?eHSGnEg!kmD5|b=pC& zZ=v1mI_9i7z157fvS8ao?4WEVFC~iVr5)4_b)hR=1+#cnH+`euS8_!(N5uX2(oYJ} z*`!S_5jYqA#bpOMrFg1#x|tg_k(R@TONP9x@#4GRW5fsrF<$u5tb$!JozKbvgsTmRV$Yc0BAH*UWM@h*>Eh4& z;CFiM{rK-HC7{ei)XkyBKNK7!_90rWIbjaQJ_~U#h zU5uYymi?nep}EeobDWXe)!x%M8w@DZ=L0EXj5#anMheH&zouoQE9D7j1TeSZULLN*I$!3IV93YZJv>1;rW3KzAT8tpt)Ib7B|BEf4fWJg-v7ZR{mA~PY%jR83s}#hbY4e zr+2MTeUBnNcRA~>HC`i2d#b8^5qe^t!G!X^EQB<-haIZ}Da&VV+KXc!Hu*r?PSs;7 zZx*?@>{yamEwPGCBfF81phLHolcz*)cee|gnFH-tr9tc3wnLK=4vd=+!irRytS;qi zNIW*(P}*f~{e z?~-OTfYVC`V}09WYRd&`cm!065Ft`$lN?z}92yLAZnR8%6rvqE_C6;3Ljgi#_8QrT ze)|;dz~GprB}FV1m(O9{<kAB940F?D6ySi(^m;pu+RpC>FM2F^)}Gu1eSV6?{#wix&re5Ddq5A zb?Uma%%F4T{VIm<03_%fbne!A?#BPVd9(pr_ZsmD&k1x4GslCKn^fGjmSE*ud7J3& z&Eq<-U4?N~a_Siy`d+@avX-}U%kC7`3oBuZZ=k)Qr~MW@yik8le7o!1^0R+HjQBmF zrY8t@DI}Flb!|?2B%`AB1Z^1*8mg-Jg^lW<3!0sSGkfTAYM-FfsiV~@3dsz;Lbqvl zq;>X64=oN#(p^%C*j-9gcbGg2$Cl^hO?%u)tHyoQYh>?6i!sDYE+Z3Pf4lx|Cyj7) z`^ufCn5CXPY3hy1WrSeSz>D8DHQGHjai?DEHO}U+WyF%pc?BJi0qtZexbxr+jVKH&5Q=-=2FPw zi4N+Tn*VGfq$AY-*+@4uF8_-oRT$cH5bex^q2825l5_}epf|Us-xr+wB{zlh*r**fFNU$J74+w{mKD6>m{IBU_2h_ za@f(?3Vp?ta_+cL;zl^s?68_HQo|OECX66Coh?30P)n(4B917Dy|c9WFZZ&;OG{I; zdo!0uSkWJp7QH|isczFuc*$c#Wi*6|i)Ry2_%_DH0-|MUQm^xrQUBU=`TMB1^?6ek zHgbB6z1dR3j}q4e{4CH+XMX>S`mJa0S}4 zG`VbBLJ(Ojg}bCkT;vUjuae$|;&1vu4|FkxUJlDf(E~?8 z14n*yn)iJt;~n3m2qJCnpfx|ZI}4D=F}H@B7JvW<%A z1v?~ZuqBDBX)!5n8UZtLj??UBOSR|f=?gH)Gk7;B4-DhUk}_l2F!#mP)avzQ`g ze@r={6p^}p*I%KbyuSsG;6TJu;lp4?-HWI4z9j~q+D)}w$VQOC zaXpkEkc#GGc3vf2J*psNceBOWlX`V_vjGwfzx9LBGca18HnPMKWut;-1Kit?j4Ed{ z5#usuvwL&fRfy3QcpGzf$JgsvCvFLPK$n^jWzB=%iNWf?yKj-#)A^2%4i7638ZQ1u~>?hqSK4W&b$j>rdn$>e$*z(+$GF?wq|Q+>tskv zu5ksUkg$jBTmVz>p=ZKfCuqf9+fH5(YJ zy7F0XfWrTDOF20?y}LU3b$`&Puf^xZ8{?O9GWTjg=;JE6T!tG=G;O62nwnk)K-?f- zS)6u-NjWYB+yCG(I+=PA-79Z2GQ7lWX+)@upu9Fl-z&wgd7skFI?^dqlhZ#Z8xI3R z^$I7^Qncg^v~7UBM5(+)QD($*1!2(CH+{P$FmIAPs5;F_=lHq6(bMKD+&Wot+v2V} z+~op`W|Wj}@tMLA6?VcRykp28vywB^iPfRB!*APccEI53SAb1pn{F)r(qN&V4}%in zaGtXoDBPpHXW)wc(>o))8Z3?wj_4PRUNyfGm~CROm=dg7nv1i=$gs0ru13IO<4TsR zQrF@qb?losi?T-M=8GA9~pP4`x;h?^+y{j1zo|-1HbXoc}h$SBS$Fb zd}w@@TzJu()^h8l=*zyq*G{D9ey$iur9sC3P=I50loTO`Q#a?Xxl=J`SGAzNtXos?~zn|S=0tSp^=^8tB?8Liu+m3 zKuaI!Xx&~d&EP(dUu@(WFArZR`N*IxH7}0hT5l>!oL5f)hSy4ksS3MfrKOc?amE5O z^Vh+k7LPxPt6OukSXoIAXLjU67^A*wT8yj&T~+B!lULAgB^2V8@9Y6?CeyO6d#H&z z-X(tj>Q^36Z7D`vOpCNu0FFt*9LJmioi9$SF6Ad*2gO=`iXq4t3Xw}UeMan`kg%N! zpO5_N9aO!Czpv+D|2v!r!y!^;Qh?@>940`}n^E?@5tcBI$e$S5`k5r6i(T!jlH5>5 zAN+QL-T90^6|~Yzrf#p|-m2?P^vyRP6Aco5eTcx)qM}0VKr03q$;&=ck2L{tHwMQ3 zaSq&wX_%P(T|>$qvtNFOH{vt$x;FQgRt&2d-W;mw-MH0v%Py6+FD|!kYS0i@x?FkO z&<%OC>AHCfHsem0b`WdAF#ggP>NRq;sJ=KR7FcIlp59b0y0tuGXZc7y39mPUFqKj< zVA#G{j-AadZYwTs*?Z$BwL8R8{wiF_R_zk~wGgvTLA!)Ffndz=E8%RiU;$3IO(orl zlUkIno(+Ql~aQvk;E{`93bals5DdcD6kE9Q6mhe zQ11IQVO~c~J1Bw0w8ZL2Oi~^HcfYgs&6T9(C!7Z;0OeRduF+G~w zvB>_Q&6!!UBGIMfQ!d@VDtu4e$kh}_m{Dg&H*O=ajV4+Z9 zq0tb5M<_HzXjH_{J}@6(q5T(+{JXMmJ04wy-Bv5*_)vvA&*p44&$jPnG%&XmVlyXV z**TG7@dv|K3cEX3=GL>UvfVZJUWE;CZ;&*) zkuu_S{@QQk;0*#k-(KczxpoNef_8g=xh3$FMRC#Zm|CC@!%ZC(qZ?^WwJ>`xMP{aK zZZr{{Q>o)OSEieKyvC;fRD49s-yRorZ_}Pr?0&W`TJtl~F%F>w#T%qG-CRiWQ$g{H zek~4+{MGK|P*}=|su2CWLpI&Yg<=cjEBRLe0$L_y`A`n5;NNH`sYIU{iqGA)WrE_W z75Hq*A@6=`;N#X{xq}{BakGWr){gunE@^PS|6=2~tc#Cc1CFHaktBXGwBL+5!DEbv zHfZ`f7~UCA#G?0g4akmZ6C*-O#bvn8u%qXYLErwg3TAN{CV*vLS{b=Yzlzs+RZJvj zzs7DjX}C)k%`3=3tw;pbfLTq(fh5$ z=r{P|$+Zt(YW7HgRJtFuH9Q5Lc6zK~##B}6m*O6=*sf;x0tAi{uwjtH%Y#lFhqgaG>n<1ZriRdihRe*NkJX#vJ@wpY7xbH+k#8Zjun?;K{@ zDlCo?4*HrCb|hDbvGuE$?&vdAfCuN$nS^jgh(|4);PhzJ#9k7~6~Y2x7793vq~D<5 z_{U6WDB~{)R$V1WA~wB;`uUx@2<`fWL|M9HtV%T!o z9m@+55COVed2>mFy>u(7j0`B2{o)RT@x>j4^rrEb-71bZJMjTn^$ZRQn>RxuYUIQ! zjH7D9u7I9)sVx*Qb`Vc=yz6Tsmrt`DjCXI=d?&Ey;?>ig3NSB z0%EAz^OEIfL6yP|sOEsX&prHtl_)&6x(H_5`jT)m@pH)malUJnP*9?%`Ou0%{^%Tx zESP_Gk>=DD1JJXWLcCUsoV+D6yxm&|qFhh23xSFgpW0F5-XJ~Tes)A{*&ZW>P zHe8LT+03V>k~V(&wx*{j9I1GL+x9v1X}-@uV)Qu6%J?O2Xi_!I(X(V?ZQtz1PI&$t z*;ya+j2+Qpqavm>%7vx^@03wzDH*YT0F4PW{p$EBCT)AN|U_bC?Nq zR8P-yf_}NUvsTvzz}C$L-$U3tRE)n*RlP{D0I` zg~+T*{&z3H|3!`ce>}KWnQ$G2gw z$mPDRzmOPLZ$JzaHh&WS`xHlE?k6dj6|xueYNkT)^_1deN~r7ThL!uBE->JW&x59X z@FE7bW^LrI85_Ljf18_R&tRbdK#12w`xv1&ll{Zq-oAcOjIpt)DYT$~5-6Z&2?2Gz zkHkCkiQ6LfWfh_ZJLEq#N7Hxd=! zvfOWW{B#m=6k_^h9veY8b)A6+&rxFZ4yv}gl`JIc(ieGg@$a;Wx?hgt zFCX|56BA>{Opq#vOlpCmT9h$KOfXBYzW?7aMx!@llH>C2p#pMrp@#07E~t_#b>`LLMmpfG(TY6xL>dVT*-IZkCo4#p{a9$509mB<^BE*ucD%oI3;23jUHl$jg4*9 zNDGM$1WF1Bl*;ZnEiPg%@R>9&+x|k?wDr5EjjIRTG+d@$?B=dzj*VuEh;(x z)$x1zqZ^>6T82hPEims(USGuAL|r#4OG_5z*N3u%N;u#H{wU~hLbcwvcaiaw)gSYARBC^b zwR=8Ap;Tqxzr!3I^hF`VAlj@=JbK4Z$WTlEkbxT~99QR!bc>wUQAXunEe*L>xS zO00Z_5@KLI7&RmGUcyMm4HqR8hjXPB8PZ1A5vBSvM)>0^-(U9RuO15C6&OQ2_QU3g z0ORWI#jLYQ+J!pJaGVi;h`Kc7D89Cr=nNdmU+-`g>&d`bthz!cw8eHoL<@%x*w8%EGZaG{v-WS9V zW^$tRUF+t1qmQhP31PW4tsFSROt*tJl`EVC=Q-+9Tx}z|5NCDwZevnKyXgPOTD>4c z>zR+bbfn%CUR#kGB=yw|VPWA33fmHJP~cdJS)talGgJaU;~G*T;uWw=a#Gbn%rB*g z7gB}uZ3(YInuG8tVi5CQ_DKU15GN0GinizEsj6xxovad#H{DRiPmaVL7$XCI6-}-n z){$h?K-u~ddL0Wa-0~)cNP*GBDiRy$tgGjr4r$ z6;jg{if#y>;H6flye{a{@!o_tG_B$WV$fit0Oz6f>hix zp6{mI3@0m+vQ9H%(wQL?C~ZH0WU{(L&j~GZLucu_dcbXtC~Nb6)5k&nLA|&!C;%njmT6yma@FG$>)h$n%4h(l_F8o9c@3?*9+`A>Q@pAp?i{xS1wwdotDjd zw>Oe!^tFdYLaMb}-e+S}5Tl{Rv&QpPrQ)Ur5ACQROm_c)JI@nK?#h{P#L9@pVHFY^ z$anNXL)@ZqQO^2@UH~%#Xv}#Kv-F2l?_@kGNockUGVEL+>WW@Op?7DslrjFq*r)oo znYaZScA`ItHsw*6Hopq7or9fmL|1Mx`!gY3lJzu|L#*!`(Tk*kInX_UPp7F6S+DJe z`hGs??c<$p8=gsL z?Qxl*inmi5_u*nz5-kQmVWy(A|zVd0I@$n1-zLfIsVQ@(g2&hsVrizn3} znwrLn%=5a29L(>0VH_>2I_Zz?sm;|G9fdHkPGL>vArLuX0FC3g5dd=}e(~f%cX(;z zhGUi+Tl?dH+6Ib`E5fVYfaN(#*1fmasdc61Ed`(?XA7X!V&)dYJpIfBRC*S2X7AzT z6T8%1;2NMXe57q~l%gmSo3EBG6Qiy6o~s94G?i4TQsJBucXm}k0tHc`p7L7wEns;n zn5oGBNjQd?jtmm^76QrK8QJDSGJKJTL(Zd2WM!Ok`rvKWg*RQP!V3LBuWOJe%albbFuT?Q=cNz(%)EdNf=#jz{{a$H1*B@6&J ze0QM<0bF+btpA0%)cx==e%Aq-i%gj_Ij}<&g6+R^K_+4)7gJv*%kAelkG9G-TLW;B zLEEKYJdWbz>(MXwrLZozMmiuB7RH6^jb$hcW=Sw6P1)#Hs(Gf*QackcF)-jYFf;=C zNqM1hM#9x@01Vv_QY3LS55g&s>CrcK$Rodfg)Hb zkNmCmIG^(aEmKxlZM>GK4Q+_FE~9Vx@86;-DpMi}4tyuI^oRo!z~|9suPp#zrl=rzk%j zr_VC62qsX#31&@HMR8d#<{Qg?@B=|A{Rc2w%6JKq0Du1e{Tukd0FeCP=c^j>$>rN| zHYc>BZ!UCRmp&@6rEyyS18~;kyLmOikRUm>a5u(nSO@95vK?Q~x4T*1mUTm0|P3ey{YU3JW|?rvW?Z29q3r!HiJb8w#? zEUwV@X6Ah>{^D&7qh_)ps>$5tm6YSqf^g6JPWu7VYs8iR2`^?XorUMk9oA6$yfw-O zi#x&ol+s+AecQfut&ZL%bFe|%k2>=+*}*fC1yhfVDmfw{800C}@pjmw!fFyz`U!-k z@0MctkWmh?Ncod z=BD0LHlvkWkHXM_nmtK;uH7J~t?khg^kaMiAIAY8@L;5m6Rl=R0rTF{bcLhD<~Qok zLOw}4FM(6HZj1mBLj!dV{-j`?f^*lbhJwBew3>}5yMM&*(FwjmXL6U!ubc3*e*`>- zd{5W$JKyz_fX@K(lSa<0L=mJHEXHpsbTwJ$FVdx4x$bA}z<U@r=aVb4x;h{@oZiM6`q*r{odbn0hpiBw*gVvczsW2yIhN=)!zUducaEw(e1byh` zS6)Bs+OSsa#KGY_PsMM8d&+Do^erDLiZl|t;1^B+lk;khrA36?2-p*Vd}}!?5xqwJ z(Y4JV`7HGFIv>$jjT+m-=`MLD3p=pt$G%Xhlre;5D zK*Opr#KUmjvy@vnl6V>}myRM1W-;L-W+L>H%ZiIJo6$GyE5QSi^64*;YGv?M&I-dG zfNw%|;8yGCWmD?R$)i{(Ar(AtYN(8B1-e13lEk#k$A-g``&P4ar89T?B7p_-^%Pjo zgqW5Qi9-rDiS)?XmE;^xxh59hvW+#TBh{ErT_5nI-pkOPV25|zn{ez-AolD1SIU

BcV9daMn3)B0K?_$86%QqAzlrE;o^%<|UM# zmCV8FNG&Y?=y}Nd{gBiU<{NS{;Sw#Tt;yFdO`Rb)X9E6MPMayt4FMWs?}LdG6@OZe zt^9xCdQlAJ%X^(Bf5M$va*i}3QxKO#HS6zh{NsKqFB$)qr4^n?EjiNw>r08({VjV} z#-(}4WO|u>#iH^20aQ~?-2L374hb4`hTUC^7)BuF&7Vb#FL{m489R~aBR3a-g(TY- zv?vq$%Lj(x0PLl62J|^Uc!q6@PHyk#zy*`+{-;{quqQm();$$}5xaGi6Rnm0Jpu|O zivd9+$xN;M;$(2Zus5=3C|D^usYJFo%<#NPSu3(fYu80$Gi=9OS6>?k064DimXdlK zC~N)01);?oYanx`Uo<)ZPyfeC6TAN)Gwp!?EW`MJEfHFKEoktk;`ZOy4!dv} zcl#5L0smVM49oKk$$B^ZSWM`*y~_Fc%ytx#$4T#E!E+w36Sg-zHQi^H{{Domn9-Pv z!E63irC}%CRFTJP`UdCkWya#y4o0hc-y5^}W^#qHAbmBp|Fq%HfPNdT^i6) zGCsg;>_u=lauW=*s(=5A8MV9x+q8 zdSC$&^nr+TM^5sogt8HJoFm8qhgonwY~?3lqgnM8dPu|EJ-OxS22%h$&B_I)ufegk zmGGQdKX1(F-Fx`RQEtRtHhcsHQAP`xvju0}AaB7Yh&T@4JmE)CK+IYFVk<1x9-czK zdXJ@t%K$!OdOl`*Xu|MJ7RfBU6~&u6DdP{R=G|xPcUA6*Y)N;rhD=9D+7fg``uQO-8D|&BdZV0|< zXYPb+-q)Og2xII?{cR-A^qEm!5Y$TYn@d>>5ZYza=x9Hej9)Kmn_dWJxUX-hFT_9l zp-gLw&bnmfA&|Hc>OGYOXmp7H1P=RXiAFdMg^u&)uj3yjmmfPkD{-DV3S?MOF4NS!>NAL+g3%0%qaOv9`rd%PkW5INI!D`9-AbPG+ z<*SD68yg&X3PyFjY~h^u-4fV&Yf*m%J3W{OFVx0-@Hx+_wvIRmdnh^|e0wChzq-8x zMn$+me(!;?NtP(Kt;osI^}uhRry0=hMYr^$k&57j&f387MBY2NE9Ykj%bxkIo35?k2S_le>I(4HK$34q%E>-(oux-r)(Gd5YQK_SRG{UB>_~!r3R+!Gxud>XbVj>o0(8RZZ0BKp0cfK`~pm;L{JeVpqo$co> zYW>qY8MtTD_)!fvQ;GQjZ%VL;(4lQP0QcSrU4CMW-0_r~m{%ZR?+r<~3O>ya4u|*+ zxxbGKD|IbR^W4u`-e5fw=Hhz!{p)N*yd7~{ptNGxZpcLp<{APto@+&Kt=?H*R@)PF z>&r^xMov~6){5SPU#*^+4^rZ8C69ds1 zzVp=%Sfkskvz{f_wTL>VNEELM$hkt#3+l6$k9RP6_jUo7iwvaNysKfZZ700iZ|&e8 zMq>ALj-&)=o>R7O8cnWy@VN)xlSC1hx2CZHf%fo1vHM{ZoOD@t?T$)5RK}o#JJwI z;^g=o_nx|Xqe?L8AlNsm*n!(EtKZI(&LP$U?iH4h+@791F07W4&I?e2-I>4q=pmPi ztDB8_Um^OzP0HiF07d(st^)mEFF>_PlJj8*Ca2$XY2Ar8nTPveq)W@LXBOUx_?(%B z5K@yz;ZxMpNX?uEP|P6VCRcb(g?>})>ZAZDd+>LsMiyY1pEyjkteinEomE>${D5_^mZ`I8x04glibJ4>~#!X^HIDSOj&_(nU6 zMZ}S)0lP(BoIsl14}j$lE_K-6*8IuysJn684h=BWiH-^yv;g)YF8{Iy`7GYN5dQJq z_30E<`1AOCj2HZ|HgGNr_BNXq5?LSzlq=&=Fg0u5R91FKnwt6@WbK zH87D~mie7b^6dpFD+ye@`lm?O!m3HuAF3UDn&IbvJuf5^;OE?qQZvQOPSq$Jqw$&Wk8P*r0KtpzWeOKa+r0TB{GU*IJRF z?LBy{;zVrwti1t+^KknSmop?*5>roSSRpn{4)LO_2j{Jh3c4m=ON{+ zbjsc)?Y^-pa@f+xErvU4f?z4<1mUF6U=8_*-S!v$*pb4rskF-!eY@PwtJt#Io5CR% zL&vkG;}e)hfS%vxITH7Y+S`4|TGfe$8a;+wll+aSy&96657IG{jLid=yc%-xNa3A9 z#oHrCm&Lyu@H^F-uG5F*bNOO->II!F81z$Jl!UxIjI8CuR)Kh34QrnLbq-Lt$jDEV zptrB_Rn=;EvHG9Ne@!62V%9W_y+inz<+z%qeyjNIx{tv$bB4J+gQGoRs_~i1{IzG= zo|W3BP-UGgmyIIOq_WfzWPffJVqGfgiHx_Ts1L_Je0{c@x5I?TB~A4;#ovc?`6#8fkh4`8Kn0Tbte2zp zP|!NY|B}jUMIaP}P^A$Jyy}T`#&=}nHuWf8c231R={BuH&ZCkJRdZBx4 zbIid%{YnUOjFqma_3)E|_<2u@cv}5nhD8K<+*v&&mI$I^gWr+NtE;3#YnG%}+?GM- zp-EX03JN2=0k?i&WAyfMFyQ<+oye(D1hj16=+?UDnwAoSXjU_cN67N(6&PM9dAIkN zR2I`uMc>lu%^#D~x|$v2MXTV{hc${){>mL^3IO#u>B*~(+=(*Q3*k?#@&^qbpq%n` z^TG>~G^pzhuAbYSu6^$SfQ>(}1=x6ZIl;fs_7JsOfO=EDoB;?fTOZdH{0*Nla?~9d z!^q)AMywco-c&W0wsUfHmn%=!{x#_hel`QFS#r4Fx~^$S9hH1p2@!QXfSU;fz26t$ z1+Z{wNuyZ~UFXCD7W$xt_*jFX_0getv8R8M(I)X9=90JS)&HY7;1f5s%%s9lEgooD z->R$y1^$uCd9oVy7z;?HfsVObUl!cCXkb~lc({0B$xINdYY(yq#>cWifc044nu^o! zpj+zT2Z$$x*<@Hoqc>HhCDeWqd%Za~cm@{^s`u+Pt55glB}Sx}1&*|(LyVhlfZ3EV zT}EH4RVD52r)CJE>jtH;G=0#*-t}#Ktz3_eA;D(yN=5tZayza`CEP+8j{U+vTxnQ8 zhUREMPd6_o5CPl(%Rr^z3h9dc#k!UOm_H*|npkmM*nm1<%BY-h*S@-b0=T2V-+ncW zzSonsdFv#W)YE}gaTrZiUYh@SV#@4-F`Cid>G!&p_Zjyn$SxYGB?jf72xV#n|G(~0 lfV}gcyAu4b=c8Aly$>BE^P+jpz`YwlQeWi6D@67E|2HrOSjzwa literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png new file mode 100644 index 0000000000000000000000000000000000000000..31e2ed052f1f255195283b75a1611f115981af4a GIT binary patch literal 12719 zcmd73Ra9F~*f)w6x8hE5m*Nnt#oda#Q`}vP6$?^*C;_e|!QHP8HHzG|u~;9ycn!< zATRa+Z*t69YN;hzj3pH@GhK`&nf!xG7zSJG^Xw%bVG5R~C zeS`Lxx~Fw%!x9TBP9`e6@N_*thx@zf$`Pf9zbDg@OcakWg$f;)G&afNjwy1>#ckxK zG7cqkZ)aZo?A*;Q(B#j3IU!!_8R|eexlq_z1ajYd*LJ>D-T_`u8fJK-RCT1N#ED%& ze|@3rTphlrb7x$cORf_x8y$Z2G{^a&0JO8kF7y)xq9-2%`6-~hi1Y37LoU>h9C_|^no%p%9adT5syFb z-1pXHz9a{UjPJwLU%Gb3v-DwmlN_PJC}dyIu@q0Xs`Qq1Nr>iaBoN|OxrPjTGs<}d^700K0levOYE-THc zc8g{Vc#`MRAMOo1d}}-J`myHPKXEvQn(_ziY{lC4MWQalOrPs*C=r(-dEiX0+-s(@ zwFZW>0d+NS=_8-fmM9|T#!wQaEj%bkia^weaFnS++s*X+tqBGalGNVRa?xXH&Pb1V zi)Z%>O}_I(kU(duS-VeIqBu>%oYRre&87I#9uTWO=w09YFOP#toTlx%`SbM|NT^uK z4OW8!pE-=0E96}yBgL0BUG-{>N|Wk3pzSJ>FLw;Jbc4kI>ZIv_p5`8sHa_?uuKKo0D~}Ethsyas0DK5b+kNG zdi*#!IxJ=Kd+IAzbOzq%szAD@8Xgd7EdVTVIfwD*Sk@ zQ=a>2JPf{?!j7uzM?NgJ^O$wEJzW69(#i`1^rl2_P4w$-$9oZxcgD4fy|)$Y++S39 zx+^~Tt~l=Q_MyG910`PCbnCR`ph;)WD9qJQ69s}Q1+T+WHZ6p6${FnA3_t*V*yHL) z?#X!*vBw>--@1nu1X!+nFNi3byvbP}`dI5L;k^2r%l&3J$|Oy^gq~=m7k5m?-i+*^ z2&Uo|m$(58u)NShBauaaN8m9e)=xkTjGM7A^G3qDA>?|qH^|64hsCKD9%uJHGI+8; z!njPMklRVG-Z$Xo8n=zVJ1Wk^W02VMX4(E2dV-Mb)8ODtgxyFlS`$AiCm+fDq+$I&rIFv%^$@yYRO?HzdD*N2p6`Jq3 zj0suP-IEG+C75Y;{9x&$jaGx0&+1hH345N_tH0+OZ8<%Ow@3!8_w$j*pIGHD^ z)9n+T42fVu%>ZbR^gC~Ko8~hTCtQVk-j8x#Eyx^9*Dh-@S)sA?$uPYviTDh{VA#_FW--WdB}@;wnUHNyb(9qe(a4jIV)GgUE_^voNS% z0s$;W{U^n_G3Y$l$-ymz%TTslZl3f*S`!dG3}*xHe9ao_2pPhGf&W$po?SW4+lVI> zFff|02d^Bt!pF%Z0cpcvQY+6sRMMj~0AYUgxQ055hRyflpKf`GJQbg+ zGo9p`Q{EMZR@Gv%vuwGXuC(m-^}H13g+3exQqhrw1oo6oeUUW4^lDmW9;newbo2Y5VmX8``~3BMR+o4>aisb#t)2x{HwWe<|cq)LCTzX+clr*14{a zw(Jfl(Jzu!sx)e;TDu&U8Ut}t*&CCE>d1&n3Da+L;(rs6xfqVd!EN`7WVP+-7?!qZ z)5nyge@m@mIg{_xniPU&ZS-RFY-+?AvXWXGn<@_b)IM!|R$@^Z;QLrnbCG>D$#}mn zRS0~-%)1tMdsSG>6?S_U7ItUpLjmXr>$%Q+db*rGLh;ZpF>LpCtlTcJz7=mD2c12a z?_Roh-#<8=zQ!!n?cUFP4AWQW=O5~mT!vtDy<{X&9E$fX(`i0GTzf4(E1^d0|5=jF zVE?qUuo_xlYgMNd`p`A2QKtT^he^U&VakP$ko>Zpz>~^S7&s?L?|Z;VKqYA#?d2|J zpXX6_Q8~?=-`9OZ}khN8S-I5r<7_;w1PkqoU2-C6C;c^>n2* z3!ZYSo8IJIGT^Ga-iN^BN~LGN-Pd%s25MT{sZss@9(EJ< z@@=cBO!CbAdI%DY!iskfLv0#ElEI4NF*A~_1)y1km5yZ;4|_~Uo4i;aFK|6LPt|C? za}^V?>(sn(_SY+Dv>lhX2h|$)sBfsS>6dLc{QG)p=STfRHIvg&d2wrke>ySqf|x_U zYUw;!163WwT@z5J&HpX(JHD>885Qb5u3LBN?Rt=K)r+n_J3}q+jTa|R=ogM=S<(xX zsQw;{zF@inxBT#gb(RVT_Es3kiUs%=;T^R0H~&O{Bu7Bv2uYeYzH> z{hnp~mH2O+{cOk^L#QCCS+l2Sc_TkSD|NliSe$QvR+PT&l5HPZ^L~$1o-iE>0TE;9RE@y*o5P}B%~VLxIfdMG zl`{@bUdw|I;5I(@rJZH*!1HUwY>$zS@i@~n>N~&5!i~}6v832rH5)vEvO5xX27#h= za@o1RGCX9P44gmAJlx7L%k#n!YJc*?08<(uLryAbdhaqeAEDjzGX{%2ujTgx8=ODUtHD|6&8y(g3r4YW>BSfF;N)TGKk64RVIn=4%(Z}`DU#J zJ(YMw*zpNw&p#CP5ReS%8w7gwKxTith~GaYY{Ec1e8NeBr0T6T@lb+ z>9~U*N&vZ_XNf#rN!U17&$lfG`Og8?=NT~hR*VhjbCZ6$-|2+iU7u$gOY@*c_aeOX zcAQG!g-fS@Qh@H!GD)UFX)d%C!ehQdsMzt&S%d=1= zkn(6NBoo@kZ-D*4mHdVWJuE9Q%|?2Lz{rK?F_R1~HiUD_n=J}0YKPNKj`;O?xNyCd1jAaz{R zbVWmOrdMn1s8SI8atEPu`DBk0vKNOuodAgw5Oo8$w|v$tmiOVJMJE7fuOXX8ns;PM zH2pa{35~sa-9!#4%p33ZtZ}%Y$r0?BlH-|fW8G!DpL7eYP6hf^pidmv-)2~ox0}o(CVtbt#NBnJ-Gw*j{O=(!gt-^{2U7y+abR{MH~o(ZQjh-O%c7tZ^fzQ^ zqpJRdTd;AS#R%I1)c%{m4M|vf!csQQr|#exQ+ewoz#Z(fjYeZq_$C5if~cP@s&Dob z6NiF?l}xwIph{0dg(EUnSr#ifGFyn_@JEeVi&4GIyE@IEk$NH;N-XLZnA}*TZ;#=l*Y#001YsYu7>OQUCTWQ=y)#uvC^C9twUbYTS6 z)C^;qUblaqcSb4sTI;Nt2qG?0T+fH`=DUShUd43AzsJivFzdSq2VzY@$o{aHBiOUp`(PTV1K;&Tt#e#CNtuk5`~&aZm5-FYsXyzrsF49`9B}*ihs_ z?o^^t%hYTg=MT4n2JWFEe1DYqI<>IrfP7x$0Ed;UoHl5kNAZx6UcY;fh*Kub!fJ~X zk3=A#vMD<|rBBGN{`%}W2b=o6?4U41e`KFR@s|Ch*f-|htgj~s>d!Hht~0J??YV`4 z59Dk{HQDNs;hwhRhjhO3bcx;eh-i}vK{OO3-K#jUYVG8Gq3z5O_NrNp3M@8lo~Q!s z&%MEbcv2qb!FW__hjh}R4-$!!_qX~}Uzup53fLL-ynx6PVldRmth<$-z{)sHM6wc_ z@RbDR!T5~kw81YgM>wf6t_B^xNxr0rTLE9U2mc|avr~IVTv+Y%WYhXcKG|uC|Nf*J zVG+o5U#YpJdTPF3%wROn#wH`l&rmVqI84N4#JHj+ZF}H*IVomF=;U3$Rf3C*wu7zk z#Y1EL=l0s%9|lflby*Q+tB4fYJP;<*ah#J;`&P5h4Usihst1WwF6QMhjrxj&lhK*c zgK!i5K5Bpn%!({@3Z3UmtF(Xu(f;k_OJ+wV2>8Zb9Y+q)`qQ0`9gHc1p9%GL7B3)anUk%cX2ql5|Ty zXB;%yD}NTTvZU{WjW{zE$lP-d>8O)*3Nw@5iA}X~hiVVpoUZQt(>F^EI_p*`Q!S{0 zW;Uu`^@n(!)fhH4<2Fs5a7q<7G&^`jfLAzF>CmYhg!h!H%1K`*^6r*h0 z6XzumMW;GoSg>kQ^A&OD;$oO)9)nkvnkBzT?)xc;D((-?_XFPq&RL|M@4gASSLFJ9 zUYxBv*NJv!pqrR*m@9Go3kO-KrPi@Gb3a~e=Njd_$c0Y$L&!y_$`oSkJ)@R){_I@~ zo9UzVssuM}fJ0+3IFS1&FUXyMEq(c7LRq_My1 zk}*X-BebmvXk2P}2z2pJAzWqH+t~2lbA75p(SkD&_ptFC+~aD!I$eUtgJR(OlkQD` z>adjipE~#V&^!-3c2Zmn20YGB0Q%vIhJu~w7}vVa2a~0Oo!@95{&dHo?_$j*5;MKV zlJgaoL6xz}h#$FIEW+HA$BjcdVQ4hp_;C+KTP^-z%vag`^52aoUKuN)7jj!SnTI@| zqw>#t1jI~u2EKOrT~n=leTm6Z*pQPyr>bv*DHFfVBiQ(O-rW`o8Pa!ri8wa(){=Oh z^ay#p%DAXoL)qZ2S-@Lc4}Fvpt3FV)=zVDkdsgYF^X44r(y2r2ggl)|hIGZDZD{kV z5wm7}jK%%e2y)*-dd~F_QJ-=f~F$+QxeIo^Ajxc)Wx=Rxi|E zgON7|uxS8_QhPzW83lp3)4T8YDanqD%#z6^jC!!PC=2kUsA_hRR{ie%mi_ShFo*83py042{I_~M}XcPwI+JrvS73{j8hjRG0r>5J)bF{R* zdx7|%N9ro2*?GCYg_GuAziep#3`P4<)h03<<~jr@#awIL;;sHNFz~Q0(HzX}wYWuf z7CV+m_Ff__^N_1`tq8f5*XKwV^nA0SlCZa^bi7bo@<<()0xb)z-XHw1&I_kVA?lvn zThszYsmxRjDx7MHodJF5iPlOVse?xjbjpmGCnHZ~RvZrrOC3W0D#Bqc(9e;Ph15NR z%P`F}I^lE=<72e*%n!@ve=&q@TQSEzm_o!^{OA<$ zAo!E2Yf^+w^`7@S*P|W_EWZ6nk2g)V1uN>0EyV-4_hc4kav2?L=u&J^Ff}BlByNhF z9sBik$QiZ4WIzvD3B4exF%m7-X)Xo_TbPkw|spO>lU+idnm9PJ#7qCMUb0?Ts)emgC?UL#6FunH0O^StUz!ah=l2u(CY zpypcpm9KxjPUW4~3^qu4L#QH()cGU_#lSr{dEvYa$$q0mXB(iv0I$|MF=Jfw-jX~l z9&EdfLy)+RV13Q}42&J^FwqClD8k~PFb$2=TCo-H%|n~{>;yh-uW_D zLC_BUj;#gkf=v+}tiHO(?hR`&Bhu%; z`zZOZb5`W@GJAHz8`<%J9ylWBu$DS0?xw;>S7RoeD3DMIo0ql<6b!i1G!b@LFM*~7 zZ9UIZU&q4v6t}RT1YfP#aR&9^^``(Mg%0o&U^;Y%-R2SHJ^c{am(;M)+x{J zdNr;31GnrPhe=xsoSQMp8b%hguJ_Fs3j{3gKQGi6s$90LOGp(^^RJwB+)C;v*Ck={ zEHcr{nVe(XVXYG%o?!KMpeIdk{kP8Y9IYS{}I6Y4k znUZ5%%XwJ{R)B@iGvTRD+KzH^+%RaHP!22YT7H)b`&CjsvCmg6g;k{cxQ9@ZS2V1D!C}@8;1P&~Ps{=WTU~^u3h019)?kah1TCCSEg|HYh6DFMQmn)rbRlrfUZ z{PTQH?CN!gv&ZAAAv&`^>D~u3um$!G5{-0N8UfT%t?R(IE*#t$++7iqH35Dq=}FJ7X!( zT_lFgdNF{NqK;Js8K30ix-N`c$K z4)_p9Bk)o0ek~=03;*fGQZQhBx{$=|d-4rarDOEwL!~eJpiMVPc7C(^uX9N@w3<#f z>Sqe!*MVpTHD2C2$RuxK-Z0y2^k6vg>jcZW7XB+U!qmC$;BDW-8GB}^gsK5&=l$sm zm7C11{!A$`+3I}zA0!isvsY(~!g5oGsbGDwV`seNiQPZgsVWIEWWg++mF1EH~lhlVqO1E z`!xU&U4b|>cp#T{;_60Y<_{yX~#Pp+E4>N;1<8Sw`gt%kO<{c^t{87yQCH=?9+3ynou9MnZ|1TG}|9?^2Q=Ntq$zwnNt>6aHQ^KtP z*bv1L!FdctxS~Zbh4Wu|WJECN=H%mkzMt7n`Tv*%$c5hgzu5w)viMTq8^2OxilGZS z{W^=YALbM>9#*1dNRbx)-?Gf!Dk*(E;Y)->aoB@kJ6Z&M@Awi4$N7j;;9`B%=|+z^ z?CE|w&1tKDgl0fQ@`O@MHx0I*1y}6}2?j*^sQ3}z9Z3V=5P~J>_AFxujV7f;F2P2> zR5{J4H2#w_B#dQ_DJN)}hE38ozRrzSKoLgD&KPjHmlO{-FR;W|v(usBQl)@9{Knzx zZt2p-D|bK^cgDXYiqUwddbLHdW@T3@uI>n=``^x~?L3`7j-A#+jWJ0%m{Bo_QUC!k z#j`abolvZ4jZ)ul9j=fyu2DD zD=_xZ>}E%OoTRpn&Tj9~KW%7+zV}9OE2majBBml-Wmc2MhM;(=qDC!jB~y#fVT|Mq zCE4oa3Td~wTM`o#;Zq{>C6l!OI%qG7X!IMzth{`>Y!5M;E?}pVOCS+MgokRvgEZw@ zEobBgm%2IHfc3pGb2Yln^vlOaXzx2E&se7Y(Nh$b#(}#}+rtaKrz=dWzg@olEmbKk z<1mNQD0G7=8QO^N`v2!u!|+$(ESfNgi~FWq4aVED(NSvSjYtjGXYuTvrgRY?ioQ16 z9D1l3R+@?RV2sui@z8mjyTJ8()Dj~gP5U$oJPtI&A-qV1K#M!a&Wn>2@y|Co5_1h< z@ii(Etgnt?WvZa+Dr^uaP1mP?*5#c2{%ZepTR=`{t?}_k&9VpG=Z@QsT93KOvltzd z2CHaHx6bEfu=`21e!ZmSeL2>xV6i4|RnP3r#5%h*$yvIDy4-_0n6WjqS=;sNQtP-51Dh>eO!O+TpU&DXB{kQ4 z)UP*dgwM#4bwaGg=bj!(Ru$6(F_vGS|0$CTelD4cK`NTGHz@(xjJ|z#Asebs_{L4= z{RyX_Nv*C{&%jlrJg)Ns%={h1p1t4W05JpIUJ7bg%1VN|^#~3H1B#QA);yGy0-8<_ zVS0bKeImaRdpBG|H_RpP?-(3cf7h=41tl0A&Xu;9gGX|ru}H>Bl)edgA~DPVr|yXU z$4|CelJ#(_w}+ps1!?NJtd=9C<*{TDX{e`l#MY&0gsm{+B^hzZ!S*wYrs~A1Q)-q& zrAfrJ*bI4bI<4Jw+9R#MCi|x;W3f9`Mji&XFzbX68P*J6^0FHeCR2oXH=*u^rEpE5@)B zDJ|h#Z2lUz)Z;K)>_DeH{2ou1O$j|Y;X(((A=cHiIjjpu8}L`qU_fV&l|BN z;?T~^ub#VOa-qz)>If{+^MjQ{-$k@wA_@)TE$X-b>S}d3?`Jq}pu{fV5KU%or3^j6 z1Vt?tn*H=iXc2a*6rM4Iz8)JR(8N?8a|dTgQ!=ONQ%B1bcZP=9_hv1#r@-RiD~M2~ zE}&l5S4&xbMq}gnpZ+e~o}o1xhc@MMzA1B5A}n4m6gc6q+#M2|7jm=Aj?fj@Rh8@k zT@RVUC>voZ3@*AgX*n{?X%&@vqJtYL(z}9g#^Cy#EnEp@*99cty*!#5wghH4gB#_B zfRy`G&z~!`ip$O@MXjO)T!S;@KQwIij_Pc#>DV01ywip&oG$mbr>hEjbw*68;TE5d z`8A}N1`|lL#xgjnr8^(b!~@rv{iLeF*HeI|$UVQA-U#+ck&9989D_62V!KJBM*j=? zfW7bbHsgDfIqPCsuLKM+)ruF`2d=pShm^#{Z<&-8`#zvDiGsqPAfWw{`3b^~C{g@GC(RV;(M#%tQo`#j`T_&1~oOQ z(AiS~Z9FlK(;^^13AA&gC`{t36g|=L%l&Q?HLVoB3Z-(zerbbC(q>{lM~rZ+|EyuGE1E=hcd|KEkaJyW4@JDsrT?;F+?dzjdbjy!H}PUm23( zHr7283c_;7t-AuR|Fe^55yZfgqEgF|;LZ@`s&ZDHDY%Ph769L^U5XqcX|tNUjzUo^ zhpND7?a&`rkD*Pz_BdzSGNJnQQ2;^Tu9}Si=}@y)<8tp$)?)SI^#-18MzH#~$QAP4zEBXEOoFuTo-s9NNtl|9NGKBj8I+ zh2k~zHDV%1RL8aJT8Nmls04>nSh3cqr3iOj!$oc)j*6r$Qz~GKA^_ZNzBl#n+18XX z5Kg|!y{=(TV{h#m+Mt3BWr_670!sIg+gt}?vW_Jfs5Hk)4S#+>4N>m|vVUUlxY9o~ z=i`NM96jbxOTxWgxIU9)E;75N59Z#CK4)d6^#~TNvS)c$8mk7jvO$x@7~NFCoTkSl zS&izvWQtIJ+i%{~%^$d`4GrKKHFbA9v-}tcj6TaUtM8`&7=t~_o&AYJe{4OZj|}}B zN2M>)F%{QJ2QYW~K5QM3?(+zy`F!b62HzxbNJiVp!$4cob)Dmacx^Jp``yiu|SWd0FQC&*qLdEAU%Tw z%CAqy3!bj0Uf0?5+!S#Vc$Ommykt_N*mD}-jH3drpA~UP(`-P(d5NG%`@@d+h!Grm zHU8}ooPiP1Ja5E4KLOF|U-H!8JhBpJFw4D(EK&ft(S4l}^qSD3T_f#!7%0PM*_kJE zDYQ?Np-|6VJk+LSr(3ND7H#WlbT%BCw`Eb!{xQ`JSMcT@9*#?u=F7Be92!Q}Cw{Kl zKmILkwP)3Qw0RS}}n% zt7%zcJdjr47M~!4`;*bb_ zJy7G+2j2#iPC1T#9>lVFAq{oR=MR6Gjiq(Ok~rBsDELVkpBdVRgnAA2*$VE-75kLQ zV@@N=?lmR#inK4%I-W?*uPduat1toUygVAqo-HoMEqHcX6SN*=CV7(qx2<@87jSG8 z^R%Gqn>NY;1T-c-c&4vCtjKQ-+V7ym;Jr>*?h&tP1D&fa_O6BZQsC6h9E0jZvX?f)*sN>N*=Ua?pq<8VsR*l zlf@noX%RVW`UP;VI{x#+rkb6yvp1*DZTe<(y3!{(&tvaA7UrPG-3^yY!=|$2SU53c%&uQm1NH|L zM`MvHE!LTuN>2TKO6N4xF2}=z)678|^yP)2?W*2TQ0Vgm1)s;-ilEbO*X?@71!VY8 zuq})k4?lv}m)~XOcCJFJ*g>|R$hQ5OyXOgZu%rTDH5bAf=WQe%es;5T>D;4G>N;dT zZIzmnD)aB`#UOCGBazr7BOrnON#wX`Nb2;I5)ljKN6(WA^Av!t@mLd~f<2rQ)F@;3 zrfn%7MczDl(c#n?&WQFV=CRO2&|n~3u7D})pgX`E8a-8;3?V%ER zN=`W0kkTgnQDQ2@Eo+``=RJrJJ0N3)@=FVxtC-y!hEE6qZQgFStw(}x;Vq5Yb5raj zB0~HD5f3=Tz2K7VCfS<~o=F-c9er_fkR3>f#eg^EkN7h+@`AEqvsjiM51VhR_|LgQ z65OwEo?IEO3HmA$2f)XBaYjYz_dV~2oA#-2%%q>*;$yv;Bp~?n<&2}~?f=sNVpRXD zjNEgvpR1DYws8_O)lfsYXOsaQJvy4oF^ym%;WQsHzAVy5*-m%=3*JO)46BGZ|BoV^ z54`__)$z~i-wO4Bd0+H{qx#-2z$4YLlLJrlKfR_USYVe+gaFqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r* zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_ z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@ zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r zQR>+MYu5aXLa#2zDK1?9?Jf==~rw z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77 zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_ z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v< z+2Zrf82Uoh5IFN(% z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd| zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{ zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj| zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2 zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-% zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8 z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^ zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3 zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{} zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~ z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5} zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl zysVYjp>6*;yw zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1 z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{ zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8 zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$ zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0 zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2> zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH zPL+43@iPT zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm z=)b|i8u!&_LqXe`*b?G zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-| zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+} zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+ zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR z_jy0tXk^X*iwJGd^4cK%dB zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1 zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^ zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D( z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9? zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w) z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@ zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84 z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|< z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ? z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8 zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m! zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU> z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b z2a^7&T1x^(x_5& z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_ zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT= zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh* zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7 z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8) z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1 z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ? z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE? zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX` zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2 zKS*s7cTb6s_ZQWjDCe z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_ z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g# z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9 zcX@!;S-3h22jOxktcUyRC!=knb zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3& zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^ z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)| literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png new file mode 100644 index 0000000000000000000000000000000000000000..64f731a46505ff363b85801c800f9140838425ed GIT binary patch literal 11884 zcmc(F^;g_6)9>OGcXvv0rxbU0ch{x3J4dE7EO@xOVlSsp1Qx^_6&$V#&`c}02pE;tHiD<)}~NO6sg=wUJ+N+c|J#YCT5 z#R#p!PrM|PG5VX~v2djzKiK9=y#{_1d}W2QXZbbNSSQvI^)$x!#oD(>jNdE&C#IseL!V{ptT%L;Zj~GX zu|vN|s{SEiDM(t6AkVJFWIXNY5#IqD?Ya19O(qlTX0gPbXy5=6wa-M|$4CJ$=;s@j zJSR@^_#0tK>U1+kU)pP?YY^mDimBDBF)mNAtAPS9&_@@_2q`Jf{%$42v9tegq3eEgrK;S$}?xjRn3$$ZJP z5FD#5+T(u^J%R*Z(z;2IZk4=A7v1XCaC2$KMM{4h1((t)>==)uDtm8sFr`RKdln7y z2-}tAXG;KeN$zpUOl}v9Pci2Y4m6PGvump9gw1fpPMKyT@%a_vrSLpE2ayb z9hiz^WtjEC(|!hz*$@ll45goYqnnyxzk|>U;Tz)oy-Ojj1rg^X`2yrU!#$-Y|2BiH z2m?@;;wiUA(^S7?F~&Gbj4T#c5_D-JImlc43xat;@QK~Fh^tNv;oe~w#Qi{~Gna0tPvAAJt^)^j{50aSQ6yUzFNnZidooOvmo z+(ay$_=2Egi~3V%{Jz1$mg&Du?xhE;+xXD(EYZ{qq(Tj~@UY5!#}yKb45 z4Ci0O+Phw|KGna{@_dZJaE^~1;c(?Vy5+6u|Lt@w1S<9ztzOJ3N9|)}+Y11&^VhUh zKV88byS3Rsm$_=CBXN3e@$)jp*=oD#v#RUCPhshHF2sJ5NFO5WHEwiGa>H@k+flm5 zh+j*YD9B)8t&6av93&8+C_&|l+k(cDg~Nrocdv5lYP*B)c^l#9c>q=hk_PkVJ5G`q z{YO)@RPJ5Jo~|C4<7H}r->VIK07f~s>taZN{ZC9xe7;q{qv7=XH9v1MtQ~mX4bG8& zI92b+db-3|(^uivpZt;e1v019r}=F%=KmaSeDi+Tvgn|c`CdbI6^@fkpY?m|$%94v zC_*Rqq}ld>e4FH2g{`;2`WEJnNO=;KbJM>Ulk(d>mhWq4>!13qDAk?m3fE5AcHr5E8 z<9{vfj#1`^a~)*E&CVHRF0ltA>BG7AfB>NM{?pFD^V1at#|ob}wZA~{Rp_>7hYX;e zPzb}c#QXv}nNnUzto3j2ndMdtX41bcS$m9YKam8H2*;129y#qPuml(dJQ-Ilj8I&` zhiCbpdi_bA;peb2Ave$+bq_~0cU@N8id?$<{RbF7Gk*eGBP@>lk_nE1IRLKL8l9mN zr$@(OXj$>67(Qt`jqqyHp#E*q z!PBr0=+@Bn?}rb2Ym(*N1BZ9YILBmwG22xT#u?_qL5`7xvuIe)!OPVC@ptn>i1hbA z_E8DPFDBj>)PXm5c%2z5TnqzkGG&8s94lCB1I-9rMfkQI&*yDX=-l~I)Oc8+>LaZ0 ztCD7e6airk5lwav5KRWTwl2<7B!KH#wPcinVr| z>5hVHEy*vFBAfi(Hw5wEMGkt0D62yW#oz%?Fk_u5+A;GltczFT@TK0&Ap=y-OE&8} zyi)03W8hyk8734?s%B-#lBwmj9p1C^jJJq~`;tmgtwN;LjB2+WjS&xj6}GKjxvqQw zaJ0cI?jh7&Z4U$ey2z9PVTxOJ{Y)D^N1g|Dfn7N3R!4=-_g>p0FxQzf`ihE4!uPcO zI2;3{-s4TtO=6jlo)eP5&iSYdhTd%Q*{Od4fX;YO=oDsY)<` zJGs(W>=zQNANh|ZK~@E5t;ese$m8)KIx@X^~qh*ejbZ zEcWr+Y#YzZ*BXg6)3IF>0bw zbG@%v^trm835%f!;sEMb&l4-L^)~ZeU|DqRs{zn9Nniqk4!m{SP!k1rv_dr)SCR9p!&izBf=j zTwU(~5#p~O`)n+WV9k!TQ|Zda3w5j_?pE>G&Ujn9G+}XwxR(Wksu`w3i9tjI;iLeO z1}Pc4cBKSk7>CXlGXD8_6D4K6)QR4bxha%QjT&} z1>M~=i8n;s|CDxq@d!JVMwX9S^E{pE)=jDv<+=5Jc40yX?O}ADU%RuB{yu0zu>aSu z>)H7_Lc*>3n*7nPDB0=Mv`$jg_B6Ft)ce~S(~hUTG3&6`)5pl`pyyrN#oj{86u#b& zuF~Aq-1l-JsU!DK7IQe%Rt}uhAoA4}K{)!((mSsT^lnxeIEIQB{#^<}@jUwm0Lzb| zp%@%3-WCg7z}+4kJ7JGEA|R&jLJux%iw@IX5Vo9|jr8Qa zZd$mNY>EExxK}SE>aZlv!LTQd0KxgZD+u)*n2k43p1x`Xo?U@-!0#I|z$Wtuylw6% zOTW+1Fx zZ`Y??f472xP_)~2{p*TyAjiWtfe|?U_LbZa(F@-88xW>;Eu8wV z7>eV^E3XiCq}i5uDC{nTYTUHhR^hC8Lae@=*+s<^e-r&Ju{Lhp{6F?rXc#c~)&`4; z%5G*lEU->EJq3mhllYk=}^^rL=NO$W77SJ4dt(g3 zO6ye);!g;6M-dtYQ)nje_4NKG3~3__b?ThihPO@{H=S1t1m7IuxMFUafHG{O;(Q$l z6z=oRP>btD93JyW&jMOk@A8+sYUA$;@bMKou*9dDou&w-N&~tM4gb#KE9N{eZC|Bf zBRZH##`m0w z2p(L+MPPIN1LK44Drmv(kuNLBK}WSUNA0V%lqL<5qTdT$MHlmElJPb+PWU0QY8n;waw4(y?9#s` zz`K@Wp@3PfYkAcBV&&*F#pA7Zpv<`Kut0lfr%OP$@>e&9$ufIVX^owgBb|<;o4`}i z`VY+~3zG*;&Aj@naF5S*qO_qa-+dh8f>dg?XSS~44zFzUF{8)IkwPO>Nk7-uK_L{5 zgYax9YM`&4`rlAoV*u7rwCZjNpW@PwTJ-OA#LSoEb`ka0_yovlf86%Khyzj_VHz@W=sUDkQA*VWg-3s>TQst`46)4Nnu z^V)^A=n5RY#lNQ;;a~m0l1!N^_M0qHa$(72JEKr($-zL?=noo|32EA)HkIT?po@r_ zF&E32`gSO;Sd-|`#{wl%ZlGwP5XjekRI_%U&pgb6$KqXqNN_IyQE)zA*D})H)@Bh$ zu#VZafKPI;D(J@M=U=tYv2awD(Lz-x`vXr8uydZC7UAtbDhW{i^CiklU}(;dBye_6 z3LNcpSp&jf%!go;auS8cyKm7OukqoA-8s9dFNA3)@E22;W7HybGY2r+_O`e`hFGN) zca>-%_h|3P4_^*i>p7wkW0Y7-L-DTJ4*e#&rGXPR$!+UhYkdsoZK}>(9^$TG_xcd& zagg?f&4k!*V%h9ayEbW{5bK&BEl}_@jtpyig0W?uF#w2~B!~`hnf7sq?OQahJ_YsE z^#Jx!EmRAInpfYmC9nM}9BCce|152p8*ou88vNvme8M_BxHe_!=Z+=wm&wdj7NA#p zw*XhY>-Oy)o##O@;uv_jyS+JA1W@^Vl=A8Ap3fD_X_R1?gzV&dZLhGJDAQ2pMn%)X zBHES6p-8!Gq|$7w;M<1=7F;n2f+q{IujTZlVVkFEqnkN*FOUw91T)ZUihNrjdcSOrDoWSO%L2YBBRRe*C;Tghj(EKgjru0c%X^ zH$#@_2kILwurfVq(W1d>BEdhdTwT>+0$u)^XS176(58uLs;a<%Es$q6UJ zkFKGv$8DORB$Z*f3*%4Y5KVj~O4ZO`${vwBS8zMN@41D+HL0E+r3{c5AnH$x+>t z`LH3_=j6vYl2{|YesG<^J-F^1o|nSDC$0!1T{}j39_lOg%+gZTNK3ww)lwENv)DmH zJ=fDU1N&Iwb;Tri$sdose5?^TN~o1Th)4`E2a0P^WPf=Wecvq)t#+X~6a%QN#yLN8 zl9YsOO|&~W(=T8cT471ZBqE34(=GbR=wUN*Art$@S;it#LvKm0iE>P5I%s928a4dC z62$*yDbuH!WO~+}{>$&}^4(T5!0X|?G;%=193m1oBj z9sjB$xuOC|#CT8K+p7wtkmg zMr;_z(_jXjbC}!=6AyrBvv+?JeJn)TiYOgj8w*h9{V-K%Cs1gwv*+ls-Cl+|_T_ka z;;+Y1ZRKKJ6+yk8F+{ny@Ib&rdBToN^RMY_(Gdxc^7My%hW#%zP}{A@8)DiSusMt^ zv@>yiGaPgS6M;(9rK}CKmgp;@(#kKUOQx>N+X`yZiv(X}PL}_P-%OXNm$FSSo{XC6 zQ|1^lfY-`Ny*`>J4@?yOmzyjow;Uz4mD<* zT$HnHmWLSB1x4MAF9d~qw+G1%k=S|V^>{>P<~i|v#zodJ+i$Pg)@317c!IM+3p4k{ zvg->h9`rFj9@ajxFqcvXrUy!DRujcA_MalCA2C>PNdvo0=32)+&;Xuq#ZYV>vE68N)n&E@aGG6zMSaguGAW&#&MyF0=Z6q zH4#*qw&U^-1(Mw=>Bs3Vr;Ze~AUZB{>*O>hW9M|^fBm6H?GcGjOCs%I27sGpKrDuf z!jKxI7YHtQLP*M9fNyz@pX})gzV{YOw@a^1|45Z!U8X;b@0mnd%F-|nv&A>$HfJI` z|5*}o!vJ;R%t>5P`{|PofX%rSyHP8UGIF)H*E`n660(tZ=QN>D<|mVm4IXXm#Fnd! zlmnds)0);!lR+SoZl7fCEfzN8CXF&szdf7j>p8iSDVQiVWu)b9I?KlI=AXU=^%F*& z1?LACfQ`jH;`(1qyLqAprL6EsO1E!62w1N=$ix-rRT_y1lso9Yp|HwU-}Ke%4B6q% zU3zzK8L&2u8=JQp{^}D1zW`&WyP_U47qa159MY}7qad+o{aB>C^=!j{Ly6c?G1 zIu?&{s8qgJ*4*Mh7Oz&j!Pg;Z+lLVnXawSA?|z9aB8k4(6%?B#ZdArLZ4TWS^wDWj zFtYD`@Va(vLScn8TVC80Y--F)v#hZRr0n3bZLWW6-dYk$Mmmztk{I{cnzt=0E(@rL{oB+TG~OSa!geCDSg$6>G)~a?etBtlo4G z;-m?5Mx_m|cDKZh!nn}g5T8u1V(8^bpWjsnBm0NY5{Cx(!yrUaI)SOxB=Y3u=ID>-49}1 zSVQdHLM-c*C^{A%z7>`PJydQg?N0;Y)=gNwMcLrQ?5u&EX!?mrkj=DPu9rjC%Z4D| zTLY1bN*n_C)+LjtbbF8M%`Z6XBKcK-wKJ~qK0&NpCE}k=FijU zeRMb?QQmuO!<*kO<=erP`?i^@jpW>4IL|6S09*)aS<=?#ckbjnd|dan-8|0n2OxhYq73EqvAY@fp&8zw%*QIK;YjUqiNXy!8Y-Sf4cA z@&iEWSMR?_UNc_`fX_vB8^4cpQeek2ro~bWcf`&_tn)-(xMCFDjew7_TQA?*j@~p| z3#$EUZza*UzhwL}V!-l!FlB=%q>z+Ga#rcU++%rRQJol-8cx+REMm5pS~iVntgKM& zI+%@>&O*8+p4S!4SsX74MKQt=xwfj7+vojin#(&9;fGJvd@k#RcYh$KJu#P}{ki;W z3guN=L`UHF4ZJ*tLHA*L2?dR{y-FVs3>35Nr8Rc{=>LqBJujZ#SN2=SUY~Dhec8A8 z*K9h_pXi@DhD7x84BZ!9e}A5(b|qU19$$mnGuzy07>fshtuD_%{2SFzEQC-W_foBu znA*kL+a#>OQMlr`b_&1AG2=}xQ_x8KXiPtsLYYXAQ}#nV4eTp4weGqbIV1jIT3z6l zdrYH+*}g`)V;{+1Wa8qJF9z8if=Rgn+-uBh$TLzT>$HLuC%(PyJYReAAhgF52-$@eFR;{CPM-1Rd zaJ-g{K2nBp_}{=05k*<-nCfhfv3C!gw5;X(efh-fYwuzuiQi?&vn=Q0%MISZzaW)X zR5PO0*ft#4ye6#+I&i?N+z~oQW@F8Z-=q(UX|~hIDO7UzKIJ>Z?LD zlA1K#UkbXqvl7zt&%+dr(N1QD))mnLA*K)orcnO!`i0zB9F}xyXDVW+PW_9@>2F4O^e zsy!uvRJ=f3wY?TKsfZ@=b(~ae&m2+7S%>1mMj^4^!{!9Qv`SOb>v69%NPThIM zr0%+z^)nqNtA055i@{HqQ5Rq zYF-aZHqRnNWoNv&Ia8x!#03Szzf-Ho9GQuci)XUVf+v^7Kr4j3`w0gLM;y1pKVs*#2gJoaGI*(b|pGWhRz2Pn>We|IIY! zjZae1!vX(=MKgLnDV^wm2|Sq48biqZp??d!P&(D>zBxc$YfDpu>v?}EnkNZ*?KYb( z8RM{N!n$LdUb>i)%fC=MZ3D5+&`fuSk%&AnJZ+@$xBZK>aqg zb5X#&M5z+_T)M+Mw&o zyXUonnAO!vpVv;yyW@tnVyoU;4T85M^@v;&_+7{LcuxIQI*rtT+DLR;uJcU=0;cHQ?+nvnhvc6*y*|@cgnQTp zeM|8A_7)&<{EaTTHHZ~)Dv1ykj zW#@umL8xW29oaWPuL10CZf6uHpWoEB3zx9`%J3RHeDVCfV7STt84w&v8H7A+fRW%< z4c%@@|0JMe2;D3etVdgeV(4{+BiXyKE{K1{vE6URx;~86K=pTG!pSH8Y864*)rf8y za6#AHt&=ww^!hZZd!9EqhJETsPka5w8)jfwNlL~|9sT8>^5wVKBYs!8+&p&=N@6~6 zX)!~Uc`poA7)GbYD1p+!hq(LYn*QC{mFNwR#r)_FaTWgClmZxdh5+|#xzVgSraho% zXYIGe#mE9pc73{#<$lG&6#h3%t0wr?nJ2Umr0R6Amovvd+ z?JK5kp|hEfYGGArjrlA$&7-ez4om^7^2y2v@Y0L=E;G%SwNq z&q2j-L;Q#8`+imaBPeck8xJV(j}fLS&?tFVAFLLyEFer>R}Wxn&e|uRt`7P5)SmSI z02*k1i-N-5F@;3&@#aj*72mgimd=L?4%6tx5=LnY{9`gjSS!PaJIl>)H6??Qly|cjAcBej$_N za@_eq8W9X#6dp~0{?4DH;{lt%DWx3w@p2p=9xA3PV)gwg9`fuO#&mM@><^);2MWX@ z=EtHUl+NBfJ*ZSOM(D>UQVgK~vf1@9dX8H?`oji*$9yp~Oa4G-0&ZiE5-u1YE~|pZ zcc5Ih5WXnE6Ckyx4VjN_x;LLY$@D&tx2b^5OTm3AZ;F)` z`Wg61XTCR{PKg;wYJF zk2bQVW@&Baa69s7Cf^cQk@iK=&pTFP#Lb?*4zg{2JiH_GyS#4ge!%&<{kOP& zl$rGZkXU%;C!kOR0xBx1+HI@>OO=!C7L&fr0MqP^3{^D+O=opm-=Er`?X`j-c9Zee z7II?0|$Wb6q>0MWRquIigA+$HLm}5U2iN zrr>gNnL*?DncG`F0v@SYS7qfr5f^F~*gJK43G%!} z?=ym9?{-dT*Fwf2YLO!i?cYgyMWD$sScaTVVrOp;i<5%t{^faThUMjGHAzM`h;EK` zM8ZT*{sYH1zFrgBPD}Eb3?98l?cFx51gn^zqdMECoFsj-bb9s%#WX;{{Mh^ZUpo!R zmY^oN#HX_1=0SgNr=j1G-@eoUnk^8^e%R@kmVfGcEb8o`Xy_LT)-30paR*-~9gi=A zn}&hx364X9!kasEWVOmZzNl_iIUGnpkLpbA-9JB^PLh)=A7FRAJ!m`}L{wOrdZPLB zkUbkMw&M04-js@iyRul(QRi5A&S#XX=M+_)@P zwb3W~KdEMw9slIt;oDdwyI+U@182C7s%K~I4jA|digcx!N*EG@X&(Kyl!Fb;)M_rq zDSK4M!9bsuXvIc|D*nvU=G8^bkkbWxC%9A3))JA2o(*UWR}bzo_&*GEDxo@d+q;SE zQ6LQAus(&>$TT?Z^6`uvh67!UUq_M9An4tw%GiqZV(a+6M*}o&zsmbYKQju^2#pSb zX~ZqUuxeT-vJ?O-XaN6sLN6H;V1ma!BE3xY7@2(sO=h+H;tIc-1AyN~D5{M2yP7Ny7G)ZKZF) zFT$v89gfrxR(bdX54mCJ4R&h@?Ek)Hr6afINfgL+V@QAc>~oB_buo=cUNjhk!b~#v zAeIWJR=Uek53Hj@b2WN2Ek)y#j&Nlu3E&pCS(8doe81Y^K5arSM*|y3;$};!rc{Lp zJ+-KW5Hw=ndK;>}@pp~HWh)~{^ix4+Xg-f2i*RFoX)YpR>bG2Vzm}4f^31b;hbtmv zKALfbq{Z=O`2U$`&4o5!-_()|_Hhh(zL(IoCxb*w|A#iJjIl~=*=3Q4FJCM+D4hyy zn|GNCn_e96sf0&ib8d=AO*Jl>WNZUFH#mf1Bdpo5DoK<+h1z($Sm=*`EV85E{FP?j zl$07JU@bpBx1Cgj87ZbNlk1b){jpd_-E)}FNI+#`>&X~r**ODx=}}xjwy-JhN$H!{ zK5|MUftKIXT|zca4pCTGSU7NuR+Sv0?&9e8=s#|=MbGXnnNhmfSlFk;zP$VkoBk8A z?-;LT;zb_oWkv}@sm5m0yM(7=?CW1+z7}`9(c-SW{{MUeP$EfBHpDsIFso zI^#Vv+=%*bNWe|4*&Ol0u-w1rD@5nClqzsSJ6NTaq= zerYRDRmk|ezPURz`v{GukvoZg9G-}&q$3JNpG=DZn;X*LKI_Nn^mN5(3?56%uLPFg2~vG)JJHl5b+C9 zs*bPF%{1Mv&KJir^(|BFubD?S$EC4EQN*VkxknOZbRT%;tTpF=5>`NrBJ%=1C44-R zK?EoOb(JLvi?G4KQ@1_(=c5%(4T@5VlqLQ{5_-tX`I@ci_h-g|R*~mBo#eZbxs@Qr zL1Luh+;~YK-&lsVy-KoqIm*2Drj0RFDTyK6ejE}Fp%H7qCE)-7il!upfX(;ZxsoQ1 z1nBPkye5*$-iQVj3uxLvGc4waoV}5UcYbu`bJA7=h@A#7g-#)Z3@LBm>l4~?vAF^F zxTnAB;e}73J&oF&hP*cL!o?htehm9rixOF0(Qhd&EaEF_&0bL;G20K7mC6o z^t7spE6&x7>9Q|Ai5C@-NezX!BKRm26`kUoIlNJq3kieoR1m&uDMzW|~iwz%Zo4WMI=apUAB^CNoLKA~mu7 zNGBDH8F1{#j!bojk|yF>G{gTO_^<(5OVJ7$=vY`1MNr5amK2xl!m+6*=aVYK@tOSQrDDD#6U5dNA7cK5CrMSCGp;*x3QV8x8cSw-Uz2D>c zzUO}T|NSF!Opat-Yt5{=&Y3ySL@FyvW1y0t!ok5|fMg_8;oy*H;o#nuAS1q7&{u$) zuP-Q0GCHnsa0GP!Jl=p*Y0qDcNNyknNu(V_bOJ2oKXi|=aBx&`APG@*ubktb{y7F3 z{%0>bwt2kyhZrSN*P{`%Q9bV%v5WGj;F{ko)B2bXBz;9F5R>Rn{=uT8Dw6W8x1|4THQTpxj~{VJKf5)LaXteR z6kvX=zrUW>qG&d|IfO(8E8@d*IEJnh+(w<+h+FXM*{8tUH$*OLnp=iuQU1|TY_W$P*0Kbcmv z0GAdNtXmzfD~-{tEB)NAITpxfsLRAqoS(vID0(VRKgOxG*2VmM|LB_W-R1$IPNU(( z_|;?9S=0(@T-gd-*^oMWy$hS2vs=&Y(ZVQ?VMsw?A$+qg5+5I5)TFmBL-CJhoQGHc zHV%Ja5h@jW;=0)#jbZRJqzvm4v=3Rno!1q$#i&mHL1_cJH~7%OknZ763z=_G$SPr% zY5{30E+K&uEuN!>g2ESE$na_lFk0iQR>}*Gi?0V&tfy;!Tg=|r7fw6nUHN>vy3j1z z1bbJTyPC_O6%f1!^q?|H!lU&tIWA^GOn>M0x)Fi6V-_fiXsBNPAoTbUc=_`m)}5NM2gnu-j*~d*8fyKT;6Wyys8L z?V{uQi%$3t!3Hb#;efP7e%R>I3Nuuw)^)A+p}VDLryUKBK6!CmfCWNu>L}s7MmyNd z(eqwn@$K|>x19$W^m(bpKKrcF9+HrSNB>DCwhd8qckxs1jyL@vFJwCC{R7Xa0sK|N zut(a{_jDRE$CedcAj35Gsd;O(?G^v}!$cH^kjuY<@sd8jwia{$yDK-h{cPuuesQJqL8Y#{O>O{2K;~4V>uoIBv-2ioch2Z z#O=7|A(;o0up&ozd}Ppi2`ad(z#cv3f|J1=#wa3sZT%Xxu=x^um;gbNVj2nTvOrzZ zAR(RoSQz+Fw8DVa<BM|4;sh2 zQHN7c)xUK|gMssE8v?*YMAgx*(oti|^lyeK8?Y{cr@m@8dg?}cTAnow(~Fs9{4UO= zK>|-QJELx~BT+|1f{W4Hg+A$FW_!1(i#F>*!w{{U*-h;h>X|mzWy8BMQ}Ju%y)l+M zXH$jmkimxxbCD#8#o(xJ4jpX@Px4fID^5>A4{-%^WvO0z z_7u0iC7-zZIxKa<<(Uq){H32KFp&P0jgH^N3(UmU8oJ}deSyXhw>@6=3>x~L;2*n= z{pQ(*talT_ogXR%BJO|pT#HC|Rq7?$9sq%eez=Dg#riZ1?IgNwjuin_0VXjjGHQ4{ zd5vN+dkw#&`UfxRx|hgR3D{Kc|4eEmdQ=N&F(XzwPL&#S{fHQ@hcOoC#2`ERm4^M` z@}@23n9}VfB3~Jpy!+jky$jyK)|bSy&@3{h3yrZ!Rh_ww)g(d8XNZ~B373F%PcKLF z*J|2@nvvDh4i-5-ZHI|_T?vht6={&M@V^5r+1RB(`J(VNP)GN)jvaSv{Se+#Cv(c7 z&NUG&BFYxC*1o!z4yB1B=-77t)SQ@jp(i%#T4A$DZK1@P8ek0>AX=p7WaL)T)2HO5 z1X!+{mTyxdp45wh5wK&1DfN+|+5k2ryaXTvF*fjsbwcUGp_~|J&t8T)g6d4v$aqHA z*#CLF*i>n!6+?rYh_{up8O%?4cLH2Uk6^4k*?gH z5}U=gwb_THkcfY?pYZn#JW=tHGr-XNxFqIBtM!tAx^oR3NVO^a35G3Y0KKBawcdM5 zFHtDk(oH5<9J~y9L+!J26XfO8&rmie&7Q>-7Fi>BA&$b$w>mKW>wG_%qeNzwYK$u; zF);~o*($Jp?f1WKZ?U&6_K@&TwhLbdqe|;{V|koTz4y~;kK%C9KtRk2Gi7F4SKN{W z^Y;6sKiS>Ze`)$Jv!{t0n1dF;a%GQS0jMKR%V5T$VU#dw4Lse9v@Vnr+MrI5V{n8B zPp&b5F4u~Ac~H_iGJ8h~cILg*)Cr)J{xX>8c^cl9z^*D{4ZOAswM}c~;6m+Ha}dtX zTOg6LwJJpA*nkbK{$RUI4qlMeWuiGrsph8UI2)3XK*N6^hG!|M#t1V*0|E<^wgPI8 z_a7S-))^2CB=%)5uu(Cl3GoxlxebcdRTdd4*g-!&=5@!stx2oe?Lf?9iaSqCpvD;o zfl`#>WG-bzZJQjE<(p#VT&L1w6vuXBSxnFCLP(t=pnU0WQkKeKL{M5G)C5Q@jZu2K z8BQ(6`ALOK|Ne4c*6X`PFE4?#xLnYIIewS0c$sSdH-U!nyi(-~yw!c-A?$WzGYe3f ztSE`XDoIS(7xo8aPz0CS9b9)2Zu7Ejw?)dRyce!h#uwn=lr!?yHktxk*nGctq zG5^iA!7xY1;h0c`t=2%ai-5ZsdDOfqyE+81Xh1qWNg0A&=J*wt-kB<(Dl9QZ##YDCp&9M(S+gjOvLRofnAv2}030f46&i$>ZnRdx(0 zpz0s7;VRyp+2bOXe1Vx=WU|8_nc($FmX&P(Zl$7L;3JPjxr}ftCE;0f2o~UZbVN|7 zin@Z?sxl=d%J3Q z#@ci=rhsw{)?vDKi4^Q*>L|>DZs%*0zmwnEZc#)XRvK+c;Zj^g3fOxYD?3zV9$l5TZ(!ir)lm<@1e z&qAiAY+(EueYx zuL8z{bW#Xb6)o|&frJTGSieW~@$osY4(x&_<+l43ghUa+HqK8fP2pXX;la{lyfix- z(s|a6HYt2Zwszany7@8hf%(~LG-cFphHJ2KQYgAuE^Q->@cR(-=18S--f2n{X>&(S zC~P~9|2-&aqj}M=|6xD(TOh2JaJ618ow;|0P7V(4#cki<^Ko5299-?~o$2(Jq}P4^ zx2g5@c;{{Krqatb&Hc5dQ0&CST~n1S8Nj+hS>O+J_Y9eah6Qz4o;5Y$jm$<-Nh%I^ zFmqmshN#q+)KD`CEL{46gsPZCo>haymEXr+u^pFl8A651IqC|62M#TS)HPfhU*@>E zp~_O^hceuZJF^jDQaLER)>p%WMihxUaS7woqdRIzy1g0JW{e>-4^UUeD{MzaMA-+T zyGT5%mayD}n1at}qQKn{`!lY2#m{Xrcj&x)s!<|5d#Dc*9QhPTx8L7K$M`ui0NQ`gu@oT@Vt`@sU~eX79XOY6|s*eC?`60GqTojKaH#Dslm z+Hy1K=9zbjX;Or%Qd4sbpL}$BOv}{`>Y&l#8w^0`lP@juM~u#M6DpcYur4BDE>YCy zK$be}oZB}E=c2J~CqEC8O~^&+Gz+`dmXJPOBHLo*n#th*n4#`77#40yr71C>Q{NG~XziO{n==_xx3rW|MpBQ{B-ydZCms6eewsT8UgO^@>2(y)|4a@sPL~*(@g> zaCO}X4GmLC<2%M;GaadL6Y#2+rz&eyLMWDi>{`V7djJs9Z>G{zM92}8fpr2XRQ$<~ zJQx=>U}Dad74ZmC_)EiSPKvK$Puw5?t@64%sm#F}RtLN{=duhFNIs#b>28ogAO6H8 zm+15wT~?#&0BU$(qzwla+Q?^2$dD`m2ff{GD(owlHL6-=ubB=7F+)5OH8I|8$cb;K z0x?3NJe6ki3=2eEHa_VqKEy0{B?NA`pk9ZC#uNxNFUqCYk+LIB{*{r18&T7`s_MxY zk>G}%paZDlT;F%5EoPG&3_&lztln_%V?=emHk~{*kf2-UPFQ5&$G0Rv8$rLg9y?uz zPYJa-OwAmHJ|v||*4Gxk{9gFA$2NJU+*Zt9ju>S%-GB!nh^W_>@zG(_)!8vfOAH|N zjvdo~XG3)(&syi2S!(Ro{oXE(*09?me=a4ll>TZd1?r!!$Va&mI7!{T(OUHrgk%RGMqxioN7d1`^F+!3=ZfW(>sK)Zd* zDoyDF+<2#-MLkVI50bToqX$u6T2H^I>}V5ImumrC^&Y=V7mYGh{N=LqHX+818H%zJ z1VYVtw+?CS-OQ*w&DHBw4LLJqhBNEz-vX`gTzBK4@)CPGZw}22(hzR$?vZe#=uwuz zQS7ai!SP%z=FAcmEHo)%nsX{b`pU%R2NY5at*%u1)gtd}GV>*PmPN#20^8gz!3xEv z9p&0q&?(9FWJ&EYFCN+$q-6Y3`6MLgEmv$toW3N^W1DR)e%Rx!}ZkCTHSLij4 z`6+hGhjG!)`RV|==w^NUcZ~vsEB$n0=V=A$jV_cU2Qrn$3LMpKf`lu)`2|NaRAQF@qaht%rJi}*=?mL`J-Cq-gw85d_q+celqpDsi-`M z9@U!u&iZt4bkzS(oaI$%2dzJydctjlZuBBi#%LLOBk-(x!3Ug&P^QeR!R#IT3HN@x zuJgR?2a4IoqTteRELr9ahGUSP&&aWD3Z7XD&R6VO3d4wfd^F+VgrN2Dn;RjR;i{-e zejD(w;Y?F++>iM9_*x#6C}f{M-}Usk`C+YUuUNHAf99xficn=du`R`&&jeark0qF+ zdiZ~41DmB3DG5ienvQ=l~Uo* zY)7cJf^^FwQ==X?`O}TElCX~>C$6Er1I;ZvH`!t-(*0$lPAp1jIx(RuQ~e5DAe@)w z-z-YGRIw?x>Sgd7Bjm*raE1(u&9wMha5c~d5m9+RTa!?HbIKXQs}IP(9uqqxY%PqL zK?h4&NXi5l4!A6Mrc&-JLM`S^l%rIE(q_Ig#MXg4%PC=|7nh463ofg&ZDrzp_6y9B z!@Cs$wKm_-zm7KetqvBzT=TR6F4aMo>0BIHg-7a%HTJctPX%rATCr3=yX3p8y5qcI zyRi0_CQMg}$U!kBSs}H@Q|jwbJhT$b-^Xqv_@;l5WT4J~z%;q}q^nwv_U;t9me3UXV z;Cso|nbO`s$xMYn$uYF-U(FIMxX%YaLY$z7uIIizcfN36Y2qJoA4lfO9iG4n*@k^- zEPCgaMlYk}ANObTJk$zLUr|)X>-&Sl!`{l;Zjz#0b7CJOuQ#s^HnGQ@4@}cmb}YL+ z*0XZrjQea0RnB>iJty2N0TBCQf5U)>!0lIvRViS2^e&V0tIF_~KGJjgkf3sb_g^zS z6vI?lf^f&oqX~6H(!5cM-D}WXR3Zf$Fr94umr{bQXhM0uy>1|m%}9Oo9|--}KztEg zC+b1d2B#u^73@8)DLawF+fANVOnuF7(IfjO@0mnWY{{(9Tlvf_aJMjbhLCy@cFHH5 z0G%l;75|UroKFg#?TUJ-Ij``LE-ALV>5xE;UThb%KbVxXj4DJ*vYTS|z4ajdhf>%( z21!O6IBLGp>h1DRO$pJA2XZf$ob?GGl^@yxbmi4WOi7f!vOu$%7rdrv_Tj}m^x`}h zib>!G>cdv)9Nx4Yexfh2*aO>GTDjP{HCs35ub)(xcW)^Svox-QZ2PI$-kJ77?E{6% zs5x1UCTAtbBA=5n$?l<<1#!bLER)A2fv7V6-G#HO{U8CyG2~bv#asleT;1DiIxSrT ze_srs9=$H^T@#FFmZz7G6!A%q1_&(0ZdPjnYfcC{B|V(cEoF_=YZhS-8^HbqyWF&1 zgv#mwNaJ|$o9cT!EE`xF3b_DlXoBm!;XoNptTpxpA2QP_Q`1s2)kH47Q0Ru z9xhKvG1jF6054esM=`4Tvx1(YXCZ%5qNtk|0I@hl{q!!%+E#@jO~fXA=<`J-ev{sg z(r2O%9|zS#J^ZD-9KO-3yu?SgWezWCO-ORtR{LD~AG*k>gaw2T3+8)><+Y z_B}!)T7>nz3tH-1rX3o^=HlEXPX3x(Pe&rdbQYE(wcuoJe^{vVSAxtSg2pkc-!i4J*JDybN4;+MrzDNbwN%R zL>#Nt{5_weJcD%!%|qw5V$!fKQeanmVuSi=%L8@SwC#7h(1l%)|Hx6hD(dJTB<#y( z^{XB<6`fsgf>Z+`<&7Gab1m$Ow@L`- zG`Z@D$@p5u{xk%@jq}6o{B9d9(Ont^iwX13U0i30J`^R)83(3Ro;Vg17IYVv z;P7l4?C1gv-Aep-lI(4EAyujZ{6JvqP@;yROj<$8JHykzqe99ZV(*7+wF#(yORbE! z6Da&{`-G~NEJmzRWyH9nkI$XAaHkD1`IX>kEltfid zH^nz8j6E}~yR0m`hqF)wY+5)KWPwgvq|knvOM2HF_kNDg=5(czjknvao}gf%W!+un zZ;=%|MslX#@+KAaM6qg;ML-vUUbN?WI7zdv%J%}tm5jM%BhzS$uc#2CTlfZaS=g0? zq3zh2bN$a0?t(KrFtaQ{x{rt$uPQ_!FH zCTsy$+3R1n1|s3U-krV}-a+~?1w%3a2QvwaN=qXlB3?#}q2R843wh61#wiG-ZDbbD zBB2GLCX=*M7n5pXrBtxX`%etOJkU@l* zAI!?j8lq2~d9L(OKo_4f3a0RO=Zvot1dD9^hU=#kWtTa&n#$$*D_j%hXbHk{+@7cg zjHuQgN%C}oW+uOgbLD)9BhlbS8H&m;W^=`4XUgoTNm^t@=t0d1ZbO9AIp7Ta&=PMx zFwud0|G}gFRLN%^yTD=Rqsu$fsaSC)Q=4Wn_DD{Af3uWP8YLR|xoq^2IN-vbpHV|Tl^LQaEAxUCsZhyM zaorn;Yu(nv;;{k@BzM{u`yDUJPj3%1%M=YpAI32Qd0~te@+&xzBZrw?C`WkJGG3j2 z{qGTZLhhG5|J&ZYmj|OSuQ3bvmGZUCb>E8_pxk~YEez%8y8C%n{aF19@u5dG{WpsS zTF{eo;b+rh;Q)ao+TOXsIPhKfo#5*p+I9YT_4#5zsqN`@*_Lh2=F_XK)qXsK z18ypfjAu&}+BTw%n8{z1Jl8ZbS>fi6ZjutlOP_IPMY0;~-eRrnu&ygR;3leJvkoc@Z1nmeE1$6*j(>=kwwrP#628azXo zXj9`=8&oBu??hyDd(~1ta)7H>Gw@G})LChoTM{dcA0#T@sI-rA&ZG^F4JR=)&NgMe zjxWl%u;vx@A(LSB7*eLjpVxABMS8!bBfNphZMSI4ycOaFpBhYz!VdhBkfg%LTBNDp zm3xSBvgJ{dK6fFR0IU;;Le!5Q4P>-t(pp7h$bmOn_cw|M`ecPyc#sAhcf<%U87VuvVv zt9An@ABLsbVLQno)-YNmvhz2`t?L0^f6I4!Z=degDf6C=i5(ah#ozP3n=Msh+ikvE z^WApM<45}k=G!edjo1f5AZy{KaSv)$I*s&y0>R^%ufPtk`)(toxZ(J2?QSbU{QcnN z?wD+kyNAbC%*Xw$4%^z^qv`89apSo%l`W|zLQ3wplWPJk*iItNPA>J#i~+Ty8pAT3 zj()S+u;K4SJr;(013BqZItk@tg_1hQzwhsT(*P+95e`<;JeidRv~MD02DPQa)XX}N zL3+s9--d^xQn?gzQ=C<_sNVwde3!>$m}En#oNqj{ch5u%y-;w`>a6@C5Sc*Mi=?7G zWj|sJWe^2-Y1#|;Al>e&oKf#n-|8^!78W$!P8(`g;6L!aIT$U?5wPJ_yYnS$f5pW% z$50x)yn3t~Z1wziT;N|t<)3*J7%1U+^~uY1DMCP0M<%>FxF?CdbiqYp$V}B&uI!*b z?g*GNvMR$nl}Zp!tF$T!{4QTsokEOgR@Md)F$#%H6E&Y=iC)^nsHC9Y+OMn58!J69 zt*+jvPL*gO?-3EIZkq<@M(f&gCBFk@QB@P)c}kX0@?_Zw5o`Q?#$Sw|33-pdNOqSH zZQr^j(6s$a8slh7muj+~+C}}t6yNW7kQyy$t7h=j2c50ooKgpySjes(mjAET!v|tP zA1+qd=<^3-trx(wj=+eAr4k!$!QXAj*4HL$$_<8dkncsOY z%Mmdu2s<`aays#AJQ?0FL&-*XJuG3JD9#}DrJa$Jvn$Au0M{IF=vXw=IsgcjLT>anpba?OE2G9zMxN94NoTV`ee%15{87U3NXuXjAZQp-B< zG!^CF^)2avfb<4#MHi}4vLkiVqhhKIBkUv<<~`92H8Rg5-D%iK5zt~;q7R_Y?&URD zNtql$@>6`0S@aJnV0;|0I7%H!$g}Ea@DbPO$%R*Zu^t(*4o;#9KWM~}?gt)+s*JAp z{xZC#4M85-Va8IN8h6E98wd9Lpa!q{eN!shW+T&iB}ZW4jNgtS7Cs||OdY1`un)vX z_O*08N=*z>U0J@GYxZ2(QxVph*D}O?YGY_l(5q$7ct4+3kJZ;wv+30|%M%R@yUN)Z z5bCp4)~DBE^>l!7-}>*?8n|Gr=&Eb#-Bm@9E$E8#oHVmaX6<3BsT;E8$fpnjf0#%# zdz}|UMKd-4NHAZ&-vrx}Qqr;jYnZ~3pX>$~=*KKqLgJ)4a>rB0VV1?$n_#P?*`6x8q*5g|yhe_UWy-NKRqX(v*TGH>B^s``_yLIhM1wwjdjA!&<;gNbC6;{L&`o4f}%$5jzlf3_>aVe(2dGttH_RZ_$l`xp`0GSd% zY`|8eAH6IXS73t=Ad(i=Yz|~_WL#z`Nlh46=4+v)e?w`{C>feV@sS`&N3$vLV+TRj z7xc8{TJ_1UXH6MdY-$?%-A>wW*0JH;d%id;->C&nGZ2t*Vam1Eq*G9M`@(9dz>biq zTry1Wwh(8gi+SynnOP-jxSfvdvTJWGkaU4R!5?&w^>xO>XRRvZnfDCBm88H;8R5MC z*M}(n5DPmo=j=_G70H4w>*Gp4#w!P4?6uugegyx@OStZBNgNZKF~Zc39Oy?bMnabm z?0T1KuY(4eMFq94m5bVp>BZzyReT=XD%Fxb*@X$&ZBy|z$jVBIsV>lzskyP*aJakt z3CxU^P>7D$dCRu-=#U5efT{U$JWeJJ5VN4glolFQV@@3Q6QSHanC(URnT|`nB|*$<064`#~{yH@kS%B*RyKuY~cE=r+}d zHQT?J32GjpgBcihUn}S-agc;2@`xtqOn^)L8#5E%@|fmnJtuSgYR^#WY+8 z<~{m)*`w4fsm!?uJU1|p(FiyC{Z=)_Axwn))x|Ol^wVLiweLjv*O+2BLIo$O+6-wc zd(N2FME>{<6kyK?i7-inEm2>CbzWVjZGk6UuWR7!lE|p_bp{TI=qtxbQf+C9 zimAd&5;aqPY^UaABml9P6$#K=Spt8(o!z+4#|B++6eYP>D*4>h~_1FRM%i6oC`Vk)(ch0r7<8ghM8RZqXX5}T3!X1#0P z@!ROsF)Rh7X4Y&&tohXL#r95z>=TL15`lkSvsHRUKv`04!*B8S@_hBbe@UulNzjHH z{K=b6Q*m&eY`=q#EIaC{pv!TC8(GSLhprS-{cEje+e%xbl{DvU#3xnfwG670F9S`? z>3&~mYqFngYAG*ny|Qg_JFB-InR34sD40pq^iZTjs#ZL_b^e900FFAZv`@GnZfb!} z#3<;D53(tR7jKEJ*9)@`Q-Omx4b%-E&=E-x0l-mGzx1<$fZN}Tl{e}Eno+|CO}%Dj zDH_VBZ5X7l#QBeaMjD*vNFq)Cj+2_Ql)$s=8@}4D0_Sg8mzzMtnjo? zri}4nwS#Tcr6M%}ee}SFL{eBvtYKInf-KcO84Z+Y!USX-tnyEHPsUCPs*}SZa(>pB z|73?bZB!hb=T)%PPB{0K^beU7IfRB@Wip2+ZZBYIh7>+C!uEEN&sOTuLz?a}J!7s_sVOm# zZuQ!&W%m1iK=oML2a*59;&{DOx}!t)h_*Vir^B%t0NI^A8S3Wf17K>sM(Eu8)khXN zH6saUQ;IDM5A^^bxFUXXY@XF;WOVov!%1(bS8{8Er{^0z&FWe)H^Gn=h%_69MIF4w zO;ojBIZDy$%LD`mB+mtl;A9Ev{u*PD zx3>HHckY#CT9Vk1G;7a)5nF~Gw(9!d_csdrI(QPAN|ev{=_Q4%e|0R+)ou7WL;t+O zU0_*eVl_qD%emS+rtK~cc@mQ8b|%-GpY2YPh(3G1%V%%<0}%>mWDi#j@4a1JYG~yX z!Ww-DZ}A>fYdW=pw09vLzIbf^WIX#DU={fNJ-xJE?4XUxn(mjuylwxAg1L$~QoEJr zqvRik$S}d0>==0p=GFYURt@rsIQtI+#}^tn%qfYi^HJB8fs{7 zYzQzaexxCd;(5mS3chBjLpjcR$b5Ol?>kx`=zlpriS`YDlq)UZ=I zIMLXi+B$q<<2C#DS;_eJ2O>YTL@ispiwmZ`e=Ya)ihpjavK)`)Cc1KnpTP2Wh^6H; zcGc#;X?Ul?j1P9p##>|ED647_`IW}ZZ3sW{aA6ZjIgr0GguFq+Y+Yo-~kRtc_XlF-3_c#J)c+oZ8AM7U0O&QAw~=NyY);I zd_;daLImHbX_Vy0C2Hb$DFunSU>01AIjp$d#A-io!GXyHNR7H4#oWl1*H;Ir&Hfw) zUh6+Tq%u8)muqc&YjrbTK~4|Zr}_`Cp7W6w)R4>RQl>8Hf)OzH9s~qPN=0egAoM)s zwlGy!*jGDjoylT^mMQjkOATyCXQ;;h?d|uo*DD9F^PQYLo}US7 zPEu`Vma|sF=h^ZtKdxBQe(mplt~a}}QdCUSF$Lg3m(oX5An3H1sovp4_xh(rAW;Yk zlDkPCrN`zU-1z?MNSbOIj}Nx>8_`k%T#drC?V6~*hyP!Fn!C9Gd*7+ zz<&u-9#h7z)+7en^k8yezWAQo4-XC6dA_6R%b0F+2pMVA+`p?yO1jw3FyNr@lpMHL z9_{3({PAbanJWcoWT4LOakidoFfxof;s*Bh||zMkHat zPJo!r9S3S5QH12ML+F1kTJ;z@jNuJg-{WvgY!=)_Ss)_?c$oWQ(0_a7hIO)xg6|G* zuXo??a+QtSupxNtaz$!vnQKM;Fvtae+3#0|wAf_hac)UdjjbFI$&w>Qe_5pnCqvP? z;EhX&f%$Y6&=j6P`fm--cJ>YM0laff9wk-3h9kOi1t-H@6xMJH$vs1{@scpE*Z7d~ zGS_)rbe_{q-da4Z;{PF%C-nAlH(S_?)xN70)V|%pVGcZ7x?fuvp)t@Fdp=6!u5(_s zxfXbOmnQTeH12yKA8I+_krVQNG#pFD;b&l*)IUTeIcu~$-zxt!{-sCgcVG@@>OTbz ze4qbd9$x83*K1a4lR8TnudL&NpeWyhCC^XeC>@pP_1Q$L;Y0kl{7Z|n5c8eT9Y;#A zLQ0~2IptJX^q%Kt0XOV=?PBPDJQt(Kcw(vFkX7t?>}t#Yv&)3Rx#fg)YA41n*?;sT zmkU4U=N!QqRwuQOog6wBr-AYDlz*4~PD%=sy@^a$DwphDwH9{{Mjl4lHDcZ2rmB^@ zXM>fRm4NAGf2~)F>&fDAg?6Xh0uw_vgVyMQSS5vqE!nQ~v6JA0Zn;_^@E`q*Bb}7I%x(2wDaX3vxDi*!-bF>hce$of z-Z-;}h=xlM-TRs*)2@Y56;?0JR$Ped->`6!91teS{!@(b%Q0jBjNqE?#82IHe!iEN zX+%%Vv+Z2dq%SgLeysYM!r4Gei~l1gSXS-B?-W&;*|`xRDx>}B)MBw3jS(3(xoFN} zLy6G_nWYb7Uzy>f{H~g=uA4O#nPq{zcmN&wB<<7jGW%B)hN@e5poM>8Dttz);`i#! z;qSu{C?i4Xi&Aa9&MY2-=SM?*~t1AhQ_;x}DU@57= z570?V6iH3EhJgUqG}vkYfO%+9Owl_ymO`@Bw=+%V293-ii8ys(w5ehfaysh-mvj(? zh57CV69tZB^Ql25B_(kn?r~)l-*EHNRtsvN_0JYa`GGaZTI&F~vSRJ7w+vyzv3E-5hhcM zKkGXzo%l7taq@mGVy$>pyUC5t$7iu1&{d_&Q=#wMvlacG{~?z=1sdGXw!?ncI%P7S zzk-vS!Qy5nPX|JGpY?x^I%fLp#yedN4K=?!6^cv>E^a|#>G@~P92q=;2os-)4xaY% z@5lWTA9EhOZXZWd&7H^dLi&$6)M|hE4++G~)~42%B|A-v-Gj zDUR#i6HRiBTh z?;p?FUttMlhl48|GTx%3{8p2^XR?5OGSvGEnyT#*$kXAgX}SsxGC3lW|9s#ipX&TU?|%0O*LhwS5SDC;=iGlM*lUgFXf&sNngW1E{3*3Cvzh|#^;4{fHD*+ zpHBn3N$*(NFyjU0sbhnLs(cO|l5I(|%DUy(^CCJz9cKv(yx;qwW>H+9dey7z z6Vy?M&5CGdKBr9OhhfFg&{SJRL*A5S$#PfXC0*b(dsL_us)HnK$Q6S~yR%@rnP^FP7UzctI){slGH z_B!OO(&eFC7YuaK$&$_L5uYS4-RR<9MBLUZaXtf)Ud*ep4PGu5@Ci1KL@RK0g!7+d z?z@>3h(X!DvrYzn-FF;F45B4yC){_K+-^1bn~J%)7mvA?$1nL}v*Q1d?(93C;a81$ z^!;!DjS@@W&35PcjiX`EAq*pJ7-y=aJSBMATiv|Cz1xT-hy!J2t~SzY(Y0x|c{yT0^JJ@}{F9DKiOaikyrzcl ziuXW-;%050hS(Uq>BJiOZl{)cvuFZ$rMkE-niJpA5nCm=J_1x%I5^UpLo{i?E{@ce2;Qw6ks^nizb`xgaudm52ETD zVCl(0Bg1x=yIPu74{QgYFA03d=%(?5Rmn%%&tGe;&!Q-<^X7<=W4mALYDK?10ZT-B zO-W;nAa~5wuY*T=kN2uP6a2f3RTT-pl7c?e_LqV^whrauE;(&o*&MPy4nlrEWfD%&g3a2u2;NRHJdBnR~E^RcnP zjfvsdQ*)`AE+%q0*vvH~%uRuR;k}A%5J5>|M`AL|RwC6QHzdW>y$t9SKcITPZ>H$2?xbOh8Cfsja(F|MvE3%@X=HJ z_YT;}&b^bDE^GWBpw<(QU5~=P?iSAsdDubOx(|Yh zJ2r23w)wpxykM)8smrxljx)^kl<#s@+5x3hdaVmb%Lo!1C71Q5G-x8((b@lU8=@2q zR)k-je7I_UG0H>Uz3eXC-2334{pdC#-uCcF+#kR~^FP~K0uPObEeaS?{Mg9Zuw+*- zZPm88P_0*QK1N`-+JT_ga=%FGI6Ue2Wh{-S?o|MHIeFP^j<&{d>%ASj)n?N9q)^i7 zezfp7|3^2)nDigDoW;k$);xQi)=$|EzNUKckd`p>^<}FswuM39g=z=A{@v;GhrwDF zz4~G=%s6|y!G&s}_*dO}xfZW0-zq{AZTfU4fut@SoP3kcTIo2OKpj;+A zKyF7MHNb^E^u+^a$pR^rs((&mgqRnA0tcJ;wJz);%qr}xD))xteBA#25yjQ%F6+yT zY?Xc&oZ-Hk$=YI#$fBqum$|C+K8L00nw#@*vaskR930ow)o^Y;R;CX^x99#+244W# z-`kR>14SDRxQzdB0px`aQFDCG6&IY58t z`W?xOtBa4$$BGIkpWhg05hVS!oZKvpA0G)D?fB*#uN{arWE7d*dMviBrpv<2@c%HSO0r#rg15kp;=|3*o=)4EIKo&wJG~k3(8}XfHyc#YxDFl1$ zD~rGSPl6XGc?FEv*oi|TKl~o7@`BElr*A|hM}I;{cFuslVl{%}IuidEX}{G>p|Y)e zrVIDQ32_qxhIKh%Gt zrp40NaAQBSdS~bNBq!Z2MC>}i+jg)cBU$^E3vL--m=V!RJh*S-MGbq2#AWwatA8ax|F zR=!zd9w|hYvkp623Wywr&is>+)|`q0O~=N_I~%{&esC;mN=6D%mD4BQyf``OH5{Xp zf9b8l7OHPy3(5xsyUqTuLWIEPw8YG8Ms6Yz8X=3<|3XL*OvKJ^nCGy->F9P5?$~=p z-$DG&un?wcN+rRzcEZ-cQz?09eyqe%KbqX`ds1gu`M0gx7UG-D)Brfsg@XNQC%yrl z50eu6r%@Cnf!y5z-syQ1?rtBz&3cWF-wp<1)Zzwj*jQcl(rUG1gARvG(7!(KYeq5r z=CkmpUhgiH|GZD4|9k-w8hirhzyA@qik460bE)dLGa?5mX};Linu24W>g0@}6+GZ_ zQy`YmE$)c`gUA~#)FsyGaM{hlv>TFaYYT#n1WzB7M7(!Z;4;F2NMU+>AIRQ+DPCva z{eRed%c!=xuV1uITMD!V3PmeWinmbQ3KVyDDDF<6comAfLvRg&;!fIP#U+FkhoVU! zXb1#5n@8UNd(Ij6!yWg2y7%nC7_dUNthuKC=3H~@E8i->Qg2MVqz|!0ONeIj3!pkb zOJBa3E4VUT^x2wjI?Q`=Lzz*#?qIw$RL-)HJVE@FmNGr#mQGKirTAsh z#uDeIOF5(Sp><-As%qD#{O!L#wVxl0>_ahR#Z4wPRTi5gCf}#1?%t^!t$DfhHC&e_ zSkQ*<+J3VHec zXRKdm{RcLSrI%BkpX3tO?E58~ui-Q-quUsr7uims6(O6bCre@dOQI2XZ|}M2y&neU zN)Oe@Bkpt=#&+%JE3U!or*JgzfQ+mnoql_*56SR48cSdcFY8M6Z4IPHplpWRPSY!9 z$SGIfebu(9yshy1I7hSk3<4jRVWR$%i5@)J$Wi2r<3}b|WcK|Fv(L)AD>b%T(Yr2u z{=h2>9s~C0>N1C9CL1jJ~vuc6v>AB2(-aJU~gz85`RbGB~gw&_KIh_Au=lu_s zuXJ3`hJ?LCkq$Eq-O3qX4DwUVtDwhY*6U5n`pUHMm~2tjH$Cf6HGVeM#cLde0-qeQ|9SQseVe$?muRxVy)^9eFgNZ_bO>*}T?|4Ml%{6F>*w zbuRnrFr$IiQtgld!eEHrO_G)-MhHVIDTLwLivzcTmQ|We_s)uS$$!ufUq>xw=E77j zjrb?K>Z&npNRRUSx>d0pP|(-sQgEtn1%;byUtgbC4@I!16R0(qN|<}#MXwWA9q;VeTBfBJ*4T#a4r!N8GjQFbuSJH4hI=it5gS6S zmiu#06EsfUyarL7e?*)jxFprKl2Q*sAytZRWE^79`ETblzrpYQx!HJy2d z=YV-Htt$Xa>@*^)X&65;tkJ;8Ug74_R@E=@kU|fxMO~-U6W0<-3@BU@zhzKZP!e zGRjs4#^Zjoe8z-n3~Ef!AS&gIjP00!8?5|Hdl1;8s$$eqT+JK!jh&jWh&(ptVe5&= zolAxF*mD&O_4*m(EXtbcy}j8Hi?O&#!Cm4ebBlpSd8}B&Jw%LhYjpQHNrPAPbXPw6 z!%$WLuOpKXdEXAU*55ts&_8)s`IX1@En=SY_3(Z~mDc5ve-VI7iG@}+ca+nA7O;-l zz}sdhD!#-j!zqfs#=iQbf+_v%L>|H!J;rfQS&~L>;V4XZ?|G+`g3Wu4ZZ)%X>lccW zGCVxsG3`F>gfDR)bQN{$&75xJ`%Me?(A1&xIbt${_)@hdg36sL!e zvCVC9rdyq#-;%)U^mhmDvbaMTzlLe8gxq)#+(Jw1^Y(UE%9+nAlV!&?eMHSEYC|*K z$nd;=UU@*=G$1&D`GNQvGO2T1ZQ=K62-IqQW=nc8q(?8$_Uo=4F!$V7Mj%G4f6(1y zqfw+%3O+f@eJT{p?D$DV>wNqBy#%kPy+ivyD&EeYJ`1Hy=K4{F%*z@R=Qv)Q(CY7o zw_}gzrJDq{XZq;Fqi344knahX696qgsPwJeLAk;#irH~F#60tv@WW5H3;S=W@UwYX>9oFH6!d*QbA&)S_ zxmAqO&RAE!Y8zWo4#@#40uiC|rCK?1S|(`i)rGtHYauc-_S&U8IryEwqNK&Aa&+Mx z;+e4M6L`!bZ$m|7rv|-A=+t`KtyDj$=lp)>E~MhYYe4r68_&H<{1pZtzoc-vX?*xD zNO!#R@Pm^>dE@P15Y}Y<2r5wzm_waC?yjFyo5`wl@09fkE9YLcx^3EYdsBuS?YoNi zoCSH7@7aC~rOG*OfF3Y>vd>Q4#Izrodr4q}vkpcrLqSqAghcyPK0~M9tvAiYm)N{2 zQF0x9Ikg`?q#Tdztw%N5+r#GZ3u%I$t;$d`;^DMU5Jr=Tvk(dIrM=lkREAP4qYx>t z8kl|`*L}3MP)*eJvJxtTN0|M@affHg4tH-X%^7Q5HS#Va^S*3ZL>FcMBiXtU{d0Q6 zayY+Rw!HZ`;B$X_efjC-OWXeba-%g7-xlJcIK5qdwAff2C;)!o zPh##ai_zq(j?M14FUT+qnYx5MzYRA2>qh2TA#$<$Na-84;i@F#0a>Sq*PR0fdPbFh z@MtTb(xI9-k8ZDyCM$D4d901c%J*|YLY%31vQ_?$AwjXEiFv5z2HL4Z^y`3C&@qpU#ib%*wMW2ALdk_bJoVd zwppI{V3DDpJzFKhgjX~EQRn=thun+djL=SNHNwrF54J8HYif;9ujNww@2frL=zYr% zlv3X1W}o-O>*bU0<3?XwUVA$9jLwS!t-rjoxti2S_$=+tcS*VJibQK6du$|*)kM&9 zUZ(Ms`I6mXbu>8203PBSKSo$g_366fWmemn)KFDHtCu~Ml_CJZRGud(R`*p~&`uo3 zKb`e$`&)fEn=3`H&+2s(nSOvfCu;#gfyCLhGlIr6@~VE&CaZpsGek=DdufB|*HTwq z_nN=dtjJYcuqR9MJo;%m?eP4U;oyym$1E=wa~@twK3vi>{sI&I!v^bE7e?FFW{dg$ zv{I%g;qYE_xC&`Mcu9A_cS-Pe3U||WlTV5r!bL%gG+tsy)?U-khmpyP1g(@sf^KM} z1j)Q`FqK-|^zW~Q^TwYG=bd0irv+((=s`iUm;cKBt&$g!s){8O;%s+VYc(}U_^XOd zPVU`|sk)+U^bmDDlgi2WF(mIO@z9Aqcey$IQ?im|hvMiiMTzdJNyuJ_Q3W8vB(+Bz`MCIv9`FL?{=h; z^0x2omlDQkt#ccyuRp4K{_GOD{wO6UQY#Jmm3G)8!ri$%JA$>0hEdPYBAz7v)96f| z+MsxsRXyR!?zfA2c!WA;{WUcIDzIs|1T?~*G?PXD&$1(TqBWZL9Vij_s5KAIq2m1EP4fdV5LIpbWvf9{0%^T!^itpsHxEG%Q z+vYypiA>Vp9aejLgoA1(BkT>l8*^3Nmv;ViPYK-i{(^Zn}y$`YNl_1 zfhH+cR*%_-Ee3aCT~3qFSUKH%TNOs9(w@ld&kDhU*WuCU*KCwI)iMkv-twQF^)8JZ zA71@CEp^)18zXibZc9(EDrU5ggBS1r36o>^K1K=I`PqCX`q2fLL1utpbb1hvYO46d zEZ2LM7ZM3)%1RA7y{&xId1dC^e1|?x8H`We3AIGuDqb8QkNG*LmKD)5P3PKkvPs4v zz12_h7P!t?jZmu3kbUY$>|>RznWG(}?cX9DJR5hHqJLf|4*qDsE&f3+52Jo+lCYgC zA$%JyG5IBp$R`iHVfPIBa8Itrebg-K$L`vMh4XlfR?$G`_(R@N(60>7+ZO-$tCRGJ z6I_wSmq1$i6Y7wM5=oB9zP@P=1<$@Hka!i%?n7iqCEtJt1dLl=lEdr;X6@pcT*qItu>ZYU-uThW}kr z^r$AE5BHy(rgt<@1DdH#zO_RL1G0L^1Ahj#&Uu>uqCp=G3I23FKZYTBx5v8H zI>Flh70vH@=m**S53(IW^C31GLpC)iw0Vq=y^VpOOxf6n*vS6HZ^zAbPdp#9K0VBg z9iLLkpm`=nVg76-%Pu=Uc0Zw|kB@OhyGrC4)871P>W50=yT2xMrN-9o-tK)T>bL9{ zTV`hqG<2h4Hf)_<*Er7DNGU^^00t+v;fZ3Ym=B3UHH7;6ZYb4t3`Rx7`q^LkqQ8m% z>n^L@fIUl&$4k8pqGgzYhCbx6GykZvR;rYu@a1VK`5X6w40KtU>iUooUh(CzaSBXK zbrW14UzBO|H;2S?N#D(}L%yqB3D-=-a8LOO^@dLH@aS*dLr7^RPb=wG%@yj`Xg1|T z#`YfGh$|C+OQ~DEiW{v^1C6e6X;#Pn@ODyveL;F?ZfpQ=0_oe?Pbq)OSi0(WZ2#2S zi&T@c{G-DGFUp8a1XPw7uMmGzBQ>L3>WA-R1IS~0;92i8eTl7&i`S9TB*NTX)xNFp zz0z8LS&JMV_N*>FpflC}-;v_Wi5oE|!NP-c{Jo9Ui*&)_ld4+zmZH z)V193t2yj%_wqtLii9UA>dHSXR8IP!5Ot$4H{#XWZTF& z#GV{4GsQE;8zk2RtNW^0cP}2A_mq|SVwnLxXt+Z@0y^bvT(~=Rk$(C6kz(n8^c9!Y z@lc*5LI)p6@i_Cde=aa1(qN}AurJIuY0*fQRHen_F&W+L-KB|t62tbGHJ@V1PJYLv z&(JI-SF!0gb#k#+5>Vauc!2%Hj> z0TDpQ_5m?Kq^D{}qR%Gw=RYRn!uf9Mgco*CZ}>n#-(qIDx^%Q|LSCr=8!dC|NGIYF zdnWC5?FVNp;nuZ}x?k z2Z-~W@@o}#=e=}6>SkM;>Iw>91U$tK%)sn#gi7tI^jH~h*Q~kyz;fOA4<7})ZxG^i zrrFI5rL7-oCrjEsjC{$7cTUkICQ8|gQIGAC(rPDr03=uWlR(b6CY_cy^sUrqLkJD%#$CUpPYQY$G?)LMYBR$YYBT;?h89vFU-BOw`RA`{ z%l}H({kvTMKW?P@|D@aN?s<*R+Kz?}{=8@YUZUhp9?~MKNo;21f zC|G%Qbtqlo*WF}fO;%`HOQ!!&lP#AI)^?_<~2SPTLZrI5Tlsh<8A+AVIE`2#Bo65ysRj}+tCe-A$SdoAu(q+f|& zJ=Z0A!X9<5tE)@%L(cQ=*q(6ENn>AsKWO9k%ca2cvr{$0BjEe${u&w@cP1~oMgM&~ z^0+B~<=?@juc-+tkUqFVSBUc%NW( zzUW~h;?vMB?p8Z->>cKu7aXIap0O$lmbMa2G${yn5~MyjfXJGZOQ!J0yp6sTJmirw zciODXT`o~VGJjg09j%8x@f_CJI#9v6W$QLKDb;dB<^`IyYDcbmFGUd@Q7- zZCCEp8yQV(A)7!>5t;e$SkE?aE82H*E=ULe?DKCIyymPA#AHc4qeR^6_65aNeKEEm z#3x3OR)9135~VZZyRS_8JCy}Q7h_w_L+mF+@AFt z>OE0FkE2CT%@IMTmcL}sDGT&YPGf?Kz`lYqW|&KHT}$v-iNFD>DPze?DP=w67teb? zsnDuqKhxf`J{^H$=tq*hvr3?O zk}dQqqVj&^g;G?d4a9ZkSvNPB9Qsqh__evO8!wF$id}W5mK?|TE9CgxkM2yClTJ$b zsj04ot?Z6;PZE}vD?uF+YwN3xI2LFx{UVC89s2kiPXvGssN??`ufs{*wiAcwFMfm_%`2>NfuQ>CcKH*p3<2 z`1JD_!+hC?2yYa^yojg-S(xR%+#`Fcqw7z_ z+E{oA^#_JvuQ-_{Ekkz4S;;m*Cex_lQeV~H=qzFTUWk%)ogs#M2~-QL!$Ckxk6i?R zhDyW(PL~Da>s0IM%8%~jKD@VT%v7b!r0w?Z()=xPJ5tOnnZA(V-ca!Q(e%b#If;y1 z+1xv_HN#!pjm_s!@Xb7fR@>i*GIRZW%ViEu9hoI+P;2d6%j=pjk>`6R3!u? z!u^r60ZdKq3SAEp{L@&+wv^2o_DU4hb7M|zkYc_#G(E6QQY5MH}JSdhpN}&y|87 z`4MGd5#V>^R}6ja>>yXczv0cDvgHf4o;^(Fe3v2JMof{&M12cjjLdEeDYgh!C|4x*uKrFEuf6hnbnerZZgE<4H0GBr{c}&wY1F!MurkEt< z9ok?Q47bGFKn6YfG6Ld%NOyHvSy{DYYWO9umYd?Vksg2Zv^5_ZuW1m2g%?$lr4m2s z`A}vFijGrkaP06?YcpeWTzX1qADRvwYG}zh-nS%HGjb@pZP_M5ZSWwlRHK48CaI4? zJkeXEb<9QAv@CBn-lC;cFT38Ms2f{Nbem$L-leQhSG#fgw}e}UbSKjcL{D$N+{d+1 zO-bU(-&{3Uj-Ig1xnZh@Q><3l^w)*KDvF(|OV>b%>HSTb5`i$2gJ1h@rq;jHp##jLh4kc$1 zub8QGOq$_U=oL$N<^E^MBfWbZBuGc|GN7?4s4Lt_0sDQeGb{$vfq+Ee8fF3#HVzil zIskidT{L>@rR*I>uFwwi4PH)Ot;*Kw*T6;gheWp4&yKM=*r~c^PrLMIssY9rWF=m4 z*rmboaNAtgl#Vo%hiA;XVfr-Mdd?NNhuG=9R=VJhdu4UGejNP^*Y=;KYMzF`wGvZO zsJ>OWHXS_+Z1k%GPKsLcMbFe!+RAql4%EHl=H`R+$*ieZ(Q0OdHeew5q=!Uz80;4a z6v(zt8JL=yjx^t#aA7|8Gj4ZEGZP;`T^F_mzcTf;{!nCX)w8-fGH_sX#JI8@gz@JJK!%p#oBP(M4J(RU zXe-@5#>IR6IEq5lcQs9&b&RG9kp9$SP&<8x?l-pC0}VFJ-VojbV>E!L`M!tsAMEe% z-)j!>J*-#qH1VJMCghqsBvaz;pgJ6&tVaKP(;Mbk4M*)C(|v(^O9wvqczUdn9dxoI z2kkvlmpD7jNA8A)-wq_8{5GfR;I07d;Ejf>Aptl2rz^cG-Q`|4gJX2j=al`iske-G ziYJBxO?P}qw4p`9UpI?PFT~T7%`h860)7-(ASS_}k)K+R5L>uE)mO%I>h?O`0%TwT z+AaoR?D*IuRw>^&JTPhtQqw4Vf$rLrgq?^*k&wJgLY(2EvgU|7v z=w(kaL>(R0)4IaUN1UyXH1$eLl(kBUu&z^i9&Nu@kR?dc%TkAq7wN}YPnP7GpW_U< z+I-8|+S#~bNsftLFsFLgrg>zXL71sthu4#tdH==rPvqlyY0F;eSHpiGnqA5!Fzadv z%+)%fH@ZLD{6OvkgVci3vk%Dsa;MZ`9La*XL!8s8tE{Orqx6uj97Yu}XQy$bLZlCmRkOuafR0La zySv1REiP^0cq;$v@#y{t=|546hJzm-4Lgn$4yqke1J2}Bt$o5h!OBvw9@MzBXiY%J zH0VQjBs~O>J$nkrZ@P1Si8YZ95RQGTy6gr=vbm3|>Mi|bf?Q9)_h9i5~t zrk1xB5D7H|13IOAvL>l!_32V;#xUk_&tvOBuydx5XUlfm>UFeaE8w#wa~ru7WCLH} zG^?M%_-*&G6ORip%lIB$PZx1*2Uv#o#cz5Sk-(Lt>#_!en?G%8j!Y5)&rfePY~DEL zxOR-sZ*Myunl@~;%jI`E9Cthl#&5zQN)H@m4l;!OYK6ZC?yqY=e+6mnt(|F2H@HT~ zgNMAYF?HA=RA5bNj#!$qHU6VBhrZm82GY3COSi<_9qD@tRM!{bo*VCj#MyKbU63IF zidVVmk*Ie)j>%`3cUTy%UVb)XZ@__jA!IETgI+)pNMy-c@2_c;wrYz+wyrwJ**A&2 z^_X-9d|MccY1a{P;!}!$fFyD@Ay?mr?ZvtN1YpeayH^?`* zm)s662?*EtY{9PCN4=&6-vfJpjw}fnwl3cjI-gLg8ckV0kg#_2@m)}XoqK1rBXyc< zEy>|y`dy|RD40ZvUwzB>y~QkLdZR4JpRkmp>%QSErbQWCjtp*D7!;O(jvI1-x1QN* zHM?)WU0Q5rn)Sdy2{t_f9)fgJO`gS5b*{zO*%qbva$Sg~mR8j3Y$oeSM%RHR?|x`Q zS$R2!-Ea~hYkU(x(XI**DhPH1f=)9{LhT0CdtdcT7owBm)&2(1Ac;&#C+c}U499H; z0T>3e@^9OoOYeGnd%Ld&K@er8ZGQG!b6b(MH%OXCZ*mA_sXEUzYS`OLM-goRh8_aM zB9i_JA!TY2U3o2AO+E7LFLxC4+XFCDfUCH_{?ftTnY9d^AYfNI(cgAY!@~5+j#pAJ$wsb8OkF)akig@E?jtgU%T?SX z2L6CXVQ)0Wi{acM0~OI88em*i?vKYhAltLN)34+#28H}QEw@t5aH%y1Vnv9b$qFuw z#2S!rK-e8Ow(Mh>b%jMXHhxgNGu4lG;@qp=mUV_nx|9WYY9WtAcPM7At)*gPwBs-`^~#Hgq40PjF zox*4IP42cSMO(@-F_+kr!;Qm(j@*Z#znj#^@UEB1oDfCyKZ5A*LyA=DAp^dzHN~zo zlZ*DuD88JgF}1V$Pd}eiOXRAIzQ9lIi23W010zuQ#BBI$sj^nOZKj~r|cX?r1%1l zd(YcHS4eZ}1F<>js|cl<+(!?<(B`lxCz^M|Dq~l9_mSpT`Iee5slBE#vWn9VIJC7K z9X7oz7tuU-8adbQpB}C&UfSYvn$&Gpui{F&$0&{Z8Nm(zl3uyl60KMjRhG;!^1-!` zSaZ6puHckKa}_QR(S=5aHhy6EJ@JasQdv0?crRC!^M#$zVb}9>=Ji-EF%`A4%hB%cG;Ggw%J9^P~Bb7*l7xY}%98gme8t6`TVL&om+6_Ectx6jk z^^F=_5VJn>PfMExVw;o`ij{Ar7Qs>Db6W=v8>yqF{Yy(rI);W0qJm^y#@X>LYl%W_ z{oF7q&B3*mg&&`~)iZ1aNEzt%jgbiHNg0|kPQyu~{{0w|v&)eec!^ds@Za(aCyK(2-bM7 z6fKsaYVI>K9uiT}bCJ5v2o=Li0ntWh#Q&+A2~a6j0L=f(+M=}pq}+75mx6`|-fust zuHwzoJQr!RYon)X2#?dDTYhNvS~^9!KyxvJSjSQN>2AuWEA>WdEjL2}2g1N0&9Kg4 zrLNVa<-nZi=AeT^@sHJa&WN(4bOEx;1}~H83b}8=5@;g;MtJoC=LcJfqTw6kL+;=D z7CK&K$pYG-J|rR$bO)@+;+~tSQUiLigOqZs4l+*2VF>DDQ!;Vb{jTfG8irWuR!_q& z%FxQRbiATBd<7558=OiQ>2Q4qzpxcyh?|d+5)(_MR49}~9}H@1*D6hucIsaD@OGR= z4tg1+Oj$QAV+IMiATl4Cs7 zRCuf~Ls&oEPOenip9vJJy^G@#>I40hY$e@!NeIGoP4;K3{}iwLY797`K{)@{)7~kH zqbcCbM@}UHNT!1T1MfuiaV1%aw2sk?mUh|grCql-J^i#8JQeRJULZ?DZ=%&w98Ka(4%9aN+FP~FHrFA1?3PxvGjb+@^>wqn(!(&{ zgl>|JGMr^lG0~R1W@gvp<34MT6SR)lRDV$c!i50~Rqzs~VcP6LGbl7KoktXRc7URC|-{J9h|0*K5@UWgQb^{6up0fay_RFBw zmsZv)IJy!&z2~`8&{-Ee@$Z!6P|p=Z>^zZYC$nqe9X!tL~&>!wtg zBqk)}U%pzA1QsqXpeTst3(a_o;go<7E6#{^?KaWNeV-Z7be^>i zC4FT`TWr%kBOm*G8@Ypr{hK}MB^o7`%=_wFhtE7VwhQXidN40OJ32DNy`5gwyupTdtL=8nv(}O9`OFaR>fQM~-^BUK9b$6B(8JU+zgHw{4{0HG zNszoWzLO?4kj2V&g;}=eL-*WW`tEiBiLr2qkf?t#{1^p}scv>6&Hh?te`;%_vM1%I zo2@^4&DFES=SPK)rjGiqO`HGKj)sf0jqQEMk2)Arj&PtaE1_Le`0Ffd} zwOE{|YD-O5Sx?+>4wh%tsj1ZYKIX-$S+)37}5gaQY_Ead1@ZB|nc!D${JaJg$;&m9>$kY^kfz00`XV7qPD03ITnl%p~KR`m@ zBESH;{1K6OF#?Yu;tF$a#b?6Z{00HJH3`HaOi?0qq(G>$iEQDcTdarU=gn65)Ep-^ zCQUmyLOt@3M{m!A76#U<#(HBq|lmuFWCUq`9;Rl;@J5KS} zXZT$wKD?&Y`Hl37U_Hg}%$ zE(KD5fy)Jp>~hMzKS)$R6@Mpkr+N+_$cgE8JdQoin-fH0dW{?#=Y0JX=LiK(*(%!E zzs}y1Uql6M-~IympA3KXH~@`dpNQc%gh6df8aT0&q;N>_?S#E=(uEQfrQ@t!*PGW| z>54y~h8^D$_AbZRpmx3`Q;3%{cgGXy9K|ksG%?NQH#PYWg+NPrMSx?02msKON#a;@OECAan{VB%2a1}?5M2OE1AX_! zwjRlDB?AxvO?I659anw0dJI_T@)lkCYMpa~%WNxyTZ02a(YwXushrqCL-sO*UyaGJ z_v5|5<4x(>wP`U$l#!UR*|#|#a4QjH7|?5o!^k_#c;$Ge3!U3d7Y9JaY49T2V?bA8 z8emyD4Rb+C@gg^Oep|xuWh`o9H)u6?wAUWq@aziTFhqJ@sNX@GJxABzqki6tFz7P; zHfV?mFY1F@Vwh-c^5k1PqG~;;)8|NkWnW#SmTj{Ue6*rx=dGK3?@^_5lT@ItD9XhB zi1Gp|3=a>F^zgqT2tK;2MPynGU>d%IK5R`_yMQP157fPCB55Q z9KZ?ef!qsV2Tq2zqCOF^H|cRRv#_uO@q(To*psm{E=(5xB z(Tid;q@$$D=J?Y>Gl{`$iDBy7zPpL6rh7XC(}cmF&MiMa6Yy7U>z^xd;Z+{Dz7eGk zlV>~f`{bP{1KHD=RUKE=qPX_J=lNz0|` z_D-sk(?hI`zWrva3|?71r@7qQr?>=5T77SY=qHbSMZ^?CFJjZWH4h7>_b`+=VB|tx z1%Uj1pL(5))u;|rDpv5~bBrUnp~fT-xz;N#0U)H;GkJMZ0iSdtN2w!2nl#RqA^yA@3;|X~~m+n3Gv5T8D zj7->;X=KC&dmoxw6t$m0DWmvRNH3V~E~FrW!(mLYEVt&yBdMG6HxdivVDIX3c|SDY z6q;fCi^SXHDMf26P3I?=f{?*JRFTSF_eJ1Nl0}mFk&aYOUwY$;ZB08>cI7YwwuDb4 z#;z}P9#g??xL&-JgyXSdf3HO*UH^AkLXK&s^Tpp+EbUa@T-ikLQ&LhEdeR7AXqSJE zA>;qGN=2bRh1+$VwqDz;)m%B^bE@->0k32T<=w%l6T3460y?#m65!h)v zz7!)dH!}I}1v7zZDbnycB+5q7ApY|);8_a(w2)YX*#4#qQNg@j15u3svq_WSPz8UHm}sI9ZbSA+~* zP{rZ(zZE;hP|{oUw8F%|hb5Q)CE3L_zfxa`zxe(4@g(H^MHKn>@xMOB|2&ERbK3v5 zuK(X635|f)#jD|g<2^hH2)4DnSHU!-H7py#OSp-+}dcjK9iiiD*|5jN} z&g-RM5y`;}fl4jm4Dsm_fqCN!chtl17zy7aASZ0g^)H3K-$IW!)dZbl{JrLU*X($qw+~~;2>W!YSoBI zp{uKla4_u(8uxt_KMBZ`?Y;lpzyS!1E1C%o1{@D??W;5-%{#IxX`%|idj>U9`kPB+ z`jhVsOXtf*y|URjA9u*EuI34B+jPV!tMVrUNTGA{%EUBU#Q)Nz1rFJNg{Z`q%J?os z1S=1pH+v^3BO~K5T3rYv$sV-6GGh!raa9=mK91q@8_>@RK0A_C>pD3RRTv|I(G`RS z?R}#Wa4CnH1(o`Go|n3|PgZyii|LUw_-cpg9gHwC_-peU$r+^cBLE89b!!Dr_;0mB z0sJ4AVw;`7bh=n2hdAA3A1_p*YC9PVpcnJgmIfX}3_n-QX%>*n^6X3@em{olyrNLa z3;_=gk~O0Uaygl;vXm2|BW*jI(hO`QT%{NCctd646(<{W%4p)L!U#;j9)Oz-oA-6Z zPPPR(&Dxdco#rdRVhMbUqw}RY5M2_@bASNj9;(u|e{;emLGrH7+Oc7Y^Ma00GE8xH z(Ad0 zUBI;h$d9e8IFEJqoR<(!8nH@`9)TX@^_do{a zF$Nt<1_!Mg%*OF+pA&-5i*?xNwf-dOp@)Y>ArCkW?K*!Ez4Dn;LXYHrLbihg)|{sb zn!JRyATJOFc1|Pk6o3J?50> zVoMF-(b4?%?3|oQOeV7}4Su+0MZo?_#$*982^M$_AqZf2)KB8+^?pvXlAK3o0;KH< zqobTas)EniL8JdtN1qFDPu~oFlv<2LZaXV$d_icBH9)!GF_;8FUO_>OSs{v6U?Q+1 z1md}-G+ys461dwNT%%jbeqEez|%sJ>)l)<^RR zOIwV4Q$>JuIgFRY$%<{~RNI`Zpq7I2iMhTa4(C|f>kowS zGoI3`9S(Kq*1e&GWw7noSZyhguv+nGa^UD_5A+8G)!2kb#0Vtw0RZbusKx$LOsLn% zp}RtSp}m%mo0g`wb|PRbwJoOrrrMDFk5mC-Y*@D|hQrPp(F=Qx#DtQT+Qav7hn-<) zZG^O@2mWiM%czuw#!ElK@bLQa77Up=84RC4KWi=?1F!shqa4w$+_m7=?T#WQBtTjraqAL#bE) zt!7mn`SFPeH`yIEwT&wFJ1RV)!DpQ7Bs_aS!uV1XAiQp91h+2G`WiRos8k1Q)aOc3 z`jYLcD=FC?%^+5WG&3r5h0Q`ehr)nZfLdY9cP*=ei^Z2qpw z7Y3oruXDo+0H74meY5ET_-q2UMU2qJed9A78!(sepZ;av@3*F!EJMM59?e5SYjkyv zNYnhDlb9PtMKscd^+5CyBeC=O?CfOEZ^I|1q`F$OKAIjkB25O-$d?7y6@Iwyeo-9C z)wHZBw!6ONwfKb!O`vrd5sDfb9b=B*6A#QZY;b{w!g(E%8UU3I&C5GS2lqrz9Ia(n z0%{)(Z>VJQA^Vl#3gn?+_1Z@5zw;idiLcbTMkI6c+4pI4`dNPfAN9j!&%gobVe~|s z|EV^^rAvZKG727FcuhqezWEl#GwK`TY*HUAOXPLlWUO}cj$fS?*Pd{OJ`E_~mC3ci zov4@A2@8BlM|gsr*w^gjGj7^k)V`7wyqQEH9sOKz@yBLdBcB;^0f;HkniHtlSdOXG zn>&;b&cAdw^&IpAn*9u#nIB!r!fN|k1sPVO_m4a8XPT5Gu@1fU3AgXpyJA`@QX@Y0 zyMhu3BGr9;n|A)Ux>-$>ssw=25jrem*nk{PR6q6n$Rtq0Yg<}U@;t-|N_AY5wDZ39 z5$rXPCG0br)M(+CJNp*4L>&3nYH@>UQ217lDD69>b>6e(ztY}_ldTrT#4K!$Q*b?x z-;lO>TS3e(OtAvH7=BmFDmcewZD@EkO%ZIu&6*{4V9Wkg%!rvJi!5`+(D7Ghnd8s? zj)Hr{v%%SsTOqbM+nma??NwnwQy88eFP*RF_R|VW0AwmryT*i(9_3nzZfqwYN1a3L zZo)3GQNgFoq|`;sj2R!5k0nOajeFaB_78vK&+Zn-@SpO%=&CR|cATU5%P4#feQy=G z?%swq6O?-Bdi{*V5||A$-V4@RKPd{=2WNtz_miHBh?z`wcaZHJOAVrhv?g5(*_(>} z)7FrCUuqIwIpo$ZU-l6enN!4{F?+|Fty2xDj+Hl5Cz&tzpJIa4zyq)WGX0QKY~X2w z&syEc^Lb^;bU6R%RLwHf%eqy^uDt&pq!VJ=>PK{l(95y(-O}3CZDyTsQ4aG>L1>w^ zgAD#C%tN?3Sb4>0fyr5R`Dph=n;`JKv>pZbItmck)cv<5Ov{gn?naApZl1q!Oe{MC zo2p;lk{rA;uScUL%t2>91M{C(O5YkDv@c-ySNnQ$eLyW%^w(Ziu6m6!z662)RkX#R z(^h?31wSmg)g_I!JrgJYaw;~TuUYruP*u4*OW~>vudID=8I-bdZL1_A~ z2HtRJy^%GkI3H~MX*E~}hjrwn=1~!1j$fJ&o-jM#i#pqzaf=Gt{&8b)sgGg;3y z*nk@p(4vV8Qh|p*aI1|B6<`H1V_xF2l%O+#y< z2Xi_Xj7?7)??`I@6Z+oXpK;9-sjM|6QBJ*9m+gBFUYhedy}SJzVSnOy6z}><=V!pfRwjqBBy&s;4BldSg>|_Y*GIK_t#TiO(?aZ3YFs1H! zjh;B5haPt0=gc!PgBE){*~evn1WZs0*yA_n{^aK??f7?K5OzfePq%s;?G|I+uC~L$ zJ6qWpvl65;FOnX;24eJjR@xqehbD~RbNJ@<{5H)_irB^Er?Srn1H>V_OaAAZ3Qre& zZk})50^?Wtm+e`=AXEI2IHomv#nTLU1;U&3Tp00}Uqtv(!K6cDB4e)XVV(C|Ure*} z?;?B*e6Jb#DadXlpkDCc}7TWu;vde53GT6so6)_iEnH+ zK43?h&6#WwhJ(-GBQk(H{hEZS32>}m?GG%1EiL2`l}xs6#yPjd6l)zrYpu-VlT+(k zVe)K~2~SnB4ExPnL+rf}nQ^(yY@p7YD^5Xg!o(E!dmZc-$Uop)&VM}isGMZ+#~N}z z%q&24PX$$Pa*tLZ#tK*hJPd1<(uEPPf@SkU)RK4v677CDV_UhXx8{mLL>aIC5Xzj5 zAeOehE{bej^2Jam*3(xgY}tieC?fco{Wq{?Dcr9%1ue2QxWSgCJ-B8Gy!2*5ftdH~ z`7T|4w9!1jEMD#On_uv7<%AeWgNb!K;1RIyLX3-VS8wF7SiD?tdOY=?^?ZIge?Ky1-6RpZvJvQ>%!+U$~vhCz)vXDo%%oTA>U5p(y+ z0@ymgR^9gqdmJI9pu}*fPP|L}O7bs7U%ds+e|+2fj{T^1#)IYIm$RP9&ySf~oC5?{B}qTr3-)OeB)?a~_wCR(q$yrS=K zfu9T>zF}@4abH_ok()WLMLo|5VXbqRo}hOU7g#Ownz}Q(eovuq^5p9jVMZ?l$=vO~ zg>3dI)70H6W7AvMlDgfj_5?p9=uDl>4lM8+1P&IpjB68HUlZ4W>XaCW$!Q0R%U&ZK zte@d+#uw7ispr28Ufg+ScDgtSL$4CE=>U!;E_^f!wpkg5C!Mgh4@T@(jO{F8p_OzZ zx-dJPQ^1;DD(1fukK@uHH)SYVjv?mDl{3VwOnTyqHJe(Ct9M69#rV(0^eWE*B*q-Bp(-tfI0Hx5|RM|k|l3Q23SsV6n*q%O60JU>4s|jpF zRMvN?ZEN6)_$9q>misB3)>X2FKI255q7qWX`)(qKG3y~--&pYwwIb#O$20>~b9YBE_1y8%>%$FFYEC878;x;<&ec9>0`e8G0ruj<4|> zN^rLRusiiDkp9;8(`yQfbY?lNJ6J~X7{xS;W^lHQ1-GuhLN=e5_|OXgF6y4gsuG_C z6B#}L2HUPRZ~Hq`@NdTMfFfV_Ux5lRZoTQ(H_F|m{U3zAbySpX*FHQ-Djk(B1hvx$pOR-{+5St&gQHxn>xy>x{jRz4vkK zlW~C~KAWlg7*Kg7HOwK9r%%?R%CJ*S-G;Opx{uh5&X6)UDz4B5z+jBVpm`u19jx0w zeKq|YFJDVjAK_{-s)yw4QM8T4Q|-^;t*AAn^un@jfj=o&invN6_tRAzd0Q^KV~M#} zlE|Bs*I3)c$rWPde3Nl}js`*dx$VCmbkwd;A9=(dg#}uHt*V5GP}N&`9ACqtk2^1C zmkc5p`ZBO%y|b@$rR(Z;O;qirKV1!y@)%|VrdNrceSiuIWhsdm;w9bQs=;kH%YgF7 zT%T^6$i?V0zc}-hWky?%FNcQ}>Je}c;~RE!lP~H7&)g(74}$KAVwY8Svp%L}B$Vvt z-RJ|;MDqe>lV|Y<#PQWOx<0%P3)bojfr)fi`JHWqjrEx4#5v_weJTYTf^GXJG8+N6 z->@}T*4Cem&PE-*e4=cD?JVFz46kKsSX}V;sS&Fjy1CVC;al75z?51ezdPd-0g_=fwB(;`Q5t6#SP#TMnibeS? z*CdChV@W{ZiRI}8!CTX8s|=&mqZQ?VuzIOH&i8RA)v}{#?tL60Zam*BGPgplJx^o~ zA3sE!F%?G0+*Dg!$>eW($(vgf=3c#Y>pRY7&vE0rYbvv=?#Bcw5(B7-bd}|R#b{*g z^fCP1s@Xt4A3m)lae!(>+SBgUOYroB6MQpiaQRsrl%i9_wRu7>6%(r0l9nt5d`LmT#E!vz zm0#qwE5qE)d-l&7lAtBkZm>tPoy!4Z$#x}sxP z@kn00{n)|D=4yt~t34zVqfB^I<(c|`ZAQ9RYXQOy(J5eUd}24Ga0^|Kf-@Jw%BRm6 ziC^zq{Y~DBv&URSMse?YURIdML$~zER|S-6?-hE475ABfKy1_Xy;bbZde77iP<+~4 zXup$WSV&%KFh3m77ufZHyCW0SainEyd-_Y&*O`xtWmWqtcS)?$#=S#yIXCWAPp`3R z5KAZ>tqoWv8bBbvK_MX&WUgz6m`GyS0Cqtj9AspVvNE1V@e2^~IWeyA9O!&rBlN@M za#2r3MCxudy!30emIXpyJ9>>lIjTiXJ>QcQ_KLG>IG_z!=eE?H-Of;-Wiq+G?x60q z_%@*@3}TpXAco=iye^Y<8?SN`b90-B@js;l$oEiF?!lA*R1WK997eKNa(|f8vhu)z z_Pzw8She0oMpyAeN6uLuey?me+RxsYX4wT!FSN)P*)KPzJKwe_VW&8qc;9>l370Y2 z|0J|QDnE=Q24FE>r|qPJ43d~{XGcRq?&+Z^Yj4?)jy2eCwNBnn1fmlJ;6)uv3Z*$% zYLWtrU5iB^KqV{Oo8lYgNN){wOF```+(S_RadLblafwPfXFazy^Q#l(4Tu1~3I9iL zxX5Uc>|NfyPDp#_MG1w2P}(_3d=_m#TMI8L+#y?0K|Q=1~TgSH^eK zr|4LCVGetgl8Oa)ZfBT|$)}Eu{D{I!kBbCan~VW^H$*w_(+xpV-7k{76%Yu;Vp_o9 z{k(uLn0-pjy3^RtK1_Vq#51Pr8GRha(%sEfzD1S4)cM&NkCE zaTeRV7E}d34zy~vjvn03q`}~<`~rpo8_2R;`=tdZ8Fr|z?OmgeAI3AgxLWGIsroUhtd3`k73qarS-c0L||d}CQ`kXU^)bEDkU}^lq-UgfEdhF<-+3i(ET-V zS3K#1u}P)hK}r+o1z;-~l2W_LE6z8%RTMKCh*Z-dj)fY*F%Cgy=Dj$2`#k^4dX|y@ z)d+lrkpd|~G}qC$&VTg-!e`~?0v7+9OZ#p<2(C|*C8uygo66KId!U|y5UgXnv%aG} za`Rnsd^|jpvo?KJRE0tuqe#^BT(BQ* zRxfIF&f{yfzjg~qIZ_hHgCVYwUs;TEWzM6O4aW9UC$sT20-6fW zlvSP240{}S>`fb6v^k*W3K*1{1ocIV1gH0D3=40gq)OI^LQXiJ-jl%hpadKT zSS&HIvEfbk8D&rz2AqP4u5iM5K$&KI5qkd}sGf!&4y5v_+d`M(67}@+#$h_{pil{y zo>I62+42`mn$K<02R@DFd0NlG`WNr`F@987 z$&=q78W$SiXqW^|{CDbEkQAPs5>bmZz2Vwo`1}vwz_mGn2lZL@pHT6e#?umZjBm<89j*u`6(ME2?Dm?&FZ9%YE@tAzFu{OWjNE!%?sCc)aF z-E&}10HMM1_hi*{gKh4}NI;)ql|&3GW`kNRt$Ykvp@0q7HgynABjfUGk_*&e0d*5M z3i;>vC=iL>f4%c_4cGgvW|wt1gUvsy7y1zSMQ zk?c@SYhj^IWtMS6$5%BKm7<&xwiQz!$JNymx(b3P-)8x>OI=&f{#1Mk_`-pmzR9;@ zc4AZc;|QnhrP<qZ$rlD|J8=?lQaRGWy zJv=* z7euK-&0hp_f50Am0u-oY3+0Ss5iD9urjE2SM%n(~V+<9HEP|z9`tUcWmEfE%b-;`K zJFjWTfSIG><<)kN{}T1G8aQoJxSU~Bdj`ly|4IkiCJ+7pkra3z4RG~+JcO@!1t>e1Tkrn^sA*2ka}~}xt`e&D*uce0Et~;j)B|5L zawJQTXe(3kcm0@k@$BpGi}hspDqcEugU1uef$8NWYh&%=S<+0(w>rXy#BvI3E{m0y ztyim=35~lRTkPi-`+GYZd{m%~MY&reRiZ77dT&0JY4q+o5c+M(O7n12>Hc2sbpx^T zf+m=zjUH2WxjJh=-O-=;2Ael>b`a1KrdI&HbQ91>%MNOkRaEk}V6B7aR<)K3a`&|! zP*xJSSWzYbl;nF^hx5GWkoDvM;Ns=t{neca^%UJsdW^K5TS6*t|zCD5!gc7*bxV-4II#?AIN2!65_( z*mSm@5`-xQrkS2y=rQ+9B=Ngj383ouJoaM=(xET`Z;Z)P*Zr6U>IOiYqEMmR8ppfO zD|y(AnvB9n`=xKo9OHj9Ac~?e=QfZ`UK!s_lPd%Ykxwf(_kuHUjBJ?O-C;j7;F|Vj zIX;I0Yx#O!ugrTe-4c_n*>WEhST|+E&3Cf0UaGq7h71S zbPlCenW@0FqHrKF5nYuYHF3#*0L{F`C>_HXq-2iGwdy@IKC@& ziyKln!gPD+v3sX>2}L~FRc%7@WID2`6#UUdfaH;lgz`unhl9RGvPO?yOZxX6<7;G0xz5ImRa(B3mH zO9lEE`dC`}M$?#GqLcy#ruLs2-hi9*98M!g?|DTBuHRFk=D1yK%KOa{Zq`!o7YX1{ z6GD~j?ot1z91m#zS9XY!4g zkNF=tKy){dW|X=ft?BN}UB4>dAov4@03^$nIgZ)^V4{HyqaIn}zhD6HOO?>@K+uOUpkFUCAPE^#@ z9nXFb&M%(b{E?A&K2ereJ#&Kdx0hJ_Z||X}B5pxdM%}N@RMpgS%E~a`@n-S6jhU%e zYUWo};c$6ugvxza%ivTnS!io@ISi)dr*wxkZCb$j9-ENk!l3htcAO*DmNM4$`X4#1 zv^<)QhDf%&Ugon=$h#gGXg(Wgk!Ga~`j~(+^YHDRYad-Z;oF-h;{7*FV*MgixWcbj zVXSUd3kwJNr@ell+THX6FTkZ!oS;?v3$S{Y{XgRp}gb~wUym#1}gbi&uxKHXENA*fvRhsR3VlOB zK#*1}V#1WhGs-=OSn8Cn^tgD-sMYjbUB~g8sVGg>-Bn`YW31&G(u*{P_>z*>Eqi%q zC^a~#wI3~s=DviJ@o2#aT0~N#^8Ji`WK-Fy)m8Oenpg(V<&VS9lupE$_pMK zpYF^B;xVWPz?xYQmfMrI8h|t}lPQSg?zH!VI#D;I>(1;KsHq)XcZGA?PlG&TaT4rC z1UIt#U}DCaXY{hqW83H@e#Kek8HDWSjLmIq{U>)C`TD%wd(T$3&I5loQ#WKY5#j$F zO#yltMYZ4v4}pqmQ-Sld2kJs8sj0)$(~sXVW3qE_@F?SRa&j*1Ht+pJ!WQ%cg>PDk z&xYW(#13-v^QkErn@~8(*Ykz^dl1yAy6B$s4iSEI#ad!Fzw2s3vY{PyWxo&1A7CYL z|2ZT{m|~Pc|H6_g=20)uo!awZeUzx2agE?OKS zobrhXk!q*Lvugc<$1ixRB!i-l5X|49^>a@k8P0vl4W_G7V__A-9Sijk2@Ht>oS0#= z=X-n`p67!j`I_X^zn@0{>wzy|!G145#C0wyDXH9#k+xY5*L(DaJ&0b$x_QS5ksh|W zkS~c(#A%fz9@iJBJ)~+)CboWZe8Yt9I+pt6q%}H=W^3s`TmZ1dnA+>1Ga&}=17B_J z|4e2(_;ThA3EkYPGF0@Cs0VOdn>!}ou(sXBgRaI4kEoo-+1xwVtuO}uZCUW}r zh{5#9RW`i2U%}6+T#r8OT>T}Q>Z8^VMv0j$`mEk5Ve0`g_#hcQmdreHGx$DT3zo$*Bn&_f{|;r#T)hcY5l3ANM6XKcHX>IkOsKnW&bp7_?SHwi~f zZJV1Gwcoz+crOV5GGx8pRByLygNIcN7d+eJh}(hb-BC?XPkV@?22jK8$46z7?W8K^ z_I&@$m7?TC{Cb}L?c28`hifWC`j;vVOiNN-LXAN1nfOO9e|P8nzGC`{Zr=tfBP<)| zk{V#!r5*mjeh45i2!J5xk#txh&O1mOTk7bDcbDnGUI=PB>_!hSzecp$Uz+=qxskjJ zH-naK=W|+12i#sK{d&AJH=o40Q~sjg_Y(h4Z?Gm|9UbBXCanm6j5WR)htY4KWh+gF zn?)ENaPI#j|;(>%bxyw-N8ISUFHFfpne!VsvZ<5_e)zVmd=D z%Q>dcG2xe@CKDR>mij?E#t1eGMQi!=hZF8DPTqCepx#SJzVQtS5*_6KTjpC^(AnV| zZI*?`w$2j@cA6Dm?{$e#Bd8jI8HiNDzA{?*=K?LF=@31QS8{QbFqHuAECZxJqonTk%}Qmg_^#S=VlC zi18lAYq0q=s_gRnVIJ7Msv0}Hjjxe6d7_KU%R5I*`gIVsg}ct15}c0H`X{<`fBr0{ z#3+~NT2?ea0o2C#bLNE>XQ@x&E3Sx)ud1bRKPl|<%nG(b+54qMJX~2_jf;j|w{({# z)Totv=l~at@)FuCkWEcHI{ZpH`-S*!I$E8?(a|xfUB9i=qo6&K<;>?W#4e18XM~6O z{-M*%?d&hEk_A0cUyQ?ZcWafaz;;X|!}xwSZwJt?X>*!TZ%p!Os}HvK|IN6aieU(A zFD3j};n8lJO5cS{zLEq@EQ~r@f?HZ${UvTNGB~$BeGh2V|GWMN>^>F5Hv|rRuqmOEP zVNq6YXX*1j0sq(h@0h$1BgV#$u%0YgTX>f2CB+H-UCAdTe-xg+ z?J60mjkjSeJgVg-;)Y~uF@|zPFNSM}+(EB(->3P1W{4+*j)7sz@+CUCI4iITz$hQ| zF);JZBmj)fCQDDg(vzoNV72;RdpL?Rvkjk|$MUq>z5M>LM09d0XU2Y!yoz+P|NYee z`Fx^Ag{c3WNcq1j;u!xq)qmZj~M;`f8>VnJz{Yz zOb>BagCRrMIXMka%R*V)Cq9^2Sutt|ZcPaIYJI+Vv2@__!|K%Z{>|Xh$Qwd&t#ll4 zpPrprZB9P_86n{8DdPhIP+Lw;wID()a3Z^_J`Gqf>eLZ|{W4eWIn)8uir7r zbE-(Ym|o+>n5Y+Xw<@n!n=ou)-m{kkC4C(`=_BM^!ss_*K?&dtV%NCdJ+0}R9!c? zX;iLr`{T>M^72CAmzRXv<`C{%4t92zy5Q;(!9Ei(Eyt5Oz~j({@1Ll*U+33dAF}?u zeN*p&0S%lEJE4*fEKQwOwTj)6nWx?Ear{(WLDE65f4_>D)2idmSWyZ))%vUX%~zoY zR(QS{mE|?`*8Tb0{-^oPj%k*>973Z9{(@(lwoYzFx^;&Gd@@r|=Z8a_I;}mY_T>nV z{TjTrrV~EFu*}Bm@ReoD?7atGa83D}bVARKY|Ht&9bIOOf7huvFQ3!)cW!P{93Tk0tcQKA@`J-k?Aap^XRu;99oP@r}hQS7V>!~M}==InMI>(BY@8Rtrd(G9^o;ZL~K-KXD%=T=P zF{{_vzNUKeM7cZFu|v_Dsux7uHV`cDg`Bx|0GlR3w+FTp===9bu;x<&#>Nvh$o`lz z_;#Y~V|Zt1;v(qVQ0cVO(Xi-?0ha#ot)jHJ{hp$h-7X2Rutv>>T0C9#9lu@k1yc!>*ZRA7VE+>NY3vTGr3s7seAG> zM8sf7Sz%h_(xiIzK#PZT^F(t!+N|lVd4IB$Ng@%9VU*{QI|)XWUzK{1hyAx`>8ba6 z>W8>1?)c58`e@R!BY}91Gok312=fY;Hu@WCD5|N z>97^NsHm$5`*t7eY@frQn5rz+LA6)`Tq-Im`hG;nwKTm2dk=+{mtumm?H&s#Rkq|1 z)gXQk?}m0SgMogwHl(*Gt9#{%%nwC5QGj{K7mE~zOJ>CXj5e9&|nbFd(U^6JR z69g;*ZT&qW`TElzO?gb%r_g*n-OqST()nGhm;dP*JaRw05e#(c(l!f&P`_|~f-=5! ztLGFwpKDX;bFse1)NP5?`j=zNr&~rasCXtH4m@U@-VQ(Z)1xuQLGO9|HaQ$+NIFfZ z{cT?^;@YpqLoCz3d?rn_;qzGRW~81ghNQf%Q4>yi3l;kG%_14s%XsrI_zqj_^c2Af)BrDph+QoKpLgq;#wk5Mna9|uO3Yl}XYZ+dzvJM%NAl=5TT*y?KDH^xN# z)KcaGw?}L!g_g!C=kxCk<4@hxJf-=T50uYzoWq0U)9La`XR<6o&655QTaeRgzR}^K zO&^Vp`0cHeHSh2r@4(%!9`%HGZH``RWV0#TO?{c&p43)1#c+y$?Ff|+0U@F7*_`v= zFKDD9A3mTMR^cZwek8g)2XQcC%L?wj;iwhS`1tWvN=k~G=pt?|^@lcDS=niNEfmAe zQOQ_2NYo46++jMgNP=(>i1Lm$KK^yPiyJN`a6%^fGv$CI0=rbL;^3St>Fw(C`#{0r z0!9&9RJ~yE*~)A|FpvX-@uZ@zS*V%)u(rnJi_gvOAszA72?BYgsv7{sC>MtEgh9KjbCC)9KOk^ZAs&2c#b=Al^$I z%*CmhvL(w<#LIlzB8wN1vcjNicIs2_@PgMFkErS$-jZoG%1FMRk+vQh`UGoRu@h_+ z+}!GQfR-Tm6FbkYr=2b}pI&jmQ#J^WZ``B%N*J6KTK$WaXXKa-2BkG-HaVu#E!m0$ z?OM6c3u0e5Ht8T-Oq%OGIF*XSWH~&!HalEM@Y?MKbjy+6v0ZZKt=}K&2-d}LZbZpU zqdlz?{T}skE?9$5C{&~UR&q%2V7Cj{aU0OPD1*Hf zm{f3lwQxrwcv^*#_BIoQWoi|gt1<|Jf5Cw1=15t(x59Te=FDvjUp+sq8F zX?k}PlYF*vOJIrxL2DVYOz;FzxxronB5!$J&~v^9LK6JD3goW6u7s_;3!g!34y&je z&R70&!|Yh3q;iAmNyS=jY)IYt_n$tn{4Vge=aIt9nxfue5HmuVcqj1{UcB}98HY5c z2BwNaA*;y9%_eX@MT%N%I7{y4bszb%DT5iZ^7?S*17E-X2oUUQp<87=rvKPrwxPMu(_L9n? zH@D!;LGdfBvKngwRtu@j$jVPd(|x zFheN?NRoi*lh5ZPFRR?fUz=)a02@-}FlDFhyu%SO$LxI}cKvr)==_q`_0YKGbkj14 zF1`u|dm^3qru!$#Q94xmbL;p)E3jF>+w!>H2daV>z4Cv*e?iK=X$21dtW0}j>%C+($No`M8NmCFGxf;a`#(z>Pt;Y%2L4f7gpz?te_9Gcu?t!}Zojl!$x zin0>Bc+c@oj-vAN56a5Q>xcI+P@MNwd6B8OID6}r++a86E46@;5jtJ(dL;FmUD=k( zLY>sz4vwz}NB%}OKUwqF*MpXAv@D(H1WG_(PBNcumAK8qu&3(|B6(`R9`SrIdRmax zrrQwH$`MpxgNC@-E`C_r8_`5kN5qtO`8L?_vO}b;`R$J1a_H+#bClpPc^dDZvdx=s z3k7t!REs2|#x6*@3R%nrZqI}BQE_B|iCN8S8VinnP13xZKF$7V)-bOZ=617zF3=~} z<`lQpv!4HVueZYM5Rcma8I{R_VjA05ov&{a^^^M-+i)&#Iv1;ZB#_&#tD zXg*sExV+RojkpgGknsAeFA?ayKi&uA)Ut<|-i`-^lFkNBM8vV~V7O1)c6o-M-_Uj~ z%`ON2kjww$b*{kd##bpx6Fb==q9-<7_KAReX7|7SnJbP&Mhvz{S)|1PN^iXfFZgUitsd{Zu zmJ@3f8g8S2#b)T(NB=%~w6q^GH`c?6i3T0(I}Br-q_t4zD>*g+v1+>~j7$u*zYh`ah$a?nNu{ zgg_GltK_42L(E>A4L#_+d+e|Q}a(-Zpgx&M5=JL&x{Gt=aGQ+Ww3u;D zz}iL3d`MJLLw&VLE7f=5pcf{CHWOy@Oi;2dxo^9QIXId^-|VAE9DC?Wh6mf0*M)2U zs#UL5VxJMOTGjF+ebh%WeH`UX!YhZ)cvMPg7_n=M7E$t=H33(JR;q1@LGt6D>yf>~ z@ykM@4i~~Nx$;owACa#FiBOgl59z2zsf=zRQ}fyHjR!+F4{kr3%+%5tD2c7me;iqR zS@JBtTTZP>8GBUF-o${N68Eve0M6;J8q{64w^PqD+lJf~?~;#bgoZ|LjjQo^v*QKi znBFW3I5!;;ml!29>C_omFiV}}<~;kVijz3Bogp4Ji!?%v37ruGd7F^XP(>i|i7kf} z&`j2aOPHHapZ@Krl#)_Nb46$~flJ^>9Cg!W2`b;1n3%L13USi^PA{yOtC;|J4XO+Q z_iiyc;-8aus9s*ClYJxzr+9?1;JMqXV3?QnjnaQl@QlQ(%?48{SCMMkO+IRyd4*Cp zq}X5d`)nOl+-mr7%%9L`m`@YceB%V$3WdaFaP-v4u~#ISIeK5ei46)@+@3|{cdDO# zSHGGv@r$3)IGn0B+ci3L^Es9W70S(?n_`3{NhsWJB>35Ty6cEvUZK=@v%l;Zdyei$dNoM6hK^N(frb z)M4q}Ov^%ifKU)kukk=EE+K)Jcs#>(?IYxSq?b$Kr~z~+L*RVkP5t6d{ems=dpFX# zBWdWf5JdVyjf4ZgT^r>ud$h}|hS^lAA%whBp5EX zg6hdL9KCkh%O=g5hu*KfN}9LosC%Q4pg@JS`lWtUAa!B9NMm!n&#cH@klQf=-lg|lq8Wz676TOq9XJ%2~O+u{PMK zHc8^LX8I(PxjXF)1ld;Z7kJkj8-=!Afdz(}8>Wj@-6V*(a#tlq#V>c)oy;Qn;bOV> z;k4}xwEnD8{T?RpC~c_w=9zrNSJ4hjmrZwB&rkS%ypUvzDai6VME=^16tb9|sA;p+ z*sX7m z`y2oGAXkx~Q!oD}S54z_WjU;L)lMxQT8;jk>aceeOY4))h3vyJwIbh(Y1@b5)fIis zt}Bi_%;S2FbNOWE6+-osD-03@eWoq2_vkTpE>eUZBj*{VWW~3#DX+W2yw-gJH4SVAiN^Q+2lB%N*OOIF8+~{d4oA5ct*t3viR^Cj)bkh(i81+S$raAS_SkDND!|k z3y#n2JDfwTdCn|zsRF)rSzn)e7 zz&viPOelY@zfDD3|8d-t;CD`*GA?|1cFbwqk?t@k0JU9a$D{k@c!KV>!Q2z$%jZ_p7dl7yD-j9OToiFC?tjqWwh!&#6T{zaPTv;4}H4sJM6U+J5tEm%Kbg%f6IOcj$cEqzWu(^FQM=cugH zz+SNx;3T8}wCz>mV*RIf+U-7n7Lpk~b* zo8p7=l)pua(c&Y5XJSv4SWFG_Cv>>D{ zc&_n^L~Yyk<2vnA?+1`!R->m2_1Jp?S43iKe-x>cWpav&BvPFf6>)HbMb96eJv-f= z`U-b$iNJ2TyP3W@LJYiDwr2wux2%@!|M6(X`hO~rdnKqIVtn6y;hcN%qrYouwSM{h z)_(7yO=$GO#hx<}D{it;d06>v58Dv`)^Q5j$X?QQ1saJ>a3Eaw=%Y;X+s@>}EzsF+ z@Sxd=W62p9TyTU(6X5FV_xwr(WMGqxj3%h}|Aw4;)mZo6ne64K8C; zKLiyKCL4-9I4ZwiB+~&SL(VJzhdfD0)={)(&r`J9%2??A+RL(XQH^AB=f)NjUiSo5 zn`j?T+TW@v)59BMD?Y$oqhZPtC-m@KZe_y|CRufd3+YeFm)ttvdnNO6Qhj~xBW5=g z`JnGg%#FxY2I0%iPZZ%&5Y@)dDw!RqjV-=;bfGJmYnRgG?gX<3@2zc^nOT)y&Fy?E z(?<2$tdYE~e?vw|qGcC78qs*uZ>9V-?PmdO*@s~Ll#jM)OAhPjV^*b>tsWOB+87V{ zum04lGxxgIn^V5~5D7H)CpNkSybazNFp##u)BIYtMOAXg(YhQHMDqMaEw6>Y3uN8U z=1j*D=s;cNmE+JeYr>uxv6CRJ`QQ8(h|Sb@Ge5ej)1H_vO%-Y-3OWAFoUVJm6J@2@ zs=s~Nn)AH-m=SNt^g?6dQgMshIJM6>c4+DLJw>z+bOxW@?CE{QOED@~^kI5>`rwJ8 zk`nIpC)YXi%GgKS=YvXVl^(AGWRie%vBmPGu3igr_xOU(VbkbiHB?*KCvjUPt*yk~ z=N-A+rd^m;9$rRz&F}w7ZakK0$E9-Aw)x4z=yGRs|JO8?QS5QFU6##mBVtiG^E&V7 z#t4xanF-SjPe^#NJ>N=b)TOfg>zO=q)b8q8Fazv60Le}xL#bTwkEB9g`~ldc5#WtG ze3Yv005)@9ZP)Bas_Qu-OMbcj%1fNp`?;R_KNp;_yTexMz3<+=zJ zvQz4>8(j(|a!_Q5=E(RD7vLBE6f?O?;{?Z-r$wBe3SWgv+M8-OE^CR>MbV{FkY;}n z@$Bc~U^=$W=sb89386u0i^8fcK6MbXT78%JMz;KQsFyicjj{xvO4GJ+da*Q?BgX`GWnx}JD|a48B>Iu@3Z_S2fc zUraVRrb-74#0TfE-YTh)<2sn4nmGGb{I$Bo{@FX+G1WRA8*UUM1Da7sx@J&o*+ zmdaPq)(#V;`0F7?5xrQf2ql#Dp7P<^ZA5$axvdw6@_~Mj-y`nb{?N*;2tM0cEUv80 z?V8&3YZXxh+uVZs>-a;w@hieQs8L5ic+isw!#;XtI*I#Z>->nm95V>NjhFg?%F@Qa zHE{`_*-yXoLR;Y3(-03r{%yE&ekfeYR(FYER8ks#1-2Bc)uaMsWB!OzJmPqVy4`e$ z!~?XbO`AW<6(hEkxmvruaal_?J^0Nw)KsVEG?hQtWMZ=5Y*fgVSEv>iM7m}e_e#6F zAtKTJovGlcxEm`f%EO0Lu;mBe@fu!IlK)*PeQajoGk+ZWJ4AGZ@&wbh|7XDhHlKQh zwS>?o{|?@np4+wBYcYvUdxxpRICV<9hI&bYu$_e3FvoRV+Gs(A7tqdc`Elw@sau*# zf;trTU9bj0N7EjtvSxi8B%4M9aqvO;3lR_Q!_~ z*T=DmY!5l01D?!(-WX=~2bL`ia!?^~Dd>t(#dLlaFPFy|D6CrUK1*;I`K?sa6>+t; zF^LODX3yMgf|n7P;bj;X<{oXuy+hv+q_q8OmQ3JE(=p#(uY_^yue|ev*Qmn5Y%S?QOvaSA> z3{$b1+&n;SA9sYab<@h{au=h=+L?0Mrn%$HgGRBY1U8A?XxTlP+o1$d|BLU_e z(QO}sA`N-RD!prV+|P0@{9h`7^k#ru+WM4`!;+|qTx!7DOWp5_%Uwp5Bf%QtwzjMw zc;n^eeHt#7z5{?5sOZx%F+KTM(q_6fQGR}Oca7cFQbh6iJ?$qK*u zPVC|^^@I>v_Ky5#b)LH)BX5YEbm;EwV#vkMnA?maj24rxu`!tn56iuB^0ssFwj&z` z$D65tosgmUo1`|iUs=`tFmb+nLwQxd<<9>#+3$G_NOOF5Wj+HgT?%)~kilAFq)3rs1TE`Iad%u9!sBvxn0sl&_mwq?j#RSIkH z{XBDI5T^h1r}*hBHL4}^g{|x1X~mHZ-WSPju^I2%*534kpfS;YXcxqgb%E*TIYxJ0 zaVo0hyQ9L?!_y&VjvTzFd)U+xA?C(>yu5$L$NiU<45?xz0Ted?P4|(cqGk_Aq$jIQ zFa$lv$K}K$@A-(8j$3Nl?mOS;LKO1;p&7hd2bOB24ocP3q@bl5!XT&-5vXfnd)oUj zPcp1!>Fa7y`DdWx5!_x98BBc`${@K!TX|sgT_~>HYXpXQhSm@JArY zPteTY9|*)%R8;gq5#SslbhokXeI4oT5E0&Kh|kGL*f8Dd&gHb{)v-Pb)Lm6>14ESn zmL)2@HtJnUJvMqB-*?K7I@=m4o1=|iHHe3gW4@X(&Sd+6uT2u?MYW!cVHj;s-Z>?+ zg3$QoW92THWYO>4k2t65wscbeOddY=H28{X$J1(}-cMH05VyemGFX&|Rs6;2FV^Uw z-U10Egqv+JTgvt5DFsYkS)sE!jx{<*cNA}@Ds_O3K|(Wus%h26`cH5U?-!N40}Pi9 z&oNR4Wc9`~&;4&v0@zc>yIY`fUdpGzr_WU%#|-q=`5&%H=3*R*9Q-(OE}AO92ydB(D8b zNdjQd{jG)T7n#kwnnP`-neI>C2Ve@z%H9LlgZmdiKJNb847W@3G@GA~JiLvqjq>>} zdxnZ7sFwJ(D2ksi)&_59{k4b5F=~1si+giF`J?2>1#qBle{6`!ud1w zFpaA=c%{1kqHo6pdb963Pl-vujt<}$_(M%i4e}h{K~K;Jd0W~o@*~xZm;}#>G+%jb zn&T^Jg>vm)Rk4PrOX!bvBlHzMn3xHLhJ-u~7EQy6?ls0uFu|f@#f306Z@<;%w!RgYm6AQiAvKer~+%WE-K)v!BlS#?`n_#n@Jp!@Dz{CCEY zZTH0aK{rpGrGHhGQuy1G+ ztm8;GP3Cs$CZmG4fB(s_0r<9Ra8`Y2{&SxLf~Gg9JogcHhIUuMj;6{{7dqFBMB zoL+LW#uR(z(r($cN3`YZ58D!7u2|s6DaF|1v7br&3iA?HvJV>QofR;AuM0<}c64&g z$tE+I3F?6-#Q_1ivvRIo6SDk(K>r@mMR4vR&s(_;TKI>xW_vW8Dvht+G_z-f>YRNG z>Y|sJB(}onj|zaVSdu-zBuOMo~#(lYE@( z+h<0$y9XUlt%br)I|7@QKS$n2sQ2j;H_^T}s)>=MM+IAM%7NsWq>q>svmx+o)*cw@ zV*YhHec4Jip(u*-ey{KACzBaNEWUXyx^#+4-&S#29Vn7iV3ke+tE#_x$|_1Uaze-l zr&x6(g`LKEZ7-5IS2&)&yR42HvfQP7Bm022oGiI_Y;SMqj-WRpDc=7hPtZ~?Uub@Zk%JYqb)-_a}I?UbKV zm5@d+&9mfb@g7~_8p9Q%P=#zw=zine(Y^C?aA**9snP}BJcnrBx#5nh9fc923Lvp_ zX5C2gXEYGVlf7yGxw9L5Jknbh{h6Y+Zo}M!hK?_U?Zi;#?p zyBP`5j}oC%`XfDg_-vwDgg`qNfAzT9r3j%r;H!+$TXB+W^OP6PZl! zuV&4_^XErbgvT|e^URy%9yapxBtc>l81`5JKQzRbMyvG!;nW01%=3=widl->Jw4p$|g%UF&#=K_-(= zE0gFc<8e+zoX3Xwu}zMLKAH}|t$DELYSiG39|nG%@sKVyZ!~Bl_g2n0K+%-v3l?6J ze3^)uf(nDP8zJHTHB`vEiw(yln^E}wF56JnW?7A09bvF&lmwN{x&ki=?x)8e z|J|l;sa`Wu0<#k#DsO`&DFgJE5thS~W5Em7LP0xw4i6!6f_2C*Gx>?SRTIAZhJ#%S zHtTG+E;fG%#Z)oNjo`Q=@x?XE;77>8T1xNCPM{hlE4qh)SWsg=Gc9E=(%t;|CMQ(# z@HyqUQ3twko51f;LIIJG*HW8@rx7$ZiBmD|fu+92obi>P(7AbZc{fZHdsRNcKg87F z7Z33rUmQ;r40Y>8Vcu%7MTV&yDIJaPz)iEU^X6a?!%C;gsAtMjXZv6*-9q|EU@Jb6Ojzj#Hql6*l{~}&2>(bAbkOkT zZe(RH=rhQdUK!!7H=6C1(U9W9Jc&!n5&T8J(^vSnc+g|~&vl}t3*Qt{D)`XRTVq#K z=WekS)tPIzlY1abj_Xdoz04nXoX@43s$XFc>BEE-|7h2-MS(2(Y=bCF3!=vTDSi{BqjglS&(;7Se>`cs@jy=Rtgz6T4 z+tBvv$N{m{K49HEAGm0#pzAQ&auVkPD0w#z=8neqTq&&KQ~RCOwdolx=@Mz*p3=cZ`rEoTNk%60!H3#K&Ggwm^3Y2u~+?q_o@Dro67+lf-#WqpI*#074;$^Q|! z(q&b;Re?Lscpx!lr1|!8nC0fD8s;^@Vx%iR>p*055-Uhq-wv=P;UpVMej$bzDm@{$ z(G*0`I*^IYktpqtu5NHX)AfltEm5n58%<`M7Fdo|e11$JMexwl|3!eRmhcZFqZ?Nk zTfe73->n5qk{)?u%4mzpDSS_OMOn|l->uzQ4o9SC*mrlT$i1K^lSXDpZ}`bulEjW0 zHCpb?Y2!ZOxk0Y=hF$a+ga60YTYy#BHEp09L8UvTOAw^Hy96XuLb^e^yFoyZ?o=sJ z>29UFrMtTuHk`G6U%&tR&NsilwW@gQrx#ymdYoyq1ZV|DOK?0plsyTay z8Bt;0h^W}o(-6MkPW24Jg0pZK5CB-qM~G0}Xd0n#!8HXj$qJH9q#GZRA*giT8m@Ae zzxD%O_lJ010mNeG4?G(~5Is^5n18Ymnq^AAHWLvDrHI1HyF+Ttl~B_Dt}Dh~EXdUR z)qm^5hHI1fhJ_RD?Si)J@JB0^>hBiLzKr}w!+O!2SMXoy#9j4{R*6NEoeX3~J}A8j zHD-;&bl{|tlzr8iq0PTNIaJ+>JnwSo8M!7Z>~pqi8&ERX<7M{!u$S7qVJGdJaPR2J zz1N_Otk_6=brxZ_8Q(vWZTv|Tz~^KdSRNzZw>C%PvPZFs^f{Z1}#xM6q`SRK5I%6c`rSQ~xu3O}_2szY;G5DDJF>n^-;r^}8a-b0vi@p5d zD#Y{xpCM{!)a4P0x_L9QwLE*O&RI8417CTRL7UF#(e`=6z$@|(F^v*r6Q8uDH7CY) z)uK?oWq1`$%;VN5OuW_*W2X7u*@$j;|DTBy(JF7SUA{|M99%Hx($8mAV({DbMn6p!SjmnB;ZN@0JMJGA^(>9&Mf zA)3mUSnPmr7ws5}t1fPU^LSv;hH__37IkR#_0#5@CvXDfSp4zCjc#O4*;*};t6dxO z6ItCC2dq?!h=`jJO;eiiWWdF;>KmCK!`5j|iU@gt=@& zF@OK)%iz^$wF%d6=Y8vEY_G)N(y9LV13}Snh!5prab(mFseK=b3!x#feJkE6Ej~Gr zd-QI~iCSlDuXeiIOawsH{AHR(P0u@3Vnql0%omy8-9LA2N}k57C7~nF(u2PGgE)jm z7aRWo`q?SE%~BUjxM9&EF<%^7&tpwmh5YdEzP>A>)C*f~t$hrbcXiPVTO`N-sv9C- z%O?u=_|`=M;FpbL496HOL1Qq*Ll@0GpVowX8YeauFYqb-(M%v*#Q!NefPaE45k%sC znjh2s?=9`)Y*{`AUyRl+eg3_Z;2&*9L~4y~uhw6GxUn*yz^Farx;Gu%%d8U$dx7?j z52rORx(+H`JmOe|XX_mvn(EpKj|&~&C@**hyzftAI|(=`H9ler?OYLxmC=ib*$BSa z&lLZ{5MfV9HgoKE20FxTZzW)CHn*G$l#X3vj z!1eX@?D5B7W~=5Q|5{pLa5zb(UUtPi&bOk455rL4d)Nw&*8t9sW7~A~^eHTZFj;Sg z;a8zg^ild|q&?s`_gd;w75Zi9CJodpIvi5;gkT(?T~w^DNGS8c7C!cWRw))t@;a8y zsACai2-?EaxR<~r*$i3`IC*%CW~vGab#)_QSFLy1YvF0O=K!O1V(i~y0Xosr{g{On zx{G_la?}2CWB~WH=i<8ThKf9bc-^5)80|NN!$Cj_w|b$9gvDkW0Yb=Qliqn3;W+T? zvqZ?@_#IT^d~W7wgVU7dCP8GgP!U|KLIiO`t(!k16a{&lXou< z9OSXqTf6qPBty{u!tJ)SQybLD$>i1666rN>eV?p%WdS8@A@abggl zhgU4xQBg0mmR?}|bY>3dnJRHFH<~CW`?C=5|8J4G6WfDPlBlgIjUfOTo?)Ry{Dd1I z8H^@Cm0-QAtyrF=_w7+9i2){r%y(A>tPSW#L3E~9H&4q9>Y52$7tSOm#!3f;Zhpi) zC5u`qgx=_!>&;dmS*k(Dcm}g(?~ORE=4T5X5WmT&uS68QDs?^3-34bhQ5TOH&GL=Q z4>4aNT%nsU)l-4kEuCc5kJB=5_vB7n^SKRG?j3cKqnt%{!9I!7 zvVRJboE(gerv7NGCm<>t8ET=mFx^bPx3_n>b3zP~IFOFt zV@~y`4CEQY@KGY?^dMIHVXwF$!1wMXt7AClOS%Ie0E}(Cpq6awB=<#)61ht*_nzf- zPX2*iv(RQzEsXkCstD7D0KYpr)n< z#F!7JE*+Czoi>(tzxRtTC8 z`5-@UUh)@cU4^N<-$v{n^j-4k%Wy3{C^dYYg*5lIcR%uc7U*A5&8=#uh>Biu<23_J z7m;x2-bLYTwH@&@rwTpxojN2KM3i&pe>3$M!aF&#oF1h;^s$Hp7?_@K-_ouBpkh&W zU%-k=fLIU>NmAhxFl$Ga1V{UaCRgDdBD*CdBwWsJ6uUMJrg9N;n5K^w-U2&x6e!@k zD!^3GBa=U9H0O^axl|QIT6coE18_Wr2R20Fc$|-eYg_E#)*ICMVZq) zIyF4}XFV0q-8U`tJHU?pyX^ln2@Fmr~v)?pBrLLG&v&uE9d?n+lOC+ zo9pru%h-1U^8-i0v+mY+x;uZ*Qagq-Qv#be>{&X2 zzx-Di|NRXjWlrZJqMT|pR;+{4rg&5hs=RVjd{QMPIBfuZa=7*?+#L?E~o znT5Iyn{7_Ovwt ziVJ~~+?}R8lFD3uix)cQQla`+j|h$H=dhoe2&8)K+9+9HEH#Rls1*sFwdxA|8Kria zZZ&1vMQk+oJf4+En&x+8=#grDs!}&nKp|(Bwwu zVklG2KymEOuFrV#cM3T`w4)V}#YWJ%#7C5pUyGn9CNIW3!NdX~MVsyR!Ua=-Cx%Vb z)Rh4_qOZ*Iu6G9gqf3Ma+UcbJ6f>P7hy|qHTD;}?TxHOrAf`tTlBmtYskN&ygPf%d zK4&rWV^B?jx>wcgR}oIT`<|PBuL~p)65HJuU+7RG5jSu(Rfy=dT%O-9+sTvlGlp52 zB0PE<`)O2PqM)RlR*~uny`1s(cv-p`{oCU6@zZ}EL3B1L zax4v#?4!__2XEpzKMLZ`Acs8>?0ypsfC2trax`~wcRYMw=S*oxC|#7Q3%&5}go52iiUtHRMS0~2~ERQS=_7sb-7~&|R z+?!bx zEp#zB8ZknH5k8DAZQC+hnY?ED}+}OaG4ciokfU|QdC$np$fSp2dsD-!GEmI(B|~VGR&0N z8NY(~9bTe2RLW!Fxw?Uurk0-wQ=q4LXaEIdZRaXPPfdeHisNXJRu^|&y>mP5UFUH@ za?n2{N30eRZ~fh{$UH5zO|D8SO1Q3$e|TyNX;Ks<_ElYw3m(9`CkcNYVNrYfNW0I0HF&Xfo#X$m|F6F$>uS~h)>MYj@17cM*Rd2`4{gv+gkVyxLASZ*WMRshBZB=um9STU!HuPU zgsJvyyg?v8rsWGU=`)rx3X9Z4PIWPMb2TIrqdMz^tJhL;-8f3bv&EwsMY}%PV!zoL z6NA2|RutKO7&O$n`zA+$Wo}j4g&aggVr9q6598#8LAg*4s0gl8TnwDJ><#Bp5n^KP!{vxbX#H~^H7$^HgQ*uQ27))@6P_qfmjg?IkH0z+1{*P9lH zWyst2s=Wyy={Jiv^RC!UcOQ#aJga>%ikq$(%ChUNwJ&N1mjd&>FlTgqh;}B5J3-cZ zE@}VI#ukkURIf;PQM5*PWM2xs3!y<~ghD?>IatNL?)9r;d-ot?8bi2H3T!z78QeE} zThFb)tdi(c93EP$reMWhFTOq>6~TBk$7(wn;<5 ztm91;Z`+gC473j;tTr0hY5*3^n8FTd%4CB(M@J;_j@5Ti8|!o;US-oA|E@9i8?$u(7;-56QypI+ zh<<03Z^Q@|^-zT+!L-XhDwAwgC7C41r-T|wf2rZka0P+h-)z+Oiy75+HHFqc5o0&9 ze1!*uZ>#_W7Qhvj?rwY|jHF2djiN|{4}31_H($^I@3~~Xl`<(t%=rthdCkEa!^ zdTqdUctv;KXCA=%zI`w1Ks!4l^Q@`*yDYJUy40d`{LYuF}kE8LQD&AfV4#JAsg}C>Gk)rBfX;g8< zGbr=~WZcwnUWLZ!3Z!DachFKNqJ0(_BjB0h6}`}3xLzEInjjGDeyh@p{IhD+6)Rar zuH`Hhex{t!=(X#oPO~JD9{cs-f+?@ExY%T~GrQ_JCOVX1wf=#11C#0RTd0$!LdW2U z!b@l=&B;#~7=qp|V0$0~a>Ag;QK;kxWzMgN!{Dq1FeJb%iGp9&&Ho+-zye zDif4DLC2>M{jSMU-U>5}d5`U95h)yW6;VfS0xv$uld!2ieL@=08uGT4pe8CzI(q|c!&b4%{RNqY;wu^;}8Y; z1sJoOtl}u?pMD)Szr4YRY*CDFzxl4c{5kntz9Fp))b5is8+D@JUT_S;N}~ZOfJUw1 zLs;cLu*kRjOO-{>w46snnKa7?U*)9-Oi#Z}(j&v_qnG_azOtOuwDx>z?^giLCxSAC zSLy|wH8N7$p2@x3qf!n^N^6SQ2o|e9<7s5SWj|@BA3pVD7^P+}pWmKe$UYyrNL;`{ z7`?KFi=-hEj~+wH*#D&FGMDi2<&XG1&vVlYM3u?1PY6y{1$ z4u|Z&be_VizW>I*X>3TZQ}fcP&RKp`)>*xL!lnv+wAfu)?`YAc{H;|nnG}ie*!y^E zqpl%?P_E{XWwCZ%m)BhAm6gkjzwmQ*aX(N=(HDP3Wm1m19178=!=CgQRlHo(as6yH zLIV-qi6nK~V$}O3r+3dU?X@YflyQ1RY9;l2QnuNs%zWr45)>F*(35BJbX2JmV0LtF z&`Egx)b+gaCUjggj-W;V>|ysU_}VOvOMNLd=XE>j2cU%iSETQrC}3#i23;~hgly0s2tr1XvrMu3%PgYrfrz`Z~f4Y%| zPf3MTI!HQn*pw};AYcND0AyR3M576}L{wGcTZw3RJJ>sbY)V!tK*47OnTyS?(R2x04d~ za!7U9I+>bLkWb~=@G-K+qG2(R!+FmG&~r%lr%b+*jEYK(<-!8-6J-t?5?C};X8uno zJ$heMtc-wAz$M*Y&%}flkTXIc0GQRjsgj+srRDrD&x^9_bOGZSfc^}3yBmUNiv)o$?e!uAX$2uiOkt37WX!@NbU~H7CpHpfN{Hu6%J8-=%)zp z;sv@4m#ERH#OgBk;MihtU6-@bxgs9z8}iCC)BJWBVpYGMEm!6wMn?1yjO1F+UgAKm zx@#3^QuWl7V^00kG3rJ!R@n2H|8><>0pO_bHd#T669y0F+|M>2hfW&ivk6vI2VeqaD z=jG4Rjr2fx-zyaK#v^HZ@{ojtUoWT3Z5)~{JvCoxJ;kzXA@08+O=K#%}PMf_d?_D zqDb3+r|2r8wAI5_e}?<+dSc^fOUWCXgN2tIEscj@%ttR#CA}5Iaar@GZkM0V9v9l` z-{0}T)j+*3=HP3bkE%~QY3k$#(b-Ba zsBQ>A{~L_vDT45PB>mLb*s8+RG+;xhKWIY15WI}$pxue34F_0K5D#pSABh6ROG(KI z<5RoJucX41*yhZVT{l zt`9Rk?n5XYlzF$XGuR^tsGAHyClv=wLwfb%>|NGPrvi{AEb5GB{4p79k`qr+W)#?* z14j2Sv>r_nryS!6xHQX9z~IcpWj3EP~Yg5f61}_jeePb;r$T<64sdhRMH7n(1v_ zXgyhLNjDJM4uOC!;T=l84k9pG70coq?Zu;@Qv{qS5wawmb6=HM_s7SR_Umw5LV(%a z96R+(76 z0eDz5@#lE#0Xk2WR9;R!RuMjHjMn}23QvTZ`9NV$L;eZc7N>BA!t7Zda%@rEal~Zb zzs_MqF{x=X_yKM6W@6?MbL_P5R8?IO z8r`m>HtG89bj?!Ij|C~a>UJ(4Nvcp>xwF-0>RsHvDlwkTpGjWM@jWPvO`>ILTEi{R z?8?{xuKtrSNh(5Jl`yvk(!CJ$rAd|Fgj$Xy9pfY+Mlx@*p|IkuJ=o{6G`tnq&z}AA zM9HqpV6tiubj?_h}klz16H{;|kByMKGGZHpKwD8{NI7uqPLp#~~c}rIJ9UK2^-mYr3qT zX2o}$u>3OqKvu~8?NxI&sEhzR=}NfXB?)>}#Ue#IG>$--_CS+kg1KW*qqk5 z%Sg;)GaD+;+=K{Ddu}_0c&3_|gSHkHzdrCR{7muXM*~UL5Rt*uFg>GU$N5s~Yme^k zxTl84Ibj+Vhr%FcHM2~M*lacTHpp>+AO2#_6QgB`6`aLO7SFFPdn?tm^YS{ZzBk=n zGn#0%E|1wjyyh@xu-#`~@?nSTvIL2zHAui=)x{3Tzb8W#!r3iM)uW0cjo2gz-J z%B=5vR9{98X?>s;4mS6cB)#_s&3Y{TI4fu4(ryIluINorX`g0_&;{!HLFGah{nO21 zdhNY=KOmiNYVNLyb8e84kxP~ft81-0Nj!hl3i{sdC5zmJG5%jjCtBjy6n7!x{W#}wD!ji9Kr*vO%Fd} zIGcu^UP3k|(u{!!!=(I$CyE2pzaotZWXgM`S5Jy}mQVW5`E`?QZI5?mQ;&J`_pE%v zBl%R)Y3MM-FcC_>Q+jeWu}wy7l7wD))TwIu_xvbi2a+&ph1)t=&&nM@YFDQkQNGJ-;GO zBtm%?T1eM+kX2FPWUj;YS}oCN##RauArM4|c_Z{yu^sANB;LJE-8gJHJEP}45WKB( zdZv1O62oVX3DMse6j_=G+j3*I-);jBca=6rd7tEvUi}sj|_fbd$DGG!hm@MMr=J&nD z$zdOQkOkfDsRVC_0&5Hgw8zGF+pMeS1Bz;Oj=GjR4_hyGj)np;zGzi@kqGz*LKdqF zVdRm)8;OnPO)bNs6V46Lab&?-W2BdSXPgm2r^-KWmmLLf`bN#)z3b34%L){@^8qGe zPc5Bu&zQvb_Nc3`hkXzuSe*B`EBoj|fI$DGxY_Ws>E=sL4uZ(tA^ZUE$@82%k75}^ zGCbVVPN55?7NhX{Ftg0J9}HUGQ}gf;00rXtP;J{OvR_N^`_1o~js5!QgoI$n0U->C zvd){}vjy)E8FEh&9d>qQFjWxN=+m=%92+a{whBzjrBRgO;!m-z{{Dv$*j$ZGO_#|p zW|g2i+pE4rftjxeQtffa*M(&DJ}h|%7!U+{lX+k zFVg!xdMh=CQ0UEmEwQ6*YKRPhNPzXsU5MwtR**hxC~U-*CA<9FCWc}6t9QQ{(w)AX z_20~_v;5qINB>E##D}LOQi%)ly^?1G?|x|2KjP`HCn6#mu7<-UAXwSMW3+4U)1+s9 z*0C%@#y#@{zuE;hhtXh!& zK~&?r z!jdVFN{WvwnueG6S;H=twAW{21iY*cTvewj_?0J3SORjUBy&)eB)P-<4u0h$JoBQFr5>#fdI^a7!AG}C&zfZoB6NG)4MFawgXGyC0g>5nTD zOe;(3(YTKZkIOaWl4s}S6y+rbD}>E$Yyb;94upb_kLYuBvt|S&+IRCa{ne!rY8ns5 zz3ZS5y;dzYB-(XIjF8)wtg0Dsk&rvbAK1mcQtcy(g+yoCxGrMv$vC_~9^k*R>Z`ru zZ-Ac9@Y=N4+Xr(Pw#kC!;-#UZTREhTY&#~cZs$++qc|P)Byinqe32jlm5Bl}#Rv-WY8U6moas=Y?%U~=BWOZZ1 zs3+`|wIL0rcgDVeZF6vI6z>CH!8KfjK(W(3PvmdkzaK5!`+UI3e<@{ZivP(%R$g98 z&83Pd!awlQXDuJ$@j|WerJMb5@+Q3~kbnRR(J54K+ZGzb>oY$!s5D?ZR<~em8JVl`_9GQ1ii%^i%~eqouh7F!G}7ARPrt^+{`tHR2;hn zbc(GX9gAe7+-sl7q7!qIm}NS1gPuri*4Nz{)h=jFSEgJ~6$IzY`{m^1y88OWSqUXy zIFu1_13H7am%MN*k$m{6c}ruXFFV078}lCcs0hl+%6D7R*0r8Cq%5@q*(cMw0L zNYbd^!ND4JPDtDDc3AIfkO&2hL)~>vO`i_bFN&Y;Okf0tp#HMes!p{=3r}(hq{T(H z-;=G%A%*j^@6^C?MHkw&yWJ4U`c&g45b%paI!YK~+YH4AE^tg@VkFmsPdFB}3>70I zO6$cO0qg}CD%282=ik)-p;Q0pj2Ye^^g*&e=i5l#iOWw99Td4oZML3!ha3yBJFnd^ zyobs_ATSg7yvAD?r1)yiOF+)=paF^x&KJQJqxorj%1aY^2L06wu@rK<_|X({tN}DN zbS?v7l$s8XRBpfO>7U80<*@m@>0PcJ$gb0*9N8CC6$qZ>U3FjM{Fbic`l6m(CONC& z<9lmnfQ!VTEQcpicO0YK!F$_D=57np8m|DkA(BQ071@vN=Z+OR#tjq&e}BT z4OGX)Fa5cV=DjMP=djczu4-qF1hZ_<^5KVF!Cb-uOnJ1M-7mChYVIO$Zu|V4`On_C z%7}lyl$1?me)y1{o*n{;i1v~%Tf9A4LFS>R#vvj~DJ=Ua`y52fT4DAOAl6VHv1Uyl zNxXa+`3yHFKc70DM4Y}VGaN4>7Iln#GAJ}{cOulii!6yoUhi$ZmD1eEA4Hw_kmIZC)oJ=A@BM+JLT zD~)odyWTy7`G$QB%k1E+6E)@AgiS5;@x@oPwgd9tJT!opk8N)?&VKZxV{}?tcz0aB zoi}-Y)q7g3z4s9dRW|M4i<<(@77AMk;VykNE4gylpA@|U8Vjzhyk8`$3=WOp0!V&>C%}fleUxJf>Z~O#GIt3DIIdwnU z?t0M5y#0x=M6Av^wRG7_hO@73y75j=O83<@$~(IU(~YfF_$1ST%jN#udB0}zn>%6m zz7q+{7{Bk}Xt>ZHyN$_i3>ADM(j$8I?e>y1;+V+eD2Q&y@k#GXZ*6Yj1lBED-HW@F zvmc-OMBZqlL)BR-s+#GMWBuxUU$oGOVfus(bZLbFL@Vl>-@n&gR%Y7H&V~<&w(BD8 zXucqKaP%`V0VB@d`kaYL>V*Tls;a8;P_xMK$qCy}2SLFYXb^|~y^DDiNn^trks=xaLenY>8NUa&Q7 z4kNOV%G|Bp&;@3+6S!^qqE_!|Ff&xTnqDNXolWSr%d;?b?oO#2P983ST1fK4>apD@iH$haPA9CKul;V;dR-o%;LR!IuoCPvdI6frEe;EUsbKxd1pk0&WQA zLqfP3r>^@JEiUe#c8McQ=`;>;RaVFeaaGcReqrK;zb!#`Aoz>)6w^94rwugDJ(_LSSGKdsE;g!oOipO zgudVGCL3P9DC^uY4cX?UettgK4SF)_E+ZqPpU`5m`p8AlAOZvT1&aBQThn)FJ}T~F zZuUN4J!?`VB4259w%Xy|@xwwm+JLtOb>a3c3jN)(CwJ&YYE3R%sJ=2Z!;$AGi2_la zMo5U%EZrU7Wp~nl`x}F!r_aTHS8s1COd~;KZlZ(68+75j%~rKebye*MIx=4paC&UJ zIcOyIW?I~YA1XIfLIoQfprYzcYWCaSW(aC!x?EkjmsT0ZSK8B5Q^UWr8~Sy5(MfJ_ z70v?4e-J?c^3lB4iZh8<7iCv>X|v1gj-UR4z?0JZ;dX-Nv^Db3a}O_rZMM>q?D(X9 zB^yJeEtP9wIh;kfvzLV_N`U2j(oyMjYxFVLY)F9P98$ESQNOO`b<+RN#6wgz1N)O7|fLONhKFkT4{Z*9n#6gU^= z@2uKp7}e~o`C%OXi$|UKE1l#%KMC}_A~!O=C9(VIPk(!D37Z^Z zh?cUBPH^?Y+h1X|2uGgpO=YpyT^-X^d_!`%XpSrK88#pS$C_M@O6edi{o}&$yB=Ne zJA`_!9>F_Xl(6$E?kx9LjeL5qw_H8YlHJJoJYb?4Ad6t=t5l^l?)pMO@As88wM}ur z*$B^Z-JJXrtrZ^wTBUiz9H)ls{V5d}^! zjmXG$z$YucjFGXMq9vflMAQeTwA5lgCy7zc+pP$WVJ;R77G_T}`7Eyo?(Xiq_buV9 z1}&0Lxs-?(8jYd5EN6cUKuF}xD_%M<8@ zx~|jSG#<~a8#S57BAm8o|C>-rD*DX@@+4i4+T--FPNkNM9RT1@CuVi)!X$BDRk>VG z`#sBMgdv0qTItm6#u5R?ptC(m`vaTrWuWa%Sy`FgNX3@M?Vt>+?f%D_wW_PxJ8(}*JyJv`r@BlbKHBAn3nrrqA& zX5CLVvLBY>z(hUf2wt(^0d9G?9GyZ(*+y2Y>rPXv^@(luo`}IQZo_2@`|U=YlHD=6 z(ywUm^QFis&qK@;=RRr~sfE|c;A9(@mle@Tt`i||svWvQm*EGF3=6O7Jr603N{_=? zN)DSmhk;d5$YlS0o-rHIr$FMk>o$9KAy5L6vb)vycgb8ggCi6A#0%*<;3(z>&W%I4 z@&pRWZVmZU+dx`H;XhS(N{|n`$9N0QDy7)*k9Q-*ny05DjDK^ao7(!FH?URFViv3< zQfy^1t`L%-jy2{vX&piiH!jyeYX*zDh+&4c$S(}Yd0BajFt7z)H=IYkzDd8XU=UNq z&rCXOY%4%6r@k(HNmY_&SHPb|;o|z*S@Z0Ph0a9(!687Koz!dX>dDK8Uro%;MgaCF z(9tSoCxp~Rqdqr^0@2WQ&0h+o)Mf9%9Q^q2MevtRttLlPQU>_U%{^A&w_Ywg01t$TnH zCqH6>^IMQowWAh!@ik%dM1EzP7JgT)1Z*`VwJ6fO394&42QE1tsaK8&H&^5hu0EA~ zN>$``Q%)+?;69WxDhc~0>}Ob$QY_XSZ#kkRGLI=8UUy{E4Bymnkhk^h_^nbAObCLXV3;G%jSrgT0@DZq6fX9%(KJ@% zq)-2t5sJ_`v;xHTfe)(~k#`k^a*>BD_lNg$$5mts__o@l-9?6U|4c*-v#kgbDfZuK ziQVoW(Q*@UP)upYgmKf0xnVtRY|8un%FEs-QeWLry(;6+ykJu+$KEuD|L0o&`|l-G zJb>o!;D5)3&DQ!+V_CxAzYoa8@uFsrsn}qY-Ez+V&)0%b!2|xgNdGm6WSSTU&7Z>x z7+^AY*ts!VkphwG*N~MK>}i3YOYi^s#(%B?-k5WMh56qp{`vSzKLtP%|9?LS{VE?=uyX9;iW3nKjf*l+jJbO2x=i5KaV>W4fVYb<{K*RBu?xezVW(xKw5x*3IC;mT|Th0N6CFN%QEkCBpRcfw@y)K74HR?{~ ztfniFL|;c}SH8m&zPUxgExLPT)DiJ3JDebGL!{1)&EtI2A`=i`6;C2422g}b+Ko?{ zt!(J|aL>>|VBH_yy|c8Nwa4KfVh2+3ICh#k7F1T8hra*!;-PcV6%`ec-2N1y2ogR) zIs`fsq}Aok9eOm_OFpejtQQj_BZfDCs6$*{9tHHYm|?PJ;I^9dYl2=IPL>!z{L<4& zB8Yj=8Rxxl2>O%#-+Wgyn6B88RaATkA+c|ZsoBb_g-ruQ)s9YBL{@qji`fS=xV@hU z-|uonkO|ebj!0s*9pF@Xr}A0igYJEYlSWYv*0?Yg8fFeK_VDoVl>DPoKq}g7LVK<`x!Wtb|t86<42a7ko6pl3l!03mhAJ4Pty> z8X8Cdn+Av-NP?cFebAe|Y7ybvLkZAFkcy5jU#R~nq9KnTDXxmHE;?l0??X$Acwfz? zI7AeD+wLA7Hk1PH6avSeR|Cr(&0utNd5Q!oBUNbTA6e?qL7razqR zOu&cw;2bBY>psH7BkznL3RKs1pTeb^DAtQ|U2xBD-K9k|yy!@#t+kpuaa&7B>Ys`M z;-pbwM=5-}X#{)NJPQttprxe>$l`t~DZ!ixuTCq@6kdto5a1_55Zes^0f7I#IEb1A zHqUu+tj}>0WXpVP>mJQFSXjDAy-^ahX8_U?RvJPQ0e}k2AR*8i6ow-(WC$d~HB!Ll z0gOCTqnugNh0ZqvBl#}!vqyt*|G|M3npfxaI*qpBXepM$Kqub~aQ=UZ;%1zD1g$KUcM&`Ni z4;~e`PkqlL7r`sgj>6%jf3_63Um>ugCaAI_bUjt6Qm@5E5OWLuKdp4J;8ff($ARf? z3k=No9r&0P7Nfa0JXVuGy?Go!XFZrwKJ2QroS?{-2c(?{Vim;iMQeeEv3i`EZ?R>| zL`g4g+m?X5XML?W=J`w%L z)c$#fSabl5R|BvGhx-Bt5D3V?hSoaTvYYYZWHKqp@4zTj` z#Zsz^Y%&}uS3p2JxOe=us&KRXf}BI z4l|q~y^4X_r{}2XHsZ+h1;9-Q^YCVqbgiwnU-4vtRDjQsJ# z%BjCs;@!K{Q?K*SeFyM1S^_WmN3FsmBNtGqw+~$bdniO$N+l0l-h zT&Z~a{R{sJ*F$W}aPrPfk;hF-eGwDv!t>*y8W~&DSGkoY)#dqfgIp)7=-7OtpR*-v zt3sEq7?dj>XDINR4*TR3DG(>T5M+hg) z3svBBy$;y-oJrHTZA8Jo>v6GVX%o(ryz?^K&;+BV1Ag-W`gy2cLLy3w_c%4mCms6- z>z0{|Y(w$FOhS*i8BX%FMD%Ik=yUCS$63iwk@V!&OVPVlmj&e+g_$m|$*N7)jbx^W z$PDTeutc1xGjHT%5>zznj9V-LKdIz~csf=$a_nxgLTG$~P<2z97W6|t`DU(Z=Zw=^K$^_r_Luf_d#~V;t9k7w1+K$z?#|(&d3D4LLZkq}v#_#qSpd5dl zr)dmq0OpiCaw#C30>}Q}-_=*j2ZaNRb~eWgiJvN_27y4A1+SDAH}$h;NOPX2k|4xt z!x_{yS-iazk4Kr|vyxjbqJNENew)*JU~ZZc*vn+~+xd9=7IWncCvl++OG)!xFOib2 zo#XsXWuRU)%G^4N$}T7KfbWKX$_C@X6cQ1fN_Ai`Pa_kH16pt z87eFgWsrfLa{E#^V&db206bj3{R3Vys1Eix-K0c2m{25+NytDGE$5SOGa=e-Ewq|S z*km=+O4iNr*`uWBUOwg?dAt64!l3rsoOPH?v=dHPx}==Q6-9V&xJ3V8mmM{k$iO3( zB|246e0vic}HrdF38=sQez{(B=97m zBQ&P&*Ov@z*5@}oCQ=9IC;+${gHn?9LoNU$$n>u*GzUU3OuFpX-n-1_!KX#J2Pd0?^Kdy#DNj3dpsjY)$ zhFxw@FvGl&QmT86;M1Gm=p{4ybDyL4NTO*Oj}ijqInbt4njk`xH5kYZcP5h*H?nZ3E4J&iFGGnubMQS*7zVQVkz z@-f3IDR_^EnU1(2CkAby*QNSKTq|tp?^fevBO9#%K|?#EXPo;yIpGJwXs;qTL5y4i z#H>$4(U~ZG^%)uG{4*OpPynoOR1%k}kzWzgl>sSqs^hhGZ0Uus)AR2tR(v_&TisBh zM_r4#1e|sC==k;}=P9IO?yxF8Yx$tiJv^1@Q)>-mnq!Zj7}QvoWUen{Af7x#rK?L2J%66^^=WIf za$e74VcTqj-t92L$X8mAO0J5lx(fuapJmw?=Jfd6T5+_=rfA4v`ZemA-b&s4#yXjp zeA-$t*kMDkV&eN|#&~J^`q-)l-QF#Xv1)kqf?kVSwr83=m*QEu%!u#E>)yz{nA#k{ zr}&fvxs!Rk87n?n5yhw}2KIwNg`PO!@1|-8Hx5n^%2-{TVMin+(8tXWJxH8V@)XfU zO`Vd1k+`71qN(LuVFBDHYRvzKv$qb5`fb~NLFw-9M!FlM8$?=4TDk`T0YxMvL>eWO z?uMa}Zcw_ryF+T<^Lw7>eb>A8-p8?y^@oK6^PQRdd&hO1=jX(D0@u!Aj_?FN+k0nq zt`szQxmvEDXiC%&TwGizX{z?DC{jf4jA<&UsC+&;{`WaKvxG*P7apv-tXDa?xtX9* z3C>}uEQV%gU%*a2hs5rOBHg4cb0#*qRvzjRH?Cr5KLu$(7spesCn?+4$IpaCX#HJ7 z=HWXy{d|P=MT&KARu!Af*J>Z=1Zmq@ODgwr+-cqtqBn`sq`nA8{lUUFfFG2Izig zbx=$F+vYidRo@?|reEN%fIqvIM8uXfx)|&UsYzWXTQmCZZ7n2yPBhsdm zU1{CYgGAN9k;NTbqSgyGfe(g|z;t_cqj|}aIw7*%J<#imc2z}x(nj;-0~{|e zua=2!0mZK$nN7t6Z3ZN|x(O(qr!1L!y~D%Oy4Hw5m)5Z9bw-e0y7$%rNQXhB{KGBv zb9Z-MPm`YAiGQfa7MsO}U?sXr+l*da0mRxdO)2Zkn$r5qS1^UNw;HIh>lMGn2PRfU zcNWsTbjUM>NRk=a%YUB^9$;feM_-@yYGZQ~bfOU1^h-OXktwYLWKUZk@41)&0h+A# zq`XwtGnHiElr*;6g$Cz%eb7~A6Xkrh&N+(3&W|RMf*zl#dAbd#(dEP@Ak2SaY7`II z%Oj{q&)t0}hv0RME6@8!IZgefuq=fdb*3qu-Eni9gO&gEQ7&u-NXU!TIXn{%wX&-= zL2i^DeVZ2CZt$x#DBFlsUj$2+?tL?+TRPz~gGxVV(f4gSd?PETSdV%=^jN_^eO*kN zZr{u++`5>R`cpp-3%WUM`tqx-JkSIeJkxw;%k~|uwzR@7W-)2{v?tLn*H~;L4x?tw z%+_($DLzM@Ec(TfoYl(bskYg}MJ%xi){5qsM^rnj_JoPKw{prt%&lkjYGfqZU4JAQ6lpj$bK3TBqt}oC+Tx zG&tq08kEBynNtt>c!9(JvsjKIB-Q9Kxkd}X&z4p5Zs{GuNlSkVx$SE9?Z>Z-bJb*6 zUa&eIJo9M9nG^hjbePifQ_6fgdry?^v*3KC09ocAm(ynor?)vw$3FD)*lD{T^+n@I zz&#$?f6AMkn@iiM$aS`;{jv$O?KNKeio!k%tAaaAaH-D?3L~>v$kgaO#CuR^Vv`SW4rad~seBEFYS(*A)y$C}hl>2)Hwg!n+i8>-#d zN*78?kzM+E0Ycjv61($QBt0eG0o}ohJiBj|;^ddp?NB@$F$Le!9fHldg=r1D6dhB( zHuxeHFnvau9a8A!$f{+LgqZZki2cw#2);{a{E`Hv{l;`@YMnbOOKN?jsc>0-MXVi< z+aF`D-Gp^C$?Gx64yR=vJ1y{HA*u6Hoq$n(T2dg;C4S1$9Pf31KnYVDNd7%4EpSX~iHvExx{{Sfv8-I@Wgaj&CQ&`py zb#M#}2}H6e3-`*tr~0))h%XozxQek}TA^jyR_t+;P1<@Glx-QP{Y}yND&#s?8FO*K z#t66@UYHnyA`^eM*G^FEs?!@g=jb6<47y|jIr~>+pt|`rZEiw05+Sq97lced=VnD+ zNhFF-NQ4X9)UuR)3er=*e*3mN(=FgI`5N@?b4mItmjZ5AK4LE}StInpC^@?Nme1|c zDyyn+fqYZyV|TYg@tr$kH6sR}W*Vk$A!f6aojsZh8bNEzACmx)QT$8E0FiBR4 zeu<@S@G)4+d>^0LTi&*+KzAMvirl9iyI4t%8XX(zeAJ#V90BbEQ`(F~Qf`@8mlDG5h5hIKzj~L(4Ew$bV+{C1g-kduFZa zSGuKey^ovFtFkVKHy)!Ad|}3`e24PIF$5?GnHwt5)PvV+h-RgoO_d8HBx3P5#e4k? zd3YG}r77AAFFA^KsUp}-4c}>8F=nNQNzPO^#%n=bs-spAm1_s# zxTmb!v$aZ5+c763R8tvu47MV@)EAhJ?>cbEgfnWOAOAJ0`p@ z47EaDyhH)VU>T<&4X|3$W-8)fAbd@W+q+qeOPeF~l_!N97ApXyUZsZx9|Id(xreR5 z=-3!+1Xo3IaM+v40UZn2(rp+aijp^!(&I%hMH_MWh7`r6PI`%#>oT9-rgd6d^5s*d_1&(bOjB>LwD znGtd<7N>2VGBc;ry)NC-xEx$+c=FlN&JaD__o|`K4(4lIQy5u|u0mc#>WKYDL~hBI zwls^%b^Ytc$E?;vO`?Sd9-$g%a5;TF<1mC4q~N0^_Dg42BJ|qYdJyNS#SQ&tgt&9s z2=(*;^O2R#T=y)ZLAzcx719qoT<2B_N}N=mZoMM4N^62UFGRolYj>Ls%0XerCn+zu zXbo#~M2J|9_G_V00jXZaQK>BXiBZ!`WY)^!-Q``viw6M~ zqCqwJ$pxyV5=)odUN5&0mHWa~w6vQ{Gvj8|;u2>Zi||ZEC$4)I+ZfL@(=U&uNdH!DFyp8 zGBY^Pgf4H<0@>%F>#IEdP1z$>M{&m%*=}4<*6(e*#d8Z!uQc)kA`Otc8dz(kECRd8 z;M%T?NU9Fpx&s8(;5384Lv@+DFcvC17Ljq(ExyDp@J%;Wl{!>Y51Z<*rBnN*^3DC) zZWj5bRGaa{#IZ~scf2yHxs_QaX8noxZ0Dx@O$gOqP_`rT_e>M`0J2u+1uCD+O2_BVs{$jUacCf#B2y>DR_@g`yJ?r%jb zy<4U!o%HUx1L_@!QD|_^y2FP_5;{UXo^;becZ(a3J7@4sD*E-+C~79Q-mmn!5xKH! zjiyt(OH0!#><&5#7R2>)*3G45Whx;Y>ZeOxO2g%HG=w~VPh7pPWJFe~zIyP)7Fy5Q z$Hyu6(|?&grdIQCL&h`v+YKinW0qTydB@h-AG8h}?~-yk+|dVr0lj2m3*1t2u{d?T z%V}%+N9(0-i#a!KxZggCx%?nqdE$OVSQ8Jam7S|K7GrsILuaJUx2uNn8F_NP#Yx}c zRq-_2WZ>HD?3fKPecCECmdzWK9FNK$iuJ3>=!&L?%Vkic-^%L>MoC5&idiHIWR>zF zM|i0V|EY31b$2>~&i)nY))F0@iD@WrEm1P2jJ)(Kkxm>ow4EwVhUau`5j(9wYwNsO zeKB+2TVedZelY}5bg759!}iFUY=7gI$Gg~DWjBZA$q}3{1_ks96&Mg4BjR?zUS&M|5YLBEQLpn zMWx}8SYT3`6dKP0e!GQ6bZY%Cs0py@)M?{}No#&7H&7VQobAjNwrwMfa30hCpf)5)mV@|EX z;paN4PDTy5&;`LfZinxKNV5FP!yh-8a1}{C{)mL}hd-ku^FH_`Qa)k*p;<7<%Z=Pd zGpYDa-e1_={FhQN(V4=ojG>1bJ~Q1lK7*lRJdp?Q4jjK_h_+)R5em&~rime~?nauf zQx~q#%e&XD6HG0;;oh%j@T?wEd>Bbzn9t;@D2~&z>dEq8R-WBB6|0U8qS#i1E|i9S zR4>h8oJsSm6rS%7o_VO)fEVSjDtWnQzX`vr3h$70-LI<3&A(g0XwZkKZ2998kL*k6 zO~0WuE6(rNYP`G%DsV4(3<+=&e7fT2-n5*VlQ>1KNb;whId6PoCATn8APr$>FYVp2 z$u+W;IV9T(HjoV?a$G)mkwh+=%72v7FrQM!8FvV_J&(oiaVW^OxTe4CkBcEMUz+u~ zX}s-H&OZ_SMUSR$27mV8f;}MKRuxrw8)i*BH`#~Gm~xLxJB#3TYy5}tX4zPA<{{Fi z)-XU$S@7^Jf`IZsq}&FH-q1SGx{8Vn(6+?}DFYSV_{8`Rqk!|9mds*;5ASV;f2gUdcw?4&lFwBnc&PG*>-mKuSL}B<*$r z!JrZ+iNeH$$@l0LqIaLO{rdn_20K6jHI_YFtvdi|m-%I7ut~9& z*rmrd!#@PbtAM|qj-LK0Oz!v|{%NscY)BRTB{_Lc?klT5xfKk>`ro0gNG56{7hTy4ne;TuE z8&jR^=KeA@P8*Cw!BBOFM2^D%C0B-Cse*;#|FUU*1yd6x&5#Z*>+ z=JFdy%lt_+(-n7GDPH49-%fXPv_8&2(=46nt%TTBouviQUUwyRCoj`?((RDpyH`|_ zV?OM-LI$>+ zu|chM4?1eC%bE+rsCcClezfh;CrWkSB#iONeL1lHR(dpMR%TK>&NU#y#Soy;GDF#b z02AjoKUk?=}Iv^_tPf|I&G$2avm&`tH7wF9g2HK3-Pbd#5@jleYWm((9LC2tTw zv`^dSkkJc6-A}+C1F63G*Yp{T3@b02oSnX?w&sI!fJRcY??ol0gSdEYb@dP6l>$Nl z*i-TH@ePFzyyotu#D+sb7@T<-!eYl>gk(@VsnsK@b<-*+!z(j|gEWZjnt=GS2jPf6 zMvO37pg{Kh!bnCIX^-7|CO4vdOFT!LRP^+4UoDC;n#}}Zdt<6n5~2+FXJ3sHHJ!2c zYY7;w-N-V--yn;fX{O%Oe-_ZFicPM#hZ8DXnjMG^(r+^ry4d!<^&;+Acd{*tH<>S= z0e48s=_-RtrPqL-DF4H^PLG9qVF4cozNen5uA^SJ?8-BSj!nA`NlI<<`7df6$~e(a zXufOFeg3L-pto^t75&wKfN*PqPu}SO@5l=xxcH_h3)5{se)~OKE))E3_MbePo>7V* zL|sb{|4=_Z9y(`CYU^mNRf}3-@l)E9#ZNuX`YpeNO=N8)E$3WE1hi%LsOpq^yo{Ft zg_M_P^m^ly63r{@%z>{;#rL1NKN@5*t8{=(qjfDu)k2EZQ)-Kod<4lBucw~Ush_Df z1!+du9Hms8q3X+c2+vQ1XCgJ+AbD{pJL3T!Prk3es@nT=#9TGS>YHwdEyTAd{wrN} zw8{MF%VcGz1*c2#7HSb!sc-i&v(hWKijxyJF$wgVmKEJaq3f_&2jOC7P}Qk)ch@pB zMS=r8-=rB+u)yl*#%KNfNhLzndX=0S8&p_`7TjSD>X<(wjtdgIyOF@Z#;2y}==sKy zO6+!a>TX=l%CG-)<(Cw+&1|LOL#cnz8@9X?k^FlsyAC<{EOo!5Ng{MeGRLDxj$hVzyioeYdf{Vetj&9l@mGmQf3sPm&G>J``X zwLLI11078VIOe--QmK|y;W#a`=-NL`^t9F*>$KjdaH)?Bx$eYT|d<- zW-3*PE}xT}c8RUYo}XQ}`}ogalwGu<-1{e$SgxBC$}Rax9I67{3hHA&5cv_R;i}); z9Bv%|&+9;d?FgP6#@Ar)>)zBC^WF@W0~$B9o2}c)#0nf5Kd zB`n!H#C z&!H%cJ*nVzm?(Qr)60%r=iAdsac|3}82gTAa_BGIVL*N%@~VXFpxBJRyq;c^FNaM{ z%7%?;XSPhwsiP^woIs4o(T#Ajpo}APovYzigWL0 zbUR6QE60rkJyav-D^{cL#cz^mXEw*N>;`!|o3zh87$gkgULU&IH|q5M4b+$lhDI%H z&ZqnCI_x#L-ZY1Q{bPMAaza;?AvDmkba@kpmHD%UDj{J51zJsmLoQB%8j7o?BBP<9 zpN-}s@1B|cmK+X~V@Q2F_G|clDy)!djcD%xp<|85c&>Owb=fwg@eb5dS!Q1bgA+bX zEM^2HTIs~k`-?{ZHGel^|7LvG<8+A&JG5i||6gkh8_&mIa_#tKd9}_Drm#1xbJD4F z6r(CzTz(CQ>`xRWi4=hvE$qL5TDpR}>&Ve=Gout40a@HbhXM<4(udX0mAJ#*ABQLv zERhyngfp`Br_u(izm@~LoZtwCo!GFi>rziUUF*oB{TsEH$ZDuixZBnCKd{+g+GenJ z!Ub8*aQ3=hlKHd=L)N1S8d>%e^#q4Bf~>|xHgq_xG)NODH_6C9?!Qr8z)CcaNtmO(D<6 z1U!~Q3PdY?a3e;pD++T4B$V&0#|~W0Do*1#&`$+*H+3dy&_cesnyBL!*QVNyam+=c zlr-cwq&qHF9`N1T+vzqgkB1!F=_dTyF2iU^4fkPm2rMR5*SMk$!nrM&^#35GkoqUv zj*Jd>s93Y1^eMbgiY*)aoS7@0bEX6;{Lc*bS$h1@>#+$heZpMtX~}E}4c$6N@?VEl zSIS;RB~Rmhe&QiIP4SbZ+$RmRZhsvSYR_?ZtF$(KHrRnO$^zqrlti!Pji;BL#GdEoV?Qr=Z8t`a64K>E@$A$gK}6gU(Oxp6Zyf+;9jO;kbJ zifPoBbvio)V*{mCJz;KrT}m}1{XHWk6{zu)9E8y6clr~A9gsZ3_j+$}R^L}go?(eg zzxQ$#cP}736``r$T)iOf;uPW;?dxM=vxR7lCSuCeC-#tsH`~tg1PtIzH86P~6wb;U zlGeCu+9CdM?e8z2S$n}un6OBcSh(1i_QO>v$*a^}fs{OCKb^k$F>L2`e~D9w5qEF+ z*HO|~g*)6L|M;9X<;d7X@5@)*UiyjN8X7KhkR30pDta5fH3Zv%TH4QH(WZ0F?bS1f zgO{FxFV>^9eb)#XqR#6UT5q^5>IrTW60}l&aHPp^F8^YNa9LTWIW46IXX3tI(ntQ7u>M9U)Ld(HGJ$+_CADbd5g{RWNtHv-$@8+-xwAl;50Uf6UuT-R zyD#`?Qa{#!LQJw@@Uilz2klJz`q>}D7=l12!Kzw697bKY@T+{e6&*cbM#Q6{{v%m; zkv2cOZsHbV1={`28G&pquWCNe1@z@4t#lSJd&THJ_`Loj12f8cFM0_9%`i}r0Ef-I z@RskqU?98#wd?cwlf=ZsU-#(5tJ5cIZrkReJ(O6|IEN$$gmClRww$1|BQ{M31g*sU zQ8r3U@v!j%&PA6J%B|;fmYT4I8xAL|8A)d7Y;K6WX`HVQ*<8F z@7g?x0V$Lk8=7ia_8E7=jlFR=!45|(N)6TWren@#Q!5O{;pSCSs*rb}4~QCT97WI{ z$*R_Xs?2Sa_h$0V<>la}5>dcHCqMmC*Wc{`u8OsH95;mOe5vai8!1wMn3UWF_td6$ z{l03GA0+C{+#5T}4iP-NMXwz!|HMVL9MX+9LHzHnOfHg#W!nK5c1Z_+n~ZDwu7}U6QTLrV~gv`yX83&pVoQxPS?5aTINbf z3^4=8oR0Y|F$26{Yty1;lXyhk!d1?d81+emlS@(Ugi$MSiclh9P=sk~N>KLo{UNRP zzrEOd9Rb0#hfKci=*AQ-udK{c2YULCJ^;&deU$guX7=FQoc942Xro_&)9Y)Xor}oM zX1Hsx%PQKY%d{iAe75cK`74}oPjji!FiJ-O*D${d|1(9_+vmGXzMat)(cWK1oX8^@ zKL&YaP9MaG@GYz+iUiJhrAQRMb9bjIkV8obgX4KbB=3AXpXT5m+N!@5W*o1RlVDW! zX$MhAYxHkA^B&3<5k}G#xv}bLhqnSGSZv?7iJ9m}PS70%Pd3vH<0rol);(k};z zH6pDB(&aE>K1<;7Xe40Qo^HPwv1-+@OIX?Pt)9JM!fkRqF^u}kYg*>@1$)wT$;v4~ zZQ9%^N{&vDC(LU(A}E_A*YUE#vm0tx65}m1UFexV%EjRkyGNJ4hImo4UK}+;W-`gp z&XB<*$-)`P2q`LMy>(#sDpOs5J#%GcRYgrcigk{dcv{>P2Q?T0vi8p&o5S)u zh`C$NI-_R=<&;~objrf8TPFc~cTZBq=82BREYEQKWD`9R#HMJ| zS~KLDvl%s#q?dlzrl}656tn@saLnZM6mJ7wY^s1eoxDT{0)3#3(O8Oi1K! zJVWAjJ}$%Wt7sFJlDExN8u#y7ue3^+>=8EsyP0C2tgkahjyR*Vf zZh&C=y7m65r+6k%0hl7-;pS@Zu~pMS)@;ii-oKr5gLUh8pfQBePzrcMi(O-y9P%KQ z{`BpCOthG=+2vNhv(k@Eyw}*#15XG zXhjpJ63bUDpioK`a4dayIxs>a?23aWmKxYxh`R}Fbh7gDh)9^T(BhTOT;omURvqJ6^i(?VVKmIF`z z;CnDJZM)44;7CuoTFNnYc1(_wT1}DR0PUm^7)e54w225C<4C|HXnL3}dV5%J>o%b~ z^}6f3%j=6>8CbO=$uvL&U zyUs4cT`T^cQ0fn(eLF>D&HIp{rZDa9vaFBoT_UvId7jD2?N{_ll>>)a)%5~9JkI&6 z8+&Rx>syFgsyG#L%9xdZE>2cAUJY=Ud3bg)1@+)(j0xbLbzKXbc8ATyf#*1pu*m3A zcU)eBLZ6o4(jTlqk-YP=wclx6ydb3~Zo#TG^})TE-m@Bv9rs#bQusWj%}Bx8)w|u6 z=oGzEzV*Rdn)e&F#zsfcb7p+aW*iV$K1)+IbwITamS*?0fdt@aSplj^x&$)Fv480A{EI~TC9@=_)xKz@dwA*lo zVF*3@BvH&bN-vIC852HtY!-t52iyBgM@dt6BJhzx+`#??jX6zt##pGOM(R0Gx4#W!#i`h@?)rsRFj8VLKLkd&nxt@{qQ- zf9BkBA(+jO2l(rc;d3sHgwP?g_usye!H{pl7u91t4|QwDOPY@n-MI=dvu=yuk-`bc z2nUR$%!WcT7{3SRd>yXeT3P!d*)B!xL&B_<9=XP>-rWzp;8i2yQGg4hI#vsA`$J<_ zv4#y0Gj>b#)7Msj>V8XV=pNj)2T;A`K1Nm7nT;gNjGrCHy|UP=Eq;gH9MHuOS!^*3 zmzEPz6&01=z&GspaG`&9Ij5Hzxbg`Qu#AmAeKK3CHFEAwmb!ya0s)pF3kS#`D96t8 z_=Y>PBBvmj(=%vgSsc;c0_J9DJJnq}KkVXH$ncf*KZfVqM1=b>J(`GboSol8ki)B%j-glVhQHp_y*3%pd#Z5fP-1LBBJ7TTN+9A)gs(`DKj5|(#O4;>(z*n zildg>l$Go}@3wI5yeDvz?`}C-?l;Nj-|acU)`a)lj_q9f0Uu!A=n=_Vf{qaE9)KQ; z0MqXIp+B#n%VK24!;zxhEbJTY_jX;^7?V;U`~rd&4^Gf0a4_`I@SKbJC@S;od7d5_ zfM@ZY-KldMzL>6aqX*)}aAH$~5Os2)ADS7G1~t2?=erZ+pg{c|=yLedf$XR0aj}s^ z_zjND@LxVyY1w}%;4F$)9o&2tRK))UB3iAFM5r+0{Xe2S)d83pV0X1XqQLzkwN3wo z2ps`{YFvd#ig0w!re1O9UF9*?wbVT=Ez{_R*;fQa0Z~PzEl4oP7u*l(v*v~Pbt?dN z0<%25ghVstOAQ=3KQN$~6*pU!!In@cczQAYqiQrY&?)%FWG%O$ckbj(Bz$Xk69M}*U%%o? z;&)g>tgtWj1g38-U%9ma$R-$z>p27>$gDIuG4T_CEdU856`vknIG2?KW3}mw>sRKd zEAvglq@RGdH~4UtKq6uv&#R6gZ2q`!Z2mIY1;V99K366@1} z*9}Ovfx6;x6~dfZ0R7q3r{uNO=5~I+*K`1!&S1k(}&iI@AC}q zp>x%XHC&AO{jX_&R`;sJqqb-_uOCV1>u?#%9#QKvjfr}VIZHpwp5C>WGe0mm%rBT) zNMldd;WIM!uL2LSUT|&9+0|C499wk|$t%s22{nZun|8cFo#fS;?87_aV^}L2(8vsM z=+Dpa*w|3n)VZRnosxz>!Rnk$|?YFSC4}+{)2sA?7I#NYQaK5X99w#=_ zCzyCapI_TnG1Qizx9p>Z8T3D2Bkx~u;{_JW|T9guC?WS zjB}lGjUPpR{$zfRaOyFXYD&2|C8^sKU^kG$<@90O*wa_OK#d_x6UC!eF=T71w$}W? z&u7RX)0W1EvOXif?$wwn6Vs8`w(nimBR;cfmp5gaoPQqgz8+Mxg9bIvRea=?y|wts z=;GB~Esi|CF1DEVW9YPi-5z{^>FNUEs>7EiH+zTq=m?>AgaOFWKG;Q0@^2=7DFo5X zhMu0fzpJrN5E)?MW5b8RH;!7bIDs?*c^-002?NK0H_Q-Y$-C}m_D}4p#Xp=%se8@q zovn=Hhufo-<&W6X;Nz)y48z@yO^;Tj@yEpdrDqIEP1G2E5hdITs^< zkddMh6C-D>m`U;5uV;pV_JAr5i`c}Ir{QY*gO|e;99*>UDN7^?51uBc&l4_oKdMk_ zHw2j19ahv55fK@!#-wiHYG1KEo?Z=HP4yT7$pk#GZl}lpO4GS~#`3H8Yt{<@5CW#< z*8toH&K=zD<19_(j-)VgJ!tLAf#Z(jNp^Pj>;37D@;58ZFrFB&Z7=hSEtr5&^EV|##0=l7P&!S8aHKbt#2e$st)Z2*>%l`*)Mbj;SfAh4~p zFQpc?!O#%9$ACds)I?4g2nYy%7@1N5U=uyNNhQM6NIfpx?;>v(7#P#o<01i^MfuDc z$uN-qKtXVQ%d&>}>9K6xNyr|&T*??IDE+%OT^Y)-sO7iWa zM5_CmU9Kye`(Q;69S+8Fy={8;eu_R&xnn1dq<$(jX?!+DfPqxuv86GX?t=)5_dIWY zFV^kuI=q1}NLS;Mrlbg4?LSs|AD-wEct1Yw_Z=`G-~|~6b)qTNjAjO%>fn^WB-9xX zDw&O_x!0YQ^hdFG04#8WoXJ|f7ju~<&>kZW7O9g-vp=Ug2v1jXGryp*GAKP^5SfpS zTTiWOmC}HW>>m!AYG{ul&s{&3gZ@piin8RtvSNf%do6uRvo z0^DHJwuR$dEnx)6S*Y4F2BC;Ck|9XXkD`xo@B*(%o8^45QVzY+`p)li9m07!o}`+I zuCkxaCLI!dkVuJ+{R~b!EdfWymzT}#9lWO0Jps|mb&9JLpkP%ja1zkaZ+J!~_35kC) zqG*FXnNlljh}+J_{kHpe*u)&j^3=Y>V5sDtO%Q5#Lxe7IV;2%yC?y;J5~cY|c`Kwg z?~v_(Eg{M*sxc2LTP?BIA3lJlH`D8nCKh1N)XRo+=(4cXLY|s;g9OXg0 zrMMcz{6_`Oxya9kpGhps#F$YAxZ0x4SDvjOU!n`-F1En zdxn3W=0Csr6aOd2^uNCzqwz85{~i8029h}c_ix|fuWY3I3U-yHO1YY`85v6pO#l3t za}@(*3CQcTl$aLejFn~pOfi8*JVr5oRWf)0nI8inB921U!GR56&Sz(58`xd`xhe+# z2Dun^upRkq^_QXWv-m&P>K5wt+Y)&)1$D>om~_!^C!Z!oiNP4L?_XmCc=fC zAqC|BEW+KsX2z53m{}99&~key}b)(eo=2%RnP8sjXRhuf^XRqtv;8l z%henV%KwBbuG1ARSEUPe2bXh0=Tw2Kr~r~I*6uW44)4uw9M-S?z2fq~E5D>jplcjN zv3!yGi{h|k8VbIC0^MM9eY|hYi+Qd@EqnQ{2m~tJUp-O<8nrx0_%3L9nL1Na) zMnm!>`=kl}^-er+&4v3sUeL4qFH7q<&qnHUwFZ5qSAJ^y$r++d<8eTNE2vlttI)jbsVGXdSh4zzmgkGU3Qo7t<%T=?vo? zdE4^t;U|}K>ZrEcT0LIrfF(II8Z+Rv^<=yQc(5T}s0ptFkseT<0P~pS5fNuY932C#Kgs`i z`#od&`&Gs#CoJx+Px`sLS$cu@>23EF*bhB@@9vq+qn;@&QJ4mEm{0#UAJzKu=M6!P zS4}#k7wn6>%YSxc%M{?2scajAfv{B_9UL<_iuYx8YHw@hGhs%@J|VMe5}V#TtX5Mg zY!0`rZH1XL4iK9Sl&o<~nu1V5Vq(idWy^P7O5o&91NQ@%M*Xf1<;~5_Llr*a%lJyp zEI7frDUMYi3V!(SVOeWvy%Iw1EC;;8p=)Pkl)#Aq%4A0GTRF^rQm8X@uXNAv zwIIW>aBy^uB2%4Hq!EP6m0R4P#gAlgEj)skmzCRq1XwSSeK3Ym?f2|Y@~j6&sVjOp* zu%~5A*IOdP{Q%6FPxoji$CcJ^_bU|P;igP)Df!rGvt54ulgtf9NsMV!uAOn6>y9Nl zZF3ZJ#@i=jAaN=;m&}u#qk0XX-@xd+BEW7|p!n2bKJPWPuz58PK0Exghdss8r2zii z)HDg(TF>}A+W5r^*PoU;n-N@1?`Iocu^YIOcPYsDN^d`1@bPB%61(Lv}7^5-Z$zpfhY49iGaZmzM&Ku z7KM($oVLZ0(egH* zn71Pszg@xD(20QMVs8qyM2it|c3LNy98R}-_Td#9R2YlepMec23|{;ByYpXG*p=e~ zsyCxT?(Mrc^%=(_gp-`J;ioa*8oas(Q*4mYZlU(5wEj;uX8s+KDw4bXChx1KqRWjs zv`QhgqDpN<)~mGf);JtueHws@N35tEy9g`IoBCboHeK!(B_0?-9Zv)h3)8@ya4-i2 zH&-cSpY0iEyTsKU8FZ-@4xMQuyRp`eEVj9 zW(Y>$@d-2aTC8D}_yLe@vvsHPBZ0XN5cs9RkVkS?MA_;4pK;W7bkWxZ^VOsSQ~?Nl zHpBdiXq;g3R!w3*p!jb+^R8%*Oh zF3r{trJ&aWa?g1H<47(`YuZBP$hrnwVJq%S@8$^={E4V8 z@*D5>ErWQMnS$L2%8q15lLCA>RO(-gcxMziz=N0h8BDqsE165K9#nwfD&HT=SCdv*Ot^HqQ`lr&ym5?nv|I?g~T0E-X zJ6@%FL6HmFQ<#KK@kwm+N#T#Umhm^PO0@afMn>ddFY(IAXlO}0S8b>A?gFW>u+VkMzqKP% z-rL5`=slINa9DPG(Vcf5gXTFZK_p|m*z#yH55)ZqDNPa=U9 z9kb7n`Nw8lM?dS~SAf|HGNlj+eSbeiyOlUqQV3LYok#&vE#|*L(4;uQpAf@Vs;m7%|N3zNRB9 zD&hUJK@y{&ol)K|D(Y%2f*{$WOi@pN3Hkd}*lnE!gH&{IzH}FHZ{E2SUP+)+%qaLg zP7y6OB`Z(kKu(lciav+WtIWGLu7>Swl{im5fw4KSiYbgevo+ESibJ9V;j@(!#+4WU2Pm?T`Zu?Wfqw-#s142+rfCi)v(;okN)q2 zOkC2VMXB?vXARC{xC|fB>JPWt>a5uHwU_Hy{(a%2&>u7@=8_BAA9oiTM@99fymSuc zKY+a3m7Xu$wXeuVSA`hUqKtV`H+SJQZC_EX3AbiS>t6;RzPa0pEv<`jK6+bLsVR1J zxyH->&GS;^$idTUJcRmAO(?O?kMm8y{z!?M8M>)P$9ltp)&XVNcM{fae|EFEV4P9> z@~OO!VPb_lb=D(((DQ@6OyQi*Q<`J}V>Jim57mOt-u2klj8*pFO6KFRt18x-O!oB> zsrWi7DwfWIaD!L31$+6c=h^|zeEhxbg{4jj63%lkd%S;84PYhyYuz~)VNtS)@%O5E z$-_$&0n5z;y=V?VA#m%V42|GwA^C`e8QZPh>_-gTwjkb(8)O;5^<5?>t#wK|73JDR zhvXNU@8;n;dzTtfuvk2uffy_LN=NMc?IP1lDy>zd=#7q^WsEHy>(JEPt#;fs53INfJw3ZnUwFwB~0Zso`lh0X9T3Xco?G-@R>n8J9B7s)&v#6sbT``^?`6vnf4APqEQ~ZNy478gW*r|@%98g(`=~!vJ@GpBE0W5T`u^n}+(rArBF1XI_KKpx zg+o$5E2c>(Cra$Iyo`!cJ2IJ{F|zR(pJWnU3*A9}*QiMEqHLjj$nHHscKWl2OO+nY zJeei0*Ct7mS?nvFUad#WCd7VeuOmexl@o{f2#@I-^tGi+BrI`@+%h1R~XC?~27n6Lrj za=GbjSQY}QtV0IS^8)QW3y_m83rtPlwV{8#zD*joZlg|B*7Qi?T zEjF>PQ=x#Ng+?Qkra5%M7gMab!ZQ|Yaa|B89}Qjl{^F@e2BI{hTy8D-;}|*Rj(~mF0A~u0UB#c4r7k4d zFwo>S77A8Mfm7B3lV=0cjK`t@Fnhn&;-!>Uwh4WP2^EDV(G(P8lg%++8jM28*1loq z9rTgtWTq`h`uLE{S-BalT`=RR4!xLVo@I#`p~}-8yU2&K?!JCD*WBrNCHPZ~=JGI^ zsY==Ar9u+0kZDBK=jHq2>3{j}K5xwm-4Du^;7p+@m|H!uPyH?v#-Y_ZOyw>85?W(7 z7bR*z=cyNQb&6~1jBS4rgHofq1Z^|S09B~yVoq4_Gw1oFz1!|x)l?C8F_ zhQ&UAnSbu?4CeD4iY8GvL-{_0*f0J!=Ow0evHA;Lf0v#$_3h4Eyb3^2Ry1i_{Mvmv z_fl}R;mBL3Q2Xok@CBLq7Es*3xgudQ%yQ-OsK>F}TeqRu!gy1mr4VyggqQaJF!t6# zRd@Z~Fe)gBbV^D$NH<6~h;+AvgmiC|&P_;2OM`U7rlcDbq)S@ZgoJdwYhTxW&ikC1 zGxI!uI3pwOSiiN_w?3iOmCfwv%fK>o6)C6h2#263_=<(ZOu+lpS9k*ry7F^>?|@jF z3(Wbxe*~C++EZjqN}=$(N0Hc=+fO3lzvF3;+=6RrkdTga$v~S9<@O4tfhAtv6c|%@ ztwr?z0IJ7%j*vWE zeXq+TOY%Dc*)8ft>Ps1gYPrUbDKB=WECdLWpotn1H!Hxw^t7{}Q;7$e9rH3GA!S?IgF)aDVfmyzu<MWdG zOq!w2UO~_$llp6+ZQ&or^sFiQPm-VxjRL9Z<>n@1wm2nlJ^JnF8jfz9sg~fr7tE6} zGtl4$|N7OlxU8ZaH$u}~_d50`>99;R&x$&eRQ_cZUGz_hF}|SBlu2!>5^Pg?3VKeB z`Z z9S<@j%!F60Gw?43qq8@C$1N-`$0*fq3kGuoie|xPfIMPxzS^;Ni)#C~O+<`O%l$1! z>Pgb|V@$GeAcX3#|hYsB%8(VJUL+_7<6 zw0xX>TgUfMLp1Awd`AR*BoUAY#dQ6g89=+KmV* zEffwC``*Q_u(9cozUh-cp(bM_aU2Xf!c0a_ILHjJ{HymaQ?!1KO_q5~uVwV?xNbhx zZ`&Z=bMZ}5OWD{~Rd4^_b)C3VT=g~~|K|GVy>)DGOae}S30&xF(V(p@dTEkf9L()J z8=I23BYTr2W5l?e!m0Dl-+f?oP-5^)=fL2odkn|)^yA+`$4}AYL8#5m{fP7-=m}~3 zr}U^o8aeE!UcZG#>v0N%QW7cfoUWOdGq6hw1sxScXTzY;v2)H^O_BTDNJ)f3j%Pj^ z?$m^XsQtlDz~P2wF%%fNI+pdU^>#?Q|8*3(n_VXs@sj7)MKn&aB?BcTxE_IN9@BY< zB$aZ801gmU>QCc+2UpBsFA`bK2AS*HVG&e{g=D+aS%ab6i@I1L2~gK> z!_9|efOwXv8qYe#%r7m!PFzGI&ihnh`g$%}<;M#TJi^vsg*hiq(P2I;&WX`geCb5Z zxdb6=s$s#Td>iMz@STgnmU;R)kB+eim)=QKu1_y36X#R#95T;9?iQ1O<)#R#M6%`KO=qt!YZ}3J5=s`>i)~ zkTNmBFQ})RdtWk>Zv2&8@3^Q?y~7OQvC$tWtv2QQ3Ol%0fs=_26&}s#`j1+`eG??u&5@@8MbySQJj~zS7w6r(ca*E2L(2A8 zgHKL=0ORW1k91k)v~d}`yr7%MB20Ru`wYa?2lB~UN<5JO

C9D}0ViFaitldvA?s z{OA0RWOpm~*S?iFv_0zGe%g}@T zuJVtLM1+B7ihO5tlN#lvJ!E^;mN;))+ume%(>79kZa*P_nSic>aunY7fs=JfpQwStx` z1lf1)X8 zfn-u;;|`zin}+aB`nBn;KR}6Z%{em8{C3dxQ(RRl`VT^aG@NO6Mg86JP!;nLQMu3d zLO#f7MsgAzlF}q_gl`a)l#=u5fEk&P8#bEg$FkRik&#be)9NyjkCR_HmG!T7hkft3 zN5Us)jE#%t0j*srkl(-h@eOx{ug@Haxd70}T6NQ9=1CT`0xsW!cQLirdjT9%gY;62 zBb^{82EQ5nbZP+^yuRLD;IMTE=|kkA0w$oI@GW$xeLf`m^i91nm52+z5T`I+|6 z2ag_qUWfwTPP-*VYnv%1vVfKWOac*VtO%)>+oxB0^QJYA9jW8p(nysQk$Fg3kK?1y zLJNgUN>Crb6U%d6%M*Juojpqqx7g<^B-vmJYiE=U*F_PaY;!}wQKeH>jIAxOO^&38 zPHQ9;%{#|eFxsl2=V0@g1(zzv)uq%gw`+t|f%MmiNR8iGBQy|DomeecEnrd4s7~u&mqf?-jTkf<&DS10tk&?!l zo=OOHop;zU81Z$Pc3E27)^4mux0`@v(dearpK2dvmlcAiQswV9nyZ%c2@NY4J0A0e z8$dM8OZ0hork8d#`go2yr4_6%XBVQjoD;6f!L>vCIZ{b`ruMOR-`rHsy0fLV6%Ao5 zRs8oKl~v-q=Z8{C@6fN#DL;U~g@1M!3!+aP2tutQ=kYNS(hp-W{@OSSMFv7b3W?E> zWO^Ur#Pbi(7o$T%e|d(jQg zvFS*5Z?PHg{Kk&+@iXENr4=xJ?`WWBXiL?DqZ9gXV@~u5C`Df|Fgz(QFQ1MP`m^kN zxSHWQRt-AMZ;Ji)>u28okRdVyau`SnG)yTRCeXQB>%6L}@2TPJd_7t*o_S{F2GSp) zPZI_y=Fy^vpFa(;hq_A)R4+Wv`(d9ARbXT_ptP4#{?21T{@wi@u@qJu??}wbSZJ+2 za6*77? z6-La|0=3_sK0VUSluav?NQrEP<*{0>eHK;W%$Smmh#;Jlj$afdPqpa9Dc@gQh>4F_ zIP2Zvse>-Ql--^SVdw9;kjmKzw_O)&NQpX9J22HSAzkC9a*xd?^Y7!9-1KuJrXtMC zZ?&@Bfvp-Ug~tCyp^?*3{ zuIed$x{@d-Y~Kt?`B7%eL1UJhF^;tWx!nes?E4Il;rH<1yqZq^YIwV?a1 z<})$JmmY`9F>Su*Yu&)Us+Y(FcwKq`WJ`6))5hOF__fa=-xXjLw1xTYcW7(0YKR^4|n zaelaOf>ab)MM-yviXc|s2IuJnuY^UTz*i+!r;|o{A{r~JbfEz43`rtZE33q!U9ZZl zg|iD<9O5}g4(lXFhOB_?ON>D7rut`=o14i{#l*y<@^#&u5lLBNDXL%|jQ6QryzY<% znVR4i#h3Ck-!2FVzEI&mbTi^!S2d2FzL`BV;gEPECON^x2SZPQxoI`2lU)*Ilh$A& z_xW2kE>XXVgiFXe5HFBP)&wxngXre?YA^WhPL;KPcIx=$&yUbzX$gi84+{U#4B0xm zyXgt-wA*QB4oP2I_UA7?@D`5`il(HUu z0v)v52f>nQf`MG(E#J7?L60$R3o_rKYXEoB%;I5%GEn22#KeNPlm>9vvV(WzEc} zJPsBkYRdcda^ZE7K`tMyh1e4fa zKc}LHj^R(L+J&Tb8!AD29=CYEo|sFF)Oc%Wr<*iIIJ<|Nr=5~n_DtDgw0q-nYCh9) z4Mti*`^Ni|ARFu1!d+A`@~i9SWO6v8Z+iT$3*ia#y=*M=sA>4NvXODt&TO|q1%_vl z;jtU~Wj*=3wzD@2lKQA=gn@5UCG|WG2PSyPDyA>ktjw86MtNfoF7bwEn#0H0rcRWU ztd?N|#|48!qwq`fmrJ8PcGXEh-E zE9bk!p~WwMpGifuthrOz($q_HP+P<_zeX5)L{Z-!(EIZED$qb^I?}WMxPsMxd_B{n zX!lFW)#oz%vJS1yEu$jbSglObJU`1B%-~+!O1V3$O&S*dbrQ@s2SySgnE`uTMK1P> zjVao^xx+=>TYj5 zHvomY#N=e5E<61iB3o8MsSe03c8sj^#sChOT&?V>q$ed=g<{!K(SCW9gItH4kW1_K z8}`SjPP!|D`Frwb_nvH~jS>=1CWf{n1A9h;8Bvn(K1e@mq2}R%C0PlMU7BgSyOHwn z=L&^)CNp2q@~-9^edddH2iaYX1xQb@yJ#J7C-LMQ24&snS~ZhzA~7G;c5;w8ZHzlQ zF{^wNTPhi0H}Xu*WNxiyXVd5wQ=$mT+V^qU_-s?^zci4t6ZvP=4|}-NS%^%$EN{B! zWr>C*TlxlFGAkwLV{2mv58JaHm}Ws~ful^wrvX7Oq*th@bn|kub|gFtb>+;;MWsKV z(>q_;RN*I|2-R+>Z1Lb8K0h*cHtr>tQttMlEXhm^C9hfFRzQ7Kv+W~)L6MIW<|RH$ z4z**j8+We2ksPRwE}+P_9fZ|aNHwY*X3D>ssXKGZ8D6ihG-#mX*IiHS+w@B*4JMmw znf8(^SRUO!Y98@fy<&c&tobYJNzv$;J7={2^n;yf4%kbIH;rm(zl>w6rZF-kv&!x) zD&e%lY8n1LCYegn-S0xtd~apyXp*p+Gr#9qoc(gK)W$DU2 z1?oeuMX=*TeUQGzziXG<+5M!YIu@o1Xzh1@D=n^0IfT11 zt_wI;C)<3F)=8au;&Qs*kMgc?iHAu2Q7V?EN$&~EK>tTen9Vcn_S&4}< z=Wr~stzg-02NMn&^lxIfQS@;6DjTJl_4U{nxkrK_I8MHXp|!ntly=r3^GtDy!%Vcq zZ87_~1-!9+m)N+q^z7>6dzTmyJE4-v6gTD+g`EAn*@rhDi*ryW=#(;YMflWB*TS;1ggWBawkp z?00-O5FSMNVlnXAdiyPZgZ*6e?$Xp}_niX3Wt3J?;bm{xJAUPCiQD1ed^BG#p1pq5 zWEIhCzBK`w0U%IdM(t8E7dged#k!Iw?X%uskeC~n~)$|qr{?#aa`9K_s;+rSU&KGW5 z)KDNDtl8Qiz^3|0kXh~n`HE->N@;W}$uT9C2EP!`U{%QAG zm|EtTT(>NZk&0_%^g&ntRazB#g7F#+qHgalPLH^c*+28FD1)&1o|gmCJAe0c9!Q%0^Wvv^=Cg*$PPN{!na_*NQ^(}aV$5cIpGJvla=@59v_ zzh}eZ6b=sMAO}W4+5lqY3=I5UhO2(k015l0m^ciJyk}MF$phNkhmRs7K`mwT;^XA6 zU_7y)qHLe111weiY{Btp&?%4An`CLIgscR}L2(^SgEom#_^JFaszMFx- zhU&I7m%h-B>Gc=?vAtc4+^pq=<~qL@mV;+Yk8F*o5x;?kDrxHLO?Nimq@ z^22Bd>Q7Q>+pG!3S?2s-M1GSM%&?I3sg-t2m&_v=Co~HXF zl}Y>~0~uqG0gGfGx9W{Imc`HuZ_9E`Unw(_d$$eQg$+4gy2I;~NT#LY+)B}}O0EIK z&o>lc-==E2%Grkg1E=yQML->*xxmmD03`d*X@lN)bXmUyKOzkpw|)SwN~~ZQT#Mrn zE}ipwp#I0sG-@K%V_s=Si=}e@>aYA&{@DaGkh+R~U1SA?D`PJ~jp+L!caR+;Q&pa} zPSo|kW3r~iBsuaDH@9St{{1~ZDj~PFf3!MzM2VSw9hLuR$O-Gv?e{aPH(O=6oYD%w zl-eUe?~Zg^Phh3SSIxt}MEd(i04K()nX)`u8Q~r;@*@U*`SJKgGx`9>CKDxD*kHn6 zn5Wgw!v6cGl?mz$fkuv!l{2Uck#QimbDxF3F%QE%YIgcryZ<+517huW=H6Jhe^J5@ zL$f*fOH|LeV^_g$lr-&C#8$A;HF@o96+w;es~uf7@I&Wc~BwWy+aqDEECX zF@Dcut$9bu$R&t+9KJ(*h!#1VT~TP?6;E$(jB~|X78#>o*cy&AF|2tmJrr#(8W=UtW`(vrkcrmN3+cW}Y7}M_}i>2{oy7yS-^F za!^|tE&NG!d@V^YKQCj_=$i&g%&oXKDXVMgz04a+_Z;YKPFLxA(yq~4B3-Ng>zW^q zv2tGGnOA#o$l9@03l`NxtO{hF=POix*NyCLL#0x%`Sy=Uf&I*(jMb&xfKDNK*g^vP zbRjwX)j!vEFd6)H+#Yi1GxE>}GBU*_6|%PgEsQtLaF;u4cKQ6jBLB@>{j6aQ)eSc1%diwmoQDbx3jkyczQF@2n>!21|wS-J3<;1)^AXMSi@GAO8fH3%#rhPy1m)CHQ0T@d!#(VRN8fod&V1sH z;uIZ;)}CIFonMP-k~84Zx*MJQjawc23ZcMq zYWV+>RyD4)?s9#tYuh^~tyL zKBlxVJoxiYs;YdU(ld(5Jxz9L?aEGQ$eN5 zKT&XJt@W_sl2!;(_RxJwZP?t_64bZw+zahPDwKa|y>;0ut`AIY|J4O(hKxmshVL!9 z^~iGEOp~_u=(|7HgP=5U7zJ+p2dj#JxDS3&cNq9^IqU3gg9a&hcvpCVvh^vBqiJyt^IMlc$d zNt}1LKaH#wg6c8exTivsJD819jcP=irYvAeiOPj+o z9dZc9!i-u(AA2}Y9JX{XzXc5H{_G|Kk#cCFD{Q9(QhHom^F!2sJv}z{9HFbFRBcHB{n>H|!y{#8W?cyQ(|r$csR0G)WlzT*DIN4TI2bsOw{`S>`}nA3 zA){`#Dd!M!t| z%=-~OS-FP$mn$`CqRK)?h0p0Hb1h&VZYU7p2UpB$W=3(3w5E>hUQcmOR5uoVPq(M* z!OBw;LIb{|yg*Os0TKY;!RB(?Re(O{-D$r#LMCoz^i~Y%3*g$cc+UxCT;n5pb#w zdhd@AZI8{9O8z3UrIvFIk*gH(ytPbEFx?B~v=EB|zxhB_)SVTe;8uXas+!o502u56 z*4B$f*e{QaJ)9JRr>5Z1NTy3Z=xuAXN3tvLg4?bYFJ zlMjV?az-a>Z=b}a9cv{48cQ|gR!F2~PYofs%ISCUeuSliqA1(>F|fTjs!fMP11K(4 zMs_R)!QrnI&-o3Q4azB-4FrXg$!WXKyFKWkv_nkZaD7_hltqv z!9wt{2HbhK0w+SGZ?TXI{|sJdYR7h~2jFY``ThvYbU1kwP;k35SlS~iA^VD!*4F8l z&AYo!zmEDTWTd1-K^qe;a36?Xb$WMQZL2{CCaE!$E2kP60I2iE*U9KTX;Ce}{7tY0 z!xoSd#L^1gz4J7Z-g?eXr2H@?ea;m9YD7~I3{v4ctf>u3R(T5z?H}5dZ$l4ld{R*t z^k%H+yJ6(n3JYMXpJEEVIUnpvs2~?*!ZK{Kv{N^l2|ktO18z7hDZn-teY_w1k=yKx zA?D0|W^y~9qWjb4b-BkFZL6S zi;=2{o{%9%)kgPs{OnD?Bt`BvG@4fXDA$)f8&^|{vL%6f(82Af6JkI5UEZMoIjs%o zZJJd5lnNE~Ju?NviKcyM$i;k;&gvmh32B^ZM?v~Hyc#flgU}UxwgtI=;&oh7#OZx3 z2*y~-pWoAq-TZk3#8Vz10kh*O|LbeSA*qHeEkG^wbJ;Eq&MUebD{t8m^DmRzE91q} z$?SE&v$@#Jj6y;RFg!zrAcDt9z%4MmUdK>^Ec<)19O%}eZfEk72lyZ8EkYI^8oCYA zUF?iQpl$WOM{DRTfR0#jc9y(jk9g#wfX0Uvr)t5L>BQiX%(gROv~mSUbNk6&y=SS4 zB(BlmK?gZbAH4p;vXkhmI*@{yJ$YA{uFddc>O3pn7&arV=CA!9UJMNLnx9rKh5`lY z;`oxtRKtpnBH%`yhuonHg=p;CU{QuS#Y{&)fZz7LAC{GsmB3}9MpaSaV~*Pu1g*8# z_pm(*41-yX{jmD{&T0{-=zhr1 zmm!nq@hg|$4Pp4qYHk!q=Y0Kr*X(!z#R_aoAJAz{FaEGpy_;e8JMExUJUJV?`di_V zF?)9_rDgoJ)N_4G$GGp}Xr0q{j0}|AYv2rGB$4u)!jsuP^IVc4ee1cuz{>F6(tAt# z?kZ)R-$B57Nb_d=z6=oZ+18E(5Cc$9-)(Ge3CVIrJ|h#r)(N;JWn^LL?oE02EsgiS zCydhX1CvG(3j34z++1_R+rLgoK*GGX`nZ><>h|{hwYGMsXQM;!7m0qey=`&CbtWJC zg9qdC((KhFVg!#MHrxYlj{tGRukDT|lzz$pk19<7?m6xm7a)69!f*g@JSk4cUZwPyfPIWGmg9i>h z6?#-zb29I=w8%Z&4Hs#Ss9sW#wdZVq!rVjGm$t+7;Tkv9ui`Wx9{C?Yt9x-f)pNiU zyN+aezfj(2`s>@r&%E$AN-a5GzI-ENv%P^b0LlQ~Y@08?;$zGn=b$I)*XZcz>aSma zxO(*D{m`~p7<>ytiHI3l-d9Y@_s5q_2e9VZdiV;kP465J@cGo63s==wZ8 z4=I*RFc64rBxb&U2!Q9#gJnvb7F#k1GMKK<{h{;CQNP8==W%NB4kX~*jxGz}9LOKa zUZc(l3Nk+DLA^dZl;R;lxR`+01#Gvuu#7#3i;uYgSi3t`oFZG$nHKUVh>|)n$%^7r zc6KZfmyt_Dgvk9yj&Fku+0hG!y1@Wox)^ZpzmxU&Npo}a$6+eK=$?UWw=`YBSH7XM zX#Xm?hde}lx%|OT2tHN!?fFs|1~_Ch9iFQOD_49xDz2h^V*~1WFTMVlvNr8wMqQ)> zY?}yC4iC96xTNALLRS#%;D0MTkb?#xT-l{$P?q&NC=Sa^V)qwTt<(~EZ?)|AbkLLvp*(aQ)?mOP-Sbz`z|zrlaX4)Z!CLR z@U9&ZBe*d-#>OGZgqQpn=|Hm9?UWJdW_<~foUO`vxX@5&4>0SXZQTXLvZ~zSgqnxT zGQvwM?jGM=E!G0Dx=PcHfp`JO?=M;}`$)Y&)^HSM;D~~hh)D?@hn!j7Z1nSg zDJdDu@Zbe%b2PGvs|UU3zhVQtP#c$T(2>4@eC=Zk(Mr&|T=Xk&Vob7q2|GFtJ%7(s zQoc3vVPbFFbJ^J3T-`Eo>XpJ0`H&8Ap}~zn23mq4ly`sRkUl7Jw2;ZgQuLy;B(Eo> z=&Tyd_>o$xrA1>kba0HOr;tB(^iJhGp+@?K5GL!mxx_hz&tP%CHAWag@1PE@$5MV& zdTSKfA$HDsXFW<{cr;bHnmF!1wkU22L@KP#$XKr@DV?ta4XS^qc%q0|*SH9rD{Zgl z-QQy8#JQ5m36S*#DW!aAZ>IoMk*@QK^r(pYBTA%%m2na4A^e-o@z`Ggv6(E$_H}_1 z@wotJE~EfdgLSSQ!K98ioR01850Y<>VlT!i{U`y{A^X0I=%JbhydMzOsPapHApLgB zIy3ZgL_7t_iJ-uZ>PPSq5a2JK9kvx`4fc5)byR~szO~xXGg5yDzqH+>QEO z$Hk%mw(_va_ec~#0p%I=5v0gdb_DTD;lGY5_$UL_{fN-+xv~`MTBt1J>WX)Fc4KnX z36$b4IULbwWhun`hzURzA3~IDu{9F)QupExG~}@*6aEKjJebTi_@w({JKbrmBirxc zD;K-@bSI+^3ZLk&p+IPPZQ11h=|Y2J@1{v=Olij*2J{$kJS1t~4^2~Gj$Z#VcnAx3z(r3bFA2lSBU%CjmSwQ0{>H#3-5n zpLIzP%Q@it@ZZ-N_+S6LpJ&eh#`^y+cGdr}qCyz|gFpSxe~(k8X=%ZDabS}+{U2cf z?1?$|0kGUxtabZp*yJ2_?mR5O0qXf_9I4iOa`X=-Vi z9j&#n^*+@VD-`;>s3n*{~Eg?sM^0`{xM8EP}#+6~kW*DBEGLTfvt#B*NE+;<@UK}5! zh(HVqDK6vT>A(+~rZeG{UU0Nka$LYN{$A-2S5#6OwUvyC_X2F=rp@H^qdo3%#-e-R z99*Xys~_-XxyFPy|fm=9`V(?MzX2vtyFJ9w3hIt(=A*35LwYAN666m1u zA!~e`hbe}BIDj5HB9f9a&OJOjo>+o`fq{6huGOl|4B}`~&on08hu>O{T}D_q&ZCKt z0M7swNz^5u5uB!prGIkOTpe4_bNhYUs1+`=Ip@_0UUbAsLq!YyirITbK(z$?SNnP* z@J7|$L*@BB_H?5KZKIhqr+;c%0Kov%uT-FFRTh=>uO87GSya9kiX#AemNk;6|7Nt5=}Fm&XL#U#=$w z>H)HVVhpqm913gS|DY}@2Psa^&E?E`q+l)iiY0P_xg{WePq(*?)ol(kWL0ha4Mb;` z-Ygvb{L<_py-HRz5a8m@0?HG9H-r73`SuOvmWcqzK33$o>iL=J#tTHw3bvqVNH-{& z30RUX)_Nj_PJX4Vt(k)__)NR)G@;pHG%dh<8%j@<)tM z$MIF~Rik?Kor8VF;s-2oFUstL5(%F9JsSEY!$5({QFmvwIBjg7pwCn+q~kU4{9{zv zKPM|XWH?Ki{aGFuh`hB&yym=o&nQElHZf{NC@*_|=O>O3x1T4wqZNhaj-r7Oi4MJk zvZGE>PJ@IY>|W?KdxSKRI2-DYz*;d35cG4aOsKk6U#eb=pn3W3>jUaHkd`n7O#dN( z0nLa&=g4^Qg6YBtQ1wAq=8?SW17Y7WFasw_zphLdo)Pf?dy`n5uSijfA+Uh6>#zq;jc2ls8z=!FL^C4r z7|f6JYe#=X%NkpcXIVr-CJX;jBG5p}@xHM^=C=)8k2mx;fQRo~x~N8INu zKsn--2^}CntGM$5WJbz?lY;}IM}#R$UA)|e9t0(g#<8+O4Lf05ebz5|&0*FOV8C-E zuY&$UQ6G95LeW$8?2E1bFP`2%#{K$HEUugJ&?N~_7}=gGa~VKW>vQr>3r_IyRVI;| zvP}^8;-})>k2|eVL9N{_aHEw^aAMKH2Ict)y~~>ZQboBLciPg|ZLJhjK^0h%H`J?FAqB)!3ea;Tz9N)dk5os%`kgE;PsnByai>W z8N0ztscRSoA$ak)6?Ju*f=RZ{&YXau4Mpq}a78TuMMEteBZsZq>VAq|z;{QJi#S@;nNRZ=}!iScAFtqmzQ^nkkbK3&1_wT z<5+Da7MYWTgoJ>GGv~gq^{vm|N(UukBPS%_id^q;gFzP}2zH9R1wlmj?=j03Pu1qh zwr`{tcuJu3;6^+uIo|L`bpnH?D6kBxq2h zR5NL;T5ii`*fC9NXqOO9@um;bWxmT}IX0L_ zy+PzP;rj4J?nrMmdcQzz@jn1RqB zrgu|+qPKTOFp7pEB}uRAjqFZhioO2K0i%lpQjwT2l`bjm@=Bmh>%c7>&~JrHtxmDAKTyV&lrZ-D6k zBMmxfk*t)1y$Y@|NxN8LOnLtl7jSX_^CrV*wVLL9s@%U6b#S{3 zSBw5XvDCxzjJF1eIDNiF-jBK?`COCbf6Z!UR{u6jvC;J6p_Gt$aBX8{V+@ydqNu;p z9Gy<^{@u`+6Qrl4ebHBGVP7j4ckP&{QUtT3-|e)u6ncagwsKMlKT}WW+>1A&8M|gr zN*>alL|jdHi16z81%^ zR)>PDjW+|VO{#780MclUE55m^O>`cqQ(w*^s{kul-8LlMo}q{p%u;_-l30(Tv9Rgz zNUK?QhCDfSLE}hIT<-^+yMo6XnzjsZDiFBK;C_Wq4C{YqOt@t_++MbO3*5GHJdlS3 z9i^|_5S|^XL70nyB=$Ln9)b_L^|SCl0v)Lh2=jLmo(zwx9S~D2%sM2WF*0-YegiM- z3e!eHh(8t3;O(y>>B@2%|3}M%UQK9WF#sqob%LzMiUNbmwfC6dVioIta#0L~qLD1_ zg^`xe{2i?NP2V{;OU(}5UAO;BlDpd6I~-Vq&@L*FYi^ zFNV)zA$b%ks}G8H@w+1|(BJ$OWpYCe%KGYndr0f?5X*nF?$rQp3n&W`$4E_uQ_nTm zhR5y0->x^_c2HWHe@Nk`B{ySYG|mkrRg}<~(a>0cJx#bH$EjIi7H%8Xb#h8yxNqqv z|H(-sJgr6skrwW7_98#rjDF*Qb<9S7KgN|*tLBit>nT@s_;5p`4n{Ty@zWoC+_eu& z@W}eZ$c@MwFtq%owPPD%H)<&@UQE-xIb_-9OJaivInTl26X!)`RzC7aUERz>jdIeE9^Q`&Rh&Ma!Fy0)XSzM@hrgzCqXWt#=IW6L9sJF_!Z4MTe#jp9twUnk^sUMJ3N^;djpTWqU9;ZWx) zj)N~AIw70OWmqvU`g~oGdwnIdJD@DH=aG*s_sjB89*kXUd&GejkvvS`XpT7@Uh)3I zr!DWwSN!EtN}5KF6cTKi>1LUml!CgYU3pCRBkugaumBw2B5*G7Xky$OkKf~c)Y>Nn z$f2&`v(jBtW4?jotz=60B}&4K()In>{-8+}AxtH_E`O3;o_?l$yRW|7OihYVb|QY9 zT^?p6S=RrbO3M;Kk@#W54RRNqy(nr9j&Xb%jN_9NoEX_01~(fj@1SxJS)Z|xW2y%$ zLbzYEDJq7@rxQQ749-puHy39w7MQ|W^gW#?oehm~F(Wd6KHn=ZFg)sX=^YWuTomKn zZrPSs0LAQ7|A8Yhp~Q2HOM5GjxLASGp~@9CNniD1$HY`+bCCI=Fqv|iDD)SfSHu#S zE)7vx{w4oQCV^XJJOkbS)Wbv{nZW!b6HyODDn{1@oPUP`fM|PI&pH2#NTsv7n+j67 z$iJ$-ORp#Eev%qe%Rk0p1PUf?m`7jVF$q8MnWd19RxWa6to_k`FolVGQZS@;toyCW zcyA_w2SP)kAY?8q>x5OxvWC0B7q^e~S}l2VSk-W-i@aw z0tHP}{0$=0-MSKB1Mw8}tWco;Zqc~0z(C8#z@SR!06nZ5w814<32Va>0L1_lF^ZfM zK)DeK+t&sD9S@DxZMB0^VuD^(NE6>HcFR@BD0)2ukOvzzeAWdDW}v-!_F zUFu>7-h_=&GgWMAx!iIyA-=;+#uGSm?%j6d$0}-ZZp%7%(h8Tiv(Gc1AeGWg8A?*Q zisC<2h{cfsjh~$ekcW?OaL8TWT();`OT(UMiOS&9SWPxY&i2YxJ7z2%F3$}*q(6^R z>L=H_flSEDMf2<{Y9;vvpB(fsz+c!*JNVE3rh9c&f?hh7UbfgOt?Zi>?H9gJ)%h^T z-|WVtdO>@pG3yZ7EiaFmcIH#tX#7x9IqMDD-kHl$F2~er?&xT^GzoTWFZR%oBw&O9 zyg!)`u>^2ChS(L0e<(W>z@&(N@zYopFe25}IWc8P069&a>$iZ(5g-Yr=#(SoCdusn zNT8kl-JLw0&!Ow^um$U6Xc&wyum#4KK!ex^75IJz&#_+*s_?IZ!mcjZ_T9VguUZ_d z0K+ZksLEc^x~rH0xq7~2j+nZD-T4^sV&DJ%F0t7Tn*882VZmoA8~vn?%Nv)wMpC&& z*Qeb(ITNaclyUbl6VKxI@Ap*`ewqv1TCIiYa?fFc7vNc?7-n~sarEXD=J6z8TF^Fb~n6Y;x7$r>YeSy)8J zGE~aBqm68@K_Ir4(DQMKdsXmc%3DhZegw+%7YJ#u`Fg?KD#VY-@QEO;#6L*AYx@Zqa+e zBH|$^9@kElLNL}P4~!W3){Y4GR&>G^GsqI3kwj-K z8qQppJ2-r(psB3F28csOW)k44;#Gws*xYO*; zA*m(+WMB>r>Je(3`R4g35~wajYGq+wXbIEzsZwqu1JdNxM0GYn>jn~mcsHBN=o$dLMYtB9KM0cc~j=)9anjJ)BBmMz3~u7cRYUQQC*!Vh^%e^ zpMF%g)HnRfqBAVvT}i>HeMY?}g5vJknwP}c#~1f|nZBQmwfqk|e8-iyG6xM^(ii1( z6~bNc!=I>D6GT6hQ7?6=`YYLNV^F>;5j0kqyHa!RcCOxMXvKRBqIfGxLW$-QR&`^EamoNTrOYcn-< z9&&ii$6oJUA&H>qhEJwJcqD;6X) z#t3^J^eCx`i{j8&jftEnFZ!RKZ^yh4*6LU1i`=0K&1AJ2&=a{Q<~ zgvUlfp2C=_<9M9Gs}~??Ux$_uF{gj2!8PryGG#eGQBcG=s-pulwCbjBzgnY-gprBO z9m#B&%R&a844*qXbTT>cMXu?_P`gRvbm=!^2b&ddR5n>NDFX2wTfz#@(#r}W8anrn zPpZ%y8?Fl3j0G#^BW*2T!{f9`Lz1R)zFT#mF3=xb{xtb1RTE3p|5zfJ5qCd`v05)6 z#Q+|edmCp~#O}3;=EN?+wSTcu#+-i1+{MSuAU5WrO07(vYf0i^rt(hU;Qu%x@YC8Rs0mF^|oAYB5|u>_>MyU)Fz=Y7Au_Za)HbIuqr z7{I#os(H=%i=W23tr_a->Yh)xk4=ArP+q_-6=G>t8pdqr__S?4_+soo?cOtxN7R|+MRc`yi zvToC4#W`!`cZF9E^~e-!aHP#IP}*NRgs?^Tk^EfNo0a)#r5`_yKrs5k$OXeJ%6q1F zf%Q$65ki+V9VweU_2_aPyW!!IhCqiuy0h! zhR0a5^lqoBTsD&n=}|WGQT9_(A@8l>?lir(wFr4_hL0~T;1G^yuEdo2wubqUlEK69t%lDBN%@_Yh8I{F?_z8 zGqJQpdM}iC7Atu4vk;Ji=;-LU_)AezKXB$vw?7uzw933VDhH*G#6Wxzgi0xuN;B2( z8)A)%)WeV*>a=z)ONyiuV?zF7V97@l?`HBMJha}?yQDoAw1ZAH!{U-@ZISi58XNvS z4gp8p>ayx2{dHvQXIZ-wl>3c$jQR9BZ8{8w`U}mfT^^UZ5cK!nKf0$D z#kPe$J=$ee9JO6Hu^(9)0-dg0m3axlj-owhlz&pxN9Bq^6E?B!-JZ1~d< z&o)~cTFIHA>TiR6!lFAJBek?dAnGJ;1;5Si{yN`s!3>wRwN>G3PDb~|1x|k~ zdC$+kiGSE&0#56J(yAvX)_qCFQETmpiJRps=NqBgKc#}MCojYFOJUc~`IDXXlg{1-?jYB#F^M0%x? zKMi)op_-^h$II>WjSl2FzGrf6t7r~C0T{#SWLn3x&gz)BgLX06Tm}XnLIgqjg1)@> zWKp|I51R-GkEYMRfLSNXGm&P)lzYC$XS{4p1p`421a_x4jS*1jk(0tOQ=y6tU*A~n zQFRilxdJH&*Vsi8=u}dPhto%^4J6Zm54=!@?3V;;J-pq6MMsog6s{g(QE_IQ>Wb)) z3dHK3`l_xe zqQWF@2xc{OnEsb7O_-gUdA1keYda0-sM)Jz*_rwv2+1c4&zY@p*lSMb% z&zpGyP1L@_dk`oLBUFqdsHV7a(sq9De6b-&Y_Y zc>*}9BTwf#E|xU^Y-~=={C_P?Y@wo}5xATgNWfnw)Ib$Ls-k_qPt=>M4 zuLFA515+xZF)ri6_h0kW;AJ=X&w(`RhirViWwxJ_Nf3c=&B(<~ehQ+^&?0M(NLRYnwso&*> z*O~P4dj;hw3Dr}QaFzy3FBfmM@+~9vm^T=Cxb(@s$0q;2)vgq+crJpwx8C#THXmy7 zR9HPSN6Wu##ST2rr0<1*n!BGaZmk9-%7=aZr|6*{ zf@bCH3<-}|v31&cGj>HKx^Xkx&c{$>9I-v>9^=&uATBU++~xR{Y;p33)8`cUW>?SY z`a5YxAj%%fhV;9&iIumlqr;!+XkW&?oi~T50RmZB8Cy040E+3JYo`M*;9%IS-@oN; z7wd)uquoE*+M)`2JP`wu$AK^h%Bt3f4L|;j+Jwk>v?A13XzgkEezkfPe$otMv2nAgz&=Z#ol3 z;j{K{Y*6?2_y1m5$-SsL+}V+heH#on=DoXSR zlnWP)!1+4PXi_|*aEc0kNv<%lr$ONaJTC_NOuI5tV?E=rp50H_)>8h9Ri%|oH=F4# zN)cdZ9J4pNq2aWUk?SCT2kjAaI0|M~D&I{anLw`53Sk7xSX$_%8}r=$H`Ot$>u+sx zqWxcgE7XfJGJ%dLn9ntfGYMf-lS$W&>oV;*Dbi+pQu1Kkb~ZoOGI;dOmWaFkV7nqj z)r9!{BV|mKNvLiasDH(&Vn)5fi956vJMG=_Zs*ypPOXZm8{dUo)B%#ggAjy{uJ4|HOfCmlkrCn4ZUGHeOO-4JF<_CB@-)D>zbaX#=9=1+5&zuq#)DM zDu08lfa4L?bTaK9YU9>sS^q?0o0tGR;H7GIH`@J!_z_tFYUr}7_lh%n z46j*;H+?y5%W1l4F`;L4N|iXFvzhw%G*ds+igQTp&53&b-x(TJ93V|i6%W|8S`axi zXdjUlCox4%$G*|&vUVRC+{L;5gBgk>C@{IQ2qp*}f>e5Rk^$N%7;D{Ev9tT2JeJDm zq5J8Ukev$}aUMbULg?hC(EY}bq`G31jWS1c@=QAjtVGA# zM;jmpl0`!iZva{XL5ee>QRTT~y_%Se1zjqWPG}+zqZ;1pt7CYKZ$g|geSVJw`ZYLk zYykULIhs_)VvY(9Q?rUgkk{hW;rZ&Bt<8hL!FMY2W|}&5JD50u}MJtYa)rV}$kcrv@T&S>-c=#IZVE zoBl-2&q{c(Aj%mG$_FPNM%khFXeTS$PWRFXZ&8Vm(MV-*O5#&X`G}HmEPU;U zIK)MKfR3T{6mcHHsT{&Aje8Rw&+_^^XD2dJB1>5Qyg7EMow!frQnQwJyasFA#)q1? zg7{-fttTA3O{Pu0^BkO!GtOST3L2rAv72A-haEP@DFyns)jR=!&!mv;F`=KNItD_C zX1SU$6o=Z*h-cDC8lp0fz^(O2jD!)O0u|x*W<0@cuIZKK&ua5FN~PajJjS`=2$A(E z=4y=T*q9-;+w5nMjXWfL>F_63b$^4URf!!d-p0Ff4=EL2Q*iE4URYRr$pzWmyog;` z7!6Ll&Jwew1rPUa`E)SQx~QluU8g4beEzmL?+@?^2=s$avFVWCWCfuS8-9j%Tyg(- zih*KM{JgS(Fq6Fcrzt2aY2h&H%euU4oIX9Dds>el6@}D0O_>7|2N7L=|C(V?tYNTI zaBUe9El&oeY>PD0n@D7}GcO$;JTd(DX9z<#TBNJRD2byOAd_-biH`}2STviLTuN41 zS3*}F(#;5RnYGfw{r15lMc#dby#hL)r$Z*V*a$#R6+s0!$^<3()JvNJf+}eDF=u&& zaxJN+-fQMH{i_}R%y`t7H)`15Uz-XmU~!o|r!&1$2rA&BQhRpcM}{uwNC9X@;omD( zUT(O4k_93H9FWQltOnbGbfa|fVrG30l5T143iD~oJv-3dMp&i6U(nMnaw3ml&3@B@ zTXo(c({Ze=7ta9W*7U8ezR2YfQ|5WdP=(#7lIpxVqRjpZP2Ot$$I9@n4iM z0Enx)PO~-l@Mg`a@K9dG%E?REdxBd#ena(?DpybRPPnn}`ZkaL!kqxePV(-GcFg%= z5NhU2G;m3QfB^{peIbY9zLf17WOH56?<9D$fs%Me&*9SQXguUTCyHBUEq`_C#?Pd0 zTws%HuT|xu68T$(WajXjxrJXa8DJGK*S59=?x14%|Mm>c>XM0tP6mv0VR11s+Wd^^c^93Wf z>6xbqL8Ou?tnzM060@gE3gGVb=X*t)$0|A%%4fNXfEFsVq?0C-}X-19ZBSiuxKSPwITJ_`0bh3qP)t`8F?|hR~PrCssx%_{^*KvuqtxKnhwpIUj;Ixc3$eg?G&mzW~HKPIXV2j zgQ3~M&b^g=xz=_geZ`i+goReaGb&R`aTB@Vg`JmFT^?Y;q=Y$v2p}e>^O7&K(;-NuSZid+Dshit85ySl!(Dd%2!M|SpwomWu0 zXXh})&cJpQxty$K|J_ic8#q76lwI%PjH0|MbLQPRuPCuxe%zZT`Ap<}NOni%Nhog9XmW1UeX@#~Hl4)eAkW)@BR6Apk6Ei4xjaSvr z$1RKa(irRT!xRVBqM{zS&ZR=|X)sra9SR^Tkz=nt4R=p0|6G*D7w8 zN<4yoUV(#l%p%r+RwtVcHfVpBZN`#lzdc7M$aL8aklcbjM!Y7_X-CTYd({Yb(7z=Pv_CEVcoThhPKw4a7{p3}lGFe;2*-i?`YhkiuP&OSbnZ;6PHIAG zKGicX?M5r$)2x4o-(6@yDslj%?PVj5cVs~?PUREMG#1>rDeLgXkSCshM#h4Iz?d{t?yYO^VlPh-pHPgJV=1g)IViHRCd+@G64dJY?0yU1QSHekN^A2S~- z6?)k*`00Ky)6t8fj_E=A<_FKm>-6qW43Y=wKJH*?@7TsNnQE0RFDP-137$^^wA*_6 zbd8fiD^39^(Ytzt2v;Z0ZgFVW*xJ+@qJwd~0ENQD7vfp#trpoF7vo?bF9ot2!U~j?#b&lyhtD&^i_U z;HorX4LuUT(EMCvd3?4@sa%a-JjO~CuQHGRYyF+9f1Uh8@@7)8_3K9-A zKHuR+oh6-~?^lPb2Eocfm6c;{9-C>~rSMXtLZz5keI|}awtwT4fBP~9M;Z+6|I22p ze1`{oXwQAf)5k<<>fd9*{68O)^?CnaYdH=Gzm7m%7Sk>@!l&YYZBxYYh*tH9|3U8m z_fBA^)@k}bSp@$)b{+84|GDn}d^SGy|7Kjr@jvM9|4f>|VY;vW55u*8{vkWElNBS| zKQLec%0QG;Q5o0&mqft93XljkU?c)OfJ873&Z8gx!}1*2XrdHI0oPJb60tO$=xM+$%Nlte6U!wgs)}YL~^$L!qizjc%nm zav~=uCvY@U4+apClai9wrt1!`v+7fAHWiT_+PIAiIO=OL=DZNK-yYF_@7t#p9}8& z4+!1Vut(YVzb{FlnK~pkJDb+21Ws`rU$dRmgfjOMt3vD!y ztJY}I7FzQuI3r83>4VRGmVZt5PjHDC-2 z3apSYWYq$(X7A$R)2gq27?v?x1JIOL?e_BZX2` zeDB*!w_?@_#u-w6Z^%g~Ap3^$PliaxNeekbhB;ah_gP- zZh}b-w9_kJ6_2vC#;i5DM%m{pM4PVb6q1Dv_&TYXu@mRr*(Plw%%sO%i$POb>1*V_ z#KdUIro!F0HSnbmX88Mvq*?(}Ztq8xQEX3FRc9W7KAh~s0^DpnT{*){X<^OqM9kg; z_)4ruV%#FXV)gnjn=M-nc2bKW4UT@3c_g3})@F;XFetiN{J-6v;~o}K!`R-T*CGaU z&8j%7rNXVMENRtO$!>6;t!G#+ZewGyN2Eg9D?;sNt6L1r`O2CyaNRKwG>s;&gxgd3 zYBT3|X04`|^HyT4`kmk^ydVw^c(tnCR0bnmZlW#=qfPE+yI5RBU|KrY<&OoI!Jc0yE;Yhk+1nti%Y~Sx00ET;lpJr z1*W}Vve*|q)EN;8_Kc8p&G&1R}YRe6~J_^!54T(ByTA8o6 zTWZH3AxjNIZ7)wC*CO;pnh8y3G6VxRe?~f{q0mlkvY}lDN1_c?Oe&IR!>5LvM^!ui zpaB2-#q`CJ{^R=xJKW2H${RP1+@2OoMZm{~W3EY3_LeoO;;zUcyIU)My2n*Sg4Auc zP2kbi*hcj0VUVv82Rd!%82GuB7W!&MAgR)SRnOg5;Fnp%zB7TQ5l0MCs+8%r1GP<} z+bUzle|jq(El>sN-Pk|?IxCrp4^WkhB^88KX>F>SUjcb~KF<@1j>}4i)wL+r{<4qd z6|0ZHUWgE?6=pJf z6=R|1G08O(;XS>$5C_&L@18;A@%p8i`$d`GWdlZ9f;I7;d4jcB-|>*@1}{fjcyz9# z{Ot`P?qHwCoHx#7_|H|9B+9X65~IVoEQ7=*Xp>`zt%0RE*4G6Z)ZKX zSLJTI#IEyKAzEU;dqY`(YdZ4|h`BY3MRT`X;^219JE~`VT%<_&^%ZVnX5sxla919* zv7hVWpOQFnv8{~@&HgFs&z#lq-B;r25*+EzJLD9$&5UPhge2D#5K%sd$Dk8m-h9+M zJ5kOoME&pkBZIv^&YqrG=>-7k41+KL_9SrG*-q|n(a?+l)`2I$WX=vU#gPJbXME`` zGlyL4eFT65m;?4e)0*2VmUE5wSBr>b^P3{1(&ycVxw(=wsRY!(0z@>E)^kanDaAqj zv&c2~4-saahR`az4s?MuQvY2}h@Srf;^bK_ORH_UR(!>ZSnBeK$aQ2ulfB?M0#)r) zu$2kztj{2ee69x8e1lVcg;(XVw z^o~lrM3#@44s%%#FK_@UjHEjaZF9Xjl}GPwouDjPgd!iIt2B(s^_O%8WmjH|rCPbV z8%^I6$?P$qS_=>{N>B-D>5N7)deMyp5_T6DIyf!FFD8aP`+(m@T_XNF_VB2HH}(_g zank6dt_PWt9v&W4(#YQ4-faB*5hX;FNQY=uz?50-J*o?5y{_(-p<#2s?s5=BhJooldsW$PICdk=BmO@LZk*CNN(tDs`}-NC$Iyj#2r!`HVx7W5`cSOlmZr5K>JPYCVmf10x;uh{HN)){MEMhb{-R zGqN4wCAG^Es+Oy!yxkxqcSqdR&}ZO@7`i$|>sVin{3cPiO{Zbka}GY{qI9RIKE7`c>;;<)i(L=QGAer z)!?vCW-yCF$<>I1jL0By9S0-Nu$hhs>tyQr!G|nCvb+MnC1z>!zGKjXIsbNzq<^5d zaNR^m;ySh*0~5jh<^2a9Rkw_Vsj`A!-Uc(Sr32+wnByN?ImcC!>-g?Az$3LIgt|#z zdW@|~$@S8agW!yC`tnQ>n^c`ENIDSM^HE~CA{ zG3m$4sa;J|{+MOI+@{`4p^2%6@qvk5tXNzq)8;@1SkB)Z44%VrxNIO+`BU+Nv06sK#2sUFlI^h{5TRHeaa>$e!)J-jwIHr7kO-wC5Kbv zh4gY;oVo3rcn=rFqJ1rw`&)}RYH(0NC5YY#=}QCB2H$;Q=Pc*8J9oXWmmTGth;qV) z>Ta9|_%rmE9~wVcb_6SBR)W;>krMP9KQc7y>Q9P#XQO^NAELc^6R13-VkK9HKW!?o ztd*C8Efq?Ue!Z*#X-=3o1?SN3+JpO6hum;7>36kq_Hn7FxNcDr57l{rdiuab4~Ra+ zo2|)ONiCQEM*z8ifPiYL;_BbPNA2mEFJ>cQzw0ek%{@2M2`M6fFU`Rcr$EO+goBmd z=JKQn$cZJI^{*O^f!^N-tYs(AG%#T8XgNZGS?kkisS+5(~4W1l*a%(exDQ=${x;B3IcGh})cx=YG&i zBUe+;8By`N8u4tLdt2@YndY#S<_p&4mmssxRIo@dW|6cwT4BRYHq9gydKterc$to< z_cTMNhI8C($0tp_Ek~3$5}4FEx+Ph=unE$b%U&T==FSzmc3O)#hqvN~-liO0Bp5@M zcw?83$mZm#Rk``<_5N6h#RI6A>s=>7NQ!TC7S{URf(%{xmHb-O4R@AiLtQacQA{oO zj_L68-#ct&%d~9o7L9=t0dZkmYKeVrwZpQ`1L)G1Dh^wL_$Z1nE5`9PVd`F43jd;Q z;p;c)ar(7>f}gd&QlG=85u|?%OIdD{<6}83!VNMdFb{C=y6Tusv*VFvwEo;6@P$(P zCE(p-h@TwHwbDa1Uhn;7mZdt~VwyArt^dB%y{>*K-acsx5A5w@!TT63Tc$3f${@eD zD?9ZGA2hR{X%H8iHr1vMY4ozVWaH`de38oDidts~Up zQe5-+t5WZ@;~LBfDH<2%5s1umxI>7IBOM46eZZ_(`9XP|)q4CSVt>D<<@kh%|97~2 zdFI2zC~7%U+~MMv&WCBb%2WSa1#oY>p!?q%08l7}-`-Ccs*k?mC^^r=()xhh_K=k( zc&;DP4Cvb(?~4JmTOA`TK>776+GPbm{5T!AUmF8q9L$(bKv00)+ZG2<_v;=UL;?zx zLDuz=QnCF}Ge&BaRAri~^#Y34Xu1d`uUbqx{KYtu#~b2 z0tj_U3`tEfHRWKI_lqHNn8ge{g~l7=nA8TV{D`7q`84B!CJMo$=?NAJI3Lj_gmEDc zgRZ)KXA5RpiR5^yYG|6+--RS)t|8VE55)$xOkrOY>eSz|RjJ@0Amx?(tRKdpDHKW? zPnorz(_m?IXCF6*p!B^fO%~LXc|{FR>iW8b+hDAY-e;0a_FDd%a1@5*?1grAm79?e_s9zcBuW>tRL`_&1Dnf(nT8%Y2_@(*6O9( z!<#boeP6tZZ|eOd-!&qz(M9JHNN`62(2}<@anaw(Yf%`rD!U@8*ZJISab`*)V}HN{ zh(hl13*fwB@Yi?|7(wx7+5FnIE@L& z@Oa4!xSeDU4axbg&gwb!r2wvxi8L;D=Kx~U&c9@Wd6co9fC_qgH(EVBI|WRossJoz>RIfY=b z2#<3}Qcey}w;TK9?76ko(#6sXp*QL<5-B9pW`y=Y#$^Bd4~JV7b{F4yH9cW#C7 z}FklXg6UP2mZqO@t_Og2)FVVa91 z{(KE7Q&~K%1NO+m7#ZM5?>sHWnmNq^>yXw5bcu68VSJ&54&PD z2dMLpmHPR6G9}~KD&?56LIvUk>&%ye&pH$+iHqm5KD1ql19$E7gXhvte`$du$7tZTua;g5>`3GOI z#nN6HS@ZVstW)z(N1FTAI&rT2at#8phR^Df?-lMP8|mIB(-#F^5LAAh(Pn1_78g7Nk(=*tSK$E!4507#H{g#iHc$>bxoYg} z@dB_8NWmDm8d(Fs5Cd+y-mYJ8j(xS^++xNzxXAdW8eaM7ALQdPzrOn|F0j>CY(V)w znZ|81Yizk0&#ra_eEcVV=LIg!A6Q2Y)kFujxmrfn&K#V70=vYru5y)oVACzW=rjKa zKG44d$CsT^o>s{_N^Dy%Q3Aqh$3=W%nKFn0fDcTg3lNfI=G#nGZyWOh!i-aZ75Wn5 ze_4()AoKqUwkrZcFSL3`WPw*KafTvgU0R7)|ElU;xDN56+Bz5NONwGjlX}qHcUB#G zAw1Q|X{D=3X(tRzar5}t&%mZYOamKKPT36?;UdOo7t-@H)u9rL>XL1<-wy-9YI&Ov z5;IHXtH+;o8ldNc2#oo*F}(J1akw$#-T;S zQc{!h%vZzQSlOW;pmgF$Yj@wSA}>lgp=T29=vQOza%2(C$;rh+>}sQ5>MR%c*i%~& zCEJH-q-W1SkpVNx##Jp}mw1{hie|>^42p8_N-q<5FhMUAbRhL)c+7kKFgRE)-}gG^ za{@ts)Tt@;or8m#$h4&;8buW)0L6`LG7x9)*r3x&b(FlC7xg z4o1g$_H$G@#9zgp;1EEM5)cr)2LhbgNVD;wF*U-{`4TSro!({L zkoxN48vkQ7XT{XcV((gM={p!B=J(u6+?1hjM$K_m>rwA%^}6RR}MS3x#axa zCaWJi@AFa1{+Kr08!^$5Sy=df*^ve%h3R{b) zLI4!<=9h&?Oq}1rdacM_ZGJv{ah5Z($oa0yIxsh+G0KbFAJpFbDi)2oet0^b!(DmU zVVK*xxVR#M($dm70xmxl`lWvQ!jWHw0i6pY%RY>&qot_ahYdP_7akBk*ZFh_C?z)D zVcvh+noEV+WqhT-ZJ(00?sNvNaC3j3N~eUtmr4}9ho9h%WHAW4uyBbUL3g9nE_K%| z=Vn(ZP>J?b%ObHB&|i};e|8NMy8_Q-7_Nxk>gAgY)OK_CVQJ+I4TPI*?rmnVR%QR- z)~V7cv?C0t-#3VvG+UxvuM=a6@=ZLaJH9XGcbc!_q;N<(AG~)jTf+3Z-B)(8My$9F zvNh3M-o4eHY2@!1D704@$@2}^9}~Rw^x`tnHKeN4*GRrJwboqHEDh_N=}K2G8g&~o zUt-^3diLfoKhH_a4M@lt*!3&i$kw0b9BEy2`Y9Xc-r>Y*!-)Nc3{a5v{( zP@6A7xVkX25CQD+KRrKfzkpLuN}7LuIM?1^$P8$>8By`WI&RrRZUaI%$Lpn)fjczf zlbq`|d^pEr;pAtf`36_z0-sg1QAZCVP92INeNhwuwK6<=>bY+PI++W=Vo{;IE6guLtlcL!NyvVsaOTJX-`BCYRQf-)E^3Xou&9_A;a^Vdp^ z@R@Zt94s7IVeCnv)0=g^;}l3QfKO)Qs>1@fk7wxlqy)soJpm5`tUs&(jkt$x(E$UG zM{-!&PDV=$9~NZ&&3(Sjya^V)f%_lG{GwIy>TdD%+RhHWvR$6`G=s9}I%-xx7h;pg z0Q#Sk;s8_%vce|+o>!ZEl<$Y~?{glm>0VF}#+1aNwgE$B^^CDfzB^tKYIAGe?ej1pkR8NV5*}@$+{Z zouUzGx#!LREFTXbEq4LKm|Z|1((gW}=N4c8TX=2v6R^S0N#qS`^F*l01~mI+oO}=X zctSj6IC;eC2eY(u9tn-+#mRWr%)_cQV}}kBU@_5wg5;#jqQ&dCeK~) zui3fzhmK{j#ATyyws?=b0i~SqeMsjEAlLm?^np#pyXW%e033i0NCfo*21$W)oky4R z9gjqCKl>m)2F^@y09F}i&VD6!fGkSz2}Y5>Dc7@ykxgNxi@1OX6Fwl6KA8b#EIsfQ z$3wqE8|L%j<1sv(zGv61=eFR=7n=r$+)G!7g&M?Tzm@we5X~2YTVQH@o5|}?B}j&x zsPt*!Y?EO5zOJUSwierFwt_ttH|7Q)!}LYrn>agT0n&dv$Hyu}%fJ*dblNROHDcGY zE>4E24y8X1o%mMA&62=Fxf%MMk7v4rm(KegfP=#*S$Q+{97KVOm(t&wDr5D~0QzOJ zzC6HvFAi;7KO?1#pvWu#La1E07&!JLW+~%?hN#sa9!%8^mLf|$!tEjSDxm@0_?%B} zd<#AwQT|M|5RGx@MM`;9EyO<{t4=!34|bq9k3GE&C?C?Vn=)t@3>W%)#k8?cO=Z5v>gK5P zD;@p$R15uOF%*jNKG~ZTzT|dq%;r9(a>I(b+Ss7u?G&5sh>oR-UEebuq<5sWRu^f^ zY5+YG`*$>*pCwJ|K10I|%-?;Qu^EXyJ&^4hC7Sg}h)dh$65QY|mbaQ|2 zmvy+YpH^wC6tYZTNXfNRAAQ5_EYFusP-EU+43Y8i6T~H&5~`gcpSrNT#d%%UM``;Z z;PN3QPDu?^FIGtd%5S@|%~XIf)DjE%y!ptynw)1c3P|-UHQBv4*Z@}1kKS{ixTuy^ zcEI&IMIKRIJxRO5uguKa8VmRh8=DRY6TySCIm?EBZY;?AD#1;-03_OR^P^V1f&bk< z>G}a+-QBG*g9*Gju72sXCpq6cA0KeJzgm3@X+;NeB>gE`h6%pN#RiUk5@!$Rti2L% zg+r>>2eR{D%vHo>2P`cuX?OT~)%dNroLVC4^y=0MT=Ju#qW*nAVePd8KgyqZY|U0S zJw%o}p8OPpW0RJ9SxV4oKB{Y55|JMq9K3V9KXA(KBAGXpT3o7-x#x^fpxb=GQ%R^Mwg1#YcW^Xd>9hRdk=tr#b+OuxgJ-b%6; zjil8?|AID^bTmj&=Ck*=iO(f`*doT6iEz-e}Gai`1F-np0&lzfZArHVA66 zp7MBWQ|Y7$to~Si<(Hi8L)BpaiNvB7hw?Iw&nz-wk4Lt10logc$P4%4q>-+5q9Gu6 z1~*f-60VmyC5eyIMzp z;&x%W7CQ08yK{)BgHk!F}pvI2jWB1V#jz$HP5&)=h%i`zXNMX zw)CBYma0PX`NtE%>n(`&E+B+(Da*{89o;cpYMVEg*lV`qG~}<rSS%(ho~L-spT3rhxLN9cZHF;e4S?ueg#o0YI|{VUB| zOhtt?$m|8I_~ti`4yte?tI}iu^bL9^%@{vSnoA8+MN%>Cu^2fUlK|T6pB#tO-~g#X z(AO-2fxII%gKK*knQ)KJd+WASC5LXnhB?|IhmeJ&Uw;Y+=$@Zeo=Iln{77c3aZ}`J zZhiU~4Fg@q_+JAcIN%Ggm!ScC5IF#1W4=C%34p4q8od^ej)wmXTM`XCmaLHU#1F8$ zalawQ#T|O%KpWbTfe|}@{UEaWCyK=zjiqIWdkASj1`u6<*PA>hTMU_8ZTG?Ufo1reBmWpXLi(X0#Af`iiF=9+ks5K+OZD7LKcHU^Lq~_`H5P zCGU(4c-k`HJM1ea+$GZGpH?FVFd3xjU%$SWkqL9di;yo2a&FewqC=nKr4Cq+ap<)W zIk$=?A?n)uSndQQg6Qs9{FnAmj>;iCvBH3%EzH*14RA`RhqUu8JeO&;69FOeTVQOZ zp?+$;m~5mrHf^Pp9D?PVL>!l1!}aFbaQ4c64l6x_2@KSnqcsU(+^mggj|ga(uReaGt_;qMJh!}v|dg}7cxNlH9R0> z)R*oNxcg8e`1R#|JN*0TpxCs-xe2p4r);iFjDl-L->i1uccf^a$S1xDt|C}_mX#Fp zy-qNcz}AV6v8HloP-C!?AR;62suHc0jP^1v*roVL>e(QKUve#076z3R51`B5_=9Rq zDOoK`NOM)>l}4iXn#ZD98wO!OX9~gKz;9Y!a&DJeHZK?5{Gz9k{Hr`*@KX2I&kCiO z%*Q3+(8V_GrDnIsX4Jcz!tWMQiKR4W=2ECA2ge%~0ye27JLl+bZ+dI88ypKTIG{x4 zgtBpN^?(GyqngOVJ>mrf_u>b_OV-KlRb}@ zp{fGHNb=i!(S8-Ohc`z{)$p+Rj~9@^xhe0wLnZUxq09<+`V#rKAZ`#_dH&FMXEtZ6O*AH*5IM_yU50PMaxO zUZc9JJ^eAnPOD$=0g1k&UhtB$!dA6H8jDmwCH6SyII0P-3`WjtGo%32*Eqm)M$cl} zR))u6Iobp4$NhAWPmT!Zdm=$@ANkKZM+B^MFa%@HVr}cY)po~q+GKfQAR8SCM-fj- z?-gX~EA)4-v8*BR5N(=COzP8q0%KG{{qz3b>ANt8d2-qIT&Z!VzJ5M~tL6FkslgO6 zJ@vvrvWkhT9_FV&XCsLXLN!3XafJ*0Cr!wXG73OUN$D@Dq&@1)b%&hPVtF(yxPZ>hDo!nY$eHa*TLe-c zVO1a-a+>#99@+0B@hCMIN;KDM8BL|D4kwLDID2FQdz{)T`qMZm(m|L^Q!tsO)LITe z@Je)rBhBx=6x+Mb8!zA$=Cfx|O7Efnou|IP7eh(}f^QtUHxl|1eMu@p5wL{|R{d=|ew?FTIjU2#1Imvm*>i@z>_rwuPWvlQ%z!`{1Kj&&{r)+J zRx~)rK3pvxrD%k;= z_t~7GXCLq(qzaPH53wPcU-&j1!zqF%olp@uZ-{+{r<*5E(vV9@MZ&E+Vs3$=z&lAN zzOzi3{$0uUXS{(bCfT<(j9LFDAH0>G6RS1GeOYhG9S+6wtFtp>wV8Fz>Hr{7K0O7&4lSNALL7~AFFGQ5_jg4L)^HbfF zN@_2c0*OqkFT_TC;;zDH@rs*o5#=)~skukx03F}JXF=G!*aDXp-0<2d@mW9;>{DJ6)ok(K5}NZMb{U)-yEM7$Z=UFjp)Vnm4uri-tmXO5LIxUfR60NYjx5ss?M+Xqz zV2L&|{N-d#01Wu3$nidu89s{vQk7%o)ciuoEGa3et&{(ON!@u{4bstbR$zJm8>R>{ zDjq|S!aI(S_!jpqi_3dugR-H#n@P4u063iPDx~0j+i$tx14H1-cw#F--?JnOdQ?@j4Dozw>I^QfwBR!Hst|%v-wprh3#I)5&ZBxVcF`73-M} z7$hf1#IbcaE6H}{No%!eZVLtV>sw*Ddj+x|u@MIdlbKn5MH_VMvMeNQ(YCO;)a6V} zvQszHK2z0MH&^K~*8O?UH?l9EEO}#zVwA-7^fx*F?$%@sqX7!i>kDO@O>fil~Yx9cuoC6^kSu3aTJ0It^naep3X=7 zm_HgZyWnbkDhwqCfNq zS8RQO5*6c{=jMG z#If;IBjBo9zx(ywI9=7!%>HbY6$5ZRt?tj+e<)Gw*w~Dib^@a*Ss$aTKJq#}9&l`g z2Wv)6$Ap<=Kqhdt1((jk$?0k2>&IlX^<(n5R|P?5{^p!AX6#S|`0+ThD6uRHQczv< zadbTEoLYh0XY*Gnss7j%F@*ERB_;0i6rU3bu1OL~kFcx_W)1gZCvAl#^ems~C}=A8 zxbOI8 z-F|hf@7QY+E(m_fv9x?|cfMW0FiR3U`$WgWt|(e-$f*N`>qD*zOHkMX|S;hl7w!Gu23`YWTKq8RtAKtLZF3x zFDfG`^v<~(YpQ8{AkDenW7kg#8BknNf53x_l43E(3)&k&jIBnp9gjCfe zzT9U+A!7{JOVpJONad1p#tEoD3U?qw5CZ(#-)q>ujlqFB5Jl>9?R~1}t@x z*eJ_-Vhv-veddIsR0rfQJ~#L2U9uMTzt#i`IefEp{ZGY6Nr&~yQ)y8Yk{jdlK@R1o zS>pE#WNXvj-P5ixW21R}eS<5><2!}iTVDDXCC|(j=>YDRWmHQz`YdcRL#(`W zOI&LQ9c}D{#=~Xk?acsQaeWb}UME^H+xwKrmY_2cWh8Q0vy#VeQ5I|v!e$?@+}3Ou z)QeWK?k~+GUGTHXrrM{^IG%EP#>nimkAx%N&q*PEO)Vg6rX2a$^mWZ0rSN<78J^NT1*4sOvB5%3(2P<}gSdE@;h6 zw=_b|u=hDDs#hWV%2_3NCq>pcW}}|9tES`8h3AA}agzIzIbt-#3Hl)`=7#uHUg@JL zZ$B$(kQ`$q?$D}1(QqNgoA_OIs8oiidg-HJQ^|>>PWQWswtqqQe^~{1i!Xj3o+LJeB7i|Z z;&{Kd%~>cG5VLpddD$yS7KvN6aY<<2mqn;L=zrm(?tp1C1MXhF&t&Af529xSX^&DX z2o5fu#cZ^jd`AIox|3GHpNA?!Of-A8v`J+eNzpfZv=@Uj1t7A2noMpMnu|s|RQ%CW z0tcXa3XpbPNxJA{t9U-GMDRFe1y>>AXqy9g+h?U;o4)>yw*AxY@XrAfGn~^;5aHP1 z;d@NYW2hc?__-Ua;HTz0H^YDKh{&6k_Fq8EjkoYMt*wHxI7F(y6#vE}!UtIuAwn1d z{_f5{pJ>(p^`n1(|G&|j{{j5_=O89nXr%ua?wDcAMvO&3kQ!o)LCVX^Yis@#awA>! z-u6RLFca}`s!m5(d>#Sml(uzuG!OaX`6p_5O3_U=HD-4*{|ZJ;jEMeqK|4mu(A^6Q z3)B9F0xS7oEe*a6H~R>~`$aoBKHLW;b@?<_^m(^wMFN%hKwsYvNcveQy4S$Y&aUqh z=r?d?@%#V4NdD6R;=TXh_w((4!7l$7WHxx9hV839Ds=PT$W}pdwN@ad$YNw_b!Fk@2c#zJFSnvH56c zlMr;5`pTd=2i1goT8&|E?@teQwRi!rwuq&+=nqN|M+cYVPw>Snq`v7xi@(&JspC$? ztP1Jpi>lW+=$mcV=L5`o8C&+1?ZeW?<>9=Xi%$xx5Oy5~{apUmYhQTj#1FnYo;V&t`O>V>-ryAC{uZ1(Vo zu;Y-ho)vH}m6Nthu%#6BR#I{Hb;pzJ8AUrxt+lXD7}tI{ zMHCHQseg>h_lDC9L}*(EohhapZMOZ0(C|>YovqT0)Y*g4G4Q~ec$_R0pA;7}n*0pv zTE;+Gan1Q$c$v(RNP?!J19X-@>D%SYe!`4yMH&kJq@j7+V=v?CW6oJ$y%^72$v8=` zHr-#UqUB&NmFVW)q91V~)LQn>B!z(hs>8cLKd7~LfxIk)I_z@MgFl_J1xQ^T`LfqP z0pNuyUlw3fb`B1@plbmA(n!k3=sr{b9o>-KDrBrtrfFQ}X@P#XZ=;Uhx<6OwxHMuB zRT^*Eu7X1K`|1XqRSP=1Gr43V$qZ7hUi37vCA`%ggNaq7wrtCZMf{WlRS`@owNN<` zD?58>y1K8+Dwy*7K#+irGm)eoSbLIsH8kEegWG0+-ioao*Y$PdWr$;TeG#m=fO#Zz z6Vf~P|9(oXPdzEo!m(Gtm0S9($m;d|)r`kRlMpR#yG%aw^F%E)Mt zFe`bOPu?|Rq%7~~+(=8!bkPzwT4NSI>s_a$QRl_w#cvS$5mwk^Q#(A1F`vS-m%+0B z%jVnP<2EfJK-dLr-xuIPCls z8nyQ)zwt8E7r3dC(3mpeIBfT_-LCCYg*wLQCFX(%oHrVgTyS|%+jmU3kkX=(_80eV6@A2;>e`A={NhZD# z5?&qXviF8M_R<{Q{ROtWSY(?*85y&#&$|ub zi2~njBa^N=iOe0;7d2rzJ(M?99+ehVsZlz{K1m#v4Fmjqwa^!$#^q)+c#-W%92@q( zdd5YQZfx*H+B%&Ns1zxmD|l+~P3$o)*A}6XfoF^rUL{!sovhu)IaJ2`Z2MO%m3Yr> zrtR3J?#)79zSfkmN+M#ucy^XN($HlCjz~|5AuqjHb<|Fqs^G7X`hoA2cRfE9jV9Xz zVI!xBe@?Tpm{%;nCQZhhUV$xNydwBgQ>pgJp$fBX#@S@NxY2pXRol=I8?bG>gN96~ z*dIV`5akWb3$RQ^d%4>-_2w(Aju;Ho4}~H^1fer}P4%fFu)-#Iyz0CjRn?$+(0B!5VdC;coDQXi2i1H&p&jL?&F) zXA5&*xddPP$F?%Ewuuw?`G$rW6Ee)Yz~uB+zWDj-3$al|gj1!tFH38U?xIfbtm|fw zbJ4@+ie78PAlOLN0U8wL?`2{#Dj!gL%98a;KN^(H)0P4LYQ9E){|SHCO`GbhP@&%+ zkk$+m2~8Y*r=j`zpD4B41+T9Q9j9DoQ&MdP&@=n#Y@zdkB?k#a3b$gmO7FH}as`C$ zQa;=I!_*>EO%|>jSQq>z7bS1P!pjQ2tRol4E{&C6j1cMGJ1X13=IiwlmZ))G%4OJT zI*>K9p^)O2AHh?x@wPUbD5cXdy=+eR%H-7Z=a@tz8Anp1KLMn@MI73BNeR~7*IARp zCuT!cH9doZxq~vY(o0*zt&gb<>|td;b59@mH!mFOM(3-d1}3Ii10pCTtX{)W`@hE5 z$Hce8_49;Ug?jn=g_7pLQ-mX)o*yl5)ZM@GbussGAiG}$2gCD63ZOBC_u0KB3N#@l zGATW?spD=~a2Y%dv)xUakxQPfsycFO8sT&qui6>o&Dpul%m3y|@24d4Tp6SR&nSyUI*MB#1)m%*1N`k}Z-h&tm) zid=2x?=V~<*TS6g=dsAvf<(j7%!mApusyTkg+%zdM#gZG9Npt_QSXeOYKE`%X6=2A za?wv5>Fw z@2YbEeTV8Dr64&9DLOawGL2X9W~PE`vRI*BwVjm>Iw@*EM4zb^4^Z!3-F;SopZ|b< zIt#<@^O;9fUg1tIFZJWDnb-S1mEabr^2%I$t|-Fp73F=aywfRR35{ergt|B-4b_op zo%})S7OpC-#g0+G43aNcxFFPhGdw@-X;+I8&q=3~d_L6d05mCyQwds@g<#}0KKNku zm%aa>VUEba&iwR>&va*3UR5y1FmYe-gZ~u?_{M1cckx>tlghab;}P z@=vV>RKVNYF2wHyTV~jw0u==JmofNfh7+oSOT7*01SUFBq!A>O$hHg$UWK@lMLj(D z2e@`=S=re;ef!x*;GYlcv^-3GK^QeIRpP)NU0AAsOS&00fyJ4J;-HWn8|8#mAxJIE zDWw(m{mHZvsHVQ0@Zr6+044@}>jvWxHF{8OMulfWtCBo5}7EzDo23!US-_5v;V!je5-)a}Zwj-T*8*Hgl2d&_rcNA z*cqnohlR-Yu3QEUYZ+(97xv-|d%saBkh|>>GLWhFX)NHjqjV%te?H%NTkEQ`yN4|j z9o@978Z1sRDXMCa=YsZl`t)4J14+elG@CP6%S?sR3x`4TM&3v$QJgX;OkP8R!E|@0 z?!;|l_FF9%V-V%*ArYK(o`8$l6W@09_3%Ka8W;ofz_HVpK2M!%>%wIx(;a45ak-{K z=eoqLz4e|`Q`3YO6}AJ+BJ-$GTVTXH#_?T{`vzY}46YAZuOWY3!bdvRVSEWQHJp03@LV#M+gVm567f+6R)k zhlhtfv$M(3UOrdC!Deth{M3labjTWkle&_d(Iv5RyU|gEOEDGS-tl=$DZDLqD`AUE zKAcsqX^r~nj0`^GB(zStQV+74xFQ*`>SK+eIMvo0abJ z>eSw}B2;6kXd)<_-YXL~C$FewlFAF|BOj04-ft2=ER{|cxCm>!Fgpna5eeIQ${CE} z*yr7X)>JtZ{sLN6>=h(D57l;BYe@R8_lhzUpL>7VwK!QMy}`=re6_l^D`vAv#~I>0 zD=aWV`n5+VzNg?iMS?A^ClWapxvbVud{Q5c<~HmiZRs{QQ910O2ubOKvd%>k2JZf@ zh@2e8^QNzXO3#^PMw55*v}IiIJPOT;FjVsPRc8Mt344Y!^4J=GkGnlSg)Cymzxgg{J3uSXD@&z2tj}=vi$0qSFaS#AV+rv$k+-p!zhO1Dz;x zFm}bdMo2!KfX^!;#l}Sd7X>R@z`uQNI9x7qNTM*#%POyip&+DfBpWVC?MmGS@hwTW zMRIbj1AI`T)};KWWbtrVGVYb$f^qV1$a$Oygb6+4FfA=@GjUu&yu1BaS|`^$)HKu) zy_@eTui}&!zlOH@F|zV_`}&F^Ae?11raifLbIZ*y5|s&Y)7MLT|4zjS=EY4|y2U3q zO3|n9vQ4B!E0p>;PB zYt(SH)G?1c20(8vJ3ExQ6K)hDCCVi!r~Ayj^(fMaqr2BtoVd z9Nqq`+pOpb)&+AY3MmOryL{4$gPo@OD-9f1J+7jvDq_hFe^=}D$Yx?0F1s&nm(ZBW zj9g5#vYGbi#H~|wf|)xU)NFeSX7LKnRB@4iQ1&jbu;IdrPT&?Ci7tgx!ZUXYVD1!^xvWqWsIiZXoUMT zo@`k*rw;p{b-_i+yRZPsAjPof@w18HPDoDO}W z7|FDf5)>c7ClpCmPXTX)$4XW49R|>L$t@VGD{@^F6L`}N0IHDLL)uV0oc39Ty?r1d zCnER?0i6Zn!v9})1h)Kc9%tZ7#cFTqbLp|0W^Pm-9(;y%?6D6jt@lRjOYwQ!g zjic;V%Y6)?L{i~fn7Z@t0sIle_n~)3>Vu;kPUN1W0l*eG*p?R)hi?NsipB7puaHD5 zxe{(<%O_JsPgA0H2TH%9+g686%DnJJU6ZNg4H^xY%IZp4a-Ze9%GcLE`PE>55{?2?H>d&=rQ71 zJZG2ZIvWK)+!n{Jq4T0KLw^($76c(O#P$-cXQhWGV!QIkC6mYYa!!Agm-m!=yiQ$( z0rfQiC6-=Og9SSCD%Rr*g2zoxYD+NI!Dy4LC>U_OLrXry#KiG6z`?v~^jQt%MiTn= zjpJ%U&1o^UAmts+Ghbidqh!m)AiToDs}@YlmcSUA&bJRKW*Cm{=QLaUyX`XUZdmcs zqEnjH#`5V$k`jYO$=t^w#fv^4D3ZQ@E^0t}`}S=XxtN5U!mX4~R$XDCOjqZ{#j|D3 zb3{bZ#JKspYuAT%Jddk1m=c3iLv`2gERNOSFgTsEJ6`j7u7ak$z|!nQ$TQdxl*i=Q zNt#o_l(F|SKfk4$A~kqs=9A9jQ5PeCQ8Rv?pslw*qPyEsX==f-toMwP2WP6^Bj}rJ>$7W8S1%Dp__|S-7&8nPa{Q8Yv`rLM5Hm^Vr?V zddY;rAQ>b}iP=NpnBwHlnm#~Yx!dOSUDzzA@=GD1EvS&oqG)~jl1EaqzK`rAEIGxQuXHRO^4mr#0rHc}K@FCl}T< zfKf!Aj4CrR#+NJf80vNev3FlPv>MeGMk~sGmLf?s1q8Y_=cW(QEx#Z27zV z=Ecn{j~yUAFg!C8 zn3HnjQL^KW3YncC4vfd+rH5bIvQGV>_a$Uu)0!p(b6mIhh(A9~yKr9QC{uoIU^F?9 zT)k2%b$lfBO17NJlE(cwX!BP_1v){~k|3>mIqb9Ls>})cJrB8LaQK0Khfel8p17J zT&~@$VZ-LgR}77vGz=C!NMWSEte(y)sX;SQOWN5rV1{grTndJXs*&w?_nHL}gsAMv zYweBq-I$2w98Zc#Ab*oT4UKv3uqb_TdR)Ejov?71w$uh^I|R=o{cbF1c@F^~P(w_q z*Pn<}30fHYx>f)hh}}y5YwQwft81!u4O-fxr6)-1q7Fnlyq zlFE73TPOX}XNWn33xq}=r{vwQTHe|u?bKeYgO%}mqFEI^o`lCLWS(f&K2&qZ3LxIY z=~TZ@`03dC%FuPGbtN|2jhy>U%dKWU{5vO=oT zN#D<6yR|b_dT-Nsa@{=h(Z_2lKKPI_PpGi-OCVycZ4Eptouu16N^L`j!{A!}Zk7TS zE1Qg%qY(_0_C?b7BTjirwDA3%wxuPg1l*>}j~a^K%qro*T3blyTO2un`xqM|ga4jA z6O&(Dq8ESKTp&|*-&$Dx=y_{hUi@m8q0Ve%JqJFF|AB*z|CTm;FwPS~nv|3Jz#nbP z=R9M=F|-iMFy};KI2a#vzRQ5f?_*0l{Gfa*oXD8QYRG)mll;h0WDQ()oyh?_W0QEl zsEHI(TwA;t4n0wp#+qX_<34?F`RqE6DjaxBxEeetzY%@*^)DDiejF+$*zk z7%d>Od4w;2*e*FzwtJamCbMHuxs`6gx@|q8lN+)6MI9|PknCG4_cs)lB}ugP#9Z}0 zQpj5(5tgj2wkyjji7j<%()W`hly-*A&Wy~4S~s`0dN-9Ma#w2}t-W;=si0o}Zg(qk zKcELDkT_fQ5p_Eh>0D3!1`%1n*>h#^BWO;=mA`UbFh{`%o^nSYpqrcX!oI^!(kI?66L;2Y-3 zSnUhKmnJ&WunX&ESV{`l@fc?JQ_+*`TAgokdSpMevb;16jHDX))SR`b#NdER*6)=` zD=fOX#U*;YLd5^`8)?f93!!qjzD_`F$1Hs+#fD#)k|h7EUm+f8JktC<^JMRs8@=^( zT!DSV%nX+k3l9hqr@KA!WdkF8hi2VaWuo{3O z1X0FjPj{us%#eLl954j{;L`_=$5nz(NIqjD@%FVJ)9~2j&;_CKxJaDrEXRuevm88Z3$`9<`uGcq$X4{v-1`cSE>C1M24Cc6`91`Dn{ z7h5Dygwmbe*<1RM3EY_f7yn!pn9b|YMx?5@vl&Pd`&V$Znxy3c|y`x`t7)`RnotG+mv!RTa{K-SXbpb6G!exKi={u{<;E$P|p#aZHs5M@#gFeuSTcDndR*Q zir6n}WScKtvySnn(+*1t#LVB%dh^()I`g6~#tAt4c{}mKx301WdUgwvqLMsMdl?ZW zepq1DYDd4g%P&pQlq`vEZrDPKLx-6Zt6PbaEe+9?<861ErtH?%O52($b*iG3g;B|o zFCe7a1m&QB=ZZ3;l%&fL6Z7j}d$W5}pb#2tQ^~fJ3A0g*h(B%0-Zle5YZz`RZIj)i z%UGv@8av*m$8Lf8^WL}!w69ixpxcX3H0TZ~R_txbef}F0j3&Ef3IPn#58Tt0Q%vt0 zCrA&v-{hkkAd>;n%_;gKDc!v8iOl3z>utgg(6@FiDGelOi@pIfDw2t!()GF-w2~N6 z7HvudrQ<$rvW5pFq}NC7q|x-^FD|B5f6eH@J9$Y=PUu?fy9Ng%=m7!)sP`HgA^G_` zYdTq87BLiUkkUcvWRZKZBHgA9Rc+RBmv@9}pvRCHyYrWk6V_ z;_5cCU1`!umV4iB&T-MP&;;%@Bd)3bDz4vfcyczV6W>jkhH_RLsN2im2MoM%%? zy)VHh5Mm^b?WIAA=&Ct{7xWuH);{Ag9za*lqzcRY9M2+P4u#{4N`v&&rFfANqrwx1 zLUN`kB+>{|s9@RKE0a?FI6bC9rP^>?FbRq#$PUW;Q21$zmB+^fA$bJ~ao^i#Msf7? z3tu|3%_|)HtKcKq%qD~XsRgLlIN{TnL4}J9Kb5yeZdObTnT+Un!!ploC?D2*WJ(xA3h|&c8|uH2F56+v;=#V^!~d)*^^8Z<}fsUBlyYLUx?Dr*OV?1|8D6TDk;Hh%4VMhhA$n zocMMs>>X+4Hng;cQ~mxOtQ6GL zeck-l?mpt^@0Pjy9g8JF?Q56sdc7O{kPTh>%v0dY4317wh6#37SQ2tiZT%do6jZt3 zY|RiHnI35Qd1H|jU^UQmwrT}BB@szr0d+O^c9NQeel^t5(SD_=@-g<90~t2AC_@ht z^LKPV%gFg8?ZZpXZiOmdlA;&1$&B2Kt z3d}I8fG_0NXO*LdMSzc8NyK4K&&z`Y7~<;H(Ag53c1fO_EfS7px5L&io5^8=S}urC zOK0{u5M|)F@c6jzbZWkX8nz+w(fYb;n}DwxpquD8@n4hncI|Q6f;lAmP=efGIo%O> zT{TcYU_+b5SvT4)g^b`9U8>Ne5#NQ~%57~UQ1T{;aGxnY-*%?;I|&eK9UWI~##O(hAFcZM&qt|i$xt0~oa^G232l#B5g{|dpB zdNR)nO67wj zb`neb>A$?i7SK5Os!VT|yaTICJvuiRoR9#C=(CQo|7f^}DxId4{p9kxlINCoX7<(6 z4Pq*cHfFzmGXtF2*<$E~vg<{D)62_Ac2)?vi{C3eQ8%Gy-wCR4q25Qy>P_saiV8&f zRNe9R3YAD>oW%Wx%*;BZkhvD>_s;lXCs@x6yK8$;T9s}qxNtOo4?Ao_l~c;5s%U5N zcyLW}S_zmc{bI{u{&V+|@QHSNPmI%18s%Voc(vPY@62r*d`)eh&T1&j!|Ha<6KLHF z(9KC^WZ+4Tw7oU2TE3XIc!mt;2P!IvE*eWP`ERG?tT*C~mb)p~mn&xvf3LI$LA=b= zhc${gZX^0i^G61#<|;~p>PL6=Djgw8QO&b}prfJISI=Of2a4VH=^@svQ_t}qLxTtv_vr@1I|Bo=95W86yAH-Oy!E9xrO+bBmWuYkgb8;$$0g5r>N@u`&{J5Q(RI0fLRf zJyPck jF0$>?GfBmF%-$yv&LFT`fZ1tm=7>p}mm-S1{(~v1 zS>@nP3@T#ie2Skxkm0d^k$Uq&zYH=VrTM>Q}l!$e6mr(=q8=?(W^tv^jx zuLcM49ZTE+t^*yh&wnkr%Qrhh)<{7t?K^}9Ohn{){?GAgY7oJ;sY$B*CWf1BDGr>s z>*~#vx?$_gXSSPt5cb9vJupbIL4aoKa|Z_&d(&kw@EG*J7k^TI#);2C?Q}{+mybjxw%=yv&@z>|o3rE%$Q{EEEZzKljAts_8*CyVWp~VS} zN7%^MZ-w$&W0xRG#D7h~j3kwyLve02KJ$Ql(mbjI-H%FLabBWQO4AXsY3z=Avj$oq zZaBm#>8%TfDF@6tc*c)Mq!^YHK6{}=pTLT#Oc_gGJCg^~c?{Z=R}mmL#u)2eTldN@ z4iN?)L~{b}O33b1B$(5bLmkrONtG4%+uChQrH)N%I2fo5>sO6O?TH1)V2oP7jRX_X z43$Ov?@m$mr#CKbVWb9vC+)H7fnWuTCM^a}dA((mgo!s=Q2`=*EF~b=@^~pGrvpyc z8j-dSbAdDZ4jJ0I;AGC@fkM+||E;?H`FP6%$ZNw8-0_2`cH7N)tWWCd8#;(GEF|R( ze6j#bi#cOn$D6ZlV`F0|sQT*-zP@A@6=a;zZB`Im0VQr&FC(LpLGW{>=Vwt1KXCD( zmV&fu^JsNR-+8UYMaWLBXn+(6aL?1rGM@4Bsv?|S>Vbj^C`dGErk0D9&5$vpMiqq^ z%M2~;@QasiTe+re@QR@IwykcDan5tymdt?25yNer!ZL~?on+zg=+;qAPW2W$&Q4ZS z<^ZSuz0nY5DJIV@V)2vRK;8|DrII#Iot4!~AD?p50CsiT()JCj(diGNi)OE3z6Vc9 zX;qTdd@QaST0DLruq&&>4gwG-i+6?AO6#d^H@cuA+v&H1S zO0v~cKGz+wqkR|lmz#5Tqp|1$;eIl+FQI6F=x3;fNuR#eu6dQ;Vm~yo&M+B%%Fp75 zB<6h@!q6%G3`PUH#an&-GS#z-cu+`3U#7b*nN(?kS828oTz625%07R#ex#NNqI_w2 z>Tq68YStU7MmkRVZ!Q-d2`020u%HNIdzZEFT@awGwzGD7$wi+wI}%m_6glX=rJBtL zMee}J;qh^wg_T>QW-p(qT6-E0mU}K=+SrKCV%SHS=(gHCk|lL~$-amH702%(Fx_$v zbrn@2Mu!qUxE?L)sHrdGU3hj~_ zhwk>gHqJ53y8RWHHABym_}_QnPZ{D!qLO^$@G1PLrrxeF>#VQ>-R)GDZYdUc+Y4k* zirC?zYW1=@WFYyIcdqxs3-l^tO;^sZ7~bWxp!>%*$t(mgCBu!6O6|g$%(7$b=Up+n zO&R@QocCy)OIS_l$snbn$$LCgYF9dtHvh1A2?A9u1|S2-mx}oS$QrKLnVG%R>HU_M zm#uCAhtpAYRv3qa4hivUwo)=>oLi-32yk9-e}V`B2#`JoL1=2bLV~qt%AHvav8~(D zJpuv)1KXAXt1<~jgI)wN8xj)IN+`EQrwFFoQ{cU|(^bs{<5*OqKpsC3Jg^#%@$k7N zxWb<(P(@7vyvv`|t(tvW*hy8ZK`2QPH2&u+L(m6SN^nMRI(`wiVN*PeSUMnel3MkGhGF6Wdw?gY0}VcE_qTMD`b4 zSZ8?|2!?sRQL#JJp1iCUzca4%{@#3=KJZTcoXbS8{Vt zYRYkb7%FHg8i4Z>`}KJf$sl2@`!^(=F_jUv1Of}`W`XjOyt=iFz_tM4mkTlUoeeT~cF6g(8i!_{hpY>xG`LF{VnpjMDe)44fRGho(u zI89y7r};)T#L#pX_}kYMV*&HSgj@$~pV(ytiUNf1KY^q%ywRd__DA_>DRHlZ?k0cL?IR`L3KY* zOF%Q}(#^-L;Je_50+i>akvj6#(S->1DHkQe9oLf_g5GEudy_&^63BWYz!cSH@o6>d z^_6t>smx|85y8TO3hhmR{t#?86%>xaTP$pEq7;}b_aBCSbv))78MwT$QeL|{8i5+? zEPAfa8i}G`cbdNGKZ?rF+0*d)A|9`r3I5p%V+(s7MC zW~>}IF*FnY)MCHhIiIe50n^KeHycyAB+|a25s*!gtrehd!D+JYyG%Kja6mXA=X1&r zdpIlzwvyA?hviK2+i^T0cJ8b*Z#q_ z+O*R__*B2a101uhB;cTd#Pu*?LF(_52p~s=YScLZCG-Pkd@YY{=esbLfj447{t9VS zY80G$*CAac+Ua5iDAe?$_am(F(C_c=OG6|WlbK=!!1S(L5dZT0vzJqypnY>5yv(%Z zUso>BH56T__*Fp+FO3$@EMQLk;Br-tDiQJ6^s9CZuSBP4$|U zoM?_WtxiZ)7#~;RxilaXH^Q|{t{kyvg)?=G1|LCAWGB+*c$I*fdu&!U^26r$%w(80nl8REEy8 z%Ub|R?$14>+ereX*k5;FKM!f$Y|2v9RNS3E?O|w#M;IAwnz$88)cG=NWA)>lU#3pY zj5hWQhLmc`6Zwant|jQot|*2N$W=2NF#{x?pHDs{Ne@ zKd?Y3s1F}LP*LUFf z&i9}^Exu$dz}NOL{|nIN6!7N0;y)j&d%-5T!UMLwyW^7vd! zs1A9_;(1aznP+x<|H-TbxKe`30#kM_u46 zU^(xE6c3CIp|=!wCH2?CRJ%7V$9s(Q*UR{VAA6e2WkM+*9*mR5@u??9 zPVdX0^m?rMi|JLNS=COaL%Vg0kr<+XEIAvOR6O*FA5x-G^wae(Ya$hd0yUVZu4CjPe_~d(6IrxLSL&)V$;~*XfSn?? z=oMHyPUY|N{v{2Ms)y%JC9DH^F;i^)m2{dK*ES&(^z>@=^ua!gZy8CZ53`gKMNus{ z#Wtcd3ToP-&Z@S&COUVdN}F1{tmkb<)&YS;_KVUt+tkueGY;3*6=GKh$J^y4DZ&Gg zNmOy!T%`8DZYen8B4*zO);(GqNKDF7i3~ZI<9M4xK{aM~hO!~HpDy1{+-OqajYYaU z{uN6G7VNKw3W+_YeX}%a?*eY}KH%3>X}UpoUF__OXR!v!9#9>liZjsIVELo8^fgEk z0fz?mau=8K&YjRE{ZufzRKG>vDPq?DwVI{%ws1Ebt;h?PR+fM(?Dn+4;`Np_>G0Jm zjZHMZ-l`Sm0UhOff7KtbqA8e)NUx_jKG_lDL0K#1v=`ZMGOZ-BW%=$p7rHkk67KGJ zOH*I$R#wQCZRwlWbEzl)kPyu$>s3Q{>?A<8{{i*21jkK7vRVSKPXb!v3xO@^%t5~~ z?n2g_;`!zKxmRWNmbTEn+oVsxsK#bJNUB_Q;-;l`$V@cIldcw4Mzwt_IXV0uvxrW1 z^0YSu%xI>KQx_o{SQZ6Z&!2o=wUSV=BWN8;8cBy=Bs*L?LB)iTN|k~sSLk^^;*9st z_})nl3WWojo1ferpR*Zwq`m*W(Vr*}>gRWh>X2e${$FWl9n=Qbw)wPBT#8e?#fukr zcPmz)SaElEiWGPEQVO(Ki#rsT(xAoN-Cg(OdEW2anVp^aW_J09BqSl3oSbvZ^}Ft5 z9$?<+cL$8#ORJzAS-j5G%lF`ppr;p?z0`Ub`l?_mU^SRNny&w$8p9NNOg2fw!Dnq6 zFY7PELo^vzSGK#ivY*(QDm!!Kx{ar|Qymjw{E@fcr8oE|HCDL0oyX4o=GgLz1Tlk( zCcOy;RFFWFFCIOnH-WF(!;yDx(*lmXsAOwj75~~p&tFF>)Vg}iqAe0fE9N(6OS$8e zjFWQylV|aR8qkqR+5HG_vKXn-=qAiN=dN>4?)SuC`qhYEurS~J-&*(JEE;TTY2+D5Zjzn zsQC(dFbp>oYOG`>n#l^+7>g-5g zGX(7c>>poA@Law5WPm|RboA1EYR;Fap}p{0B#?UB z&8ed2^|+H#`%@v>m$U#S!H7~Xs&j2PR@_~9KHDVgxgN)W%VT0#e6#I(2b~-r&y@|8 zJ3>YgwHtD8#2G)5(b#kxqg~Zif{jGLA8j)f+Gg4j3~Q3cqbmXO=&9nSg}?k{0n!s^Yu*-ItanwbZhJ zIMB|9^rg>Yr~%!tOJ7{Z^D-W`H^;XhBN3nHYMxZ3_|r6eWh*}*xr|~?{(3H-SZ`Kk zU47Y3C6Qq>p0j=QkT}+BfIVelr`b>)zjDINtgF^iLUQP#SO4D;42XGt|AL*IF(h0h z#1f$WODFZl${I8Qd63$cI_0;Ctw^OYjO~64kU+?H8cs|b(VxFrn}xD(v8tp;Z` zbt$Whl8<&A+M09li}Yr9?>8U66FOFqbVVk(d80iQVi6;f@XEZ}Bx}1T$xI{Y8X8DY zTAEnIe9-Ui6qf(uni})0)>pQxp6Yn(g7_4_co=Uok1|~G{Vm%1KoWVuS~UGVnGUyr zvddJ?GEI{dLm`c)8T`fR&_EKGUL~FE^R96zogyP6lROGAU*MkTXQW~Ip^UJ{i%&z& zB8#44nnj7WOJd18TpLOv#?(?LwQwqaeb+|VdmXl|2Wv#B>W`bT+do!^V$0)g*Xk0- zGhHpmdk>lAcAm+$mOgE4EUO)qlCoGVn5Z=SHaoL)_`Bj)Umq*z_&*{4R$MIB&hojA zHu6&s+UWL-gdyqvF5D8OhRPF2-{uKOvA$(;F;(b+JQNHa_yMzUGW_rX;#%X%b52>b zf|GkiWd(e4LxGs$pH0R18FGT@=c@cp55{aIV}Ld^=qf#@MnpgW*={tbhSQ3i+^%iw zB!;QJE~c==rc^{XO~jF=2?ue-c9}D4<```u)As$Yo2{|o@igCr13${e?shrOw-SI_RI!Bh$`xI$q$?eNwE_!u4yWBLVr z{OFhEd%??NJKu<0ne=ZKBl8sYQ5Vr#3vl_~xQvgFFLe_bbRh~IeLNygXuDfyf%%E{ ze%dEMX%7>JYQI8#*NhW*Uhj%Wd5w_Qf4IAXJA!ORBV8Q{Ct~xfBnGbm>rd7|vA9^S zkY;F|eiUx@l;g6rVTg5to=S#k#k6D++Wu>)FF2H_A!4O*6h^s5YS7$z--y#_XOnO1 zD*I(+(fo}R0z(@n*xB3%Vs%0S+PbHmlB#T@xZIx$N6d_~=2g7bPr8bF%`2?@jk$Dc zo|fg2@J3eRn`dP(b1GyWG4&RaA)55k=tL&;@~_F^P_Ih76?$u+R&Fyis|qhW5>Jer zpf5)vX>rri(2S_=J(%w$#UQg2!~SygQmxySB3TZ(BmY28{P~+pyScDb1HTubdyxh- zgM`&X*ax27T`~;^1(aUGR5(=A{GAs9%YB&$yBL!@tK0)ON?K0cWb;-mCI7l;VgY)J8r6_6vp1Zv~iI{(Mk#);1V(gOGaUTv9$ zxdE)Yk(8WGL*VMVwX-8;z3aakM1J=+{Ch4TSYrNm(=aBlPyypn`Dp+B)mXtR!|x)4UNKG=UKiN2x0ROsS2 zA3xGNX~)f(BTTKkK0CS8pcVS}w-W_QMjozo z1%ORP-7*wuJFX56&+(Fz`!=1nc$|<#;tulKMbXgFUuG-u&rShd@2X}gQnyTwM#;P7 zbaOwUb@+ba)(1Yn+X4Gy+7eCc*h3(@0lp3uU>Z26y7(Nyk;96#J=1dkN&9hOgaR0! z(qjx8UH}9M4m;nAU^Cplm41_`rH#zycmD!r?!bZvT$FEI9QrS7}F0*kD~(w}dWt zm=kQ1D7*(DU$VVKNUh~4{wD5dk@(?}Gv0Tb<8&xnvZmg3QZ6-(biu1P*6?I_6>4zg zKbT{_QenMvz2s1eO3HR@XFDK*9uxAypC6}Rd_NWo>x7Ya)aNVp8Hmdn4q4fqIo^BI zeX%sv$!ue_R?25{Be_K^+&8y`1>%?dX4^}PhI@oniOLL*LO?k>6)4!L-6Ar1%%b!b zWk=9UG{N5m-jyOuEJkV=d6!4mclPW7do-^Z=ZcTSpbqeI5qQ*j0`}8Q9rq-GDl zD?*}oguWS=3-_s^MFJRIqLODe?RUB_7RXXSoI;1opQ8Be z=Jxg&G)Nd=BRg!SD*uY-&?}&yT<43j*)r3$2p7-_e`bzxjMoY34Yv62fKg zW6+FQnU6qY{)tY2IGf3{2Mo+TwPxDTHnGWPufZ!|Gz#sL-9}DUk|y7s@6)@$i^tgFf_Yo z+;^iUFS;~8e__k;H0Q8$HRa?`Vbekh3<$SG85$EzO)Im*cqhcv&Oa!AeEQq)Cb;=b zHVTw%h)=7g)h9QQbEr$p^?dA{hS1$G9`}qQkFF6qz2Ux4Q7Si(n^#%tTq<#HhO`Pn zpl+nhLyDQvAgK|}8Wd*G3#8|HQ($oXtj9NIJLpX32daZ7ex_n-wM^*Oh+{~T6#R*Ds!MD z^#0KLc>9ohxN=XM6J|M9xEx||j~(J8>dpM01=m0!T8XBvp#h*Rt+{PD*d$Z>qO4b8 z@gfxJ53pgzV1`$9nQCMLJr}H<-QDg04k*@f?4h;|K9!02r$0jjB$InS z6XH4#WQHz&Cep)Ix^7amI8@8>P$a1DFQQE!W%CI*eiCkT$C*C)77A1RdMQd7gxws6 z9|};GNvs4$46|@djj(a#QJQS|RN*-+`q(p1?5R$uhNR{~Lq6uBuGHEs=637XDWQ$6 zrIqDV&AXH@7NHs>5t4YcdfD92Fc{Neq$-6d0ZX(v$oL19SIAb&Y};kghCWYK)+ zcBMsBedsKLJJdCaVH&qJ8e6igy zixZNOi5b{q60s{*7?QcqIeHvVw)M!fv;@~!Pky?MCE*PObKHa-{%UCUeqz&xN%s6e zw{Z3F;oz`FZTO86&oX?LFO>JHhr2cA`gFti;qDorut=rl|E*PrslEh@X?)@@ec;-! zB?xd6VD-MRIbQqn))RIJP7G>KHMz3@9e;)QrCpZyLBmv)IcALTgNORNN}bgTe|$$O zE0^MZKH+95H@mKy^fhZ+!CX%j+V>z?OyvpcY4vfc$U}FaJc{571n4sx4bYzjYfEJtr7qM$+F22nf* z58~qvPa0q5w$J;QN9~BIl&=ru(+z|>R;ge*ehKy%WR}>ebp^-T_hl3%#YKW(!i%C^ zo?k1&krFGa=EeQ}M3RQPNFTfrEJph-5FeAAwqBp~WE*>Pp_m3Zi=cRJ{(eQ#b(`o{8eEpSItK_V#;n0B0ujNhxX<0dfis-bX0xaJZdHUi_ zCs*mQ(~0%_tq5xwKDL@Hw{KYZkH$m(SBCl_6<$8lyshbRrIcyqrba>Mr)<;)e(sX{ zL=u)q0!nskofq{#r&X>6e@uwGe);&;$Xk^KF(wnYv#vUTFtAU7!mYCu7>!WSqN9VhxcEk#oZB^jw z0FzBWp0LC&D?gs8rLlGT-b{v@?b`bV!F(e^2z&%e#~%EL1cFix7CyB-?6zS@4n#zt zfED7&b2?ZB8-xa=1qLG&u1{(It!mNG!dwJ;deAE8=Q~<~1x1$6N&mO9GQ11SSTti$ z1OVm}9Xg1M9bj%K189vcttBc;`T7dZ%*_0B*&cOBqB>MCrPR=(l(gw8fZ+a$#lZTZ zjNxy|n-S71V@&*nis!je^r>7e^x)ev@kPF}FULv5JdUF}@#2*Er8a(&s{WGPvFD~} z#R$}nSGXgBoQ-3KBP{Ua&M^De_cFPAx~I)Dx(E=1RUS4(Qcvt;6;-9}@RTnP?FT_q z^4XaF97(2K$y8CYh*$!sXU8$$#aUC99!~C`868uOaB5jdl)+oR?(W62EPEIGrBR-T zksm(j4SuvqSnylFHlM|;QPKnDH;o@3(bI=s4~?<*U>lksEnVAWMg9&$@7LJ%9A&$X zy;VeE5wKU~6-N#v6uhJRx#deWk*+nLkyk={GGsb}( z8GG=~{8QWz`X1A-OAW04y9amwiS7{7N*#CGDb6k&{)K+hf~(q~r<&v|i+>GK^U^d6 zr!igJq(r4_RLMu1!j-FRRF8#9NXfg;!mfK#2`U7RE#p=hCh$Al^A8D@2qLa6`uJO; zK6z4=Wv1{|cQmY%j0q`gjm&bZj4PJ(jc>e16Dx7fH|0$ac~Ry%v`_YN{iZST=TC4@>1ca`p z3Cadj@_J4w={AJq9QntP_K|hZkRyIJN2qv%X7lY;sH!ZD+#9x0uE28Ky^gQ6vhPwv z6s})qnboT7XJJJ{IrU4zCsR{)KB2b|(r;oua^U7hji#);RZ`kwJ%0lBt|P$!azSio z*J^6PP?s3~ayKEeIwiNh7=N7_#fAeU;-{UGKMp~t0g|{{VSA>R`?gtI~w=Cj@fGP zT*XWp7DL~Qs;X1dqJLLMiB=o~hB!|kAaJMlQ34(!CQW>xLK{HSdnovBavbJ*Bb3`a zJWNseH}cg6_zjew2naD>TJv7UmjSfAexKZ~`yO*HHs9A*%YWKbt(;kn+m^`c{)5~- z*l5(>X}ruX7xndRiAw?exzD||I~aR<1-EdTbGgFuc*35>?|uOP{y)Hay{e6QbPdkU z)F$SSdooZR=Fe{Oy>;W@a(Z90)|(^97hrM_;>Z2e>T zI=?n&#p=aTr=)gHacdky;A(h*tU1dgf6aOb6CIJe#O)<(fAWYDcl! zs6|PfvX@H-ZX0u|&c)oSKZDbQC{!Fuc8o=17m3lg)j%P z>*?++CEh>y(ubR^@Eep;P92y(&$NJx9D69AoIG?nBzA6*pE7zEVmTb1V3i~5hI$U? zOsa03Ki3nkH2$JAc)L>Qy^G=YDVxakT|Ybw4LUebT65<8-^AR=I0u}ifo* zqd4LhJs=k_$tZ+_RL<-1%uGfO6k9=r%!X9>xo59{%RLK#e=#@x?^a=<*n*EUIgAvO zFigT3JMB0l9uv$xy>32A{k`7N_OBEK4HGkT795qKy-dFU?phK~0z>&&3F}6nN4~Yk zv$AHR*W%?`5B)zOF%S3vfdAo!c=Q(26^ronR@>TX7EewQ9s78+=AuYd;rd*W1&Glr zVPzB2&lGY%Id5IU6<+lmEgy^Nyb&EWpOAbN>cAw7{aUNi^8GaEB;g9M+?i#L=o?b& zi?H)nt(?fF3J1!xkETY9_N^-&=PGJNvM_MbX4~m(zQsPR|COxb>p6zXJ8CbYu)W2` zv+r^lTE_(4?g=K*jPJXf3v;v*O~t&S?~-6s)y2F^^!gah!szH}*BEN09pjfda;VO- zfdW+zVtOy_d_~?dLRsiU{kb18o6d5OWy?=Ei!JP+VvF!R;)@BDLa`~T+_aHDApe)8 zpHVeX^zWriOglbYlcFTp^pjG8T7;M%g6Alh_f0TzD{`5$zKeCox!2Gs`9){FV|jA_ z@PmHXS~u6Vm-evp4{zE|6Bh5>VEKL}MG+!VYzI8bb=y|E-@Ufj)a%BLE)k?Aa#&QZ z@`6qe+k5QO{j()yO*-(hyt*~|thGj8ttQrdFpEGBsm@JEO6n63HlRVim6uCtB;QsS z8)|L8N5eq-%r+Lhki!TdGsx365#vJSd+AsjY@Qd9_$_d;_ou?E$FyXjh?t=MFXTul zaqaQ1o56-d6X0_vbx%D7PL9Ma?1cj&SsHN7vyLl{u3)l4m`g%Rif8>XszDcJtUxf3 z;)dCoO2nfDnMOfn19u-$1>Z14XswhT3!`?F01FkUHz zQ9BUkya4Ig4Oq&V2V&g{04yC5rTEP|J`h5x0dJQ2xM4q%)*tN2pMDw*E7jwhSKoWH`>=H0FYtUVIEpX*`CMc`zFk)z@w$uGgjZz;&*a72Iu&Tvk_OjEG z=eoASD!)~;+6U}-Wx?h$-{kWJoseYm9|c_DKQsGiTP#aPZ^d@Em*aFUks3B{l}2{% zL8_4AGXzvaD6$FrCEgL9&^~8WRlt3oMbyk=i~qvq0?9J&uuWAehzH~rbW#YW8n~Nh zjv2oxBz*RZlki=0|HztRzj7UVR-4rAykMrLJsMIlL(C$Pfo&NfPpfotNqL}~sK=)} zpj>Uh*x7hX@gr1<0so{;`#YmHNi<*5-O@f?kNv55Z+QF&Z^j}Yt-^`n@etF)b@%M< zYdNbiBt;>4%a!bNvGi0w#P6(3JKx-APqTrZ04}>PQLbR=Wg6Kc&JNPWW-4Rjb`B|M zZyJ`IZrQBwHW%_`G45CzAW#b}>gFyR3Nq3#r#2eslF_?LGAr2%YI*hSLPuJR6Rn$? zufDl;;n;8?1bRWVw~A;@}Kp2e8#WH{i$ZQvTsyo zJQ33sp|7K=^%TbB3)~tJkIZQI-!b{de)tg6YQ#d@AG)1e}H& zFYk~MN669d&0ItX?1QqIZhp~ZFdq#}TB6g@z)k^>94xZUis&Osxy|ABAebXcIH*O1 zMB?YsW_B-&hj!k+OH>MdYRZ)8h2dhB1AI#Td3177bb+rCRBF-*~uZRYm6NZEz z1z>RC_30+RUX}l&Uo+_ZTy04UXYdGtt!J?L8ucx(%K#FscY!in%RrnJY((`LC81d@ z#JxOfLiWcD_O!Y#dqg~1w#>?CS}auq9Z8j5@zU~ZsT0EzBjD+_^-Z;#tID{a>iKc) zPRCDV0PK=045s8MrBa>hXa4gO?%LO!^a!i<}U^d~et|bx8Y8-6@h= z%RJuUxH}jx6q;uOdT{Kb%yoC}M=L8%HJXf8{R0__>Tq2?43a-4zUzZW$zIqi8JDzgy6pXNIfBj-`%pF* zreQ4i2^&aRj>>qKGV)xR2sB?s!OfIdt3BlU77`e zddfW;%PCAlUw+ha;|5rdS`KCiq5>Ya&#WpfTL})S(DaYV8*l|wtkCN|%IF?!ZT%V^ zj-y~T18m6o#Xmh7`cItRP!fO;mAKSy6({35g&Ae?7pbBC@<%+m& z(XY2Y_NMfI1oYPkS-qjUK$iql;JA?R?zt$Q4r;@o{ZY$fZ>&2c+(cI7sB8-4KXnQ= z=A-D+{3n$}y63VWv zuVND>?$GLRsmvl%>9QpqlR=_qgq?t_R3X^gP+2Uidv^N-S9BD=PVp%0f^zUx3B*7O zrXQwr%ap*^nPc9@zlfyeHK6S^eLYlY{?Sel>R8zM&dmlYB6M)|hL}Ze23`cm5o4MP z3Z<%*2yE+Qf9vTs74BR*K;a_G|h2Vt}e$p||80{o*tl<7m_u_J{_HXD^>xfHW1eiN!NV84#)wnvl zzUwoSY1Tq0yy4gTGB?OC*f4GIne6jMrz`N-?q2M(7y}9vMlFK^XE)eN2xHPrjsjQy z!+ZrF`fbk6&>JdV9KpbM$1z0%DVjtq_}2fX=#xV_!8#pqXL`}*c{~Yu>R3@%r-{Um z_IQiAlpxQ-KJ(b=@2f!EYDY8&?sv7^CiLk%RWDDW;AX9mHp=rU1xfrsWF#<_x*9Yu z@5(l~N3m{C&DW&U=j0ac7a&QoV;^&`0h{>B9pHVjq8iR3mX2LeS7z-kNh=_&; z9x(nKo=R(v+Axz0Gx>>?5U|DiMB-zhZ7Q5bl*#Ufl+W7d_(Cm(;gYlv9Q$0UBwX~^ zXiBB9QQk7w+42hp!MST{oW8Umg-Yvc3}T(}d2`oo^^=0nh*R+ZwHch28;lTMmPkrTStQlAO=WDZ+(p6NU9|1z5) zcUQ`~vT3Zv^|p1Z-%GV+(##x&Zy`oDaycSg1S0|S#l{ww396U0&Uif{+2d?P+M(liA@mf=PoCR$0mjvD?<#eID%eLLsv*2|VbQ5Y z%Wc{q%BSn^>I1wydJ41NdnW-PRA$?DVFLQU0MAo`Bo{&FxD5C(r^xumt993GoQ&}J z09up;WSNP`$zhpTrJtX66WqB}MoofBDCkSsr5nfPhq3f1Ko{AX~*VPl4E^zzFVsE z6Ukq*A-0oUr0m(LRLlhJtn{)wdil{M>RR$~6bsPmLE9$*Q}nz9Oz(q1rUZ*zVo3Q* z$7*(3UwY1L7r|U;kRMH+#J)t060kX2JGo@UEb=nF2;C%^!h~p5IB5{N{T8^lKo%mw zzxXdwe(1Zsg$Sq~jXaDg@sk2qL{$$`;=H~+K)F{@e1f@gfH)b0oGi6#Y!~Wa=WB~5?OX|zi$51ESQfeLPeqvn7OIj9{syLbK!1)Fo)3Q&IQlfwZQ?( zPRiVz*6$`U_rpO}!&L2k8w7swi_g--EzIaRkI-|3mbpV5Qy7inIZxX~O_KvyxxvQ= zb2T{1HePRV*>b1O)`AtM2dY5fzl=_snGKsl)Je{8_pe}zj`SRDM=J~~B(xhAn@^30C2LS)8fDu4dD#zmg6Nfjt&@pI9vFI0>z z!ReD;<2h#BR$nFe7Okw_)j*^*uoFBG@Z-(6l5%by=fMg083|D`EGdfp(=yS^ViWDC z>n2_C+cp25G%5dXx(hzjnMdgxAnEo$-YKymCz1_}Z4ar3PLReDzud0$pIe}AE<+A( zb=ut4((g3TwA##YimWJ~j5?Q*6=AgWiO!{1h+)mE0B|{LB?iRr`tH=Dmw(|Sh-O3b z_hCrs<6Nb7TKV5+Tqp60ri}nM1_ODWJ1jauJgk%B%Y{4j2?4PtAHlt?kr+fgMC>n2 zQB-?CJ`Q9eTmU^B8?$0b#o?3gz!BW~2I@vOnZsN$q4YR>b(|KVR*lEQ>Q6q%^$yLapKD zB3RN{@N(S5$OKm`PWOHba;d*tEa?bsd~9pEjVwDUU4=aG+a_Xvt{#^75R@Tq=pQ_4 zL&az{3}HSnGBaa_QsA1CbV1nJ<%at6v>exbLlWvw!G0kgZ8WLtb~| znxzDJgVSwjJ9D8fjHlBIm@LXqg8=oN#xs*>D}$JC~QdOQ>%VUro}{|DCwGPYadrOG|F9)fXneJ5&u)BlGM&V}aN}`4!(6LYBLk+wOF}MFMpVwoi)C_$aZ|V`yd-) z@?J0lqafp*?mOTXLIO+=a5kJuT?9uj3w67r+6p7rbw5YVGn_ExS?L{{W@CkeM%I{>XvkF^E z3W2wkLUSVh@9uS9vg*u^VBKCm{(SCXcW@A6YjADV3}6G{db^#S2)(9D+?lCXW9ib? z&4uE;#mb2Zo|CFv&8*%E-A7tY3)mxy+Nu~bGBa0?mMKSOZ+EX2qlu}1u#m~s%r&GW zek$7>dSvHvb?u&siSao9Ymj`_Fc;VGeI??LPMuxy9!riU`-+>!I^yFE1&9s^a&;Oi z2Q;31sQe*(p%t|uwc15&FEO;xf`t`NC40BM)*lu&RaIm@(a{$+dn$r~hSrr)W4$uh zP-R*|r#AV+AePu&C?5dR#BgwMY`{hBWs+{Ai)E=+h0(+fH*7xmDuHyYltfnxr;@Z5 zH2djGxDpUWL0H-UZp5n%aUx|J;w z!v-%gKsyio{+8+^L@q9_`6^S7JD;@@A2=V4EczE){gUxaSLh*u1-Iab(FS~7D*Wz0 zT^}HDV#_@J=fg>NB3~{B5ga7AgAUjeN$p2m%j~0QwGVt>)v#^1u?@uQ8<_at9`e6R?@o@wI z6}JE`|mp_dNGJ_jzuf^LgS7^fd2Kuu=d3fIHe+YDNG6!3w@DP6ou+t$yS_ zctH-+f_ei0pw8Q$AWay=hF6mMXg^aYT_I&=P+QVpz(1~lSsh9+0@8*QTjLrP8 zE$5;$ms(3Sh*Xhorz-8n{F;@_;ky!4Z52c#b@TrsPzfpoGP^rsUB0y~*R5={)w{ZM zR1{fLoBZJCTD4OT6&Upz8;OmdIt=%7*=i1^_Ee>#c(_vu+qxLf58Q789v|bszVuRo z_28HDlYb^c)^mdvl>TG~%_EW}x|C^%RcO?pLr6?SwsqH7qrs#@WQHW2#Pj50Mw zmqrcK&WxafU_A#zwk@5~V~dCnMISbq1S@r&D#^Ihd$1;znE|C`&H-A1M( z+3n>%*Km);Q53vSBN=Jo^{Hwuf9U=(T!{)ubPR8Ph_rIQT@FLfSUZg&9X)=!Sd9H^ zY^S}1pr@uzq?kl?EN8i5i}I!v)?Ol`|0O>{n>k72dHxH~e^!;ToK+uHlCjH!+b80z zNsfsv_T7?y=;MfGlXYge5-_P+{9ghcOO=6{+_CX$oA-p9x$}p}5Iw}zQ&fl^{%C=k zMRHon$XS{MW0p#D5x(D$to8p3XsA1>iXG7t_4TWexdmJ8Kt3T7K?8-Tr^p)#4F|W|=LL^`aOUB~ylYHb_ zny_p-8x?J8do07We`VZ?U_&mQ2>f~bJa|80t~KU{Lv=8fzO2uLcwWZ8l8FQG zd(_i?&ed?vwv@ejO<0T34i<-NRt^xZUpdjn7Xk2_oT!oi5b63L)AnqM0v*<#xW4WF zn-tY};1P!7-ZRp$)y1{d{C>o4dBSqNS*X%fy}NyOB>x1urF=K$Fk~q}QA}OqgR|#W zgc0?t)Hf618ihnj^UC$=#kTfj)``6G(%~q5NhI4UqlX1?#llo101$P#0jurc5-N+* z3R7U6xr+T66>!g1des-Snh5eZ-J=00w!O-B6B!&U=qXZ z?Mj`U4BSv7eSqq63>8re80wn}`af@_xOG@ojkBJN=ScvCI-h_7I41WHZmE z9GB5i+_<7Nqj>9Sk`PtM8Oh-1p9n(~T{cM`3|$wyFk7Ut{6{oGyY?@9pD&6jls;vi zZziKD`6!%x*2N}X-8lRA{b$|h2=Q?=je&^Wu|`*gx?4~3Zw+G(^gxv8w#LZfIbr$3EU0bF3JR_!pUTpW67RWU(>b#~N1{oOWr zA<@kl!tc5VYQ7NGo&pMF_NXIGvfnVW!U6A2r1deihQ3m`yi$5S^L)GbTiir=@-^Uc zSLnp>1Byzj7q`om9&O1J1+Lx*gNvxnAbicOZn#4an&Fs3ZuSvTG>W{mPy+@ve?DQ? zfc|^_#93ylLCc~gwMO`Zyh$!X-n5j1_bNX0p@=JDQ=yb&c-pk6qe8cqeb>Z9uA0XN zl*1T3AK$pvk6?7+5$mC&WJl)L$zybYO@|F?iymf)3_>SHEuX5kty#Tc%rh8t$%Zi$ zD_oRBDd&@2ll`E_>?<18zUlA3{OMB=1GeRZ+vOp@^=VV=dXWB7gX_@=&IWTt>bJbU zUg)VJ{i5tDIb_`iQnFL`^OW<9qw&FNM8`LeS47(^y;Znwy*0&sS_iX>Nij{Lo0grX z7n<#xSiwG%T>qMsU9TO-5HrfOWxny{R1Y)uTh;UwwtZ<274lQCGzPlxYqX|a^R)6s z)kzA7Y?W$P2crKzrN!^7wcJ+mhjV2j@7`^>?YaWUPwBv*_myYFjS|uY=HRnyGquN*TvM6gtS0Lz-=aa>;G?yl=EzNhVjC41 zIo|+$3__ndJ~ZeFOFjdoJ>a-g<(+nAreU~Bc9Pm>;Pv;eyi=klJ9g7uwvFt-R-}{Z@UiyvOU=gjqJi#zC7ikPoF_d4Is9kjiUt} z5BpB?2Q|;MY;rFIQ}#xVi^~>Vm(#qgw1j2y#in`%V}iFr_!twkLmYg39_D*wD+QTu zvHkE^cp0ar+U%jGF?C~A*JU5yKcVq<3QLRW>XbS?$Taj5Mdj5J4h0w?DQiWb-)n5D zd&X;*qe5NH?alr+@sDLz$1{&0HTVZU2}SNoL(sN4JH1;s?_I za>LN{`?O~*=4>17S(Un8Z7~Yr>Wri21MmjiFju_f_;T`&(z3FaK)FM*_;B0QuK#Hu zix{-|a7>Z|iA8*rbc5x)tlF`20Ral~3d4N{5UvXUv%y{$!t41CXE&Yb;N6lR_Tm97 z|NfSTFMxh;b-$WC9-+k?vb-%YSo&P34W|eLaqel|!jQwGERE$adjU#0nj*nA_vCVo8{_ z)hx&GKK8BqV!?D78_!PvhC}v%Wz6QmY#sWeVJ~5pH9h`)V&hC)}k!~zEPJ}uVV#JCF~bDZ2kU6 z`N+FFBJVk!J1;T*!-awR)<9K0*~%vJc?Le&gY=4I__rmOo&nS+x&beguuB|t zE7R=#Fh@Vlk(n<0dlNQ+k7cp+6 z)&bjyT7b^aHre*$jKZ$^3B?MZvU9OFCN6G~I0tD-c#Vr;68;JK#$46UBU3jtHWNj^ z4O}cGIwSR9a?Kh`Fl_m>B}pw}j;qI(Pz`qts`lZ}^}jo8tC}6aOdM5%K5%gAvui5Z z{A1}@CpYNZ3t>KHt9gEAB4|N%wt)muAl^F&r7oU&(IOq?_GW)n2*I=45a{fzx}8iw zY)aH;`UBwG`hcq?+1GuPVuGUf&hKLt^sj3_{ba)GQAtQ~IM47x@=05v=lM^SQ2j84 zTtxD+l5(T7fhr$!+UaY4<9c(}+%^|?QuxK(zBJL4ulejZ6N}-DZ;4lOz8Sp!3M;%v z1gBmwnm*GB!uxA&dEH)kOVRt`p7MuNLxC^Ja+VZVAvW#wxV3U^u&E-tfg+LKzgW`V2N%h4y=3DV2+KSOwR4v8U~cC z8O9XiS#U4a(Ld1#0t_Ef#hawYKO#+t1;j3{Z3ZQ)78jj$}ZSh*9 zNY8x+blHnaMzK$p=^1=cA5EG5p+mOTK8T&4|GX$QSvlTcUJh;ZZ(9`1)TD)T3FtWq zm(;;Q@ZhQyTIz;M#*(eGHi?rDy^oK-^m3`;EQ=3`Ja!3MelV7d6U+s@T6$p&y74?V z-U$-GdifYheKov)3gSu+RNRkwI%4*Z**6kJ&NN({_ojHx&Ti^auX)X{Xc@mR0*%M# zQJX34E(XeShj6vUg+@~IA3_6>&c!RjDzS$sr+@>TzyXs-*xRf_h|tGU*dwbuG1FC} z@lE7YP;%RwWbOv($B}NFWDR|znqL-Dl>fVsn&e$2_%l=(EXj_}C3(8c6GqoH&D744 z6}cAZoMqbP=ab9wrnH$n>DQ6+ zZ2Wi{wD;F@eTMR})ncq?A<+!MzBOw9mvantUv{uFCk!=~Lt!D<=b^Onq{IUNxGCFo zQ6U{yz-eLiZ?5`C&VG%YOq#bs@@qDejB!@BSZV5t&?nT^3dVJyYNH9lKd5&mjRZ!_ zl1R`9fA0{eH}v~6KWn!mm8KZKZ~pQ1>&6KmS0LDEu^9ks&YsCt=Y^-n3Z-q!h-ftI zMJ@rmGoavFN{z_X1)Xg6_)Ju~8OFH~k_WQntS2=+Qi4sU(MPK1Wt71J=es^SxF^Da zgHY1XQ;}t-V4q{^){;?d@2dlAZ}f#=%-*)e;F_Op_rQ|bE6 z9{hCb<2rmB%voy_HTC!1^&E?v=VKec7G7IHX?l_UaoNO8pyTOL)vxMwhxrbWeLi>? zPFMqQkyGAkx+X{gzOX*%>?C$yKqpmJN+?#jAboxcK$@fe92McAfjg&6l9E^gh{kBOJ7vtp*}g;M8+0f z9;YNd_eCrs1IVhk#rr*KYh9;s+vygo=|-rbc=_|eJxVCOck)vZ)J4AU<1Kchg;G_( zcu98WKOU5elV#Ja_OjtvaqDL;sjC&hGiztICVRH9+Z%9!{=FJGC;UJX0tTQab}Ub( z?$d;`a>Z z1AW9wLUgyZ54>gK&TQob9xc@@=bCbZ?vHpTRmZb@f^|7IW^OJPyNqXFJjIG<^^0ff z;_G2emENlZQu{U9^<;-iX8X#FV-yXZU-7^e*siJkeVi*1sgZCK?vGCnc(sQWC*b*B z`5`N2#qsX)vI8?4TL*_7&G@E|_{N<LmIW9G9tnZODvI2qhP0F*URdNh0sFC&1>dK&br|;3tBpQeX?BC4DMovzY?#tuT PNdRqiJ+(4b+lc=G{9FZB literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png new file mode 100644 index 0000000000000000000000000000000000000000..9147d3e4a84e1694859f3d70d1faba43c92dea6f GIT binary patch literal 16105 zcmeI3Wl&r}wC4v1?(Xgm!QI^9)Cr5FYp_@ zi>&Tf003p^-wPs*5rq)k3F|JWBnA5y77quPkE$pP4geqn$VrNQ@yp7m|sHrR)DQAV8i8|pOCSB&PGB3IGq@QB;I-g)p(C=>1tl5PF5A(Q?$ zEolEG>k6q_t81oKtIJqurfDY7)W*gJP7-`@vV2%pB8vX|^o?B+9emLDu}OiOrGP;! za4Q88N#ox*1h)U8Co#*LFecK=etjhJed6%j?!1L;wFn>t_v{GhLRYl^4fUEwB>o|W zdb*^tz3mQa4R9XR;5C0x^!OPaZG*wCIM=+@(G8oFIWstS5T~*!3`;PXbGf*8M5Ng5 z(ybLv+B1)^VhH;Fp0AY~*bP_ito(u}D=Eo-J^YhJlsD1*=c+p4(H}b-T)V=zbaY<{ z?$7D==ylm+^J)&>E;YXyDk822mi>|QxoCz|#C{H(NZYq4ux&(eIBu*0WqFRMDJY7^ zc_!@2p0_)f5?T?tD!kpGw94y-YL7j=VahuVu%9ak%>*%B7| z+`(}31qZhLbG~-UjTbP;?_*1HrA{RB%?*>tYxt&185q)<5S3D!-~CzLos&`C)nDpp zvHEqID|hV!(qRthoJi1_5OwuDGKi_hKtYiWVdapicUi-En1S@ciVOqrc0+ZLiK{=! ztoMUK;0QeFVH5??e z6!CB9OdS6DB(9#|&IRFtKCF;St3k+*VMsrjhcVIk%5W?jT$V^%LzYG)y$Xqq5mea9 zbeuvX{@<#R56X|D@&vbit{pfY&Rhe>w|$7Bd6_VSo&H!(Y~qYZ3wvjdQ9oKCaQp;v zg@D;D4f_S{j^8djw{2Rt{F|^nWq1Uk06RM=)d~{#WfavMHt0$ZoHIYns=4(o7jC9K z3oT-{kO5m~Q7@Q`4!y^r8_Uqz7l)pv`8ebB^lVny$#-v@SAoY(CfZt0t8b+adpbSM zf+pg^M!jmW+vuf3yM_3!^+%r+;mw)x`V4U$m@f*i0t5_d*In+BlbX2%jk4kKPvT`& zmPNVt4>0;&S1v-&&g>Qqn+MKC62HKMFR@P%^bNk##gdw$IN8cH)2)ArJi9jZ{$158 z(r3HV{S&NFb02-X-^BU~vb8Y}!=^}5Y&+Ip&0NVC^5?F}XXoYZ(Jn^Q4ENNF3tO3+ z22W0H!iI-}B#HwFY_?TYnKNaJ*#;2z%#u9TMcp@6=RT-|I~v|Po+7Iy z)9$Cs%s6}zXC49+;{KxvlyHako|DjXGC0=ta$^c{Ld{6~8QZF0yGqDY?+b7Mb z4RVr$kgIO>^c|l2=Ag2YY8H()x~kYjz;f=@`3H;!$=b zNy(=AtQq?t*t@n*tV1oIzA-jEve_r2xB}bY>*IDW%tX6?_3fBck&gx1yqUEMy@y zmfYxQz+@xa-rHZne1@N4hpD!7Q&C1*%-a#W78P9|BLDMyYr$`A_4Ho0f=;8{U*}#;=(LtF%v_qS zVJDX;h$~M390O$)SK5uT*yc`IJ|@Ed zq|&(PSbLX6 z(OLgf>-+YBj7*08*re2S4z%~9O>~Xyz^sU?xHxfX`4;#rYy%wDkOa0s4He-MZPLV>}4Psx1YH5FCb3p z#^}cVgInW*^Mec@@P*(o{YAplm~|iOn(c0h>M(;bs5D_EkVKOQnsw}+^wqrVEZA}e zhNzR_t+|HR?|T47s;Bn24nDj4Hz>_#^Vo zly{vu*<=FUU)jZI<~AL(gsbzoH;y+0@9#dQN*d1`Q4z#jOV8@Bx3v8I0%m07Q0s`| zpXfy{HUeK)UOt^%^n?j~+f2u{`}moxfxZJ1%14knX|;W|UF(=|81<>J|Na0nbn#Lz z1FOg-&F0;yee`%iMp9Coqt(hz5ix!Y)B)>b{^xD+!Up#b#)Z_|@|P#(ee+A?PXx7_ z6ozP8fXM|4ONiNJ#sG3eU6}r!*RPzjWst>wPam%tb3vnl>rN&5yn&)Dispg^GF^g% z<1Spt2Nchq$HLfN3WG#BEdMJ@j%X3sl28)FOj!5_)Hwx&2o&l9awjJ zgrbaTfyk!^l{izfu&Eu#n>B_j@0QovkrV;yZ@8jwZ9%YSg4p}-odh7CZYTL)_*BZo zOE#Awe^};p3<>=ACgc&oE^7nl&EWR}s~UVu$KSkU?Jq~O=!mzhuwKCXx19{*3iZ!% z^&4z&;*y+ZKu37FS@BuT2@hB=w9e7Yhi~T%q)QlFs01_P0&Z2yL?d1M)$9VLD)e_N zg)vZMj>jkM$PZ*AbZxLb0}Nus&1&IhU_V5Mqcux~g(U0c{>h0kqcN>y$IL}S;q`3? z_$9rHBWP=2)j5ZNKuu=f2$4WQg1LcodEz48-jN*nozNiEJ-tbbs5Cdv@j6CBJnlPo z=s48DoO?jLO6dgwK^;OFs{zpy2YyVn&A?PK8#Gyecq&@k?mB~UFm*lVoj9dps3}Z0 zE`ypS;zCGQFJbz@F-5mf00Q`qG|Q%-lA`t{JXxw&2`K8`O`v=4X^K~sR9He0+*ugF?7?Ze5X8Df2b%7 z^ttd%t||Y)X2J(kzd@_q^OSBj6RF`iCGShikFE4d&dgT3ITv+bAJ3v9UP8kxfh(It z^yi_ccRdo;^V{aZ&Bf^K2`z7!>#JuD%wD10&k*Zn`kJ4V&ggw)j`MF;Th0-X?3V{K zJMk)ko~!FjHbDHRZ#NV;#T^Z29eKRO*3z|3!e82>Hcyl)e6O%h=LB1+jl#b3!b#J$ z?Wk_?~UFHmj_@wBlX8G8hxeUDI$}Z!(Jp zB)O9t@#ZkP7IwH{APBO9Z3yw}m4y{oAXB9y!DXLk5lk!ME|bGhvraDj;>3ud+t%ba zLKo?|MvZ!JWWXHvA4i$NhHU|=n-s46;Tbuxcai-PIo@k;5uyyrpGS)n7Z&tL10nk0 z8(ukCYb7kQR7~;R0gFq)XU-t-ljC6T&;hGU;cIr7?wg_dw=W z?7b1YJxWV9Czkl?7)Ewd*ay54omPZMWC5DyC&iXhth)R$;sgF>HqBho@zkthBMOZC5n*{s;RGC`^a9=Xd9X$590!Jd*LU3M ze%45hU$gZT?7FWS1);3>V!j~u+RdR52~ZJeGl>?%iwNn)!j_zs<{97x{ze!k%paM_ zF&e&id0`9o^$|`q_9ukZZtzKpw&BkX0GrdkWubckx+Cl!D$KpnYFH)qO1+nNCcpzh zai%-sv}VJmiEC%=#gn%Sid3Ok+}{l&m1K6Xf@h$f0(mV5QR5`p>zSdEpPBa~ zj;8td+S`OWx$u*ig~OQGW+$i37XUx4)i+LiqXE_rAThEvp-G1?^0e^9*mD!NNUY4t zA({v*-VE=h*hFjF;BSsU4+_X<1DuB|HD8SU(vl+`%j+n5S3*Y8rC0SjXO|X`XIz46 z+P$f0S^9T0r7dcHMLI#)mqbUGHL)TgBO@z$kb{GZXsb%ywMnp5NpkYxmHq3$GRdR> zAL_xTvEY_0L?r#cCiH)w{I9VHR=q%{)jF?14&Ehb^5Wmorgri^CiKd~jpm7SasfD} zdfBmt8G`Kkal1MU>C83Zl&{qssR!!p>CDWLKUg~-q?(MaUW9WuI$f>StzKxx z3(LnzcgSNIZj9F_8JJE zSwP?G_!7TlRrNR=s^{PCM?<9c=3?Xv<*f6^`*O_Gf(A)NB{Wb8;fph5mcqBP#^43{ zikaMlg_(?*6F$~uE7i>FZ~3b)Osi=v7!w8@d*P(gq41;5nIm^vGtLHp=EkGW4dO?a zwgERK*nl?jwSmVL+RN>=LtNT5R;LVXQEADWY5ALGStB;>&yIGn7(%!NQ(QKY=+A{m z42SvNh#%KOSlIS@96Kfp@R^Ze*4EVNj)pOYCWYC;?sOepGopSCUj0y5dDr+{{i27f`4iNP7`#fNJX@ZM)d}!Dk5&coqpJZ zmN(4m0fYY$W8j~T?3 zAGp%#4?Ur8HtoMf^g0!Wb-3q|`(h<@Lob34GtVxhZyL%k$6WXl7_XwMi69EL*NqfU`!#HBtLVccK|dn+dYIK3tBs9 z0716KMNBf^0P#-oCnom$Xp6=av zoA7xuPo|cacxT=VCd9SkZt=drtZ@@bKMMldrg!(OSnCgMzgI6jS`oVxGSmU?g#IZ& z-Iw;jquz^AmwXrFKm-xN)!26*ev9{dw4008-JLy+$2nL--c=XKGU$+#`+-0QOcX=d zR9q@@{I>1x-{G;LPPe^x+^y75l`jdaTBVUao$x3&Cad2gu(;Sh0yPhnjvWV*ZthFY zSPJE3#jeExP)@uckqFWrP;__Gfoh}V^}9-CgZ)=rUrer98sF_x*TVj8_y-_3u&7gq zI+R)OcX)08ji?!l&L>5$3ObA2bHjB)1@O0AtC*SjxYP_IU|~h@MMY2BzV8P7WNbe| zE1Ka+2Sw=kTT^T0)TF-aqvx-@_#eRQn`9&lgVzz3D;fA4AJgtJ0YbBjcJ&% z;Rmmri;<1g)4WzGkH^+vcyK_nCX(#EnEOp6$Nkg%!v)()f@{G|Jn!lvxh(;Xp+5SY zhxu|YWt3HXZPBkqY6%77bA)W)gPrN3A3qf$83Z8r{e8w~=kqR*Hd0u`J{#U{raW0J zTp;x{X*9kkmPjaQc%k&%_>IR>Ed)#m@GnwlIUYV-AYm)Cjf*Jh(a;{qRg~S_T5D>_$8ygNZ)Uwt<$~{Nsh{ujw)Le^!N*u zS8ZQ}9y+@R1#vHW_`c1~gC{7$dvi5A#-7|6SW)KZPI9u{{2wz-zYykee*r-=zAU5_ zy+wk52(nCM^@B9+$2~6aGgIB8$zfAbQPG^a^Z4xb#s$*bJ?lIEhnsW7+Yc__^;y?v z&d%uVr@exSOE2HsrgomiTTDaYY)^0e^vgQT2T;dYXz>mA=-tP?V!vcYx>Zvv zQ6K?$;a=%8M$mrt5GZiF9_*Nh;=hj7T{i@hcycAW&ZXgJm2^=?d=8A6j+^%pS0>%< z{wva!aPmU;2#l-4-1#iYQTNJ$ckrYxdJ8<9_Su}Tc_kA zPc&YFh(r>kdy{IgpuRSdT8GV_yUs-X+k1;aBI&zYAZNByHZ|rgY!iX}M2EFR$E+J8 z2&e_gGUy^|$^W_lk+!b8Q0fubAO}xzT@(KLu-EBKbiKaN)}Lr8ESpU(803|_|NYX& zQ9-ouN02!cx9rnffaCOK9K#_(zVs$!pT|A24vS{V0E|uC}Rh&i2Fi#|SCjCo^56JGC70PcY zdDfd-g#>ia`A{Gq^OdmLa$}LRqKGCzFRM^ptm}loMhv!SG8}Tu2Yk4<&msaCu>Eru zp-*~Y{EzLBITsqW?3(4=vwEvUH-Ecut(ymAymAdf97Js2C`nU!ZN=K9L9XDRcMGe( zFjZJy6|9f!5z4XkA!Jn3C^Z{i2cW%mo8x~xsgHXMdQCG9mW0l*zpvx(ykXvVvO~?J zkWY470fSky>U`@7(v=`IOWy^64*O|3RyfR}Yowxtvx0cYs7^tULHb`iTu>xLeVQK_ zdpNAx^>|$L{ss_2b{J~)B|{`!YJ&O=FWjIY$|=LNguOTe82y*JJo*N_-UI#}F=*^YsZi^?wXP}0_idpg zcDy5>H?KC+F!Uo3+7u=+=#JVu`_#x*Vjgdus~dHM{X(ah-+1J>b6ey>j;a=QDwXkTH#|`sooqY1_sA8ZsNJK2BO7dU zke8O(Z>^P8=UkM?AX^HNLeTdQM3yW~pDm<%@Sj69xD{29ttNr=Nt3!tPMsq4DkJ^- z4tTG77p4Sajwq6jTA#1%OF%vHf2#t9)=gqhmO=uttoX9AJH`}oG*?Q)MY2$CcToVM z33YIGy=93A-Z z+BN97$k^A(+oAo-u|Qs8(*Dfrj@kbx`S=?aXnqFo5B4JJZ~@#+e8+QZda313zp%(Gks? z@r@`ZA3VIf1&n#4ce>2RM1RLH^4iqzsHXot?~t8AC(qesQ}5#9hTXjM@=vn)Gk|uW zW_;FLO2d%tGm0?|jDGTjDJGf`9$8ko0BB87%FUe_L8CDSnxxKsKZd zpl2}@3#bq_qd>nkjy`Qdy#lJzzSzzn%Cz9$2?aY@qqmAQjIIP7|3&A#eYBS29B76E zFjer|BKzXxcXcdz4RB=^LT&Y^B2Sd}+aG%6%iJg(`L4U(*LdEdvf9rgPuMTHK+RTj zQ0Vdt7+i)6Na7r(0O0`BCC6#OmQXIn)zX82U@00rj6o)uN)WQw78=|!)}aS*;_t^d zE@NelcSQ3;(l6!##(Qr*#V@swb|crSQOsg(Pcq(#m#_)X#_;m@VvGZCp2*k;;=OGs zHKC>udiLZM32|1N4U+Y&#XU}Rf(KGdtSqT_lYL+RPNHf6+`H^kU>Q;JZiw|dm4IuN z%<~Nl{EX%=24&RHyf%R2Hu+Hm*FrmsjrTQ*4nk9oIwTU((wR_0{SyogE6z*84UeI_q!1K3%}rVCVDUwwhXfiDr7JWpUf|lXefgNu*13p1NzKe z-M98;2rNQB*H21?WM(rNF7jZ!yu5#_@cn@S+gdwxJjJ?Yt{dfs{H4|GbtXZjXy-7{ z!N&#)#qbU?=E?g!iXP&|_G(HKur+d&2fQP(LAeV+rL#WU)p?uUpK}woj^LS&4wG@C ztYgOGHjx?j(l(jsm(LB{!>UBV*}BsHBbtk@&!I8U8}!S^#AjMN$AEhzDQOm@{c-jj z(!#GGf8`sp)itk+Zx&BSET8@N;BsvGg#UZ)6s#R$=*%5BBG|y_uZJ5nJyq=Ee;wou z$LKaB(TPP=MI9H$8|^lS_XEc7bfQ1;vEClw{Z2rn;J75hABaEa;F6D$nUY@2L9AEs zgC1SUc6pUfbyiF$L>YMUev@WeH{CVmp9?7k=i*b-2o_=KE*wS=Sra~CCh|aZH6qkI z{56>#J>i*bH|%yhHCBM9ArkQ;oM?sVZY#tg&0qSp4vdls17*kh#=pha{6|3h2D}o3 zv>!FwSaE1JUcY>22gj?}ME=Ta*78xQgxZD7M)pj{#oAto z0`vVb%8i=}&wMcrRy3nk0@3)Q5Y^gcI|G@ojRYYK*mn1Lh!2zEqMVe_-8;8#N6cOS;O#0hvu%58ATZHZseu7`owncvKUilK~ zrdB{NfxqboLx=jO7VU+s(q|CiD=>b)6a9+Mxq7C-{8gmSdJVjP{vYA(ZzQP`OV4h+ z&9Riws%7}i{3Iu1_R~N8tqkG+CR^%f{wL^Co%R1$mIHzXBC_J~wj12@pDY6ho8zQ5 zWu0)6Sd?I*ra+?i_3ww02Rc|EMCQKv5ANnN0_@Ni{bczBZp|qUXaBb>_}|*7zu*~f z6PT=N47}4>S zrh`dR{!)jgn4WE7aFOWs3^e4O5{AOLoJgEb1Wq;&d$;WF-1T{Egf74$)<0v*96sS# z6|$+Z30;AwIqC4G=gQ_m+8!A#*tUjX4*MCmza0gNc5LXr zm*zwY&pJwnzRx$X!8GqWk49=Y?KKM-zD8N&7rI1IVa3}O`l?=E(~5J9o3wLl3Hw|W z34X}6ie$|Q({OrtGhxmlvHS5Cew4x58$Ee(CMsrz@hE6qj;)w=V6dLD3P+RX-M}bn zh+!W@Xk*lK3V;TF)X+B=_*n2WHaOVl`TL473;(IfdA&wUz)iBG$R@Xv;{XBH)*!>M zk~>eG&4@|?x5i=Abg~el1a8aa<5nKMjuBtkMowtKSdp!@XZTOhD}+p52qrMvS}Qq-uRptzPEBof;X7^)uC3XboND|u(SOvBCHa7Mtn|ev>d`+6S zwM-QEjQO__Pp+dD=h~Xd$Dui|-?Pk0W-?@r7NYq+&EMKN@<0^v2WI#$`oWeh5Fb2X zc@2|h2ns+{p{Ez@d*lbXf8_i->Eg^Wm6hj)`t{lcX0d1)43Jzn)Pyy=VpXB+W?<_M zJoq?q72TOJGTqC zjafaZ8y3Y=kP3S0AS3-)R7L1H6bdtH&#S5DGL+Dl;puelU~_XH8m8pCx+vtbAomJ` z?+j<>cAtf^p1{`8W2*OZAM{w^(M?N+JR2BhtC^5W7en+IGv|3_4-3R~aMmt4FUI!# z0Dhq^HMs&=QwHV0M@sgWi@=Xw>vZ>^aJF&|EYJTVsRH5uw3SsO9ZFfEE?W23R=cg1 zEn>wI(_lNdw5zHiOlWfM>t8x#ueG|D6*8O>JM75frTu zrZk8XJ`2c8#!g+b-Qln4QMIVYy%YRquSbJ)e%kuoxt$ZcGHW1>Swtyw94L`1R~BNv1jonVwA5i zNaWmeJ|#*drG?_tzCM7PKr^x7e#&~@y^FqJ*lGP5mrXmVL3HfYAa5+%e9q?q3nV&2 zFSmUB^-b*fZXp*E%>zZYF(>Im8GXkV6F6k%>-=?kB=!6gE;`n_$Ql*ZkrX%It?s2n zD`)j+{pRwkaxyxj#}orJu!b`l*+b$DN!&?}dv*1}`06AQPkKJ5kEB*}KFA$b0#&F1Ck%DVV?hY)$; zbr~Q!eS8P)D6ku+5Vm^lnXgwY6Qu0)qE%#AlNoYH;igyRg|d-vH54 zS8|p*W8|%ZLhht1nB9x2l-Ovr|M-@&A{(WT-b0d%)8j_rEaY~t44pq zqo#Jqs5xd6o_8EhJFzy%n%h{hcei`CSGGHwNl`}+Ilc^Rs3%6PU`L^-L%#9M?5a-F z5ZT3e25*WC2H2vKpnv*F2Br1owN8Fj@}+(y)G+4(JW`VL$jT*?KvG6QWcrixvvW`c z>5#VpJwP-GJ3VJUh9Ogn37^=}$A|z4=1IRNV{I1u{F!GZ_B(ya5~oEnSe6URNipRlJi9Wo4~T9=t&X&Y=rRE{6m?^3xPECN$NcToc|b58{34!bpPE#)rt^@@@^e zv1!T>C#@t#GFnZYNKa%G)A{9lCogUyug%e$+sS z@H1S{C29V6EWd-05dBD_ITprZ2;g?xnJzI}b6)^EzfQ!ZP>K%%YkNv1vnF}uh2s+^ zeLt;_|Kc|J;M4tN5}T$#{_+*zy-{EAJIN3nx{YWWCX67{nh;b4snW3a5{U#XWanmY6!3!iA#oCuk&W*vLCuz!K+SqtX?Pn8hgh^ZJ+YJvcDkD z(8aSGYC<#V)a>j`Fvj}R#Q!1dhzmA1Jr@Nv;yJ`1`Xe~%xF~o+g=G#so*v2xI=N^p z4j0%ynpoU_5A8vA*Y{kbZZr*CR&g^V*NnbTl;?DQfe_)!3X3B-ybWy&Xf!AABRd~Pjd2r6N(@Pr2J zXe7+`BiM$S4DQ*lI>F7!tv|t3vP3JFFdW7zZ~YjZ4}IQ0)CTyd2qJ@tB?H2IVHL!; z%S$BV#$V~506O(}&wB`dN|STsU7}&n+EgzkZPP`Q z97kX_zHX^T4c*{OQsTLngcXZhI_|EiT0&Y6p^%X%hriA1sL=LTF2M46 zt%nXP3`kb%5T1*%v7n=}(Cw(of61h^1>9coX7|xJZCu$;(&>}emAR|{Lq;YJ)TkXl zEB^^OK>Sp)CotTC28JE0XsN{*RK*EeYmngx13Y!0rxtzI6?djVH|m8M#G_igA~6=M zRmmEzoMf^I>L*@ib@iY;-0AgiZ!Rvl4!BY?j|-;GmL|yvg~}4+Uj@S7cGj|MqN^J| zLs?oq1+G;84iVpWJs2VVzzY0%|4g8hTOC4?&A`!Qb-eO{TOO*+W<1my6n%%80MUo| z(zO(79I88ucyik^EAk!kPwG9no%lCL(s|2X1H;4Tv_p#2kO4?rP?oJ(5&8*E?traa zU$fzbfTxKrMzJBC(tTC`$ayE#g-!QTw#O7htNGMV9Ym8YGOjOiAe){}93Z?s{k5o`U_3XOIHXQ^7irOI3;o zFo3&xcc$tGjET&UAfh<7ZtV>rSvYc&(+VN4J=*%fkY}e^nM^H`@pryM5r=$x*C(2% zHR1i_EimUPcWd7bFY@jLh8og7gkFo=IXu^2w4OEu!h*u}y~TNARoWNC5$10`wa}%m z@oXo*UOXNVn^r;MwL*j7-GGRR(yZjsnf3m5U!+1f1p?EW*jTI!VMIo@rfK z%V`q$7DJBf%EqCAA0+3|Wg^K~G-v_H*|3rehV2`;{k|>PXcO9E#B!p_W76-a5>eCO zstd3dJu+AYOt^5YljN|kil!N!MAY~=5?hz)C!X;teV+<<7kpS-9|~X?Dfxk3Gym-@ zZ_{;CinFB|=9|f6Hq9#W;FX*pmH4!tTyKNOpU41ldAtxgoi@*1l)v$OQ83bZTWXR3 z0O}v12KuOjh5J<|8}5!1oIhVMV!WB)?oyNxuy0j>u?4lr#?kL59=!EF)FeJqzlrN4 zu{I~|_g~scS>O0vLJ@w)z1u-*Eux-S`g|RF)OEe8BrHq#w)&l2?VN+c9(^nMcCg{q zp68yxy|4VtCUv=ec#pzx%{*w@paSp&mb-CUnUl;!rc`2qa_$(*XPqwc!eh2*Jj&X+ zGS9yaY-ruKw%Ltin@ z_2#G!MQg%$4H^FsewFcyqypzI#6Dp4c{+RG_$nV47sz&DrN8_^0kx^<6`tt9$6>@!Bi47>{$@H zAo(?h9j7heuh+;A3mj9wYSc!NfJi^Mjiz5q%(bYCAf9pD=O+RxakMhw4rEk!bI!Yt zxpnf)ZZi06xj-X@*HnYknyKN-VOZy~<&mk3ikn2pSXsPo2%OCg`Slwr(Tjz`kzBcvFb{JZxn>B8l>7K}vG> zbJM`0^E+{Zn3BJ-=sgtX+|8e`<%!UKNQl3JRwMVcp5agHQU2SjEGRk-A>{NVk&{T< zzC^4zTcfz0bF7^YJ=I^OcN|* ze0Eysk(Ofg!I_fdQtbQ&$Uzg4+>BpptZT3-nSCAt_78>PY*=E`&oU_=g9iNv=Ksjh zMwF{77%>y*;2c(yiT4}0rMC9o(bxrC$l^c$;MJ|e9@Q8I{mkj3w~cy1ZCcbwaz0fx zJ@}|w9m3nb`$k>1THN6FJMzS&7{PQ669ZZV7nCnT`cP3eAm8c=UoAEx+%IEKK$D8^ z@LRUELs=(9A{iA zCwRWFhM2k*W6Zm&ad9H3anddqiFJ&rxrY5)OzJ4ZU2=v^{CTBxJLkikz1gMcq=cop zrFp;ucTAv50(cB9x3gch$$z@$3Cl+~Ur5}J?03PV*2x;G-!Zx>J@~*8oW3>db7RMd zL5<6AD5e#?4~>0$5?d(bCBKXg@~Fi_^{_CN>8HU{Z^^tMOf$r)-Pp}Rs={v|{ zCbWK{wb_^^AmXL3(BwRo*mlGILN{PE=tGq1FZ!QgYGrV1u@C+j>wIyI9{IQn{yN{V8=g* z>~cq0Mc`B^p`ybf!kUbT<3$;P%l z>UKSXVX^#6rs}~ne;~d3E2RnvxM%`p?M!?27AW!hXHx3N7`jv6r^`+k-xv8sDr@qf z8=7kU6v(OWIkg#~g4W$`DVM?i(Ba2@?|ckVN%Sl+(_@Z5&k3cSTfH;GJhUcC=O+m} z#yeT~vofo!;x$2NM>eTE*!OxS9$=S=*RaB!?se3^*%A3lC$0;Hv-e1JXrpZhY$R~2 zpCnkk^OPz?c2K<|KYy3*oJ3oUWU?scs&F{prx|DU8edgcA5YpLMI>mDx~#yg14C9X zIjTSEbHBBo_dDhOrbV?5hFLGb3&c_oY;4=xtya<-+?M+Kgl=(&N*PePp$Bakg73o& zO-{nIh&sAAW|xr4la=yNYs2@y*x=8hKO{{b+XFZz{bM5NexntKI20%C`QWdRDi0C`|_!9K)vcuulrk zH~g^pGJ7V7Za~RlYu4e!N>q0?dPLH%_gNtsb2k2mo_aVf$1tj-@MY}Z0g`eFIgjW- zwz=qqqQ4dCgE%~fXFbF%#M_@q$j4#Mil1<#X zchhvk0sg$DsmH5X_iG}ULCD?(5X+N%6V6aexE+;`;Gy?s?GD!PloOKcM)zawjyvEv zra-x2Fm2Ms3G}^UCi;Um)lei3rkN?7#b4}T?zIX;jjmViRjChlABQnb!^Vb4Cm3va z^7{Oo)B3T>CPOadru_-(c$Uo82WZ+op4ew2X2=xzu$i z6_b&rmsz1JoJ|F1al;)eLU2*y z^tn^}Im%37B$#PmbG95zPD?zMBG1-ZqGuDj!D(#sESXx4w!c`Xo=_tf=7X0*Jv3b; zG}TFgas1w*YaGi{T>6gCs9&k3u?|8G)_b0 zKM_vrS8ekwMY+cR3Dol)>#(-~d4a)v@r6ojXN73kuT$CJB@O!?_0*-qDd{{Zc!p&o z8Ck;j*CAADjE#7}znW&cR|iSSkbjCLSx{?15z<8-8-062NVLs<7T*-Os#Q{Q0qy_J s{`^1HHH!(v{0F!_^j1{NhwR#ikpP~5AS9w9RL6T literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png new file mode 100644 index 0000000000000000000000000000000000000000..29c6618677c0c3698dfebc4c7e0ebb50a8c1d512 GIT binary patch literal 19531 zcmce7RZtz#wk_^18+Uhiceh|03v3AP?hxE91PSg=VB_xYF2NP&g z!5RF3zq(8@^tpsZ=zOfe_tC(BEDi}S<4)OZr|*CuR_=*IRvyMIU`RecY*uv7xC)6&~{cCkKCelnCfg-en8hph@5sGp1h5kE+BmxH# z>_4QC&4>7h1N1om{R(~<)IY>1REPM7rZ`CCp%{{}l92x}QsY1HQFqjbS`nk9p$lAt z{?1JLT3$va^Z;d&!|O=ozo1Wu8;tQ5$k<)@1sx_aqpNTnuz%G8{X>Ec?L9ItrJ^p@V}4x@=& ztu7~n-$!_)X)Gm+^ILQX%$+$|b46nABvV+^rA0cTk-L&+kj9ORgB!#R1&X3CTgO1hilou z(pk!ZqDjQTh=zv5pIxlXsxb{m@cb?}XwfJ}R#2Kscq^@`jc&>+XFC>_tjd^@AIlx! zF8CyQ7+WDZenG*$sUajz1wBk)R?7E!0}IpPL7+NHxxDE`EV#Z)VoRrSN4s7?c5*Fr z$KL4U6{29OFC}-$>rM;zhvY(`p zkXtSRGS~F&N|ZiOjJK4WAo|DhY`Yo)#lCqb7!X;WLZU;`7VWuyKi~25wcB)mVQ~bD zkU}+1&}{l((W&`2@Ky(4K{@jXkfhqv$b*?U6PYcuwr#Ldhpj`R&7kx9<3R_sC)Mam){X(^u6 z>fVEHA%sj2)q9h^3Ts_75Fe7GwM_=A9OV*?DCUH>O+iF8q_2uU6ef&{mKW}q3y`0WOP%u`r3 zezOzZ4G?moaCOLZk~EU0rmGkCQ80~? zMP65C@dtDjzaWn*R;pneI;xoUPONn$Z=u46472_#(+`)J{5dO%)byV965gR2!wAT@ zNoU_JN#^HOyf7r#1wz$kf7eqR{8ld((Q|dwzx}^-s>KIVHh>)uiL5GPrE~j>Eka%I z7KA4)S{=ITSp;!psT2Lj@L*>3pW^+Z)E2p5r@Owx+`EA$m3H814DMTp3#7EckAyf^ z(V;G}J@**piR#*$D^$0;1rcXEWwg>y^>VE?`;f*bW#w<|T+PE*uwvWu zs*4nV3qez;u_vO4y=oimY&DA63M;NoI1_aR?6z+Z>#+;d&7Of|Lh*hvgvISc5=q!0 zW|=yBrQ^Nyrmw|1mG{rRUB--DVPVzqF98DRWMBqGo zN{i{O=%Xx3`o$`wo+gluMZ^Qy^iXrIXUMO+z$)A1#K81GW%y=JE)+SmocTt2H=t&o z-fKWD4{nLx_iK?l!acxyBptzXmD2*=g0N~~xa8OGR^4Lk<`0UY-;iK0=YbG6Vqi#3 zz=b5U?ZH)VNazmHdUN3Ya8*<7Ke2#a*{rPgv)*$`=RVfvGZVGasxce4x(d}DP% z0_NAu!K0H72L>u|+{_i$dS2sCtomd%F63;9{Q5ZJwwPFp9VUQ%+3q!4qi2{JN+B7q z{p&%9T1&o<>T3om-H%l7`q~V7jkkXS-5a71a6r;Q-5aS;f^i-kdyz~}) z^;FK~fqobC(k&Ytn$rPS1<+r8u5XgNxyZvq-?B5&%gY^VEcZ$ODqshjD-Z14a6QyDMXm5M^O`# zpySRSuqasdet@jSuqAf*j0UJOjA^u80!=NbvNs&(C}l^PDOv6rI@NWxCuZv(H2uCJ z5F}NyP?6qJozz2C98pq@GkEpfRX529Xv2#7NK2xA7)s=r=P-A34nRn-I-C;8(z=S@5oVdQavB8<;iNY$Z@gGhY zqmprp6^htZU)eDyZCZOrM-k)N10pf2Z4hB&0p-nVRMlm5P{2@|Y|-J1>~VItEA|P4 zYwYmn1=evG9jmp4i(r;^KGV0do%FURcx9r6-)E%ZIx%N6@?}pdmG#bE{g6cn)^!gK zL6>*|aV0!P?$$O-X5`^~x2!6fH|O;uCf1Cjsy&X6{da37-wE`~MoQ|CU)plk`V zJIk!GX3rdFmpIYuO7{;TUtZm|yUDKcZhF1&4$r$tvVxieQ!xx7OZ7#8?T`3N)A%8q zA!6pQji{NHfe`)J%=+#~4;L+=exMiYrQa&G7Q=uEd_H2Tt`{_ev_Qy1muA)In@h?X zyB<=CeN-+F%oF%R_@p}Kd_Ie-<@{v1bjpx}4EgB-b!3~q&7~iUw&YFg zQCK#2cCD0{&oU`)W>HnMV1I)ZWdBQ3E@bW+BNFpC6wL;kHP}V_`z@9qBQtrckR~0Ow+BMpJ9XpOr~z1W|YUb*A&Hx6p33 zy480F9U}u!Mlbg=sH=gDbxd@172z4AfRO~${$C+trXLG690h@DcNglqVFg@NHGX878i-m(mRv=LPU$ zq>bZpY+=#saxB|tc1Fjzs87s+uIw^6ff-}L__@R%t~9O3^t>oMrW2V9;TxJ%(E|qu z#XR?E{S-`hjHxOFVV>|P!@=4HP7l+W2r*{Iqa)%$9dGYMEL(XmzE(UVlPt`gTae{A z9$#6#+AwK;tn^QgOQf6f2NsDOrm0Wpoz7LQ9~OVnOqVx)zx4lC?zQm&#EVJ}j>Iek zOQy3T7L`i+=T!rnv*s(DK!@o3fb@JOCvUvm&bw3CIzor! zjc!tp`FmiyN!ho$Pxga=o7CEatpqcTroI3zK+meMx%0Cslci`0w&X|gCJ=&Qu;TN# zijT=^dOW)u(CTN@O063WY00te6F_H*ovU%F^H9NVgX6BghQocVLDASa@PVVl&iFh8 zN{82hJtf6`R{mUs!*pUmalXI1i% zNL)a=DQQ=yUW^yTewIlFwj08~JKGI;xwq{P_Lbp79r)7HwkBbNzg6{xl0g_t4V`*^ zj0%H52}wtG*kfp7U^X9_xSO(i_b2h)srrK!1>PfFlY>yaq|T=N`NqsFxJpcz zjTh>*21crSHdV*%nUyK74&yPfJ#uBP>!+^Vn7%|daaAY-Ih`PiZ%t_J(%if?V^1d) z9tPV)LtPD&&|#gOn!gJYon!cEIF4@otIf!jKvgs} z3~rV;dr(<|OQ5)VjS7VHyb`|+S zX;(R=Cxu%I*7VtWG!&69V-4iYFGYN7HG05$H%Qq8{OBK=^TKgALfl?;7_ zLTOG%k6d0jDHVYip_od-*U#&#R;PNYI+7#Z(_-}B*|A*RNVs+NaY}RgUW_dB zW=5`-X7pCtf^oaf_4A@Lp-}==Qa%~54Di&r?H&Md@#k>MhwmnfTPoE3LR1GPr*)%8 z3rzwQEq~IA6~^ZFPr_s;w}$eZH@3g9DwL?Q)LIRDpq#G)w2jWl&E+JhQ+r$W{X2y0 zC;@86!}?fk-RPXnsle9oziKfrwabnB((GV2>5vEi+KY%Vt3$&VU?7dO)q*c$7ych; z9uZ=SMbvz(-iba^(#6$=fMPsO@O58N%37`IoOpxnEXHpS-ZuZe(TS=Z?Mg_&`*-}c zc#^*1OD{1l#Tbm6%bPy|$T4K#pGjB|P$2H#^2|X7xQ;+!O-|>Lad~NrfYn4zY%V3Q zmi82Y?3;Ya`nn;`XiWZR6g7wPBn!yQ9$5)_-bKu-Oh!VVkrOHAo+@<3Q?S*$uj#B8 zjsAu!@y9PV6bankp62u!Hdb^rPB#-Zp<%E?u)Q8gz?$rTZj%vH52if2JfDKgD|w}Nu9nN#c4 zhOVF)oK?l# zL`l)jn<*)yZ*B6}zFEY79iP9si(xYVj@!l||EsN^|9?%U|Hw>%*xokGb2l+z43Zz8zUPqA zg%c7plbJ0H9S$2^Aq!A(wRi6GMj(hZu)q)Ty2^$nsF5Euq2($67p@c4mm*c}o!50EiQeXVAGm+9Cdm7SET3G>l z&OY=*{`>^_V|?y@jHOd?!{-L(hZvto@{Aa%U95!PXa>k>mYo*n!LBFrex2`F+{~As zDhu9GxHnwnl!*Euyqn}2P;VAVB2(N}X>KZN|9g=zXbc}IE1M6JiM0rEzGgG*(sE~| z|J%cF47p*H{&cFO7g)Ba`7#Uwk{Hvtt_Jn-`m6IJjh1BXqRfxxe`_x)+UDrma>HS7 z49>1*nfMz7d^-nx!z~Zv`O5ZD$8Jcdv)BeY8IY(=?BqANAw3&j>I_gvoY(ec9n4Y? zWydYqLQsv7I}99hMCZDnr^FOY$O!L3&AOYP-dQy#1x#NcxjuYN!i{ooPskUi7g0X1 zG+T;hD08@(wkZRM34}0cmhQFVR)Q~HdD@nzJ+VTIYm~4&Vza~dAV>S2_hKcsCnRhSq>JM=TN1T?32X6ORCB|rE z>z1HURq@kMPQIy%>PbQ&=^9kQiB z?@MLownL0liqi0}l)|)_day|UdU18gKS(08@Iwdjq*AcLX43Jg8I^a;ErXvDO+sac z$#u;jErpQrS&h1M+&@9|SlHN!EKL!Wjmp3R372#-$%5UaAF1)Xu?XuLi@n`v4HO4K%V#M~ADrJqIqzSLfQ@dYd5gb(Y{xwP!@uUCC5>QqwNdrlQ@& z%#oI^zsKs;YwusGsv>7oMUMz{YGJh>v{6dO3ETa%cp9kUC|qLZ0r^R$&}8T} zI3^qccSOqmV2oZHtteRHb&_X4(_1|jCSG9#HOkdDWdY)BViU>$_pma~QFPx+bJN)& zk#rshYB+SlU{4~!LUI8piJfcqX4ml6C>L)g%}+ z)uqJRB}oS#Vo9l7at0Cf5?(Y(*aC!vOE@XeIfS`BHK|CHbo>_>Un1Mc#j0X}8<8ct zVQ__w`^qmXlgsVk-717{*1)ewhxu*%cp7SwdI5tJRJxE%LcZyBx8LXKG4J^?oRM79 z0W`ZBRxmC~K%cX!&^Km@FK+mKl%|OpdJxFI@aYQ1Mi{y!!UNa7gnq&YR13fLaZx98 zP5Q&}-G~;jegp&8A0~s<4pZA))5VrJKwVx~*&|b(hQK!dUc)b`yuYcjdjoQtP7@lgEWW|Ww!;J`kGLXB zT&kE9M7>3!o$L&qz8g*f=SR#Z{v3NMSVhdrbfjfafGNZe+|;TGuh8u)erg)rzNJZm z66V&50_6=JkXc1fVGsELO;J$2i^+1jR`X<8ds<%ACK~E`RbuWBl4l# z`r6H*JY~eRSf7aiks+NN# zSY7RWCf96`7@2j+0%9oL7wu?L=qeh0JZBq$02;eC>R!Cpch{A}NpcC{CAN+52})dP zECyv2Y78Z1ld;t6W%u2b;uXIK4rGQZA3;OuEC|9#XR47P)IBb4N_cOfF?4YiK16H zHOp~U5y3O^-`GJ>Nmpw;DaUAMlhEx>Vgkl^erZ!1q3T_^(WPTUv*yT7bg=TRV6@YC zv0!~_i!B_1*C?>A4@kL$TgR&7ti| z0%Wl1-!IC!oRFFp)pE*R0DS=P;dgEXgRPF);M+5>%}a17fg~bVPyHJ_{9}OW7LPY3 z8nIXq$tmBS&HCwC&O9YwJIq}3Nxy8mCM|MA>2%NK$MG34yOi?;&BU)J%vqQBFXlEF z2g_+6&ghA$p>a3Vu+$x%T7V)sK+W7d zCQ7+^vY=M3?PBXm2p%Jw4s<(!AX*EHtR_>JtQn}HfU^8EN(;~G;c_Dyhr+BcVR|6k z_~QE_qn->mW{ibe?;wJIvsJ;C-WjkSX$=T**v)iy<59(bE#J%>l_D_Cw+T0Vz;sgw zl-cV(rhH>_s?pOpuyy)zM>X`{qkA zxTF4aU#&jcf>v+G#{;yj7`#+GXEBw)Tp=&M-*)dVC|lFc*6U08?=8vsuvz*!qt)r) zMBhYhYG!P!#q~I&+ZG-?>`-eKPq$;{3*~RL!zo3snR53BOGb*b{%T9fO6zp}I<5+K zls6+*4tL?F#JN;q3g|6KT)M7$Ht%@j^O7wb^=U50jHtTAFHDa+mPD=JK&6e=%`Hjq zmM#bNGl~GmMfQAH}|Kmhy4i z1`s3dEM%}dnBJxu=C;bU7^afxH)aX7SV1iN3;e;EXFNH()<&U&-7 zV%ko-*fa*ey6ypgD_u^vv^#reg|kc}3ruxh&W9NUaz<(biky+VywXku?HKT~D-RTJ zG+ST`+nqNobGM`Sch=8XjanF()SL(39#e6gS6%vlz1i%)o*!(Ua{UtWpHFM|Js0M) zog=)6a*ErhG5UKjy*Y)OQr3FpYTF7jKHICiYagd?8E1-c**XjCxltN4S{F`O^WZxE z*3Vu&Vm z>4u}XK2`(ox|OZAs3s;e5}<>E*sYw{d@bY5k1Yd!hZZzrM3ZdRo(+?cl6Z;XG6 zjVE^;O=$4`Vm+??huu@{kJ}B-45H?Tj0=7KW(QhNZt|#3rfsx9j-P8zA!?=3LhTNe zo=?AbURX-GG3};FNe*7n*ZYd=_S5!hoLvv5cXy+oPIK+^>5~oWoUrhI=}x2!fN$)t zu z0;V3y&i^tqH;c1eR?v?y{ccFp{Ymhh0h_MYKRx6YR%V3$Mt5;Z_}MV@xv>IVR==R=r=W<$m&KU?HtNCa8FhH)yuz) z?smR`xA{;~T%Ed}4gs_Om-1@NLz!3%pb7Z=e%67tA4Y@p*lc(G^|Ben1Uglkn0-5+ zszpPTrWPVw9d>v7B&0=AbaCcj$5owtEp*29=gURJV311smCjoN&7d&BJ0!6rO@*wISus$b#3tt^7vx}eLO+Y!8jl7cC@`IjbL4-E3Qv%4(}IBOYCMc8pkEhRI~<?mS zg0@@h^%Zc{-}Hp^pTggyVG1o`nrb=R;(lcmf*YZQ+EV6mEX^KWn&J?Xoerjqz8xSv zYU)+4w+ApGbbhIlFo9+x(hRjku(Yo3vN~{(uSPuKE{k~^ksrzR6l!9JS$?lmZ;$@> zPs`ynEi}YpXwa6OEk@Qm)e7C?X)oqq zU5R@pE|UG31(;3a1MTa^s0Z%**sXRThO{r?0zT-b1=9N@Qfo=r8I~=XlSS4_$74D_ zL}UZq;mp$fryoEfa6I6d$-_&`)eJpxeFvh?U-%D~DB{Uyw({eXG8o8kBpEHp;~#>L z0rg|?lS{cyXX}V=WuT~+_wN3DT;n`y6ZEe18v~Kk&LXgjwthuCR+}i`GN4#cqO{~O-dOqX_ zbx_AEg>IlQ-Qj_C*f@hG+0!Na>rJ|T(5DmnTR{#9gBC@nFbHn=L(||_Pp`TF6I((^ zQw3~;^UjC{!XaEcDRISO{}1=@TWg{R5}|18PQoMJQTV4Xc1E~DI@4eEh`%_V_4d?s z1<8Hlo(XP5CS?;L5C3+tXpT$eVcG7fjFog zT;q#Vu$hTS4oAt=@aYCwwTHf=Uq!5ax+J~5qcnmQqbHlvnKQYI2NvIZ$!WpEnrt$5 z5IXzD;aVQH0JAg(f{l(>MC%^DE`AhOv{rOl;f4 zeGd!t7%`Kt;1<_ru`whvV!yVI z$taE!qlu1YY~3=mfF@h2oAh!bPQbeN*0|b-V;#`XcZegb!phIo7VuC#U??uz0zv3F zJdqkzl-Nx(i^C;g~G_yUM|y#YyM35 zKCwRsx-D)v6MUXWHKih=LTP{IMHgd0^nHq} zACH&_Tx25!$=vEslc`v5VB8DWVPa)}xkgfGj}a@_>|3EQa(|SoPtL6sv}#q!opk#p#XucwqF3mREFJbjNzaTVQ^ot*@S>90 z`}jCs`&o;3rksO1p8D{Wxt3n9k`2L`;2Bp{zW&AkTJId{?e110mDa;9n04=vq^k-+ zVd$c@s%fm0h8|yLO65AhUuj3PMqQOsM~xs15?XAolU7+M`Y1xK)@IAhk3CN;qwxje z{1gCsZhMzsY}uZtaozsm1P3j4ln?~{YI-)-KEuz~-vG|WbT$=$OCXF{_`q8g?)c{7}pZG0Io&9=(2R3H{5?$J?``-Is&{Mci8xf~3nl)4NE!KiZ= zh~M04#*So4`w&;P&Mm!@ITOexhAX=s+S`B=mWavlUYh*>+Vlta|PBDa7x!!@3qv z=E0_i^!PxvZO*m;!92*{>J9I=>h5>H56WUa3)X`^>B#FFi$8r*XsNa3a}Zl7eO~V} zqp!V}G>Y*uG+Ew}>RwxM?<4CgGa8w&*Jv)`a@atW*81WTmd9MVM8G6kHyAW2w)-KK zYRRVxI{2W&zgr{+c3e?2^z0PBI>~vG!0kB4!*m+x2DVAu>qkBjQS`ko2L~py^K(O^ z5-x`;^EISQCR_H39U*oQHiWgO5L56$yHS06g4U_g)@%We_}qAjk@ zdj0$sKNPp&K7aF*JQUBjKmk>5BZ^iHxi{pBc>^-}mqCF>eX0qI-9xXia2sB%T^yjq zLR+IAsj|4taJHg?Wg%=dQcosVEuO_%+3b(zEdkiX67)AWIB+8*pBglvteX1IfBo-&0?uHGU}9fu4u%2LJXVs6%Oua_6wXasaHpNMk*pH_J{Pw)c z1$!vRCbpUzL!HBcor}U2B)q~_b8Q`V97^88P}s49S~GKL)pcy0eird;T9zFvR>`kE z#5vM5k_?<-zV|O>I~J2@#e~+gph!iFdz&Rf=lkE22Ww#DJr3IDj7Ztc=E4|v+8?)C zPL=xTJRQVt{bSxYXI{cS#PCz=kSc^c;tmTcMPnxgdZ>6CAC2r)Fv=i;E0Lb{WM z>+oVNF=9dCJBpk0lYE|kXDF$r{*a^$+X#TYa3U#bcu|#K84aN7dsSS8LsMY+=@Rgy z17;mHnqgcmg3)U0dt={9T7{lTR5Xipwcw%~3thE-d@Y37w`=II3F4VLZ+~E&esd7# z9^ys#apnC|{Nikj1a6VE=y&%N+Ozc97;#VgfkMUpk}Hp&6u)qTHN3;xYzN1hXfwF) z7d$0KHJ#_h4AW?p9^0-KiVA1IXf^_38~#5NFt*6Ql{Y2|EK2jt6aVC22y5;{eDm=8 zt`vWJ6;ulMOOa>bf#*ucjLpb9>Gp|R^n(L-t<+Q6P#S50lZo5m5B|f!3u_^YhiX}N zMgN9uG>(ouQwL#T8+3Op85CKp+;wXkQYsA-QO2^%9C~HoL~vRZ!O6m%q@*7vA#V*T z@`L$X*$g~Lq1LTBK77##lLQxXI)i!Zi6X0N5$BT{0(|_Y&a0{AxJ0b&W{#qsj+yXe zYQVicjVWvJ<$FYsb=mR|Q7iLznZJ0)H$Em?*I6he^fuTDichiz1Ut1FI!-D zWQTVf#BLo5*DH@t$-OB8Is8%pnob9@DNXMGsJzRNWBx~C?-};5H#Hc)^n&A-Q3EaR1CzBV``WtL zZVR(QJM?kHN4kTJgNX|R{5Jw0-*N}F7=u3>1p9C(97$m@Zff$DTH$#Me@sfseL$%5kGCU#jPmQte^18 zoyu+|YK(k*N>xg)QyIeuD}+U9x_7*LAg^RbhlYi|eLng?A-p0L>pV^yQ<^U4MM;OI zb>j$FE!bE!{Oy*9DUU)NsCjK$0_>huSOcB=$iis!(*>4>?s&EejWyA!9%A0Gi(yEH z7p$2ulZw9sEuvE24@~bTzSb5fLOqjR`#{Ot0EnB5DcbjI{Iz2;JX)^6bi^uQ1c6Dk zY-shv3B4)9$9=>(R9&05Lb5zyK#6g3Fu&i&Gd_$o{v4&`?e z-$?iS7PcbHSQuHNISZWLh8@AjK0nxvO+X13i)V@XbSL4F3_`d>MqJvF5M;gm92M$a79Zzm_;GVdtY{|FN7fj?gogLgcg~ z%O0(zpEuon^?BeADi^O5A6dla_Ypv7YW!omohW+MkVgphymg(>5|u-k6z&-?D*Y3y zOm`U#UGzHidAunOCqI4l7Tb_@JH}P1!CDhJAV6ZKj+~Oyy?1|cjpL2vG7Uv>x>ujn zvPoqin9LE8D+l{u8mIE!(KV2QHPTHPk;y~f5`6cXU-{#Z0-p{kgJ98rmE$n^v~~Dh znXm*eWCm{AP*gJ9FrUxdcg8zmy(F~!U|zpM4$=oI{}UK=KMom?4>F7%wa~ynE`C>| zg3ls6gCjatYQokMSP^k&Zd#9?aW`J|G{_77CtKIH;gjtS3YjfQrTP$VffD<`41KGjF0#Ny%!RI6@7MuR zLEBY;mUf@54k!knWn#dG3R$(mLbOu`k-Vxjz(za7VAHz$TNWdBj|Wq?iu1BuK+(oV zSotYiEza?(=L-_i&~wiW;xPQ?@N&Xl&##zB`H_&w;(CQsR($prF&lx-{Uhig{Ur2H zS2?Gr8&qmb94U+Q=+x}Z;k>Sm9Sdy_<+s4>c%DFN1WmiN4Y8i)%835K#KsIP!xwL! zfHsUOwQl)n9e=u=(_VXWF1zr?-8w92r|X267LQ9zmlQ^wkXqRdxXD@Ht6?jn4OyT@ zPk9pHB*JVMeJ23Osc3?fCRokBT_|C-+=Gg%_KW+Blm{9Qm*z!bx*2@Yj_8zzQ~$me zk*l^TA)62P+x?H(Q`yd0``P^|$4TVY)pfAcHqL5fP3(fwZ`rHFQ9M%O^#?kzdNF&AKUi&KcSeC@^?d)@IqT2?(+pAG7m?1x$)9A zokqrW(OSqg)lK+uTydM|oaAK_EhS58c%z}IPI!z|Ed|6if69^gt?)%L;svhKb{ohqH(0K4wu2 zIS;>tPP`C}f&>BFg>yj|gYN8bCZVn&Pv3tE1SXI%5s{~(+^fwOV#0R<9kB&?9?@Fn zttM!Z6aAe&K4Z}4D8!NDED+SQexLrVp(L+}T{6(>_zK#*WOz{ki*#*16Up+_n<*@k zZ+>zwRU5`-&W64G{Tn&J=|<3rP%roRJ!CZ|*qlIBJ9b74-E{E}i`UPOv#CsAtI5j3 z<<%g3HSknDv|!;ioyP*{g8BryY+xPDxOyc7Q*_ZyMc;eOU-{LP*f05hXS&G;y=n_g ztU~-;%q%}F(pMw2w3mjAu2E3Fe|Or65McLtznU*2@rC}uK|jctElm8{jp+-uRLDg? zhvNxe*`X=xgz`YNC){qNVW4Q9kJ{Ns6MFn_qi|RBh-_mLed!WO3X# zsy}h-l+4wJr)*8z5!a3s&zq33B;82i&K_~1UlX!51ykX?tM!9M)=I$vdxGmRzy0td zqNG$%2)R&myS4})0DaeUsoQTu0>F+(Mj>o`Y%UaF11xI4r`hvn=8HF+DUsW&9U>t1 z9LVbj{1xUZqzn4nr8L4;UbVUb`|7V-m~&U0`4XyiB|DvW*5bz;Gry&mCSYKqzLADb z+EFyKCa;W(gbbkn^LPttWa{bk_S9;`wvY<(m1Cu>`EgoKF9M-dsyZ~~ngXBDoiY+! zTm${B*vuQ*dG=Cc&{8*=(&@e;|LeG-s z9mam{e2<^eS4sx#{G7SF7CW!58f}2EVkOsD(oMt?N$*mIsbNRDY4Its zGiX?cw+56C$*b?$sD7Yy!f$(`!B%E1f_Psu9bRDKnBy$JsDuTeFHBCTNvT_wWAfH zU~yL;$h!M<0BNf@eR&2YXC_MzMn2eFH5=hGWO@*pEo|+o?42rRwb5~1?mRRfCYA!4 zg4tyRPyI5t_6Kci%CMw=?h8YWE^i@YiaDY}$mxnN#z|w*~lXKOwr# zwzM9dLv;3*wtH&eolQ;^x!rxQLm*OBHv8qYQ5(&5x;7qUtdjEYwiB^^$eQ;hL9D!k z2KH-x@r|?#Rpf@9UP1*o(X0BDE4uaxmk&9?HCxc@-L9nb@J&#a()C{y;$PQzw|&L} zGi_K&B1_?e# zFQe2|hRwK{-Im@WMO-#Q_&2gqnea>7I+5($Yh&2ZhmON>?H^aSopJW{V!cWc;ijJ?i(E{|_`=Z?KJ|H=kWOIMU?hIuwG zy>d^dnF8F!`#p+14&y>*YjYA-pbhDyD@ASJLdkAYb!F?^D6-T8}+i z<_tl|OHZqqRL94jbXX=1%QFmMM(y^lKCb)8Vo+vsmyC(Y->=D&H8Fzj75!uCJb|QO zrZ)78$T=b0uz)8nb$a0zEa479h(`8<)qy!U$IcBXT2mI&OQV5Ft$bc4F1Z?T@@#!R z9d#8uMrPag#>YFzviQ>>KBnhB0}OWiO{nq5HdrE>rszVo&rO(RBwd zOz;9p)ex0UDY+g!)nPRnH(55{pwz=^IqC0xtoDlF3yHtU7<%8O9Ms(-5sVj)|ba~TZ8_M zzVw3#q{qNd*jYxYq;If%dK4F1?J>TdtEXSd7veqIEG6Bzy`OGL+vOL-@3kZSFpyfm zw9E`z9Id=daql9lzY~jiT|8e6-c!R` zUmf#2PM6>0zKXhQ)vYPdXpb{G<3Ew+RcW)@pDIYnaAtqscp5z8+fu{sM+D!!!8P0E zzWUK*vw;V{i$b(ODH7o*L%75?+=eRZQ-d}!mThX`v8dh*G6O|t6IRI(|N5$f`CL;L z4V0m&u4E)p6L!RRYPVhReaG;oxK|osL=5VsraH-p5G_b%Vk}e-f~F0I12Yrb^pYzU@n#RfyPL)3;fQek`RT+ z%si26-I$)<*4t$$C098qoxh{=)w>Fcsvcb71XiTR3V5hjCT4fKV7{{kI%tuNmo^M9 z*IFOjDdP(PTs;lH-yCO3gyQeS!C;uz5ubA27dOS?ie^`)ZJ>J*9D~s@Q>bILUMly| zou4G7t@(7qa_zq1rF_Zv36Qws!^#xOJ6v-o$BY+u2w)_o`$oxhCrCMWSB@?4l-Hfm zE*e(VkQhB^UY?S%d!BC$>MaPH_D8kT1mrQ&1uHyj_WU7`qE)VOGiY0`Vz4^5H*Qi< z4OtOdcGi8qt2SaG-Dn-s|00R4NnYX9#E?I8-zuD&j@$8f@lufZ7Ek8~>kiLLrw;Rz zZryMd)U{i2W*C{yRGK^fbuK3tM+vSWqE3sDyz>yCxwC|I+eFegcl|!op<(pT1z==+Qw3wVAwZ^-F#Psc0uU-ZO@u(MA3A_bp?wr> zJwF4tDf^Xs_K}UUSUlb2jHoN_(dW_UU~#aNV{AFBUyVeLGw@c1S*npx)x5jCICbx% zbB%r}j@DFhWBfo+z+~I-t(oTWJeS8w~C)^SS7^KzT3tNn9U5)Ud z8aMMA@^Q4>T&FA6V7vXY3vK5RcCeIc4x9Z2Dq%?U$l&;4rE=Q0OxxkRxbuVA*}8KX zclShwn=FathQY@H7BA~c)XE&BJm&%^Oz)TBoAVQ#i!nyENQXhKAtN#ZK?$i{;H!2H z@59M#g^soOZ*m?&kXjtOCSY(o$+(DpP!$%8c;YRHsQF3rOW>saXS-Toygd;3#wAfj zeuB39WYHr2r;WpqaY(uF7f^6_gAD-s=T%tgvKIpQKVzPuE)$f>Zbxyka}OYLEZL%y zXJzznz`*YN{pz=gks?|pNJG%ZV$JCasx$2++&if5Z&vE^J!tg0P+q9f0TkcNIa0DS zCND}9mwh&&uUDatH$?JxBiHki$T&$e&(*smrKE<|_82_9PY~dwR$66_F*C*vD75*I z?l2I@E2)GTKJR8U1`QOGY+h2j1-rTkBX!2M>)tndfXi9_G}}Y|+CdaZLL_XcM7HIk zXl_6<6l*0)BaV9GhxMul`8JMPM3R24@G)I3-DcU_G@!clM ziR?4Q<$mK$LHbrQ^k1#q`9Bkm1IKaFK2kZ#Et<0=q$K)Sle-)lNn?bKQF0_En)cC3 zCdZcCX^vQtJJ;MJ2$Q>n>(UhWk_b(~nF; zd_Z*lYW%0=?cdn!O;<4Kdu?IuV3-!LQ8Hu7N(S)q)Z@+o+NZgsN%(%llk|yQG zF`=nj@h=HbeLsywFwPozP3A@Z<9l8+@Ch4TU?|-`QgStM0j(hlJZ>_T3A?Ud4rsEe+Hy@y|?WnM_u5 zc^ZP&bM3vA=i|RTXT9kg>5l8}4F_aulR{ANQps?zlPiQ1te!eZj2cFz!&? z&g5Qc-^KwEL{HZnWBrpt1|?B#bm#ns*Hlld9l_x;<*Kb+xo7To8}oBUkv4qaFTnB(#66LY~l2{Q8BzMnPYAz6lcKcoIVSF^{$-Cgzlr7rIw zmP1}^^egCZQ!}OYODNrt@Jg$DNCkT6!QP-y*aO7Z*;2WYVf&1BqP~OP{H{v9`=WQ) zec_1u@hgz(QIPg-6XQ8heOPL$r)~kd>v&<#j^cJ=Fle!YP&|Gy^)b4EHGS4}rR91h za$R{haoOg$x?bwTp7xaUyWH4oMI61^+fdZKTfD#j zjJGu>?hg(R5KsTPvp@a{61yHeI^9^bW&{YDT(ed&adz>EFT%=t_jY@*+_zJXDo#hf z_ll27cx%*hg5>+rVXIL?)j9a9$iST3YpfU13lM09KK$LO%ElV9D;*?Ct`f*Ck0?HP zFsvQ>leZ`^d+1d{cO-4>=}z0pj;GNU*@B{AoK%EGjy{Rp!OoaW9n+gwzsj7Yw9|wf}*2TNh8E1*_y>T zU1!aPbd(jG&BOTBSM>hjP@-jp?o^xjxiLB_YwAtwK>#Wx@=t*l?D5$t&v%+s z{Vn0pi!RplgN(C2ZO`8R&4&It?R=N@b{<}po~o>)A#%}DTj!kZa3JmYQp8G30pJ;4 z5;KJ==2$emQzADrg$;6g6PtbP?Cc5BZ3pLmt$dkHQLj1dDQs6wlkyK6dQ0A-F{ERYK_e2c#m-Ip`c*}1A_3(6VnJp8lX)g!AXO>+DKqEj z)qV)SRO~^cCBkU@6NExfy9wDZdJ?X)@8oa*O;9K{fl{HOG`_C=MEON>c4M-#vxakB z4h%k?_0fOkc2bzk^yd{R30Py^?n5CxRv%7oqD1<&lBMorKStWyrQ0zRt5PHIQ$9bj zQo3K}3Si}6e@Djgt*gl)bE~EFv=ZCT5x?7ElZ77HNA+PJ*4S|u?2l1CDfSEuSU-wU zd#yQg#7pGY?t|_gyOWs3w@wbUrs!75nvmMT9S2`78=oeCxul?rr7~_jjl1rh zwK_+ihhs=@ss>i(SB4~hRXe_cIcU?$OJ?{@Whw;nd7Ciq&Uu}0>3;mf!CT+DQ(3EQ zAELe@h5vGdpAeV=fa-KFB|l1v12~@TQ-72lwQX|D9o(=ZbccQrK_q%u_a}+-+Ypgm z(`)+k^YreK@;yH#R}^n_E^*UxiyNdA7`)1%YHlh&{fck{w?tiHBzXzZoo+uJEq7D65$4U zdyd(egHufmH$9!Eh`8dNVpiF*;N|Hz@yzYRtd$ O;Hu>{i!w8>$NvC!K9(f_ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index bbfc235758..458bc46173 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -131,37 +131,83 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed ## File for exception -As an alternative to a remediation request, you can create exceptions for recommendations. +As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md) -There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons. +If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**. -1. Select a security recommendation you would like create an exception for, and then **Exception options**. -![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) +### How to create an exception -2. Select your exception scope. There are two types of exceptions: - - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges. - - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options. +Select a security recommendation you would like create an exception for, and then select **Exception options**. - Some things to keep in mind: - - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. - - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. +Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. - The following list details the justifications behind the exception options: +### Exception scope - - **Third party control** - A third party product or software already addresses this recommendation +Exceptions can either be created for selected device groups, or for all device groups past and present. + +#### Exception by device group + +Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” + +If you have filtered by device group, just your filtered device groups will appear as options. + +If your organization has more than 20 device groups, select Edit next to the filtered device. + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +#### Global exceptions + +Some things to keep in mind: + +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. +- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. + +### Justification + +Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + +The following list details the justifications behind the exception options: + +- **Third party control** - A third party product or software already addresses this recommendation - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Alternate mitigation** - An internal tool already addresses this recommendation +- **Alternate mitigation** - An internal tool already addresses this recommendation - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization +- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive +- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization -4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. +### How to cancel an exception -5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat and vulnerability management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +#### Cancel the exception for a specific device group + +If the exception is per device group, then you will need to select a specific device group to cancel the exception for. + +![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) + +A flyout will appear for the device group, and you can select **Cancel exception**. + +#### Cancel a global exception + +If it is a global exception, select an exception from the list and then select Cancel exception from the flyout. + +![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) + +### View impact after exceptions are applied + +In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. + +![Showing customize columns options.](images/tvm-after-exceptions.png) + +The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed. + +The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. ## Report inaccuracy From 2ac3759958666b852e4faefb7249af4c9a608c19 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 24 Jul 2020 17:05:45 -0700 Subject: [PATCH 004/136] more images --- .../images/tvm-after-exceptions-table.png | Bin 0 -> 19211 bytes .../images/tvm-exception-cancel-global.png | Bin 13617 -> 0 bytes .../images/tvm-exception-device-filter.png | Bin 0 -> 20259 bytes .../images/tvm-exception-device-filter500.png | Bin 0 -> 26234 bytes .../images/tvm-exception-device-group-500.png | Bin 0 -> 18628 bytes .../tvm-exception-device-group-flyout-400.png | Bin 0 -> 12506 bytes .../tvm-exception-device-group-flyout.png | Bin 0 -> 14781 bytes .../images/tvm-exception-edit-groups.png | Bin 0 -> 2004 bytes .../images/tvm-exception-global.png | Bin 0 -> 16485 bytes .../tvm-security-recommendation.md | 26 +++++++++++++++--- 10 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png new file mode 100644 index 0000000000000000000000000000000000000000..f62d8f66b631c3a4874273add18f989c89e8d1de GIT binary patch literal 19211 zcmcG$byQT{|Nf11r<9Ze64E6N3P?#PNF&`T-5{OPogyvW-JPQ#4Barm&^5pi&%yit ze1Feh&-$)seSWi+&aAVR=j^l3K6}5f>ve6zKPbuIU_Qe{KtRBela*3IKtMtVe&3^` z0)J;S&_)Aa7+++yoDdLj`yT&1Nn*jJ01l!#%PGD?+e9NHC3^~?F9}9Kc#a?^_4bo{ z=Khk8_os_2*n8sELg1n~M=&oXiA<#;B7(o4=e)B|!X7`e54p&1r5-=n^7wzh z`@a7d4sg={d;Xy<-cyL%%2rY!Cp#s(Ueg<61;kE;a5EdtBRl54U1uRLwrk`-m?JYg?UK_PS>@fDC$}iiI>W8u!{V_(;D8k%v zb{3oM;)zb{9i8iIa(WlCy@PEZ7Q1@I)07lA)Hxn+$TQ;(>Au=XMErecf2mp#@xlzh zhwY@UuYcV(#(<=|3`CJ`*>{;(Ur?c&}u)!B$XdCBzQaRc74JS z;nw3QRG|${5ruMPgT~<}mX)(4S_Xa%t~JNsCvhYql0Cg0tzO-!kM$gp?>61|VlX^B z=vh!&F?_@bXY%Q{I`kG3mUm<-ZXOHZyWULR8QZ}t+ooi_EN$+8vo)-x$71^u?sd4i zx)|DKjD${SwyaBdulw!5Duf(a46JI@vsIZV25ztE)B$_TxMDSjixz9N)Go6_snC)$ zk>d%Ss%E`38&M*an|J49mIY-HX+rnP2W4;L7zG7-guOtBoR<}y>*l1evx)xYS>G=g zJGXZ~Tgs5ipXzSUe@WboO-y}b7fvT|0!uv-Et<~!Wer30->ccfTk{uQAo_Y7r#IZC zs7h`w{)c4&wsXycuJ!KI_P~V^)1Bt6$}6lus-W|#_yk-MA3R%%&4u zyK`?`D(Sutpip$`D^HdOv(VI`)gU()`dXv+FLnbxX_jcGxHK;At;#b-Q)}DsRlk#4 zMKI;)$eZS3d@=GD+6|s=Z>-p=-b^n~^*L0It}5jV$qDun!=p1Y@#2>lTk7?I zJpZD>5&Qx{Kz^p@Mgnn#S$nRDEx25*;%xDw@>VO0@>Z)zVyl=f7=g9b1j;AI){^0M4 zgXZXX%Iz(+D$9=n@XX`;rKLF^MKQU^h?1fAE_VZBkZ^lzr6MQAo9HEpiaDc1auhzj z!Ih$ZMzr_e+{oA2ZQFcHqqp9|#WRkUhrQ-i7erV7n^WWF8W?031&K;cykO1$UO z6EKaA@;=~N8gtqS%68$?e%FUSZS95d_T<|cF8@(q`-65WL7Vfm5@Yh^YQ8^H0Tu;a zP?3{p5OL(gO(~SSTb?{}2_reDX3*{hSoMw5;;ULiP4#jNzBd z(QcQI+T((n@~6U?omrI>58#{}C)}O$h0dw#MjMDhC|fYfNw&Mt@{wTGrb)FW#A^E` z!|~#KDyZ(Q9(WnPb=0!!zOpq{bL0{Oz81RhQ@p8UEPG1tY2-#lBO~VvcR1B?_0adD zincDgi!$zB)OK}llD6;64c>El;(Hu9D9B@_Quz`MLBMPM44fsd9OlO0dEedy0%o8r zxL%aowuW$4(TaOdn*ITBq$sOW{P%tPR5K_o=Q!x>0`&Rp{`T8cR$-3s21e!Xp}oGd zkGT!J-)ErZ^MZp=)-;CzQI7l4ZmUV?f%kpO83cnv0M-n#UzxCkK$Y887a@y~F_`yJ z`w~dsZM)N<DR6oH915sbW7ZC>Doyg zQh3gO1igS@WOEzm@QCNOV;^_0!`jJ?)Xc708-y#SV7EKY2NX6FEA76;cN-;H6B=SR z51Q~n+liWi%7)6jr4G{ey-?&z|IbL!p&7C@|+0xYEN(6Cbr> z$N3RFOZwvX;^sXF1yb?NUT8%G3aRo&X&35aVs8wq=|kQ&CH|PUot8d~YTO~9QuB&Q z*sxzcQO-4KIJM(B-s|kI=ex|D;zR!d@Iyex`l@1CmA)V zCCDG@5pG&GJ1OSOAjknq1@VdoZ`#&V-gLp-GbTwA;#4DhLG_zg-=iXaOw$wB+cO)x zh6)Xo?!(NM^c19B>p_ABfn8fSbfub&bC@R%nvDyoXJHt{SXE-^ntm>M3Srrc9myv9io)5b?I44kG$9ZDSOMDvVH`m7l8es8;R2KFSWl*iRH1T6PD-C!aq{JYAS^KI@ ze3<3JOH9ft8L0fgmaEnbuMI>A1nfFZQ{bMQ6`fa~xElhYEkj0zN~}8Vp-&Z~Ufx)Q zCWWr_fVTHdo0}8iQ$$S(5D@?f7JxF+$v7;-#HaV4T`jd2v z-Pr3(12+Cb?}P=m%3ALoDic2^!VQbA%a42i&8jN)1*@fY zBlgYI{h5;QH2t|rYV&oziTmzx?D(er>a8g{6KeHU%01(1BfP&nvBEAp@SS_+3#X)B zz9vz&$?gNG*c+~Y5pbvqaXAV;nKg#N4u3`YAF@ol-D@(Z>c4kQvd-+7&YUU{1k?CI z@?E@0v98+9T0twDR>2$3yU1;nKJk2_^H;SLDn*h~50p2pF;>3W1*vabe;hFuE z>b1YU7IjQme+vsM@TAIeu$rRO>)9%B;|oU5%U;%nT#15pqiq%pMFMMnPu;8&bS92m zq)`g~WK_8c#T*eoW((X_u%j{5->s=5Of~u{@Rq%9FHn* z@0VqhF)oLxZyxv|b^NPg1tc3x7=4|Wnq zEO#YT!sGOMl`8btpNP9@!Dk3rl~WZJw) zmIUrCSsMtBkzq;-d@WAgGa3ohbGa;hrC}qoL{CW!&(gt3Y6HOgj4gMzw3M!uX5x%F zDRpzIwmG5v9K*njft+V)C7-yaJGrZ^Z@L0QdVBXL!ptm5?WQBtsWF{(Ze4V|o`ZRT zNK^9?==SNaUqCy>8OuiJD!#MG+hjm&?Dgu2%T+)6zA9q%ghv4BZnIxgcbd;QjIDzUwCZ7W}8M@tu5d0x#?8e7hdv+pv18r5%Tz=Kc@;t z0nnSFS3kJNk(~vWc{Hl)IoZ4F>k`YC&ss*e-T+Iwsx~!?ql%n7a?VPIKDkSt43-`fY#rdh{qh zyGfX)m(?og;wBN|EP zQP5{d`^ui}Y)t)?)17Y7lS2%oX(D`?kwjMGt1Jf>mogR+Q;ja?r9HlUzBFPTU2x!r z1vq?Y`q!Wz)42c3qOjSXiKS9n+HMm*$Om{>HUZ|(bZ^HPGoRpGw!oC>OuS~K=0j|i zJNw4iR>6i|Yo-25v5tGnm)HBL9nNo3s=G@Vb$eS#kUcCsD{;992?*jU*$?A1XLgC_ zG=}`Q=D4@7yu#EfgjBU(HC!X@;9Xr1sXLLFpglBCiygkjf0WsA{!*gow2vR74*}2r z{y=^CUpzo|+P|C79sQ4fzX``Ln%c#7#s7PqNpXv?xW5XYEb;l@@36NR0ss92hC{(v zqybccf6shQ^g^j7V`}2qZ-Q?;XI#a7Ey*%DlD^5A}QS zs%YJ1ptWm@lfxS`+$sLpjr;zw5uV|m_?r=wUe;Kb5m^FOm(@o(zWvq?7@B?;oy|L6 zkcD|4+p~-EZ@W!aXREImqna<&845%Yx~@TcSLfgOuTH0oGvTB9=vXvLJFzc2}wb}eKI-*C3vpZVrHD(!nM{m>)sf!B{zK|aA;Ul8 z@@+oy+m`bCUxw1Y2Zee%D^=CT74c1jbbPC$4>_KC=*Q|ED$E(};m!n6F8t6>kc1N9(Yv_TysPX; zNd9>tayQw^>#k@$`;gPt^`qo;|y+v_9ypxB|&hRZ65 z@$?Te-;XC<@^ATl?N`od-*}id#%2^7AC9_EyLv22(HDD<@H>4k{nJ`Dc2a({Xqr=T z)?E^c5s#02K)K*ddkV|iPpe8iXr5Qn>}4iTj>VfZ)6rn8k6s*4UsWlxKA6Vh@xt%EEmtmFiQI z{m#4DH_EtNr-jQDMt@dJ%G`4D)TUFXDsEX1XcY2E)oba+W*yF*`0D%INAlT9pL2ke zf0&!**;YF!*^Jj#|C;Jr69sQif6^_eLc^4iqi(RN+#osLmXr$k!I0yzpfalsv`>wh z1=sZ2lF0$^q!5*tn#4l*&P2n%CIwuZj?GQFTr(kQ;1LB0)I??*cSoJ*O@(k-mBBm9 zIrk6AbZy5;b4#H0eBjNqyG=^gL8P%S-oi&&9Vz4|9We?DciVxB+-B%O(MG3=V5jX- z&sBVQ8Nrxrd%~9xP7hDS4P5HgFI~HO^GYiB8Kz|(TXgKM4+gqCd)9b(d&s#7>E1c& zhNXfKOi!#f?az*^0z!5BfK3+FGuui$xWWtO1|HzGruC^0qYi`%pNr6-iPf3~*KB>+daYx8cw=hj=cz!_DZX`{JJFu+ci_6ZE z>u;dy;J>=0N~|4eN)87Z^^X~iSba@bd2Pz}dgSBdKXgs5HhvC%xt^y%qvD#l$;nZP zSa=(|^0cr?2TnD6sa|F2i)cMCa1z+*7u}fw<%_-xNJ_~mG1z{eA&1B5x#d1C^W_M! z5LMp%nYhsc{F{Q8JLZ?K1Cd0jA`^E@O%4hcwNpL)2vZALtPgG@*RPdDJQ>$S#jyib zMz7C!{TxEVDCjuE&k*V@KO$xz$eQ&hOH6vTF#xupiptNQT8M`)-qdn(=)XIxC7}$i zwpmQ>8IefPU{Nyk0%R^`W;x)_EM(N>g zpw8I6a3ioO{>gv~yRd9fNuxk{s;X3CO~H3fZ`%-m=)xoNJqV|0t?SH$$~Vi*ZzWVr z>X2XK;fD0$LX0TCQ&SZra%oe3A2+)B|En(}u#xwNapteN6s@ zyTTf}s6xe}i3($MdS?nze9zuQwd_c-5v!`SOZ%jTWg%|KPzhAUQEuER7(M0UVX4YO zKs~bU;VS@o{&fMdik8}VPBL!Zs=eP}xB6Fst$Z$4xXUg0l!dB)3^SGk{kDa5Pi3A z8=;Xj1_9Jdhxw0Fqf$2IKIhFRIDTHw<;+%g)zNovb1p1VHW=XPRZYJ&5n_QPb8$GZ zagBav|{499_<^I`{jZy2U+uEvAM@gCk5=YWG%@f&7@Tpdn zFEbKvIbqz}&5@BVAsb=gF;epP&Y^PAc@0Vn;SqAK<=rz51_dl0vE6yfdQL)C(yw@8 z%CJiSYsF-XOk96{Wv!q` zCG`yXy$VCKn;E*KM2yqv(+bwhKXTEbF$U6IyI%;%xa}wja&p#8L=_@;>Ls}>{?Lex z4P~68=GkR5N0f_tE)Tpk_8EkrQ)+s?DC@Ra_bFuxxKywEI{d^vds-H4<8AAX(%@qM z$M~s|l);bjGS`bLW1cg;F-%5{C$m!kSm*{I{JC1Im)#M?bDwWFO=P0}fms2qcY zbWr;07%>kh|4<{E`6Y?Q-si*SM`EbDJZCOeLPQJpGo48rW6+-2P&&uRS-U^LY;FW1 zm_VE~(s8GaATB3(%=Lr(-fdZ(Kg`WX{x%9(JWT=VDCL$P2X-IC7`2IDfZ3>c7m$u8 zRuD`Q?fYT8zscPWLtx2tC*S@o@9FI2!nXr^Q9{W(#!%D)il~+v%T}+=x}~0$A9n0d z$={z(Oxx^VsZ+EDn>Q3xxxB~R0<~n5hGk?87rJ!dxdK*^Tl)4oHQcfdrN>%ycSomYR_b$^Uo6jH%t=lmD#{#3Hh%b7gS|Je9<|zXX>+U zM+k>l!O)yELBFXln>i>N|>8`-)LF19%>%{U{1JNX5OU{4u9L+rvNpW)`_$ zfHV!ZmKsP=zSr}NSfttf!0AzY^dWC!!Q<#wROI#a%B9%Wv7v>)Ew}QKqjJmIg2;6w zS`!p4^6FgwJ}F7Lp3~%%-@`k%bcN-Ya|{Nv_;xiY2a;5Obi7IQ%xd#skuit!vSA^B zYG9f;r$54_g#INWAZln!Td@EcH~PvE!Wg@m9bes%nCem*K2b676k|@6(7n)vWV^1w zCN=(1#v#x{l8lsCOajY&(o6Y`NMbP-h-9^qvmx~B2Y|3DW7X3`meK*WAA@J~&PaVPRoTajkXLRHR1jTY(?Gow7y} z=hsv-EU7h2KdlZ?v-yUmdTYc@2sZNQ70Ha#Zw>#ID;Y?o64Q2F{?zVaSDDPmdIgW0GAD5svOwle zsp%LI#`Y%_wrtS$p}X8iHbrAA42tuS>YD1l03dv*WTk@s!H3xn8XKQNrQ_XoB{?Bp zdRv*pA+IWhiU&%gZX)v#FBfj9=OV+Uv@=5DLw`RqCp{FanLfXj(DOWOd)y6Wn+swG{8`mYxQGGqSULM z(NfGUdL~ja2*0NwgrnJgk2fgjm-i)WP|%m(4(UMo51foQTckhj4(`xU?@-d=Z>4osnpS7v8E=6OOFrGuJ-^<0}5+hq(6cGYDUozmcOFzzbYR8e<)Hi$F-hd zgTa4Vbte@zwd;&3jQ&^A?b7h}$v(=C|1L-V9~LbcK=oCZVxIl;`ecf}sP*#26}F#nYM-qWJXeZx=Z<8}3Qjvyxxs<1B5usG{vLgZbZaz({Iwk%saes^&< zy`k5Wm&^qG(%dF}=si85Q_kD0dB(r z=P`fq{z|mvM+>|I4TTKP#6;!$aQJ`C%uAd#JJr3`%fDEE$Ii#QYGX~eK0wj@K?CiL zwG)r6qN1+b**G?Za0td!FS&&Jf3g5YXZ2{Eqkwh{XmfkKl%t?LexCsx1fG4!SOLZj z{~CvY+ha_*p+_bHtH{g1EHdt*8}`-mU))o}zwjBhoW*l_f@ZN|tDwAo)1 ziusBFLmJg1=J7df$_M{5i^Q%9!cTIpZ5CcfcYKr>`jsnHROHm#4nyWE1jOdsr4C@Q z4b>}%qJxW-+3XGOT*TNQAg5kYHy(!x%8tvd>wmR$fC5GjU!k22^UT8?;_7CyjBi&E z{1D4k_VETLW0>AHg?OK=h3=0GZw+V-FWyh(APZAI4vyVW&)d++^cbz`RKK3aF?AR+ zT7z5Ub*KzLt^H@rC}m#Fo}cG!CJP``r4vOx=<8v@Ba%;4-bupq8%QQ7mlTIP%hn2N z5-OUX#ng7%&~dP@4EcWDR%TwQ3Q1CC+t}T*W}4qhk5N53UROQzsCau3id*f|Enzo4 z_Q7#AG><+szYlps|Lu4Zt8Kya!2rlu$D+p})3DoTy0=?YwMg$Lk`B+_m;*Evb_w^I z-h^ioQ9BOJ@kw7v|PLay>_r86~(5<|T)Hb`TZUyE;*m&gNSgv2Jx-$|yJ^vCter|XhdWMBlWPBY#VZ*(W-gtdB~i%W zqb&Ju6VTBS3E)frEI7ykDn|%7KFbWTHMk~Kgi#VYiV#v$62S2ylKv)zI@&n_xYR>%Pfk&Ftr0txxILVe~^YRnB(W| zz0=@Fic z^=tw5v6k zp@^a#RqqU<`Ni47(j{?|jLRM7ewDGUJ>dV6k)~9GCDvNcx+t}L+dHa3J4c-knVU9845@}ROEk@CiRJlZ=j{aNBWRVS-&6LA8y{@XTNQdUCIER(JG&e5II~uv^Ecx zT;s=c+r#B`gtYG2;r3UkPKsU3u)cwqt6uBSaG!nV?ep(0O`Y?1ZhjzOVH9k4Gbfv({OgSx*OMawHkmRPbFO|O8LKYlj`yhz0;i14K{wK$2O-n&H7|03sJD1 zl}TX`Sr5g8^1aB}EZe4CLp*hrOFv+mCO!q-KIT)#dfL2+n?c%No(|MF=wPy7DSk)* zwb?S;l)vg@%CLnGPrX2PGXd);@2y_N#UB3hyPu$5K(8~o-K-G0eDr1Gw}2e~HOB1V|J zfzV8Wx`?FaCo^CENS`jUwrB>PCoV}GwrDn}vrV56pU9YgKld-qexB(G@o~n}?8lyz1^tH^yY(f|uJmyxC&?*TycoKP!uN$H;+NCJ2X0 z9$1P}CUO{WLrxac)4Fk{j&NLuko4d@=+x?%+pV6MV_&B;B@dFyssJylq5qRQam!4S zQ(A#}g;8niyG}--!K1FpUKbpxtXD&$>QNQB>SdLM++x2(Dy~N&01>Qutu>Cpnh$sq zzP}QQj= zlKSPihB(piTB1h+1B0R`mVnNpeKxGN9w*Zls4BP*CoH9;q`4g~`5$XVmjp&4LPGhC zUDc?tsGwNDc2~2$B>xM*2vM3aWy3u3;gP}sAdGfkQ&eQm2s3^AJ&n#dd^xRuAl-Q- z!~0(?h$V7X7OWM#+c!R8vL+PCC4&C^6+@aLRblf}RrT7$Cig|jBJN?_U+=ID(z6lI z7D817hH;sVxDrVO9v2(^xQ=14A% z%9n1wV%2KzTc@oV9obaLnc82XgPsQwC0!yuSa}8Ih)|9Cb*u{i*}0nd%)8wBwM5k0 z`(|@ZlGiaFtj@8)2dlG8dl)m$)_uONL=8V_^ccS7u3Wr&8gp^-ArGjA23CCdUlDkc!Iu46NzQQnf$dhqLWj^3#5aOEV+h=4+h+^j_8H{Hu9m>ji6YnKIaHC>0 zQ_djN`b?GHL|JY%EnX{iD!HaR4C|3!6#*D;Mr?eVf(vUX=m3MB4KXKImC7jkVjcqU zwg2e6?=m2UW!TfoCBaN+%T7RD`sZ@9EEZ|NH2Y*TchJr?bI@-xrne`oqu5b8tw3zN z5~(oQ)-Pdag!ntlb66^$F3EqA;xSIiGy9fo9`|^j$DYSfj(ylTfJ)&=;IkI-K0azD zP+WE68peJR)uhrXPS((`!2B{kft#=-H;tP!@>~Axy0(!}+vyBsjxdnr33RyB;hj_k zb&|iM#~sUCvY^E0x`Hp!+u!|#Hjh7jfbuIz^{=8K6!}k9^H;Bo|GUR(&xBLu{{~_D z-;0Eh7o_aE=&sn0#USmZ^1ll99}IT?Rx;|bky8JaZ0Y}Kg8y{FW7t&oVQOYlVk4X= zbM~GcyyVRzkd;|cG2jgTjG!yxlb%Z_bJ`zD!*w&m{A;`Kewm#?A?Jxev-7=(WDnhy z(TbR~-yO70x2daSsg<0^<(2LDc-?Eh$9lVWtv4zn{K@K~zL-P#=qOcHgNjJ9d7zSnzL9bN=p!~-tl+bh+Slf8~VQoz3vLKJ~ zL|aFjOvsTwWsl;^{(_9GEILHIH1D@Bp@f8mwH1T&?1yK{*_#1NO0&mbo*giT1A^aq z=YxecoypDz35j0a9RJuChCw(qxG!FGiwZn;H@N9v^f$>b=6n6{wf5U~2&&l1J-ZOjxMF71aD_($X z7|R5Q%6zX+Iv$dhkdSPKX*~1|W!Pc5YCg7-yNl^98M4yB9Fh_v&lpNK?%#onD$u^| zj4yC;Z#S^y;8oR&A2)in+Md;o`&NqH;u9(^r93|B6FB^cXS<=K8&~pi6ruY6zmb#m zY8v~e^t;BVd?`r(a$;5Eh#$@lK;DehH!2zn--CVLjk=fo z=r*74-=O(;KT@f6JtE^zYP+cTdur6(v=i>MK)UZ^io=qlJuo#2{!jTdn|7o-Jt|NnJ&X&=+b#q7CJuM^0q?RycJ3Q| zMs*+HJ3_dhvnoZw{T^FD@_3+Uiue--ZvZ7!8Om3A1z1E&&T8CrwW2FR1px z`RAAmBk~>9i7Q{4Vw)6KQE$}$qff{!vdzlgUAK8Y;YQ#D6oO(4WFZU018?LS>qM%0 z`zQaT?Z%V*!Fs@3x*1a91#@wYAzOA~g1A<1tlExwIwykrklNJhvIZQ!)kR^}8DOD3 zKoxNt{2i=)j&1ee`xLk5bIuIH%iH|{536_fw^8H>YXnla*PoZgQ{J4C!EOiLYWauE z{{Z#}z!O<}D?7!S{IL*$flDVNF%&P4n=P|Y2gEKK}Lv=$ThSuQ4cU8GR(*<%+;^o9X zMI;I2>_+2_6eDb(yWY|U>cU3epb2X#n5w;4mH$JUu39qYlENHmQ#Pxj=$Q`<@yedt zyRWc!X~cH+MwnAOylG;{$$xj9|A~!n1i#a?mCSQC5MRdiw-amX?|vvZp55kkAhXHX zIn0zQc|}|H;Y6}8sJXDu#N;&4*8bzRC5Dw~mmld;*M=6%nSA&pt5qPuUEB@lEZdV2 z@8J%V>SZmpiXvWpJP&E)IzX+oBp`54wy;F$k>MIi$cbtR%`b7;U-GK)A$2==L3^Ud z;7o3~B2@3iu~E20(1(ti2SgloA8OO@>Z<;1Cg>PB)OV!n=RN0&R20_W0WHPPElaL0 zNlay_D^*@QJ<_-?A%Mn_wdsi8Dq0`aj}Fe4yqlS4HY=Sgy%@AFjs45t?uw@y>ccre zyv_jD9X2OWomZ)(Fa;m^Y+68UIw#cMo^Ot-J;!B*+LUQ#PfS-@A=)m;Ykg#(h#CFN=a)6~V$(~S z2b1kJck?s+py#?(DzS|*D1Hyu!4-%y{|3?!^|$_wLjBG_O-K_{m-{b z1!^V&dVP56fY1-$_1Hpkk2y-1 zU}Q5Q6jKN;)&ScKhQSYprA~g11|AJjf}>O62U7@0Jn=^dC5P%FX!W7o zhOM3X^U?=>pMIRpSH6`Q)*iyuyQRI8rb+Rq{##wSt~kmJ5VqGwQ5{Yo5F>B2S+?8(c9Qxj|CxZ7Yh| z&PJmdthT{Iqq%?K@{(k7Dw+Fc^9acv`mYd7Km<+7EdbK519!L6WC8~#(aUGL%9`#a zPKn6%B9elD{x}QAZE|CwSif6HO9x&|XHM(;`z#oq*pTiZJFZfD&LHi?2M3glBika^ zBg4}`JXEfLZsVyR$giKojzzEqR|NC{fb`x9W}i8RDctvD*h9-#TTs~P5e9>NLdJB1 z>3*pI2>FQBOwq^zURU->_PzPmBIWkWYIsW zm?KIEPcT*gGD34HOL-jyX(cw?A72$}M3<^hN=$5y2A(v@Gb}eo&_0JAL$5@JpZ+VR zKi|sX8#6`c7!#)GD4JG40UiYGLeQMm-dR%F`iDpqh(@(VPfl`+o!;Ea-7$%=QQ0b_ z3GBY`br0>Vj{j^c9FdyVU&b=bZP&pDjWCpdwK@+uZ7xWq!_e-xpj-f^R7a~hZ2>H% zZCM58BsB(bJ%rkGQ!n5@X=hwlo5&Xh_&YL?T-mB~HS(Qj=^H;&=0n#4N}t$Nmx3vt zmllWiM&A6yM$T(oRQ68cSSWxI1xhUa+jga97R|E0#ASlO$Pm}8^A zxzpqjlH+(+*J&of#JNYYNPc$Y?Ti}5C6(LAwXuw@HxFmun8@5bY{tM|%VL@HthB0{ z`y#YJM&R<2JRW&n=jzF0V%0jzurA%HxILbDW|IfBP2Oo)@EpSZ9;ADbgjqasB794~ z6R1&yd0Io9S9)sT!|c`sLMJAd`wJX{?p^@*uSJ zhx^XG-EI9Dd!sFFdlkBl(NAGZ1+#a046|SV*-_(1?nRL!KQN)Pmx|(EZzMfoG?7Rp zR+|oFgg3RYqW85&AZBq&$Apw|_l3$MT~`I4)SKYNHnbm8<`ULA%! zq(QPD%(K1jQ^wk#6q?@iC>JWMhEOnmIZZ&yv_yLLvslnwbYtMU!hBK`#%=gOGv|6w zZHDY&0xDVZBI7@pSViSZowF9?<{{B|WnECVGeY7x2h_upGmV9<#sj{-@}IGqI$Y$ndAgz)@3aP- z7_cJ0({fyJ+ebo^!m2l~JX{M36BT)k!+ZM5n)N_(vq0J*)QN*TYoFOvq;|q}ZVjIn z{G)>vX~QvcXjbbzRfV2)PWJf~tNPgaPy31hmREioDK#%j5f?E0^j+B(UZVSqQ?ezT0Sr@zj&T40cTf;)eGJRpql<4k2~qwK`v&B%&SvW-@M+`HvU6DI=? zS0I48o4QynqPqTt*jZY)0xd?-GFWVCUVm4GGe5o>~c-!*vqVwQu;X83**rk9)v2MmGVQwF1TF|$ zrePyRvH6YwZzS1Y!A=7oT2a2!lvJq$v1pmj~v6{)2vA4W*T^wkSli8 z1}x4GL_tqXj!u)l0#?M?g--Wwen&&{@9JuSg?V%;p{EiO0=0gf(3mX2tjve9=y0cw z{^C@NkSMa>mRS?YBoZO#_ZxI~!GuA}KmKket;i${5_4^-c{Te2Ti_qr9w76dIBLa> zLA^o?N|Cge?g!>5j z50r298t2m$G(wKcxz(#=FpJL?MXCW#v z!bBc)zun!5my8{@@`IzB!kAseP|mkGK8 zCxV7+y_R)3^gsjvhzjJEe~SeI0~k0?KBy8QK?JY81%iT*VXKe5th@1VpUbXXU2Q!C z)|Mx|$HDQwKg8|n`Pa$7W2C1KstQAwR!ScN(y3RcJ6s)?OGn&$+Zp5pe9XlTG0O7T zdzX*iLWSwxTQd4bGo{DeB~#ct71U^7WT!(;_k)3JJDC}qf|I^CwqTw{#`(qIL;&C(u zzKJ0U+BQ~a-Of2?tK~aZAboYE=7@;GhwvC(rGM%9kkQ@gjSkdq@r35brLYX2lt!H) zMTO@jrMAC%I)0e8efqu1bFh9A!{oOGF7w{X>xz7RSh%xm+E%l2*L;9=*-`U<7^%x7 z-`yYKwyQtf+3Y_H`^`}pnf(kOW4Cd4$e`VJFLHicZG1X1k+SX4EPK004kWNhqYG(( zilq2=%lm6+{khk<#Amk8SZZ0j>`@12v9aEX%C8Y)*aS=|F37 z`s@zcfM>W5k{q|x0qq{^Habe6!YA+hgnH>iE>LxGOpeUbKgzF4qoyor^4%l7nq=#2 z4`m3UOUl!bZ#UcCO$@ZZGQjzO+lBfuVc={JYI<8qen!5PU39nvo)a~42j^xk^hXCa zazTH8)FZ+>R{!n#Y>;n~`_-=iHp<&de!*GPf%1#)MvsG9`{OC|skD9f3{tH7Kv?Gq zj~POc4E_nk&Er8AaoBkAjAmtgxzd-<`=$A%-&hrwF_~S6LZi9LG&Q0s?0I!I7=wvtU{6<4Mk*0+bz+)?5 z0cAk&HSSwf+2-h&hLqs26cYYm{7L}U@-$|`% z{U{(tr|D->_T}EAjxU_4b~_rr{JdBn8rJ8P_RBQL2l^*lG%CYY1{hURR`P=JDT5=; zfZ$iA2-jed!cBHNmDB#D@J{dNZzCfqD4v^>AKfI#YOZv!|p+0LGgfV9>Zc*8-1_bu`(!Q62y9;6~2A#BF972 z%kGW1U$;d`eEE5@&{}NzMU}=wW1SytHAwU~WZF)xsCcLqyCKQ}?}|A6dhG6xPEE^h z70D&d#D{q4`Un<1z_yu-tr;5#WE<8MkICi6V!=I0!*MWLQOLoQ+&O|^Qu*x>{ zx0)4Sk&0L&K=G{rk3`PTfH?`uBR9cPQ1h$xLj>K+(o}9`ese`;neB-l6JT45=yba` z-&}(TPWX=EBXErc_1aIYzx8`)*sLw@D9x4ylzMy`&yxO2^bC^g-H-}q)2XMkaZ_rr zOSKQGed)}Rt6DVe?ELrQ+3JQsvhCVxuXuh%pM>YU%Dujq8;$C;&!EFC&g?`*uUy&(!`gKl0}G5* zRg~Xr!DeLUUzWHNe&kQyRhMDEPcL+0BIO;;)*hU#F~LqLwQ+$<+S@g-6UQo0tJAn2 zNAvy|d#`AK)GldSrIpkwj!Vhz?(y@vfp}%-D&^{}67H?9w_oQG%#FnP&hXs2{?Eq; z6GShDvvt7!{wc5Y<_1d7v6njn{iM7^Kq<<+f8A{+;Yo45q|>>*G{ir5n(E-|YlB!y zb#&}Is;;u+QYXc5JV~_lM`8U`^W=+}FWQqFvT1wbsx>T@lFLHUc zOw?6r1SaqW;DQyDV^&hSQ{Icr2Om1F-JvGaKjpSc^XE7;V|PCP<-(iO9yl1?(G613XS~p-IsFr1 zkH3zGEH*e2=4Nq-$`d*y9svQ1b#qMQFch~&PM0{0ZTvB*5G(MUpFdt~9ZXpBd@&#B zC@jxZTAs_=(IwKb7L{>sYwVrCkt;{v_^dWF$$Rt`&7zJ{DNP856ASFaSHkT#?^%=H zW8@S-wy&+JTtuf#K;UjSE0;)+Rbu^K!<>>Thr_#;pTAGre|w9_xYsk6&FSBm<)*Is zP7Lm&$B}w&L{V||R9)-I>nczSkuFk^u~UgXC#stHN6J$9GeIp8$8g_t=XvJ(x8K<8 zETW#{qN43iSpBT3S{W2)>4vh_QPpisv`DB~G3<{hRb zkOz49(9+4*|DV|fbFRE*$hPI7>;7|#ER4+V+Fur%3|#fLuc>Utvx66VZEtf`9*s+G zG1RV1@!V+X)>9e3@MVhb`DGhKBr4?eg)`?d$vh$L{w_kCoki_y4m0=VbpCf7LqcYXAJt_wO4GyuPyY=Oi36%DmC@ zG{Dx;r>}SEwJ8ggp86@69kqCt9KHQPso1TY1WBH*7mCT{1UJa^92)%l-RH{MU(u3YWL{nA~(%jC$L4F_0?`&{ihudvtk z*clYgd|$P~-@v~A_~V%`-F%|{yY`9ib3c)7=^Wj6E{K=4^+BVwuC7i`*P-+G=SQzy zs}u3h^_Tsw=6DANx&HQd&(fO0)*U#1e!jGL^p4`!V&?j>i~hfhWqNl0`Q?QRzm$~} zY~Mcpyv=7GN9{$GR+=v-#yI}Cv+Bppye6AVJyXvzE62Z>Iph4vM=Gn%hWaP}+?#Ww za=q#cKWocOR%TNV>z{8~it^9@Sv#%tb#2~Tvjy$-Wj5y?Z7AGU{%*_U$z`o;1h1Ef z9SxL9T(Wtm?9Dw1Yd>Brlm9-Iy_G$&zR=2Iljf0CQ!FOBPy2Pi@V$4#PAP>miqF44 zW30Qgr>2wjydC#nxvH3Oj+kvc=l9nAdCuCf-`?ErM?>qyiw{0txPI^4<@kFp4=ydW z5v!QZ%_c(XtRx(!p)0X!csI2q;v d41vG$uDfEUPwR8o4?M_FqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r* zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_ z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@ zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r zQR>+MYu5aXLa#2zDK1?9?Jf==~rw z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77 zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_ z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v< z+2Zrf82Uoh5IFN(% z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd| zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{ zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj| zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2 zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-% zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8 z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^ zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3 zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{} zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~ z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5} zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl zysVYjp>6*;yw zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1 z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{ zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8 zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$ zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0 zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2> zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH zPL+43@iPT zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm z=)b|i8u!&_LqXe`*b?G zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-| zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+} zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+ zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR z_jy0tXk^X*iwJGd^4cK%dB zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1 zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^ zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D( z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9? zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w) z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@ zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84 z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|< z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ? z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8 zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m! zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU> z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b z2a^7&T1x^(x_5& z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_ zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT= zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh* zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7 z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8) z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1 z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ? z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE? zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX` zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2 zKS*s7cTb6s_ZQWjDCe z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_ z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g# z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9 zcX@!;S-3h22jOxktcUyRC!=knb zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3& zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^ z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)| diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png new file mode 100644 index 0000000000000000000000000000000000000000..ebb2c939510d7cfdd693f9000b4ac3452eeec4e7 GIT binary patch literal 20259 zcmcG$2RzmP`~QEWXv-+cEXoR@jLeW7kz=pO-g}e0k&wt}7$IaH^T;NfB71MgI`-cF z*Qw9v^Zniax7+{s{oQW=@2_|763+2@J=b+z_s8RU1wB=ex^(`=c?1G+Nk&>i8G$&p z4Ij^+C4fH_j~%4ouXDE28V(4=X4Y4k=}L)_{M1qt1w zlza`_yQi98YMi<*vz<;o^zi`STWdrJ{@cJu1db_2Wz;=V+!?Z|vf1exX+LPwnRk46 z=@#x+Y4*{eCi%likMk zs-lvCq>$R$Gz6mg1&PPd&^V03nya9p&S0!H#{2cj1 z&e%97Lm0cYw|>Kw`4n#+t*p?9PJr*)>S}t(IuTJq{)0P-B3GKEDHn)Nt6=Z3jIFLR z*XCCoESIhBP&bzzN!;?~@R?WSUfAR~o-`Z56i{=gbp@4{KHS@2RZGQSj7>~1OWi#^ z6Y(C)oOjh2xZVWPx<5s-ml-ind$V4;c$!m~=gx^h-?pI?*T=d_4j-AKkr!M+_=-Z! zq*%WY}1M*iWf|$%nCM|ieXPKa1ePJ zMyTsvq1!Xd9&^D&^2ckv(u=6R%(AKohKahMDf^dwvpe+O^ZDjNuuj*%Xl4H%zcLxa z-pVV4xW~_L#`=yF%g0R;(26;QfTg>BT;;l7s4bjlX=>Y4XlYV;pwso4C2vJs+;839 zV645$8}C8YLj_sYFb#3T&vuL(!!8fC1alfwx8+CuC z$)iS`-K6zzoC-hL-kl1oop+q+_O>6f$%fTxzq)K+Vs9FxJ2 zciGs|D^WUn8X6QWt-QuwTvo%&snkWQjzZyV=^tKhfH%-Wwnk$VJ2wE>sZwad>SzM)WowG+QD zIYtfHm1y_pKKGmFQf-N7_qJdjlQ+^*LvI@fqS;~Shp$?9soaJ$N%N$4#4%=%fUOwc z#s2{PiCNmiFLy9fF>`iy))v!Jc=(SOw%5u+6YY6@B+J;LtcVu(BI?Ip1__~DKDr-1 zmb@WXOlZJMP~2ir`YQf<6AunH{jQ47h%CV%D%WMV+O*adGW@0eNIy;oFZaslwFKX_ z*%{u;>@^pwx390~A4Zm3QJmdk>N16qnx1ArY>{dzRl=~JiOcA+9D~bHX&vM@Huz{& zR3v@pJ)h5U`QaXVP?LYWFM0TF$1|5Qqh^z;4UL$%?PSlc6e%t87ROto_pcBWk5u+9 z26?eWiLFk{AXxE`rnb^;8*v}5OWg{8is5H`FC#d$(^^x)Amh3frA8+cA?V8WQQpAR z^q%4QpMTD|?I`>+Q6+~jkM-r3vhKP|AkKgD2~`!S?zGG`5tgXHt1hzWoA&*93!xfq z$!zI{dA?wUOyuu&M?)Iu%mcXY%{wU;TaoXD5=qRTuGmyp;vc2 z(}`PQ+|EN`9q1_DbV)ck+(e?Lu4HvH6B83>E5aCy2=k{>&wvI= zHww|ZegKevzsiUnZdoZj4N8{vL@U8WU4hZ+L>RSn^o`0uWR>t zc}+aW&Zl*q)3ZU9D^z%?<$L@@TaVlk`9+}5e@Uu@+Un@_(XS%-xA&K1bgd3SizT3M!dqhl_tqt&RVbR*z>}8}qDp4Ckc6whcWk z@22IQh9M|C&Mwoidu`1d-elUqaa!tDvi;Kps~j&}Iv}Rr1z(c&zwVQWd{%IVkVyC! zUOK!+#Szk_^%tAsD)OPY@9S}t!t}#c5fewT%>3&E1i?0Zr-a1qm%c){uPB|<*H^@S zLgm!;|NdKgpXk&6Ctc#aa?$uGHtWCgAe98Uh<_mT*OVCwI16nvrKY8=Nk~a4Vbv`Q z)Q6-QNcy+>lV3|n2IqU{+t6LFo2U(>lj+nXPZ^i+2yUFR(1~=C@p#)2?`N%+u5w<{ z(Q#GKPzjuuO#@ z&o0u3E4jK@@@D_zD)=^jnf)Jvz$;ab6oj6_UF{bh$Ld=LHt0!1M4apJMuWueV-tCV_PNbt8nqpM(i5zDQCFXilS=$hyD*`nDTMdPFyes|;%1xegOVI2i& z^xo@N^@rdt;7XqQ#aX?om%AygtL_zN#;lopP15&XaH_@2rd**pmzwt z6c!gJr>9epCwCOFlMp91`5x7qk~uj!eap#_eEj$f1m4X3vL+Svd8pRkCE`GgS6`kxW5lYBp)IVTL8gpjYm}pk5hUg`Jo?_Wr@=IdS(!trZ)0 zFNFi0g2QLYYkbZWafa(7B6-VV+u@c6;Y+dl&cnZ=xmg2yjIydaHW3x`Wrah)NaNpG$Up7^mQ~*&#JA9$5Kl?Wov$ zlYVb(kn23WO@*OH_QFP=_p0CK7PhZod1Y=+FSD1v_h!p(_xlrFq(Vi0u$Rwb$2GUl zk_YrH8N-PKEv`0<3m+N_o#yY(3RHCwjv3;mCluntkI=TA+gYZyZ1rN2Ln{tsS zdMe#TaI+=LMKE+>r-=4Y^tiaEv^QBzWRe^6Fsf0n>_pP&B3!d(;I4d`_QUKkV?Rd4 z)SaaRd-t(Q4wEc#8=s;^Y?PWV=ZFidmptmCv6U_=TWH%fIHN6p>p@gY&zpf zg}IJ9=6CX8rS4vxi2=Mwr#ozP?fxLq5|0GM)`E;pLcNK*5$B*PkNX(+!-VNlpZW!Q z_xw2SkT#6_tU)r@Oj%Zxg^KX(1J=kbOXu>UKDtaR`h@lCRzuQvuW?(}x;KjNeT3tt zFVXTyFiw|WxLw#oey87JC~MT4V#}&xBTQ*nAERkjbaa=4BaMi9Kf_$3;@CRnIHcDn zt&YO^>Qc~A6l+(%s#fsAf;pnPEshAG-rU?OB}mg)SH~BB?)0=E*Plqqk(!n|?U)c0 zWcRcE*VK!9-&%Mr4i9GwW)gHlBs+#XZ^cj}Dp#B6Q~j!Pv_DF^?Mb?c;8kO{jHju* zS8D?KAj%=F54e31@ILoAIWOyDay;*miG4ZwR{kWg))zA6yX>P8&tjF+$zCxkLUpBv z=@5uhxbJ6ZeBs%019-Er|n z>|B$k9^&^%mmg$f*KgeTxtDW1`17K>M^%z}+2Gcl_cHQ|PZG1Ub)3p+d=BlpoV1n< z2f6s-6bg%q)Auu#ble4LPVa{qxb8+C{==Z9SKuMPQaMX=|G|USlhKk5ype6=>1B`Q zM=pwrk{|0y<^Ps#bq1V0U0Gc(tmwDG{c!sKp@y7c4yorGeaez zy}kXpmX%dQ(OtdEf%tky3pac6$gNls?lX48N6iwT`hp>m$v~SIjc8#UAKF3rkzr8- zYvx6_L(Xy}A3gcwbBpy~G%#o6w1*=vF_V)gD~%|mEPlAP!_oJMA?hECi#v7xHiU*c z(4`n&J`cG$R4I7(P;z!ZuHqNNJ}qlh84~_mG~6B5&Q)1)Uy`F_S{$qpm^y8pasqP- z6PVfdd9bvvjFVJiEU%O!^Hh|a%>5ewO;p`{cztUb!mz8&6mPPFnj(mLm- znZRU@y^Y6bOzbl|6SnoO(DkODEesD=LU*jct@qdY+zM3qemyj)+>^egrDbvD#kHhI zWvs*Khov9PnwD~M3oo%Yk~UoospI51|HU`TnUC9{r|_;Sc5trD*(}Tly>DN}irYu6 zt*z+dGu4~BL0fOqtZwmk$y!&$38$(BT%zRprjXA&TJ~IBb*Y~2&zdiC;$TlzHL}oq zd3^5B;J&$g&6UF0C*ecoQ0yXT2|XxzEPo$)V`f@jovEyUXLa&sL@F{Xmiu%C8g(ci zJH|6oCR3~vOu4YP$FJ3TY5=9Q7u%Q5S(?tF`YvBH@<`&e1+1MLHz+asim^Lcg<;xe z8;gN~ikNct4wpK0a*Pk~ly!UO!3v$0@^!I7k@2=S-1bV5^Xwdw$xvhU4~?cC>^PXT z&pddn0;P4=O7MH_oKO|{qYu&yw&UrHdBqi%ezCDppfn<3S-hq8xCXgvsBQugyzjU4 zfr#)_eMvXvcC=89^|)0`hkxq3d}>8euMSA7qQ~w){a5=^Dp#}5{f*8^{nv74vaY1d zr~P0{`a{7>!L087#?6=8AO(eSkiQ^v+I_M)p9=|fdQIQZXD8~GG+8*@)Nrk|o;4)NL>rECT18o>NIk_`7J4sg2F*bF3 zeH_*Ejv3x#21O%nb^$tPd<+06!a@C3xQcd7E{6LUyEvQ>ZebqP)2BR`Mp;6#5fwlX zcn^ruZ1rbi#$j&y=Wu|xG+Fg{w6M;2UVHSihtaa$lOzVqDq2uVe(z&rfhqVC>*7 z@J(%YauyaA93v3y(&L;7BA2?>BSGb7>sps9j(HX+Su#3_EV^oJ zgc?KQEemdg z3T4I036kkXlU9nA%U>ZNoVm1EFVkyT_q{3X*H#^K<;sdcQVT1YLsziVn~zcov3xm$ zZJDS_7GB$>FUSckj`A;>#b@vSyll(BmC>^G;KpwrU;@ZgiCcI+W5kZm%Q1RUL3l<- zzAw$=A{d$-+JZ5q9`0PxattK96BekCy~$S%rpwVeQ)}NRuAk!U^l&#n@0a*4L!MF5 z8^7nlgA7bIjpF#!)YZ^Rqj_Y7k_HqrnW*wpG7)$CisJSuF8Z(59ISkfe$xCc`*MI7 zATPCFN%Zy>QB~)N!y18#U(eCg5SEFsovgF#aV8BqUAgt+!uq-@!NreJS_6$)To$c> zL4Xa0w?<^+Ho5~aj8t>INmr)Ui&=$@fFa6BJqTCoMw{Jho@V6aG{8!dxRt!CJu=JH zYth}N7|VCr#b4_IHmr#rsS6c(M@ZrMaLUhCISXR>skK*!0k5K+f7|g~3JrZ-xpgh)goRqlwv5$wrfjT! zvsT_T3><<3R4Ee!%7T>7I z*Db%ID6oqg2S`O($knQsa(<6E-+XO9*Aoa6;paOWAA`NB{*eN+yGDBb`ctBxh3>M7QvWy2@pJp*L)Z^nT5xVzj-d1w9I=R1J{tiZFyupK4rIGbMA46LBwCq59l$TV9 zT&GssoTgctaG8gDuC2o(>ofrFjf#i2b-njeVs{>w>AA?pKJUY+TsprWM6h$-OUYa+8GOu`7e6#j0as&?7bM^DE5RO|yczG=nOfQTxZ?!kl07D=XvsB$G}t4HBsk zkEE|3QJ-Paxpnl|rqY{xviQ;Fj1~KtluDl$@(~Q4yAy$rjc7a~jqQnyQ1BeRO z`qbvScTgRQXojTx4TaC*=#^o1S+A3(57%F7gp3*9EG4~aMB|Yp;M+A{2l#kmB9KPK zD<@`0&V`*b!GY`J®Cx4qS>mu(FGypTx%)`PySes=I96|N74|AIvy-iZGnQ=|VK zSklwSuc3>dn-gV;Vp(v8;sp0G1J@^~0Z?Of!i3DtG`Pc?zL}3nP!PPTDev_V_%Ghn zTgv2ezaw>OZC8`LzFYL(>wk-S=Mkb23{=9N-{`!0+xTD0)|%^#otN=w>$NB@ZrwYr zPHPm}I92MTnWe5Tv{*o4Wm(vJy&vT;DW)w;-Y)&({;WPD35CB)qw~m#Z2DVM|L^)) z4d;Yt!cdv-xjQtU>#6Hxy2U4V?lc#%i>C9BZ(Mcsf?~qkng;dvTKZs=Jr)CgG{GmoC>}w`Phi(Pw9S{2nY# zW5TA&Lz)3#zKCV$Q$m7P)Y6q~7fG+g-+jeBwgRyQY8!%T7fTvWsZec7D;>F`OV)l^flkUMuMmD7 z6?ObokjB6bGuBrs5>#5KNeENFjV`|VQ9dcHtkt$+u(U(2xzkz=HM)c6XZ=Ffzq*on$A-rYYeJ!*> z5NeKDu`CNvD0|+9^xCB8X2s8Ls?WP54VUP8I1cqn(WXapzByAkgj|kU|86=|9Oa;Z zuC(MqKV7j=ZL4rUD5Pn;e(iQHsHIREPW+U<4tX6hphv`S+Ou=)BAyFc5D|g^6XHNN zRLcw`=N7GOYGD&LV_$=$hgh8z5^{6u1QFpzKmY+|Jar6&pi9>NDme<3yr!k5yz(g$Pwz1=VV z+Y4apdK#x38d1>*8@VTuQ5#ImygICa7gpOG_u62}eZ+uFjBfKlwcT>CAB8$31PSW2 zlk>8agIsX=l341mziJ!(wczwq#Ud;7N<}FkBZ3w%?QU*rSqHrPXIooFZw#={;QFU} zdPIS>&%d_=D*Td>9Sirv6KxY2LvfaXnC9HnA(ni)s?mT`j?uR4Xg&~C5df9y)1sK7 zWyO-h5`1CWwvc}&>`SiPpi+*b{b%CYSi}x;GZWBY5325jb!SLtq9KU1@up0~f|VlN z_ulo76_xGiHp|U6H&F2py`-kyy9I=S_4cUg)l@sQXAb5&Cp`X4_$6cIDbqg?Xx&O6 zoZ$F;z3Khr5U8dhBmPoaI_RjE73&8(6r`0B>-szrn?8xExcE#GJJ<$*7K7c^vq>$FR<$^62I6*~EltRKnCkBfw z)^~6MCV-H+qvQo?tc<6e#*0{lP;S23W&xvp;6|2O401r?W z{a9b;dKrbD%(2ZJjOfEYhT^j%KIBv^@0cfkaBy+16P9PhDn*(3v|_wO!WgP_m;W#M zLa6T7{R_i={)^#I)^y2{az6XxenfewWbxx2_c_ISa|f3(hcNSm&Hbo8ED}Q?Ky|sW zsK_MSgL^OMnTIea8<41}G!B4_ota4qKX95-0f-68d+S{W+iPLeu!)`E*4yA#Ohk;s z!#I#%pN*Ww-+o2UI!gzn%CIpWDHMqtUJ!pH{kS?BBOl$!C0T^BQ38pK8jk+_=@arO zJ3XC0`SPaeMt0mEj|kVc-eOEXtpcAzVJtih5 zTyk(VHV*ZIE4?%|s1oIQFH)|e-^lSU}10qtxtP zNKRBiCwhh2b7DrU?O9V0eg?zxa$U7Tahcf8IqRIlgE?D1$oFQ8Xhml#;qdQ z@zTE;l-rofT>7x~N407dQ)4_?Fe7NIRv@He5fG9t*~o)9@&w;UKSdE1H1do}b;~m* zBYne7ow6gDp*y|eJ}j!ATZ{Cp`g8FRxrK!)x%vGXY3Sj}M`AGc=KM-w##?vx%ll0# zf-{`GWXqga+RmQJF0{BA2vsMDsUf$d~Q2hP4N*c-^sF?l-LcNAYtlvA>FRqh>AiQ$oFGxD#qyE zc4eZW3<&TcC6`(wOH3=ffLM<=dt4UQ5^N{Dx&631jM&a(i1w^LY;%}wa!a&doB*w; zD?>=dl2vIzUlsx8+_RrNxad~N{w#jgd1*8h$FJMkeqgt}sjlqMJ{ax=0SSYlR8mz< zJ#gt@gtA?Q`HC#4uc>22a{nIxf-V$rlZ!+NEgql!)nW7jd)=J9kL?h?356%$YWMpL zO4GG&=|Z<9o)9Ju{Yfep&KnOZ5|Q~1m)|r_t@9(V9NdZb+&_3r_fZ}M;1|RCfM=RZ zn%vFrqxQF8^(9LkAdi$d&i=#t1+-^zfIgO#d2rTUGcC&dR;rVZc6myv8O>P&2XAS*cs_qH0d*~_-!;DR zbnx~@4If3EL_>+S=&ICe&q@}IBBV0~{VCAKR@_cXUizNGz&Whlq zeaS_eCV#Owy!QdZbHX@acKg*OTQWXcT8)|O;UF&UHDG{%;*HCfntB6!TZt}eB7dt;EwMgl%XIlR zplgO5kr|Y^{hKxL1Bb4MJ*n@)$MAdL3c^GMm(x(M?p>+a<$-{bKT|kxlc43_cukZ1 z^Y&JeYlH!&C~e*8_{Wb|EJW?nut~bqng;eI(Cd+!KBwOF&20X)^v!J?TyVByZFpEv zL_hJ1cMO3j-&}XOh_6+^!|^t_w>Nue+L0%Bxf!$y64^wi-8=f7XAwRk8K@ zeT9a1ypj~*B4Sz|pIKJ(@=>Zoq5Aj5&%V>(P~Cquu)P%0mD{qEQw=^9uw4An z1d2NV=T6iTiPVi9jf`Ppg_WgCdV}LOVxtT{wih*;#wK3(Fjj-u5vxmYYI0vWXKayg z@XwI>Z0Ma>H0)l;^!j$?&xlp){-i$+8AILp#}z2mu-A^s-E8p?>G=3h%1^{o$-m># z5*;hke2{+8eQ(FfcqYSKv-B@s>#4rY*_WfwgUI`Ep7XmBYq<0{06Dsop%yx&OdROS z5U{r+c}CFWj&E2;mG3+gq)O7of2zqf<<4NBGmF^T&?(tTgByU>%n;E{;XMkxz|~i4 z`*iVF*RqHPY1>FPc0N(}DbFjGp!t{Rw9D$cER1Z)!Wx|#wU{=(Uno+@6r>@7sK`AC z?f`J1Vhr_4N|c=vuQfiU$fBfPfs*?@W7W-B2G*e1eiwt4@wk2g4I9&?E4;xi0}pY< z`PzY#%|CUdXwyx$5#MOY$*$8XV$nVy_(gEI(@_SAs>@ha#DSk(#GxY0FP4%?37mZSL=?Xi4EPq~2WK zP>c(Np^_4QPoKpD3eMOb;TN--u{MJ5QLkqEA#tPP?+nC613zMbX&(|2!~w^cL2Xa? zzXGkC7>+xsZVU6v5ga*jaR(ieGVc=(o86^u= zNA~ePl~6ATo*X)?S6zq--04acG4iw zJM7uNA`RX&!oQefP+$$_sNCd=7vA-GvFPHW80JY8y8dV>tLrTkQQ!(RE=(4#(zEUZ z!e9#|BEtyoodQ2Vh=zzD-a|KsS3jkKR>b=hKK}k}*na>Uxu<0Kay$*l8SjRwz?iy5 z>Jt>B=gn-Wv33ua`9It_(P$V0CnHp8$OD2bDtyePjOcuw;1yiC2)?E-{M)MgWoLgt z?qDMSxxZ_~|H+Q^54?o-!m&3S0a4D$!^iceDn;xS*iSu`hz|)T=e;V(ti%uMhUPYk zUZm-Uv^f~}5&W5RBE;Td)}eL67{_e(=b(B6ilb*`ieRI;GPe>~g;Mn9d+y9ezPN1! zp3paM&Vx>gO*PY)7xyo{h6*U_oOg6D;<-cMnmr>bdz*7LE4w1wls{S`)Bh;wd{AS7 zV^B@2?{Tuly6qcjARqwf%2`MwUi|2J9B_!&Rh1H{rr*0q50Jhp1gSU8mE1XF+{PlT=xZ~B&6qCx*2qCY) zsp`AkX~IVHWl2P2^n45~WE~0xLi*th=K_gnTfQeEb zuqyzNdD%5D@mE{~FBQ1gpz`_G*|jz~-zDfmOng;ZDZZbP8(tIF^rHEUNKlk97MrDN<1Gw6yMyiUNC@r1?`} zGm=5aWWcs>1_m@*Ti;xWb2Z9VGhV{lBy*l~-%1(g&5PIG)>$b7Yio-u8|tSVB%9oC z{h|!bBZsooq*{!M8hg#%KPXYZHu5MfgToRe<0rbKEqrhOS3_Bp61nQzK)znE&F5&_ z476mjz2`yxSa7|@>h-wf$2q&l9N|T9Cl-qui*WmmG_eS{=Z$SH4<>M!)#U#rM z7cOL2T~EoIi&KOyhov?E}x#j>VQ%S9O93`3y-5bkdG3G z-y8`(B+~P^1W^(E_LA@=92ol-==1D&lA;V1qwVq5h4qIAf5`6iCId69;a0uteR2Ds_VmhpJy-!rRcNYwO)DRrbvWy z0UUdPqZdSX4L`)14g%PtR?gU8A~v#eF=782gp3ycd3djF&LYFz?qaBVkl8K<27*(m z;vN?vcm!a{=1CH3ZbCj@V&zt$D`)g@d;^C(K?s3QBX#=uX&}+u>P@J#z_7@peKI-8Ms=Vl z)zQ<#7Bi+ZA&F{FJHNaX>+$n7At$bqFI|L9cylHBDz02Qsp6|*1L@u@;`FUs%B-&X zRpsR&_d7Gn4P_$kiSUL&rRM#H-KCU;1?&(y?5%chLCo0ye19v`Qn%aKhxZU*+s}w+*SIM|0%#XVx$1*T(MTnm0Z0sx=as>a4TZ@x zooIIo`Ytf^$Kda(y^!$@^?UrOq!+Zucp)|$#lWo$E3|QX`s;lCcD)|v6t)MoZ5C&{ zBee4chlfI(-=C)0~}_C^G;`b%4{FT49Q`eC-oqR{D&MSL;aQGMp{^5C18u zcygRmJ5ddd6-o0$g($V%mg-fci!- zL9d%CUlDGDwc`5)m&B|r`D6KuWR7L5Dy<6@l{_9|ndC3eO$PNJ9>y+gl$Mr;R5ya= zqGgr6+{FzI2Gu$fszN&XVl)!lnSGt^M&0b0UX$$c20?V9k!lnd=g+WeCRK)<@+tW8 zV{S6*C}(v0vD=nuaa1d3k+{uRA=U|g5MHNdo`)c~;ncllGZ+TZBjbaM&H3N=$nf8s zu{r^pdcWh!9mqh)UkoLoKID~F!I8NoDhBJf4%Q>s1hv>XayxS($A*eLc%e8=9~=OS z34Abb&8sy4Rue=_>+NDgfms^*zkNFpA&|V|k~yFa&!;mZ2PE8oaeG&JlEMfbFQATT zzlOJ|H-cXX@d8bK>sG!EayGAzz!c7|#-sS5;$r@p(~~lvl)Uh0$85Iw851FUay}$c)|pUHe*Y3wG-kaC4|8L9v6HM?7InFTX$;QwFo!x@qhMZgvpf zVZ;2zAVlYJXPZ&okpHT*x_1P1aQ!%T>6c;qVpNwrSjQ>))`vHu2XQH5UEO!~SdCruU%x#4Q=7Q;Mr# z;TgUxjf&(+-V~^Cc*#XQYj8h9fPhKOxlKs3rBHgw2Uq!lV_~ko7(+?U+31CSR3(cu zC(SMhryV%ki@UkC+1!ARF2gfKi>)m!w&cq#-$maHC_^i#)2tqFqrR!NFOYPCn}&tx zVYqbln2UtVwLnPv`0OUXn|nL_wcG^uVWScVSbP|uWn_Y)N+it_`PUH)z&<_Rx_-(o zBqZdUvPon~m4T+OivVC^zKh3D1skfim)6B(f8zk7N@ z{~Q%ypiziFB*?HZmv6n(&!0N^D{NgosK#58mt?RMG;k1kRj@r^_oS;6BgTv0zH_^8 z>UrRYOq~*M)@SUWiqein5tXB(v9DB;$Ml|>o16DizjON+^pNkfG4Ux{vIUFWW_RTL zip}enD*WUgkn-T%c&%@QPZSoZAvJC6bc|3P;NO{+8-9%y(uPJCROR}cjLLeB4i*z> z5->Bj?T(P%y4CWe#$hpvnI3p(MsQ-|R87f>7cIzmu;FV$R(iWFJA~F)i_puyLptG{ z_kJ;Plt70l0!%QdefhnXau{bIi@D%1td{-lbXcc1iHXt6&u#ozu8R^ZF1~&mXFi!~ zR2=7s_kL(N0CqYm*993Q9mKE*PFDYKLvYo&wutB!`|4S7*m-Vab;p+kcLZNX8LmSH z^9YiM4Ek_G>xQW{eGu`HMkwe$f;ZIHuiii0aDHnB=xx|_CBWS0RSjOPQy@VgBqX>h zrfW;nO40w8b%?~s12DZbg;$op4WtGaesTphe`m~=WWzThila}CJd>dsXvQi7(V33q zqYMYApwDh>IB59X>}ffM+kf<>iuSltcuz7f)%b$0`<_55?_Gn3&0u+PqlA@83?eC} z{{pmWL13)WnP7LlXE8hcp0$FRy(s5+!S@YF5VT{xZd$CpMzhT##Ka$^$!oy;-*vF< z#qV{rzh#gW-&=ygU>qAOz2-YQs&osuw5z;@j{1|?=GE__jg7u6_O_N7IBuf4s1LSN zpr#3~%r2Uv^Ib;zKfbQsqYS9yN>MV;0Oeb~m+UY|o<=sLmv(CX&B zKNP;3VpMQH+7s7~Z0N8~ji1OsFhH}qx2_px|L{4h$Ujg3_L5oAc-Y~6=_~@d4>!3z zVP<%l+(ZIV0m^Z_dUA)VlF;w6uyW@9eV&Emd#X8xbZ`9o;FOyD4ozDo#|^x=hA83@ zRaFdO1~@685&irB&bspd)i(8oN#tpi0)F4|a|(P?pWxa~=#q|& z-?ZZ{-Wz)4h6Okajf6|qs}s>44(~k<*X5$B$CC-(ud4bh&Q$4aQzBGf9i4b@;BUs2 z{G+;Je26*;CUhA=HnIKb>KZ9If1^LGtGd`{b7yxh!6#^$(1#Ylf^lklyZ5nN?C$8r z<&#C5i3xMHM4l(OALS?|qpkW4o*9sVdoBR0>D!|%pZzOcD{NCiBF94f-}LsI+ieer zkVa&i;d^y}}%=E23D6i*ZGj*RVxEEJ?99A0dcOk3+{ z_etFMv@oJL9{NG(KP-rwf)487E*&UZp>gfyD}rqp3A4j4!iW?j(vvB16|?x|Kkuky z4ez+J8yC7;)8kW(8^6@nij$KgZuTQr;)D@Lm;bunImei)T};*ZZV83uN!%sV(S_c) zG+p_iy&%1V2a5-u$p4HF>n@SXk;Fd#sR`!8iIc^;m>b^Y3Hxfa?ExEI2}h?+cKRP6 zs!vKhf|mt%a3d=5LazqjLm$(8w39kx2Sax_TH!KPz|5;Z0Z%F!Cy_k-uL=N^i)+iJ9znXjhAt|?5Vv`8}Ht4B%%G>{6dI-XQ3vK=n zp0-fUc%dY}%1uDCsRuV-i({i>-+Ld^!Sfu*?&lJ^-nw%u>2U24F>$z;eEm&mM*P3< zEQkM*+pr?Un{4q1RQex1y`|j#Z5M$R|>}pdEL7L>y9HWQs%}FgaUtAY5$gNN@ zg6g$Ez_16=bHicdZ@cz85wLMj45cYT*SYZ#`@q!SWV++qZ8_rnb;PItlJWoM#BKYMhgF z){E%0UjXxkYFYPp+hv2X&f#JV$6Yg#!GgQEXI8i-CDYSmZVv4%v71PI)p~t`o1ppR zFvpmy^EV7MjA$ya2Y!h`CsHMU;k_eP7Mm~FVt2`Ss9lmjTI`VA3(E#TQ5tD7@HQA- zS!mR~jMAluw36eeF`&DCAAH-?8tHyG#|Q#s$&`Z~=uel_(V@oC>%(7vpHKkc!P8uk z#m9Bbi*Nkkys+zuS8Gkh*@csFqT@@I>s2RGBgInCOUsA7lM5>a=LrI@I`le#;f6T4 z-k#=4hEw%yEi?msfgldHJzzrUSenkkQpTyWmhL!!Tod8yktj8qeW-4CJqe*{hzV8v*Og{I zHVIge+6%*aQsX!Rjv&y=p_{Z+5j(ZU2kSEr`c`V4RFKF-(3Yd4qwPnfSe^)!>$cVi z`ME>?aixCwA$d)s+r>IyVNR(=FUGpQuy@iHlbt0nz*!z;)>j1Sp>F}kiZfVW=0 zZ{m-=#U$ILlw0H6GDSBjadxN^aeuJ>Q~qx~^Nz4(a+v%~FU%Xm53cO_31vlIi z7CyrKf!b`pU#a_!Q1o(c0kL97{iXL2JZI(q;N+HF?Sngy7lZ9-O-xLHKeuiM*`gWu zRf|!K|00|fY*P(l0=ypAHr9CTl<$(;3II_(J-G;!5s)pHZ`2*;;(HYfS2W!^i@vQ;GQMy-(G6Af{|8zN9~Y>vaGC&;5^|J z5lM4jh{tY6!Xpb{jg7Cl;-0K?HtZipCj_YpR9SZB5A&5EKK`;zIjC4-FLptj<)JOIRCovR6_ z_d=ga1p)_~8ZOD^VG3)w&fxg5-_DrHQ$>lwfL_6?QWrm6^;0f70ey{Qj&4w_h1aNN zVW)r%=PuSLMwUR+ki$mlSVBU=vm>q3(W=T%BALY{ZFD2E77OB*ESM8gEi{hUURfHE z*_=DT0Sy5M z+ywYqX3r#EK4c4gBm@sU(A=ojoi?F7;|D@NG;XuB+g0@z;wk>8MW-mX*JSHJa?m?%&xe>9h=QS5M>kQ9~@dNXp&GGWP5PwwJjH|1we0fEnJ$?_$U zN&=Fi!}6v>0Ue=?bUvRVRGQqx=+B9K1-k)c3$>!5%Eln_b zpv~Xqzf)WwAJKq^Jh<+2RJP!zE;QRrpW_upLF^*5 zzP@&ADTo?a*a6cW?%aU}jrE}moOJ8UWg_p34k3C%t;LPz27@omj2av33>PgeWi2=} zaazzP&XE^z=g@+?TI_RBTw0K)&L$^F1KqyG6<$^YWu>K@LJv~*tpWTrzaJBIdh(=q z-H6rDhwjV%8Y5T%!QR_5yfWE;eMA}}Vg?Ssg2ae>%nkp&{oV^4-_TY@`t~=C3yFDy zRo~tYUk%(DY5doHy*b6-TP z`G!Amb=TX-YT$k(VDB0@M7yliHes%p{Cag4mv3t;`)n^}Z8X}kU8LiR!qfiP$Wq|m zGT<0)a=g3yL@!{C?sD|dfq7njpcp>wtu(P=|9g*X@v*w1Kz{^;hqnu>_eIOi76R^I z0+v)#_MoG_w)dAB_S*(3=HA`K%RaA42sjAz>N9XO-_Ks7boZv&UXQ<40oR7_^jHdP z9WP2s22Jm-wcayNK=9`A5E)Q|nc}m~h;JW%IO(+hL;k%!v8t&+m%F%3ISLBdz1Lbn rr;h;}@&=-yQ_yI6E*nm_{0e1|Zu6{1-oD!M<+$e4s literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png new file mode 100644 index 0000000000000000000000000000000000000000..770141ad54cba4236f846e5af59aff2116c7f0c2 GIT binary patch literal 26234 zcmZs?Wl$Vl7d48zh2R7T5ZocSySv)}!GpV7@Zb(X26tz$;1Jy1-CYNlJJ0*w`|G>A zYNTtrx_VBZbJpH#tsSYNB#n+jgaQQxg)S>2p#}v7eFype2MGc4Ze;Wq2l4^!q9!c{ zRXy?L7;*q-DXJ(61yvV^`f36XIYxGr(RG1>!ua>!3p#}XgBS|R0#jB(RKpW+o(xxQInv2a90h5oND5t9Sx4smty; z^_AE4DE`B0k1gQcm+O_u~^HB*KrPY3c5$^K8K!s*AnO@^?ZL!>2^9- zcT3j((fLK#e=P^RpT@K|mcen5(gn6~Tkh~_Mk5r^@h9SxQ_AKuH?PralmmD@6?Jo@ zF&k3gGaJNHO2-b_q!^`~IJBFXcvD~~r_nKSSd7)a{1Vl@AY%>CSY5uE~rHQ zJfN?;b=mciipSJhy9@GKUuo2W%ovxwVH&yNhs}qD$%mV1X|g|}IMD^tadNZNif0=L z;M37*O6fPte$=POMHD>SR<`902RPsK$+x$ft+LO*9(>cE3G zHJVMG`gK1-1)J?Mxn>HaJ<19O;O@TiUERpDtO)w1G8_K9%kM-dnoBF!tRPT!tP~Hw zSIhI|)$Qyrad-QR8tACtBxSPpXriGw$Q)Bo89mEyLvM1jQMEl z$iK)gnd?E)*_T*ZAXz|dSI^eUZU7lKZ0M601-A8UaT3P)>gezN(er0a;YSgRa+9kW zc^3V>eAQj4daqk*%?(RC=GQbM|GIir*B;}QT)!9hpBk^^$^uV?W}~T!c#P?n!VL9> zF~rfiI(4SRe)kn>Hc$I$&WnZ~$A?OsI$HXm5I)HK)BiCLO=mq@)Nq*lFAw(c50_p3 zz=*5YMeAYFjZKa0&NtaJp=g#Pk!5^8{35U01F08d$M=Rwp%l#(56J&W(I`{1-el40 z3%+4VXX|OO>g$Gvy?dr)cR2t`oth0N5ucO!KboAPK2IK%x$zb6s|k01hc-88aRgX9 z51erMF0smHQ#U4i?;z{8IOY+NcfcYf|F>WD?LSJR_*Kxi3@1^K)+Etn?ud$NYqDUH z#|(nQQ7+}mX;lh^-@eOr^sLV)2->zkH`~m`m*mjf{kHFW2CFs7X=>u_?_DQSX@0Wj zVj;=R&GC8nD${L9om0Q$RQ&UuT^|=;uHoNqoV=~3YiJZs$DfGqP z566KtQTQyWl2Lea@S3Un3>xtza%l;aR-)Aau z1matD*i?HR4@9y|oZdJ4qldz$4Ycq%)^41?bCnY)B+Z^~%n$YtM$?Q=9Sykb)@b#c z?Nj{p9%jr(WYjo~e~ErDPV+4|Oo^P#RoQ?_bHQ1qpu-J%&5F=zz;Ub7E&@mIuR4=H zZ{2Eym4?aGl)vB;`Ek9*z0Q}52Ve)>^GP__i_G99pKjMcQy0{3%|xl9MEu!*x}m$8=rmYQP=_J>TKw&w*eA-{cAG%1JHh`<|YJdg57zSLPv zbt^?!ud;D{BQb6dpmsRkWzQ;Tz32_L%**)N>d#i^buC#h=0@RDGXA3#` zUq8BJg!HzB+4m#je>FBVNI}mDlD%XK9`(*7`qhqYo5?6 zre?-i@U!oF5oLBVRg(owbJ>VqY>I%rn)h2UOto;X70*NJ$x zV6T2paE|eT$6wcDMQD)iyqv}Bd$^zf+d22G1oR^N2BS5*I(?usl1(@a zRXn-4H*eAJ1)sMlXQaVRk4?Y(u^|}B?RdK5C@#0adf6oE#zLhOxt+l{hnyGCF-Il( zXBx%SMWdSh-yCC}$jZ<#I3#ioht=75np-Z$AO8IK{O*kEy=$vwE@@DH)F028p|uSb z(*-0lAAZ$W0dcJEWx3e`UWs3{S)6vm(AjMc6qf7VqUewSDPmgz zZ;Jf41MiQ!nCk5CC^#Tqtplg#%Oz$Ga86g;2UDEjeL4w{-!hi2@#*$(_!)dkrCn`M z?|!bA@wRAG@Atx`Pas9$QA3Y#5U2_WAQNWZ9f)as{=(}kQExV!zo@_(Ix65H2hOKa z%(B|AGN@AvizBdiX+$UDN|uPk9-b6_GyC0T@N|Rs_v3ugNYm>}{LMZ?X`IaI~hSSTECjm?%7E4J!WCh0nP|=^m3w+%Me||+}8G3uzbhyhd55rTZ^xbUmX-;O;9O->?Iix@Lpg%tx zR}Z!>*c-`S&AAM^oO8I|k>rwuV$$&mOk}A66?A!#ev0_fAEn=cO|9@P39LhKu03?M z-KWt5ObwIsDVF!d@N2U>&~$STz4BLYknTGi~6DZIAHNMhNV_q3MnEw~J+ zt40FvuE(>P&a^tU@vfKC>Jt@W#W^MOre_Ns;bxOLeG|Kq?BTK6vR)yc9A;xyD0Bi- zVeL;h!)lrqbZUk1%!X}*B#GARY{sNs-%9A*k9zV2#hya$E?W;tZEQTd8xA@70WA6* zKU2JFQy97|_QhbM^J+TZ^?q2BSi^3E$1*M(_=4BUee+-ul-^(AD@g$Q>_7E$$yA{P zULhG6QTCE6wd#(9J35$J%owCyKyLRJqzwW#HCex;5HgQ#-j03YCA}ABDE_Bj@U370 zUzyag-Eq5D?)0L`z1ylLO!|RTa8DG1L^ayY)nLj~dY#96x&GhpT;Y;{mV;rMoLX*t zTN88e$<0Yc3hcT2|Mu%IY`)FMh2Q3hxNOtybozd|Ltu3hdY7IQf?<25zkaWe;1j0iBf`YgN5D;l-+xwm&@@+N9Nt-=B9g8 z6#WvD-Q(4E6Vp$P?sDJyp|{1JiC@78=pZ`_2gGiM!Xv7bv#w85b(WK)H`mf+8+gaI z%cAjqsPE_LoHnV$sH^);ef&TS@iMj9ncejDszXYg&|eCVf8#Lc1bOVZ%W}+UH(?&-9_ASRoGHrzdLwmqHR8c3|kGGhRraK|rJXw(U|3qN0pdp&eW-Td4id9R?r zXu_j1;%RMgpy~d4I2lTZLICn(6(4 z+sq%5xRwbH_{=(8w*sC}weU?3g8Av(9@Tak>*bm@URyzkd*PQ|&4vZB_u( z0*#*f26HnJf25`?DdroK#nA{Jg{gS|DEhc;brPrd*Q$hm$N<#<8V1y2#dMnP?*iH7 z{(LLjAGb(jiAWWYbY4B+q;Kd`Ic`q;Xch0dY0hRl^tB0v{j>i4CK;V+LU0fftH&PcDd?7?Zln<_ zh0Ng7&83+t8~h64ZJc|m@VW>n*Yg!k1dOAa$s7v=nUn9<(N0L88yz+$#8_sFm1lkG z_17^=siH%lV)Vw(!Y63*njEgSdh{$9htsd^iFE>AuiJcA^ExCsmQZv27K1Y~Y=#Jx zvs)4V7#Er1IFj)0^82oeN}-XN4C^nshWf3yxn3|rh=^vJC8#j(_*XdZgeT_JV9XV# z#68G$f}@G~rBZ8j>|fT%rbQPZg(Yf{79rpcGs zYT@IO7;UWqdHh&rp#uA!FS}!ebhZA5LT!T21FSr3sx^ zRKgso+EK!iV8Y2aIc#>a`!1<0x0n=|rxa|~Ui2M(Bwb@KKZ?bO7YlTLbT&7Y)KIOo z9_IMOFe6QVrg?8dLP_;YER?m|^xR63_e?N2|CW{4NnjQ5`rZ}_KN$VKTt84}DU>se zb-sGB-lkv5Z4sS*VBO6>{)dar1ibD+V)v6ycIKOwmX+YLGO+YBxz>ri46}S{<$^Nj zhQIy|J}s6E#&_>KtBit0!9-Awby zhe!ZLE|s!7XAg7G%=R)_P1?^27=gZv0}p%BQX#B zVx%RjoirH+(f1*7L>ycO+r^_|vNh(au_ev8I1$5a* zow^&4$bI(TDorst<)2V+T7ct$4g z$X}tzU>>utMQ|{m5Y{^s%a`;B0b(25%arOz%9tQv7Qz)Wd#X1AO*~9U67qafbmU*k z;KRwx8gP`&q7Om2Uw`r%CFDBjZ*U}Dq}x{cWpR7H5?-Y>!wZl~*JktGev$I?_TWo{ zS>0uiaWu$bQ7P=_s!T{|R*?d>5_zBOj0FF%hHO49wgCBL-Zo51CJDd4&5hf9x#o>X zlWmg|uJ3oTeT=ues2c`5qvF?xhLI0RRQ%;eubTtpy+A0?G2%RLbQKUZN!TC&OEi(e zF&K^W95CY0B|Ds0RJ}xtwj71_-08uRlC~SoMesFFNN?<-U_(My>f<%(T8gWRq5c<~ zhU9M?P9f18%BX3ZD-KslJQY0Te|&z6vecy)zeMADRzPJx_W+=JAJ@wZ^&X2w-z$F(Ach%# zN$|RMg@qyzg}6fdbfF4nQrPDp+7AJv{SNJ9s>O-2!y+!_#XJhH69VHat%MvFkKT7j zCT>u#V5@ym!nwucwoBiYZFeQa&Kd{}(+L6mCk@?4qK=2^`N+S=#&?|4mSr#veBO6z zQnwu?i=u~-pJ|@wL~3`-*L<`2+)xC7{&^i_{#QW`8|_|N#q6my7BNIYT;5wNQZXB- z2GYxS2`HF0mJpQm{rL_4*?8dYxKml^>D$!e)CGixn)`ckSGEN%+o=;moN6*?tzTeX zd79vF^n<`Y$oc8+baAm{ME2=8ce>Z+BY{%-%z>5XzD!6PorQn!ZAvXAyvAVJ(yv_L zyoHFYlgOcKU%h8bUA+IH^S+gyi6OX2O4b&NQ+0t1zBL&~4 zj4p0e^t*;28_G|;S&3w`2NvRvwvWfPJb>3N-ZJ`HgDzk2dx z1O&WJOKTk(Pi=DAET}x6H*C`X^8@-nmw|(bBu6|N&UnCDumcZ%mm6A}7$hq%8WGF9 zxnTt{f)j@5 z&^ybRcjX*ox}DgH?(oYw0tbq{VBh!K*lM1wTIdOsHmY^Fx9-b$B1Okhlb!y4HJr!t zeS^+ePCs02=aU2+2w(mQLN%k$1$FgoguDMOLiJPY_$r_|VIoo~fg!Er4<& zMG{A5sdW3R$h_$N4q40fxJ1s#!by#50}fF4;7jrCWxhaTS6rzaULga-VUizm;09+p zTO1=-!efyw&N1TudOi4N*(YLn3`P|)U%jrC3^?lx`+@RvU*fwl`k&p%S|@@h@{Hy1yH4>RgHP;Ps#n5I{3j|>7HemCfAwXn zSE&#f|6PJpp{so<0*_-}M{4I=#n+SK4~Gf>DD-<2AJDp`M7)&OQZ;R@vc%0l#0+8TC$Bw6v7Z zO`=d?S2g@mR8|QvVoIe%@ZGMW2Jz92?ncim&G`{$st)B6dO&Z@)5%T|T0n$Yx5n`> z`7|Fl@%2D`<*Xp~b8PH|FWIWuOex7*Mac|Y0HoS!&pexdc9X+sFc znw&0>w#7n(4U#5f6~tQDfK#hlAx^#LBG{``{_{PO%^ix|Oy&<`*_-6k7j09@?>I6~ zpV;nOV&9R&Xl#kU+ZyN9di-3hKmMaaj&hq6#wjqRB(%ob%mxpd?napm==EXE8+VwmH*b0 z31@`K_Le%0a)z_iR0@;!L=G-W$d_J%zdyFfT?x_@Zs8tqd&6zE`ZCdr8&jDKE!27E zsDL*V0c--nry(Z8PM#e3OC?g!reE9HhUUT$J>gdhXjxaV(t94_OMus&JA25)yFK81 z;i|aCXg;@-69Qf;@aa4*_+OR4fE9ZcEPIrY*H;@YRA9JviHh;uSk_ZXXhT8?JQwxqIpF!s+bbd3s^`ncQa0>|?B z_pb=ZD5Qu7d1uQkyXcRIotX3R(UZwPUujhQ3&$iz3LLuLns^fuBq0-x)O{kWweTY_ z=w>(0uh5~(|KLurRhqfrVDS?mp(pEqK*J`N{s7R6Ji_b8u(CyQ*6x(?-+lpPr|Xv#T(mxra&oy# z4q;=$pG)Sk=GGv<$&}BP**SXgcwWV`eM9Tn`E=lz9(R2b#x1dYJX^vsioufbL_bM< zEwW5E2V0cgBU6cYcsy&V5aemjZZs}}DK(sr$#FvfUrBrFo>v?1x@`4X&W4ZOK2ONJ{ z>#F=_*-q&Y&xxdi$?q0Tqx8k1y?8;WTH{#rsaoAqzb5!lX(HfgNDrmvvcqbpv6~<_ zIt}2xY(~Z2puFjyitT-$wH(y6X|=@@D$TMIj(v!ZurVWgA#^38#i?g0?+gCk0Y*%K z$1tq=)5u7Kyg3l*=f?v4Yc>|II*~1CgODe!oyGOYn{$K3&W|(2*nWgCXy+G6)B;Hh z3!6CFz`7F9%GhqE)7gk-+^?gLUDErj!|F8qqIN)S?FH=q-?;kw!+uRd$l_UGro32m zbCT!kWMsVsY^MF7sdKQ1sqR=P zK8%jzz=QA8ZAEh{-<3T#xn!kvC7xJwPVFG}Hyi{{F1e7do{^;7ES%cS*BmFglO~R@ZyCbJqTVZE z{lul$s0}5Rz^+|-ez>Gz`w`ZNEFZVqrIcgqDoW12AC%jTEd_nuCKB|jJq2x1t=ISm zO{4E1VkX@OiPF?eApRWsc)pWC&D9+X1+is)>649!Qx3`z6m&hH@n4fXK!L?ul zj2+>ELq!a@EymJWDaBq89d`AG(pb9AHX2sNTmt*EL!xgPNHTt20hq*Oi?xd)>cnN< zPit0I8cI=Tzx1Gd&o{otlp=5?>zWm!;D{8P`8R0JwpMMb z<{+`-2|_=oggQV(QI3LAiO50o{og4A!tH$Au16|u82*>*6=`EC!LL9l@er=DbkZgs zjNCb0m4zCk&041-AoA|u=xF&`sd_@br1|auI@g5GmqCiwE0MzJcQf+OTYAa}2IvyU z5L1CkRBiWPw^M~4%Ds%0U;txSh!JhgWSp?fa3YmmCAsO5k`w~M2t^`B(~}CiN^@+7!;M!WOF$LbM7f!yx;zomdMhv})?;t-?ZJ{w z4@)!OUKRSrJu{ZX7j{kWo!GWYc z6Ns<{FDcseBe_Ar3KMEVs1Z&SpJ`+(Z-k@qt!ZimZ@B9t?&v*;kW{_Q8FWh7dHRS* z`g&=QG!B?d@aWyQxfiNtUooz{TST7B%H@53ME*G-BbW4ukFH#c_E%Os>X@YT*=n0|)!3H- z98c}FObSUke&BJA!pw17>;k|lgnNtw+ErYZPFu!7^R-f=3h<^FiOZ3S%+APJ2}tI0 z%~Leb@gIQ0HW!gUa0mL{lm%*rV+Gl>5};&oxt}l0Cv$00AP`pA>hiOS#2~I@a%fKk zZtn*5WD6U0b~jwMpDIP+)IO&?oxsu~sk-NA#%=jLCWPCC(m6mIw=R_FFFpnfiA`aW z3JhuSt0Nxdpx`pw9$udrX^6%-KdB@3pVnxz$&>Z}Losj9G9OJ__Ib}UVR%F#`m`XC z$D|&l090ij!6(P4I-;QR6w=ZbkiVDfmN)%Vkaj~;(S5yRGhc3Z_m4f! zMf!_=-8h2`D6=zU@Y5J?%Ag=11Tg|;4Hw&cP{-?Fxt=ffV5BxrJem8VuE{%3G$$B3 zRP3+b5>q7;zDD{hIZM}#obhW9OS|G!^JE-XoOYfse8p$uDyWfHX-+F-u+YOR>Pdoi zKzVqN0IAD6;ha7S!bprY{s0Wv)PUm+PB|O~z^h!o4UY;sJA^$K_1Z}h;ehkVC;@UI z20l~3eX^%@9so$3ioEC`{$hh7tLH+<=;1_CcaUruCOStni;+COIjF-O z-5rQ+jF3vAR*aD@v&j>KA5SO#?ig5AVl@NGi23{&gF9MzB2C9RyGuZSC4Uc5vN+%N zWRq+GK;Gw5ufQQT;Ef?N=bXSFs686GjJ|wrzSz&y^>wZ?r$DtQ6e8tJuK8yg0q^jg zTB5<^;d1XiDBsYm5cdrtSj;Pec9mLVXfW37@?{c@(#l#VcPioP6;P7k;e6g(z_>oR zk!q+(#q@Ilk$B4dDitY%iH#+XlrSq5f%eOM5(|L}&kxV-Ft zmD4FN+q^!+66P9Bi1oVkcI|rk)jamRnz2(-P{OPWX^em$4*RS{2*52BW5?cbQ1JWU z*P(3wN%I`mhgq)t;L00IzJ}*ahZUy{f_$a_G}mTF)`()|OzQoSH13=q3PgS&JAz4o z(eC+YlaT5m(*<$x(Z>27;$JM@-?Kxny!$^uy{E;WDIz~Ko;BcnPPMA``XHJ|`Qfgk z-B(tAS1XpulR)v7b=t26o|2VP<9}39Or&YBVj;U|v+vDuiM9lVfbsgn*|K`5GPRdp zOq=ok!v{=zPlYsrd}U-S$;q7q!T?T<2s`j{FGXAetBBV%`~xH6r|)82f!8-%w^0p| zmG9P}4-zEyj8|wM&o-%EcnXFFiW#4OlGfzVN5Ngg*(3H36UDHZN};xuW6?Q{yaHkU zhf>c)Z*xe#Q2hEx4p(YPaYV|KW?4IT^uxOO;ZKZ}L$T&oaEwS?pW--UHq7|t-UtrB zeOn)bi9BhjNLMd{C`66s(}v_z?3wNy$o)$^9b(99#`vK7|J-_p+iM#Cw|bQ&_J7M< zU-cMV0gV(S^cCTh!3~y^OTRt4i}9=Unm{2Kd0UOxY8!Q#>Jr^jlxN##=LmyBx7&6$ zM?riN-^viqO_PY#LcD=PO}sd^f3AC8#w&9^a6@J?V=NHR2(Y$7BVals7~i}wyE1Re zAGmsA5bTV@{|%k}>1VcrSfcub4~jmBbSxDDyia46L5E4oLUpFi*k>(IhJy|V2Q(9)`o;HXV->>d}*7|9A-c7;e*LeT-EMZyH!wQv^G>P8K19CoYC-W`(LoiefT%c^3huu zBXlGw_Z9J$`b+};qRV+eIa7k-tvAc1q{`|rYd zvE0bDFLgZAj$0&d1L=3yn|`|#!d{UDO~X)N_CJ+_1Wr;4l$F410>YwRovoZqD&Kqt zPru7POd%v&!Ev3DY=%Xq0Foqavf-z|tlr40lVC=E_q&062Is1Ne4`~7u^yM);h67V zp~D=?OB}MbD`SVuD*PS@N+=d-mC%W%f_X4ZZx*wP9@BHV9$e zWeTKXigX(u_Kz)d>TEr~rCehvuqZoa&3Gd)e9D21A^3U*ePL&VOp=TIFe7zITKzB* z(y0yWcV>wACa|K0F}Vw1Z}i$16Rt+L<6lI0;57G|-2XC}XM3^lz}m7wQx$K0fS#fE0+?%koS;#LRsI3L#MNoZ*rH@-^>PDRkT$;QW>7)O} zn(nF!&7A>lZUr}7wG5w7sy4@o>!ifcYIA6=4~37py1PXwo$HO0MN_r>VyoX z`oVLM*yc;H_Twq^ilv%w?{=#6x|a`KgZ--3L`rxljZbgDZj)xq=pPh(ThYpy7) z9hrN?e9N>?(+7v_rzP<;71Wo4hB!VSn$P(b0Y8#;wKe&4n9RzdA&SzENIIDgnLi5m z?9?U$YppJf3DB*rbV=D|OO4S6+X3&_;dXd^?}I(YHHO&3wKW_soi4(%bW0p*-$2$`e+&fXQ#xe#(T-;-G6v(iqCsSJ1;%otMr@e(S-;=0>O%4?NSe^ z95aWmpO~(+gpoO(JIJOjHC@jmTrc5u&v#GLYL^LB;Tj2rkKc4*ki{^{eg&G;G`&%R zbUJNY1@aJJ#DXpBKiGAHj$rTkEQGDG&885ilFw8L1UB7|z9P>B8;fHRq)n{>1Kv$u zSQ^CFOzE*`;{=ZeW5_JMD$|(sEp(@T3`EccL)ku%rr53=wkk*hU`M(Jv|GZ=?~H^)%!eZCyXbUC7+B!_PGo= z<}>B@S>=MU?jV{{?pF9xhCIc@>DmhX_Hojavs2}^%gMz3`nNV&jDJhI)eqB{NXYjU z)Yiy!ddmT%8=lQ3u%GFZF$3&2+GWGgNb|qz7Ck6(K#K`(#eC|M)^kvV=a3&CPC zkVctwx3MP};n-6*Z`UKkoJ2nHTUj)z;K~3$a^%)(+vS9r+tb;sa&(CdExXaGGC|6_ zF(aG3Y`gg8z@kmuX^SO`^Nh`k&dd#UG|+g`tTI6#YC}|ads+Wv4gOZKdOYJT?Y#ez za3S!}|8W~JbuH8hr31MtNdpc55r8sBwhQR)Z7Q>WvBG%u7NHC`RCL2+It$_4^T!Y9;4-cfdwp zjV}8#S-EjCK^$Q3TJI}n$_~I#+t_{*$h=9Y8tS1czl`Uf$}H4?P}H@S@iDCFmktCP z5z<6_NWKsu@pLw}ev=-~ukq)?9UbK}#J|4l1D=-?BJp%rO6j_U*mA+gB6XYP-~H5! z6|T!DuFF)e+>WL;O3vr+;(T+%x^Vz<_kpp2N2U4Txq(%gL6liL|X%za&ir zRHc;G^n&x*&SnUm+4kce2IMU(bs*+LI-}*Gqm) zEWYl>oxec*-FGk2_l#T9nkf*i$gaf>H4FpGDEJxd$M^M3x>ux?tbKEAB(!)$!#(R} z6=Z!r8?;9ZaWvG-dTbJsSSv$X2=shfnyr(l7h=(gxgJ-V9q@BWT(>wNod!VmM!&=N z?Y^)ljffS_o}DiCdX0G-|gXgKd>pDys9iJbO#BJ+Qqi4loWuw7T z8Hl1^@sMWJ#Oi;0<#!1X!Yy_;tVm_@tI}^onevC213Mo!d=@?Kjy|0RJY%V7#|`wT zh;G{~USvXbK&<*l6;-cN*?}luHt~T0_J`ZNHC-C5FA(pQ@f)hQwcosB<7M6!;0Udy z(_)-RNHeQ5Ne=a7!UMOoa}iK+rXIX}f)Yc-RZ5l{No2aP8O?pN-5C0AS?RQXpqP1= zgP?`CwbH!dJIlS_ym|Hn^m{IINCLplE!{TS%^slS7&hByUyh&5pL; zc_2A5b@QakVv^KXEX>yG&E?N|9s-_+X%xum+g@XkVtJ{H$@Yl-5$#Ctsft_n!fcnGe{Ht0Y%M5d)TnerG8HBSEHZoSWX-7QhPfDT{U>H_@i5o~}6o+<7^-J%bvxcB9Yo}>a&P&gk} z&^90Lzk1P^AW$+ui|;62P}==PX;qg@bPjq;aYxmYu;Ldqi)Th>F09?5*IZN+)_nKN zHy8>1czE4?_YMC=(#wyHDv$_Is%G=jlY~CWIQ(d4; z-^0D`@Ik?D9|_$1OJU=jPv%>^2~5#{^>Z$G>X;N+bU|C6Jfq?(@w0O=l9lI7-~Kjo z0ZKV?9-rM#VP4Ud#bK*yX1X7ZQBL)A+C3xpJRcJR6$+THxIYnex8$knQA#r# z(GIs(VwyD`k=#Y)eUy$egN^fC>I;Wqc4_L3Pxm1fQuv&>O32mXJTln+G3rMG=hSE^oX1&{3m znBPQ`qvpCLtXn3M_@`z@`3Bu8O;*~?Z_Qs}2@r=QPB=^l&~7gh1kD!oi(HM@8m!Wt zB+OD9m8cPYLWf23^UZuDsP`t4Xs#5Vxzc9tEhywrvj08xL{b`G8IzOhBf`SLV)dR% zU}o|A9M}fN|EyTrymGXB9qns2Kq>g7^?KD8r(ir+r9KF^40c@1_IT z5t|%KdLidn_65_`e%4~#mbDz;G_PMps+9=q?KgFwGG1dAEnt`LLY2Y9ZnoS9bs#o@nx0fO25V!k@O zXzHWRYijVZex>~7DY`G3##6Ve(;9-lX}2^LG9u5?VQbA&gLpwXw*=W)yiUqW_8^UF zNCc>PS10HbSwf~J+Nb<)8r83VAd1jN2$NSqCZ`=e#Ie)pvhlr_ki=+;i2z_EavDxH zLEdmUh7mH~p;4F@f&Y=X9h!LS37fYn;>FoW@8~R$#6{qUJ`$=z3B&L8d(WbKx(4Z5 zn_dg#-Kp1Fe?O>=_l|)O=3MZw(fHTdP!xBo2T4g%p5CYm^r20V%Qg$6fU8-4SDvB@ z5hLYpwJgTO)n^PByTp&= zwrc~m&+u_3B19&8o)VuJ#q+cciuyuP@u?I~zC#mfdxJGoLeD`Ta*s7=u#1CQ;*2eE zy-785Pu84YPZw((X1h;%5Yg<8PL8RdYT^q72$F|0ND4JW2NW85 zOs_t(=lMRNXaxujiKR{u4*UTz*i=MY2+< zrRwyUBpv;X9-M1N9>2&tMvM^bh093M-M)XINDS-Mef@>c{~=pXw3SJ@UK<#I0$kWn z4hWP)0EG)oWw*Je5YAc}Z2K9Yvyzj}L3+&6Af0z0-WiVfqyB5t1S50wp`p;hu~+N` z@7|Ee=vZ1Tp)uI$G~aZ2bByGtieK-olg3{oGQz<)Fe0^3f2Kbd%Gd_0hVBi$bboTZ(91fvwlX`T@QX2>5$8fQqa+N@l0*6K* zt30`VTz#WYYowU8lc&?fd`eGtzfm4nQk#h-gSbzEoY_RgL^D0zN|o06ETBaCJ}+J$ zLFIgkBDM~ewxke4vOB1?S*WzW4MC#OI)xcPK*(N{I_Z1OMszkFobNR0K-y+R3~1}X$=M_Sb0e`C)LcsS+JsWt8d3+^IhD8L0-K`1M~-_Si2 zY?u-{?CVLxAE<}tzAdIG22<|#8|}*<3}-1ER>*cv&#dJFM7P(`x|q=>3q`EO(5{w- z!Tt@KJ%NLyo?kN|zAPg*c+xv|ekBcTSR@gTg;j`sW1F2+!XBHX8|mMR6o$`Epi``A z_X9ewsIch}hlF5c_5{+yq$|T{od>UN=TIT?O@P{fqs@$(02HkJImL^|NPvue|(*~BD z7eRQS8`7g`=aj)c^^R=(4Nq&U=hI1Bj^jh%4gsfgVdE!q5uV?%F-Qx?U(G~u9_n=< zqlH-x_6ZM|o+T$nBH$YreqT~c4@1NY$FeU#JDSP!^NVUoqeF_)qGW-#H0A5_cN`Z_|k9!|TB;m`jWQR~pA?4sf^*4~Ks>@;`!J+FMF zZkO6LjH%Y?fiP~(oy7{h+Na!=X_h%&3y(#RE<56?+*wFrZ{7YWn((LYZlf4SZ@D>; z$>#jW^w{4TfvAeT<#PE$kQs zwh8eApE;O<#q!>-Mxi?nyaO?jx;}&R?57BV;h=+>5!dPBLc?s{YV?0teG%{!@qd4^ zET9yl<+%}kynMn3BqOf`RCX8Je}dnQu4Rr2J5qjzW!WsiL*SP4Zw(Ml@rZ_xQ;=09 z6T7=gDp?XRe$C_IQO;0ck-%dd;&-`^X5!n^rFGiF9U<103@I=xQ#&CaXpnRw;8wu( z6c~h|9{84kup%{-v&(2^P{BUAYxo=}*_u3Akzd#@dHwbFV#Yn!K+xnO$l&^L64(&x zlsx={(KE(M*91SMQuQDTlpd@^B=#k#%hnyh90 zF5*>pg|&gE^-QXB$17(Yhqko=X=Iay485H#9-W>9pT~)rYe<}K``hKu=__dP13leAu&~at{V@arP=q7B(w?X#$QfF+5)L7X@B^%^!5GF)B(rRRPLnzr zMc<3bIwVIzHJdQL@N^e{^`hP-hF3N_5#mHa#3Z$K{uSyOK!(YoQg#TbmTE)ixUp6B z_A#6|EISv)K&wsm9OP~0qZW+=QG}w{3xF4W57#p$xT z9035&YpMp%nL=5cTY{&X1CCx%;{&J;ETo0+E>FqfKTNNAyx2K*^1w>PfQnJEnV-3A^?LitBS*c zwoU2c!MGnxGTJOY8g=z{t7jxA&5|7JrXuk+1R5+~96XnKDOJXy4f2|`xD`O!=QvC^ ztkQUf?!nll>=wtRGM~Y``-ml3WfDNEB4yEKKU-c=I$+PkB-8rQaPbRTK6w{jQ((h@ z)m7N%J}X;3nI|EcL3?5a+EBF?BBrE48nlOsV~7>4@WF=%QdaeUvztt7*^tCV`2{8a z;Yg}!>ItM-sv)?^$Fl}a$MTV?1;>fTd4R3zr0on5VX}q9uP>I{29FNu zS?0(stFs0iu22NvF2z5Ga1K6AG_=NXOS3MdXEJEC#NUXj4gUc{XYQ`n`Uh9p&{e{q zcu!$O8wkMRe0$Z;74dK7-(8nt5b3yD8Kp-T_rg^%$|r)P;#abz=azb5e@zr>e~@fI zWIoFn=BcO`ol~)v?D^HH7@xdlIwM>|wb%LfI)^{_gZ1*RcV^!AdG7nVuj@B_E^R3Md+lPb$Hg@YHZ7_g1#@j* z(N9Q^JGx&uGqaTg%eBzE`J)2)c20wKQX!XIv`x2}NHIe4ov?4IYQ>pbK2J+Bx z=J-SV!mCEDmg6n-PG|RKr|sB*#q8d~0}PyJJCKAQMtWEqOY|C1v>Vm=U`IQWhkLd- z&B)$v;^wNSvgr&OV;Nx!=B%WFFosgR3ChNa=bpE!&(_Z-ZJF*_8O+zd+_WA z3(*>XK)G^Fzo$u#?TlJK%rS@X?>6S_~MU}VA0^yK`UkpT0_^X zXt%@#F{d|Uhu<(VV?+pjAVm5hrW4E%vXoXD{AYHwVs*eos45jc zeI;s_gl((M{Gn4)@k;i$g>tMubUp43p|im=1c-&I8&KC-}ly?xW#= zS>;4OMwiVwag5R5u|r5{WRI;pAHxQh7qJ>%qxpAn_!o<}AMqkpi|h9_lA1_AcfM^+ za4=%|e6YC@n&E}MgDiY`PGgagKd8396+$xwhV0oy9-k-0@KVK zxTtrnlKGsvFKkwfuPQ$|T5gXqmAg-KUx!C+PiF-s3%QJVN)s{;ig;XU6|~KwHY4tS zvnGfxhK6z(b#{ktjozBlpm*L!bu5J55G_;)&n%j8z9WT!0_1?Q&L0>-XD&LZ?(q-} z0Hr~;2<-h;$KBr57Be?1O<;6-Vfr;nyh|rR$fZ2{ZM+8e$9}UmgUuo8qe6)J;jIzK*88+pPm)`t4FZ z;kF0O3F48nl({<2;Y!yzWu1rE{?66oXWfOdEY}fp0+B0?p0`&jmsOKD(w3}otlBg{ zv>Npka+SnyDqgHah*Taox}9S(27}+dI#!LJx)$APG6H5mm%5kJwsATMjdm>v1yPSp zQT#xDyLFjU-i1hzGcZ}UFM-e2L{x8;dK(A=?8}KNazHZ(+e@_IQ)dp{qdPK9RPz*) zUQOEw#nn4(PyJf-ydDn^2m;KO-q|bNlJ?`P!!F8!(SRn9)?peQ$9KIt<);) zgr1Z5JLyzjv|ZIZ7XK)h+xaGz#%ooA2;p2(S6wuD8!uP<o`Mgs%RDPg;eY#`5hlKz9UFEg;nDcBV%d+A1*k?;A0Br;|*BF;?Nr;zqODR1UjAAMN-)P zO$&NJRiB$MNuD@%9R?o6&1mm>g%oUbVNkEWw;fj$e1i6I&NeHu&3CssI_LY`R~y3& zKR?mlzD^QKH)!Nv1gj*;n(0jfD=`(}kph1tc??KB}5TdzlkOR0*Y zxAG8I#^0{SjjKLiri~ZxZsSQ&yuWrxQ}V`3+pbscq`K|9WFbo_?Yy$c$r~|R{kmN6 zq^+%kB2qttY_UC2T}u?P0iqT$pt3L$Hyd)|R;JbOwJv|0b% zWh{p|!C;E0sn93b#NmUp-35AN^b<|wbBnD)ca(u8$}93LgQavIB5^nf!c(O2m^#)P z1sI)xP(%+sNP*vF#fxdn#_s2<k8}F7OLSG1`0(4B`bbKl6OG{LHaJ&GV4UHu|?jZ|4O6%7OU%u2XLeQw}gE zjLjxkH8UL#f9Q~>TCnM&AX?C^u`Fh~5)Z&c7rK*%xV$;rnEql zJWqSkD#Zs0_-d;A_wZ@%>VCuVyL^qk$M`=}EqTq(qIQpX#;DvbV>OXFWdPlUHOlWh@+R^X#+=9bd=!Jjv$by$XM#dc#KZA;0vC>B zgn6aI$yM|(X$UIu7QT|5;{YdVHcYG&oAjPxah7szx9v0$kK*UX`Eki+ACzXbhXf~b zAWQH?sr{+JO}0YPzTA7Jly4v=c!3V-NqHVol%-hpP9hLnL!^`@xJt3E6qu`)naw!? z&P(U#dC@cWF(#6Oo;0r;cJQcF3a^0h&PzWMzd+AqzC&XELaE>&y5MLOY&#IK*NFhU zuW!u#4XrRJ!5A>&?((*6fk!n8KpkYZ)$-SpF#`;q#PtER$s-J0#!=zl=TlC-Z&L(f zJvG>`)8}Kw~5JNVudNYs-yF349{@tNMW%cP#*OvW=Ux$x})JjvQytq zc()-7kp)D*`1BNk$K~pb`S1Wx!OH5cK+%x2K{OX`%zUDl$_JKIO2~ebpz6})P`qt8 zxd;tz;Zt$#hJ%~q?L&n7c;pvjADXEuyP!}K5h1Z4Lx~`nxa$fn;iq)+1|d7|m+C)! zp4ywK>&w;lymdGtJeA1jd>kcr*^i9LY7!D7SJ8Mz2E)t2F>?!vVJi8I^1AO95NO2D z2pCT>a(|;=QIs}->p5yV!U>r~?&YcFp!P6R^A>o*4WByH$-*6dLOgc8*5rP9H2dPw zo)OnVmgG0I&Ls2_THn8?EP*!tBwS%N2T}OfkH553v6^9{2J&~V3&O{^vRDX6RzP|w z3e=H{o~G&|?9hyc%Fojyp=UIbAwQm;N9u-6kx-x7|6~7{**wO=^IqyMMfy7FLW6|D z3{fdl687BHqDl@?5?;q;K_a-+b6PNg3^S_7NUGO*0P4!8iQU^4VNGOlO!~e?NP^P_ zuQV>Ir9N}2bDAjIb27UP3Z+CijNqbgA@D%9&}l_{8bv04AM7o~tbQ#M(_3NEC< z_#&MSquod?qw?7cGpfd0RY-f#<6|hH!;seyNAO6-44IX#RFGV0lWQWildyqS6`<+F zO6w%@xP>#F8XyOjZyLc8P)^SAETALVlj~sz57?9qq;G`&KI|ZdfF*_wu)@9*>pQ;| zsI(&fDs_0XbPY=pHpMG8cw$4!>sSQRL>*?TjaNx`JT%i4rtvS$HD(+5m2>Tv-!PN} zaxTcZPG8WB*#BLnfA(-Y=y^o^KoS!n)J0n=l*ID*v>5@ZUN9Wa3?Q06%pFO`J>Ind zKAPMQj4LAQXQ|4qzV%pl`Aq+M!t7D@0Dw%P_AkGXdVM9pj!DL`HW47L!?$=eORQnh z&r4l?Ezq$0AC8#3rT6kFdm@Axg!+NeR;Y2&^Hx2~JBH!sqt?tnOi8E$V_-2##i)s8 z(U`JY_XHKkCtnOyy>eqF{0~CtoVZ&qKGWqUJRHeRnTheI{&7JNuSAz;Sn~Y>BxhR(EC&abIJ_{;dHNc|y%vk8w#lRIA~150T!Cq^$%j<2m%t0gkhKZ))FC{Ho>4Ko)jdLL`rT*xR;2*7Q0Hu2Y zdeXd}13X%jsRO*DqrOs^6$XXSMXq;uYH+|W3_@yvCHTW0;xSxsL7Uvq$XepJMkMDh z?x9(~K!x`F=C@tfJM}U{@fcLW1{EH+!7ur0hlCYp+RFVj>@i$O)Q&}*uuvuQ`TEmr zg&hsYdC-9M;wuVKpXZMtVU)_B8%O765d#5jTo57?H}=`R83SZv2LW7 z+dRexRG(&cJ(8lO4s~X$`QinO-Muf2ygcG{rk%@gzHxL%D7CW?O);#Ev(2hnd@LRj=c{!e;S{V#7~4+f2D9 zMKGe+c0&OB#Z|J%*){~bHy5R05#WKK$`H)_Cg%FHy(X@DF+1l@^XKRIGg8XcpGG@N zKAkMMsoW0mBHP_W{LDB#Rut9oXu7*H&)2(7X((glMup1i+Lzg$x2{CoUEaSTj1jn%rZ0tW z2;C`1@!%kQUbWLj*%V(eUVu7-Dy-G-1pYQ-^^d2XM8LUJ^br|S1H*ctwz2=xBf=1z z@922nfSpAyt21o;Ywg*GU)=_6{)aPA;&E?Axai*peTb7$MxC3B7G&Iuhy{|eg9w)` z28ASjL-{vo#~T9`-Gmv=io?=`Z+>vvYt24wSYP=}^6%_~rz3xesX{qF^tK+_)Ui7fdkvPJSf3 z^;dSSid{q~a-y~{-@f)kEBK`=B-iT>^xW!n`~@2Oh5aO})tq?!@JMcSdFk z*J$@?KbPHiiGqALh$r;8^UG;|{AWJMXehaC%s+kXvl=B^u6(}DbTstsTOYS3Uo+ft z4&aeLjbKbj>P%u+-wtLxCq;Xx%372~brOD<0y@{SXdvGV6a6>e^bOPMKS`+f;?BQA z17!*Yc`j!v-idg;8{C2FzkmCLBYX~Tb{hSkIuHW)9yuyxr_aE#$doszUxr(n(KUt$ z`KUmzJ))b)KK>8vQ0wwK%?Kt1%>5#H;7BQuE{aw{h2QNi^G_JQ>bqnSj`j`9xbiw4 zx$QrAiv=V9`j<4?5w0V)>-IBSPd+1+<9=TFbKXkDr=1bB^bmO#mTF3z8OgbS9jieF zPLG<(qRNf+Yh{*W)=_5g0^c=To-?d@`rEEATJBK9KG4 zP_%XVCB_g;cAb{v3hImdpRYoh4ZpCL1}li!Wp)#|=r!btKmOC%e&MwY;GO?EP~-rj51`9F(qdwI zL>qS}$bRUs{iFg2R3+gK=94lS_lzk^Qr+(VD}L(#;fnqzpjCmmY0?GIFuDQJ4mjmF zo%VG}K}O9ZjsIA2Yq2yQ!tgGc@m_^PXs(ty!S&q+LF08JeMjc4X=Z2r z`C$|2rbn(O1ikj>_z~LoA61aSoLWE=07~TR73MP6LfP@h0HT;n5?5))3vpZHfr~bY zxY{X=;xrV$ybGcPB1KUYiza(8F-IyB0w|8NP?6g)sus@LM6vJW!meY8of*Cyxv!3r zs6hLQ2c{Rf-Kk%<;0mVrEDuMhCre8ya5 z=e@v>c#Q- zI#(g3z{9P@a}-h9prRaZ1_jQ{;c)&rXY%2@oyD3``P3IZ&a6V@qavI06+!(;g3mdt z0o(Wv@%6N>4IwPf=ek-(Czt%kmI8{!_$|%rSq|ncs&<8IShhm6R203U!}i_R4|# zFdoW^?X^2)bGllQ&_c7@EeY~hWG#q&U`i?&(m1V(GpF|0j$ zR7|25IiQi^CKWO(D;jkKbZcl7oh;-LmJwqUVjJDx!6Zo zDnJdE-gAWe06Ht%dYMM*I6~w~>D`Toc-$7xe$%z3cH`$NY)TQ`i4q+ayN&+u{LE#5 zlKHx@%ZWm;z$RAgUX|)~1z0pWm^L6HijeYIdrQh}7NWk-Ee9^~tN}w(8HGMmCE*WV+hSQW0-FIwEA2DJt|&2ly7F zz}H|%vpTK`eaTS{BB$MNnZE$+EX&K!6E74253A8pIHbAF4%YLHqlwO3ovTR61l%ur zzpL#NxpSA4=NLEJBtzud1L60G?KObguD+INO+FWU30ZKxW&>z$0hKH%1@(H_UGl&# zpt#dJ{1{WIu@t_~Vk(fPPsznGGuf#Pt3Vs(fiqM4XuZcS(L1|@@f}oCxsbim_C%p6j6cE{DQI&gW;#bvpJIQvWxF0(fSPr&oz;sN+k*#yRn zu>w7vZC*1fTv2y^isfLi*vS6++kve7h=y$rH|(I_@4NovlD*HNdIN6u7aO&}HM~|_ z^SK+&lMCX^?{J2G$V>nlH+R+%DurmPG96e)5u%nM;?mUbe())W5V3v0#N;psS#XA* zR<90(&I>j99Ct~!W~#oq{JcJgv)ihWB{3q{^LC-92p&UuZM2uFz8!o;9I%dK~1od}bMSXs^ z{p4YPBVu;_NZmR+be9y7W2NZliiWA|>5wt=)*IAv&v}6)yZzy;-#~U;$mR8IpC)-^ zH{Q+;TtMn~PE%Yl%kzoc(@rf`nFIzvuKD<8IUhMSR(j{FvW;*6M6(ZIbK2a{m{fD3 zXr*y(z9Pp9x>%+qKol$>9M(4DIeamVV&N^(Mh$w2cB zpCS{@`2Zw3#ERg@O1dAX$)bsK007eMdwxloL(1u7ycRJ; zPhZI5V%|u;EIyw+E!V`Qb^xgUQaLfUW9qW$}|m zmx0-QZgG(+ayGDYPo^NGe8~CAp!c%&t}4B6JglLC7pi!hZ0c<8t>U#~A#_SQQm_7& zr#@A)=^MqDH#MuI)2n?c%Uc zg_3gr_#mIasGKgpO^*GWePzBtX7c^*L(Hd&LPA40L>%SSt?dkruhe_hqy&2x|2D@T zDOEx?RSBxk$s1hTc7v-1Drrr6V}SMq?X!akmo6-z{O&~FSou@ez8N&^UoI2>>ISnCSvS~MT zuUFw=K)~~2DtA9Fx})Vqa~{SOJ^K1(s`j-be1R=kt%s0ZS4+U*YLI9yL*DDzOXj)p z@%}wZe%Ci2f1(4tAdYs`=U6st2~r{!4S4`4qfV;A4$snRmjGWZu-ooi4aP^^DC@{&mH~^Bi3QeBVIZ z#B<>c2(8^PBg2Ab*N%R1h;tq@3@l8E@!cNzC;Tz8E;k=zU+M1xmep#yYa9u(e+axu zFq#yd(QdsCgcD3*gFk!eYWHHIRUe1kv$Kg6Q$h&6`e*!tdP6Rg->0n=j8$9A=UT`T zX=M!9rN72ef6w?bT-ot2T`;{~{Yh>NWltjL;DijVFqa6kmKc94Wr&|O9Zaz4SeP8q zz7HA_$+(+_xDTZ^S|L1L>g7pQ_gP>4sRc4i;vBgD94TR)oC03UzQcP{zp{ud11zc3 z3)IdIGx5OtJ?;jtas^Q@l~naB^2sZ%fEF^WF<9@oo3=!m$E;%={O+3G>kjFx$lwVf zX(^hre)BMK=tVE`7Ed;Ae@XC?zxHBD?9-BxWRfN{Fc-{* zsN}K`@$%1kQoZ*j4=3hmav60#k#~DxIk(Dfw3C(zU2KY?H`h2W$qE5eTlGeG<5{k_ z^8)XekUZG+@Z&{~$x!N`S+bpplJCHfevG)EGEUbr*=^#~pkt(X9bRsX9QAQn_|Oy% zEV}OOkrnh?5r7wNG8}|O+_u<)?&lw74z_iRy#9M&Z=28YP!`wbd!iy2y-=EFQac!{ z8ZF(9a~n0upoEikZIv~|^#z(-oC8Kt!G>K0QIv9t>iT^Tj)4BV?=<^o%?KF}J7-#auJ=l%k|Fr^>Q6=>+#GPD214kowcsOA4>XZn8- kh5tWVx@9Qtcf><|%`2q$^PyJY`(hr*O1^tjB5vUOUm9okM*si- literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png new file mode 100644 index 0000000000000000000000000000000000000000..8532d279bc5ec58c419b2cb5ef4c50fe81a8dafb GIT binary patch literal 18628 zcmZsiWmw!?w6<~A;!p-HP@uRJin|X^aWC#RxVw9?!QI`xIK_**ySsk#o^yVFKV~M$ zmE=k$J8Q3XKhFwRRFFhRAx43MftkPg1&_;+ae)AzNdAzNFYDZPRf!ZP*oG3 zk02{>X2SBqP*An8sIP|bkac8xDNQFRD2zY!lN_3r8 zpVRfu6?DR>jkAqzLHmLKIf_V0`S4&e+pSWo$=OsUH6>fwP%x5!8HMla!Vq%Q`5D69 z+E#xkss83)F#C$j>0&QBfNxm0#h&7F&KH$#Ya)xcHJL#Jp-P90Nw;lRBAWP!x54g$ zMvjoI#qz&vK8&LCJS*SzF3>@;k`eecE02|*)nr&oxR?7ofSDUp)u&8J1& zo^LIPB2!KH^j&9*feT#L8(q3X@IIS7K7+DvNup0{?Jlzi_)I!EJ7OQ^D=iMjduukl zVEIDdv*pHryxG20bt`qIkrIZGVcUxZ;4YZLo(O94eZ4|lkjJGAc+PU$aB&-my?DMm zIhn7}+?*HemKbXwe$pLen0;;3EpGU zYbjZO+y9%PGYRJJ3qI*|^nE{~O=VM~|7KT8NK40cE}zaZ@^;~?Z}BHj=3iM=^{wyl zX75b5>~bjS57(BI4d08HaA>Rw79~ZwvJ?zlf% zC))^6cB0scW^z9C*2X!`km|3fzQ zU0u|Cx-a4nW2&@25SeO!G*jeqBgUfy z=(+hg%#Yp6B3O%bIWD27bv|O#IA1bb<9}G)`9v+16VlW9uwFjtDO5V1+?33uGRSFu z*;KC5Tt&CKUDm*D^J$VZr{Vfwvf9S|tZ_kyUTMDDZnXqKSPXRDdeB(Wyk2&Jf=jnq zB%fUbHr^2Mo@*hWi@r*r@J48MUQ*7D*LTmqUAJ9SG-sLL`(%3T-xUSm*FsCCK3{uS zU*PJxK4$Q5pCILR9=<#OCmWrIk~jYKhs8{R?LY)xl~g<>lXwKKtv~1=A>GaX#6PQG z@mxe>$hfiH{u9pB-OwyO>!wq=+^Cx`5q--G;0#f-P?~|f{~EAHjiBdVl&rd;kLU8S z4DM`CU{tQh-Ek`l9s}I@J1kmi2s%ltX8l1+ASAv+0?X0&?ptO4hi4MIw(+$3mZzKj zQpXsyI+Ion^R=GN*HH#bDaZrY9pivZ8KR)oI1ykHUHnUzDT9)fu}*f^o6hlE>D_aF ztU#HJ*=&(KQzYFIpZj%*ksy79|49ep&y%;4YNzwvQk6E0cjYzS^MU2YKU5os7^DIf z7f@iyEoj`Ir;84AH=Xz~WIu|m-b$5=l>7akSuhmU4<_~P!J{%Me8G_<+*OfZA2dTT z)qmwmWm9xU60sMhBy(u8Jv4)=#b7W1d^r+mxh_6U)=Q@f5!=_#adO}R*shoJ_B(G( zP&r*U=<3`t9M)MngDdMD(_C$wM+fS<6VeDS~^9o6$FyG*6jfe27mp8hQacB;edps{X%eS0F_If!kt5{vdM01qN zRNrecBs?r8jbjC?ykFU|!VNk=;D;ROH}n`q9rRM=Vn>Ia0Tr!c=?sY#=f+xA$PD*` z2olSvU;yi4N>~*t#d2vgmHN#J{nHiA#h-#5A1^7Cd=T$6`Rs8um6hg$#(bYl8!~>l zfirllnoeemtLdSHG&=%W^y@tut6u7$Csm@vP!w@MYL*tW z1xn&hor_H_<@D6cx1peYBKBXZ)!+}Oz0tEl;P1oziHvGJ%NGn%-M%2?JN~3kG90)K z@B?02&(30KfI~^RUQx)%n2;jEg{5@{Np`gsOzFh=0tt_zye1SLS=x ze6hG~J8GiC#B}IjJ!Xq{hKTxMEs+!f4}?HU+|`YGGrRAmopu`now2=Qb5Ok0(h1+~ z7yipZdc*FL$uB(%{6#Xp$?QFBaF=NeOO!$Gt%Wep;352BvCI3%!)_w**yFh(jol@y zSu8w(@^YueVz%h0hWHUGk(|2emHONB@m-~Ez50Szv&~A84Bp;g`Xg)}6d8`4%R|+gtp_=yfbpO+x8(9) zUT&EvbQ`aE7hsW`2l_xSuONWwf!_|lM#<`WcZB$Qt-~TQgHZy-6Hd=(pql`yKL}md zS|s1s>EJIOkTYJEDg+h*V^B6Y0`H$EIzq%ZiKySiGy5w~UuFon!meJaVg-&PaNUOo zl3t95Vw8*nEI<0+`Sk+yi@J~#3>mBDk@36eTP8O=& zA_=~wu8BC)-rwKYxdu8c+f7LF zC2mJEg)*pvUnu*BA&oZzbr`kwp#xTdc09<6)CF1;5HwbUVT$C@IpsDj(} zBeGiANFuEh9=)owX1ysMMfWP{+f9iqn6Z^U^Ysa}WLvw*IV}a}q6$FOF9B9Y_D9*F(5pIn@tWfBsuj4Jd_)mR^Is|0_@#y_GT{yNvgweGx;25 z)JnDF7wVLF8+_kF?wCBAPTS(qFackpxg&%>y)I=GPo2z_mXoyIU#whM&X*OEG%2#s z&CYFm=SgvzeB&t7dE)7wu63=vrSQLPY@y#Y*p$DqjY#@B_gy-UysJty|20BDXKrse zO(m7_vQDE?>#ONUDcBlvrHzc{PLIQeZd`ncQ_p=kZMHzE|g6T3#cqX z@h&7ZB7}~jb?!&?-A{A0EeBm|H`}T#bG=;4YLuyd{dOTxy1|aCEVE(pl0DNLO6Ifp zMLt~)&*T1diStvvym@Ti$L=gJ8T`Lf@d_^)@7C6WzNcE}zjg2DkjnfIU#N@sw}*A7 zXku>HyW`H!EglC@zzq3NIvYyli>{lPNajJwX4^I9n|(Wkj{bnUgW)Z$CTmlfRmiia z^v~!Du?+)n5^8nfFh5_4wmGmW<+ZOt@*{`Y?z1k08O?GM`9i)uGZn@roV+%-{%xoKhmOEQ%j#d7Y zrziMPLCdp_W{_x`&7Q z60I?$KU#~knaU;Is&t#@T`s0o1clr6;$)oWN|gM&Z87b)iOdFWct{(_3+b|dx*X3f znT}>IeUbTm=QQ-y?&ICtBVAWjXeB{vCrk^Idqx-`x#5DcZ{_)cAVaY7}*kL%^=UO@_gtwU8Bm3Sl$o0kbtf8YsXiqYM z`dLt76~h9@G#)1~zooiZ=Xs{dhUDSg^TMJ@;@UmVuwLb0!sGM(-ToXT`Hd~=!6=+= z?8y}E6}cFm5C*T&UQ?B!5P8Q@TO^#E8>>2q&Hw@u29tCaKC2OXl)3?UM|jwN z4HNF!MF6wzY2jP5gg(9(CGRK`fs&XvN@gY5V*e$DzkJ-GbB5a-FWBWIt{Suu35AjU zpuhR~_@=;(Ta6MAj}1K_RTU}{jB@lu%nh?EPgmA?89=PPxmZiW?r5*7=lOPLFR3O8 zZ!#!{B`Cb;uy!!Yixp5Sij1Dy4bZw%IB=; z6qQK68!rh^f^U-k-DK5V<>B+Z%xSe697(WxY1q%vJF0NCdePmTLj$`-w4T9Z93q>= z8x78li5H?wScg>iv&HgG+V6|oOu8Mr9uG%n^Od^gUuEjeCUezQXs_OVGrsrACuNHS z1CYk75q|Sge>|3&0p$zooEDf;ne_$GyNx=TwA<#;Nw`#TidPel0I6)I^xmO$ZO-R; z$hz~D`WKFS<45NaWcp4Z%+KF@&`Eh!$MUl>4Pzce-W^1~Q-xqI2sqO4AnPGu67K>S zmBoU|!mZofF7|1{g5OW7cXXOgmzaN;q9YXQlJYhzz;RF;E-|FA@C@@rl173vPecp< zs?Y$H1H+N8mx{A3yQM<QBeIy(ku((&B8L`f0=H<(hu85mStl2I#1{`zvvP<;qWD8=ewm@S^1 zT7_!}XMI0w4j*mLECw!tF#mQvint%2F0u21#fEY=5Vj=ipxBD2<#`#v_ni-G#ilqu znY=C$G*WE|0W@mNqs5Sd@SGr*)Fl!BDe5-b6$aF--`zzlezQFC6D!?J@A_p@@NHKj z_I*G;i%kvZt1x@iTMQ{LoiE$F-;=nW9}HVpZw`h@_>czb{^V?bG?M(qO8ewDtq!RJ zG9|W0)L^)7`82*Im-AI=Q#6Z!kw+;0cExAjJs|SIThp*^j372t0vM0C?77&G?LKI8x!vj2D|HH6DRU4FCcI}mT8kR@ ziPyOtw|fyI&DUhb&*hR>LnJ`|Fa>o~O-Y^VOhyu9U{jz+ps~jnrmTBkpV;);~V+Z2Nb-Uo8psY zxUKg6@EJ`!nXgI|pmreoqjW3uLyB`vVOan|bGWrYtJ&7{!6APw1dXL0{Z%N*?i<^-ghUuB7w5A=m?B_3BCN>RI4z*SHf= ztmRRR{3Qsgt3MR;g_zU&Fma^h;g4l<_r`tr%q?>Mi;2;5L81pRC=VERiqpH3I8wDB zw8CZMl~-`;yphRM z@7?M7a2;;6;CTxS3VnY&Yu>OVGw;?|hty+U)!p}HK$>8^iHC{aB>qe`mmy#O9Rv=Y{Pezj_Y}aU_Q-mf`ayVGsxlNKz{-*& z@p}20!@bm&G#hDzWgUlVyxH@?He2qqKGl==N>inwsn7xP&XCp1QRsqttnVMGn>SwD z%y)$+2xPnshnjY@`d6`)!Q)gk|4n2~KNCqyfvej*WM!3DG zHWkVS3cN2i`@DI0PXy9w?)`X2oI>{TW7hJziGJ-At5z8V9myUjWHof!EWaLRaJiJN z!$x(|adf(UVJS|_Fyf%|rqd7d+&mZbJAfcnu@$I4bpKihJ@vhx3V~6cHkdBq(|b4r z72R&;8v@p^y>S$xUPf5(@6U*rYW2VL>9YKX`n#iu@wgPCn7x*(bhSIVMF(F)=PQ$A z{8&Tn(ny9wHT2yz5BLojA;I*=S@n0+t`NKKvmYL}CF?hXUBK-1u5cV$Oa3I}Z(_BF z>99MQ+K z1veIQguT51Lfyfr1au!C|1mkw08?aV(G-vq2jLVdFYAO6(*d{4eh>_EZ@rSc|XM!E?m|v z3cJ7go7MO>&49d_gxj*94!VcE(dwTnpwOmLyLo2gD=-RY1Cp%g*u3p$?02!|OP>6= zJk+-9JX&dWDsFm%B;+bfL!S+q$Vs5;k_Fa~^n)o!9oV^K7=L$@Gg{5>82Q&AD*W1>SM8kWW1mlKu_ghh^j5Go9F+8@T zfcte24rTcOjt+(%yB?YE&YO{NJw~Xh8wA+gElcOq!{(=ud#};k3`PuC?(&aDq6G~q z56b+7jd4M)=@6;3>Hr%7@nBNJ@sMgIMysl|)#v~r7qSYPh@k>- z1|ttqkj@bGIKW88Oo>9(y2xT8IknAlqJkJ>iz8y6F4#j!80NXKq0d7-l0f27sRz0@ z{Z6m3@UfDUKR^@(<)$4+g0j>PtBKNMeoS+~cQ3{>hzba zAxuITlfQZTvv|BEp4ybJdzEEC@d_n9qF<@e zO5m!!HLpAWEAP(9H4$SJ$oqKgtXGslD<00g~GkL04L zLcw0YqFq8v1k<4iB8H0UAQ}A%m7#wnN>rCYWGtUy{;JfGJ3GcL{}UB^lS-niWqG&w z@YG1th!TE%OeK+-ifV&MVkcmxm#CNX75wvApny661wodQ)p#H(ZV>qs4HA0}mbo0r z{&@GRT0!q^UbUR^;aZ)Vm0H{Ozas*~DN2Ra@9BB-!1}&)_iD>V%V%50(hU{B?cO;S zFWk;~PAB?QFxhe#R4y7W#a3(GWKyL4TV>5$w{Q^Vn}Ex41Jet+oOxjJp^%Qn#SwdP z0X9ibBbhCsVumiF!&YPiyAJ@~0)0sLc4nQG$f_YJND>xC_ zm{bLgYn0~im9E=cJ)h&68!w)V+ju-Kf_+QUaQLr8L5LW3zNEk6Z zyrF228E#gJ(kkQ+lb*l}8n1?1k0hmS8sz}ucV6vlpHoaDe^-78TkQalGyHHnE*R4b zs&_gVIolq5l62KY9sW8fNC@u8ue9bEq$tQDEF$xMt!2=<#n!b95@acHP(;P2FSvk% z-3fM{>g|zk!R|s4Pr~J0CqKcd^nL6_ClTm_R4U`q#CMTZrBwu&`&tINPLt>SWzI_m z{g~>6>Rb_s40M#_pZT^aK@>*a@35=)HY;lh1Ce(gEOZx~6c}H>L#qAKGX#=(J0u)? zkfP_qX>t>_YZ|-hyp;a}jSpR*YaT9k-2y5cf)W}H2h4+vP+Yywse3J5MKsB4whX!X z_MaFk(}9i(8y(3>ROy-9;3j&_Sj|49G)U=<^#Ar!hQF?Ls zrhLcn=d*7o?OP;A4JxPV$KAo4QuC*Zj!4RrR(k-PDcGHMQ?qAE609EgcQT2cYQTOn6SH(lCjdpXXMm?Rnhr@sgcXkvit(R5}b4* zwc5@VTRJ>i&1}z~HP0Xnq z8biuyDMj`v`~agHA=cZ3E9-h7tSQ*8%2~NG)A1R+^%i}xM zMuO*!q0_nit*Ea0L{AApqWOzPqhb*Dr?DA91`HR;=Cu0t-Hr#Bg$=-*QCg!_V~G@N zFuipaMaU{r>4orXFp7xRo``)t|BmvN9Ldmu@%wuB%XtuGW<7$;1FV%(EfT?~5Ua^3 zqa6Mv+lb8s|GF7F!Wg`DI=R?)>qEt6i6H6=Y#)CmrDF(;oS}m=)aA;$^fBqBrikKp z8O8mUif*~yd;(ZJt+P2%=XSp~@eYY*^?iAT1-4&J{AjQ%MnUvP*X8qQPoWOz z^?oP{%V0N=)~GKTNJ~M%5BhD+7MzT^=m_u`!%%$%YGWyF!silxMpB71l@Rs3)q@yn zFJ5+6?4qXy>)m7rQ{Rt#{I@5gCQH>Rlq8K9+&)%Fo+P^uCYKIn->m8AVe?SZ*bh3E z<$xY9Rdcx@%lisV4@^D7#Lr;78_%sic#o`FU6B1cx>)jyzT!vh$cg*B3gjbhLV@!uopsx)vi+u+# zn5PT!3w$g2o|xYl>Uv~<)sx;}KG))gSHaSq2Lz+E-LrjcVVj?9+@37BO~p*&&W2k@ zn6G~drwJH9kY5h6{^JlyuP+`%cjg!xXCX#Wzw%jl+h1{D1c&w?n~2|^ND|;TJi;(& zDSDXDkw0QIa=i~JH)7;gz(v?wmC-#U4|gp%iFj@ow@ZZvQ^hU}MM z)`8to!5&(5qtp}v8ekCCWP2hauJv(jlzWLjngh(Xo zdbZs#;lC<>RJn{@!j@>u;i!Gym7MlA!F zbL5Zor*?X^a(c2Uu6^pAvCK`YtdMBp6GC<)gINB15Ft<(oexM9MNk)2h=HbB z6?{#81EU$d1H?`jktL(_!z;V6g_=g_H!k%w{u*H~erZZ$*PEtkD$eG&F> z2uw8J9M9fp`43-|CweY<;3=qTM1@*IGq^s9PxIRT72_<7>53DxEnw~JHlsnUhGIGjJIZ-iCo^Q9f~@^ntP(F9#xX$JhrUtAbQ-y%R5veD(T<7UBOd{eP|&cDC43K&zu|M;?FP`GZnH8 z%M3Q|*Hr9EJl=L&X@(IBjs@7Rt34B1W>D`IcOU}#+=gf`G)?9gposr)j()d~M-Qrt z*GgV6iJ*_yrUFP&u$cDh^j}Z&R_4^7hp~0cV(K-dOC5oaQx$%peFbPRF|E**pr2jW zGY7CtlpebMi&BfhS>R}kPV-_8JRD#w*zR@#aIGMx<<^xhb#x>= z@E(dGZJi8-c=t+R5`YKvYE`Ewc#MQCIDomOX1i=Fz_(E`N(wRw|uHBmP@^Q|t0(u~Hj4-%DX6lJW2% z`ElLeG|sp?bQlxp?_h1y>bUoQcQG=?r>hS1fW53W`~8({Rg4NhMqqz=DNBVXQJrD}R<9b?hqpbX?Zu_$qF0vk_ zq_3k1AZxQis{%Jhb&pVmFjKfU{jRIs^b_cazO~!)fr*r5f`?W!_#v8UQ*%Oku)Ht- zHiiH_Wb&bzYJ~tTia<8)y*?S!Qd_ip$JBsl%zNqD)FX&|==F;6ja&ueZ2)#QAFq&c zbkAI{&P<8h#xM|l$YW+=>bh2)=Tp2fb!nudA~;F(J|BXIEOi^uJ^rS#YlDHM8~2|+ zp`DTS)MavdrqCpA230|X;FI{$&-K!57zul@=3+3vA#P2}?i^O*AQ-A!By+@}_G@nA zLDrz##0^Z8w+k|{-_JrLa&jF5gh|RHr+8D;yL2L&$ zm@Mwv)jT7>9ib~2pmRWcR@7N<%E*MIOGoAr#lu7v~sgoxASM(r_Kh<7{y@1{I^X7DKe9WD ze_7%9O2|D^eXusEA=Q0C=lU6E88e|<6~zXuvP8W{tkTp ziScuqD?-PQX59Gkn=@JgKQpk452*8P2?MG*Xj+3@L7?jA41UYm~!=Mrtn!+FZcs0ZSK1(vGmr+7e~>!n6!Ka9*iG0ZO&UUV?}4{kE~Tw zLm3}__fH3x{$u<24gLqx+;SOwOXtw;eTxo39N69Yl5aQvP6%#yc_)<~l1-2%-JPjA zzkSu`QBD?c7-zF79N(-BwKK;ViDhAIk>E8vJebbvVwvQrORin+_RWr|=H8#eTatVO zuWq^R)0nD+3@yx^C8N@17?*FEE_YZTvGL>cs4}lIifQI1{`kxs=j4V-CXjao#nT&+ z|AXhi_0Of@bEdB!&WU%}CvH6*{z#o*ja-pFjv<{3y-p5YurG@O!~^s)vG+GoGOccj z;P2~GX)r7HY9IoJbL$>JjOMe{J#~jMA&eEr?bs?-`{U@{HyQQ|@b%=|&Pam1`}n7Gwor)qu)WCZW+ z@m~t)foV`U5eL%NLJ+-?s<PP3v+{+Gn-Oek>XshAEk={U{puUvqer=H z0r_N7vvBqh@8{e3KTNa=;3?^7mP7=iTx)fVx=As2~S~RJx!uXwv;9ZXIxa2Sf5c6o26ghiZ@f0>6#3&t4 zQy|33HdJD~Sd+_}`h6vx?*rm7oUWxFL0_!f!{mNWRT@Q{^355?dkl5ss10w3cPg`R zDpnv}+lhUdL>fXmo@uS0C^s;Sz)I(I3VHWUy<|HuPE3nS>b%rx@xgVMN@TAU6OWKK z_siJ<_$FSYxlYke*cR(3q@eEOMKRU+IGjyV`L=EKOP0i=pi7gBZtO%(2Pn-~YHRS9 zlXf8?h~UAKs*IAi4nf>k$+SuyjIqMT>lESW2ry<@iKf_JBJwEUIXEN_6Fca9Ug4IR zcHwVe^n_FFZ69s{@S~@%zW#{0YRP-V-&OFbq|oz9$#`a-CFbz0g#7P5BytmQx+C zbZ8}h?!{ckZP*7V!!YqGX%V0BG*_Bf1u>kREIk?Y20RfXi#2^((xSA9CSp&S`c`<| zVRj1*a%+qF%Gd9*k7Z*3n10U{4K1S>xEL;%_0^xbSqpp$c;d_P_5Irt$`?>=h9a03 z#Og6c)G7|{og7YItTncv8TppCI3mjO6BO4vUf&Q{yQ?{&gsFZwjC{>t-}JiP>3Q1$ zipc}>xhF6sdvI(t9Jy5@5=qqIE#v6#|5M$v`iwh>6SxUcPSjit3gXca!3RlywF{^E zGlt@!qGE(-2%OW{Om&v(OxJdRd_GH1SVcbfOV_-cbZw|co!IzW_Rq_W`l`W0&oNQ6 zYW|cWM+q-47PUEJ!h=G?v9lh+x@T;xnPX3@5-IgfDm>eZhl~`)v@{81;vj+B(N~R~J(u!mn>qKgUl2 zgXY8lyC+j$UiXV^iZdR)`rN7f)T7pS@8_s%(u=P9<&$(yWMd$|F6%EDDRq|`a>_WV5NPzAX5f1~f&R*y5h*9!L_~rCQStg1^NGvj#?F_Z?`a>39wr(nMO1#0 zC;!Te`9ywP6(LWD1V)L+Wb!0k5J}<=vQH+>K9p%xQy`qL9amEEW&3tTH0*qZIP}#B zfTNNWhPbswkNX*R^xvdpL{OBWfbr%?)t@f~BN+4cl6QuHbQ@Hs^cp@Bl~{pESJ5S8 zB;2-Gdf&>FIFsmifS46H@vJRISW6rnShZaadA z-VxiRMIo3yAjYqN&m3jSg%L#|zibf#!;p;!UG}+l{8{@xAmQ;}(3jqjrMu1BBNckP zY>%>*a+(`FaS8q@4$qiV-USO1Hm}p)wa3Wp8gVX{d=kHE0(ZCUi1M%TMnj|dCCDeR zlxiET)UEVKD#Fl&!$X+x5?C=!-)Cg+8qjv#QiRG@3=D7$v67g+?JzlY)*Zq}Q9MRD zR}ABf zl-`R;{hLySb}t_7t14jC8ba}AzY-!;BMa4dUffmx0|{+0?AG*Fs zA*kHLG#!@QY$dYP_t#n1sOUupqtIBc3aumc$QjT>R*}{|W~Fv%EsMv@EO`+0(bL0JqJI7(YJa+pwR{=2tG8nV&;@zd;_k232t|iLTq6ao80$ zD_k-MMe-TuhZw^B-upXd**2MQvdfKnNnA33z=%_qi&3va%#W92S-kz+QIwvKU5rg0 zWiZeDRd{ek_L|f!p4a z5AK~RMKl^P2pc@4Lq!~P>PG|WBdocUSLGL~D{=RX`JGSLV*R+*2`v8!o1ykSmE zm3Ckj`Cw>C6yhOKe615Z_LpFca|O`T^Gz^T5$eLF;?u~6fA}zU$Fdkwlz)Jk;rFDI z1AVWpbPkK-=li3bE<97h(Z^ha8ou0ti-rDMMm!Mt=N;A%#CN9WVXE_kY|kTuc|2fH zW=A}{;qR16Evv(#a3raqt>^%@OZ+RYux~!kM`l&VLkiEc?Lhs9k>c#K97*H}JYlGM z8u6I>pbx=v+c0J|UG&EItDsRNQK}r}?_*s&@={nQ$nk$I*QR4w8CfN19p^=xlK7E3u zi3BPd5~y}R7(Yay7T6LTzfKFw?Ux2M8_>2ZzTeX76P9aEC7#NlGx31Rn?(4}Bi5B+^@3>R_ex z71KAGtxLO&TLbFNCPI+6PoNuqS>&mXDD&zCU5q@T^Yxx0lW|RBzyFaHJ`5o?hNL$x zzSd8o{Y3y!YUVKru3?fPG27sh`$Uz5%k~n;2z@f%?xx!{w*^g{^BR~c@>}TVFp|MF z)5T&d)i~521{4Hvx!GbbW{^LBp|Cd6Q`gPJkMjiwiLfnJB z`6Lu(9mdtnAR>m8>ZuLrb##<4okvh=?sRJTme!k4IF6Fg_fK^atXLFRTz4B(G~)^1I5kXHJVHL zU-hn&_c1Q&(dJIas#jZTjX6E9(U#t@!e0elI8)C^jB^7=xA9E3IJ5wi@LCKn0VTWX!Q*7-uY19>+I>65DR@dhVR>1%auC;D+g)uqb&hTLN`ICnXx;1#eUwf190nCYp#(-V)4>Kg z&@JW+Jrlgp{B+A^G3?N8H3}Z1y&#`@lE`K&md_}X5H6t<1sRcF0c=R_#!71TA{FgB zJ)+ZX5927b2sjMcH3nqxT=Ht}@M6Stw!()p;T^ze69~8K#%?;ottZ2ZA|sL>a+F z!u&Uo@{Jf)JyU25?sh}o^KDkhDfES~k#2skZO7dTI?HS1d~ z)ygdkVsUm@5H!mr?+pm4nip&Kc+erOU{gGQ9&fUEvcJ};PwI@tQx!`%9+JgKuq-fmJ6??iZsu1A8+5G zLODiFMzSPgwA0|{t9wx*A}Sb(YescO>IxC&xe5MJ6pT)HgKf$=i0?ONa+U`7+os#P zDa#Y7X>d>9@oY(O1J1tjrD(4QQ$PyuQd&eZQvX(XO*xTanlxdS)n?Ss)D<^tH!l?EmcG%~m3%w^{i_TTc8V(Yv zMLEG}K9hiUf5uJT7rnJI#a*|)-iCPI%hgGCvmk^h*qazu1MA;TUNec5J?#yX+Mjyu z-ytUWhu%=K5O!OrbvWmsW@wiyjEFQYi8;(iA{L49B?G;GO(N_TC&{2WV7m=*nus4I z1D_pYAdbN0emQ}7q&fKM30?2u$dSmZUndZ=gn&gO9O3$n?M{T@5J`W_-%zo>bS{#{ z-77HReRn5zHI&So(VMT_WmDMW1rI8whawmHI)Y2NYeC^KLIW|tJ^m_Bp3dwYBP%f1 zppsAve?F_z(RDp6mgj%Pv%pT>YNH8ymk}3N7!HnGrX#Tc*pA4DF^|A|^37 zDz-BX=D{d_HgB1}3^>B9K*M+XsnER?9 zrzVtJ-AY2Fyub9!*rhk~-Fj3=>}(#!ykN#|1@-tq_6@F>AH_k^wdpHU)QZx>Om7_K zt9w##h>{E!X?YuCjkY?4r)oUu5HlY_bJg788@D#iIs!dCmS$WamvZrA<3Zlb>jAAz zVo?J*$ZGI_H`^byeR)-<-L;=JRAPTtC`7tT574rST}ujg!{&~;!6q(xUMOa=D; zrA*2^@ya@DbWEY+ZaA=sa_Apfor?WBGG;w=hLmh_N(LlpU0J@b~pQUn)A9dUtTReaGDb@ac^NHsz->fCXkwHuX`$TVDa1jFT1fmqzn-Z!pHIeHrf(aYl z?jL@nvT(NL#^fU0rO5Y5^}JiA=NS8^7m+ygsf6X{G~eD+n;1`)Zf$AL+a?$dxP=Aj zOtuTM*2TZ|uA>2Ty7!>DxCfpQOr(C?vpf^uhh~SE&W_WdB&-jrkE{pv39=tR>HX}> zT@~1htT6#i(15_SAkguB-Ie(E!9C<{u>WURW`4ul{HqD6ZnNu*y`2rEgLQQ=M<%|G z>j?H(t@bH%FC#rtEAylsP5k{_$T^~lUUYF?^p|Z1dVv_ew%L=6(0waZM9>b9 ztMU&&tq#C*pKK6Gl2#!wN^-4ZiGk(M_E#6!E{MSH;DdGelVNZ%7`SK_sLj;b3FZr} znlabXK<-LQS2xN6{-{R)kpw9dZw158OR=B~k|FhzuYhH!?<}wl*}r;&5(SqWg9)nn9+;`R7zxp8k zNTm;+owO=@x_E*Gg8NF!GS+sZt284oy?n=?RPrGPBUG}2IP_#glRnHy{XV3OD9fR{ z$v(ByE~hcfPs!Q|PHQc5-anz$&|+G5dj$2}PC)mCTJlj$0|lz?n7YwE0!eS7%jVa9 ze!OHh0$d8L@Ll5td~n7nKrl&_S02Up`0-C$)b*+7VRx&?D&H(%$caGROCt(^hLbYtXyL24i_;B^OF8Ez zZvi0qC_rj^?nB&6gjbVGo4e=&2SqeN6!^-PI;(|}B85GvQ@9?c!|Z3IL_t- zBebbD4g+62a!7pk?IVF8(&@}-ujqmN?1ISk9#>DvMU34=7Zut zf)`70DAV?Pi}6yibME&1BalJa${%ECNfaS3!iG5WfX^D{*f}M#Y}0FY=l<=pL*Xf| qi~NW8&Qg6}3i+L-SQ@iKOsY_6d9yFcW)z% zJomYGeta``ejKSfR&`F*-fOMBPo$QH5R$UeesVW}#!4mzsjP0sy=z)Yp(EHDV{OvUX4H6QM%Nvla z4%qBy1>2u=2O)hrethU$-J~psl|a<3-ndgZ%#sJRs8dm`OP#ecF4HT~eX2L=E57wZ^YVb*_|t{N#i$(#F^l}et9zfG?R1~rbo=bs z_V%>^J3B)q5E20JmO|9?4G1*NqQ(FM+2E330RRi#XmTJ>Jx?$ZAd&OmRGXh^=0!|u zRpEa5g}L!(u&?s5%|hgo3kbY_=b0o!eRf%vx>c6t%Rl@jrYn@^!^2RTsI|n@X8Zhm zy5hw+hw^6P5}~8u2K%6g;}cD*;|YkH2Fa?3kMYBd_KDymB@t=Vo_dw1}*nflkB_BU66e&N* z9T$X6YPFLrsStL4=OyZK_v`9YHF&-TJBR)n9@B}+-5MG%Wfo1iX8h&p;f|eFm;;qP zE`qw!_W*I5yZ-s(A|g{6Dv3qH_98kFHBI8Vc`8yt7*pQNw|&Dt@Z(}719uoL8?ZCK1tPOoZqRlLfO1HW$LmQ`gy4( z*5kcreoE#nBu4aI(LzMm;EWn{$+oN_yrH57t>oivm(=xNb-EKXBa3P};%f@_ zx?BSTg>dLNx-P~gVhQUH75sNCG9MB2KMwLEPNy;gWa5JxABLlOMgBy$y>{t48jlpS zyo|5tdHCti;rl?wtloi?nk{4$%d%b41GOEu-dR+CS#jQ#oE?3@mJ`09t<+6(VIwnS ze6x{Ffs3Tc*M3p6w*GZ8VERn(drsd~v|f}TA?r8-eN5B|Eha%voX&R!h9~33VgvypFM!zQNCLjS7%Pn#{QRE2N@hs(>4^64WO-Dpn_b>aTNddK= z#vl-a_*gWn;h+u0hlc`+4GLJ3J%T{f)LUp7sHN*1KqJi2O63skKs0MAPOHIuN&Us) zq?P11o@ysz4nY}Tz8tFD{eBs7iJF$k0w=H@c^x#sA}krw{2BB2!omEd$po_9`X9q!4%Sh&`u#HJc$z;T&@{~ax*mDlB2&5h+ofU4Fc zY49E23sfdtq58sU#md1Am-+4v{&&7GFb0=ZHXd$Y%=FuD2512F-#-dx}K z?uQ}6;&vuKVUE5NXD|{AkSJVRY5k$ZrF-ROIa=JMnR*L;L;Qn3%&7wLVr~^7FifNH zSpvql9C*`q`}fJ1AxRNUJXJd6sr7+3#B#+_Jh(ve_NFaJ-qMu6dsRvVrjP43ZrZTX z-E=VjI(fi;zW(y<*RR5$6S%N0>AI%yY8aUUJ{C>-?W&8jj&<90w~w+%gjV|ox(Ph> z=|_D{7j1!s1zEk$PL$!GX(J+hgr`(VqI*NJ)aa9B_A6@P z!TqE(D)HdTy0hNg@))BU=!#)Cniia_`Gm~%T^KoTS4HA(^P>(XXh2@08{J+_My~>I zdt1G?Fj&+T?R(`zzUIW#n~CzJR?-pNk3?>bJXbO1o5ML-kt7av=SfBEeD)}I$Y*!|C)gKyR0Z@niZBL1EhK5^xIx@dOz>;c;E9Ot2UM)0G?REX=X>-q@f$Xgo8^ns2!)Xi z+$gB>E0x!wknt?YN$i^h{Eeq=(X%nb*3i`}0x1pv^4bTB!$^CEUw_Bb4*U8WZVKxz z52eyXDus<)><34L2xHxbXn)L#^FzfudWWoQ)~~^djCRQI2A7c5(9ke7HM&%qwwujU zX6sL88LfP*f!t&-Ile{CNip5v#SBk=kolCse*m)iZjAMnj`V{t&EIx@BbKP}o(P@%e5jZc+>?-+ zI_FFUA&nRLC1N+*s-3&b5WE6*F~y$kxE9#{Le69f+|B0M=EoqH$z3qv&(!dw|Iy~k z9Oi0Z$H7>|7Ea(IO;B|Sv&A?esJ+!0)DNC_ZJCzDQvI3y(>fCNI!S31c_V=?Vr!ym z7*0s8k6DqA{|#S!PuZPGXfOO@$=mX|K5muPa1mbAd)#u-6H+|73BorUzNF43p?h?V z$f>3slrxXxqR4=^;yEOBi#T_%D%%~8#^ZBXrBx0UrFISL=C*Z2_p8-1``|qagNQ-o5lwvt zO~flEd!A{Nk}7JNsMkgpGL=*cEOk65w)U3F&eg?n#M(_Mib1sjwg+BqvsGGM@RvoC zG{7Nee;2Y(P`Rl=TEPofwyXZuk*AoaM?c<2uelu8#eLF5BKemK)wJU5o_ef6F}0i= znc@1)xeLwyuR{aY_c7X)>lsU@X0pF<9M6gtZZ`z=tw7;Qj(wKPuaXmwzX{s}fDcks zPfthab1N&c6pSybpgRL+!{>h{b9XgHyLzqJiv5sUW;-Hp2%?a7sXpJW(P1wb@3p2$ zcuOUjYM>Q+TWrkCZ5(*dmRvaApXze>y0w9YvxEOC5%AK#=JF%aM_hZA8a1FRD0~?- z@4y(B@}d_?@d_MgbU06^OlL4tnvW+NN05wjJfSI|)0}RX&8??DV5~q-@zO+;M!h!s z@bc)!*E})l%$qb~J$JO9I-gd@mF6uOJZ8OlU(dBZOnb=CwVrpVc+TdlO<1G-E2Z7zDn+NyE$TdKQE8K;Ee!-t4YPLdeaPC zO_;>f$#|O`nXk<_a=z6@LI`Z($@^4Hn%yqtjd&hx+x2ERQ3BR07tyB!9g^Xao{Xj+ z-gG{wo^;Jfi<9rdAF)(ceUT_kp17wE3|9T7sKDFVUk25tHPP>`KiyKgOFjp17Rh zTP{51=26W$yA`kcol?z0e%qWe5GZ1(@$CeRH{|8R{tF$&se}~r zmdn1dgBsTjUE$3P^D!ke4c{d=7J=~n_KWByHu`uvMI=sO3QNIH>xokr%hfxIbyGDUuv!#WyiJ}P!)coq_$B>bJi*x0VokjoL_ zeeaDDt|39SmMx`%SBK0gE9_fXl@;aDE>3~UN4#-aV7XblkQS&W9Y%w|qM`eF1&ys@ z8|^};FpVtop~`w3X(#xNi`t+4Il2E@UR}Mcc|+1`wyAL|W#n@i_f~$Mk%*s-^{V0T zAKrPGS1r=Li>4Y^;?!b@Pipj(7e7i!c;Mu8WxJGln$$i^R;}o| zqWGhv(Jbtn(+AP)X<*e18!(UU&m}<&WQCMGx^im#x!UOA{I*Hk#^XDMr$#%2Io96> zepnEm*vIW8@y0oRoU7OgBmB9{`Ek6(x;q+0@-6;IdTwrH8*1AmWSfBW$0c4}f3yxoPj^Rap?qRl9khXM+RLG1Rgc8Wte}sa6X~zpFqT z;;_+XQ<~LxORrZsKk!E*cfVY!B_1EVrY8rMJ_TGsU(gp_bGKb%;0OnP{^k%>>3Co~ zKf^G#T8YUmaT7EDB<3~!y$wBMq*AUn==e*j)~qYo-0jaZ|DHCLiv?e0ORxX#XeFj% z%Zi(%a&D7n{^E)%1-{a?iKWMp|Cyj^ZbWdhy~e;TFAO=~3Jo%iD1OxDu~iWY(Um!h zAY7-XS8!eaT2#1DMXEqnmRery>OC%y>d zcM>^wC+2nUro42Y-3o3o2c6HqN#mQ3H>Riv;eHp#R(^{L>?yG7o;TTcF$x{;_}uqT zTLWT1nO=RI;O!jmANO?%;JV&SsauEot#3*c`TNGWZuf&W(_|I>89c7LjiUr1l_VcR z`#08SZ%*A5xWe(?_qU95ht5rY_M{JrfkqMGc)yr-3P#+~OuP#~$|*IC|I9`;-qAwv zI>#u|F!c$`XJLU-?0ShZ=`YE_D`%U_p|JcWVoatMt*ZlH|JD|&&?qxf{;#oMpZR#+ z023h$h(``b(pv{8jP_aGcb3`qAf<+UE`2g%CjFQBi>t$s+|!t^L$2&OjfjfI3wY)>_!_E zgFB8=t{69vmHp*&9R+)=g)K-A9NF(MN=-(PcMNK&ES=ze5;5Hu{)E-9nfWpeI$Wdg^R9E zgk^Jnn>W)5Q^~<)8+{TC^g51ry?*fF!CN2DH-P{oOK%=L!Mi!nY*Z&c0|Rpt^F_ph zb+Ek|oJdgwf{Gt_37aFt^e&gL+U6iLOr;zx*i?w%mWk zpOCyiX$__9m`Zt`S79izFPF3#SKGuB(`Iq0imL`(Obz0SL`-xXy1~#Oz59X*ZM%PN6nMCnnwKly<1Jk_!Y0qx{*S76{X9@rNv-_&rT#Z2$Bmlq*A*Gk3 zR?p@(kIMsu)}{dheVPXo{$Cs1d_^exC8)yh3P&qj{DaAg$bocP^e4ST;arad65LC;QQx^{*@a#>kghHW}emBl)Sz=^t znXV`WnmOgO!Y->Z85z_o#i)r$>^DvWyRkHt2Y;{T&35O+<8)p`3GL*!8@klb8ANu6 z0H+%ujA1BPVRF8h0V{Wiz}AQJ5fRt*&*i*ddMrsPD6FrbGas`c1mggm(^xjF&6n9sWW1p=_7}yyW|S$yq(g4N zTpiNCtCdsvQ)ApMaZ2Wg%l%1I zQBl$6e&*x|H7@IcxTDi*nU|HAU%nu36F?)t6-%Qwz|)39PB~d!{!FX3yR>5i2MteAMgSmYw!g%9PnYw1&-=SqZ&`6cn)5IW9K>uCA^Ihli)i#2AQG zt&Ci3@acm;A#Qj-Ofd@x2^IG;a(@^yjA;FF?Cu$8&a@0B!jBE)MM0%YRbq~2Xgy}` zWx4FP5JjaDMz&VOSN!Qu!ybzlL+%-%Eph)on&tzxnZV4EJOdgUO5G{EB~W|$6){N8 z9eBSR1K5+q*y`7mSu=a(>rzth@hY*kIE#|2e}TIlndO(0%jlGTvKpOnz2n;(iQUok z(7&3}ZGR*IKr#RNlVAa1Ve5rzTWG(vmsh_&EftGRWWPKEzbz0?)g*i;liTxS92~f7lVQTsE;P+s%4jrI=RH?V{ zme)GGwpw53IOJZ9mI_s57&_`H&m-=QHq>zOq5FmN<@@l2{k}4@NJeE_C6e-Cv}L-6 zBj;*7571R)D?!qR8EE@`GIN4(A^nv|rGt2aAQ2Uvw2BY~lUt{2?cqZBA~~g!euskyWk6wz_&CRWOmf591Ur*0!B3Cxz3ga2#G82i87}S0Imd1-0IrfaR z_rLE!=(kvac`mGGwQTx%e3&XxP+xl$Q zi@m`RZ-jZfbo@Z?8~Lh-tU465c|4 zO*Kk!ta9!R@yWmL@qJb5^cGoIXK{~A3HQS*w|ya)TKf-&ODout@E_(Yn2om-d)8ec z9l4cF$;PLN4E1d-C^RF`XW<%rKRNgIXbuj6D2q0?6M_f?Gb({re}4#Bn}^8j)CwhE z9T8{Ff2d1w5+^I{FNuB%_x578?$Yh(KE4DBa)b4*~Zv=O=%AF@l0j6cEKp+rmz=r)((FFhic*dkw{(Baf!UV<{LGC#U z9@vt-giSD6qM-)fB7$ctLZ2s61&c9u?}lslk-DNP(R^(KVBFC`#&a;3O8y-Wzc8}s z8Rw~>AQP<}H6!r88S0Ay80z`{H6%&$s?p{HmEH@i`gAAeU*NNW1;a+0Fl2LiNjb~5 zo^T5uBy*2sWsqgvvzMAQ2eB0F7rr3iWxkuK*AP)S__{Qk_g(os+HppeOcnHk`(7uj z*5~e{_Do^HdEvZD^s!+Oi}Pis#&7nWKo2}S8V3n?|LRyq^516Ljke;cmWAyQNF2GT z21B?w_J*BwT!5=^6hiN_(}+`J)&2wH?b`}FfqSD*PIGm&w_5tfEW{DYbX^Q6R@fNw zSP-W~P10`?pLm2oM0&x77!G8$e}t00N!S3R_QOcY-~3z|arr}5T_&aIthA&ss-bXV z=bixL1MKsrMantD`0P3?MK;`3x}<{Rt;`CgH7IKbf#zF zHsj)8uSM)i#*0FNGKHf`p+5*aE56XSZw#e~s6*{o`4nKw&;^7lnL4?2?$<&%WPg9I z4{Z~`{}oB9)L9Q%gm+aYV*u|oz?XI7WbIE^j>c$bAt~w(zPf=K8*!Z27#&%LCsKpT zl~P#=D=Sr6eoYia)Eawa#MFtRN%N1`G-DQ~JO3+#y$>B}HF$MtOfg9T8L4yIl%v~# ztTTuw>??G6mRQ{u1X4=nVkKge>*6u$J(M2<1qSWPv_76D`>%B=h%zYD0Th=+$tAY9aqQZjwKAvNwS9M9|4VJ3lS>J?ij#^e7Frm>Rg8v zYQv$@6Cj|NdZ9s$+~ z7jSF~l*3D@)+oK>%Yi#?U5lA9F_SB`S1E^QOohhR8XDb0Ljc+# zHaVlv2CC8>@gS;B-6E)Mkv-6=YLH)%;;hHSY7NoA8XZUe`c>iMRjf}s&$QLbZORtp zICXlYRAH^Oq+c~Hi$>m^XNPAR)~}GnCkL2EJWRv#pkTM3Bl74kL3$|FVx2zPxm467QTSs<>trAQC3uv3;%Fo+Sac2 zGqenE5E}XNErlP|NX!xY6pYBl+32;qZoM{K*YdH-0AT<-mnhcA>dCO(7i%&fm9sIe z%`zL!R{uD%NYPUEOupmvt{-2K0FYKzNvk${>k+Zw=3KJ?Vnpu`Ngn=z=xoKBG|}5j zad&trA#pLy-$_G=Px7+=l*+hNsX{wkKWHgOAJdU)xz8LnX?6A2WQNm9!MiY^>`iW+ z>1FFjR_2^zz6LUw3Hw2MYWsE@i6ESaACRhQ_Q(gb?VxKIk%)urzqI5Iejh%P&oxxo zSqk(9jcPq$p)CfAWjzakfpIUN0mr2993Vg~^ts&hZ*(~^ADj}sf7$HA1T>&D5nJ+e zYR9Dg#@@fE?kej4DCsR>_gXdra?((|<*0|{hhE|r=#{h!f zQ|3+@`uN|gOA#%?!aqu1h2`$E%)q)&gAc%9FKS;j*yJ|uKGQRxf)$KB-w>RTknkD4 z#?j~LK)wF=s*E;`j}KKd`&;Ct489SHrD>2&Mn(n^!HA2QaL2pZ2l8HnqlQ1JWbnThiV;7HOJip%n!ec{5^W=&Q`W@KGFd4MEbq#^ zX^0b5MriZ`JF4{q5ao}@U=P!4ZkVpBDKTJSZU=2sL#;2IaD>OtRxo2}p!OxEoyK6F z!96Lns7Xq(PP z3l;0EIXPqaF98&r+4X|h^X8KtgymqR@d1g!d5$ldg2^hHRCf8AvrR|lO5`(_^Y zxDKBvrP{*C6a+Ea3ag4!E!)XO8ES$AGxzHs#;*2n%3D^Tu<$a40K%5#iUIccnrD1d zogaN810o`pe$rV6E1$bkab-%D(XUFhaEG&@&_v%buAKx=a#ea02Drb_QHVME>gh!$ zpiqQT$gxxJukVbmV;H4y+>kQsbjF^yWM}-FvB7pi2sT|0Zm5V$M)Yyzjp3c|N;!lx zjO;tg5>%5+25z5y#H)%%mS@JO+i!kPBT5&b0n9s|eRc+ls;Wp=_<@l3Ukpk3+!hAW zzzP{64j;*nv(lrK^V7N@D>IK+v$Kl5fE9Uk6RK8E9w&AD7epiJoV(M99f$$TEY6<6mQv5ua8Qb=i6;vg+m*CG(33ivE5hv)$N{xW7OWG4gw?^ zFkZWkdvMjD;TN%nOw++WPF2&2#i6;C#hfeE#FA&1F?_9Ua7Kq(bNDqDIUy;Q>if6Pz|-JmI!O#sGoQef4i)BegDbxePfO3(tK#_s;xRL`Zj}y1o%M4`ze^%^ z?P;Yo5gQHt=5W20XNy@?(|5>~AA#v&CO{dAsKW}J6)fnfZTXa%hN#`=>}nqRkv1f! zsKoDMFyqT&#MuAi5&AApbtPGgW>VEsZ(&i>;R6c`zij%+=?sVbABOD(;~_ZRt|Xq% z2~+9VUtei?0e$SA%rAvbRplB$&{NI69N+kddSTTz&N1%5v@K$I>4K7gPZ6jf8A4k_ z_tQrT2=sGY0X=>4q_V3hR7@7(d&Nk%Muu&(&@XlvFXg(^`6}7H>Qi~}u5)u_yUQBg zE$V%h#iTi0>W{@s@+*A|6Nl#i}KC&J~v!5<^>Z}YGN+Ui-3nHUc= zcL8u!ZOfw{UCiSR>M0R3d5kH0=V_P2X8_BkZGlMYX_oOP)c^W*)i_V3e0av|w3GAR zuWAtON3ya*n`leIl^spG@+TTYHh3cbcHTYn^Cum_2JuOl^$rYJ55aA3mr_^{9kAq9 zuaz}jnOrQWAKg^gr{wTg?q$27PL_lJ&$8=BHQ5jbQF>0IDCg+-bBK9|``?CX`cn1^{cA5aF5A z+-!6uibG{M^SQ5b3C|=NKP3xY1;*0ws%&igOmAUVW+k<}X3QFWdwxVeiaIAfa~ddZ zo>xDkF$1FeJy!5oFK$*DZu538ImpUhDo;u%co65c8-#vR=%aD8DI2hQ#0%xFV|IT2 zJuA^0^u2LAj5ky=GvUR5CymiB<5b>!F}~BM_jq496EG~;1SB^cE`Gn17C1wHHzeED zIzHvgRg%Boq{Ge2`D{8BmWD3sT9|)9N3)#zrwreKKK+c#KqJOMU+ULxn-uC@#7f8u ztv?vV>HWCHKbTvl&r&tHOT^ngYc}&{G4mI`n?+0hxA%T`MoTwqflE_wBuOvJ6~M^P^}lt zW!>(KVU*;l36kJ5l@buXGwQIYH)AMbk4%|_Am*0Gr{=7wT)GuV-*rTfJ<}6J9#M^Mhd;nZQrH=me8C8r^W0C!`j!2r96Dy6jE z_WjD6%3~Jz?>heuOr7NR7^_18Q7aJVo1~KzH<aFbcT}C2XD6*H6 zIFj+Y#RTXB@fZOC6*^i>GiS#;&a#xI3P;S|8kzfjUsG@t1iTgg zNAUnsV&(VI2aB)9u4M@lsqS5MMTWjRo2&8Q5nPS`ZoU!`PZ&;wrJ%KfM|rR8H`@6D zefxdotm^O5+}EM?&0$+wC;j+PL!w-_@UdbX3hWdk%2+ol8onz0-Mtsb7TRQ+HMHUpQ zQtQ>Ud*E7#z#DL!$ps{^m7Fl2NH|)u2}u zqTYO45~nIH5>#%C-NRu#R~7~wSXylG$?2hODQ)PVSybdW_iVWP(#wpOuAT>LW(Gnr zOxrOx)iwG!$B%oRj59zI?pC|EY9`WM(ZBVMdzi$0ltlxkDzEp_PX%U6;AmcGD98eW zf*HaSSHyT23RHSG3fpZ&L%!I+xQt7cON6&0Q7j8ow{F$m%ld__E{v1v=kt*3GI9wz zhVczB#`DJu&sjIH%*4_~3(gAtvT-WW3pr-X0A1oKu>h+E{TSGvF%%1N@iN;GTH)Z< zAHiqQ(NXdX+1cG$nL^9k!}vmm6lOc-SWaLeOo*!|HX=v}ZO?{wLEE4!SB*g(st9&K zsY-eSQ+FdX6eP?1^KI5*X_w5a^CS6@rqnI7>WgXJSgdxw{V0W$B+v3V6t_>bQ5xi% z5v2_&`@x%NvrRL1+f6&>ume;{){<#sJ85^XpLR^Uzqt5=(;}J0E&xv39BSE`V`HP% zy0Rb}<5Us|L=Wo0&~iPyHK#gKSzUd!CzGVz+UVm<&PDCqIj0o_%0W%6!Oy8^Qb)m# zL?b5s<=f1Dznv@^@_r&N#qP(xY(~qXf@Ym2hU?W|jJSg&{VGU{Zyy7;l8n3uB6%x;Fop z;b7wuwSYJzyO`#JA6Tsl}x)0?4&E_UVI*)&r2h<%Z zXA#Aob#~=JbTh2G2D(wd5I#H2<$Q*}%p#p}KB5&HOA3k7e5e@&*-NRDJ8`SlJhOx& x2=O!53-CyvB7uhv_bknT|+JUCHkA}O2TB~ z_A~%+3!tm11`NsD#D_IkcWE-Uoz-`uqw6Tun*PmaTl?%jVT9(va;tFjD)Rmb8(0Yy{Kjq_tyFB%HyhV-<`kwHsP9v z`mOMM)ji}RkIj~V=bKDt3tQ{G_Uy4Pn+NV)C(7us41zqApEf)0t4CIHwD+GO+F54- zfG4jWUH||-0G`v7-Vy>`ps3;=NV@xM7C@9A?m z3Y5#2RcVaLtL>8+m!ZBkbl+5&Or%|{S8BkIyK=?Q1|;W`LwbrGmo10il(TW{F)|%W zb3=yAXo8rW|v57*d`E(=d1 z5zBY%_B$25e1r!_87s#oVH|n{|oEOL^TYza`V;=!wA0Mqrb}ya!QA_5A1FU+a6;n?1fm! zF;Ns5_|%PrFcjX|)M>rvc^?4ybY!lEJRBpiaYl}E<6Ha_qa?wB!;~I+Vsm@-6&Ko? zLm+~JtD|Ow9RG1Me8Xa+Z|l$3ikR*{L5A6BD19s{7ub62hv@{?Z=#s>Qu?chLAyIP zk=}ck6Sw1}y~Y~{>PAm`Zr1F~5^PilB9y8=mZ* z#&hBu!eH(?Jx}$)xt!P&y(CrZ${||>%AG3A=5gwmE9MCqDWk0~5^I&6RBwQsQ? z%1XlxQ|Joeek*n*Gr~R-HQU0!x?8)ZFhximzR5*&+x+-Xa~VSd`0hw~FOX-k*Q38uwX!}U?2#O851>}hzoy+S7n0fLs~^J? zdCg4{6ssy)ZOe6g3dc#ZG9ul&4jrv(qa`5Q@%zf#pJ+!@oXim^JSZS2w(L)iVt5CM zsy5<0)$%eGfiA4_EAHglU1uCBzGto)`HphkamL=Zm?{BjkR>Ntx3`+&Ao!{WsuGsw z)d{6tO*Y`+Zo44EdD3P>s(6B7?UYd$flv(Bm$95eO z!!S=-$2(_Ajb!R6E_SGob5s&)&_SJeUlg@yf$zS(9Bi;pA)oF#B2jP)u&8yBzAFSMR93aqD!1^o{H5wam3M*Dw-VAz<$xm@%5u&lY(udr&U|G(ppbXI zo~i->JY*wyckT36xVk%8N0xHjL2M88#R9H(OT~TjDTwwq#6e1{dT;wR=!+e`e#k89AQ`IHXhW^N(se{K+C_ zTC8c@U3yVu`w6bOu2?2;WAbg7mz+vveI3Zqp=n~S#U^k({x{zS+y=k*)7++en#Z?$ zA@roTJ4#E9#i4q=tM$n)eFwTcCuFhP4MPV$V&@(8(k4_9+2^tGCR0S+ru9>-alp(X z#FDFE%-B0`iYf+ocvR8L@~w7tY&o2oYaz?=p3Zn;cb^{HecD%^19GlWHK|wXwygZ^ zQ~YEQv2+Z+v-ZjTgm~Tl<7@?`Ft*fkNUq>vRFb$GCWcWu+!InA1^~R_iRtZYhMoRl zV^{~KQ?|f2s)D0)L(JSj_B(8mhh~nMGToSE#0DbsIMQ&{b(aevRHfX!hGFWl;z@_^ zmFPw?a}9a$PD;J}aqye_#EEcrCT1v9Jk z-|9h``d-~2d?|fmt)2{#M88AWjv*QsT9o2$K$M@}e!8DEDZ7ihbi(SUFI3zAzN-$^ z1>~54hkli%cGt!zyq54f<{bbjz%1m@g=*}4fLqC5lCo3E!1I?uad+KjpVU8^sIn}S zz)BNOr(KAryev~y_}Y~I^7!{J-QnxI(XH#*L+(}~@8IJpNPEo7?J2%4wH9*b2E*&(y+L(3##lY{ zqsf8M%P}sib>AIE)1H%70%L`Q?|ManiXDc2TIcvh83FG?Dj)GA96V zVwu(twAJX8)yarFmTryyNHmn$J^BYXu`zFGS*l-=OI&a6J1RZxxsT!S5UQ^lZOcLp z{gNSe+cSt~OR9i#;_^B*M(7|}&%zS0GL|NfI^QbNKL z#qb0n$L{W8J(eU9p}ljZ)Rze=+}I3LN8t4)D>!g-D1h~Z3DJqL8MqN;N`1H+VRw|j zzrdeFOU3zL;$U@jwFmnx$+4NMi+sWpLn{P$*TJ>LZ8hc77l@LH-@g`niq_xdC`U%T z9uAG>c(ikn%TNU5yxDq;9-2vW$=oTk-5KF$lqS}+sRhutoV?RQ29sXMe1r0x0~Gl% z;D)gH8l;lwg=31V5TtUd)M^)|Y1dLQ5Y?5MUHZ6E(WjLsgu?OmU|c#p%esO~9zcfLx{z)Ck$PqNO<^8L(Rtx`22 z?vU(9OxlWng7?sG$|=v1&^p4jJm^^Z%61abvrv5MRZuVL1#xGdPd`{Fmel!>o>YzT z8t@3(M&Wk8AQfw)J{s+!63ESNv7}InkaD2&(;*hXt2wqZNepJPW)po3q()Mlky0xb zJDhmgquEjY))gIz_*8vGA}9?0-wru02uJ8NuA-R}PM78`${d zUW@0HdaXWwzm^%FY*pR(REBC17cjHxY>$oL1h9Pq3~c4hX$G`ywSA}*s$JSS_s z<$>-ROA@x+GRjWBz^1hD*zuq{;Vn3+zw;l!tLqcVu`oh_%wb;B3HCx^n*nw%%3*NU zpd4;}5QKTFXIcu13=NswddoM6fk2+6=HL=kXX$4qj(gl|J0fGheEo7yuvU=W!5IjV zU29=SaKy}skKS9^Z!){%_N!d(4fTp#?Ff6lLm5)e21AH_eU9d}Emr%FQcuq16-a`b z2G!Q-dBBr==HQha zVPzdP8x(dHFsCEZ>z7v`=LW)exGnU4-O+8Y5R1^HZZ}En7L&Yef(bInZkTxQyGJj- zjkoB6jZa=2N9Z0RXTl=$3^F-+v#P~ULu~7>drXQ%*z2q0ZU(yB(qd8&Ze7K&$Bl$# z$MJQjW9M+_e!D{62dPIld3DF;T9DiEwjeB4SHF6BwK%=iwS+?e)#^4)SkR$rmeXg# ziLVrxG<=d$*X$_$Y(ukbEpl{ep?YkR6n?YXD0m=b2Da)P2Hp*&>j z3X|Tgz4r^qT(4VGZmw{Lk`7i5j;5hMKI#Ydif6d*wau;6=@}!{R6}oFE4wQwV;|6! z8vY=^d%lfp$7entgMN$IIhe}ZT4UVdb0Dr*wR~Qb3152=%}NXVXPF+0V^=TnVcOO? z;Q4;6$HeSpk} z{ytIPUjD00hSEAj(Orc8g5j2{bH>tdxwO%k= zHsm8s8Rtv0OvD}}8IDe@K`J>gCwcD$K`?!Cl)XzNMFLM<6+fXD$h6F_ULUB(iZ-Fs z3kuk$A1u_&vB@Aq3Hmv^Gxa-8OW;&q1$#bfE~g!3za=L$Ln7NvbI%Bwv|dR){b=Dc zTQPZVLDsSZ(N>tqSxbbpnP64_ydpuCEN5oZc;Zzl$DA1Z$Wk$M=<1g1(9@9jNc-b- z+JMCI{Ny*m9REKC7<-%2(Mwy8006T>{8U6WjpQ5( zNcJ?m+u-91E;CAMO8=h;(U5X9|Zjq^8 zV1FODDKnp`AfZkvsjmuFA2y}&ykypu=?H;5(h1xls&GAXzY7LmUY+k6hzUOfkk6?y z$iLN(?$%-vO=@pq1^`&u(qa23cs9~8Ds!?n6jU$kOpZ@Y3-4Ww%MQ5)c;)ySb@-Pm z7Ui=1Ut*H~ntB@f)>bdOZ7H}M)rTYAPQtzIKYDLU*^OSPbGuMSOgXQP&QH|8@)~ zHU+A59!PqLI;wo$H=WbHKBX!7mnc7IX21;BgJSpn#-xWVO6O(?kzHDH#tevpklnKw z5r|5q`uOkFJD{O_^W$aSxW9ZlPt(RyxhOrr2e|p;5!Xh9`7Xv0=q83kT46V>iqMfI znK5Me`0*qByM?-*0_6A|JaklOdh&a+*ucgfRy1>+-DrF%U>W9ZIg9A=*ENeFNhCEj zWO@+Q`jW{s1`lOKtxH3C?qKw3fxW}Nz#-Y?s|7~Xwm4@EO`k3zvsxf7y$;2+R=rsH z#cMPMN0LR%Ffq2xPG-T~baDnQbvc#Bwe5fJ36O1Wt$3tWYPWeMW9B4W zoe8;;*FF|wyR%jHvqM-$2fM!#9%Pz*7VuM3uF*n&R>G885*sR{G5y$YWs0D7D|zCh zQ(evtu|bEvc-Jr-SF5z?b$rnlPG&bJGI9iC^=Fz(MyW#B6cttNP@h{$JlVFa+M_7g z9KML@D3Uw+Y`diMF}Vev&#L?nj>K+R^>ShM8BRAKC~k7S6?NAu(q6cleKp{;iw%A< zc^0#?c`d-??_}D|!6G98p~BY1{MEs0+hZMW zIUOcrvjlGf%sP=+mQEa=>>t^a;q26Bz*Gcx!NO`yP85W{#MSYZTIePc-K8nEk?s8! zo$VTM2NL4@!|=)pN^q%ka1O;E6sbm2Rem}lXvXQ%0V8&j9y%aO%7S(&6AJIuJye2* zZD_3C&7egHN3akEbH?7IDH6weiFI|OJoE85`!S=%lPU=~%)SU>ZNqgv&_)J{v`TK;x-=hb5 z{&}mzuKN<4CC-)5A$YyRjSWas7&@=9CvXNPNmzCG2PQ)D7%TO`QI#wKx``bo>>kNo zJWAiyV#V_8uNO={x6EHh^mq!n{d#c6{Bf3cqUjJ)D{N|B4i_6zRz*{geD826Xxq33 zgE33M^mX>0z&PcsdU&dFxi&egqHm>*kG3oA<(DxrUqSm5Ag?@M#_}cQsipMd+C>h zSy9~WS~xkXeK<>ap}w@|MkuFTiHRr~cgT`hHJJ^HoIYmi>?k$VfVy+Nc66bho=^_a zkUDh4vJ||gW)Ni;5YTkGtx7e=+K1P^W#$QEwY><4HQk{KxB1MgbZ!qT!C|nzOJ*t3 zzCRz^g)GE|?P4rxYoUZp-0$pC;c^;AeTqyJ&75Jx?L~7+sHKWOj0O&Hg@vA2bVeF* zU0_9z6l?5eqa(DFl=rf7a&sM9-Mqag9g~zR{?6gNAfUIlBo3w=zUR6+Qq1`%#COh1 z8_ErfJlcbmmX`X^dnpvf2#t>jIZpp`iPJLOB^=PJ>Fiuyhg^qGJtka$Ro5Zmz5Q%} zj(N670Hs(XZb{y#ez90GJApF0DF5Q49(ZH)^u8`A6yY`lPgLqO1GO=J48mz|PA%@U zz&+Ejpp{^JIt%u*a(G~yQ(KQwc2RtW+|CwMd23IA;}o0oXihcR-eG>@#`mywch4~* z5$yJ9YFoNa*%dduOKfhcFVmh(!se1glu|xI>D~6TF(WlT$Bl}8SlxT zHt|EYBi*WHNom@4Ci!-A%^m&)$R&4TahA2O@2nJKd7>bU+@B;We$f zlmpCJt!H%boE%OJ7JI!6koPctZfO5COT^=Q_wLO!IO=RrXl~*))2!>*3&p%TbB+@A z^Xhf!!)W(>IU!s8^wh{weONdIrT5m7?o2h@?CV4YUNl8oeepis^U9Kvr}yGe>R)U7 z6CUpD4J(iRme6j2=`Hrqmsd8Ls(nz3ocNvRxNALb-;#M5TLu65sPwHqxdm~Psd}ec zzmi2X6AULW8t5z(*59vZ7d-78wv?e&%JHxp?v?vi5ms{_^rm<=qK$w$!t@A%lgxZl=@vx7;}y<#$MM+nJ8u0n7o zzqyQoGck8J%p7!vE?#bJmu}5K?ooQVepy85Re{E~&&z%>V`qMbfSMnslfCm_pQFDI zi5UFn^BB}u&VJPh0oUckwVNtU){hTAi`mEzUDR=3p}h2ZTG(lbDyykk5ifR686LOr znr$%R!k@M_nqpFH!e**jun*PvgXefm6qgw5*QgF9_rfIc<` zZ(gkeOd9KKG0+5b)rAbetfKp0S{p&-qFUtWv{TT3d;0m4)}8ocU0uLVq`! z_0^*FC|}@ZT1Dl~B9)m|&G>&P0=?Eu4Gu$3oqP3S(Vhc9wtV-6mAXhP!WabyZvX4D z(SM!b{U2*b>V(F_EFC73v8#Vh{M(bkpp<6_d6ePK~o=> zJZn!heG}eezva`@vVD>sLqOJN%Iab1juSrBY?Gka^i;7R8aSzmKmO@z7}c!Svdv#j z)9{zXYksQ^&k4Gf-5na$*nXgwB4orTI+R~Albix9mT)ZB)-|i1o4sB8GzwwC8Fv{< z+c~Jq1qSn!e)I&P#s3_poU@DYZc*S#`~4vd&p^dmLG3_{vn{*FR-;51jV-}H*gCK8 zzxD|1T`%_@p;^j}mSxym$r=L`{!&sTm(plkrCSi6t?&NR%n3k~UjP z8C|Vi0eGdOms<*94_4vKk19?=QcF}fp(41G2b*gujbG0IUVRZd2JCD}1s$r|L%8V# zu|I6=R1x;Oq~3V+T-Efz3Nog*Fmrj2`r-PDYQ0kMAQN3fVUtxP)PlS@a{YZ*We^J0 zSU7K24ml*HQp|OzINAys(Ei-L3X_SC#piJFqwYV-7^-0H*0}o)#s^}`$KzkaMcewj zUnc%6{x!EFuAo2IOEjL{QTX4@Ri2JTk!I-fe*emP|Ld}9QCVd=Wcp;K6hkB1uNJSR z|9>gM?i|Qxm&J*R3Y)tr)~0#&HO_vA@;?Z$ibE=5M(2u2zhr25u4py>TE)g|4UoO8 ziJy_zNQc@3`8_?_xf$sK1!kI zVG-b}yB$O4N+l^%w&GiNwvs~R=vIBh-_Iygz{t}Xd?O7c3Z(W4jOUwz!L3LXDo8$+ z_DMV2TZcnutNY48inDd2r#`}KpwV-h6ppiXv2MI;EwK`?^uv$4)kCT@;b`2C+c|Fo zZAE(F)4AxBwCJ@-&TK*vPH`#NdUtDkT&IV`99R8@STX^T-)Vuf5ONlFuAJQ$q_!dQ zm5swby^1=eL1}pjR$l<+RyvDb^&+}9^0HaVM7fU`6%uxghSFW;tQh+ub3embn|EN# zA){670h_|sHGSDnnqLz6{I`x5F9?cXB%o_UIk~;-3EeFnjFK}qq?g+P01lJCy#OBP z1!FC9pAUMrCLoaPH<-OoWl-2n>UjX5AUakM<@tfmDsE>4opW@v?2#Rk;sP0s60Uvi z3{#hRAU;6VS(tjhe4YPm$QjM}OQul%-o77w^8HTS3Zs@rt6L?y;(p)aJ6dPY9BZ?Q zRK*i4vJwU^1$@m1I~RXku^4nZFQ|GYXI>30N)Py1W?u9#eXJ<(9dio_Yk1i6{cBzex$6|-440RH;OJKbC#mR~Eauv0KU+%^P=$+ay@Sf>-CiL-+paeS z85=U61$pl0+uAfGXzYaq)~_#F`HS?jm_iqw=qvRbdBC0gi|Ir|!spHwTd71mvN{;L5pTE_N-K54d zn*G64Mo9Gb+GM)kY$7eezQI6*5v$U;K{G5G|Y{Kq6x_ohp{W9N#aW zp$&baOUhfemF=juRsAp)iP4bW{W2~CN|8K_nb6Tr`{6ICm46kF%2!S8dsE5a%RSxy z!_Tu%w)gsXzTRY~?}6FQ#&=Z1mzdNf25KYn!BNga9U@Tb!kd>D4fcK>|T_T*)%2bg9$enLZo zdy_qt_?;UU?ksMW7HELxVyCYeuXZ$e#a|LSM95{vRXo1PRMqGoot8;%EQYOwUkc|< zbtc>uILk(pPAot619h;^nW}HX!-bt@M>Cm#`T6|P=3bPA_eYDUJs}~P+An6{l{2c} zST(Lxc(A}60DNdmPoJu z6a_ACa&(}jT0v#EKP%9r(LOd`x*atk)$*rt!Q{zo)phh!b2nv*@nRqb7Kb^_>{Oge zlG?Mxohp+quTCEpBc(W;k*FqBDUKj8YMk4t@pV6OeSjmJl}Cx~D)OticcWpfu%dF% zA7^9sI^V`c`>1O@m?M;O^Seoa{ z$Mk^5W@;{v$tJcsnRJmK)w{Em)Ju<=jraT{n^auaOmzHWfEFPm?Ou;0ze9it&MukO z86v{_qr%f)trpmFh2DYEliVY8%z6>W%H&~K`xF_9QBCKq?!jN^ftIu)q3pOX1?#WG;%O>F7 zt`gNuV@dUd@+a$;)S=E7KHs*wQ73R=LH+dM9jUwRw#!Nl9XFltr{{gDIB<@yvpha6 zzOowoBg z#|Qp~RX2;S@mN?MsdQqk2g47}l3O-|P@9b`Ji`b0a1LtZ{nX9%f#3^56I#nb`MM0< z=;y%Vj>F=?ho!5zUC>I4eS$3R8P=~=xp zm;it|EG=a=>H%#mD#ikB1aUV*Hs$>#;D6bR6&4}ONBg6&$;GC_6y?>MwDzrUI&!q3|Knz@u!uZ^ zF^$ZObeMF$ML)vHn)ISKIaQ%X!!Cc_m23k3L#tu~OaiqoneTln782*GN|SVVQ!a98 z-5d=-Nv4#U>oAY5^k#afYqhI9^!#>`sXBP&q{mOIH+}&9{zd{3x@{4#jO z`07p_u;{EId?us5HkLPWC@xF7KM`la&S z+k(8DcX0>~<^mV~3@gQ620WI$fXYRSah08!ysf;`bb4M;cYO?_dh~wJ){RL-pAD|? z>AM_OnhMEb1Sq@e9-iivt$0z|Rn>=DDOWMvV-S0cZqtUT($NvpUb~L|f>hw8ik9 z?MEjByQEN0M=w$fQXI#mh2Z-+=phT~@4g|t%<3cncq~DS(dE(tb|o6MM?vOY5@ub^ zb!}yO9`&amUNVE(TV#oc7CNw6So|8tF>m96AVubnsQbI)a#cqXId zpU>LW`kCqZam3f7Mj`z~@X;G*^(VM#O;nNwO-Cp)bo~lo* zgAY0_%NgQyrC9g6?Pwh4-TyW$u>XGHOz))(CFu3QO%AdKu9thnKhu_mgBqQ(>04@w zN}TomMFdkXL7&^2-A8q{c0)q89imPdEI*43*k*DK{z4)}tWyX-jQQ+yMfIVnOb>cy zvdHKvPwQkRNA)T;@MCiIyYsTt%5vX}(lP05Z$A32Hbpz;UXY+shMLFEh3?_}o2$QP z{d#s_61n1|vsx;O3L?%#x=Y8TF%x5V$?KC$pa0ozwP7A;pj&qh-iiI1Y(2K>82Yt; z=sfhQ_uwtUk7RCPoS|#GsuYx4!QT_dBS#39u=#vY{bNnt@V!O+3k_fy+?kGXz_ruS z86_%(aB`8Hmetj6t&n)xzZxZlx-=xFscJ@97)^0jn8W>U^$0B%o3(Q*5C+C>eFf?X zDiP>Jgv}Zl=?wvZ_;T0O-~we5tDRERKibAOtDfIOWUR5Ce4Jr2Bc4`q72vVx22dh9OWdR{#gXgW=sm|Lm;>1Y5dQ%~P-r6sThnkfbeFIsUb+_~2tkmED`yUzRMvEDw2Wpskk7z@1stpV(3hMT{vD)V6h__F>BM8h)#Q`!U?RF+&VJDdEB048hEJv%ya=~3r@ zqxm&WPA1wReG6R}Uixf~SC??f>?PJpI!jZ0nnfR~WF&Mn9-Qftck4=6;yb#cjbF3w z_O4-ZDseF1)?)UAK{Uel>Ok@%3g zHn^~)siE(y`F$yEWU6#ZLVNUK$_fePn$_r~lbt{i-$xyGAVRRbw3b1vx4jO_yxY@o zFDX{7v+0)3jQH=avzJzbw)^-Z3&Oo=-a#lUXx`2T&!w>DT=<-6%fY~uAQ`sjUu|mf z^hGj9M#4K`9>WKO zcf!edx>cNl<0~%*@|(!xF5QOp}Fxo>^NOFCsoQ;^z|yRAI6u z9pLfjya^V?)9pg=1-=B6R5D|qDnJ<=I^1@bYABy~{&l~{V38|<`X1L>mN%@nuK=lVw zy-x^}9SP%_XpZT5zMF*)ZuMC$Z?5>%XVLls^=P$GR{hcYo3ya{>_~;jQ+$piMX%f} zS!tMZqs*Wk#2I@;_!Vu=LOyYHhU_#TQ*b=1u~*2E(wyhA&!)Ky z0t;;KeqHFTG05&s6iH%?1D4Uc;PkG3o%nNmf=D>|Owy=|XEH6;GdwuofIi&rxpFx0 z^(gj^9!omxx1ytGa%f)GAG1c0KCk!uIvI|K#d^?I<6z|Z!}%v=oEQyfp@|{4sL^Ea zkyUxACI&W!r+yAJ$k#ii%Tv)m5XVcTH7dVa%!{n~`-p(=BmRHiQNMHGNo(Wnab z;;Bnt^3k|zonzjYEr?adJsLk6$e^JdDZ#y8S zomU7IunoTBXARxijv@gXNr#OImcHHtEV_sG#a_6plN^)^O zqv7d*QrFQOLS(wp3B@K(eH#C^@<0~nO%SjZWVA;(_aW}$2GSUY*IMz6Uh(Zw9H254 z(1#AV!vQ$Cdy;{c``K2#yUeB$J8`YSdyRHBmIkVZ`*!l0eEpZl<|-m7n712`VfCFs zCYHdmw2TSsENy~|;8CyK7Ix-{pL=uSJ??&>{D4_i>jcwTiOP#!Tpj4^T!XhNj&oxz zLVKmZ{&Uo>6ZMaTu;WY1QqypTPV{yAxcGQ@f3F4Qz%QoJdS zd>!!Wj==w}KJ-$jknajNxs#0&o-cQEN%NmXqd@5o_;<7n5%K zi}d+NGbCFl|2aH29&n?51+1FIcBk*6*(mxYG5vZ;SR4A*6q?0UITm*C=7q&nBewe1 zNS4>bF0KLp7s6rfc*tjkua;LYllHsOzguZUbd*-*_?IA#HAs7>NRq8~>%4d`>SXZU zTGxAE;}?24IFR&bo9^Z!3uKllIF#P}=(UjRd%3zkpEs?qu^8-%nXPwFKcn#<3@nSr zpTxr0S3}YT1#vf8{g>o38eUs|lI+o^d9RXuH+z-;3((TB{jRW&sxa+VSrk1CGRYpi zlK&^!H05+vj5u~3-NnBqjmO5tPq3)ad{hxM2vaI;-OD`(?^OMUa2Do&fCEk792^&u zI!b46C1-L}B*?wQf?RJ!Y_tfN^(D_+2uFNWiRZXZxRBje*ZsTP2{o^-N`MTn4PW-T z(xpPqnRR3KC*5skg@RuC*l*OwOJ4v8)ctGNW}Zd&J^rnrl%_R86qhV%p^Yd@;4|{q z(5+H*j{TZ;bh~UtOqKw&EFs6_V!qhDm}{}>L63ae_T_(J%tJyjLRA06jK*xLCxVxZ z`4?L8UTq30A~y+z0b0c#18?PV7eV%^zk1ZQGLj1c0G&}?88;VO-06sB?rF6WEnc=B zO`G1oZV-~qb`oEc_ZVZIwGLvjbB3xGS6&4s*lmtX-KkedR>LdjDS|Jjji%p({XE3! zfc?H~GBX$(eH7!YxI@;+hmC&TJ7v9`p=4Sqs`OW7zf;(>Fc2)9Q2hDmv?2UJlE(bc zUf_N;SB!v~F;SnzMoG0+J0zuM@2cs?&AjI-yQ_6t#d-T1!bu6it>3um=_R66(Z2Fp z?j_i2SiW-hj@jJe8zib@-~M?oOVHd>u~Aj7FfdzkZsn=ZadrSgifa>uJl_7sZD}^5 zQmTYzc|}VK79)fQ!uLIU%8a{h#gD_cNH-p8r*^r>&(3Ynj7ZS2jJ2LJ7aim&}&fxCsJiDZqP!#{)^ z6N$(76l?1CBE#yNvi5&p7<@=eVUqZTl`UFhjdR{D6WzleB|`9a`}=c7As`Z+ggOXz zD@(rrCb@HO31;veRP`dqx9oZUv778{1gVIxYOtyJ`P94A&)*c(`s)pxAz>v=X)BCoopfou zD!R!^XHTBJuqfva9g^(T`F=r=S|`64c^drPaw?1gxLmH}EhsuGn$1-;`~I?B162%c zWg}o>ogsR)0stUuXkGsM#NmT3$CIbe|6(Q1fAdV@Z|a%M(69+5Pt7RW$pBp~Bh5PX HXVL!+&ziqx literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png new file mode 100644 index 0000000000000000000000000000000000000000..64cfbd439f3d472bec33c8ed2b67db065434dfe1 GIT binary patch literal 2004 zcma)-`9Bkk1IOvf5sfF&oS8i4VHh25bLE&hCwnAWvnX>PQ8KwAw-|CxU%8it+(xq; zNjyZp4b#_l=ipYZz!>A4ftrx-u70oYgYM{LlzB)iLK7YA=FQYUtu)l424SRGmyHneD zGCX7q#LVyYvx8`NgzpTT{aWC2TVcYhHqwxZUHs8ndkd1bfxHbN#&3dIY9!3JBh~1*)@#u zX#K>xT^hX|yg#Q{G*A7Z_v1nF@fm)D(T&&XXO-8s!%29}{=Z)QdPMf@W2J8GJi3%CxD<%Z74Ch8qtB53vuePEIM1`r*bRK+PVPImB9Va?szc~of!uP?lR9R zIi%IKM!VhO6NxycA*VUHJ$&e{8x>?I8}*r;!Wr;cP0hcWaMULjxIY`DV8ktB8FfS) zfAX$imhjc|{{d@)=NJr8N6bHHk=5iDA7{Q=jQxDzKtEX6ayF?;&! zh6LI0N%qiIGP}4jTDd-nkOg+>zG!su?+mAf(5+^NbwW2nyE_FjJ9pId_a=9);>XLj zgw>pl?d zq8ZruWMBDqLXW9E=XTiP-hzj2yCy#sZa}$N6X7L_fDR zlJ7h6GjS0mvn73q*j=?gCA4evKt4Xr=;lY@qUQ=Xia1$`77lum>O2wZXX|c?gr(XD zbrwXKw|3TSUhr?+RE}Uu$>#aDYICjKss^{UC*H>7Jnpthlhhh0Zow)f>p0>Ss)QV@ zxd2a$=tx;h)h`}Rq8)J>K~oaV%}X3w6-B;(VbE^Rx)9>3^&JAKk<3?m{* zU5*I#fNI(3aSHqK<7*mjNs!{125z`85hrcuszLosku4U}ts3|HU`!^(%6XfI7mJkP z34xUqi8oJtJaR^2Xa~;g>UHIb)M`VFJS%9b5;t;PaKz5|xu#r{Z#f-T*)v$B6HLCHO8 z;+u+0!Rumz`h@ODZl2pVuE#+=%VJcPYvc{~ARrc}Kq@q+_TXuVL9; z+V3l~P*g^=PojYI)o1nW0{6rYq)+Lr>+%L^{k$(e6oaCt#NUndLDlbK zWFTkXD#*gPoD68(y)X71V8B$BF?qyMCB;fu9$wU!!-m8|he?4MQj}n=|CM;~_E^~~ z@-Ab;A8T&Z)j$RZbK*WRtT2%@qVK2u8BNSU&FOAPo7o_Ex>XaknFRB0MW95THn zF7*KyRBJ={-p2f-V69{X*2kk}rgnU_XVTSHCa)H%&G;e)Tj+&Zks2m@0(o@CJ*No& z+A7oR_r|Zp#B&tqe`VF{etP4XP)!`!k!!&@BL3@cz4>k?8#*zOITa;ESLBZ6Ml2$p zP&@54r0;f3bD^%;H|>stb$&bLpUTiprOrFL3qtX5r-bZ)-yY|jjh zeVHu$Kzq^XL+4OukI!?z zzjMBv=RNTOW;1)w+H2PS=XG6+?s6lU~#6P;E!CJj-v}PT* zu3_hg{7Q4;_%%Uw3i=zNd;~@yj>!EN#6hU}p7$S7;vO@xwJWbNX4Q zfM;=G0XvA3GZ0V}vc&!)5xd8j`~}^%K8Wpm4GRIe)>}CVcCKHrYK6+Ff*16D%>@16 zgD=9?4=(Ko?kRM!HGS~#{L6R;MOM%V*-+2?C}|TgG zi^bYQ-h)Y_99tZ|z88D7VV42Pom6|xpUma1_^#2QJEZcD_fGh*Wcz0+wT6C&`$_tD zx+B&~t9iz-0jRdpI37qJFZU-NSc3tv0BfCeI&`aKe+*iv1|%wSAlov`S)oGU*O zz5H=xR{n*}Ui2}DadC!&a@XztF+CFK`Mw~jpp5P{9#vk+&#D-5>OtibMZXe((Yo6v_7AkZ(nA; z)?|$^;GSevIuBT0VXQE~0KxsYORT@jbh>8PxPv;n> z*lV7<+wHO4Ab_6BuEvv&z2d5fTBhKbE^Al%r@}KJun?XSYb1`9HZAeWGd;`<)e!Lwa%Rqwp9tK!{sVg5^zkNCq+^RO9S+F;YyR1yzZbs)X z=6mZg;K8QTp*Bt4^>)O3??Zra>o%}t=&lMbfD1RyOVk8hZ2Y0QYW?Aq>-ii^n2Yd8 zfga)U_R@ENTSa$c|J!#X`uVse5%2ULgdo?#DRy2fwbm3ca6-oo7TQC?RGnIl@)VG6);JXkUfOJZ`5$dH^qvuGV`W zce`Y6y1Q;E-tLqIU+J}Bd#q5Q9yR8s*9IaYik-{On{S)_4fXdFwgdaNXOJKT&ILCk!-qVoRNg?U!r3aZCm;f#7w;t}2D?6Q>?& zGC)~fOc?Wg!mTjK@TDJMLA_@3&$mfaysDXpr;>mrH${W-NnJoY#EM&}9ya+RmkTL9 zh#uDUU@PkFa7fbaNR-WWZF`^feJ7=t<8gDtWj0;X)xyp3p*pmq{$UTu+4tF;k^&8OY|NNRXv%hD#!kV)&tyX0#{9vzn;86+HY)%1 z`s7EkFkOX#g5{$(7^;PFH~SLmk?^YFOz3kU$drMdB-cm1Ha)NSp`Do`-)b(_`mds_ zTad{;sl2Y)f%ocFroHk}Kq2YGJ~-3Ct*yQ^8+631Nu#XkRnX?hL~dnFpAT%ohR=%@ zOOgnzfN=X2r9nmO&+?aY`ZOkk-AV4eqsJ_HQ)?wZtTcM<%=xJjIE={bss;4qQXwu2 zt$v9CCkZ18xm9sy2fAlQ1MLCDiK#lO2v1=Y)@i5vz-m|y0x_{z9O|39qe1LBK^+sU zEALw|u*zORcqCUgVWb{(zh*vwEz6XsQ9;hmWWoV2T2h#iLJSt-wrHmZ-!N*u!3RAt z?bX=H?C8bIoSn~&7f1!wobLF&jhu+UmW&(*_0>67*0u&6dzF>qj_mdSWFch#;e1zg zZ7w*o(A(Dkk{WnoQgc=z9w#@4%kwT&qSp(}qzl(a*bWO?q9k%~RDC>^3KN9oJ|oOi~<=l_tXbPQ9{M z&_~0PoS9}HK6lgQ+zC;kVnu!T;|VuBaR~WFiPx!>Ggv`}eIBMNGA<{Eu+r3T%{2Ho zLx7t=+QQrqU7tSe^LdfB-}%DbMGqcKS?>DmU6wA}!v3^g8gb7J5OINSF~W_RKt2GP)`fyq{goNWb+ZZsJvG;p7&M6BZWW;)J~>3Hzi4#sOAjf^x21Chs!0 z;n@|Q*H+ZQT1CbUI-6%Uk>10;vf*mGx0u%@f!KHN8?DwWw_Q4Zxc^O(_C4PH{cqXh zV`MqJ0YMjriN{lG`mK6e4B2?ySGz3uUMn9TPzZZ${@en`oB{aVS1nDVUAf^-D>;1X zuYYF8cFly~WP^9zq82#54$!16sX?Mbt_Xft@G=VN;0}Ztc%1uD{(KwW=x!&x6O0H; z1h?NW8NQ#?tQJ?@7Cb>jMU9>4=SNoL6j%J^-Y4vp9;Y-v_LfTK&kk_JMimbc@wPC1 zq=_!$PQc^9UMzUju?852CP28{f$?tw!JSAd+(R4w8)1w7Dfs?l#MgN(ML!hcp7$~A zw+!8O*jJTOCt2EbGrZZNrsK3LK5@$z{-xkezu;nQ%i`=LQ=PiGcQQ*<+r`8ON%+ee5(WJ*k@sA!-6yyel#6`_0L2KigH9j~; ziBO^DmBhZW!q%E+Juv-{;RUC}rw#7VKY<4EJmX4Ggi|5|p1VmAnTdLfv93iCt4xx; zue3M+N~7Pp@LV^8ka8eu%Y|N4r}WUGBF%S4iy4iJsy9(P4VT-hJiTHumDqr9 zaLe~&#mvDRm!(KYGeK5RUXSM=bZ0-e#gWPAon@}+eWfL41<9MB9DYC8jLI5?7wBcE zjWR=c)m{(CSf|GF7YDipj71q0b$paDw??Ur52ukY2uX>UmmeT=WiGGCq17q~X=Wxl z+X!R)8sH{4sbkOj&Q-p30K6^4^Btd%lho0sOknDhI{|@%**o@v!Dm(06_1~>TDm|; zyMUxMbpbYWg#swj7p%s}|5C8twPx zVmo=ZP6_nB^40P_idOdI7q_$yu1o-H*m!Ox6=5_vZ9|$UKWPp~Koe}$9{&@d`=UMFU6Fb|m1HEW>d zDrmOZTWWeSF2xkGUWPd~+Y4C4Jd~0@-`oA*yrE0Su6oU8$6Ic$5vi-DDyoq%y0fA6 z<^AFFc}1zx!dlM_w80aB{tHualf-kntvcRwjFR&7GmGKT?fwEg3V62q?9ip=u12BB z3#vVr@yKB#*?7g_`8g8>nE7}VtD{k8aYcxR19MG<<51EUj&r;+=qmZ@!e!j+Qdj{6 zGepX>c~`HEPFZVCWwMrE_fVVnV66DBUpnD{&b9TeU+OyD&_tOu{TBP1upYP!eo@o_99I~1f6-o#bCs-7pRGI9B_(dA0V&*jT!Raj^tjH8 zIzc|wm~eMj&3Oa*Xe9X4byPndK}F-TF60?u%}kv)Nb>H*$AkIbtIErUY@69N7e?C( zT_pngw>3~?4jbC9;Ax<9AdDgBn(N{F(e2XiHuZiq;r1t4L-Dy0(v8>lC*D0zAPEjZjy(`zR#pos6R*W}-MOhm&=c5e<>SPQpbSA;H{6ipEL&{P|;p4I)C zBDiYI20B$_wOnAz5)@5*+}S$X6CfCbt86~{GT0O`7XGrz_8iCof_?$5rW?EJiQrQQh&(8o>&uvFUk1h9(jm+3%akr$Y8t z|6!Njt>0-GS%Jo1ryqC-bs)dtvvebI`=|HRZhVjwZrW#Vk9O&Il&Qrk8d`my5!SKK z5T9Em-Gs`0;|P53*usnxgbAXbgvC~oHjYc{Rt&vxF<$Leun z+vxV4#=d|o`v*`^bhiwTFG?IyO_-&}y<-P%Or?t4@!im-(*8mw;(8F^fnefH<~NU6a8UP>Y~9Crf@>?9M7S5u^biH| z#$yZ1(cOM_9@dC}WUh{`x-kMEr=()8!s`rYa)cw=w4iqOC0fjV-|T13&z*)c-!#J| zx6e>E%in>X9nQN(?VMHFj9Q9T>QjXA%VpZS1m$5~=;=4QNbheXa)9@>jU+5^sPK)D zzF0#ze1P;=UZ#gzC&EqVmBM_lHKyH#eMAw3+?Y1}h@y9+)Gb+I?& z8&d)VWe|!PdgHolY(O*r4v*)InmQH9X&k3T6<74SoWH*rUSVIL>VFO0Snum*% zYHiA@uoi@a%#$xg%&ePzkWmjk!Sr~pOb1mUbcsCclaClyEE7=;0cdR|O&xdmA8pn|Z$`yk% zDC6=J8B#xoX-Ul@UA1j)!1|2E;`NyRlYFkna&$zy-B`5uC?}`Q+XOlbKLfYPl6xJ$ z*t{lvKXR$O3`d`wS>;fYVTei7lhn7GN$Qy(ye#_M*P9ltEI74Jinrm6On8FV9hktT zFOMmi{+$t-OQ%D^4R24E%dyx!*THB9T_!i|Ji)fav36hrz&W(B>~$xez>s=4M8$lQ zGE~Oi|Hb%HCNvqFgN}zd;5l>2#C_^}B9?72nk*l~FTQU)AwFz3)Z?qwRvaDZ$dEd` zeXK+HI}$xE{D`Ho7}5UvS%c1yqP<_MLhE!gO4hcn=5P-! zQ_NT9F1t|>E3HU>SB4z27*1UH_hC_m{kf)~m-)QMbuk)^J5r&PG}oN1tG#Y*RgPrX zNIjj47yd{^xW%xMrY9<&Gt|$dB33;k##qzJJ|iIdYY}0LCrQK1CY1tMr?2dOY+8I< zC0(#%Q0^Li8g1Sbo!O>>M4~AaziC2(Rr$%p)Z4R2k*7Ep45|;x zMEJVHwPM?tL$oWmv6l|y>k>ScAbcNi!*L2w_!>oQnFzZTC@YNoDGl%7i;ks zyxJbfAAUB=RiFsp2Y+wcdy^CnOw<0i<>pH5FT1l7iknlD#Esy&@9FaJ<8GiJ{kC4( za{DI1_&U4AgIC+x<6y44$pOH%oY~AFESJgUOx|R!Kl@YCB3)C=sM#}lCd68t-ikU; zr!AdDvJB!RY}m)hpHPTIxal^^XG8`BR>v8wHFb=-a&-Oa_)09qm=f339BdwWkTJEF| z5n$+XOvhiLaZFa+mraAOS|4ynMhg|*8Wog5_M$8Y{bRlMLHe|?#-pS##f@C4%Oj_XfB;e%WMPDHOaaf38z+2CAd4gT5|L*92omVZj)GSqkv zm<^=}Os|x*&1a9{^}uvr0W1s|J*DoO8s+}prLXVHFbzREiz;l;o%kdw5;C4BUWjWl{ufuh&v|k3;xsxPzrbSg2dxwp>e^V{>4wvk5`YA$?L2i$fv}DZN z4=X78Im+)$%S;$5w}E~Ej>Zu{&ifOC{(y+XasRQ!^-9~D+AK@k3OvcIpZDH**ACzJ zNrPSwBrH}fkUHB~o;a1fk>iswn`tGJT;}$1A6_rF zXo)@2Qc5hG;&bVADLOE$5DTH~fD)U=6~+Tu%Ve4w`%$YuMhDIrVVqH#T>UsdM_b)& z%2cF%pRv4%`Q32zkuZBlV}COEoGqIj-m%=Sr|WcIm+A1 zq)w@oZ&R{vIcy4_aVWaZ8IN-Su!YiuQPJS70J zM8%nW(M)J&MR5%WV!udjSQQMj4)a5Ea6s}l>1wbN8*q))5!&!?0$-rDU=mTFLs&T1 z6~Wj$@r*i36D57WO|A78V{lc_2ddWT3-Yb{K>Y3O5S7Hw^$Z@Ur zrTbNPg%^dl%QY3w1%M)Cc+2BB#-9(}D{$tik%Y%A?fe(k? zBUx9iN^(crF(<*l(Gk=qCBYn3%IuA&f+tU;x9yJlf+RZ?{CQgYnaCIW_Newt?>jn_ zr}zZ`(tAFO;(_*iRe!S59b)&&14(P1sEKws+rJ6Ga#!B~=)3m`nqIGoH=i#hdr5-=6!3UNtXZ{b3|4drOXk!K?<_ATRD~F2;oCI;KswlioVpawSop+o;@;V zPpF9{z?1s~M93M>{9T>mT-B~H}^JyR?Cj#i>gd3+y1E5c?FQ^(J$jU;lV?zaLG`$cWIJ^Bc`@XY0Hrt3ZyOsQwd>%Flh|=*seGKFYe^ma2Wz7cBTT(!Qil$|>$H(LVUllV zJ;_eTow#2Ki@%gfv*+97JvP~$E!I`Mm^(137dJQL8(2BAcVK7XNaA;li_gP3L>_=Z zjbt%ry!t*tg4FY=E>2$X`@=$hedvk-eN{+)7ik_?e4po)EMs?g*u5eO?nm%m6Sq#3 z!FEG_VEUQZb~gW;q9~kBqkk=b24eX!KRkYZ8|qx~o9ww<`<0l3es=N2W@)9vSJGn` zCfvWs!3en)ulaE~6U&Ut6RSrZn`{?ISD=0M6mAKY9rJofJla+jwa1Kzif&zX9_D#Q z@`=ON2`a8KvV5TQP%F74#)Sb%Zn&exM*_J?5;|UZz4S3*;H@7U*-G96or!Apm3D)HqP@pD z|J;$rDBd8PkdU+fhm6LK^!I9<^gXp8&?cVDplS`r zS2`UDR|zm>eHM}LAF@U7u6A(8LTOg1!*F&}+j`Ao(v~`}Wi;Uw4p}+wc>5<$k+VCW zsc1-<{z93r#G>Aon2LXOb7eN7`S3EAA&*qp5H53WmgOxrhM6__o6Km(B+`){2p`FH z6?oT^)}DlVt=c{JQ6dYst+Z_3=fAGXlw0e|UbpB>5ONi8@UBX3*EA*2@P#Map>Lh@ z5Yvj%f32NqN4_J_z@4U}-!hrva|7CQCiP?qO>-z`c*V$^3ySb6eVCYUOOsQstB0J& zdpUEaTm!%aBrDhql2xW#E~MC-WA4w-Ry~2VSJEU#=x|orxTlA)W=g*WgQNL4h(`+r z9e-laAOn2RN||*q-0%?=!Js@u$X1diEV&3DTGjI~#%F)29&=^V z?%%@@sHc9H>L~}g$G)%kMiYMU9$JOqG~-D;r2vrhlNWIqy*JW8<#L>3q&Iwa3rA_Y z-9hA^8+HE64|fI56)d)3p$WDYHk%hfTQajP_bmvKJbN%H<~+VKR@k1 z8o;e6Ft~!1h=Si2e60*Wmh_2>su9(Fiih~%$%n-y#qon<_Dyvl)ujia3@#~dnFtf~ zG@g#vX1QYVg1!0q_+(|V@tCZaY!LxDj!oZOYqs`NlOV=A5Ih!FU)pT!$S#Ptt^i$s zLK{_hfVzFh6#z(mCE)+sH2oMsgiP_#s11M%&~hBZ3Ea=n5~RJKgmOX#kQE1*QM1;N z$GPv#8NWXL#!=@g$|*)LWN*T3ziDI~AR1_Izl9ZJhG*}rDrZPR#+#tSGG-)rAOh#! zC%}Jm#I&ouzSAez_tt(=tz4fy{gIUgc~fGktnYPlN8{<+0;3=~*oB}CZNwIU%UY9l z%MHldyjGWB;tOxv7VB>xlH&LbN*Fnn{K`pdC~ zBN!75+~jQs)my%{M4WBB;925Ms04UG?81?Jv*N@uX4NNvgu^-}LtJ_HX1 zR0@KLrmeS;ZYR{K^ex|+tm&j*c-KZqYbsuwo$Qc6RE9LP+mv8yZ`Gt3zKRqt@Il14 zYhNz9>=Hb!W^9T^At7xjgMFz!2F^kdVZ&?191R1OEh2%6x;M&#@$Zw#*Y#+PPb zauz5<2D5UiWA1r`ngj=7`YTT*l1w<)N-u^-=WFLj2TeTnclh_#JYw_rMTTZKYAt)^ z_P-X%ZI2qS_3!qgY5qUaBtk64--H3WL%PfEtXkI(Xk<$V%>F<=RtTLq^mtgh$`%*K zKqy@2=$mbZi*>DDmsFd%aVHx8HWOvvhWg)@TaE`<0Gtf#xsdsY?9e69ppJYDs%00b zjgm}F!97%8*PR9jJx-SL)BrP{SHTFB;JCYm+g%M#TXr*(qMO29FGWZ$Kku0xXbDbV z%r)i}IG4ma3Wx4!S1uS)tZljp{I()ND-hkCW@pj3fux&9I3CV1l&wixI2Upn2(a%$ z2qZjVeU)zyWGvU>+RM%B1;C|S!4S4TTO%os{H=75`uN4A=`?@~io#oIgPZt82ZvcL z&OtRFoYzfp>_hD-txhvf?bqJepNii=XmYtIV*o-S#Ha(OL(C`pUb@shT0XSD|mcs83ev3xnl2e^c6L^AwK zPMm&jnMVu;G=QK1bB%XI;TjEMzET9Xw(RFW!9Z{hYfMV;$Cnhb{4HWb8`SE~a~0W- z*W6t4`D#~d+E$);NZhNw?uac_f+bOHFK+-YO*2iVWVCRql_`1CP*?oU5t)zEH;nG{ z9~%0zb|XIppf59{`Y^vJha8}!Ty$V}(>5(<4K(uYgro{cZZ{g=lh2+Biuh_6VB;fb zk){MlWgKNW6=s56zE+sr(;(8xVle+7T}j&!;it<$>VtV6sHngj-dfZ3EnPG@AI8qP z5gC<*O&lgzz3qshHgq(SC>u07_ix@E~Djko7! zC8xm$8|4Oj@Irb68xDwqv^xTf)9<-3L_5C02~BZc08g_PlX*T;(3zqG_LIP820RCCY(v14gd!Hgep-G8!>M zSSXMeF+-a%-`GKo#TR3!&#W2+zQ>Ng1#hf-W;s>Z`M9`XH&gCy=*j^471|_x<@`(E z7$hv3;0Uuv-)|l(P`D#$d4aklmp*yT*MTGwTrBO+>-*f}|5)9L`p_wUK}LtIWh)*c z8t)mfVSR=V2MGmc3i!%@dr`YvR2!b+5A};Yaqpm#Vs}DfBp59cEO>^z=BMZfblKd~ zgG9JbnX@IRfj+o9`m-QG=Z~ZUu@F)TN_b|#xdfJE$!_{RO5X%tErrNr$#4LwD&yiD z+Rx?&R}13nHQ?owhzu?=>lO<@>JmD{Nh}z>b6@OopVulX1E6B{i72DS&57m_@28{K z0XV#T^}zB|QE*7nmlFBl$Nibj@>?~vX7+_e1e1oUEaj2@FHA^LdNy9yHH;z+vbtIF zOK!$E9{{?10RVE=&FH5S&QG2>Gom9kc5@Pd(7+vw9E#2Q4Z!vJ^E@cbN;oVg*Rc5< z&Dl~$Ym^|)wMF8R?l0OiHN~F_ot;yuN~gJ}boS5DvK4U7Jz=i=d$2dwwT6uVd$;u@ z8r0oUN#o%5$X@*gD0FM3C0NjLf!H>#)r)*z{oOW&g_E}CjXJYwfT$^7Tdx;Un@<@~ zq{0*Tejx*j%=$fVU4#npMF-r_wmxLb#L}dA1fNpoWQa6RJjB<-CXBSSeLueub zMok4j~4FDb4&E`pspExC)v3Dm4LYNHDHl6?| z4(Vm>2A7=B>|Vd`MAW3{e5KyE$xC+A{P9)EOHoZe(V8Ql+NB)>(hVe|fl;o{A!hxr zg9)P-_B(PuDW6e~>2)q>OP^~5;wm%uJ7%L)d~~j2aLXPr->i3+U2vFxH_t5Nzv2j_ zOqoCD_k!OSHpLRRf)eVk8?UMF_G|z&=yzWP{tu&Hj$4xcOmQR6s3Wv}N(hz!)Y*&3 zb9LUw>^)rOt1SgdTDVNyDbNs#KH|v`3I{x&ehY$|M8^BF7_dr5>w>R|`YiQ99>hQ8 zS^gqCtjQHL0jDJdzcW5)Ke%20!ngwJCUqKZKz_r6v~XI$)$i80lkfcqvypgnaxi0aL3M}WPsQ(3sp3~H- z-tgBHH-1T5V$*+V=Cb$WRLJHMX|j;Bg(8$FudTv$QcKd17^gIwJ*95FV)-x6v1qe0 zpCf!$Xw_q@hi9 zRGo1BR5aB2eudhQ{lSi2RI!u1h7|h@35zJKsA_^kK#=WnzP)dB!$GUezF;0ylX=1| zgIQKlzyOUdSITiN9rxGnDrp4uJ&nbCRDt+Fr7c|tr!1vBf)#NcKmcz%7zV?QD>*M= zvY2Rjm@{^+M{=$k!D+zS2N$vm4=APd2KSWS8OlmL75eWYZ4rfYxG^WN8BxuJ&v#kI zlh)vavoMcf-??`MwXDA~85ic;7lEl$ES)sh{V+X%sA|nV%9v4QrM*GFiS=xpcHPDs z1XtbD8^{b_X4$K|dl}4N0wN}zZJekiU}!+t`T6R37ilQTA*zJAF$mtqWR=P9Mp+p; zS6@~T5|%(vFMAGsxCk8)w1rDr&aXthDj;mY3HH;xwC)EUbdsxJ*uVPaW%72x z2b~~edrcl85^|`pbcy!07QQf=lPUd>RD7#+!idH|vo(A0pOZ`K*hZExww{^|)3fvx zDU2}Uh`JM}?0vo;H5St!88Vx4i;|k-)P)~88u*>mj77@a<+ZE?+QzE3SQl6{ysxeA z%b8PtW*q=)RWxF$FCroeJt~jyh&`daI(6&y8P! zU+bQWXp+xCtFU`7h~~Q0(0D1cQ;ajdEtrt+=54V4UaMU)z0}mX+{7(u)Go7BIOks6 z<4~SGM=sH2xqDL@TrV)VI|syoDcfnk;BqgPWJ&ak)27w;U7p?#Ynoe!)Mqg=@W;jAzb)ra9;{8EyUe%wRqX z)UmZg!H^MB!Rnf|Zu7zO%gG(3=rM=P{7emabV8J^_EJK@YbUlHS0F2^MLvP$u9r=Y zzVa6tu6Y2aQLXb3M^?AkZJsz}X;647*vem*2r4Lcn0TU`! z_Z3kDzaAiGFbw38Q=0GK8(>WYZ#=~=@M&(QB;xvR7XYN4`OZ{R#RC6A%V_&Irm0O% znE#SEIYN|M_fJR@Cb}KPNZ1x%*XLT(`{L5Kr1)3ewKPq+w_256G6@-`IIk&?+~fm# zDFjJ&QwWsT2+2{cdXs)>>oEgI0^48tuq?7-O=F1a%}w<0CwKN78v?RRzaQIc@k33w zdmFKl0@%?VDLYie_Q6SgCG~ZXb&auUiEA{Dyi0Wk3JtgfP|oA^`z)Df+Lp&Q3)5N| zUq@f9qFii-GU}#FRZQ0pnrl>_WlCwJ_xBB*vwW(l*DQ1$pvbojsGiiZOSB?kY8}#S z%SDQtta{(v`ZO(M&nVxi!f$;Ui5G;sehTO->KeoDkVp4?iti@f60Iz<3L@{e6k)oZ zR_W?JgK0VI6vAKm^pG>=hqI~RKqms8&kc$o>lm}m9ON%MltoZ-ig)lod35f>J�& z7a}_FPLnfy1WCxNlvhF!$|8wb=j^P8!Likg-?Dz+?6|&Bz*ej_sbAM-i$48Zo1GzD zf}YisE%6wlfAsCqf0A2IpN4ap#joCZMN~$hj@|5Rgq~K%oE^Yq>248mCaO}ez~ZCN zg}D*=cv#?Xoo&CkyNJ=++C^k@CnYocdEQCr?Byvk%X|;A9FF^tbe95m#EU!rz=p&x zPc4a0fL@=`;05fq;UaO+1$)Pm>O=UjIQva9W30Qhki(eop$oZ-D{^fN%0&f`Q!LO# z<&K~xX?yFhqA(Jx0TZJL(|^|2#$W6HT-K8{{X07BaTZW~`io<-V+G8Xl}Sq{sPG7T@*Wjl3i2z>uy+S2|5N$#URH=x~3 z9Bcb`fNUZgkWJXVVX5D2k*_ss7C4jqFICbr$(x*)QQiEt;Cb*HSuDH_#g1=72uTq? zw5+8VokGT&pI82`W{6Qz{ccw(?7Ym$;Ds9nTFjr9F!A1ELQZu#0~XBXj6v!%96Hyp z*b_Tht{lll*0O;JiI&TZgQ9B*hUpHl)5gA8Cq3NJG_cNkni%gU)%pve7TvqFi!Y)x zt3=ALfapH_*w)isHs%+iPSC}Fm-Jm%T;CB*%M0c*tQvD+S)>pbUqxXtY}PMu_jAt$ zyO2{<-3LX#HCjS=?=2QGAH_C-Bkprms4hI*J-ub^gIaA!V>1(dOrOFm$9)<6g9@)( zDb*;i7YLrF*T()qn0FBVnG&KA(mnwBO8`xBGKlK7xJ_y%DoC;D; zx~tD}jDs7_1Pg)PIE&&EFjX#D3f(h{E#i8wZAn8GpM4l9YUR_k-<@b#sEM|p3+n+k zREIKC8Ql_R7}09~V)031=7&c35^%DlbFz=5fa{_!(Z-t_Be8iZ=H4k)3jSq8J`W&t zNRJp$SyZLAx=72w*&GqWs}i!46!tuczW@{Zy+Kas1r)dJhIhN=5nf2mPNikfXo`1a z$h?ws13=+*AM3ue3oKG1Yy_YEJLY9MspS$u2*!aq2G{C5KPco5Slahx?caIK1Qd)^ zn$u_)JY>jv?kRu$is-A(!ulg)iRXS<3Yg|~h zWt{P|u$*PsaY=$Pp8>ZUy6}9zm@;8Z|DC`Ewd^T(5=5jbM8MO7*@$0&_(NaYTLvX= zfx;rY)NXFwxiWDvES%g+8Kep*`ZmqSE!&^FmP*?DUcJOO%0~tT+vz4L{# zJ`GWKS~m=+UbJOV8FKN?!>@t>j^lqWksYzte0k2K!2<@sh8H}lQY)B-74~(Vr9gQP z^Ua7<<)oPJ-Y?#Ab*-ngv8r>3o;O^EDBfOn@uadTOI2eA%Gqn92t!SR3QPDig=ZA& zdrW!F{WR~t$Izxi@|fibHwhXinmVZQw#U*ukRKt6X5n{5ievZsniDGY3G$tHOjh^J z>z|FHsv1ek25--#^42;A@y;wsPXe;s#O>xj#&>nq>3r*RzqygI+Z4;JD;{A$nt|4mLayeUgaSd zo1@vI!fHSDU`|H`%s<*4T~#5wH1gE#PrfKK8GP8dNAXwzG*q+&(Y|;RjwyvIOE{63 zUDsvCwUh~;&RQa~*?(>X1&=o;qxK1&%99?PHZ>LOO#-n*iL&@vP_(4pN0O+%G@`ES zDU4X9w5}rP<}-N>Y3o$ahPu@E@BF=pC2loHa~YRgoCb{3;4(vZMfb^XkQPNt?pVj7$9KNN?U9yqX)quSKBtpwZ*S(x zxJKIn~KZ?hx$_K=7jxb-mFfQ$-0DhW{ zcq)O3Do6hxvY{8X@^e>a04MU8bv;-3fj_qKR8HcrLW#x+p@{-`ga7`n)qhy(e}Mdd zw!KEwJ@nk%J1>26P6&u*NXv-wsF|k)v`|tvmnldL&m}^fuTCU>gR%d!Gzu}F|AXzd zPqS%0^z!Lx_L_@*jIwI?tMJ%^9fTrw??p$BeUe;vm*iyUkbCbu z-&j&_JLf%GCPQQKM-Uk4IdrK|*W6GcJ$J(F%76j?(T)dgOif|NwLP)ejxFyMWR>t} z^<%YlX^;Cj7qCe*y!O)qe0u)sT<_|QyA)!#s+`t#1|TP5%d^4Fyw^aV*eknYhW42Y z;Y(1RmR!eI5qVH%)^UClJ&FMx)xK_}4X6ogze75BxW+lEufDN7yfuD)`2cShAx#G4 z2`_Yj{S*}?GClU<0R!{!6x`92o*ptm&NLUAS1wj*gyx*?US)8Xi1k5=4g zZmcjdKSX&Ei#-OpkXd_CMLYR+66y79>3QH4>$zh>tjr63qaCeeHU`&wjg>#aJ#jeA z$b7o09_jsP=I-VFOdqjpp%c;475H$O!Ry$&hu!;3GT8Q$FwJ`OSp4-0>`={yojic_ zqwhl^s_!CXJdWwapU-yG?$xtvl$uY}R9A8!*}-P4e%uKf=&1!Rus$;1fTc{y#ti$k z)VJ4s>EnKRlwW;4kdBsFsk3G<7%Uo|3-3fs2?=VJ86AL&!`O#@G(5l5L$#)g?s;`H zGdq_H?881D%H@-yj5~J3qCL-9X$8e8yAtVDxbaDWmZ7Ov%pfYz@`DCCq}&tPmq-j* z%xBlTCD45Z#Y^W8g|*iMW5!+n#V3EbmdCg9)x~ZF#OvyCGH1 zhniBNGv%LwjcR|tZe%M}#Y3VAp2q>w8K2|?y$`l;X&z|f~U)5R}*{U z-OD!12umjPifE^k_)W7OGeQDv`s`o3TRqVxZinCH+$eX5U7-@TU$D?}|8*hYBn;36 z3SZcaP_OT79$)<3hrV7F^nbfy{U6uQ1$+hOeHo$jMIPa04B>$53n2uEA?m~_{}Lkp ix3@g~!yDdv*T^#|y}^7g2>gox&|7IGsd5Q@zyAS9!}oOn literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 458bc46173..39dc1b16be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -143,7 +143,7 @@ Select a security recommendation you would like create an exception for, and the ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. +Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. ### Exception scope @@ -151,16 +151,32 @@ Exceptions can either be created for selected device groups, or for all device g #### Exception by device group -Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” + +![Showing device group dropdown.](images/tvm-exception-device-group-500.png) + +##### Filtered If you have filtered by device group, just your filtered device groups will appear as options. -If your organization has more than 20 device groups, select Edit next to the filtered device. +![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) -A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. +##### Large number of device groups + +If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. + +![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png) + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) #### Global exceptions +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.” + +![Showing global exception option.](images/tvm-exception-global.png) + Some things to keep in mind: - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. @@ -209,6 +225,8 @@ The exposed devices (after exceptions) column shows the remaining devices that a The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. +![Showing the columns in the table.](images/tvm-after-exceptions-table.png) + ## Report inaccuracy You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information. From 6b71ec0122e682dbce5ea84f33ef3c75373c7206 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 9 Oct 2020 14:55:30 -0700 Subject: [PATCH 005/136] updated text --- .../images/tvm-selected-device-groups.png | Bin 0 -> 6812 bytes .../tvm-security-recommendation.md | 40 +++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png new file mode 100644 index 0000000000000000000000000000000000000000..d4f3f506e5c535c50454f5026d49cb40fd13282f GIT binary patch literal 6812 zcmchc^;?utw}uf!Qa})CK?Fn)aHt_gkuHg$OBgyFItB?rP^5&B7%7pKl9HD07&@f8 zW9XE#{k}io{B+KBku&hlp1s$4p8HvEsJfc`ZDM+292}h6iV8BCI5;=7z|T^Ix4>6p zV(xkHjmSws-xUXktmWV5jaY6n2Jj$(o1&^L!4feMwJ_^bPHJi#9C~p@nHMmxr0r>M zBkhqt4cJ+_1ngS(Hx@3INJ1o)>{G`6;WEa}k;3n}mIhx}dij-0k#)VJs;w$X^234z z!_`n~$LDDLn;M^=Q`{lbQdxBhIU!%FWgWT^H8!(z?)U8S#>G}$O5O1U#>Bp;97_uq!; z>S~#o%xoO-@bDCumA&nMdh-Rv{agaIEFvPJTEX2`ouccVjS-b3k@XkN{}!BaUj&Ui zJ~2_eHlpk7;v$SpE-B#;gyutKvE5dtQ}g59e1=#hS-o+huCA^GL0f*u$zQ%UmPFFZXg0Kgo?d?iLTYMyI>IEovNA!~ z@opC9??~y)n1{1W4=$%f3r*`I<O(~vQ5aMi(6~Nmgw{I5?O$A@|C5zYAnTu-2 z#=br5w07H>qN_7`)wJCGK4jOzqoboGPNoEZ&s0W#`Epl~{x(i#W~PkHrINv)BY8%%gJCc?S={(EO>b+y!QT9-3c=@!|cB{qiLZFh#L%BXKQGqa_o?c2~gvwK4CkDQ#> z7rz|Y*xC7g<@(dfR>@l%8{f^%MMQ~_rqN}xvu{mR;mOO(bEtlGu)+T^Vnr zG0lKhX?q_^B|_sDDd}_E-(E^iOf}1awCRLp4@INVoyp>!^hPE+I&Hi4@iEcSjhV_q zy2SSO_Q>O{(5fo$u=-dI&pFFI9_8Vj7c47_g%+HN?MWc?&7S3(qZ6zQ7}=r zDj%#aE-aXz)~IE_Odr9W+nOqtovih{qJP}kd3b!7;d62y=koI4RSt~nzQ06(A}X79 zziqGK&Qzsy5Q3a(Dc;mC%eu%!fsOJ{#co4K^uq~SMwOPPnJcwZC@RAFk_%Y0Fi zZAlZZdrX3axn*ZHEbL%|CoAHIvelwdsGzz!NmRCq*`HzC@rlW?vwXGe#rOCY=e$bS(vqD(`sG9gf=?+kW~R>PV4s_006Opo)7xt~Ia-h;#T==b z+cGi|Yn|d7_gE{Xv8(IT=2+3e#`oa6)YQe;P1V!W(_#JV{>GrUmsojH#GW^eU)l; zyd_#&?FCWy4A|La_UlLsA`tc3V=1-jU0BvNfwbKBUZ<=%+2Ro9xL0lv92Q0bZ;!~M z(N$3)Lgo(E0*&v@qKc_*PStAPHt`vWp6-JN*SLL1xvqZSiBM96Q_RQJ8bKY!y{H-ZosqJ zmm*uBLq#is3o7r&j~^Yqb@&u(yuvo zjpOqtdG!h-MsQ$aP!Q+qb5df~jLgua+cBOVuq$h6Z!Koyjr7zhw75JaiYO%id^U;5 zM|x80#>6-|JEuj((^R;+PEb-x8#z2-_B(`-k&%V$|8kt}isN|@LZb44Ol@g-IXWgL zP$y4zK<5Q$n2yTmcLoJby}h>?3=Oxox1yCYc|PeEjk)eGDgOO!b=$6-xXLIpHdg53 zczb!Os+8v|gOR#=!^X(23xpLn;FsehSb6ho+;6#TwPbpuN4&go+T6M^iHTu}i406) zZY<*BiF~7l%LaB_-LnSoz}d~r_=@@*lis;gKUnYY|I$}iTlT$vi4ykrRP9lCv*&NSEiL_IXM68zjoHUON*ye>ALCf$ZyWiN2UA;KeX{mKy2*0?;9#>XiTR6SjIE;WV*;}Gqv(4mq!6_|gT0o+3}<9y zBbr1ao@<$IQlWRNhIzZ7|h*HWl-;CpNn6Azo zpw-gSDlRKo=!o83TiCFxoMV#mOG=lITG-m^**KYLZnwtK%>9y||76AoAr!y3I8p7c z97fL`A?mX9w205JEkh9nfkKP4+GZquyzExD5>|Frf{lW?Dn$G|5Q6e@dmjKvwI;tC3QB$07Z{IfBy~w=M8wH7~Xz^f|^><-CgL}Gdw4EcXkLQx~FHBbh6T8o4%^5 z>XelB`D$M>Lj-2L+OZRB*K<@R_&xo*lZS`ZjPk+lX#@!gNnl_gtw?{xfcvtGDBo`p za$P9&r7s}RgXWX$8wn?a%D}PgKjtaN^FGnvryms-mNBW8SwYkb{jyD0P2mr=PVpYy zGu|A`Bq_C$B!6v_yY40ivlGIh%pLB3`9*;Z;8QXglbE2s+>3XV5ppkq0B#=fc6WC_ z<|{I+2cG&+o{UNmehVPs(Jx(1&8Fak)#BoE%e8(pcV4%bA!P8+smxrlpAf>177M4@ zv?oh8GsuGoImCb>8>Lv;Zh%~R+PCKubJhlVBRoTYb`;IcS)X<1#l<)!~CioIsn4cdGy!ysZi_QhP3is=G^y4i68H(~AqJ_vSYUPbd(7RCM%>=gfS3TU%QjZ`)>OQc@&+ z0FO;LR0RhIFD*}}y(D;4TU)#N1f{^{<#SSS00poNup1{WE$w|sh;Zd}SC>+m0nhei z#VVh_cR0Z8n1s(CMn>0sJz*Dr`IC~9 zbASAh1{!N+6*9{r1xUCLP=sPlid=sW8oW6MUQN|pNo)Fz*y_s4z3usjA+x~Sor{a} z4eKL;zHZHwQvn-xaCE$#S{3u9C4yo7^n$$Y==Vi6=!ASPA9g^qEx9N&(7&Lo(dSd9 z&Tei?K_@y;TDYTwYVvHszz+++!xQE9kK%ca7yL)_bK@15g>qq^Fab9tM(d?O3mi0F z>{3xtHSZYL=+#;f0ons3b>pdD(|hD2xq>VM#KgqJ^Ik=MxAC91cH@lzy4!&LCzP`TOCfmDGqPsjb zruBZOWc0&x9>!wTEU3<>0s{Xku04{8U066S6vd$dP9OLX$XFnz+3`PvZ~kI$&x7cr z^>Gv|2XAe{I2wMEvd`h+q`>BGcftyET#tLAaKdTNWP<9TpgXfLgg>AWdlutF zI7vy#x9dti6liw}0$Kp*TqsdiJ(=}yZ)>{+IPT3G-o-Y_;3CB0bZOf#8O+PeZ84a} z#9==`UoQdf2oF-rmd_q4w=*@Mbai)kM_~bsF;Kd?+QAV$SCbF{f%NI=GauiJBlzD- z{N7(Jb+xrlo}Q1`+0nJN5`#lSogE!4oHkbJG!Ykz_JwZ@U25s!Lo$;8GPI__;P>r` zKjW{#i4C88&(sPH&(z6P&xN@gB=e)gu~ZySkv+7mtgPduK2T@p;@TQJcE>+uW=>S7 zJ$pV)>Sb!V_HXK(HhDSMf)+rI034+h8cVJX^~jd@JG%uTUjwFvesfS)WQn^ zb*HS7DD3FuvD2~PsS9zDc^xE`>U*wOcLd|2X7<0l^HBaKzwfzeXIB?;j>#rchV=zk zZcXAZVPO&Rv08Z+2&8fEi;VK{OuMpbogM9jqsqlG)7n%nmA7|=A`tfKTA!LEp3sS& zp72P|SHHP+3)KxYPuMV>ohx$4Y7NNcnE%8;ny-(Gt810Vwn5$Lj=z#J2WlW!OLf{v zwWLHd)Y!aR5Uu?GchBh1=%eiAW#+Uj0bkMxk1?xS0@*ivzv(P#UoVSxlc?? zyfN}hS{fHvcF#^Sh=)e?)yZ z1R)TJ#Ic@#ZMaudV6ppT%;HFbNgZ;2V?zn>((F{J>3^mN#i(J9TTd7k=H@_eP8UKn?`zi9icy|fB=k2q^5js0Jf9(1cBL^Hmaos zdj!od^}l|GgZqJC5YQpWa5TJ0*(D`|KU37Q1=x173|4U>Be&P5ssx~=B{}&ylVZJ~ zYsI*_oZbR&0_kiijBgaU&f4s3yVF1i2J?t@K^JH{_5e}IZe*a@)0U%=?o^LZ(zlew2bWy~R|hYWI29jf=Pq7Rb@JIjUtd#Q{ka?Lu9cix zcyDiAa7OG29L6Qo*vLRgHq$@n0t_wCs!!19ECqRP3r1l?BqZ?VF3;2bZaya$kF3g^ zkASX0ivQKQzmxol`u_bsjMQ~_Vxl;IRnOB`ZmtTwFuG8gf5E?_qwg@dXNY$1<}Q0 zXX;%<#BE?jV6qqbX1bc;s1O%Wt<_EZJIu`T;OK_3uc-|U4Tm@EfXjLWXw zO;@`w#s-s|U3?W{6rt$yob|O%pt_hu(20nN@poW~`ozjRdBKk2nCMr27QXFvwPWot z{cFifsI9d%c*1pM??lKRWCgbC%T@9amk=_hkktBmGu}eTPLyxsDQ zeL|9~)=n;U*{~0dUz{2FH|yG-GHQNF^H46*!6g+O_4-5}4P;{zZXb;;C74>+3sF>d7}*fmrQ{l8TA*U<#Ig7ZpXWm95%3d2uagv&*yle9aGp^2c0UO_h9Ed}oTrX??Bfczd#=rzgX>#^Z_c zITYwKwynfcZmi(L2ZBwg!&8Z)bRAtV2}ueLyLX3)$(RqV#75Z`mHIsDzU25XcW$Yx zLxEh~B69=+^YP9@w3wq^U85uz&Yho}KqM&NUJnVVLjJ4vtkDWyU=%ezDZY2qHdn(p zl)EybOC#Vs$oA~|QXqY^EO-3I`SEu5(qk=JAv?F^-2xfb`J$n0_#3mnlxd%i?wW|8 zAUqNpo~Eg(rhXFpj+}w?ggb&kbGI236crl*vaSzVKi#fcCAA!mT$%0ad;rFT5pqFb z{=nClXg#cD9v2r!$|M#JrcWyX%-uFedz~1Qlaj!zmCX|gfp*HywywK!SQEVr`ImIO z8Yr4D$;dc6Qd=M`?RI^tTX{G-7zLVlOcfEhIYr zfY2XCy}X=nP#&|lwAx&F@VR$efhbtO%2!&yBu#iil%Z5?~Y&e_FNVR)5xXi zkzMG;w}9gP{Wqm<>zWSv1!t$ISE@7ozBxs6zyZ_2@yK0&l;OJck98La1AhG45f1ly zav&A^-O&*EXQlT6#|JVdJC~iED|#f^>|G#t?NLmRBzYoMQ&S!HWr)Fy7){*N4Aa(b zJ$9U|jQL`rKmpthTxxIr19J>;L=Yz5ylJavyTWvhc~S^i^~^QA!{b5v=csTjmS_4e z9+F?1_n=gx49jG|7!C}FEJ2NO_|$J){T195pnmWFq3lpl*g-F#?tWYGJFD9JaPhGQ+~Ro6_74#Mp1|A;m>`gW zjI1oy`0n-T8YqbFW=$=j*SptJ3H?ZNcN`^(oAXk^mDc|s_elQN`!Sb%0pDj^&2g^& Q-EP8BlvR@{lztufKl~JZ-v9sr literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index afd2f918cb..2a5e336617 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -134,11 +134,9 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed ## File for exception -As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md) +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. -If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups. - -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). ### How to create an exception @@ -146,7 +144,7 @@ Select a security recommendation you would like create an exception for, and the ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. +Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. ### Exception scope @@ -154,13 +152,19 @@ Exceptions can either be created for selected device groups, or for all device g #### Exception by device group -Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. ![Showing device group dropdown.](images/tvm-exception-device-group-500.png) ##### Filtered -If you have filtered by device group, just your filtered device groups will appear as options. +If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. + +Button to filter by device group on any of the threat and vulnerability management pages: + +![Showing selected device groups filter.](images/tvm-selected-device-groups.png) + +Exception view with filtered device groups: ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) @@ -176,13 +180,13 @@ A flyout will appear where you can search and choose device groups you want incl #### Global exceptions -If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.” +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” ![Showing global exception option.](images/tvm-exception-global.png) Some things to keep in mind: -- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire. - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. ### Justification @@ -192,21 +196,27 @@ Select your justification for the exception you need to file instead of remediat The following list details the justifications behind the exception options: - **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced - **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization +### View all exceptions + +Navigate to the **Exceptions** tab in the **Remediation** page. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. + ### How to cancel an exception To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. -![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) - #### Cancel the exception for a specific device group -If the exception is per device group, then you will need to select a specific device group to cancel the exception for. +If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. ![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) @@ -214,7 +224,7 @@ A flyout will appear for the device group, and you can select **Cancel exception #### Cancel a global exception -If it is a global exception, select an exception from the list and then select Cancel exception from the flyout. +If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) From cb04295981d407c3871a7c0bc621fd85a5e50a93 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:03:39 +0530 Subject: [PATCH 006/136] New_4490409 Created new topic "Schedule scans with Microsoft Defender ATP for Linux" --- images/linux-mdatp.png | Bin 0 -> 5634 bytes .../linux-schedule-scan-atp.md | 247 ++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 images/linux-mdatp.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md diff --git a/images/linux-mdatp.png b/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur [!NOTE] +> To get a list of all the time zones, run the following command: +> timedatectl list-timezones + +> Examples for timezones: +> America/Los_Angeles +> America/New_York +> America/Chicago +> America/Denver + +## To set the Cron job + +**To backup crontab entries:** + +sudo crontab -l > /var/tmp/cron_backup_200919.dat + +> [!NOTE] +> Where 200919 == YRMMDD + +> TIP: +> Do this before you edit or remove. +> To edit the crontab and add a new job as a root user: +> sudo crontab -e + +> [!NOTE] +> The default editor is VIM + +You might see: + +0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh + +Press “Insert” + +Add the following entries: + +CRON_TZ=America/Los_Angeles + +0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log + +> [!NOTE] +> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) + +Press “Esc” + +Type “:wq” w/o the double quotes. + +> [!NOTE] +> w == write, q == quit + +To view your cron jobs, type sudo crontab -l + +:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: + +**How to inspect cron job runs:** + +sudo grep mdatp /var/log/cron + +**How to inspect the mdatp_cron_job.log** +sudo nano mdatp_cron_job.log + +## For those of you that are using Ansible, Chef, or Puppet] +### How to set cron jobs in Ansible: + +cron – Manage cron.d and crontab entries + +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) + +### How to set crontabs in Chef: +cron resource + +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) + +### How to set cron jobs in Puppet: +Resource Type: cron + +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) + +Automating with Puppet: Cron jobs and scheduled tasks + +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) + +## Additional information: + +**To get help with crontab** +man crontab + +**To get a list of crontab file of the current user:** + +crontab -l + +**To get a list of crontab file of another user:** + +crontab -u username -l + +**To backup crontab entries:** + +crontab -l > /var/tmp/cron_backup.dat +> [!TIP] +> Do this before you edit or remove. + +**To restore crontab entries:** + +crontab /var/tmp/cron_backup.dat + +**To edit the crontab and add a new job as a root user:** + +Sudo crontab -e + +**To edit the crontab and add a new job:** + +crontab -e + +**To edit other user’s crontab entries:** + +crontab -u username -e + +**To remove all crontab entries:** + +crontab -r + +**To remove other user’s crontab entries:** + +crontab -u username -r + +**Explanation**: + ++—————- minute (values: 0 – 59) (special characters: , – * /) + +| +————- hour (values: 0 – 23) (special characters: , – * /) + +| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) + +| | | +——- month (values: 1 – 12) (special characters: ,- * / ) +| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) +| | | | | +* * * * * command to be executed + + + + + + + + + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. + +## Schedule a scan with *launchd* + +You can create a scanning schedule using the *launchd* daemon on a macOS device. + +1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. + + For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. + + ```XML + + + + + Label + com.microsoft.wdav.schedquickscan + ProgramArguments + + sh + -c + /usr/local/bin/mdatp --scan --quick + + RunAtLoad + + StartCalendarInterval + + Day + 3 + Hour + 2 + Minute + 0 + Weekday + 5 + + StartInterval + 604800 + WorkingDirectory + /usr/local/bin/ + + + ``` + +2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. + + > [!TIP] + > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. + +3. Open **Terminal**. +4. Enter the following commands to load your file: + + ```bash + launchctl load /Library/LaunchDaemons/ + launchctl start + ``` + +5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. + + Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. + + > [!IMPORTANT] + > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. + > + > If the device is turned off, the scan will run at the next scheduled scan time. + +## Schedule a scan with Intune + +You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. + +See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From da50b63b45e3cfe776aa45fccfe215ca77d1c256 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:22:47 +0530 Subject: [PATCH 007/136] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 109 +++--------------- 1 file changed, 15 insertions(+), 94 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 8515254bac..0d706608ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,14 +26,16 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -> timedatectl list-timezones + +To get a list of all the time zones, run the following command: + +timedatectl list-timezones > Examples for timezones: -> America/Los_Angeles -> America/New_York -> America/Chicago -> America/Denver +America/Los_Angeles +America/New_York +America/Chicago +America/Denver ## To set the Cron job @@ -42,12 +44,13 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to sudo crontab -l > /var/tmp/cron_backup_200919.dat > [!NOTE] -> Where 200919 == YRMMDD + +Where 200919 == YRMMDD > TIP: -> Do this before you edit or remove. -> To edit the crontab and add a new job as a root user: -> sudo crontab -e +Do this before you edit or remove. +To edit the crontab and add a new job as a root user: +sudo crontab -e > [!NOTE] > The default editor is VIM @@ -65,14 +68,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) Press “Esc” Type “:wq” w/o the double quotes. > [!NOTE] -> w == write, q == quit + w == write, q == quit To view your cron jobs, type sudo crontab -l @@ -163,85 +166,3 @@ crontab -u username -r * * * * * command to be executed - - - - - - - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. - -## Schedule a scan with *launchd* - -You can create a scanning schedule using the *launchd* daemon on a macOS device. - -1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. - - For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. - - ```XML - - - - - Label - com.microsoft.wdav.schedquickscan - ProgramArguments - - sh - -c - /usr/local/bin/mdatp --scan --quick - - RunAtLoad - - StartCalendarInterval - - Day - 3 - Hour - 2 - Minute - 0 - Weekday - 5 - - StartInterval - 604800 - WorkingDirectory - /usr/local/bin/ - - - ``` - -2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. - - > [!TIP] - > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. - -3. Open **Terminal**. -4. Enter the following commands to load your file: - - ```bash - launchctl load /Library/LaunchDaemons/ - launchctl start - ``` - -5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. - - Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. - - > [!IMPORTANT] - > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. - > - > If the device is turned off, the scan will run at the next scheduled scan time. - -## Schedule a scan with Intune - -You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. - -See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From 32e1b1490b117de100bbed41d6478cb7e035c398 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 15:12:25 +0530 Subject: [PATCH 008/136] Update linux-schedule-scan-atp.md minor corrections during self review --- .../linux-schedule-scan-atp.md | 62 +++++++++---------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 0d706608ba..aee27d7e1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,33 +27,31 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to > [!NOTE] -To get a list of all the time zones, run the following command: - -timedatectl list-timezones +> To get a list of all the time zones, run the following command: +`timedatectl list-timezones` > Examples for timezones: -America/Los_Angeles -America/New_York -America/Chicago -America/Denver +> - `America/Los_Angeles` +> - `America/New_York` +>- `America/Chicago` +>- `America/Denver` ## To set the Cron job **To backup crontab entries:** -sudo crontab -l > /var/tmp/cron_backup_200919.dat +`sudo crontab -l > /var/tmp/cron_backup_200919.dat` > [!NOTE] - -Where 200919 == YRMMDD +> Where 200919 == YRMMDD > TIP: Do this before you edit or remove. -To edit the crontab and add a new job as a root user: -sudo crontab -e +To edit the crontab, and add a new job as a root user: +`sudo crontab -e` > [!NOTE] -> The default editor is VIM +> The default editor is VIM. You might see: @@ -72,7 +70,7 @@ In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format Press “Esc” -Type “:wq” w/o the double quotes. +Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit @@ -83,22 +81,22 @@ To view your cron jobs, type sudo crontab -l **How to inspect cron job runs:** -sudo grep mdatp /var/log/cron +`sudo grep mdatp /var/log/cron` **How to inspect the mdatp_cron_job.log** -sudo nano mdatp_cron_job.log +`sudo nano mdatp_cron_job.log` -## For those of you that are using Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet] ### How to set cron jobs in Ansible: -cron – Manage cron.d and crontab entries +`cron – Manage cron.d and crontab entries` -See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. ### How to set crontabs in Chef: -cron resource +`cron resource` -See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. ### How to set cron jobs in Puppet: Resource Type: cron @@ -107,50 +105,50 @@ See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs Automating with Puppet: Cron jobs and scheduled tasks -See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. ## Additional information: **To get help with crontab** -man crontab +`man crontab` **To get a list of crontab file of the current user:** -crontab -l +`crontab -l` **To get a list of crontab file of another user:** -crontab -u username -l +`crontab -u username -l` **To backup crontab entries:** -crontab -l > /var/tmp/cron_backup.dat +`crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove. **To restore crontab entries:** -crontab /var/tmp/cron_backup.dat +`crontab /var/tmp/cron_backup.dat` **To edit the crontab and add a new job as a root user:** -Sudo crontab -e +`Sudo crontab -e` **To edit the crontab and add a new job:** -crontab -e +`crontab -e` **To edit other user’s crontab entries:** -crontab -u username -e +`crontab -u username -e` **To remove all crontab entries:** -crontab -r +`crontab -r` **To remove other user’s crontab entries:** -crontab -u username -r +`crontab -u username -r` **Explanation**: From 970adb587ffd9881b9a735f74d6b7e9bdbe370ab Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 15:27:59 +0530 Subject: [PATCH 009/136] Add files via upload Added new file --- .../threat-protection/images/linux-mdatp.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 17:25:02 +0530 Subject: [PATCH 010/136] Linux_MDATP_4490409 Minor edits --- .../threat-protection/images}/linux-mdatp.png | Bin .../linux-schedule-scan-atp.md | 34 ++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) rename {images => windows/security/threat-protection/images}/linux-mdatp.png (100%) diff --git a/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png similarity index 100% rename from images/linux-mdatp.png rename to windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index aee27d7e1f..347e58511a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -19,16 +19,16 @@ ms.topic: conceptual # Schedule scans with Microsoft Defender ATP for Linux -For the command line to be able to run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -`timedatectl list-timezones` +> To get a list of all the time zones, run the following command: +> `timedatectl list-timezones` > Examples for timezones: > - `America/Los_Angeles` @@ -37,6 +37,7 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to >- `America/Denver` ## To set the Cron job +Use the following commands: **To backup crontab entries:** @@ -66,7 +67,7 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” @@ -75,33 +76,36 @@ Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit -To view your cron jobs, type sudo crontab -l +To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: -**How to inspect cron job runs:** +**To inspect cron job runs:** `sudo grep mdatp /var/log/cron` -**How to inspect the mdatp_cron_job.log** +**To inspect the mdatp_cron_job.log** + `sudo nano mdatp_cron_job.log` ## For those who use Ansible, Chef, or Puppet] -### How to set cron jobs in Ansible: + +Use the following commands: +### To set cron jobs in Ansible: `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### How to set crontabs in Chef: +### To set crontabs in Chef: `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### How to set cron jobs in Puppet: +### To set cron jobs in Puppet: Resource Type: cron -See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. Automating with Puppet: Cron jobs and scheduled tasks @@ -110,6 +114,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h ## Additional information: **To get help with crontab** + `man crontab` **To get a list of crontab file of the current user:** @@ -161,6 +166,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h | | | +——- month (values: 1 – 12) (special characters: ,- * / ) | | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) | | | | | -* * * * * command to be executed + +*****command to be executed From a86c74982cd7697a858c64c1c468dfc8f1e9a854 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 17:56:30 +0530 Subject: [PATCH 011/136] linux-mdatp-1.png New file --- .../threat-protection/images/linux-mdatp-1.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp-1.png diff --git a/windows/security/threat-protection/images/linux-mdatp-1.png b/windows/security/threat-protection/images/linux-mdatp-1.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 20:54:38 +0530 Subject: [PATCH 012/136] 4490409 minor image tag changes --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 347e58511a..6862347fd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -78,7 +78,7 @@ Type “:wq” without the double quotes. To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: **To inspect cron job runs:** From 2c781644824327ee8ca4f743cda8455830c6a314 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 19:55:32 +0530 Subject: [PATCH 013/136] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 6862347fd7..4881a157db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -88,7 +88,7 @@ To view your cron jobs, type `sudo crontab -l` `sudo nano mdatp_cron_job.log` -## For those who use Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet Use the following commands: ### To set cron jobs in Ansible: From cd76be762770237fe42059bdd96cd438e5eac045 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 20:57:59 +0530 Subject: [PATCH 014/136] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..491a44df0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From ac4ce3a6408ffcf5ac0c6d172c226ad27f2d887f Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 21:00:28 +0530 Subject: [PATCH 015/136] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..09fcee81f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,10 +26,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## Pre-requisite > [!NOTE] - > To get a list of all the time zones, run the following command: > `timedatectl list-timezones` - > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` @@ -67,14 +65,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). +>In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” Type “:wq” without the double quotes. > [!NOTE] - w == write, q == quit +> w == write, q == quit To view your cron jobs, type `sudo crontab -l` From 47429eb530bedc9d4ecc942939d5ca9246d6c445 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 21:46:01 +0530 Subject: [PATCH 016/136] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 737bba28fe..2daf8f2576 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From b5c866a3520e0cb37d2df908b76b535a659ca054 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:32:58 +0530 Subject: [PATCH 017/136] Update linux-schedule-scan-atp.md Updated per comments from Yong Rhee --- .../linux-schedule-scan-atp.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 2daf8f2576..b04e20d3a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -155,16 +155,11 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **Explanation**: -+—————- minute (values: 0 – 59) (special characters: , – * /) - -| +————- hour (values: 0 – 23) (special characters: , – * /) - -| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) - -| | | +——- month (values: 1 – 12) (special characters: ,- * / ) -| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) -| | | | | - -*****command to be executed ++—————- minute (values: 0 – 59) (special characters: , – * /)
+| +————- hour (values: 0 – 23) (special characters: , – * /)
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C)
+| | | | |*****command to be executed From 104c43ff75a1f4af29a932f8e2b49618176c5ca9 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:42:18 +0530 Subject: [PATCH 018/136] update-toc-per-4490409 Updated the new topic link in the TOC - "Schedule scans with Microsoft Defender ATP for Linux" --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f69cdfadb5..7325a5cf3e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -284,6 +284,7 @@ ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ##### [Set preferences](microsoft-defender-atp/linux-preferences.md) ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md) +##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md) #### [Troubleshoot]() ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md) From 4eebe0f6f82af97bfc6e9a94c9184cbaa34e3d0a Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:54:54 +0530 Subject: [PATCH 019/136] Update linux-schedule-scan-atp.md minor edit --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index b04e20d3a6..22187f7d02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From 272b272988926a83aac025515b09846e6b1e452e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 15 Oct 2020 11:08:06 -0700 Subject: [PATCH 020/136] Update linux-schedule-scan-atp.md using correct brand names from MDATP to Microsoft Defender for Endpoint (Linux) --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 22187f7d02..d5c088430a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -1,7 +1,7 @@ --- -title: How to schedule scans with MDATP for Linux -description: Learn how to schedule an automatic scanning time for Microsoft Defender ATP in Linux to better protect your organization's assets. -keywords: microsoft, defender, atp, linux, scans, antivirus +title: How to schedule scans with Microsoft Defender for Endpoint (Linux) +description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. +keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux) search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -17,9 +17,9 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Schedule scans with Microsoft Defender ATP for Linux +# Schedule scans with Microsoft Defender for Endpoint (Linux) -To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. From 59eb12e1ebca06511ad3e3ff02e09363171e3921 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 22:49:48 +0530 Subject: [PATCH 021/136] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index d5c088430a..ff23ec7922 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -31,8 +31,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` ->- `America/Chicago` ->- `America/Denver` +> - `America/Chicago` +> - `America/Denver` ## To set the Cron job Use the following commands: @@ -44,9 +44,10 @@ Use the following commands: > [!NOTE] > Where 200919 == YRMMDD -> TIP: -Do this before you edit or remove. -To edit the crontab, and add a new job as a root user: +> [!TIP] +> Do this before you edit or remove.
+ +To edit the crontab, and add a new job as a root user:
`sudo crontab -e` > [!NOTE] @@ -109,7 +110,7 @@ Automating with Puppet: Cron jobs and scheduled tasks See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. -## Additional information: +## Additional information **To get help with crontab** @@ -126,8 +127,9 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **To backup crontab entries:** `crontab -l > /var/tmp/cron_backup.dat` + > [!TIP] -> Do this before you edit or remove. +> Do this before you edit or remove.
**To restore crontab entries:** From c2b1ce54a71a141ca0ab9b953dce06198784fbed Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 23:08:33 +0530 Subject: [PATCH 022/136] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index ff23ec7922..18d93d4b7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -37,7 +37,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## To set the Cron job Use the following commands: -**To backup crontab entries:** +**To backup crontab entries** `sudo crontab -l > /var/tmp/cron_backup_200919.dat` @@ -79,7 +79,7 @@ To view your cron jobs, type `sudo crontab -l` :::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: -**To inspect cron job runs:** +**To inspect cron job runs** `sudo grep mdatp /var/log/cron` @@ -90,18 +90,18 @@ To view your cron jobs, type `sudo crontab -l` ## For those who use Ansible, Chef, or Puppet Use the following commands: -### To set cron jobs in Ansible: +### To set cron jobs in Ansible `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### To set crontabs in Chef: +### To set crontabs in Chef `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### To set cron jobs in Puppet: +### To set cron jobs in Puppet Resource Type: cron See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. @@ -116,46 +116,46 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h `man crontab` -**To get a list of crontab file of the current user:** +**To get a list of crontab file of the current user** `crontab -l` -**To get a list of crontab file of another user:** +**To get a list of crontab file of another user** `crontab -u username -l` -**To backup crontab entries:** +**To backup crontab entries** `crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove.
-**To restore crontab entries:** +**To restore crontab entries** `crontab /var/tmp/cron_backup.dat` -**To edit the crontab and add a new job as a root user:** +**To edit the crontab and add a new job as a root user** `Sudo crontab -e` -**To edit the crontab and add a new job:** +**To edit the crontab and add a new job** `crontab -e` -**To edit other user’s crontab entries:** +**To edit other user’s crontab entries** `crontab -u username -e` -**To remove all crontab entries:** +**To remove all crontab entries** `crontab -r` -**To remove other user’s crontab entries:** +**To remove other user’s crontab entries** `crontab -u username -r` -**Explanation**: +**Explanation** +—————- minute (values: 0 – 59) (special characters: , – * /)
| +————- hour (values: 0 – 23) (special characters: , – * /)
From aae02c543a8b17fb9fb47edf4989936f2b929499 Mon Sep 17 00:00:00 2001 From: Thomas Garrity <31856350+poortom1004@users.noreply.github.com> Date: Mon, 19 Oct 2020 10:59:00 -0500 Subject: [PATCH 023/136] Update active-directory-security-groups.md --- .../access-control/active-directory-security-groups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 61198672fc..5e7db538d0 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3368,9 +3368,9 @@ This security group has not changed since Windows Server 2008. ### Server Operators -Members in the Server Operators group can administer domain servers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. +Members in the Server Operators group can administer domain controllers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. -By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups, Administrators and Domain Admins, in the domain, and the Enterprise Admins group. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. +By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups Administrators and Domain Admins in the domain, and the Enterprise Admins group in the forest root domain. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. The Server Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). From b7f5d38e67c4fce459f4c94795fe7491df8cbf80 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 20 Oct 2020 23:38:41 +0530 Subject: [PATCH 024/136] Update linux-schedule-scan-atp.md minor correction in note --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 18d93d4b7d..3bd8a7cde1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,7 +27,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > [!NOTE] > To get a list of all the time zones, run the following command: -> `timedatectl list-timezones` +> `timedatectl list-timezones`
> Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` From 3f52aca0f46c3c59738dc1183053f0b2f3dcbc1a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 22 Oct 2020 21:33:58 +0500 Subject: [PATCH 025/136] Update hello-cert-trust-adfs.md --- .../hello-for-business/hello-cert-trust-adfs.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 4486823bc5..edd7419a58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -45,7 +45,8 @@ Prepare the Active Directory Federation Services deployment by installing and up > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch Powershell as Administrator. -> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier. +> 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": +```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. From 6cf756296e063e53048024942dc01b9d67d2891e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 23 Oct 2020 18:58:41 -0700 Subject: [PATCH 026/136] new section --- .../microsoft-defender-atp/tvm-exception.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index f8f6565174..76ce732c92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -89,6 +89,119 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** ![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) +## File for exception + +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. + +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). + +### How to create an exception + +Select a security recommendation you would like create an exception for, and then select **Exception options**. + +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) + +Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. + +### Exception scope + +Exceptions can either be created for selected device groups, or for all device groups past and present. + +#### Exception by device group + +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. + +![Showing device group dropdown.](images/tvm-exception-device-group-500.png) + +##### Filtered + +If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. + +Button to filter by device group on any of the threat and vulnerability management pages: + +![Showing selected device groups filter.](images/tvm-selected-device-groups.png) + +Exception view with filtered device groups: + +![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) + +##### Large number of device groups + +If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. + +![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png) + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) + +#### Global exceptions + +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” + +![Showing global exception option.](images/tvm-exception-global.png) + +Some things to keep in mind: + +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire. +- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. + +### Justification + +Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + +The following list details the justifications behind the exception options: + +- **Third party control** - A third party product or software already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced +- **Alternate mitigation** - An internal tool already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced +- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive +- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization + +### View all exceptions + +Navigate to the **Exceptions** tab in the **Remediation** page. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. + +### How to cancel an exception + +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. + +#### Cancel the exception for a specific device group + +If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. + +![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) + +A flyout will appear for the device group, and you can select **Cancel exception**. + +#### Cancel a global exception + +If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. + +![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) + +### View impact after exceptions are applied + +In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. + +![Showing customize columns options.](images/tvm-after-exceptions.png) + +The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed. + +The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. + +![Showing the columns in the table.](images/tvm-after-exceptions-table.png) +If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating. + +1. Select the recommendation and **Open software page** +2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) +3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request. + ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) From 54bcb53231b5f88622d15add7b4b8e6807172a89 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 23 Oct 2020 19:29:11 -0700 Subject: [PATCH 027/136] updated exceptions --- .../microsoft-defender-atp/tvm-exception.md | 96 ++++--------------- 1 file changed, 16 insertions(+), 80 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index 76ce732c92..4421ece5a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -29,91 +29,27 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Sometimes, you may not be able to take the remediation steps suggested by a security recommendation. If that is the case, threat and vulnerability management gives you an avenue to create an exception. - -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and no longer shows up in the security recommendations list. - -## Create an exception - -1. Go to the threat and vulnerability management navigation menu in the Microsoft Defender Security Center, and select [**Security recommendations**](tvm-security-recommendation.md). - -2. Select a security recommendation you would like to create an exception for, and then **Exception options**. -![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) - -3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. - - The following list details the justifications behind the exception options: - - - **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - -4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. - -## View your exceptions - -When you file for an exception from the security recommendations page, you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). - -The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. - -![Example of the exception page and filter options.](images/tvm-exception-filters.png) - -### Exception actions and statuses - -Once an exception exists, you can cancel it at any time by going to the exception in the **Remediation** page and selecting **Cancel exception**. - -The following statuses will be a part of an exception: - -- **Canceled** - The exception has been canceled and is no longer in effect -- **Expired** - The exception that you've filed is no longer in effect -- **In effect** - The exception that you've filed is in progress - -### Exception impact on scores - -Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner: - -- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores. -- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control. -- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made. - -The exception impact shows on both the Security recommendations page column and in the flyout pane. - -![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png) - -### View exceptions in other places - -Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status. - -![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) - -## File for exception - -As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. If your organization has device groups, you will now be able to scope the exception to specific device groups. Exceptions can either be created for selected device groups, or for all device groups past and present. When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). -### How to create an exception +## Permissions -Select a security recommendation you would like create an exception for, and then select **Exception options**. +Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). + +## Create an exception + +Select a security recommendation you would like create an exception for, and then select **Exception options** and fill out the form. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. - -### Exception scope - -Exceptions can either be created for selected device groups, or for all device groups past and present. - -#### Exception by device group +### Exception by device group Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. ![Showing device group dropdown.](images/tvm-exception-device-group-500.png) -##### Filtered +#### Filtered views If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. @@ -125,7 +61,7 @@ Exception view with filtered device groups: ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) -##### Large number of device groups +#### Large number of device groups If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. @@ -135,7 +71,7 @@ A flyout will appear where you can search and choose device groups you want incl ![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) -#### Global exceptions +### Global exceptions If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” @@ -159,7 +95,7 @@ The following list details the justifications behind the exception options: - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization -### View all exceptions +## View all exceptions Navigate to the **Exceptions** tab in the **Remediation** page. @@ -167,11 +103,11 @@ Navigate to the **Exceptions** tab in the **Remediation** page. Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. -### How to cancel an exception +## How to cancel an exception To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. -#### Cancel the exception for a specific device group +### Cancel the exception for a specific device group If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. @@ -179,13 +115,13 @@ If the exception is per device group, then you will need to select the specific A flyout will appear for the device group, and you can select **Cancel exception**. -#### Cancel a global exception +### Cancel a global exception If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) -### View impact after exceptions are applied +## View impact after exceptions are applied In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. From d907ecdd8f30f39db98314e2a3681a70ffbc9275 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 24 Oct 2020 19:10:38 +0530 Subject: [PATCH 028/136] removed REG_SZ added REG_DWORD as per user report #8526 , i removed **REG_SZ** and added **REG_DWORD** https://user-images.githubusercontent.com/3296790/97083291-8a530200-162c-11eb-83e6-a4cc001a18d5.JPG --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 956ca7dc78..13846802f8 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1659,7 +1659,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- Create a new REG_SZ registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. +- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. ### 24.1 Windows Defender SmartScreen From 2e58aa16fc0869d7f63a8fff1082daa1388e4a1d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Oct 2020 21:21:12 +0500 Subject: [PATCH 029/136] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index edd7419a58..379208652b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -44,7 +44,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions". > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. -> 4. Launch Powershell as Administrator. +> 4. Launch PowerShell as an administrator. > 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": ```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. From dd8487ef9baf8469d3e493a424ffb2835ecb89b3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Oct 2020 21:21:22 +0500 Subject: [PATCH 030/136] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 379208652b..1d233bb60e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -45,7 +45,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch PowerShell as an administrator. -> 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": +> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": ```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. From 6a97dfb5454dda514bc3f8a6c03f57f3c055fbd9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 26 Oct 2020 07:28:55 +0500 Subject: [PATCH 031/136] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 1d233bb60e..14ba52e89e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -46,7 +46,9 @@ Prepare the Active Directory Federation Services deployment by installing and up > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch PowerShell as an administrator. > 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": -```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` +> ```PowerShell +> (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier +> ``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. From c3955bf1426e417b293c2d422c736e07235712b8 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 26 Oct 2020 07:29:21 +0500 Subject: [PATCH 032/136] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 14ba52e89e..8e3e7d4f74 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -49,7 +49,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > ```PowerShell > (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier > ``` -> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. +> 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'`. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot. From 928e222bf520c0d196b9ec112d268a7c64ff2a5d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 1 Nov 2020 09:25:10 +0500 Subject: [PATCH 033/136] Update linux-support-install.md --- .../microsoft-defender-atp/linux-support-install.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 15d0e69c78..2444acd2f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -97,7 +97,9 @@ Then rerun step 2. 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. -5. Ensure that the daemon has executable permission. +5. If ```/opt``` directory is a symbolic link, create a bind mount for ```/opt/microsoft```. + +6. Ensure that the daemon has executable permission. ```bash ls -l /opt/microsoft/mdatp/sbin/wdavdaemon ``` @@ -110,7 +112,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan ``` and retry running step 2. -6. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". +7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". ## If mdatp service is running, but EICAR text file detection doesn't work From 22ff0f75b8f8b1035e1f57bd5250038da0ce6826 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 3 Nov 2020 09:03:23 -0800 Subject: [PATCH 034/136] Update whats-new-in-microsoft-defender-atp.md --- .../whats-new-in-microsoft-defender-atp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 7e173b6a93..a24854407e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -67,6 +67,8 @@ For more information preview features, see [Preview features](https://docs.micro - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
Use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions. +- [Device health and compliance report](machine-reports.md)
The device health and compliance report provides high-level information about the devices in your organization. + ## October 2019 - [Indicators for IP addresses, URLs/Domains](manage-indicators.md)
You can now allow or block URLs/domains using your own threat intelligence. From 01d53bd1861df85fe97bd22a9ad4cdb31bf5f8da Mon Sep 17 00:00:00 2001 From: bb-froggy Date: Thu, 5 Nov 2020 10:23:17 +0100 Subject: [PATCH 035/136] OCSP as alternative to CDP --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index fa3b1d7a97..18959a0f1e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -67,7 +67,7 @@ Key trust deployments do not need client issued certificates for on-premises aut The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). -* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. +* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder. * The certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. From 9b9e0c2568933b78376cec5bc5e86622cd93ba33 Mon Sep 17 00:00:00 2001 From: Alexey-Zheltov <71097129+Alexey-Zheltov@users.noreply.github.com> Date: Thu, 5 Nov 2020 21:45:35 +0400 Subject: [PATCH 036/136] Update hello-hybrid-cert-trust-devreg.md Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` command to enable Device Authentication will trigger certificate prompt on Azure AD Joined devices when they are connecting to ADFS. Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` not causing such issue. --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index e5ebf54b09..81afb0421e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -506,7 +506,7 @@ The following script helps you with the creation of the issuance transform rules #### Configure Device Authentication in AD FS Using an elevated PowerShell command window, configure AD FS policy by executing the following command -`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` +`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` #### Check your configuration For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work From 342d51170c2026887adb68299555e459d5fc4500 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 6 Nov 2020 23:35:42 +0500 Subject: [PATCH 037/136] Update use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md Path values in rules were defined incorrectly. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8564 --- ...licy-to-control-specific-plug-ins-add-ins-and-modules.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 79a167e2a1..a6e3ec2b41 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -36,14 +36,14 @@ To work with these options, the typical method is to create a policy that only a For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin1.dll' -$rule += New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin2.dll' +$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' +$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '.\winword.exe' -Level FileName -Deny -AppID '.\temp\addin3.dll' +$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe' New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs ``` From 9cf77e70111abd7e62df26a76dde795b21bbe71b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 7 Nov 2020 19:45:23 +0500 Subject: [PATCH 038/136] Update windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index a6e3ec2b41..a30934a529 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -33,7 +33,7 @@ As of Windows 10, version 1703, you can use WDAC policies not only to control ap To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section). -For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: +For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell $rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' From be9e630af24ee289711b5467e0b70bea0ee65213 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 7 Nov 2020 19:46:02 +0500 Subject: [PATCH 039/136] Update use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md minor changes. --- ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index a30934a529..fc7de322fe 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -36,7 +36,7 @@ To work with these options, the typical method is to create a policy that only a For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' +$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` From 539c1ccd99ef48e314fb4178011a68ed470f801e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 9 Nov 2020 17:37:05 -0800 Subject: [PATCH 040/136] updated zeroday --- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- .../microsoft-defender-atp/tvm-zero-day-vulnerabilities.md | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index b4ffcd5ce4..cab17aed46 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -95,7 +95,7 @@ From the flyout, you can choose any of the following options: - **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution. -- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. +- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT administrator to pick up and address. Track the remediation activity in the Remediation page. - [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index 62b6465eab..f1747bc294 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -84,10 +84,14 @@ Go to the security recommendation page and select a recommendation with a zero-d There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed. -Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.” +Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. You won't be able to select a due date, since there is no specific action to perform. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.” ![Zero day flyout example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-software-flyout-400.png) +## Track zero-day remediation activities + +Go to the threat and vulnerability management [Remediation](tvm-remediation.md) page to view the remediation activity item. If you chose the "attention required" remediation option, there will be no progress bar or ticket status since there is no actual action we can monitor. + ## Patching zero-day vulnerabilities When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.” It will no longer consider as a zero-day, the zero-day tag will be removed from all pages. From f11c8139d7340f866cf435bf471d6dc35133b96f Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Tue, 10 Nov 2020 09:24:57 +0100 Subject: [PATCH 041/136] Update vpn-conditional-access.md Updating the note describing prerequisites for using SSO with information relevant for AAD only joined devices. --- .../identity-protection/vpn/vpn-conditional-access.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index fc09e68a62..002d10e812 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -77,7 +77,9 @@ Two client-side configuration service providers are leveraged for VPN device com - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification > [!NOTE] -> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow From 99dca4838c0fda5a1d603ba6124aae6a88b068d1 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Tue, 10 Nov 2020 15:03:00 +0100 Subject: [PATCH 042/136] Update vpn-profile-options.md Adding additional information for the scope / limitation of the VPN proxy settings configuration --- .../security/identity-protection/vpn/vpn-profile-options.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 29b5df1daf..ccb29a9823 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -34,7 +34,6 @@ The following table lists the VPN settings and whether the setting can be config | Routing: forced-tunnel | yes | | Authentication (EAP) | yes, if connection type is built-in | | Conditional access | yes | -| Proxy settings | yes, by PAC/WPAD file or server and port | | Name resolution: NRPT | yes | | Name resolution: DNS suffix | no | | Name resolution: persistent | no | @@ -45,6 +44,9 @@ The following table lists the VPN settings and whether the setting can be config | LockDown | no | | Windows Information Protection (WIP) | yes | | Traffic filters | yes | +| Proxy settings | yes, by PAC/WPAD file or server and port | +>[!NOTE] +>VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. From 074bc73f723625fc63563ed01df40586cef1d216 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 11 Nov 2020 11:37:35 +0100 Subject: [PATCH 043/136] Update windows/security/identity-protection/vpn/vpn-profile-options.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/identity-protection/vpn/vpn-profile-options.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index ccb29a9823..4c4e67842d 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -45,8 +45,9 @@ The following table lists the VPN settings and whether the setting can be config | Windows Information Protection (WIP) | yes | | Traffic filters | yes | | Proxy settings | yes, by PAC/WPAD file or server and port | ->[!NOTE] ->VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. + +> [!NOTE] +> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. From ea38b9d7d7c0644c7d50a5b031f9fdd2a195981a Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 11 Nov 2020 11:41:25 +0100 Subject: [PATCH 044/136] Update vpn-conditional-access.md --- .../security/identity-protection/vpn/vpn-conditional-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 002d10e812..fa1a76285a 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com > [!NOTE] > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. > -> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name) , the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow From 209277d6a700975891e26100f5be51c5ca6148d8 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 11 Nov 2020 17:12:50 -0500 Subject: [PATCH 045/136] attempt to improve acrolinx score typo fixes, shorter sentences, misc other copyedits --- .../threat-protection/fips-140-validation.md | 704 +++++++++--------- 1 file changed, 354 insertions(+), 350 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 867aadf0d5..755d20142f 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,6 +1,6 @@ --- title: Federal Information Processing Standard (FIPS) 140 Validation -description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. +description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. ms.prod: w10 audience: ITPro author: dansimp @@ -16,41 +16,48 @@ ms.reviewer: ## FIPS 140-2 standard overview -The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. +The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. -The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. +The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. ## Microsoft’s approach to FIPS 140-2 validation -Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. +Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. ## Using Windows in a FIPS 140-2 approved mode of operation -Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory. +Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly. -While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode.  +The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library. + +US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography. Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below. ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed -Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release. +Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. Tables listing validated modules, organized by operating system release, are available later in this article. ### Step 2: Ensure all security policies for all cryptographic modules are followed -Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module. - +Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found in the table of validated modules at the end of this article. Select the module version number to view the published SPD for the module. + ### Step 3: Enable the FIPS security policy -Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). +Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). -### Step 4: Ensure only FIPS validated cryptographic algorithms are used +### Step 4: Ensure that only FIPS validated cryptographic algorithms are used -Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode. +FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant. + +In short, an application or service is running in FIPS mode if it: + +* Checks for the policy flag +* Enforces security policies of validated modules ## Frequently asked questions -### How long does it take to certify cryptographic modules? +### How long does it take to certify a cryptographic module? Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors. @@ -58,29 +65,29 @@ Microsoft begins certification of cryptographic modules after each major feature The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules. -### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? +### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*? -“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. +*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. -### I need to know if a Windows service or application is FIPS 140-2 validated. +### How do I know if a Windows service or application is FIPS 140-2 validated? -The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. +The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions. Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. -### What does "When operated in FIPS mode" mean on a certificate? +### What does *When operated in FIPS mode* mean on a certificate? -This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. +This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. ### What is the relationship between FIPS 140-2 and Common Criteria? -These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. +FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. ### How does FIPS 140 relate to Suite B? -Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard. +Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard. ### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows? -When Windows is configured to operate in FIPS 140 approved mode on both client and server, SMB3 is FIPS 140 compliant and relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.  +SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. ## Microsoft FIPS 140-2 validated cryptographic modules @@ -314,7 +321,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.15063 #3095 -

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+

FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

@@ -324,7 +331,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile 10.0.15063 #3094

#3094

-

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+

FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

@@ -333,40 +340,40 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile Boot Manager 10.0.15063 #3089 -

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader 10.0.15063 #3090 -

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: NDRNG

Windows Resume[1] 10.0.15063 #3091 -FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) +FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) BitLocker® Dump Filter[2] 10.0.15063 #3092 -FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790) +FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790) Code Integrity (ci.dll) 10.0.15063 #3093 -

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.15063 #3096 -

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

@@ -401,7 +408,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 #2937 -

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+

FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

@@ -410,7 +417,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 #2936 -

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+

FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

@@ -419,14 +426,14 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Boot Manager 10.0.14393 #2931 -

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 #2932 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5 @@ -434,7 +441,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile BitLocker® Windows Resume (winresume)[1] 10.0.14393 #2933 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5 @@ -442,13 +449,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile BitLocker® Dump Filter (dumpfve.sys)[2] 10.0.14393 #2934 -FIPS Approved algorithms: AES (Certs. #4061 and #4064) +FIPS approved algorithms: AES (Certs. #4061 and #4064) Code Integrity (ci.dll) 10.0.14393 #2935 -

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+

FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

@@ -457,7 +464,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Secure Kernel Code Integrity (skci.dll)[3] 10.0.14393 #2938 -

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+

FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

@@ -494,7 +501,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10586 #2606 -

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+

FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

@@ -503,7 +510,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10586 #2605 -

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+

FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

@@ -512,7 +519,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Boot Manager[4] 10.0.10586 #2700 -FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -520,7 +527,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Windows OS Loader (winload)[5] 10.0.10586 #2701 -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5; NDRNG @@ -528,7 +535,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Windows Resume (winresume)[6] 10.0.10586 #2702 -FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5 @@ -536,13 +543,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Dump Filter (dumpfve.sys)[7] 10.0.10586 #2703 -FIPS Approved algorithms: AES (Certs. #3653) +FIPS approved algorithms: AES (Certs. #3653) Code Integrity (ci.dll) 10.0.10586 #2604 -

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+

FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

@@ -551,7 +558,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Secure Kernel Code Integrity (skci.dll)[8] 10.0.10586 #2607 -

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+

FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

@@ -592,7 +599,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10240 #2606 -

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+

FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

@@ -601,7 +608,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10240 #2605 -

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+

FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

@@ -610,7 +617,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Boot Manager[9] 10.0.10240 #2600 -FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -618,7 +625,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Windows OS Loader (winload)[10] 10.0.10240 #2601 -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5; NDRNG @@ -626,7 +633,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Windows Resume (winresume)[11] 10.0.10240 #2602 -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5 @@ -634,13 +641,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Dump Filter (dumpfve.sys)[12] 10.0.10240 #2603 -FIPS Approved algorithms: AES (Certs. #3497 and #3498) +FIPS approved algorithms: AES (Certs. #3497 and #3498) Code Integrity (ci.dll) 10.0.10240 #2604 -

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+

FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

@@ -649,7 +656,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Secure Kernel Code Integrity (skci.dll)[13] 10.0.10240 #2607 -

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+

FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

@@ -658,13 +665,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface -\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[12\] Applies only to Pro, Enterprise and Enterprise LTSB +\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB \[13\] Applies only to Enterprise and Enterprise LTSB @@ -690,25 +697,25 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 #2357 -

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+

FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 #2356 -

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+

FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager 6.3.9600 6.3.9600.17031 #2351 -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -716,7 +723,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 #2352 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG @@ -724,7 +731,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Windows Resume (winresume)[14] 6.3.9600 6.3.9600.17031 #2353 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5 @@ -732,7 +739,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Dump Filter (dumpfve.sys) 6.3.9600 6.3.9600.17031 #2354 -FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A @@ -740,7 +747,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 #2355#2355 -

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+

FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

@@ -767,9 +774,9 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 #1892 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

@@ -777,17 +784,17 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 #1891 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.2.9200 #1895 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -795,7 +802,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 #1896 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG @@ -803,7 +810,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Windows Resume (WINRESUME)[15] 6.2.9200 #1898 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -811,7 +818,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 #1899 -FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A @@ -819,7 +826,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Code Integrity (CI.DLL) 6.2.9200 #1897 -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -827,19 +834,19 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 #1893 -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 #1894 -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -870,11 +877,11 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7600.16385

6.1.7601.17514

1329 -FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Kernel Mode Cryptographic Primitives Library (cng.sys) @@ -887,16 +894,16 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21861

6.1.7601.22076

1328 -FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Boot Manager

6.1.7600.16385

6.1.7601.17514

1319 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)

@@ -913,7 +920,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21655

6.1.7601.21675

1326 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5 @@ -932,7 +939,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21655

6.1.7601.21675

1332 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser @@ -945,7 +952,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.17950

6.1.7601.22108

1327 -FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5 @@ -954,7 +961,7 @@ Validated Editions: Windows 7, Windows 7 SP1 6.1.7600.16385
(no change in SP1) 1331 -FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 @@ -963,9 +970,9 @@ Validated Editions: Windows 7, Windows 7 SP1 6.1.7600.16385
(no change in SP1) 1330 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -993,13 +1000,13 @@ Validated Editions: Ultimate Edition Boot Manager (bootmgr) 6.0.6001.18000 and 6.0.6002.18005 978 -FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) +FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 979 -FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5 @@ -1007,37 +1014,37 @@ Validated Editions: Ultimate Edition Code Integrity (ci.dll) 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 980 -FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5 Kernel Mode Security Support Provider Interface (ksecdd.sys) -6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 +6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 1000 -

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll) -6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 +6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 1001 -

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH) -6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 +6.0.6001.22202 and 6.0.6002.18005 1002 -

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1003 -

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

+

FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

@@ -1059,23 +1066,23 @@ Validated Editions: Ultimate Edition Enhanced Cryptographic Provider (RSAENH) 6.0.6000.16386 893 -FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6000.16386 894 -FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 +Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 BitLocker™ Drive Encryption 6.0.6000.16386 947 -FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

Other algorithms: Elephant Diffuser @@ -1083,9 +1090,9 @@ Validated Editions: Ultimate Edition Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 891 -FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 +Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 @@ -1111,22 +1118,22 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.1.2600.5512 997 -

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

+

FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.1.2600.5507 990 -

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

+

FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH) 5.1.2600.5507 989 -

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

+

FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

+

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)

@@ -1152,14 +1159,14 @@ Validated Editions: Ultimate Edition DSS/Diffie-Hellman Enhanced Cryptographic Provider 5.1.2600.2133 240 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider 5.1.2600.2161 238 -

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

@@ -1186,7 +1193,7 @@ Validated Editions: Ultimate Edition Microsoft Enhanced Cryptographic Provider 5.1.2600.1029 238 -

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

@@ -1213,7 +1220,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module 5.1.2600.0 241 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

Other algorithms: DES (Cert. #89)

@@ -1240,7 +1247,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 -

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

@@ -1250,7 +1257,7 @@ Validated Editions: Ultimate Edition

(DSS/DH Enh: 5.0.2195.3665 [SP3])

(Enh: 5.0.2195.3839 [SP3]

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1277,7 +1284,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 -

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

@@ -1291,7 +1298,7 @@ Validated Editions: Ultimate Edition

(Enh:

5.0.2195.2228 [SP2])

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1321,7 +1328,7 @@ Validated Editions: Ultimate Edition

(DSS/DH Enh: 5.0.2150.1391 [SP1])

(Enh: 5.0.2150.1391 [SP1])

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1348,7 +1355,7 @@ Validated Editions: Ultimate Edition Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.2150.1 76 -

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

@@ -1375,7 +1382,7 @@ Validated Editions: Ultimate Edition Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 75 -

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

+

FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

@@ -1396,7 +1403,7 @@ Validated Editions: Ultimate Edition Base Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 68 -FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) @@ -1631,7 +1638,7 @@ Validated Editions: Standard, Datacenter, Storage Server Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 2937 -FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) @@ -1639,7 +1646,7 @@ Validated Editions: Standard, Datacenter, Storage Server Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 2936 -FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) @@ -1647,14 +1654,14 @@ Validated Editions: Standard, Datacenter, Storage Server Boot Manager 10.0.14393 2931 -

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 2932 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5 @@ -1662,7 +1669,7 @@ Validated Editions: Standard, Datacenter, Storage Server BitLocker® Windows Resume (winresume) 10.0.14393 2933 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5 @@ -1670,13 +1677,13 @@ Validated Editions: Standard, Datacenter, Storage Server BitLocker® Dump Filter (dumpfve.sys) 10.0.14393 2934 -FIPS Approved algorithms: AES (Certs. #4061 and #4064) +FIPS approved algorithms: AES (Certs. #4061 and #4064) Code Integrity (ci.dll) 10.0.14393 2935 -FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5 @@ -1684,7 +1691,7 @@ Validated Editions: Standard, Datacenter, Storage Server Secure Kernel Code Integrity (skci.dll) 10.0.14393 2938 -FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5 @@ -1710,23 +1717,23 @@ Validated Editions: Server, Storage Server, Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 2357 -FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 2356 -FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.3.9600 6.3.9600.17031 2351 -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -1734,7 +1741,7 @@ Validated Editions: Server, Storage Server, BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 2352 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG @@ -1742,7 +1749,7 @@ Validated Editions: Server, Storage Server, BitLocker® Windows Resume (winresume)[16] 6.3.9600 6.3.9600.17031 2353 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5 @@ -1750,7 +1757,7 @@ Validated Editions: Server, Storage Server, BitLocker® Dump Filter (dumpfve.sys)[17] 6.3.9600 6.3.9600.17031 2354 -FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A @@ -1758,7 +1765,7 @@ Validated Editions: Server, Storage Server, Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 2355 -FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5 @@ -1766,9 +1773,9 @@ Validated Editions: Server, Storage Server, -\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** +\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** -\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** +\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** **Windows Server 2012** @@ -1786,27 +1793,27 @@ Validated Editions: Server, Storage Server Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 1892 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 1891 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.2.9200 1895 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1814,7 +1821,7 @@ Validated Editions: Server, Storage Server BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 1896 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG @@ -1822,7 +1829,7 @@ Validated Editions: Server, Storage Server BitLocker® Windows Resume (WINRESUME) 6.2.9200 1898 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1830,7 +1837,7 @@ Validated Editions: Server, Storage Server BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 1899 -FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A @@ -1838,7 +1845,7 @@ Validated Editions: Server, Storage Server Code Integrity (CI.DLL) 6.2.9200 1897 -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1846,7 +1853,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 1893 -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -1854,9 +1861,9 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 1894 -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -1874,65 +1881,65 @@ Validated Editions: Server, Storage Server Boot Manager (bootmgr) -6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514 +6.1.7600.16385 or 6.1.7601.17514 1321 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Winload OS Loader (winload.exe) -6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 +6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 1333 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Code Integrity (ci.dll) -6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 +6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 1334 -FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Kernel Mode Cryptographic Primitives Library (cng.sys) -6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 +6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 1335 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Cryptographic Primitives Library (bcryptprimitives.dll) -66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514 +66.1.7600.16385 or 6.1.7601.17514 1336 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 +Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 Enhanced Cryptographic Provider (RSAENH) 6.1.7600.16385 1337 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.1.7600.16385 1338 -FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 BitLocker™ Drive Encryption -6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 +6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 1339 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser @@ -1952,61 +1959,61 @@ Validated Editions: Server, Storage Server Boot Manager (bootmgr) -6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 +6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 1004 -FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: N/A Winload OS Loader (winload.exe) -6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 +6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 1005 -FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5 Code Integrity (ci.dll) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1006 -FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5 Kernel Mode Security Support Provider Interface (ksecdd.sys) -6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 +6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 1007 -FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Cryptographic Primitives Library (bcrypt.dll) -6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 +6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 1008 -FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) +Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1009 -FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 +-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Enhanced Cryptographic Provider (RSAENH) -6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 +6.0.6001.22202 and 6.0.6002.18005 1010 -FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -2032,22 +2039,22 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.3959 875 -

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

+

FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.3959 869 -

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

+

FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.3959 868 -

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

+

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

@@ -2073,7 +2080,7 @@ Validated Editions: Server, Storage Server Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.1830 [SP1] 405 -

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

@@ -2082,7 +2089,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH) 5.2.3790.1830 [Service Pack 1]) 382 -

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

@@ -2091,7 +2098,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.1830 [Service Pack 1] 381 -

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

@@ -2120,7 +2127,7 @@ Validated Editions: Server, Storage Server Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.0 405 -

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

@@ -2129,7 +2136,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH) 5.2.3790.0 382 -

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

@@ -2138,7 +2145,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.0 381 -

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

@@ -2169,15 +2176,15 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider 7.00.2872 [1] and 8.00.6246 [2] 2957 -

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

-

Allowed algorithms: HMAC-MD5; MD5; NDRNG

+

FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

+

Allowed algorithms: HMAC-MD5, MD5, NDRNG

Cryptographic Primitives Library (bcrypt.dll) 7.00.2872 [1] and 8.00.6246 [2] 2956 -

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

-

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

+

FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

+

Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength

@@ -2204,7 +2211,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider 6.00.1937 [1] and 7.00.1687 [2] 825 -

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

+

FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

@@ -2229,9 +2236,9 @@ Validated Editions: Server, Storage Server Outlook Cryptographic Provider (EXCHCSP) -SR-1A (3821)SR-1A (3821) +SR-1A (3821) 110 -

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

@@ -2320,7 +2327,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2393,7 +2400,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2426,7 +2433,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2499,7 +2506,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2532,7 +2539,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2606,7 +2613,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2669,7 +2676,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4902

    Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

    @@ -2682,7 +2689,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4901

    Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

    @@ -2695,7 +2702,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4897

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

    @@ -2732,8 +2739,8 @@ The following tables are organized by cryptographic algorithms with their modes,

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    -

    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported

    -

    GMAC_Supported

    +

    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported

    +

    GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

    Version 10.0.15063

    @@ -2778,8 +2785,8 @@ The following tables are organized by cryptographic algorithms with their modes,

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

    Version 10.0.14393

    @@ -2830,8 +2837,8 @@ Version 10.0.10586

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629

    @@ -2856,8 +2863,8 @@ GMAC_Supported

    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
    Version 10.0.10240 @@ -2881,7 +2888,7 @@ Version 10.0.10240

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES Val#2832

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848

    Version 6.3.9600

    @@ -2889,10 +2896,10 @@ Version 10.0.10240

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    -

    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); AAD Lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96BitIV_Supported;
    +

    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;
    OtherIVLen_Supported
    -GMAC_Supported

    -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

    +GMAC supported

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

    Version 6.3.9600

    @@ -2902,12 +2909,12 @@ AES Val#2197

    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
    +GMAC supported

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216 -

    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    +

    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES Val#2196

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 @@ -2927,13 +2934,13 @@ GMAC_Supported

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196 -CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    +CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    AES Val#1168

    Windows Server 2008 R2 and SP1 CNG algorithms #1187

    Windows 7 Ultimate and SP1 CNG algorithms #1178

    -CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    +CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
    AES Val#1168 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 @@ -2950,11 +2957,11 @@ AES #1168, vendor-affirmed -CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) +CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760 -CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 ) +CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    Windows Server 2008 CNG algorithms #757

    Windows Vista Ultimate SP1 CNG algorithms #756

    @@ -2995,7 +3002,7 @@ AES CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)] -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

    Version 6.3.9600

    @@ -3280,7 +3287,7 @@ Deterministic Random Bit Generator (DRBG)

    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    KeyPairGen:   [(2048,256); (3072,256)]

    -

    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]

    +

    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val#3790

    DRBG: Val# 1555

    @@ -3289,16 +3296,16 @@ Deterministic Random Bit Generator (DRBG) FIPS186-4:
    -PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    -SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    +PQG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    +SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    SHS: Val# 3649

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

    Version 7.00.2872

    FIPS186-4:
    -PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    -SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    +PQG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    +SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    SHS: Val#3648

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

    Version 8.00.6246

    @@ -3310,7 +3317,7 @@ PQG(gen)PARMS TESTED: [
    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]
    SIG(gen)PARMS TESTED:   [(2048,256)
    -SHA(256); (3072,256) SHA(256); ]
    +SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 3347
    DRBG: Val# 1217

    @@ -3320,7 +3327,7 @@ DRBG:

    FIPS186-4:
    PQG(gen)    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    -KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    +KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 3047
    DRBG: Val# 955

    @@ -3332,7 +3339,7 @@ DRBG: Val# 2886
    DRBG: Val# 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

    @@ -3345,11 +3352,11 @@ PQG(gen)PARMS TESTED:   [
    PQG(ver)PARMS TESTED:   [(2048,256)
    SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]
    -SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    +SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 2373
    DRBG: Val# 489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

    Version 6.3.9600

    @@ -3361,11 +3368,11 @@ DRBG: #1903
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 @@ -3374,7 +3381,7 @@ PQG(ver) MOD(1024);
    SIG(ver) MOD(1024);
    SHS: #1902
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 @@ -3382,7 +3389,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1773
    DRBG: Val# 193
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 @@ -3390,7 +3397,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1081
    DRBG: Val# 23
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

    Windows Server 2008 R2 and SP1 CNG algorithms #391

    Windows 7 Ultimate and SP1 CNG algorithms #386

    @@ -3399,7 +3406,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1081
    RNG: Val# 649
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

    @@ -3407,7 +3414,7 @@ Some of the previously validated components for this validation have been remove FIPS186-2:
    SIG(ver)     MOD(1024);
    SHS: Val# 753
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

    Windows Server 2008 CNG algorithms #284

    Windows Vista Ultimate SP1 CNG algorithms #283

    @@ -3416,7 +3423,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 753
    RNG: Val# 435
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

    Windows Server 2008 Enhanced DSS (DSSENH) #282

    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

    @@ -3425,7 +3432,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 618
    RNG: Val# 321
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

    Windows Vista CNG algorithms #227

    Windows Vista Enhanced DSS (DSSENH) #226

    @@ -3434,7 +3441,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 784
    RNG: Val# 448
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 @@ -3442,7 +3449,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 783
    RNG: Val# 447
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 @@ -3548,7 +3555,7 @@ SHS: SHA-1 (BYTE)

    Prerequisite: SHS #2373, DRBG #489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

    Version 6.3.9600

    @@ -3892,7 +3899,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: Val#2373
    DRBG: Val# 489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

    Version 6.3.9600

    @@ -3900,7 +3907,7 @@ DRBG: #1903
    DRBG: #258
    -SIG(ver):CURVES(P-256 P-384 P-521)
    +SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: #1903
    DRBG: #258

    FIPS186-4:
    @@ -3909,7 +3916,7 @@ PKG: CURVES    (P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    SHS: #1903
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 @@ -3926,7 +3933,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    SHS: Val#1773
    DRBG: Val# 193
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 @@ -3937,7 +3944,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#1081
    DRBG: Val# 23
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

    Windows Server 2008 R2 and SP1 CNG algorithms #142

    Windows 7 Ultimate and SP1 CNG algorithms #141

    @@ -3947,7 +3954,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SHS: Val#753
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#753
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

    Windows Server 2008 CNG algorithms #83

    Windows Vista Ultimate SP1 CNG algorithms #82

    @@ -3959,7 +3966,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#618
    RNG: Val# 321
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. Windows Vista CNG algorithms #60 @@ -4219,7 +4226,7 @@ SHS Val#2373

    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    SHS Val#2373

    -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

    Version 6.3.9600

    @@ -4500,7 +4507,7 @@ SHS -
  • One Pass DH:
    • +
  • One-Pass DH: