From 77d7f402643b360d21eee717b85d19b41ce68272 Mon Sep 17 00:00:00 2001 From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com> Date: Mon, 30 Mar 2020 16:41:45 -0600 Subject: [PATCH 01/92] Update metadata descriptions 3_30 3 --- .../set-up-mdt-for-bitlocker.md | 3 +- ...compatibility-administrator-users-guide.md | 3 +- ...se-management-strategies-and-deployment.md | 9 +- windows/deployment/update/waas-morenews.md | 6 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 12 +- ...ivate-using-key-management-service-vamt.md | 290 +++++++++--------- ...t-to-microsoft-during-activation-client.md | 144 ++++----- .../monitor-activation-client.md | 90 +++--- .../windows-10-deployment-tools-reference.md | 4 +- .../deployment/windows-10-deployment-tools.md | 4 +- 11 files changed, 289 insertions(+), 278 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index d54f06dc77..e68b815828 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -4,7 +4,7 @@ ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy @@ -14,6 +14,7 @@ ms.pagetype: mdt audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Set up MDT for BitLocker diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index afbb20379c..30dcd0de23 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -4,7 +4,7 @@ ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -12,6 +12,7 @@ ms.sitesec: library audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 162ad2c153..18f52b5803 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -13,6 +13,7 @@ audience: itpro author: greg-lindsay ms.date: 04/19/2017 ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Fix Database Management Strategies and Deployment @@ -88,7 +89,7 @@ This approach tends to work best for organizations that have a well-developed de ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** @@ -113,7 +114,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization’s computers. +1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -124,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..28ac9a4c6c 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -11,6 +11,8 @@ ms.reviewer: manager: laurawi ms.localizationpriority: high ms.topic: article +description: Read news articles about Windows as a service, including Windows 10, Windows 10 Enterprise, Windows 10 Pro. +ms.custom: seo-marvel-mar2020 --- # Windows as a service - More news @@ -19,8 +21,8 @@ Here's more news about [Windows as a service](windows-as-a-service.md):

You can either:

    -

  1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    2. -

  2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

    3. +

  3. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    4. +

  4. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

<component context="UserAndSystem" type="Application">
   <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
@@ -3847,7 +3845,7 @@ See the last component in the MigUser.xml file for an example of this element.
 ~~~
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile.
+If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
 
 The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
@@ -4104,12 +4102,12 @@ Syntax:
 
 
name

 
Yes

-
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

+
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify MyComponent.InstallPath.

 
 
 
remap

 
No, default = FALSE

-
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

+
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.

 
 
 
@@ -4228,27 +4226,27 @@ The following functions are for internal USMT use only. Do not use them in an .x
 
 You can use the following version tags with various helper functions:
 
--   “CompanyName”
+-   "CompanyName"
 
--   “FileDescription”
+-   "FileDescription"
 
--   “FileVersion”
+-   "FileVersion"
 
--   “InternalName”
+-   "InternalName"
 
--   “LegalCopyright”
+-   "LegalCopyright"
 
--   “OriginalFilename”
+-   "OriginalFilename"
 
--   “ProductName”
+-   "ProductName"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   “FileVersion”
+-   "FileVersion"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 ## Related topics
 
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 06e514f5b7..e9f8587729 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section contains topics that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 
 
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index e5c224c42c..88176e8e84 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -23,7 +23,7 @@ When you migrate files and settings during a typical PC-refresh migration, the u
 
 -   All of the files being migrated.
 
--   The user’s settings.
+-   The user's settings.
 
 -   A catalog file that contains metadata for all files in the migration store.
 
@@ -37,7 +37,7 @@ When you use the **/verify** option, you can specify what type of information to
 
 -   **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+## In this topic
 
 
 The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d35f96bdc7..b86f415221 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index fe9b3114ee..21bedde961 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 72013798ef..646d92f8a9 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Introduction to VAMT
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
 
 **Note**  
 VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## In this Topic
+## In this topic
 -   [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
 -   [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
 -   [Enterprise Environment](#bkmk-enterpriseenvironment)
@@ -46,7 +46,7 @@ VAMT is commonly implemented in enterprise environments. The following illustrat
 
 ![VAMT in the enterprise](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
 
 ## VAMT User Interface
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index f1f3ce5baf..a2699960b3 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to activate a client computer, by using a variety of activation methods.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 64027a69f0..c363018e6d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Manage Product Keys
 
 This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 889a9d6975..1d0a211e37 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 |Topic |Description |
 |------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 75c2d8b3f0..c203fe7ea5 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -14,7 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Monitor activation
@@ -41,6 +41,6 @@ You can monitor the success of the activation process for a computer running Win
 - See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 - The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+## Related topics
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 61096c7c82..4ce4e78992 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -28,7 +28,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
+## In this topic
 -   [Install and start VAMT on a networked host computer](#bkmk-partone)
 -   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
 -   [Connect to VAMT database](#bkmk-partthree)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index a99e7fd10a..98bc193c4f 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -20,13 +20,13 @@ ms.topic: article
 
 This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related topics
 - [Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index c73cbc4546..23c0a83614 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -13,13 +13,14 @@ audience: itpro
 author: greg-lindsay
 ms.date: 04/25/2017
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Volume Activation Management Tool (VAMT) Technical Reference
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
--   Windows® 7 or above
+-   Windows® 7 or above
 -   Windows Server 2008 R2 or above
 
 
@@ -28,7 +29,7 @@ VAMT is designed to manage volume activation for: Windows 7, Windows 8, Window
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
index 234ae17fcc..02790d704c 100644
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -49,6 +50,6 @@ Note: It is also recommended to set Windows Encryption -> Windows Settings -> En
 
 Windows 10, version 1809 or later.
 
-## See also
+## Related topics
 
 [Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

From 6c8fd18af3a5b910770b227e871ad90f20a68e90 Mon Sep 17 00:00:00 2001
From: jdmartinez36 <62392619+jdmartinez36@users.noreply.github.com>
Date: Mon, 27 Apr 2020 17:00:35 -0600
Subject: [PATCH 14/92] Description and anchorlink text edits

Description and anchorlink text edits.
---
 ...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
 .../upgrade-to-windows-10-with-configuraton-manager.md         | 3 ++-
 windows/deployment/windows-autopilot/autopilot-mbr.md          | 2 +-
 .../windows-autopilot/demonstrate-deployment-on-vm.md          | 2 +-
 windows/deployment/windows-autopilot/registration-auth.md      | 3 ++-
 windows/deployment/windows-autopilot/self-deploying.md         | 3 ++-
 .../windows-autopilot/windows-autopilot-scenarios.md           | 3 ++-
 7 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..772a703dd2 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index 553be3b239..e4b97b8f74 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
index 24cf4eb654..dc01756f7c 100644
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ b/windows/deployment/windows-autopilot/autopilot-mbr.md
@@ -70,7 +70,7 @@ To deregister an Autopilot device from Intune, an IT Admin would:
 
 The deregistration process will take about 15 minutes.  You can accelerate the process by clicking the "Sync" button, then "Refresh" the display until the device is no longer present.
 
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
+More details on deregistering devices from Intune can be found at [Enroll Windows devices in Intune by using the Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
 
 ### Deregister from MPC
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index c2481e9f46..93415f3702 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -571,7 +571,7 @@ Windows Autopilot will now take over to automatically join your device into Azur
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
 
 ### Delete (deregister) Autopilot device
 
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..ff5a02322e 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -45,7 +46,7 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
     ![Request a reseller relationship](images/csp1.png)
     - Select the checkbox indicating whether or not you want delegated admin rights:
     ![Delegated rights](images/csp2.png)
-    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
     - Send the template above to the customer via email.
 2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
 
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 4bdb15131d..32a9fc9283 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
+description: Self-deploying mode allows a device to be deployed with little user interaction and deploys Windows 10 as a kiosk, digital signage device, or a shared device.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.reviewer: mniehaus
 manager: laurawi
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Autopilot Self-Deploying mode
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index ab95bacbee..307d43a3b9 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -59,7 +60,7 @@ The key value is a DWORD with  **0** = disabled and **1** = enabled.
 | 1 | Cortana voiceover is enabled |
 | No value | Device will fall back to default behavior of the edition |
 
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+To change this key value, use WCD tool to create as PPKG as documented in [OOBE (Windows Configuration Designer reference)](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
 
 ### Bitlocker encryption
 

From 871309e121b8e97059786a82842d128f64492cc1 Mon Sep 17 00:00:00 2001
From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com>
Date: Wed, 29 Apr 2020 15:01:34 -0600
Subject: [PATCH 15/92] Update metadata seo marvel 4_29

---
 .../deployment/configure-a-pxe-server-to-load-windows-pe.md   | 3 +--
 windows/deployment/mbr-to-gpt.md                              | 2 --
 windows/deployment/update/PSFxWhitepaper.md                   | 3 +--
 windows/deployment/usmt/usmt-configxml-file.md                | 2 +-
 ...-information-sent-to-microsoft-during-activation-client.md | 4 ++--
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..10ca75dcc9 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -15,6 +15,7 @@ audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -23,8 +24,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 069506bda7..63942c3c38 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -23,8 +23,6 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 -   Windows 10
 
-## Summary
-
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 
 
 >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 8f73fcdfd0..4a6d9ab0f1 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -12,6 +12,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Updates using forward and reverse differentials
@@ -37,8 +38,6 @@ The following general terms apply throughout this document:
 - *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
 - *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
 
-## Introduction
-
 In this paper, we introduce a new technique that can produce compact software
 updates optimized for any origin/destination revision pair. It does this by
 calculating forward the differential of a changed file from the base version and
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f8f45b4983..4c13ebf641 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -34,7 +34,7 @@ To exclude a component from the Config.xml file, set the **migrate** value to **
 
  
 
-## In This Topic
+## In this topic
 
 
 In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only.
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 1d78a11ea3..82f515da68 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -15,7 +15,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Appendix: Information sent to Microsoft during activation
@@ -66,7 +66,7 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related topics
 
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
  

From ba1ebe05ae281ada212a7e536e875e559738c0b0 Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 5 May 2020 18:05:34 -0700
Subject: [PATCH 16/92] fixing meta

---
 .../replace-a-windows-7-computer-with-a-windows-10-computer.md  | 2 +-
 windows/deployment/planning/sua-users-guide.md                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 1d0f3af3ab..84daf20005 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e896536b7d..2d34aa8326 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,7 +1,7 @@
 ---
 title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
 ms.reviewer: 
 manager: laurawi

From dda752b272b485db68276ad48a655287ca8ab3e3 Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:26:39 -0700
Subject: [PATCH 17/92] Update
 add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

---
 ...10-deployment-with-windows-pe-using-configuration-manager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ca669792bb..4bb5ffd7a4 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,5 +1,5 @@
 ---
-title: Add drivers to Windows 10 with Windows PE using Configuration Manager
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 

From 02418ae3f8e00014f4f7ed4d42873cf2695385fb Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:30:55 -0700
Subject: [PATCH 18/92] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be5c414b84..e89d1cec9f 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 features lifecycle
-description: In this article, learn about the lifecycle of Windows 10 features, such as what's new and what's been removed.
+description: In this article, learn about the lifecycle of Windows 10 features, such as what's no longer being developed and what's been removed.
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

From f5086843d177647664ff6ac8763cd49e2cda619c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 2 Oct 2020 07:43:23 +0500
Subject: [PATCH 19/92] Update hello-hybrid-key-whfb-provision.md

---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md      | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 73e002c7c2..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -57,9 +57,6 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
-> [!NOTE]
-> Microsoft is actively investigating ways to reduce the synchronization latency and delays.  
-
 


 
 


From afbbff26634cb58c8469dbe02ce5d33fff8b5847 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 4 Oct 2020 11:37:19 +0500
Subject: [PATCH 20/92] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 5a790c046a..f9fef4f777 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 1e194317db2d5aad0b1adab0e47401829a98bfa6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 21 Oct 2020 22:04:44 +0500
Subject: [PATCH 21/92] Updated login user example

The login format was not properly mentioned in the document. Updated this info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1656
---
 windows/client-management/connect-to-remote-aadj-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index f25c37dce5..13ee43e312 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -63,7 +63,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

From 06bf32b6a8ef7fe0ba6acfda163a358a2fc6b397 Mon Sep 17 00:00:00 2001
From: Takeshi Katano 
Date: Thu, 22 Oct 2020 11:48:04 +0900
Subject: [PATCH 22/92] Incorrect WMI property names

SignatureFallbackOrder and SignatureDefinitionUpdateFileSharesSouce properties are for signature source order properties.
---
 ...atch-up-scans-microsoft-defender-antivirus.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index f176529dde..31c00d261d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -100,8 +100,10 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanParameters
+ScanScheduleDay
+ScanScheduleTime
+RandomizeScheduleTaskTimes
 ```
 
 See the following for more information and allowed parameters:
@@ -138,8 +140,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanOnlyIfIdleEnabled
 ```
 
 See the following for more information and allowed parameters:
@@ -173,8 +174,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+RemediationScheduleDay
+RemediationScheduleTime
 ```
 
 See the following for more information and allowed parameters:
@@ -210,8 +211,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanScheduleQuickScanTime
 ```
 
 See the following for more information and allowed parameters:

From f2752581be06136f47f7f01ee8d4248e356cad2e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:25:54 +0500
Subject: [PATCH 23/92] Update mac-jamfpro-policies.md

---
 .../microsoft-defender-atp/mac-jamfpro-policies.md              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index a56afd0ef7..9a095843cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -776,8 +776,6 @@ Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](
 
 8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
-    - Manifest File: Select **Upload Manifest File**. 
-
     **Options tab**
 Keep default values.
 
     **Limitations tab**
 Keep default values.

From 911ac4e7705d8f3d08b3a5b4dd140c5877a119bb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:45:14 +0500
Subject: [PATCH 24/92] Update endpoint-detection-response-mac-preview.md

---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..ea1b4c4883 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 3ea0d2cdb21afe1cc379b9fc4796add089ac9ee6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:16 +0500
Subject: [PATCH 25/92] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index ea1b4c4883..0efdd31269 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 1c9db02d6135776326f9752bd11e86aae8bf186e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:29 +0500
Subject: [PATCH 26/92] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0efdd31269..0643c6eff8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf

From 454fbba3d74acb35c7dd64c88415fd638ffa0b0d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:49 +0500
Subject: [PATCH 27/92] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0643c6eff8..5e45dab3cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
->Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 

From c5ec2ab97f5a5da3a994aee44cc61fb8bd958989 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:35:57 -0700
Subject: [PATCH 28/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...age-updates-baselines-microsoft-defender-antivirus.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 2b26a44de5..db120e40bf 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/21/2020
+ms.date: 10/26/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -23,7 +23,7 @@ ms.date: 10/21/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
 
@@ -69,10 +69,7 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p
 
 For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
 
-All our updates contain:
-- performance improvements
-- serviceability improvements
-- integration improvements (Cloud, Microsoft 365 Defender)  
+All our updates contain performance improvements, serviceability improvements, and integration improvements (Cloud, Microsoft 365 Defender).
 

 
 

From a55333fbda5dd615d8495bfcd7dafb2225d169f1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:40:07 -0700
Subject: [PATCH 29/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...es-baselines-microsoft-defender-antivirus.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index db120e40bf..a758ef64e1 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -74,6 +74,23 @@ All our updates contain performance improvements, serviceability improvements, a
 
 
 

+ October-2020 (Platform: - | Engine: 1.1.17500.x)
+
+ Security intelligence update version: **1.325.x.x**  
+ Released: **date**  
+ Platform: **4.xx.xxxx.x**  
+ Engine: **1.1.17500.x**  
+ Support phase: **Security and Critical Updates**
+    
+### What's new
+- item
+- item
+- item
+
+### Known Issues
+No known issues  
+

+

  September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)
 
  Security intelligence update version: **1.325.10.0**  

From aab00aa3a85b6b611d028629f4d85f2d48a583cf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:58:55 -0700
Subject: [PATCH 30/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a758ef64e1..452386c7e5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -74,11 +74,11 @@ All our updates contain performance improvements, serviceability improvements, a
 
 
 

- October-2020 (Platform: - | Engine: 1.1.17500.x)
+ October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17500.x)
 
  Security intelligence update version: **1.325.x.x**  
  Released: **date**  
- Platform: **4.xx.xxxx.x**  
+ Platform: **4.18.2010.x**  
  Engine: **1.1.17500.x**  
  Support phase: **Security and Critical Updates**
     

From d9ded8c49f0659b7791dbf72f144dec8682dd678 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 28 Oct 2020 20:11:03 +0500
Subject: [PATCH 31/92] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index f9fef4f777..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 955b4d373ee3db7215b3d5bddcd88cfcafbc1a7e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 14:42:30 -0700
Subject: [PATCH 32/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...-baselines-microsoft-defender-antivirus.md | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 1c395b1018..8d8ba61c53 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/26/2020
+ms.date: 10/29/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -69,23 +69,27 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p
 
 For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
 
-All our updates contain performance improvements, serviceability improvements, and integration improvements (Cloud, Microsoft 365 Defender).
+All our updates contain 
+- performance improvements;
+- serviceability improvements; and 
+- integration improvements (Cloud, Microsoft 365 Defender).
 

 
 
 

- October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17500.x)
+ October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17600.5)
 
- Security intelligence update version: **1.325.x.x**  
- Released: **date**  
+ Security intelligence update version: **1.32x.x.x**  
+ Released: **October 29, 2020**  
  Platform: **4.18.2010.x**  
- Engine: **1.1.17500.x**  
+ Engine: **1.1.17600.5**  
  Support phase: **Security and Critical Updates**
     
 ### What's new
-- item
-- item
-- item
+- New descriptions for special threat categories
+- Improved emulation capabilities
+- Improved host address allow/block capabilities
+- Disallow clearing exclusions using local PowerShell if a no-override policy is active
 
 ### Known Issues
 No known issues  

From 8192754fd8301d8058323f82d9e6272576cd591b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 14:53:53 -0700
Subject: [PATCH 33/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...s-baselines-microsoft-defender-antivirus.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 8d8ba61c53..4872b527aa 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -106,7 +106,7 @@ No known issues
 ### What's new
 - Admin permissions are required to restore files in quarantine
 - XML formatted events are now supported
-- CSP support for ignoring exclusion merge
+- CSP support for ignoring exclusion merges
 - New management interfaces for:
    - UDP Inspection
    - Network Protection on Server 2019
@@ -336,7 +336,7 @@ During the technical support (only) phase, commercially reasonable support incid
 The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:    
 
 |Windows 10 release  |Platform version  |Engine version |Support phase |
-|-|-|-|-|
+|:---|:---|:---|:---|
 |2004  (20H1) |4.18.2004.6 |1.1.17000.2 | Technical upgrade Support (Only) |
 |1909  (19H2) |4.18.1902.5 |1.1.16700.3 | Technical upgrade Support (Only) |
 |1903  (19H1) |4.18.1902.5 |1.1.15600.4 | Technical upgrade Support (Only) |
@@ -351,10 +351,10 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof
 
 ## See also
 
-Article | Description 
----|---
-[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources.
-[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded.
-[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon.
-[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
-[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.
+| Article | Description  |
+|:---|:---|
+|[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. |
+|[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. |
+|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. |
+|[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
+|[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |

From 54c4107321155fc8949cbef81b1833633a179c0a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 15:10:29 -0700
Subject: [PATCH 34/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 4872b527aa..9b48b566fb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -355,6 +355,6 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof
 |:---|:---|
 |[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. |
 |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. |
-|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. |
+|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. |
 |[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
 |[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |

From 62287b93c6a6ce65b9abc31f2af2627948cbc2d5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 1 Nov 2020 13:38:51 +0500
Subject: [PATCH 35/92] Update vpn-profile-options.md

---
 windows/security/identity-protection/vpn/vpn-profile-options.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 19df534358..29b5df1daf 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -316,7 +316,7 @@ After you configure the settings that you want using ProfileXML, you can apply i
 
 ## Learn more
 
-- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
+- [Create VPN profiles to connect to VPN servers in Intune](https://docs.microsoft.com/mem/intune/configuration/vpn-settings-configure)
 - [VPNv2 configuration service provider (CSP) reference](https://go.microsoft.com/fwlink/p/?LinkId=617588)
 - [How to Create VPN Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618028)
 

From bf80138e9ac9c3e10d1cf355956877ff84f3ea71 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Mon, 2 Nov 2020 16:53:57 +0200
Subject: [PATCH 36/92] Update commercial-gov.md

Fixing typo to avoid customer confusion. Some customers have opened support tickets because they could not understand from the above phrase which "patch" is referred to in this note.
---
 .../threat-protection/microsoft-defender-atp/commercial-gov.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
index d4c8c750c8..66906b90f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
@@ -40,7 +40,7 @@ The following OS versions are supported:
 - Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/en-us/help/4490481))
 
 >[!NOTE]
->A patch must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
+>The above mentioned patch level must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
 
 The following OS versions are supported via Azure Security Center:
 - Windows Server 2008 R2 SP1

From ea7e28f4a430989b1f3261aa00cbb2e3cddae10e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 2 Nov 2020 08:52:41 -0800
Subject: [PATCH 37/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 9b48b566fb..f1016b125c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/29/2020
+ms.date: 11/20/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -89,7 +89,7 @@ All our updates contain
 - New descriptions for special threat categories
 - Improved emulation capabilities
 - Improved host address allow/block capabilities
-- Disallow clearing exclusions using local PowerShell if a no-override policy is active
+- New option in Defender CSP to Ignore merging of local user exclusions
 
 ### Known Issues
 No known issues  

From 1a39cfe8a82c3b420cab097d32bba2a78cade73d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 2 Nov 2020 11:42:06 -0800
Subject: [PATCH 38/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index f1016b125c..0beba73e43 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -79,7 +79,7 @@ All our updates contain
 

  October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17600.5)
 
- Security intelligence update version: **1.32x.x.x**  
+ Security intelligence update version: **1.327.7.0**  
  Released: **October 29, 2020**  
  Platform: **4.18.2010.x**  
  Engine: **1.1.17600.5**  

From ee532821ad7be217dfc5ddbfca6c4fdc85f99957 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 2 Nov 2020 11:54:30 -0800
Subject: [PATCH 39/92] update loc tag as per request

---
 .../microsoft-defender-smartscreen-overview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index b39153d62c..386550279a 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 author: mjcaparas
 ms.author: macapara
 audience: ITPro
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.date: 11/27/2019
 ms.reviewer: 
 manager: dansimp

From 644d5672a7f6260ed491cb7e678873d228f947a1 Mon Sep 17 00:00:00 2001
From: Gary Moore 
Date: Mon, 2 Nov 2020 13:48:09 -0800
Subject: [PATCH 40/92] Removed "/en-us"

---
 .../microsoft-defender-atp/commercial-gov.md                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
index 66906b90f1..b4b47744f4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
@@ -34,10 +34,10 @@ This offering is currently available to US Office 365 GCC High customers and is
 The following OS versions are supported:
 
 - Windows 10, version 1903 
-- Windows 10, version 1809 (OS Build 17763.404 with [KB4490481](https://support.microsoft.com/en-us/help/4490481))
+- Windows 10, version 1809 (OS Build 17763.404 with [KB4490481](https://support.microsoft.com/help/4490481))
 - Windows 10, version 1803 (OS Build 17134.799 with [KB4499183](https://support.microsoft.com/help/4499183))
 - Windows 10, version 1709 (OS Build 16299.1182 with [KB4499147](https://support.microsoft.com/help/4499147)) 
-- Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/en-us/help/4490481))
+- Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/help/4490481))
 
 >[!NOTE]
 >The above mentioned patch level must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.

From c6b904db8394d5c1aba067499716eb7498e81e22 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 2 Nov 2020 13:55:49 -0800
Subject: [PATCH 41/92] update supported endpoint

---
 .../microsoft-defender-atp/configure-endpoints-vdi.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 03c9870858..95305f3a79 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -39,9 +39,9 @@ ms.date: 04/16/2020
 Microsoft Defender ATP supports non-persistent VDI session onboarding. 
 
 >[!Note]
->To onboard non-persistent VDI sessions, VDI devices must be on Windows 10.
+>To onboard non-persistent VDI sessions, VDI devices must be Windows 10 or Windows Server 2019.
 >
->While other Windows versions might work, only Windows 10 is supported.
+>While other Windows versions might work, only Windows 10 and Windows Server 2019 are supported.
 
 There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
 

From 4b88769f22db002aafb019c1f111706593d0bee5 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:41:50 -0800
Subject: [PATCH 42/92] localizationpriority metada was messed up

---
 windows/deployment/update/wufb-basics.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md
index 0c8f5c32db..cea6e517ca 100644
--- a/windows/deployment/update/wufb-basics.md
+++ b/windows/deployment/update/wufb-basics.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationprioauthor: jaimeo
+ms.localizationpriority: medium
 ms.audience: itpro
 ms.reviewer: 
 manager: laurawi

From f957d02e0c4a0b3fda85e2343126f0f39f185db9 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:48:53 -0800
Subject: [PATCH 43/92] Update windows-sandbox-configure-using-wsb-file.md

Localization priority metadata value was blank
---
 .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 2ac125c33b..16214a5f59 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: 
 ms.topic: article
-ms.localizationpriority: 
+ms.localizationpriority: medium
 ms.date: 
 ms.reviewer: 
 ---

From f74a99748a53c23d89ecf368f77a5b82cb494438 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:52:15 -0800
Subject: [PATCH 44/92] Update bitlocker-recovery-loop-break.md

Localization priority value had unwanted "#"
---
 .../bitlocker/bitlocker-recovery-loop-break.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index f06b11a197..9ed6f0f984 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: #medium
+ms.localizationpriority: medium
 ms.author: v-maave
 author: martyav
 manager: dansimp

From 4b02564857e542fae31ce52d89839deb615256ce Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 2 Nov 2020 16:09:50 -0800
Subject: [PATCH 45/92] Added 20H2 Experience policy

---
 .../change-history-for-mdm-documentation.md   |  2 +-
 ...ew-in-windows-mdm-enrollment-management.md |  2 +-
 .../policy-configuration-service-provider.md  |  3 +
 .../mdm/policy-csp-experience.md              | 75 ++++++++++++++++++-
 4 files changed, 79 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index bfa2ec836d..515e6883b2 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -20,7 +20,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 
 |New or updated article | Description|
 |--- | ---|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Update/DisableWUfBSafeguards](policy-csp-update.md#update-disablewufbsafeguards)
- [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
- [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
- [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
- [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
- [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
- [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) |
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Update/DisableWUfBSafeguards](policy-csp-update.md#update-disablewufbsafeguards)
- [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
- [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
- [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
- [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
- [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
- [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) |
 
 ## September 2020
 
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 75057cb9c7..31a3184bdb 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -26,7 +26,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 
 |New or updated article|Description|
 |-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) |
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) |
 | [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
- Settings/AllowWindowsDefenderApplicationGuard |
 
 ## What’s new in MDM for Windows 10, version 2004
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 9ff8a03ab1..475eff78fd 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2983,6 +2983,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   

     Experience/ConfigureWindowsSpotlightOnLockScreen
   

+  

+    Experience/DisableCloudOptimizedContent
+  

   

     Experience/DoNotShowFeedbackNotifications
   

diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index d9e072c7c3..647fa545a2 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 11/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -73,6 +73,9 @@ manager: dansimp
   

     Experience/ConfigureWindowsSpotlightOnLockScreen
   

+  

+    Experience/DisableCloudOptimizedContent
+  

   

     Experience/DoNotShowFeedbackNotifications
   

@@ -1155,6 +1158,76 @@ The following list shows the supported values:
 
 

 
+
+**Experience/DisableCloudOptimizedContent**  
+
+
+

+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecheck mark9
Procheck mark9
Businesscheck mark9
Enterprisecheck mark9
Educationcheck mark9

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+
+
+
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+
+
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+
+
+
+

+
 
 **Experience/DoNotShowFeedbackNotifications**  
 

From ed0bb185ad3f2d2ed63858f4cbb75364a85c97f6 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 2 Nov 2020 16:42:49 -0800
Subject: [PATCH 46/92] fix scores

---
 .../basic-permissions.md                      | 18 ++++-----
 .../microsoft-defender-atp/common-errors.md   | 14 +++----
 .../microsoft-defender-atp/configure-siem.md  |  6 +--
 .../data-storage-privacy.md                   | 12 +++---
 .../exposed-apis-create-app-partners.md       | 40 +++++++++----------
 .../exposed-apis-full-sample-powershell.md    | 12 +++---
 .../get-machine-log-on-users.md               | 12 +++---
 .../get-started-partner-integration.md        | 16 ++++----
 .../get-user-related-alerts.md                | 10 ++---
 .../get-user-related-machines.md              | 12 +++---
 .../investigate-incidents.md                  |  5 ++-
 .../microsoft-defender-atp/machineaction.md   | 12 +++---
 .../microsoft-defender-atp/management-apis.md |  8 ++--
 ...oft-defender-advanced-threat-protection.md |  9 ++---
 .../microsoft-defender-atp/onboard.md         |  6 +--
 .../partner-applications.md                   | 18 ++++++---
 .../partner-integration.md                    | 13 +++---
 .../prepare-deployment.md                     | 22 +++++-----
 .../run-advanced-query-sample-powershell.md   | 14 +++----
 .../run-advanced-query-sample-python.md       | 12 +++---
 .../microsoft-defender-atp/service-status.md  |  4 +-
 .../troubleshoot-live-response.md             |  6 +--
 .../troubleshoot-onboarding-error-messages.md | 14 +++----
 ...microsoft-defender-smartscreen-overview.md | 10 ++---
 24 files changed, 156 insertions(+), 149 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
index 82b023af7d..4fd549fcdb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
@@ -30,9 +30,9 @@ ms.topic: article
 
 Refer to the instructions below to use basic permissions management. 
 
-You can use either of the following:
+You can use either of the following solutions:
 - Azure PowerShell
--  Azure Portal
+-  Azure portal
 
 For granular control over permissions, [switch to role-based access control](rbac.md).
 
@@ -42,21 +42,21 @@ You can assign users with one of the following levels of permissions:
 - Read-only access
 
 ### Before you begin
-- Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).

+- Install Azure PowerShell. For more information, see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).

 
     > [!NOTE]
     > You need to run the PowerShell cmdlets in an elevated command-line.
 
-- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
+- Connect to your Azure Active Directory. For more information, see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
 
 **Full access** 

 Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
 Assigning full access rights requires adding the users to the "Security Administrator" or "Global Administrator" AAD built-in roles.
 
-**Read only access** 

-Users with read only access can log in, view all alerts, and related information.
+**Read-only access** 

+Users with read-only access can log in, view all alerts, and related information.
 They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
-Assigning read only access rights requires adding the users to the "Security Reader" AAD built-in role.
+Assigning read-only access rights requires adding the users to the "Security Reader" Azure AD built-in role.
 
 Use the following steps to assign security roles:
 
@@ -64,12 +64,12 @@ Use the following steps to assign security roles:
   ```text
   Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
   ```
-- For **read only** access, assign users to the security reader role by using the following command:
+- For **read-only** access, assign users to the security reader role by using the following command:
   ```text
   Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com"
   ```
 
-For more information see, [Add or remove group memberships](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
+For more information, see, [Add, or remove group memberships](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
 
 ## Assign user access using the Azure portal
 For more information, see [Assign administrator and non-administrator roles to uses with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
index d34460c4bf..fdb92321bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
@@ -22,9 +22,9 @@ ms.topic: article
 
 
 * The error codes listed in the following table may be returned by an operation on any of Microsoft Defender ATP APIs.
-* Note that in addition to the error code, every error response contains an error message which can help resolving the problem.
-* Note that the message is a free text that can be changed.
-* At the bottom of the page you can find response examples.
+* In addition to the error code, every error response contains an error message, which can help resolving the problem.
+* The message is a free text that can be changed.
+* At the bottom of the page, you can find response examples.
 
 Error code |HTTP status code |Message 
 :---|:---|:---
@@ -40,7 +40,7 @@ MaximumBatchSizeExceeded | BadRequest (400) | Maximum batch size exceeded. Recei
 MissingRequiredParameter | BadRequest (400) | Parameter {the missing parameter} is missing.
 OsPlatformNotSupported | BadRequest (400) | OS Platform {the client OS Platform} is not supported for this action.
 ClientVersionNotSupported | BadRequest (400) | {The requested action} is supported on client version {supported client version} and above.
-Unauthorized | Unauthorized (401) | Unauthorized (usually invalid or expired authorization header).
+Unauthorized | Unauthorized (401) | Unauthorized (invalid or expired authorization header).
 Forbidden | Forbidden (403) | Forbidden (valid token but insufficient permission for the action).
 DisabledFeature | Forbidden (403) | Tenant feature is not enabled.
 DisallowedOperation | Forbidden (403) | {the disallowed operation and the reason}.
@@ -48,11 +48,11 @@ NotFound | Not Found (404) | General Not Found error message.
 ResourceNotFound | Not Found (404) | Resource {the requested resource} was not found.
 InternalServerError | Internal Server Error (500) | (No error message, try retry the operation or contact us if it does not resolved)
 
-## Body parameters are case sensitive
+## Body parameters are case-sensitive
 
-The submitted body parameters are currently case sensitive.
+The submitted body parameters are currently case-sensitive.
 
If you experience an **InvalidRequestBody** or **MissingRequiredParameter** errors, it might be caused from a wrong parameter capital or lower-case letter.
-
It is recommended to go to the requested Api documentation page and check that the submitted parameters match the relevant example.
+
We recommend that you go to the requested API documentation page and check that the submitted parameters match the relevant example.
 
 ## Correlation request ID
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
index b5d1923c6e..0d53517158 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -35,7 +35,7 @@ ms.topic: article
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
 >-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
-Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
+Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (Azure AD) using the OAuth 2.0 authentication protocol for an Azure AD application that represents the specific SIEM connector installed in your environment.
 
 
 Microsoft Defender ATP currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
@@ -45,14 +45,14 @@ Microsoft Defender ATP currently supports the following specific SIEM solution t
 
 Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a different integration model based on the new Alert API. For more information, view the [Partner application](https://securitycenter.microsoft.com/interoperability/partners) page and select the Security Information and Analytics section for full details.
 
-To use either of these supported SIEM tools you'll need to:
+To use either of these supported SIEM tools, you'll need to:
 
 - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
 - Configure the supported SIEM tool:
      - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
      - Configure IBM QRadar to pull Microsoft Defender ATP detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
-For more information on the list of fields exposed in the Detection API see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
+For more information on the list of fields exposed in the Detection API, see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
index 6e76ce4bee..82693ece17 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
@@ -29,7 +29,7 @@ ms.topic: conceptual
 
 This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP.
 > [!NOTE]
-> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
+> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). For more information, see [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577).
 
 ## What data does Microsoft Defender ATP collect?
 
@@ -47,7 +47,7 @@ This data enables Microsoft Defender ATP to:
 Microsoft does not use your data for advertising.
 
 ## Data protection and encryption
-The Microsoft Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
+The Microsoft Defender ATP service utilizes state-of-the-art data protection technologies, which are based on Microsoft Azure infrastructure. 
 
 There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
 
@@ -79,20 +79,20 @@ Access to data for services deployed in Microsoft Azure Government data centers
 
 
 ## Is data shared with other customers?
-No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which don’t contain any customer specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
+No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which don’t contain any customer-specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
 
 ## How long will Microsoft store my data? What is Microsoft’s data retention policy?
 **At service onboarding**

-You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of 1 month to six months to meet your company’s regulatory compliance needs.
+You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of one month to six months to meet your company’s regulatory compliance needs.
 
 **At contract termination or expiration**

 Your data will be kept and will be available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration.
 
 
 ## Can Microsoft help us maintain regulatory compliance?
-Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
+Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional, and industry-specific certifications.
 
-By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
+By providing customers with compliant, independently verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
 
 For more information on the Microsoft Defender ATP certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/). 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
index 6e860b794b..22c4b8dd35 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@@ -26,21 +26,21 @@ ms.topic: article
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-This page describes how to create an AAD application to get programmatic access to Microsoft Defender ATP on behalf of your customers.
+This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender ATP on behalf of your customers.
 
 Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
-- Create a **multi-tenant** AAD application.
+- Create a **multi-tenant** Azure AD application.
 - Get authorized(consent) by your customer administrator for your application to access Microsoft Defender ATP resources it needs.
 - Get an access token using this application.
 - Use the token to access Microsoft Defender ATP API.
 
-The following steps with guide you how to create an AAD application, get an access token to Microsoft Defender ATP and validate the token.
+The following steps with guide you how to create an Azure AD application, get an access token to Microsoft Defender ATP and validate the token.
 
 ## Create the multi-tenant app
 
-1. Log on to your [Azure tenant](https://portal.azure.com) with user that has **Global Administrator** role.
+1. Sign in to your [Azure tenant](https://portal.azure.com) with user that has **Global Administrator** role.
 
 2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. 
 
@@ -59,15 +59,15 @@ The following steps with guide you how to create an AAD application, get an acce
 
 4. Allow your Application to access Microsoft Defender ATP and assign it with the minimal set of permissions required to complete the integration.
 
-   - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
+   - On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**.
 
-   - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
+   - **Note**: WindowsDefenderATP does not appear in the original list. Start writing its name in the text box to see it appear.
 
    ![Image of API access and API selection](images/add-permission.png)
    
    ### Request API permissions
 
-   To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. For instance:
+   To determine which permission you need, review the **Permissions** section in the API you are interested to call. For instance:
 
    - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
    
@@ -75,20 +75,20 @@ The following steps with guide you how to create an AAD application, get an acce
 
    In the following example we will use **'Read all alerts'** permission:
 
-   Choose **Application permissions** > **Alert.Read.All** > Click on **Add permissions**
+   Choose **Application permissions** > **Alert.Read.All** > select on **Add permissions**
 
    ![Image of API access and API selection](images/application-permissions.png)
 
 
-5. Click **Grant consent**
+5. Select **Grant consent**
 
-	- **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect.
+	- **Note**: Every time you add permission you must select on **Grant consent** for the new permission to take effect.
 
 	![Image of Grant permissions](images/grant-consent.png)
 
 6. Add a secret to the application.
 
-	- Click **Certificates & secrets**, add description to the secret and click **Add**.
+	- Select **Certificates & secrets**, add description to the secret and select **Add**.
 
     **Important**: After click Add, **copy the generated secret value**. You won't be able to retrieve after you leave!
 
@@ -96,7 +96,7 @@ The following steps with guide you how to create an AAD application, get an acce
 
 7. Write down your application ID:
 
-   - On your application page, go to **Overview** and copy the following:
+   - On your application page, go to **Overview** and copy the following information:
 
    ![Image of created app id](images/app-id.png)
 
@@ -104,7 +104,7 @@ The following steps with guide you how to create an AAD application, get an acce
 
     You need your application to be approved in each customer tenant where you intend to use it. This is because your application interacts with Microsoft Defender ATP application on behalf of your customer.
 
-    A user with **Global Administrator** from your customer's tenant need to click the consent link and approve your application.
+    A user with **Global Administrator** from your customer's tenant need to select the consent link and approve your application.
 
     Consent link is of the form:
 
@@ -114,7 +114,7 @@ The following steps with guide you how to create an AAD application, get an acce
 
     Where 00000000-0000-0000-0000-000000000000 should be replaced with your Application ID
 
-	After clicking on the consent link, login with the Global Administrator of the customer's tenant and consent the application.
+	After clicking on the consent link, sign in with the Global Administrator of the customer's tenant and consent the application.
 
 	![Image of consent](images/app-consent-partner.png)
 
@@ -123,11 +123,11 @@ The following steps with guide you how to create an AAD application, get an acce
 - **Done!** You have successfully registered an application! 
 - See examples below for token acquisition and validation.
 
-## Get an access token examples:
+## Get an access token example:
 
-**Note:** to get access token on behalf of your customer, use the customer's tenant ID on the following token acquisitions.
+**Note:** To get access token on behalf of your customer, use the customer's tenant ID on the following token acquisitions.
 
-
For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
+
For more information on AAD token, see [AAD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
 
 ### Using PowerShell
 
@@ -158,14 +158,14 @@ return $token
 >The below code was tested with Nuget Microsoft.IdentityModel.Clients.ActiveDirectory
 
 - Create a new Console Application
-- Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/)
+- Install NuGet [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/)
 - Add the below using
 
     ```
     using Microsoft.IdentityModel.Clients.ActiveDirectory;
     ```
 
-- Copy/Paste the below code in your application (do not forget to update the 3 variables: ```tenantId, appId, appSecret```)
+- Copy/Paste the below code in your application (do not forget to update the three variables: ```tenantId, appId, appSecret```)
 
     ```
     string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here
@@ -221,7 +221,7 @@ Sanity check to make sure you got a correct token:
 
 - Choose the API you want to use, for more information, see [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 - Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme)
-- The Expiration time of the token is 1 hour (you can send more then one request with the same token)
+- The Expiration time of the token is 1 hour (you can send more than one request with the same token)
 
 - Example of sending a request to get a list of alerts **using C#** 
     ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
index bdb9fddc2c..ca41b7420b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: Advanced Hunting with Powershell API Guide
+title: Advanced Hunting with PowerShell API Guide
 ms.reviewer: 
 description: Use these code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
 keywords: apis, supported apis, advanced hunting, query
@@ -28,7 +28,7 @@ ms.date: 09/24/2018
 
 Full scenario using multiple APIs from Microsoft Defender ATP.
 
-In this section we share PowerShell samples to 
+In this section, we share PowerShell samples to 
 - Retrieve a token 
 - Use token to retrieve the latest alerts in Microsoft Defender ATP
 - For each alert, if the alert has medium or high priority and is still in progress, check how many times the device has connected to suspicious URL.
@@ -43,15 +43,15 @@ In this section we share PowerShell samples to
   Set-ExecutionPolicy -ExecutionPolicy Bypass
   ```
 
-For more details, refer to [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy)
+For more information, see [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy)
 
 ## Get token
 
 Run the below:
 
-- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
-- $appSecret: Secret of your AAD app
+- $tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
+- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- $appSecret: Secret of your Azure AD app
 - $suspiciousUrl: The URL
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
index ea5713e42e..51dbfaed23 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@@ -1,6 +1,6 @@
 ---
-title: Get machine log on users API
-description: Learn how to use the Get machine log on users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
+title: Get machine logon users API
+description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, device, log on, users
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get machine log on users API
+# Get machine logon users API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -45,8 +45,8 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include users only if the device is visible to the user, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md) )
+>- Response will include users only if the device is visible to the user, based on device group settings. For more information, see [Create and manage device groups](machine-groups.md).
 
 ## HTTP request
 ```http
@@ -64,7 +64,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and device exist - 200 OK with list of [user](user.md) entities in the body. If device was not found - 404 Not Found.
+If successful and device exists - 200 OK with list of [user](user.md) entities in the body. If device was not found - 404 Not Found.
 
 
 ## Example
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
index 09c65fdff1..8bea8e41dc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@@ -1,7 +1,7 @@
 ---
 title: Become a Microsoft Defender ATP partner
 ms.reviewer: 
-description: Learn the steps and requirements so that you can integrate your solution with Microsoft Defender ATP and be a partner
+description: Learn the steps and requirements to integrate your solution with Microsoft Defender ATP and be a partner
 keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -29,7 +29,7 @@ ms.topic: conceptual
 To become a Microsoft Defender ATP solution partner, you'll need to follow and complete the following steps.
 
 ## Step 1: Subscribe to a Microsoft Defender ATP Developer license
-Subscribing to the [Microsoft Defender ATP Developer license](https://winatpregistration-prd.trafficmanager.net/Developer/UserAgreement?Length=9) allows you to use a Microsoft Defender ATP tenant with up to 10 devices for developing solutions to integrate with Microsoft Defender ATP. 
+Subscribe to the [Microsoft Defender ATP Developer license](https://winatpregistration-prd.trafficmanager.net/Developer/UserAgreement?Length=9). Subscribing allows you to use a Microsoft Defender ATP tenant with up to 10 devices to developing solutions that integrate with Microsoft Defender ATP. 
 
 ## Step 2: Fulfill the solution validation and certification requirements
 The best way for technology partners to certify that their integration works is to have a joint customer approve the suggested integration design (the customer can use the **Recommend a partner** option in the [Partner Application page](https://securitycenter.microsoft.com/interoperability/partners) in the Microsoft Defender Security Center) and have it tested and demoed to the Microsoft Defender ATP team.
@@ -42,16 +42,16 @@ Once the Microsoft Defender ATP team has reviewed and approves the integration,
 ## Step 4: Get listed in the Microsoft Defender ATP partner application portal
 Microsoft Defender ATP supports third-party applications discovery and integration using the in-product [partner page](partner-applications.md) that is embedded within the Microsoft Defender ATP management portal. 
 
-To have your company listed as a partner in the in-product partner page, you will need to provide the following:
+To have your company listed as a partner in the in-product partner page, you will need to provide the following information:
 
 1. A square logo (SVG).
 2. Name of the product to be presented.
 3. Provide a 15-word product description.
-4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Please note that any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. You should allow at least 10 days for review process to be performed.
-5.	If you use a multi-tenant Azure AD approach, we will need the AAD application name to track usage of the application.
-6. We'd like to request that you include the User-Agent field in each API call made to Microsoft Defender ATP public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
+4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
+5.	If you use a multi-tenant Azure AD approach, we will need the Azure AD application name to track usage of the application.
+6. Include the User-Agent field in each API call made to Microsoft Defender ATP public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
     Follow these steps:
-    1.	Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender ATP integrated product with the version of the product that includes this integration. 
+    1.	Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender ATP-integrated product with the version of the product that includes this integration. 
       - ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
       - Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}` 
 
@@ -59,7 +59,7 @@ To have your company listed as a partner in the in-product partner page, you wil
     For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43). For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
 
 
-Partnership with Microsoft Defender ATP help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender ATP partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
+Partnerships with Microsoft Defender ATP help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender ATP partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
 
 ## Related topics
 - [Technical partner opportunities](partner-integration.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
index 95225803d9..5ccd353fa2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@@ -1,5 +1,5 @@
 ---
-title: Get user related alerts API
+title: Get user-related alerts API
 description: Retrieve a collection of alerts related to a given user ID using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, graph api, supported apis, get, user, related, alerts
 search.product: eADQiWindows 10XVcnh
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get user related alerts API
+# Get user-related alerts API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -46,7 +46,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md).
 >- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
@@ -54,7 +54,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 GET /api/users/{id}/alerts
 ```
 
-**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts)**
+**The ID is not the full UPN, but only the user name. (for example, to retrieve alerts for user1@contoso.com use /api/users/user1/alerts)**
 
 ## Request headers
 
@@ -67,7 +67,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and user exist - 200 OK. If the user do not exist - 404 Not Found. 
+If successful and user exists - 200 OK. If the user does not exist - 404 Not Found. 
 
 
 ## Example
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
index f3b126e12f..4fe938bf97 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@@ -1,6 +1,6 @@
 ---
-title: Get user related machines API
-description: Learn how to use the Get user related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection.
+title: Get user-related machines API
+description: Learn how to use the Get user-related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, user, user related alerts
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get user related machines API
+# Get user-related machines API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -46,15 +46,15 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md) )
+>- Response will include only devices that the user can access, based on device group settings. For more information, see [Create and manage device groups](machine-groups.md).
 
 ## HTTP request
 ```
 GET /api/users/{id}/machines
 ```
 
-**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines)**
+**The ID is not the full UPN, but only the user name. (for example, to retrieve machines for user1@contoso.com use /api/users/user1/machines)**
 
 
 ## Request headers
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
index 06ed19033e..871b6e1473 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
@@ -68,7 +68,8 @@ Select **Investigations** to see all the automatic investigations launched by th
 ![Image of investigations tab in incident details page](images/atp-incident-investigations-tab.png)
 
 ## Going through the evidence
-Microsoft Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident. 
+Microsoft Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with autoresponse and information about the important files, processes, services, and more. 
+
 Each of the analyzed entities will be marked as infected, remediated, or suspicious. 
 
 ![Image of evidence tab in incident details page](images/atp-incident-evidence-tab.png)
@@ -81,7 +82,7 @@ The **Graph** tells the story of the cybersecurity attack. For example, it shows
 
 ![Image of the incident graph](images/atp-incident-graph-tab.png)
 
-You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it’s been observed in your organization, if so, how many instances.
+You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances have there been worldwide, whether it’s been observed in your organization, if so, how many instances.
 
 ![Image of incident details](images/atp-incident-graph-details.png)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
index 19f660b07e..90bf8cebb8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -25,7 +25,7 @@ ms.topic: article
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-- See [Response Actions](respond-machine-alerts.md) for more information
+- For more information, see [Response Actions](respond-machine-alerts.md). 
 
 | Method                                                            | Return Type                        | Description                                                 |
 |:------------------------------------------------------------------|:-----------------------------------|:------------------------------------------------------------|
@@ -47,17 +47,17 @@ ms.topic: article
 
 | Property            | Type           | Description                                                                                                                                                                                                    |
 |:--------------------|:---------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| id                  | Guid           | Identity of the [Machine Action](machineaction.md) entity.                                                                                                                                                     |
+| ID                  | Guid           | Identity of the [Machine Action](machineaction.md) entity.                                                                                                                                                     |
 | type                | Enum           | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution" |
-| scope				  | string         | Scope of the action. "Full" or "Selective" in case of Isolation, "Quick" or "Full" in case of Anti-Virus scan.						                                                                            |
+| scope				  | string         | Scope of the action. "Full" or "Selective" for Isolation, "Quick" or "Full" for Anti-Virus scan.						                                                                            |
 | requestor           | String         | Identity of the person that executed the action.                                                                                                                                                               |
 | requestorComment    | String         | Comment that was written when issuing the action.                                                                                                                                                              |
-| status              | Enum           | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Cancelled".                                                                                 |
-| machineId           | String         | Id of the [machine](machine.md) on which the action was executed.                                                                                                                                              |
+| status              | Enum           | Current status of the command. Possible values are: "Pending", "InProgress", "Succeeded", "Failed", "TimeOut" and "Canceled".                                                                                 |
+| machineId           | String         | ID of the [machine](machine.md) on which the action was executed.                                                                                                                                              |
 | machineId           | String         | Name of the [machine](machine.md) on which the action was executed.                                                                                                                                            |
 | creationDateTimeUtc | DateTimeOffset | The date and time when the action was created.                                                                                                                                                                 |
 | lastUpdateTimeUtc   | DateTimeOffset | The last date and time when the action status was updated.                                                                                                                                                     |
-| relatedFileInfo     | Class          | Contains two Properties. string ```fileIdentifier```, Enum ```fileIdentifierType``` with the possible values: "Sha1" ,"Sha256" and "Md5".                                                                         |
+| relatedFileInfo     | Class          | Contains two Properties. string ```fileIdentifier```, Enum ```fileIdentifierType``` with the possible values: "Sha1", "Sha256" and "Md5".                                                                         |
 
 
 ## Json representation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index 0a71770ee3..c3176ac54a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -55,12 +55,12 @@ The Microsoft Defender ATP APIs can be grouped into three:
 
 ## Microsoft Defender ATP APIs
 
-Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear and easy to use model, exposed through a standard Azure  AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form. 
+Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear, and easy to use model, exposed through a standard Azure  AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form. 
 
 Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 
-The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information see, [Supported APIs](exposed-apis-list.md).
+The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, device, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information, see, [Supported APIs](exposed-apis-list.md).
 
 The **Response API** exposes the ability to take actions in the service and on devices, enabling customers to ingest indicators, manage settings, alert status, as well as take response actions on devices programmatically such as isolate devices from the network, quarantine files, and others. 
 
@@ -69,11 +69,11 @@ Microsoft Defender ATP raw data streaming API provides the ability for customers
 
 The Microsoft Defender ATP event information is pushed directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or additional data processing engines. 
 
-For more information see, [Raw data streaming API](raw-data-export.md).
+For more information, see, [Raw data streaming API](raw-data-export.md).
 
 
 ## SIEM API
-When you enable security information and event management (SIEM) integration it allows you to pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant. For more information see, [SIEM integration](enable-siem-integration.md)
+When you enable security information and event management (SIEM) integration, it allows you to pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API. This activates the SIEM connector access details section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant. For more information, see, [SIEM integration](enable-siem-integration.md)
 
 ## Related topics
 - [Access the Microsoft Defender Advanced Threat Protection APIs ](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index d45c5c585e..c25bf6630c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -33,8 +33,7 @@ Microsoft Defender Advanced Threat Protection is an enterprise endpoint security
 
 Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
--   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
-    collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
+-   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
 
 
 -   **Cloud security analytics**: Leveraging big-data, device-learning, and
@@ -46,7 +45,7 @@ Microsoft Defender ATP uses the following combination of technology built into W
 -   **Threat intelligence**: Generated by Microsoft hunters, security teams,
     and augmented by threat intelligence provided by partners, threat
     intelligence enables Microsoft Defender ATP to identify attacker
-    tools, techniques, and procedures, and generate alerts when these
+    tools, techniques, and procedures, and generate alerts when they
     are observed in collected sensor data.
 
 
@@ -86,7 +85,7 @@ This built-in capability uses a game-changing risk-based approach to the discove
 
 
 **[Attack surface reduction](overview-attack-surface-reduction.md)**

-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs. 
+The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs. 
 
 
 
@@ -135,7 +134,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 - Microsoft Cloud App Security
 
 **[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**

- With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.
+ With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
 
 
 ## Related topic
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
index dc8e5dab0c..78edeae3ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -1,7 +1,7 @@
 ---
 title: Configure and manage Microsoft Defender ATP capabilities
 ms.reviewer: 
-description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, next-generation protection, and security controls 
+description: Configure and manage Microsoft Defender ATP capabilities such as attack surface reduction, and next-generation protection
 keywords: configure, manage, capabilities, attack surface reduction, next-generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -32,12 +32,12 @@ Configure and manage all the Microsoft Defender ATP capabilities to get the best
 ## In this section 
 Topic | Description 
 :---|:---
-[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
+[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation. 
 [Configure next-generation protection](../microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md) | Configure next-generation protection to catch all types of emerging threats.
 [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
 [Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
 [Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. 
-[Configure Microsoft Defender Security Center settings](preferences-setup.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
+[Configure Microsoft Defender Security Center settings](preferences-setup.md) |  Configure portal-related settings such as general settings, advanced features, enable the preview experience and others.
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index 19b0432ed6..822b5afaab 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -30,9 +30,15 @@ ms.topic: conceptual
 Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
 
 
-The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
 
-Microsoft Defender ATP seamlessly integrates with existing security solutions — providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. 
+Microsoft Defender ATP seamlessly integrates with existing security solutions. The integration provides integration with the following solutions such as:
+- SIEM
+- Ticketing and IT service management solutions
+- Managed security service providers (MSSP)
+- IoC indicators ingestions and matching
+- Automated device investigation and remediation based on external alerts
+- Integration with Security orchestration and automation response (SOAR) systems
 
 ## Supported applications
 
@@ -49,7 +55,7 @@ Logo |Partner name   | Description
 ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Microsoft Defender ATP detections
 ![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Microsoft Defender ATP Alerts to RSA NetWitness leveraging Microsoft Graph Security API
 ![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Microsoft Defender ATP security events that are automatically correlated with SafeBreach simulations
-![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network and threat context to uncover your riskiest vulnerabilities
+![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities
 ![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Microsoft Defender ATP Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk
 ![Image of XM Cyber logo](images/xmcyber-logo.png) | [XM Cyber](https://go.microsoft.com/fwlink/?linkid=2136700) | Prioritize your response to an alert based on risk factors and high value assets
 
@@ -60,7 +66,7 @@ Logo |Partner name   | Description
 :---|:---|:---
 ![Image of CyberSponse CyOps logo](images/cybersponse-logo.png) | [CyberSponse CyOps](https://go.microsoft.com/fwlink/?linkid=2115943) | CyOps integrates with Microsoft Defender ATP to automate customers' high-speed incident response playbooks
 ![Image of Delta Risk ActiveEye logo](images/delta-risk-activeeye-logo.png) | [Delta Risk ActiveEye](https://go.microsoft.com/fwlink/?linkid=2127468) | Delta Risk, a leading provider of SOC-as-a-Service and security services, integrate Microsoft Defender ATP with its cloud-native SOAR platform, ActiveEye.
-![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response
+![Image of Demisto, a Palo Alto Networks Company logo](images/demisto-logo.png) | [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2108414) | Demisto integrates with Microsoft Defender ATP to enable security teams to orchestrate and automate endpoint security monitoring, enrichment, and response
 ![Image of Microsoft Flow & Azure Functions logo](images/ms-flow-logo.png) | [Microsoft Flow & Azure Functions](https://go.microsoft.com/fwlink/?linkid=2114300) | Use the Microsoft Defender ATP connectors for Azure Logic Apps & Microsoft Flow to automating security procedures
 ![Image of Rapid7 InsightConnect logo](images/rapid7-logo.png) | [Rapid7 InsightConnect](https://go.microsoft.com/fwlink/?linkid=2116040) | InsightConnect integrates with Microsoft Defender ATP to accelerate, streamline, and integrate your time-intensive security processes
 ![Image of ServiceNow logo](images/servicenow-logo.png) | [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2135621) | Ingest alerts into ServiceNow Security Operations solution based on Microsoft Graph API integration
@@ -93,7 +99,7 @@ Logo |Partner name   | Description
 ![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy 
 ![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata 
 ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
-![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect and prevent security threats and vulnerabilities on mobile devices 
+![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices 
 ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Microsoft Defender ATP to iOS and Android with Machine Learning-based Mobile Threat Defense
 
 
@@ -121,7 +127,7 @@ Microsoft Defender ATP offers unique automated investigation and remediation cap
   
 Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
 
-External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.  
+External alerts can be pushed into Microsoft Defender ATP and is presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert — with the real process and the full story of attack.  
 
 ## Indicators matching
 You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
index efb88424f7..7aa19efe08 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
@@ -31,26 +31,27 @@ ms.topic: conceptual
 
 Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Microsoft Defender ATP. 
 
-The APIs span functional areas including detection, management, response, vulnerabilities and intelligence wide range of use cases. Based on the use case and need, partners can either stream or query data from Microsoft Defender ATP. 
+The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners can either stream or query data from Microsoft Defender ATP. 
 
 
 ## Scenario 1: External alert correlation and Automated investigation and remediation
 Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale. 
 
-Integrating the automated investigation and response capability with other solutions such as network security products or other endpoint security products will help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
+Integrating the automated investigation and response capability with other solutions such as network security products or other endpoint security products will help to address alerts. The integration also minimizes the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
 
 Microsoft Defender ATP adds support for this scenario in the following forms:
-- External alerts can be pushed into Microsoft Defender ATP and presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides the full context of the alert - with the real process and the full story of attack.
+
+- External alerts can be pushed into Microsoft Defender ATP and presented side by side with additional device-based alerts from Microsoft Defender ATP. This view provides the full context of the alert - with the real process and the full story of attack.
 
 - Once an alert is generated, the signal is shared across all Microsoft Defender ATP protected endpoints in the enterprise. Microsoft Defender ATP takes immediate automated or operator-assisted response to address the alert.
 
 ## Scenario 2: Security orchestration and automation response (SOAR) integration
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs exposes to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others.
 
 ## Scenario 3: Indicators matching 
-Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives the ability to set a list of indicators for prevention, detection and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action.
+Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives the ability to set a list of indicators for prevention, detection, and exclusion of entities. One can define the action to be taken as well as the duration for when to apply the action.
 
-The above scenarios serve as examples of the extensibility of the platform. You are not limited to these and we certainly encourage you leverage the open framework to discover and explore other scenarios.
+The above scenarios serve as examples of the extensibility of the platform. You are not limited to the examples and we certainly encourage you to leverage the open framework to discover and explore other scenarios.
 
 Follow the steps in [Become a Microsoft Defender ATP partner](get-started-partner-integration.md) to integrate your solution in Microsoft Defender ATP.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index c0279badc8..fe2d128e37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: Prepare Microsoft Defender ATP deployment
-description: Prepare stakeholder sign-off, timelines, environment considerations, and adoption order when deploying Microsoft Defender ATP
+description: Prepare stakeholder approval, timelines, environment considerations, and adoption order when deploying Microsoft Defender ATP
 keywords: deploy, prepare, stakeholder, timeline, environment, endpoint, server, management, adoption
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -71,14 +71,14 @@ You are currently in the preparation phase.
 Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender ATP.
 
 
-## Stakeholders and Sign-off
+## Stakeholders and approval
 The following section serves to identify all the stakeholders that are involved
-in the project and need to sign-off, review, or stay informed.
+in the project and need to approve, review, or stay informed.
 
 Add stakeholders
 to the table below as appropriate for your organization.
 
--   SO = Sign-off on this project
+-   SO = Approve project
 
 -   R = Review this project and provide input
 
@@ -90,14 +90,14 @@ to the table below as appropriate for your organization.
 | Enter name and email | **Head of Cyber Defense Operations Center (CDOC)** *A representative from the CDOC team in charge of defining how this change is aligned with the processes in the customers security operations team.*       | SO     |
 | Enter name and email | **Security Architect** *A representative from the Security team in charge of defining how this change is aligned with the core Security architecture in the organization.*                         | R      |
 | Enter name and email | **Workplace Architect** *A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization.*                             | R      |
-| Enter name and email | **Security Analyst** *A representative from the CDOC team who can provide input on the detection capabilities, user experience and overall usefulness of this change from a security operations perspective.* | I      |
+| Enter name and email | **Security Analyst** *A representative from the CDOC team who can provide input on the detection capabilities, user experience, and overall usefulness of this change from a security operations perspective.* | I      |
 
 
 ## Environment 
 
 
 This section is used to ensure your environment is deeply understood by the
-stakeholders which will help identify potential dependencies and/or changes
+stakeholders, which will help identify potential dependencies and/or changes
 required in technologies or processes.
 
 | What                                  | Description |
@@ -112,14 +112,14 @@ required in technologies or processes.
 ## Role-based access control
 
 Microsoft recommends using the concept of least privileges. Microsoft Defender
-ATP leverages built-in roles within Azure Active Directory. Microsoft recommend
+ATP leverages built-in roles within Azure Active Directory. Microsoft recommends
 [review the different roles that are
 available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
 and choose the right one to solve your needs for each persona for this
 application. Some roles may need to be applied temporarily and removed after the
 deployment has been completed.
 
-| Personas                     | Roles | Azure AD Role (if required) | Assign to |
+| Personas                     | Roles | Azure AD Role (if necessary) | Assign to |
 |------------------------------|-------|-----------------------------|-----------|
 | Security Administrator       |       |                             |           |
 | Security Analyst             |       |                             |           |
@@ -157,13 +157,13 @@ structure required for your environment.
 |--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
 | Tier 1 | **Local security operations team / IT team**
This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.                                              |                     |
 | Tier 2 | **Regional security operations team**
This team can see all the devices for their region and perform remediation actions.                                                                                                                        |        View data               |
-| Tier 3 | **Global security operations team**
This team consists of security experts and are authorized to see and perform all actions from the portal. | View data 
  Alerts investigation Active remediation actions 
 Alerts investigation Active remediation actions 
 Manage portal system settings 
 Manage security settings |
+| Tier 3 | **Global security operations team**
This team consists of security experts and is authorized to see and perform all actions from the portal. | View data 
  Alerts investigation Active remediation actions 
 Alerts investigation Active remediation actions 
 Manage portal system settings 
 Manage security settings |
 
 
 
 ## Adoption Order
 In many cases, organizations will have existing endpoint security products in
-place. The bare minimum every organization should have is an antivirus solution. But in some cases, an organization might also have implanted an EDR solution already.
+place. The bare minimum every organization should have been an antivirus solution. But in some cases, an organization might also have implanted an EDR solution already.
 
 Historically, replacing any security solution used to be time intensive and difficult
 to achieve due to the tight hooks into the application layer and infrastructure
@@ -179,7 +179,7 @@ how the endpoint security suite should be enabled.
 | Endpoint Detection & Response (EDR)     | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)                                                                                                                                                                                                                                             | 1                   |
 |Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: 
 - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities 
 - Invaluable device vulnerability context during incident investigations 
 -  Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager 
 [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
 | Next-generation protection (NGP)        | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: 
 -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.   
 -  Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). 
 - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. 
 [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).                                                                                                                                                                                                                                                                                                                                                                       |3                   |
-| Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 4                   |
+| Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender ATP help protect the devices and applications in the organization from new and emerging threats. 
 [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 4                   |
 | Auto Investigation & Remediation (AIR)  | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. 
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable      |
 | Microsoft Threat Experts (MTE)          | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. 
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)                                                                                                                                                                                                                                                                                                                     | Not applicable      |
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index c95d5dc155..dfb227ec23 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -1,5 +1,5 @@
 ---
-title: Advanced Hunting with Powershell API Basics
+title: Advanced Hunting with PowerShell API Basics
 ms.reviewer: 
 description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using PowerShell.
 keywords: apis, supported apis, advanced hunting, query
@@ -27,7 +27,7 @@ ms.topic: article
 
 Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
 
-In this section we share PowerShell samples to retrieve a token and use it to run a query.
+In this section, we share PowerShell samples to retrieve a token and use it to run a query.
 
 ## Before you begin
 You first need to [create an app](apis-intro.md).
@@ -40,7 +40,7 @@ You first need to [create an app](apis-intro.md).
   Set-ExecutionPolicy -ExecutionPolicy Bypass
   ```
 
->For more details, see [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy)
+>For more information, see [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy)
 
 ## Get token
 
@@ -64,9 +64,9 @@ $aadToken = $response.access_token
 ```
 
 where
-- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
-- $appSecret: Secret of your AAD app
+- $tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
+- $appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- $appSecret: Secret of your Azure AD app
 
 ## Run query
 
@@ -88,7 +88,7 @@ $results = $response.Results
 $schema = $response.Schema
 ```
 
-- $results contains the results of your query
+- $results contain the results of your query
 - $schema contains the schema of the results of your query
 
 ### Complex queries
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index ad9c61aa16..55f4d1ec1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -28,13 +28,13 @@ ms.topic: article
 
 Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
 
-In this section we share Python samples to retrieve a token and use it to run a query.
+In this section, we share Python samples to retrieve a token and use it to run a query.
 
 >**Prerequisite**: You first need to [create an app](apis-intro.md).
 
 ## Get token
 
-- Run the following:
+- Run the following commands:
 
 ```
 
@@ -67,9 +67,9 @@ aadToken = jsonResponse["access_token"]
 ```
 
 where
-- tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
-- appSecret: Secret of your AAD app
+- tenantId: ID of the tenant on behalf of which you want to run the query (that is, the query will be run on the data of this tenant)
+- appId: ID of your Azure AD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP)
+- appSecret: Secret of your Azure AD app
 
 ## Run query
 
@@ -96,7 +96,7 @@ results = jsonResponse["Results"]
 ```
 
 - schema contains the schema of the results of your query
-- results contains the results of your query
+- results contain the results of your query
 
 ### Complex queries
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
index b95ecdb603..1373591e5d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
@@ -29,7 +29,7 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
 
-The **Service health** provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
+**Service health** provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see information such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
 
 You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status.
 
@@ -51,7 +51,7 @@ The **Current status** tab shows the current state of the Microsoft Defender ATP
 - Next steps
 - Expected resolution time
 
-Updates on the progress of an issue is reflected on the page as the issue gets resolved. You'll see updates on information such as an updated estimate resolution time or next steps.
+Updates on the progress of an issue are reflected on the page as the issue gets resolved. You'll see updates on information such as an updated estimate resolution time or next steps.
 
 When an issue is resolved, it gets recorded in the **Status history** tab.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
index e6ed78f7f8..2305bcbf00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
@@ -57,11 +57,11 @@ If while trying to take an action during a live response session, you encounter
 
 ## Slow live response sessions or delays during initial connections
 Live response leverages Microsoft Defender ATP sensor registration with WNS service in Windows. 
-If you are having connectivity issues with live response, please confirm the following:
-1. `notify.windows.com` is not blocked in your environment. For more information see, [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+If you are having connectivity issues with live response, confirm the following details:
+1. `notify.windows.com` is not blocked in your environment. For more information, see, [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 2. WpnService (Windows Push Notifications System Service) is not disabled.
 
-Please refer to the articles below to fully understand the WpnService service behavior and requirements:
+Refer to the articles below to fully understand the WpnService service behavior and requirements:
 - [Windows Push Notification Services (WNS) overview](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview)
 - [Enterprise Firewall and Proxy Configurations to Support WNS Traffic](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config)
 - [Microsoft Push Notifications Service (MPNS) Public IP ranges](https://www.microsoft.com/en-us/download/details.aspx?id=44535)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
index 16f93645cd..73945ccbcd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
@@ -36,15 +36,15 @@ If you receive an error message, Microsoft Defender Security Center will provide
 
 ## No subscriptions found
 
-If while accessing Microsoft Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (AAD) used to login the user to the portal, does not have a Microsoft Defender ATP license.
+If while accessing Microsoft Defender Security Center you get a **No subscriptions found** message, it means the Azure Active Directory (Azure AD) used to log in the user to the portal, does not have a Microsoft Defender ATP license.
 
 Potential reasons:
 - The Windows E5 and Office E5 licenses are separate licenses.
-- The license was purchased but not provisioned to this AAD instance.
+- The license was purchased but not provisioned to this Azure AD instance.
     - It could be a license provisioning issue.
-    - It could be you inadvertently provisioned the license to a different Microsoft AAD than the one used for authentication into the service.
+    - It could be you inadvertently provisioned the license to a different Microsoft Azure AD than the one used for authentication into the service.
 
-For both cases you should contact Microsoft support at [General Microsoft Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or
+For both cases, you should contact Microsoft support at [General Microsoft Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or
 [Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx).
 
 ![Image of no subscriptions found](images/atp-no-subscriptions-found.png)
@@ -63,16 +63,16 @@ You can choose to renew or extend the license at any point in time. When accessi
 ## You are not authorized to access the portal
 
 If you receive a **You are not authorized to access the portal**, be aware that Microsoft Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user.
-For more information see, [**Assign user access to the portal**](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection).
+For more information, see, [**Assign user access to the portal**](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection).
 
 ![Image of not authorized to access portal](images/atp-not-authorized-to-access-portal.png)
 
 ## Data currently isn't available on some sections of the portal
-If the portal dashboard, and other sections show an error message such as "Data currently isn't available":
+If the portal dashboard and other sections show an error message such as "Data currently isn't available":
 
 ![Image of data currently isn't available](images/atp-data-not-available.png)
 
-You'll need to allow the `securitycenter.windows.com` and all sub-domains under it. For example `*.securitycenter.windows.com`.
+You'll need to allow the `securitycenter.windows.com` and all subdomains under it. For example, `*.securitycenter.windows.com`.
 
 
 ## Portal communication issues
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index 386550279a..56d43dafc5 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -39,15 +39,15 @@ Microsoft Defender SmartScreen protects against phishing or malware websites and
 
 ## Benefits of Microsoft Defender SmartScreen
 
-Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
+Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially engineered attack. The primary benefits are:
 
 - **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
 
 - **Reputation-based URL and app protection.** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user.
 
-- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
+- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
 
-- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
+- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files.
 
 - **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md).
 
@@ -60,7 +60,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites
 
 If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more info, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide). 
 
-When submitting Microsoft Defender Smartscreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu.
+When submitting Microsoft Defender SmartScreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu.
 
 ![Windows Security, Microsoft Defender SmartScreen controls](images/Microsoft-defender-smartscreen-submission.png)
 
@@ -72,7 +72,7 @@ When submitting Microsoft Defender Smartscreen products, make sure to select **M
 When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
 
 ## Viewing Windows event logs for Microsoft Defender SmartScreen
-Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
+Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug login Event Viewer.
 
 Windows event log for SmartScreen is disabled by default, users can use Event Viewer UI to enable the log or use the command line to enable it:
 

From c28ac2bf0bf295e1501068b0f319a052e96fd177 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 2 Nov 2020 16:59:48 -0800
Subject: [PATCH 47/92] Update
 use-applocker-and-software-restriction-policies-in-the-same-domain.md

---
 ...software-restriction-policies-in-the-same-domain.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 828934ca43..4e49ccf26f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -69,7 +69,7 @@ The following table compares the features and functions of Software Restriction
 
 
 
Enforcement mode

-
SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file are allowed to run by default.

+
SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.

 
SRP can also be configured in the “allow list mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.

 
AppLocker by default works in the “allow list mode” where only those files are allowed to run for which there is a matching allow rule.

 
@@ -146,12 +146,12 @@ The following table compares the features and functions of Software Restriction
 
 
Support for rule exceptions

 
SRP does not support rule exceptions.

-
AppLocker rules can have exceptions which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.

+
AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.

 
 
 
Support for audit mode

 
SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.

-
AppLocker supports audit mode which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.

+
AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.

 
 
 
Support for exporting and importing policies

@@ -160,8 +160,8 @@ The following table compares the features and functions of Software Restriction
 
 
 
Rule enforcement

-
Internally, SRP rules enforcement happens in the user-mode which is less secure.

-
Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode which is more secure than enforcing them in the user-mode.

+
Internally, SRP rules enforcement happens in the user-mode, which is less secure.

+
Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.

 
 
 

From 3d4b6d88fdfeadfda1cd644a407fcf0fd1d2b10a Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 2 Nov 2020 17:56:17 -0800
Subject: [PATCH 48/92] acrolinx updates

---
 windows/security/threat-protection/TOC.md     |  2 +-
 .../intelligence/developer-info.md            | 29 -------------------
 .../virus-information-alliance-criteria.md    | 28 +++++++++++-------
 .../intelligence/virus-initiative-criteria.md | 14 ++++-----
 .../intelligence/worms-malware.md             | 10 +++----
 .../web-protection-monitoring.md              | 29 ++++++++++---------
 6 files changed, 47 insertions(+), 65 deletions(-)
 delete mode 100644 windows/security/threat-protection/intelligence/developer-info.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 7cb35259d5..c2913b23a2 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -753,7 +753,7 @@
 #### [Virus information alliance](intelligence/virus-information-alliance-criteria.md)
 #### [Microsoft virus initiative](intelligence/virus-initiative-criteria.md)
 #### [Coordinated malware eradication](intelligence/coordinated-malware-eradication.md)
-### [Information for developers](intelligence/developer-info.md)
+### [Information for developers]()
 #### [Software developer FAQ](intelligence/developer-faq.md)
 #### [Software developer resources](intelligence/developer-resources.md)
 
diff --git a/windows/security/threat-protection/intelligence/developer-info.md b/windows/security/threat-protection/intelligence/developer-info.md
deleted file mode 100644
index eb0ac99896..0000000000
--- a/windows/security/threat-protection/intelligence/developer-info.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Information for developers
-ms.reviewer: 
-description: This page provides answers to common questions we receive from software developers and other useful resources
-keywords: software, developer, faq, dispute, false-positive, classify, installer, software, bundler, blocking
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: ellevin
-author: levinec
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance  
-ms.topic: article
----
-
-# Information for developers
-
-Learn about the common questions we receive from software developers and get other developer resources such as detection criteria and file submissions.
-
-## In this section
-
-Topic | Description
-:---|:---
-[Software developer FAQ](developer-faq.md) | Provides answers to common questions we receive from software developers.
-[Developer resources](developer-resources.md) | Provides information about how to submit files and the detection criteria. Learn how to check your software against the latest security intelligence and cloud protection from Microsoft.
diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
index 5aded1e416..fa58868aa8 100644
--- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
@@ -18,21 +18,28 @@ ms.topic: article
 
 The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime.
 
-Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft, with the goal of improving protection for Microsoft customers.
+Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft. The goal is to improve protection for Microsoft customers.
 
 ## Better protection for customers against malware
 
-The VIA program gives members access to information that will help improve protection for Microsoft customers. For example, the program provides malware telemetry and samples to security product teams to identify gaps in their protection and prioritize new threat coverage.
+The VIA program gives members access to information that will help them improve protection. For example, the program provides malware telemetry and samples to security teams so they can identify gaps and prioritize new threat coverage.
 
-Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets and setting scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
+Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets. The data also helps set scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity.
 
 Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers.
 
 ## Becoming a member of VIA
 
-Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA). The criteria is designed to ensure that Microsoft is able to work with security software providers, security service providers, antimalware testing organizations, and other organizations involved in the fight against cybercrime to protect a broad range of customers.
+Microsoft has well-defined, objective, measurable, and tailored membership criteria for prospective members of the Virus Information Alliance (VIA).
 
-Members will receive information to facilitate effective malware detection, deterrence, and eradication. This includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
+The criteria is designed to ensure that Microsoft can work with the following groups to protect a broad range of customers:
+
+- Security software providers
+- Security service providers
+- Antimalware testing organizations
+- Other organizations involved in the fight against cybercrime
+
+Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable.
 
 VIA has an open enrollment for potential members.
 
@@ -43,11 +50,12 @@ To be eligible for VIA your organization must:
 1. Be willing to sign a non-disclosure agreement with Microsoft.
 
 2. Fit into one of the following categories:
-   * Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available.
-   * Your organization provides security services to Microsoft customers or for Microsoft products.
-   * Your organization publishes antimalware testing reports on a regular basis.
-   * Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
+
+    - Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available.
+    - Your organization provides security services to Microsoft customers or for Microsoft products.
+    - Your organization publishes antimalware testing reports on a regular basis.
+    - Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public.
 
 3. Be willing to sign and adhere to the VIA membership agreement.
 
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index a896140ce6..5f8f3c8139 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -19,13 +19,13 @@ ms.topic: article
 
 The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
 
-MVI members receive access to Windows APIs and other technologies including IOAV, AMSI and Cloud files. Members also get malware telemetry and samples and invitations to security related events and conferences.
+MVI members receive access to Windows APIs and other technologies including IOAV, AMSI, and Cloud files. Members also get malware telemetry and samples and invitations to security-related events and conferences.
 
 ## Become a member
 
-A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following eligibility requirements to qualify for the MVI program:
+You can request membership if you're a representative for an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following requirements to qualify for the MVI program:
 
-1. Offer an antimalware or antivirus product that is one of the following:
+1. Offer an antimalware or antivirus product that meets one of the following criteria:
 
    * Your organization's own creation.
    * Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
@@ -34,7 +34,7 @@ A request for membership is made by an individual as a representative of an orga
 
 3. Be active and have a positive reputation in the antimalware industry.
 
-   * Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
+   * Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT, or Gartner.
 
 4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
 
@@ -49,14 +49,14 @@ A request for membership is made by an individual as a representative of an orga
 Test Provider | Lab Test Type |	Minimum Level / Score
 ------------- |---------------|----------------------
 AV-Comparatives | Real-World Protection Test 
 https://www.av-comparatives.org/testmethod/real-world-protection-tests/ |“Approved” rating from AV Comparatives
-AV-Test | Must pass tests for Windows. Certifications for Mac and Linux are not accepted 
 https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved” (for corporate users)
+AV-Test | Must pass tests for Windows. Certifications for Mac and Linux aren't accepted 
 https://www.av-test.org/en/about-the-institute/certification/ | Achieve "AV-TEST Certified" (for home users) or "AV-TEST Approved” (for corporate users)
 ICSA Labs |	Endpoint Anti-Malware Detection 
 https://www.icsalabs.com/technology-program/anti-virus/criteria |PASS/Certified
 NSS Labs | Advanced Endpoint Protection AEP 3.0, which covers automatic threat prevention and threat event reporting capabilities 
 https://www.nsslabs.com/tested-technologies/advanced-endpoint-protection/ |“Neutral” rating from NSS
-SKD Labs | Certification Requirements Product: Anti-virus or Antimalware 
 http://www.skdlabs.com/html/english/ 
 http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5 % with On Demand, On Access and Total Detection tests 
+SKD Labs | Certification Requirements Product: Anti-virus or Antimalware 
 http://www.skdlabs.com/html/english/ 
 http://www.skdlabs.com/cert/ |SKD Labs Star Check Certification Requirements Pass >= 98.5% with On Demand, On Access and Total Detection tests 
 SE Labs | Protection A rating or Small Business EP A rating or Enterprise EP Protection A rating 
 https://selabs.uk/en/reports/consumers |Home or Enterprise “A” rating
 VB 100 |	VB100 Certification Test V1.1 
 https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/ | VB100 Certification
 West Coast Labs |	Checkmark Certified 
 http://www.checkmarkcertified.com/sme/  | “A” Rating on Product Security Performance
 
 ## Apply now
 
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). For questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md
index 04c8f8280f..ca62c08fd9 100644
--- a/windows/security/threat-protection/intelligence/worms-malware.md
+++ b/windows/security/threat-protection/intelligence/worms-malware.md
@@ -22,19 +22,19 @@ A worm is a type of malware that can copy itself and often spreads through a net
 
 ## How worms work
 
-Worms represent a large category of malware. Different worms use different methods to infect devices.  Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.
+Worms represent a large category of malware. Different worms use different methods to infect devices. Depending on the variant, they can steal sensitive information, change security settings, send information to malicious hackers, stop users from accessing files, and other malicious activities.
 
-Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.
+Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infects users running Microsoft software. Although these worms share some commonalities, it's interesting to note that they also have distinct characteristics.
 
 * **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a device from a drive-by download attack, meaning it's installed when users just visit a compromised web page.
 
-* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
+* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a device, it becomes a distribution channel for other malware. We’ve seen it distribute other malware such as info stealers, spammers, clickers, downloaders, and rogues.
 
 * **Bondat** typically arrives through fictitious Nullsoft Scriptable Install System (NSIS), Java installers, and removable drives. When Bondat infects a system, it gathers information about the machine such as device name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
 
-Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing, they try to avoid detection by security software.
+Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they're doing, they try to avoid detection by security software.
 
-* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (e.g. ransomware).
+* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (like ransomware).
 
 This image shows how a worm can quickly spread through a shared USB drive.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
index bcceac7999..071d86602f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
@@ -21,16 +21,15 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
 
 Web protection lets you monitor your organization’s web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics.
 
-- **Web threat protection detections over time** — this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
+- **Web threat protection detections over time** - this trending card displays the number of web threats detected by type during the selected time period (Last 30 days, Last 3 months, Last 6 months)
  
     ![Image of the card showing web threats protection detections over time](images/wtp-blocks-over-time.png)
 
-- **Web threat protection summary** — this card displays the total web threat detections in the past 30 days, showing distribution across the different types of web threats. Selecting a slice opens the list of the domains that were found with malicious or unwanted websites.
+- **Web threat protection summary** - this card displays the total web threat detections in the past 30 days, showing distribution across the different types of web threats. Selecting a slice opens the list of the domains that were found with malicious or unwanted websites.
 
     ![Image of the card showing web threats protection summary](images/wtp-summary.png)
 
@@ -38,23 +37,27 @@ Web protection lets you monitor your organization’s web browsing security thro
 >It can take up to 12 hours before a block is reflected in the cards or the domain list.
 
 ## Types of web threats
+
 Web protection categorizes malicious and unwanted websites as:
-- **Phishing** — websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
-- **Malicious** — websites that host malware and exploit code
-- **Custom indicator** — websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
+
+- **Phishing** - websites that contain spoofed web forms and other phishing mechanisms designed to trick users into divulging credentials and other sensitive information
+- **Malicious** - websites that host malware and exploit code
+- **Custom indicator** - websites whose URLs or domains you've added to your [custom indicator list](manage-indicators.md) for blocking
 
 ## View the domain list
-Select a specific web threat category in the **Web threat protection summary** card to open the **Domains** page and display the list of the domains under that threat category. The page provides the following information for each domain:
 
-- **Access count** — number of requests for URLs in the domain
-- **Blocks** — number of times requests were blocked
-- **Access trend** — change in number of access attempts
-- **Threat category** — type of web threat
-- **Devices** — number of devices with access attempts
+Select a specific web threat category in the **Web threat protection summary** card to open the **Domains** page. This page displays the list of the domains under that threat category. The page provides the following information for each domain:
 
-Select a domain to view the list of devices that have attempted to access URLs in that domain as well as the list of URLs.
+- **Access count** - number of requests for URLs in the domain
+- **Blocks** - number of times requests were blocked
+- **Access trend** - change in number of access attempts
+- **Threat category** - type of web threat
+- **Devices** - number of devices with access attempts
+
+Select a domain to view the list of devices that have attempted to access URLs in that domain and the list of URLs.
 
 ## Related topics
+
 - [Web protection overview](web-protection-overview.md)
 - [Web content filtering](web-content-filtering.md)
 - [Web threat protection](web-threat-protection.md)

From 40c4692859753f354534805943c264910b8acabf Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 2 Nov 2020 18:02:39 -0800
Subject: [PATCH 49/92] remove developer info

---
 windows/security/threat-protection/intelligence/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/intelligence/TOC.md b/windows/security/threat-protection/intelligence/TOC.md
index 18ea7845de..9919f7d8d2 100644
--- a/windows/security/threat-protection/intelligence/TOC.md
+++ b/windows/security/threat-protection/intelligence/TOC.md
@@ -48,7 +48,7 @@
 
 ### [Coordinated malware eradication](coordinated-malware-eradication.md)
 
-## [Information for developers](developer-info.md)
+## [Information for developers]()
 
 ### [Software developer FAQ](developer-faq.md)
 

From 471d92e84677041910191a34b7ada7b64b37d874 Mon Sep 17 00:00:00 2001
From: Ben 
Date: Tue, 3 Nov 2020 12:30:13 +0200
Subject: [PATCH 50/92] Update machine.md

Added Informational type for riskScore
---
 .../threat-protection/microsoft-defender-atp/machine.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 4fbc97c8a3..e2c6f6756f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -59,7 +59,7 @@ lastExternalIpAddress | String | Last IP through which the [machine](machine.md)
 healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
-riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
 exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.

From 2f270cf0d3ac60776945dd2883002bdf2f4d7554 Mon Sep 17 00:00:00 2001
From: Sinead O'Sullivan 
Date: Tue, 3 Nov 2020 10:35:53 +0000
Subject: [PATCH 51/92] update to ms.author

---
 .../privacy/changes-to-windows-diagnostic-data-collection.md    | 2 +-
 ...essor-service-for-windows-enterprise-public-preview-terms.md | 2 +-
 windows/privacy/deploy-data-processor-service-windows.md        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index fe1e8ae442..218ce9d25c 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 audience: ITPro
-ms.author: daniha
+ms.author: siosulli
 author: DaniHalfin
 manager: dansimp
 ms.collection: M365-security-compliance
diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
index 11aacc5fb8..20b56e6e79 100644
--- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
+++ b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md
@@ -8,7 +8,7 @@ ms.prod: w10
 ms.topic: article
 f1.keywords:
 - NOCSH
-ms.author: daniha
+ms.author: siosulli
 author: DaniHalfin
 manager: dansimp
 audience: itpro
diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md
index 66bb8268c7..76db1e584d 100644
--- a/windows/privacy/deploy-data-processor-service-windows.md
+++ b/windows/privacy/deploy-data-processor-service-windows.md
@@ -8,7 +8,7 @@ ms.prod: w10
 ms.topic: article
 f1.keywords:
 - NOCSH
-ms.author: daniha
+ms.author: siosulli
 author: DaniHalfin
 manager: dansimp
 audience: itpro

From 65d9371d2501cda5b262fe5c3892061ea2826bb9 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 08:00:22 -0700
Subject: [PATCH 52/92] acrolinx fixes

---
 .../cortana-at-work-scenario-2.md             |  2 +-
 windows/configuration/kiosk-mdm-bridge.md     |  6 +--
 windows/configuration/kiosk-xml.md            |  8 ++--
 .../start-layout-troubleshoot.md              | 37 ++++++++++---------
 4 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index cd8da63e37..d4e6253873 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -20,7 +20,7 @@ manager: dansimp
 
 Cortana will respond with the information from Bing.
 
-:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderbad":::
+:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderabad":::
 
 >[!NOTE]
 >This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](https://docs.microsoft.com/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10#set-up-and-configure-the-bing-answers-feature).
\ No newline at end of file
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 51eeccc08b..ff85a3537a 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -1,6 +1,6 @@
 ---
 title: Use MDM Bridge WMI Provider to create a Windows 10 kiosk (Windows 10)
-description: Environments that use Windows Management Instrumentation (WMI)can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
+description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 ms.reviewer: 
 manager: dansimp
@@ -22,9 +22,9 @@ ms.topic: article
 
 -   Windows 10 Pro, Enterprise, and Education
 
-Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. See [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) for more details about using a PowerShell script to configure AssignedAccess. 
+Environments that use [Windows Management Instrumentation (WMI)](https://msdn.microsoft.com/library/aa394582.aspx) can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). 
 
-Here’s an example to set AssignedAccess configuration:
+Here's an example to set AssignedAccess configuration:
 
 1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).  
 2. Run `psexec.exe -i -s cmd.exe`.
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index f09e5ee991..c0eb573c32 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -255,7 +255,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
 ```
 
 ## [Preview] Global Profile Sample XML
-Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lock down mode, or used as mitigation when a profile cannot be determined for an user.
+Global Profile is currently supported in Windows 10 Insider Preview (20H1 builds). Global Profile is designed for scenarios where a user does not have a designated profile, yet IT Admin still wants the user to run in lockdown mode, or used as mitigation when a profile cannot be determined for a user.
 
 This sample demonstrates that only a global profile is used, no active user configured. Global profile will be applied when every non-admin account logs in 
 ```xml
@@ -309,7 +309,7 @@ This sample demonstrates that only a global profile is used, no active user conf
 
 ```
 
-Below sample shows dedicated profile and global profile mixed usage, aauser would use one profile, everyone else that's non-admin will use another profile.
+Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile.
 ```xml
 
 
@@ -889,7 +889,7 @@ Schema for Windows 10 Insider Preview (19H2, 20H1 builds)
 
 ```
 
-To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the auto-launch feature which is added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
+To authorize a compatible configuration XML that includes elements and attributes from Windows 10, version 1809 or newer, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. For example, to configure the autolaunch feature that was added in Windows 10, version 1809, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10, version 1809, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline.
 ```xml
 [!NOTE]
 >You cannot stop this automatic service when machine is running (C:\windows\system32\svchost.exe -k DcomLaunch -p).
@@ -179,17 +180,17 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 **Cause**: There was a change in the All Apps list between Windows 10, versions 1511 and 1607. These changes mean the original Group Policy and corresponding registry key no longer apply.
 
-**Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates.
+**Resolution**: This issue was resolved in the June 2017 updates. Update Windows 10, version 1607, to the latest cumulative or feature updates.
 
 >[!NOTE]
 >When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**.
 
 
-### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start Menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
+### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted
 
 ![Screenshots that show download icons on app tiles and missing app tiles](images/start-ts-2.png)
 
-**Cause**: This is a known issue where the first-time logon experience is not detected and does not trigger the install of some Apps.
+**Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps.
 
 **Resolution**: This issue has been fixed for Windows 10, version 1709 in [KB 4089848](https://support.microsoft.com/help/4089848) March 22, 2018—KB4089848 (OS Build 16299.334)
 
@@ -202,7 +203,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
   - Event ID 22 is logged when the xml is malformed, meaning the specified file simply isn’t valid xml.
   - When editing the xml file, it should be saved in UTF-8 format.
 
-- Unexpected information: This occurs when possibly trying to add a tile via unexpected or undocumented method.
+- Unexpected information: This occurs when possibly trying to add a tile via an unexpected or undocumented method.
   - **Event ID: 64** is logged when the xml is valid but has unexpected values.
   - For example: The following error occurred while parsing a layout xml file: The attribute 'LayoutCustomizationRestrictiontype' on the element '{http://schemas.microsoft.com/Start/2014/LayoutModification}DefaultLayoutOverride' is not defined in the DTD/Schema.
 

From 41c67c26fc97a966993b0a65c66d431f5f43fd23 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 09:29:32 -0700
Subject: [PATCH 53/92] Acrolinx fixes

---
 .../start-layout-troubleshoot.md              |  28 +--
 ...anage-administrative-backup-and-restore.md |  12 +-
 .../ue-v/uev-release-notes-1607.md            |  12 +-
 windows/configuration/wcd/wcd-accounts.md     |   4 +-
 windows/configuration/wcd/wcd-maps.md         |   6 +-
 .../configuration/wcd/wcd-personalization.md  |   8 +-
 ...ata-windows-analytics-events-and-fields.md |  70 +++----
 .../privacy/windows-diagnostic-data-1703.md   |  44 ++---
 windows/privacy/windows-diagnostic-data.md    | 186 +++++++++---------
 9 files changed, 185 insertions(+), 185 deletions(-)

diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 9e010d7114..f373bc8c78 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -19,7 +19,7 @@ Start failures can be organized into these categories:
 - **Deployment/Install issues** - Easiest to identify but difficult to recover. This failure is consistent and usually permanent. Reset, restore from backup, or rollback to recover.
 - **Performance issues** - More common with older hardware, low-powered machines. Symptoms include: High CPU utilization, disk contention, memory resources. This makes Start very slow to respond. Behavior is intermittent depending on available resources.
 - **Crashes** - Also easy to identify. Crashes in Shell Experience Host or related can be found in System or Application event logs. This can be a code defect or related to missing or altered permissions to files or registry keys by a program or incorrect security tightening configurations. Determining permissions issues can be time consuming but a [SysInternals tool called Procmon](https://docs.microsoft.com/sysinternals/downloads/procmon) will show **Access Denied**. The other option is to get a dump of the process when it crashes and depending on comfort level, review the dump in the debugger, or have support review the data.
-- **Hangs** in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
+- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
 - **Other issues** - Customization, domain policies, deployment issues.
 
 ## Basic troubleshooting
@@ -46,7 +46,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window
 
     Failure messages will appear if they aren't installed
 
-- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. There is no supported method to install Start Appx files. The results are often problematic and unreliable.
+- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable.
 
 ### Check if Start is running
 
@@ -209,11 +209,11 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 XML files can and should be tested locally on a Hyper-V or other virtual machine before deployment or application by Group Policy
 
-### Symptom: Start menu no longer works after a PC is refreshed using F12 during start up 
+### Symptom: Start menu no longer works after a PC is refreshed using F12 during startup 
 
-**Description**: If a user is having problems with a PC, is can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at start up. Refreshing the PC finishes, but Start Menu is not accessible.
+**Description**: If a user is having problems with a PC, it can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at startup. Refreshing the PC finishes, but Start Menu is not accessible.
 
-**Cause**: This is a known issue and has been resolved in a cumulative update released August 30th 2018. 
+**Cause**: This issue is known and was resolved in a cumulative update released August 30, 2018. 
 
 **Resolution**: Install corrective updates; a fix is included in the [September 11, 2018-KB4457142 release](https://support.microsoft.com/help/4457142).
 
@@ -233,7 +233,7 @@ Specifically, behaviors include
 - Applications (apps or icons) pinned to the start menu are missing.
 - Entire tile window disappears.
 - The start button fails to respond.
-- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
+- If a new roaming user is created, the first sign-in appears normal, but on subsequent sign-ins, tiles are missing.
 
 
 ![Example of a working layout](images/start-ts-3.png)
@@ -262,12 +262,12 @@ After the upgrade the user pinned tiles are missing:
 
   ![Example of Start screen with previously pinned tiles missing](images/start-ts-6.png)
  
-Additionally, users may see blank tiles if logon was attempted without network connectivity.
+Additionally, users may see blank tiles if sign-in was attempted without network connectivity.
 
   ![Example of blank tiles](images/start-ts-7.png)
  
 
-**Resolution**: This is fixed in [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
+**Resolution**: This issue was fixed in the [October 2017 update](https://support.microsoft.com/en-us/help/4041676).
 
 ### Symptom: Tiles are missing after upgrade from Windows 10, version 1607 to version 1709 for users with Roaming User Profiles (RUP) enabled and managed Start Menu layout with partial lockdown
 
@@ -279,13 +279,13 @@ Additionally, users may see blank tiles if logon was attempted without network c
 
 ### Symptom: Start Menu issues with Tile Data Layer corruption 
 
-**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)). 
+**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) 
 
 **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed.
 
-1. The App or Apps work fine when you click on the tiles.
+1. The App or Apps work fine when you select the tiles.
 2. The tiles are blank, have a generic placeholder icon, have the wrong or strange title information.
-3. The app is missing, but listed as installed via Powershell and works if you launch via URI.
+3. The app is missing, but listed as installed via PowerShell and works if you launch via URI.
    - Example: `windows-feedback://`
 4. In some cases, Start can be blank, and Action Center and Cortana do not launch.
 
@@ -302,9 +302,9 @@ Although a reboot is not required, it may help clear up any residual issues afte
 
 ### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed
 
-**Description** Start Menu, Search and Apps do not start after you upgrade a Windows 7-based computer that has Symantec Endpoint Protection installed to Windows 10 version 1809.
+**Description**: Start menu, Search, and Apps do not start after you upgrade a computer running Windows 7 that has Symantec Endpoint Protection installed to Windows 10 version 1809.
 
-**Cause** This occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
+**Cause**: This problem occurs because of a failure to load sysfer.dll.  During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
 
 **Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168).
 
@@ -322,7 +322,7 @@ If you have already encountered this issue, use one of the following two options
 
 4. Confirm that **All Application Packages** group is missing.
 
-5. Click **Edit**, and then click **Add** to add the group.
+5. Select **Edit**, and then select **Add** to add the group.
 
 6. Test Start and other Apps.
 
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 375f826703..f953320ab4 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -24,7 +24,7 @@ As an administrator of User Experience Virtualization (UE-V), you can restore ap
 ## Restore Settings in UE-V when a User Adopts a New Device
 
 
-To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
+To restore settings when a user adopts a new device, you can put a settings location template in a **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This setup lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To back up settings for a template, use the following cmdlet in Windows PowerShell:
 
 ```powershell
 Set-UevTemplateProfile -ID  -Profile 
@@ -50,7 +50,7 @@ As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to t
 
 ### How to Backup/Restore Templates with UE-V
 
-These are the key backup and restore components of UE-V:
+Here are the key backup and restore components of UE-V:
 
 -   Template profiles
 
@@ -74,7 +74,7 @@ All templates are included in the roaming profile when registered unless otherwi
 
 Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location.
 
-Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
+Templates designated BackupOnly include settings specific to that device that shouldn't be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
 
 **Settings packages location within the Settings Storage Location template**
 
@@ -90,10 +90,10 @@ Restoring a user’s device restores the currently registered Template’s setti
 
 -   **Automatic restore**
 
-    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device.
+    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user signs in to a new device for the first time and these criteria are met, the settings data is applied to that device.
 
     **Note**  
-    Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied.
+    Accessibility and Windows Desktop settings require the user to sign in again to Windows to be applied.
 
 
 
@@ -104,7 +104,7 @@ Restoring a user’s device restores the currently registered Template’s setti
 ## Restore Application and Windows Settings to Original State
 
 
-WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system.
+WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user signs in to the operating system.
 
 **To restore application settings and Windows settings with Windows PowerShell for UE-V**
 
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 663afd38eb..7c5805ff7d 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -37,7 +37,7 @@ Administrators can still define which user-customized application settings can s
 
 ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
 
-Version 1.0 of UE-V used Offline Files (Client Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
+Version 1.0 of UE-V used Offline Files (Client-Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
 
 WORKAROUND: Remove the UE-V 1.0 sync folder from the Offline Files configuration and then upgrade to the in-box version of UE-V for Windows, version 1607 release.
 
@@ -55,13 +55,13 @@ WORKAROUND: To resolve this problem, run the application by selecting one of the
 
 ### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
 
-When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
 
 WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
 
-### Uninstall and re-install of Windows 8 applications reverts settings to initial state
+### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
 
-While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gather the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
 
 WORKAROUND: None.
 
@@ -85,7 +85,7 @@ WORKAROUND: Use folder redirection or some other technology to ensure that any f
 
 ### Long Settings Storage Paths could cause an error
 
-Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
+Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + "settingspackages" + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
 
 \[boost::filesystem::copy\_file: The system cannot find the path specified\]
 
@@ -95,7 +95,7 @@ WORKAROUND: None.
 
 ### Some operating system settings only roam between like operating system versions
 
-Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
 
 WORKAROUND: None
 
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 6a6265ee5a..d39c37513b 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -45,7 +45,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
 | --- | --- | --- |
 | Account | string  | Account to use to join computer to domain  |
 | AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com.  | Name of organizational unit for the computer account  |
-| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer less than 15 digits long, or using %SERIAL% characters in the name.

ComputerName is a string with a maximum length of 15 bytes of content:

- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.

- ComputerName cannot use spaces or any of the following characters: \{ | \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.

- ComputerName cannot use some non-standard characters, such as emoji.

Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
+| ComputerName | Specify a unique name for the domain-joined computers using %RAND:x%, where x is an integer that includes fewer than 15 digits, or using %SERIAL% characters in the name.

ComputerName is a string with a maximum length of 15 bytes of content:

- ComputerName can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.

- ComputerName cannot use spaces or any of the following characters: \{ | \} ~ \[ \\ \] ^ ' : ; < = > ? @ ! " \# $ % ` \( \) + / . , \* &, or contain any spaces.

- ComputerName cannot use some non-standard characters, such as emoji.

 Computer names that cannot be validated through the DnsValidateName function cannot be used, for example, computer names that only contain numbers (0-9). For more information, see the [DnsValidateName function](https://go.microsoft.com/fwlink/?LinkId=257040). | Specifies the name of the Windows device (computer name on PCs)  |
 | DomainName | string (cannot be empty) | Specify the name of the domain that the device will join  |
 | Password | string (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain.  |
 
@@ -56,6 +56,6 @@ Use these settings to add local user accounts to the device.
 | Setting | Value | Description |
 | --- | --- | --- |
 | UserName | string (cannot be empty)  | Specify a name for the local user account  |
-| HomeDir | string (cannot be ampty) | Specify the path of the home directory for the user |
+| HomeDir | string (cannot be empty) | Specify the path of the home directory for the user |
 | Password | string (cannot be empty)  | Specify the password for the user account |
 | UserGroup | string (cannot be empty) | Specify the local user group for the user |
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index d50b2c93ed..c8d1a683fb 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -27,7 +27,7 @@ Use for settings related to Maps.
 
 ## ChinaVariantWin10
 
-Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used, which are obtained from a server located in China.
+Use **ChinaVariantWin10** to specify that the Windows device is intended to ship in China. When set to **True**, maps approved by the State Bureau of Surveying and Mapping in China are used. These maps are obtained from a server located in China.
 
 This customization may result in different maps, servers, or other configuration changes on the device.
 
@@ -38,7 +38,7 @@ Use to store map data on an SD card.
 
 Map data is used by the Maps application and the map control for third-party applications. This data can be store on an SD card, which provides the advantage of saving internal memory space for user data and allows the user to download more offline map data. Microsoft recommends enabling the **UseExternalStorage** setting on devices that have less than 8 GB of user storage and an SD card slot.
 
-You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If an SD card is not present, users can still view and cache maps, but they will not be able to download a region of offline maps until an SD card is inserted.
+You can use **UseExternalStorage** whether or not you include an SD card with preloaded map data on the phone. If set to **True**, the OS only allows the user to download offline maps when an SD card is present. If no SD card is present, users can view and cache maps, but they can't download a region of offline maps until an SD card is inserted.
 
 If set to **False**, map data will always be stored on the internal data partition of the device.
 
@@ -47,4 +47,4 @@ If set to **False**, map data will always be stored on the internal data partiti
 
 ## UseSmallerCache
 
-Do not use.
+Don't use this setting.
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index c452d22dbc..2bd33a11a5 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -27,20 +27,20 @@ Use to configure settings to personalize a PC.
 
 ## DeployDesktopImage
 
-Deploy a jpg, jpeg or png image to the device to be used as desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
 
 When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different. 
 
 ## DeployLockScreenImage
 
-Deploy a jpg, jpeg or png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
+Deploy a .jpg, .jpeg, or .png image to the device to be used as lock screen image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [LockScreenImageUrl](#lockscreenimageurl).
 
 When using [DeployDesktopImage](#deploydesktopimage) and **DeployLockScreenImageFile**, the file names need to be different.
 
 ## DesktopImageUrl
 
-Specify a jpg, jpeg or png image to be used as desktop image. This setting can take a http or https url to a remote image to be downloaded or a file url to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
+Specify a .jpg, .jpeg, or .png image to be used as desktop image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to a local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployDesktopImage](#deploydesktopimage).
 
 ## LockScreenImageUrl
 
-Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).
+Specify a .jpg, .jpeg, or .png image to be used as Lock Screen Image. This setting can take an HTTP or HTTPS URL to a remote image to be downloaded or a file URL to an existing local image. If you have a local file and want to embed it into the package being deployed, you also set [DeployLockScreenImage](#deploylockscreenimage).
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
index 41c5fa5a8a..4188fd5ad3 100644
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@@ -30,7 +30,7 @@ ms.reviewer:
 
 Desktop Analytics reports are powered by diagnostic data not included in the Basic level.
 
-In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only the events described below. The Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
 With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
 
@@ -48,7 +48,7 @@ The following fields are available:
 - **GhostCount_Sum:** Total number of instances where the application stopped responding
 - **HandleCountAtExit_Sum:** Total handle count for a process when it exits
 - **HangCount_Max:** Maximum number of hangs detected
-- **HangCount_Sum:** Total number of application hangs detected
+- **HangCount_Sum:** Total number of application hangs that are detected
 - **HardFaultCountAtExit_Sum:** Total number of hard page faults detected for a process when it exits
 - **HeartbeatCount:** Heartbeats logged for this summary
 - **HeartbeatSuspendedCount:** Heartbeats logged for this summary where the process was suspended
@@ -68,7 +68,7 @@ The following fields are available:
 - **WriteSizeInKBAtExit_Sum:** Total size of IO writes for a process when it exited          
 
 ## Microsoft.Office.TelemetryEngine.IsPreLaunch
-Applicable for Office UWP applications. This event is fired when an office application is initiated for the first-time post upgrade/install from the store. This is part of basic diagnostic data, used to track whether a particular session is launch session or not.
+Applicable for Office UWP applications. This event is fired when an Office application is initiated for the first-time post upgrade/install from the store. It's part of basic diagnostic data. It's used to track whether a particular session is a launch session or not.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
@@ -77,10 +77,10 @@ Applicable for Office UWP applications. This event is fired when an office appli
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.SessionIdProvider.OfficeProcessSessionStart
-This event sends basic information upon the start of a new Office session. This is used to count the number of unique sessions seen on a given device. This is used as a heartbeat event to ensure that the application is running on a device or not. In addition, it serves as a critical signal for overall application reliability.
+This event sends basic information upon the start of a new Office session. It's used to count the number of unique sessions seen on a given device. The event is used as a heartbeat event to ensure that the application is running on a device. In addition, it serves as a critical signal for overall application reliability.
 
-- **AppSessionGuid:** ID of the session which maps to the process of the application
-- **processSessionId:** ID of the session which maps to the process of the application
+- **AppSessionGuid:** ID of the session that maps to the process of the application
+- **processSessionId:** ID of the session that maps to the process of the application
 
 ## Microsoft.Office.TelemetryEngine.SessionHandOff
 Applicable to Win32 Office applications. This event helps us understand whether there was a new session created to handle a user-initiated file open event. It is a critical diagnostic information that is used to derive reliability signal and ensure that the application is working as expected.
@@ -89,7 +89,7 @@ Applicable to Win32 Office applications. This event helps us understand whether
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **childSessionID:** Id of the session that was created to handle the user initiated file open
+- **childSessionID:** ID of the session that was created to handle the user initiated file open
 - **parentSessionId:** ID of the session that was already running
 
 ## Microsoft.Office.CorrelationMetadata.UTCCorrelationMetadata
@@ -102,15 +102,15 @@ Collects Office metadata through UTC to compare with equivalent data collected t
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRevision:** Fourth part of the version *.*.*.XXXXX
-- **audienceGroup:** Is this part of the insiders or production
+- **audienceGroup:** Is this group part of the insiders or production?
 - **audienceId:** ID of the audience setting
 - **channel:** Are you part of Semi annual channel or Semi annual channel-Targeted?
-- **deviceClass:** Is this a desktop or a mobile?
+- **deviceClass:** Is this device a desktop device or a mobile device?
 - **impressionId:** What features were available to you in this session
 - **languageTag:** Language of the app
 - **officeUserID:** A unique identifier tied to the office installation on a particular device.
 - **osArchitecture:** Is the machine 32 bit or 64 bit?
-- **osEnvironment:** Is this a win32 app or a UWP app?
+- **osEnvironment:** Is this app a win32 app or a UWP app?
 - **osVersionString:** Version of the OS
 - **sessionID:** ID of the session
 
@@ -131,7 +131,7 @@ This event is fired when the telemetry engine within an office application is re
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.FirstProcessed
@@ -141,7 +141,7 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.FirstRuleRequest
@@ -151,7 +151,7 @@ This event is fired when the telemetry engine within an office application has r
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.Init
@@ -161,18 +161,18 @@ This event is fired when the telemetry engine within an office application has b
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.Resume
-This event is fired when the application resumes from sleep state. Used for understanding whether there are issues in the application life-cycle.
+This event is fired when the application resumes from sleep state. Used for understanding whether there are issues in the application life cycle.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -183,7 +183,7 @@ This event is fired when the telemetry engine within an office application fails
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.RuleRequestFailedDueToClientOffline
@@ -193,7 +193,7 @@ This event is fired when the telemetry engine within an office application fails
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **SessionID:** ID of the session
 
 ## Microsoft.Office.TelemetryEngine.ShutdownComplete
@@ -204,7 +204,7 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -215,7 +215,7 @@ This event is fired when the telemetry engine within an office application been
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 
@@ -227,26 +227,26 @@ This event is fired when the telemetry engine within an office application has p
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 - **SuspendType:** Type of suspend
 
 ## Microsoft.Office.TelemetryEngine.SuspendStart
-This event is fired when the office application suspends as per app life-cycle change. Used for understanding whether there are issues in the application life-cycle.
+This event is fired when the office application suspends as per app life-cycle change. Used for understanding whether there are issues in the application life cycle.
 
 - **appVersionBuild:** Third part of the version *.*.XXXXX.*
 - **appVersionMajor:** First part of the version X.*.*.*
 - **appVersionMinor:** Second part of the version *.X.*.*
 - **appVersionRev:** Fourth part of the version *.*.*.XXXXX
 - **maxSequenceIdSeen:** How many events from this session have seen so far?
-- **officeUserID:** This is an ID of the installation tied to the device. It does not map to a particular user
+- **officeUserID:** ID of the installation tied to the device. It does not map to a particular user
 - **rulesSubmittedBeforeResume:** How many events were submitted before the process was resumed?
 - **SessionID:** ID of the session
 - **SuspendType:** Type of suspend
 
 ## Microsoft.OSG.OSS.CredProvFramework.ReportResultStop
-This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Desktop Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
+This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve sign-in reliability. Using this event with Desktop Analytics can help organizations monitor and improve sign-in success for different methods (for example, biometric) on managed devices.
 
 The following fields are available:
 
@@ -262,11 +262,11 @@ The following fields are available:
 - **ReturnCode:** Output of the ReportResult function
 - **SessionId:** Session identifier
 - **Sign-in error status:** The sign-in error status
-- **SubStatus:** Sign-in error sub-status
+- **SubStatus:** Sign-in error substatus
 - **UserTag:** Count of the number of times a user has selected a provider
 
 ## Microsoft.Windows.Kernel.Power.OSStateChange
-This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can use this to monitor reliability and performance of managed devices
+This event denotes the transition between operating system states (On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can monitor reliability and performance of managed devices.
 
 The following fields are available:
 
@@ -281,10 +281,10 @@ The following fields are available:
 - **EnergyChangeV2Flags:** Flags for disambiguating EnergyChangeV2 context
 - **EventSequence:** A sequential number used to evaluate the completeness of the data
 - **LastStateTransition:** ID of the last operating system state transition
-- **LastStateTransitionSub:** ID of the last operating system sub-state transition
+- **LastStateTransitionSub:** ID of the last operating system substate transition
 - **StateDurationMS:** Number of milliseconds spent in the last operating system state
 - **StateTransition:** ID of the operating system state the system is transitioning to
-- **StateTransitionSub:** ID of the operating system sub-state the system is transitioning to
+- **StateTransitionSub:** ID of the operating system substate the system is transitioning to
 - **TotalDurationMS:** Total time (in milliseconds) spent in all states since the last boot
 - **TotalUptimeMS:** Total time (in milliseconds) the device was in Up or Running states since the last boot
 - **TransitionsToOn:** Number of transitions to the Powered On state since the last boot
@@ -305,7 +305,7 @@ Sends details about any error codes detected during a failed sign-in.
 The following fields are available:
 
 - **ntsStatus:** The NTSTATUS error code status returned from an attempted sign-in
-- **ntsSubstatus:** The NTSTATUS error code sub-status returned from an attempted sign-in 
+- **ntsSubstatus:** The NTSTATUS error code substatus returned from an attempted sign-in 
 
 ## Microsoft.Windows.Security.Biometrics.Service.BioServiceActivityCapture
 Indicates that a biometric capture was compared to known templates
@@ -327,7 +327,7 @@ The following field is available:
 - **ticksSinceBoot:** Duration of boot event (milliseconds)
 
 ## Microsoft.Windows.Shell.Desktop.LogonFramework.AllLogonTasks
-This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics organizations can help identify logon problems on managed devices.
+This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics, organizations can help identify logon problems on managed devices.
 
 The following fields are available:
 
@@ -341,7 +341,7 @@ The following fields are available:
 - **wilActivity:** Indicates errors in the task to help Microsoft improve reliability.
 
 ## Microsoft.Windows.Shell.Desktop.LogonFramework.LogonTask
-This event describes system tasks which are part of the user logon sequence and helps Microsoft to improve reliability.
+This event describes system tasks that are part of the user logon sequence and helps Microsoft to improve reliability.
 
 The following fields are available:
 
@@ -359,7 +359,7 @@ For a device subject to Windows Information Protection policy, learning events a
 The following fields are available:
 
 - **actiontype:** Indicates what type of resource access the app was attempting (for example, opening a local document vs. a network resource) when it encountered a policy boundary. Useful for Windows Information Protection administrators to tune policy rules.
-- **appIdType:** Based on the type of application, this indicates what type of app rule a Windows Information Protection administrator would need to create for this app.
+- **appIdType:** Based on the type of application, this field indicates what type of app rule a Windows Information Protection administrator would need to create for this app.
 - **appname:** App that triggered the event
 - **status:** Indicates whether errors occurred during WIP learning events
 
@@ -397,11 +397,11 @@ The following fields are available:
 - **MonitorWidth:** Number of horizontal pixels in the application host monitor resolution
 - **MouseInputSec:** Total number of seconds during which there was mouse input
 - **NewProcessCount:** Number of new processes contributing to the aggregate
-- **PartATransform_AppSessionGuidToUserSid:** Flag which influences how other parts of the event are constructed
+- **PartATransform_AppSessionGuidToUserSid:** Flag that influences how other parts of the event are constructed
 - **PenInputSec:** Total number of seconds during which there was pen input
 - **SpeechRecognitionSec:** Total number of seconds of speech recognition
 - **SummaryRound:** Incrementing number indicating the round (batch) being summarized
-- **TargetAsId:** Flag which influences how other parts of the event are constructed
+- **TargetAsId:** Flag that influences how other parts of the event are constructed
 - **TotalUserOrDisplayActiveDurationMS:** Total time the user or the display was active (in milliseconds)
 - **TouchInputSec:** Total number of seconds during which there was touch input
 - **UserActiveDurationMS:** Total time that the user was active including all input methods
@@ -415,7 +415,7 @@ The following fields are available:
 ## Revisions
 
 ### PartA_UserSid removed
-A previous revision of this list stated that a field named PartA_UserSid was a member of the event Microsoft.Windows.LogonController.LogonAndUnlockSubmit. This was incorrect. The list has been updated to reflect that no such field is present in the event.
+A previous revision of this list stated that a field named PartA_UserSid was a member of the event Microsoft.Windows.LogonController.LogonAndUnlockSubmit. This statement was incorrect. The list has been updated to reflect that no such field is present in the event.
 
 ### Office events added
 In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 16 events were added, describing Office app launch and availability. These events were added to improve the precision of Office data in Windows Analytics.
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index ef7ec52739..ffa7858d15 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -42,7 +42,7 @@ Most diagnostic events contain a header of common data:
 
 | Category Name | Examples |
 | - | - |
-| Common Data | Information that is added to most diagnostic events, if relevant and available:
  • OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)
  • User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data
  • Xbox UserID
  • Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.
  • The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags
  • HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.
  • Various IDs that are used to correlate and sequence related events together.
  • Device ID. This is not the user provided device name, but an ID that is unique for that device.
  • Device class -- Desktop, Server, or Mobile
  • Event collection time
  • Diagnostic level --  Basic or Full, Sample level -- for sampled data, what sample level is this device opted into
 |
+| Common Data | Information that is added to most diagnostic events, if relevant and available:
  • OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)
  • User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data
  • Xbox UserID
  • Environment from which the event was logged - Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.
  • The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags
  • HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.
  • Various IDs that are used to correlate and sequence related events together.
  • Device ID. This ID is not the user provided device name, but an ID that is unique for that device.
  • Device class - Desktop, Server, or Mobile
  • Event collection time
  • Diagnostic level -  Basic or Full, Sample level - for sampled data, what sample level is this device opted into
 |
 
 ## ​Device, Connectivity, and Configuration data
 
@@ -50,38 +50,38 @@ This type of data includes details about the device, its configuration and conne
 
 | Category Name |  Examples |
 | - | - |
-| Device properties | Information about the OS and device hardware, such as:
  •  OS - version name, Edition
  • Installation type, subscription status, and genuine OS status
  • Processor architecture, speed, number of cores, manufacturer, and model
  • OEM details --manufacturer, model, and serial number
  • Device identifier and Xbox serial number
  • Firmware/BIOS -- type, manufacturer, model, and version
  • Memory -- total memory, video memory, speed, and how much memory is available after the device has reserved memory
  • Storage -- total capacity and disk type
  • Battery -- charge capacity and InstantOn support
  • Hardware chassis type, color, and form factor
  • Is this a virtual machine?
 |
-| Device capabilities | Information about the specific device capabilities such as:
  • Camera -- whether the device has a front facing, a rear facing camera, or both.
  • Touch screen -- does the device include a touch screen? If so, how many hardware touch points are supported?
  • Processor capabilities -- CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
  • Trusted Platform Module (TPM) – whether present and what version
  • Virtualization hardware -- whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware
  • Voice – whether voice interaction is supported and the number of active microphones
  • Number of displays, resolutions, DPI
  • Wireless capabilities
  • OEM or platform face detection
  • OEM or platform video stabilization and quality level set
  • Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability
 |
-| Device preferences and settings | Information about the device settings and user preferences such as:
  • User Settings – System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
  • User-provided device name
  • Whether device is domain-joined, or cloud-domain joined (i.e. part of a company-managed network)
  • Hashed representation of the domain name
  • MDM (mobile device management) enrollment settings and status
  • BitLocker, Secure Boot, encryption settings, and status
  • Windows Update settings and status
  • Developer Unlock settings and status
  • Default app choices
  • Default browser choice
  • Default language settings for app, input, keyboard, speech, and display
  • App store update settings
  • Enterprise OrganizationID, Commercial ID
 |
-| Device peripherals | Information about the device peripherals such as:
  • Peripheral name, device model, class, manufacturer and description
  • Peripheral device state, install state, and checksum
  • Driver name, package name, version, and manufacturer
  • HWID - A hardware vendor defined ID to match a device to a driver [INF file](https://msdn.microsoft.com/windows/hardware/drivers/install/hardware-ids)
  • Driver state, problem code, and checksum
  • Whether driver is kernel mode, signed, and image size
 |
-| Device network info | Information about the device network configuration such as:
  • Network system capabilities
  • Local or Internet connectivity status
  • Proxy, gateway, DHCP, DNS details and addresses
  • Paid or free network
  • Wireless driver is emulated or not
  • Access point mode capable
  • Access point manufacturer, model, and MAC address
  • WDI Version
  • Name of networking driver service
  • Wi-Fi Direct details
  • Wi-Fi device hardware ID and manufacturer
  • Wi-Fi scan attempt counts and item counts
  • Mac randomization is supported/enabled or not
  • Number of spatial streams and channel frequencies supported
  • Manual or Auto Connect enabled
  • Time and result of each connection attempt
  • Airplane mode status and attempts
  • Interface description provided by the manufacturer
  • Data transfer rates
  • Cipher algorithm
  • Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
  • Mobile operator and service provider name
  • Available SSIDs and BSSIDs
  • IP Address type -- IPv4 or IPv6
  • Signal Quality percentage and changes
  • Hotspot presence detection and success rate
  • TCP connection performance
  • Miracast device names
  • Hashed IP address

+| Device properties | Information about the OS and device hardware, such as:
  •  OS - version name, Edition
  • Installation type, subscription status, and genuine OS status
  • Processor architecture, speed, number of cores, manufacturer, and model
  • OEM details - manufacturer, model, and serial number
  • Device identifier and Xbox serial number
  • Firmware/BIOS - type, manufacturer, model, and version
  • Memory - total memory, video memory, speed, and how much memory is available after the device has reserved memory
  • Storage - total capacity and disk type
  • Battery - charge capacity and InstantOn support
  • Hardware chassis type, color, and form factor
  • Is this machine a virtual machine?
 |
+| Device capabilities | Information about the specific device capabilities such as:
  • Camera - whether the device has a front facing, a rear facing camera, or both.
  • Touch screen - does the device include a touch screen? If so, how many hardware touch points are supported?
  • Processor capabilities - CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
  • Trusted Platform Module (TPM) – whether present and what version
  • Virtualization hardware - whether an IOMMU is present, SLAT support, is virtualization enabled in the firmware
  • Voice – whether voice interaction is supported and the number of active microphones
  • Number of displays, resolutions, DPI
  • Wireless capabilities
  • OEM or platform face detection
  • OEM or platform video stabilization and quality level set
  • Advanced Camera Capture mode (HDR vs. LowLight), OEM vs. platform implementation, HDR probability, and Low Light probability
 |
+| Device preferences and settings | Information about the device settings and user preferences such as:
  • User Settings – System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
  • User-provided device name
  • Whether device is domain-joined, or cloud-domain joined (that is, part of a company-managed network)
  • Hashed representation of the domain name
  • MDM (mobile device management) enrollment settings and status
  • BitLocker, Secure Boot, encryption settings, and status
  • Windows Update settings and status
  • Developer Unlock settings and status
  • Default app choices
  • Default browser choice
  • Default language settings for app, input, keyboard, speech, and display
  • App store update settings
  • Enterprise OrganizationID, Commercial ID
 |
+| Device peripherals | Information about the device peripherals such as:
  • Peripheral name, device model, class, manufacturer, and description
  • Peripheral device state, install state, and checksum
  • Driver name, package name, version, and manufacturer
  • HWID - A hardware vendor defined ID to match a device to a driver [INF file](https://msdn.microsoft.com/windows/hardware/drivers/install/hardware-ids)
  • Driver state, problem code, and checksum
  • Whether driver is kernel mode, signed, and image size
 |
+| Device network info | Information about the device network configuration such as:
  • Network system capabilities
  • Local or Internet connectivity status
  • Proxy, gateway, DHCP, DNS details, and addresses
  • Paid or free network
  • Wireless driver is emulated or not
  • Access point mode capable
  • Access point manufacturer, model, and MAC address
  • WDI Version
  • Name of networking driver service
  • Wi-Fi Direct details
  • Wi-Fi device hardware ID and manufacturer
  • Wi-Fi scan attempt counts and item counts
  • Mac randomization is supported/enabled or not
  • Number of spatial streams and channel frequencies supported
  • Manual or Auto Connect enabled
  • Time and result of each connection attempt
  • Airplane mode status and attempts
  • Interface description provided by the manufacturer
  • Data transfer rates
  • Cipher algorithm
  • Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
  • Mobile operator and service provider name
  • Available SSIDs and BSSIDs
  • IP Address type - IPv4 or IPv6
  • Signal Quality percentage and changes
  • Hotspot presence detection and success rate
  • TCP connection performance
  • Miracast device names
  • Hashed IP address

 
 ## Product and Service Usage data
 
-This type of data includes details about the usage of the device, operating system, applications and services. 
+This type of data includes details about the usage of the device, operating system, applications, and services. 
 
 | Category Name | Examples |
 | - | - |
-| App usage | Information about Windows and application usage such as:
  • OS component and app feature usage
  • User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites.
  • Time of and count of app/component launches, duration of use, session GUID, and process ID
  • App time in various states – running foreground or background, sleeping, or receiving active user interaction
  • User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
  • Cortana launch entry point/reason
  • Notification delivery requests and status
  • Apps used to edit images and videos
  • SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
  • Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
  • Emergency alerts are received or displayed statistics
  • Content searches within an app
  • Reading activity -- bookmarking used, print used, layout changed
|
-| App or product state | Information about Windows and application state such as:
  • Start Menu and Taskbar pins
  • Online/Offline status
  • App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.
  • Personalization impressions delivered
  • Whether the user clicked or hovered on UI controls or hotspots
  • User feedback Like or Dislike or rating was provided
  • Caret location or position within documents and media files -- how much of a book has been read in a single session or how much of a song has been listened to.
|
+| App usage | Information about Windows and application usage such as:
  • OS component and app feature usage
  • User navigation and interaction with app and Windows features. This information could include user input, such as the name of a new alarm set, user menu choices, or user favorites.
  • Time of and count of app/component launches, duration of use, session GUID, and process ID
  • App time in various states – running foreground or background, sleeping, or receiving active user interaction
  • User interaction method and duration – whether and length of time user used the keyboard, mouse, pen, touch, speech, or game controller
  • Cortana launch entry point/reason
  • Notification delivery requests and status
  • Apps used to edit images and videos
  • SMS, MMS, VCard, and broadcast message usage statistics on primary or secondary line
  • Incoming and Outgoing calls and Voicemail usage statistics on primary or secondary line
  • Emergency alerts are received or displayed statistics
  • Content searches within an app
  • Reading activity - bookmarking used, print used, layout changed
|
+| App or product state | Information about Windows and application state such as:
  • Start Menu and Taskbar pins
  • Online/Offline status
  • App launch state –- with deep-link such as Groove launched with an audio track to play, or share contract such as MMS launched to share a picture.
  • Personalization impressions delivered
  • Whether the user clicked or hovered on UI controls or hotspots
  • User feedback Like or Dislike or rating was provided
  • Caret location or position within documents and media files - how much of a book has been read in a single session or how much of a song has been listened to.
|
 | Login properties | 
  • Login success or failure
  • Login sessions and state
|
 
 
 ## Product and Service Performance data
 
-This type of data includes details about the health of the device, operating system, apps and drivers.
+This type of data includes details about the health of the device, operating system, apps, and drivers.
 
 | Category Name | Description and Examples |
 | - | - |
-|Device health and crash data | Information about the device and software health such as:
  • Error codes and error messages, name and ID of the app, and process reporting the error
  • DLL library predicted to be the source of the error -- xyz.dll
  • System generated files -- app or product logs and trace files to help diagnose a crash or hang
  • System settings such as registry keys
  • User generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
  • Details and counts of abnormal shutdowns, hangs, and crashes
  • Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
  • Crash and Hang dumps
    • The recorded state of the working memory at the point of the crash.
    • Memory in use by the kernel at the point of the crash.
    • Memory in use by the application at the point of the crash.
    • All the physical memory used by Windows at the point of the crash.
    • Class and function name within the module that failed.
     |
-|Device performance and reliability data | Information about the device and software performance such as:
    • User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
    • Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
    • In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
    • User input responsiveness – onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
    • UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
    • Disk footprint -- Free disk space, out of memory conditions, and disk score.
    • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
    • Background task performance -- download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
    • Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times
    • Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
    • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions
    • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
    • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
    |
-|Movies|Information about movie consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
    • Video Width, height, color pallet, encoding (compression) type, and encryption type
    • Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth
    • URL for a specific two second chunk of content if there is an error
    • Full screen viewing mode details|
-|Music & TV|Information about music and TV consumption on the device. This isn't intended to capture user viewing, listening or habits.
      • Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service
      • Content type (video, audio, surround audio)
      • Local media library collection statistics -- number of purchased tracks, number of playlists
      • Region mismatch -- User OS Region, and Xbox Live region
      |
-|Reading|Information about reading consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.
      • App accessing content and status and options used to open a Microsoft Store book
      • Language of the book
      • Time spent reading content
      • Content type and size details
      |
-|Photos App|Information about photos usage on the device. This isn't intended to capture user viewing, listening or habits.
      • File source data -- local, SD card, network device, and OneDrive
      • Image & video resolution, video length, file sizes types and encoding
      • Collection view or full screen viewer use and duration of view
    |
-|On-device file query | Information about local search activity on the device such as: 
    • Kind of query issued and index type (ConstraintIndex, SystemIndex)
    • Number of items requested and retrieved
    • File extension of search result user interacted with
    • Launched item kind, file extension, index of origin, and the App ID of the opening app.
    • Name of process calling the indexer and time to service the query.
    • A hash of the search scope (file, Outlook, OneNote, IE history) 
    • The state of the indices (fully optimized, partially optimized, being built)
     |
-|Purchasing| Information about purchases made on the device such as:
    • Product ID, edition ID and product URI
    • Offer details -- price
    • Order requested date/time
    • Store client type -- web or native client
    • Purchase quantity and price
    • Payment type -- credit card type and PayPal
     |
-|Entitlements | Information about entitlements on the device such as:
    • Service subscription status and errors
    • DRM and license rights details -- Groove subscription or OS volume license
    • Entitlement ID, lease ID, and package ID of the install package
    • Entitlement revocation
    • License type (trial, offline vs online) and duration
    • License usage session
     |
+|Device health and crash data | Information about the device and software health such as:
    • Error codes and error messages, name and ID of the app, and process reporting the error
    • DLL library predicted to be the source of the error - xyz.dll
    • System-generated files - app or product logs and trace files to help diagnose a crash or hang
    • System settings such as registry keys
    • User-generated files – .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang
    • Details and counts of abnormal shutdowns, hangs, and crashes
    • Crash failure data – OS, OS component, driver, device, 1st and 3rd party app data
    • Crash and Hang dumps
      • The recorded state of the working memory at the point of the crash.
      • Memory in use by the kernel at the point of the crash.
      • Memory in use by the application at the point of the crash.
      • All the physical memory used by Windows at the point of the crash.
      • Class and function name within the module that failed.
       |
+|Device performance and reliability data | Information about the device and software performance such as:
      • User Interface interaction durations - Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.
      • Device on/off performance - Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).
      • In-app responsiveness - time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.
      • User input responsiveness – onscreen keyboard invocation times for different languages, time to show autocomplete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.
      • UI and media performance and glitches/smoothness - video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
      • Disk footprint - Free disk space, out of memory conditions, and disk score.
      • Excessive resource utilization – components impacting performance or battery life through high CPU usage during different screen and power states
      • Background task performance - download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
      • Peripheral and devices - USB device connection times, time to connect to a wireless display, printing times, network availability, and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP, and so on), smart card authentication times, automatic brightness environmental response times
      • Device setup - first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.
      • Power and Battery life – power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, autobrightness details, time device is plugged into AC vs. battery, battery state transitions
      • Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.
      • Diagnostic heartbeat – regular signal to validate the health of the diagnostics system
      |
+|Movies|Information about movie consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.
      • Video Width, height, color pallet, encoding (compression) type, and encryption type
      • Instructions for how to stream content for the user - the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth
      • URL for a specific two-second chunk of content if there is an error
      • Full screen viewing mode details|
+|Music & TV|Information about music and TV consumption on the device. This information isn't intended to capture user viewing, listening, or habits.
        • Service URL for song being downloaded from the music service – collected when an error occurs to facilitate restoration of service
        • Content type (video, audio, surround audio)
        • Local media library collection statistics - number of purchased tracks, number of playlists
        • Region mismatch - User OS Region, and Xbox Live region
        |
+|Reading|Information about reading consumption functionality on the device. This information isn't intended to capture user viewing, listening, or habits.
        • App accessing content and status and options used to open a Microsoft Store book
        • Language of the book
        • Time spent reading content
        • Content type and size details
        |
+|Photos App|Information about photos usage on the device. This information isn't intended to capture user viewing, listening, or habits.
        • File source data - local, SD card, network device, and OneDrive
        • Image & video resolution, video length, file sizes types and encoding
        • Collection view or full screen viewer use and duration of view
      |
+|On-device file query | Information about local search activity on the device such as: 
      • Type of query issued and index type (ConstraintIndex, SystemIndex)
      • Number of items requested and retrieved
      • File extension of search result user interacted with
      • Launched item kind, file extension, index of origin, and the App ID of the opening app.
      • Name of process calling the indexer and time to service the query.
      • A hash of the search scope (file, Outlook, OneNote, IE history) 
      • The state of the indices (fully optimized, partially optimized, being built)
       |
+|Purchasing| Information about purchases made on the device such as: 
      • Product ID, edition ID, and product URI
      • Offer details - price
      • Order requested date/time
      • Store client type - web or native client
      • Purchase quantity and price
      • Payment type - credit card type and PayPal
       |
+|Entitlements | Information about entitlements on the device such as:
      • Service subscription status and errors
      • DRM and license rights details - Groove subscription or OS volume license
      • Entitlement ID, lease ID, and package ID of the install package
      • Entitlement revocation
      • License type (trial, offline versus online) and duration
      • License usage session
       |
 
 ## Software Setup and Inventory data
 
@@ -90,7 +90,7 @@ This type of data includes software installation and update information on the d
 | Category Name | Data Examples |
 | - | - |
 | Installed Applications and Install History | Information about apps, drivers, update packages, or OS components installed on the device such as:
      • App, driver, update package, or component’s Name, ID, or Package Family Name
      • Product, SKU, availability, catalog, content, and Bundle IDs
      • OS component, app or driver publisher, language, version and type (Win32 or UWP)
      • Install date, method, and install directory, count of install attempts
      • MSI package code and product code
      • Original OS version at install time
      • User or administrator or mandatory installation/update
      • Installation type – clean install, repair, restore, OEM, retail, upgrade, and update
       |
-| Device update information | Information about Windows Update such as:
      • Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)
      • Number of applicable updates, importance, type
      • Update download size and source -- CDN or LAN peers
      • Delay upgrade status and configuration
      • OS uninstall and rollback status and count
      • Windows Update server and service URL
      • Windows Update machine ID
      • Windows Insider build details
      
+| Device update information | Information about Windows Update such as:
      • Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)
      • Number of applicable updates, importance, type
      • Update download size and source - CDN or LAN peers
      • Delay upgrade status and configuration
      • OS uninstall and rollback status and count
      • Windows Update server and service URL
      • Windows Update machine ID
      • Windows Insider build details
      
 
 ## Browsing History data
 
@@ -98,7 +98,7 @@ This type of data includes details about web browsing in the Microsoft browsers.
 
 | Category Name | Description and Examples |
 | - | - |
-| Microsoft browser data | Information about Address bar and search box performance on the device such as:
      • Text typed in address bar and search box
      • Text selected for Ask Cortana search
      • Service response time 
      • Auto-completed text if there was an auto-complete
      • Navigation suggestions provided based on local history and favorites
      • Browser ID
      • URLs (which may include search terms)
      • Page title
      |
+| Microsoft browser data | Information about Address bar and search box performance on the device such as:
      • Text typed in address bar and search box
      • Text selected for Ask Cortana search
      • Service response time 
      • Autocompleted text if there was an autocomplete
      • Navigation suggestions provided based on local history and favorites
      • Browser ID
      • URLs (which may include search terms)
      • Page title
      |
 
 
 ## Inking Typing and Speech Utterance data
@@ -107,4 +107,4 @@ This type of data gathers details about the voice, inking, and typing input feat
 
 | Category Name | Description and Examples |
 | - | - |
-| Voice, inking, and typing | Information about voice, inking and typing features such as:
      • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
      • Pen gestures (click, double click, pan, zoom, rotate)
      • Palm Touch x,y coordinates
      • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
      • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
      • Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
      • Text of speech recognition results -- result codes and recognized text
      • Language and model of the recognizer, System Speech language
      • App ID using speech features
      • Whether user is known to be a child
      • Confidence and Success/Failure of speech recognition
       |
+| Voice, inking, and typing | Information about voice, inking, and typing features such as:
      • Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used
      • Pen gestures (click, double-click, pan, zoom, rotate)
      • Palm Touch x,y coordinates
      • Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate
      • Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.
      • Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.
      • Text of speech recognition results - result codes and recognized text
      • Language and model of the recognizer, System Speech language
      • App ID using speech features
      • Whether user is known to be a child
      • Confidence and Success/Failure of speech recognition
       |
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index 150b4905bd..2fc94568eb 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -28,7 +28,7 @@ Applies to:
 
 Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 20H2 required diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
 
-In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
+In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology - Cloud computing - Cloud services and devices: Data flow, data categories, and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
 
 The data covered in this article is grouped into the following types:
 
@@ -52,21 +52,21 @@ Header data supports the use of data associated with all diagnostic events. Ther
 
 Information that is added to most diagnostic events, if relevant and available:
 
-- Diagnostic level -- Basic or Full, Sample level -- for sampled data, what sample level is this device opted into (8.2.3.2.4 Observed Usage of the Service Capability)
+- Diagnostic level - Basic or Full, Sample level - for sampled data, what sample level is this device opted into (8.2.3.2.4 Observed Usage of the Service Capability)
 - Operating system name, version, build, and locale (8.2.3.2.2 Telemetry data)
 - Event collection time (8.2.3.2.2 Telemetry data)
-- User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic - diagnostic data (8.2.5 Account data)
+- User ID - a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic - diagnostic data (8.2.5 Account data)
 - Xbox UserID (8.2.5 Account data)
-- Device ID -- This is not the user provided device name, but an ID that is unique for that device. (8.2.3.2.3 Connectivity data)
-- Device class -- Desktop, Server, or Mobile (8.2.3.2.3 Connectivity data)
-- Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time, such as the amount of time an app is running or between boots of the operating system (8.2.4 Cloud service provider data)
+- Device ID - This ID is not the user provided device name, but an ID that is unique for that device. (8.2.3.2.3 Connectivity data)
+- Device class - Desktop, Server, or Mobile (8.2.3.2.3 Connectivity data)
+- Environment from which the event was logged - Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time, such as the amount of time an app is running or between boots of the operating system (8.2.4 Cloud service provider data)
 - Diagnostic event name, Event ID, ETW opcode, version, schema signature, keywords, and flags (8.2.4 Cloud service provider data)
 - HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service (8.2.4 Cloud service provider data)
 - Various IDs that are used to correlate and sequence related events together (8.2.4 Cloud service provider data)
 
 
 ## Device, Connectivity, and Configuration data
-This type of data includes details about the device, its configuration and connectivity capabilities, and status. Device, Connectivity, and Configuration Data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.3 Connectivity data.
+This type of data includes details about the device, its configuration and connectivity capabilities, and status. Device, Connectivity, and Configuration data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.3 Connectivity data.
 
 ### Data Use for Device, Connectivity, and Configuration data 
 
@@ -88,41 +88,41 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 
 - Data about device properties and capabilities is used to provide tips about how to use or configure the device to get the best performance and user experience.
 
-- Data about device capabilities, such as whether the device is pen-enabled, is used to recommend (Microsoft and third-party) apps that are appropriate for the device. These may be free or paid apps.  
+- Data about device capabilities, such as whether the device is pen-enabled, is used to recommend (Microsoft and third-party) apps that are appropriate for the device. These apps might be free or paid.  
   
 ### Data Description for Device, Connectivity, and Configuration data type
 
-**Device properties sub-type:** Information about the operating system and device hardware
+**Device properties subtype:** Information about the operating system and device hardware
 
 - Operating system - version name, edition
 - Installation type, subscription status, and genuine operating system status
 - Processor architecture, speed, number of cores, manufacturer, and model
-- OEM details --manufacturer, model, and serial number
+- OEM details - manufacturer, model, and serial number
 - Device identifier and Xbox serial number
-- Firmware/BIOS operating system -- type, manufacturer, model, and version
-- Memory -- total memory, video memory, speed, and how much memory is available after the device has reserved memory
-- Storage -- total capacity and disk type
-- Battery -- charge capacity and InstantOn support
+- Firmware/BIOS operating system - type, manufacturer, model, and version
+- Memory - total memory, video memory, speed, and how much memory is available after the device has reserved memory
+- Storage - total capacity and disk type
+- Battery - charge capacity and InstantOn support
 - Hardware chassis type, color, and form factor
-- Is this a virtual machine?
+- Is this machine a virtual machine?
 
-**Device capabilities sub-type:** Information about the capabilities of the device
+**Device capabilities subtype:** Information about the capabilities of the device
 
-- Camera -- whether the device has a front facing camera, a rear facing camera, or both.
-- Touch screen -- Whether the device has a touch screen? If yes, how many hardware touch points are supported?
-- Processor capabilities -- CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
-- Trusted Platform Module (TPM) -- whether a TPM exists and if yes, what version
-- Virtualization hardware -- whether an IOMMU exists, whether it includes SLAT support, and whether virtualization is enabled in the firmware
-- Voice -- whether voice interaction is supported and the number of active microphones
+- Camera - whether the device has a front facing camera, a rear facing camera, or both.
+- Touch screen - Does the device have a touch screen? If yes, how many hardware touch points are supported?
+- Processor capabilities - CompareExchange128, LahfSahf, NX, PrefetchW, and SSE2
+- Trusted Platform Module (TPM) - whether a TPM exists and if yes, what version
+- Virtualization hardware - whether an IOMMU exists, whether it includes SLAT support, and whether virtualization is enabled in the firmware
+- Voice - whether voice interaction is supported and the number of active microphones
 - Number of displays, resolutions, and DPI
 - Wireless capabilities
 - OEM or platform face detection
 - OEM or platform video stabilization and quality-level set
 - Advanced Camera Capture mode (HDR versus Low Light), OEM versus platform implementation, HDR probability, and Low Light probability
 
-**Device preferences and settings sub-type:** Information about the device settings and user preferences
+**Device preferences and settings subtype:** Information about the device settings and user preferences
 
-- User Settings -- System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
+- User Settings - System, Device, Network & Internet, Personalization, Cortana, Apps, Accounts, Time & Language, Gaming, Ease of Access, Privacy, Update & Security
 - User-provided device name
 - Whether device is domain-joined, or cloud-domain joined (for example, part of a company-managed network)
 - Hashed representation of the domain name
@@ -136,7 +136,7 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 - App store update settings
 - Enterprise OrganizationID, Commercial ID
 
-**Device peripherals sub-type:** Information about the peripherals of the device
+**Device peripherals subtype:** Information about the peripherals of the device
 
 - Peripheral name, device model, class, manufacturer, and description
 - Peripheral device state, install state, and checksum
@@ -145,7 +145,7 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 - Driver state, problem code, and checksum
 - Whether driver is kernel mode, signed, and image size
 
-**Device network info sub-type:** Information about the device network configuration
+**Device network info subtype:** Information about the device network configuration
 
 - Network system capabilities
 - Local or Internet connectivity status
@@ -170,7 +170,7 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 - Mobile Equipment ID (IMEI) and Mobile Country Code (MCCO)
 - Mobile operator and service provider name
 - Available SSIDs and BSSIDs
-- IP Address type -- IPv4 or IPv6
+- IP Address type - IPv4 or IPv6
 - Signal Quality percentage and changes
 - Hotspot presence detection and success rate
 - TCP connection performance
@@ -178,7 +178,7 @@ If a user has enabled Tailored experiences on the device, [Pseudonymized](#pseud
 - Hashed IP address
 
 ## Product and Service Usage data
-This type of data includes details about the usage of the device, operating system, applications and services. Product and Service Usage data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.4 Observed Usage of the Service Capability.
+This type of data includes details about the usage of the device, operating system, applications, and services. Product and Service Usage data is equivalent to ISO/IEC 19944:2017, 8.2.3.2.4 Observed Usage of the Service Capability.
 
 ### Data Use for Product and Service Usage data
 
@@ -195,16 +195,16 @@ This type of data includes details about the usage of the device, operating syst
 **With (optional) Tailored experiences:**
      
 If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Product and Service Usage data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
 
-- If data shows that a user has not used a particular feature of Windows, we may recommend that the user try that feature.
-- Data about which apps are most-used on a device is used to provide recommendations for similar or complementary (Microsoft or third-party) apps. These may be free or paid apps.
+- If data shows that a user has not used a particular feature of Windows, we might recommend that the user try that feature.
+- Data about which apps are most-used on a device is used to provide recommendations for similar or complementary (Microsoft or third-party) apps. These apps might be free or paid.
 
 
 ### Data Description for Product and Service Usage data type
 
-**App usage sub-type:** Information about Windows and application usage
+**App usage subtype:** Information about Windows and application usage
 
 - Operating system component and app feature usage
-- User navigation and interaction with app and Windows features. This could potentially include user input, such as name of a new alarm set, user menu choices, or user favorites
+- User navigation and interaction with app and Windows features. This information could include user input, such as the name of a new alarm set, user menu choices, or user favorites
 - Time of and count of app and component launches, duration of use, session GUID, and process ID
 - App time in various states –- running in the foreground or background, sleeping, or receiving active user interaction
 - User interaction method and duration –- whether the user used a keyboard, mouse, pen, touch, speech, or game controller, and for how long
@@ -215,9 +215,9 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Incoming and outgoing calls and voicemail usage statistics on primary or secondary lines
 - Emergency alerts are received or displayed statistics
 - Content searches within an app
-- Reading activity -- bookmarked, printed, or had the layout changed
+- Reading activity - bookmarked, printed, or had the layout changed
 
-**App or product state sub-type:** Information about Windows and application state
+**App or product state subtype:** Information about Windows and application state
 
 - Start Menu and Taskbar pins
 - Online and offline status
@@ -225,18 +225,18 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Personalization impressions delivered
 - Whether the user clicked on, or hovered over, UI controls or hotspots
 - User provided feedback, such as Like, Dislike or a rating
-- Caret location or position within documents and media files -- how much has been read in a book in a single session, or how much of a song has been listened to.
+- Caret location or position within documents and media files - how much has been read in a book in a single session, or how much of a song has been listened to.
 
-**Purchasing sub-type:** Information about purchases made on the device
+**Purchasing subtype:** Information about purchases made on the device
 
-- Product ID, edition ID and product URI
-- Offer details -- price
+- Product ID, edition ID, and product URI
+- Offer details - price
 - Date and time an order was requested
-- Microsoft Store client type -- web or native client
+- Microsoft Store client type - web or native client
 - Purchase quantity and price
-- Payment type -- credit card type and PayPal
+- Payment type - credit card type and PayPal
 
-**Login properties sub-type:** Information about logins on the device
+**Login properties subtype:** Information about logins on the device
 
 - Login success or failure
 - Login sessions and state
@@ -259,21 +259,21 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 
 - Data about battery performance on a device may be used to recommend settings changes that can improve battery performance.
 - If data shows a device is running low on file storage, we may recommend Windows-compatible cloud storage solutions to free up space.
-- If data shows the device is experiencing performance issues, we may provide recommendations for Windows apps that can help diagnose or resolve these issues. These may be free or paid apps.
+- If data shows the device is experiencing performance issues, we may provide recommendations for Windows apps that can help diagnose or resolve these issues. These apps might be free or paid.
 
 **Microsoft doesn't use crash and hang dump data to [personalize](#personalize), [recommend](#recommend), [offer](#offer), or [promote](#promote) any product or service.**
 
 ### Data Description for Product and Service Performance data type
 
-**Device health and crash data sub-type:** Information about the device and software health
+**Device health and crash data subtype:** Information about the device and software health
 
 - Error codes and error messages, name and ID of the app, and process reporting the error
-- DLL library predicted to be the source of the error -- for example, xyz.dll
-- System generated files -- app or product logs and trace files to help diagnose a crash or hang
+- DLL library predicted to be the source of the error - for example, xyz.dll
+- System-generated files - app or product logs and trace files to help diagnose a crash or hang
 - System settings, such as registry keys
-- User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
+- User-generated files - files that are indicated as a potential cause for a crash or hang. For example, .doc, .ppt, .csv files
 - Details and counts of abnormal shutdowns, hangs, and crashes
-- Crash failure data -- operating system, operating system component, driver, device, and 1st and 3rd-party app data
+- Crash failure data - operating system, operating system component, driver, device, and first-party and third-party app data
 - Crash and hang dumps, including:
     - The recorded state of the working memory at the point of the crash
     - Memory in-use by the kernel at the point of the crash.
@@ -281,43 +281,43 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
     - All the physical memory used by Windows at the point of the crash
     - Class and function name within the module that failed.
 
-**Device performance and reliability data sub-type:** Information about the device and software performance
+**Device performance and reliability data subtype:** Information about the device and software performance
 
-- User interface interaction durations -- Start menu display times, browser tab switch times, app launch and switch times, and Cortana and Search performance and reliability
-- Device on and off performance -- Device boot, shutdown, power on and off, lock and unlock times, and user authentication times (fingerprint and face recognition durations)
-- In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction
-- User input responsiveness -- onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score
-- UI and media performance and glitches versus smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
-- Disk footprint -- Free disk space, out of memory conditions, and disk score
-- Excessive resource utilization -- components impacting performance or battery life through high CPU usage during different screen and power states
-- Background task performance -- download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
-- Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness, and environmental response times
-- Device setup -- first setup experience times (time to install updates, install apps, connect to network, and so on), time to recognize connected devices (printer and monitor), and time to set up a Microsoft Account
-- Power and Battery life -- power draw by component (Process/CPU/GPU/Display), hours of time the screen is off, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use while the screen is off, auto-brightness details, time device is plugged into AC versus battery, and battery state transitions
-- Service responsiveness -- Service URI, operation, latency, service success and error codes, and protocol
-- Diagnostic heartbeat -- regular signal used to validate the health of the diagnostics system
+- User interface interaction durations - Start menu display times, browser tab switch times, app launch and switch times, and Cortana and Search performance and reliability
+- Device on and off performance - Device boot, shutdown, power on and off, lock and unlock times, and user authentication times (fingerprint and face recognition durations)
+- In-app responsiveness - time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction
+- User input responsiveness - onscreen keyboard invocation times for different languages, time to show autocomplete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score
+- UI and media performance and glitches versus smoothness - video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance
+- Disk footprint - Free disk space, out of memory conditions, and disk score
+- Excessive resource utilization - components impacting performance or battery life through high CPU usage during different screen and power states
+- Background task performance - download times, Windows Update scan duration, Microsoft Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results
+- Peripheral and devices - USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness, and environmental response times
+- Device setup - first setup experience times (time to install updates, install apps, connect to network, and so on), time to recognize connected devices (printer and monitor), and time to set up a Microsoft Account
+- Power and Battery life - power draw by component (Process/CPU/GPU/Display), hours of time the screen is off, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use while the screen is off, autobrightness details, time device is plugged into AC versus battery, and battery state transitions
+- Service responsiveness - Service URI, operation, latency, service success and error codes, and protocol
+- Diagnostic heartbeat - regular signal used to validate the health of the diagnostics system
 
-**Movies sub-type:** Information about movie consumption functionality on the device
+**Movies subtype:** Information about movie consumption functionality on the device
 
 > [!NOTE]
 > This isn't intended to capture user viewing, listening, or habits.
  
 - Video Width, height, color palette, encoding (compression) type, and encryption type
-- Instructions about how to stream content for the user -- the smooth streaming manifest of content file chunks that must be pieced together to stream the content based on screen resolution and bandwidth
+- Instructions about how to stream content for the user - the smooth streaming manifest of content file chunks that must be pieced together to stream the content based on screen resolution and bandwidth
 - URL for a specific two-second chunk of content if there is an error
 - Full-screen viewing mode details
 
-**Music & TV sub-type:** Information about music and TV consumption on the device
+**Music & TV subtype:** Information about music and TV consumption on the device
 
 > [!NOTE]
 > This isn't intended to capture user viewing, listening, or habits.
 
-- Service URL for song being downloaded from the music service -- collected when an error occurs to facilitate restoration of service
+- Service URL for song being downloaded from the music service - collected when an error occurs to facilitate restoration of service
 - Content type (video, audio, or surround audio)
-- Local media library collection statistics -- number of purchased tracks and number of playlists
-- Region mismatch -- User's operating system region and Xbox Live region
+- Local media library collection statistics - number of purchased tracks and number of playlists
+- Region mismatch - User's operating system region and Xbox Live region
 
-**Reading sub-type:** Information about reading consumption functionality on the device
+**Reading subtype:** Information about reading consumption functionality on the device
 
 > [!NOTE]
 > This isn't intended to capture user viewing, listening, or habits.
@@ -327,42 +327,42 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Time spent reading content
 - Content type and size details
 
-**Photos app sub-type:** Information about photos usage on the device
+**Photos app subtype:** Information about photos usage on the device
 
 > [!NOTE]
 > This isn't intended to capture user viewing, listening, or habits.
 
-- File source data -- local, SD card, network device, and OneDrive
+- File source data - local, SD card, network device, and OneDrive
 - Image and video resolution, video length, file sizes types, and encoding
 - Collection view or full screen viewer use and duration of view
 
-**On-device file query sub-type:** Information about local search activity on the device
+**On-device file query subtype:** Information about local search activity on the device
 
-- Kind of query issued and index type (ConstraintIndex or SystemIndex)
+- Type of query issued and index type (ConstraintIndex or SystemIndex)
 - Number of items requested and retrieved
 - File extension of search result with which the user interacted
 - Launched item type, file extension, index of origin, and the App ID of the opening app
 - Name of process calling the indexer and the amount of time to service the query
 - A hash of the search scope (file, Outlook, OneNote, or IE history). The state of the indices (fully optimized, partially optimized, or being built)
 
-**Entitlements sub-type:** Information about entitlements on the device
+**Entitlements subtype:** Information about entitlements on the device
 
 - Service subscription status and errors
-- DRM and license rights details -- Groove subscription or operating system volume license
+- DRM and license rights details - Groove subscription or operating system volume license
 - Entitlement ID, lease ID, and package ID of the install package
 - Entitlement revocation
 - License type (trial, offline versus online) and duration
 - License usage session
 
 ## Software Setup and Inventory data
-This type of data includes software installation and update information on the device. Software Setup and Inventory Data is a sub-type of ISO/IEC 19944:2017 8.2.3.2.4 Observed Usage of the Service Capability.
+This type of data includes software installation and update information on the device. Software Setup and Inventory Data is a subtype of ISO/IEC 19944:2017 8.2.3.2.4 Observed Usage of the Service Capability.
 
 ### Data Use for Software Setup and Inventory data
 
 **For Diagnostics:**
      
 [Pseudonymized](#pseudo) Software Setup and Inventory data from Windows 10 is used by Microsoft to [provide](#provide) and [improve](#improve) Windows 10 and related Microsoft product and services. For example:
 
-- Data about the specific drivers that are installed on a device is used to understand whether there are any hardware or driver compatibility issues which should block or delay a Windows update.
+- Data about the specific drivers that are installed on a device is used to understand whether there are any hardware or driver compatibility issues that should block or delay a Windows update.
 - Data about when a download starts and finishes on a device is used to understand and address download problems.
 - Data about the specific Microsoft Store apps that are installed on a device is used to determine which app updates to provide to the device.
 - Data about the antimalware installed on a device is used to understand malware transmissions vectors.
@@ -374,7 +374,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 
 ### Data Description for Software Setup and Inventory data type
 
-**Installed applications and install history sub-type:** Information about apps, drivers, update packages, or operating system components installed on the device
+**Installed applications and install history subtype:** Information about apps, drivers, update packages, or operating system components installed on the device
 
 - App, driver, update package, or component’s Name, ID, or Package Family Name
 - Product, SKU, availability, catalog, content, and Bundle IDs
@@ -383,13 +383,13 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - MSI package and product code
 - Original operating system version at install time
 - User, administrator, or mandatory installation or update
-- Installation type -- clean install, repair, restore, OEM, retail, upgrade, or update
+- Installation type - clean install, repair, restore, OEM, retail, upgrade, or update
 
-**Device update information sub-type:** Information about apps, drivers, update packages, or operating system components installed on the device
+**Device update information subtype:** Information about apps, drivers, update packages, or operating system components installed on the device
 
 - Update Readiness analysis of device hardware, operating system components, apps, and drivers (progress, status, and results)
 - Number of applicable updates, importance, and type
-- Update download size and source -- CDN or LAN peers
+- Update download size and source - CDN or LAN peers
 - Delay upgrade status and configuration
 - Operating system uninstall and rollback status and count
 - Windows Update server and service URL
@@ -397,7 +397,7 @@ If a user has enabled Tailored experiences on the device, [pseudonymized](#pseud
 - Windows Insider build details
 
 ## Browsing History data
-This type of data includes details about web browsing in the Microsoft browsers. Browsing History data is equivalent to ISO/IEC 19944:2017 8.2.3.2.8 Client side browsing history.
+This type of data includes details about web browsing in the Microsoft browsers. Browsing History data is equivalent to ISO/IEC 19944:2017 8.2.3.2.8 Client-side browsing history.
 
 ### Data Use for Browsing History data
 
@@ -413,23 +413,23 @@ This type of data includes details about web browsing in the Microsoft browsers.
 **With (optional) Tailored experiences:**
       
 If a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [personalize](#personalize), [recommend](#recommend), and [offer](#offer) Microsoft products and services to Windows 10 users. Also, if a user has enabled Tailored experiences on the device, [pseudonymized](#pseudo) Browsing History data from Windows 10 is used by Microsoft to [promote](#promote) third-party Windows apps, services, hardware, and peripherals to Windows 10 users. For example:
 
-- We may recommend that a user download a compatible app from the Microsoft Store if they have browsed to the related website. For example, if a user uses the Facebook website, we may recommend the Facebook app.
+- We might recommend that a user download a compatible app from the Microsoft Store if they have browsed to the related website. For example, if a user uses the Facebook website, we may recommend the Facebook app.
 
 ### Data Description for Browsing History data type
 
-**Microsoft browser data sub-type:** Information about **Address** bar and **Search** box performance on the device
+**Microsoft browser data subtype:** Information about **Address** bar and **Search** box performance on the device
 
 - Text typed in **Address** bar and **Search** box
 - Text selected for an Ask Cortana search
 - Service response time
-- Auto-completed text, if there was an auto-complete
+- Autocompleted text, if there was an autocomplete
 - Navigation suggestions provided based on local history and favorites
 - Browser ID
 - URLs (may include search terms)
 - Page title
 
 ## Inking Typing and Speech Utterance data
-This type of data gathers details about the voice, inking, and typing input features on the device. Inking, Typing and Speech Utterance data is a sub-type of ISO/IEC 19944:2017 8.2.3.2.1 End User Identifiable information.
+This type of data gathers details about the voice, inking, and typing input features on the device. Inking, Typing, and Speech Utterance data is a subtype of ISO/IEC 19944:2017 8.2.3.2.1 End User Identifiable information.
 
 ### Data Use for Inking, Typing, and Speech Utterance data
 
@@ -438,7 +438,7 @@ This type of data gathers details about the voice, inking, and typing input feat
 
 - Data about words marked as spelling mistakes and replaced with another word from the context menu is used to improve the spelling feature.
 - Data about alternate words shown and selected by the user after right-clicking is used to improve the word recommendation feature.
-- Data about auto-corrected words that were restored back to the original word by the user is used to improve the auto-correct feature.
+- Data about autocorrected words that were restored back to the original word by the user is used to improve the autocorrect feature.
 - Data about whether Narrator detected and recognized a touch gesture is used to improve touch gesture recognition.
 - Data about handwriting samples sent from the Handwriting Panel is used to help Microsoft improve handwriting recognition. 
 
@@ -448,15 +448,15 @@ This type of data gathers details about the voice, inking, and typing input feat
 
 ### Data Description for Inking, Typing, and Speech Utterance data type
 
-**Voice, inking, and typing sub-type:** Information about voice, inking and typing features
+**Voice, inking, and typing subtype:** Information about voice, inking, and typing features
 
 - Type of pen used (highlighter, ball point, or pencil), pen color, stroke height and width, and how long it is used
 - Pen gestures (click, double click, pan, zoom, or rotate)
 - Palm Touch x,y coordinates
 - Input latency, missed pen signals, number of frames, strokes, first frame commit time, and sample rate
-- Ink strokes written, text before and after the ink insertion point, recognized text entered, input language -- processed to remove identifiers, sequencing information, and other data (such as email addresses and - numeric values), which could be used to reconstruct the original content or associate the input to the user
-- Text input from Windows 10 Mobile on-screen keyboards, except from password fields and private sessions -- processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values), which could be used to reconstruct the original content or associate the input to the user
-- Text of speech recognition results -- result codes and recognized text
+- Ink strokes written, text before and after the ink insertion point, recognized text entered, input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and - numeric values), which could be used to reconstruct the original content or associate the input to the user
+- Text input from Windows 10 Mobile on-screen keyboards, except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values), which could be used to reconstruct the original content or associate the input to the user
+- Text of speech recognition results - result codes and recognized text
 - Language and model of the recognizer and the System Speech language
 - App ID using speech features
 - Whether user is known to be a child
@@ -496,9 +496,9 @@ Use of the specified data categories give recommendations about Microsoft produc
 
 ISO/IEC 19944:2017 Reference: **9.3.5 Offer upgrades or upsell**
 
-Implies the source of the data is Microsoft products and services, and the upgrades offered come from Microsoft products and services that are relevant to the context of the current capability. The target audience for the offer is Microsoft customers.
+Implies that the source of the data is Microsoft products and services, and the upgrades offered come from Microsoft products and services that are relevant to the context of the current capability. The target audience for the offer is Microsoft customers.
 
-Specifically, use of the specified data categories to make an offer or upsell new capability or capacity of a Microsoft product or service which is (i) contextually relevant to the product or service in which it appears; (ii) likely to result in additional future revenue for Microsoft from end user; and (iii) Microsoft receives no consideration for placement.
+Specifically, use of the specified data categories to make an offer or upsell new capability or capacity of a Microsoft product or service that is (i) contextually relevant to the product or service in which it appears; (ii) likely to result in additional future revenue for Microsoft from end user; and (iii) Microsoft receives no consideration for placement.
 
 ### Promote
 
@@ -508,7 +508,7 @@ Use of the specified data categories to promote a product or service in or on a
 
 ### Data identification qualifiers
 
-Here are the list of data identification qualifiers and the ISO/IEC 19944:2017 reference:
+Here are the data identification qualifiers and the ISO/IEC 19944:2017 reference:
 
 - **Pseudonymized Data** 8.3.3 Pseudonymized data. Microsoft usage notes are as defined.
 - **Anonymized Data** 8.3.5 Anonymized data. Microsoft usage notes are as defined.

From f99b15f246ac4a630f8a11e4f88f0aaa33e5b378 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 10:02:04 -0700
Subject: [PATCH 54/92] acrolinx fixes

---
 .../smart-card-debugging-information.md       | 26 +++++++++----------
 .../bitlocker/bitlocker-and-adds-faq.md       |  6 ++---
 .../security/information-protection/index.md  |  2 +-
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 4bf706bbbc..f5268739ca 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -109,7 +109,7 @@ To stop a trace:
 
 -   **logman -stop scardsvr -ets**
 
-## Kerberos protocol, KDC and NTLM debugging and tracing
+## Kerberos protocol, KDC, and NTLM debugging and tracing
 
 
 
@@ -123,7 +123,7 @@ To begin tracing, you can use Tracelog. Different components use different contr
 
 ### NTLM
 
-To enable tracing for NTLM authentication, run the following at the command line:
+To enable tracing for NTLM authentication, run the following command on the command line:
 
  - **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
 
@@ -143,11 +143,11 @@ To stop tracing for Kerberos authentication, run this command:
 
 ### KDC
 
-To enable tracing for the Key Distribution Center (KDC), run the following at the command line:
+To enable tracing for the Key Distribution Center (KDC), run the following command on the command line:
 
  - **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
 
-To stop tracing for the KDC, run the following at the command line:
+To stop tracing for the KDC, run the following command on the command line:
 
  - **tracelog.exe -stop kdc**
 
@@ -184,11 +184,11 @@ The smart card resource manager service runs in the context of a local service.
 
 **To check if Smart Card service is running**
 
-1.  Press CTRL+ALT+DEL, and then click **Start Task Manager**.
+1.  Press CTRL+ALT+DEL, and then select **Start Task Manager**.
 
-2.  In the **Windows Task Manager** dialog box, click the **Services** tab.
+2.  In the **Windows Task Manager** dialog box, select the **Services** tab.
 
-3.  Click the **Name** column to sort the list alphabetically, and then type **s**.
+3.  Select the **Name** column to sort the list alphabetically, and then type **s**.
 
 4.  In the **Name** column, look for **SCardSvr**, and then look under the **Status** column to see if the service is running or stopped.
 
@@ -196,7 +196,7 @@ The smart card resource manager service runs in the context of a local service.
 
 1.  Run as administrator at the command prompt.
 
-2.  If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
+2.  If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
 
 3.  At the command prompt, type **net stop SCardSvr**.
 
@@ -204,7 +204,7 @@ The smart card resource manager service runs in the context of a local service.
 
 You can use the following command at the command prompt to check whether the service is running: **sc queryex scardsvr**.
 
-This is an example output from this command:
+The following code sample is an example output from this command:
 
 ```console
 SERVICE_NAME: scardsvr
@@ -228,14 +228,14 @@ As with any device connected to a computer, Device Manager can be used to view p
 
 1.  Navigate to **Computer**.
 
-2.  Right-click **Computer**, and then click **Properties**.
+2.  Right-click **Computer**, and then select **Properties**.
 
-3.  Under **Tasks**, click **Device Manager**.
+3.  Under **Tasks**, select **Device Manager**.
 
-4.  In Device Manager, expand **Smart card readers**, select the name of the smart card reader you want to check, and then click **Properties**.
+4.  In Device Manager, expand **Smart card readers**, select the name of the smart card reader you want to check, and then select **Properties**.
 
 > [!NOTE]
-> If the smart card reader is not listed in Device Manager, in the **Action** menu, click **Scan for hardware changes**.
+> If the smart card reader is not listed in Device Manager, in the **Action** menu, select **Scan for hardware changes**.
 
 ## CryptoAPI 2.0 Diagnostics
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index d6bad09f03..8547453291 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -29,12 +29,12 @@ ms.custom: bitlocker
 Stored information | Description
 -------------------|------------
 Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
-BitLocker recovery password | The recovery password allows you to unlock and access the drive in the event of a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
+BitLocker recovery password | The recovery password allows you to unlock and access the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
 BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, Repair-bde. 
 
 ## What if BitLocker is enabled on a computer before the computer has joined the domain?
 
-If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered** and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require that the computer be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
+If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
 
 For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
 
@@ -65,7 +65,7 @@ No. By design, BitLocker recovery password entries do not get deleted from AD D
 
 If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS.
 
-When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, **Choose how BitLocker-protected removable data drives can be recovered** policy settings, this prevents users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
+When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
 
 For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
 
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
index 84ea720232..e72f8d6c68 100644
--- a/windows/security/information-protection/index.md
+++ b/windows/security/information-protection/index.md
@@ -1,6 +1,6 @@
 ---
 title: Information protection (Windows 10)
-description: Learn more about how to protect sesnsitive data across your ogranization.
+description: Learn more about how to protect sensitive data across your organization.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library

From 19190dd4fc39628031914ab57074dc19da016e30 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 10:13:38 -0800
Subject: [PATCH 55/92] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                        | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 867107aeaa..f8cddf41a6 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -75,7 +75,7 @@ This feature is currently experimental only and is not functional without an add
 
 ### What is the WDAGUtilityAccount local account? 
 
-This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.
+This account is part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware.
 
 ### How do I trust a subdomain in my site list?                          
 
@@ -91,17 +91,17 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca
 
 ### Why does my encryption driver break Microsoft Defender Application Guard?
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").  
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message ("0x80070013 ERROR_WRITE_PROTECT").  
 
 ### Why do the Network Isolation policies in Group Policy and CSP look different?
 
-There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
+There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP.
 
-Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
-Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
+Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources"
+Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
@@ -119,8 +119,8 @@ For guidance on how to create a firewall rule by using group policy, see:
 - [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security)
 
 First rule (DHCP Server):
-1. Program path: %SystemRoot%\System32\svchost.exe
-2. Local Service: Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))
+1. Program path: `%SystemRoot%\System32\svchost.exe`
+2. Local Service: `Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))`
 3. Protocol UDP
 4. Port 67
 
@@ -158,4 +158,4 @@ System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
 3. Disabling IPNAT (Optional)
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
-4. Reboot.
\ No newline at end of file
+4. Reboot.

From fed0a03f2d1544ad90dd311fcb3ff064332201e6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Tue, 3 Nov 2020 10:16:18 -0800
Subject: [PATCH 56/92] Update fips-140-validation.md

Common Criteria should be singular
---
 windows/security/threat-protection/fips-140-validation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 9b911ac29f..867aadf0d5 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -72,7 +72,7 @@ This caveat identifies required configuration and security rules that must be fo
 
 ### What is the relationship between FIPS 140-2 and Common Criteria?
 
-These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
+These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
 
 ### How does FIPS 140 relate to Suite B?
 

From bd8796bcf91e7e437733047cf1dd27cb8d136832 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 10:51:28 -0800
Subject: [PATCH 57/92] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 867107aeaa..a5bb42b0b3 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 10/29/2020
+ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -22,8 +22,8 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 
 ## Frequently Asked Questions
 
-### Can I enable Application Guard on machines equipped with 4 GB RAM?
-We recommend 8 GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
+### Can I enable Application Guard on machines equipped with 4-GB RAM?
+We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
 
@@ -101,7 +101,7 @@ Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudRes
 Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
@@ -139,23 +139,26 @@ In the Microsoft Defender Firewall user interface go through the following steps
 
 ### Why can I not launch Application Guard when Exploit Guard is enabled?
 
-There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to Windows Security-> App and Browser control -> Exploit Protection Setting -> switch CFG to the “use default".
+There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**.
 
 
 ### How can I have ICS in enabled state yet still use Application Guard?
 
-This is a two-step process.
+ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly.
 
-Step 1:
+Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
 
-Enable Internet Connection sharing by changing the Group Policy setting *Prohibit use of Internet Connection Sharing on your DNS domain network*, which is part of the MS Security baseline from Enabled to Disabled.
- 
-Step 2:
- 
-1. Disable IpNat.sys from ICS load
-System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
-2. Configure ICS (SharedAccess) to enabled
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
-3. Disabling IPNAT (Optional)
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
-4. Reboot.
\ No newline at end of file
+The following procedure describes how to edit registry keys to disable ICS in part.
+
+1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
+
+2. Disable IpNat.sys from ICS load as follows: 
       
+`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
+
+3. Configure ICS (SharedAccess) to enabled as follows: 
      
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3`
+
+4. (This is optional) Disable IPNAT as follows: 
      
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`
+
+5. Reboot the device.
\ No newline at end of file

From 49cedcb9e1a9516377ec7dcf6ef9736d15e50f75 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 10:57:38 -0800
Subject: [PATCH 58/92] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index a5bb42b0b3..e00216ebde 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -23,7 +23,7 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 ## Frequently Asked Questions
 
 ### Can I enable Application Guard on machines equipped with 4-GB RAM?
-We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
+We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
 
@@ -33,7 +33,7 @@ We recommend 8-GB RAM for optimal performance but you may use the following regi
 
 ### Can employees download documents from the Application Guard Edge session onto host devices? 
 
-In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
+In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
 
 In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
 
@@ -71,7 +71,7 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903
 
 ### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? 
 
-This feature is currently experimental only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
+This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
 
 ### What is the WDAGUtilityAccount local account? 
 
@@ -79,11 +79,11 @@ This account is part of Application Guard beginning with Windows 10 version 1709
 
 ### How do I trust a subdomain in my site list?                          
 
-To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` will ensure `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted.
+To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted.
 
 ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? 
 
-When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). 
+When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). 
 
 ### Is there a size limit to the domain lists that I need to configure?
 
@@ -91,27 +91,27 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca
 
 ### Why does my encryption driver break Microsoft Defender Application Guard?
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").  
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`).  
 
 ### Why do the Network Isolation policies in Group Policy and CSP look different?
 
-There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
+There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP.
 
-Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
-Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
+Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources"
+Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
 If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. 
 
-### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")?
+### Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"?
 
-Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
+Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
 
-### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file?
+### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file?
 
 This is a known issue. To mitigate this you need to create two firewall rules.
 For guidance on how to create a firewall rule by using group policy, see:
@@ -129,7 +129,7 @@ This is the same as the first rule, but scoped to local port 68.
 In the Microsoft Defender Firewall user interface go through the following steps:
 1. Right click on inbound rules, create a new rule.
 2. Choose **custom rule**.
-3. Program path: **%SystemRoot%\System32\svchost.exe**.
+3. Program path: `%SystemRoot%\System32\svchost.exe`.
 4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
 5. Any IP addresses.
 6. Allow the connection.

From 3429cf988998da9debaccd929b255d33ef92d65f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 11:51:38 -0800
Subject: [PATCH 59/92] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 0beba73e43..248f41713e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 11/20/2020
+ms.date: 11/02/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines

From 6b549cc1ba65fa003572c57cb087a9bab0367268 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Tue, 3 Nov 2020 13:01:03 -0800
Subject: [PATCH 60/92] fix scores

---
 .../enable-siem-integration.md                | 13 +++++++---
 .../exposed-apis-create-app-nativeapp.md      | 26 +++++++++----------
 .../supported-response-apis.md                | 22 ++++++++--------
 3 files changed, 34 insertions(+), 27 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
index c53ee2581c..0bdc19aaac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
@@ -28,7 +28,7 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) 
 
-Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API.
+Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center. Pull detections using your SIEM solution or by connecting directly to the detections REST API.
 
 >[!NOTE]
 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
@@ -36,7 +36,14 @@ Enable security information and event management (SIEM) integration so you can p
 >- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Prerequisites
-- The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is someone with the following roles: Security Administrator and either Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+
+- The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is someone with the following roles: 
+
+  - Security Administrator and either Global Administrator
+  - Cloud Application Administrator
+  - Application Administrator
+  - Owner of the service principal
+
 - During the initial activation, a pop-up screen is displayed for credentials to be entered. Make sure that you allow pop-ups for this site.
 
 ## Enabling SIEM integration 
@@ -47,7 +54,7 @@ Enable security information and event management (SIEM) integration so you can p
     >[!TIP]
     >If you encounter an error when trying to enable the SIEM connector application, check the pop-up blocker settings of your browser. It might be blocking the new window being opened when you enable the capability. 
 
-2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
+2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under your Azure Active Directory (Azure AD) tenant.
 
     > [!WARNING]
     >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
      
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index 20194e3e9e..c93c7f464b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -56,7 +56,7 @@ This page explains how to create an AAD application, get an access token to Micr
 
    ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app2.png)
 
-3. In the registration from, enter the following information then click **Register**.
+3. In the registration from, enter the following information then select **Register**.
 
    ![Image of Create application window](images/nativeapp-create2.png)
 
@@ -65,45 +65,45 @@ This page explains how to create an AAD application, get an access token to Micr
 
 4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission:
 
-    - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
+    - On your application page, select **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and select on **WindowsDefenderATP**.
 
     - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
 
       ![Image of API access and API selection](images/add-permission.png)
 
-    - Choose **Delegated permissions** > **Alert.Read** > Click on **Add permissions**
+    - Choose **Delegated permissions** > **Alert.Read** > select **Add permissions**
 
       ![Image of API access and API selection](images/application-permissions-public-client.png)
 
-    - **Important note**: You need to select the relevant permissions. 'Read alerts' is only an example!
+    - **Important note**: Select the relevant permissions. Read alerts is only an example.
 
       For instance,
 
       - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
       - To [isolate a device](isolate-machine.md), select 'Isolate machine' permission
-      - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
+      - To determine which permission you need, view the **Permissions** section in the API you are interested to call.
 
-    - Click **Grant consent**
+    - Select **Grant consent**
 
-      **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect.
+      **Note**: Every time you add permission you must select on **Grant consent** for the new permission to take effect.
 
       ![Image of Grant permissions](images/grant-consent.png)
 
 6. Write down your application ID and your tenant ID:
 
-   - On your application page, go to **Overview** and copy the following:
+   - On your application page, go to **Overview** and copy the following information:
 
    ![Image of created app id](images/app-and-tenant-ids.png)
 
 
 ## Get an access token
 
-For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
+For more information on AAD token, see [Azure AD tutorial](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
 
 ### Using C#
 
 - Copy/Paste the below class in your application.
-- Use **AcquireUserTokenAsync** method with the your application ID, tenant ID, user name and password to acquire a token.
+- Use **AcquireUserTokenAsync** method with your application ID, tenant ID, user name, and password to acquire a token.
 
     ```csharp
     namespace WindowsDefenderATP
@@ -145,10 +145,10 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
 
 ## Validate the token
 
-Sanity check to make sure you got a correct token:
+Verify to make sure you got a correct token:
 - Copy/paste into [JWT](https://jwt.ms) the token you got in the previous step in order to decode it
 - Validate you get a 'scp' claim with the desired app permissions
-- In the screen shot below you can see a decoded token acquired from the app in the tutorial:
+- In the screenshot below you can see a decoded token acquired from the app in the tutorial:
 
 ![Image of token validation](images/nativeapp-decoded-token.png)
 
@@ -156,7 +156,7 @@ Sanity check to make sure you got a correct token:
 
 - Choose the API you want to use - [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 - Set the Authorization header in the HTTP request you send to "Bearer {token}" (Bearer is the Authorization scheme)
-- The Expiration time of the token is 1 hour (you can send more then one request with the same token)
+- The Expiration time of the token is 1 hour (you can send more than one request with the same token)
 
 - Example of sending a request to get a list of alerts **using C#** 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
index 4158bfea2b..0ad991db3c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
@@ -1,6 +1,6 @@
 ---
 title: Supported Microsoft Defender Advanced Threat Protection response APIs  
-description: Learn about the specific response related Microsoft Defender Advanced Threat Protection API calls. 
+description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls. 
 keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -28,24 +28,24 @@ ms.topic: conceptual
 > [!TIP]
 > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) 
 
-Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls.
+Learn about the supported response-related API calls you can run and details such as the required request headers, and expected response from the calls.
 
 ## In this section
 Topic | Description
 :---|:---
-Collect investigation package | Run this to collect an investigation package from a device.
-Isolate device | Run this to isolate a device from the network.
+Collect investigation package | Run this API to collect an investigation package from a device.
+Isolate device | Run this API to isolate a device from the network.
 Unisolate device | Remove a device from isolation. 
-Restrict code execution | Run this to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
+Restrict code execution | Run this API to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
 Unrestrict code execution | Run this to reverse the restriction of applications policy after you have verified that the compromised device has been remediated.
 Run antivirus scan | Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device.
 Stop and quarantine file |  Run this call to stop running processes, quarantine  files, and delete persistency such as registry keys.
 Request sample | Run this call to request a sample of a file from a specific device. The file will be collected from the device and uploaded to a secure storage.
-Block file | Run this to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
+Block file | Run this API to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
 Unblock file | Allow a file run in the organization using Microsoft Defender Antivirus.
-Get package SAS URI | Run this to get a URI that allows downloading an investigation package.
-Get MachineAction object | Run this to get MachineAction object.
+Get package SAS URI | Run this API to get a URI that allows downloading an investigation package.
+Get MachineAction object | Run this API to get MachineAction object.
 Get MachineActions collection | Run this to get MachineAction collection.
-Get FileActions collection | Run this to get FileActions collection.
-Get FileMachineAction object | Run this to get FileMachineAction object.
-Get FileMachineActions collection | Run this to get FileMachineAction collection.
+Get FileActions collection | Run this API to get FileActions collection.
+Get FileMachineAction object | Run this API to get FileMachineAction object.
+Get FileMachineActions collection | Run this API to get FileMachineAction collection.

From 7e6cdd3461fa045a0cf14ce82ca7f7a18739a61b Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 13:16:26 -0800
Subject: [PATCH 61/92] incorporating feedback

---
 windows/deployment/update/fod-and-lang-packs.md               | 4 ++--
 windows/deployment/update/how-windows-update-works.md         | 4 ++--
 windows/deployment/update/update-compliance-need-attention.md | 2 +-
 windows/deployment/update/update-compliance-using.md          | 2 +-
 windows/deployment/update/waas-manage-updates-wufb.md         | 2 +-
 windows/deployment/update/waas-wu-settings.md                 | 2 +-
 windows/deployment/update/wufb-onboard.md                     | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index efa2cd5d97..98579c7905 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,6 +1,6 @@
 ---
-title: Make FoD and language packs available for WSUS/SCCM (Windows 10)
-description: Learn how to make FoD and language packs available when you're using WSUS/SCCM.
+title: Make FoD and language packs available for WSUS/Configuration Manager
+description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: article
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 63cc030b2b..6bab8477a5 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,6 +1,6 @@
 ---
 title: How Windows Update works 
-description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 PC.
+description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 devices.
 ms.prod: w10
 ms.mktglfcycl: 
 audience: itpro
@@ -128,7 +128,7 @@ Common update failure is caused due to network issues. To find the root of the i
 
 Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.  
 
-To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption. 
+To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization technology which downloads updates and reduces bandwidth consumption. 
  
 For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). 
 
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 3032c95790..6a441b08d7 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -1,7 +1,7 @@
 ---
 title: Update Compliance - Need Attention! report
 manager: laurawi
-description: Learn how the Needs attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
+description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
 ms.mktglfcycl: deploy
 ms.pagetype: deploy
 audience: itpro
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 6b40327ebe..92ae610fc5 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -2,7 +2,7 @@
 title: Using Update Compliance (Windows 10)
 ms.reviewer: 
 manager: laurawi
-description: Learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status.
+description: Learn how to use Update Compliance to monitor your device's Windows updates.
 keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index dbca8afcc2..d1f41bc2bd 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -2,7 +2,7 @@
 title: Windows Update for Business (Windows 10)
 ms.reviewer: 
 manager: laurawi
-description: Learn how Windows Update for Business lets you manage when devices received updates from Windows Update.
+description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 480b47ae26..9e013f0b94 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,6 +1,6 @@
 ---
 title: Manage additional Windows Update settings (Windows 10)
-description: In this article, learn about additional settings to control the behavior of Windows Update (WU) in Windows 10.
+description: In this article, learn about additional settings to control the behavior of Windows Update in Windows 10.
 ms.prod: w10
 ms.mktglfcycl: deploy
 audience: itpro
diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md
index de44721666..78f9b0cf84 100644
--- a/windows/deployment/update/wufb-onboard.md
+++ b/windows/deployment/update/wufb-onboard.md
@@ -1,6 +1,6 @@
 ---
 title: Onboarding to Windows Update for Business (Windows 10)
-description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service.
+description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro

From e9929d6d8a6b551969d865b2a0d1408e4c08891d Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 14:44:36 -0800
Subject: [PATCH 62/92] fixing warnings

---
 ...-windows-pe-using-configuration-manager.md | 10 +-
 ...e-boot-image-with-configuration-manager.md |  8 +-
 ...f-windows-10-with-configuration-manager.md |  2 +-
 ...-windows-10-using-configuration-manager.md | 24 ++---
 ...-windows-10-using-configuration-manager.md | 20 ++--
 ...to-windows-10-with-configuraton-manager.md | 14 +--
 .../olympia/olympia-enrollment-guidelines.md  |  6 +-
 windows/deployment/update/waas-morenews.md    |  1 +
 windows/deployment/update/waas-wufb-intune.md | 10 +-
 .../deployment/update/windows-update-logs.md  |  2 +-
 .../update/wufb-compliancedeadlines.md        |  8 +-
 windows/deployment/upgrade/setupdiag.md       |  2 +-
 .../windows-10-poc-sc-config-mgr.md           |  1 -
 .../windows-10-subscription-activation.md     |  8 +-
 .../demonstrate-deployment-on-vm.md           | 94 +++++++++----------
 15 files changed, 105 insertions(+), 105 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 4bb5ffd7a4..85dcbc3828 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -52,10 +52,10 @@ On **CM01**:
 6. In the popup window that appears, click **Yes** to automatically update the distribution point.
 7. Click **Next**, wait for the image to be updated, and then click **Close**.
 
-  ![Add drivers to Windows PE](../images/fig21-add-drivers1.png "Add drivers to Windows PE")
      
-  ![Add drivers to Windows PE](../images/fig21-add-drivers2.png "Add drivers to Windows PE")
      
-  ![Add drivers to Windows PE](../images/fig21-add-drivers3.png "Add drivers to Windows PE")
      
-  ![Add drivers to Windows PE](../images/fig21-add-drivers4.png "Add drivers to Windows PE")
+  ![Add drivers to Windows PE step 1](../images/fig21-add-drivers1.png)
      
+  ![Add drivers to Windows PE step 2](../images/fig21-add-drivers2.png)
      
+  ![Add drivers to Windows PE step 3](../images/fig21-add-drivers3.png)
      
+  ![Add drivers to Windows PE step 4](../images/fig21-add-drivers4.png)
 
   Add drivers to Windows PE
 
@@ -65,7 +65,7 @@ This section illustrates how to add drivers for Windows 10 using the HP EliteBoo
 
 For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
 
-![Drivers](../images/cm01-drivers-windows.png)
+![Drivers in Windows](../images/cm01-drivers-windows.png)
 
 Driver folder structure on CM01
 
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 06e69f257c..e4d235f852 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -72,8 +72,8 @@ On **CM01**:
 8.  In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
 9.  Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
 
-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus1.png "Content status for the Zero Touch WinPE x64 boot image")
      
-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus2.png "Content status for the Zero Touch WinPE x64 boot image")
+    ![Content status for the Zero Touch WinPE x64 boot image step 1](../images/fig16-contentstatus1.png)
      
+    ![Content status for the Zero Touch WinPE x64 boot image step 2](../images/fig16-contentstatus2.png)
 
     Content status for the Zero Touch WinPE x64 boot image
 
@@ -82,8 +82,8 @@ On **CM01**:
 12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
 13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
 
-    ![PS100009-1](../images/ps100009-1.png)
      
-    ![PS100009-2](../images/ps100009-2.png)
+    ![PS100009 step 1](../images/ps100009-1.png)
      
+    ![PS100009 step 2](../images/ps100009-2.png)
 
 >Note: Depending on your infrastructure and the number of packages and boot images present, the Image ID might be a different number than PS100009.
 
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 1df9f6bd3b..7c0441e0ca 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -261,7 +261,7 @@ On **CM01**:
     * Require a password when computers use PXE
     * Password and Confirm password: pass@word1
 
-    ![figure 12](../images/mdt-06-fig13.png)
+    ![figure 13](../images/mdt-06-fig13.png)
 
     Configure the CM01 distribution point for PXE.
 
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 56872d3cfc..7ff3078c04 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -58,9 +58,9 @@ On **PC0003**:
 
 1. Open the Configuration Manager control panel (control smscfgrc).
 2. On the **Site** tab, click **Configure Settings**, then click **Find Site**.
-3. Verify that Configuration Manager has successfullyl found a site to manage this client is displayed. See the following example.
+3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
 
-![pc0003a](../images/pc0003a.png)
+![Found a site to manage this client](../images/pc0003a.png)
 
 ## Create a device collection and add the PC0003 computer
 
@@ -124,16 +124,16 @@ On **PC0003**:
 2.  In the **Software Center** warning dialog box, click **Install Operating System**. 
 3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
 
-![pc0003b](../images/pc0003b.png)
      
-![pc0003c](../images/pc0003c.png)
      
-![pc0003d](../images/pc0003d.png)
      
-![pc0003e](../images/pc0003e.png)
      
-![pc0003f](../images/pc0003f.png)
      
-![pc0003g](../images/pc0003g.png)
      
-![pc0003h](../images/pc0003h.png)
      
-![pc0003i](../images/pc0003i.png)
      
-![pc0003j](../images/pc0003j.png)
      
-![pc0003k](../images/pc0003k.png)
+![Task sequence example 1](../images/pc0003b.png)
      
+![Task sequence example 2](../images/pc0003c.png)
      
+![Task sequence example 3](../images/pc0003d.png)
      
+![Task sequence example 4](../images/pc0003e.png)
      
+![Task sequence example 5](../images/pc0003f.png)
      
+![Task sequence example 6](../images/pc0003g.png)
      
+![Task sequence example 7](../images/pc0003h.png)
      
+![Task sequence example 8](../images/pc0003i.png)
      
+![Task sequence example 9](../images/pc0003j.png)
      
+![Task sequence example 10](../images/pc0003k.png)
 
 Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 629ea3ed27..4c98f861cf 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -160,7 +160,7 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
 
-![pc0004b](../images/pc0004b.png)
+![Task sequence example](../images/pc0004b.png)
 
 Capturing the user state
 
@@ -191,15 +191,15 @@ On **PC0006**:
 
 When the process is complete, you will have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
 
-![pc0006a](../images/pc0006a.png)
      
-![pc0006b](../images/pc0006b.png)
      
-![pc0006c](../images/pc0006c.png)
      
-![pc0006d](../images/pc0006d.png)
      
-![pc0006e](../images/pc0006e.png)
      
-![pc0006f](../images/pc0006f.png)
      
-![pc0006g](../images/pc0006g.png)
      
-![pc0006h](../images/pc0006h.png)
      
-![pc0006i](../images/pc0006i.png)
+![User data and setting restored example 1](../images/pc0006a.png)
      
+![User data and setting restored example 2](../images/pc0006b.png)
      
+![User data and setting restored example 3](../images/pc0006c.png)
      
+![User data and setting restored example 4](../images/pc0006d.png)
      
+![User data and setting restored example 5](../images/pc0006e.png)
      
+![User data and setting restored example 6](../images/pc0006f.png)
      
+![User data and setting restored example 7](../images/pc0006g.png)
      
+![User data and setting restored example 8](../images/pc0006h.png)
      
+![User data and setting restored example 9](../images/pc0006i.png)
 
 Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuraton-manager.md).
 
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index e4b97b8f74..46a0b5ee09 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -127,13 +127,13 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
 
-![pc0004-a](../images/pc0004-a.png)
      
-![pc0004-b](../images/pc0004-b.png)
      
-![pc0004-c](../images/pc0004-c.png)
      
-![pc0004-d](../images/pc0004-d.png)
      
-![pc0004-e](../images/pc0004-e.png)
      
-![pc0004-f](../images/pc0004-f.png)
      
-![pc0004-g](../images/pc0004-g.png)
+![Upgrade task sequence example 1](../images/pc0004-a.png)
      
+![Upgrade task sequence example 2](../images/pc0004-b.png)
      
+![Upgrade task sequence example 3](../images/pc0004-c.png)
      
+![Upgrade task sequence example 4](../images/pc0004-d.png)
      
+![Upgrade task sequence example 5](../images/pc0004-e.png)
      
+![Upgrade task sequence example 6](../images/pc0004-f.png)
      
+![Upgrade task sequence example 7](../images/pc0004-g.png)
 
 In-place upgrade with Configuration Manager
 
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index f551888da3..6c713170eb 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -61,7 +61,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
 
 3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
 
-    ![Set up a work or school account](images/1-3.png)
+    ![Entering account information when setting up a work or school account](images/1-3.png)
 
 4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
 
@@ -100,7 +100,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
     
 3. Click **Connect**, then click **Join this device to Azure Active Directory**.
 
-    ![Update your password](images/2-3.png)
+    ![Joining device to Azure AD]](images/2-3.png)
 
 4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
 
@@ -111,7 +111,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
     > [!NOTE]
     > Passwords should contain 8-16 characters, including at least one special character or number.
 
-    ![Update your password](images/2-5.png)
+    ![Entering temporary password](images/2-5.png)
 
 6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
 
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
index 9d9557d033..0617e20b00 100644
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@@ -1,5 +1,6 @@
 ---
 title: Windows as a service news & resources
+description: The latest news for Windows as a service with resources to help you learn more about them.
 ms.prod: w10
 ms.topic: article
 ms.manager: elizapo
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 20a9228f72..9c3f0668a1 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -69,7 +69,7 @@ In this example, you use two security groups to manage your updates: **Ring 4 Br
     >[!NOTE]
     >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
 
-    ![Settings for this policy](images/waas-wufb-intune-step7a.png)
+    ![Settings for the RequireDeferUpgrade policy](images/waas-wufb-intune-step7a.png)
     
 8. For this deployment ring, you're required to enable only CBB, so click **Save Policy**.
 
@@ -156,7 +156,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
     >[!NOTE]
     >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
 
-    ![Settings for this policy](images/waas-wufb-intune-cb2a.png)
+    ![Settings for the BranchReadinessLevel policy](images/waas-wufb-intune-cb2a.png)
     
 8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 
@@ -164,7 +164,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **28**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-step11a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-step11a.png)
 
 9. Click **Save Policy**.
 
@@ -205,7 +205,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
 
 11. In the **Value** box, type **0**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-cbb1a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb1a.png)
 
 12. Click **Save Policy**.
 
@@ -255,7 +255,7 @@ You have now configured the **Ring 4 Broad business users** deployment ring to r
 
 15. In the **Value** box, type **14**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-cbb2a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb2a.png)
 
 16. Click **Save Policy**.
 
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 93506e6f52..1e40aac62e 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -29,7 +29,7 @@ The following table describes the log files created by Windows Update.
 |CBS.log|%systemroot%\Logs\CBS|This logs provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to WU installation.|
 
 ## Generating WindowsUpdate.log 
-To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps). 
+To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru). 
 
 >[!NOTE]
 >When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again. 
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 4e63af071d..1fb426d25f 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -152,17 +152,17 @@ Before the deadline the device will be in two states: auto-restart period and en
 
 Notification users get for quality update engaged deadline:
 
-![The notification users get for an impending engaged quality update deadline](images/wufb-quality-engaged-notification.png)
+![The notification users get for an impending engaged quality update deadline example](images/wufb-quality-engaged-notification.png)
 
 Notification users get for a quality update deadline:
 
-![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png)
+![The notification users get for an impending quality update deadline example](images/wufb-quality-notification.png)
 
 Notification users get for a feature update engaged deadline:
 
-![The notification users get for an impending feature update engaged deadline](images/wufb-feature-update-engaged-notification.png)
+![The notification users get for an impending feature update engaged deadline example](images/wufb-feature-update-engaged-notification.png)
 
 Notification users get for a feature update deadline:
 
-![The notification users get for an impending feature update deadline](images/wufb-feature-update-deadline-notification.png)
+![The notification users get for an impending feature update deadline example](images/wufb-feature-update-deadline-notification.png)
 
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index ad4a46aa9f..6abb0eac36 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -553,7 +553,7 @@ Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" f
 
 ## Sample registry key
 
-![Addreg](./../images/addreg.png)
+![Example of Addreg](./../images/addreg.png)
 
 ## Related topics
 
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index d7e9e4e416..87baccf225 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,7 +1,6 @@
 ---
 title: Steps to deploy Windows 10 with Microsoft Endpoint Configuration Manager
 description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft endpoint configuration manager.
-ms.custom: seo-marvel-apr2020
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 6f452601fe..fb1755d660 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -40,7 +40,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
 
-## In this article
+## Summary
 
 - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
 - [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
@@ -105,9 +105,9 @@ If the device is running Windows 10, version 1809 or later:
 1. Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
 2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
 
-![Subscription Activation with MFA1](images/sa-mfa1.png)
      
-![Subscription Activation with MFA2](images/sa-mfa2.png)
      
-![Subscription Activation with MFA2](images/sa-mfa3.png)
+![Subscription Activation with MFA example 1](images/sa-mfa1.png)
      
+![Subscription Activation with MFA example 2](images/sa-mfa2.png)
      
+![Subscription Activation with MFA example 3](images/sa-mfa3.png)
 
 ### Windows 10 Education requirements
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 04ff7554b3..8df89cd9b9 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -220,12 +220,12 @@ PS C:\autopilot>
 
 Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples:
 
-   ![Windows setup](images/winsetup1.png)
-   ![Windows setup](images/winsetup2.png)
-   ![Windows setup](images/winsetup3.png)
-   ![Windows setup](images/winsetup4.png)
-   ![Windows setup](images/winsetup5.png)
-   ![Windows setup](images/winsetup6.png)
+   ![Windows setup example 1](images/winsetup1.png)
+   ![Windows setup example 2](images/winsetup2.png)
+   ![Windows setup example 3](images/winsetup3.png)
+   ![Windows setup example 4](images/winsetup4.png)
+   ![Windows setup example 5](images/winsetup5.png)
+   ![Windows setup example 6](images/winsetup6.png)
 
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
 
@@ -337,7 +337,7 @@ If the configuration blade shown above does not appear, it's likely that you don
 
 To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
-![Reset this PC final prompt](images/aad-lic1.png)
+![License conversion option](images/aad-lic1.png)
 
 ## Configure company branding
 
@@ -411,7 +411,7 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
 
 Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
 
-![Devices](images/msfb-device.png)
+![Microsoft Store for Business Devices](images/msfb-device.png)
 
 ## Create and assign a Windows Autopilot deployment profile
 
@@ -427,7 +427,7 @@ Pick one:
 > [!NOTE]
 > Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list first:
 
-![Devices](images/intune-devices.png)
+![Intune Devices](images/intune-devices.png)
 
 > The example above lists both a physical device and a VM. Your list should only include only one of these.
 
@@ -519,15 +519,15 @@ To CREATE the profile:
 
 Select your device from the **Devices** list:
 
-![MSfB create](images/msfb-create1.png)
+![MSfB create step 1](images/msfb-create1.png)
 
 On the Autopilot deployment dropdown menu, select **Create new profile**:
 
-![MSfB create](images/msfb-create2.png)
+![MSfB create step 2](images/msfb-create2.png)
 
 Name the profile, choose your desired settings, and then click **Create**:
 
-![MSfB create](images/msfb-create3.png)
+![MSfB create step 3](images/msfb-create3.png)
 
 The new profile is added to the Autopilot deployment list.
 
@@ -535,11 +535,11 @@ To ASSIGN the profile:
 
 To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown:
 
-![MSfB assign](images/msfb-assign1.png)
+![MSfB assign step 1](images/msfb-assign1.png)
 
 Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column:
 
-![MSfB assign](images/msfb-assign2.png)
+![MSfB assign step 2](images/msfb-assign2.png)
 
 > [!IMPORTANT]
 > The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
@@ -577,15 +577,15 @@ To use the device (or VM) for other purposes after completion of this lab, you w
 
 You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into your Intune Azure portal, then navigate to **Intune > Devices > All Devices**.  Select the checkbox next to the device you want to delete, then click the Delete button along the top menu.
 
-![Delete device](images/delete-device1.png)
+![Delete device step 1](images/delete-device1.png)
 
 Click **X** when challenged to complete the operation:
 
-![Delete device](images/delete-device2.png)
+![Delete device step 2](images/delete-device2.png)
 
 This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
-![Delete device](images/delete-device3.png)
+![Delete device step 3](images/delete-device3.png)
 
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
 
@@ -594,21 +594,21 @@ The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment
 
 To remove the device from the Autopilot program, select the device and click Delete.
 
-![Delete device](images/delete-device4.png)
+![Delete device step 4](images/delete-device4.png)
 
 A warning message appears reminding you to first remove the device from Intune, which we previously did.
 
-![Delete device](images/delete-device5.png)
+![Delete device step 5](images/delete-device5.png)
 
 At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
 
-![Delete device](images/delete-device6.png)
+![Delete device step 6](images/delete-device6.png)
 
 Once the device no longer appears, you are free to reuse it for other purposes.
 
 If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button:
 
-![Delete device](images/delete-device7.png)
+![Delete device step 7](images/delete-device7.png)
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -668,7 +668,7 @@ Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-ms
 
 Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
 
-![Add app](images/app01.png)
+![Add app example](images/app01.png)
 
 After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps.
 
@@ -678,19 +678,19 @@ Log into the Azure portal and select **Intune**.
 
 Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
-![Add app](images/app02.png)
+![Add app step 1](images/app02.png)
 
 Under **App Type**, select **Windows app (Win32)**:
 
-![Add app](images/app03.png)
+![Add app step 2](images/app03.png)
 
 On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**:
 
-![Add app](images/app04.png)
+![Add app step 3](images/app04.png)
 
 On the **App Information Configure** blade, provide a friendly name, description, and publisher, such as:
 
-![Add app](images/app05.png)
+![Add app step 4](images/app05.png)
 
 On the **Program Configuration** blade, supply the install and uninstall commands:
 
@@ -700,7 +700,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 > [!NOTE]
 > Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
 
-![Add app](images/app06.png)
+![Add app step 5](images/app06.png)
 
 Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
@@ -708,21 +708,21 @@ Click **OK** to save your input and activate the **Requirements** blade.
 
 On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**:
 
-![Add app](images/app07.png)
+![Add app step 6](images/app07.png)
 
 Next, configure the **Detection rules**.  For our purposes, we will select manual format:
 
-![Add app](images/app08.png)
+![Add app step 7](images/app08.png)
 
 Click **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
 
-![Add app](images/app09.png)
+![Add app step 8](images/app09.png)
 
 Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
 
 **Return codes**:  For our purposes, leave the return codes at their default values:
 
-![Add app](images/app10.png)
+![Add app step 9](images/app10.png)
 
 Click **OK** to exit.
 
@@ -732,11 +732,11 @@ Click the **Add** button to finalize and save your app package.
 
 Once the indicator message says the addition has completed.
 
-![Add app](images/app11.png)
+![Add app step 10](images/app11.png)
 
 You will be able to find your app in your app list:
 
-![Add app](images/app12.png)
+![Add app step 11](images/app12.png)
 
 #### Assign the app to your Intune profile
 
@@ -745,7 +745,7 @@ You will be able to find your app in your app list:
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
-![Add app](images/app13.png)
+![Assign app step 1](images/app13.png)
 
 Select **Add Group** to open the **Add group** pane that is related to the app.
 
@@ -755,9 +755,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
 
 Select **Included Groups** and assign the groups you previously created that will use this app:
 
-![Add app](images/app14.png)
+![Assign app step 2](images/app14.png)
 
-![Add app](images/app15.png)
+![Assign app step 3](images/app15.png)
 
 In the **Select groups** pane, click the **Select** button.
 
@@ -767,7 +767,7 @@ In the **Add group** pane, select **OK**.
 
 In the app **Assignments** pane, select **Save**.
 
-![Add app](images/app16.png)
+![Assign app step 4](images/app16.png)
 
 At this point, you have completed steps to add a Win32 app to Intune.
 
@@ -781,15 +781,15 @@ Log into the Azure portal and select **Intune**.
 
 Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
-![Add app](images/app17.png)
+![Create app step 1](images/app17.png)
 
 Under **App Type**, select **Office 365 Suite > Windows 10**:
 
-![Add app](images/app18.png)
+![Create app step 2](images/app18.png)
 
 Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this labe we have only selected Excel:
 
-![Add app](images/app19.png)
+![Create app step 3](images/app19.png)
 
 Click **OK**.
 
@@ -797,13 +797,13 @@ In the **App Suite Information** pane, enter a unique suite name, and a s
 
 > Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
 
-![Add app](images/app20.png)
+![Create app step 4](images/app20.png)
 
 Click **OK**.
 
 In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
 
-![Add app](images/app21.png)
+![Create app step 5](images/app21.png)
 
 Click **OK** and then click **Add**.
 
@@ -814,7 +814,7 @@ Click **OK** and then click **Add**.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
-![Add app](images/app22.png)
+![Create app step 6](images/app22.png)
 
 Select **Add Group** to open the **Add group** pane that is related to the app.
 
@@ -824,9 +824,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
 
 Select **Included Groups** and assign the groups you previously created that will use this app:
 
-![Add app](images/app23.png)
+![Create app step 7](images/app23.png)
 
-![Add app](images/app24.png)
+![Create app step 8](images/app24.png)
 
 In the **Select groups** pane, click the **Select** button.
 
@@ -836,7 +836,7 @@ In the **Add group** pane, select **OK**.
 
 In the app **Assignments** pane, select **Save**.
 
-![Add app](images/app25.png)
+![Create app step 9](images/app25.png)
 
 At this point, you have completed steps to add Office to Intune.
 
@@ -844,7 +844,7 @@ For more information on adding Office apps to Intune, see [Assign Office 365 app
 
 If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate:
 
-![Add app](images/app26.png)
+![Create app step 10](images/app26.png)
 
 ## Glossary
 

From c838c702ae460d32086df0309807ef6741a3a36e Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 14:56:03 -0800
Subject: [PATCH 63/92] fixing warnings some more

---
 ...installation-of-windows-10-with-configuration-manager.md | 4 ++--
 windows/deployment/update/waas-wufb-intune.md               | 4 ++--
 .../windows-autopilot/demonstrate-deployment-on-vm.md       | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 7c0441e0ca..4dd8344c5b 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -241,7 +241,7 @@ On **CM01**:
 2.  Right-click **PS1 - Primary Site 1**, point to **Configure Site Components**, and then select **Software Distribution**.
 3.  On the **Network Access Account** tab, select **Specify the account that accesses network locations** and add the *New Account* **CONTOSO\\CM\_NAA** as the Network Access account (password: pass@word1). Use the new **Verify** option to verify that the account can connect to the **\\\\DC01\\sysvol** network share.
 
-![figure 12](../images/mdt-06-fig12.png)
+![figure 11](../images/mdt-06-fig12.png)
 
 Test the connection for the Network Access account.
 
@@ -261,7 +261,7 @@ On **CM01**:
     * Require a password when computers use PXE
     * Password and Confirm password: pass@word1
 
-    ![figure 13](../images/mdt-06-fig13.png)
+    ![figure 12](../images/mdt-06-fig13.png)
 
     Configure the CM01 distribution point for PXE.
 
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 9c3f0668a1..412541f1fd 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -164,7 +164,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **28**, and then click **OK**.
 
-    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-step11a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy step 11](images/waas-wufb-intune-step11a.png)
 
 9. Click **Save Policy**.
 
@@ -205,7 +205,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
 
 11. In the **Value** box, type **0**, and then click **OK**.
 
-    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb1a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy for broad business](images/waas-wufb-intune-cbb1a.png)
 
 12. Click **Save Policy**.
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 8df89cd9b9..6b57a9ab0d 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -229,11 +229,11 @@ Ensure the VM booted from the installation ISO, click **Next** then click **Inst
 
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
 
-   ![Windows setup](images/winsetup7.png)
+   ![Windows setup example 7](images/winsetup7.png)
 
 Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again.
 
-   ![Windows setup](images/winsetup8.png)
+   ![Windows setup example 8](images/winsetup8.png)
 
 To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
 
@@ -497,7 +497,7 @@ Under **Manage**, click **Assignments**, and then with the **Include** tab highl
 
 Click **Select** and then click **Save**.
 
-![Include group](images/include-group2.png)
+![Include group save](images/include-group2.png)
 
 It's also possible to assign specific users to a profile, but we will not cover this scenario in the lab. For more detailed information, see [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot).
 

From 49bdd17e7bc87564d967951d54bb1762d7187909 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 15:48:23 -0800
Subject: [PATCH 64/92] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                                   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index e4de5be2bd..5e54503d98 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -148,9 +148,9 @@ ICS is enabled by default in Windows, and it must be enabled in order for Applic
 
 Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
 
-The following procedure describes how to edit registry keys to disable ICS in part.
+The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy.
 
-1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
+1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 
 
 2. Disable IpNat.sys from ICS load as follows: 
       
 `System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
@@ -162,3 +162,7 @@ The following procedure describes how to edit registry keys to disable ICS in pa
 `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`
 
 5. Reboot the device.
+
+## See also
+
+[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
\ No newline at end of file

From 895817b75efe1cbb384103df79ee8347500fddd6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 16:04:42 -0800
Subject: [PATCH 65/92] Update
 scheduled-catch-up-scans-microsoft-defender-antivirus.md

---
 ...h-up-scans-microsoft-defender-antivirus.md | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index 31c00d261d..8f36768d8a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -1,5 +1,5 @@
 ---
-title: Schedule regular quick and full scans with Microsoft Defender AV
+title: Schedule regular quick and full scans with Microsoft Defender Antivirus
 description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
 keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/30/2020
+ms.date: 11/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -23,7 +23,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 > [!NOTE]
 > By default, Microsoft Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. 
@@ -44,7 +44,9 @@ This article describes how to configure scheduled scans with Group Policy, Power
 
 5.  Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below.
 
-6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings.
+6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. 
+
+7. Click **OK**, and repeat for any other settings.
 
 Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) topics.
 
@@ -74,12 +76,12 @@ Scheduled scans will run at the day and time you specify. You can use Group Poli
 
 ### Use Group Policy to schedule scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Specify the scan type to use for a scheduled scan | Quick scan
-Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never
-Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
-Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours. 
      In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Specify the scan type to use for a scheduled scan | Quick scan |
+|Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never |
+|Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.). | 2 a.m. |
+|Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours. 
      In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled |
 
 ### Use PowerShell cmdlets to schedule scans
 
@@ -121,9 +123,9 @@ You can set the scheduled scan to only occur when the endpoint is turned on but
 
 ### Use Group Policy to schedule scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled |
 
 ### Use PowerShell cmdlets
 
@@ -191,10 +193,10 @@ You can enable a daily quick scan that can be run in addition to your other sche
 
 ### Use Group Policy to schedule daily scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never
-Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never |
+|Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.) | 2 a.m. |
 
 ### Use PowerShell cmdlets to schedule daily scans
 
@@ -224,9 +226,9 @@ You can force a scan to occur after every [protection update](manage-protection-
 
 ### Use Group Policy to schedule scans after protection updates
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled
+|Location | Setting | Description | Default setting (if not configured)|
+|:---|:---|:---|:---|
+|Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled |
 
 ## See also
 - [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md)

From fff9d307f4b583010b940825b531935064934be1 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Tue, 3 Nov 2020 17:09:15 -0700
Subject: [PATCH 66/92] acrolinx fixes

---
 .../bitlocker/bitlocker-basic-deployment.md   | 65 ++++++++--------
 ...ocker-deployment-and-administration-faq.md |  6 +-
 .../bitlocker-recovery-guide-plan.md          | 74 +++++++++----------
 .../bitlocker/bitlocker-to-go-faq.md          |  4 +-
 ...ve-encryption-tools-to-manage-bitlocker.md | 46 ++++++------
 ...bitlocker-using-with-other-programs-faq.md |  8 +-
 ...nd-storage-area-networks-with-bitlocker.md | 31 ++++----
 7 files changed, 118 insertions(+), 116 deletions(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index dc0d879c78..8ad995065c 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker basic deployment (Windows 10)
-description: This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
+description: This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4
 ms.reviewer: 
 ms.prod: w10
@@ -24,7 +24,7 @@ ms.custom: bitlocker
 
 -   Windows 10
 
-This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
+This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 
 ## Using BitLocker to encrypt volumes
 
@@ -39,12 +39,12 @@ BitLocker encryption can be done using the following methods:
 
 -   BitLocker control panel
 -   Windows Explorer
--   manage-bde command line interface
+-   manage-bde command-line interface
 -   BitLocker Windows PowerShell cmdlets
 
 ### Encrypting volumes using the BitLocker control panel
 
-Encrypting volumes with the BitLocker control panel (click **Start**, type **bitlocker**, click **Manage BitLocker**) is how many users will utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data and removable data volumes. The BitLocker control panel will organize available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters will appear properly in the BitLocker control panel applet.
+Encrypting volumes with the BitLocker control panel (select **Start**, type *bitlocker*, select **Manage BitLocker**) is how many users will utilize BitLocker. The name of the BitLocker control panel is BitLocker Drive Encryption. The BitLocker control panel supports encrypting operating system, fixed data, and removable data volumes. The BitLocker control panel will organize available drives in the appropriate category based on how the device reports itself to Windows. Only formatted volumes with assigned drive letters will appear properly in the BitLocker control panel applet.
 To start encryption for a volume, select **Turn on BitLocker** for the appropriate drive to initialize the BitLocker Drive Encryption Wizard. BitLocker Drive Encryption Wizard options vary based on volume type (operating system volume or data volume).
 
 ### Operating system volume
@@ -54,7 +54,7 @@ Upon launch, the BitLocker Drive Encryption Wizard verifies the computer meets t
 |Requirement|Description|
 |--- |--- |
 |Hardware configuration|The computer must meet the minimum requirements for the supported Windows versions.|
-|Operating system|BitLocker is an optional feature which can be installed by Server Manager on Windows Server 2012 and later.|
+|Operating system|BitLocker is an optional feature that can be installed by Server Manager on Windows Server 2012 and later.|
 |Hardware TPM|TPM version 1.2 or 2.0. 
       A TPM is not required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.|
 |BIOS configuration|
    •  A Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.
      •  
    •  The boot order must be set to start first from the hard disk, and not the USB or CD drives.
      •   
    •  The firmware must be able to read from a USB flash drive during startup.
      • |
 |File system|For computers that boot natively with UEFI firmware, at least one FAT32 partition for the system drive and one NTFS partition for the operating system drive. 
       For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive. 
       For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.|
@@ -75,11 +75,11 @@ It is recommended that drives with little to no data utilize the **used disk spa
 > [!NOTE]
 > Deleted files appear as free space to the file system, which is not encrypted by **used disk space only**. Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools.
 
-Selecting an encryption type and choosing **Next** will give the user the option of running a BitLocker system check (selected by default) which will ensure that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. It is recommended to run this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows.
+Selecting an encryption type and choosing **Next** will give the user the option of running a BitLocker system check (selected by default) which will ensure that BitLocker can properly access the recovery and encryption keys before the volume encryption begins. We recommend running this system check before starting the encryption process. If the system check is not run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows.
 
 After completing the system check (if selected), the BitLocker Drive Encryption Wizard will restart the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume. Users can check encryption status by checking the system notification area or the BitLocker control panel.
 
-Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning BitLocker off.
+Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning off BitLocker.
 
 ### Data volume
 
@@ -97,12 +97,12 @@ Encryption status displays in the notification area or within the BitLocker cont
 
 There is a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers are not members of a domain and that the user is using a Microsoft Account. Local accounts do not give the option to utilize OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that are not joined to a domain.
 
-Users can verify the recovery key was saved properly by checking their OneDrive for the BitLocker folder which is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive,
+Users can verify the recovery key was saved properly by checking their OneDrive for the BitLocker folder that is created automatically during the save process. The folder will contain two files, a readme.txt and the recovery key. For users storing more than one recovery password on their OneDrive,
 they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name.
 
 ### Using BitLocker within Windows Explorer
 
-Windows Explorer allows users to launch the BitLocker Drive Encryption wizard by right clicking on a volume and selecting **Turn On BitLocker**. This option is available on client computers by default. On servers, you must first install the BitLocker and Desktop-Experience features for this option to be available. After selecting **Turn on BitLocker**, the wizard works exactly as it does when launched using the BitLocker control panel.
+Windows Explorer allows users to launch the BitLocker Drive Encryption wizard by right-clicking a volume and selecting **Turn On BitLocker**. This option is available on client computers by default. On servers, you must first install the BitLocker and Desktop-Experience features for this option to be available. After selecting **Turn on BitLocker**, the wizard works exactly as it does when launched using the BitLocker control panel.
 
 ## Down-level compatibility
 
@@ -118,13 +118,13 @@ Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Window
 |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A|
 |Partially encrypted volume from Windows 7|Windows 10 and Windows 8.1 will complete encryption regardless of policy|Windows 8 will complete encryption regardless of policy|N/A|
 
-## Encrypting volumes using the manage-bde command line interface
+## Encrypting volumes using the manage-bde command-line interface
 
 Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the options, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
 
-Manage-bde offers a multitude of wider options for configuring BitLocker. This means that using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected.
+Manage-bde offers a multitude of wider options for configuring BitLocker. So using the command syntax may require care and possibly later customization by the user. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected.
 
-Command line users need to determine the appropriate syntax for a given situation. The following section covers general encryption for operating system volumes and data volumes.
+Command-line users need to determine the appropriate syntax for a given situation. The following section covers general encryption for operating system volumes and data volumes.
 
 ### Operating system volume
 
@@ -136,7 +136,7 @@ A good practice when using manage-bde is to determine the volume status on the t
 
 `manage-bde -status`
 
-This command returns the volumes on the target, current encryption status and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment.
+This command returns the volumes on the target, current encryption status, and volume type (operating system or data) for each volume. Using this information, users can determine the best encryption method for their environment.
 
 **Enabling BitLocker without a TPM**
 
@@ -149,29 +149,29 @@ manage-bde -on C:
 
 **Enabling BitLocker with a TPM only**
 
-It is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is:
+It is possible to encrypt the operating system volume without any defined protectors by using manage-bde. Use this command:
 
 `manage-bde -on C:`
 
-This will encrypt the drive using the TPM as the protector. If a user is unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information with the command:
+This command will encrypt the drive using the TPM as the protector. If a user is unsure of the protector for a volume, they can use the -protectors option in manage-bde to list this information with the command:
 
 `manage-bde -protectors -get `
 
 **Provisioning BitLocker with two protectors**
 
-Another example is a user on non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user adds the protectors first. This is done with the command:
+Another example is a user on non-TPM hardware who wishes to add a password and SID-based protector to the operating system volume. In this instance, the user adds the protectors first. Use this command:
 
 `manage-bde -protectors -add C: -pw -sid `
 
-This command will require the user to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn BitLocker on.
+This command will require the user to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, the user just needs to turn on BitLocker.
 
 ### Data volume
 
-Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. It is recommended that at least one primary protector and a recovery protector be added to a data volume.
+Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or users can choose to add protectors to the volume. We recommend that you add at least one primary protector and a recovery protector to a data volume.
 
 **Enabling BitLocker with a password**
 
-A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.
+A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn on BitLocker.
 
 ```powershell
 manage-bde -protectors -add -pw C:
@@ -322,7 +322,7 @@ Occasionally, all protectors may not be shown when using **Get-BitLockerVolume**
 Get-BitLockerVolume C: | fl
 ```
 
-If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
+If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this task requires the GUID associated with the protector to be removed.
 A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below:
 
 ```powershell
@@ -330,7 +330,7 @@ $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
 
-Using this, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector.
+Using this script, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector.
 Using this information, we can then remove the key protector for a specific volume using the command:
 
 ```powershell
@@ -343,7 +343,8 @@ Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}"
 ### Operating system volume
 
 Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell.
-To enable BitLocker with just the TPM protector. This can be done using the command:
+
+To enable BitLocker with just the TPM protector, use this command:
 
 ```powershell
 Enable-BitLocker C:
@@ -357,7 +358,7 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath  -SkipHardwareTes
 
 ### Data volume
 
-Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins.
+Data volume encryption using Windows PowerShell is the same as for operating system volumes. Add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user-defined password. Last, encryption begins.
 
 ```powershell
 $pw = Read-Host -AsSecureString
@@ -365,14 +366,14 @@ $pw = Read-Host -AsSecureString
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 ```
 
-### Using a SID based protector in Windows PowerShell
+### Using a SID-based protector in Windows PowerShell
 
-The ADAccountOrGroup protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover and be unlocked to any member computer of the cluster.
+The ADAccountOrGroup protector is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over and be unlocked to any member computer of the cluster.
 
 > [!WARNING]
 > The SID-based protector requires the use of an additional protector (such as TPM, PIN, recovery key, etc.) when used on operating system volumes.
 
-To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
+To add an ADAccountOrGroup protector to a volume, you need either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
 ```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
@@ -389,7 +390,7 @@ Get-ADUser -filter {samaccountname -eq "administrator"}
 >
 > **Tip:**  In addition to the Windows PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features.
 
-In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
+In the example below, the user wishes to add a domain SID-based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
 
 ```powershell
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup ""
@@ -400,7 +401,7 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "
 
 ##  Checking BitLocker status
 
-To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section.
+To check the BitLocker status of a particular volume, administrators can look at the status of the drive in the BitLocker control panel applet, Windows Explorer, manage-bde command-line tool, or Windows PowerShell cmdlets. Each option offers different levels of detail and ease of use. We will look at each of the available methods in the following section.
 
 ### Checking BitLocker status with the control panel
 
@@ -421,7 +422,7 @@ Once BitLocker protector activation is completed, the completion notice is displ
 
 ### Checking BitLocker status with manage-bde
 
-Administrators who prefer a command line interface can utilize manage-bde to check volume status. Manage-bde is capable of returning more information about the volume than the graphical user interface tools in the control panel. For example, manage-bde can display the BitLocker version in use, the encryption type, and the protectors associated with a volume.
+Administrators who prefer a command-line interface can utilize manage-bde to check volume status. Manage-bde is capable of returning more information about the volume than the graphical user interface tools in the control panel. For example, manage-bde can display the BitLocker version in use, the encryption type, and the protectors associated with a volume.
 
 To check the status of a volume using manage-bde, use the following command:
 
@@ -446,7 +447,7 @@ This command will display information about the encryption method, volume type,
 
 ### Provisioning BitLocker during operating system deployment
 
-Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation Environment. This is done with a randomly generated clear key protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. If the encryption uses the Used Disk Space Only option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes.
+Administrators can enable BitLocker prior to operating system deployment from the Windows Pre-installation Environment. This task is done with a randomly generated clear key protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. If the encryption uses the Used Disk Space Only option described later in this document, this step takes only a few seconds and incorporates well into regular deployment processes.
 
 ### Decrypting BitLocker volumes
 
@@ -461,9 +462,9 @@ The control panel does not report decryption progress but displays it in the not
 
 Once decryption is complete, the drive will update its status in the control panel and is available for encryption.
 
-### Decrypting volumes using the manage-bde command line interface
+### Decrypting volumes using the manage-bde command-line interface
 
-Decrypting volumes using manage-bde is very straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:
+Decrypting volumes using manage-bde is straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:
 
 ```powershell
 manage-bde -off C:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
index ea8ab3bf7a..064a82cf8e 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
@@ -37,7 +37,7 @@ Generally it imposes a single-digit percentage performance overhead.
 
 ## How long will initial encryption take when BitLocker is turned on?
 
-Although BitLocker encryption occurs in the background while you continue to work, and the system remains usable, encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If you are encrypting very large drives, you may want to set encryption to occur during times when you will not be using the drive.
+Although BitLocker encryption occurs in the background while you continue to work, and the system remains usable, encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If you are encrypting large drives, you may want to set encryption to occur during times when you will not be using the drive.
 
 You can also choose whether or not BitLocker should encrypt the entire drive or just the used space on the drive when you turn on BitLocker. On a new hard drive, encrypting just the used spaced can be considerably faster than encrypting the entire drive. When this encryption option is selected, BitLocker automatically encrypts data as it is saved, ensuring that no data is stored unencrypted.
 
@@ -82,11 +82,11 @@ The TPM is not involved in any recovery scenarios, so recovery is still possible
 
 ## What can prevent BitLocker from binding to PCR 7?
 
-This happens if a non-Windows OS booted prior to Windows, or if Secure Boot is not available to the device, either because it has been disabled or the hardware does not support it.
+BitLocker can be prevented from binding to PCR 7 if a non-Windows OS booted prior to Windows, or if Secure Boot is not available to the device, either because it has been disabled or the hardware does not support it.
 
 ## Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive?
 
-Yes, you can swap multiple hard disks on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and operating system drive, so if you want to prepare a backup operating system or data drive for use in case of disk failure, you need to make sure that they were matched with the correct TPM. You can also configure different hard drives for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts.
+Yes, you can swap multiple hard disks on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and operating system drive. So if you want to prepare a backup operating system or data drive in case a disk fails, make sure that they were matched with the correct TPM. You can also configure different hard drives for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts.
 
 ## Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index f31dcd8374..4f3681db63 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker recovery guide (Windows 10)
-description: This topic for IT professionals describes how to recover BitLocker keys from AD DS.
+description: This article for IT professionals describes how to recover BitLocker keys from AD DS.
 ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14
 ms.reviewer: 
 ms.prod: w10
@@ -24,7 +24,7 @@ ms.custom: bitlocker
 
 - Windows 10
 
-This topic for IT professionals describes how to recover BitLocker keys from AD DS.
+This article for IT professionals describes how to recover BitLocker keys from AD DS.
 
 Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended.
 
@@ -46,11 +46,11 @@ BitLocker recovery is the process by which you can restore access to a BitLocker
 
 The following list provides examples of specific events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive:
 
-- On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md) only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality Administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor, or use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](/Exchange/clients/exchange-activesync/exchange-activesync) (also configurable through [Microsoft Intune](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/microsoft-intune)), to limit the number of failed password attempts before the device goes into Device Lockout.
+- On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md) only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality, administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor. Or they can use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](/Exchange/clients/exchange-activesync/exchange-activesync) (also configurable through [Microsoft Intune](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/microsoft-intune)), to limit the number of failed password attempts before the device goes into Device Lockout.
 - On devices with TPM 1.2, changing the BIOS or firmware boot device order causes BitLocker recovery. However, devices with TPM 2.0 do not start BitLocker recovery in this case. TPM 2.0 does not consider a firmware change of boot device order as a security threat because the OS Boot Loader is not compromised.
 - Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD.
 - Failing to boot from a network drive before booting from the hard drive.
-- Docking or undocking a portable computer. In some instances (depending on the computer manufacturer and the BIOS), the docking condition of the portable computer is part of the system measurement and must be consistent to validate the system status and unlock BitLocker. This means that if a portable computer is connected to its docking station when BitLocker is turned on, then it might also need to be connected to the docking station when it is unlocked. Conversely, if a portable computer is not connected to its docking station when BitLocker is turned on, then it might need to be disconnected from the docking station when it is unlocked.
+- Docking or undocking a portable computer. In some instances (depending on the computer manufacturer and the BIOS), the docking condition of the portable computer is part of the system measurement and must be consistent to validate the system status and unlock BitLocker. So if a portable computer is connected to its docking station when BitLocker is turned on, then it might also need to be connected to the docking station when it is unlocked. Conversely, if a portable computer is not connected to its docking station when BitLocker is turned on, then it might need to be disconnected from the docking station when it is unlocked.
 - Changes to the NTFS partition table on the disk including creating, deleting, or resizing a primary partition.
 - Entering the personal identification number (PIN) incorrectly too many times so that the anti-hammering logic of the TPM is activated. Anti-hammering logic is software or hardware methods that increase the difficulty and cost of a brute force attack on a PIN by not accepting PIN entries until after a certain amount of time has passed.
 - Turning off the support for reading the USB device in the pre-boot environment from the BIOS or UEFI firmware if you are using USB-based keys instead of a TPM.
@@ -64,7 +64,7 @@ The following list provides examples of specific events that will cause BitLocke
 - Changes to the master boot record on the disk.
 - Changes to the boot manager on the disk.
 - Hiding the TPM from the operating system. Some BIOS or UEFI settings can be used to prevent the enumeration of the TPM to the operating system. When implemented, this option can make the TPM hidden from the operating system. When the TPM is hidden, BIOS and UEFI secure startup are disabled, and the TPM does not respond to commands from any software.
-- Using a different keyboard that does not correctly enter the PIN or whose keyboard map does not match the keyboard map assumed by the pre-boot environment. This can prevent the entry of enhanced PINs.
+- Using a different keyboard that does not correctly enter the PIN or whose keyboard map does not match the keyboard map assumed by the pre-boot environment. This problem can prevent the entry of enhanced PINs.
 - Modifying the Platform Configuration Registers (PCRs) used by the TPM validation profile. For example, including **PCR\[1\]** would result in BitLocker measuring most changes to BIOS settings, causing BitLocker to enter recovery mode even when non-boot critical BIOS settings change.
 
     > [!NOTE]
@@ -93,25 +93,25 @@ For planned scenarios, such as a known hardware or firmware upgrades, you can av
 > [!NOTE]
 > If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool.
 
-If software maintenance requires the computer be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
+If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
 
 Recovery has been described within the context of unplanned or undesired behavior, but you can also cause recovery as an intended production scenario, in order to manage access control. For example, when you redeploy desktop or laptop computers to other departments or employees in your enterprise, you can force BitLocker into recovery before the computer is given to a new user.
 
 
 ## Testing recovery
 
-Before you create a thorough BitLocker recovery process, we recommend that you test how the recovery process works for both end users (people who call your helpdesk for the recovery password) and administrators (people who help the end user get the recovery password). The –forcerecovery command of manage-bde is an easy way for you to step through the recovery process before your users encounter a recovery situation.
+Before you create a thorough BitLocker recovery process, we recommend that you test how the recovery process works for both end users (people who call your helpdesk for the recovery password) and administrators (people who help the end user get the recovery password). The -forcerecovery command of manage-bde is an easy way for you to step through the recovery process before your users encounter a recovery situation.
 
 **To force a recovery for the local computer:**
 
-1. Click the **Start** button, type **cmd** in the **Start Search** box, right-click **cmd.exe**, and then click **Run as administrator**.
-2. At the command prompt, type the following command and then press ENTER:
+1. Select the **Start** button, type *cmd* in the **Start Search** box, right-click **cmd.exe**, and then select **Run as administrator**.
+2. At the command prompt, type the following command and then press **Enter**:
     `manage-bde -forcerecovery `
 
 
 **To force recovery for a remote computer:**
 
-1. On the Start screen, type **cmd.exe**, and then click **Run as administrator**.
+1. On the Start screen, type **cmd.exe**, and then select **Run as administrator**.
 2. At the command prompt, type the following command and then press ENTER:
     `manage-bde -ComputerName  -forcerecovery `
 
@@ -125,7 +125,7 @@ When planning the BitLocker recovery process, first consult your organization's
 
 Organizations that rely on BitLocker Drive Encryption and BitLocker To Go to protect data on a large number of computers and removable drives running the Windows 10, Windows 8, or Windows 7 operating systems and Windows to Go should consider using the Microsoft BitLocker Administration and Monitoring (MBAM) Tool version 2.0, which is included in the Microsoft Desktop Optimization Pack (MDOP) for Microsoft Software Assurance. MBAM makes BitLocker implementations easier to deploy and manage and allows administrators to provision and monitor encryption for operating system and fixed drives. MBAM prompts the user before encrypting fixed drives. MBAM also manages recovery keys for fixed and removable drives, making recovery easier to manage. MBAM can be used as part of a Microsoft System Center deployment or as a stand-alone solution. For more info, see [Microsoft BitLocker Administration and Monitoring](/microsoft-desktop-optimization-pack/mbam-v25/).
 
-After a BitLocker recovery has been initiated, users can use a recovery password to unlock access to encrypted data. You must consider both self-recovery and recovery password retrieval methods for your organization.
+After a BitLocker recovery has been initiated, users can use a recovery password to unlock access to encrypted data. Consider both self-recovery and recovery password retrieval methods for your organization.
 
 When you determine your recovery process, you should:
 
@@ -141,12 +141,12 @@ When you determine your recovery process, you should:
 
 ### Self-recovery
 
-In some cases, users might have the recovery password in a printout or a USB flash drive and can perform self-recovery. We recommend that your organization create a policy for self-recovery. If self-recovery includes using a password or recovery key stored on a USB flash drive, the users should be warned not to store the USB flash drive in the same place as the PC, especially during travel, for example if both the PC and the recovery items are in the same bag it would be very easy for access to be gained to the PC by an unauthorized user. Another policy to consider is having users contact the Helpdesk before or after performing self-recovery so that the root cause can be identified.
+In some cases, users might have the recovery password in a printout or a USB flash drive and can perform self-recovery. We recommend that your organization create a policy for self-recovery. If self-recovery includes using a password or recovery key stored on a USB flash drive, the users should be warned not to store the USB flash drive in the same place as the PC, especially during travel, for example if both the PC and the recovery items are in the same bag, then it's easy for an unauthorized user to access the PC. Another policy to consider is having users contact the Helpdesk before or after performing self-recovery so that the root cause can be identified.
 
 
 ### Recovery password retrieval
 
-If the user does not have a recovery password in a printout or on a USB flash drive, the user will need to be able to retrieve the recovery password from an online source. If the PC is a member of a domain the recovery password can be backed up to AD DS. However, this does not happen by default, you must have configured the appropriate Group Policy settings before BitLocker was enabled on the PC. BitLocker Group Policy settings can be found in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
+If the user does not have a recovery password in a printout or on a USB flash drive, the user will need to be able to retrieve the recovery password from an online source. If the PC is a member of a domain, the recovery password can be backed up to AD DS. However, this does not happen by default. You must have configured the appropriate Group Policy settings before BitLocker was enabled on the PC. BitLocker Group Policy settings can be found in the Local Group Policy Editor or the Group Policy Management Console (GPMC) under **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption**. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
 
 - **Choose how BitLocker-protected operating system drives can be recovered**
 - **Choose how BitLocker-protected fixed drives can be recovered**
@@ -176,7 +176,7 @@ You can use the name of the user's computer to locate the recovery password in A
 
 ### Verify the user's identity
 
-You should verify that the person that is asking for the recovery password is truly the authorized user of that computer. You may also wish to verify that the computer with the name the user provided belongs to the user.
+Verify that the person that is asking for the recovery password is truly the authorized user of that computer. You might also want to verify that the computer with the name the user provided belongs to the user.
 
 
 ### Locate the recovery password in AD DS
@@ -200,7 +200,7 @@ Before you give the user the recovery password, you should gather any informatio
 
 ### Give the user the recovery password
 
-Because the recovery password is 48 digits long the user may need to record the password by writing it down or typing it on a different computer. If you are using MBAM, the recovery password will be regenerated after it is recovered from the MBAM database to avoid the security risks associated with an uncontrolled password.
+Because the recovery password is 48 digits long, the user might need to record the password by writing it down or typing it on a different computer. If you are using MBAM, the recovery password will be regenerated after it is recovered from the MBAM database to avoid the security risks associated with an uncontrolled password.
 
 > [!NOTE]
 > Because the 48-digit recovery password is long and contains a combination of digits, the user might mishear or mistype the password. The boot-time recovery console uses built-in checksum numbers to detect input errors in each 6-digit block of the 48-digit recovery password, and offers the user the opportunity to correct such errors.
@@ -228,11 +228,11 @@ Review and answer the following questions for your organization:
 1. What BitLocker protection mode is in effect (TPM, TPM + PIN, TPM + startup key, startup key only)? Which PCR profile is in use on the PC?
 2. Did the user merely forget the PIN or lose the startup key? If a token was lost, where might the token be?
 3. If TPM mode was in effect, was recovery caused by a boot file change?
-4. If recovery was caused by a boot file change, is this due to an intended user action (for example, BIOS upgrade), or to malicious software?
+4. If recovery was caused by a boot file change, was the change an intended user action (for example, BIOS upgrade), or was it caused by malicious software?
 5. When was the user last able to start the computer successfully, and what might have happened to the computer since then?
 6. Might the user have encountered malicious software or left the computer unattended since the last successful startup?
 
-To help you answer these questions, use the BitLocker command-line tool to view the current configuration and protection mode (for example, **manage-bde -status**). Scan the event log to find events that help indicate why recovery was initiated (for example, if boot file change occurred). Both of these capabilities can be performed remotely.
+To help you answer these questions, use the BitLocker command-line tool to view the current configuration and protection mode (for example, **manage-bde -status**). Scan the event log to find events that help indicate why recovery was initiated (for example, if the boot file changed). Both of these capabilities can be performed remotely.
 
 
 ### Resolve the root cause
@@ -257,9 +257,9 @@ If a user has forgotten the PIN, you must reset the PIN while you are logged on
 
 1. Unlock the computer using the recovery password.
 2. Reset the PIN:
-    1. Right-click the drive and then click **Change PIN**.
-    2. In the BitLocker Drive Encryption dialog, click **Reset a forgotten PIN**. If you are not logged in with an administrator account you must provide administrative credentials at this time.
-    3. In the PIN reset dialog, provide and confirm the new PIN to use and then click **Finish**.
+    1. Right-click the drive and then select **Change PIN**.
+    2. In the BitLocker Drive Encryption dialog, select **Reset a forgotten PIN**. If you are not logged in with an administrator account, provide administrative credentials at this time.
+    3. In the PIN reset dialog, provide and confirm the new PIN to use and then select **Finish**.
 3. You will use the new PIN the next time you unlock the drive.
 
 
@@ -271,17 +271,17 @@ If you have lost the USB flash drive that contains the startup key, then you mus
 
 1. Log on as an administrator to the computer that has the lost startup key.
 2. Open Manage BitLocker.
-3. Click **Duplicate start up key**, insert the clean USB drive on which you are going to write the key and then click **Save**.
+3. Select **Duplicate start up key**, insert the clean USB drive on which you are going to write the key and then select **Save**.
 
 
 ### Changes to boot files
 
-This error might occur if you updated the firmware. As a best practice you should suspend BitLocker before making changes to the firmware and then resume protection after the update has completed. This prevents the computer from going into recovery mode. However if changes were made when BitLocker protection was on you can simply log on to the computer using the recovery password and the platform validation profile will be updated so that recovery will not occur the next time.
+This error might occur if you updated the firmware. As a best practice, you should suspend BitLocker before making changes to the firmware and then resume protection after the update has completed. This action prevents the computer from going into recovery mode. However if changes were made when BitLocker protection was on, then log on to the computer using the recovery password, and the platform validation profile will be updated so that recovery will not occur the next time.
 
 
 ## Windows RE and BitLocker Device Encryption
 
-Windows Recovery Environment (RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair is not able to be run automatically from the PC and instead Windows RE is manually started from a repair disk, the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
+Windows Recovery Environment (RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair can't run automatically from the PC and instead Windows RE is manually started from a repair disk, then the BitLocker recovery key must be provided to unlock the BitLocker–protected drives.
 
 
 ## BitLocker recovery screen
@@ -307,7 +307,7 @@ Example of customized recovery screen:
 
 ### BitLocker recovery key hints
 
-BitLocker metadata has been enhanced in Windows 10, version 1903 to include information about when and where the BitLocker recovery key was backed up. This information is not exposed through the UI or any public API. It is used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed in both the modern (blue) and legacy (black) recovery screen. This applies to both the boot manager recovery screen and the WinRE unlock screen.
+BitLocker metadata has been enhanced in Windows 10, version 1903 to include information about when and where the BitLocker recovery key was backed up. This information is not exposed through the UI or any public API. It is used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. This applies to both the boot manager recovery screen and the WinRE unlock screen.
 
 ![Customized BitLocker recovery screen](./images/bl-password-hint2.png)
 
@@ -337,7 +337,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 |     Printed          |     No     |
 |     Saved to file    |     No     |
 
-**Result:** The hint for the Microsoft Account and custom URL are displayed.
+**Result:** The hint for the Microsoft Account and the custom URL are displayed.
 
 ![Example 1 of Customized BitLocker recovery screen](./images/rp-example1.PNG)
 
@@ -378,7 +378,7 @@ There are rules governing which hint is shown during the recovery (in order of p
 |----------------------|-----------------|
 |     Saved to Microsoft Account     |     No          |
 |     Saved to Azure AD     |     No          |
-|     Saved to Acive Directory      |     No          |
+|     Saved to Active Directory      |     No          |
 |     Printed          |     No          |
 |     Saved to file    |     Yes         |
 |     Creation time    |     **1PM**     |
@@ -444,17 +444,17 @@ If the recovery methods discussed earlier in this document do not unlock the vol
 > [!NOTE]
 > You must use the BitLocker Repair tool **repair-bde** to use the BitLocker key package.
 
-The BitLocker key package is not saved by default. To save the package along with the recovery password in AD DS you must select the **Backup recovery password and key package** option in the Group Policy settings that control the recovery method. You can also export the key package from a working volume. For more details on how to export key packages, see [Retrieving the BitLocker Key Package](#bkmk-appendixc).
+The BitLocker key package is not saved by default. To save the package along with the recovery password in AD DS, you must select the **Backup recovery password and key package** option in the Group Policy settings that control the recovery method. You can also export the key package from a working volume. For more details about how to export key packages, see [Retrieving the BitLocker Key Package](#bkmk-appendixc).
 
 
 ## Resetting recovery passwords
 
-You should invalidate a recovery password after it has been provided and used. It should also be done when you intentionally want to invalidate an existing recovery password for any reason.
+Invalidate a recovery password after it has been provided and used. It should also be done when you intentionally want to invalidate an existing recovery password for any reason.
 
 You can reset the recovery password in two ways:
 
-- **Use manage-bde** You can use manage-bde to remove the old recovery password and add a new recovery password. The procedure identifies the command and the syntax for this method.
-- **Run a script** You can run a script to reset the password without decrypting the volume. The sample script in the procedure illustrates this functionality. The sample script creates a new recovery password and invalidates all other passwords.
+- **Use manage-bde**: You can use manage-bde to remove the old recovery password and add a new recovery password. The procedure identifies the command and the syntax for this method.
+- **Run a script**: You can run a script to reset the password without decrypting the volume. The sample script in the procedure illustrates this functionality. The sample script creates a new recovery password and invalidates all other passwords.
 
 **To reset a recovery password using manage-bde:**
 
@@ -470,13 +470,13 @@ You can reset the recovery password in two ways:
     Manage-bde –protectors –add C: -RecoveryPassword
     ```
 
-3. Get the ID of the new recovery password. From the screen copy the ID of the recovery password.
+3. Get the ID of the new recovery password. From the screen, copy the ID of the recovery password.
 
     ```powershell
     Manage-bde –protectors –get C: -Type RecoveryPassword
     ```
 
-4. Backup the new recovery password to AD DS
+4. Back up the new recovery password to AD DS.
 
     ```powershell
     Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692}
@@ -488,7 +488,7 @@ You can reset the recovery password in two ways:
 **To run the sample recovery password script:**
 
 1. Save the following sample script in a VBScript file. For example: ResetPassword.vbs.
-2. At the command prompt, type a command similar to the following:
+2. At the command prompt, type a command similar to the following sample script:
 
     **cscript ResetPassword.vbs**
 
@@ -576,15 +576,15 @@ WScript.Echo "A new recovery password has been added. Old passwords have been re
 
 You can use two methods to retrieve the key package, as described in [Using Additional Recovery Information](#bkmk-usingaddrecovery):
 
-- **Export a previously-saved key package from AD DS.** You must have Read access to BitLocker recovery passwords that are stored in AD DS.
+- **Export a previously saved key package from AD DS.** You must have Read access to BitLocker recovery passwords that are stored in AD DS.
 - **Export a new key package from an unlocked, BitLocker-protected volume.** You must have local administrator access to the working volume, before any damage has occurred.
 
-The following sample script exports all previously-saved key packages from AD DS.
+The following sample script exports all previously saved key packages from AD DS.
 
 **To run the sample key package retrieval script:**
 
 1.  Save the following sample script in a VBScript file. For example: GetBitLockerKeyPackageADDS.vbs.
-2.  At the command prompt, type a command similar to the following:
+2.  At the command prompt, type a command similar to the following sample script:
 
     **cscript GetBitLockerKeyPackageADDS.vbs -?**
 
@@ -733,7 +733,7 @@ The following sample script exports a new key package from an unlocked, encrypte
 **To run the sample key package retrieval script:**
 
 1. Save the following sample script in a VBScript file. For example: GetBitLockerKeyPackage.vbs
-2. Open an administrator command prompt, type a command similar to the following:
+2. Open an administrator command prompt, and then type a command similar to the following sample script:
 
     **cscript GetBitLockerKeyPackage.vbs  -?**
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index c34ddf46f1..2be6494c9a 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker To Go FAQ (Windows 10)
-description: Learn more about BitLocker To Go — BitLocker drive encryption for removable drives.
+description: "Learn more about BitLocker To Go: BitLocker drive encryption for removable drives."
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
 ms.reviewer: 
 ms.author: dansimp
@@ -25,7 +25,7 @@ ms.custom: bitlocker
 
 ## What is BitLocker To Go?
 
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
 
 As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. 
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index bf20c5efdd..793722ef06 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -1,6 +1,6 @@
 ---
 title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10)
-description: This topic for the IT professional describes how to use tools to manage BitLocker.
+description: This article for the IT professional describes how to use tools to manage BitLocker.
 ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6
 ms.reviewer: 
 ms.prod: w10
@@ -23,9 +23,9 @@ ms.custom: bitlocker
 **Applies to**
 -   Windows 10
 
-This topic for the IT professional describes how to use tools to manage BitLocker.
+This article for the IT professional describes how to use tools to manage BitLocker.
 
-BitLocker Drive Encryption Tools include the command line tools manage-bde and repair-bde and the BitLocker cmdlets for Windows PowerShell.
+BitLocker Drive Encryption Tools include the command-line tools manage-bde and repair-bde and the BitLocker cmdlets for Windows PowerShell.
 
 Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
 
@@ -39,11 +39,11 @@ Repair-bde is a special circumstance tool that is provided for disaster recovery
 
 Manage-bde is a command-line tool that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel. For a complete list of the manage-bde options, see the [Manage-bde](https://technet.microsoft.com/library/ff829849.aspx) command-line reference.
 
-Manage-bde includes less default settings and requires greater customization for configuring BitLocker. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. The following sections provide examples of common usage scenarios for manage-bde.
+Manage-bde includes fewer default settings and requires greater customization for configuring BitLocker. For example, using just the `manage-bde -on` command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected. The following sections provide examples of common usage scenarios for manage-bde.
 
 ### Using manage-bde with operating system volumes
 
-Listed below are examples of basic valid commands for operating system volumes. In general, using only the `manage-bde -on ` command will encrypt the operating system volume with a TPM-only protector and no recovery key. However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. It is recommended that at least one primary protector and a recovery protector be added to an operating system volume.
+Listed below are examples of basic valid commands for operating system volumes. In general, using only the `manage-bde -on ` command will encrypt the operating system volume with a TPM-only protector and no recovery key. However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. We recommend that you add at least one primary protector and a recovery protector to an operating system volume.
 
 A good practice when using manage-bde is to determine the volume status on the target system. Use the following command to determine volume status:
 
@@ -54,7 +54,7 @@ This command returns the volumes on the target, current encryption status, encry
 
 ![Using manage-bde to check encryption status](images/manage-bde-status.png)
 
-The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process.
+The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process, you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process.
 
 ```powershell
 manage-bde –protectors -add C: -startupkey E:
@@ -63,30 +63,30 @@ manage-bde -on C:
 
 >**Note:**  After the encryption is completed, the USB startup key must be inserted before the operating system can be started.
  
-An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command:
+An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. To add them, use this command:
 
 ```powershell
 manage-bde -protectors -add C: -pw -sid 
 ```
 
-This command will require you to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, you can then turn BitLocker on.
+This command will require you to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, you can then turn on BitLocker.
 
-On computers with a TPM it is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is:
+On computers with a TPM, it is possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command:
 
 ```powershell
 manage-bde -on C:
 ```
 
-This will encrypt the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command:
+This command encrypts the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command:
 
 ```powershell
  manage-bde -protectors -get 
 ```
 ### Using manage-bde with data volumes
 
-Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. It is recommended that at least one primary protector and a recovery protector be added to a data volume.
+Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume.
 
-A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.
+A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn on BitLocker.
 
 ```powershell
 manage-bde -protectors -add -pw C:
@@ -101,11 +101,11 @@ The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a
 
 >**Tip:**  If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume.
  
-The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. You should use Repair-bde if the following conditions are true:
+The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true:
 
-1.  You have encrypted the drive by using BitLocker Drive Encryption.
-2.  Windows does not start, or you cannot start the BitLocker recovery console.
-3.  You do not have a copy of the data that is contained on the encrypted drive.
+- You have encrypted the drive by using BitLocker Drive Encryption.
+- Windows does not start, or you cannot start the BitLocker recovery console.
+- You do not have a copy of the data that is contained on the encrypted drive.
 
 >**Note:**  Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.
  
@@ -249,7 +249,7 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
  
 Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
 A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLockerVolume cmdlet.
-The Get-BitLockerVolume cmdlet output gives information on the volume type, protectors, protection status and other details.
+The Get-BitLockerVolume cmdlet output gives information on the volume type, protectors, protection status, and other details.
 
 >**Tip:**  Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors.
 `Get-BitLockerVolume C: | fl`
@@ -263,9 +263,9 @@ $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
 
-Using this, you can display the information in the $keyprotectors variable to determine the GUID for each protector.
+By using this script, you can display the information in the $keyprotectors variable to determine the GUID for each protector.
 
-Using this information, you can then remove the key protector for a specific volume using the command:
+By using this information, you can then remove the key protector for a specific volume using the command:
 
 ```powershell
 Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}"
@@ -291,8 +291,8 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath  -SkipHardwareTes
 
 ### Using the BitLocker Windows PowerShell cmdlets with data volumes
 
-Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
-SecureString value to store the user defined password.
+Data volume encryption using Windows PowerShell is the same as for operating system volumes. Add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
+SecureString value to store the user-defined password.
 
 ```powershell
 $pw = Read-Host -AsSecureString
@@ -301,11 +301,11 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 ```
 ### Using an AD Account or Group protector in Windows PowerShell
 
-The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover to and be unlocked by any member computer of the cluster.
+The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster.
 
 >**Warning:**  The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes
  
-To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
+To add an **ADAccountOrGroup** protector to a volume, use either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
 ```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
index ac4286c885..e71fba3cbd 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md
@@ -37,7 +37,7 @@ BitLocker has a storage driver stack that ensures memory dumps are encrypted whe
 
 ## Can BitLocker support smart cards for pre-boot authentication?
 
-BitLocker does not support smart cards for pre-boot authentication. There is no single industry standard for smart card support in the firmware, and most computers either do not implement firmware support for smart cards, or only support specific smart cards and readers. This lack of standardization makes supporting them very difficult.
+BitLocker does not support smart cards for pre-boot authentication. There is no single industry standard for smart card support in the firmware, and most computers either do not implement firmware support for smart cards, or only support specific smart cards and readers. This lack of standardization makes supporting them difficult.
 
 ## Can I use a non-Microsoft TPM driver?
 
@@ -69,7 +69,7 @@ The **Save to USB** option is not shown by default for removable drives. If the
 
 ## Why am I unable to automatically unlock my drive?
 
-Automatic unlocking for fixed data drives requires that the operating system drive also be protected by BitLocker. If you are using a computer that does not have a BitLocker-protected operating system drive, the drive cannot be automatically unlocked. For removable data drives, you can add automatic unlocking by right-clicking the drive in Windows Explorer and clicking **Manage BitLocker**. You will still be able to use the password or smart card credentials you supplied when you turned on BitLocker to unlock the removable drive on other computers.
+Automatic unlocking for fixed data drives requires the operating system drive to also be protected by BitLocker. If you are using a computer that does not have a BitLocker-protected operating system drive, the drive cannot be automatically unlocked. For removable data drives, you can add automatic unlocking by right-clicking the drive in Windows Explorer and clicking **Manage BitLocker**. You will still be able to use the password or smart card credentials you supplied when you turned on BitLocker to unlock the removable drive on other computers.
 
 ## Can I use BitLocker in Safe Mode?
 
@@ -95,8 +95,8 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical
 ## Does BitLocker support virtual hard disks (VHDs)?
 
 BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
-- With TPM - Yes it is supported
-- Without  TPM - Yes it is supported (with password protector)
+- With TPM: Yes, it is supported.
+- Without  TPM: Yes, it is supported (with password protector).
 
 BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
 
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index ac7c00f8b6..01a07590a5 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -1,6 +1,6 @@
 ---
 title: Protecting cluster shared volumes and storage area networks with BitLocker (Windows 10)
-description: This topic for IT pros describes how to protect CSVs and SANs with BitLocker.
+description: This article for IT pros describes how to protect CSVs and SANs with BitLocker.
 ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092
 ms.reviewer: 
 ms.prod: w10
@@ -23,7 +23,7 @@ ms.custom: bitlocker
 **Applies to**
 -   Windows Server 2016
 
-This topic for IT pros describes how to protect CSVs and SANs with BitLocker.
+This article for IT pros describes how to protect CSVs and SANs with BitLocker.
 
 BitLocker can protect both physical disk resources and cluster shared volumes version 2.0 (CSV2.0). BitLocker on clustered volumes allows for an additional layer of protection for administrators wishing to protect sensitive, highly available data. By adding additional protectors to the clustered volume, administrators can also add an additional barrier of security to resources within an organization by allowing only certain user accounts access to unlock the BitLocker volume.
 
@@ -38,15 +38,15 @@ BitLocker on volumes within a cluster are managed based on how the cluster servi
 Alternatively, the volume can be a cluster-shared volume, a shared namespace, within the cluster. Windows Server 2012 expanded the CSV architecture, now known as CSV2.0, to enable support for BitLocker. When using BitLocker with volumes designated for a cluster, the volume will need to turn on 
 BitLocker before its addition to the storage pool within cluster or put the resource into maintenance mode before BitLocker operations will complete.
 
-Windows PowerShell or the manage-bde command line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points do not require the use of a drive letter. Volumes that lack drive letters do not appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources is not available in the Control Panel item.
+Windows PowerShell or the manage-bde command-line interface is the preferred method to manage BitLocker on CSV2.0 volumes. This method is recommended over the BitLocker Control Panel item because CSV2.0 volumes are mount points. Mount points are an NTFS object that is used to provide an entry point to other volumes. Mount points do not require the use of a drive letter. Volumes that lack drive letters do not appear in the BitLocker Control Panel item. Additionally, the new Active Directory-based protector option required for cluster disk resource or CSV2.0 resources is not available in the Control Panel item.
 
 >**Note:**  Mount points can be used to support remote mount points on SMB based network shares. This type of share is not supported for BitLocker encryption.
  
-For thinly provisioned storage, such as a Dynamic Virtual Hard Disk (VHD), BitLocker runs in Used Disk Space Only encryption mode. You cannot use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on these types of volumes. This is blocked in order to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space.
+For thinly provisioned storage, such as a Dynamic Virtual Hard Disk (VHD), BitLocker runs in Used Disk Space Only encryption mode. You cannot use the **manage-bde -WipeFreeSpace** command to transition the volume to full-volume encryption on these types of volumes. This action is blocked in order to avoid expanding thinly provisioned volumes to occupy the entire backing store while wiping the unoccupied (free) space.
 
 ### Active Directory-based protector
 
-You can also use an Active Directory Domain Services (AD DS) protector for protecting clustered volumes held within your AD DS infrastructure. The **ADAccountOrGroup** protector is a domain security identifier (SID)-based protector that can be bound to a user account, machine account or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. BitLocker will unlock protected volumes without user intervention by attempting protectors in the following order:
+You can also use an Active Directory Domain Services (AD DS) protector for protecting clustered volumes held within your AD DS infrastructure. The **ADAccountOrGroup** protector is a domain security identifier (SID)-based protector that can be bound to a user account, machine account, or group. When an unlock request is made for a protected volume, the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock or deny the request. BitLocker will unlock protected volumes without user intervention by attempting protectors in the following order:
 
 1.  Clear key
 2.  Driver-based auto-unlock key
@@ -61,7 +61,7 @@ You can also use an Active Directory Domain Services (AD DS) protector for prote
  
 ### Turning on BitLocker before adding disks to a cluster using Windows PowerShell
 
-BitLocker encryption is available for disks before or after addition to a cluster storage pool. The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource does not require suspending the resource to complete the operation. To turn on BitLocker for a disk before adding it to a cluster, do the following:
+BitLocker encryption is available for disks before or after addition to a cluster storage pool. The advantage of encrypting volumes prior to adding them to a cluster is that the disk resource does not require suspending the resource to complete the operation. To turn on BitLocker for a disk before adding it to a cluster:
 
 1.  Install the BitLocker Drive Encryption feature if it is not already installed.
 2.  Ensure the disk is formatted NTFS and has a drive letter assigned to it.
@@ -84,7 +84,7 @@ BitLocker encryption is available for disks before or after addition to a cluste
 
 ### Turning on BitLocker for a clustered disk using Windows PowerShell
 
-When the cluster service owns a disk resource already, it needs to be set into maintenance mode before BitLocker can be enabled. Use the following steps for turning BitLocker on for a clustered disk:
+When the cluster service owns a disk resource already, it needs to be set into maintenance mode before BitLocker can be enabled. Use the following steps for turning on BitLocker for a clustered disk:
 
 1.  Install the BitLocker Drive Encryption feature if it is not already installed.
 2.  Check the status of the cluster disk using Windows PowerShell.
@@ -122,11 +122,11 @@ When the cluster service owns a disk resource already, it needs to be set into m
 
 ### Adding BitLocker encrypted volumes to a cluster using manage-bde
 
-You can also use manage-bde to enable BitLocker on clustered volumes. The steps needed to add a physical disk resource or CSV2.0 volume to an existing cluster includes the following:
+You can also use manage-bde to enable BitLocker on clustered volumes. Follow these steps to add a physical disk resource or CSV2.0 volume to an existing cluster:
 
 1.  Verify the BitLocker Drive Encryption feature is installed on the computer.
 2.  Ensure new storage is formatted as NTFS.
-3.  Encrypt the volume, add a recovery key and add the cluster administrator as a protector key using the manage-bde command line interface (see example):
+3.  Encrypt the volume, add a recovery key, and add the cluster administrator as a protector key by using the manage-bde command-line interface (see example):
 
     -   `Manage-bde -on -used  -RP -sid domain\CNO$ -sync`
 
@@ -135,16 +135,17 @@ You can also use manage-bde to enable BitLocker on clustered volumes. The steps
 
 4.  Open the Failover Cluster Manager snap-in or cluster PowerShell cmdlets to enable the disk to be clustered
 
-    -   Once the disk is clustered it can also be enabled for CSV.
+    -   Once the disk is clustered, it can also be enabled for CSV.
 
 5.  During the resource online operation, cluster will check to see if the disk is BitLocker encrypted.
 
     1.  If the volume is not BitLocker enabled, traditional cluster online operations occur.
     2.  If the volume is BitLocker enabled, the following check occurs:
 
-        -   If volume is **locked**, BitLocker will impersonate the CNO and unlock the volume using the CNO protector. If this operation fails an event will be logged that the volume could not be unlocked and the online operation will fail.
+        -   If volume is **locked**, BitLocker will impersonate the CNO and unlock the volume using the CNO protector. If this operation fails, an event will be logged that the volume could not be unlocked and the online operation will fail.
+
+6.  Once the disk is online in the storage pool, it can be added to a CSV by right-clicking the disk resource and choosing **Add to cluster shared volumes**.
 
-6.  Once the disk is online in the storage pool, it can be added to a CSV by right clicking on the disk resource and choosing "**Add to cluster shared volumes**".
 CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below.
 
 ```powershell
@@ -153,11 +154,11 @@ manage-bde -status "C:\ClusterStorage\volume1"
 
 ### Physical Disk Resources
 
-Unlike CSV2.0 volumes, physical disk resources can only be accessed by one cluster node at a time. This means that operations such as encrypting, decrypting, locking or unlocking volumes require context to perform. For example, you cannot unlock or decrypt a physical disk resource if you are not administering the cluster node that owns the disk resource because the disk resource is not available.
+Unlike CSV2.0 volumes, physical disk resources can only be accessed by one cluster node at a time. So operations such as encrypting, decrypting, locking, or unlocking volumes require context to perform. For example, you cannot unlock or decrypt a physical disk resource if you are not administering the cluster node that owns the disk resource because the disk resource is not available.
 
 ### Restrictions on BitLocker actions with cluster volumes
 
-The following table contains information about both Physical Disk Resources (i.e. traditional failover cluster volumes) and Cluster Shared Volumes (CSV) and the actions that are allowed by BitLocker in each situation.
+The following table contains information about both Physical Disk Resources (that is, traditional failover cluster volumes) and Cluster Shared Volumes (CSV) and the actions that are allowed by BitLocker in each situation.
 
 @@ -268,7 +269,7 @@ In the case where a physical disk resource experiences a failover event during c
 
 ### Other considerations when using BitLocker on CSV2.0
 
-Some other considerations to take into account for BitLocker on clustered storage include the following:
+Also take these considerations into account for BitLocker on clustered storage:
 -   BitLocker volumes have to be initialized and beginning encryption before they are available to add to a CSV2.0 volume.
 -   If an administrator needs to decrypt a CSV volume, remove the volume from the cluster or put into disk maintenance mode. You can add the CSV back to the cluster while waiting for decryption to complete.
 -   If an administrator needs to start encrypting a CSV volume, remove the volume from the cluster or put it in maintenance mode.

From 56d62160901ef8aa6764f825d5919a80b8dad92b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 16:20:39 -0800
Subject: [PATCH 67/92] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                                     | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 5e54503d98..007fa751d5 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -144,11 +144,7 @@ There is a known issue such that if you change the Exploit Protection settings f
 
 ### How can I have ICS in enabled state yet still use Application Guard?
 
-ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly.
-
-Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
-
-The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy.
+ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
 
 1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 
 

From c07930f9de9efb522cddf88ccf71fdd18946be78 Mon Sep 17 00:00:00 2001
From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com>
Date: Wed, 4 Nov 2020 12:14:23 +0530
Subject: [PATCH 68/92] Update index.yml

Spelling mistake on the word Accessibility
---
 windows/hub/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 289a9ff9e7..75355791f6 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -42,7 +42,7 @@ landingContent:
         links:
           - text: Configure Windows 10
             url: /windows/configuration/index
-          - text: Accesasibility information for IT Pros
+          - text: Accessibility information for IT Pros
             url: /windows/configuration/windows-10-accessibility-for-itpros
           - text: Configure access to Microsoft Store
             url: /windows/configuration/stop-employees-from-using-microsoft-store

From 98cef83cb8ed3f4bd4916cd75af215e2c1229370 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 4 Nov 2020 12:22:07 +0500
Subject: [PATCH 69/92] minor modification

Made a correction in the statement.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8568
---
 .../threat-protection/microsoft-defender-atp/apis-intro.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index 34f925b4d8..ebf717e331 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 
      
     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with application context:
+	Steps that needs to be taken to access Microsoft Defender ATP API with user context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.

From bb838bcd8bac05f0af3d0fc2a41b26ee9080ddd1 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 14:52:27 +0500
Subject: [PATCH 70/92] Update password-policy.md

---
 .../security-policy-settings/password-policy.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index daf285e8a4..f4b1f58262 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -26,7 +26,7 @@ An overview of password policies for Windows and links to information for each p
 
 In many operating systems, the most common method to authenticate a user's identity is to use a secret passphrase or password. A secure network environment requires all users to use strong passwords, which have at least eight characters and include a combination of letters, numbers, and symbols. These passwords help prevent the compromise of user accounts and administrative accounts by unauthorized users who use manual methods or automated tools to guess weak passwords. Strong passwords that are changed regularly reduce the likelihood of a successful password attack.
 
-Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
+Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. For more details, see [AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770842(v=ws.10)).
 
 To apply a fine-grained password policy to users of an OU, you can use a shadow group. A shadow group is a global security group that is logically mapped to an OU to enforce a fine-grained password policy. You add users of the OU as members of the newly created shadow group and then apply the fine-grained password policy to this shadow group. You can create additional shadow groups for other OUs as needed. If you move a user from one OU to another, you must update the membership of the corresponding shadow groups.
 
@@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin
 
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**
 
-If individual groups require distinct password policies, these groups should be separated into another domain or forest, based on additional requirements.
+This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above.
 
 The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting.
 

From 37d9f9d76c1c464de811120374fc198312300987 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 07:59:09 -0700
Subject: [PATCH 71/92] acrolinx fixes

---
 .../threat-protection/auditing/audit-user-device-claims.md    | 4 ++--
 windows/security/threat-protection/auditing/event-1105.md     | 4 ++--
 windows/security/threat-protection/auditing/event-4618.md     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index 74c7755cb8..bea0be45b0 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -1,6 +1,6 @@
 ---
 title: Audit User/Device Claims (Windows 10)
-description: Audit User/Device Claims is an audit policy setting which enables you to audit security events that are generated by user and device claims.
+description: Audit User/Device Claims is an audit policy setting that enables you to audit security events that are generated by user and device claims.
 ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486
 ms.reviewer: 
 manager: dansimp
@@ -25,7 +25,7 @@ Audit User/Device Claims allows you to audit user and device claims information
 
 For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
 
-***Important***: [Audit Logon](audit-logon.md) subcategory must also be enabled in order to get events from this subcategory.
+***Important***: Enable the [Audit Logon](audit-logon.md) subcategory in order to get events from this subcategory.
 
 **Event volume**:
 
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index e00e49b666..bd4e2bb72a 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -13,7 +13,7 @@ manager: dansimp
 ms.author: dansimp
 ---
 
-# 1105(S): Event log automatic backup.
+# 1105(S): Event log automatic backup
 
 **Applies to**
 -   Windows 10
@@ -71,7 +71,7 @@ This event generates, for example, if the maximum size of Security Event Log fil
 
 ***Field Descriptions:***
 
-**Log** \[Type = UnicodeString\]: the name of the log which was archived (new event log file was created and previous event log was archived). Always “**Security”** for Security Event Logs.
+**Log** \[Type = UnicodeString\]: the name of the log that was archived (new event log file was created and previous event log was archived). Always “**Security”** for Security Event Logs.
 
 **File**: \[Type = FILETIME\]: full path and filename of archived log file.
 
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index 9dcc575df1..4155868172 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -32,7 +32,7 @@ Account must have **SeAuditPrivilege** (Generate security audits) to be able to
 
 -   Only **OrgEventID**, **ComputerName**, and **EventCount** are required—others are optional. Fields not specified appear with “**-**“ in the event description field.
 
--   If a field doesn’t match the expected data type, the event is not generated. (i.e., if **EventCount** = “XYZ” then no event is generated.)
+-   If a field doesn’t match the expected data type, the event is not generated. That is, if **EventCount** = “XYZ”, then no event is generated.
 
 -   **UserSid**, **UserName**, and **UserDomain** are not related to each other (think **SubjectUser** fields, where they are)
 
@@ -98,5 +98,5 @@ Account must have **SeAuditPrivilege** (Generate security audits) to be able to
 
 For 4618(S): A monitored security event pattern has occurred.
 
--   This event can be invoked only manually/intentionally, it is up to you how interpret this event depends on information you put inside of it.
+-   This event can be invoked only manually/intentionally, it is up to you how to interpret this event depends on information you put inside of it.
 

From f4d1ce167ef544827355e31d17c4b3bddcbdeaa9 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Wed, 4 Nov 2020 16:27:43 +0100
Subject: [PATCH 72/92] Policy CSP/Update: place important blob below list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As reported in issue ticket #8580 (The position of the "Important" section of Update/AllowAutoUpdate is incorrect. (Update/AllowAutoUpdate の「Important」セクションの位置が正しくありません)), the current placement of the important Note blob does not make it clear enough which of the details it is referring to.

Placing the important note blob directly beneath bullet list point 5, which the important blob is referring to, makes it much more clear.

Thanks to 新宅 伸啓 (ShintakuNobuhiro) for reporting this clarification issue.

Closes #8580
---
 windows/client-management/mdm/policy-csp-update.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 5403dbf610..11b7b08a4d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -461,11 +461,6 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 Supported operations are Get and Replace.
 
-
-> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
- 
-
 If the policy is not configured, end-users get the default behavior (Auto install and restart).
 
 
@@ -488,6 +483,11 @@ The following list shows the supported values:
 -   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
 -   5 – Turn off automatic updates.
 
+
+> [!IMPORTANT]
+> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+
+
 
 
 

From bfce7c598bf97d4bf1f07dd83c691dcd62bb8848 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 4 Nov 2020 21:51:59 +0500
Subject: [PATCH 73/92] Update
 windows/security/threat-protection/microsoft-defender-atp/apis-intro.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/microsoft-defender-atp/apis-intro.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index ebf717e331..ed7b21ccdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 
      
     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with user context:
+	Steps that need to be taken to access Microsoft Defender ATP API with user context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.

From 2d6bba7c64209ef0ac3cb3ff0dd6ec635b520d90 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 21:58:16 +0500
Subject: [PATCH 74/92] Update
 windows/security/threat-protection/security-policy-settings/password-policy.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security-policy-settings/password-policy.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index f4b1f58262..4e9a967608 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin
 
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**
 
-This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above.
+This group policy is applied on the domain level. If individual groups require distinct password policies, consider using fine-grained password policies, as described above.
 
 The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting.
 

From 216a2c77341eb58a1eff3fd2954d260606eeeb54 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 22:12:34 +0500
Subject: [PATCH 75/92] Update minimum-requirements.md

---
 .../microsoft-defender-atp/minimum-requirements.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index b659b20797..0b66e73431 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -51,7 +51,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 
 Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
 
-- [Azure Security Center Standard plan](https://docs.microsoft.com/azure/security-center/security-center-pricing) (per node)
+- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing)
 - Microsoft Defender ATP for Servers (one per covered Server)
 
 > [!NOTE]

From 872f48fd4f039627377c8edb4f2087951c47ed30 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Wed, 4 Nov 2020 09:58:15 -0800
Subject: [PATCH 76/92] Update minimum-requirements.md

---
 .../microsoft-defender-atp/minimum-requirements.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0b66e73431..0f05ee52c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -51,8 +51,8 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 
 Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
 
-- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered Server)
+- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
+- Microsoft Defender ATP for Servers (one per covered server)
 
 > [!NOTE]
 > Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.

From 5e3fa651980166275c396d6388fddd9bed17b1bd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Wed, 4 Nov 2020 09:59:57 -0800
Subject: [PATCH 77/92] Update policy-csp-update.md

---
 windows/client-management/mdm/policy-csp-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 11b7b08a4d..df70a21a7c 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 10/21/2020
+ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ---

From 87817e8a5c75b4780cd6ccfd7695f0c0f5d08a40 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 11:38:37 -0700
Subject: [PATCH 78/92] acrolinx fixes

---
 .../threat-protection/auditing/event-4625.md  | 40 +++++++++----------
 .../threat-protection/auditing/event-4692.md  | 12 +++---
 .../threat-protection/auditing/event-4771.md  | 28 ++++++-------
 .../threat-protection/auditing/event-4947.md  |  6 +--
 .../threat-protection/auditing/event-4953.md  |  4 +-
 .../threat-protection/auditing/event-5056.md  |  6 +--
 .../threat-protection/auditing/event-5060.md  |  8 ++--
 .../threat-protection/auditing/event-5152.md  | 18 ++++-----
 .../threat-protection/auditing/event-5154.md  | 14 +++----
 .../threat-protection/auditing/event-5156.md  | 16 ++++----
 .../threat-protection/auditing/event-5157.md  | 18 ++++-----
 .../threat-protection/auditing/event-5158.md  | 14 +++----
 .../threat-protection/auditing/event-5159.md  |  8 ++--
 13 files changed, 96 insertions(+), 96 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 220876b84a..293e52c57f 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -99,7 +99,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure.
 
--   **Account Domain** \[Type = UnicodeString\]**:** subject’s domain or computer name. Formats vary, and include the following:
+-   **Account Domain** \[Type = UnicodeString\]**:** subject's domain or computer name. Here are some examples of formats:
 
     -   Domain NETBIOS name example: CONTOSO
 
@@ -111,7 +111,7 @@ This event generates on domain controllers, member servers, and workstations.
 
     -   For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
 
--   **Logon Type** \[Type = UInt32\]**:** the type of logon which was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field.
+-   **Logon Type** \[Type = UInt32\]**:** the type of logon that was performed. “Table 11. Windows Logon Types” contains the list of possible values for this field.
 
 
     **Table 11: Windows Logon Types**
@@ -138,7 +138,7 @@ This event generates on domain controllers, member servers, and workstations.
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt.
 
--   **Account Domain** \[Type = UnicodeString\]**:** domain or computer name. Formats vary, and include the following:
+-   **Account Domain** \[Type = UnicodeString\]**:** domain or computer name. Here are some examples of formats:
 
     -   Domain NETBIOS name example: CONTOSO
 
@@ -154,9 +154,9 @@ This event generates on domain controllers, member servers, and workstations.
 
 **Failure Information:**
 
--   **Failure Reason** \[Type = UnicodeString\]**:** textual explanation of **Status** field value. For this event it typically has “**Account locked out**” value.
+-   **Failure Reason** \[Type = UnicodeString\]**:** textual explanation of **Status** field value. For this event, it typically has “**Account locked out**” value.
 
--   **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event it typically has “**0xC0000234**” value. The most common status codes are listed in Table 12. Windows logon status codes.
+-   **Status** \[Type = HexInt32\]**:** the reason why logon failed. For this event, it typically has “**0xC0000234**” value. The most common status codes are listed in Table 12. Windows logon status codes.
 
     **Table 12: Windows logon status codes.**
 
@@ -165,7 +165,7 @@ This event generates on domain controllers, member servers, and workstations.
     | 0XC000005E              | There are currently no logon servers available to service the logon request.                         |
     | 0xC0000064              | User logon with misspelled or bad user account                                                       |
     | 0xC000006A              | User logon with misspelled or bad password                                                           |
-    | 0XC000006D              | This is either due to a bad username or authentication information                                   |
+    | 0XC000006D              | The cause is either a bad username or authentication information                                   |
     | 0XC000006E              | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).     |
     | 0xC000006F              | User logon outside authorized hours                                                                  |
     | 0xC0000070              | User logon from unauthorized workstation                                                             |
@@ -173,23 +173,23 @@ This event generates on domain controllers, member servers, and workstations.
     | 0xC0000072              | User logon to account disabled by administrator                                                      |
     | 0XC00000DC              | Indicates the Sam Server was in the wrong state to perform the desired operation.                    |
     | 0XC0000133              | Clocks between DC and other computer too far out of sync                                             |
-    | 0XC000015B              | The user has not been granted the requested logon type (aka logon right) at this machine             |
+    | 0XC000015B              | The user has not been granted the requested logon type (also called the *logon right*) at this machine             |
     | 0XC000018C              | The logon request failed because the trust relationship between the primary domain and the trusted domain failed.      |
-    | 0XC0000192              | An attempt was made to logon, but the N**etlogon** service was not started.                                            |
+    | 0XC0000192              | An attempt was made to logon, but the **Netlogon** service was not started.                                            |
     | 0xC0000193              | User logon with expired account                                                                      |
     | 0XC0000224              | User is required to change password at next logon                                                    |
     | 0XC0000225              | Evidently a bug in Windows and not a risk                                                            |
     | 0xC0000234              | User logon with account locked                                                                       |
     | 0XC00002EE              | Failure Reason: An Error occurred during Logon                                                       |
-    | 0XC0000413              | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |
+    | 0XC0000413              | Logon Failure: The machine you are logging on to is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |
     | 0x0                     | Status OK.  |
 
 > [!NOTE]
-> To see the meaning of other status\\sub-status codes you may also check for status code in the Window header file ntstatus.h in Windows SDK.
+> To see the meaning of other status or substatus codes, you might also check for status code in the Window header file ntstatus.h in Windows SDK.
 
 More information: 
 
--   **Sub Status** \[Type = HexInt32\]**:** additional information about logon failure. The most common sub-status codes listed in the “Table 12. Windows logon status codes.”.
+-   **Sub Status** \[Type = HexInt32\]**:** additional information about logon failure. The most common substatus codes listed in the “Table 12. Windows logon status codes.”.
 
 **Process Information:**
 
@@ -213,7 +213,7 @@ More information: 
 
     -   ::1 or 127.0.0.1 means localhost.
 
--   **Source Port** \[Type = UnicodeString\]: source port which was used for logon attempt from remote machine.
+-   **Source Port** \[Type = UnicodeString\]: source port that was used for logon attempt from remote machine.
 
     -   0 for interactive logons.
 
@@ -221,7 +221,7 @@ More information: 
 
 -   **Logon Process** \[Type = UnicodeString\]**:** the name of the trusted logon process that was used for the logon attempt. See event “[4611](event-4611.md): A trusted logon process has been registered with the Local Security Authority” description for more information.
 
--   **Authentication Package** \[Type = UnicodeString\]**:** The name of the authentication package which was used for the logon authentication process. Default packages loaded on LSA startup are located in “HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\OSConfig” registry key. Other packages can be loaded at runtime. When a new package is loaded a “[4610](event-4610.md): An authentication package has been loaded by the Local Security Authority” (typically for NTLM) or “[4622](event-4622.md): A security package has been loaded by the Local Security Authority” (typically for Kerberos) event is logged to indicate that a new package has been loaded along with the package name. The most common authentication packages are:
+-   **Authentication Package** \[Type = UnicodeString\]**:** The name of the authentication package that was used for the logon authentication process. Default packages loaded on LSA startup are located in “HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\OSConfig” registry key. Other packages can be loaded at runtime. When a new package is loaded a “[4610](event-4610.md): An authentication package has been loaded by the Local Security Authority” (typically for NTLM) or “[4622](event-4622.md): A security package has been loaded by the Local Security Authority” (typically for Kerberos) event is logged to indicate that a new package has been loaded along with the package name. The most common authentication packages are:
 
     -   **NTLM** – NTLM-family Authentication
 
@@ -231,7 +231,7 @@ More information: 
 
 -   **Transited Services** \[Type = UnicodeString\] \[Kerberos-only\]**:** the list of transmitted services. Transmitted services are populated if the logon was a result of a S4U (Service For User) logon process. S4U is a Microsoft extension to the Kerberos Protocol to allow an application service to obtain a Kerberos service ticket on behalf of a user – most commonly done by a front-end website to access an internal resource on behalf of a user. For more information about S4U, see 
 
--   **Package Name (NTLM only)** \[Type = UnicodeString\]**:** The name of the LAN Manager sub-package ([NTLM-family](https://msdn.microsoft.com/library/cc236627.aspx) protocol name) that was used during the logon attempt. Possible values are:
+-   **Package Name (NTLM only)** \[Type = UnicodeString\]**:** The name of the LAN Manager subpackage ([NTLM-family](https://msdn.microsoft.com/library/cc236627.aspx) protocol name) that was used during the logon attempt. Possible values are:
 
     -   “NTLM V1”
 
@@ -241,7 +241,7 @@ More information: 
 
         Only populated if “**Authentication Package” = “NTLM”**.
 
--   **Key Length** \[Type = UInt32\]**:** the length of [NTLM Session Security](https://msdn.microsoft.com/library/cc236650.aspx) key. Typically it has 128 bit or 56 bit length. This parameter is always 0 if “**Authentication Package” = “Kerberos”**, because it is not applicable for Kerberos protocol. This field will also have “0” value if Kerberos was negotiated using **Negotiate** authentication package.
+-   **Key Length** \[Type = UInt32\]**:** the length of [NTLM Session Security](https://msdn.microsoft.com/library/cc236650.aspx) key. Typically, it has a length of 128 bits or 56 bits. This parameter is always 0 if **"Authentication Package" = "Kerberos"**, because it is not applicable for Kerberos protocol. This field will also have “0” value if Kerberos was negotiated using **Negotiate** authentication package.
 
 ## Security Monitoring Recommendations
 
@@ -264,9 +264,9 @@ For 4625(F): An account failed to log on.
 
 -   If you have a high-value domain or local account for which you need to monitor every lockout, monitor all [4625](event-4625.md) events with the **“Subject\\Security ID”** that corresponds to the account.
 
--   We recommend monitoring all [4625](event-4625.md) events for local accounts, because these accounts typically should not be locked out. This is especially relevant for critical servers, administrative workstations, and other high value assets.
+-   We recommend monitoring all [4625](event-4625.md) events for local accounts, because these accounts typically should not be locked out. Monitoring is especially relevant for critical servers, administrative workstations, and other high-value assets.
 
--   We recommend monitoring all [4625](event-4625.md) events for service accounts, because these accounts should not be locked out or prevented from functioning. This is especially relevant for critical servers, administrative workstations, and other high value assets.
+-   We recommend monitoring all [4625](event-4625.md) events for service accounts, because these accounts should not be locked out or prevented from functioning. Monitoring is especially relevant for critical servers, administrative workstations, and other high value assets.
 
 -   If your organization restricts logons in the following ways, you can use this event to monitor accordingly:
 
@@ -286,15 +286,15 @@ For 4625(F): An account failed to log on.
 
     |  Field                                                                         | Value to monitor for                                                                                                                                                                                |
     |----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.” 
      This is typically not a security issue but it can be an infrastructure or availability issue. |
-    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”. 
      Especially if you get a number of these in a row, it can be a sign of user enumeration attack.                             |
+    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.” 
      This issue is typically not a security issue, but it can be an infrastructure or availability issue. |
+    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”. 
      Especially if you get several of these events in a row, it can be a sign of a user enumeration attack.                             |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC000006A – “User logon with misspelled or bad password” for critical accounts or service accounts. 
      Especially watch for a number of such events in a row.                               |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC000006D – “This is either due to a bad username or authentication information” for critical accounts or service accounts. 
      Especially watch for a number of such events in a row.       |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC000006F – “User logon outside authorized hours”.                                                                                                                                                 |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC0000070 – “User logon from unauthorized workstation”.                                                                                                                                            |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC0000072 – “User logon to account disabled by administrator”.                                                                                                                                     |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC000015B – “The user has not been granted the requested logon type (aka logon right) at this machine”.                                                                                            |
-    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”. 
      This is typically not a security issue but it can be an infrastructure or availability issue.      |
+    | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC0000192 – “An attempt was made to logon, but the Netlogon service was not started”. 
      This issue is typically not a security issue but it can be an infrastructure or availability issue.      |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0xC0000193 – “User logon with expired account”.                                                                                                                                                     |
     | **Failure Information\\Status** or 
      **Failure Information\\Sub Status** | 0XC0000413 – “Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine”.                     |
 
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index 15199dbda5..dc84c4c3d6 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -30,7 +30,7 @@ This event generates every time that a backup is attempted for the [DPAPI](https
 
 When a computer is a member of a domain, DPAPI has a backup mechanism to allow unprotection of the data. When a Master Key is generated, DPAPI communicates with a domain controller. Domain controllers have a domain-wide public/private key pair, associated solely with DPAPI. The local DPAPI client gets the domain controller public key from a domain controller by using a mutually authenticated and privacy protected RPC call. The client encrypts the Master Key with the domain controller public key. It then stores this backup Master Key along with the Master Key protected by the user's password.
 
-Periodically, a domain-joined machine will try to send an RPC request to a domain controller to back up the user’s master key so that the user can recover secrets in case his or her password has to be reset. Although the user's keys are stored in the user profile, a domain controller must be contacted to encrypt the master key with a domain recovery key.
+Periodically, a domain-joined machine tries to send an RPC request to a domain controller to back up the user’s master key so that the user can recover secrets in case their password has to be reset. Although the user's keys are stored in the user profile, a domain controller must be contacted to encrypt the master key with a domain recovery key.
 
 This event also generates every time a new DPAPI Master Key is generated, for example.
 
@@ -91,7 +91,7 @@ Failure event generates when a Master Key backup operation fails for some reason
 
 -   **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested backup operation.
 
--   **Account Domain** \[Type = UnicodeString\]**:** subject’s domain or computer name. Formats vary, and include the following:
+-   **Account Domain** \[Type = UnicodeString\]**:** subject’s domain or computer name. Here are some examples of formats:
 
     -   Domain NETBIOS name example: CONTOSO
 
@@ -107,17 +107,17 @@ Failure event generates when a Master Key backup operation fails for some reason
 
 **Key Information:**
 
--   **Key Identifier** \[Type = UnicodeString\]: unique identifier of a master key which backup was created. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is it’s ID.
+-   **Key Identifier** \[Type = UnicodeString\]: unique identifier of a master key which backup was created. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is its ID.
 
 -   **Recovery Server** \[Type = UnicodeString\]: the name (typically – DNS name) of the computer that you contacted to back up your Master Key. For domain joined machines, it’s typically a name of a domain controller. This parameter might not be captured in the event, and in that case will be empty.
 
--   **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates a RSA public/private key pair, which is the recovery key. In this field you will see unique Recovery key ID which was used for Master key backup operation.
+-   **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates an RSA public/private key pair, which is the recovery key. In this field, you will see unique Recovery key ID that was used for Master key backup operation.
 
-    For Failure events this field is typically empty.
+    For Failure events, this field is typically empty.
 
 **Status Information:**
 
--   **Status Code** \[Type = HexInt32\]**:** hexadecimal unique status code of performed operation. For Success events this field is typically “**0x0**”. To see the meaning of status code you need to convert it to decimal value and us “**net helpmsg STATUS\_CODE**” command to see the description for specific STATUS\_CODE. Here is an example of “net helpmsg” command output for status code 0x3A:
+-   **Status Code** \[Type = HexInt32\]**:** hexadecimal unique status code of performed operation. For Success events, this field is typically “**0x0**”. To see the meaning of status code you need to convert it to decimal value and us “**net helpmsg STATUS\_CODE**” command to see the description for specific STATUS\_CODE. Here is an example of “net helpmsg” command output for status code 0x3A:
 
 > \[Net helpmsg 58 illustration](..images/net-helpmsg-58.png)
 
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index af44f02711..9c6cb7f55a 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -26,7 +26,7 @@ ms.author: dansimp
 
 ***Event Description:***
 
-This event generates every time the Key Distribution Center fails to issue a Kerberos Ticket Granting Ticket (TGT). This can occur when a domain controller doesn’t have a certificate installed for smart card authentication (for example, with a “Domain Controller” or “Domain Controller Authentication” template), the user’s password has expired, or the wrong password was provided.
+This event generates every time the Key Distribution Center fails to issue a Kerberos Ticket Granting Ticket (TGT). This problem can occur when a domain controller doesn’t have a certificate installed for smart card authentication (for example, with a “Domain Controller” or “Domain Controller Authentication” template), the user’s password has expired, or the wrong password was provided.
 
 This event generates only on domain controllers.
 
@@ -103,7 +103,7 @@ This event is not generated if “Do not require Kerberos preauthentication” o
 
 **Network Information:**
 
--   **Client Address** \[Type = UnicodeString\]**:** IP address of the computer from which the TGT request was received. Formats vary, and include the following:
+-   **Client Address** \[Type = UnicodeString\]**:** IP address of the computer from which the TGT request was received. Here are some examples of formats:
 
     -   **IPv6** or **IPv4** address.
 
@@ -117,7 +117,7 @@ This event is not generated if “Do not require Kerberos preauthentication” o
 
 **Additional Information:**
 
--   **Ticket Options**: \[Type = HexInt32\]: this is a set of different Ticket Flags in hexadecimal format.
+-   **Ticket Options**: \[Type = HexInt32\]: this set of different Ticket Flags is in hexadecimal format.
 
     Example:
 
@@ -125,7 +125,7 @@ This event is not generated if “Do not require Kerberos preauthentication” o
 
     -   Binary view: 01000000100000010000000000010000
 
-    -   Using **MSB 0** bit numbering we have bit 1, 8, 15 and 27 set = Forwardable, Renewable, Canonicalize, Renewable-ok.
+    -   Using **MSB 0**-bit numbering, we have bit 1, 8, 15 and 27 set = Forwardable, Renewable, Canonicalize, Renewable-ok.
 
 > **Note**  In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left.
      MSB illustration
 
@@ -146,15 +146,15 @@ The most common values:
 | 4     | Proxy                    | Indicates that the network address in the ticket is different from the one in the TGT used to obtain the ticket.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
 | 5     | Allow-postdate           | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
 | 6     | Postdated                | Postdated tickets SHOULD NOT be supported in [KILE](https://msdn.microsoft.com/library/cc233855.aspx) (Microsoft Kerberos Protocol Extension).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
-| 7     | Invalid                  | This flag indicates that a ticket is invalid, and it must be validated by the KDC before use. Application servers must reject tickets which have this flag set.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+| 7     | Invalid                  | This flag indicates that a ticket is invalid, and it must be validated by the KDC before use. Application servers must reject tickets that have this flag set.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
 | 8     | Renewable                | Used in combination with the End Time and Renew Till fields to cause tickets with long life spans to be renewed at the KDC periodically.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
 | 9     | Initial                  | Indicates that a ticket was issued using the authentication service (AS) exchange and not issued based on a TGT.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
 | 10    | Pre-authent              | Indicates that the client was authenticated by the KDC before a ticket was issued. This flag usually indicates the presence of an authenticator in the ticket. It can also flag the presence of credentials taken from a smart card logon.                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | 11    | Opt-hardware-auth        | This flag was originally intended to indicate that hardware-supported authentication was used during pre-authentication. This flag is no longer recommended in the Kerberos V5 protocol. KDCs MUST NOT issue a ticket with this flag set. KDCs SHOULD NOT preserve this flag if it is set by another KDC.                                                                                                                                                                                                                                                                                                                                                    |
 | 12    | Transited-policy-checked | KILE MUST NOT check for transited domains on servers or a KDC. Application servers MUST ignore the TRANSITED-POLICY-CHECKED flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | 13    | Ok-as-delegate           | The KDC MUST set the OK-AS-DELEGATE flag if the service account is trusted for delegation.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-| 14    | Request-anonymous        | KILE not use this flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
-| 15    | Name-canonicalize        | In order to request referrals the Kerberos client MUST explicitly request the "canonicalize" KDC option for the AS-REQ or TGS-REQ.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
+| 14    | Request-anonymous        | KILE does not use this flag.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
+| 15    | Name-canonicalize        | To request referrals, the Kerberos client MUST explicitly request the "canonicalize" KDC option for the AS-REQ or TGS-REQ.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | 16-25 | Unused                   | -                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | 26    | Disable-transited-check  | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
      the DISABLE-TRANSITED-CHECK option.
      Should not be in use, because Transited-policy-checked flag is not supported by KILE. |
 | 27    | Renewable-ok             | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server.                                                                                                                                                                                                                                                                           |
@@ -169,11 +169,11 @@ The most common values:
 
 | Code | Code Name                      | Description                                                  | Possible causes                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 |------|--------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted in order to get Domain Controller or Domain Controller Authentication certificates for the domain controller.
      It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates). |
+| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This problem can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted in order to get Domain Controller or Domain Controller Authentication certificates for the domain controller.
      It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates). |
 | 0x17 | KDC\_ERR\_KEY\_EXPIRED         | Password has expired—change password to reset                | The user’s password has expired.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x18 | KDC\_ERR\_PREAUTH\_FAILED      | Pre-authentication information was invalid                   | The wrong password was provided.                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 
--   **Pre-Authentication Type** \[Type = UnicodeString\]: the code of [pre-Authentication](https://technet.microsoft.com/library/cc772815(v=ws.10).aspx) type which was used in TGT request.
+-   **Pre-Authentication Type** \[Type = UnicodeString\]: the code of [pre-Authentication](https://technet.microsoft.com/library/cc772815(v=ws.10).aspx) type that was used in TGT request.
 
 
 ## Table 5. Kerberos Pre-Authentication types.
@@ -181,7 +181,7 @@ The most common values:
 | Type | Type Name              | Description                                                                                                                                                                                                                                                                                                                                                                                                      |
 |------|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 0    | -                      | Logon without Pre-Authentication.                                                                                                                                                                                                                                                                                                                                                                                |
-| 2    | PA-ENC-TIMESTAMP       | This is a normal type for standard password authentication.                                                                                                                                                                                                                                                                                                                                                      |
+| 2    | PA-ENC-TIMESTAMP       | This type is normal for standard password authentication.                                                                                                                                                                                                                                                                                                                                                      |
 | 11   | PA-ETYPE-INFO          | The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.
      Never saw this Pre-Authentication Type in Microsoft Active Directory environment.  |
 | 15   | PA-PK-AS-REP\_OLD      | Used for Smart Card logon authentication.                                                                                                                                                                                                                                                                                                                                                                        |
 | 16   | PA-PK-AS-REQ           | Request sent to KDC in Smart Card authentication scenarios.|
@@ -193,7 +193,7 @@ The most common values:
 
 **Certificate Information:**
 
-- **Certificate Issuer Name** \[Type = UnicodeString\]**:** the name of Certification Authority which issued smart card certificate. Populated in **Issued by** field in certificate. Always empty for [4771](event-4771.md) events.
+- **Certificate Issuer Name** \[Type = UnicodeString\]**:** the name of Certification Authority that issued smart card certificate. Populated in **Issued by** field in certificate. Always empty for [4771](event-4771.md) events.
 
 - **Certificate Serial Number** \[Type = UnicodeString\]**:** smart card certificate’s serial number. Can be found in **Serial number** field in the certificate. Always empty for [4771](event-4771.md) events.
 
@@ -208,14 +208,14 @@ For 4771(F): Kerberos pre-authentication failed.
 | **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
      Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“Security ID”** that corresponds to the high-value account or accounts.                                                              |
 | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours.                                                                                | When you monitor for anomalies or malicious actions, use the **“Security ID”** (with other information) to monitor how or when a particular account is being used. |
 | **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used.                                                                                                                                                                                     | Monitor this event with the **“Security ID”** that corresponds to the accounts that should never be used.                                                          |
-| **Account whitelist**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.                                                                                                                                                      | If this event corresponds to a “whitelist-only” action, review the **“Security ID”** for accounts that are outside the allow list.                                  |
+| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.                                                                                                                                                      | If this event corresponds to a “whitelist-only” action, review the **“Security ID”** for accounts that are outside the allow list.                                  |
 | **Account naming conventions**: Your organization might have specific naming conventions for account names.                                                                                                                                                                                                       | Monitor “**Subject\\Account Name”** for names that don’t comply with naming conventions.                                                                           |
 
 -   You can track all [4771](event-4771.md) events where the **Client Address** is not from your internal IP range or not from private IP ranges.
 
 -   If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4771](event-4771.md) events. If **Client Address** is not from the allow list, generate the alert.
 
--   All **Client Address** = ::1 means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** is not allowed to log on to any domain controller.
+-   All **Client Address** = ::1 means local authentication. If you know the list of accounts that should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** is not allowed to log on to any domain controller.
 
 -   All [4771](event-4771.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
 
@@ -227,5 +227,5 @@ For 4771(F): Kerberos pre-authentication failed.
 | **Pre-Authentication Type** | Value is **not 2** when only standard password authentication is in use in the organization. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types).                      |
 | **Pre-Authentication Type** | Value is **not 138** when Kerberos Armoring is enabled for all Kerberos communications in the organization. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types).       |
 | **Failure Code**             | **0x10** (KDC has no support for PADATA type (pre-authentication data)). This error can help you to more quickly identify smart-card related problems with Kerberos authentication.                                          |
-| **Failure Code**             | **0x18** ((Pre-authentication information was invalid), if you see, for example N events in last N minutes. This can be an indicator of brute-force attack on the account password, especially for highly critical accounts. |
+| **Failure Code**             | **0x18** ((Pre-authentication information was invalid), if you see, for example N events in last N minutes. This issue can indicate a brute-force attack on the account password, especially for highly critical accounts. |
 
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index deffae0186..a4906d1dbc 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -90,11 +90,11 @@ This event doesn't generate when Firewall rule was modified via Group Policy.
 
 -   **Rule ID** \[Type = UnicodeString\]: the unique identifier for modified firewall rule.
 
-    To see the unique ID of the rule you need to navigate to “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
+    To see the unique ID of the rule, navigate to the“**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
 
 Registry Editor FirewallRules key illustration
 
--   **Rule Name** \[Type = UnicodeString\]: the name of the rule which was modified. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
+-   **Rule Name** \[Type = UnicodeString\]: the name of the rule that was modified. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
 
 Windows Firewall with Advanced Security illustration
 
@@ -102,5 +102,5 @@ This event doesn't generate when Firewall rule was modified via Group Policy.
 
 For 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
 
--   This event can be helpful in case you want to monitor all Firewall rules modifications which were done locally.
+-   This event can be helpful in case you want to monitor all Firewall rules modifications that were done locally.
 
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index 0c705ce6cc..1e9dcd7898 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -93,11 +93,11 @@ It can happen if Windows Firewall rule registry entry was corrupted.
 
 -   **ID** \[Type = UnicodeString\]: the unique identifier for ignored firewall rule.
 
-    To see the unique ID of the rule you need to navigate to “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
+    To see the unique ID of the rule, navigate to the “**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules”** registry key and you will see the list of Windows Firewall rule IDs (Name column) with parameters:
 
 Registry Editor FirewallRules key illustration
 
--   **Name** \[Type = UnicodeString\]: the name of the rule which was ignored. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
+-   **Name** \[Type = UnicodeString\]: the name of the rule that was ignored. You can see the name of Windows Firewall rule using Windows Firewall with Advanced Security management console (**wf.msc**), check “Name” column:
 
 Windows Firewall with Advanced Security illustration
 
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index a675d79c58..96e278db56 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -20,7 +20,7 @@ ms.author: dansimp
 -   Windows Server 2016
 
 
-This event generates in CNG Self-Test function. This is a Cryptographic Next Generation (CNG) function.
+This event generates in CNG Self-Test function. This function is a Cryptographic Next Generation (CNG) function.
 
 For more information about Cryptographic Next Generation (CNG) visit these pages:
 
@@ -32,7 +32,7 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
 
 -   
 
-This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
+This event is mainly used for CNG troubleshooting.
 
 There is no example of this event in this document.
 
@@ -40,7 +40,7 @@ There is no example of this event in this document.
 
 ***Event Schema:***
 
-*A cryptographic self test was performed.*
+*A cryptographic self-test was performed.*
 
 *Subject:*
 
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 96344c475f..e24e71d924 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -1,6 +1,6 @@
 ---
 title: 5060(F) Verification operation failed. (Windows 10)
-description: Describes security event 5060(F) Verification operation failed. This event is generated in case of CNG verification operation failure.
+description: Describes security event 5060(F) Verification operation failed. This event is generated when the CNG verification operation fails.
 ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,9 +20,9 @@ ms.author: dansimp
 -   Windows Server 2016
 
 
-This event generates in case of CNG verification operation failure.
+This event generates when the Cryptographic Next Generation (CNG) verification operation fails.
 
-For more information about Cryptographic Next Generation (CNG) visit these pages:
+For more information about CNG, visit these pages:
 
 -   
 
@@ -32,7 +32,7 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
 
 -   
 
-This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
+This event is mainly used for CNG troubleshooting.
 
 There is no example of this event in this document.
 
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index a13a14a7de..ece1e4566d 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -128,9 +128,9 @@ This event is generated for every received network packet.
 
     -   127.0.0.1 , ::1 - localhost
 
--   **Destination Port** \[Type = UnicodeString\]**:** port number which was used from remote machine to send the packet.
+-   **Destination Port** \[Type = UnicodeString\]**:** port number that was used from remote machine to send the packet.
 
--   **Protocol** \[Type = UInt32\]: number of protocol which was used.
+-   **Protocol** \[Type = UInt32\]**:** number of the protocol that was used.
 
 | Service                                            | Protocol Number |
 |----------------------------------------------------|-----------------|
@@ -152,15 +152,15 @@ This event is generated for every received network packet.
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocked the packet.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that blocked the packet.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As result of this command **filters.xml** file will be generated. You need to open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
 
     Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command **wfpstate.xml** file will be generated. Open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 
@@ -168,7 +168,7 @@ This event is generated for every received network packet.
 
 For 5152(F): The Windows Filtering Platform blocked a packet.
 
--   If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
+-   If you have a pre-defined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
 
 -   You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
 
@@ -178,13 +178,13 @@ For 5152(F): The Windows Filtering Platform blocked a packet.
 
 -   If the computer or device should not have access to the Internet, or contains only applications that don’t connect to the Internet, monitor for [5152](event-5152.md) events where **Destination Address** is an IP address from the Internet (not from private IP ranges).
 
--   If you know that the computer should never contact or be contacted by certain network IP addresses, monitor for these addresses in “**Destination Address**.”
+-   If you know that the computer should never contact or should never be contacted by certain network IP addresses, monitor for these addresses in **Destination Address**.
 
--   If you have an allow list of IP addresses that the computer or device is expected to contact or be contacted by, monitor for IP addresses in **“Destination Address”** that are not in the allow list.
+-   If you have an allow list of IP addresses that the computer or device is expected to contact or to be contacted by, monitor for IP addresses in **“Destination Address”** that are not in the allow list.
 
 -   If you need to monitor all inbound connections to a specific local port, monitor for [5152](event-5152.md) events with that “**Source Port**.**”**
 
--   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or compter, for example, anything other than 1, 6, or 17.
+-   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or computer, for example, anything other than 1, 6, or 17.
 
 -   If the computer’s communication with “**Destination Address”** should always use a specific “**Destination Port**,**”** monitor for any other “**Destination Port**.”
 
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index f66366168d..b464c877d6 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -75,7 +75,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 **Application Information**:
 
--   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to listen on the port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+-   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that was permitted to listen on the port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
 
     Task manager illustration
 
@@ -103,7 +103,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
     -   127.0.0.1 , ::1 - localhost
 
--   **Source Port** \[Type = UnicodeString\]: source TCP\\UDP port number which was requested for listening by application.
+-   **Source Port** \[Type = UnicodeString\]: source TCP\\UDP port number that was requested for listening by application.
 
 -   **Protocol** \[Type = UInt32\]: protocol number. For example:
 
@@ -115,15 +115,15 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which allows application to listen on the specific port. By default Windows firewall won't prevent a port from being listened by an application and if this application doesn’t match any filters you will get value **0** in this field.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that allows application to listen on the specific port. By default Windows firewall won't prevent a port from being listened by an application and if this application doesn’t match any filters you will get value **0** in this field.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As result of this command **filters.xml** file will be generated. You need to open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
 
 Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command, the **wfpstate.xml** file will be generated. Open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 
@@ -131,7 +131,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 For 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 
--   If you have a “whitelist” of applications that are associated with certain operating systems or server roles, and that are expected to listen on specific ports, monitor this event for **“Application Name”** and other relevant information.
+-   If you have an “allow list” of applications that are associated with certain operating systems or server roles, and that are expected to listen on specific ports, monitor this event for **“Application Name”** and other relevant information.
 
 -   If a certain application is allowed to listen only on specific port numbers, monitor this event for **“Application Name”** and **“Network Information\\Source Port**.**”**
 
@@ -139,7 +139,7 @@ For 5154(S): The Windows Filtering Platform has permitted an application or serv
 
 -   If a certain application is allowed to use only TCP or UDP protocols, monitor this event for **“Application Name”** and the protocol number in **“Network Information\\Protocol**.**”**
 
--   If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
+-   If you have a predefined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
 
 -   You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
 
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index 6a97371b47..d44b9a921f 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -80,7 +80,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 **Application Information**:
 
--   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which received the connection. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+-   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that received the connection. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
 
     Task manager illustration
 
@@ -130,7 +130,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 -   **Destination Port** \[Type = UnicodeString\]**:** port number where the connection was received.
 
--   **Protocol** \[Type = UInt32\]: number of protocol which was used.
+-   **Protocol** \[Type = UInt32\]: number of the protocol that was used.
 
 | Service                                            | Protocol Number |
 |----------------------------------------------------|-----------------|
@@ -152,15 +152,15 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which allowed the connection.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that allowed the connection.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As result of this command **filters.xml** file will be generated. You need to open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
 
 Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command, the **wfpstate.xml** file will be generated. Open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 
@@ -168,7 +168,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 For 5156(S): The Windows Filtering Platform has permitted a connection.
 
--   If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
+-   If you have a predefined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
 
 -   You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
 
@@ -178,9 +178,9 @@ For 5156(S): The Windows Filtering Platform has permitted a connection.
 
 -   If the computer or device should not have access to the Internet, or contains only applications that don’t connect to the Internet, monitor for [5156](event-5156.md) events where “**Destination Address”** is an IP address from the Internet (not from private IP ranges).
 
--   If you know that the computer should never contact or be contacted by certain network IP addresses, monitor for these addresses in “**Destination Address**.**”**
+-   If you know that the computer should never contact or should never be contacted by certain network IP addresses, monitor for these addresses in “**Destination Address**.**”**
 
--   If you have an allow list of IP addresses that the computer or device is expected to contact or be contacted by, monitor for IP addresses in “**Destination Address”** that are not in the allow list.
+-   If you have an allow list of IP addresses that the computer or device is expected to contact or to be contacted by, monitor for IP addresses in “**Destination Address”** that are not in the allow list.
 
 -   If you need to monitor all inbound connections to a specific local port, monitor for [5156](event-5156.md) events with that “**Source Port**.**”**
 
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index f35e1cf804..88bc5b1315 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -128,9 +128,9 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
     -   127.0.0.1 , ::1 - localhost
 
--   **Destination Port** \[Type = UnicodeString\]**:** port number which was used from remote machine to initiate connection.
+-   **Destination Port** \[Type = UnicodeString\]**:** port number that was used from remote machine to initiate connection.
 
--   **Protocol** \[Type = UInt32\]: number of protocol which was used.
+-   **Protocol** \[Type = UInt32\]: number of the protocol that was used.
 
 | Service                                            | Protocol Number |
 |----------------------------------------------------|-----------------|
@@ -152,15 +152,15 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocked the connection.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that blocked the connection.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As result of this command **filters.xml** file will be generated. You need to open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
 
     Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command, the **wfpstate.xml** file will be generated. Open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 
@@ -168,7 +168,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
 
 For 5157(F): The Windows Filtering Platform has blocked a connection.
 
--   If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
+-   If you have a predefined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
 
 -   You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
 
@@ -178,13 +178,13 @@ For 5157(F): The Windows Filtering Platform has blocked a connection.
 
 -   If the\` computer or device should not have access to the Internet, or contains only applications that don’t connect to the Internet, monitor for [5157](event-5157.md) events where “**Destination Address”** is an IP address from the Internet (not from private IP ranges).
 
--   If you know that the computer should never contact or be contacted by certain network IP addresses, monitor for these addresses in “**Destination Address**.**”**
+-   If you know that the computer should never contact or should never be contacted by certain network IP addresses, monitor for these addresses in “**Destination Address**.**”**
 
--   If you have an allow list of IP addresses that the computer or device is expected to contact or be contacted by, monitor for IP addresses in “**Destination Address”** that are not in the allow list.
+-   If you have an allow list of IP addresses that the computer or device is expected to contact or to be contacted by, monitor for IP addresses in “**Destination Address”** that are not in the allow list.
 
 -   If you need to monitor all inbound connections to a specific local port, monitor for [5157](event-5157.md) events with that “**Source Port**.**”**
 
--   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or compter, for example, anything other than 1, 6, or 17.
+-   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or computer, for example, anything other than 1, 6, or 17.
 
 -   If the computer’s communication with “**Destination Address”** should always use a specific “**Destination Port**,**”** monitor for any other “**Destination Port**.”
 
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index 55dd4c04da..76bb82efef 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -75,7 +75,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 **Application Information**:
 
--   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+-   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
 
     Task manager illustration
 
@@ -107,7 +107,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 -   **Source Port** \[Type = UnicodeString\]**:** port number which application was bind.
 
--   **Protocol** \[Type = UInt32\]: number of protocol which was used.
+-   **Protocol** \[Type = UInt32\]: number of the protocol that was used.
 
 | Service                                            | Protocol Number |
 |----------------------------------------------------|-----------------|
@@ -129,15 +129,15 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which allows application to bind the port. By default Windows firewall won't prevent a port from being binded by an application and if this application doesn’t match any filters you will get value 0 in this field.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that allows the application to bind the port. By default, Windows firewall won't prevent a port from being bound by an application. If this application doesn’t match any filters, you will get value 0 in this field.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As result of this command **filters.xml** file will be generated. You need to open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find specific substring with required filter ID (**<filterId>**)**,** for example:
 
     Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command, the **wfpstate.xml** file will be generated. Open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 
@@ -145,7 +145,7 @@ This event generates every time [Windows Filtering Platform](https://msdn.micros
 
 For 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
 
--   If you have a pre-defined application which should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
+-   If you have a predefined application that should be used to perform the operation that was reported by this event, monitor events with “**Application**” not equal to your defined application.
 
 -   You can monitor to see if “**Application**” is not in a standard folder (for example, not in **System32** or **Program Files**) or is in a restricted folder (for example, **Temporary Internet Files**).
 
@@ -155,7 +155,7 @@ For 5158(S): The Windows Filtering Platform has permitted a bind to a local port
 
 -   If you need to monitor all actions with a specific local port, monitor for [5158](event-5158.md) events with that “**Source Port.”**
 
--   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or compter, for example, anything other than 6 or 17.
+-   Monitor for all connections with a “**Protocol Number”** that is not typical for this device or computer, for example, anything other than 6 or 17.
 
 -   If the computer’s communication with “**Destination Address”** should always use a specific “**Destination Port**,**”** monitor for any other “**Destination Port**.”
 
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index 998321eae5..460e244dd8 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -73,7 +73,7 @@ This event is logged if the Windows Filtering Platform has blocked a bind to a l
 
 **Application Information**:
 
--   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+-   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
 
     Task manager illustration
 
@@ -127,15 +127,15 @@ This event is logged if the Windows Filtering Platform has blocked a bind to a l
 
 **Filter Information:**
 
--   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding by an application, and if this application doesn’t match any filters, you will get value 0 in this field.
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID that blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding by an application, and if this application doesn’t match any filters, you will get value 0 in this field.
 
-    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As a result of this command, **filters.xml** file will be generated. You need to open this file and find the specific substring with the required filter ID (**<filterId>**)**,** for example:
+    To find a specific Windows Filtering Platform filter by ID, run the following command: **netsh wfp show filters**. As a result of this command, the **filters.xml** file will be generated. Open this file and find the specific substring with the required filter ID (**<filterId>**)**,** for example:
 
     Filters.xml file illustration
 
 -   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
 
--   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, run the following command: **netsh wfp show state**. As a result of this command, the **wfpstate.xml** file will be generated. Open this file and find the specific substring with the required layer ID (**<layerId>**)**,** for example:
 
 Wfpstate xml illustration
 

From 16887b53262ee46cda30b276733a03b66fa32dc7 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 12:02:07 -0700
Subject: [PATCH 79/92] acrolinx fixes

---
 .../how-to-list-xml-elements-in-eventdata.md     | 16 ++++++++--------
 .../portal-submission-troubleshooting.md         |  6 +++---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
index 0762f04322..58bd7574f2 100644
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -1,6 +1,6 @@
 ---
 title: How to get a list of XML data name elements in  (Windows 10)
-description: This reference topic for the IT professional explains how to use PowerShell to get a list of XML data name elements that can appear in .
+description: This reference article for the IT professional explains how to use PowerShell to get a list of XML data name elements that can appear in .
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -20,15 +20,15 @@ ms.author: dansimp
 
 The Security log uses a manifest where you can get all of the event schema.
 
-Run the following from an elevated PowerShell prompt:
+Run the following command from an elevated PowerShell prompt:
 
 ```powershell
 $secEvents = get-winevent -listprovider "microsoft-windows-security-auditing"
 ```
 
-The .events property is a collection of all of the events listed in the manifest on the local machine.
+The `.events` property is a collection of all of the events listed in the manifest on the local machine.
 
-For each event, there is a .Template property for the XML template used for the event properties (if there are any).
+For each event, there is a `.Template` property for the XML template used for the event properties (if there are any).
 
 For example:
 
@@ -90,7 +90,7 @@ PS C:\WINDOWS\system32> $SecEvents.events[100].Template
 
 You can use the <Template> and <Description> to map the data name elements that appear in XML view to the names that appear in the event description.
 
-The <Description> is just the format string (if you’re used to Console.Writeline or sprintf statements) and the <Template> is the source of the input parameters for the <Description>.
+The <Description> is just the format string (if you’re used to `Console.Writeline` or `sprintf` statements), and the <Template> is the source of the input parameters for the <Description>.
 
 Using Security event 4734 as an example:
 
@@ -124,9 +124,9 @@ Description : A security-enabled local group was deleted.
 
 ```
 
-For the **Subject: Security Id:** text element, it will use the fourth element in the Template, **SubjectUserSid**.
+For the **Subject: Security ID:** text element, it will use the fourth element in the Template, **SubjectUserSid**.
 
-For **Additional Information Privileges:**, it would use the eighth element **PrivilegeList**.
+For **Additional Information Privileges:**, it would use the eighth element, **PrivilegeList**.
 
-A caveat to this is an oft-overlooked property of events called Version (in the <SYSTEM> element) that indicates the revision of the event schema and description. Most events have 1 version (all events have Version =0 like the Security/4734 example) but a few events like Security/4624 or Security/4688 have at least 3 versions (versions 0, 1, 2) depending on the OS version where the event is generated. Only the latest version is used for generating events in the Security log. In any case, the Event Version where the Template is taken from should use the same Event Version for the Description.
+A caveat to this principle is an often overlooked property of events called Version (in the <SYSTEM> element) that indicates the revision of the event schema and description. Most events have one version (all events have Version =0 like the Security/4734 example) but a few events like Security/4624 or Security/4688 have at least three versions (versions 0, 1, 2) depending on the OS version where the event is generated. Only the latest version is used for generating events in the Security log. In any case, the Event Version where the Template is taken from should use the same Event Version for the Description.
 
diff --git a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
index df44f6142a..71d4c9d78c 100644
--- a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
+++ b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
@@ -17,14 +17,14 @@ search.appverid: met150
 ---
 
 # Troubleshooting malware submission errors caused by administrator block
-In some instances, an administrator block might cause submission issues when you try to submit a potentially infected file to the [Microsoft Security intelligence website](https://www.microsoft.com/wdsi) for analysis. The following process shows how to resolve this.
+In some instances, an administrator block might cause submission issues when you try to submit a potentially infected file to the [Microsoft Security intelligence website](https://www.microsoft.com/wdsi) for analysis. The following process shows how to resolve this problem.
 
 ## Review your settings
 Open your Azure [Enterprise application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/). Under **Enterprise Applications** >  **Users can consent to apps accessing company data on their behalf**, check whether Yes or No is selected.
 
-- If this is set to **No**,  an AAD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with AAD, users might be able to submit a request right from the same dialog box. If there’s no option to ask for admin consent,  users need to request for these permissions to be added to their AAD admin. Go to the following section for more information.
+- If **No** is selected, an Azure AD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with Azure AD, users might be able to submit a request right from the same dialog box. If there’s no option to ask for admin consent,  users need to request for these permissions to be added to their Azure AD admin. Go to the following section for more information.
 
-- It this is set to **Yes**, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign-in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If this is set to **No** you'll need to request an AAD admin enable it. 
+- If **Yes** is selected, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If this is set to **No** you'll need to request an Azure AD admin enable it. 
   
 ## Implement Required Enterprise Application permissions 
 This process requires a global or application admin in the tenant.

From 69c0dc05d1b7e21b0d7957bba5f76bad76cc0771 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Wed, 4 Nov 2020 11:56:51 -0800
Subject: [PATCH 80/92] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index a89853180f..8facb0d850 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -50,7 +50,7 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 
 (1)  On Windows Server 2016 or 2019, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-microsoft-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine.
 
-If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
+If you are using Windows Server, version 1803 or Windows Server 2019, you can enable passive mode by setting this registry key:
 - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
 - Name: ForceDefenderPassiveMode
 - Type: REG_DWORD
@@ -78,7 +78,7 @@ The following table summarizes the functionality and features that are available
 
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
 - In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
-- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
+- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items.
 - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated.
 
 ## Keep the following points in mind

From f248872c9b4861a1d92ea8a945899fe6280fcab2 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 14:39:19 -0700
Subject: [PATCH 81/92] acrolinx fixes

---
 .../portal-submission-troubleshooting.md      | 16 +++----
 .../microsoft-defender-atp/android-terms.md   | 43 +++++++++----------
 ...endpoint-detection-response-mac-preview.md | 10 ++---
 ...defender-smartscreen-available-settings.md |  4 +-
 ...-credential-manager-as-a-trusted-caller.md | 12 +++---
 .../account-lockout-threshold.md              | 18 ++++----
 ...the-use-of-backup-and-restore-privilege.md |  8 ++--
 .../back-up-files-and-directories.md          | 24 +++++------
 .../create-a-pagefile.md                      |  2 +-
 .../create-symbolic-links.md                  | 14 +++---
 .../debug-programs.md                         |  2 +-
 .../deny-log-on-as-a-batch-job.md             | 12 +++---
 .../deny-log-on-as-a-service.md               |  8 ++--
 ...roller-ldap-server-signing-requirements.md | 10 ++---
 .../force-shutdown-from-a-remote-system.md    |  8 ++--
 15 files changed, 95 insertions(+), 96 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
index 71d4c9d78c..bd1b4f57e7 100644
--- a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
+++ b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
@@ -24,15 +24,15 @@ Open your Azure [Enterprise application settings](https://portal.azure.com/#blad
 
 - If **No** is selected, an Azure AD administrator for the customer tenant will need to provide consent for the organization. Depending on the configuration with Azure AD, users might be able to submit a request right from the same dialog box. If there’s no option to ask for admin consent,  users need to request for these permissions to be added to their Azure AD admin. Go to the following section for more information.
 
-- If **Yes** is selected, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If this is set to **No** you'll need to request an Azure AD admin enable it. 
+- If **Yes** is selected, ensure the Windows Defender Security Intelligence app setting **Enabled for users to sign in?** is set to **Yes** [in Azure](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). If **No** is selected, you'll need to request an Azure AD admin enable it. 
   
 ## Implement Required Enterprise Application permissions 
 This process requires a global or application admin in the tenant.
  1. Open [Enterprise Application settings](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/4a918a14-4069-4108-9b7d-76486212d75d). 
- 2. Click **Grant admin consent for organization**.
- 3. If you're able to do so, Review the API permissions required for this application. This should be exactly the same as in the following image. Provide consent for the tenant.
+ 2. Select **Grant admin consent for organization**.
+ 3. If you're able to do so, review the API permissions required for this application, as the following image shows. Provide consent for the tenant.
 
-   ![grant consent image](images/msi-grant-admin-consent.jpg)
+    ![grant consent image](images/msi-grant-admin-consent.jpg)
 
   4. If the administrator receives an error while attempting to provide consent manually, try either [Option 1](#option-1-approve-enterprise-application-permissions-by-user-request) or [Option 2](#option-2-provide-admin-consent-by-authenticating-the-application-as-an-admin) as possible workarounds.
   
@@ -59,15 +59,15 @@ This process requires that global admins go through the Enterprise customer sign
 
 ![Consent sign in flow](images/msi-microsoft-permission-required.jpg)
 
-Then, admins review the permissions and make sure to select **Consent on behalf of your organization**, and click **Accept**.
+Then, admins review the permissions and make sure to select **Consent on behalf of your organization**, and then select **Accept**.
 
 All users in the tenant will now be able to use this application.
 
-## Option 3: Delete and re-add app permissions
+## Option 3: Delete and readd app permissions
 If neither of these options resolve the issue, try the following steps (as an admin):
 
 1. Remove previous configurations for the application. Go to [Enterprise applications](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Properties/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/982e94b2-fea9-4d1f-9fca-318cda92f90b)
-and click **delete**.
+and select **delete**.
 
    ![Delete app permissions](images/msi-properties.png)
 
@@ -78,7 +78,7 @@ and click **delete**.
 
    ![Permissions needed](images/msi-microsoft-permission-requested-your-organization.png)
 
-4. Review the permissions required by the application, and then click **Accept**. 
+4. Review the permissions required by the application, and then select **Accept**. 
 
 5. Confirm the permissions are applied in the [Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ManagedAppMenuBlade/Permissions/appId/f0cf43e5-8a9b-451c-b2d5-7285c785684d/objectId/ce60a464-5fca-4819-8423-bcb46796b051).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
index 0d6e8dcd1c..03ef3030af 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
@@ -52,7 +52,7 @@ DO NOT USE THE APPLICATION.**
 1.  **INSTALLATION AND USE RIGHTS.**
 
     1.  **Installation and Use.** You may install and use any number of copies
-        of this application on Android enabled device or devices which you own
+        of this application on Android enabled device or devices that you own
         or control. You may use this application with your company's valid
         subscription of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) or
         an online service that includes MDATP functionalities.
@@ -60,13 +60,13 @@ DO NOT USE THE APPLICATION.**
     2.  **Updates.** Updates or upgrades to MDATP may be required for full
         functionality. Some functionality may not be available in all countries.
 
-    3.  **Third Party Programs.** The application may include third party
+    3.  **Third-Party Programs.** The application may include third-party
         programs that Microsoft, not the third party, licenses to you under this
         agreement. Notices, if any, for the third-party program are included for
         your information only.
 
 2.  **INTERNET ACCESS MAY BE REQUIRED.** You may incur charges related to
-    Internet access, data transfer and other services per the terms of the data
+    Internet access, data transfer, and other services per the terms of the data
     service plan and any other agreement you have with your network operator due
     to use of the application. You are solely responsible for any network
     operator charges.
@@ -92,21 +92,21 @@ DO NOT USE THE APPLICATION.**
             improve Microsoft products and services and enhance your experience.
             You may limit or control collection of some usage and performance
             data through your device settings. Doing so may disrupt your use of
-            certain features of the application. For additional information on
-            Microsoft's data collection and use, see the [Online Services
+            certain features of the application. For more information about
+            Microsoft data collection and use, see the [Online Services
             Terms](https://go.microsoft.com/fwlink/?linkid=2106777).
 
     2.  Misuse of Internet-based Services. You may not use any Internet-based
         service in any way that could harm it or impair anyone else's use of it
         or the wireless network. You may not use the service to try to gain
-        unauthorized access to any service, data, account or network by any
+        unauthorized access to any service, data, account, or network by any
         means.
 
 4.  **FEEDBACK.** If you give feedback about the application to Microsoft, you
-    give to Microsoft, without charge, the right to use, share and commercialize
+    give to Microsoft, without charge, the right to use, share, and commercialize
     your feedback in any way and for any purpose. You also give to third
     parties, without charge, any patent rights needed for their products,
-    technologies and services to use or interface with any specific parts of a
+    technologies, and services to use or interface with any specific parts of a
     Microsoft software or service that includes the feedback. You will not give
     feedback that is subject to a license that requires Microsoft to license its
     software or documentation to third parties because we include your feedback
@@ -130,35 +130,34 @@ DO NOT USE THE APPLICATION.**
 
     -   publish the application for others to copy;
 
-    -   rent, lease or lend the application; or
+    -   rent, lease, or lend the application; or
 
     -   transfer the application or this agreement to any third party.
 
 6.  **EXPORT RESTRICTIONS.** The application is subject to United States export
     laws and regulations. You must comply with all domestic and international
     export laws and regulations that apply to the application. These laws
-    include restrictions on destinations, end users and end use. For additional
+    include restrictions on destinations, end users, and end use. For more
     information,
-    see[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
+    see [www.microsoft.com/exporting](https://www.microsoft.com/exporting).
 
 7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
     provide support services for it. If you have any issues or questions about
     your use of this application, including questions about your company's
-    privacy policy, please contact your company's admin. Do not contact the
+    privacy policy, contact your company's admin. Do not contact the
     application store, your network operator, device manufacturer, or Microsoft.
     The application store provider has no obligation to furnish support or
     maintenance with respect to the application.
 
 8.  **APPLICATION STORE.**
 
-    1.  If you obtain the application through an application store (e.g., Google
-        Play), please review the applicable application store terms to ensure
+    1.  If you obtain the application through an application store (for example, Google
+        Play), review the applicable application store terms to ensure
         your download and use of the application complies with such terms.
-        Please note that these Terms are between you and Microsoft and not with
+        Note that these Terms are between you and Microsoft and not with
         the application store.
 
-    2.  The respective application store provider and its subsidiaries are third
-        party beneficiaries of these Terms, and upon your acceptance of these
+    2.  The respective application store provider and its subsidiaries are third-party beneficiaries of these Terms, and upon your acceptance of these
         Terms, the application store provider(s) will have the right to directly
         enforce and rely upon any provision of these Terms that grants them a
         benefit or rights.
@@ -213,20 +212,20 @@ DO NOT USE THE APPLICATION.**
 This limitation applies to:
 
 -   anything related to the application, services, content (including code) on
-    third party Internet sites, or third party programs; and
+    third-party internet sites, or third-party programs; and
 
--   claims for breach of contract, warranty, guarantee or condition; consumer
+-   claims for breach of contract, warranty, guarantee, or condition; consumer
     protection; deception; unfair competition; strict liability, negligence,
-    misrepresentation, omission, trespass or other tort; violation of statute or
+    misrepresentation, omission, trespass, or other tort; violation of statute or
     regulation; or unjust enrichment; all to the extent permitted by applicable
     law.
 
 It also applies even if:
 
-a.  Repair, replacement or refund for the application does not fully compensate
+a.  Repair, replacement, or refund for the application does not fully compensate
     you for any losses; or
 
 b.  Covered Parties knew or should have known about the possibility of the
     damages.
 
-The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
+The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential, or other damages.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..f731a7af08 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -150,17 +150,17 @@ For versions earlier than 100.78.0, run:
 
 To get the latest version of the Microsoft Defender ATP for Mac, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
 
-To verify you are running the correct version, run ‘mdatp --health’ on the device.
+To verify you are running the correct version, run `mdatp --health` on the device.
 
 * The required version is 100.72.15 or later.
-* If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running ‘defaults read com.microsoft.autoupdate2’ from terminal.
-* To change update settings use documentation in [Update Office for Mac automatically](https://support.office.com/article/update-office-for-mac-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1).
+* If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running `defaults read com.microsoft.autoupdate2` from the terminal.
+* To change update settings, see [Update Office for Mac automatically](https://support.office.com/article/update-office-for-mac-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1).
 * If you are not using Office for Mac, download and run the AutoUpdate tool.
 
 ### A device still does not appear on Microsoft Defender Security Center
 
-After a successful deployment and onboarding of the correct version, check that the device has connectivity to the cloud service by running ‘mdatp --connectivity-test’.
+After a successful deployment and onboarding of the correct version, check that the device has connectivity to the cloud service by running `mdatp --connectivity-test`.
 
-* Check that you enabled the early preview flag. In terminal run “mdatp –health” and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”.
+* Check that you enabled the early preview flag. In the terminal, run `mdatp –health` and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”.
 
 If you followed the manual deployment instructions, you were prompted to enable Kernel Extensions. Pay attention to the “System Extension note” in the [manual deployment documentation](mac-install-manually.md#application-installation-macos-1015-and-older-versions) and use the “Manual Deployment” section in the [troubleshoot kernel extension documentation](mac-support-kext.md#manual-deployment).
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 263e076dda..9b9d8baad8 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -42,7 +42,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
       
-
+
@@ -160,7 +160,7 @@ For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser]
 
      
 

      Windows 10, version 2004:
      Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control      		
 Windows 10, version 1703:
      Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control      		
 Windows 10, version 1703This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

      This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.
      Important: Using a trustworthy browser helps ensure that these protections work as expected.
      		This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

       This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.
      Important: Using a trustworthy browser helps ensure that these protections work as expected.
      		
 
      
 
      
 Windows 10, version 2004:
      Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
      Windows 10, version 1703:
      Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen
      Windows 10, Version 1607 and earlier:
      Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen
      
 
 ## Recommended Group Policy and MDM settings for your organization
-By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
+By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this feature can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
 
 To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
 
diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
index 60fe8eaa5f..166698ea39 100644
--- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
@@ -1,6 +1,6 @@
 ---
 title: Access Credential Manager as a trusted caller (Windows 10)
-description: Describes best practices, security considerations and more for the security policy setting, Access Credential Manager as a trusted caller.
+description: Describes best practices, security considerations, and more for the security policy setting, Access Credential Manager as a trusted caller.
 ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88
 ms.reviewer: 
 ms.author: dansimp
@@ -22,11 +22,11 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management, and security considerations for the **Access Credential Manager as a trusted caller** security policy setting.
+This article describes the best practices, location, values, policy management, and security considerations for the **Access Credential Manager as a trusted caller** security policy setting.
 
 ## Reference
 
-The **Access Credential Manager as a trusted caller** policy setting is used by Credential Manager during backup and restore. No accounts should have this privilege because it is assigned only to the Winlogon service. Saved credentials of users may be compromised if this privilege is given to other entities.
+The **Access Credential Manager as a trusted caller** policy setting is used by Credential Manager during backup and restore. No accounts should have this privilege because it's assigned only to the Winlogon service. Saved credentials of users may be compromised if this privilege is given to other entities.
 
 Constant: SeTrustedCredManAccessPrivilege
 
@@ -37,7 +37,7 @@ Constant: SeTrustedCredManAccessPrivilege
 
 ### Best practices
 
--   Do not modify this policy setting from the default.
+-   Don't modify this policy setting from the default.
 
 ### Location
 
@@ -58,7 +58,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use
 
 This section describes features, tools, and guidance to help you manage this policy.
 
-A restart of the computer is not required for this policy setting to be effective.
+A restart of the computer isn't required for this policy setting to be effective.
 
 Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
 
@@ -82,7 +82,7 @@ If an account is given this user right, the user of the account may create an ap
 
 ### Countermeasure
 
-Do not define the **Access Credential Manager as a trusted caller** policy setting for any accounts besides Credential Manager.
+Don't define the **Access Credential Manager as a trusted caller** policy setting for any accounts besides Credential Manager.
 
 ### Potential impact
 
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index ab09ef2ca5..d9c2770ad4 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -39,7 +39,7 @@ It is possible to configure the following values for the **Account lockout thres
 -   A user-defined number from 0 through 999
 -   Not defined
 
-Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this topic.
+Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this article.
 
 ### Best practices
 
@@ -47,7 +47,7 @@ The threshold that you select is a balance between operational efficiency and se
 
 As with other account lockout settings, this value is more of a guideline than a rule or best practice because there is no "one size fits all." For more information, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
 
-Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
+Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this article.
  
 ### Location
 
@@ -76,13 +76,13 @@ None. Changes to this policy setting become effective without a computer restart
 
 ### Implementation considerations
 
-Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example:
+Implementation of this policy setting depends on your operational environment. Consider threat vectors, deployed operating systems, and deployed apps. For example:
 
--   The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats.
+-   The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. Set the account lockout threshold in consideration of the known and perceived risk of those threats.
 
 -   When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
 
--   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
+-   Not all apps that are used in your environment effectively manage how many times a user can attempt to sign in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
 
 For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). 
 
@@ -108,8 +108,8 @@ Because vulnerabilities can exist when this value is configured and when it is n
 
 -   Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met:
 
-    -   The password policy setting requires all users to have complex passwords of 8 or more characters.
-    -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
+    -   The password policy setting requires all users to have complex passwords of eight or more characters.
+    -   A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occurs in the environment.
     
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
@@ -121,9 +121,9 @@ Because vulnerabilities can exist when this value is configured and when it is n
 
 If this policy setting is enabled, a locked account is not usable until it is reset by an administrator or until the account lockout duration expires. Enabling this setting will likely generate a number of additional Help Desk calls.
 
-If you configure the **Account lockout threshold** policy setting to 0, there is a possibility that an malicious user's attempt to discover passwords with a brute force password attack might go undetected if a robust audit mechanism is not in place.
+If you configure the **Account lockout threshold** policy setting to 0, there is a possibility that a malicious user's attempt to discover passwords with a brute force password attack might go undetected if a robust audit mechanism is not in place.
 
-If you configure this policy setting to a number greater than 0, an attacker can easily lock any accounts for which the account name is known. This is especially dangerous considering that no credentials other than access to the network are necessary to lock the accounts.
+If you configure this policy setting to a number greater than 0, an attacker can easily lock any accounts for which the account name is known. This situation is especially dangerous considering that no credentials other than access to the network are necessary to lock the accounts.
 
 ## Related topics
 [Account Lockout Policy](account-lockout-policy.md)
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
index 9a078921e7..4c8003e0f3 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -1,6 +1,6 @@
 ---
-title: Audit Audit the use of Backup and Restore privilege (Windows 10)
-description: Describes the best practices, location, values, and security considerations for the Audit Audit the use of Backup and Restore privilege security policy setting.
+title: "Audit: Audit the use of Backup and Restore privilege (Windows 10)"
+description: "Describes the best practices, location, values, and security considerations for the 'Audit: Audit the use of Backup and Restore privilege' security policy setting."
 ms.assetid: f656a2bb-e8d6-447b-8902-53df3a7756c5
 ms.reviewer: 
 ms.author: dansimp
@@ -65,9 +65,9 @@ None. Changes to this policy become effective without a computer restart when th
 
 ### Auditing
 
-Enabling this policy setting in conjunction with the **Audit privilege use** policy setting records any instance of user rights that are being exercised in the security log. If **Audit privilege use** is enabled but **Audit: Audit the use of Backup and Restore privilege** is disabled, when users use backup or restore user rights, those events will not be audited.
+Enabling this policy setting in conjunction with the **Audit privilege use** policy setting records any instance of user rights that are being exercised in the security log. If **Audit privilege use** is enabled but **Audit: Audit the use of Backup and Restore privilege** is disabled, when users back up or restore user rights, those events will not be audited.
 
-Enabling this policy setting when the **Audit privilege use** policy setting is also enabled generates an audit event for every file that is backed up or restored. This can help you to track down an administrator who is accidentally or maliciously restoring data in an unauthorized manner.
+Enabling this policy setting when the **Audit privilege use** policy setting is also enabled generates an audit event for every file that is backed up or restored. This setup can help you to track down an administrator who is accidentally or maliciously restoring data in an unauthorized manner.
 
 Alternately, you can use the advanced audit policy, [Audit Sensitive Privilege Use](../auditing/audit-sensitive-privilege-use.md), which can help you manage the number of events generated.
 
diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
index 550e21d847..a431f30baf 100644
--- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
@@ -1,6 +1,6 @@
 ---
 title: Back up files and directories - security policy setting (Windows 10)
-description: Describes the best practices, location, values, policy management, and security considerations for the Back up files and directories security policy setting.
+description: Describes the recommended practices, location, values, policy management, and security considerations for the Back up files and directories security policy setting.
 ms.assetid: 1cd6bdd5-1501-41f4-98b9-acf29ac173ae
 ms.reviewer: 
 ms.author: dansimp
@@ -22,13 +22,13 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management, and security considerations for the **Back up files and directories** security policy setting.
+This article describes the recommended practices, location, values, policy management, and security considerations for the **Back up files and directories** security policy setting.
 
 ## Reference
 
-This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This user right is effective only when an application attempts access through the NTFS backup application programming interface (API) through a backup tool such as NTBACKUP.EXE. Otherwise, standard file and directory permissions apply.
+This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This user right is effective only when an application attempts access through the NTFS backup application programming interface (API) through a tool such as NTBACKUP.EXE. Otherwise, standard file and directory permissions apply.
 
-This user right is similar to granting the following permissions to the user or group you have selected on all files and folders on the system:
+This user right is similar to granting the following permissions to the user or group you selected on all files and folders on the system:
 
 -   Traverse Folder/Execute File
 -   List Folder/Read Data
@@ -56,8 +56,8 @@ Constant: SeBackupPrivilege
 
 ### Best practices
 
-1.  Restrict the **Back up files and directories** user right to members of the IT team who must back up organizational data as part of their daily job responsibilities. Because there is no way to be sure that a user is backing up data, stealing data, or copying data to be distributed, only assign this user right to trusted users.
-2.  If you are using backup software that runs under specific service accounts, only these accounts (and not the IT staff) should have the **Back up files and directories** user right.
+1.  Restrict the **Back up files and directories** user right to members of the IT team who must back up organizational data as part of their daily job responsibilities. Because there's no way to be sure that a user is backing up data, stealing data, or copying data to be distributed, only assign this user right to trusted users.
+2.  If your backup software runs under specific service accounts, only these accounts (and not the IT staff) should have the user right to back up files and directories.
 
 ### Location
 
@@ -67,7 +67,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use
 
 By default, this right is granted to Administrators and Backup Operators on workstations and servers. On domain controllers, Administrators, Backup Operators, and Server Operators have this right.
 
-The following table lists the actual and effective default policy values. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default policy values for the server type or Group Policy Object (GPO). Default values are also listed on the policy’s property page.
 
 | Server type or GPO | Default value |
 | - | - |
@@ -80,13 +80,13 @@ The following table lists the actual and effective default policy values. Defaul
  
 ## Policy management
 
-A restart of the device is not required for this policy setting to be effective.
+A restart of the device isn't required for this policy setting to be effective.
 
 Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
 
 ### Group Policy
 
-Settings are applied in the following order through a Group Policy Object (GPO), which will overwrite settings on the local computer at the next Group Policy update:
+Settings are applied in the following order through a GPO, which will overwrite settings on the local computer at the next Group Policy update:
 
 1.  Local policy settings
 2.  Site policy settings
@@ -101,15 +101,15 @@ This section describes how an attacker might exploit a feature or its configurat
 
 ### Vulnerability
 
-Users who can back up data from a device could take the backup media to a non-domain computer on which they have administrative privileges, and then restore the data. They could take ownership of the files and view any unencrypted data that is contained within the backup set.
+Users who can back up data from a device to separate media could take the media to a non-domain computer on which they have administrative privileges, and then restore the data. They could take ownership of the files and view any unencrypted data that is contained within the data set.
 
 ### Countermeasure
 
-Restrict the **Back up files and directories** user right to members of the IT team who must back up organizational data as part of their daily job responsibilities. If you are using backup software that runs under specific service accounts, only these accounts (and not the IT staff) should have the **Back up files and directories** user right.
+Restrict the **Back up files and directories** user right to members of the IT team who must back up organizational data as part of their daily job responsibilities. If you use software that backs up data under specific service accounts, only these accounts (and not the IT staff) should have the right to back up files and directories.
 
 ### Potential impact
 
-Changes in the membership of the groups that have the **Back up files and directories** user right could limit the abilities of users who are assigned to specific administrative roles in your environment. You should confirm that authorized backup administrators can still perform backup operations.
+Changes in the membership of the groups that have the user right to back up files and directories could limit the abilities of users who are assigned to specific administrative roles in your environment. Confirm that authorized administrators can still back up files and directories.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
index 869edc69a5..55281194fb 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
@@ -26,7 +26,7 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-Windows designates a section of the hard drive as virtual memory known as the page file, or more specifically, as pagefile.sys. It is used to supplement the computer’s Random Access Memory (RAM) to improve performance for programs and data that are used frequently. Although the file is hidden from browsing, you can manage it using the system settings.
+Windows designates a section of the hard drive as virtual memory known as the page file, or more specifically, as pagefile.sys. It is used to supplement the computer’s Random Access Memory (RAM) to improve performance for frequently used programs and data. Although the file is hidden from browsing, you can manage it using the system settings.
 
 This policy setting determines which users can create and change the size of a page file. It determines whether users can specify a page file size for a particular drive in the **Performance Options** box located on the **Advanced** tab of the **System Properties** dialog box or through using internal application interfaces (APIs).
 
diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
index c07cb74837..696c309ef6 100644
--- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
+++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
@@ -28,7 +28,7 @@ Describes the best practices, location, values, policy management, and security
 
 This user right determines if users can create a symbolic link from the device they are logged on to.
 
-A symbolic link is a file-system object that points to another file-system object. The object that is pointed to is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links.
+A symbolic link is a file-system object that points to another file-system object. The object that's pointed to is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links.
 
 >**Warning:**   This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
 Constant: SeCreateSymbolicLinkPrivilege
@@ -40,7 +40,7 @@ Constant: SeCreateSymbolicLinkPrivilege
 
 ### Best practices
 
--   This user right should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that are not designed to handle them.
+-   Only trusted users should get this user right. Symbolic links can expose security vulnerabilities in applications that are not designed to handle them.
 
 ### Location
 
@@ -73,16 +73,16 @@ Any change to the user rights assignment for an account becomes effective the ne
 
 Settings are applied in the following order through a Group Policy Object (GPO), which will overwrite settings on the local computer at the next Group Policy update:
 
-1.  Local policy settings
-2.  Site policy settings
-3.  Domain policy settings
-4.  OU policy settings
+- Local policy settings
+- Site policy settings
+- Domain policy settings
+- OU policy settings
 
 When a local setting is greyed out, it indicates that a GPO currently controls that setting.
 
 ### Command-line tools
 
-This setting can be used in conjunction with a symbolic link file system setting that can be manipulated with the command-line tool to control the kinds of symlinks that are allowed on the device. For more info, type **fsutil behavior set symlinkevaluation /?** at the command prompt.
+This setting can be used in conjunction with a symbolic link file system setting that can be manipulated with the command-line tool to control the kinds of symlinks that are allowed on the device. For more info, type `fsutil behavior set symlinkevaluation /?` at the command prompt.
 
 ## Security considerations
 
diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md
index cb03383fb3..8e9e1de135 100644
--- a/windows/security/threat-protection/security-policy-settings/debug-programs.md
+++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md
@@ -26,7 +26,7 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-This policy setting determines which users can attach to or open any process, even those they do not own. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components need this user right. This user right provides access to sensitive and critical operating-system components.
+This policy setting determines which users can attach to or open any process, even a process they do not own. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides access to sensitive and critical operating-system components.
 
 Constant: SeDebugPrivilege
 
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
index 5e75ce5325..3705d5c84b 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
@@ -22,7 +22,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management, and security considerations for the **Deny log on as a batch job** security policy setting.
+This article describes the recommended practices, location, values, policy management, and security considerations for the **Deny log on as a batch job** security policy setting.
 
 ## Reference
 
@@ -40,7 +40,7 @@ Constant: SeDenyBatchLogonRight
 
 1.  When you assign this user right, thoroughly test that the effect is what you intended.
 2.  Within a domain, modify this setting on the applicable Group Policy Object (GPO).
-3.  **Deny log on as a batch job** prevents administrators or operators from using their personal accounts to schedule tasks, which helps with business continuity when that person transitions to other positions or responsibilities.
+3.  **Deny log on as a batch job** prevents administrators or operators from using their personal accounts to schedule tasks. This restriction helps with business continuity when that person transitions to other positions or responsibilities.
 
 ### Location
 
@@ -48,7 +48,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use
 
 ### Default values
 
-The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy's property page.
 
 | Server type or GPO | Default value |
 | - | - |
@@ -63,7 +63,7 @@ The following table lists the actual and effective default policy values for the
 
 This section describes features and tools available to help you manage this policy.
 
-A restart of the device is not required for this policy setting to be effective.
+A restart of the device isn't required for this policy setting to be effective.
 
 Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
 
@@ -73,7 +73,7 @@ This policy setting might conflict with and negate the **Log on as a batch job**
 
 On a domain-joined device, including the domain controller, this policy can be overwritten by a domain policy, which will prevent you from modifying the local policy setting.
 
-For example, if you are trying to configure Task Scheduler on your domain controller, check the Settings tab of your two domain controller policy and domain policy GPOs in the Group Policy Management Console (GPMC). Verify the targeted account is not present in the **Deny log on as a batch job** 
+For example, to configure Task Scheduler on your domain controller, check the Settings tab of your two domain controller policy and domain policy GPOs in the Group Policy Management Console (GPMC). Verify the targeted account isn't present in the **Deny log on as a batch job** setting. 
 
 User Rights Assignment and also correctly configured in the **Log on as a batch job** setting.
 
@@ -100,7 +100,7 @@ Assign the **Deny log on as a batch job** user right to the local Guest account.
 
 ### Potential impact
 
-If you assign the **Deny log on as a batch job** user right to other accounts, you could deny the ability to perform required job activities to users who are assigned specific administrative roles. You should confirm that delegated tasks are not affected adversely.
+If you assign the **Deny log on as a batch job** user right to other accounts, you could deny the ability to perform required job activities to users who are assigned specific administrative roles. Confirm that delegated tasks aren't affected adversely.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
index 2da4ae7aa5..ae1ff7ad09 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
@@ -22,7 +22,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management, and security considerations for the **Deny log on as a service** security policy setting.
+This article describes the recommended practices, location, values, policy management, and security considerations for the **Deny log on as a service** security policy setting.
 
 ## Reference
 
@@ -63,7 +63,7 @@ The following table lists the actual and effective default policy values for the
 
 This section describes features and tools available to help you manage this policy.
 
-A restart of the computer is not required for this policy setting to be effective.
+A restart of the computer isn't required for this policy setting to be effective.
 
 Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
 
@@ -89,11 +89,11 @@ This section describes how an attacker might exploit a feature or its configurat
 ### Vulnerability
 
 Accounts that can log on to a service application could be used to configure and start new unauthorized services, such as a keylogger or other malware. The benefit of the specified countermeasure is somewhat reduced by the fact that only users with administrative rights can install and configure 
-services, and an attacker who has already attained that level of access could configure the service to run by using the System account.
+services, and an attacker who already has that level of access could configure the service to run by using the System account.
 
 ### Countermeasure
 
-We recommend that you not assign the **Deny log on as a service** user right to any accounts. This is the default configuration. Organizations that are extremely concerned about security might assign this user right to groups and accounts when they are certain that they will never need to log on to a service application.
+We recommend that you don't assign the **Deny log on as a service** user right to any accounts. This configuration is the default. Organizations that have strong concerns about security might assign this user right to groups and accounts when they're certain that they'll never need to log on to a service application.
 
 ### Potential impact
 
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
index 473772b9bc..933e46f0a1 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
@@ -22,13 +22,13 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, and security considerations for the **Domain controller: LDAP server signing requirements** security policy setting.
+This article describes the best practices, location, values, and security considerations for the **Domain controller: LDAP server signing requirements** security policy setting.
 
 ## Reference
 
 This policy setting determines whether the Lightweight Directory Access Protocol (LDAP) server requires LDAP clients to negotiate data signing.
 
-Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. In the case of an LDAP server, this means that a malicious user can cause a client device to make decisions based on false records from the LDAP directory. You can lower the risk of a malicious user accomplishing this in a corporate network by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) Authentication Header mode, which provides mutual authentication and packet integrity for IP traffic, can make all types of man-in-the-middle attacks extremely difficult.
+Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. In the case of an LDAP server, a malicious user can cause a client device to make decisions based on false records from the LDAP directory. You can lower this risk in a corporate network by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) Authentication Header mode, which provides mutual authentication and packet integrity for IP traffic, can make all types of man-in-the-middle attacks difficult.
 
 This setting does not have any impact on LDAP simple bind through SSL (LDAP TCP/636).
 
@@ -44,7 +44,7 @@ If signing is required, then LDAP simple binds not using SSL are rejected (LDAP
 
 ### Best practices
 
--   It is advisable to set **Domain controller: LDAP server signing requirements** to **Require signature**. Clients that do not support LDAP signing will be unable to execute LDAP queries against the domain controllers.
+-   We recommend that you set **Domain controller: LDAP server signing requirements** to **Require signature**. Clients that do not support LDAP signing will be unable to execute LDAP queries against the domain controllers.
 
 ### Location
 
@@ -77,7 +77,7 @@ This section describes how an attacker might exploit a feature or its configurat
 
 ### Vulnerability
 
-Unsigned network traffic is susceptible to man-in-the-middle attacks. In such attacks, an intruder captures packets between the server and the client device, modifies them, and then forwards them to the client device. Where LDAP servers are concerned, an attacker could cause a client device to make decisions that are based on false records from the LDAP directory. To lower the risk of such an intrusion in an organization's network, you can implement strong physical security measures to protect the network infrastructure. You could also implement Internet Protocol security (IPsec) Authentication Header mode, which performs mutual authentication and packet integrity for IP traffic to make all types of man-in-the-middle attacks extremely difficult.
+Unsigned network traffic is susceptible to man-in-the-middle attacks. In such attacks, an intruder captures packets between the server and the client device, modifies them, and then forwards them to the client device. Where LDAP servers are concerned, an attacker could cause a client device to make decisions that are based on false records from the LDAP directory. To lower the risk of such an intrusion in an organization's network, you can implement strong physical security measures to protect the network infrastructure. You could also implement Internet Protocol security (IPsec) Authentication Header mode, which performs mutual authentication and packet integrity for IP traffic to make all types of man-in-the-middle attacks difficult.
 
 ### Countermeasure
 
@@ -85,7 +85,7 @@ Configure the **Domain controller: LDAP server signing requirements** setting to
 
 ### Potential impact
 
-Client device that do not support LDAP signing cannot run LDAP queries against the domain controllers.
+Client devices that do not support LDAP signing cannot run LDAP queries against the domain controllers.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
index d21bf2cf15..fb56241385 100644
--- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
+++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
@@ -26,7 +26,7 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-This security setting determines which users are allowed to shut down a device from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart) from a remote location.
+This security setting determines which users are allowed to shut down a device from a remote location on the network. This setting allows members of the Administrators group or specific users to manage computers (for tasks such as a restart) from a remote location.
 
 Constant: SeRemoteShutdownPrivilege
 
@@ -37,7 +37,7 @@ Constant: SeRemoteShutdownPrivilege
 
 ### Best practices
 
--   Explicitly restrict this user right to members of the Administrators group or other specifically assigned roles that require this capability, such as non-administrative operations staff.
+-   Explicitly restrict this user right to members of the Administrators group or other assigned roles that require this capability, such as non-administrative operations staff.
 
 ### Location
 
@@ -91,11 +91,11 @@ Any user who can shut down a device could cause a denial-of-service condition to
 
 ### Countermeasure
 
-Restrict the **Force shutdown from a remote system** user right to members of the Administrators group or other specifically assigned roles that require this capability, such as non-administrative operations staff.
+Restrict the **Force shutdown from a remote system** user right to members of the Administrators group or other assigned roles that require this capability, such as non-administrative operations staff.
 
 ### Potential impact
 
-On a domain controller, if you remove the **Force shutdown from a remote system** user right from the Server Operator group, you could limit the abilities of users who are assigned to specific administrative roles in your environment. You should confirm that delegated activities are not adversely affected.
+On a domain controller, if you remove the **Force shutdown from a remote system** user right from the Server Operator group, you could limit the abilities of users who are assigned to specific administrative roles in your environment. Confirm that delegated activities are not adversely affected.
 
 ## Related topics
 

From 1378b7f77ee2d39595b7996207bf02b2e917242f Mon Sep 17 00:00:00 2001
From: jborsecnik 
Date: Wed, 4 Nov 2020 13:50:21 -0800
Subject: [PATCH 82/92] Acro boost edits

---
 ...cations-deployed-to-each-business-group.md | 10 +++----
 ...ine-your-application-control-objectives.md | 28 +++++++++----------
 .../wdsc-customize-contact-information.md     | 16 +++++------
 .../wdsc-firewall-network-protection.md       |  2 +-
 .../wdsc-virus-threat-protection.md           |  6 ++--
 .../windows-firewall/encryption-zone.md       |  4 +--
 .../windows-firewall/firewall-gpos.md         |  4 +--
 .../gathering-the-information-you-need.md     |  4 +--
 .../windows-firewall/gpo-domiso-encryption.md |  6 ++--
 ...-firewall-with-advanced-security-design.md |  4 +--
 .../windows-sandbox-architecture.md           |  6 ++--
 11 files changed, 44 insertions(+), 46 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index 1c46616481..24ab242eb1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -1,6 +1,6 @@
 ---
 title: Create a list of apps deployed to each business group (Windows 10)
-description: This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
+description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
 ms.reviewer: 
 ms.author: dansimp
@@ -27,7 +27,7 @@ This topic describes the process of gathering app usage requirements from each b
 
 ## Determining app usage
 
-For each business group, determine the following:
+For each business group, determine the following information:
 
 -   The complete list of apps used, including different versions of an app
 -   The full installation path of the app
@@ -37,12 +37,12 @@ For each business group, determine the following:
 
 ### How to perform the app usage assessment
 
-Although you might already have a method in place to understand app usage for each business group, you will need to use this information to help create your AppLocker rule collection. AppLocker includes the Automatically Generate 
+You might already have a method in place to understand app usage for each business group. You'll need to use this information to help create your AppLocker rule collection. AppLocker includes the Automatically Generate 
 Rules wizard and the **Audit only** enforcement configuration to assist you with planning and creating your rule collection.
 
 **Application inventory methods**
 
-Using the Automatically Generate Rules wizard quickly creates rules for the applications you specify. The wizard is designed specifically to build a rule collection. You can use the Local Security Policy snap-in to view and edit the rules. This method is very useful when creating rules from a reference computer, and when creating and evaluating AppLocker policies in a testing environment. However, it does require that the files be accessible on the reference computer or through a network drive. This might mean additional work in setting up the reference computer and determining a maintenance policy for that computer.
+Using the Automatically Generate Rules wizard quickly creates rules for the applications you specify. The wizard is designed specifically to build a rule collection. You can use the Local Security Policy snap-in to view and edit the rules. This method is useful when creating rules from a reference computer and when creating and evaluating AppLocker policies in a testing environment. However, it does require that the files be accessible on the reference computer or through a network drive. This might mean additional work in setting up the reference computer and determining a maintenance policy for that computer.
 
 Using the **Audit only** enforcement method permits you to view the logs because it collects information about every process on the computers receiving the Group Policy Object (GPO). Therefore, you can see what the enforcement will be on the computers in a business group. AppLocker includes Windows PowerShell cmdlets that you can use to analyze the events from the event log and cmdlets to create rules. However, when you use Group Policy to deploy to several computers, a means to collect events in a central location is very important for manageability. Because AppLocker logs information about files that users or other processes start on a computer, you could miss creating some rules initially. Therefore, you should continue your evaluation until you can verify that all required applications that are allowed to run are accessed successfully.
 
@@ -72,7 +72,7 @@ After you have created the list of apps, the next step is to identify the rule c
 -   Allow or deny
 -   GPO name
 
-To do this, see the following topics:
+For guidance, see the following topics:
 
 -   [Select the types of rules to create](select-types-of-rules-to-create.md)
 -   [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index adcfdab2e0..b5083772dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -23,9 +23,9 @@ ms.date: 09/21/2017
 - Windows 10
 - Windows Server
 
-This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
+This article helps with decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 
-AppLocker is very effective for organizations with app restriction requirements whose environments have a simple topography and the application control policy goals are straightforward. For example, AppLocker can benefit an environment where non-employees have access to computers connected to the organizational network, such as a school or library. Large organizations also benefit from AppLocker policy deployment when the goal is to achieve a detailed level of control on the PCs that they manage for a relatively small number of apps.
+AppLocker is effective for organizations with app restriction requirements whose environments have a simple topography and whose application control policy goals are straightforward. For example, AppLocker can benefit an environment where non-employees have access to computers connected to the organizational network, such as a school or library. Large organizations also benefit from AppLocker policy deployment when the goal is a detailed level of control on the PCs they manage for a relatively small number of apps.
 
 There are management and maintenance costs associated with a list of allowed apps. In addition, the purpose of application control policies is to allow or prevent employees from using apps that might actually be productivity tools. Keeping employees or users productive while implementing the policies can cost time and effort. Lastly, creating user support processes and network support processes to keep the organization productive are also concerns.
 
@@ -59,7 +59,7 @@ Use the following table to develop your own objectives and determine which appli
 
-
+
@@ -68,9 +68,9 @@ Use the following table to develop your own objectives and determine which appli
 
-
-
+
+
@@ -95,7 +95,7 @@ Use the following table to develop your own objectives and determine which appli
 
-
-
+
-
@@ -144,12 +144,12 @@ Use the following table to develop your own objectives and determine which appli
 
-
+
-
-
+
+
@@ -158,8 +158,8 @@ Use the following table to develop your own objectives and determine which appli
 
-
-
+
+
      
 
      Policy maintenance
      		
 
      SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).
      AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.
      AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.
      		
 
      
 
      
 
      Policy application
      
 
      
 
      Enforcement mode
      SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file are allowed to run by default.
      
-
      SRP can also be configured in the “allow list mode” such that the by default all files are blocked and administrators need to create allow rules for files that they want to allow.
      AppLocker by default works in the “allow list mode” where only those files are allowed to run for which there is a matching allow rule.
      SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the file is allowed to run by default.
      
+
      SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.
      By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.
      		
 
      
 
      
 
      File types that can be controlled
      
 
      Designated file types
      		
 
      SRP supports an extensible list of file types that are considered executable. You can add extensions for files that should be considered executable.
      AppLocker does not support this. AppLocker currently supports the following file extensions:
      
+
      AppLocker doesn't support this. AppLocker currently supports the following file extensions:
      
 
        
 
      • Executables (.exe, .com)
        • 
 
      • DLLs (.ocx, .dll)
        • 
@@ -123,11 +123,11 @@ Use the following table to develop your own objectives and determine which appli
 
      
 
      Editing the hash value
      		
 
      SRP allows you to select a file to hash.
      AppLocker computes the hash value itself. Internally it uses the SHA2 Authenticode hash for Portable Executables (exe and DLL) and Windows Installers and a SHA2 flat file hash for the rest.
      AppLocker computes the hash value itself. Internally it uses the SHA2 Authenticode hash for Portable Executables (exe and DLL) and Windows Installers and an SHA2 flat file hash for the rest.
      		
 
      
 
      
 
      Support for different security levels
      With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that notepad always runs with restricted permissions and never with administrative privileges.
      
+
      With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.
      
 
      SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).
      		
 
      AppLocker does not support security levels.
      		
 
      
 
      Support for rule exceptions
      		
 
      SRP does not support rule exceptions
      AppLocker rules can have exceptions which allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.
      AppLocker rules can have exceptions that allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.
      		
 
      
 
      
 
      Support for audit mode
      SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.
      AppLocker supports audit mode which allows administrators to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.
      SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.
      AppLocker supports audit mode that allows administrators to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.
      		
 
      
 
      
 
      Support for exporting and importing policies
      
 
      
 
      Rule enforcement
      Internally, SRP rules enforcement happens in the user-mode which is less secure.
      Internally, AppLocker rules for exes and dlls are enforced in the kernel-mode which is more secure than enforcing them in the user-mode.
      Internally, SRP rules enforcement happens in user-mode, which is less secure.
      Internally, AppLocker rules for exes and dlls are enforced in kernel-mode, which is more secure than enforcing them in the user-mode.
      		
 
      
       
 
      
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 1611fdc1c9..89087de1dc 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -29,19 +29,19 @@ manager: dansimp
 
 - Group Policy
 
-You can add information about your organization in a contact card to the Windows Security app. This can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
+You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
 
 ![The security center custom fly-out](images/security-center-custom-flyout.png)
 
-This information will also be shown in some enterprise-specific notifications (including those for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
+This information will also be shown in some enterprise-specific notifications (including nofications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
 
 ![A security center notification](images/security-center-custom-notif.png)
 
-Users can click on the displayed information to initiate a support request:
+Users can select the displayed information to initiate a support request:
 
-- Clicking **Call** or the phone number will open Skype to start a call to the displayed number
-- Clicking **Email** or the email address will create a new email in the machine's default email app address to the displayed email
-- Clicking **Help portal** or the website URL will open the machine's default web browser and go to the displayed address
+- Select **Call** or the phone number to open Skype to start a call to the displayed number.
+- Select  **Email** or the email address to create a new email in the machine's default email app address to the displayed email.
+- Select **Help portal** or the website URL to open the machine's default web browser and go to the displayed address.
 
 ## Requirements
 
@@ -67,12 +67,12 @@ This can only be done in Group Policy.
 
 5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
 
-6. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings by opening them, setting them to **Enabled** and adding the contact information in the field under **Options**:
+6. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
     1. **Specify contact email address or Email ID**
     2. **Specify contact phone number or Skype ID**
     3. **Specify contact website**
 
-7. Click **OK** after configuring each setting to save your changes.
+7. Select **OK** after you configure each setting to save your changes.
 
 >[!IMPORTANT]
 >You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 4209ff2f58..7a394abba3 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -24,7 +24,7 @@ manager: dansimp
 
 The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other third-party firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../windows-firewall/windows-firewall-with-advanced-security.md).
 
-In Windows 10, version 1709 and later, the section can be hidden from users of the machine. This can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+In Windows 10, version 1709 and later, the section can be hidden from users of the machine. This information is useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
 
 
 ## Hide the Firewall & network protection section
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index f3c4b5e3d9..63e2d82171 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -25,9 +25,9 @@ manager: dansimp
 
 The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
 
-In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack.
+In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in case of a ransomware attack.
 
-IT administrators and IT pros can get more information and documentation about configuration from the following:
+IT administrators and IT pros can get more configuration information from these articles:
 
 - [Microsoft Defender Antivirus in the Windows Security app](../microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md)
 - [Microsoft Defender Antivirus documentation library](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)
@@ -36,7 +36,7 @@ IT administrators and IT pros can get more information and documentation about c
 - [Office 365 advanced protection](https://support.office.com/en-us/article/office-365-advanced-protection-82e72640-39be-4dc7-8efd-740fb289123a)
 - [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
 
-You can choose to hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This can be useful if you don't want employees in your organization to see or have access to user-configured options for these features.
 
 
 ## Hide the Virus & threat protection section
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index 097cbdf870..715a2eef02 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -23,9 +23,9 @@ ms.date: 04/19/2017
 -   Windows 10
 -   Windows Server 2016
 
-Some servers in the organization host data that is very sensitive, including medical, financial, or other personally identifying data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
+Some servers in the organization host data that's very sensitive, including medical, financial, or other personal data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
 
-To support the additional security requirements of these servers, we recommend that you create an encryption zone to contain the devices and that requires that the sensitive inbound and outbound network traffic be encrypted.
+To support the additional security requirements of these servers, we recommend that you create an encryption zone to contain the devices and that requires that the sensitive inbound and outbound network traffic is encrypted.
 
 You must create a group in Active Directory to contain members of the encryption zone. The settings and rules for the encryption zone are typically similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. You then modify the security methods list to include only algorithm combinations that include encryption protocols.
 
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index e40d0eddc7..8a214a169f 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -25,6 +25,4 @@ ms.date: 04/19/2017
 
 All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
 
-The GPO created for the example Woodgrove Bank scenario include the following:
-
--   [GPO\_DOMISO\_Firewall](gpo-domiso-firewall.md)
+The GPO created for the example Woodgrove Bank scenario includes [GPO\_DOMISO\_Firewall](gpo-domiso-firewall.md).
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index da4b632a34..3d79b04f30 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -25,9 +25,9 @@ ms.date: 08/17/2017
 
 Before starting the planning process for a Windows Defender Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and devices that were not considered during the planning phase are encountered during implementation.
 
-Review each of the following topics for guidance about the kinds of information that you must gather:
+Review each of the following articles for guidance about the kinds of information that you must gather:
 
--   [Gathering Information about Your Current Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
+-   [Gathering Information about Your Conversational Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
 
 -   [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
 
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index ee39cb7790..7ca03d22e7 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -22,14 +22,14 @@ ms.date: 08/17/2017
 
 This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
 
-This GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
+This GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
 
 ## IPsec settings
 
 
-The copied GPO includes and continues to use the IPsec settings that configure key exchange, main mode, and quick mode algorithms for the isolated domain The following changes are made to encryption zone copy of the GPO:
+The copied GPO includes and continues to use the IPsec settings that configure key exchange, main mode, and quick mode algorithms for the isolated domain. The following changes are made to encryption zone copy of the GPO:
 
-The encryption zone servers require all connections to be encrypted. To do this, change the IPsec default settings for the GPO to enable the setting **Require encryption for all connection security rules that use these settings**. This disables all integrity-only algorithm combinations.
+The encryption zone servers require all connections to be encrypted. To do this, change the IPsec default settings for the GPO to enable the setting **Require encryption for all connection security rules that use these settings**. This setting disables all integrity-only algorithm combinations.
 
 ## Connection security rules
 
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 2caa25566a..29b25a7dd2 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -37,9 +37,9 @@ To create a domain isolation or server isolation design, you must understand the
 
 ## IPsec performance considerations
 
-Although IPsec is critically important in securing network traffic going to and from your devices, there are costs associated with its use. The mathematically intensive cryptographic algorithms require a significant amount of computing power, which can prevent your device from making use of all of the available bandwidth. For example, an IPsec-enabled device using the AES encryption protocols on a 10 gigabits per second (Gbps) network link might see a throughput of 4.5 Gbps. This is due to the demands placed on the CPU to perform the cryptographic functions required by the IPsec integrity and encryption algorithms.
+Although IPsec is critically important in securing network traffic going to and from your devices, there are costs associated with its use. The mathematically intensive cryptographic algorithms require a significant amount of computing power, which can prevent your device from making use of all of the available bandwidth. For example, an IPsec-enabled device using the AES encryption protocols on a 10 gigabits per second (Gbps) network link might see a throughput of 4.5 Gbps. This reduction is due to the demands placed on the CPU to perform the cryptographic functions required by the IPsec integrity and encryption algorithms.
 
-IPsec task offload is a Windows technology that supports network adapters equipped with dedicated cryptographic processors to perform the computationally intensive work required by IPsec. This frees up a device’s CPU and can dramatically increase network throughput. For the same network link as above, the throughput with IPsec task offload enabled improves to about 9.2 Gbps.
+IPsec task offload is a Windows technology that supports network adapters equipped with dedicated cryptographic processors to perform the computationally intensive work required by IPsec. This configuration frees up a device’s CPU and can dramatically increase network throughput. For the same network link as above, the throughput with IPsec task offload enabled improves to about 9.2 Gbps.
 
 ## Domain isolation design
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index db22ee475a..b7b46a2ec9 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -21,7 +21,7 @@ Windows Sandbox benefits from new container technology in Windows to achieve a c
 
 Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Base Image technology leverages the copy of Windows already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files is mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 
@@ -29,7 +29,7 @@ Before Windows Sandbox is installed, the dynamic base image package is stored as
 
 ## Memory management
 
-Traditional VMs apportion statically sized allocations of host memory. When resource needs change, classic VMs have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host to dynamically determine how host resources are allocated. This is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it can reclaim memory from the container much like it would with a process.
+Traditional VMs apportion statically sized allocations of host memory. When resource needs change, classic VMs have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host to dynamically determine how host resources are allocated. This method is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it can reclaim memory from the container much like it would with a process.
 
 ![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
 
@@ -51,7 +51,7 @@ Windows Sandbox employs a unique policy that allows the virtual processors of th
 
 Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft works with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model used by Windows.
 
-This allows programs running inside the sandbox to compete for GPU resources with applications that are running on the host.
+This feature allows programs running inside the sandbox to compete for GPU resources with applications that are running on the host.
 
 ![A chart illustrates graphics kernel use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
 

From d22561e33dd996d96273a123efffc7c5edf0a912 Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 15:08:01 -0700
Subject: [PATCH 83/92] increase two acro scores

---
 .../endpoint-detection-response-mac-preview.md                | 4 ++--
 .../access-credential-manager-as-a-trusted-caller.md          | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index f731a7af08..35fe01b1c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -49,7 +49,7 @@ Endpoint detection and response capabilities in Microsoft Defender ATP for Mac a
 
 1. From the JAMF console, navigate to  **Computers > Configuration Profiles**, navigate to the configuration profile you'd like to use, then select  **Custom Settings**.
 
-1. Create an entry with com.microsoft.wdav as the preference domain and upload the .plist created earlier.
+1. Create an entry with com.microsoft.wdav as the preference domain and upload the `.plist` created earlier.
 
    > [!WARNING]
    > You must enter the correct preference domain (com.microsoft.wdav), otherwise the preferences will not be recognized by the product
@@ -117,7 +117,7 @@ Endpoint detection and response capabilities in Microsoft Defender ATP for Mac a
 
 1. Choose a name for the profile. Change  **Platform=macOS**  to  **Profile type=Custom**. Select  **Configure**.
 
-1. Save the .plist created earlier as com.microsoft.wdav.xml.
+1. Save the `.plist` created earlier as com.microsoft.wdav.xml.
 
 1. Enter com.microsoft.wdav as the custom configuration profile name.
 
diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
index 166698ea39..073cfbd4cb 100644
--- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
@@ -22,7 +22,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-This article describes the best practices, location, values, policy management, and security considerations for the **Access Credential Manager as a trusted caller** security policy setting.
+This article describes the recommended practices, location, values, policy management, and security considerations for the **Access Credential Manager as a trusted caller** security policy setting.
 
 ## Reference
 
@@ -45,6 +45,8 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use
 
 ### Default values
 
+The following table shows the default value for the server type or Group Policy Object (GPO).
+
 | Server type or GPO | Default value |
 | - | - |
 | Default domain policy | Not defined |

From 83152e59ac152086d4e964fcbc912cb0c53ccc14 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik 
Date: Wed, 4 Nov 2020 14:10:33 -0800
Subject: [PATCH 84/92] Apply suggestions from code review

small proofing corrections
---
 .../determine-your-application-control-objectives.md          | 4 ++--
 .../wdsc-customize-contact-information.md                     | 2 +-
 .../windows-sandbox/windows-sandbox-architecture.md           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index b5083772dd..dd86101ae7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -59,7 +59,7 @@ Use the following table to develop your own objectives and determine which appli
 
 
      Policy maintenance
      
 
      SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).
      
-
      AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.
      
+
      AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally, or the GPMC, or the Windows PowerShell AppLocker cmdlets.
      
 
 
 
      Policy application
      
@@ -68,7 +68,7 @@ Use the following table to develop your own objectives and determine which appli
 
 
 
      Enforcement mode
      
-
      SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the file is allowed to run by default.
      
+
      SRP works in the “deny list mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.
      
 
      SRP can also be configured in the “allow list mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.
      
 
      By default, AppLocker works in allow list mode. Only those files are allowed to run for which there's a matching allow rule.
      
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 89087de1dc..45a707db18 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -33,7 +33,7 @@ You can add information about your organization in a contact card to the Windows
 
 ![The security center custom fly-out](images/security-center-custom-flyout.png)
 
-This information will also be shown in some enterprise-specific notifications (including nofications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
+This information will also be shown in some enterprise-specific notifications (including notifications for the [Block at first sight feature](/windows/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus), and [potentially unwanted applications](/windows/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)).
 
 ![A security center notification](images/security-center-custom-notif.png)
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index b7b46a2ec9..eb25e2cf9c 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -21,7 +21,7 @@ Windows Sandbox benefits from new container technology in Windows to achieve a c
 
 Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Base Image technology leverages the copy of Windows already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files is mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 

From d2680934b6560dbafa478f48ed22449c9769feba Mon Sep 17 00:00:00 2001
From: ShannonLeavitt 
Date: Wed, 4 Nov 2020 16:03:03 -0700
Subject: [PATCH 85/92] acrolinx-windows-security

---
 .../smart-card-debugging-information.md       | 46 +++++++++----------
 .../bitlocker/bitlocker-and-adds-faq.md       | 10 ++--
 .../bitlocker/bitlocker-to-go-faq.md          | 11 ++++-
 3 files changed, 37 insertions(+), 30 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index f5268739ca..824c20a5f1 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -26,9 +26,9 @@ Debugging and tracing smart card issues requires a variety of tools and approach
 
 -   [Certutil](#certutil)
 
--   [Debugging and tracing using WPP](#debugging-and-tracing-using-wpp)
+-   [Debugging and tracing using Windows software trace preprocessor (WPP)](#debugging-and-tracing-using-wpp)
 
--   [Kerberos protocol, KDC, and NTLM debugging and tracing](#kerberos-protocol-kdc-and-ntlm-debugging-and-tracing)
+-   [Kerberos protocol, Key Distribution Center (KDC), and NTLM debugging and tracing](#kerberos-protocol-kdc-and-ntlm-debugging-and-tracing)
 
 -   [Smart Card service](#smart-card-service)
 
@@ -42,22 +42,22 @@ For a complete description of Certutil including examples that show how to use i
 
 ### List certificates available on the smart card
 
-To list certificates that are available on the smart card, type certutil -scinfo.
+To list certificates that are available on the smart card, type `certutil -scinfo`.
 
 > [!NOTE]
 > Entering a PIN is not required for this operation. You can press ESC if you are prompted for a PIN.
 
 ### Delete certificates on the smart card
 
-Each certificate is enclosed in a container. When you delete a certificate on the smart card, you are deleting the container for the certificate.
+Each certificate is enclosed in a container. When you delete a certificate on the smart card, you're deleting the container for the certificate.
 
-To find the container value, type certutil -scinfo.
+To find the container value, type `certutil -scinfo`.
 
 To delete a container, type **certutil -delkey -csp "Microsoft Base Smart Card Crypto Provider"** "<*ContainerValue*>".
 
 ## Debugging and tracing using WPP
 
-Windows software trace preprocessor (WPP) simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx).
+WPP simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx).
 
 ### Enable the trace
 
@@ -65,21 +65,21 @@ Using WPP, use one of the following commands to enable tracing:
 
 - **tracelog.exe -kd -rt -start** <*FriendlyName*> **-guid \#**<*GUID*> **-f .\\**<*LogFileName*>**.etl -flags** <*flags*> **-ft 1**
 
-- **logman start** <*FriendlyName*> **-ets -p {**<*GUID*>**} -**<*Flags*> **-ft 1 -rt -o .\\**<*LogFileName*>**.etl -mode 0x00080000*
+- **logman start** <*FriendlyName*> **-ets -p {**<*GUID*>**} -**<*Flags*> **-ft 1 -rt -o .\\**<*LogFileName*>**.etl -mode 0x00080000**
 
 You can use the parameters in the following table.
 
 | Friendly name | GUID           | Flags |
 |-------------------|--------------------------------------|-----------|
-| scardsvr          | 13038e47-ffec-425d-bc69-5707708075fe | 0xffff    |
-| winscard          | 3fce7c5f-fb3b-4bce-a9d8-55cc0ce1cf01 | 0xffff    |
-| basecsp           | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7       |
-| scksp             | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7       |
-| msclmd            | fb36caf4-582b-4604-8841-9263574c4f2c | 0x7       |
-| credprov          | dba0e0e0-505a-4ab6-aa3f-22f6f743b480 | 0xffff    |
-| certprop          | 30eae751-411f-414c-988b-a8bfa8913f49 | 0xffff    |
-| scfilter          | eed7f3c9-62ba-400e-a001-658869df9a91 | 0xffff    |
-| wudfusbccid       | a3c09ba3-2f62-4be5-a50f-8278a646ac9d | 0xffff    |
+| `scardsvr`          | 13038e47-ffec-425d-bc69-5707708075fe | 0xffff    |
+| `winscard`          | 3fce7c5f-fb3b-4bce-a9d8-55cc0ce1cf01 | 0xffff    |
+| `basecsp`           | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7       |
+| `scksp`             | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7       |
+| `msclmd`            | fb36caf4-582b-4604-8841-9263574c4f2c | 0x7       |
+| `credprov`          | dba0e0e0-505a-4ab6-aa3f-22f6f743b480 | 0xffff    |
+| `certprop`          | 30eae751-411f-414c-988b-a8bfa8913f49 | 0xffff    |
+| `scfilter`          | eed7f3c9-62ba-400e-a001-658869df9a91 | 0xffff    |
+| `wudfusbccid`       | a3c09ba3-2f62-4be5-a50f-8278a646ac9d | 0xffff    |
 
 Examples
 
@@ -119,7 +119,7 @@ You can use these resources to troubleshoot these protocols and the KDC:
 
 -   [Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg)](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit).  You can use the trace log tool in this SDK to debug Kerberos authentication failures.
 
-To begin tracing, you can use Tracelog. Different components use different control GUIDs as explained in these examples. For more information, see [Tracelog](https://msdn.microsoft.com/library/windows/hardware/ff552994.aspx).
+To begin tracing, you can use `Tracelog`. Different components use different control GUIDs as explained in these examples. For more information, see [`Tracelog`](https://msdn.microsoft.com/library/windows/hardware/ff552994.aspx).
 
 ### NTLM
 
@@ -143,7 +143,7 @@ To stop tracing for Kerberos authentication, run this command:
 
 ### KDC
 
-To enable tracing for the Key Distribution Center (KDC), run the following command on the command line:
+To enable tracing for the KDC, run the following command on the command line:
 
  - **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
 
@@ -166,7 +166,7 @@ You can also configure tracing by editing the Kerberos registry values shown in
 | Kerberos    | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos
      Value name: LogToFile
      Value type: DWORD
      Value data: 00000001

      HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters
      Value name: KerbDebugLevel
      Value type: DWORD
      Value data: c0000043

      HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters
      Value name: LogToFile
      Value type: DWORD
      Value data: 00000001 |
 | KDC         | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Kdc
      Value name: KdcDebugLevel
      Value type: DWORD
      Value data: c0000803                  |
 
-If you used Tracelog, look for the following log file in your current directory: kerb.etl/kdc.etl/ntlm.etl.
+If you used `Tracelog`, look for the following log file in your current directory: kerb.etl/kdc.etl/ntlm.etl.
 
 If you used the registry key settings shown in the previous table, look for the trace log files in the following locations:
 
@@ -176,7 +176,7 @@ If you used the registry key settings shown in the previous table, look for the
 
 -   KDC: %systemroot%\\tracing\\kdcsvc 
 
-To decode event trace files, you can use Tracefmt (tracefmt.exe). Tracefmt is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. Tracefmt can display the messages in the Command Prompt window or save them in a text file. It is located in the \\tools\\tracing subdirectory of the Windows Driver Kit (WDK). For more information, see [Tracefmt](https://msdn.microsoft.com/library/ff552974.aspx).
+To decode event trace files, you can use `Tracefmt` (tracefmt.exe). `Tracefmt` is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. `Tracefmt` can display the messages in the Command Prompt window or save them in a text file. It is located in the \\tools\\tracing subdirectory of the Windows Driver Kit (WDK). For more information, see [`Tracefmt`](https://msdn.microsoft.com/library/ff552974.aspx).
 
 ## Smart Card service
 
@@ -198,11 +198,11 @@ The smart card resource manager service runs in the context of a local service.
 
 2.  If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
 
-3.  At the command prompt, type **net stop SCardSvr**.
+3.  At the command prompt, type `net stop SCardSvr`.
 
-4.  At the command prompt, type **net start SCardSvr**.
+4.  At the command prompt, type `net start SCardSvr`.
 
-You can use the following command at the command prompt to check whether the service is running: **sc queryex scardsvr**.
+You can use the following command at the command prompt to check whether the service is running: `sc queryex scardsvr`.
 
 The following code sample is an example output from this command:
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index 8547453291..c248a61b46 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -30,15 +30,15 @@ Stored information | Description
 -------------------|------------
 Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
 BitLocker recovery password | The recovery password allows you to unlock and access the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
-BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, Repair-bde. 
+BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, `Repair-bde`. 
 
 ## What if BitLocker is enabled on a computer before the computer has joined the domain?
 
-If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
+If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
 
 For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
 
-The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The manage-bde command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, you would use the following command script from an elevated command prompt:
+The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The `manage-bde` command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, you would use the following command script from an elevated command prompt:
 
 ```PowerShell
 $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive
@@ -61,7 +61,7 @@ Ultimately, determining whether a legitimate backup exists in AD DS requires qu
 
 No. By design, BitLocker recovery password entries do not get deleted from AD DS; therefore, you might see multiple passwords for each drive. To identify the latest password, check the date on the object.
 
-## What happens if the backup initially fails? Will BitLocker retry the backup?
+## What happens if the backup initially fails? Will BitLocker retry it?
 
 If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS.
 
@@ -69,5 +69,5 @@ When an administrator selects the **Require BitLocker backup to AD DS** check b
 
 For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
 
-When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker will not automatically retry the backup if it fails. Instead, administrators can create a script for the backup, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain) to capture the information after connectivity is restored.
+When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker will not automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain) to capture the information after connectivity is restored.
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
index 2be6494c9a..871f49b5a8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md
@@ -25,7 +25,14 @@ ms.custom: bitlocker
 
 ## What is BitLocker To Go?
 
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
+BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: 
 
-As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. 
+- USB flash drives
+- SD cards
+- External hard disk drives
+- Other drives that are formatted by using the NTFS, FAT16, FAT32, or exFAT file system. 
+ 
+Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](https://docs.microsoft.com/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
+
+As with BitLocker, you can open drives that are encrypted by BitLocker To Go by using a password or smart card on another computer. In Control Panel, use **BitLocker Drive Encryption**. 
 

From dbf2f662caee0bc8d32ec09e1ce5c8d4c5d6ee9d Mon Sep 17 00:00:00 2001
From: gkomatsu 
Date: Wed, 4 Nov 2020 17:49:28 -0800
Subject: [PATCH 86/92] Update new-in-windows-mdm-enrollment-management.md

Additional clarity to address question from customer
---
 .../mdm/new-in-windows-mdm-enrollment-management.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 31a3184bdb..cfc3df66f0 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -500,8 +500,8 @@ No. Only one MDM is allowed.
 Entry | Description
 --------------- | --------------------
 What is dmwappushsvc? | It is a Windows service that ships in Windows 10 operating system as a part of the windows management platform. It is used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
-What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. |
-How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to do this. |
+What data is handled by dmwappushsvc? | It is a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. This service does not send telemetry.|
+How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to do this. Disabling this will cause your management to fail.|
 
 ## Change history for MDM documentation
 

From 7503e090c0ae8d811d1125bd55eec7565e394959 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 5 Nov 2020 07:28:41 -0800
Subject: [PATCH 87/92] Update enable-attack-surface-reduction.md

---
 .../microsoft-defender-atp/enable-attack-surface-reduction.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 36216eb833..109f729fae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -84,7 +84,7 @@ The following is a sample for reference, using [GUID values for ASR rules](attac
 
 `OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules`
 
-`Value: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1`
+`Value: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84=2|3B576869-A4EC-4529-8536-B80A7769E899=1|D4F940AB-401B-4EfC-AADC-AD5F3C50688A=2|D3E037E1-3EB8-44C8-A917-57927947596D=1|5BEB7EFE-FD9A-4556-801D-275E5FFC04CC=0|BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550=1`
 
 The values to enable, disable, or enable in audit mode are:
 

From 882f77d0100f5dc96d1381bffb93bd78e9549f8e Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Thu, 5 Nov 2020 08:40:20 -0800
Subject: [PATCH 88/92] new zero day topic

---
 windows/security/threat-protection/TOC.md     |  1 +
 .../tvm-zero-day-vulnerabilities.md           | 70 +++++++++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index c2913b23a2..952895dc9c 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -64,6 +64,7 @@
 ##### [Address security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
 ##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md)
 ##### [Exceptions for security recommendations](microsoft-defender-atp/tvm-exception.md)
+##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md)
 ##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md)
 #### [Understand vulnerabilities on your devices]()
 ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
new file mode 100644
index 0000000000..361ba702bc
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -0,0 +1,70 @@
+---
+title: Mitigate zero-day vulnerabilities - threat and vulnerability management
+description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: article
+---
+
+# Mitigate zero-day vulnerabilities - threat and vulnerability management
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+
+A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited.
+
+Once a zero-day vulnerability has been found, information about it will be conveyed through the following experiences in the Microsoft Defender Security Center:
+
+## Threat and vulnerability management dashboard
+
+Find recommendations with a zero-day tag in the “Top security recommendation” card.
+
+## Weaknesses page
+
+Find the named zero-day vulnerability along with a description and details.
+
+- If this vulnerability has a CVE-ID assigned, you’ll see the zero-day label next to the CVE name. 
+
+- If this vulnerability has no CVE-ID assigned, you will find it under an internal, temporary name that looks like “TVM-XXXX-XXXX”. The name will be updated once an official CVE-ID has been assigned, but the previous internal name will still be searchable and found in the side-panel.
+
+## Software inventory page
+
+Find software with the zero-day tag.
+
+## Software page
+
+Find a zero-day tag for each software that has been affected by the zero–day vulnerability.
+
+## Security recommendations page
+
+Clear suggestions regarding remediation and mitigation options, including workarounds if exist.
+
+When there is an application with associated zero-day vulnerability and additional vulnerabilities to address , you will get one recommendation regarding both.
+
+When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.”
+
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)

From 4a21465aaae2b3921feb27270c7b6870bd6e27a4 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Thu, 5 Nov 2020 09:10:38 -0800
Subject: [PATCH 89/92] new images

---
 .../images/tvm-zero-day-dashboard.png           | Bin 0 -> 16418 bytes
 .../tvm-zero-day-security-recommendation.png    | Bin 0 -> 41796 bytes
 .../images/tvm-zero-day-software-inventory.png  | Bin 0 -> 50125 bytes
 .../images/tvm-zero-day-software-page.png       | Bin 0 -> 57992 bytes
 .../images/tvm-zero-day-weakness-name.png       | Bin 0 -> 38643 bytes
 .../tvm-zero-day-vulnerabilities.md             |  14 +++++++++++---
 6 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-security-recommendation.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-dashboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..fa995418a346e489874d07c2b46173ba906fb110
GIT binary patch
literal 16418
zcmd6ORa9I-*Ch!Aw*+lm65QPh?(XjH-gt0_;O_3h-7UDg)401g{N$U5d7kyntThk!
zR#mU+vU^XRefF*!CNC?71djs`0Re#|Aug;40r4sSBi{@Q{c)GQ3BdkH;OxaUoFE`D
zfBd^XNhp55{P+>ZSwcnxW*6bhS2!+&AF1UK5JV6X!UD>`jI&Hn?F5zQ?k?fH)Z04y
z+1+Bl2KVKk-6CQFY9i+;dt!Wx^8}2+e>6r
zf6TFbF2f%LZE$GgN^UlU4$vqVaQzzz?HbOYeLlF(JF`Tm8)(2|No
zJL=q@d51keo851{qmYpg^Ov)e-MoFNj7E`BjAb!1GUZDlxV9zOJu9I0E}nq8rl2}&
z8y4Ou*MqC=c22N6pKhaHPJ+3|#!R_ju)YZN?~(#fcmu4u7zxa-7w5
z(~UzSZh)yYJ1)sDHXk0GJ(%}leKi5ztTmTFY*GQ#DqLA(n}X&$4l=$i4PR4gOZXWH
zzS+1MAx|SCkCpmdgSICAKX&t)l5KJaSH#DnHMi!-tWap^`c{Xw7t7h_KhKkgaFtIQ
zq;IhEHEF+4-T;rcKi$G#7OVXV&W)KMCN7UW)+}!yK@(`ugpb>2F#W^d@%imENS*T
z_v$TT=@fjqg)qxirbG|UOrhS>5CHa;Ty+o1jaQs|hWSmr`vwPe#S9|n*mHGd5%7eE
z3~BLj=qP?v{Jm&!F8Ee0@7CKW(=^DawdVBUx&j!V;TU*#)#g^tC{^VlCFJ|Z!a|hEDOZnZq*;_$MzC3kns-o8$+}_%A
z=XTV2DQQAJyvBOY_1d3tJJHMEoKa4&=WJL3hVCPAdQ&@SvN%I-;oZE%L@#^m^=->1
zwzs046%Wo#q!tAE)Cv5G%jdn{!AZBvb?OReJxj&OGeL^T=i=m6d(MtA^m~13Axg!w
zI$9FXr_(fiTcTT}N*WB~nb{+w92v2)rI@{30OkezowHJ&nrEnUND?3!U5aZmveRWg
z?RV+P{mY%q@6jxa%1X__fwr!hn;wK%cOs_h>V
z(ljJ1-vA$F4X%|Fg-Fj@w-!i$i)XX8r(MGh$hr0{N>)E(1KD+9&x%y*k>-C`J-#5M
zQ^Isp$lV-PI8Ksec@t+|H+BX_WsD}|tUfY65T$Z|ynfTPUf&*w!?vlY*W!=HJQ&d?
zuVQX8_P>82v>`qroTYrXgRk}^V>A#!`l?VvW9}X2kAGBDUtjE9soFk|r_CEhd+<37
z=s`#Po-A>_Fizu>7pHn5U3gnPOL54SMCt1tn)bdr+QyA!L0F}DTFoNOUgV(`eK7xO
z8|i&3qFa;@@UNpp3R&f@Nf7ycx(SIAqJ
zZPTXI<<((&IejlU!lWW&A&a6R7&
zU8U8A8SMP&ZPY~sbMd`!^|d*hj>x>o_GU4;;=HAR`{_+Ob8u7cp+Cttl|FmDDB}KM
z*24e!B#-|!d5`uTtl$P55Nd^Z=W8_ysTi%x12)KlE{fCRpYmk@{BIS%ca|L21Kvno
zM)}HXM;_?c8_ix0Kl|%W6Y=YG3yr#jREDc4Hh34&b#KaH`AX9^h+|z`
z6eFnT&Ls%=&YGU=M`l;9YMZJ&*6dO3Ezh>dK2+1joP2(LDVei7j2U7-dNav1rrm?*
z*ZK8sy`F(Jbh16__7%w>3Y_Cwb2>oSb99L>a(&k%}fOrxu$c;2Dt_
zTD|gJn-_2;4)q!*>nG5BU1417b7edjr~Ww|TC3AClD!d>Xe)VI&#Q~^Qou}o=?7D)^LrLZmV*{LKJ_e9*
zQSDulnJe3EecPBdw3+dE8$kP;Td~$!fLbK1;UQ(4))V=~(kF~)a3tRG2FaMgKJW4S
zeAHA_?FK*&29&F<(sVu^8p6AsOfoWwooJjQH#za6cZJmaY?QffX!#J@3-ID>H(HBP
zdyu47wgw`CzUVoNRX0>dh5sHR=1W}dKurHSjySs+L9<#P?=tJT
zrJC5YxiMCg;$+q|dC=f(1GGP9`JBF^>`FQzqg~Eoks|vd^EJ_#R1s8})zg668Sv{N
zoMKT>Z2;&x>#XLh-*_gfkMfsKNrZI?h4>b`*SI>W!k0F@cw&GF6#Mnjwf=nAF}xOH
zpV5Ajr|qm+86l^Tq6v|UPskpnO@ltZ262I<$J`3Hcj=0Dc;au-Vao;-PB@PPQRc`3
zNS$Fx!DumE0kYzyiqpBMu)g`5hxGTUQQ4%bPQ=fO5u?+ZLD63A)?$+7>331c?L)4o
z4ORz8yO*G9RXF^%Z5!~VgH7Q(`yX801s%{E%*rQaHC%$9NYgUBcT~F-?K$riyb8iU
zvLdfl^dy_tSEGoyT~yW3<3Vr{kv&-JxEuG4l{`Y5J{^^1^yY!jhfR5@zSo?7lIXrm&c+Q)5(^>_7)G-Z?$OL7_0vq_AYe8^SE}?
zWe?KQ*xf$LLX-_=rix+~0#w5;o2N#ksDKG!|=_^q6;fik!P=T29~>^T%x^~JYUg{zhK
zFbO^i_QMMh+)Jh*`!&2P9y1utl`++23RmZtun7vTk_deJ525g`-<6gf;J^AIF?zU7
zf!>hqZ)x~nVdpTf_ixG{?>o&GCN7<}{siFKzC&j4jcUkq?%F5KZhq#)^$5RMDU^tc
z6)WEOiNU%+Eswj_GCs0b^}HuG2PWtXu=+Xr{KfoCW~r_mHeEx;{oGVHO3SDvY^{oP
z<7br_EZT|A7x$?vx$Y;arT8&oOP_i|-S&>?5C=#Hgh+kKq49S2Ee1w`9{Jz0*8sU9
z9(_BEa!vU2h17HrGXfwCR~(AHTbBnZ2GWd7pF`I=ZpkOlVhMU>g-^g#x;gnj9ylj*
zP~UFe6iE`dH&^gC1sSL!MS
z=~;t}&9r-&sno$+{s9^5ZGJK3zsgjkacU%aXVcLDZ$($sfm}|L-an`LIn^T01VYP{
zyp$mETQ^s8l)M(1WLnL3mkX(F6Jj;=$?0^oM0*Iji^&&Ozmtzp%@eK+q12%qe!PJR
zG2hfa5P|e|C4M>f2N-G5fVm@vU*z9fhUAd{snKx}2mUnaso8raM^SPhUMgnhZC=u@
z_yhG?CRJ$j$ZfgVm6T=#tI#^M&^CPeBSJRn-RY6)9wouV&{_F$aX*Q*w=w0T#
zlYQd$ZJ*{Gzs;$}b<(AdE-|TY4ceSTs3@26r(e!Rb|*{UpT7j2$|S?$@b>ovAh=BP
zaNQu4lV&T}RfaG#-d<}>d9etyBMs5oGZ<+J-5;~=YVrq77JPIoyYxs-s|C5IqO1|q
zhXKbH5)7f)>iK!koWA6{<}6=e=%1uHYfVxAsGssWzlE;}E`6B%p+(vgI6i#J_QY1m
z;I^w565MK~>3XX3H`U~A%zKVLnGgZ0VJ~0$z-Tq?x?SsiO}^KW`?ft<-}($U>YUj}
zgSozdni50Tn!jP7@W;e&KL^EE<$@c;ti`gUMXEbf_Ms?yw(ITsql2AvaVK1^x%
zF>x}aaDAY>8wEXy=ZPsiT{AQAN}J?(b>M|6%&&$M5gCbiivRa&83M&hQ!1@ldzkh&
z!|O60(FqfQdvnZUX*2UT`@!J5BDWVQbo^0bZ!_fim_mkSb<;)4ib!fh={2T7o=Z3b
z(hyYaL!>>C42lh@wlG4*WfXIMe@camxb)gcxLA=$?`HmW%DpYIBXh!N;_GfEMS884
zbLYEqwC}5^0(DI+=BGrorQEt`k>#OcFc967+>$@p}>$@iivH>Zf>gIt_%@r)Qg&X
zl7EwTXmoiX$q8o}@8pAzfSn2c70zXZnNqucB5a_kHZcZUYcft-f@FfTahs?4N4iY&
zgEo|P!0QYb$!MN<6v6Pur?0|LA9gfK1@;t$sjo-W8Szv=x?@7;;D|XZlSUg|De05e
zWJ=40AqhP^M($FMtD}uaa}&LMmKNc-b4E`6!SFb(|FYpW?huzhboB=ALF_C>y2Le$
zIWOFDMzZ}h{p$T{0;IF?clQb=Y@uFY@}6OYw&2<_eaxG)v+`sBxp>l#>1MNlrK<5s
z#m7!X7gmSc(;I>UGjV$^XO{h&@olt_c>PCu)03JR0cX2qbzE2BuN*!FInH?77OEBnc|f-ccxiWwtZ!`
zuVRyCrBb(`&v!-VnGt4Y0cSOz{0{Ar}~(|q|>cc
zhkvVzUo687#XI_5M;
zjy+q
zKwN@l=5HUFjOc&l8C1_vDC2)!oKUfgtOrbwjZCpwJ$*1+<>XmXW~x6~jt-9Li-Co{
zbtCSqx#OWlYR+6Tvnz(*KEFy(SjY9ACS0f!>e8cE-!}0Vec7fOFfc0kSL;{TQ}r-`
zs2bxLsW?w-cqldaW-;hWt-*)4SIxm#1uE(#7oPTLS`q}38k;uie`HMsvh#FK5`g~J
zB|kVFB*(b$BM7du{AGp@e@P$}i*eXJWMo@w3l(7xCI3fYv(QH&&$@fS#B1r6zT4Af
zYQR@ZwBS(bT6EeX8yyKTKcA=)qnl_$Sny{7E8Q+aMSRi
zL(avC)&p$B{gN~J^Q(nbFsmmkk>(z}Engk680TysB}@578;|;ej-H(Z+zRJrDsh$}6PauC3SRQBr5pe}0#DFiO=uIJSs=r(mi66o
zme1Kkgvol61zeCNm?d$*{vlmaB43^E`>RF7V9q{j<7dYD@$YR>{U3A)t&3uPuO@PkZpFw<
z(;|ggqU|cYQ<|db(5ew-vPR6YQE$;Z?d`Gn>YT|8zLqU(QRGv_vrJf`?U)Otv2ye$
zp=_;(LIu8v8Y6{Hm-Iv%wcA7iXm7qgY}Lc%4USsM`Ewvcg2mmkdT@ge?Q^9pSaagQ
zX6QIc4t37_w^;%%d;gzjK<|!caoW8iPp{GV3zd&hD9h_&ejU4)(~P5va!Riu=5@0}
zOpdoNG)$t?HJ&+hoOl#dveXMK=HQod@w^}2U{R9I=mB(q9br#GNz^H;`?nq%;Ba&G
zwv;$}LUwH(UxXy%nFjC{j+o-1AWCdM)LOv7p~!i&OPZy=BgGA*-vi7qAh<bljuL-sziaetFLu3bY{JJDHW(tcSJR<1iw@
z&0>8p>E8|8J?At(KS)ORwD3`&(Wi%*bf4PW;2O-<@y7rSzHyYH+yJL0Ax|bpm=c}`
z=)=DV1aq3mbp>U|m8J04#}EnLzXys=t7%je7FH_40)Deb+%@ZocX
zrEas|rT?iMer!Q_Mk!6LM4GtAxm8K_6M1j*Q~0o+MpnRs9#76hX3-$1*?K|RxKCm4
zcqKB*2aog1-M9o8a`y3QO=2XVbt_DBwDL|_!o5o1v=``6dC_~GKXhw?F*tj|EVhy_
zEcG1Mf#_qAD9AkUeU6bVt;z--kQXA)_k=B`3g92&l-FQDU^>f4;z^dhW=9MA9v;}s
zCHvy-7PsaZg1tNM`Pf->U7ztvhJA4bK_FbgB^oHO5I7OVDPZo4$BH8Qbh1!=*Nz%E
zIQ94t3D5t7wFDvSKvuCz`zxl8Wy=hUKD@*e5;4;cNf)Dyd^uPFN{M}$S*N4##U(0L
zC<+C97VgbNoF*j1N#A^csN=yXuBya`jV$*55VUQ4fZrgx?0Ry!j8*lhi(pTJX>gL<84_&re2BLN9EJ7eh>+2z7I^zXkPS}wGA(q7q2HdT7yIz8t;7G^5loDTq%OR>xAs|LaC{ONQ2o@oei2hi7iPz&l+YXI4nmVw)}Tm|FCyw
zOB}9Rrq$iwuJZZ!OQYX#rhG~Lx^(Ykv?+yVi>~d=l{v92s9pZy#mz4Csv5A^?uhGt
zQ{$Ys$Z{l4RBV%{I%XbM0SozuH=@=jzXgth%HFwh%9DD5WUNN&e_AMX0V0-jzfZ0W
zs9<{=q(CSPYvvhJW($`hDNQ7|#Bt@|Tw4Iu04i7ON+BlHwy03A^M?fOKO4)C`H^fn
z_hZBT6Q{)@WB-3D+N!pd%pOf0IlsQWT+A&jIL41AVoH6;<;@$9IxtmLRcp?(GR@7+
zTRVnqbZl9%vc=5cmzRsKn~zJ6Q{u}9P&>iQmr+;&kd_&6<(n1E9+gy9b}%VAKVPsw
zKoB97jbjH7gnj3+(*Esda2$!OJI3$Fiw
zy*b<>w8?+9%;Aq~DR%(>kJs)19w-0XH&z@L93&hWk{@bShC@$$0ZY`hdJ1_0W8H@n)OxlP5bGQCu6W#T>4hy_dHHG)3KEQ|a=%{{B(=sH`!LF8`o~Ir0
zWUCczF{U}*u#Y>chN3osjd4ageoGwXEwTWJgd8smh|FA^%be2QgI@$_G8tBV?Qu{g=Hh8q=Wl}aBcO{E66$2OhJ1I?UrRSUJ-7TZpQ)dQz1Gikcj?L$=
zxseX$jK|kY)6z*gUbEP2ekq6CK;d!anO|^LAh@oZk#JIVr{Hj*iKK1l+>NJ$zKU0`
zgu1=(2@n}glisG!E`F^CvQPHto6tVX4+50_`1haj%HH#iCOo78aXk?NMldrdL@wFO
zkW`YwXr1UC&$B6I)2MAiQp1)=q{-M^KU~W8j_0V_G1~g@c&IdNI!#}@MDvMj{$^BZ
zR+ZsaA<}CmK_;Eo%?z-O8fj~2Z4^f*MPhdllQ4y8@FrTQI#TqRz_&0XGGU+8+P~nU
zo0ij8Se9eW9?#9Ohrb-dIV}CP*bbxUV|Mv#QYN%H!Hi^Etitb|El^=#0O3x9q^9LZ
zecm)(3Fc#tNk{B^EFm?{ch!@I*2KtMz@1RoFe;=+SjJD&13cdk80V-&-gpe9b$Fa0
z1!x2x(OD6cFKA7&31%Af1=|Siu7d`k{s56JQ7*`1d=L?@YKN;=suvt_SB!nFm+xb1
z^)kmX7)3pPK*k1KwlIhKc?<9=ALzSt8%|5h)iozI85fNA@!1WF7Zs)P7kA8dgOMXb
zV)HVNsDeLM$=wjbU24P1UR$FLWRgVi`FXtHaC;%1>*Jo}Xu}{|
zbio|TN^5?5mSMT>YK1e?Ri-}dWKKy>z2{IcshE8HqWvWXhU|z?J>)*#ieXHYR|ZIe
zhax6iFNLF2d3%@T_z5)is##{99S&n*7OA;tm0lcHT1PJ_t~@eJag3ep3h2)f_tpjD
zF$Nw!BY!W6hg8v|**eo_Y?KtA`v|P8+@(ZyS)q^Mu}PiqoCSRey9085`#==nvmo|n
z)%~4JDSk*v`Kjo`cZCAnVrI_Hq(7?umMZMy!?W#1HKLU+=i|foWJRu?WcHnDm?TpO
zBjXeIUYWQpOP=>Z4YQtJ@)aL$pXr#9rP!CfO-LYWR!-OA%xp~_#k4-hGvkHGC`{CH
z3hqjLwsBnlQx+(fUH+%jkc4A?f}60WogL_
zjJ>1<{(8(jtDPhv8;@+Wnv5Qn$9LDsv|l6E0roWGxFXYdW~3+0eoaj(s@HWtK4Z?0
zHY>%pAnb#rjsb@>{Hl>7XDF$v*+mV$-@Ra=!OPjH$BcN=+=94siX88jer)EgMt~flHS9s5EYd?h9
z1rXTsA)ohQtL2V-+L<0km|Gxy0G`~e9Yyhp5nyb7ik`dkhOP-tELq`;9kvqB3@1zE
zlIJOq&WgD1ng3ed`D?&Zq9*TzJ0=ruTR*Z-44LUJN~W!n_bW9IK}vt%5BGw?^L*oq
zWFN#^eDUA--U$^8>cE=g+rASzA*uFT-ZI~%r;__b${2i{xvuCDBNf*U@1m(196m7l
zPs_BoZBwtDIj0yS;I=pUFPM!7h>$T9`H+L;fq>bS^r~uI^qX4u(l&Z8;Ax>x0qrp9
zhdr@KF^oeF@yfk`YA2XHkPSaud<=oKuiT&KnX$SF#!JmE0?~Ue#@*-y8!p@-PbGC$
zP4Yc@<}@qTLM2ZUB;=B#eTDmGs{4knl1HfiyNP`fug>lo5<`K8Vv*y_E
zEPFSe!8qCszD>p9g-KPt0zfa{eue%aic)JKXT)mkW8r4afY(|Bl34v)b}QX+xMZxj
z=$F}f2_)KZT%+u(91oA7RBm#X(9Misl|qb=j325fHVy$_w)w;c6|z6-45%1|Zhe>(
zXqTa_I|+pzcTvybSI_5J=)x=FV!f96wj*`I1sGCv;4OhUP6jE`9rlAhUd-~M_pe;z
z29oG>E)^HFO|uGvIQ7ECj%owELrGqMYL)lFmAafaLBv$J0js%XQ!YIVj;C&ffzqaI
zYYiTFm_MDjn7t&Z|He(;}bOZHA~r~vQ({yKHvp;z`t(^g>-q-
zoY}VO!f`+OiXgp15^bN+XbhxoUPf@7GUW0Qw6o=BxaRKCY8{5x%VKL0N-$<{+5Ur6
z<}9_fDOxKs0%stD?HnQP!NFz|q(}fAu4i^CKO|4R2pz!-N$O#jBa2d0+VbH6MS%#Ij4q_H5>z!NiO&mEn(J-^+>4r)
zJuE#)CS~^_d2(m?+J7dB7pog4@N*7mqyVSG#wvDTu$2!7d#LDrD$YHjI^US$y_E5{
z8zH)`&cQMIh^GQ3-7#sRVafeR7@YSlHy{Cf4*hdS{msa@U3~1HuI#elA;_zJUUt&K
z%FilZDTPafEKCMAZze}wln&EJ&Rlz6GG#+#i}M>BlQw-`qSDfEY;C+F>UPnpOr&2V
z!70ha7t(OOQ4^D0ui@$GxU`z}-ShJpSXfxv+S}Oe$~3?-gEr&?sXJp2ug((2X19egcD+UQcU&h_#(R?evDoB+ZspcO{eYvv)2D-f%?`28
ztq_`9LG$y;XeydcJ8Bl~Z}UINZdF=7j`Cf(fwAXC@wIue@4K<@5Ab?=@xYpbJI$Z^
z&pC{oUQ#>k7+9qPOsB*RmAdkRaU@mw$9^qdmwd8B?&|sFaB-hv_JXOY
z&xyoyDnbLuLY!&xgY?h8!u9<0s2}yGfr1}^GGHUG|Mx@roVqCTOb%T72(IU3im{iO
zBn8em1c6>tO!n#Fk@UV`Ux(B3b0x{t{fSz^IA9neDtL<0?$0}S$wnLMcmYZYgK_E7
zGY4dnuYimKNm>eG{h`Si(56gRREFZht5g?rPX20Ia4^K;<8fRrB)d2leLN**hrRnq
zAKLAJdgjQZ+4);e2MNX)@ZHz;x$CAg@gc42CAR_`%krlkc>?A4k|mVVTx0O)?wwv=
zEex0D#!EGddUIcd2=~qKJ4=|K*nZr7A}(M20cuu@U!_~
z+3Kfj{*>s|-JLRbLe!o{QSH3gR9sYZv3jsvx@%%^6U+|re1^$A^|99f*surg_JFZAZ^3cpCjdb;URx=TYGtAy|f0_
zCvkNGVU^k6^*`w59i4e+H^An)!-qUVu%8Id-`>PxpFxN9WwC24wdDJ#{7U9_|G`0gcD9_)
zo9zBw5S-Obm~VH$aR&liW*q{pypw>G4DF>ifz_f_Dyn04X($_HwxPm1PnO1S0}d0j
zK@fr7ipjZQ*Ij7?!i$6#Qr@OUUpLt9_kAK~>29b`c1e*lJ0am!Zgvce?s~{}qZ^@~
za{j~q#ydoHsLvXVeKE?m+@z65jCTSUq5T|JeB)fl%cQ3CAI$pgc8O4CmHYgc?^?Nj
z_XDRj^@4Zbr1a#@-{=u3b)AuhjTXLx?mos~`JgI?9{VRta+uUt#U<9WFc>jljO?+9F`e-krvvL0rs%3*P~8zsq{Y_JDy57UP>%McbJj9&)8~{OzbtV=8v+b)RytrNyhzuC+omst9u`-`5
zR%fnBQ!!!*l$8U8$PQ|sBSu6GSzRy(LLZ?R(X3fbWvyl(J=hbtV{G5HO}74YgYHZj
zOS#ZH$R$Eb`*T&`ZBa~fMz@bVGs@$#=uLxLxg+!MusicVIjp!n=RZux2g`B2YS*Qp
zq|{egIlrU7i0~17iz;3T^VNB9X<`0jG?KG@pD@_j*){9U{mRR!>FDS_C=iHiB*c&H
zqF3b?Q1oAlA;9xbnA$EA{Xd~}4o1AJ9$Z9a#(&W1v_l;pk5g+S)74wge`9Y-Dl65a
zjVX4%GPLwnd2t!E!dld_&3*Czvc}H6u$=eNqmZtL4b(jUTPSuObr8aN(|S=_ZO7T!
zVkR-uj>jl%WUKwgvLUQsJPCaV8>eAt72dszcLxqhbLT1z2@>N>otoQX1|1#K+~yWI<}5nk-07YeFR4_+TplaM74A1QkgB2U8ZhSTLe0sjZx3ppR`PE{Kwu$>f$jgfi6R(qoFxfLa)bpXwiu_hX%@*LN
zfL`8~CuBlVIX{^bzFaR;j*aotR_(+rg%1YhAK!Fb`rVSH|NPGlnzu;UKH+s8g^+JH
zey8HVB$bfqY*4$Q6~v3ar-
znGRMx+(#NKc#VsrBnl5Z@~--^y#CgSx^q-(nmSFhzWlIVUg)#V*x<9hP9m7dvT41y
zzt;^;=P5A;za#nfZK_gh#2&mF+bXnGaZh$*3uQ`9jy>1egB@#r2hgk9yJ_O_ozctJ
zfN5)sgRX|3nS9#pF&}ac4x3zfj4@^m)rHrCVRK}(EJvvx0p{~%wET8iqg7w!u9o)&
zHR~oFr1sH^^S(d0rmQ
zTd(nBY5S7!o1??u9q^pZviYR=MM({JOhJKDH~8cUaHBswYOMZFmxS+VXZAo>7JaMxA=bi{v^u7xKUjMLb{GNhxekChta2cY-cPL
zIy&of-I4B_c!L1G$^9j3+f-v*e*~J$G1`~?!<$zyw=E;DaMAB0!}bRXH)*M0@ZK`WZp`|`axcQGnF98*oY}O;
zyq0-uV_8=>Kd%UVmyPj*`9Rj$`XL*4bWe7>NcJ+l&@C+_`5|VFl2Yae&?p|PE>;S{Q=P4?nZP&
zaBr+*{FX0v;di^L6^%*A;}MKzTSoqYt5l@SKMtR+4`h`>SMSAQoTjd1
zf}clys@pC2+FUf*c+w57(r!4?=Vhu$$JlBEAe>
zLazI5^z+T>Wcz$i?$bhpUALrjlh*70`hb7P%bm1+HgcPS@JFdVd8bIZ_Jcwt_`
zvY{}tk~?|jx85qr*?h-9XpJx0ex<07IJM5`htqEj{dPttyGdZ!I&;?pq3Mh}#<6ZZ
z+dzoaRsXiydFOFKX$s}`d;A@Mq%H_sT%38ZfKAi`RAV}8O>}I1aTLmud)&6$XKFLe
z9}Lh+66Kd`ZgL9T&)y>WUxjIHR2OVQzlm9hHZdn$#4UJ&Tq5OokbRUD?zH
z_IFHWA?+etDG~MO^HGh7N4sY@;#~%JEuxqF>#z0*J|W#MpdXt$kYMRp+(=;2hR
zo#*s^kbS`5V>jfFny_eFnw7PqXe!&s9Uobrl^(2UnF=|uZ30ktou&7Q1te?fDkJr=
z#x=!&+!jNuT~j}QXMSyGhal(U8_6#E(YFe2-dpmJWid$Xogew(Q*J3$u6nr|RJXP=
zilPQTj9ak18Jo>W)gOU|uJW#=IZnBHeW@BXkM0fjjdWA%rXV8rNP5kel;QAH^7ORvhCwU%1q^zH2
zCs6ssmcJM&Gy7)d?;~~np5V3{Mauw3
z({3z;?RHBMpQ7!geofp}>e?RIR?oISyjgfJAZK#k`QRWP_ThJyak`912(Xw9qnDFLPSGlS7s%>LYn
zb)DslIVrBDz0@&we5rz=k`jN#I&BR21|>yEvMnQ0T`p%4RH#`T;hryFAW
z&x2eLoDMP%QyQb?^%{TFcpVmlZHa@0(MjShkRtej43QN5V>=nl%h=E@R_Ak0d6N&8
zFdc1-bT_Uic5@?0%``13XE!1^vT63=_J+B5StbuK4h@`sr3sNA5?ohJ?1QrLDr{}smUBWf!i}y%a
z58;f+12o9l?xzMNKh^ou$5!&Ven*`8Ew4?$JVNcS2)rZx4%#)k@7fd8a{9qHj+K~3
zEO<(wJD}laGZz7i^68euH$}%cG#YbD)2>J>CkUk2c+8hXK2c?&rl3dSc|6|h=E+=w
zoH|ir8by@aVyFk>OvRoQg3?VQhB*BI=nqz7p!CJ$Gan8G49^HrJ(0wtXT`jsZ$MXP
z_NPZCy={b(TSrB^iqX(B>%}fQl=;5O1zfa{JvrjvP!qNY67#(@Z{G8lE%I9)b(>zO
zi0YR{yM}06^RTfJbSh6~mD}6c*Zc;{nNAz5YqvJEbf@YZC3rW7ZSoAxI!HqCo?DC#
zOeS9~n;9U!l@s2@919{NPszVLi$LEiNW6Ig2zfW*yC5e4nA*tK-fZO$>l0|C@37ii
zH*VLDeUUYfYzD6tRn?HKh8F-AWRIXVU0RFB8=>uK>^}@#l6~{OpWQEZ^SrxJ{a^T!
z!6DC#mm(C)u>xWs7fGO<1c9zqwQ-JYbFTXf2Z+oir1s9*wHp;~@oVMl;kzUtTQ(Hb
zRKVdC%quWtAeR#N-a#GxiqiJAdE%=O6y9(i*CFT93n$jgZB6R|iHYZ^Jxc4}QqrkH
zHOSre(l1_a2|Au5ei5%P#py@DFOyn&J;}PbMxi+3lNzUpVI~EprQ3r1`zHM-D9nHK
z9Pr6l#6r(KKyMc9UR`xT&9cDS5bRuB?8UYr=G}Fs=uVuTds2LRloQbi-{h;l*t%vp
z-N9~`b$dH;zXyJSWZ#Lsx&)Kk2&N5Bzwm?>ukqQ(wd|iFMo@RBLx&-)kSciUnd>Rv
zaH71d+(?@ZdY#qa7L`(}h{aRRJqDiJj&LNuh@p)hvRD!E+v)X$HM~rBLGK2=+#bN<
zxp3=|6Xf+(z$VVRx+sX~I>NUMUKHIB^eCaYxQ%H!{ci1bHjKpadkySQ6!sAmM6JTw
zCI6n5l2obrnQj6T1l>K5W98CHum0|+04%63Srb@+dxME}_utH?;q)1vf#-G3T(@}vy=y73}+
z8M`$3e?Ch$hmRZ-k4mqkPx1M@pdV`6dPGL2TbBF57O$*m&R*bafDz+9Mn;sv;PLZc
z9NOBtb9_89&c12AjZcXbAH`Tp_jg|99pQ|9-5KpeuQv?+;Dez;Rs7_$*-#WVeR*=V`Tw%UKK|w*I{!H0`
zf`XcX{6FCm6?v~_?6FM#bNTf%b1w=C2ClQuIdy~k+vJnf-s;*a)XP^d-k=s>@OiXI
zL2-vdU0KQKO~%H8e~>Y%8BY=_qUl4ArADqtv0sDT`!;*QQ2nBF^~+h9
z;(>Q%J$m35`ZNHgaxe>Qg12wA=V4~yK6IYVR)Xiq9V2g_EUMI85cYz}{kwsVj>R&v
zvMA5yiP6#LN6zlu)a%n9nI=fHn59-2+U^2yvPwTJSAkRT^)p2qRRFG@cr8a
z1-t$Q2Hmn>$u1xO2Xj0`%ar*5Y8xy>)Fj_mVAuiL8PUnyU6oHw422~GEb%;
zL)ue&#;7!CnXbiu!g#FrqvJ*YH_1sS!NcL!dT*Bq`^+X>oY>0jd2m}pxFz*}?`Qk?
zlUt0+_}2&GzR%P{^O4KTUwP$m&p!8+A@w>v)Y09*0eI#3-udv|u_wbn-|TkiB+A(o
zl_^3?LkG7idYeAbTN7cpI;XX3(VycjeCgNIRg9soyNwer`f1hir(Jz1#*2Ze=0=cx
z!}gwv@mUYr#AAe25o55p%|1&=5lYv%6lIiTvW3V2E?F9xq?F&9MBKVs=YxDvINONl
z86EK8f`W*@6*1zjTk$U9v9))HWf<+%+S!|T8006G{pI}=Z7k%uf|z=3(MiOZDG1M4
zgS>!CyJw=!Vd5id8@0&wEU&WV9kj7el?pg6EIK1+faR)~qeW8OQ?`nF{lILV(FRAv
z2!fKvbGS}gtJjYEAub&6q+hhj%w7qH^l%u@WJ&H7p`~Pm%d$$
z%UL==GS>meLuXI4J~GE>dR#8;OZ5rg%1T;yGwe8rsR#Bu$hVaDogPUEnM*g$gIgUl
zZ`MS|6~vf`vsdWti{3h0PE^Co#`b0!`5f=#o{|;mpY8gP<2|tOMhI8$Zc}?e
zGXvz|__q>`kcRbN4B=2|upTfQcfs=hno%Sz)GY5-t>=EGkNfJ&aMxP$di8}Tw#bld
z>m}eote0^BI^QXVquh?y^4L}2wMl80;qFfM<^mEpe<(MoF2-PF>Rj1Q
zqBUMieL(8Z0M@+7PKO*h3p5w%6$Z+EYopEo;A;5MWImxhRfVf;kBV?VQ*JlR7tA-|
zS43a7aoS8D<}8p^t%oHD
zezM-$H{k?Z@!iChZN&7p)UT>f`a?p1UYQNI7V=VIrH1`PY9CA^tg?Q1@(427%Xuqc
zl>i6&_yAMb@ZHc>sUd9+xU(x!Ou)nBu)*CGG7h0;O>3^!Ij07KXvmCJ>$}?W)8}dP6qbw$VmVmMJo`i)U
zK_{HV8z_0=d*^r`OeN=DazQ*H(g(8_XndUKXO(5rPt3H~e0`w~<`Ys4746EsmF|1|
zK7wfHW@5ge{>PZU)&066B5*qy66LXG(F%jH;G9SEYM%IIJ4W%DScga!n@&1|9fR!Y
zlS&J9W1J7%bNkW=%Q>J`EjdLyR%P*(Q;g8`Z#MC}L#2Qa-m`{>F9po&tLSY<#d!C-(H^$=16?PO#Xsxj#-`ALVoIIdHf=Y~HpsfFXDW+&8N}dp88pzseKMJJ8-ktt-YKM~VaSUp~E4q0t%Li0)7Dhnz;omjy!1t`=FBmZROK
zYyx8?lbtt*PopC=)ALEKwI<>O7h}VtCI2{w3{fDOgfC9=Zyw~SLp(L
zDjny_6jw<^Ve=ai^1g$m<1TE{Pcfj)Hp>|RZKF~d!)CehphEGkKtEZFXFGCa#TECa
z`fG?!P4D+eM*q@?L{vz;e<*2PTrs^A;Ue#2(JSdbay1JYu$J|T#;|-{;#6xcNU4Nu
z2<0Kk2UBGZSj=p-Ls(p!JKIbJH{jp{L1x`}*AOWDz<*stzJcI__um9r3nd5|B3@&^
zAxBoI%c8tQVrnZ*Divy##?_cz7wS#sXg|m%E29+adO#J98%vc+G$Dgy*0HU~khS0E
zxzgQX#)XaF=g$RrBduA{=Um5b4=yY^kLv&d>OKLr2#zqD*E
zvtLHIh15ONTYP`>${!4{lh7_$c6ndNBt_X~=XBmSIQLy$41TiA0WD&mM(8CQytbvF
z=VkW-NY3Demr)OKwe5JHcD;Z`l!e%<`3md1qWQX-q!mRh*)VqcW+En(+>_Z#M7m*O
z4!Pr=ivF)A<+uzl-Z~SZx7RI<4xW9sSKr?Z^kCd&U$F7w>|GX1{DKYIbB(kHPPKGU_|d2-P^zCV9Sb;S;jkCD8Q2n)Q4#d}G0MXSO>#L}~fR$)!Q
z1;t^GA4d5SSlXL3Fz4zO?LB2vp@H!>bM>UgcvhSkD2j0Ue90X?4+N)&3p}3-C2Y+~
z(TS~utE6SFI2%4mS_yWKL!HKFzfrsuJ!|Q9V41WPU>jpFjAIuyu1yxYLQvx-&bHQ%
zJyNj~WG#}aUtivdcab}cQBV+?xipk%(wQB2KwzSov`=!MS)OkkCC#w279UoN*6k|b
z+W7WPvh-Y^jkX1zqS-=Fa)XZ)0WzhrPhWbo2d(%UL$RM_veFA4!G}ikfWt|OOn(&4
zo^ZbxU+g+6U{6bk34MBRA8H|>fx&j)j`B4Reg!xjLe@xa;5aB8@44SI1W&15Iq~_;
z&YqWzWLrA&?$c=MBS5j3$-bWY
zv9E=10;!ftdBISx_{yNg--^ae?o-bD(NlF3d{?sTUJ-|V)!DFR-`alKIXd;(gHkjS
zQo#Lc2UA1gJZMFSL&~sX-gaMW}soXP$R_(K^*9)OwiQ&bx+@qA=gj
zTum}TOtnNyNv
z`R&`fZ&#MHJh@fRRyi@6B#`K|CbA?GJvio#3-(!77fAIjgrqEv{Do$5*(hAQ|HlqX
zu^hsTG7AeWPreBN9X=J$mzetwu5Ayl?e(>I+o#OjnC#ylw8aH|u$+Hs)J*3!rqHrhz*_=|G;ZOz+*gIRO{uCd2J
zLHHN5ce_#6jN%sY(tZZFS%@WJxJD>2FiJwrxJdHV(T|Z+dN(&2{F}(U`*u<{2nr`?
z{_TN$U|?)?rY-upyJ^#KmHoo)6~n0CP+RG8AN{?0k09(Z@e#w|n=4XfuIZQXO~U7~
z&%bu7eNc$@CM7;eaG_NM*o_3bGFFMWbZ4i1|Cjobcw_t(m^@=qwEh+yj)Jlf-nmJtI
z`ha?$PQOVE{#!+@+(zfJ*(6xgw3|P$x#h3HYqyME%T&;*$@hP!PRbi0gMOv{ViV`C
zgb}*7@<>n0S%7r{CgfKuat-O|^U>z>^WYyzY$~dOSL!AuxU~CYzIQ;k>m-f7z?$=m{Sl!`$gLmW@w+($PVUfES{*}JEACi_)b
zGPdmj)++Q)jq*~@+2tyWhF<6x2tV8cb(=U;aT5?=4Zb2}m%!m@w#YgwQr+{0>MfXw
z0nxbqizwqH=o{Ph8i1%Y+ucw;8eMv-3S|AxOJtFy`>(n(}
z^%31k@o|fLDw-k&Nl9DR;=W@EGdXP+)X}u@_O&K!+175qD9BUbPn&<+36<`$S^{So
z_D{aQ);(}1HF)9CUgVVR*G{GtnL~6Ri^u@O3zw@QDbFwK*R}53X)+X0sij+Wx2
zk5KN3&ddiVhKx+*okvC0*=w*@j;zaaOn%$CkpGVkVB%U9;dbP+*
zmX(l_4Cb{IB{F#5c{|riN&}&YjyXDNpK{)jnnz5+LrR5eMF)Q)!9
zjU0(&=Vm+zDSbR=DZ^(rlBZnQ5I!y-8`bgIU6I_f!7uaM$1)dywWQyE?;5tQw(0m1
zp$#^T>-UOVPcQqYEn!T(HYQ8IOZs|pCivCKw~BTH*EsJE4a%|)R=Zy4=U39tM-Du?
zuD%E2AbK%eH`w3oXObI%Kegl5D|>J>1k<2VYlpGGH7=%2XxejkE->B)J|2^2;EWRN$waQfs!!882tFL&`JTd)*U;6htqI)SXtnU=E`d>L+}N<8wQoU+wJZG;j_jolt59I;Y&J3
z943!%3=Y`04BkxnlpWA|L+WykTiro2q1KQerMi?TDf``@<=gj(^yu&gXz5!yy3=T(
z12vQ4desI^2Yvs?myK}D0`0>DTPd5F_;$Kg7H=uDhV-vNRSyS$YSnM3O}%wWNKHzr
z5aYb=(ySA9SjzGWZBJEnvMJeP)0y4Qb?X$)Z$M?W{$wthcr)tSe9qDXO-=WMjq$&x
z_o(`x;M47|eVD8Tx%ZJn1E$-L0mD(5zj|l`vV|eW4qx;ARt_V*0ZxMB4xFD>fUvLj
zOx`XJIE9xp300a)JU?!K7Wgz3-{MKCPh!!wo*q164qUa_;_xCK9QEhu82DbhtVkRV
zOMrC+WIoMur&}--u)FJ89T=5{Q+5y>7vU6bg>~yMM|H)!JM~7Ju2W_ct>aU-zD)4pwKT1;h7M`!4{1Bx
z$<--$JbhM3U;*{Gx;pFaKOjkTE`n2i5@9n1?LG3^iiZVBB)RFv%K@{(T;}KBCzibt
zP=34i-D+W#P;O9IQ;Z2Z*J{*5-+$sMKVEmaFY8sCTYw%C)~M`*WqJPHP{3u{Fpmqi
zPf{DL`Wzos12(`IDvtTVH;h8@=Y8wSJV@~tzh@q}1;yC2w{`=N<&%LY@Xh6SB4FZC
zyy|Na^YO}!-x~wLBlR8#HlCJ~0Gv;1us1edW|avCR`Ye~0?~yvtu?IMd6`X_tR`}9
zg*8YRJNx|Hl!MC6r=40@=SF-1$XrUuNOf#pGeLw@Hn2H)#C|0QvY-b!TcZ7+Gt!II
zZ&IS4N6lEK*LV1mA~c(nmwNEFBY*vIbZTS1TEA3C5btL_cqToe${AUpEE?^fe`4;g
zbe=U|ZU2yQYVg9xftQxzl{fO=U$}ZJ;FR5#r`{;@z
zs=Lrq(}wCOh!9#AwiQ!c((}wc;(!RG%8)P2&QAe6;+6Lil05IbMF=&g5|<6L`_LNx
zajZSCtZ<^%UBNcL03z+Sd1@b%zZF#dKs7tstv-GhV+BbaLOq8^w0dUkwtcOxCgnDp
zx=qE&XVpX&uNwzo>+Xm<*VgShkjj_SBN9kaPYc!LuEv-;ZB|?X*Sm{OdJR-sLs;cY
zHL#Xy8hfFvq{bJELu~iRF&FL`8g&gFwtH;b?8W+pUX|Y2z!i~pTXoK8cmamnS;gn$
zeP^r<)+($tO{7}Vp^2p^<3w5m(LN(7iR@kIN^5SFdTktT$OlT-9;=Y8-3$6EX}D8I
zOFXavp&Q@L@h28EUG9U4YT85hS?V@PC#?-1os4VppN*@9zrksZb$K9sJo+*ubbEE>
zS6j2dfx$(VUcn4q4LdFO<<-j$=52J0oxAEPfgkakUf~aQik~_bb#w6@iKx5#Ga8Yd
zi!}>@X4uyoYjeJg#Bc`btO+g0Q0!qj&TCOq1ogRwK3Zk(Z@Wg
z+pkee;1A?-yeS%38PE)s7Mv!TCOhG1!-Yc8hMhRuMoH19{PuerOhO9`JhluPb#ya!
z`o;D7!*)q!a}hO07DlMvJ*Gk`T@ICjw?MK7j!5Bv4DYET{Z#7gdYVjJMt-j_ut}hS
z^7&bv7uN`)!E#-K!Ru6$Rz|PVMXQuWd&HgAhS*ciSIo(M8+I8!eGZEfDcLco44ZH9
z*VXJ|RUyr_IC~Tc=H|j9`qwBcR*pUBR9nkbNd8MdJ
zihI7f)S}Kgbhk&jdBNXM%rW@WH1X$o`8Jn;S3TG`sc4vo&ID5Uc9Q5q+yb|H-wB;|
zOI7h4iotJ24s4mph?Be%R|FZg!)qDTRc98I0`~w{xs}aAK6RgwKAj3O8`U1U1w`T#vY2I`
z$JjQT=*$Iyzg}SClm9j#C!t|#5uBF-gs64LAEBaces;v@MB$NjT}nff7R>dEsdjE%
z6)0=o(Ajpa=arBkh++N1pFwq#tpI(^rYL`$&3O3I!xy%Xh{wjq3s3vS2*;P1MIRt8
zUAm@!l0uJ~uQStZOu!U|UlHqOuac5fsg>NE!Up>^76Ib(-YlIy=QK?48eg!0fsB7~
zbRY5y@GgLROa@2mZ^lPIo)qSa%`7;{n@g0RhaIPw>#q8hUr7)ht6gc{>GQ4_vm5Ht
zIDJuPJ*sWDvRdt0o)Dt#x%}8_{sKz6f^;s<>$Je8eN{a^dCgBY(;|RCAI;%hw>|$R
zI#o)gHZo&&=P3anu$T}uF0?;36z&7pju(6IjYBR{^V#Sjh7ovLN8f*J$4ZAO%+wL^
z(HgtGBn91X#7^1yz2pggjm>a`t*%R9!wO1S_NdVdXb(07jsmcEdK#YE6nY40om>C>XJ8`W^
z@ZH}c4J&BTH2
z+2^;tXpbR@r#L&Fr6#M`07Z<$2$(w+cSnZp96qVVXEgC(WA=>*)_r9@>?@jjv*yzh
z=PbcJvhT_uv^q(ZO?Uu$Cz~K=z7&-KYVxam^soIY{Rf
zK20z>Ul8&1Uh)$*Ij!ECIC2CoYsL3B1vB}`bZEr-?DNP?a%I-v!hf^vp-GJ4Zhho_
zB#@CBn%H0_PI%9syc~UAD55C@UwZCm@4sAt#@D;|>R;^93s{J9MV!{JFU7_%RdV~d
z3N}}v8I;d5Vku>99Nlj+K3q-<9=@Or;|^QmKPlX0=zbk_3H=v2z~oXChLH1l4t9CM
zRw;?!ytO11>pkEEaXqmY^@czF7Q@I9Y{jiLvLQYvF8eE*9Cu`NPSD(0x?1NMq_i!W
z&l=yU>cA7CV)ApK?~YpZA=5SgOfs-S(3y5AZ2gUO6LuY!9x6ZPG>&IAC^g)5C|}l&
z#><~nK$7OUb~U1$-&f34q{KmP@s3P^A`@lmpK1C9u5f$FBs{;$i*o<``^YrKH?8Md
zmRCxdiscm}nercINM7#)+Y1gOxh+pB#n2ZQVo|xZ^hMWPlUh$~XJ5GbBsBFGQJG8D
zmdKT@bg4B_8N6#yO{3zThCXRP)^5SMdC0CrQtJjl>|4P^`IY;{iVtsU|LTBgZ)0YS
zORr}3`H^F7N(6zL6oSGsnqRho5&&$+!!9meC??RQedt7!jHT+gN#uAL+S9M$O`!<2}~9
zRsA^iBI%RO*YoTmQcPkudEZZboEq~Fu9n;O1BB)fJfw_k-93zEB8Z?Fg1n}tA5}BM
zWq%7;*YU-J6Mu*^lRed0cODv{@}w0IWV0E=-$xe+GOF5Q4YAFS}q~+qxRZb!_3S~@|V_E
zSF29y8XL>o+pS$)U0ujb6(F#j%v1>?IXL#De7umcnbu#|5#P)iF4|4KPVsgt!s^N`
z`5YDdkIhOzes0+aqsMwT{%(Nc-kAsI4uuv<-ZZ-K7OHAn&CzAutc6)A=7qpm{!P$Q
zCZ-myj-rmpyqSe3S96zqA**S+|IE7xLwk$tChFXokdF0SEFBGavaDcM6K@*Zw2dusc)%!L2T_@Rh>W3M~3+s+G`VOX36Kn#`&PfwE+B@cs#VZ6o~KgU_a
z9hFu@7Lukq2jw~a-vetkj$7}7%A2*WcB5QW>QAG2!DMA}QMTf4J2@BHmr`SOFsbQy
z5yIEYp%;}0z)TfVFGy0{5ji6k{n>&Rg)|OeQr^>X-;D7!0#0`RFqO&;$nHs2;qr|w
zqyZy2`vm~ING$U}O)Y{PoM-f3UVvXAXVr>B4#=q`Ky#AAfg>gW;Go}33TmW3OfqGZ
zj@BBKk+)c8(?lqE@**4EzH+ftyIJqOn3;W=kpp3#oS
z#Q)DS5Wded!r$rTN^919_iB
zVZ6}d4XQ2aYlz`|X0A;-RuY}gpyhn#kOUGR>b&+P?OerMoEPj1TD>FU
zqV!EL8{_hA9ktaX3YH8D+pJbDy;oH4!AvDbrp=vx-!#9p^e2X0VK%9_YO*--;I6L!
zbIsomfJW~Lk|EpTn$iG#?0wPnhL&#}X1V&+vhEnyu{IJ!1`XV8R_ItSZkYBV7lm#z
zEAIP-Jjjam$?7S@GnqR(%xJr>WPKe(%ab!-t+>BLMdjaVIySFIp&T4CV;$Ml4W48%
zXw%#@J9Dlw`_G?$Sy=muOD(;>Zic1GORE0oT(Q#ZD-_*C0J>hQy-zVYSJBpzUC*s<
z>oW@as}zPEcw7s!D*brF%$gom-{_Fb;DmV+c+QN+34s4ZUigbu7rqq!HF&@2623g(+<-c*r?~{iWNqRYBmI<+G}kp
zmA;8)-aK7MZ+4{n5y
zX3E+63xXJs;k>hQ8ESF+odriN_}n`K_h$Xt%G1;YrlkRjoYb9%$OBFH7*xbue=E83
z&<=mDz|0%h_8t3@oV>)~bQB6*|1F!UM}3YarmKl;hz$u+h96NR&)7w3oo@9b9X%~Q
z;!dIb<8|p+a-t$@ou=Ek^mmEk>Plv$p2p<8e612wAAN|(lu9a|L9D}R05g5@8$r>y
z@m8vNxT=HW%6)r3K0e{Fitl9Ri7;h8ZL!ODs#~s1aSm1WmKERhMDs=8Fg&E_i2PS5
z-cqRdA|4wh^7>KpP`bSQmZ(spz9oM0t|#jTfB#7TfX-h1?9Uf<$(v%LyC>-1LIjJ#
zFmAbX6QlX`?i=NM_QhzkgNoj>K>G0Shd}2Er~Av!F`W$q8M-4Gouel+wg~~z9dg5c
z+!u>XpYehU2277@-7-Nja=q*c7CRpl
z+u-C72w$7N08TEdrm|269~85dlUQB(lxC}=G&)_k-CDh<78|l%X4?wQzg^fd1-!)i>pytnw86X3Q
z70Q0ia9+T#iR=ZmiFHDGR9=U~O9tuh2Tw~j=UIftU7h3TE87T3rJfP8{gvJ(EdpOG
za==$RS?|B)*0XT65(;FRsOy?tf9NqBa=V~XG_uc5I!9%ppZLpq8xu#?^^#5Ka4oVa
z?(sAZcTyuJL56x)1ut7#7~Klum(E!D`SZeCU22hkjoO9hN!k=qZ+PpB5b%DH>k}NWU1*t
zPDYbR^tH6hOgwLx_NE&!_H+pv2J7FigNn}&UiPy2ooertf3uBk>o4%aWn!1^f^GWv
zm_Uf8>!+~_3X1VN$^EExtm;2w>lkMnJJHr}C76uD4-M(~`1l&lc_`3X_@|o4dh4NyH|DTpC^+2v3vhX;QwDQKxPJRnKK&gG0SR|B1h;04S(=y!~oRg
zA13YV?$z=rGNt$JyARU;N}sa57D`Q{bwv*IeJOF4gi@E8j_hIeS?-^eE>ETr_{el%ObL-H^p#n*P@j%lq=MDtTb^
z&@Z^Oa)S7?eJDq5uU8!3O!=WmfLd(*y~ZYo*fU+)7C^SuFM)O$HQ9CopiLKWgm7@4
z;&g%jVqwOb+nwCvoH$9B2E8UyPz1^7U-?63qM&%J)eXbBf_4q_`PcI>dxd@$KMi^K>dFBAr#dUnRR-FZ^937n{1QF^6
zcHXoZ*opO=5*gHMC4h$)3EpqOYY9RYNqf5t&w-Ek+VMjiB`-Ls0eC3?*-DATq3Lr-qK|R4XA+5hy(mcB^
zoo6
z*2jyKkl&*3mBCKQz0M$beyM$B`|M(hjYv+E*K*>?r>@_Ua1ze9JQJ)bIRPE{MDfaT`
zb@j0vrBE@KiH8fXJ85`@gy7uSL1V+<3$Kd;u_F&2my`o=l=MiOv9mI6&)STEFa*lSSKu_-I@$kAJ?8;zdeW4zFgLAo)g{T
z*wKL18mS9xW}mPEX9NZBv9R&M<7CUkJqAS|nC7kl*=nv*l|KQ1JGdm4V=cawrbDxapQW3e}$dvbI%cNnzgrG(@V
zbNUh&A3r%i&kC~LaV>Tr=FQ_p9>Js3^~*7;+T=*uXm+#=%M8Ky
z4a7voi_mKPB_S^Ep8C0ODxxJ$bW(r3wCnXD?K)oACiBaJArzzki#g1nwIP^=G)|+(
z^6s@;8+lJ%WTd8JE7OdOIBq4=+cHL}tZW|%3JSi|8^uhN8ZyhhdF?G5G*_Am`?4ad
zDW_CRx4*GP#|3JkjHEap8mSh`&UL0)DJWK%jQM=#5(MJzC->jlt~@Pn4$j-cHg;PS
z&ifbtZHUOiN|ket(d>jglw@(CTKhqschX76FMy?GI&rU9kw;Wi^f+@RN>XHJ2u`Eg
z@M3%mWnmETvo;GRR$|}mDUOWySP}F{D|N<7*PmKrcPVFA-#ix2suvBm%5%;_0y8eo
znymp8NMju1SxTlRyU1y3GA3E=<>+Pgm
zYA6oyaYE^O7Mjh<9R&?TGhO0bn?WS#X)h8EJ+&MjhQoIq%Pa_pHk*9$LBpg8OQTeVt!H^;Ok7Ye+FqdUhRc|fYo+uZ>-Ed8r%W`Dyh5oU
zX&NlzgXVchSrWrhrGwOUJG8~BCr!$HLWynPdZIZ`lpd3a3#W3mBBr=#IE!c-h8c}-
zFcb~Z&q%Fo^N>l%B@3`F7!K@Z)8Ud~W4^JGCT|3Z%3kKxCqFO7Mcc}7kyecT
zOg+%5A8q+ka|pcymD@RBRlJD0N8M>5u$qRydFL6K>wv@>$9=!E(xxDVaU@L@W_5KW
z_i6avs2a!G?{JPOD2U*__~UXrVXKvwhezMgF#dsV7AuIyD0(u;vHAhD#Y~j#qD2ki
z>F_SOR|lT}=WbalqzGtr|MRD~3FH6;}nD9*0uVM0gCNF=5#Wt5mwG
z(*s3;b(6n&B#$D`4~m(dy2Pc4nS54d(o{DXI?M@llL=7%{28v|_I+D9TF>qas@dYm
zuGm55%1a?;yYKJo
z>WQ}8aY}B(O#Br-Uh{B?@}k4bS%~>#OKtra#@3V}68RR6tV)((&sYhWc@SIK55apl
zs$1<|yaAdy0cfj&`+ty0j$e>EiEtdbw>!t3a99}7e%PpNz0>Y~@g+qN7t}PHf~+Ke
zyz02XFqpI02;CQ;VV5&|O12>Z0WD+Wit8xaJk|6-m`;SpKiA^jJ@MmI~yJ
zB>9q6RHoP0U-!=DF$aFK^g)MoDsUP+^xziVQ7yEkxFuu7jFe>jJp+QiKFWS11skrW#bY(KGvP)dXk9>cIo+Q1(7#FN>yoTo*&~vi+7s{!e?Cxpbn=D@WqF3ZM6868!t)2ix%jd39Z(z
z!qHNkHXxfh09&cEexgNm``|ecTA(;>G;$__tkc3!DWe{Z`#dBw85786;ugS;N$4G6
zW9!I}p`MSHO@>~qWHm7^F0UNYqA}OtI*ud}@xe}a&))Rcs{=TQWp82LG4XW5Yu02Z
zO2l{BX_Qm^cm%r0_~1YdN51LFIzFlkagA5QU~ze8c8kmtXGW=V3yq%?o!2xUh$8Dp
z;&OA^!FX5N+BSdxWl=}OwiVclQ=qvsFlscd;eq6_x2)!6ZNF~7bc3~w2`&@wly6t<
zkaV1^i3VCgTiNEgxK@z)&HxZ^i^R3z$-0d5uHFfJk6>ne+}T3T6_BRGbFLHeX&k81
z``xoEZ=smTnk+lIVdHm3-PN^XHkT
zq2y<)lJ-f?rl!UteF2Y%;8Q>~xw{
zosyPTHZd_lbfemcNdyuCX$QUb{GOh@1qH>B7{H)!68=zS_aeRQzXi~_F(3H$v7HJd
zS#(5|MyrFC81}&lNzq|4jF&x&9oRm`;GdvmtGeR#}ObvR||
zzTflwT#lND(7)b(P+CxfB5jKoTIURFySUoRxKKD2H8n{MX3Cl-Tl<=aNd9f0$g`vH
z?JVnbwmptYIcqkE`BBfGmHX%9+fV<+C&|a3{wvicAN(JFNns92cFO;3*XOfiS+}qc
z$Onhl|4qkHl|-t>tp9yd?_bB6e8*$uf2ZZ_yUNP{h7-RI((xtfvcCpxcEO}{f^D^4`;0Ml!ee`;c+P3~b
zxt?Esy{1MU;+Gs-
zhQ?(OGG^#ZPH`h~ry=&WDVA_dBl4(bXosrGQgN*OR?psMHV3>dwKq-T{g+E4)(KDk
z5!Sbt)~5>j?5tWurY86O42Nt(;Ih<;V~VG0H@oRT>%&iz(4qPyYYID;)Ar#KW~N*JWP+w_
z=1cJ*!VOSI6+pPZCd9p$-#9$FlCHKY2dG1|}m$btX47_XWU~
z_5sgxF7j`PsPUA-=3aLbA|Qk$LZfUEwLhT~{{mr0&TCHT?nh;itH_&RS~HX&{#
zMD7w}J&=G!OmZO)%OC_sbr<7JQpQx1`^=Q~A>%?wZ}#5L^kSco<1ar6zETT-`xLfH
z-T!Ejw>IR!`%gBbI{6Y^Ycoip1w;+spMBBJ;p&VC^I%lZMOnFKBc%phJ7bOxFx0;3
z&&1s!AOICnJpIOGCOVQe8Dh+GHStlo@@|_A;YBJ#%1k67GV!^??uO7oMyS74Ey%}0
z7NTb_8zIminpJ$NHB|`w79*2*i)whf_GS322>&2{YD=>3O<&UG>3pWbkjYR>Vjdl>
zgwxnC?Q}4+(cHp9F^U&_&5*r{8;S44&&ZYUOO!?1?ciB=Z?6Xz+TuS7gIGNkPbZ*R
z%q-tdHs#w7w!&R%1&CF@wcBx$bKhg=_H{M`kGHRZGv+W>XG(~?y%?LBVcH%a9sNzF
zJ-j9xlCz)Wup$R+&VG{vu1Gr4g_9#TR;0roMJtYwlWI(Utb!+-tnUChq_E-g>Xmmp
z9uWv3!^q}!4942W#|M&@#tbj7gs#ulI_e^`rvb4|MGJUENCx%!kT@(z_HehAu9*n<
z!N%bwFRwUgY{jy;;JDJ-eY&olj0r8a{kZt)@faSCSbh-k+a=n!2#^5%4OnS&y(5d$7MXeYg~YYJ~>Q@xq6e
zy1y?8H76}3VUM?l0iLImW+!k)(`IO(B^20c**=~m%2ufNH&~!JwBEgCJny1=di0nt
zQWtoz7uHm?bnOrc?`k0U1Uq!%BZEf_P^O_DRa3;Ri
z=m^c={K2*L!zVyWS*?v6zIYNETLtjG{~{JfFV)dAn#{W
z7^Uj`mVps0*k`Qzm4F|}^PJ?5GCfpC;6Kew`hR$P>#(Szw_R945CudK=@bEJ=>`?0
zQxK#}x;useMI@x9yFt1;rG}iLYv`Dv2N)Qd`G)tL-+ABf|L=V35B4=&d#|h{6MQp&;v4r&SV^JM>2vXh=k&#uu+HW5maSF>`|l5DIfj4to=3sO?28i+c=!8a
zF3|I>=S`eLH|Px>A|LtTM{4C9zjf0J^Vf5*O1=;eepcc_KDQ{Q)z(-%(6@6;zARty
zA}3v1I*G9;(6yw~BY$|N|1jZ=t@UY7`Q$nBxQX5w
zBI!0NIBURvzBp@DVb?N$UJj%-awWK=`ndAut5#u@mJlr-)iEDqEcL+eXWf9&&g7eV
zmbb4**XPO<%aesJX;@V=JOjY59?T*^Pdu9cC4Ec$NZi(YY)Rnc6wVmRP{{f0wfCj%
zTw2d*lG)MY8YwRxBJ_KiBc5~bKzt6s3Rnk*{4geIzFH0>eZJ{Qnv|ugvdL4XwX7s=e^Cuo|8XLQ_<$ET&OP0x}l!O14~V<5*Yb4)tv-YjJBaM11`TU29O;
zdtOv_NF!g_>&8`*cW-|9sB2KB`m7Lbu~COQ(NZWz@r&r8YD?rp5)Yo#i9IXj47ejm
zY3!vSqo8Q_Zj}u6U{n-IJLk937hurit8&O$Jme}BBk4-^yqlw)go=1u7x~=T
z0;J=M>>2LVRjGcQUtlLZiP7fEXajBr)fIWntChSBc&|L)kiixOzc6$La=?c3do~xL
z$*kDBO#z!|{X5Gqppxz==8^rk!Q<7{Wrqg?t&P;IZM14+XJhah9<<+=lm(4qpTbMMVteD
zsa1AFcM9o@e2VQA&l9z`8u%qW!}vdHR0$=foHCac5O2DiQSk*fR-8^IH!mjm&zw+F
z%pbFI(pYx1q+)++jth+5=0J*+!
zzF0BnzxB-k>wZjrbcNmG9Ui7qk+l9$Zlp6c-rhKCy~tvAx-OV3PR55{>vbr|EGOWbgp(7pouJ)T
zG^jcJyctC;5(46^Bv^9Q0{b78$wj9mA~6+xW0~k|HJ9ke-|N$J5zA2~T72hx{$>^>
z8U?Z)G$yNUl@krY6{KGwf1OPju-BGUlt^#66-wRwZ#<#IAJ~Eh_q&u@P)(heC;AZl
zq$as027b;R2wUokPwdM6TBx=U%CDzR-qWRHt{pb!Qv
zZE8whUpM>x`}Z4eZrIHwlJwvIo-!IGn4vKG=q#j~M2<_p?41~uWa
zjj0N;*WSB>OQEuR7#Xbf&yBP^-WheO3-(2^*M4s078WQm
z=4yVfraN-j5z}RS>m1j&nZI>3MgG>+nP1k!Uh(I!e_8)<`##V4je^SO=ugD|DZCer
z>*et9a_LgTBx-I4$IU;^1TIZEshD{M59_hNI8k<`5Km6>y
zztxie@!xN9e@k%;R``Fa`mgI}#{UuY?)#Si;VI|u|M=?rtNbt0ucY_S{-?w~WvhDg
z|ElC=%Wtf3jA)l5O|I=G76Ny5N29z0St|;=?gHw|;X2IW^HF@&T3x$g$KOPkQ-{?t
z?QH(u^mou(t5;jLwM+sS?zl*9+0j*;+Ho63D7#&p3i!*STzA8nQcsgJ_IUhi7
zy3j|I?W_2BISo&U`BWocXN;TW!%|ky*4*==`<@yAD^k16v_Ft?E~~79OJ;8`HwsOx#JQw^=+*e*
z-l`N?o>6moB_`=o*8V_byZHhM9>mm=Q&}xtZVnc98m)pIL2uL_9gC%nvD*>%@9KrD
zV9fnU0lcs!lN%8zF(iKx^{5}b3cPMRNb=eUV@5gre#S>dMti9yJcImN0c?kzIO`)Q
zmY2z7Vn8*HNO-yB=S_l%hq?W4Q&C`7H~YBQkeLei)=n#Xcx0)Hg~Nh$q3eKR@<2z|
zJInqKxP}x))H>n;3tsZ(8>U_UOR=eca8C=qGi+d(n$(2&>7hf9DZ@AUqcg1<5*$DXYbB7hD%mae)_cJ~X
zi_e;A4$`S{!W*m4JZA;c%6FYehn6}khbHgsqS>UOv@iBcL)cQwLJQ=wUx0U|VVB57
z2p)gn(hz2Ma)3-NgeFBB$077wN9pa4p|m@9{~C5f`~0F#CD76}Lqg+R^igf@^_eU2
z5GPnNtlBLL70I<6n}vD)FzTSnDd5Ia&KKpgc!G}P>PX`#cY=w)8s|GwHaa3-!2L8W
zp@v9m==#^021)SDEm5icVY5)tPBneH#dd6zO{X6}sE#MPtVX3y-WX$cCH0bE_fcdd
z*B$20QkXXye7Ia*x|jOzu9)3+Sxy%onIQo31T7JCHaV?1&6EkZ3d?
zhP59iq&QyP!c&4rEjiqxJZN|>?e3iWrcF1*d(R}z?e~NmE*xDNoJQb$mGEayoiAu@
zn#xD7(sw=Ykn#`*T_-psZ=rbw
z7}>wewCnimPg+H6W)AFpAz+(c49_7qye7WTX2&)1(fNXR4|y(c
zd_woHItqgECrO{ce|RP8NBtVj$f%bJagM)owgKk6$w{a!?B#}0kAmAq%ncvjJi#Y=
zU9Wtn|AK-qxC15eXo){K66}$GeD}w3#GUiSNe!=Gstq&)2`{J#OY)f?|5;@xExXaw
z3f=%u0IJRlt5#D~hZ!Ya3dRC`#xm6lqpJ`(iKeGJF}utdy^SqZpY@OMx62xraRK4F
zcISCVM2^fEbj7@{azapC$;xPd;B2eQ7)hjP=Od{}rl$R-S4nGE9;hO9^#90A>icZMDmxgLS&7Q+h9k5`k
z&-`xFvcWo)VJ_wsi=0+tDtA&RYC2?R>T{-EJ9$6^+f9(N6GX;YOatYt&p&M7$NThmDs5{o=6r@zpB|@{HMoK
zvW}}y6KrR`kE$K5zF6U&cRyjV^8mp(BSV!rC2vZj60sSYk1Nmc
z6-M!Y#=pA)mwJcQNH^3Z8`A0`!}_YkeM&h}WHG^z`}NrJ#n<~VqHX#N6M}kk1b=Y8
z7IeZpkcQ+y@B(gj@P~=sFG~rHXTGiRo;~T$VYpcehVx?yzkk41{b(|2)2EOF%So70
zS6~y|ZbhILks+V$_NKKavTK=YH6&ga^>nrA*%GnZk$$Pqh>MD?3s5nW>B08inbsGB
zR>RD);4Vl_=9kSHQ^9nLe+yxpPZ!_8gaY79>_b&63~32tk*n1@hw6X7Fu(B?Pw^>D
znQEu*bu@8w;)E3IJ|S;q*#oWxs4;{Kkw5R3x{9c3NonF7&QWdkwGRpY(C$}Hq5J`6
z@>DwGW3-9)&Wao5Vz*mi#_LnxK#T9AmgXPdWS&32hXOYxQx!V|Q-3kcS2^ontN0@8
z_4y%wwbGD)I_97ps`k@?bwiMw13Tk(<~t!S<8BOBXTRZ{6MGwfzM>a-J#h2>G}1Tv
zlO6t0N@8DY^>c6Yf?6FTM?8XK11C|v2G+MgreYt|xwz0A;;-~aRbPgKrOb0JBQev{
ze{}&T+O^hU<~|r3I|gS}InULJh64cyD;ZqS7fs)=bwkeIdndO`+F`O9P}RZ>%-Gz0
z;}v(MSDPS;Hd9q<6-j@CtnvPgXJN!1ItdPQ|OYp2Ju=2t-5LGBx!d2cO)*!SUsg0!#?qx{*3ui0+DKZcD>tJEB+0
zwGRlEcV$x!VumwUu-)db5K=dYvT4#5;OBwV?N4>r?)b*Q_LP8jcOAm5dq9}KYry=Y
z?;f(qI(uDnxH18ar~;+mD=YY=q*qr!ED;a%o~>=o(PTQ0WW`tzR8E-U-nM!%HC^Lk
znagk(In4S$>PNW=`glrQEjJcJ4&wZF?}uUsb_9d4m87M}F5NM_*=i{!)|ltl`xx3y
zHTj}uKlR9Fz8xm%|ep({XH7a
zIHr*r>5)CeKwr+nHRxj2G@K%8^lYS(HzI0?(YaS5m?p~Vvtv9j4HUy4FjW7xy~BQC
zEVCKKKrFtVq7red`vbP76}iT7?SJT-m|R^UQ+O6a1?g%aLd>s-iUsj5(mcr=-nHG;
zVR90TOHA7h3k~IQKa4T{G5w;IcXED7WJ-#(Br;HqmDfa8jEUUQ)ZI}awlW{vi`Oik
zP~VycvaJ2#uCtJDv%Zp2$O>C6@g^?xR9siG5POB&|9hPyJzp+R2qAUFY)DSHaa>hJ
zwWxSci@ct48j;|XWzI#X>{Q_L-~TJNG%yhRl`G?Y>kms=1VI96qcBu}jSX8tLBX88
zkfNgEqETO8A1OJxrk2)67Z+YQB&+D}-+@bE<^LjW%@J?@n`V7h_%BvAFul$0)BoSO
zjeA#TK=A(sgZunHm?>tcKCehtYyHw=$Gsnu76)L3w{3&A0Mck3Cn1;6~n*B2|AG_M4U4Y@_8)&i>oU%
zot9ktl`w%brK
zfiHQASmE{5m{(l-49;NR9382>vFTy^t+)iA&oCZ2yvg!rLb7V#tdZf?+kVJf|Da0#
z<_N=~93{>7wTIt%t0}nyc?7
zv{fIT5pl7YUx}&uHAY2%$lY3qon1Kq4VkB0#clxIMt|wfC-j3&a*vT?dFDQxZ8)v7
z74T~}@}?iIpG1<3-yQQhpSnj!%7&gsKO(Kg#AP(?>eW{L782x*ec4
zewx?+8RCs~?C{84%~|c{k6*%_dsuV#8ycCuS#_hV@6
zaYjFLEMJBB<)mbEy(M;Xf<)YaC3!0fU$SBUeTyr0R+M>@Z?v)TOBSw;jWsuUm(7Co
zE1Q?z+{&p&p8j%FUmB#jBlmy7+zh`w`db>>z8s{F``z$|>97Pei3`y4{TR3|Uu*01
zW^U*b#wBWXELJJ9Qkk4&mtu%NG{fYUA(%lwGW#-VpCz$0XsemRxihSwq(Y9P$E6}g
z)$GoNq)2y3-95e6<`7=VCv3P?X|+&yMyh>9H3Sta{c|Z{AmafY=7lFV@@+MwU0QSq
zkE{?T%@YE3k~OK#=Y32Vyhb7mlsdWV_9t*U5i2m~BsPKT9WK5!qSxj~g`s8;nFwg7
ze8q*zdVS?jFfn#>HRzq*skH)7I{Qdm^=4aN>u4M1WbN*i3_$eC9)xbsh90Cv8y$HX
zJ(WgWeYatvXJ|uXOPnMn>`QL&_M{NN2vM$w9E<;IIwMT7K{W}j^C!>Ica<)jx6w8e
z^D_B28$NXOg1B|~Ze
z)L0WRdlph@<0_d^)GnXK`15i%teVt*v@NK)ln&I0SZ$#?tWIu!8+g~T_${S9nUY#{
zZYABMr);gQ6u^&hYnwW-+>j3r>W$AD{?y)hTvP64{yw8RTFjnlqgwn7-V*
zBh5_eaG3%mGEg#+=|YBl6l7P{lRZ4jIqI`~%7m+B+mvdI-5Hva|1r7f-X1L;DL0=q
ze97NE&7HlocnwP;{A*E}s)GAmo$2zVLgyVv7HrQQuFfarEWJWIIQpHdN;KfR8vvh(
zHh*@hC*TV_Z2uSWNB)rbZ#rXQ$9T?^k3QAvZ1J&+hUuCJ&_$=KuGge|6cSfmuN!=x
z_3<~;8wuBk4soE#C)Yv;SszB6<=vEyMZzX!W3H`9*lJ6dK$3sGI3W&-gRJIkV4p-^
z$r5wm=L1hJ1_>BLPw=^GR%U0W4R1_L`bSoH@6rf;it2XFYfC}?T~mY4PL?=MEQjIG
zrIa(n=wsTQTef^Yb8Aui#vXcde7qZ
z9H164yAp6ZDaRSe1T!Dx-<3CxZAMq0ZZG8rihJolr*Qdmz`tyQ-ocJv{v&Gy6ak(*urdnx
z+4jNu(iNYc@ASp>Q+;P8xA5rH75Q705K$F;?%CrXuF-<)VZu@t+8bGe7x26h=<^TV
z*im*+Pb2RizBURC=!x5BgNLo!F2=kJFBi1IrEZC-sFHdfDr
z^_k>B!Q}9z{EF>Qm6`N0$!JC9iUh~(mAaRtN%88R4KglY+`}e4@+I?X)dRiw#G4O_
zV4rL{BFxEQD@ft$?I=5&RWdCJ6@&HYkt?+@;2@S~W{Jvy7z05=lYfNxJJERSja?vKSnIEHK#IuWnCDr#i(dou6)i+OatVt_SuEx)#D|_Vn6}?WSzRxI=_DQf^s{&{Uoi<8a95k%RkcS9i^Eqe
zhDxD^fv_$1mT;)AF)7AFOIR}7r;IYuLAN{rOGDs#BXhtk_1b=PFp}cf
zi0p9Txvy}(MdHC=+Z5eqwO)t^5nt)a>AtQNIJ|M$Zsv>^VEQP!*CK{kIPmBW|Dq-R
z>d8C!+hB*mtxy|aF-I_;y*F+%I864Z^Siym!|R^o&M$~UJ|9l~jv46w{BWO}x9+*G
z@%W|HTt*>X%_#138{5|n2Fo2PVJLIcJMQr1cTq+{;7blKPHcB7;pLZgHZy5snWz)+
ziZYcZ#o>Sze69D?Kw*~~6c$PFTa(QvgWxp
zO_ZlQNhRj0!6+uBd41(cK`8)9@IQcfSaVT6+>fsP&8SU)>y&v%HR67
z#VVoVk|KRglqA=qKLM_)$&sFI<-`Bko
z7gMH@U!^yOH^??$OsG|v&c@bR|B=fJt8LyZ{^5>CE8mDt8Rcr+)BudhFI`s0~?RV!sCI=Lk`d~z`T
zbXTBIv-4q{UgxiNn66?}%tg{;Z`U
z$(P;D3a4gNV>w4Av9?fUkC92}0YV2d>Q&u1>gcr8<9?yX8@w4&kakK>K(-
zSvjUfNVdcyGKO!vemC#jJUZ&JH8Z>O4ilEgKQ_RbTxW
zJS5ys+_|!z#mZfxqGn$Rc2EBEQSroEtUB$I$?C;wvapY6j&Z~ruQwIl`8%j(nSMS~
zV-=XWmCT
z^~gu+?l7M(pZ_xMRsOsl@&Ur;XHADY>9BITzCol+=z+?lXB$+=@0F=zJBlGrQu^vT
ze`R7wW_lReDK!wPZ@Ch!@S4C_p)QZnZWfE~@>LKK*Pb5kakFXuYgS&4TpOIN_CMQ|
z-RWnqEYaUqLTK6D%6x=^d^p6TcLq0r?Btaera2D1@>uKIO@dOEm8pbY=M8PVnE3(D
z14p@x6q&zvqmEm;$pRVMx0>k|hy`wl*zWd|&2}kIDyykRBh93^KN6YZZPRK++K-a4
zbfSC(|1C14cc#>F$vmkg&`Uuz>Knd6Uz~J|_Fv9Y_Kr$FkOag6wwv_t^nB9QhGt#@
z@;oEXj*1T9Oc3O(;zVdQ5i>M?+3TE7FiOVMQfzUFx)Wa_aaim_MV?67^Z&meQ74)sxV!%Hvtz-eJ*UwZty{aNaX)m4EFX@vxxJ
z=&y8V^tSKs!OWn4kEqk_$2UGFFNXZL=nJ+7f5cd4A-=vTh^=gvT26&s?WYNwbmNoW
z;&~u^h-V6#C!ndp2fwVEVZzhe3_39wS0YW?anh8MqpOeA(1i8jSIW+}eQ6T|5GTG#
zar<(?@(#3F$Im0i!1qN`RIj
ztAlRq1X3sV#}Hp=`~aKgK;$t2ik8(yuS6peqiGVUc4fom5deT+2<6`1=46dU$ZxNT
z^PfM1aD@c}Z(z}>^;`kHK}^kK+({zCX?ywX86s0LvJTl7V_s7S6z>jbonnMuC(XFg
z=U(LXkqZ5VG$Vvu%W_3VqW9#}jyNAfmLU!fi_*5JvD^55NhRMAF?xT*bb&d%#UAoT
z-0FRQHarjfGCTeG1N>i5
zD!^?53Ma$SpMH{YUHIQ&b$DA->>--s>g4E{_jq_}od#R)U8G387Y{tzSgI$F+!3m}
z@eK1-GrF2iKJbSBKd<*Cd%{3eZft%CmpO2~Q{l#olh{jgum$ZCLl>7=h2pt&p6=G)
z2BO9IXnK(TS%Yh<+y(*bO3RDW2^SZgh9?dr7&OKP`Sh4fNzq}dV#E9Mx{s8?O)Pvu
z)h*u$c(rJN`G^nkjg6P#lY*qTP1|@R7Z3gaVb(Lo?gD!DD_-`d0a66^RIJqiOt@V~
zqF`L|&ei9>%}Z;>{;9Cmh*2+=q$I~8ml?tX?$#7~>?bf>#M8!qFUQ;@dPb*1r{V|X
zXn){^i!aWP{uT-K8Jo7Auvw&;Jrc|SwNBX1q^W~w|I)P=r+YO5P8uX0w1>JpJ6njY
zT0_bDLJkU;UaW`cktgw7cgH0G&EqrJM0Tqq+Y6sHIwqghbFz;OPs!9zX2_VLA2NME
z`==Nzxm!Y%aY&;WTsy4C(+Je@_aS2bH!os26&`UiR7}#AWXOT#n+lk_>~G<0+mW9;
zO5hYcJCrx%jn`O?;s-$ZbuxD3^N|5=J`2%=Nax;+kQXvyX~_0R3EcTozFTx6ZZoCY
z4=dbOV-5J)aI00Wp^M0h#f{Q72O(d}Z^=|a&Emb&@BFqIdJgxkPnX|#1(*_Pg~SNe
z*gL76BV#piD_lKSD(}VXS~0v_E7`R3i+)&gdi;#tko|ih)Eh0(F}vXk9V<1|zd4!ZcWB64=3-s_IlL`es1s56
zQEH)|@~^9avL4%r^5bx1)SkiSW&3pOnr0-p$ilJrXkT*4{y|=FTE!FK#P0{!K1BW9e9~=RE(+wakz>2%OzU$9(-iO>*9!=Y<
znOdFQ1TawBN6!oQ%xwe6w#~)D%3AZz>9Mawo!MBHaTj{hC5VXbAGEm~&wBeQJy{|8
zrwx6*=}b7b^_IoA{1<7ObH~?r6^yD&nAAhSt#H8AEMY`|P&$l4lF-WGnd!n`Xj8vZ
zMa9nXqsha|Oi{Jy^<$j|=N3VA5bwFa_RT@%ey4OIsMTPP`B#bN4HA+r`3F?*u%IPT
z`|HZze{oJaJ)5%nG!>1zgodMCdJf)CwI7N_1;q8ms-(@GEYe??ZNL2^(=89!)c8#A
zAGGA+ve|Y{x5D#v;P^mXq}q-gu9lvC0nZW*SpV3^(Si31+URB&iA&}c*RmpYB7+&j
zqk>z@a>;z)>r~dAZIdSM0{6OWHUZ6><==GqdCCzi>-9PYwV3UyCLUJh`vPLG$Y*
z73Id!=#$dn(#t-P!0`Cxfzrn5^%d&!z~Aqj&0D583iH`>iKTe^+lUNd)^!wJf7gif
z52@5xjYATld}(r55YIG$eLM>UyVFeKgY)aicDKD|GhV(U@|#V6dTQ6+Wg{~v|E!y
zlF@{-wZ*SMT&(U3c-vr}6Y)VSC_(gAkT`G0mFD;|^CuEF+`(+#Id-J=f%rK_}U`HHR4KsY?1#bKM
zFpK`5f463;76SD$W+;Drg5b`oKJ=z1zJ2pa%`?ZneB<_=E#%Sm`vY>^&n+H&r*n!s
zdpw^3w!idQRND=Hlv=hwacG>s=tO#d{sW>$BlNoJWXj)+7~pz==Jqnip(5PKrX7~2
z#UvR$c%i!QJ)IvYQ4Vr~E{harc{Ag`T_0sDul2BfiT#_Wx*vQS<>s%CrJer=$f{lr
zIdD)!v=Y^r%{nqfJjq~OEoJ%!r+a<+uMms~#-zZ4Km^SHhUFjo6Z0!PF@n_1@9jw9
z>><(&i|Ld+UY9NL3Bk{U7oP{qJ-F=PwzCX)c2)D5MWlmA67a?sWm0F>!uuB!h1i@T
zUDs^A2!D1KxL7X8JI-IeGVVXi|D+>QZHXU=KBeMPEjku7b+2T|u*33o1^&!xqu*dw
zZv?7UoZHY$UeytGh9hSEhIdenlcAIQBNa;9K;h3nu|Hg~AOcd3Lppmj(F}~;{uThg
z$2P_Y=8e6_2Aw($A7kt~q;Rb%Ka5akQFW?xTz}^UVdHf*wb|aJ2~AzY7#{lvsuGrK
z`-SqLfq{?noEk3n$vc4OkQ)zu9TxQYMt@b|JMau?)a_#yX;hROcrfqTF}xt!EzNDH
zeo?}n3_*Y`^3ST$%K2|b9?t?{oudb#xWB{@k3dn2O!$4~$mP0=T?vuOqGBz1BsB~H
z(@TTrnS5w2SI`9)@JSl<&m{%HQ}0Ol7bd$JI;evgsj+|Vt7gRNh?JC$f0>rXDG
zwfpHULD;&Jg#<7$7dJBb?S-BZaF6x67wPxM{kz(qHZHB`&R+t#gU2t@Teb-W1lvMrKXbIZZ97X9N2h-G$NkHt%o@Yhme+bDKR(v
zYnog*Wvb|Y_uHiiz$&*9TFcw(BJ7FDlhPmz0XdUDHNUpl3Y*a9Rx7t`@fdSQpVaSi
zZ8|K6&y%-HU?}sKDVYY0Qia{w3in`7s6;k@DIn(^E;|f8-#^nDJQ11>SM+>S2QEme
z`5A@!-f&A9oCtM|O(itZYQ@vux5dX~G7}8mZ!}wF91m^Gtu}FV$!Wf_VkWlXIlnAF
zcz<0YAuNJr)yfe0yikaLX3zHdp@l%Nwstc}#|OHPmmBiF_3bO0rw7_ph$p5^OnBtH
zaq)QOUnk|r8n~<|L?dK3FATan7aWKDtc578FslI@m>
z<@AnQmZ!1=O|@+&=Xl%NY31qBBe^KyIIch-cJb|~S@@c4qaJ}v>aS6*P;XLw)H_>A
z+v=fx1I6t%17ih8vgf~<{#pZAqOY7x1JHqP)h*E-|C)&!ux#dx@X7iU~KY$lwqeTKK&X{$z#eK0cO3bEl3nXnhhi7@G_c-Sw>A0VluQ)fCQ!hU9P
zNKS)Qn-n|anBPw4@!I}^FVX)&j;3EZM-*f0f$;T~6N^K*3$|R5cnHbuk3Bs}Or8tx
zt7BQK2eqs8+rX6v53e_L7r@7~R@(yHVUG#{e)K-$Wn2&SSz3qkX)+G&dnUec;Nej?
z+Iul43W@})X6#h+=o42-XZHGSP=P2MESk^vA~3WrT!9&2AcsL}mCqJBtqO*wiMATV
z%?5AYd>5zlk8A~JY@X^`&z>{xzJ%8xF9|Q&N$n(03kN+UuUysP+HwK4<$IOUg~H_)!?XdT&&rD
zy-;s6w`-=S&K=CVpfFPN`c>MGQA=!3erYqD`CAaNnElh?KOrZIP3JjYhN)xq=cZD(
z&iL-sxTG#XWa2lF!?ytEQ5@C#Dep3^e~>6+5nw~mjPTNc89jZQ+e+1gOgsOm7gpde
z5^gUQZcGY}(|f)l?Vj~0LrB?m;BO~uuS?|bGs7tdez^EeM6-ICm_RlIsUJ30Gccf@
zR8OGWL%L8$Nrq$15A7RJf4}){npanTo)qMD}8|EU-jf)
z*{glkUM;ONRb=I^t+jmE^9vl^T*atgexdD2F2q?<8L_s`qI2Un%;#Y#9F_=4t)r)g
z)vVM9dhhpaiC{M6ly_fkD~kWTpg0$ZILWk+C8v)E__-5kziWHnrXu5*XG|FxMpeSmQP1jIQ5S|?6{Z0U;FN2K*>xqq!mM#
z7S$Xe?tq}rb_e|N_8wsQ!5|M5+O4{rc6;~o!aTJYK8P?@{m)u}SN&su=WWu_62k%n
zr5D{iuY$*TWGQ+Cqed*^Z+#g7Ip(3r!RJn$E_q0Al7&%NEQYq6)4%s?6-_{JaZ4SC
zQz$%O+{(hoxb5AkpA~CDTws@s{!vB-$B!w%orO*&%siJ!#t4LRpZ@*Dfcu9eT^!EH
z%pc?69E2otD)BoPWxsQFl*HnEa0J&@q?v{%t)ov$hSGPp0Y5j|2!>SAiZn^F5aOyn
zm-cT4@NXuk`8>+0hcq?PR1hmKD8LaV>~J0b@M1jn$*}U}QNw7IN2Q4Tccfl9$uL%b
zeWK0w6sE(_EEyWnKHlC&5K3=%Ajms?hm$b0_$sZUcc-PJ+TEr#s*<&@#;r&7#Pjgm
z%H!(%zOuYyrRv4?$xjO!su?u$X_@*LsM@%Av7)TaRvi7NwXGkd2jY6*6N~BcrKpD+
z{l_Cs&LtIDdLCi}jSBGjYnVv%6(TLGaTFdqfY+UMA^!M-C4Wwd2mMDA|l{glGj$+9>Nx;M_&iJ%U
zzdtL_D3zgdbS&2W!;3c~lkPVgT7j0m6KD0hi+3xP6UeN9qVrrFcOM@yMx_H)%T4RJ(${Pj&-<%I@F6My2ZS2EFZ`OE;{p{%%th;O2l&Nh9`tU?TB-pd8#9*zD#rYV0o*}QPdl)|WwAcH&
zr1#FtzU9g5lv^#XfsWZfs7+iGa{APx=1J9Yk;Mp=i5&7H+YqNf{~R4rWIw#PZP>bAr5^jOiQNI(|MCk
zuSv*Khn7VRQb94bJ@6P3Q-K)m-NjW6>GG&aRj+5iUeZAhT?v{!-#;8aiRM8-?cWA^
z?o`lmVd%#kALV{~&eOO;WGKJ7XnfE&2!o;KE5rzMTR@QApB>DWd3sU6zArQ#!)YuU
zh(%mfTgS{V@tXDdE}BNv%ld0#H6@11M;df7Q({C#s&HZu>dH^`czi}QzU|rAFE=^|
z{(2JR-}5odhEpy!$2)>P*bW(Qdy6KL0W5&X7XEuZBSY5C08mGy35$5Onuku47sp+^
zV$Om}D-pN?g|E*os?Y4g!D(`9
zy%~`frJOuHep0Kt(ch|~#+!l4&I6sB$_=mWa-HYtBN*bq8%qBtHq=6LkJW%q*
zE1Ju<=VNw?n@tb5;C=eb8GD&KnQB=l_CNw}2*^9!?%BDAj-xKjOMd|Ln^*mRie!1@^U^-C9D}8g7tGW*D_{=y;>fKV>+Q?u-T_%ZA
zEtiw}`EpH9Y*Nv<$1lGIPstURKW^pS97fsw37Y7Ph>fY7<0YP|UB~ORR%4SdC-@eL
z_sB{Yj3%!Ey9K}4$@hB!K02OJQ?#ce9{yYjCv4@8uB{8dMT-gZ+b&D*J2_fTr6Jyy
zDCe&Aa@V6*_|oURN&?U~bpYYJcE79Yn?21^GLKzq?AsX|Ytfm5f?15}57qI%FLK%2
zv95hcOW7$E>mo!gbX{6^>J?$w8VpiWVq@dlx&r0C;b!A?9748+6f6B^W9RlXax)G9
zd9VKr=Ux&rj7QR_KtJS-J@=y;*TsMU|9ac`h-xa%moOced(({I;H2
zAloQz&t|Nq06G7&VcqO*ddu@eVh8-pCrGEIuyMsGZ%};6b
zmifJSoMhyh_5m+nl4}}h^>3x`2b$uX-JM81JSbsS
z!f-Ixhqg;32FJ)kB{C4s}Sabd2wFeudErue5|ZDrA&BWE+k4FU5ib*>>iQbT=}pCT%!5pIACQ{?T7d6c@b=v|jHF4!k8#GMJet+O9qg
zVIS0+78y*Pm43DNxxC_Sf@oGoSz+(+e4-@%_{N#m)9+;kC?Dm?IVAD86nyWsol(GV
zQ9udHY=S0ONNl(v_vW@M9lz`+P8Ku84p||IWUlL3zwY6e3ijQjUrAv+HHj=${ku8C
zg|3_z`%Kpou-kKNHyV#A*8UnvS#RByz7x-MEp_@fM>O*>wwtWPCn76R)-m&5&5xBz
z6$}uygaFmQf80`tJQ_d4S&G?h~Icz
zfh_Cuy7ESTmtDi2YrQe^<+|%CRBL@cab{e`7Gdf9izq*d-EFVOzFxW?71LKYWYfJ$
zPWDBmqoj{{Aj_EI$#ALHOC20d(U!mv@@h2db@fh^NJGb1{!>1kCrK{AHy8WH&s#&w
z8?kP>(kolz>LjQFzW-QG!l$Ya4N{8x)J*W-`%PUbi+A8Szb{6X^^f~KacGQc!t8Q!
zCwtL8Pf_Sh*#mBdcFB}YiCd9?HCm%VvB6bi)sKZ&LsHIbe?tp3q7CP6GK7x_c6!B6h4(0LcDzHA
zoh2e7g6O?0ksz#IqONYmk`1D*vU;!4SNm<=`@Hvi=Z`y|d+*G>Q_eYazVn%LrY)+>
zLt=?bZcj$xyJPgluV%D%m90HPUjC+yElku(PjY9{ZoUt8)~v#=wX|5dGc_YW9MG5k
zZIFtfbo0zhP>bE0cKh(V&Q8DggaBjpHBs*o1*q31H$T=valnzy2Nx>KBe7OJl}|}2
z+aIXlq}{oyo=UsMzKAx-c=&vSCH>U43Mp6m`&AiI>;iV2xDN+64S3&q;2?*{@@_Z#
zm~$qY_UyUOpk-CLEC~eJ2)}jllRBI
zZD%|wVsb}Md%cod{Mop)k$a2@YUBZF?ZM07Hk_ZQc%QTzX>{#_8x1fJPp^B@@Ox_%
zj{Ub6>&?>UkPI`UtoI3zuYr|fkZB2W=
zMoC^JP(N1fe$LM?3hJ_UBUvRm%eEfaNIwwQzS`uy`KYaMauyafz7Emav09HztUVC4
zI2G=#B2;i(b6iwlLmEK9$5sp1Tg7NnBABn_M?H5gh!ESo8|p&{MEu=>mOPhRwq8#B
z#`!MXy)`jqE}={6wzTd}<}+QrA@fue_+c~F#D?x2;Ufm|1*}o=J_&FVHCh}|^K@E{
zax%XZQ*m2k8zp)wS>Nn5g%dLcbK%t9wloLpUP@=u1sy$aQ0zM2iLu>i>AC80i(|NT
z1Vi)`j6YRrb49Bj7{zI?0Xd_-6I{H)A_@Uilxj})PG~=Vj2V*;-KKM+wRYwadqC04doj?d&=5qOD2rFm
zSV7&w>XhdIPc3Wzd%7H`=_-WZ6t87VDOKXZfz^y7y|d^>=7VKnG)G#ZJ!l5ZMnDW}
zNT9l7qXgU{tcM3qyK=g%ES(5@28X|8oS!}9y#{idCYnvBI+pZTC7$xgjf!@Z@hG+Fap$**!yrK57CP~xihnC7&dVE`
zQTxkNQD(3(MzK8H*vWx*bI=k>3(f)d7bvn%uF~oP@w`?e86uy43RmPni*Q}c#`cKC
z7i`u3D2ZQw1=%UjT-|Sb?(q?q!7(PC+&Um~`Dl7>;OmkS`X^$iCwQGtl&X1^OlB0#3DYNL2BX5DG1I__5y$4qX^
z)KjOob+e<@!uw5D@Em9H){NSnnrMXX>K)`|05uDjQZr7vwlF^%@F3-5`$k~scT1wM
z+s>Kk?ahgk4RjQUSY_h4Hd6K`g8MDKW~Ft)Po0cHw2(Dh%465X>OhK`kRi|^lXD8m
zEOW#gXBU|EudKDuxAdlS~ac9nHO0RheXyTbw43G!#x&QcbU{U6a&Zq
z@rC${vP!-ioKq_uo%39FoK&vCySXiP2&>7dH_KT-+H)4shIJ9YmV80nfn!wZfRZX@MyNf}eO*{(Q)CQ#Orx2Zuul3O^%8KkcN?l=J|w6)#le|(M?AZIojap9x5n-#
z$lwTp-f^)iU9b)7?q#T#r>s0!e}Q_@Jo9d|1TdR2??$bQN^`s)oH;0F;f87KgXw(P
zC7j5SuDSkGLV{)bnF4UhGo{mG{8x;sp;8BVZF)9n@;R2)R`}2EmA@!n`LK%q)-ziG
zgC6hCD2V#rZvD2cMq-a21?(`7C821%|~K6^mOG;tfyeC5^Zl-dR26wJ!H%hyu{nNQgONbA@^5@O&h
zEr2Q0{{wvIW^)wg9(33flb*ovyNZ%fP^tM5!D`RuH=%Cx_~B8S({e9rF5~yTmR=F|`B0seGOK>X(8jQ2_=JveXC&sa
z9z(a!0O^#<=0{57c?8S$l%^ll1g=HGQwwn>vv+^685lJYPS9g^cvkYEWoKZ#xOKJA
z53{=r%>;t%qq-(oelR{tjx0=;{<$!`buxVo9|y(WT>Cg0u_mifJ#`j(+Qg+L9nJjx
zgzks2NeJcHdBBmCvuuY95Eyx4kP6RLE%g8fwL(7sFlA)PgNa;+?2OS>|p^Xg(>;c|NiU0GrHn3^RowXO4Y
zXLlSZjJ(*BE3)nA+1tArMntk;hhMR8RV%)5o2ze@m%!i0ykOl@A--tp`zynLUi_WjneX8KM@arkrMkkO{@b0nLrr`Y_~LKG;dv7X
z)u9r3#X}cnvXkIN5js783S6Kl8WfWzTRD%jrAtV=D)w=FK3y-!OTBwKSBh(Vf7FN8S
znK;qUzkIik9$`8g4R)5;MoYMeTF*4hx=-`w{HGsVgUuJlVS|W^^>6}idA#IrTqMJW
z#fgBF_)~`cpW^f@qp?|g86_NZ-h+a&0ms*#|oENAqoHoS0>5r}Qg0rX=sSn7oT0>)$P|nS7TEryq3`-qQQ#
z^y!GY<{KQIaAt@RjUHiT?X$epXUVx$(>vMD4lDZTY|Jq>Izj`|H%`QO{%)Ep#*K%l
z$QcaBdLxs+S}4gCmFL3sZL085OErbVPVH14yz7Unm^Nj2JJ4yTU;_ch@yk=xIML?a
zmNrZiJw>KBV^?nNjQ81L*lvbxPkBX-j{|%;`RHnu!Hp*d8l
z=mR-9iK`2swHOCc${5d!{;?0^q+i79+1tTwW}Bqg_h7$r#=S!VlNiknXW#l$2BY_u
zSmN9`B7z!9qT8xWB{J9irieMSRUQIfIpq=y6sdVdb8bFBIo&wc)vjy>mW^~C)39g|
zY;Q64K1W-HGILLJnxH*H*^obVFWM{N0nLT-w(O|a&VwyE~0ds;OL2K7r`TD=7)}x!QD};`y5k&Z)E8XG+KGW|<=El8eh#bEprr>}G=jUZTXJ?|R
zIo>eo6>pTPTo^q&-q`sTXSU#XUH~Tj^~-b0p!K=}I>ye~RE>LAljf9JGX?Nr{KSTM
z+mdKbq?B^zxUEHQM{31tP(g&*aG+nwWy6!ONbn)bEbIDX_j*WAUM{Jx0404gQ%(yQ
zrY+>KurHZ2eJ!{QCqMhB-U8OQZua#4m6yh(#9fv#!`t5;^ZldIK571nY#(H-=WtM-
zI>~L!<=%6-;Tj~Lj8aj2;VGZi%u*SYHr=+Wwooe2q~O*%#9)z&2%j9r&fYRmHj-xS
zk`sRr@VcvzqAF9_ucAzJrk;-CNDs&eNVddz|S4|^v#3>Uf?={=;`#1As>>}_4|wo*661r)s5n3
zKaI5P+P6%n)q;e%uXGM(@ISm^G?`g(B}HSa}o(@H*92v`Cm7Vs^2y@e*&B#&a|UGGZ8a|S{uR)^~K
za|$1)Iqy6Uuo#0DT+ZD!fV{;1;aVT(9)j`M%&opcU|kh*NS~@76@w8E*8s_=Kiire
zSf*@_>bW6aJ
zzMDIaEU%nheknF?CEs42%N;7HAjzQEq>$Ei1F}QkzcADQk32;>L(BBYU9fWS7%MLK
zpjV%&2wX4O1bCOALSL)1?GTLLY%biPBW_mzx41=;C8*mG2x5+cm73_doUa*Fjw7r7
z3e!e@I|-g)wjgQy-(UfT`Zt-_lej|wmkj>ZlF=PxFuUorP9$#sQ!
zZ&64|-5F)*F(V_vBJ-}PSrWyXV;U0YSLAfhW+;}$-{L*GMw6_gMhbSQ+8U(_IW4TW
zoMXR163$9Gh|vKDfESQWX92q#ieYu);7Qd5;P0gG=Ppc|TPb+A#x3ve;dgws?2-k+e16@u@Pl#t%bhVpgVB94=ICFxq?nZ~-5w~t4h2IOc#3&t!7%)D4rA|H
z{k1H#(sN|4)Vu0$?^wDj>?|HH?K~`FJSNE<5WR(~S$0jWJ*QkbbEQWA2cDr;)>Zwi
z$aJVz=Y)PjbC)e0;4{R}o@q??VSJ9DT$57rT6
zb#t+@9UGp!cG70S99G@!uN#yIq8X%{UGv&C>m;OcSn5ZPJhgmbAKz@~7{NDT9P`Z1
zNLs!5m$R#8^Y?A+%#3*?fNn29dnfQavkQiy=!h5u*|Lmv_6{VrYb7Z~
zwz!v!VrzqTCM?-cHKVQ{TdBNpC^!%laYAO~NUQ3CyEpE%
zaK7L5dc3my!eo*9z62JkkptyO9eatIm&s
zjTawqpY>Ahtmb*%eQR{ODC=Vh7tLjgaQOf5h+#26joKL
zA=_=FQ;545pYVL;wEHf@OQG^7L^CadU63AX7=G);iVUo>8AxeV7qgj}Q|$~9w7Pfp
z`HQnjvV}Dx)t+UCK-fvc2zlwW+locU#xTP;e;Bp%nM&$O3s_P+UTWPjDX>kw-T6*R
zsV=K%#}PwUW{Gal)gOp41SX$OW8F$g#m^5H1J~OcyFckr>d229RybG23>IRH9i>df
z_#;J^e$b^HjGd`O{Dj!U+CMTHIlvOLhzkJ+e`bP}cEX2-`wM--urOR7N{C(emVQj0
zhJo$ILjshnX48=t7toWogHfBB*_EF#gmvBt&xMB0J_cN5;(6-lQRZk|W=Rf2Ep_8Yk_Z%lSI}
zGIrHL5N{{Z_zB3v64f}_!eo{PFZa7;9>(C}cg?naDhvmyT2ozNK_>rQZP`h356(_u
zK0Jh=sLcVV(_-%!scPWD_@hG2NB0$U?&|J;Q2z@t7$eN|ns5K7r~}Pkh+wr?J~p}=
zn{~?eFFg2z0#*$p$o~&4{#ataZZrNLLHx;5ly`MQ#CT{~lF&x_PY`?cr_Z01J+^%F
EKcvXi9RL6T

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-inventory.png
new file mode 100644
index 0000000000000000000000000000000000000000..b4b4696b6102bffb9ad2926b2874392bd3359dd9
GIT binary patch
literal 50125
zcmeEuXH-+&_a@2lP^=B$;#P3}E+-*fifXP^B%JK1Iqtb(2c@*%Q6j>Fcxpp7Hob+&0q>MisV??4UPJf(o;|r>cV=znkYOKKuHN
zXZsZaEwx8%AK=Wv493D|(iU7x*7?tTm^E>Z3jbi}HGjtPRCq);GWO|98I^L#`Egpc
zjl1HYb8)@t@|gWTYo4>pH{T&FfHn^Xy#fd06ywCR0-Bo4Ibu5RP$c`+%r0TAB*>3q
zIxp|k6%;%d6cpTfE#v6y%y{JJ=%}Ns8^_AVHa<4SRXttW(b3V|bp87EtN1#~g?=M8
zva-K=_`7|0fB*77|5H6yyWRKKzegA1&WN7+_vkxUtJ=Q@R1d=c_g^N|f4`#EeBj-4
zzvGkcI?yx7i)f|su8SVlWoy`AGh@dC`JC%1C9ElO8Xok}rA_Rq{|HB$ENvTm63K?p{j9aQ;mY2Uhz!QIawFeC7RQs7!>^XTr)=A0fRI`7wCp>hQw9-QO(su(a)0_46xx
z&?P1?QKfUBsg&3~p@{?+>JRwz?gap{U@;=u=5WqyEMXb|XXwq*wO-MS25rsOM%kq{
z^nQNVWTDvf0qu-m_Vc@4hVGbvT9L}g5*=On$u};c8r~=!_<=ZfYl_~d%iLET
z@7;OkBros&esf5~R-E3warQfjeikN)_Gm(jU*LN{d+A)MlIV*oGzV#3Pvw)1xT;-%
zBW-1l(_$X32L}@NkzTql{eMskJ5KbyG&HGLqDwuA6dquIXfkastQE^8UJo$Qg+yc&
zluJkV7%j$5yP8#SbQu^wog9jWA-htZ2S5L~@djDIF_Bv2gmN3=KA22E9aLH}cG@Q0
zsHX?){oqI-4sgob$KUh8KwrAo^?jxX+;Q!evrA8;adt#haTv{~8Hnvv{bW+DT$o^k
z?=lpvjw==}r0^$`lM82l28}v`PFiB{>wIK4tg&gidF`!<8-bfwWXmhGbYb+H+Ck-}
z(vnxZ&E1p+L}Ll5@t(WS)Vr(seO^yGC4SySbCr}I^2ydWszuj%=*U-y;7qfFf^Nzl
zMtc8DDQ8*Tl4(MvV9s31Rf*oUluM-B9yvV$AH(H?wCgt+
zNOw;EGp}#TVtXHXXdU}pVzx8Y{-(E^I0YE}jD%6{e~gduT4UNAg(Rs`KPlv@U4sB>
z{oxo5jxubMTs{Fa5DB9Wjn;u#e(P|1iVw9}CN2fv)Qxq7LYB_m8;9<_K
z6vv`S+3q_mer3H^#Z+3>2uAzXrBaSE9)Ee2VYfL4wYQ(3xBElA5k)HS^-Z@_O97pf
zg=0J~lLHPVMbO^AF(r@fVt5#YS2O?;;zRfY+pzTp%Re6(=K}Ph3#qXQa#F*tdbRxQ
z_yt~_f(K6;9CGgk-yAJX71W=7;2Vux-=|559h=wbXM1ie;gKF#S(UMzi@h_&nVz3j
zD!5IX66@JfQr;>>7=GtH?!BKv_zts(~`xBmj35^BsTQ
zs9*4?-kgsGN8@Jh==TnvP)@kn;lVR<)DAb*?(scs%%&Gyr_RhVOv5
zeEF^vpkd{@6sqR1r&S%r=D^q)>Ry_<^J$%T`XN}MHnD$t2y-ND7slb2-Q^k+na*#%
zYn;8|8q00a@z4W@iwOxRn~hf45Wi=#$$E7XT}v`o59%1kR4m*}hjt#kATw9H<4pyn
zUkm+^IB4P3Go1=g(>2Jgl{bf!@3#^}3yk*{LqIqKxN_S5i)$85_m<{BhH^FrM`0c8
zGw#O-u9}DU4X_H+>{7qg@Ui55+V>^K9%2FY3cweY-$*N~%~hX)>^d1{Y3IPx{E4ea
z`pZOC(K+a+vNHGkY=i*cCQO(4RhxrH^_bAvEaaedax)mT*q}WyOA3~znh&51svgd|
z-_JJu9=J_%toPe*y@gJ1qVs#U$h|>3sYoZWXRpAzVrx?qcnzBbMuQU#Vgx6HRMBpV
zI?Dfr&QlnYy<}wJPDqbv=3x0VVzeH1>oY&Qd6qz&j+p#NV9x~d6X{379!a~UpJDvb
z0{Iq34wkClsMrhG;Pjq73!rQ5a4IOc=BT%LN!)Ty1vKqD@vPa&u98jX_+l*!
zS190opC#Wl>#BiqSc4Dx9H+(D+%CW)dAXrqu;eFDDU`@@0shXokE68?}jZWfDCxD^;=wYF}&
zn-wYnZKL0_;70fx?&o4m-ddF$;(?HG5gnhl$4jt)aep$}Pdg@ZN
z;sA7v$6hI_oGxPJ&jbRDZ4O-uYK_CZ>8{4@l%Hm9`Qvo1CMsWF9HmxmcL`~CRAhRu
zM!bTU#k*~ZMmLz~=D#;(HUtaYQ{9VOn3b7PjTIgeRV&(qYuQcAT3Qs&v;qt1%=@33ZuXe&MQ(Ct6xYnf`gL}Tc|!E>^@yx%LuBcM`_PSCbIG>F
zH}56wTA_QH7`xf3qjWH@$sBM<0NTL+a65dSNv!uSgJ_?&L+VzszF|dzr&+^~pZcT}
zzj5S^i6l~A=oT(LowM3aT~ZceA)CyR?EfGzTiLCDoF68pr;i^QthZ*BHlbOJnqI>f+_G0E2Im;VbJP-o&$T%MHYN4AqX%Q#
zeKaO;Dhy3`^X*SYrdp1k6S;vsl_f2U8tieRD8W9XY(<{r#zDP+^1|cFoB2AGRVOk6
zqO)OoRkQao!4>dVZm`&ZMSb)$BM#FNA|2~oo@>kv?dhq)mCxfbJ(p^#o}~nkPqh~;
zL7H7NQzNWenh1WlH@EsUv|-#_8owfMDyo`nwFx%4kB3{&lnPQ8OTT8{wXRon!3iHU
zY9#r-IRNy?SS_3~t#=B2JgAlImah^Pb7Sb0s)?cn;a(MW%i3%#r=f+VfLK80`p~Wf
zx#DM&VoPq~xirE2)sb&iiwj?Y6F2&|4CpEG`7aC1jU2GJMwM+siRj|<53QGk{IqfL
zjm6AJ&y-dHakd`#>OvHvs>nIRomBw&qC56dnd^49!!2ez<^hyG(eoqQ3#@nBYXSKk
z+Bf2gJq;iYA`hRB&X({1KQP^0)jd$}x?z&_brwReeuZkZ85IAq+e%zy!*(`NN?*$N
z0BcA8F<1XmsA_{(a$jScJ~BfqDo13fkt7#&*1_k#5%m0c=BBfYXj)-BTV(Gx>%*ZM
z(-PevMxhkNWmZI3=()DIPCY;V8uWWN?2h~?-V-g3nVVtyv)54rmVN0-PhWUe@$D!H
z-U)plx>g7j>#AA*BHL7Tp~%szuO`4hBDS?jzL8E~>X6>%oi6XmrKJFBQ86d2cu-@U
zcuVRfQ`lXDf-)P>d~G~eFH?e-+2KF-Hnio|qG8X>d*%51K*43s&Gk02fwu;FwDrcu0bv6k!mTR{gI#FLEChZSAqRoUB!Dn3ZSm#(K
z%K-Gqt;Es=^u)X@5X#_$N#rl>eGt&|XvXo3OGa?CAIyx6nz^~fKR!2W@;GZD5xVZP
zaPZLVqbiF29mA~>oACV*y7jX>r+uhaEY0XeNd#_SYXcr-u#?NO{2maQF_RywQl0My
z_U@^7T(AZDO>!k^;nFnYsAxJK#2MM(5lFAU(
zzs;y(u&LhCo;tzQ&DXtjSMq(GuK2coP&`&=qx<81HD$+WnJim9J4c0gE4^hOzUrp`
zFoBy!w+5)E4f_082@kbUQ^kARG;$S1C(s04988aI7uNc1QS-M|*uAB28;{p%wZ>T1yj8!Z9zkpT7>Vd@nGZdhz01-ViG|P|+?2
z!&)ZGl`auFn3GWDTkR)b5-~G3K7CHYSj(tRLWekc|7>j!sG|R?(K|5vz}sM#IuRE}
zIpq$BrIlr5HNmIR{qmTELfX#;BfWFfkMFH!-X9f~GpenMDm@t~KrS&Hz}T;C7i*Cp
z@>*$|nC5d-&ED4FLk}_vaePUvI4R}_%fA$qWYji&S{{1TIWs>LuFI>pK|VDjsp}Bx
z*pA9*8cWSXWPfp~(qES^Mzb^(TgXb79GFx*g;EbrBp8H*<{+Ocq=lcc*li_iti4i=
zU!n_r5TFIK^1?sbciu|st#L?Ep$~9b^aLnibj;m$JKpHmd1>Zw2EkrqnhPu4D
zA*JY@u0%?id{*+^!=oX6pety;LD7J%wc(`+5?r;nb=kM`dTG>3;!CP}r&`G~Vxd;S
z*xXhO4a0le;I&;ECq?>qr!u!i8)CT~fg?9Z`;A(1&siv4E6pALhGadDu6l2#*sdcO
zrFF_!+wcm@v%qoBsM}XATti)X!ng;SG$J~MLYiv&i&i4Xz0kEFN
zlO?$xcIlZRMhWw9$!m+KuE7^E*OH4ZJC>9V=D>PO^--PY<7!8PTA9oGI5imN(q=pL
z_Wj!eaxa%t??(RFz?iCaH1~62Xdp{p7UN%incM46yM8_*pv6$p2*+^zz`v)GyJc|8
zIK!Z4`jS(NV^6K5q1&|!k6f02JP%!!wo=s%3dzlJ91hBW#WdoRSUw8h6O_3bX4&}d
z?fvHJ7%skB2D=`p!{)oU4AxWyyR{vxUuw!eokV+jdcILKbh<_V>#g&ao5zfSI0YzZ7cTy4_{DqwSwTt|GtGL*
zSoL}8lkBrpvM`T?6nxm;VTKjH0`4s(SCTZ%xmjZdnZm1<`cBn&c6!5{Hy|kaR;0(8>LM1Zg5Ouhoe$g8T{4E-zpE45wL89Ra}9#`
zbbPmIV#w9W8`}MV&D5Ra-pHcx_pTV^+DHOO>7{`A49EGO1PyI(WBYE<$jZ#8)zR`L
z`SH|7joRa+$#s1aFXPk%3^^w;?UY^wEjwH4S9%vv@}M||t)R~V{I<79Vr9Fi2e4N5
zT}D@s*uz`drj_D=kcLu^rw_LmsE=Iml0J;?BSO7jUATt?YYzI3$`Qkj}OFy
zLSDVTyT+t2njke7MAvZ2+&&pPv|q|U63N(?bp6vOs275NU`X}uM7fhiwnMQezN!;%
zaDnydLyLK~)(ebu*E&)B>G*1Q@wv5^?JHduJBEf0r%IZ)KNe*S`p7hRIa4wR4zijn
zGa`fZ7V~UAk^zl!jkmY@XLPOc~dW=tNSBIw(OFu6_x17fcJN_?3f8=Ik4e
zmOs#*s9Wj~5G}iz&-|QpGM?(T+}~nhIMRt#BqNOd$(Qh4SB>nUQ>cR*!H*?}A8GR~
z>=rPRayB`EhneDf(ANvrvky={U9o3Dx;l8Y)X-$s+KkiOe~fr;sTH7<`IE?Di{EzbN>0faq>
zgtM%=raiGWXtwk|YxqkD+rKec_P!t|=(YIyeQIFQ`p6uFfljkLo6i
zCx4%qx^W3wuKrmCPn3>MZ1;t~@Spkkj8c4rhkgjs?O`g8RL(JZ`|*cTFN1Vkt9vF68
zhMT^^d`0HGdRm2S+(FmLZv}3Ppfk&uoA~t1CGiSMH=3R`3G$8o@UKXa=(^v5;NgxM
zK;ARS@g^PTN?Lpnx}}h^;DBj1RRE&zgX6@3i-DwltfKhRzIDp^L5<^VYnwSzF|x6)
z+)Fi5D1x&|r;L1XTK$@H1fj2;p?@N1Lq5B-D!_(OTt*k+FHgoAz{_3--ZlI#Ijn=wVkxL~CyIOmfGTlwpn`%%*oEN6?9q92iYt`JzbA
zaL}Z+hDtUVJ6xw}T4t1WNw(T;z}VokChiY9ZZ!x^NwQ&VHl8V+qgs(`l;MaeDxy1e
z)3nsvFen>r)g7Ij^eFJgjB_;w;h-klT3efrt({wn1rOA`q~hjtQMI?pq-_1#0wQ+wFNEq%
zOI7j=>5Dy-%-w$YapUp*Nk|3IxvI?XS7rve+;he9M(OosGba}^(nIVKl6BctZQ@5P
zeonqzzRviL9ql{Vr*EMk(Q{M6YEXaV>Pxbhz+Pab8@o2n&L0N~5Y8I%zqnC%JIG>s
z1nJv&{-7~~)RxtDbMZiKFCbVJRYxw(w4iEk_kJ?ncX}nCNk#A2-1R|ws`{rtOVX=1
z-!_WJ>e?OcX)-)>ASksSGfp{4n_p38W|>G$P{RJyh>1&th+^J1f@nTL^ui-y0ElmBD@_X7SZ}Y%#iHgVPMNP6s7w|wKDi>PY$9@z2xIT~U}7NtN@*~DR6mVdwh
ze~d`|de}eh18AIlltl=VNJ}Me$7FJ-RIh@U5(oxq>fKE8GouQW^R)LU7+hv1$KME=
zYstsG2WdeWor`CEXGcbIDeCMi!yzsy85STeE?z=W=cuSC3R)LCy`gVqWi^kEjEwx~
zXBN9RjQ}^fKPj}p36zb+u(DD>7)rYL9IEf{)Vuwtfp}Lu0yRNP)ogIe^6$~3NckrD
zd-^}q@kp>_ot~ko(PE`X)aH?&SE8fPyg#FyFI>geJX?}-@`HE(0CQ3)Zw_y34k*TQ2%
z-m07%4Ctvo&UPmLU?CM42se&Flg#}U+Un^pBsR%I+PBMi&Gfb1L*s9bLw61S-VOZ`*$jGQ(fM=8qkA*aB2yC9tVK
z7YWuM`89?^;-#owLi)CWE&&nh=@IfXkx49|Ss)lPAPj~APjDB_q-^6Vmsre<
z;9*D7r>JV)U$p&uu2wXCd;m$^R4+t6CU
z<55c+u$^D%XRG`uPZ&CQh-}JjIkAGq(D93sO6|j#UO(rqOs1ilk45$_Zol^PyYNSo
znhS(RI-O3uIAVBzda0^@G&VN=x&3-3COX&$;e07>?D}myR{#-zLf0O(y`Hv%}%2sbIYbY-Yb8QJoC}W^{Q+E1a
zv>QY*@(qFO1UzC#g#_&f$20H!!v#Q&wo$qPtt@T7mXVdE%=)i3uXFW(6`Q}5@Q-m&
z`gwKfzq9RsMWuXoljmOzp&Wfs{@14d|7DaBptS$3GjRFOqN
z(g7N2*m2hm4N8gF8D{Ygg9%f+9)bqpx80W&1*3_0$-YQ
zt!T+%k8#pMtt9kB;;_MR%nV!)$mnNfc;GLLy*ikW?N2a@Xvz8Ge>|r;c{TU;e%Y^3
zs?htC{zoPUDdv-;S{71Eo+dXo0>-$U-m_19+gCLP&V6f#7{e3}jpG6^NNI}8z8Xzd
zuo)%#fFCZmms-(n-1>zDTgct)q~=q>g0<;Jy&4PTWMygPt5pZ?xInEBfDraZV*#F&
zrxKm`=(U{SKWndPzyuR3Wrd{(QDgsT+;)Ey60_HQdAx4NA?e)l6I-9d!^+G@a|3dA
z^5YRvEjK-O)X`&`4rqPsPnT6Uiw^vNzfiy5ZrQ9jB-)KrXKLT0bV71nOWEf2ci*!$
zn_+~Q&T^Yoff9>|!Y`?_cK|7{Mka^86*s~#Nfqu}t$^<@Jy1@!9=&r}Eh6qp(5N11
z^%Ud}M*C~l5a%8NQm`_C`fLG4mYAmRC1}nWKX|Xg5!4)BZIOTtSd3&jLiK2H%4-Qz
z*4fEKsU3O-Fd=^PNDZ}*T=uhHua5WoY)exb1dQ?iEAa)N;KnC@0d8#iI$aEf0-{}4
zxk|TajqoqnpKUC+3tNzzfS}+B2wQa{-^aRsuZw@l@Vl*;XM805@N>`~k*xIJznL%)
zIq|{yTGv!t5ORGq7PeU$u6;nz0R(L&V9dNjIBGUlhx(JuO0i_(IoypjJGRQ@*Y8CT
z^tt8B>=y>0)GTY9Xys%L{q=42R8Zq@-$D7x)eCN^y%i&hJk
z;$X26O&@e}rm`2k5J`o-Hqlqw1DD-rZ({+lcgD#f56Q+yBs29Ff#VDysKQr(jZbZTfSLdXyvrtHUm0U|Of(s4Z`%E&c0f2@2oj
zC^f>O3R(^^rVu*D6bth$Rnk6{z3s+|RIjSD9i8w58RjxHF*Y{Q>~fCAr`;B-F7@a-
zS@qtSwSe`+&DAe9Vm#GTyvjuA%#45YxBkraRo$Z2zRmG$pFm=WetH6dsZOQBr9q7?
zcXL`11Ldyes!jdr^qCMwmnztjWD^8(B5#-=hN_lLLy>Um0pYHAJ+gC2&uLX`d47ig
z%q5j)h5JZ!fSr!X0m0o!(yvhG>^_;N;Pm#%LA#Nq!Jx>c6~}%G
z_r~sJzf^5>qJ2Nf2IYbCAoLIF)|JkdLSMl#GCKLGq565BcHikp1(D+(C;#Sg+Em`7dEz0z=ToG2P){)V{rT^B(Z1NW)VCE>v0W?@;
z6yymnRIF)&ei?@_ur<|>BM^85Fj_UOu9dkUXB=i{zN}X
z-#K(~GY{&8PFH$jYxjpkQCH7iHl1Tvdhq;=NSl}*a2Ko(a^5|u^a{$LuqIL+sd4^F
zz}(Hh<55a961_5YzhW~c6%R4VQc2Ckv#TSj8maw&YR2ftAE!Y?O)Lx)G?r;q1n^$h
zL~X6br5D?v>-us~1|xLq~gKgu$!=9zkOwa&CR$Cxw%C~fMi
zHO(QR2hBv~j4(9_t4pnU9V$_Fvylfw(@*!eF5Z-SP#KyIyUK0%L$9thojzE8
zyh7|Pv8#@+yvULjcQWAw65K_Q5k*BkuYK@y55^CfPO?p<&p&Y)X=t7IN@{|E1nhd%
z!i@g*e^hTI@TSRAJ0Vq#dy*jFX981=il$fP?Hvo)1pT70K@j=}6h~5zs|tdB*$5h^
z=JdBlV9)h$cKNQJ6dO$stgC=ZTx(
zMJ=LeWVA&t^JpwHdb<9ae8Xe%_O5jsBO^OB+B@;tY}2u}5iLQd{9y%;OvB^aP}vze
zcC#{;0GAkvjPpVrQD!CNswMvJpZ@4MHxY*Z@gM#=r-{itG7x5@6SvvbvWK;Rph9!F
zcqiUQzT(ye8Q$ei7%Y0A`8O@lJu&f1W@%+J=>eYuN=5Lx%cKpNBLT@5Vcl|K
z=&QrJ6Z5qgKqDejr^L9zBc?}g8;mCK@H;#W#%N}@{~aq+Q9U;CyW8h9Bs~q@Fcbbb
zN-y6ibU~x4thz5na^it_Xu!hPSIjJk3@
zgQa8fY%Ajbx{M3zOz%^IMx_6}aAQs*EK`f=}?Y-G+J
zEl2^BWBmlikE6PzXJ5n3$FI-sWGWKYUFz(JMf_=jC%ZPt_>3Tcqc$W&F*f;557b+ByWGWr-P|xciN|
z9z6B3p$R-z6gTBvQKDr@zq=$5USr$k{54#1FVUIoFP^8fZz|^Qcm$Lo*T^VE;o}{DR*#FJVXCu5#@jWjHWxGVE~skF)C
zgeiN^M2<6}Wm=eg7wDc-<;HR)h=_(8#UjQP%dCSGNL*&KXbZ`yY*9RTOjzzqdg+pC
z0*Gw-F<=>de@$AXT0F8BhTQWL&w?*Z4emADjeP&i)3}p&Quh=*Chzc=O+Hy}
zoZ>l~*1wbDoUgMWa7n1G_o|%7y^@{=j-2?od_o1v`zrXWWOYOUyJG*c%QCr)jlLws+t!YjAxi4t29%KSbpShcp
ztGgc(XJc{A!GzN&@T5&*I<_vxc_^~)?yff@zgD2FB$wB=QR7!p4Ark@|JH!}oVLeyLX9*DpGM{j*jY#
z*A$H`Q4#MqFN*7x4I@KjVa|_SK30}uaCJc9au4dHw%nWTZC?v|gnsmq9C?XZl5vC{
zi}3tfpnTvYQ{t1WA4L$8)^q%ls7K+FM4RKTN!~WA?OnOeCvQkAz!xPN#IIC1AY?E+i513aF(`S&SYqaD57|#F(k-clY`_FR*M-9IZM@F$BRC0|Yw^$7u71GcNjro$s6xlLIt~29vY{`pLYzEBP1tCNzq_kL
zXct%ujv|!#PN^twh5ERi?e3|Bja9|sXK#$PcLyBA`B6A`_^w$a6_qogA(XFG(kdUX
z@$mW^a9IOq1<0kus0mMhg#K}%mhZ+%i*bWU(gtH~;Vvak`1tW)ty)uf=>2fF2+iAZ
z%6`k1Z&1G&Ow6JzZ*_dwg#0I$;fHfh1q|YJ)abwAHZ)Pa#;}F&_lohj&%IlY7a*!v
z+@=UQZDC^5DE9VA@5>XzMuCA7BTZRSxI}t9>;n)u{fwNZNuP1m
z@uk;^lw>{rPqO~|1nSp3Rowk*Pr)MV?(RDL!X^hE3PQJpmw{`aX>xP^gbdB?|4V7T
zy(vzwi4!@$C7I>EzT>3>vBC`9dhh;W_5uGpmG=0+&82ie!4dU(Y8v<{jYxoGa-B$k#Y79g=k5YjnE;R1!f=RP^I1*c!|etYYt(k#8rWOM)KVU&Oh2(OsSE9aH7Z!`zTPi-oj`S}Oc?%0;beC^MV+{PO3Co1d~
zDeHW;Z2(YoilvLQxNmle!N{~8bI32PdwLpaYC)N$)@bN2_)vX6t<5B$&N|B~p^CyS
zbzSreLs|!b;djlZ9!Q`rvq5&Pcdi<~l-sf9}OJycKQs`I*SWXxB#qzUje3IPjF)wXV
zWV!pCF(EX=3JZ%ob1-~$j?cnqCv!2HWQ6juZdBW;)|So6jZ~U(59EnDM7RY)Tviir
zjbH|w#xi5&u_f{rCA?&kN`fr0c3qkzI=0wa;CXp#q$e$H|lS#-_uE9T%l~-VkK{`uaLs`BkT66ME5cW4W)%9M_w0J
z;*}DFn=7G6AMh=7k=Z`uY~H!)v&=V2Mgq|A=Yc$p2T-TuQ|#tAhBq7a2=-%~XU##a
z8wsXYK1Hc_@D%t@ww-MUl;B+>vKx@!d&4|<*{W{to)k&-2*q0bml&UqJ|YnmNLdq
z4rp$IW%?9*rd@<{9ZJ@b
zef@?13-z9iB(_O`C1e0r5C`ludEPUv!+hqvx)g#6-1M~U7O#O0ad*(z3HkEyp-hjc
z(Lq&DYdGlbSoooNaFQs6JSAF8`Dl`;=tB;tPX}<3vr1(UxXkcK#CDg`eb
zj%R31F)UVYVlMMfZ<-)q`liu@Y2HbIwQCPvTY5CjuDs$ERwa~hPl7B^L92KucgQ@b
z#!$(D=XhA7aF8Qda=EEg7Mfu^>{)8dkQf~wSXlIf;7~0;k2n^Y^_sx@ZOKq7W*XRC
zb8bkTBo+;CTK;wRoeiUm|H45Bn|@MeqOcfF$a2u$P}<6ttxD&OHAY8lp=!h8LgTsmc}~jJT8#
z@|VCx40n8f-I-hVY*yW776qmXYr|Pe5ZBOu&H7
zWFxg24Sk+!^uF|6T>t8SSzK%Vg(4XA5e#x^-2Fn3d_lbPX3H(J%saFD!xMyZZAD)y
zQ94OPk3Xu~i*KIxjgrvXzkv6lpUBb-wBafA1x!3t8PW5V?Ht4I6BdV2p(Gq!0cgv@
zheKXb=IbeEap*wpn>cv8KAY>Qi7^wIP3Kn40RW>}JK$4f1pDW^740SJX&DIpI?Bm@
zNun+i-6qO*_7x@+UF6TrSUZMQwCZ2`uuS3l8yDWQ;ZlMRxGTU*B=0k3HktNT(GB7z
z5qfhA$?*@&jjLvalIjMh4m4L`q>*3S@6p+N!8md05W6h@<5l|u~r@%vQd|*xj`P%&
zK~vBn$Mn*N`x>1>^`rgmmii}+{cIhvo&%of5j4Q56cVo-c
zro`Nz`MxARvKUGc!M$M#yMcq=Uf;UbigGlj2jem*^(P}U>v~apAc{fToH1-WU+ws<
z0~>u&6-+#O+DvMxO5>|e1!&)8<~oFdKN{U3fiwk=dMcht`It;xzok_%NelIS2C-Gz
z(ZA!jtS#0r5bygwNUqy+$!Ih$Q{Lrc(12QZe1*A5MoFF3v#-$={r&A1K!yIOOmnE3%F(zx-in?SXt>KTjRa<4R-!MKv~2%WD%^52
zruUkZpMW;0e}!wAls@MNaDimw_)>%NwSX`FTE5dy@n(~WUhgQO-nDd>%T#sR!ZDqT
zSnQL(69-9kN}Lr(6TUK;pC%|Z(2focpF0<|Jv=-N?`JgOhZobBeE>Ho*phA0i7O
zdq|SZORVo+!z
zAxU!e&`xI+e)T2Qin*6Jh~OHY*heXWraFZDTb_Mk)`qhCM`&usoW7b&sa;wzji8ij
z&6Wn)mUFmx#JD&R-ny85I(Xr;Q*FOrwPsVLMs@WZ$o3DS_QrWD0rZOqG4$@g7(8W2
zA9MXbM3P6A{!^IFez4trSyq<9quch`%Y|e%`IkX
zu7XPoJE)P$_b+b3O&uQaCkfqqo`>Xa@@jcz93k=MLB9GZlKZ_7gXBfF@?5URbS&kG
zpZFP0aSe~9A!qt=F&?&#`dk>u+$k^k~53Wm2+{-%{sPQH21?E30ISG|{{?0Gaoni^NSZR
z%4JQAjjcpU&S|NrM8N7d>n=S1Jr~!m?E}?YWAN23voK+!!a7r-!6t+}=Ze<$xJnS|
z;w(q%n_nU!-zeDz?hPwCy0}aL49skZN7+x_U14S}sIVKP&FYg$EejdM?KiL|)aeiQ
zHy|Wi89rP2fj;gvr=I3!ipxI$5c;hA4uVgU=8;;RwCB$c4-dzV@#Q$ETN8MtC^w*@
z`ieiWm^k1hSA`O}@6VP=KcXo5@U5iYg8ltbf{j<;ycb+@_3^MKe${1vrAb4=4@psL
zSE*|ky8Bw*(b1_{*MSMxqPiau0&h(gh64lx%n45dgI{qetyvIw`MnjzZcYw6<@tq#gbovUW-NI`xUqiR
zCJ+(XHn@sT>$$T*{|!k;bn%z$~Nb
zvAocMMm043yin-2-^+eo6{K^iX=2%EEM(LhsJBWU?-G<3uOc0v7QB&E=z>lzBZs@W
z^cJILf~xCT@!$lx3iF=VDi6Z^hB|iVHjI~PXdn4J^_Z>miinIHt8OBJF8wy%H<{rU
zC4x?GkXCk{0C~V|=_+@-Onxug~?2z>A7oT`7=TU3=$aVfr==tlppYJHr
zR=1kqwEA|TaQFEBp>oAt_)h;r*(7rOi*6+u*bJPaGw~2jq6XRRgne$=BGEtvc&^en
znM?F@Nhf{fk-qY>4|FfG_GD+=Z+H7NNJI4U`?3ur)`XPlg1!1~a8FPYOLwGsU0Fdi
zD{DC%EnE?*|cGwb&;{{Ro`P%Y|r9NP^V3T(#`+vada
zY)Jse2!F%ryd&eoKIhEwKTc{07>zwhi&-1Mm5q-HD+vnbL{nT$Hksjr8y{+V+Uv*n
zv*4{3IzMbdlIPa^6AFP9T2-Y_LqqcjOsKRSNWXr3zoPEBe3u23&qb~<#DTujeS(PD
zqnHB9xm{*ny{r9u-;jeSHYpt=J*(I%*=Gk(dF1za{H#C&b5fh_-6;}E1U$Ck#tJYg
zqa|;>h^$I+?%1y>Ah=DQm;LnB#D#+)xBJcupx)7`JmcM!Q{pr1MV~hh>{bivT}F#J
zD!2Dw79}VYhBESzW+rb=b&(?b3RII;=lpR1ZSBt#zoWqZn@~I->lWp#Qm1~WE^XsD
z%j-vj=X8G_@y;(@|9WLVA!TD@gI_=(jtfjCq75kgL<%=|kBBClPndc{QJ%Bp;++@v
zL)lMcO?UAsf#r|8F`uCHnq@;6u{@Ou!V!(JeTLVJeFjpH)l1BRJ`25(k?9(?k*X$OQGOkQ^vS4p=&4c3
zkP|K;{5RI#0;;X8YZtC_DwI>96pHi|D_-28EmpjE@lqfV++C{BqD6vB(Le&h2?Q-#
zG`IvSMFIqpA|XH^+}*zCobTR$jPH(n@Axwq3<8_%wU^BKJkOeQF6}fA%QWT85KK^u
zDXaBJ)ZtsFJhtMXnmb9RoKcg}*n+!RGoQ}(XMXdNXC0MoEFsgUT@(MUOV{~Xj+lG8
zjNk@A(M$nm(&=4m@YEhuZ)mO6B#ywASyYzn()8B_cVMIHy~PVo;nGk2`T1<-?wz!#
zeT<_wc?*f#pK&D=l$w<-a~iG9RiB4xkx??}oIUMtOaqf`lghaI<8yf)+xE?O41F!q
z(;L!u-_E5K4jh7$7EN6fyq*%W;%q*ZF7929juOlYoUXyqdLs7{6uL!}+?Cth6ZbGV
z)@eKVYjc?syJ9hFHS~pacUzBdrMlql?Bj=iM^NuY#LAD^v7A0>$!M{dHab;3Ew5Co
za2MZ@Qr(ghj+xwAh!?wk0?pW_;g%{PECa@MFS?uwG{GM?ZK_4+HCp%Yd!M)J1_!kf
zYKRTqn9$TPc~$Y4ooioB%$rQ#M4@E0@_LPM-S|aIG{F%3NZ~7H`rZ
zrAHuZp>(p>ZViuz3C+1jH>yGxjv@Pf_T5D@OZnoV1t;S3Id_ST(U{74U-@(Ar#{`{
zbON3LF!?BKR-nF_SxKxsMdHGZ-@AeQw05wGjr7w478Dj)hLfjB#33xZHyY&q)v;0o
zhZpA(D1@VA7KC2I6(7Bs7tZ#mLEJceuEVg}MknwYC_0P@A6ZP4A@e5R(
z+@=5J>|Q=T`dLT85j}!crc5rq!Ff~mFB9Z~TwQ(peC)a#Bv#&*meo#4{>q)+D|7}cydOhJIK#_{B
z9YqAEnp(vNv|0}%x#>S&xj|y0ktAFNPCUMxmZM>}I3wU9(Ji_>_K-Msh+8QEu
zs41F3fyG0q^#TI}vAz9oHfFD%*p8O%AzLCxKc_!s0)pf3erv1z2S?tu-*l;(<`6dL
z_xAEC%F9#WPwsp6$|U4ch%G2`@FeIHMa(73>TQ3cw+|kuj~zfGO*5+=nOA(MX}W1bus2losmM5~sV}^;vgwS^gZK_7
zrM>C|85QZoR}E!!3u%gW_Fj`hfFL$d9%!L&EokIAT-|&Z9q1WN6f<}z
zTwr(7RkaXk?z*>lb%FD%+nrTde$VRpz7VHbQ>Q^|*^ruEchc~eyM0}S7pCSruXts7
zjk27pZLu8V=43ao$U4b@PbGTUQhe;h1);vdnrje8<3EFuDwBn8HeMYax86?r7op$%
zXyWDK`{@!IlmAzISpRXF*6k*QHh-N|mElUkEn0DKgIb!9sGU7QIg(!ytvBwmWZN`Q
zo%LxbW5vJemQnUv_(50~53>^+AlKW@<0AL}z^Gqs1QxsPK~5aS0YOW
zONtHW;;D$sw~J@NM&KpHeUH;Rcq;Gc94(I~Z7*-hBUpJq7$3o!eduI7X;dghS}wd|
z8&JDd`l{0K;$e%CW`%1(v9Z#!=?6O_u(duL#P3zDp-VlyuhHGhp-i(xPB1mw|5Xh<
z*Fzi5W#}{kl6V9+&0-ym9$KD
zu8v0gTAW&suLPn|jTN+hLSHA;l+!8eqsa}^0!htQnRo
z&DZhWTuB>CTHRmeLFAL+I`PSdkZcNeuXebWX~MIuG6Z@ex3wNZ@Pi>y#LVuzwyOX*6LJ61@jU$O8M+US
zzird^9oy1gr?GG#*0JC#it+#^oHgqb`mvw`mjr%od=Rnsd76KB)fdm(vacpq!GJTQ6e?+Ru{Jk|Az!qe2Fv1AfkI5l-A5>PB!G9&Ll&=-Q5Evz+2SCUZRU
z%gmI1PCqYLPbaI>SK^DJZ#&Ya&+<%*`XTucW#!G=3;+GH6_f
z(LLm#@1Z#b@2Da;riljOdgvGM)qel%;dja`?wk=x=!A1bt5|onXBMS9Y5pFHeFqP|
zCbB8@hRR8+>^Yq{S)T${V|V3>D1WR`zB8}t&U$zJvYb&mcOrNny#6t3PRiI;$v^8P
zMK1xWl6(HrUrPbyPkZG`FZM;Bl*yVimgQ{s4mkYWw{Edss1r9*{ZIo-lP~e?FC5M*
zh#mwDq;hP{ges2Mh&p5}%M=x*_^FP=W{19XD)|Q}0^=7_pqK4)hacyqC2@Xh^ggM<
zIkduJ=3K3JR&SC>(M!d``m*lzU^Jz~Acnl%6EgETzpH6}TzWMf3kBw#IS01d|4LBU
zB?)D9uam?QoQsNVzw7V7VVAFy|PZPWELhKH+33up*IGxJe&klY-X<>t_2I#0~
zdAm*Ht4ucBvsqf(I8y7ayRWlza>5G=*vE3tv|gl_@hcY+68c*@;nxNktbR*BE)11?
zawAT=Xj_})@bT2n9A++*@cKb}!-hzB!y+f{zdN$-OY+&WQu;n}l9migk|#LRhg
zf;C%s{_=FzO6IsUL`od(d45)qM-$_25g!^~3K+{zCY#MxvST^#Rp&3n0!|@Pjc;aH
zf<0>5rGp#V+udanY
zadUNfh7rtI&C2Ym*q%v6*EX9Xh0E3%<{b|X_pDPd=TfUgi6@Li*?i$}7+2VqBUc=2
zRE^mRjarhr`+85ORJ77d$2LbDM9>MHVwPSXy)?wi?&;2@&|=t@WIn=@a~b0YRo&I&
z`@NOzHxlD8*s4n{xXADmIciYWON8^A83wZ-eWCXpvdGkia0WLQfZ
z4`%cs&o;|5s2(d#vl>ir83)}6ZX+<*HEboAXOl8DuRRc)u9B1g{9aRN_Y-H<&@FA5
zf1$>iy%a)~P_X$6Z_v{G7RKY?V{QI&U}2|Zx+rvXUzEx_KNS@vj4(Hi)_}h8v-CX0?Or3ha
zv$@z}*f+)qT`+gx+S5G2taNc`;fo3`I3x`My`WlbO!@S~WaUB?D(5R2TZU&;)~fuH_7Ro&O32KTogHA8L%`!lG6uBup@t6~6jBGOE?DZ!
znW;Z@T6?I(G-&i@KzOx;QScL{a-8fWgpCOT?>*X8uC5N`4OjbN~vJ#g`27J+|eQ|f-`5Sn^rKUV*(`S`%|@S9o&JW!J)bkmIeY{Q&h>Xa;N
zbF{f!G9vPYt+VL|u_O*m_iQH6=iLDANRPj#kKHY)--Sub=;|o2=g}}$Sk_fzb{J7x
zn0Q8O##2428uUqjGt(j6Sl6>|o1VgKf4>;>cQ+X`6PWWdNB<%78?BzQrk}nb^X<I`L
zwfpX9_}Tqny;A;qv=RPDq?po(UXGmBo^Z_Asy&}cI$LJ_WaCLT%d@t^f539<<1qt+
zLQ@*JaC!#!q>b#luuRs1@CjRS@l&*uM6OyvU^x3g?7q1gHRspCHJqPt|GYuFLRh}fGxn(nGP
zcQRSSrdd3<#p)Q;XH>**n`-w*dmX!Dl-+xi3o)WPFfAjeBsR@47%|oS`qah^ro5sO
z+lV;=;_Vh<;8ONqN(n}OSy=F+uvcc#XV=4R}y$3(0s=@8^cA0Pe@5m6>hQi
zyDsA1s%bxDRuHoGOGAFL^=y+-PsGOS=dF!wg@de@tEpzs1xuXRdkqAg521!f>JDi;yTG2W#_05BF1+hd7x27O2$$g)5|+Q=B4M#uV$42m8(|_R
zP$!^s|KZ6nmMWONkYMQYuJ@mP1G*w5tk0=F6Q|3>x?RZl$!7L=-}qFOo!xa2JS+p4
zLy3W@Y(fI*Vw1Od#2leI&PuO%kKG&H>g(T=W&X(xeJoIC#v?3GK47gOxdj`AP_8l@
z*GEPIJox>kf37)mDGFXjep;je*tz6K&8NQwmETtHK5yLrT;ln^c53SO#%}X?x_Z(H
z1H7!^X>>3u+F}Smhi#bVIb|BjtC1_4WzpVMv6&y%BQ&?k>#--}EZy_D+9dzhS`j##
zw7H~cJOKNx2bXv?#Idf1s1{@HAK`Pic$V0J;I
z24G;4xg02U&%?Yf|7Lhy>gprtUnDJ_twm9FPsV_c5GmncQ2sZED|UCabjr)7jy7`9
zDSG#ZZZ?zAg>DaKi>`mU+@C%{a5r89Zh-jCn!@9qeA%;n<$Q^TPHHF*SQD;NOB}ZE
z07+!wL2r6hS~SkXDcMkNx0%o5&ge&^l~|VZy~1
zwS`l+s_fE#f9|lPArDUGL(P*;5HeJXKzLknsR9j`b{6{5)l^pGf|rp*P0#yI``C_H%V`Ro2y!13}dkB?albk-WB^|Zg7VA
zYJ)>vS5qf9*ufA$?XrP>&^rZQi21$gvJhI(8*&2C(~$@zn`usNST1ve+iy7c?9|R7
zXiR42R@}WY{iAuilZZ@;R^ZG^D%4Oi%i7LdrNX0R98ueM31jyL4QDnF{mm_{G|-6W
zdE~l@-*c5)oLA3jUyIgfqkT>vbwom^{m?p@WU`)|oI{Y~wus#rj+S8heq!N_cNz|d
zCn-6H$;@qn7waal*;j)lF**jrGTHlsm+v}$*}vQ8LvN~Ckv04dpl+YB
zT}M0q9#fly;z1*QIooJhl8WCQnmY7(#%_L5gSFJ7>E6uMU{@qdu9qTu0xbr;_etoN
z;D9mX$a^vPK>g_$igL!?9~kl8=K$L}Bzn-}d^$GwU`Ow&JHcbe+nTZ>wE*K(`@4MM&u2njE|V%<5s
zs}Etf%~BP@yx7eV3O@Sjv~pywEweeO((P1`WY{Men&GZxApX$GP?4@%#4Wva6G8Gk
zx7By=T=t}_In*Hn0``@yF6qXbEEaJY#-9>W!67Z#Y!{ndF06&)seie#2_eaqIW!zZ
z-MHcX?~d)I#5#7GfOxmKn4XB4P!rA!ssiA>3#0U_n+3vn_I@>uU2}&hw(N9#4Yz=7
zE?>cVz=SMVH;o}&D)Ec08aE^Dql#NtRb8du$lgxN_fDasPVpg!q;lGwvQBG{nldg6
z&*kRJ=5WS_Er$$Oo@+Nv?O%#8*vBRkUyz<9=&gkN!h~$0z9t?~
z59|&}XW=H0WDW=SxIp>n(YNfnUnLJS;mzlWPqKYzydPRcnVY+R_kSxDnx28NAJys+
z=t+{9sd8l!{KQRw%>mFdW$e%8%C3qltBnqfm;_ub!RI_6b&MIF$~mE%LqR6-lp1b%
zQRAy&YJ*H~V!&U-$W`_83-@P&r&s*v+PyC|Gn*J%ds2!6pt{)Ai^pwIkS*`L;OQS`Pwy?^;ZhBvzKs&5jqP=nXBBhsv4={shupi*Pq|=o1$?o9gVCAZjFH)
zkH1Mmb8|lu!$qlAX{IRVW;8|_i
zVR#KUh$oS#a$B^m4!p1?V{f?lt;hyrS@`xSE=@}0;}!~HXqv@YZ*CfIz5GYH)AGkS
z*z9v3ogPL7Qbjbgtd42zk$iU-nu4RhRh0C2Fo-&2EDe^yd1zyGq|4zQ%e
zvU7b^H^r0EDpUZPqLT%S*h!S;d*EiK2{jN0=PRoV!G6s0h{JMvufh$)JFU`X+&ZH4
z4`YPJqicggHookqI(y;2k@hoPE{xB=uE1pL(PjL+E2X9r&PN`PMbf;0#^^n*tdSoB
zc+72Yg~{|v!aF+7wOwSo&!uh&nqJx9A%M-vTB`eEAF~bp4zJXd>r?W8
zv2cT#NRI2i^}kLPsIf)Xc{CZ=Qs-1AE^BFrbf=Oy1<0c8MtdgW-q$?^bcoCIx9uT*
z^KL5tlpz5Ems22x(e&#PklRRrRwSW+bcw8`CVH{o5)!GO;ZY%)#G&&ZVl9T
zgTKaasr^kHZpn_`>MAkR?R`>e;wqOc08o*St-oL-&dnt3g2q^3?su1Shu18@9ab$YQZ?H-BDQJWYH39VIN>dl
zf!FK0ur9|6yMSEXgr-PEDGs=c!aLhF{ZsF*hun@0xf2cYu|pa4thDJ?*T|_THcfZp
zek7)I(mAl<<2WT_BPOmK;78)zBQl@5-2-fzyjvJ(9j^`^kj^gDNUoMWPb`qn2dzwB
z_h$H|T10tuasaIhBFp&+zLgK%nxWSq)+SrBWF!`iseTn;I`*fvx)u7`vk@MtseZX%(&UnV?3Ez%%d;R{*g12;`R?%(B1fI~rHGl`g4d6+
z*_PM3ws%fWZrjd1hvJl9hpg=?ogswm%M&g|JOQ?6XgBWvhS+CbzZt}fr3a?d2%mJR_7zeGKDtdA4wBse9+$670w=0W!9&`uNd&-}R`+tB1
zaK+JI(f=oGtLgPG&f+GyM(FKF6LAy&d9GjI??3xrqPhON2&rU1H3cB(MgX&&6$;pb
zR0j|ju-zn!d0OgG$us7+_}95JuU*XkD>CZ7KI86gB9E%Wb$2#Eo4NiklWBVnv=@+^
z;t^A~t6o(C9g?N?&15D2cHcUpsDw)l>uqFm1UJx9L)m3zFj&KMnx;$QH*EvDL7TekQEOkDy>gmZk{&F=AT!555ym}-QvBH}M9gffcW5BpsxtCvW3_yO*
zbpM5dc7I@2RAGUVmO94%z0qQ;pJdtj*090n&$O<*|0jOz^&>s_&dA@2Dj?Vu>nts&
zv^-tmT31uE$bo_JG`DKN6p3A;1Unmx&Y`4#LaL?~ghx|bIh_#R<>>B#*hsVC5SI2d
zBc17eEIF2QVFli5
zmlYSmz##E=Gg
z5^b}rEPg2$_>V$-Qjo&RL)~R+FeXKZ*G?xsU$I!qyuvtMLvNuk&{l!uFb;lNKftv9I~7grJ&G4Lq7MN>=PA)5fiL-4!4
z1M~r&u_u2|pMmpc#ZLfPVhk1}H3A$zh7W1H=z@{#t#w{k#7Z)dKGE_{FOfgn51FrnP2ul2ayxj;S=Q?nsU$4i0_x2zu
z&%=Qq`St#_9KgH(eS6XWfVMWX-Oy7*0Qp#0)@@wr?CuVi0wO|Rhba8hNq<;lxh=-i
z+wqfcT`dbHCMKST15_1)oIK^$_Ll2Uti-7&m9xv=$T${BuS1Rga3ZuJD!b<@g
zFD~Ql6V}aMa0UgYgp7ck83~3O?{yQ&K-5ONV|#uyppmp3TR^rv_lVmHQAm}5pcOz<
zx;w;=vjHvD7G$2@^7nx=53a;MJ@fcu#vCkMdhWZ^*hB$c;4S%-^vb&_Ql!`}XLVZZ
zlfbT8OYfzhCbEsu%#%f*hHe2%qAHu|9gNdm6h-=<5
z!Qc_=6WF`+uOxJZ1DFWjBEKyvNvP_9x~hN`=H`
zttvB}xo>tY*68hiQCnJ_jA_o!_QLq=;$M+htoU@rV;7*POC++g!6t??Q)0bod%{f@
zvgEqjC3&eCIdP=#s0Qj>t*uD{Cv9kvsO__R<@4eZ?lZdVpsmp)C1iTfsj{>AhBVF7
zZ_t3@Vmgj8$f)^c|EU?8MoUyVbIaq=xo*+cirW2z*}1dls`kr*#*O8`v$bQ$P-Y7p
zx$`C|SrO>-t62vnA8HOCf}
z6#grIdSb2A3st5>H@xAJuuJ0ghcSV7?ECKFTf{aDpwMcEMsY5DP~PL>v*gdq{Wa=m
z{OHBkCVRnKteGxFRQ|hj{FklLQ@(e}9&e3Sc?(DNHZf@zyW}-k`a$KTigiqr@e^LY
z9~OQjbkWg;qsJrh;Pm`P=je#W&`ckYrol#`0&LK$$lWxl*A6cRKhKiD+ELoHxeWCW
zPaW`9OJE*d-PXp9x9cv|W~-*pcIQ97y6}kn^=lCNbS0x+n711(J%_K8@~p~dNjtIX
z9_aPttP0($&J{}?CB)TEyHkwu(qc9en{%k-NjhfyQq##m-Ys2
ze~f9AFs=|xpuM+Sj&=3KMhc>KV_wYptCTQv5h=E#do$g)NwK~>av?B^e|I{@jX)ye
zkf-JgYDYP}^Wv+Ax`}&Oy^~oBV4XhlNaYk}@5xaSS6ZKDnVw~+^_ma+
zMDV20*w1s$gI>@yrnIbDZEtF=tscuSz#fR~XiEb7xabs<5p;i9@gl64w<26E_*Mrn;?EgKUK6{r(rvxx%2h#xm9bfq2aL#TTd!{IuJizdm5leOH1B69YC3?
zTbzEPtPh?-EfY_ksZOTjqK;I8>tSYCOf=H6(NnDj$pm1%M8q}kGgek3))*OzPg8&&
zf|+TZ94Acj;p-P)$RGGDViHf1FVD*>52un`Q&fQ>A=h;k}}afUo<$k-+Gq2@iHJt?L10Z?$_pS@*vXs27ax
zu|+2)cDdD_AGKFnw}VMY8;Q5*K;I`mQ*uD*>kDMc7JJN<_(>8SzO-onGV@hgNjfh@
z4B&&k&&=?>x>1FWSSj`Bw1QX(yzv*=cc?!ZtaiFc??Nu9RFIdk@lA!T@_f
zg=J7hD_yNl-RM_WfG$ZX#1CxCHV|{gA*i0!LxiuUk$Ifnhzoez`s+#PP$7-_bpsX=
zIL?+N`I_=)G6ZBM9kx(XBtc5P@qkudSdA8+IWRH9XU@w9%=lpkb~Q2>U%Tz<)cBDQR@X`=u(nu
z58Ri_+T+hYW;3WUPc6|Y^|@!a4B3C{1tyYa+o#O8P1kv_UXO~|_zSVyRi_JHueRz6
zWI{;g2#wkV;U;}0UJx{CtRKSbm`mN?KsR1ToICRv?H8U#yiUWt-Ei?uJvmB`Q(JL;
zby3Kra)ppowU{p=Jip1~6a1~14wR{nl63Y=^DTwM|KQe!c~YlG*FmdCQFx7Tk##`>
zmj3vVWhU;4IR9tk@`+is*SPLsnJb5n{k`Iyk}sk}k3mWXD4wvU4ctDLLy7wxk>(l|
zh*%^_QiulZX_Bd>dzQ`ve`RYxtxDhUP6{L@e$d6hf^tqXdwFQD`dr^LDXpe7b|vHH
zq77L@9xbh1=A_84k2J|L4)#L==Sy}~&TknN&2DM{lh&b6xnVfu2gL0a(!x(64IfGq
z
zGIM+?^L1I2s>wl~Y!;Vn{rVzLYbcNt@khMim{XE}g5kzCA?dZaZ9~gq!^q5b>qOifLg?Dh96y_59_mKC*xrTkbww@yv^vm!9DyuGO0%Vw3QSGeCXt-7aZ10Q6@
zD(ai*Z9$^r>FEN9zmX@wy9ZFn)Vgs?Ttv1plrPOn
zZykqh?r~hXHWc237R$=nNd@aupI_t+MGC$z$?tOZ=RO|1rYYmA>wUUL3B-NuwG@?W
zA;K3X1T46=hLdX%jf=`kr)8I$7(B`;&%qq5cJgIRwhd9)<0LAi+ew4+%`r1E>&pBp
z!nz_$C&LxH1?fA-{RznoWC3hQ^jgDbproYDqy7?zv94sU%QFYSwqeGl+fEo?Vs3tGi|M)2);g|x!hMXoBF=BHg(a-Q
zmO4qqd>1L3*=pz&@Jr!a5hjg;!aeTViQKyddyBf?)e&mQQ@T$3rag9voL(jW7`6K}&bqc6~?2s1Qia
z_-eTZaKh#!_5EuFs)4UK9CO$@Ws586nBpCC@5IIqPvZTQ`6q)0e2qX-Ld2aqY41~c
zInLz#28utNBD#I2Q^j`8RMpjfoyS=1KzA+ehwH(VDH~HltbND0eBV2g>a0<
zphPUi%a;5L&$NwAmj=|WfmY;XhV3fJ6Y2jKDo-~la92uRU^M>EYX77{HrAelOy8Oz
zyN|{#HicY=p9-Y5U2$Hs8X8$dw!NsWYXUuEZA4wbLZhrh3-2IE@b@CO-r;Rl-(T+b
zI<6D>EAKIwz*o*j#aD4?pq#~3VO(Z6mv9^(g(v278609>IUm0-z+?y;ma)qsbhA?j
zI&7L;g{sDO`uhi+S%2l7{T)~fBz_OD1A){z!p9+{d_2#?>=I|3O|lY;N2*3xBBB*n
z-$$ME`~!o9@Tzu`)>_vJ<`?aMue5r#tY&>_3v<}z__za}nS!Ww-;Mdp@i8s%Dyck@
zL&4=+E^$CAK&Cg%l9YvYxH{|VazHrBy9~N7+gBwXt4d<1D9PNZ-H}xtHpeWwv~SBw
zeHWG*uxbKv+((>2Zm2#Y-b&-60
z!Lw!aA?vR|@P7k^=^PKtR^)<;X5x>Y06`5-QY
zCp%iKB0d@UOPqW2Uy;NkcW_Xb*ZP4}Q}by#z7!%NZGr3wy=y3qT$|^jv?EAJi;P>(mAoeH$2V(gDiA#ebzHlvklmrkX4y
ziq)&T3F(!F?cnltUbZqwLuWDyOC31R-tle8x0W(EM8x1iItS?C+dv;0<>+-6T((y6
z<6)bFM8e+%uhlfo`Y~K|0g^8a)iV1TFgp%YhCpj_YozfJS|p*FL`#pth7Z50
zeE*wR_~jmFHAPyuX5Q7oW0q}BEC4ue)DpUcqq9%)4x7Fjt!Qa9o(j77YG=c|_ik_=
z$20D^X3ey6{dQT}tQmcnX`-O*dy!cUw*YRs2Ep08&HD%LEfH$Fk|`GR4!R9Kmm0E0
zXoU@=tcodH^T5Iup7&)b2%qzmZlWy%%AjZcySqNbZvD-`@;5rEjKYGCjGp_#W>=u7+O3AhvnTvIPULe**WZw0khSb<@^~p`g_YB_58%I#{i86Ua#fs
zeA5SH2Ua`|8}Vyv&w(scKotTqoPt9znBOU-Kz3vepw9y5X#@IfR_M~w61m14_|KgG
zNm&JQh5mQBp8vLFl{z?gx$ALxdz}v?k_uOq)X;G_J6^JVW!B5`FPv#_PpXSEONk9vCv3pj#mU~FF
z)L#8p%jb&A&&_=YXoK(l=V0qrb{oQ`4byRGEY1}>_(3XBj`)=&14z_8`Rzw0SZBOA
z#@+y(UOpV&)6e6j*^x{<{Q7R}$UQHnaWX%Y-*Ln|U2fAqcON!h5isdh1C
z^a*MMC4jp+`FBp!nYBSEk?3&vT_M=z=Qy|aaoT*qTA+io%XRM;O?cqe#l*bWr%adj
zvO;#7Qqzd-9>G6IJ=@6?BxoQ|wVU3D8pv{rlT!zUxIBB0XsT4m4jwDYWe~areN*t
zAP&_5SfDd9Eub#RQ{}WsTh4K!UT?qwOv%&A+<5o=?EMRJ0od51<0(PZcKX6lM+tPV
zo(G{nJ?AcUEFeENJxL0aYP8q|y6fo2!f9|(`|B=lJP!GcYJbhyaj@|ug_{&q^4F*B
zw8zmvBGejdaAH4WE)G%ulquA4B5b2&JuZ`_xQ6xTY$?;oEZu3oLbh4X*KC#%@xO?W
z-Imeb4g-uk>zk4#*_D#1?(9G3k{)KY=q~
z3FKrh8zQ8stYw2{ABeITQYueNB>~t^!}^EyKd}II7KJ<4Q!JlIHE71N59kj%t{frv
z$Ra%Ja(qDuGrL(x2DEAP6g&-LI%sum2cny;5xx_%t`3LluDJ7_#@5d;-o2qNZ&ulC
zVS7%N1fUq%pI3qt`WZcH5MDK~MGZLf0@KTfpTADpZ)e=Av9rj(8TL#!vT*ZQam(oX
z1eVNJ^qrAx9B-I(NEsi~uT>K^q70HuzpGe^6;hMavStoTK-9R&M*_3M$)du7J-bT_
z6Q3ndrAwu!OB{+U0cRW_?vmS)`f$0
zi7|3)dZ<0?q&VN;8!fTH|D-@V0k^ihHAnIWUJSeD7p_qvZX8n_=kMIw&r
zPUbRfn(E!+(qJ%!+vbGB??YC>R%Z-A458W=DI?^HM&lz4Oo$wJDW)lxih>pwah(^3
z?36w|8Qy(T8bTbpX=`)*m`48iW5~YG$FRAR9dnd#rPp^NQdVJrx$HPot{xooql;0`
zqHBr!UbDUcgkmTV?D{^0)ZR_J*Z1*{GNUY=9nY4rK5dP0l@`lVBOcTIee2%9pc-!0
zRmUxO%UJAa*+j*8ptRL<1gEeeZfjAUxb)+6Xm#9ktTMQuxn+7sK5mJ;r}{(NKsO1#
zym(T<3fQ|)T!PK2sFB5AMuCx8@_R<)i2kpWYh+UFM2mL4)@AX~C%&hdg4dOBZ(_YG
zx2~AGJ6kH!W|-nB@&RO$>*2AE|7sJm;5;OtZztSd?}TgaaJ)gJdV#g^4;9Oa{_gzQ
zOj}G%l}3Zl9k4@+jMm9iXe0CxUl&3tnh)$h2|uO6RP5XUmmW@I1Wm}!gn=n*dG(Qg
zy8PmWpO#C&ABB_%!F_WRLbAzwD;7}_hVK^S;cz~Aqh_z{>SH7W<4k1wS+`V%Jn0p3
zph~<~_0yL9#=}aGtWhCh4ijs|bOPBAu6fpQX(ZW?pYB(aI%)z4h0@OQa{DZh5vB<)
z>%A%TTnp>KlK-A<@Gi;yXk}1n3zM2x;W%M2_3c(`=Ydl;CGhlGXa7Ao4YG77^u#Zg
z0X9Dz4%C0PvsD?paYC!)bXxz45V5u@FC_kuyV#gBn^L?_*8-101xp3mWXpj=jHsvO
z$0^xjjt6`9j*4~G2D?>4b07;^Kyz$@cY7ArIxJ5>2e=s%an9Cc(X{J0tajm=T#M~i
zb3Vh1CLl?%1>SaAp>br|K`XPdt*us{wloFC66*1%5|pX_49}Do)$~l9
z5BSsj&6NAwbal08Y0cLex(woue>~Msj`k_|!Og_T9Tx_=-PYmNI`Iu$l|wBpfsSdB
zZ^mvlB>3o}$y@tPhavLWB
zS%clM(SP=f%=$^NurTw%dg`M~jw_2GE!)G@dQqm05dzHz8Kf-ffhdT|S&5ciPO}BS
zSfxlx-;Aqv{-K>P&&%V2;rDnNzpwMMn+;c%@z%H_bw9Z&Cgc?1g)f4yJ!|6wyh<3+
zbbd|gfex9^XzDoZdUut7@N59p(A8%$$(Je?D)1RR?QgH)%w)rbOQ5!~>pGTI;&3{F
z3&gh49IKO*@Qs9KFxBep(j6MXa`ls5Y3c_L9_X%fv!xif55H-g<#CEZpUd#?Sa`Q2
zFxPd8nkc9h{4Ckv>CBMX(trGMwEu8G-{=7(B{D|B&^G$Sr&$IiKFrT!3*72$)pD61!4tlF#&#@>gLbaVzXmai4=vM_O&9&2C0WHMd_z*Ht{kC+>8Q
z!6U07nIVBMu76fk+f+yln?52M%7$Bo_E=Q4mIn>cpYd2Vwe!7WDK>#Bb-rW&#z_a)
z9F2DFazn{nH&f(RBU#C99`~X|UP#^Gu^O>aFXwjoG;a6Fd-Wv#-JcCpJIxKt_m%A6
zrom#V3)!XeWl@AfteBAVh(j)xra*fEdFY0D{&XJ!dYa=DP<(T%tI~gzH*BgQi@qUc
z1>e4I@szGs+`(VSM#yj>Sdm+0zM1LgW8aOAvhP0+vFl=oH)dyJ-Ruv|XPL*cCr;D4
zWr;T>^*oHm)+I7P)Otm9x7Cn#WY0hnWtIeb=sTbK*802KtV{VcAEo~$dcu0I0XM~1
z5#J*osyKz5aFsLe2(Ebl^X*x!GyD~{!(JgK2zO#Nn_)tl!JobOp~KawR>
zn)s}UOp}_v#cL;31)0!k9TTqZgG@^08&cUVv$=Cy%2KMDncL}j?G78M>UUb$o%$Y<
z%M~LM0=F29;a?`pYtPkG+q*0wviWm?ircuN`T+!`*)4IutWB
zB16m`4~CtUpsx~h99rQ1Qun6u03Q}LsFD`funP8AnioZu(w?nHmwcTM{Q#`5guY9j
zVns`&lOAz`C#T|F^3*B6jQEGm(eHbt;&Ll!K?{p-yu2-=sHy(cs*R#so
zJcQLZxqbHUzC|{z0*hxrYBwZmQJHp^jK8b>Bk7tb$N&SH>*T9Aa!MPG<+vzcW_Te%
z0xamRNfzX^d1R3wZ@pW%EhCE+=J2NPZ_|WiFmc;@y0DHKqJ*ax#zF2LKOCNhnO
zOLeuyZ2nampN7;l(btB)ZYul6LWmSYP`Ts!C7A&4s+pzf_pD~?V;^FuU#AC-KxfJ}
zqnlohuB!E`G(K{;lrD-)H-koo)995M=sXdQG|@~S`SJA(rs?R4Gqh2$v`|yBa?QM%
zhEdT5iQfzgx+_=(N+{nEj^R7`$fL^H(>I8C&-yU4I-8_(xD~YCpU6a+l$p+p6EO&PXi>{3r4<;hFgy=bj08KRNLcLEtc}3EApEdeOLwj
zkBY%Z9SPW{m+ob=*o+6I+;*Z}b`*cF+I92Y1RWjq8wHj}O>&TqJW}9De!)GqjE9SF
zqd3v@=OGuXJPZfIRcX?juiYDbvvRI5d0fhVWSUA~w|Qi`iV5ZGqG7UprI}G^RyUyh
zaT0uT`7fmmVaKq@wNG8OU}*f68aHpG~G~T^Fu-3NQ5EBq`jS
zlb#Vs&fM3#J>?%;(@0=|U5k3Ou=c74{xuKg+SqN>5=Mt(G5bPU1EK&>$8fazy?^h=Uqw3Hh0j{jc>BWb;7W?KG`0>`3
z*UXxOrboW_mIYP#37B)VD6$M}aZIkaEwYYzdh*ogKuq}gXMg;U>fZXV&EQ!ZMhg^c
zp~Zp~C={3AUbID9+@0VW+?}?#yR=v-?gXbe1S#%LDDDp72|e%mp7Z_(&$GWoKDqCE
zXLe?GXRa%|D=FTOB7_Jqe!^+QmaP7wyQ+|I+wVFszhb(2?<>RHcmvgn$XNK2ve?jw
zahJg9@*Q2dLDz}0=o{Kg&5=hk*~?JuP5qK`DC5^Sas=l%za?yj!ccCNB
zQL@_Hws>$h^S>-^oL%*I9L2Lc4u>X_nlaAKrN$#r|4g#(Q{zxn$cdryHh2bOu=4B_
zra+u?$nStl>mp0!hums~v$`|X5q5XY&ypF;n9}GY8uySR^=UmRRY+)k!zVE*qHWV?
z@NIm3Sfyo#xvObT_}}%GQ1{>Uu`Y0e0SwK`%{>-jj4P)58pJ+fabm1R@fnHwASE_e
z8-X)tLIzOIQ0J>Lx+5ac%0>s@${e;CO4i=QvOxGEQ=4?tM+>T!`W$LpO(i;yH8@9a
zhgss9$svBpi8DL*$2^K&7KsV@44kf@MN4zwqn4?Tr&J9ssp%(2jDdWxNi(1g+#*or
zn{>j{h=Houcj_6lBfQM_stN7PGj1*>Okf%%5-fN5QLh8WiS#D~=Zc}bX(yIuaD@A!
zQ0UFRz)VcQrh146js;j1r*l}HaHnRlsfze;`<>pi>FlSqBXmF0RG3&%r%5|YJb1I)
z@>^rN@x~wHWbjyi4Zgvddq=8soA;l@z?=7L0x74c>858z`m4>G^Ay*u{IhzoHer$r
zxM4=1@7S*B3pzrQm%xJoY`)gRm<^VI_BH+jF;6k2koJcU%PqzHN^B?nQu%_G+Yxv9
z>fNqx76M&qrd}1SGrp1LXY{66IzczWjVTg+{(G3ZPQ+!#IsQ+SP^F`HR`82fp
zbC58_k}m}RxCZP<4`!Ll8eWeol`8>8vN%=ec-pat1tofCyo(>#_0sj1
z2kd=z)Fi}smYN+^53r@%Enq>a8ElLBDm7EGI^0Lf-ocHc4#yfo7Lqbsi;ustzn@!s
zrC~M$AOzQgucAjtBy+Cz{xEkCUkN71n(IsoDF|)#We;JUO0<*d9g_-W^G
z@S0$n-AKlawzq9QJcH9rZDekvtJdo36VSe5Nz?{z$2~y+u5ios*53_X6fl?K$&JS5}TH(FqmAX_fd|9
zmNyxi2&D6aq_;qA%nFJUGLm`}-4~T$X~4-Q2r19*WZ?*FL#+D&*@bRHq0CZ~899Fk
zD;&xlg8a+(tpK?HU;anT1~%~Z
zD-V;I6uQm}bS{DZyM#9`d18tkD*DB_jRnHOJUKI(6((l(Y>+Cdv+I7URQMm$UK^%9
zZQvoUb00f(cdK=cMOO2()uWbBS55D=iJt2=-6GlznDYAgevg7DS0u~!ZQ~8v$x*zZ
z&1}Rfgdr7vRG{GH%xI6SN;(e=LND}Q09>ta-K2O}_>nyN>=S6aE}nS1ytz9oC1zxGpVi|v0Bx^3t6EpQ~X#5!bV|9KRti)u(<_`!1^LZ(v&c95d4gB^0wpL>zgNY
zk@1nU-BwJ8(rJ-PMegG@jS5_tl*<$SOftcdYPzCdLs9Uq<5<1>X2F|^?|ehZjAn>7
zoMa^rm-Ob4Sz!-A$gvGft^c-JDEW8flSa=aFfm4?A#ST=k%aSEBWIxo0qw*UO0Ww}
zVcCzV%%FDK9jQ{isJqIldO#l=NFoS7hfg}+d1`k=MBn0gg80zI*OqOmJZsyT-s9X4
zZ97xS#NalWzG9>@$JnBvbA^(6qn);YfMi5EH}GPx_LZ|zDNNyD%f(*HDV)YUwmK>8
z@t$4y4i8(=ylUdA3VikXhdchJylQhRoQ~+;I}d`Nu&m!l7tqD*NwY-Zj^mF#>97`d
z2B%Zf3#fOk+<4X8Hn6&eiH1fsNv2mT1>&dzm!_h`}~KWxll7V?4kB
z14CAJx3Nj3Zz`#mLWpRAS4=FYw3fSid}2UOk(O_djM!gDVHz=sWeId8sTK*;`JoD=
zuqS|bXgufU`1u9nlR%hZ(_rw%@3k%@enEk?Pc`(eI>llkt01g;%)%ho!t6I-~T!aKAxc-qBtWRQg)=`JsKUY
z^;u5ANJ@I)P+vr`q-<_Z&GYRl83k#BJ#gbWn>+Su!4>NB1_#OyAIx&6f}$fMYHbZG
zmMkUONbKtTfYa?u7l$~T1y^Ma4S!$MLcRbDo|clM`9UURnvI#-8OaSxzr*d=k6jq)
znSG8wyBjp#kdY3|{QTT3QFO|JE~&8@^6}4;tU;YXYRmZ4&WT4^x
zcG&5Ll7^^n4BY-`s?s~!ehVF)zJzxwq}Gxcng;M5mVEjV&hl<3S1u9QE_QR&x2pHf
zXbz_j9t-rvg-{8bFpOCpIPfdYiI=-BP-({YA!RS@Fj`@zq{
zpBzM*k-hxUfWH^2fMag4p%L4IOdhV-0uLsNlbh-G=RaIf)=FY*$g>ioSI!>U@Qw06
z#n9U^&EyQ8F1YOx?&>*vaN4U*F>G+{E3uF?h0L9i8?>az
zR9tNTJ^_xEJG$Z)+osGySVA_9kB-YP?%NP)qea4w3}x4y#yUsW_He<$na8@WgXnbw
z)dhQjWL7V~p@`gdHTwx!ZTxL-S*9)q0rw$Awx>B~8CKwz4pY?NQW|R4!^U^by
z>N3@L@XrPhIFn)28LZ1DVUNT9_pb&G$9rgHi}~CX)bUXXWarY|;UxkT8zcsg_+*nP;C)2F_)p2j8s7v}SI|!xZ(Hh`mqsF7!GWRD)J6MIPm)|JdCUA
z(@!`;TS
zGaJVB^z8VON3jiN*+&U##Mr3aDaF0ZMJ$>J-_W3M%Zk#8wFwCDi8(apjn^)Ys3j>S
zs2a7YFLby&G0|Y|atnmrTg-zGK&m+a$J7SGYrx3ME9bJ{s#?2MHF8^f9osO|N7PMQ
z67eVkSSmr>FND7&Z?(Qw&d%7da@SwrG_^~1sD}uwOpxSO?^>wRp)Xh44t`6Y(-W^B
zw=Y%93B6)eAHH<&(=kPXMb>#yeq8g09Xv*VQ40-Q9-UYMlxHh%>Jf0aJ3Mn=DAW0z
z2x@c{Q6A3%T7o^0n`N>)cJLa#+Fr8;Ta39JHS=GnQP+5VSfA-{O}`*bc)j{@iEpYo=1~JNoDGA*P-kUJ@^>Uq|Nt_tTW*JK&zYJq)T)5@6=%
zC+g|x36r%qp!9@5HaB7M83~fnCvjN`l1gs8+H-Se0IKJpZ(qLj8-7HW#Rm^GCCX@k
zC@i(Y8N8MTvEg`O>Yg`xEt$hd7ODdAIc4I7A3|^A7Pk)zdbQEHp41{`Ihmlj%nV8U
zAPsp%rEH+VOB_SKwH}wZsn;YmGR3^9KSaX^OvoHcadat{UeeWFUtJ9dP9Q|g-HR^U
z`g#JM@lE#j>b{r=Fo1?8snD6`i-6|ZxVm#dElNrHG{(Cr+wYtxJI
zKhL6}dCT$a88KyLyP!Gi#_;;d9#p;-`*ha5s4j=Een%fu3yM83N)6{%42~ewwfHIX
zmlx81p6hICNyr~|twaT;b|knWOQE>7r9Zz(<~@1gV39F-OnqyAI9!<1<%oji#JM$-npS0lcB4cf^S71`x#cPiJF2evbdm1$a`QRDR-N
z!If&xX}hDU8w|Pa?iwo_mxW0>10`a;_Og?${O$M=>X1xn~Tr49iP7F
zSH$y+cqd=cxg@T9p)3X)JSDy>LgzfQEs|#@2o2nS{U39pp(y}Sa46s!O58^lLABFE
zvuH$r@z|xO6mAC{=vjjAl-B*jy%~Ju5yw#=_5nv3&$kmZ@<^E2Q*5xE>kC}PUca{Ss(6E6G
zo**Trp-mBv?V4K{S9R+NYhsxdi@?GOvW(2IS)qDip)p*^aQG|2aZVZ5)uvEiJl*c8
z#Q_xhic${=@g*bh%~2MG)`*kYT4LI=Kx9P17o1{Ag;}FEw$A|}*u|x|UIE&lwd(O*
zko7R(H>MIoBI4Vmy^0{8p#^F4Z*B;63yZHP0ZDJx*wNfsx=s+<{gC9;KRPctq?8~yVL~n~-%txTMeN*w$8DMurWXuaAj&LNGTiA;Hvu
z9Wj`vn(JEsOI80atCH0x-N`rP2A6
zuHpPpe@c?^PtuBiQCJNSl9pzcC59gzo!{5(I6>hq?kBp9PqAJobVMh{998FgrkbV0k#8l}2#8SR5i=`|hR3dVI2H66bT1n&n4@vs$
zEl4*v+((F0=L`+gYaNtXiHS3Jr&+=NPDd?Wp|rBLL21NzRBWSfA`o))I8Vi{9)-G_(*N>Rh=#XXgzWzw2!=2>AT3GeEvInRS5Qr5`jGnkPF{;P7M+5Ki?6
zR-gY;Z>X6wCvD)y9bscCR&3|@QCfc8UIV2gvF;uyj#5rPHE`oapR!uVCuu3B0mL1O
z7k;1*x3qq|g=H{N4Ao7lnJjxn;HefS+I*_Z&d5-t2VM3=gx&ByS@$Npd?!?FSAjpF
zB^XN#OtEli_+h3p)tM^(L)t;w5JaH4#Ou{lFOc%3LkR?6Jbn+N+0b({HW0}1Z&cq`
zUETSJIa2bu$_$*`%K`Vf%XQ6s%KL9eRNg7r7Xgt=`wI!517)dcR5;nlMdW<>_|ljB
z#TfYPL+xQThOxHRNS_4Hh4)6X0=0jV79
z^kvF*+R06#spXw(vn)&PW0j@a)Ni~cuxvGoyITD2h{vZEhVI{al&ZrJ(v9-L
zakkhQSTH!+E>2%+l{PRQ^4l%AUR+k=au5rZJ6Bq;ZD(d32*aF_OJ%6T}Vx3Iq!&uA9DE1n@
zHDfPU&tNwA)t?`xvi9%;{dhrz&Wn2*H~uRlUA1SBp3C@wo+S(jCb!kDTq_)ZWBS5a
z$D>)LnK9NYwl*Ox$yu0&W^3p7pS;QD3k_=?D+yX7X`$segl9?K%$p9A6lg51A%vHq`965&xX_b}ohGddM8$K)($((P6w
z;3edb#~ALyCf3#0hK$gi&4^aZv=i(Ey;SsHhH0}jI4YZKScZs$t)gXOa-~}7&o)w
zZxfCB`Po*se36GbSW;DTu9_uq(R6{o)d4^ZB>0d{I+%=3T6^qXmLD7+ZoS^P>9^i(Bj5k~8gknj^hu3fz}@FPzWQ#fxrd8XK6vUupk_kV?NB
zIiS=f+W!&j(GSE0P(eWIJ2l&w_cLBNit%&D6&Rk6DJpnU`H>@!mjG9L2zo%F{~dsV
zmgbi&OECuCSVvc$#BKS};RquBAocUReDPw{)#&#d)MQ%gM5c@6(l`79f(M{zMhQk*
z%-}bFoxea8%5$so9ad}NN@PGu?|?XXm`l)fGV`7(cFTySrFIWdsW&?o>hBdQ8R>H#
zC7f<2-(Q3b;#)@`(uwGxG<4U$J;(Yd8gJT2>e&FD$8n$O?(KDw*2J^g3NvA^JCLqcQnA4vX?(vpGFRqrDETKs%v4n
zGo-@MQqQl}(X9`mt+Z-ETP{+&;OK3d>c2Sggv|l<{>*K
zzTt5#<8}hNR~hvYAa_gZGVJqhE~B8S(96r~sF0BSakKADs}l=-i}n3Z>ais`F$~R1
zZe-rN$@=N01G5Sbi!M2f_TyPp8~5Abvg9NBCBf#J+3KokJ8ZMS?Au7S62I{)Bs#EP
z>JG$J$UOF&T4HwI{p=;=fAZMU)=
zH54&4CPX-rUo|wx!yHh)eCEN&A28$2Y7xnG{VN=gaJH2p@g=(0iwGUO{PG+{iI}33
zcfXV~j&Nv_Xs?Rw#ztej`jQC}UP4hP!o~|P-dy@`4v0K@r8XC_=7S$XRFOVhs?_t+T5I>Km(qvTcEbvqXBl)xvB
ze{{`z{5lp&YRbVmJ3f!YY={11F})h{_$(R2^QKmMyz~c!KFtAFcy!?6M(lIOJ*+#L
z9l^dgDsIHl4wWh!YW+N|WZD@|Ab>2V{XcOUj#Dk#oyKnNuC5
zbC*Dzt8*vr{)DW|!hgAGW_j?0ATlev0
zN7=ca<}nG5+wiwOhnP3lT0Sy+Rs;&$S63cxbyjv$%c0YDa)4CsnAqzL(eraAMM^uI
zA&bvax+PBPA*wk}TVL;fijo4Z
zasSEO($1jN=v1~D$fTM^bxW;&|ImNwJ6t`Qb;92Rm^n!OSbn6(w)X8T_x+|{^TMws
zvTK)Gt`E{oQYcv0V`tal$r;+0?54U$akE1eKs2&4uA^X_H}B5w>_2&%{6>k?PAZIa
z?b=pVNS(4!wWMZ4&}9@zy@pY+w1tE0CunC|EuN2t%N)z`NrJo!K;d#Xv+c3)6J_Gt
zxq@0j
zLZX$*-kyFf;!nQe$kLfBclNzEJ~i0DPh_>x3Lo@o$0
zTdqC&^y!T3lyXF3){e|upjdVXj4m?roDVVwEABmK$vLmfx^hwlsCsIYoHitHu+p2>
zt+tg7wh*~evi1oCx*9Gdhu4Ypxka0s@DCJn>f|WzRk!vezN}wqUn5u6cKB<(q_*Mr
zJR2aiQIk2b?ynT;uZ&m}R>*ZiCG>2ATsap~fGx7#jRibQ$#$GRFCRp*^`$|~kw#y4
z)^l9xSK#I?_F2XsynERxjeYDfb6dHlnEGdo=_*L%ahe)EQ{`94P{RF;ys{EIjwuhE
zoX!F^PTXLcHPhKAz2fGbrI}kbt4V!|vSt}sn4%hc9X&%a_AuW9f{Uy-*C|bKNsUOK
z`S_RG)I)U(=Wzx7#~gZ6${h8IigNEJe@NTh5wm_HASCM8v&&{Hr2FxvrvJFFm*{>!
zS-F-%^F|(a-#)$i%0b`2jW11EeE4(WYT=vQ)D)xJ-+cYm_MCDMTbnI^eRqz
znB-f=ZE0^o-V$+q=J_%X=t4)z$yfT4Nr8W00R4HOi6CNfd{@!-yD7x2Gx8b~7)hBX
z?&Fy}oBYd_KJz109Vj@c=lEeAl!ULoPG}`;mNGjjh_BvPGZ;eC?WCj{paGa>Mz>d8K_-`
z=3lZ(!R5Wj%X^<)bg!QUB1pe)td!|+F1HWYZC)bSusnQ
zQ7{1fJc6o-vgHVW9KOA9`lUJAvR`hIy*9Wr(H$0|w)?aih3p_mT&0h<4aR%=B6hhWS?9Qg&CG
z@3?uzhvMfz*`ZYXg#e7ap^@kQs_0ZO{ad`kdev|F7{BU7*FqvgWutSNJ!mUGkqD`b
z+|05EO6iI*rf8v5%?0)9Tn5{4!bd^N1&hxGwpZcWK~~S!6c{-kH>M%%>3vt=e~s^+Q2(
zaeIa=FG3!o`HFPvwfX97&$Q={+Fcq#U&ARlGADxGn>33tAQCi0mF}PtZ4Zakm$JbK
zM}dqD)@y61)G*B|H$hmopw(JCz`@cVJk4tuqHnp>OM=ORfv)=Xb_BH@S@gX7oUH3w
zP{By@sO+5mM`Vd>d*JuvefcwTpw!8&xctXXc+HR5*M?Ha6(G@b?%}O^|1`T?$2p)z
zfpd;Ax_Kj#AHsZ=Ym9%rt(oi@&ihm|aq_uff9w;zlMTLna=dS$0Fc(BV8J<=2&z{H
zEI)O#iWU+GUam)bIXoS|G_P`caY|@2AeL^_o`8tJRenq3i0#)-Hj@j>aQ6smMOYRZ
z_P-L^^b4YA&dcD%toqO@=+ZdT?u}u`Xb*i6ARJNo*37sOvu}#heAV(CEPs0+D;AMD
zYEfe|W83Ba?8ri^%7*s=8@^xGcJ)QAkSxplcW;?qn;rK7AoTPgbCkdB3|Jq9)#JHt
zsiQYPXyrweRb`<);B%|V{D(RhuZN+Q9(gEsn5Xi_bZT@bV
z@KtwJ60-n@gF!*m+lLuLX4^J}0IyyFAUnB$#Dhke+;VQvtLK*UxMn&yROXP6OHYAl
zsNt0pSc_#r181WcBSVX*&O4jkK*7u;M^u<(EGE!<@!DehR50GzjU)08+!yoMKS&w_
z8O3w=%}^8o!vSFTPM-|ThNuVGj`V5(v7q4tIv|Pje=ce{K11V|GkH#T1dk35D9Rx&
zcQMn;|K4hz!5{y8IV6!_q;C)RF2_Ru@^aOEp9e#9qvJ@m#BbG7h3l@J;~61Fi}|v$
z)F;_9=TWCHI~v$CluEW=iD`it4%@~3!%{v3W|-5I!tXmtY`^kW1lXY4IM3CzbQtnAMFeTD(rI*MH~z+j^fbAy)+Rbo!0
z;}cD}zt$cBiU%87n4fsi6_H7hmoesF#mWR%%OjhH9liW&_8k@7
z&}iVALOS-uWe5@8^?W8@*HSd4h@9XfXUjn=I%3y*^ZtC7H;%g{wt&XSRODXp=f%ds
zp=^j*ub)J#)#c%A_Q!+LVmCR+d>THGH?YK|4vkUyZ7g47-I8rckX;4+J<7E)rdil3
zNsjbJGKrxBPrY-&TKC-XA%m{k*MIRCnwx#ng1fm&Rsa&yxB
z4)5sOk3O!6>UT|){zuaiUq8}==6ZuKb
z#%Ru}IZ+AHTH!B|$Qm4rU~N(=T;Cx-(o~e53OgbjK55gL0G{>ilMR9MWp6tB*?>OU
znAQ0_3`HSLJvx?y4rH=gD^=&NJ+-T3-F{*B=<`{v=03f&MZ~P}%)?9w%EA?El}S)k
zn?*T0XwmgRg0ZQ~YCrD4mT|iok0{A14f3_rR{}{oSycE{@4F(jEcOX450{B5hhMM=YXk>J
zWK$c(EvfeaR&7!lsv$xRl2v_<%^5p_pJaWWbu?Xs1(Y#*7Ydm=Y^bn{rC#7vY=kRovmgG;r)#wB%hz6XooW~2bRkk#L@oi*
z(0+NBGPhqOZ9_#MdK-&oDr0#^NsCia)@woO`|_=Y>I{2r;!CtHpA6UoyM+ShmhyAw
zlhfd%EIjRzYSYo>T>CKmAf>f{IXys7FaH6biH^3aNp7M
zW%I$vhBLoq(Z8s|AoNt=wzloNVhTdgU?IK{BIT&%Tb_;Mm~Ql0)$l5>x$@gZWMEyQ
zD{S(&4XezdL;F$pp%Zt0Yh!)vgg5t^+^HAO4l$?00886O&0d_1;5R}kq%J=Xn|gHhKSae)`bS=w07y!psdD_c9sT%`
zU{O@=jw6V+%fgMY>hwYhSHj5E%KlcTpD5zb5O3wT??{6^b~4NkDXwtW_M&36QCAP0
zShU6PCMMk#;cyn!)*shb(2M+8)+8Dgw{8Ess3z8Z&9Bxzqauq`L^2Cb8~miCA1B4&
z@8#62O30G*=L1m}U3C8d2b05Z%XH$Zz1`#f`NAlzwaOpTG^6ykPL)D2*xB4Z*`J8Z
zd;-dS#ndTx*enGz$?igVsz_lCqwSjpJkJ1Y&y^^P7xKet2?(;=NonNF$_N8Yq!I1$3{Sgu}gUZs$hR@f);jF;UC5d4FSja54#gP8?*Y#G1P+%NiL8nw2k
zZ1%ZUvaOsdJu{M61s57wly)I{4e!uzJp#85-Cl8!=Y>NO*6kUdq=5FQM&fB79SzM7
zDD+3|5hqIW>(rc5Z5zpt%tFZBD(C&zt`%HXxx``Gc(RpdCzu+xeC4>`Kp#_yA6hK{
zL@wS*xZeZOQHphU1g0AECE11DL{Rf0Z@%pX?>OK^M;i@f|3>CdL2mtU%zLmhIpXo1
z>s^p$5b9s+Y}r5In$vR`LgOxMICCWx4L1QNF!R6=mgu5AadrbfR=~}BEYcrHMIUEh
z_dMS_D6PlM)LCtr6X4bDg)k+1k_OkwppRI6)_W#A?0966Iw^=2gD`(ewqedhr(wGT
zDB@6`-bkp`*G)X|cIJ)s5Vdu$zi|<{ohF%u9mCRG7Fd}incpYX3?d0HW^2A(9GT?p3IXqdJ!SB=pXu
z#1m&B**$M64_)ZXM(gs1RuX>fXf7Ww$L$EYv-6$k93w?2&_%yM5(A#&xICR7PIAbPYz0382?of$c~=$>(N#9
zu5twUr9joL58mHcU#hF-v5%UA(_MEQ`GdDKxP*y^ndWq+&H^MS?o#O8FQh7^7QO32Y<7cVTV$gn)PQGpB4e-)HP8e6*TmPgO!H
zD;)n}7?@NRRD3H;RR!asuI-R|KJ6dA*zx!*hw{ZIBR3*0)FT&cKLRKui*5n=^eM~*!Fr8cC2C+D~`p)5S%BUx@~}ZdFj0X>Tlehk(a=26kGkI%z!~LN+ooX*(7`=DJG)FVoLhEYU1p
zDkVjbKvfYq2LiaG5#dcv_Pza7@{#Zq47LKg{4{QZJ|7uG`#JLiol(eLr9H7vkK$De
zZ$eH^%o&L+I~Ib4US=F#JxVB^6_$Hrlb85o79wRq|Yxpo?i`2qOU?3QG4uSx;3btY$Zg|z1=H{lFKDB>H656)a
zt^H+Xg&N5hq?!|V%l@-@+(29J2@gc@LZbGui4nl~wvIK^NEBcL2?4Dt4`~6t6NmbzyN~a
z-kmg2R6LcBg&^)^Mn%I4g$`G(ow=;;E}i-&lvSIpR7YfFH*RA56T8yh>Byv|P
z4c4t+UH$t-z6ij6YV12Od@d{|wsPM;Gz5Iic*4VH2%y};)ipJCl-k)2dsJwdlk7@Izmk3RxTMcDG&BW2I7%6_WX{Vn~}f{BX=|Jqc3
zZw~qoS7$J75cO2nVq{SQ^*Y2^NI2lwGrU4xF;Ty0wQhz(1SK1wS|l}i`}{U5ax
B&{qHe

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-page.png
new file mode 100644
index 0000000000000000000000000000000000000000..b3fd3b18a8a7c432021bf5f78918c9e1e229ae38
GIT binary patch
literal 57992
zcmdqJcT`hb*EfmC$^qI!Gr#s46w|j&zlSh%}``=p_&!AiajDH0iyC
z5~Q~fdVrAd#pipD&-uoE|GDpY?;YdbIR+!F?7df+d(OFL`K?6iYO7M*WV}g2LPDXg
zrle0oLMBQ=a;fP0HR3mNS8v`Xe%x?Z1A38=+++X!cS&8JZI}2ZnYX%@GTAaYDb-~v
zC6~sBBqR?>)RmqYzRB303-rFfl7_)$i!*qn6;59jq*8griAH;EKUK`vy#JK%$`=~}
zCHlC|t6mA~C(og<#(6zoPP|Ndnq2$YTj8_<)8>g+e
zYlCO+e|*~0@GjiI01IFoZ*-&#i-OgigiP$48u|GgnT@-_Ei80o2c<#o?(Vw8
zdH$O|=M!e$i2vOpehNJ*zVWB|u!w5x>Yvu<(d&+v|FnLBu8Lmz(^?jJpZ=#o;>q|-
z>pv~Ym>iBjt+yGzj$!Gt{oFi!l>}I1#z_5#g4WN;Q#eGSee|SDP@QI7SLd6RKlh)=
zNc%kN&$3J6b2dPK2o7+<$iZvJvfs4S0I9j#r%{Cw7)mI%{mG>DwRc;J`yXyv&uj_H
zuox82hm_Y?=E`yHJ16`&t_DwVR$vZ#XN`A4sihR0jw^Uw#Xgqp@q+Voniz0CAHnqT
z6Tw24F@KM{P~+3{KD`o~7r$u;%-Gz!!GSREU1b@TpOx(SX6KRQn0XN)UDG@mBm|ig
z@M9;u2xv9d<9yFhJXZF+JJcZT^08uVl%wI(PY^Bo-;0HflgX|sJ1W#=}VN=+2L8K{j__+YC+4R?>Fr1Dy`7lzY2V={5=u+RD%PyZXU~Wt04QDcm1rV
z8BYqDXk;B_#_P>8%in%kJI%^OE}w^P((t?mn&fvKo2FIu%6wlLEc$2~{mnARqbNyv
z`+P=MJk~{;cC$vX6)s&XG(U-~8ThFi;}R+~pOO(=lV2&*x_w!gyjq}u9Y_}W*b%C2
zbGxg$0ew6x<}WhyTju{o9Py9dryG4R>Wu%~DHFq`>5Cj31Z~HUK}h#Jizk}q;!+&C
zk1t$o{n?Z1YGxMstU(p>^X0k7$3@Og)vTSzjmdk-EBCAV>>TrNJKuAd*xo;}8pcK&
z-Irx`n{^m1jSRN7`!-=|n{+1HJI+xzc^(a>Rp;(V=cXQ<5%|E(l2Ou93b-rIKNnOA
zdLUlUK5Cy`=@P7(IHl=hDl?hTY}#TT=g*=UaC^|#W-6Ocb_c&8mmJ?q+BLb(*S{%w
zEnd#pKHGM)zV#YD?O!t7eO-Gy|9xXUXVphDKMu^&%dOAP
zUJ09+Hh*Vw5YT=0sx#&9*YbAo%i*(rqTD84qZO^5lzH}P>Np??Al_|nXHqM!76XX<
z7M02DVCyTH_R0xhus&H;(1qQoY`mza{YlQES5YeKOVUHF5D6d7b#Ezid67HLT;kwo
zKNHSWs^2$AH{Nu{x#HwEU;nUDi#*?S+STSOmql8CZj9Jh;4ZDz`NgjkzpgODFUIIw
zZ3>x=nYWtTR2K)aD%9_uxOJlrku?vwdds!Q`xa8?1jPKUQc4m*L8pdkffl9!m#gc2
z`puob4L#IM*})^nMn$zlDe7^D|@)gqqjewt`kb$Hw3&d~9s0P+>{i?*rgf%!3(S&f06E*8)E1
zy8{a^I~qjnolP+@-z3{I-12V`N7`OByJ=YM3v=wdRk4_3bWP?Go4S6ANb@kf46aqn
z)aOG}Y^SWKANaxA@SWCVOS*QBcpjzn5N#^+n2UA}uUv)Q3suUQiW@KVhTZ1{rWkK)
zcUc>C1}K(NKZ7eZPE05RWpBMIf?1g
zMlh1Tuck5tkUm&{ZPZ=@8Qg~4y@uX(?t+9v-_N@smv5+<2G7`Cb3?7GZBI^D8$RT!
z;#lvo@t!leStb+h0ba%^|TmuG(&64;)OxBUQG2VKSUYV1~BrzgAM+R?2##_w)^Py;7KIxt#$x5{|<
zYk@)|^Yv~0HKxk;B_W}kOBuG?$$X-kWgG_rT2v>u#6ht|eNM|jP6@N}B%Tc3E<=}N
z_xJ4sG7w*@s(DT-UhS)HXzLPz0v}kUPdhe~YFRt+qbS3(x!Sa9!6ljL`gbZiUs3)t
zAgj196FC+iq#n(hD8HosTawxf1?0DEB=}#*rr5dF@F?EPN%BdNT92pDd06FEFV(iP
zuT}S6ZBM97R=QT5*f?&P6~?^MKh;)`*D;WJ$5dJXdL1&@jxby?h_KHo0v-t%Z*E{h
z75&?ST)qt6$N+xtP%_GfQ>f%Pjh0e9ZswPC2Lt!zJOrzcA=)0KeSJcWl-1tO`U=kb
zi3QOe1q)@=G?}Ihx33Z{iTX1OH{hhZH6Yn5*z{a;)W)ao8u}aL3&Un&e=SahmEOL7
zy5suYt~3`d%8}0M*#2O&&FAFg;yzwHn5H;|rbX6PL5SH+eNJI%VA)?uN9yq%C!6aL
zOlGQv`wV|G;DyXaSUR_EKT-*#$I~EL<Ie-0$us6&|n<;oc31-(6hcjx}9Ch^W
zFczBKX3=AN@ZvtJS{hFV36xV}>#DL-MTz>=%ft(PH%=I`gTK$#s(ZDXUfK)@*SFP$
zd=_fhNNe+XqmQ{D+R)}|zL@BVK46z3leU`l
z$2@IXHM@
z)Q|yabo>iq3?3hLEbqN}T^Th4b1>NtX5V`N)m$_^aJ759Bo^~6^{NPa*%b06}7Wjw8
z)xKyS<=bYMq@Rw_T!wCTRL#A^5IQ~0PuolF=V_m?oEHG?dk!f^Fv`X-_uxmhx2gx(
zCMF?TdyT>|4{OpYrx;&wU)%=@rR)O8Ui%9*P*{2;`e;W%1Lf-Tp%AI;>ud5VhLN$C*0pS(mu@6J+~uZ-
z7}4DWkuK@?t2&TDOlNAk4LYlT8kf6UCy1q`xp)fk#gIh4zB$h1b%(O>t4dUu#yq4T
zXL_iUKL@0K^}F-@+c*aIM3M7Tk!r{AWCnK2%u}O&Nrq7Yw*lp}lNT-ccHUZ^?w_6B
z8rxFO%&_*DOma~@qgw4K;Q^{NnTQfeGN%>$J0otpZE`kkp%lvLB*24B!t!IJP$4)bH)M-+cAg#)4<
zMx>>=>wkYkLZZfrll(_m@bdnh|M>tyMfcA}K%$`i`2Uf3<*gugxDplP_h+PUSD*jC
zFzg>jzRmdWuF{Gg^T%H&Avux3=>$()s0Q1~d9MPc#4*t)+5e2&qVwZw2t{2rTJZ!Y
zU9z)69=lMW84n>a=tj@re_}m)RjUzZ`6d%)`P4FL0*=ihL!JwCzP=ZE*01EhIr%g*P2E^yej|Caa&U*#GS%k&tAVZd^_W{Zrc9
z?`96!Bjn2m3B3fb)Js~C|C~_5=7qz|AZoNORfT3K@t<+61g#4FP-1~VMghlvdVh;X
z)P&&mPRr>-6bx7m{zwJMH+Avi0n}~ovok$_oVP-fz`3hQMV5$!gv6V8(`yS}oB7s=
zQUA42Pz(4^Z=OGH1RvuD52r&JZsWVtq_Ab%Q9b%0_x`N%o4WUhfwNKhabUj5m47bs
z|3;Mk-xZ&K3djF1hkMy~$g_X0Lo4<4={$ub{xH0zfS4y}-E;j3Dk}ooI`O$=wJ{|}SHd~fSD2d!;6xh$25
zLG7NkFTQ2?me@;06@nMczc!hum(0mYNTOwl`o$4#;s@RVniQrLvUBsm^--38|2vl>KJ
zteSM(_>SV70yCl>eG#=od0DY}$gauEj|Od?Ihan6(iu0)(k3q}oY0%^Rj4)xqUJOdkr1
z{GVS_>2#7&mo_Sz?lKD16qjor6#a0X(G^^#6KW|W_Pr%RHjAwn!s0(jr&1ML_9k}R
zV6tm&$+_nsS_11AtQqH-Vg7X6db0Cjk`UK32rdpf)u9TP}y@NnTGQ#M#s_P_~y2%C{~rTT;lBpKiU6amNe%_*??4npqc#`mQpovB6B*6AB+W+izpBL5inq_K3@ocpa*o>YA2DPjPTzcz-k|O>
zPsh@)3cfz>WuFhpxH
zhEd5Lc@}Q1zVoiIxQnqSO&2vYJ#vn{4{W<1`g&#yQ1?~qrZ`Bur!@;LA=#ZgKQ8P
zMz}d8N}<%K;(-ZMki7?6L^c@a_!Qyrfu^+@N$G%MsyKrQ`vj1TN2s=9YzqIzAhl4a
zfUT63nse_j8tbA)mz|s(96l3MYS>j$AJ;5A7LOPmi6Ku*TXJ4Kh@Lv;WOw`4CN_`P
zj~A)cr`;TK)sg>5RJq~KYfESur+A9&Xtesi&+LrE2Z79dCp&
z1Vz<`#|t02kyQ^;uK5i=tum?JVQEB?5uL9f*59h*m!oMG8>(0>SaP!A9ZmD{0eMx
znnCnl965p}LzH#Y7^fjqnCnh?+3Lj5QI7|S1ZX#Nw_Z~Oc7m1O&
z>3I2hf~CeCP|EV>V$GN_R8hT{8o9arH|j0a@Do@Gzh1&A*3o+Ut@NA(x*86hyh0TMwhFIFgA41%yYKHh&&+fC@H%U5f5^)0^d%-$V{RVN7Tcla
zTy9DE1%PoDK(~wc#-%b_wN^zFCv!`2{rwO%pb|4I>tRz{d330XSwiVWF0?@`6d^9ZqFGmR=3}^+6r-3Da5(+S#AWY$z
zEhIz$B+>P8T7c=Wz$mOVZzP682
zi})e0jKK^;ZzW6axHK`hfKz>@4l5&h`n
zin{5UEWAYFBZL4fgichbYIcpZ=cy$}1t;47IdWy91o9Mr`o59R>ae`WVbTmu@rnPw
z)Ys4ZCZb0oPTKhbdK8a3{7g$cUa2X@RPPGiW_b57kI
zHi*&humuft8^n@kg=8$s49B}>2U;SYo2Dp39Avzt33KT?IH{TA#*X=QT?vyFQ?WX@
zUS>5D;DC1Nd+Xfh7!9*JwL>o)qr?Tc=f538iQ`Dj?JVR(qu6mZf>RJuCsxJ#af%nQ
zpA(NT*)=Ew2HVr-C!h>9fh|I=Ihq(u1j!K#SMJCtI9-y6mI42Z5Ppmf?CF~Qg`@>-
z?dbSSqm`a|z=c*V%Wf&hf&uUS5zX|94)GVpA(pKW0D#+Froffc5z09C#zHSBbCi2i
z1RX|+4mFMs7@rH#B_Q}yq;E0kb$uwljB2!aM}ClKYy#b!)@Qpv{LLyzQ8?CbYXKLZ
zM@HM~*}7^q3k|~{L$eKX84S97S!{dH1bO&&=P%8TmH-@wTn6IImRPly$Hm57)y}{2
zrJ5y-D_<+5co9Hj3>6Df8dw?lS!#DJ!8r4tG~M-xIlHaPx{KPu>K)Hu-gEdYlhE(B
zNjKkIh#}La
zaOZad89Hh!Q#C_)lGS-ub|G7E1=dw8i)8_O7NkpSX;@F*7=&i%;Wv+`{n-f=V
z4-+}|pfldtoFRZ2tGu<6{xqwnosTgRN$C7
zl1$H>?kRcEPy1NVl5679pnF$`pro9T0Jt^O-p}0joWHp{m{$oE1$>uI6%1K5art^h
zdrz>CSn(pawRr{6XS2%be=-e1KTZ+fR!H8u_MW&s%}oc|ef5)A8vBeN-|?fc6Wi9J
zi1+t0PTvz64;abfq@NMZ@aU0U4M;^96L-G*+Zt)_z_Pd#!Lx>1OW}r$0P~+3K^gtt
zS;M6c4VtBSfbxTcb_(I8IRO`9M$<)9!`iOpk}jz8J?m)|G8BsSAMwyN$^X!~U*q(p
z;PF5|dAZ=@Ijm0|TJzp61FG0pq5gZI;`ialHzU9_K9>*XN2VlqGaYQzn!>hr6wDT{
zrRH`Owx2#PiN;a&Zen#lV4%@e=N2M;V2Y|u7Jco1d2^>fe%E_dN?%s#j67mKRoD-_
z48DS3`J7lGFRi+7VVMt-zX8R~F(pmnos{_-jYC5v0uW=9!s_VBXBsHN
z!OWk6fh0^nB+An>pF`dh#MFR_S^A15Q5P`bW?QcTU3%*3wt8IykZ|@L$=%BaGzR-~
zN6Kp$~)}nY&nrU5=LMy@1@=X_*16LbdG$Nm!O-EtQ5_!|pwmRLgL
z?ns&f&?xoe5vx~$4~liyJ7nK1_+oXRCxbORmW|*_QPL-h0W<~$Yk2%M<)zA)_UK(F
zFUq=RWVX?uD)Z`4
z>&&K#j#JudsYI-EZ;Zz3w=IjGEM&_CfQXP4}#`Y(V+)e5(
zdGR?>65I|SOc($PIgXZedcvGpUdwmlPSlW`M=H&U4F@85$>AfNaL~N)LMv5{&{Uz1
zTf1SxV^kbh+#t~x(9QS7ju)>wlp1L~yWHm#~C15Yd(KS2k&AC!V2!7jZWSdOnv6X&Eqa(k+n#Gro`@YIF
z4Xr@s_<{W-O*+exegWPI5uK-k$65NjT)UGYvMo*s)-`XgyC+Pto?q<0{NUPGmpXW7
zan|LupD^*%`Z(=u`ukkT8)I%nwZbU5qxX6TesdtyU@{0#<;O6$r{7{O&A0_4XS4c3
z5ptYOfJAWf&0E-SaSeAJkoa5O5_30iqV1uluvQ_
z^YlBuHP!m0N?u92o&2cd4Or~}Dh60*yF6p{)DJeF?nIU}@q(eL?3eB{_Q`N>o~Y_h
z(D-qHXuoS8nw;|3+)4U(0o|-@5W2#HD5$}mqbqdW8MNNO51YRUb$Jx6JLO7tnh
z<72tC5Gje9u}5WbUo4f|^m~3x?U6eg&@c~ZkpVUQzRU&w)m}I0q8lUV`Euh^L!$!
z6Vi~pC(#9w4Sj_(?PpYBYFXpmdHcmUQ_S`AJwtIP4G0sjIbOaoSTTmmZh@x`ukNCs
zB9_$TW|L_Upu{xO_4up!y|N9(bQMYd%m7ep(V5DdHX!ogYhTq43ou!lnCC6JM$8Xp
z5cYX$cga>Z@oN}|@A;3ytwIgvD(anr@%^T?73MrCM!h$A?s2(iTK$5>ZHBuSmcvJ$
zFr9sul09q(Z{iEA@WFcU8W@jtvfl8@WDg6W(6r7Mx@eZf#eZGf*!HVhrj7`Y_d^Il
z=WKjt6p}JumyHjIsliCPL>g_5RA~5*3IJXjR}(fmJo|S!$)4%Nd^9!p>g%Y%*-9@#
z8+uaf+ieC{UMC7gyWHkt-BQg1LSXDG=Gs8+jKWWC(&PJ%V?OmkDs8USK9wV);z`V@
zjJ{m`Wzz?#kc`_rVT;`3AHau(K{KoY+*z3ur4Ca+oqzk&-d^y==>Fr|6*MqCMq(}b
zp7l=NPh#EMYgVFHG;M`4^V^nsUjcL7Z}3obljbRhpax+&+dePDLMaz5=;Z8q^s1T0
zs^z@OD(SnJk4#{Dmb^N{S@2Co=Eqyq!QY#P5<<-E`je%y=b*)VX+)3OzAu8wz@Zi>
zCLv8U-gdI8rfxO8Kko{53aG~eO@|z#`us^$AD0Hp_376Dlfzm-J5GjjbkkMvK{^bwGXa;fviZx4faH|mX}x%k$@NMKIarC<
znoVC!<$Ne0^M`=AqlMEVJ>!6ct;V!fLhJ1^OxvqCV}?QMkvfNE_G?96b3c^T+`~;-rGnBw(5L`D
ziG7!{7d%rS=E**sWkjVosahM7_i+hSowYu&#ASe(iMd3dID@^@$0@y5M1OPDd^Y$I
zOn8lY;1{O-eJ^)mirKiwo5Q6M=$93&VciF>9q@A_ykgIW90|#{HHtK1`tz^6MyI1v
zfm-NkWS7t6s31j#K@KQo4sy}xQ)x$kDJ`$JBI)9L1Wg+L?E~q_kgs1=u=U4Vtsk02
zu-zdW=Gol$WOHt+<2UAa^E?4o`=1|#H0xt4)M@|fOSr(vPvW~UMhAYSHJc}C+)v7f
z;~vyx9}NzPl4Tj#?{=kgsFRKY2;(8)fO5?)KA!ItGeJk(JffQ7Qhq1*9Dspg$%ba^
z*=3yQDv;NtW5lLtQ4QPPiTPIS9#X$(TaT#a#iJ18YEXoz8({j!U6)TOc09zyogOSe
z60mA^hGy^ur|gV&in2%UD^DluGl#!#bgC6JUF1#^@mA-<)TQAjD{Ps9xV@@uFZ+~;
zy2@fvV-Eqw(6ZqsMP%&+l`Eoo+1?`A7F_nwG2+WRD$!n1u%9_rq?Gpo4R&^VjtCHY
zm3=SHNlXWPFV)XyhE5?K`>yERc8H74G{-j3Y+OHmih!iRmF>HuiMrs1+O+}{k^aUT
zWu?XmyC8HNbylt0w^QDA8o_SKr1{=9p&LwJo_To)B?53tdMs5Nja(gcUj`!q1x7^V
znb>{xLwhdt+zFu&w$H%M=Mz&h>3NncG^a)
zqqyRD2Ad2*QyMivojjNCi+1U6Rpu(P>{KGt^F>?WVyn+GSm(U2+p^^R;UIe1dg?^RbMZdg_s|4@7`86=
zeXA_A^F1-g7`6xICpw8oCLT>CqFis{!W6>9#FCxn?g)4tW8RMx8`Yu84^flQ8SzA-
zCeXf-^bx%^7~fr38RNm1d<7Lb57Js(`^#6scYJI@Nfi7lT9bbsqdh41;JD%Qhx%o&
zpwKvHmo^EkPj74JvI+~abd>z37)#yzkHQ*tG(e-uqi;3fIpsPzsM`_xisqg587W5r
z(JI1CMPpZ9qW8;qJYnaYogMVi~DE{kb560vrMU@!aI6}&_oF3D#;VsWJN{(n%WPm`a>6N@JQrvD+_Dw=$0
zj)a6BdJ4Nhy%GOaFmv}D(b@b59vdx9oP@R+ncTT^3;6G$NwnYn*DvDl8(!S$gZ}A)
zf3
zAWN((z`A#qZZ8z;G&oez$5(;M?hs>>8_bm>Upr_bq={(0!J3r^m;cRi5_-C}+m0dA
zMfx~IV7|)Fje0#7FT#bd2vzi%i(w$UdMUu;^tze9ls`U1t7(0ry;Z^mJ&YGNe)GUA
zm&g2FzidxZ+E@<`aMiuJMFi$5`bVGb0+&k5TdbGO;
zVLdA)W@zHTZ2Z)03&FB8??_tWy4!7!AY^@iMnOrrnRSD1`CJzaM&sSvMx`9x))p3W
zESuee%*0r+@Oy3-3pgF8EH+TM6#CZ8?QH+{n+{SlP4=}%?eI8ps&4BFDXuUOfyok<$>*oTOPsnGm
z^;gm+N8+@;Z@C-Kx3d6|RkeHZRqD3RD_ju)2&vJU!CFc;1_OKMPU}^irch6g6fly-
z@gT@ga=M1ya5S}X|3SY9Ar@i(Nx#J|uP0mID1Gg`V
z_^-$qV9P{Ioo&{UPWo#Cvf1br+NvMvGc`W-ffr@-UWPiT&jG0RD<~`+0u!h1{DV4w
zJM-~VoX
zziA#o=@ag%r8nR`SVCi~os9q_Wagk!f{kXDrVF$cj3OVx3^cH3bQrV#yMypIMi}sxGG!SBACxa{pln
z!N}rE?tSO@Nollmum659Fh1`S634bTeYSjXjUN#dRcF`Nqjgo)cre*1WMFup@%MRx
zf6?2>S4z+Nl_s*1zHHba`*Gl#{fEM1
zQpNIj--GL$H2PheZL6de=-ifMWbv)F<@sRrz1Ho_s1cxDsq1MK!wX-HZycAaO6>;|
zfdnzj&hhDx$9EV}Gl5mSSDdeEtho@NuBZEVdgF#ZrR@mS^4M8sKe7H}Z{H5WzL1K>
z_={pyZ?gJonLTXZ+ITZt7GFH%TJSBG6rJJ
z7n(zD^kuk2^iit9NLDE(oraxx+Pph@!DtdksD<6p<+&>MFIrsFmlWM3Ck-*xBYiZr
zm%Ss!q=3*)1YiBF%Iv%B4)ypdgTRbveftYWV3C~>^vG@Nt1vIMttTv6&rd;^YTKs@
zG#acuT~(zuxAh`S9=#=Mhzwk`HbsK9&FL|WO-33qKDt55=%ye{QBYgt$@Em5E
zZMZXjJzes^u@(REXqH{hV!sG-8ZeGJkJ1OHg=u=+`Mh5nv&(|rFYZhis+-$-8jvbcGgKHsUlpeM
z2{T0!?z$bgNy7#etcU&n7G@InCMFNv(OWs{J46n;*P~BedP3y-UqmZx9Mn7R7pSL;
zfQULaKLb&M0*eftTh2>L*!K
z#mHq|KoLxp3{xpA5A&?+cIgwlvmSEW4TK{0Q}SIlt5K!a)Gsr-@#$}4(Am3%9N7WC
zu-nW!kx8#3jxqeGckdt4_;O@{NN>b1e{0_-!p}BZ4iF;q{eRd@-Ts8=9{p)9EdP&S
z-;i`F`*~sVr;!9>>wN9=U$?F2vOIh`r|q`{n3zQIWb*VF$e%GuzG^YvC(=$7VI{+h
z!(3t1A@H@)a!CCUsAwDGs~7vin^nRWv%v_
zPN*s-w4d@t-MJ~t9N47DNqaENDxt=tOYYnxAw@mH8#aL36@?2OGu`^LHi9R$jheN43mFTS!abpk5}{*v}DZm9%*~FctM5T%1H^bT9;B
z;p=M_j{BvEc>vgZubiH%n(#i;gAXyGij~XbVk%H1hxu5D;EU(o1nB})Lr-kJ44@u@
za?7>{yb4j8XVu+n#9qs84g71pdSe0IKPC?&;^;u1VmDKZEJ$`cvv%Kz|JH|8U4AeF
zJ%+<32KAe7-=?I12r>?$k3~s|RUXtzPdsicm49IPt1*jAe#3B(j;C-S4sfou*6rtQ
zGtx04O=MK|NuH(0<&<72k&4FWp|9b(!M!nSiLcXi=7)>oV}tiz`!K~_bba?@gF{@b
zs)dB@TZD_FV&@B8fPF>&OS^tINZS4pb^Xo57k8{5jP+^#7Gh&HY~l6K5F$Q_o|zao
z{F`3##sr^E-xuy5pv1?aW{KTh75R^bFDKt%8Iv*GQ)XtwsQmp1F(RqF5S#x4!zCek
z`$C0gOlE1jx~qv<(wfzc>Cdh1QjB`K2Sh#QwAsZ(R}W5DiHXJf3IDlHLjNx=#ri!a
zdBMxVjLRI5zR+Bn`y&HSpFJ(&_;dGvACyW&6)v!SEaTDx2CG%>xqdA8eOxL@j7Mmm
zf`M8vd{fh~t`nI~$XYwBMw5v?9e^>)Vts$}fq{5Fsq8mCPta1VFhn`)0{Wax`=Z*F
zcqwC^2-|#{FQ0crE?}&w^J$F|HabhJ5HMVr_u2-yNMYoP%rrC)-KQEP+*$LIJ>3+%
z6@HOv8v6Q0oJBNiQO{Q52chUR*P~cJMPhgEjMZ*Wy)rR6iQvm!KLnMtK%>dQ8NUzW
zy$lL|)k5Uy(vH%LIq(BOZvtA%+q^`pwvR;)P~mtOhwc?!da;!&d{7B0{A;;LsVpgk>$gqF|Wv<<@*DG07szbuZCv8uEIPw7Lm
zNe7XE&GLDCJYh{uW5|>}v~-QOmuAK2*_B9af`@j&*}r4ez6t=4h{HxLJ6fl5Js%)4-3lMFiPMX6Tkug%nH8
zfQ7x$q?3W)2S$EHKJaFc*plQ|IBbR*9p@VQgfO$TnKMVw%fkM)P>R1#*@lldU1TS3
zrGqvw9XoMH8jhovrC%Q3h8@eqD#Cpq=4A&X)aR_+blYb03W|zC;VM!?h4|ojno+{;
zGYf;-7vqy^2>+Q+j-9L)Qr@o$`SB&*{}lkptfC+!IAEZ*2}{>pQ{)6r)ST
zt-C^|)wHrFE=ts?>=5juU|m9kuQxo`N>)PiEQ}^_?-8HBoKG%99HWGX
z?pD~daDL}8L<`|V$Wa(8d>6ig+z&}#flIF^P>KfE16hI&s9Z2XdZkyoXm+$~^Q~{n
znpE(e`fXY@%@1X9x*88hUfNKqcz>o?Mp`CwWCW>-W9h&
zFXxw#!-QzUPShiOTU@q5#kSW50;4}1SHGDwka>1`F7G&pb)7s@j1PD)>Gxn8;D4Zv
z-U!f(OVq^oxD)s`be-UYUmfzJC>JD@8PTBVe=(6&H_ecOXX`&L6KIp%W!O2wx*`nf
zMOvX7n%Tp##9sZ6vZ0|hYj~mvDcmEPKZScY%l#E9ymv-;&@+cq6sMb}2h6hP;M^U7
zoynb0*Rg={jkVi`r4Kvq`V$zMREUD|Mqv}9=ht8^e6HMdxbJ!7yJKv4Me4-Oq6dtp
z&@xbBX3D!6wB}37-)CU?s<6af^NYKZAgx1Zea{L{pTWGO9AJPyMef8fRAheZ=dp??
ze(M%2=$!KOAez%|7J}r7O0<%&7_aUvyaJc
zpNe_zYQkIWFWP@Rf_tB<@ZoTtw3*>Br-(gcnzcom?1R*gw?qHz)<*`Y&&|
zH;ZlWgQj&t3Y=O^bIyNkq+jqMymJ({<}=G}Lqqc+w5vQ9d7k(=l#$ayA*Byi$5BL?bMjvD@!gebtFuQ~5MPFbt!Y@Kq$t|)
zq5nH+?+ek0vHf;MQ>;?`>ct7J+-pMTCODe~@pe2D~%0NS+_?C`k88Hig>eWTlRL!T|5*&|fk8JZ-1-c?SNjF>zzba#CRnKR_Ocru71n!LBpzjtt(#{yQT{_%+w
z-%xTnEXU?WfG@>HA*0y@QCvt#L|f>XXk1-SsCK&Tew66rhqC7tWVJ8m0yY*s`S=rW
zp0A`&Ocg3tR&4x?((i8@Eo`;gTJYeSH7Tr8v1Y!+J8us40IIhg6^KWdE%E?%2|7upz
zyk2|;O^npOaaj*Q{XYm7*|l=JmK%h)XV%eNsLfp2NvLZPptm0hT|6%`#%#yimF+SV
zy$LP9oIN%ppVQKtvPGwfF~rYJf;6+N4noi0hDb<5{D@meSAfrMgUC|oiGE8;*PY(u
z2il=>;GO$Za6<8M=)?Y#(4edcRloV)zc*nMMm)iCYv%2>5P=nnBk7i9)c|MTh~%;s
zvs^x>gs{l?g3A_+spapi(8g+yXaVOxZYqZy=>sfJJ|DX^8{*=Oohs#Zda_xw3xrvw
z3PW2uEp~htjv~CrQAeAxT5($#$UTRJ!hn8|NJ?sj>Vp*1d-Jel&Ft~2#au=!HY)}0
zeffNJy^c=E*`k!}gk=%oic3?`F~96K3fk2QDEP!uU$Qu0=_7Y0i*NJGPQ36S4&)QM
z_PA+vc6pqQ59Jfl_tfLruR?t+Rj~VWZYjlhIRm6AfX-+$0+wWY{4Bz>H87=hGyr$nsgYf8Bly~7S@Tmo?_)|J|+T_yJ_=qvu$R}>bO7FJ70JaTYt48l%
zg~;dFmDt%(x*&FZ9oChp^S2>i82h?5=DlUSChQ`$mF`Gt={TC4h49GKynViA
zA9-;xFO@63MXr2?Od5eG>QNN`q;w`Uzt#hpKD5%$f{;!+s=6R3WdrM7Pk$*k)zk>$
zPqC5WD+%7~cuUX+3)*G*5$Co>Qic@19(OsOLOC*Dt|#$2`q&GmBs;dt;Ix6@!rXtW
zqAu}}kN&5PLIlFxxMD{iQLyfoWw4A7Il?N_64q2|@9#p(Wt6`TTKCk46tINA%}QHQ
zWk2`EdQUXC0p1IeE&;$ZJ81R5M!F#GMYz@V4c!H%CJ|IXnUG1r0B1U_)E$EhPW&bs
zG^*)l<`qJz*3;XYASYKGJFt9%@gNFO5g0ZC!Jwc+WQw&d3e|QgrS(V8@Y_e0N1-DX
zQ_bj`=uhgwXw!@HXC2qBdD{_ArA9-PmpAOfQ7l7m2QfZ9}*5c^KLQnz1%3KzZU(%L)qJOk9sC7rM8*4TmdD8ty|!a
zU|uZCL5&@K7R~Y_6n3klw9j<1X#&$UA*397US3*y{EW4KFLkQ-7^Vs$w0A%k`Ihng
zhMHvIU?+#xG0Mqs>K%MU;*5RuAy166zbliEJ<>sX>E+}MWkc}2G%Jve=DeJrxxM2Q
z!BG+tfw6O>S77rv=o=%v7PhUeZU}?~zAO7EZBOMVmOY#KdkDN-3(k(BT=$WW@bP?{
zrV^3L({wI0W;k71D~@}IESqDBQ1w-3fdaeh)~{&fu+-WX$5#5r4JkxQWak~4S>g$4sLv^@pd&P@e_n)K#Z-XUjMZ2i&g=6PdB+B>KLa2!J
zWnNd`K&e2Szom_u+&(@vh(!m1RTi=e%%n{SsI(bbSJStgQkM$!UxwQk_g@fvGw^h3!LqTgeY??1Z9^ehQq
zB=JFo(-66_Opp)A9Kl-$))k-U6ywKv7PIJ1_S&op_M!f4ruLo}>22q0TEEi+`J0nd#Gn_UQhM2h5l9^MPk)PByXgU5~qk)y-2Cz4o12>iV|LSb06q=2CT}
z-22j$GsM*c3~mn6$@DZ}vlcA3UfiWCU)e=vTNoiK5f)beHK3~BIk8Gl00i+H)ZncS{m@LE5E!vPe21A
zjN)@Tc|KxsiK_d{S^cv<)PK#LaIH9DUUeQypRP{ms1NoomVa~&A#mK^!XEFQz*PMO
zgT)TAC3|Y3%a6ylb6sxB4}LgjkWipswXLXrymUV0g*jJq`PzIp#-Hvx@VN`ZWy|2knV<&9C~Qp
zjrZ?)p8NaWKj2-*!3;CA*|YbGYn|75o@*g(`S+v$ywmd|d)-VTbJ5~l^Y3~7dDv9Q
zA0ztL>!(pK<)q~P{l-($k=XzLLv}&xj*8vQ+{dmIG#n2;D#xOvXIM|Gv8WMJze`|Ihr53+ok}Hr#uj
z^(IF@SW{~AyX`BWx^rC?wsT6?#gSdZ$_+Q;qi23Aq6g&$5HLHB-Q`jp@qa5U3jTnO
zTSB}gf$LKKJ(AUd$nGc4+0u6ZsCE~c{wV?Z@W(FqfLf9in&zkH+1S~w+YC++qkX3n>%AB=Jn;Hwt0^Aeq}E0W
zYk(hYtVun5dx41N-cZ`4Jm4L7KG_%n$l?d5QIG>81oW}h%K|xony^I^3?AQMq
z3RmZ@@zE4UcAhCU&82kVRWncHkcLX}Qt_xL-%L%2ZT&74x5=^W=&hK)o`7UegS+(_
z2#YrLcmp*;#v6=x`<-;TCTp1sYjlPW>t81HbF&z2*A4CMFV0>*bL7`(_wqzEXhA02
zhOS|}2HLe9qmnI-RgeOq@znUGbq{~T;|R(B+_AWL0P9`NU35rn_TfI#9Eh~3Kvy`=
zXS7>B?t9Y9V?+%J8L9<3y<5(@F-&H7Z+#!z^>UQDb(}?5>--w`5sdl~$6W8&lm7LI
zjRCw*l>)A?y@sI^1~dJfD)LW{W_-AoM5@TA*zQS5Oy0!Nu9Fn-TTLZiaYO)(|79dp
zTI;`U_>@$wSW)SS+007*0A&T@1cuz|479!L%cn(H_O^*W4o~Ut1iC_lRTO#wX;k`#byZh?Cy5l1i+-!&hE(*b+NKPS#tKRk5=Ugn^Ud0AA%S}{O
zH6lAAW}Ji$$Txe)NXndFp280IsMC1D;6BuLdR0hOl)-@xN~v;zWYm>9XZabNpiuizdHt>m_lhS)Gf0@8MRn0l#KFn)S!+o&q3O~s$Wr59*C=27K5Ii$gvI$llq#tuOE2$>viL_f1p?Mm
z$EPhFZ+YFDBN+s{l^@s9j!`92@zUvsqg&#~+(H_d*!eX7%z}>EEK+q&MrE3$<&f&R
z!tYsQqxJ4}6y>yi4kpdTMDW9F7S`Rc!kWoOFHg>l*=FY!)z>=EKi9q)Yl8kS0&%3`
zx+zs$yP8}LUfo+oYPa~@{xM6vg%@nY6=S8W6_sxvOtL2T^zZhMgs69`s(#SyzvsN5
z6kZfs=S*Z`SYU~f+;dcI!TfT9(?vZlt+7jFj-e=X+jz*=GK-n_80H0
zwclgl7FJDOtPS^h;m11EFk?AL&x9{avp3NCRc1%((}u+P6k+!RsxbL1k?lv(&x{C5
zpXcayF8HEb=XNuQB~PEql&|7qdCL68tU00;$KlYZ5iVB?i%up5%49L+pC7
z$tpG~&Y_>zbx(B6Yl9)m+f*pDg5YQ0&>SVhyp5;V-d7VI;xG)?xSt0V4Q;>qh=I0;
z@y?d=#J14b85RXM&Q(Cbv7e3PP0+@t`dU4*TPQ1BwHHo>!%&~sT7PO}%&js(Ta^#wR#xGAg0|Rbqv+x?~m#Q>f_4i#1fVCrQ{{vHNWisQ#T>lRJ)#1mO|O&fF;`S
z1G)Z$XR9C{ZL?;5r8|rgm4&vc_1|h07Z(AG@Y?Hu^SNwl4)9YmGqS?*6sk6$-p(P-
z@a7`8NqR&8NF%2E$$Q)#rzL6Jd;*FTUl3?0E&9ZYr<%VYw%T~ewQ26W
zLqry2H6mS>DaS5b#0qy$e3q(jpi4Ye{f&tr4%_;gQKSp%IT(`|{b?}I7NKw%@ie1V
zS=kE{As)#$I0W7ALjC)Kk4nie!q~{WN2CX%4m2u!7uLe@Dg1ZO$0D7(n`_uxV=947
z#-7lq`J$)f4)o@DN10g*76ikk|L}wbiIWHJ(?9;&)n(glz4m(M0sr}!WT1$h?piR0
zE5}IGRGnYBOZWRih`YV&bduJXxR;~rQ}xnJ1Im-mJQAq0XKr>l-GDGb`!B|9*Z+DWFjs}5X?agHBy0@6f0kr$i;UYVnigMAB3bFaZ#1aE|4~j|
zW|${_p8~&*(E2SNlY&Yq?c12CN?Ah?Q?5p1CBt{fr;tq@JZn{CZ)ds$6OvH9Ay!}O9
zJGN7A%XCkRv0pf-_cMF#b9;s+Jf%@XOuJ{MPby4=8Yqf7KzLS;DAg#~$f{dINLBN(
zkSX+!%2p`wH-ohCOSLIITFb>ORjb9XolmV&)#0~05eDVQ?G=Ron^>Mk$zx_JRe<75
z9~i{EA_e*j%5qT6GUDCospnQGOmCZQm+#xF+^md0FS1PnI;N(u6Xl6YYswmKGD?R^
z^wm`h5FkRZtM8_aTYTlo97r)XM^r4%+{hm+`iW&lh@EOw!>*CR3zqVBHIG?z%$ZKF
z5@R${^~{$q;|ex$-;<>QH-wMRa+VhL&`yjp3wJk^WJ2A43&>hn1;U9YCV|W
z);+)=corglV%Rv}AwbPE%At855&|zyh~N%k>t521lG?d)-dnSaG;#qEnUr_L6ozRv
zkv1HxO+AR0A27E4g7!oF;%eBdLr$n0WRY}ZIn%-ZZmDXzpMf-ADCXzOm??_=rdOs9
z(`v)yO=?Q06~fRozuZ=gj#T`+KG2O+B!QyGx^-4loM3BnJ6~{hP#Kr&YivU9V_}K#
z5tn$fA-Iw5-d_;raR$JnmnsUcKFM%br|nzsN0+{ut|9{&VOJl4%3Qw$oPDv#Vs^!6
zu5gZeKs|GpYaTq<9y+31|2Qo;NrK!ZrUM15clBW<}L)75sa&28EIQzfwUS
z*_h;_*!B3Od*;k9d1}biOG<2LN^&jq+bo$|)y6%Xy((2=T&ujCdfDvWQ%EE=O;Jj`
z+^B{dS<$fG1+rmO!B(e*T0TdL|*j3!%
ztQz+%73bf>G%DQ(HAaE^J8#VFvCETosJo)b>5{)Xdkrvre#9tv9glyU;C;aT^y-Y!xp~CM
zd!qH@Z@2LEf6GqFcX`aY)#5mnv!50@p?o0yXp$z~KqYUp$QlTRs3-DB12L0~g1$Ww
zsA;bCky`gT(^}Y^s{O*z%_GrOSmQINuId}hW?wLmQ^bs_34Shxlj?M@6_<*b2XZn`
z39h56v9Z0Vkwik%6mMxQF}_CvDsZR*0_`@1-G1tnC+KH7HDeE|~L
zB>9nOZ6!F)KoQ^bsh?TNh=>mR+^G#X
zCNRVFAE_&;==L2?&FJ#wEX6Ei*-XN$@jG^>eT3R%mxEVd%OXvj$g0
z`5b0p=XoKfUNqbm6AwTK5E3-7gWn~&U5dCXREBIqQ7@H@ZR2dOEeL?DSk?%Hp#lYZ
zI8+~0S^mNSw~{Y6l@I@Ns^v5=9%_Uf
zHvRD4*iiGsu-4!9cvgob<|4ga8}54!l`2NFn&EHWv<^$YF{x{XmpwD<;Sb+hZzR94
z%Im65e<10QzdXNnk@lt3oO9X?&!Eq-#&v$@5UwEO%*$@{>62vH%;lU`e%bdhoqqtC
z2diJKdPK~9djO~RlIMmuxHMa^-1XyEJ)IeiU;`#Nabb5ybM)=ND^J(7;A;$g0t@pA
z?dtGdGc@HOk(tQDmA0JR2Gld}oATfaJE6|}u$;3G)N1$nPxf@lMj@RSKENU4U1EaH
zDM-X-J(2fums-=v6(Pi(#y{uQ!9HIiP%6umFb*qPBbl%3+M$qid+jGZ0B9KXi+_=g
zuJd8`BQR;x>UUyZ6SHC=y7jAR6%z?HeyO`J(UPmX<*%s`eFkqZQ)8UiRns~*4c^6e
zp^tJnkOx1rLft;FcRaUwNvQxN^34Dga>Xz?l5kBqKhn_ugeMU4q4H($e3Q5a(Zo4}
zgZJFFuV-0e1mE1V#0aBA=6Qw*ipS3~b7;?QKA6i7`LYU6`OiZ&jt)2s{|
zF&Xe~3Q>m(PF=!`|ABXF(tJD0r5$I@)v0W$ji39Nko;ih{W$AjcHM^P5uC2o1$cn>
z4&GgZ87Gn@$ewcI8$w9r&pIqTFK^uVrYX*lXJ#_)4py{zD3{;ef!wj$(x#oF-GuH&
zw8{xZbSD>N3q>}2W0mf=(xx3HnPVDW)84ToexaH4a<2+SSL!_dl2;V!wxQH?wuXFB
zqtxpMSj8EqyOshHPSvrh2cw!*&7i_-lSEo>a61g856k+MlJy?UC=hqC5~!c!pgBhC
z@*JUzyzY};q6SZ=O>;n`CEu`g^B4ABf7ayX_ZREZ_@J^~m%np2eTy^;`_~pU7rZB$
z2=30cI8cG$bu=YGI`Y~b@M8Ew&Ni2(=dy=Bt4&WIpOx4mD>5G_1VJ7yb#@dZ^dEI<$#1B6TEg`c8aNdSB}~ztYL?
zGSnFK=NWC)Qz+4s6yG{C((#%)qB3uS17&O;NQj@w(dP%H0p|k
z*w}_X1;hp3Ywj=QrGM8kxSDsO!tB>T!|o(Y3~WqXR^u*o(3CHJ>!z)W#kga8_R)wz
zUqG>CfhxLsaFBt0ey5nki9h1}Hu}2*Rl&6Li_MVeXw!Z-rhfbrre1Sk%xG*aa*itM
z-iuoGsI{b^k0{%InAr89WAL-)3`jLMGRLtd$9=16>E=uRv~!CV_tyBRptCc3!w~e<
zkf2@oW0;TGKLH~X$#O@2lqOPB3(B{bt*Wfm^4c+8RiRJbOwRkThH5EvmaTG8ym@%F
zKANI*7KNw}Flwe1#B1r@#L<`6QlR*Jsmslxt()M16bOvxIU#zc{YZbZD%A=bFA?LNwJdO$
zOiQ)mWxwM9Y44n=thug)&^Luw26&B^Tfjy?{y39JRGEpDJwZnJmO5yv(@+=u(*0eH
z0|`CYGQyy>9M}2{M=(ZWs<_8K{>9tzDK#RuXjiEn7Akbw{T)X^&?v{e%|=OvchoJx
zQMz;D$OJ({`!&BX0~Et(zQ3AfOMmD~;OH=q?YZeraNZ6iv3HIORbrD3
z$1l5LUMjYp>nQFSM3X7qI}Bs6b^l16zn887n`e6tsa40K8@hi1g&OCM$@&EV>DoQ|
zDA+uV+B~v9@uOD$$JlrO@dB`|7t)=6`pY8(RqOZh2U&nwqr-lGJ?gk}hQJgX8q9GI
zMh%QAFd9%d40wiLCXRL+C$SniY0DbiZ1E?LvqW#_NS#mQb=(K?nkt?KA6JutJ0bS2o;gw1PW`u$mT`L=HIO>A+$rcjfyNe7Qx!vM1QN
zg%}*BJ}&C?1OV0|Wn|%Joc_@odMgr&Sk!>)K$!YAuC3hHCJ!3b{>WcA*S*^g?=^-^
z3&RiFNzeWR3<(P%~sSR4`xkYopmcaRosqsfx=hqo4s_rR0`?5*OnzW|Z+K1*yllRJ8q!*-q<-S>w`
zGvcFFBdfXQCyhRIQvBRM6yJT{bY4U~=Hc9fad5t-h3p(soZVRSOmzK&`$*xi4}EfH
z(GUlRgRzMf(Z922`{=r<^yGrVa`<+c83W;FLA(wFhmaKZz;~C_!p~eU)Arw
zkg;>UmEH8*;4Va#tVoofoo^5=ddb5?A_H#@nVWAGxLnIYFIIkqyFycYPqh~HZ`*(G
z?UIRnfk*HMYM!9Gm9NG5uG?SEvgM7%{>lJ&nJR0cc9*NdqBi<<`ak#JBz9c4+~E^h+W34Hrxma7C9gCjV+SwE7>zRvi;JQ=z)97q*h
zl9L_^sit6%YCQ5|jaZ7;`Z`0#L$6?9lzYPfr%!_sO-#I-^B{;Fz5~ak6EjRTWe3+p
z-eh%TTILK`w#cLm%U7NPHUWZQhW2WnE`9SeBzDTQ2v>m=fU@yUI_Nk;%%G*
zq3zG>82o9}9HymdF~hb?d$`DRi9S?$uI#+8&Gy@?F;n`&>(^NrKk7iqB_0(%E7&=^
z86R&1Sfa^AU_q;c6g*>H72a}7O#wA?F`Y4SsEUKKgt{#IL0?sCycl6_lRtNvFp!el
zcxkAq{u9WI&)8=Hfa5{x4Z6-IngE|pJqYS&d}zKs&&xT+uYhA};x+{T&GhLmKDFyy
zF3$LRdAbhC5)>_zNNTqWH@c8hN*ey_AR+;1
z%O{sA@}HKoib8+slPc`kW$#XA#m*&uxU#vX#OJf(-A{Apl#d3h|j4GjP2JG`XmzhPkf1>pD*ccY*js#(_^mKi4vz
z?4~03kB!d9D$&fOHBVIdS&(`D3I{#KmWu)#Fh>AMva_z%ZlP&g0d&8tK|gl;uRE~|
z5VkPxBl2YSe9o}{h}rMz1=E=duu@@5i|W2MQ5_&+J{4(v+XWbM;Ks(FsY^beyP8+0
z0ccsCBYnxg97Owc2i7^zw6)t^t$4;u;ZvE}1%2|mM!b*7WJ*=5bSvC2?|^X<#NC{R
zwPq&aGpW7skR9+2oq9rQ9X-61dL{O0Hf8q&Zc`OPnb_JpCBF}KexCin_Dm}%yM|>0
z!M$A;fL=U0R(+mO&27@yi^X5@u-ViB-=NDqS|l`;Eh4%G4~w=ZWzi?Je!FD*FqvvI
z>8=HEe?C;w<-eN{xf-L>VgC?!9u^(++!*?}IOT_$l)_UEL18b<77S(H(@twm#yEl>
zEb|5s^7F?u(4#Tvb{+QgTl+ZD$H!&W$~W%ZF4BR2xu8oyw!{Oy9szrfdk?la$LbWA
zalSHr6o1CxHi8?zu%R%2^G+qI`klOZxVZeno$yE#_?bKk4t&
zVjLo2)Mw9qz-Gouu-ek$wys&o?^A2Q|x+}#G&sGLbt{M;d9y?spTZ;Y%
z7GupEzWmui8AOlcx7;0182vko2?!2@DWt!3;T?Vicl7@UL)<+DaWWQXx
z`QwQZ70GISj;PNQhDLz0LB>4xJm>y`@q$n)e`y0BbXZWQQYpRx+wm|jvMbG4ThT9r
zZ=BNgNJ!5|bcNcsh2WwfI>U
zASMoK_n%g_EsOC5wc+xS4Mn9>)A)N5owit)3)<6s}8
zAh4TQ*{R2jNp3Cfw^l@h05xx@CgJ7q;&%Z{dHGjfqg-v0m-s#&8*ExUd#hpyDF0jH9OVA|ckZ+qKFX|0IHSHLUkjJ17vVq_d>s|m|uK~K65W>veq>IFFpA0yJsoG1&cFWP&hw-n09TIq0%
zf1qJjZ^mZW$Cd3^ABl=En^ld-mh(&K?2rNr1P3bj2ltjQjsA9$_T?
z0s?MK+u+6@m;T;JFbN$uLllg;^(ZpKC#;L>N<2kzNMREqSo!p3(hcCoYvA
zkm$utYPHpP_z5jz_Y+YsA#UG(hp-uRj1H>(8kw4@(xJtU=(z)mKIuPK_?3WW(z~RI
z3TN)k|9YVL%a~As{NYufBb8LG!hL$)O%wb>n>(BAT6
zICGb+?sl%H(BE!+?jp#<@PCYoqY5Xv8*e;rH6Rr#1o%b?}pzU*#aX9v2`vliyXr
zCKr-~%}`eYabxf(m$e#AZf(7uHJ3>mp^%qFUQ;(22mm&9o;XduEUQMrCeM6pmW%84Fz{zuL=aap!@^5#t2;G{f?^?h(ld256vUy$*{wQ>^b`my+|cdJbXJM*>W
ziqBx)a+)i7@KKY|y;a**Coh(`s=>^;=Te|ugDtiw(qTJ3z0`Xq&7d}8<>xjcZ)E2j
zCY{$PMWi<}ExtkDnjp34iFX`tsYl27<*Ro*LjRbQh>bym!Bw#%K2Yh6E~@%}(w93Z
zr%TEMwrrDPqFjLCrc5=U7jCd~@j^SCDg;~qI8xx$Nv2FkiyK%tmz4ilc-cPjMm`Lfy
zqO#jpW76$#Zxei8G)BQsx+1^ICWpuVk+q%TBw+iBe}$&IPLzx1j7j|32-C`mb#Ghw
zy-7=jTpQVZXVo3YVc_=M_(8~0@$&`!YszpTm_2>)M3Sf1!iPsuwDMHB~>d12!5I8ruksK!OFHJ66v4&
zzJj2of|)yNw=HcfGzI!VV-8H?5edJu4&?gMS+2(0b$K7X1gPc;!kenD)}sLbw0fM%iHI
zjU6KF;>+3hv3EkD%V2
zF^oDlAr~FJ1%je*sk^)a<4>+{KYAcyGORVD`=9&l({I+`4ZICVze{aJKZ7nwoi-J3
z8+DuIj+g)_;yt6Rd{@_*x43JNH~o7CMzpJrrraCj=;oCS!q;GYOsmC
zG;?F!l*wnG2!1`#n!}qUrFnE;VFy!Hb85B1~(UZm~PQjLa&&-ci
z+yPgImma}g_GRNlJK>C>G5Of##T^*>r*OpL0+`o5>aG2zVx1!(M*)_WgDMxg5C0bW
z*T^mcTk+ogw{QHtaKZL$z@z(5$!tE^raJh0MvfPk7Jh%T!T%j@97L`uH5hMsnE$0@
zdRJT3<&dmFU{+lB3w_ypJ)IgP>t7X)Sf%F%RPS3_|V+@(jvrh8{rva~pThBYKrrJHEk&&JH34Flqp3$0_JLAM1B<
z`HAN!LDz3462$-dHdI#GnS1)E6Zy#S75_nCzVwHf8~;U#cjtmy0CzX4Xq;1+-|>0Z
zJog)}CMBZiXFu(P1`JV<%%yUVC;p6y(PkmP{d4y{$*9{4*dQ#tDXtvYbgBMze#+F`
zvv?C#7a!{YlB?Yh>_eR|Qvs9lC9~zB-b^UGI$zD489UbrSM|Mx=f|(Ac`#DD=WxuW
zRZHsy(8AOQwIH4-^|3Wl6#XLwBDTrVgp3|GA1}9sZ?#>#0f4^7|7>heL&kbW9)eeI
z*5d%kO>go~sntz#?h?QME1x0*6tgy@czEC$O?=N>%X85RY6wPR+$vJ8izp?)`kEpq
zMhCRf$)&6uDhk!W8SD&OX?ps<&Uc=lvDoExP3RxY^{2E{lr60i#HaQyeRcpaDFAPY
zbFvUUI;vp%>?w_58|ziyM@-YQUI!!!Z3EN^1%O8=oqo$JSaDT@cUikB=|UXt{AS2~
z=o=YQyIcl;`Nbp7C38MWm-1h5bDT~7$9%-+aIKi`mTuul&LvVnF#M|~ecf0Hd;U|o
zP;pO0#)wZP6`69>*yX9_lh?qPuA$S2=Lj$7d-L_-J_DDS$gDdb$Zr8Hg9R#a|1=de
zH3aX3@L?u)J`YFXa_<>0wXjd^iR``ZGqyAGV{-eaR|ljXU2!=Jg?ewCpUv6*>4BiN
zV3A86RGGnc_cHzru%1oaK8O&4=aRx}BX5o=nl;=i8l?0h|Ek@e7}{Uw@%KVKtsFkP
zr~A!RKDymJC%z)h1H59XnfveP$zg%?W=k}W{-%o~_RMJ8S8~j~l<=1d9DVD2A9ugr
zH^e_{P^j_E_~myT>q&EuMC|HVDj>gyrBdZc`$%XfSh$l1?~|cLx?n59k-~o+|2%*w
ziZAkbuA(;RaBgu*4_H$c+*)Q@7y~~asuu|71tbc@)a=8JKlDuSj#9V6vSvV;5}i8t
zEQwAIFyopCb575gT-{|-OB6pX|K`hIBDDBuo}Rmb_+olS0EXT=dAz4d;>>NUel(=FbDUOpf~MQ|SPBZfx(8@*
zIN!(LNq9}23Uxj!EFv0bT$~r4+JD1@kB$JC*ms*jmSpWy@erG|C1w%;fY8PrC-woY
zt26IwoGYLT-}TZdOs=SeZCg9tSOu?8aIkW`-G=510HGnJnRC8l<}NH?q|R0Hcn
zu9=L}lHl;>)iZ4Nz4$HfKkEO)C(M~a9G~}r$Wh!vcq{w8R6ZXU>g)u67Cxn3&W`<*
zTWtOH8>}v6_caUC;qKMZzZC5zZ`|SqF*WP}^Ii>$cF;+VDCJsE@m%S&GH1(w95n@)
z0In$3S07#oDn3F4g;F4HhNs>cyn|v-)tJ3IlAy7rQrL|UOFJzM3riI@@ON$Q1$;Vg
z`H%cjzm6A5Eb)h8myC7)O!-M98nry}zcbMgGCXMogqd|^y;KD+2PRVmpSXoO^Sf>s
zco4yDBs}^~x1GOm<4LdJqI)S>yu?X3EGtp}m9DLdaA#3X?%*lKqiWwi-EmyH_Oz{)hNQ(tF
zgnUf8{|=*z)&m3-MaP9E;<5TTLiG0P#YZRS05heS*J^g~mZTUd>*UKftS?&m128lJ
z-;u_)pk09_9gPFzRs%f~eOMfl1Gs05G-5Jd2*io?!^=9rLPZa-oz37ZF25X6V%YzGq5+6bMNHBpX!0%b$a;xeRb|;z>6Q5&W_-^JX6+C%xpZ
zjzL5#dYIg`3Mltb(U;`HlcJ|-`e}{y{~0%g8+
z7A}2Xa07u@@&xItSOWbHfCBQGf8r>vGveH0YjO!4-jp;7&CbYZKXQ&pkI`Gb;l*Sj
zJx^%9`aYVY0NNa(yLWTeEqd53dh^s*CV|D_;@INmFrm5jm9P)w?uhe46BfOufz8nz
zexIAh3q{c_$?II|lML^%$cyu^Q_#jW3j6fH&S!RW%AP$x11Jd7uYk`JzFpe)Wc77l
z=14Sr>knkMuZMf9V4hje^Vyfbx`BG_!RCwqUoavl8Gh*1T!_5orJ3h5OPoDOp7jR(
z8+^b{(BP3C*rTKhA2?M)!!ypvntvI|(`A^p*a<*PG4Jl!E!9fEEg5m?q7Bf!KvjGa
z<*&D;WN-wbN5~EJ8O~(O`4jyfCv5^?MjT)O=E=DaNK(4ka#1&+x+GWL;bc$qUC*QKW(;B-;mZ3?H<*{4C^
z9RpqokmSxhvu^T-IrX-Nrqeb>X_ti07v7I^SUewnGphF@bI4oVm_;Q9lgzinW>Xv*
z8zNzJ+&AtF6r;y(O7TUnyc~H^R3qB4#i@f`GkaQDNRgq{81%@h>*d#h{W9*T>kLn~
zJ_*6vMTsM>J$Y~N;
za2dW^bkonhtlpdW1@t5Ew?x|IvL9S
z7mVS#5YfDnp3PG_oUr+Mj4xbcvvB(`)G@+?z!Eb-JN05*ME7c3M0(E)8+^)415T4A
zqi5ltYH}iNkjGGKuhuiq+}r)QwXpDU4z;k9#YJfFK7ptC`ax(pKGvWX`OqSDR}v_(
zO&I?$W3nP>n}&KPf3}M-60urKU7&FPR^FC0z`1a65XH7V``E
zZULpCyjSbiDOaz-)uxWKC$K+z_;zKT3BwfFGr1M4Myl^K1fwjDgJbGzj`F}@)=R3{
zb}N~5LD-#J4WQym53GdH*|ta*%Pze=BJ`L&lNTF#A1&S|hhGOoY~JH^yYMIZC`Zvr
zvvf)A3#gF$qA9>PdTDWnhge)`{0)M?{Yz3
zoAiey(X#C5d?0LD$Bi1sU75Rm0B_`vjuyLTqvG8R`oKAyGj^l@Qp?g`=~K>OnX|Mx
z=6Sn_TG4dikt0HRmqB+UO7a68mt=$jmbvvVL-oP@BxPERM_Q#~9SA4lE4I;(%F!#u
zpl_zW3J%s@L2o5JAir4T*c|#rb!ai9v`*4
z?Ql1bM0xKc>IJ@tUIdj~jfy_L{6?P(AnLWg)VV&G%&G2l)ud#Mp;mV^ctBh?5-c?V
z748%h%{`#|Oo6eU>hU6G_TtS#>uI2CkIy7@7&j%U6B3T^sKr;i0AG(9zqG%<&q!yd
zUO{6^yeA<%o96{eK~VSxk2OxZJDNVI+(fPEGKqTp$m)`6_&h`yxqG7L
zv&yBmW*o&aFD_29w|3m?ntLsZ&U=jJI!$tA=GZ@JDT8QIMv`cJ5QrhvCZdq3w7$g@D8<+
zP4-t4QmuEd+x@uqW%z~7CXhNiGO>TQ8{lFl+OfHX;KLea7)(9%3fedr-}?sm7Y3Li
zgSA78r`I3F2r9xwq1?wuEo4;CO-&;nq2w`V&9j`QBz#d0`7eSID>hAQPba%$bk4|R
z%sir%?`56Kr~3Pg`}Wxie)?X}MajSr$^HF2+QhK%1{;d3LuYxDopx
zu^pTpAJ#u<*rBwxCuH}D9r4}F8b;-J_a5K4I<{pP50Msw>;A(`^?Y`%&-@k)LPP{H
z$&q}NlDlL7Oh@QRiDDaUwlAz{S>K;8
z+PxS-En~L%F^v}EP$O=ifJ1-TknoZq-Y_%UBipvy51>sEe^|+*V|FDOd3O%Xt4*Rf
zmLIKBv)D$iZ7Cb?R^F=HU0U~(!N2{-3y`xnj(9DE^F+#{%U|6K_3PDrtB;OiXN#~exU~cnEg1jPIkK?ii}EkRI`wBU-kUL+NyJ=2wVUDVyXQK(tQ~E&cli|
z%S>od&o;vr#j|h%Njc{0?XsN2k5pQ@WDCb|(91l(_G|(#$}+P9>IZy7a2lM~FznM#
zK?K!a!(Tw&9thahh7`}}$Xn_S8uTM!lEtgVVGZogzZXtUzo2liL4Z1oj%C9s>jO-=o&r`
zag>!n!+g?r#!{X^J#0jN`DH{WF*oqPbUD?WtCixni^!~L;Iq~JeKLW~;WdtBS;<0r
zbda)0ffBR@8&vSpX-D{U6RhAt>iT7W
zjx=I2?n#RB``w7Drh~cym6RTwKQ+NZ$TM;ofo?Mry?r74U`rKJ`$0RqSBpRBg0-KB
zI-ZU`AhDrw9>vkHbMkQ_7W%M~dU-a{Ha(!Rq!YnOv0cyWCd9(VPE1@AFi92R!ob5i
zUh2^56iv*smI5*@Z){1UdDLLTF6wdqUN+!CMMd7waQ}l;QJK|+@!8xfv6RbUy5|u!
zdZy>sIMd#SB&?8&n&y=P$)fppN&`fCBd1zcAV&U?c>#2QfA*N^mNn=~z0^3VZ->S1
zoczvQYizwJCa^P;nJ(?Ez~4E+Ka75R)0h7|FwKPmqeR()&oGU@2=QoI`Ets3%5^L?
zs*vfgGnsVcCL`SshuZVqJSV(V^ySxfoacu~35l!4+lvwiDP62pnq24Z2oRiM;F#tAeZplB9pq-iP4mp}0eBbw_>xn2O6D36a^WCBl;sGE7
z2V|JhYLRsc`1eo5<9mDvi;AQjPAoyX8w!aOdzQtWJ)>#2RE7(exBQSxa6aQ*uAhXM
zIz8B7s-Hrg;ZuN62D!swpDG>9&uIaUJ5SHp^nKsiPZ30!zV&nEd5t!Z&|1>uV4}2)
zIZt=X(?HgzS|DSgi9eqYu;@Wz;nO{huNPgZx1+?GX!U#Qtn)VNC|9R_VwIy9?eve1N_W2{WbVs5KuWn?`wP{XKZw7S|FjWk
zM_lSujyPhFmrrwa@1m5uIITHbM$di{T*fwVdxa^wn7DJ!dCFL<9L^`|01Zz}>Qum)
zc=G(1IlWHTZEbpByzERs>Z$NI`T3Kb})h6m?KSq1|VziJrv?lYZ0D9nlnm
z*}FUnAIknK^w?$el9uM;AEbOepQn8dOMjav?SHZ32M`o9=+8R#_NkJ@dGeUk%yY8o
zzGBo87P%z%;5=;(&9&{K$jl;}4Y_X#Ls>ZBGmdH3Q*`T}i$PZRn)rR_yaFJu&lS<6
z)a|MYZiT+Wo3S?5a9!ef-#Zcgv!H6pks{;t9aZaZ=!
zZ9V)R+wqVQB%7-3P$XfepDrRz#*J8&QBt`T;Y7u?f%TUVMBuh5#-5Q|T~eQ%!hWR#
z1Xml0I2>$Xa`)VRlexGcSG1%~wI-=G`Gof+F3Z^difBpZ8a@PMR-@>#HY-HRdu91p
z$7hR1(`xAs9f~*iMvi*u(mwMQ9V-=X2-rzuNexDByd#{{
zm8GyVfNnt(H%1}-=LC$-T9)te*R$C?GjKUX95jsrz-+Och*x<~_fMd->dwFs<
zv(l)ngbtk!HusEB10`mO^-}rG`vT>w5%&pUH<7!TaPcPDj>hIQ^NYxy^
z-1+JK;uiyRTspf@Tj_$UG7hKMI8gv^8&xCjl<6(|7Q$CM4Z>D1C7f4g*DLXqhL-{?q)7teK+xVcb<0Eh?
z)gGEYx!il9d)?*%wS2&F0c&O}ceeS&eK0QRV|bdaQd=504R4YyiUVO=tuWoQ!@QkN
z9)7UD-6q2-+S(WN?3A=DF!KGU^MW5IyGPHfPYzqVUp|FIc?O;Mfc-73%A3&XnWx*9
zUmBHHai7vz?}@ZocW2Qbwjb8Go!EgtVbqp>cZDQ>XE(hc-)Mq~O)bH;yBH4-RIgzi
zI9JyHZYP-HV2nWsO_K@}`>;@OedNhuhWiy`ikQ=3)G^Sd3N6fiZQ+p*{4ew7DQGKa
z$+NjYd9S428Jj{B(sHmWHC+?g9!l(BzWgDgM63J2d3);ibe0Re_B0F~ORYBK4uu{5
z@sWwQ2RD0TwizQQ&d5n*O{}g!`UaWWD16;caaY;dFf5tKgyzgji>!`O;3W7
zEIa$mBJ=DMde|=Imk@}|3sWBmR_*6NG{OZljvT4V;+hr-^10}s#p>*=G@HHq_xDVt
zDno@OwXlrlU{RgH;hRd-J+HjYA|`j1<``vn$&D;pTw@cfSn#WlPV8h0VcZ2->0E*L
zi;{fi7^QNsu}g2hFaL70qAShHvc3T}u?u8LlP5gV6naq8Qy%>aK@F(ZVbR{J&lmg-xGs
zSx+ZF37ibhTX)ivV?}(U_f62VYNKz4Te%A2LN31g_nyCf_O9DZ#NaoS(py?v=l!vZ
zmh;NXYQ9R{!84S~h3mjf45!M
zQG?o++$w249POsAC^l1=a6t}5QhT<<5i)2O-lf%ayBz_K=V~3Z+Egt*)G1h2>#tGE
zb6WP0?2#TS$jVWAgJ%UuR%b>@(6^@$O?<2r%4@(!hVGu9|2#0D#1z^t?aIkvuZG{g
zPWcA6MtCPB%HtD!qQsPSqg-9otM29+if4NhaOQ>X&wONaDe+|zcXyTsxmq7-WH9=g
zsuF^LBvn5!!}*Znof2n0_~u5tWcvMeaac8!f$Cx%gsz3}67nVh%W;TtIQhJLclJ7}
z5VdOX%~{C4cGUsId}&aPR~YIBeBqk$cB^%z&tSwd~uPltja3_CGGiy(|qba$=P
ztMOIQ7t;c}BWtAbIvK6EXmn8-1a7!FIHh^8?SOVIJS
zT-{=0JwlRty_MUFQr9u{~_$F!=mcez5xRe1OY`w
zLP_b8W1g8l;<{yKCqg7-AUsHhP}(ocFJ9U5b~(p0!up
z>yF>mkVt5s+4(0rlT2r-D>qhKdUfw(NB7YpdB+zuM9F|LouQF(d3M#-k5pR
zPRI`yFYHIOc;IzGh@MPa#Yguxom-_Bmgo2&?#(Ss8u`w_Q+>HJUHxSDWk)T7J!h&9
zM1PcjOwuG4`8I`ZeM{+JX%F||$C<%4wWVWUp=~9$x72(HLtg_&FE%{dQ(waD%`Jr1
zX=O*}otl!ow)&xDjiyp>B@Qm5B}aWrgX*0si}QDso_yOS-z2@tBH{%}Eph(gKfzA-
za2s@-B1`Z5
zHj<>}yLmci6H)|q^-%B7_#VTz_Yss+WdSJ{g
zx7<~wCRDcfjv7JVPm7FkHkG7y00hjGR%++ry;r9Fc4P5G1a~euM;1P;8Ol8y3p4nU
z$PZ%9kO^-*-r2YcFkQ+%=s)JuJnDaui>!Id7#xy@EE9W6QXdqcecE0@dEU=rS~BI&
zC=iRU^T^8dZs>JddjXi-s_WL~aP!2~Wp)E91h!jhpVjK1mr!p=b?7;lKFAW)%6zu?
zELhah%}W^em@5M}^zzqOY0+DQ>Aa#pcxQ}5=R{GaWHh~mtU1=J#%rHF)Pa~}3jdo^
ziLccS2BHHUo#pUwzO&2Xx=AjlmpL#|_Vu3tbGyA5U($$GUh@{3cIW5v9!5{{?Y}#9c2M^$!
zJ_ydZ7+b;8eS&OMU9lN9zHb`G%>0j{w8eH2M0x(2k5)5YL}AyOu%4SuTf@ifR4g1%
z3tDC=R%puUmg4-=>2Oy^a=1cQdOAaeZ6w>k?r;M^`=#%rG;>5mR!1LH1YPVB0)_6T>zak;9DK6oY2M!JdB{R@gO-e8v;J(x<7P|aS
zAz^ay=EyFZs(SUY>B<^JUT!t;mp}g7r_HbI9Nvd_q~h7(8%Jwrvkutd`%Md1Kj-S*
zId%O2AbHKjy8T}M#o7C=@$#EA*+`XW$LW~stS|XvPec-hqSViKo^6eI-t+Yw;yhm$
z+sHDhk2BDjBrAG~?l!=&S{B|J^AQH;oY0j`8*B
z*(FTxr}<1csd!H)sH(AxJvhX{Yp&VcBAn&V3?$LofJX)|)91tU=Ez9lxNpDx4ZPb^
zmzF-}WFLaxKb(;YH*)_9+zvM$zR#dU?|?A1)o;=-gad|B9t(s;M-tIV*$RgU%~HsQ
zzPm{QiMhA%?T}^e;AQDT;q!~H{X4=bMiv4(6VjdE(vF|L3iyR&Bl|eP!F87EI|4R;
z#jI}koZf{n2M=TZ47&9e=4Xh%H$pdYuliH)g7FNxWI}IL|QWs!Qn=s2gP>D`0jF@R%GEga65qToy{GtN(AkB^cfq~LvsUYFjRR_#A+i9^`OcEr`
zzPUmt#4zB#_s^7tXQy(P2A{=rOg795e|Lj#SV!Iih)#4;xaaZ9Qt<42lW5iHzLKdn
zSuWIOlj?PAiO`Y9mZ)P7_=()G^bc@gYJ+)PQfK>QA5^j(*j7VVQO((-g!eOLWogu4B
z6|D_6g`PUr#Ukm>23B5$sGC?5>gAr?ySMIt{`};L!9^3Q&VJ)TZk5f-C@`LRXn28)
z4DyuBc}tumnAR+o?7RXKNS?_H-~}O{geLPL&Xh!zxxX7-Ie2GViY6aS$r2x>I7F71
zLYDl+Fr>~utP`l*a}N4JegjzjY0LV+*KV~hctF2zL2VV1MKAr*dgC}pKmOPcx?hpb
z;U}3Y=wNzki)=y=JfrjoF_EN6#wJ|PjSyYG^u6AW(*zEDPg38plYD{3$Z{wHll5DY
zQ6Jvqn}fbE_a;P|QPtUWDNnF`^`~I@$De|KVo+%9py*f6>KOAjyUMkBl8~EXBO>0P
zQq)p9)r*!V^VKk3;SjjwFCXWtcBWvL>i8%;wjVaF^m`Y<`1sa3!m;L#NGi!W2
zta&rVQ$c%ky3;mng!h7K*vw$SP<{W;N(@(S_j&%iqcG@fM(ixfdC^IrNyBTFu@rnl
zdeg2M7R)&ODJzf&{QMT?!0w0H$(Kf$7ogubWbqySfLi^xG4cWeoa_@lU3I#t@|exs
zw0?J@H~Rp0ohz7EBrQOz{GeDPqT_S{wu`0mQYz`J9$ihTtl=S7!OK?yV#Gy-)xK=cTk&IN)922hCJY5wUngTm*Ev01_oqH3Ht5;4c
zRORmw2~5!o%P+~>I|=_Ohp==>H>U-wF|Pq@7cSMRX@t
zJ}H1BsFW4w<~VwxJ+AhZe1B-S2JI2#ipNH0tt%UiUv))Q8Yh@Ov!qhIr{~VemF5{#
z-xtz#j{mD+V&7Tc+QxfcFo6iQBIBgVN@vJ^xx^@!O}99MCX(zEmbk}i&l-|HVLj9?g}?6iLE8bJ>;y&mA=
z#WxW|GRyqBUlLv=sx$?K(4jx4MnyLIy*W4y9{?xuHdpr;=X23Y%WAohx>iPqHJ~sE!7ciFh(%ZLEW)){x{GSw%xQTh;p#xd
zZ}i0?;Wi7(2zlq?P2V@pFf4PbfezfM>7McZo@C#I)|-@B{kkMEKtpfr_ZLHQ0Y@Po
zo<7oWhh36)J*{*cT7jngATBe9_1_^I#g+Mr@)hf5w38@R3&j{sd>6y^DAH_(jra5e
z!02=V@4nBWgljMZHML_eL`w&z9>k=8;Xh@~`xyBg0Xw84k~`!F$o5$hhnbr#%J@r2
z_|m{4u@-PsAor-<;7{@K|5TidTrPK=e%0uUQ1H0iHn_B1m39qQH5yh?nG^-nu9cnZ)T@!>Qx>guzowF6C^=`@r+dJu;|&YXUOb-kj5y*C>ni
z+@uor)T;{(%BkAe8A`8jZT-pTwXSw9;Z(57)sKIMuVSvDn7Rz?gEk25lr3%kRzlu#
zd_Vs$D15UXky!kQ^y|TmdC$D5io7~8#zzXZuJ8=I#-&C=(JVkAy5#rdwW@VqIcN#o
zBTxV~@ExQ`6Z3WS4UsY#{Ws1|T>R){yVe;aw(QQf9ud*;LaF~aOt`f@-PaVgF=Xwr
z!|C(&E7;W>nBpBr^JXl|GZgdxlpK6Cb69DGX|CI>16$8=L99EWj#Vi`AUVppiV5l^
zrV3TIZAz)KrrJq$tw2gvw_1L8+j+Xrj}va#qH^{ZfQESfr-sJ+w+y_tx0$YdlFn<4
ze`8$iPd0-_atsfSX+^lAc;;#iFP8CKgXsb3GdvW_?AJ5qLHa)>6!V;lQ-r(M41C-9
z?VnSs71RomS0Vntbluk7tR#{FtXJ$FVf6p@_R*(kwa5%S@|VQkoc?^d1+{2h3dGYI
zDS9UAbKqAe2FwU^u_Z$+D@ne>eNVtOSY_+~^Z@Zi^L!sKuc<+FGi(A!%de!q1=wJh
zhGSxb)4l#?CDFC2{U%peH-NW=Qs_bPKYdCA&5_G&awqhgf(;3|uE`CEO9Ao3J^NIb
zdOJRf4}3Ugm_k&<_pl4rH#eV9
zdG^g^#NYu`l`C_)2W;m0&U`~kcm%wv!Be2o2Ly2EDj33MVjykfczZVS?wdEZVcO#2
zOg~}*ZWpHtv;sRn$$X5d0DZ6#o{OF`F;nTd&T4IsjFZSIq<
zU9%gg0%%O>?0YrA<%fsD?(6ttWV}wU{EsB3r^-{#VZLXqY``$L_~}cq~~XgyW73L41641U)pB;TNfr$mYSP29OxI2_v&xU6V$8*
zKbaDW%9jUIK_m3|y%M;u&m-uj&e5kgi*xCB>+%xji?yg$#~Uu_+_K+@GIxW4UhPaq
zZiOEQFH=)Tjo3Lj=r(yJB1@X~_TJ3`4%+|nH`!$ktL-VFyZH8C+E_6_jr%#1|HxJ3
zoEBrfPu??X1j&ECTa|K&)Io7pCh=q%c0%HUd4@LC>Y#OOZvY)9q;*_0!~!`ews*fR
z{C`Q2_75qdU(K~IZiX&+pDwvBcq2=#y1P@R%7Yh{m(Ofqlml(;hT08eBU@ug0cV}c
zG6sH|Zbd?Nc30icfOgZ}+;mMrl}WUK+?}KNGV}6Z9-tyaYdeqs$#<*6ml>4Elk|csm+oT8@#24(xQp$bdV2TE+lN%~r9!4P$V<20lw3ipoP5hCCFiO#hQQ
z5&6aNF*p7xCvHMxZ`7!~Hg8CWlzu5a7wi7Mo=4J{Sa;l|lkN&Aj6t0{EF0g_a`_QL
zTo5kErs8;|oPBTJdHZN}s(g-)uDZLa
zZ+P>&FB){zD(=>l!U@I&>W6LDS5m2QtaB6)oxJ}t0NP;MI0DFv(MyVv`=?V<=-^`d
z?UGg@k_*zEJHG=g#$Jb&m$8-$1V5~p`dvUtb3V3dLcelv7f&k#0*xwDSY%y#jq_$%koV~OwzRO0_pRJb-jP=IX
zcx*jPG=oKXT=GBmMaNc*%J3!(3uF_DfFD=dF=*pa;DATzDA~b$((@Tn>ErNapjIQcoLuOE*tXD~ckqIe(vQaioHA>=|FsbY3&bD>o
z?=k!{`ev#AEP&_4Arjf~f#ZF(Gr=W#A7gZTD!M?UWL`x$EiJ9aXP=e5A~y#(HM{>|
zYL9|V7UW$7_F^}GQLWq5kn{Ba_Vx;{am5cB0Mgm1Q;WJ4N8Gqc5|=!5cg?bIXBkw#
ze&6762DO8I_eRZ9KyWmoqf&Hcr?nRZg}FvX5PG>DnUZnA>FFZ~OSX=D&4L_&S4S(|
zzYAEi{fqwCa}=_P|5hT4#F}Zx7sJn3A9Hdcp9kG)&3R|lJEhlFk2~V(9HhvRddiU+
zFwpkPW6Vik3->`%Z?*KHP@@Yg25T^ZGnkf|l;;wix3sU+>bckLtax#b&=mp)0jxeQ
zf&eyRZQR|hE8>#^zDCBSq=EIr6$uvZa{QDj!H>PN9k@lJpA2%y2^Z6z2Fu1qqs{Hr4GeC*ZmQzr5_c*}f8|5P6BeH`idM-{r!D*2>Tpbr`I
zEaciA$sCb&=#V5S8Y>N~Ez4@9*>qhr_mp%xu7I1TFJ~#jZ|v%u_FnxDn>ja*
zs1YEJJj#>pPda-N4*a>3l^o
zS3PeqI&ZJ*Z)*mAYdg%mlRn30MDmQfkUdI{_Bjz_2)Z1HvU1YmC9NYj74o#QNiku>
zFE`V=M6%3$-wmsrb%mb+b*Ko(iJCWaR=G}wJVc%2CbnR+<{lZv
ze660NZtp*p{HqrjNzc|l{nRn7q?+}9GAdL=f}eL~IJ+<)mxnP4gqcL6<*`Q|5208w
zm6Y^@8FM@-V|ueao}C{-cvndYP=v85**eN#2z$3Gh?%&(z#6-hHBjZ$q6hWsFC%ZdjBu
z3#-RAFtI_N3(%G#+avpga0b&$jmw+%Eh)%52srk;=lgm&3BIYdTNHTgo+9Zx?yf%a
zr-NWsojr;)T1y#ZNtjd+lHQ~WVg)7q@^(l=$mz6@TfHr3k%p`XHmZi+zgbk|`_jMU
z@lb7fz29xDNUkVH0nq0{R$B{PZ0ap1a>jS79$!p8(I-^3$iY^**VQ4gJZqMY#vc;&K+-7Q~I-5%d#S=o!nR#vP8o@L(hLH=G587@I
zzv93*Uk1CBKzT4)ayibsMhjhjY3ghS$uG^+7@kG_-uZ4Hr)k_lwjUCx%)yjGx1`**
z&@@%kUUH&IUh;w|W$`EAd3=C7Lb0y^bt8wII#-L*klJ=sKQG8G-bL^12KGvR1#l0b
zMMgQ_$g64qdEk?xrZ!1z9wAXuf~hF2C-$4hKgud5{;t?P2!>ZX9lr!jgqNk0_flA#
zWBL1;{j?iuL6~}DOPRs(8lie$W7sEDRRvBLu9s(uDFEfPPAG*dS6W5^*cloy
z-(2HWS|$2oyh?|+G8<=xo;Z(|GWg(gZRkD@#|sVzC>3R%rbs@U&J4kLUtqvW2=%uYA2
zk6-WtXZJa8*<Nm9@ZeVM!9OhNYU$RA+TlA^HcIIof-2FA_;FTN@=I
zZ4Nu{DHBFg?85J8zVv)M;^K8XuI(qJK0^`8
zf_KO#iCX3EQ~bO2+Y_C2K4@x+^u)N16F>)cSi3h-qT7Apc3y_qX4Y^V=!IAJRaB_h
z^lmS$t;MW5#hz987OM5Gd8%2Cc5xF~9UQY%Zb$wQ`cO1%jo2x-g=ASXy;b23tpuMA
za<(MtBI@EPZ5BU3+m<6qWFCCX8x5;e2l3v=xR)?#{dkyayl6?>T8>~i{Q$H717#to
z(LWA5LxIqDvaTm;utJ@S-kWE@-M4@CVa3tV^xim?w8);3Ui>!gnp*?Xz^W_%!fB|M
zmk-)j+Auv9#ZUR{{WpJ!)i_NO+rt&>5Oes^RI?QBx_kKUYYO^(za@63*
z3OJ?y)_+V@gsLeV4AsDW0&`&q7USTVzLMd=}Wu17TPg}-9)ZpF_
z!8R>R7455XCYGW@O`S_#n2U%`3*UGQ4)V6$n;GoCfP9RvhEn>C!$b~Ux8IRzspblV
z466W_k;@3lekkex44rlMXnM}-H8R{)?Gy^|y6UuDW56!_s9XIzHk#op+T(W=e}84|
zt912-G{7!$b6?tA3zQnmcheO0@Nl0>_XIw%@Pr+ry*lvkiiPUhxtqvYLdke~`Xgf$
zBnn1_1>_XRGfD
zw|$UbU_6D{tj0p;x5gXz@H9C$7xEZv)+xF;n-*r0Q%C}l;=5$@!U^RqWgoV0WJW{c
zX_rCb6c)d^cdBoK3xw5h|#4Htw%figEyLEKz%Hsd~G{w7q@;?q{>pkpcc7@
zRVu`ZHp9-*#Mw+e6+JmXM7)1@qs~>N=Y&WrPZHY#LW$)BoNPDmBr+cs
z2b`G1iDHLVZIdMQd4Cu_7Z=y!aJEWQPQBavyycW94ef1tE2z7Kg!pM`$Y3ex#MA=&
zAo;dcXIx9#Sb>f1hCGtnDAD4#SCvum^`SPK)LzlkV3zqIf
zW&OiI#Q5sg`mYx=jq6j!-P&~xmCjbY$hhM3F3yrBL=8flp_9k-tI4NUXMy(p`W#=M
zQ!Vi?;RQ@B-{$oW?|2nGijk9awl{B@4jf#7M-wBqWzBKgI-=A#6QxwR&G7X&p!YM)
zpiE*qV;j+tdYZ(W{I;A%PEQ&Y`*rYOao;L6!q=;z>rebNNfA!(Fr%WO=cTId&&@6O
z5I#m|4^@VpsAeYIALE=>o>qK
zp}%1c9-d;Uf_nt*H^^UKVxkt|_I5H`2RRj=UYNi@U1Dcxl?Nnwq69u0&4Ust9*@|B
z4?GgIn7K$alije5_m!{`Wu{hXHrbsE$^PuP#2MVv@_Da6VeIpG+;i42BD^B_ld1@b
zRr%TrWO^@kG@`np$kOqJQk)*tiXb$M+DVmv#K5zI3-^v90T4Ug-7%8-U8_w|6fJH@y0PTJdmaqdlOUO4jd}Ey77DU
z*NFaSe2xkpwPf6G9<@TNT)j6=_dVdUDW*8E8SGut8yeT(7wz5iY%VuZ8&ZsK{&rVp
zwGj5SO(98qBZ{tqTx51`=|&NKh^KaQ(G=deH>f;3NIZx+<3FU=F{KT=d%U;1E`4ME
ze2ECYf$t-an)B#N{wlCBGJu*2ABEbyKRL|spmA0Pyzh};#BS>4Ex&!vzB|_`2L!kL
zv7N;4t({$*U{sLv_Vq{pc`N&$xBl(u{R2QV{o|jJmdMQd?>$)3cMRn$dH2Tq|M|+z
z{X+j~OrPFIhvEejC<6ejYw(SqLS^S)oQ)_CL(vDt3iw2Be!=-acUP%kPHMw=eJ>sU
zoF{6P%m4c&?dT-uz50>=yioLiUf5H!I;qLUrn?BmrgCz9dGkiPxBmmFI}WI4=b>+E
z)n)xq`7abHo|RI*o9iy6nE*f&Kx2IRKW?ZPV?ceAnXZWjLg4@$A6nP?=Mkd+^9Tc<
z4c4f~O`shU@Ba>`RQ%8XvWRb@ivC%Zw#u_S)hRx2L4eh&W_viJq&nfqh_QT=hGO;m
zN;8@OU^Yz&JuL(mj26noCh_EL9SpVh_Rht#209Jbrkh4nf&gq6*c9n*<^Rqh3*X8f
z1_A;s1GhDb?N@pp4XdhD0|A=}{dA5Z0B)a4n_JM9i#9IOW?Lvw$qWJwC4nNh06XNa
z5{x*sfvXm9?dl3T1^|EzfT99Zj3mzf?eI#shuUR!`^$AQ~uAEk|MBiD~Z5=tg
zhSDf;T$$$K0@Q$dm+)s67IDrcdNeD;bi=T8_R{U6gQK4O=gw+cNxcbXm6iYrHrMHc
zdNTp$XbsyQYc0?R-3b47J<_TCS7Uz{Q1IUc?0Kpqq-AHYKrGY=2rl0j4OUsB<*3S-D%|Jd2#pls!kOB_cFevit8>Xqn@CCAjCs{I%hKbyg?z9N%+nvDl61cf*5)(tGkk#(o+chT+BZ4l73+H%*ZS50g
z93?wDcvfyn3Ek4vuNPy_c*+<=3-~PCf`X~m0Zblb|t;|4807P79!v}>KY1fHY9
zR=jnbQDvJIt!Rrv6u9>$7D)6a7U&O4x&sHC1%Ssb>rY5Vpq1Hx{chjW;X^)2V{iXn)|+;A*}tK$7pF7Wf(e$S%DJX%=HJmA3#|*3OOE85PEaI!#r!&@}f?ldSO;7w;Y?r9~|Dmr_NJ
zu9UFoq3FtM={Wb-YTES6DH;MNvoPx)Rell;)}=?zNyMFU5prCQRfQIDr)XVkH%l4U
z3oIUBo58E(SCzQ0{jaI6JK)TZxyudiS}~v_&#}wb$!EP2vEe@bcj;b9WU+L~FCAQo
zbLlq3JB9?1ur1_y9n~s1%5f>u+Vi*1DgTiP(lTyt2-7|HZPq=nEymjZbfw(Wd9bVW
z4Smt&12*oK^I9|H!Q-lhBe@MK=r5#^&V{p8$N6MQNG9Qu*t80)fRvSTM~{bc4-
zp6#;{(=+gK0T^OuL^#=c`JRX>uU`h$+U*5`C1KrWzdGl2>ocz)GfA16toh1KA-h1>_1ci5);u1{nE!0bED
zk7$QRr5f26g48o)kAl{&ZU>ha;f(41J>y+;3*(hS`Yer*bm4Tbf<#o-N20ru#
z1_)5#q^VwAW&c^Lhe5ejd~c!|M!bipwIe8Z_v~+&kgP7zGz@E$de!e;LaBeXgWk_a
zsQXXf`2P4xMb1a@DeRWKn|b&M5i7S1EPr`z6n6!uTgLusl!$BN_17G&{f{=c>{Cdt
z14&_(v{q)HF3x!Tm?z3CJ-5b&8!@R>hPkBAUZ&($RT&?l3=oDS>}=?=&r~Hf3Db_W
z=`(_u6d*}!OE5~OEvk>!^E});3?Mq4Bt}^}G4)
zF+?538C54mzB1R&d5`I<20X}>S6c>XNgzte&li0m(Qun6vPI~St~?Vf;d1C<%k;&v
z>O}A-r11ur@0TxWGpyfe-f9j95<+isU04{ANh$__48PRpOw>j&89g-*jMxRSou60t
zGJ8d1g<9z^l@1cz#&%xWtg3pKArvybNAlYAUMaX`lXBE=ZwZk|v1y+UR7U*jo?*xE
zxeniC{_4vpaJ?82jaNbwV?iwkk11WLSSQD%q55)8qAaj$>P
zmJf)Dn)bTSSO;&ZcY1~)CJb6q2rie<=km`i>q;1rC$&vbzczWMpaS|I3s7AR`;FK1
z#axkop|LcA95d5QM`Qm@*bV`#Uqwq5wEo*#kJ1yneUfM*
z*{0&S)gQjOX%#iqK@p-;t)XAzYofdY!VPv-y+nE)%sk)LLw;G$!^!0v`$CJ#6RP@=
zrrx!}PVD+R@T2DO72TSIwq}@!;cg`qe`l<)EB-mPiY6njkj%zpG(^EM@qyWo=JYFt
z%UKRD8{^$hk|ulF002^J0OKOS!p|dPSJI9B581t*RYjbo?hkc7CUZ${fpellBEJ5B
zE0u?e=>CXTV~PvgdTsyhWXP4Nlx;oh3PqzoH4166UFd{HV0F)1@$IQFn-BmCBC-0Ziyeao+XHm+1rzX_8K|MX`oK=G%CVrk$vON7U
z=T$dD03gGr6H|^+sfJ#a=9BJ%f9W)cef2}!n!zh%jZV=bg!Hs4%e9A
zNsiy=XZHbDc>T78X_1q#EeYXt`oxd+PZQ^(hi-Mqu(|5IgTt>O52H#-dGt$#LhHc?
zH2=f`)IE?)uWhf)f6TwflTsU)=qn7=1nYGxvb_iRjF`mntIvE1OoD)U`OH4O}l-W9x0_dZ0nXL#LYp=yTt7mYXdGJgf^>!{+A
zlL?+`#LlNljy>AgKG={EY8(V2JBmQJ)S-9dyXX}dn=PqXzmmAYedfzDD
ziLP)&F>QM?)DRD5blDVDpH@cqVbLIA$OFVayAX;^50vEr?LmG5*7MOjw_6(|vUNMS
zl~5%vhD%~@Y%L_+u82J+?x+1$l9YX|?_Ztw-C}T;uoK;Uv1^;+dQ-m8GYMM}P6*Jy
zWk5$aGt4jgK`3wtuA@FNf}hUa`yKD{LWDM}B6E)7b+6}UsU3rv*tE&+S0EmUT1ADD
zPjGjsVIqsP;?L=?;RJ&1%Io|eM1EQO8wT1nXZUb3Q_>EFU{~0*4a>Sb8~yN0)EAoN
z6Q(=ax}(f(aklq3%v_5r_a$R4#h#KeI-$WtBOO+o&Lc98zA-xP8J*(emxrb33*h@k
zX$n?z7Epouw=%92M=mePBHd}CW5Dp)hd*PS!^wD7x5lh=8@;CHGNhl5{ZtlX)2)`4
zlnkm9i{#2z&J0QsKqS|-e&gzCZS}u<-|K`&1@o2V=(k7A>cb75u0Y7)$0{fgybvPo
z&?8T~KF8-~rG~ZX;};N~uCsSjqY-F#pgjS&zp^>~!>$B!+@1)V`g$uozk3S^l9;V`k51;ZTi)Evb7q
      I#H*>=c359GRL>dOZ2+McVYsLxLuDsl9o56_#VQeQlY}J>!CW
zcJr%SvAq?xb2;*Ds%hh;{jAK}Dd=7NwbYvs0~HsyyALir9%hu(3H=F1j3gdsjM=OY
z-lTP+4;m}TLG;K@sDePkQ&1b7ydZ|P&almqjgiwApZ)y-|7DD_@%0(@drpv|8
z@fGglW9RI1jZDqGxG}gxVhsN^`>VxrLlgQ*<|qRH9QvBYrGHKQ8!aAWIhMb+_W+1#
z`#4{}x%a>}vDun8d5$6=~AT7hkUviHi^Y=gLaevLLyZ-3&@(a$WR*PWNh~_Cg
zPS0Cp+h_bt^Yq`qNv?k`Fu8f}O^dO}{x&NAS7Bv8=YB*BS>z)6Z(RMKM;^W(0{ru4
zYl-CYS|o4m2U&Jlqy5m_aym#_>$6s
zgObK72l7p!Fu50kEyH(t`Mb1P69Fg3oAMBSlBIW;Nn>oh{6B9sgNexpme0~!r@M#h
zAH>+$u&5;xito_^4yfig+-EO;+)|P<^tLH@`Hw;MN3ukg{gfRdv{9VgFuu*M^xRta
zyE6+g#J3wk>k0hp%LxyE(0CAycyb?tz5Q7ocxC@hjq-rQS=
z@Z=)k3f})|S%pj<+4Qeb`e7j#QtH{OSN$xwzCj#Ky6X)4&x07{OBsl7;g*Y1bw8Ow
zpq1spN!Wg3Ilpr#vKHkKaUTTtX3xfo-4A3HvjDYYxe@zcA
zD_V=G=fF|C>+kopt{j%yTwK4tlV(W8CqJVm82`MT+G6Uvb$Yp8-!E@AY<4=vnb|kJ
zQI4ST!|m1&=%mP_68zPcQ4i?~+yESFA>&7yaLa9;ST%3bFUE?W`6mC~qD>|>#p
zxSM49{qPriS@>M%e0DBtx?E8C?<=`}TBF8*H+pD2s_nBALtez3PIR>rZm464W|O3}
z(dOCGuVbh2iI6LtA1OECRmMRjJ-p-Y?CGf-#v+GL@pZn%){8uCwY=*v0f9gDIduhu
zLf`s+!qvL>KzClWoV&=(L~4wN1d0q7B;b$oxeOaIok@WgT~~FjXfoa{7BMLHCFS>l
z!O-x}CiBCGt&DcpKkPX3a2wI-%}<_6v|PQ+sqD*?9m)AF)3JkyiZHxq0imxw@;x2}2`T!Y2fH}UZG5v6(~
z`b%rWZig|Az9BN{whEUV-7**b%=|1H)t%~_yK$(qO&@c2w01Ix7=LdyABK#19aa<3
zyv}`>Q=+X9#>1KTak}?-J{6oAU17|_LZM)WarqSL$kS@eJXa9aA_v5lCd`{QdiFXv
zJ?6A~`)!EofZ=$^Pk#C%%DEJm#2=@DHQw0nS%)P;e0u`ZX%E!!icL)RU8!&QV#J{>
z9E@*m!O|`FjX1V#xS2B`si}3-0JZmoo+#jucM9bg}W%%X%NS*TZFS
zE%b(2OqK6YRmy0QLAas!su=iLV>9oB$cV3!W>Z2;r&l649KsnFYC^5jGEwMT?n}Fm+Q>N!
zVJmtHO9$hR>baqhBP48Jl>VU0P&wuBG-sfE!V`PPV1LQp(PLbvX=mwrrtUi7=e}^n
z3VZRhJ_o}Qy`(!<&O${3?fujrDzqzfd`^3MVML+IfQ#z=_JD=#5C(w%KY-;50!&v@(uyQUfpRj+5
zIQLpu*!Q}<2HJf|{ik-oIFPyl+vQcEBIvLoi
zX+s^}u|Z~@YRK}~>D2g);C1VF&esF+Rb#_H2S6YUj8F4MpU2(MQG<(B^sR?RQ%&)@
z=`DP7WBSiz;8mV+Fowtk
zuNvKBp^2h)pSKi`Xs6{g%xxTuv5PJetl~{XPgSvPteLz74H(dCJSCHAHr`rzK70zk
zUa%Yjm2_{_$MBc|n~|fG9wdCMov@MxB{qf9DXRxvPc(bo!ob+r*6saWsp<~+_Y0S~
z>1}veXg2ByNiG_bzEo<*@0@Ck*u2_JEkZem1&m>g9FjZi)TqbqX#Q}My+if+i6#Kd
z_XsK+%0gaQz-Cd|WM+X)LYOV55Wl=#^2Bc|n$tc=2LCD1^7zd&&&KjCLDApAn;tdk
z&UqSMP|NV{mW@|7&?nE@7z@}24l3K>vy3M0_Y-pZof{t?PAEFEf|A$Si-Bi~5uTFD
zd89UbA9XM`1`}Cj^~wsYylEtvY|brN-Crq+QPa*<=YvuD<5cs)TZ-dTg=>O*aG7u%
z_4)?!)ibk`j;|3GJA*F+7wGkxyx!k|C7ujPnE6{#<*yc)@$d=^4;Dz!36vjuIOAaL
z$>=4iPN?bCkG+dDAD(rcACV&zm(ge%k`nM8>?ld?Zs4wa@9dKnhpdu$)OFuIYC)z(
z@S}{efCmP~plfPrfecB#h{J-@$EM>+^>%59(k#ltm`p@2YCHOZK5<9VSWk)cxVI
zqPMjTF}yW$*F(MHLp$%LRP}XAaLs)7#H#SI!VOxkFwfV&F*kq1?xAL#H%a+zstW7|R@^cc9
z(b=(r)u%w37woh^W~`BledFU#V+;%ooX-g|UgTa}@S
zuXM`w^P)26d)QDSKFyP^0!S#BWo;rWU+D{l+LMJDHF)`Kx+qUcd6xOLD;{{2Et+_3
z>bkgFf5P;s%<-+2T=Uc|a$LxML4|L6<`M9@*`!#dq+NiTg=~SVBaP{mPbE~4$z8{4
zTn0SPkTFH&YziUwZGG3hJ6Z0acNFl+d#JU(5srOUV?Tkl>x%Za1?4y=WuKy?->Pm|
zX47NfyZJxlG0In2XCM9{wK7^w_eL%CCv8|V;^QZ7QH?Y9&txC=i9u?3RENGymj*3D
zdsK$QlTuWw7sIdU(BSMiHS)2VMafA#ClkfMZFt9z@dJBzP=AQDyCUJRbdy{oA%^RG
zMi)c}69eN|(Uo;@98}K3&mup}(r`VO1dY}3nK`43H{CsdgF3%soX+zCorn
zv9ct7#5<~-T3MWG1ow9QcJ`{#X(CacJdKNG(6$
ztNrB4W~qeTBguh|u=^So*vM8`Sy^c_#(^>W+4mAHg+7891PX>JdiK5QLZ2`oi+5Yi
zW@5g#t4|b!_ApkxWWAujTYVS~g{73d)fk≫~P<=IbtZ>WY19q&+T3eZzFoUV)Te
zHN)tO$Z&)0@KqO;cl~tQaYy;H=Z*LUmhqi;Y^ktBpQOPS*+kL@2J*JYo*fGzf+5-J
zH1tenB@z~5bO6JM*5NvqDkwiXsVX==gt&9fjc41x-I^{>gFh{;1j7)P?Y$lc*^ZrG
z_4%a$qP%Id+(N6Q(!sG}*q&x193=rKuK^istGx&VTQua+j=w5fmQlWuncoS$(2xda2&O
z1N}Ez=c+(*Lb&$4V)
zeCpT4r=t@WM`w&<;{w+ymj#WN$L!is=)}mi`vo}Phm=;y}1!-lhlVOhw*MOS9uJXjiyV12;D8+D2EN@`x5PBjykoqP_DQ98=WDHFVa$?a8*xmz
zd*sQ_Q6vAbN>D%XC*M3PS1F+=#wdg{?Q@kC3eT!LXl@Q0YW}z{Hm-L)ihHCVxYGDR
z`LPmROPjn=LJHV}W_Gsew%STx@Jdt(6cc~#fS(bkW8OjTgmxd9ll?@xfu-q~s10K1
zGppkx%%?(;<(&gsm?g_>b4g&YmZeb58aj?u;ME#mc6luu8SS)xM7)}1&S~1_rRMB>
z^irN4M)HmU+KC7QXJc8Q55%!$I@9kGYpqjUSk4I!ZMO0s6o&FaDX6cN{Nl3H*}P$!
z`#FAB5j3Ofsgl*>);+`PX@SFx{yYK7>zi{oIsQc9nq}+DU}C!nkrTAL{Pn!_sSl%Z
zCA4Au2J1K5^?gFWn9AMG)j|*qQJa&RJLmi!@N1VOHS8l1T&pvq&=6Lx>=
zflTDvwM%(MF}4JQ)hIr1M@e@lg(jPbU__nMq@&6(Z0KWwE6pi
zm*t&-qsCc%jfaGUOykY=>}}gEv6(8rVXskFAchs&L6nlKW-1Ao+jnnS8EzancDCW=
z?@ka}{jwsP({5AB=4hzj7ZVb~96SAf&)1@QOdcBm&)_494mq^70ENl)N>W;CM%T{V
zwppT_CL#>!{v~9~>rSeIt)UGNl_T8z=St>v6r-Lk2U})ZJLH!UW8oK3Ar}^Dgynsf#U3^@9B|-?cPIzWjC7@(2Z8
zuMW!n?GP7WX>dOk;t1pguNKSTw3Zz`ARQbfZ#o#Y+7s(mp&+%Z9ad%jVV>7(tl13)
z+GWYbABQt#3&=g(BNY;&%x8y|Ktd)
zl+&cQ3-S6rGuq3qYLzH<-J7@hl#Gre_V$~8T$xZxo=IU#Vo$@uLiGP{ea%3rgJ9O^q=
z`cgoKfQI20KV{Z^RPG`}*e;yLb1W?LnO!r=zpW6w2xj7)lMBd?SKA)laP>+EJKe47
z2+>>lwe-~oQox#Iy~Cmm$x6Uux}wG`B5jOA4vmWsZ;qZvxJURqK(qMt{H@k;!M`;5AD
z#Qf7?3$!%|pCDS|
zAuX&kZ9kKrPPWc8s8k5b9qj1K5tfM2H;M9q=vYx8SN<<~dQZb(E8xkWHLes?T6B}j
z-!xBV;V!s)CY0V=sobA(P0>yY55t7OJOBGy5DkMaxVKNNDQ{?>`jZr?3jMA_ES{m78O=)1=5y=QkQ|LU7
zN4caMn@K3Qt)3ik*~)IzLw37L>R97&Lk$-zb1IE4NwbM5I$V}cM1kT1Yktd
zl%tPkUUVzyMsuF$_hk>f4fqp)J_#Axg*Odv2hYc|Ty1)}yRB}0@-tGxK;kLnX%1w%
zdvv1EM;eI$!EAaDzT33CIJ3Z%Gvxfd6JXODx5mytd=O~DsymNB>BUk#l8*FmpL85e
zc<8$^;6d6sPHtTcj9;w24LF$Gs&)fEzOPL|=Cb{0
zX_WMpz)!96{7^w{xYEo8iXYrlSh;NA?4G#l*LZyfm%BcJh_-yQu8;7hD-KWJxA*>2VMFEQr5
zwR{ob*$5LJEQ1;Qmr;NzC<=A0-@^3?^uN7@Cdmh#0DCthJd6%)?Sx#jupz*$?z8-Z7&Hmh_Z2@DB0
z)%b6s*CcFRDS9WXoVVV1GLrEl&J{@=Wned4TWje#-Iayoe#$9B3u~HvBu_Os=2OW!
zbs@ttVEg6!^a0{-RtX1M@1v|66Vjeh6Y%UDZ;wlpjzx9ID&mvF=iaM4Dim-(&v!PU
zu(J8_gcTf|vTA^ZbhIWR;%dyTvQtaZ9m*d@yr%*(UqqU=1Jl~X~m*ZNrW_W4qaXo9Z5A_I*PiHm)
zJw(wqF}t%W77lImKL)Mv1C3;?+v*VCogExXnkPQByFj|W5nRD9GNk*5RuKguN5kOz
z=+M#eyZTudJUPQ{#)sU%i>AMXRclI@6xHHdz(-;DOxBBxTcFYQKAYe5&UU58B*_|h
zxK2Tw)8^!sAp2FILt=PJ)m#v2?DDdiNx$YMGZZVEmkCw~zH*j1OXeKVi^W;nbCn;8
zG@)H5*3}SX7shmRS9%q<=c|Hd=PB(tiqDaL%G{KFz7mGU`yce~jpM;$cL<8^%XQs#
z_|SPL+O=V>a3US9eK*Glg1TIJVeEKhRz4zw5uOF%mgW>F`^Gj)RUYikvrEjPQ2VL|
z(UQ3dkGz^f;EJiKS@4L?kodmN4adHOL
zS@-yS$nqHtAtB*mJ4-Wo#R##s%{<#;@`$=uy_QWy)#oaPn+i>etUZQQ^{2wae_Nic
z^_6bTpyb-khc8XG@h{zSq4<2`+>>SLQ=t;_%3T64YWu68GQTQ#>+^~1wLHG|js{*u
z_Mtt3elN*Q;d4rCrq(jOGVh<&N*%i;yOPWwy0VxUf2ZEQq`~9}kLdH;a}Hy6TIwd?
zlzjFy-^Dd>$({4X39$=xn#xTKTsp^}O|>rRZ4)34-stIZL|4z1KM)(Y(4Gz9=z>6F
zRpNc)x1PLJ^tc&#QU#yzr+>$WffQr5F3>OMuiI=*827;7K#2{OL+p+
zHi@oYDfp{Q$duRdN4?O4)J4C&n6XEu7hNiT^bsmVp8Y?(3F74m7rn4MhsyUP+F3y@
JtIcmd_z#T~-zWe8

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-weakness-name.png
new file mode 100644
index 0000000000000000000000000000000000000000..ac2610fdaa0454b08bdb5ee2f302420f0c04f3b2
GIT binary patch
literal 38643
zcmeFZXH-+&7bhGmiUJ}{KtQC2CcT4FrAzN1A~kdfy;u;GD!um-TIjus2uSaQ-g`(w
z3!yX7=h6RvKFpf6=AE_PFLM?ow{Y*-ckg}n+2^-^moKkW`qGNkIw
zD-LZ|$2&N?Be;-6Xcb*!5BYf}p?#K1JKx+;qg0JVAfpn^Mx>+%r9MSUYCua8E
zQS#ih?*V@ErLZP$Z$vfB*n6;#)w5p!1m(vMYNy4D_N%e?EWqrM+(GS22Tgf-vV44e
z&Vr8%OG=JBClPK_2sbS)t#13;UW>|t!or>d9xkrEU}G`>pw90iqgv#jTm1UWKodT`
z{&)9@;LX3=&mHglXZvQ*-)(^O|IHJdCf(c}ozmXaJp4LUZV`WbdDmNb(q=kk6UG~0
zTYk6n=W^|v0&Y~q(cM+Q%7R(dW?Vb}5nWE@nQp}Yd`TvYR
zHtqp?ka;8Livf=^No~dY+PS(GT!I2{$u_QDjfFL0W+p~Qn>IP;E444l)i-Hn^4KRD
zsi*w0@oUUi?T-`L87dmW?;?pa^V1`SR=b#hB^pE}=vhDW(6l^o8k%ATDDIoB9lFC9
z%cilDQ=L}0x7Ap+EMD+>PQAH-Rwqt_EH|8yLF}2Ls(4z4{R_XrjGk=I(`PQwzLPU^
zF}eb&{O>60%wZyp*paTm4-v82YYzT$>&lIy7-=eH+z4b*%$HHV2GyUr&((GXw(j_I>MdigeM
zt6y$-Gg)~+M4OXQz;4c1t-HAKIoq6IkBHhSdw03x(6?iIkJ-I^!u#ZWRZToyTWdHM
zN)e?@R+lrZu_JShrElQ2VM?VU%7qBc0^FLo!q;$|q%w<-7DspK`zpHkPwxc|y~3p~
zdwx&W?Z9O2GPkeN(rP#@WWIt&d(9%3Ww7Bnic`6OgnC-D#-i|Y5E$a4{Y6wKvmyd!
zGu#EL=0Fd6t?aenI?=e#7L#X_0k2YgQp*c>%!-W9hwp?TiKY%4;wNbgy1B!WtF$Mk
z-3P#}A6Gho1wrX$gnu3%04+5CAoYp4(Bwna9Mw?l_P32#ia9!I_1xk(b=7`Ti3oM+
zpquh2!F%Cko4b1~xG3OOg4V6HBs)H4#_!(2E}mXahmR9MLB_Hh`&FA?bckzA8?L7>
zjTM3qv{^hyi)ACqV~a=pEy$miQxl;#HUf)U9u>cyy1$m*xapp5H+WB9=b5A`<{)jX
z!L+awTEROzQ%s)Zy`c@QH`e^)a`K3EWv?Og-`G{+Qf;xk|Jfvi
z>LBM+I~mXTccf6L9rn&g4qHQuA0kHSJ~LS0TGH
z(lr6&+BYsqffE!}uN+#>4F?1GI+CWC$`p6IDn#`o-gbMY>*RT~LTp#(g&3^-judh|
zEX?kmH!y^7zfrGNLBr68P+D{i0lw3U>&sBDqP&RDopgnMt(
zrn$0lWF~Uap5o|-i~iLTwXgcC;_q2+NJw{vPZ#PTaq7a0h3>qkV6xd#W*!8t$(CnSg@#o4jSq2dR#v>tV?D^v^ght$7jNGB
zspsXDAm8>PO7bc1=`f49MroXm7ZU(|vhp%Asot@{9nld^NFnAHiutyJ^A-)8GqOk|
zsCT;=)HCJ~x*k!wF<30ST_f$^BR-oqYgY20R!ZO#L2_1NdqUp7s%>!WDJJg(u=u@q
zBd)*v(v+|JNv4taN<|)5Yx(QVK~uOJEIbZa?*
zCz=_srTaFNc=ttetz@8QTDqFW-*;{~n|S$nHCR@eF2amxUGhW%l!ts^&p%RaAz?6Y
z3A*%M7eBMcq-EmGkd?2V{u3`t%sb2E3-o}zDzPkBQ}hrGR17sn
zi@lGna2uzH)#fN_%shU};HKWo%|3*mzNID=%k7zE$-1z8sX_%Bg8NIozmFduYU)UYf)8TO^oZoBIyr~%rS3dR
zz)d9chI~w2#y3v(noAS+Few^})M$Q@U)|)UTpDGbHZ|FsV~s#k{Q2k2cDFPI
z=$i0(B8E&xofGw_b+<99NsC~uU}r2|xT(u%NZW~UzTx!rvnisTu`JeRZtU#v<*EJ}
zH8h6!sYdA?h6|fu#t7wCE5qrd@5SoH;YVPePg_SBid(PP$B}3PR!zS{b&Acr;lb9N
z80zZaLEYG7baCh0RT=j_D@P`h;fSfO)S`vIdEgLQqd{tCBCbpq)IZ#4@|F6ZT+#3#
z)KudMU6)TDYxVYLrvRgF4u>*+dNp=26Rp*s)9>?2J)+?T--+ZzU*xMw2!HalGZQ^TX=uDHth%J3#Ulh`5r3(31ZClFNQyjAu{r
z2%abIs*dxlLwcn3iX>EId$z_R7asebk|Mp3_jOx?(2qJJZ`0-5uF4bVm?JC67QLdY
zsNC5o+`&7lsjTA-ka(a?uZzO=WK2W+eEOoX#-S|IQLm;oyV{?t@w!1gkC4}%y902$
znFZJ3%Oc4?J_&7qz|SJi_RfFEU0Ek7oe6WNkyyv^?Gz&QbmUR-33k|La^1tbrF?u@
zj32_yI4)+{p)=vN?HHFm
zRKZKjss*poj`(q0LPeh5qR4YLHfreG#sF9>9QiMVk)3ST-KRewfdTm8E
z36`^2Px|85LwU!K92@Ikp>cTlBzbq*e@x#x@tjBFt$6pWYSbos%_Hz2`v=XS?N6AH
z-3v3ioYIFuk7^=Xv#bY8V%HK(r+ZyUDv)|b^$zvzlF0)Ul_krM5n|iL4kBp~vW@14
zLsn9?i*;Rm{!O$>A}!iHao(k+_218OkIyZ&k;`(i<#UC&n7f5`g`yUbo+sRP?y75!
zKm*PJlcMu%l8X9|V_%xX>SS1IYQEcLk@h`uKo5KN2-(M
zmvd;;IhP97YqFam#K*k3d-tlcu~SW2kZG0a?-kXV_(&i4RI^;DpJ_Hkbs?98{lRO!
zI5}3gDEHMlY|4a=XaMzLr}eRxxCHa+i2z%mnHB6+9oeIFxN^UGrX{pPl%0Ya8v0NI
zhx~(LF1|$-Ex@ot-?dPkMK@A{hNC&&$Wm3|t#m5)hHwxF6zitp?25=>k(MXQ`&s2u
zZ3%7bN$oxSIbaTM{F;=@5S8-^9g1XJYg}$~@zm$twr6*S!H2Zl8YTl4Idz>{ePy#H
zUXC`FL-
zBGHlH-j$zjhn(1186RbUh`nr&~E~C4_Am~-`KXL1Mh-1m%2F0C4
zeR#>9AW)Mfn#o4(QokO;idR`qVFES*t)zv|jqoUa-WEqkOVRxFL8)
zx8Go=%i!}c-ovUwI!Mk-jAz(rv#|=~2nZvZR<@f5$Fm*G$~o*(6p+Y#N%Jn}7%et|
z>3oN0P~9kEME(JCo!u2_A*+_x{{(}y=-5aRL$q|u5!jX5l`ta>x*GB06k|7A2`Awo@^(`@cR
zq89_`5T&zyu~UoIO<&A|VSVWE(UOmyS3RoM$2gfv#AKvw8in_dCJjIO!0LNdX^JP;
zs+q>Bn6n3BG9wjKz+(OSn?~-Xnbr!)9qvg3CsTLszqbdP@~0eiaO$S>aK
zzWB~mc=|c4{U)F)?H33%Je~TFFn|()%N946c%jGm=^I!KsIZ_QvVG|l7+gKrjzxd$
zYl{jC72Fz)_>+~ffKXccmoHy*4jV#&{1EGWCcpt5HcK7DA6JMwDZZ$<8yLW&qUKlTD1Q<|>x^cS3~e4Kid)DZqUT@To2
zoG~3wl-|H>7uTEYyFJ-2w}l}fs0f~I
zeRU*Z1mIl}E*<_qA@N=B;@Pw12LOPf$)i7AV-@sn5qs!QYx{$oVGsN_=JnwJ&l6u=
zr9kfgO8Bih_mIGU$R7eJIz2y`Kq`db+AJ7LD5~oGK>5L@jjjPQw5ps0ABRsM|3&E>
zoA)r)$&GzWj>n><1qEu#%3+W3g9?j^e5tWE$Npe#UNM8Hn6fP_EZjd=Qc`Nlf-%UW
z+&3NPJ_XvpK+M21T{iR^DFJ{g+&ti|e*_t#hk>k^jTT_H0ng3u{Hx(#r^-72RpGlh
zqO>#U>HY0Z0}n5hZbq=G&SZ-ozV)gs|2Sm1h1mTtf)}07m^E?JY0k
zOXMG1Str!EuHTuPE{6yUJ;rs3k3EVBSJ0xdEPNhSrC%%ac%nQFS>_ZR?sJ~;9a%W;
zc9kZ4_JUJqMiHFlkp@vt=OZ0l1sZCkoWWiuVJ`r4j6~kYI=jSQ|IRQUPs|!y3-yl4
zfDc!GlDmWo<%k>cd&#nZ2PNsdT7PbAztj^Rn3H?^2{#@#xlo9R2L5$m!VLM_~68*tS9k;?kUA9W)cpCP&)S
z2!oJYN@uQ9`L=m1w*VQ&c32P3t`_-c+ye|9&V3Q<94>;7#Row)Hkuk5bV2Qz+uJtj
zL38%;bM`t~TCqEBjkf&B*byKqK}1AUx(Sva5wV*#+;idAnKccvKg$WLVB#}&zi*Ow
z9nb$p3fZw+sJ&R7nnH(#-Q@4o>eh5f#y?+4Ws9m<57y(535#8g!EAcMrde
zfQq-k`BPKTAJmbHsB*(rXTE_y{4q#f;6=WiF3270=!Q(XE4%vYYQSDD1E^$jkD`K>
z8Uo@6{?wz;qjh$tD$dKeDA1UxwbYY{7jq1fS2SczC;zvnZI4207qymVE3kr9drOmn68jHgY_vD_yHb
zD+;Jp2GmMqK;EdaMy?da>Uf?s%p?Kb#fv7-bc*_PJ+PP;mo;~K;YP-7q=RAsM(m9b
zR3VOqzrPr_8v_=$mKGB2xj4MFxdHdWU1B`Y2sFZxnL5USvY5rHgZi*w7|8Kx=5J)|brLV_{!U>66&`Et#g$lU!@$9xO_+aRLRi{8j$@
z)!qeG4QS?St#M0;$lY2QgrjoDMt7@+2Kp|syAl0
zH#1LAKfP2c)><1#I}b;T{Nr;J*2F2HWCwP5Ra@GHeP^lQR7lTg2v>m@
zCP9Y0Qw`KPY)U<#<{x5gQnWxX!^*#8+N{59vtd{;Att1IVU`7U*uK{zW}n}BP7tUjmQZaPgUzsBp>bWRPa%w@#X%s_;arrAFGO5xV|bn@nW+SkL8Hb#T;<
zZPzNB>seDIJ%CQ;Xg1eX&U!j5cu$PuU@jU11L$pjl=j4G*n&wktxyA^40sA(?Oc)$
zsOx&f=y=0a68Y#XGPx`Bw&oM8(Ei6HdIR-GRD;7I1viK(M^&ZL4T~yV=1Ko%$9;9gd%8a1?ASp3;nCI&%i*vyh(Xb?)fK*ZLh17ruEBH
z*MUO!jmFcjy9%i_VO;{3o{nhqX>M~4KkN-pt!LBO3Yql~=jROl!$&J%IWKMd^z2DU
zB`ECh;Hn<#O^}Le%e*_hEpe{b+~AtD0WLZ}BoX6oO2>HF&BI0(HU?av*c6tK2&y|s
zr#!=Y?mJI$(w9=%bM8|JM^ok2qx4cW68H~W{+&Glixd;UwoG(CSylciIlDivdRyTB
zjV}Aq9B_K!?p%TJ#koj@reck1y!9-o&1pU+-Ztmy}4x&3Oy1#U#1d6`{d>|85OJ6DCxk=a768@
z5Eq~e&t3?SZ94lFRs2@}+`P9g#>H}oMTRvvSWCA`QSo+_)+)-vS~tIS&_F7kJQ-J8
zteCHD6s`869JkUB+OtN$x}t&E4vL&jzXSmO;R0OF3;YvBut9o8pFz-;@?qBEK3!qm
zrU7+)Ouqe#C}gPms!&mQN}Pg(w_FYFM-sB9EcwZ@=RlbnF;YD#x|ktWom{!ximV$+
z$Bl`?XV_XbwMg*?EWn0a(5jrhdrUlcInSY2m^;#%NOHCK8Vveg{exhq=<5>}dQnNI
z6FJQi^))*|=($#e&1^sr+CPqLGsuK0-dkxl_gW^umve!Pu=weiDD-r>Iscx
z6?jlruhCKrrdkaxqlanAfG~;{2aOoVqmT9K7e@A^Zi_6q)B47WO82l=o{D*Y+un*s
zhDKSt1g=}GbyIv(oSfWv5k;I@{G%jF@(d_Gf0l+95gd&eBGkHxQ5$(#w9iHog?NX1
z6sp$qe4(sneh^B(B33L|Wio*U^WEJi6qSMxstA47-)TcsN9)wgurQLQ=luGV4#q`C
zr(?pE{oF0@az%$x9?y6FoJDIsFl2rZgdwDGS&&(y5ni4~ZTQ~!*TCQSO0*^fcZ7wF
z{O85AN7L{|&lELMUdX=t@Nv$JSUFgsLHQoRdI88OX4x27P|1nXYRhnD@hg;MXf>6j
zTDt3%vGSNC25({tvm8^!wMa+#AeW_A$3{25yjW5$G&xqtYpFI@VSc|R4Y`@ZJ?v1W
z$v#D24SKHwblwMIE2?9)yUozxnWS7DCcNRA1=Ls+tui^(o#YO(D8MAw8VwM
zXOw3>O-tB7>XUqFhDEV$)E&K8K9C5wR#`L|WCaghPn2V{ws54AyD6Za8Ln=Ac?6zo
zIs`)r2;$5=tF#5yb~UE-kA3R%-iAlAynOFJzfDriX!4g;0!x_CTY1$MoRU;BY{EW9
zRK!-n_iA(uRQJIhss182XWKb(!AmDk4O^rqrjDiu9l=k_KqfLb6N$$MpB}7>cE}_o
z4aMJKP`;x!kZug?+M|n^m5-7fgX+BR=>g_$E0F9AfF!*c(T}4bb~B1vQ$vSY8$hio
zF6r7&FNIrl>N`49J$qR4W8P{^O%P~0>U==rq8CCXu7nLR;Yr`4V_SWbU2Jr+GhY3I
zp-)=F)RAQUk4a!atO~3`6&6%r+o@)}-}(00>8p}8U7t_b$amQ+EXdB1X6A=a^<361
z9S^&;sMoqT8PUE_Kd}@7KHFjaIR`g{l|40BCzu8@2tVCD@HZ%^tX>eoLlU3(g}u++
z=G+X*TnDmJ=9IS#Kh;RIzUpEUgLET__>VmgFo|3&Ho6ABDU}N+LgE$^(*#OhPg?Gl
z()|fgumo*fdlSD-I%bf_|?J9~@qT}c_-_jO^
zlSUaMf9l-VzZeE(`v-FQ4yAeEjxkP|oiuwV*cK%7z(rFn5(;^kG86GO2%b9}2L0*|
z#toNO?}2IS`Nw7m>U)PeSbC8Mi4o&56{(e>R{Gsx!c11&Vqy8g#Es#yVB$F
zV6hh;3wzDeE;1$#FGKiM?K0Io_>1~l6~`B7CJRqKmXx!&{7!jx+y4(qW7YGYr2w$J
zDD&VjZ(X>gh0V$FdSD=bta+}rm1NbMpnh$?Ly%X}&>y_*own02VCx%S-XI$ZX}?Wo
z=LeFs26Yj2gM6Xi59Qe5TXC7eNMo1H5q4j#?Dj&AZ>3-HfKHwP7RY({;14IwD)32v
zGDW6St$^l6P8?gKN3Jjy`{E$fi2XOb)V)phzI=6Y1+DgW%GHg*rhcJO6G$8YARgxr
zI0!JzvYB%}!<%+rtShFPfv2Ue|FOe6MMss6WO3Lr6<2gT+humMQo&oAvY(~&NLTlLTAvbhko>;_}#jSn{
zJU4%u#y`?m`0Vkv3(ZL1bmOmXC_#@(2>`pkKQwdyl{g8RV{|&qZez*3{b*hV;Wq8+
zys$yh3Q@@Ro08)4zfw48$&chaW>mJ{7E-9Fdf7caEU(_pjW?HAOeMog0(94{Q)HDD
zW+Lua^*55A>HxZqhf%dCnaWfW>s2U8jVgO(Tjf4wu*}$)XOiz3eG1padWmz|!TZ2G
zAe3D-ggd$#Th7X?V5Vc#BEONUQKaqTCXKz1{t|L9$6Ub;&Eyt!D63ZfltIguzsL|N
zj4kg)$I{i88jzYZD}IuRi~_z@p)CHCOjP~mZ9ewlPv%?uEx>2P(rcDTt&W$l>bRYe
zhOvT@8USEH?my@ZGU$cy9>%31!~Y;4h^(bTzBVBLKuluXfJ}jJyE%J$0?u#eyN;j!
zuKa~wL2$pbm}-KiKv+AdJkavv=f`b5Eb`-#
zebq^2d6Og$6}DrtSPF)FSQ2x8ibus{oS2DuCo{h|*r>nJ`H}&mP}ExZ^)vwJy2_SY
zSA-@nzB|nzU$Jw9P|atpDynTN=g3h(8`nPNJGhHEc*TG(|Eh$(K+@a2XGn*|`E4+L
z2;(X$>Wo9*t#mx#eI>^h7LP3kN#X`M^ZcM>
z>o6?eq^+v<*uNr^FTm5YX7YmZMUOg
zJ)dgc`%J$GTXItKA59$5PPoGfMkT)Bvr$LS#ovVxa3OApwpR_A*O4$RIJ9`&Z*}sP
zeskMX>-dRW{E0qA2{FK;@HcD#{HH0qEak)%pKG5k%vGb@CB~PBC5D%+38w{`vj-eb
zXxN23RH%}PC>jF7m0;(b>al7M3xCj#WOb~2$v#pz+0sk17GvdyfFh$}C%c7=HX7u6
zn>75=xIySOYCZSu&&AxKyR1`d6i&Le5+up}6=Md-#~pR{wT)w0q4FTOm>u?k_VVnJ
zq*xA-_Yc#YD2)RjWV(4J+!Gr}e9INd8=?IP6(j)1=GT7%7h_%itb1#u-wBa2J_z2(
zy6UFvH&)`ws!~t~kst1-u6a-x(@jJo!lInF6YJGZ0nOx^=W->QAO_{J0zy>@G*pzT
zs3Yl>$0%h=(C4xxWBAy(uT%xk|AHOIaob@(PjhTqZiB4)B-4+Qb2NfUb0`NAh1G~=
zbu=3#u%&6Uw^C~we6*d-$Q9}4a*M19#F76rmZ9)An7nw>RbF8zVC-gl%bVu%S;t>&
zzs;SBq>(Xgmy$Le#An=Z_o;NyHVT0Vklj`ZT1O
z^|u35x2>Jesr(2;%)~P6rf{mcFqDYiT6oS`U8BQz
ze)$)Q^f4nU&fboto}wu9XsgZnM(nBdNPd~LU1)3bUOO<{dgi^ld73c9_sC|$Tl$5<
zsp)5nE_&-95jR9H{I9g^f?KWYRL+pXd#_T2aVF`1tKys1O1f5so1KA!6|+2IMp1_8
zk_CNU%R0es2n?B560lYv%%lY@0`K4t#`qO`y5Mide(!|qFPLPnR#gs^4Q+xNodr@}
zAp_ApDYH5b>@AQ98mwJr4rnN4@hQU3HbHBCRcawY^96RL^QD`~NiKX=V9Riui?kaQ
zSA*M(j}KGvH&COibORZ~I@QisU|IRtk56=%-bC
zJ%_jZU+Ymr%5Bh-anOm?BQ@;(<=+U0SKH^xW;J
zW}4;2gzH!CDf=NZj{0}zc4U&Ba<$-+CxmttJ|&(IPTo`M0^edj|JtZIs)e|Z5=zLKd^
z5}123HCX7;enzo3rl-1FX@|Z>5`ieOYBxoAxxoxZk;9+U!D?MK&eWJ;Qf2=g&>(Z=
zvP4XwhlRsLY~#95Np5`*FX~}fjwj{@+YhZ@RHB(O0oX61FI!SufH^6@y}yrvW1EpgwqZ&RXbYf)f+OWvVQD_Qpb
z@alZY(5tBFg~Bw6R=I4yhsP(XmvG6&*gr5DpyVNxS8EGzo7}&sGa_Pq)#NY^yw=-u
z|8>vEW;q5{34u;8_^@1*!JC|f8r};Oxe$fdw6w~aT3a^XD#u3ARGjg2@Waxkj3>%1
zxkZd}7`3a>lO8twCru)!x!i-^0voc28dqQA5OD>*ioCk)@cAqCNws#qIme=-Ie&)`
z%)iD00DSzbRU99ky~A%t&Dl;TxnBBY6Up6AZbp6G3J;8^+wE6dE14s<&mR&GDw4Zx8d!5zda^Yz|PhcSK$g(&)jq{%s@H_&={4=WUIvovO
zfkL~Bphcj|iwT~m&{%
zO>Z__M)455%QXW@)Ubdj6{k59{%%TeJeig6$cfoB_6INjhz596bx9G_|0W*&Q6Tnw
zQZLn&Y;IVFGgp?^^=s*5GFtugLH~&i!7Yl8lyhc-N<2D75eeelj@F%r$3jjd`D60!
zKcA;ctWZ)=2(^rUyoKYMmuOiv&AAyHEjJF&w$s-?HG1Baa$fwh67OPrHnWiw1L_HA
z_-ABcKi}88ef$+A^>-VPo;#E%O^Ew!PW;3|X-=LJnZAd%3-wGE$BlW-b+T&#LQF?C
zN1{@%rWzaho1Zc7vZy$XV{cg$EPE~){)J$3#?OdvpzgqAZQ6tPt2Xeh*n(~4Rx|d
zSh=B2)!RjQk=0CVf=fOroRrxqCj#C#B;W!``-`M&#>E?s@+0nEAkR$G;E@{r^W|p~
zd`%p)`5h7{$mS3w!>xi9)idk82z%b0QuRHF>*OxSMExxep9dl+8M>rlE19&y4?T-y
zkH?C}@-~~mBN@tatz+p!jSiBAqE)$
z1-^5$*K9P98XFJl|-i>Ko
z{8o{ChE{gXym13wWCTl(k?2b?POerSbkn%y*$;Oziu^ev#ZiZ&Knaud@f`^tHqZ^Z
zMH_ID5>@C7pE?){{(bexiuOIh
za3d~pYqi_~Zu88FF;#Z0-&C%ioxa3Xo;+H)^>In=6w2ycZU7ODq8UngPdI)2>frP}
zEBi|^hgSJQ$5N19fp5A_k$-@9{_E;sRjt#phEcb*
z;ScdJcW9!={w!Dj6wHW{NJPN#@o)b;ZaLZBjGRDXl~AW*DAKkx<=bQUTKApfYX^4x
zXS||`&1#8c$g%um5%Y!>#_DMLGxrMQR0+$Vzh%B>wCrJhcH~5Z)$BR5-TCG_rkm3-
zH8P3i8hle@i|^}tTzBS-Toe_nrK2>VLLH6cm1bG8u5km8f5Hx<1DAXSW(#xD>(X@6
z$7&F_yv~z>sRT9VL12K_eaJ5&S>`VI)efh~W*e^e7aj!PS2
z?L^GskW8$-7K?S5Fp!Dn9Y|$0K8CD|9hI+dt=v`}J}G|`MnHcK7k|llv3JkTtA|S1
z55i(?KwP=zCxhcCSn`nSJD<=_K6ixSki2|F`mnEv#J&dC%MetsS`}-N$cbJg@~pFZ
z-V}XH%vdwW`{_fYQr~L+RPj7zNCcn9_GRsb=8FI9YZ8cm#IT}-aDlQ(Jxr%~Bu4d!
zCC@txf~8sf+t`jiSGKtZUX$A<%+l$1vPkKcXpde=`|#2p!Oid8fE;;5mG)!-p*3OvM&S0}$
z25bVH+@FU{fCmSE{P@A@WrRgzPSMT(O>)RE72vJCCQF{hz}52y?g3uX
zxBvT1&Hn>UZUwIM?@lqDun!ab>KJR~hBZgQZBc|u
zh}|1pUHI#@((zw(vY8@H^IzOTRxYk`trG03l!pFERFCK9Bw83w|4j)EbwW)|5!~*&
zn|?_AdsJ9bnvrSdnW_7&fd842hK>1FEPufXtQ`N%Q~~_A8~yJodv!aur^1{j3)ODe
zqTKV3e`zj;#wM2Vog|5ZWh;<7wnN^4e>oP5SLN=gJ+(2+WtWL&?mV#TW-sDS$n!7U^gEa{2|ve4jpwI4eH<)X5M)L0vXBXf>m5r@Sh>v8(~!GgKfI?K
zySe!x;povyE^UUb)!53XfK^OaA9BFnLV)ro$--dQN1X1RoxTl`gVd>hpY;PO!Yyg0
zV=EA$uYX+6mt~29?N`#$IXD{2*sp(^@St3W&&adrP0+(FG9%Y%tsvyN>+*h)2z^!f
z@N+e7T4ag7k*^SIt$^#u_x7sX!moA3&Z6%`7E-#n!wMz2pN1E`&nkA+)&?t$A&BzA
zTI^=Dea4GLJH$7q((Kr3TT((}j?k0~ZYW2p;UHDtWa;mz>B?%&{rBP!n^VSC17>sn
zU+us
zHns2iG0xKPq$U4m#XVtn5|dxjtKz41UKRl}ZFii3q(|^~i_@7n7@WZ)ohLl;!Mg8k
zw2{C<t6S&OdMHiN0iXDHc7GA7J2!hq5aw@g2~yjm3c<>M!8b0$4I4=(0f
zIU4P#mnW@OW{2j*hbht1!R^7pxPf?-vOYedzNd%RGE~#W4gF5m=$V)*!EkN+`Zdx4
z5mb|XxTdsMHfF&;-EO8PGAc^4)$hpt5jIe%85<8EY8M7Rkr_{R5C(t#)n39*qx{cT
zdfi$!3{RgZcr;^U@$df&fIhQ;NRNu>7U7AVXJ2aQZ}u`k)WDl1#dJ;z5?SOoisn2R
z=^trvigV4HeC@q>O}`jU&&5}WeE@}r(9v3fuZWxcs81<|z^u?Mr#J-)cR%3>JNGED
zOf>kK`z5!{ItS#9q{PabBhkvww7~Z}A8xK#qP!Sq-_i9_f^LYo6TAtpPGXsmv9Vx4
zl5+{N+a1QEKWQkC_ZBd3TK+IG>>nfNsyj#zYV3DQyc@E^@&a)ySvSmlpu|vGrp+~U
zb@+f-2s_9)LMOL0-%55y(z|%$;V)R+8$8-**Y=Q6{h9IR!(L@%OnCwCTvKR8pCQoV
zk=+*qqk+0l17$Pp%ls2qhrSEC=e)-`tR(t_vHY#ZUHkJh`|g;8Zx|gC?z47Y1>8_O
zwHUs13Y|qZiyNbtOuQx?FL5Ag;c94;!H7S_<
z!l28Rg8Sw~9c6;>H8-RDejR4nkpU39qp#JK^1%=Z!J2Es0B!Ald9K|RATq`u
z=GZuML&h8fCF}IF`V;4?V{q=8O%jDF#%fv
z;*wI2)1d>UUz;6;-o`HKT5$|A;un@JtkX=P<;ctv+qxP%SPs9;=j$-yOI)41*nmLw
zm#1)Fd8wkdk2s^P{{Gk_>lSR3Y(u?
z3%4`hJJ+`#P;56pa5kS;N;4&dkI3HqVV-K=+GiAMba|)yLZtcD(`$hQG%6YzM7M6;
zs_AaWrhjfblP?q$f};YT{%$5X{tG`-8n1#-*q4%*C~cU%56+4`m)vf<+PoG^(6bZV
ztjO3RV;bS~x|W9V`+2La^plqIRFGK$`K?9z$c-tz^w$!G)>zxba#UD8BD?B6imzbJ
z9lP?XxR>&LAFl<|$f_ux8V7Hj+)0VL-O=@KG348Lj9psaV^qfyGt-ys^KN47c&HRG
zn2@^vCBEg&kKp7AMWYw(n2u*INY>)g>z2i>VT5aViNCJ6(j_a1oj=AeGj$PGY_1Gb
z-~ooRA*v&)C7vZ#^E7qGJbD;S@al+g7xDS}ek-SK@O~-j<(p(Pp!g4ccb|z%r9xn~~7Mvy_tVzJb2Z
zNHfN-+jB9Io$a(yZ)nf9Z!&%9V`A}tMq+U`8=Jc`ZKyB{L^aA)kK2-
zk+Kby$h?U3ReCRbO607j@{ki8^ySv|Q!Wc`i}7nK@oLtx%VCjh^&+&dMdGNe-<5r7
ze{F~2EL!xX5nH;gUWvcL6%j4OFF+zK(v`4*mtXHn2;vIAA;&J5@=fl6gh02Ug+yl<
z)sKO93^!9ve0FNB=?|ox?eEP^WJr75X@gtkVp9Q6&z=2FJ=Fv{-XDA9B-<(DZjaq&
zW?LjE?jB6(ePp(dO%SX86;gYCEd81syQ7(eHd0({O;Do{0{ozl*>VxGX@a5&UBxC2
z=nG-N>X3)_CPXDw=wcA)v`y5)?(z2(0@b(Ao?m?tO%o{ZeM5YgloI4~a7Tq&KRPh8
zkWl9L^tpQ96>)$4YI*vOrQb(RNGIN_t+IhwuFUf5npK!`B?
z7?SMRw*5Io8@xGniA#Az^IA$F%|XAZ@qGc5V~qb*RYSPYJ)-ky+1%=uJBI#(6(k0n
z9!#9vMHZ4B3H?d579H|fkL>7lg@7J_X7NJX4Zy_A(?Wqs%QhJg^OTvAUJ?amDp}aQ
zcqOBXC6Si9#nepim}wK%AB=wKy&v9)4Fx)m30hHUh^b=KtndppzjTWsFOYh76J_f><{r6RRv@5xzI%I_8&&zHKyz0c8rI88v(mtf$
zHS#f!_NQl^hOY@O|xPaSofUf5&Uhlh_VZ|la-WUnG#h3YEo;*YVbFxzC
z{dBu~6xd47U`tb%!KKS3cCtR8@8WW7O2xV}+5<`b(FikpMFTth<&?uGpy
zp-C4X9i`t71h
z@n~H+IA%@fL$8VFI!M)52*f|rJecOo_FhzO`!l8{w{T5ZV~&Oq+I$<*D^r92OGp@#QkQn`!By2)bJe&
zUmv5%v-ls(y?0O)Ti5?93L;7n5J>|_20?O;N=A|>IU_Jg&N(WQBxjH$8Ob>Zkuc{q2=RD`Wb*tXGRkv>4{sX3Gx~6yU-g~X@`mEJ^#-9b8eaNPWdR=y9xHaem#LGnApIb8c;-8Sy>+y*evvkrU7w&bB($o
zprWEWlOQaw!mjkd>Pxij{Nr7M+y>7sJ1y@kn$w&lcRG_vM)x=!TzFWQ94m`=aa#=R
z;+}1ucYE6M`IQZ(_HmnCZ=C3nlIUzw%i`@R&Zg?6x)Issw)WK~F27Wsfkhvw`W8$JNOl26FwCnmCjLUX`f90Q;`1ETkguAgZB~etxegyAiZ%)@^
zj_1y|Pm9=%8SR((pUi!|#e(^+zZ7U(MegHeH(Jj@wa$Oc&^^xoTCDrInD5Zie8RXj
zm8)mh{zt{9S5TvSh3v>mb=lRIS7Sqm+n{>
z4+Z%fGsh91Wwd|b2y#$*EsrS^`&DGrm%8swV(hRrN3lW#-PE{6KuD@N_RLoy{s?zN
zQgh*1l7t_fPSrys72k!9P|XihjoEV;=lWtx&bsm*SK&-96T^{gjH$i?r9Oit&yKJr
zH17okqz%q~@|B9~nAI6*0Uy~Eip@RuMUq%*OmISAh-tb+Yc3e~^9cIBEWWh)x{9!F
zQXVLdK#LE*M^)ZpRF~?7hy$~Xq5RNbEmeL4Q4SSD-jVGmG
zrIo$fI=7GZXyc0g!F!LkJ#js)vbP;)@S1ev*-RacV11zV=J!%s-yKKFI##bpRBc~w
z-Hf>eD6ho|q(A<_6UuLCui+qQP?u@r7O_>m_Hd5&+<-$Hw*kZ^D-UKPleOv@*@&5D4
zJY$B(+l0ZT8T49wbHwj{RAWfijVKc65cq=z;iRM9+qXXL%a6(z
z$-?HLrL&~Fb5h))8}s>X9+=f5Li)LJYU=8H!Qz*%LM8tM*)iqCOH#&wn-P2k6|ny9
zo<^;iv^Q;7&#~zUuS$y%u+E=R1Q{$TfHGEB`$S7fj2Lh+Zz3z})f|yQH%kcPh?b+^
zw{3fIQeZ~CDHm7=EV5la$agP?X5kDjjr~yWLB_YNro?I!5Zag+o8Av%&2rOqvvd;c
zs9!HtClBo1WIp#ra=#+3Z3MK&N{1=*gKTV00N_ZOodP{&at?WB4Mnx@No&&!JXMa`
z3c}cU>{IrDwfi?a6mKe4{Pz8F09
z{s%jKx*Z4zrRn5-E24Rb^+E&D)X=6+s7R6(4OGn+JN%j8(9NYNu&33|PQUP5#gxK(
zOs>tN_|An2U86Xt>>dH}SO%#U8$Wt29n0ltEr4t4sb&O
zk&VO5ckb>3VQLHu{h|vtzhMlECR&5SEq0~Ok`X(4jib4rT4;*}@!1s-}+m(v4(SMA87Q-c;<(G$cNBngOk
z?9)e+z~=lb9Zle_o05<=U+=Rj%)Qtafl
zXCYryfg>$q>R3L1l)M`ocWeVvwCXvYS*J)$U2db+gy}#mSaf?zxHdm8V+*@t_2IFv
zr0~%CHfI?~E6eV35~5y|a*y
z@M!>lxS0Iqwk29(aEW$vyo=|t)8f9
zVo~aVFIe*w(o?@j`DE#%MRT@igrv8epO;96yoTmqO*}d@`7N=Xvol#t5ImV{{Prz@
zdAiF}WV#zAAb`P#>mw93PigUwd}mYD@~=opY)Ku*e+sLC7d!`cv$B#rPj?|NH<6q&
z{e^c$x|Tbdmu5XEQllSD^k@)8$c*k@rB0zH#j#-g?8@^Wd<)*_~xrZ0s<8p;Kaowl^aQ-
zJ6OSsExWq&6rTXxk(O=XL=~k!T9E@cY)&zY+qm=RrqwHLQ96xt^I_)gDJU#kNw0{?Cf!(w1fY$qtbW
z=0~;uZzSp~Yok2cJq0>j@CZeZiCr~y4Hx@+UMx^6eA7A1g9P$oecIKHrlQ{ojG|)YI-qf22s+&#X%ij?;m(aE~
zP-a4JyG_}0@sjq1(sIWo%mWqUpxCn6?qP9}c{+A1zNfQHC~~&1O2QRR?vXOV-ZCtk
z>HT9;{buNfd(pGR8OP84f>1f_k^#_8s>JoGK*Z99>nYuBY|em#c3-9GON7N_mJp+(
ziUAp$zkHNEbUB4pdElV+H=vAmQh1_Lsl1}K5z$#?T^!K8P4O5=Qs>Iqf(u|i)(BzR
zLFU++=Ytm(b6dsv+!?e21HywJR%mwQ=laRFwOKg?)W~&l&ICVs`8tqRBcP_VF9)Uc
z(4e43SOQTp`6Be@7+Zl8GNy_u)sQP1cV&|0oKvc5%AbI{n4JE&+zr@R{&7w
ze*Ydy$f*2ldV2jroH}b0lf~vtH`)C75Ud{9WkV*__Y-|OW9a-N=^Pb|h{g7n;6Q$E
z2y}KOI?#n~VHKSB#y^-GL7O|98CUExvQ&|`oJy)5-Cn(Zw_v*s$C|SHJV?AT&4_h$WRdOankKCQ8NQ@Z>tAC{9+SA%I1!f>`mqt~W>_Z7%I~)r)SX
z?c1>j$`FbvpE7%l%LSI_xarD_%H~OFqkp38+dn$OZqIW31UL>iuj~*ICA$OhdnhB^
zo9-S3J4C*f=jGKo0V@#4K8m0cohJ`X3(Y3zWvie&ACl6DlCL^;O@!A^3cmm#
zQe05|HRA!q)s4seTam=d+tE-3c}5ej0Kv+y35XgXoncr7triuwUnr8$&^RMr8;0f=
zQs#VNY){K(J-9krE16sHH}~R`FUGB)=1y<$=9kt+T>7i78DGt74Zk*2>^YA(;(ZgZ
z9@0ECtx&kv3gZ&()>8q3@szwR9p1&oVOMLsVzR}$z50&yOv;)PfLuRWsq1;-+WJcD
zIb$cetgj3CMMcN-HSsja5QUW62nRGi(j9`&7_2Y4ORy>s(@>>hQM?
z0Vsf>`9#U!=UR-$MCutJe^5kM`7G(8BWbXgQcGfVhco_(>1ptNY?qH9qXUE9zC4(6{LAL)EI@>>C&jIf^
zK4&=O4z4KSMn*0B+NA>XhN%qvI~;(~D^%c0KsUZlYE-oQ*`t-;KH4Xi$d&j`^%t}u
zS^p2%7BF9Z%h}niq+qX-to(kTtG_589*$A;{5xr?lyk_@eT_j1qm6u^rKF9N}kgVkJithZHUy(TL^pS3X4nKRB4Ew*LC0sRL!|F
zkl0K&dOdb}s*^~%NyA%Ba1u_E=HFZu*~NUdlv4*IwG@{bH>e1m(8{0ZUV~_##Ep#8lThN3e!SWJOea>LLn>N!W-^rC`tlNS=L4{Lm`iW_L;%XKW)UK`
zj%{5pES`R(j#V1`28UCn3u32EO$tN?B7bTg55RhG#O
zxSSpit}4dIb*WxI`myju_Kr;6GBv|DQ2@uf+6>d$R{QA`J<4xl;1=d4m+du2D1jsS
z`<`slOk5Q9`2lG|As3!nALG!SvNF7?q!ixi2ESwVlUsFbDJ*_5@}+dJSyjtF?HGMWF|ci0^#2>o&Ui?%t+SA%GZLc)ksfeYj^KvZZ9%
z(s)b*|E6VtDeZ$Fhr<(9!RjACtUB+pj%zH;`Stk}De3;e3i!i%^
zU5Jb9@5<25dziQ!j;p;pxRO$_pISJbJyd-Z38hQ3Zb$5_Rq5m
z9ar1Sj|bdf3_P8j!A$xjEjTuH0orIVK2$~c!rEsxk3(xHc<8Z00=SZMeuJ!w%Q81m+w9*)}2nvEDngrsG2Yu5X1?C&X!r7V}9pn?U{sC&~#9iA5^B3v<4?Y0s%
z)sLh-^y3ARsTAgrDHYyc?~zGeiuf7IgjX3FTx%Uq2JZcz@YJ+t87f%_nP^fbjF*@s7uMi2?-ch
z#(C#>I9b=@AB7*#AWuvL;XRX;V(kQaW3*c3Q)vAyooA{5m5fdvi&~G`T7XeO3g1pz
zs|ao9DyCLS&zvMxz+j_`+4{!=R9vRH?RFzShUYPj$a)?}Ca^vK6r_nmnO!3aqi(Qk
z4m&XFbqx2(Am?DUD!f()Xm0Sp+q^y__zM6~rM}iu3F&G`3DLo#8{SnBtA#(WIt~h-
zI8LVFke|c7MXmuug7+SXAhn(g=K!gijCS!quvWot$@jt4T;F4#-I^NsDGqE{P8z4D
zay0arJ+?eoWW5|P$bFymorwvsHN%^7
zj;6boKVdx5sxW%x7EJxu=m!4Im;Di8cYeqvu96U`o*;8$IN8$$oY-={f`zQul^B`n
z@pd%|=_*afyjR}(t6H$i+j`wX)5xWKAT#)92BgbLOoD@+tej%mSeSnI$(vKEUy8Vp?$5kz8EAZ*H|Y*HsI@+P}qltkrg$vE!>8{Lw(J
z*6RSR0{7#3M5nDVy1DG9bH2W?aP#!q(Wvj#=Sfbl$*cx9_WI&N>#Z}p6p|{zz59>l
zNoixMYbNC)N%v}Q8uq)1UwKJFEd3N~nU_fRHPvNQdW~#K&6*=$=a?=VO~TTgyt4`1
zr)Q~T@>HvS*)}MeH2=l;f_$h%x~Vl<9i%)jXX~q5<-16BpdhI^k!n0$sH%-6#KDZv
zuh2wD9FJaRDD+kSTeWh;+HUc7M#6ettc$pmUN
z5{I>G{v$zqr;_H)_)#^$yZ)J}si_vWw)uH^fpLr~_b-8EgtCF4pr=O$h!6xER?s6N
zBHC^U31$ykS|dmH>s_Ou(-%PTMkN`g?Ns3L{V!Fo?O8>-AI`t|2CN+PS1kZ(4BOaW
z;Hwa6@@4vgsy6K1AKK-DvM&`?&1AV7%)e7f6#UOPqnU?ZTngk=0ibA`VYC`hi*Yr-
z{Z-ZTa9o~`1N~0
zdqyK1h>6S+;AkSSYHjU_3?g(}LVSF|gS7d1w7Uzmx;o?$Yr~)#$yV^_GJf^|2W?%<$JDi_Ur!ut*AeZ2hO8B;QPUnr&>hjKET2`x($|+QNTTTY0vuW09&Ua`?Ie%(PbqO+lmR5APeU-oZSYr?hB-<&WJy`sqpmwHTkR
zC-DZCd{H6^Y)&cHHgF~bnW4EgHN|yvwt}5;*Ka_FKm6C7m1BQ1)E{qV&Ecoug0^@+
z*3QT>o^wbas23W_>nh!EGpAGd-9bv^E0{rhD>BfqdZM!llASF0gf|J3|K!?Dr<%2^
z+vD|_^RCZg^%MDTGv7j!njg9AzEB?4dUM;
zk$k_8)-T3YkNFbFj*PksOcFRb^6?&hw$6b7i-@Kkguu2k6Mq-wgAYs*PY$`0;B*f0
z1i;iV=c32`C+5!$w))1jNdy9$WdR}IrsQDC*Ay$YU+Dg~yi@gI1
zQU%PV;xi#5||rYh^^DQ}1RZNp@wq?!UU{xu&&
z=Qu5o@qXfC{JQmI)<`lgQ#x`!3{gXlPisJW{YMeOf%Yf-5J0c$|2&_46&`js`#yX+
z6XKa_{`_3(HlrJxkl;cmbW!UmsJ4}{4SmPwDoAf~vY(7<49JVu&d_cEu9Bb>3j&B7
zt(EWW=0jk+=51*_P*<4-?3;L`>ZD5}kng+(tq4ZY(2O>J|MwVeAOR2i1m?y&8_|95
zqqRYP$%yWlopp|VyC05KT69N}mGSw}N2Fs;qs3?@c24q$L}
z;bNK%cYQUx|G^6(a^^+P>Da2r3r)9r%t-*_RwMl{OPl`k&(7!=h9<~2Cw1kY2HrL_
zhEnS9gvo!Jt@^JUa0^c2|7*nl9PR>6!m+A8mMN=g!~f1(2TG+18lK->1Gq?7Nxmzo`DNnfE_E(XBtZ
zH3I+IKK*~Z-zwvC_NYb8iKeTV(Y<{g!=PNe){N!<+U8LODf+oCl6w99UvgwSE(=|F
z*~&IE|1!L{*KtVZL&|ql_iZ(c-@=`oU+_F*KNh-^eCHqIcH2w2RwR9rUksM$%gnK0W`h^}9X5Gva)kMcZ!)y{*5qmHdT#Ct*uM{eFC=!}Oo2MjJr%pF4wJ(Y%F7
zpBx<}*mZJp;vO0rs;Q~5-(T(X_ft|*;^E~5N^#|YYA>LK^;>1-$cdkXghW!^qoryU
z@z4)#JyDA*37YkLJs;hcv%@}|XUBYioX9I?^wtJIH&>Z}Mi1+`b&)^eb}%v>Xx!B$#<(o|BS?UpV@_&=-QWkk1;3e{ifS(dgO2-muZRzkUC7KSAWI*QBIZ
zr{_~@`I6k8UzPh%D#&7IM*wJ#XThsDl=*x8NNtY?1+hFeIbB(S$TcsA`Q}jn0YzDU
z2Sak=5#X>#Zgupp9(%WKGF@n%CQ>}7e%7k{Qk=|*J+)tBnl5cl#Eij9g5JL=SNt_>
zbiZ(}IjX-^S9@Ps2Py!LvRxT@F{Rq%mPrZ=5a?{{=*;J>utkYI=l%(0rg4-JXbQdP
znIpdj<8B=3_#iD!{FuM68?KoO_|?(Wod^os7{FL9AcBy6kLlXD
z3%(%XwqXZr3)UweH8IhM^fm{Mb8>9udoiA6rWG99m-m67!Hb?LZi
z{xWvLo!>>*Oxur@e&#xidmDMVhLldPc%)|z|rEUU$
zd7arrC^5O9s#v7r(Lz5srR;2lvd-6LXq(75Epp%BlLXhE@2)fK9MG4G0@sLP+gxX4
zAmZZ@*nYL}rH3;|eTa!>ez@A4ysLBc?)<7Jm>d%O{-F8oo=dz^=(oG#B_HxdTca>#
zT;90TEQ1z$!l)PzmUu9)JLKAzN=xnb-3F}h5$?PfI$OQUz%{)ihnaX487
zT6maox>qd1b4_hsAy7LsH-0@4)R|0%|tN}U7wpnU<$u}z;aya4b
zk7U8%-sZy{D|Jp|J?Gig){unlxF4GqQM!N>Utj|yRN4}&)TrJoJ$
zj=vbN?41cu%T!P3h!*CZS7`cX_pVR9@%7=}<%m
zvl!!4Ua5I1edFqas^kjq2sPo$tcx6HD!esaj$_z0k;v=(a)OachSTP-ILu=mHq)mK
z5vlhlhv~$eic=mOS8Obl>LJtZhMRkav@bL{Hq&JXO&u8`-CXN%&Bg;t$gi2=0*YCV
z%Z;k&@mpbBdo2%9n;@>;coPcVF$)JlC-W|j}sP~XTE{ZeoVH`Wg2`z
zE|^P98vXLUh<~usOd{}OEU(|DuQde@t;_FNZ`NX`T0Qa7m|hSt^^%M^B9lL!eEd;&
zid$$GOo>{2{5#1!w>=)U^d-0Wf%p5-87Vvp5}s|5HvTnPo~>CGQx(N6&rVyap3Qc#
zq1?q@k1h9o&upRROn@(b7Qg`Aiq55Ga`@2Mch8D~^(tW~X%cPhG~(pvs7~+E6@Fa?
z*TKrH(5U^@L&_Oow$|b55~uX>=yme2|SW?zSZ?~G}R&+3wQMGv9ZPy9a!Z#&zsGme6DA8V;{h4
z+qwB{pKMrYMoC%u#n9&(0J{?f778~`J=uW^O{TJcKEq{fgqiRaGW2php{kwMK
z$JaQ<3)qLS3=X{}=V;m%UD2}t_m#!$oHEO5XQ+2^rcb4mtF-X0--~$wQMyA0voyrqf0dDCgU(v%&50?%lkwzp2
z!UKMGs_y8GDo0LWEF5_ilP=OQ8j%8OU|u#f(E3U$u&Q5lBJs^lPG^&|
z%?~5aYG+>`T@j~t>r|Gtb3CK}05ih!hfCUUHF1u7vRY@|m2Dj-KC&=Wz|!(cy%N8U
zUTjQAsyxVpFlNW(iqfpr0RmV>)BLjxtWA*k*eUg#o5030>*APsXA@trD-|Tx@cu#?
zoZ^#+)*6>&@53Yhc}s8&52OGYf|6
zR6ABb$iWLnc+x^L2}a5#CnbSu1#_8zVH*Qvi95zP2w%17XJJcRIuV(K!-bH
z(Bn$lgI7DYh)RQe_C%+?pW?5;YP(X}gvF0o8SytX?&a^Lw(82yt+c|Xt}jg50ZhqONppSg=X#1taxK?YhWTNRZ{q-I8ZdQ?p)6+DB%RK2B<0
zQZ<|~5*U%B7%%aNB!fIQdJyTBK}($ToG-Rc3eTm2gR2E_ga649s@G_Ba4hK{ipmCwb8ywT{_~wKOt;y<
z$Zb*yjInq-%6%4!Jp-n+Uw+}Y;CB?M*IumdFWG5EVz{cjV$?k4k~o{TElKI0pR1gfQYbAhC)B{2U!4UP+*K`z#{$
zt!_0T`vPpI5))3;y-)7%qI+q9;neX9(<;N)7ro#=Y@hMw@A+IxP1
z9fhGihhF^49eww@quy|PIsf2}x$GP#>&%(Nt|u*WZofHuUB;P{BAubSj3hsw6mLD^
z<_~~#_${s}eUOdgz;bmE99f-24!tkH5ioQD42WvGPu#4O4o
zF2JtPBj+{tdNj&@w6nz|68n<_VZ_aBm-0;xn*9Mxu{pKzt|0euC0prH^r{A6#Bdrw
z5H>&1G5;b7f8tsjh$PPB&2;o?_%2k>q1*5bw*0{SX0?0^@)4d|(AEQMNeEnc-o~Nd
z-gZjuD?C_odeM2eN2Vz@=AhR&!;fh^(s}5v;lxTLh43`zNppGyATVNjZ`s%3ha5`N
z`Q4Gh6}BJlk;*&qBMttiH7VPL0^#7{&P|AUUfsn>
z?y=)4AxsmgII)03!hO`h=tF++0L6o$`Y24D7aSkX{VguRsG4sc;l`E$1@}pgo+Wru
z)%f&T5EG9mdd&*?*?T9t8mnn)1f@--F~T?e$w9Xcv!A>Z;|0y=SvV30GlMFpyb;$|
zJrZdFM@{vaP+~me9TGk?2|?MDU1cSG0ndUk%b0VtALfF^B)lU|Y8?bDxf~)m+f4Gx
z=FPD&EaRSFpRy$;%C6m!Sa?DROyZK_y^|L!R9S}`79tgsQ~Rq~d*hJL$~ntT
z!zx$M_Sp+NZ*S2l!@HpAjz`$E7=>Pb{GBTif}1P`=KM+0EoG?TA!EoXqx;oYW4-&{
z{MUR4?a8Z2s?5*E?18#>;dYr2yRdieKXqN)`^>Om+)`0%!9Wn<@=
zl+>!#3ZRNFh(xlNzurc9LJ7iNJg^>?S4^YxTWrl91+_Ib=$CVIbBaKG_Tt5hG!YN3
zB|{)2yN%EI_(sRafkHe+pgiU9DlaBI=V44*jx)HFwU>2sezE$7
zS|uKPX(4c}nDJ1q?Z_{=RvX#(`)iL&WNnFA}c?`*?>)@`UKG(4g-$KNe(ohQ?Xzd_p87ApB|
zrgPJ(idhgPo4a`G1Ddpoji7waCoa3ZTzonuIJGRmzWP?E=Od^GMOIGz66jy+e=+S*
zjJC;8$+!Yba&}u*gk5Gj)MF9-t2i>OnjJaI%pb=Cenu?)#$wv{sHJI%A!E+u`gf_s
zR=9d75T`r-D{yy4qsP7Hvo}MW=5y_lHpbj10fg6rL>-}>)y>Sf|Ag9SWP+%l!<2Er
z0FY8n+ClyE!JilZFC&%z9l40jV~kT>6w>||YYCbFW3A@AF)xpP$$T<13mn2Q0&eBfMovF&BAy7>4^<}w#!NB
zzsd=n@2dYR-SB?{dH!d%;+H;DK;%M%tzk)ISnz_iZKNPdure?a5yz8$`Uxt2@hNVe
zAo-BaP@n7B(utj~cTFnIKPLuW2p+gNbT4bCU6eAhT^HDmoRANton8`(iC*I$LBv+5
za58t-G>5!%Q1$D?6y1TyjEUN;&=Bt-9u4c&($0B`z}qJNwH-du*K%-wiac&kK7iUT
zcbQWbiP@SCwXsjXb^7G?JM|6;r3+si2wDBif+K*vCE4ysaJay*@c4~XF5IW9!zF6B
zV@?ZJEtTnpbRI;*5PJ9S&sZKrn{SNQu3UPy
zEy8w>147V^YWIK(qu|A*uim%f86aLQt6Xs#kJN(@WtJ{~EBY5P`pl*PGWY>pk@P_l
zPD#;a?1h4OUZvpST*MH^Hb1Hobu*leIwN*g3ZW_3rX@oT=Bvt+Z0w1xEH&i_UDAmlx5r+u
z?im`K6TTP9`fcB(PcM?;>;Pd?YtmjqYV4W^Ol2V@d}QRKoPhJN`$l*!qTjfYm7mAb
z_aKitCKMkg*S~-;8(5#Tey0t*VVj^YSsb`q7e&vv={(>@W7QG^;&1c8kE!?ITW>Zx
zp-R;sVU!wnj`4X~@2S!}yf|82b8U@#*$e~UQ0WZ;7yQw$UUr|$!G{3Yf&*`Dx2)TGpm1UH9)Cl%rcN
z|31UO*JmwfXEt9)y`CPW3TNM877@<TcKVkG}@alUcluf&4RSzA-8g{)uDnBN7~2iTAk^Ks$Z$+9}@P$6Wx_Q8mtI4$WskDb_Zm>-J2
z?&;ovCEk$w>)KvnQDL`E_+^yn4dt%+@fheDXWYvRKF1Yjd9iH1V2D=+cGxccn8}H$
z8Q1Z;F5VZ@Fm`G0SEl6X&^eyTdg>Yo4K56=6y5SBJne937!{C-^4>KMGVtQm^WfK|
zMD=LdfINryTML@s7k)m=qn9#H+e}Q-Gx0X`+Hq?`c?4%Da1~H3&n)7t1&$JAmn_Cb
zN;%H8426|LxNr94+DzD%>(-JS2TBt|AqMa(D}`ytq{8x{C&O%M|?N5
zbqMa}Q=l-#>WBzgs@56?VQO-3bl^3vO%~r{m`W;H3VBf1`|a4&oemd6n6Iyb
z!@ZW?XP>j1Da3M4+-N`f%?%{zchsh(cvWsZr|yRcpgko>uJ>fm(Dz`$GdPm%
z@0?Q=TPY)`6S<}h3Vd`pZME8da_3-3obG40>uP|w(?IQlxK^9w&r-1UE8Nz@Cz6`Z
zJKaV3Yg1$U)=!bx$I9QAJ_D#tJZ-%%qWaA8Ooj}Jy;Q8AF^X>QZeldC(i0_7#`ta2
z0gjnv_(-entlFh*jfi5>HO9VWB51KTqXtx<<#M`m_0g?G{1h^I0P>1h8(^nzuKD~T
zkDksb9r!`u(`O%n*VbqA_q=z#=5ZFiKm`TR4B*F2p1zltdZl)HQqzWJy7Z>Z7v*!~
z+hWahuUUx4A{Z5IU%b}*GX~G-`W`l~_|&pZzu_eomgZexP|U=_-3fKO+n(RIQctb@
zv@Bhc`NdToZ*uv|rb6OrF{!sCb#QTr!0-hs@I#_LeOJc>E1SoV)`F84lYw;v>@C(5
z!s}i;W~AJ{pLsZ$<99pZc&A{L*Fs1trT^5)8@~#W_hMFCXX$~l`PyD@WUBwkIfZAL
zOP;*i=v!b$Dt&T!e?!IDon%DO`>S}XKD9g@;d`Xce7{DxVx>8
z@yf3YyICW6@1fJ$@z~Jo+9gYb|7$1p1ebCa6j)*7tu2LRx_g=^RoBJ!
zPSoqB09}KcG|i}OW2BkeG~Ip~IBoO2gs)7B(}d>E`}J*cnlE7~v8(NUCQEO)JxG67
zE8Y&#VJ7{LBc-<5j46~Jf({2UG46*eM|KS}R7P(>#<79S9if|(U7A*^W$tBl
zzRXCVR}X#B#3>*iH=-!V@XTPHauOU+|Ad|I%T3T6zL@)1%Qv^xd)MAG90M46VWh4p
z;-nr$z(|Te3l0z;ep879vQ#P|gCTC}-Rdh<_1!2T?LBnLFz0vSgdYkqkUxS&>M9URH9eJCY!2Spp87IP9|0`)kedQZ(-ugRezk7`<@UxCLmzCswZFSwFvF|
z1Fa-p_PV=V)&%!@cHYezK|9+T@SMyMk)-4%=YYfwZ*AzyXUbCv1Qz}-~veaG=zyx{y5djzDK24Eh@hKDne
z#blGFFSIZq>KFX!lyF<%Qbz%aPq&sEj~%|4e=BtNY~5sI(}1z&Oh80yu<)#$P;5sF
z^(@?T2a_M=9Wq_gh(i^so6#YTXIj=-^+M(sv`L-)wN~EdXR1jV*`LU#LQ^TPy2lXa
zwi;;Nf>$$**u~r~r{E@20n;JlF(kgdC{Niy>6m9n$1*DxI5wMU*Y0(#}4>Cuq5I)
z9AhIRGc%vqAquvyp-RW1BZIrWR3>TsNJ(wNy*qxFm+uF;w_ch&M5P|*5EHh)!x>Kz
zDsq}L(1bWlK3!&E&ugrR=~VLi-tfjMvMN+>4sdbLky~H}Nq%A0C+WownI+n;`lysPX6lI4hSDqC|C*K31V0=MJWP)y$b(p6RYy3p@SPZO<{;|vE31kp
zuf~TJu_xN4P3K?j)WO~H?5Bz}L%cy$f-Q=ux+!^GqIs3`pZp}ei+e4#BM=$!>o2X|
z<1HRicfn8L#9}{1x|xKz->xDYhWKi*c{bndyo|gf-@6u1Ure@;ORXL*X&l2V*mHmwA^(%A5-QZuRr5%@14e{
zKzFRG;DtQUazziHM?7U)3HTz`R-a6<)Z>O{(h7_x9g3M>#hcj^cwmA1oC3oArOK0P
znW?=@^OWwk{&}-+Jr_;6M;2UbXx&}r#WYTk7xO9gDXoys3;Da>jvc^CUEK3z>%2jq
zQos;<@4&DUL00DGUi0)N5ccR)qZ(s%uhBYOC+$sW&v_c(bV?V|#RnYcJ8^pmt$Q+q
zAD@6_&Mk)`+`~Bgb!0I&$ntFP_<2`Eze*qqtvJqEVG5Re<3)!pKrqsqZYqZmxD+B;
zNhNhVpi0T{DCG_z5}~`)H@NU6yYcCI@!`Sh;sC81CKk?2IZ^eyoG9hYxu4P{3r-1wnO;O!Y-X8Q0J){6@#PEy9o4~iPAdwEtR7B#>D-IqftoeSiBA+p><8_kYt7IX~
zliV|MEg6#ceIrkjB0&^M^}wfgXr1R^Xl`IRpHqvlPIK5f1F!mB)I_Z_r~}+
z2k46ZS01_4WTHLPj8@wr8v8VWLE-maFq2RJ$hfnG+R@UvaVOjFN9&*__=@HV87qQkDII|@-
zqJ#!mwH{Q@+*$;P5A$30$-x6IN|j;r$cvt(h0r_ZU$F*Romw@3(VKnr0W-eIFy}{!
z$WqIW8)bHt$dB0kh>?%{@_*Y4FVe4X^9+5I>}K^#F6-@to*uthJSA11l!JIzki&*Vw(y|a!#d|%Fc2}t}E&^s4x=xmZ1m1Z(aazM_wlDMXx{RpR58?{~iRCzfCon
zoDy!5oa_`c?={Gk1{Xy?9`CujA?ut2Z2gZ?Q?G24VsE~Slm6?JGT`={ij~kVaULhl
zL?OwVEDEiAQg_p>MJStV3UX$Dx<{F?O;wNE@U@xe9k*3ho!?&{gjwfjN4+g(?tlI*
zne6x0)Y;?a&9s^5ptj*Wp%iIby_MQ&YAc!y6Yza%lJ<^4apAkA$EeO*LsW`X+*>)z
zjchvQO3-$iR%^aL6}oAb9B!NqcWNlEoV<*fhomKu1gL>Yh;>h_)R5G!@HFy0R+yEM
z&AYj!c)F=Sp=4t#wtNruWkh*fTQJtmss2LW75Bi~^_a7%Zc1O*8{X?_hloS3AcnRS
zZJptj*rb%9#N^0?>5;j(y~Nt8=KDGW{n~;*e6$aa>F$q&`@^ici#g+L$&R&BA^<;k
z%4|^0xhK04&-L6rv5DI${N*a(Hnlr1?%`NBMZVw8vC*D?qEa48O1`tbVJ2xtmT)xM53_@X<;BuF-=q0-A5Mpon(
z_8|KH=esu1y4INF0aWd{pqfn4^F5KW?eBqenXy@1d5&ZHh`~BMxf9c+i#+z7N}Dd$
zvoW)>Ey3aVO*0BGphNZ>%-(5C&y1zyu_Rlu4eKxT8avG&Q{?feXc@CDuAgFqI_K7|
zpy7#GQ}`dc->omair3b8CB0TX$i}$?1s-Vl8c0v8f%t5#6V(x`G#T6H?xdrw5yu086*Ne!v
z8dIbyDV46}S1Io~o>Qp7=*P|9s5Zw8vby`(5JBU$@+hBH^0tkQadn3kWIt6YRd;of
z{td+lXN~evOWF!!`)X?{Gpzqk%FKfqSWrPYxR$$k>!6~cX=MGI(y~vSZn9Fff_nJe
z+IOGw-{+Uvs>*&&&NC~P^&M7IgeO9&NKxYV0iS)+1|nbb8BDzf(Zm+Dm34EZBuvZ<
z)`_dsjZ21fW|JA|UBEQ;GwvUtqE`CP2D~@hsK40Et_WxA326+s3~hb!
z!5U~LD|QDvu_*7PbA?{q*&5DQBoH15ALSUPvd1+8f2+RrV7!Rlkxds@=~@(%Sv_Oj
zWw`!uznN*17fjCDFopY$Rl@#jpX*Gklc=!9Ob2=~ck@O-N>fpL|5(d9gORj4QEwQI
zJ8h4sV-0*al-a#h>C@T_Vd^POos1S)BAFA3{6&sP-^L_$*?lp6it8py0?V&)DSwpA4l>C?mutO|G_HL}RhzF|luO
zq0HXz47F~Wh>~2b8&i@r<1Haw(ktcKnsrm#n;E<3b2VJmy3g%oUomGr%qFmjlA|MV
zdKBDw{Nf2NA#UJeCs4yUiD>j!>poNH{
z0O?DWQ`RD)X3>5tK_6`bPK%qUes}2+27{Cgjn!`PeYa3-9E@A?xT?X?^-*$c-R_6z
zqLH(w(2c$3*Gg8>^P8j0`*Y8UB6$j%)WPcO!%U6<(t#06gbIsOhY2-4O4q@3encIvlx0yL#
zGpXc*@-uHPw@9lZt&*%MozexXek*XYHit%Qq_iy#V
ze{#&S#a9g~*D@oP-4>|k0N_$$5&xHd=otj1DX`k$)yE>ImDsC;u7YB>UU1mUTwp;f
zYtTO7E~0BF%4NZHmh-}^fhc!*53}fYa!c~V#!dcyIjIIc1e%?5PSK2sEXhe1Z!wr1
z^{4e#J_^{{m89|Eck&E@0~{L-Le%+w1u?_QX_#ZsSQb5}jvSj5gHl0D0##gMA*p5e
z@ED}M4n&R(x5<>ISF)9hldZAY5eYkUuRzL{ICc4NIPD(sceX#1u7_!882f2+HhZFq
zxD~J?^6X=D?%3m+bQXxcOc&N+*>(;&(8qzty_wJx*PXcj?y+4<=W{VC-5-o|x-*Nf
zEWa;BbSpmT>p&D>>fPv^_-dn~Jos+Y-YXT|@@#(&vt$%i3e{r;BN&#_Ncs_k&a%gY
z72J^`J$Ti7_$$)$r<}{9L%gu6<*Et_QBI5sg}FLdxUZO!7?dG&P5phq8P;-)`gyu>
z&b9$sF6OUI^=Nnha*`X2E%MQV3op&tx7=
zMtB4@mxUnEQ?9rw-PkGXL6ru|)`SmDN%Ph#W$`mE>>B>!{bmr(zlQJ62|+f&6ckjx
zDcU!!$iTJ5i9uV2SL*aFsUvBGgY&fQkYaOmI5DH6CAQP^Mh(Tj>lu6%Wq}qb9T-MW
z_hTn%ZE19Ot`SCJkV=K-f3l@LQ<4&o^h`&UZ}&voCRSaDUvK^RKdtSwxvfk*5(eomK_hc!JhV9a~!n1C?g
z{HPQL4i5+CWp@N!nQ9iGB~C(y4gA9Ui#xn&nPYt
z(XEhDC`*#k>h2{5CIs&QR~u(u$J}G+SPVh$%AR;;t1Ex(P1NgbK!JWb_yZw78}8sw
z`!(KTL4n{kyOqm2?wG09e%P*Q);EKFqaopPn%L8CAjzE@SK@5POIGC=5yxRXO@NG#BcswylOW~D~GDuP95
zza?HwvpU;m9>U@aG)blVrqcF?d)v4G5?KG$)Ne?jR0ZDW4Tv?Js0auPpKLjs`7qs0
zt5r2Ji%xwIF};t4VhRcyVj^$}v?OQ2KQ6w@kx)jEKq(j)Exgv!p^i&CZrl1v
Date: Thu, 5 Nov 2020 09:24:10 -0800
Subject: [PATCH 90/92] new images

---
 .../tvm-zero-day-software-flyout-400.png      | Bin 0 -> 108194 bytes
 .../images/tvm-zero-day-software-flyout.png   | Bin 0 -> 67565 bytes
 .../tvm-zero-day-vulnerabilities.md           |  42 +++++++++++-------
 3 files changed, 27 insertions(+), 15 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout-400.png
new file mode 100644
index 0000000000000000000000000000000000000000..04b983560121d662ee7d1cca96bda46924398919
GIT binary patch
literal 108194
zcmcG#Ral!{)CJg<7D}PGYYWBQ9g0J7FYZoohd?QAp}0fw;sgmAC{PGaad)@i4q@o`
z&p#J)Idbtnc`YYL*3NVG+G|CsD$BlqNAm8)ix=M<9WUk8Kb^dI@l+%)
zC9dghbeR3d-#}|VJh%T7my1^_uhKreYVzkBy{Oi~+PZQW-h35SDp?Y|9
zq*ku=Iy^+xP%Bcqya8~zkbm{gyf5uzeeR-+xDpexA$d4xbHbzVZOa>hf*QcJx!lX=
zp(U(fM>|i>%wXf;#i*Cov%En;LFwwEre|X-fIh-lZPIKf8l&lZdGC>8cJ*Q*D`Ft^
zBk2`v$$r85MDk3p^%Xzc8^flfvtCHZ4e$R&&1Fl;!z%K2imYgEEb+{j1}Pk)cjmUl3~BJq
zxiCf{9?rNQJs4t7ad&41`c$;B2>1k~S`2WdSNNaa1-WZ~W==!bWIT
z(gK>w0+xTPw-%$uW|OE`UwVaf{i-g>>p`V-l3hqZ`=3=teAd(Bo<5*rOrD2qrj9Es
zpNY4%#QoW!qmGM?#>4uDE%$dm*oObmmM!t$ugM99{_lhT5Jt6!_uryRjWZN}dmdh7
zp~inxjw4_4dDhyk@#L`4H2TMtCrS9UGQlO2x{0V%BXRg!&L3#Z8zG
z7tC!Zn8~)51&YTY+>~Tb7qhd?hhx*ga$l6DBy#~cTCZTKcUgUGO%ryZebV&|fgJO8
zD!d?XHSPdK;#!?|LNtg1uaARy!TX&H>B4JYL=6LRf&qKY^|qihJ~cYbfPk-?qo3!`
z2-5{DIRk;Z^)z6~)1c8NnTn@X=U_nGgojDZR8V@$k`t%xI$8T-`f$%as({e)4x`KB
zEvz0w(-DG^>E03t3G7%MmeJGK2OKQaaFe=CxEQtA(ejC%sSM}`Tu0rh4c*zb`>(SW
zN1Ua3cPAF=G=5DbU6>Cr@nWMTl>R(Visl1f){Pe_2E@MM;_*T8+1pQF
zgmB*v)rPHa_@Dg6Up(8UxPTOOfV5q`DtAs7s!h93-`RHqSjD7$Eg5=xwvr}!byFX$
zcA0K>;XW}qmL?40$I6K}*E->2PeFi@*{T9?drq$vw1LZ@>}%FLdr|#)2Zex-`4kWq
z@8r3_#~;YqJ!BcS6TE6{;|{if`fhFv=_tVTLlxjPd6Dc!G)2R
z#QGY)aF+A(8l)YJW!<8e=S$vAKs2bPDTV!O3)l{rW*_zj4G@i^W4kP_V-ovU8B13A1+=G{Bgmgv3$$7Mwnl{Uf@?HGGR<<;4;svi*>~S2*v8>fFSOf)4SgC
z;T5~KwIn=zS7*!=M87ENipOU=y@huE2;^Ed2dYHH=WgKE@%_xMpJ$8
z@VW1otFA#fj;NSEj^)>>MW~)F1~16bSBk>EWiklVMmK~rjp|<6+gh!(Qi2Xt(Q79b&Szpf1P*pZHey;try_tGaz#;ot&)beRK{5Iit76Ado7&%aaR`T!nJ
z=s&~MQMJuXe(-HWUhIP9D+S)cV_(lb)?j0{uaUQ79T;~2-r5bmQbHaS(^ZP~sC=U%
z^K@i6Mn`aR?L+OXYLo?H-%q*L{Q$ZjzkF1kOLk_uDcU72;oAZ^Ymrmoxv7+1ll*4ExN6E=
zJEcL+*vtn)h?Uk?$=Rz6jYY4cPcop~uC5+q4&XTb0q=Q^zMN(B$-;uY?nUDukubuJ
z_ig6`=!SvpZN$FBHHFCT$7094E3)Ng!=!JdPq7on9ikUVIN|vonQ!R%s+77zED_l}m3VimLj%;G4
z#b4@`Mc>@@=aJuIQ2goo!x+GCwKp^;7DIw+Hs0~Z2q
zUTXA$)=Qn#9mxBnG%guLn~k$FJytquO7fcv(1&UF-(j3wR4_n1bWTswllN_}E;(SUmyTc0Y)^VRmR^2t
zu>0J>lKoLnn-1R;YeesEKaj)p&*!Svd&B7fXReKsQ7e@Iruj0KMZnxN@6z3&A0BTG
zsS8nQx#IQ~YRTZvN1QXe%3FYlV6H&p;t&tzClgX~1O`KN&N?y}aS7emTQ6`*iAraVPbD@!zSkGSdURfoCM$QSFRm`{Uu{^Z
zw)zEFS`}yeVJ$S>Om=gI>WBve272LZl385UgVA#YQ!Nh&T<=dllHZG-^6;<_^5%Jd
zp`oZ^rQdI?p)Ts~2RN0|ooW&caPYBlob^)z}yLv-@PF<#s1L3i)jHb_!o0NZgNT?UWrY;9IyO4r1H6Obo2mjr07H
z_T-reKgxoz9MR(-W&z87HBx*!b?>W`y20asO9jp^Qa-kBK3fBWH`i8!o+rb>8|ja!
zgkK-72b-@VL$yiuANR=7a~|1kr%Dz^dp2g!w+6b5nf>|1v=t-yP6c!rV$)neD^`e#EIX;*|sX>&a!
zk7*?1H>2HgbyYkW;W>9gd`hQg{ajwBh;{BUDP|ZX%N!$D_?%zpyhlx{*v%{8kD*GN
zw8CG03ZUNREhusmc#C(9u*aSvBy#<%F(fp)0_#X6=Q##%ExZd88=B|-Nm;c{o^dzko-`V!FDs1JY;hXhGUUH
zF{h(i>rE}M)9aEPoZfv>`vNh_;%OOe|C3LRq8$lo95d&I{M*?ZuWlYFF;8zEg8609
zR}p?YIF6?Y1+ph68!GI6a!r--2eVL~mnC3K=fV0lev<2xZM4B(*i>WM*+U%^2%*g3
z(}&Bw4!1{s9%E4-zVjK2w;V!13|;?=IJ!Aw=6MZS_U#?;)U1*DA8@08*gIQCByFln*B=z?~zsX19Q!lQ*&)LS(
z^nt__L+)9h2&TrSXpU^Ie^|4~S`Qti`BWq=xNfe+slWey+m#Y6pvy)Vl-c3Qa~kJ9
zd5ts^m*@PrBYZj+!uBI(5$EStN&B?vK
z#Rt~v0N{_4{%gGn-@7YRDwZ*ftH7QDuf^d2B}#bU1p|fOs+C=1M}KypPX;v)g<|Wm
zY4O!z#Jv~uHF8vM_q3?VX`s92P;=TsDeanMiB6R
zed|zproB4^%xvl+0r_gL^5^Fu(K6Gk=(*Ef0T5H~HC_HSy3BQSLsXRC1(wwaNmxl~
zR3+2QSUx2i`dEWvhHxsAHNUDGRpQ}%onywtUzDbuV%;IX&5ym2GV^I^N~Lo-%hYTI
z;h9|gP2*0Jc*RE3#r1WulReok
zGfTZ$b9GIQa5CXP`QOcn>jlGIo&t4h%`acE9;|sGK61D*`E@)by!Sgli6k9K#8ieY
zkX&W+$A5d6n7n
zChGJ#ztYJjUGwpNe|{Dn7hqqrOCkg}HQr9LB+C6$jPys
zS?}P~z~K8vlgqM_BKDqQh6_GdSW_MgVZ4Rzkai@O-DwxUddg
znIOg}dED@Idk!OnVY(m?Ik@F!eqX-xCj(cy*VL4O+aCEN&_`%gFGFJshQi)8}`v4VZLustV|T{
z1ms#v{@l#`NJh0U%k?uiQpe<&1Z6ZslWTo7>_2qNsC}o+VT9f
zyyud(Z^!y#h7$WnX%6bu9oONEOD~GD4t(S1hvSME9bdfm^
zZXJAmSvy8|cnsDh_vLgTr%+qENV!*{xvRE9ff0{7|tpf9KEO
zF7CX`pIL0KH0}y9j$m4@0B4=@SdT;AC??wX-3zDp(CeA=gV%+X2~*`vHg%09Py}8k
zUsXwyGN7`4KY5VhuK~aNgD9=!8?6#%s0ZD(3R(BB_yTW#pSrJOa`H!WV7b=as-|cI
zCbCKLjU0)+(PP5LA7SGX2Zpqd`30&>EDCr{VN$rX0S#JHS*N{|7*`?pzPhAPC_kv-
z6wL|798j7ia^mjQjSx2PBq$q)oX$5=ExUrW?^?Sqo0$05g!>;*X+9ZLhXuzY-lJoOyO+M~0(bQpR?xgzQ83vo~
zoH;U|=OwM%=u1$vOm@0I-to;n5v4s#{qbLejG<^g!(p4j(@^J*`Udq27KIScs=3Gy
zT`Gs=&YuBLtWUzyU_E^u7QtV{$&#EV5zL+
zZrDV{T!siieJ(OOr+r-r@&j2tU%D(#u#sqJu@KKmTNIIXt}e!=n-@s;dr^3NeNDv<
z8xf~@ZD@i8P+gHID}Iw$9Hv5HOEU@r1IxVu8tDy?C6M=M;uVp%cAx_)cCrV={Q_28Tj-F*Vp?
zVTQZxIZ)w*mT@!ny2QC!1d#~x1@+JtO!$g6>P$cMD3VHW9M>;XphjomFf`c&-fZ@I
zdD*B*(3U~5-rdzJ|GN}|x%^0YkAylVo&R{gSi1!T4dci|a39?eYDkGJo$u>dr1Hd<
z+V+~1{9&Pgivli?*i!uAJdMBJRzIbbe}r&(V0<~2WR+l`6V_ZAd9>07LwoYiQPGCi
zmf0vBi6?LcwqKi-Ty%Dq-^}D0Xkits7^FO7IE|r6N2U1f6jV~4&f$Mu|iz(Jm-vu0_|7VC?_Ir&U|f#
zDmu}G0pJuMNr;zU3$D#Ch|xz7wWxu#^YLEWC{Gki#6O%ZD)U=_|d^4iwi1aqSVm>&@v-^p%Ha%JpZ%n>rh*5!MuYFG4~gKPTbuEFCiE0|Hx*
zmwZkf<*j@!iN{+7qXZ|nuqP{3RffS8V2;NgVc-LTnelEYOG#6Kn6l$U_&_0hPwXeA
zav3F8T-A;KuzcihCSi+RN$+4$_ZYZ7{+qXgyj`iIFcg{+YsiC%=IV9f`71Nt`1U}Q
zB7Ed7kvk!p7;#yDmspiEZ#(2W{t?O*Ow>|
zSNaAbC}%`a!5tc=3+1_2(%WE@@UBT^7wKZ>$UtT6xsCOYjK4}jNGJ(?167F5p09BM
zsT_+Fs7H;twcH%RLqpkZw~a;lEbco4@nY0+j@4_Kuo8Bg2d#>yWoh@iy!3|S$ME5;
zF3#7OTl3hCc-GcY=3k37lBR6-c=nVZ3`oCrti4Df6=mMBag4%$K}Tiy&iQ&X$1RQLj7;t3C#4Wnw0z$M?+``_pWmJv4dCOw_3mj$K@x&W*pe
z_c{D}BPd_Q8nPr1YZKk6DY)T)y&)+(n-cJSyd`%ajvPq41d3B&DW5qk>2amVS46+;
z-<;H^Qd+PQ3*vMj!$mF^XbE`VN`n6f_P%REx?VpSExz4xwt+9P2}sOfoBjztCw`iq
z2R4oY@zDd95x5;jrv0VvhHRL_BDBNY^E{5JYY1jE^DKVfk
zC(Gd42_wZu`X~JJSLfF$U^EnKCz)p^+|ineLBE|=U}`*o7tG5;o*eke+%LpXbv2nP
zs-BP+;&Cf@wL=gMaXl^QS4NBIpB#!u@&m_^ptrbC8ReVK>(XKNuCRaQp47&uR{8mv
zJH*l4id}RlHR_?d`MN)jVS+f4j5nSs3`JGHK3&!kn4H*!lrNkTrcg{iBBo#lO}n@di9w&JIhxpMdO|prHdG44*6C1E_?{EfdMBUEi_Aot3lA8D
z^HX@=G8B6?!~{RQJ`ybBK~_xRxH>kJnn|&)IW$p*1)Ergd*9{g3ypLNE)DpVgG}~a
zd7MPuggSZjn~uW{Di0iiH|z*(LX6}MYta!jFO|^BYQ4se`%9%8m4I(va46Xf$fb$$
z=R5dd-Kgk@&5GT2#|^vJ@-^+1A#B5{b!Lpg6Gvr)^b4XhcG2sg!GYnrb3)JtNIcsN
zHmz|9hbyU782LovVFt@fq;4vsx_|AEwTL;HPd1LAx
zzPa>1U5t2L=sFE{ptAVQ_*M|!ygbfYwUt8`w@!LzE=jZki_J@#k==j%Zp>Z%OjerenIfV
znR`ZfYa8D!EX8$2DbQTS{&oD05mw#$kaHsmMe`Fch0h*ZS&LC8u8OGA1t#R4*!yB9
z45j+_jDJ$Unq5%7@qVWNFiW^4rRjbK7Ya$LRaSe9-|&FCE`Gv$*KoLTvEu##i4s}#5e
zZVuiPdNj&;x|eL)cC5Xc@uT#6e~)nUJ~MXWT$Rm-|7_Q2s*rs>-=ZaaG4u4pa3vju
zHIOXywl#RF;{|TZHtj(o6jYT1v46)K!Z&6^o`|Iu)LQ4^uUb9!*ACBcPB}EQoXhiF
zT@8$+KIL8{G<*!4Epa#>Q+(;3N;npsSne@2H(M-SU@w{H*|Ri;LqIad%NtGKU0WRu
zKp$5uFIJNhF;fYpX6+)Kf!J^`C9OA>^SrCw)L&sfGb3HlqStI{io_bL?dX?NP>8{=m5bv+bP;Ep5*uRiP%Y}Ss;((*f^7(iXyC<5Q4ziF;p%`MDE0S|
zKt5}IezA13P|K>x
zc%*qoMMw73ReqHec|=Ps1Wjj*m3hZr-%4}w8HbN}E3IR*f0YXxTi-I*-
zsZekMM#avreWK~x0AroVc1L1f!KLuZ*+|3@)xe|h3>gbRn+bIA0d(Ntls~5)n4jF-
z9LD{=NuWCntFcg;?Ogu(z1!kJ8%%S`MY2TY$+p6@-Wx{=6rgMHHEexZA;+iJ+x8^ttCs^%LNKOW0Y^7V78PHBLX<
z=l@&PJ4#IIvtAjefD0pK>?QFJV^Di@h6XWR-*B~%8)e&n(g|ZhAoh}jgV~X6b%G{_
z1{@f#_K|>vQzIqgx6Yua$r;9GSS!V+p|cmI#YvcA_X+CR)H);SL!E?h(*RJEka70t
zQUO)_^|w(KQ!1~SoyDgi6mNInca`?E>+HrMM9yS!_4Y80JVXEu+O%`q9FlXs`nO0@
zh;F)lG~o}(iQ-qbuj^pJ436iWVcaXj+mE6?f!UYuE8#)$i~bAQud{q!7Q~iOx1Dq%
z=c5>oWR(Kda{bEgIJMjBzTqwCzZbb5S<5TGH#+GzcovX6Wsc|zhTr~LX4vsGg(-gcU4ZY=SGg#3{qEJ$WEX)wf0G;epiaf7lKStJq%$W+jVrZ0
z0G8
zTm4Vv%_*s#$WPkQKpaqNv;e)5t_y88k3PWkd
zh2(=i#zr8Git(uDU@Z@6e|23}b>u*Wl(z19LqefOG6Zw4-qr3vCI#44kI0e2z?(6*tF%1r8lJSr8}fT_gB!N
z3}R{Tu%}1kq-I!y4()TiZvoqhmsW22J-p{ElJ^;u{<|;Fzafx@FxwlaD*$|Hi3Cs^
ziizs#+vfL0DbS(g7*bpK%CX(~e9RX&KVaUiQ==lm!Zn{tI`5LO!^sP9RkhFTZ2vZ!
z2G2A#ensGpmK6NXg||JSC_|Mp3sGE}>8VR@tv+YJK-_nj
zWEMHD$E4d`R#07I-%0T~qz-eZ;6;!U8
z!>`0~JfH2K7)FcZi8P0tuw0TB2|Lux+VJTbyGiYWzuGH%6J=-O45(pUBCHkHlYm5
z+6gJs?q$kW_~c&dW_YwWu&x-WYFaJduR*szB88_to#kFy#hzeP;5l&`^Sb}^Sx$7y
zEN>8_M}PjWpxe?xpJsZC9!J+Vg9flCPj1j-ysG{f`?Yx454X->_)uj~W}>X5hB?zp
zcn_D-yYnLx*O!)<=2VvZ1n;eu7mBf3+HA(go)IuH#X|Lso{i&*_0=GeMN!(tGe-_m
z8D-{xnClsxHJ&wjPa4XPK1+e98cDSdb5x+@Ml75e+~f$Uakp}ghBXaQIi*gw6JcJsg6Wq1%wPXq`yBmva|LlJz~v=bU*#v-b`m89=2rco(d
zyc|OK;oZxZC@UYrT72?n8r1a?yMsLTnqaRdrmBU4OJpQ^<<-mV`s5XY1Nb;a*CozA
za^|a#IW0OblHs|Nx;FnHH9cfx>|-0sFKQ<4h(Mqp5Jm{{jo+%b$VtfOAsEq{&)=5x!rqpR+CP^ltY#1~489DNEv!+f{|
zsF#z<^QTGI{Y@y|S6>d;V^}uyFnF7mp14;s5}-HH6YitZ)=7xgzM8jpDg}ZD1-uhd
zKIE5amr*eCWQ<+UVhuE*(hB$dF+Cqu)(|D_)X~+k@{ll2KqE6D9yRKpI2j+LBi3bY
z?B5@ax#T|*{$r#li$+Cwp!-Ream18+^zoAS`yz|L!Dri@xcl_zZNjSZ;|XvesjSL2
zw%4)oEsVMmdq2I;K2CTL993tWm?ZZpkToFr+s_NrO-+@4xA56XD8IYEK1kzu>$Hdin4QZGAaC8$>b;uH_Q`DS
zyz=1lBdg3+Xn2Gy8*Z|k<##QJh5g2&yzpzR5h^7zJhZ6F;EgenW-Jx3)J$&Vbh~mk
zAa84W9QL|-&e6D&>E^&5XrrR1SmDvkxq){SjAF<}yonvq=5I&kM)@U@q|Zqj_+v9c
z_Sm;Afcj-KjNgA3OLhVce17pq(v;s#ZLWVV)Dc^pygCH3%KKvhPV_AsYrQ~Px{y*H
z)_!c!D_w5mgjzwE0PK2?8hW)yC+rg+6;kdk%
z7!ol1SYdFFQ?UL}S^c%K&i}7$2%U_^M-PYwpn|2q=s|1lY0`d!#lw6~rsrghD^0)+
zIW?N$6ThldZfIdDx2MCWXPmn~2)@KNviq8Qdc&Y6FW3}k1;t)T^Jbk
z_P=;3P;AnBfhjiHGm|S3)L2bvCyPQtqCsCaZo;`M;PZ)i(Ee8Fq-4c1Xx&L5Q$tX+
zd`3IHtJuO+7udCnzZnu-LMiEwWa~6LxE~_*5Pm_!NspZS0cG03P{OhxBF$_u&rs5;
zfqVwq9!hR6W)_l*0(eujnLMS-R+ZaZSiWJCvqc5j^21eby1o9yJ5bvjQILrOl?-;l
z8TjiqQZOBTBIHS1b5&mb_2CRZ3&9L3VrE_eh(?o-QI}wEWx>iCjW<3+GF(z)e=m&W
zL{!Dk3h`t8J$K!%UUpD&f^8SI-HtWJpn{KBRSoFv*ooy9FIY%jqfbc#aaV+aXb28Zs4%y33PJB!n9pN@wc;AjCGJu4EDX
zXyxhMn&XyR^SpW1IAwbCnygjH>`T`7j0}?KH|95g5YzVvL*Xven2R0*11XQM^w3}-
zufZz6A-O6_oCpYGE+Iuzkk5J5PUTd;b@+Exu9IFmVv_OS?bj6M@GJoXultqRlme5B
z!gTj*LR$U3k#E?`X^McP6r%K5J~F=17mL6)TM=h0K()~YCf-8BblpiTU6U1@Y
zQ+d+X8SR`-bm&;dd^%eACPUWF>md}kXscijf2@$J7T+W3OHM2R+uN@fbgWQ~JXwi~Y4-j;
zfSZ}kssz6M!{JJWX}FR(UU<3aH6iTSbT6+=z_-rzs7CAMQU{=U2CoDC6GP1-oXoQ-
zjRZq&d|yTN#M^3^II>z5O9;hJF*$h>vM}M*hgA%suzEBo+JemI7bbH1gmU_i({~x*
zZ)Oer`E_O0H(M&@C-hdxNKrcgN%XY4*}+>F*gO2Yl`;KHo5#_J+Iw}4>F?AuHl9F|
zT7kK<2b$^n?n}Jwt#QX%$)o2&z0k_)@IrWgZ9tGhP+hi>)ce?*E25F%I+@jtweJez
z9LYz2fqidfFn5Cn7VRDbyn~C$lY>dT#KaJ1y|2PT1H5dMB7<=EY`N{;n+c(4+Ucyz
zC~iOM=
zEvRWp8@47?J%+RUb&)e8{
zw}M{(X``czMM9oe?m2T*`rpj)|FQU4@JY!%F*56Vxxj9e0;_|K1`p#|=i!Xh$z?sC
z@=sX3X*OZ|lB1ykJU)n4plz@3YP&Ywz%-$(yX;K=uMaEVM=(uMmzp(uy1$DTfFBe7
z<*!bi(op1l)zZDzHTnroE}>#`(#X?0kLq*JT>ezkr#&j1MwTD{UZfG<39q^EP4V!*
zI&Pg6P1xkLC0K$n^4~q!CFMY!54MAv!CAcno{Ntns!e4!!rGDgD{_ZN(!L(Ilf{Jk
z*A1&g*7_BbxZ=@m*X2V^?z-jd~g3RXT+qfj$;q4|ftBwv4
zM@nPG7DF<@5sCwU`52r@Na-N^Ap373vvO_CF_xqk-m2utxdr`Mk#KrF*twD@%@}Nm1XdJIpsN
zkugHPQG+--xct8%9B;@v0#E{sod^~HolM8Ru8r;$W0pFqTHHDEvJ*rnqoiP+v@w58
z`Rd#9^cx4hn3Px$f>244y@=`BbW;DBV)^Iu*jzW3dJ;Lo_|xjgykzW~l;~wFZkPhN
z73hoJ{WtUl*VF2t2MYQlu$Kq*dA#f>6UBc^aCGZ|9g(O3Gt^1_pxoJMV5Dc4nfMQd
zJ;mqP5!ufchWi{J_=dVfp5{8AYau}SpOK*BO*ZH=bG^2gt}Y
z{)hiTQ8mtgj)jNgv!`>amVZPlZGQf&9PAb$3XEHt1o544@W`tz0Fz6GH0?s
zodByvqh<82wX#JuEW)vQ*~ls??HQ!s3IOq&aercpWJxZNYhBB9eWYY-DTI&k&|_Sz
ze2tB%M2^$~Iw+ormT$&1AC7Zex8kvLAT&yC_qx=4OW0xI9?QSOl8d|*Q7t!Vm_Nt>
zaTj#_|G2E^3iAp~LoP-`jb?sFy=IX__QhVcC~WJu&@cG#J1;&J=g?;@f8kosqZ)`Z|-z?;_i4Jvf6FR0Z<0b>8I!j!$Yn3pCF6-;o(wS@Hdn#quwb4{+79PKfY&JU8|nDYnYbHLA|5v54ZcOor~
z;7}x{>vaKJs-@6xUs&HG{(fYx>+eh9E9L^;aTkxaBzRpX>p`nm61N|qNt2h`Eo<0h
zOQ$rgwe}&HH`afCmmXR%4v@?yXxeA)GfZa_B%Yg(^VO{u38jfDO^($!``6GQbxX5-
zpe~Yi`!xw!n<>JCQb9+UD5OycYd2M~X+z1uz%bnHTT%t1B~&;NNFKZHuN4Gs@^vR9
zb0`mB(j(>ZZz_+^0Y0XWbsI*6ryxZ(?BZYDpoyn*O-64@YT-2+|HNU$aD8l>BL{v_
zT(Kf{U}Ams9>wRNGnqRg_lm-hNU%j{e??vRnU@=SO6jJF?NS#Q^E!KLwzz52TNHAZ
z`)c9XI7EIy%B(WVbge`Pobv}y1bF8+E3AtoLyg`ZqlSQM{Q)Hymzm^_XFkQPKq0BKCqqsLZb-p#AqmGyYS
z#_8>Mzgn?LJYoz@66R3t$uVwu(E1}mIqak4=TnDDAN&<5OuaLi=D>a^&6n@GzT=V2
zHzalmQi~$s^|ts;EoG%_BgMVDA>kyhgXPYiobmBBxwurZ+NoF%2Ji6>M+?6giw8i-
zUsk>2RKNO>qxG$e3tgq8Zf9Au#@K;+VCx1uYGD2Zm0+icJwDK%PIltF)Xs}$c1GG_
zNiIO|m8{C9xwAX$ufy-2si1@*DNv!M+QzDE1dXH^Zb4ph%qwcJp~wlojLzP=+|S%P
zk9TfkZZ&^FE+U2kxyIH6_XM`9K^@RO!x@m}LgRfT*)(}cu>=NPk?L2YxK!g0UxKj;
z5^u@GJQBvseEkg+55>|HD~*D38|l8(fD5v;6Y)
zjh|{tdvwo&3eNg*OkCpk3R=H%n+6?g@VztRtq;#HBqSF%o05~i3?w}r7lj3QYf4S2
zyKewmpN>VPta6a6--?lq)(@kZ+W=@A!eCW%it`0n-C9TB#@#_R-LfIwyxm6%xKTcNvRm2nF1%c%M49X(i%2wbB`yL{
z#Z6G?e9|ZXE|x;-j$bv)K_J&^99N^yNgI3ry)1@<^*w~F?cVd_WOMACFC}wuD=A@8(1F>qva*H^Q6X=w<6m26n``_0WN(k
zrWz*FJR&BC2->J0UAXP~`03|mJW;Q5+P(Q7U2mQ2r%W~J)#mrBlok{-C1QgwEr#mt
z^f?%hz&a1^O9l`~9rkiE+ru><4>A6`wDp>!WFvH-awXp|h
zjHyGZV(nUR^XQtABoYEvKJx&7(RPHbcURl!@yE$%-CLT}BV5#4EzB|}p9F8b!G
z1~SU|;>iNcbQ{*k65rTC1x?d;ge
z#?!rc?+=DHoQa=QD`S4H(e4c_RO8@i?Kk2!^I0ds_}YYA1>uGEj*V@et7Glhp3BAE
zQ@qr(v%5R^>fyD~Tn<~?iH7iXoQDmx?NmGU^ityhOV(m0FlQ&WVXo<}KJjF6qHv14
zW-mPyZ#MeKe^E;JNf>DZdv%mcCyd=%^Mm0M0IehV)uoRc`HQe%&_X^*R
z-`9joz(a6ADjgtK(PfxrZ*NO+w|>-C-<9A+x$h<1v#l|8=(mG!r0a=82(A!ZBW~wc
zr@M=fj^HJ5HyTs;YQNVv}4Z$DnP%a3@gtHzU>Rt1^_m$EQ$Z*0;UR$rQ>JA&N
zP+qaU$iS`8YoaLHMfm~{CA}sWpGfN$Vhd1gmXECiM>T2#2*T#Eb?C-Kh1;AV{{$N>
zcny03%?SJHTsz#Yeeu(2uh}2vgj2Q2I~0D22109Ja~?u=c&%LhFRc>nq>V35yT;a1
zWm&C0y0>-!qXBbM_KQ^Es+7DIlAaRo
z%aPM2_tq#|V90F9#mD)A1Q7O5ek&ys83$*Ug=L091x+G2{3Cz)d+z$IBmQ?nLSZBA
z86O|-I1g)Gi0tFc*rnMWB{0E2_EQcDn~R=`J00SQ5*32m!@*tR#)t^TZcw!tO`ASu
z+v3vc<-1QM`-ja412VE_9LbGH13ht~0}=+3lokUQJQnZz$_+T|smf9m_a~$*K2nJW
zQUNbLMP_{1?3yYkW;A01BcV|)Fl0QXx{S-kqL#hBZYH$NKv2?6CkY)
z$LOYxRU3=Zj%LJ;b_Ej!cRQb9(6Cl9jZ8~s^ec$SHCaZ;Im~!%;w!@Iq{t=`ymhKF
zgrq0u@QPzAi+|3CSZhLTDB-VBon~*Xr6{#S{?0NSN{KMAh`ljd6on<`=Od4+sNi1>
zQS7*M+H(|FKCR9B%tY(~-Z`62Up{_q+S4CkTqI(d2O=T?ifv|sNcY#~yPGe`blbnx
z7(Jfg1DIH;qJRR)>x$-0cFUUfq**?f!sz-c*wZ}dlsi~0A@`_pZ5v->{RrxuHjUE-
zTiB59;<~05(#vScmGd!UbJ>H$^F{u=eiO9|uUJezHVg_FAC4hgOvRRzbyb%FS0cX=
z@da7z{uM_j7l>-YQwswHNFl$*C0|K2S@@e=s?|*qi#sz!LUYFZV{Rhs>7r)Dz&QF{V((k|NfL9fv~jY^7uST7@gpK4%VtfdJ%<$P*|qJpkVgURGH4
      PIKq9}|DJ|NkBe1V8KTS(Q)+2m05;$D74HvcaO%UtbVR##KBbxP3~RTd{PRn)TrYBLE1Y7N!E31+fP?@+03$S8(p@#>@M4O
zmz`zXwr$(CZR@Y+-8;U69kC;J#DA6tnYreiE7n|djB$_a))WFWqm;lIE6LGx{kxFu
zI3LI%b))Kb*z_!CI6pEkX}4$>^QAPt0dnJ{6gn&Kgh3RCq}{e@{!>;lwpLWw6he4D
zNm^imQ*Rx?c3`t}PfgMT&5DSjEWVKu=Qw-{n+E#WtQO@8A#TZOPFwY9~YLySU^wh(=;wL&zaSce<5nPjI+4@mlr0SRH@#4RGm
zG2UddxZ(C^s}0?I1D_?}rw3Nx@jZ|#?R|yP4*kHSrLwRZSMEH7YZ`@J6PpVV-XYJq
zta%X*7APr9)2d>zrVt|8K%?yXj6{En#Qf+!xRO+Bu}AfY-xRV-KQu>=AvZJ^B;xBL
zuIi^{`SP3M1_7$~iM<2S(ahjXw2MD;1AN+K2!f}bDg5!#*>OVTyC686&!?ArvEV>(
z@spMdw}jgT851|C%7&o8`%;T-587DQjZ_s5_R6%L-%nE>N0Gh@_;<0R{&`@xVK)nh
z$_g-4Mo4|b;M>d02?*a|#)L~gS8}{zsy0;TQrPIloNb6mNP`JEHJ7`6x6d8a9XSuJ
z!6@s>@`v0ljNe(bDrb#SmBsVV8dF#PF3jR+w`Gypb*g(L&g?D*mgebhFFM68doy(g
znb#;IeiV|{n(O8?X#H*qyViA$>3|5%b^;m|in}}>D4rm1KgJ#T&>7e9GR92)d~Rc|
z%Sy7kB@h-S#I>Y)>AZFGY8|2elW0QZ(CG&cK;9Vq|*5!GR=Xwh>uG$jQEXQa=nH{fc
zj7U-vvrQj~VK>Zf!YFF92H%aE%`Mbgq)`*MwuP}S&}=%TH?rYUTA=5pu*g4u_Ci9>
z88Tp40)c+NkR~pluc+)-S52#UdsiDij`6%ZeSa~N`NM!#wWsRnQ09j?KRHx4smAKA
z504Di`58=GP*PhI-lmrnsyyNLe83Av(^?HNVFub>eZBtUMaB!vdQ(7Zp@KrNBkK8W
z?9NMCf+_q2PzWUpF-vS@^*|SDdkMXpL_CP0oi#NaD!STZ=(m4LVVH*2JEukaQ#W{d
z18S@G35~gMK_p3^S6Tm$O%r|>^CUG{=4_-?@nStp(G9AOj^Iz4zGTj!Vr$bJD*njc
zf5bonp3qzeb^KB3kTi!Chc0BBpXL90GIXGY2w22oq
zWcu@ehgoEX$=AFaZZ;?#=XZU{nL;|Fz(3{8o0i`IlUH+L`=W?S{oY1ajvFj={pU_8ikI%
z+7S1S{;HIb0w=h_o>zR9U)x@b7o|kT^S|_oaw`CRic6l7DOZSuo*JHht;kC@
z6krg5I>P~#RnS2u2S52nHrfhN01=Uw0*2#!_?BG{o{B+!wF5z=2SplS%4FjZb+;;Y
zY#4*SlnEN@cDly(23gh>xOY*>?JNT)dWBfa?-3=pWRp{HWSDSjJ-Uu72_odVsdf>RwcolI*xBZ+m
zy~?1Sp;ROoQ0IDp&XUuI!RL&HM2dg6v&6mJVM5>O6{J{48WqxcL4)*B;d!0M!@?#U
z;DFSO0jT4f3*}SLsjqKEVK&78-NSu8^q*QuNuKQ2%pw~V@@>pPeYz%e4TaQNoAqnc
zMZ9bbUpCL;c!zZx*R4*j|IK?>nL<5Vk{mDzA-txDK-MY_u7V?4om2N$dYL#o>(fxVb2btK6Ix!BD
z$B(m5&_}`WNpq%fCN5QR3<$duANjk6Q($aGQ@ESEKZAVm?RqVubE)pR&;`nM4|DMC
zgHKddGp#>1N-E{9NxeCPK0R71)=}e^x728qZhwYP$#$(OC6Pg__e{k_bv~KoiE&^|H^ys&mK+fZ%h3r
z*)RM*l#tN>8~=xbWn$u%P3J%L2z}JoMV0^h;>!=RI;f1tUV7#P1Z2s7|FT_ev%LIY
zY!$z-4(N9d|9@u&c_Y2Nyc|Ec|2K>1=*SZ=LrqQ1>G@p!z%9rG^6!sFrijSNgZul1
z&upa535owx3rJ785+eZj?`b_}`7cV5z0SVFzhEq)7n%QuCkn3q9*nTPjx2&+LSmvm
z3zn7C6w!Y%i;fQJ|EBY}#Wpswt0N&^0j=N-k)hb#t|7VnW3XUh#KZVWG-X4ZkQ~oUh?6V8}UvI?!9L~-6
zS)`-`_hrWE-vzk4S%VhW1VfYR$`LV1`?sPqk`=Ti|7*NHeLb{COyq8cN4l}#KcjHC
zPJ;?j*9|TlM97+9md6547qYG{zN5M)dOjmt)LQuL<0
ztCAo67U(?UkD+jKOW6(TG#)J4=}&-5vK+M6lLZ=U^M=ElOwW4fAe$c@2TiRg*wsi)
zckdjub!r-4z?Dl-3e0Ks6n4Csy~x^OaYUy|&A9+F0alkfe7q%uUusODU~v2zPnc!w
z@`i68V~mRN&awNW?rZOIiVAUKC4!Mwl@9rpFR>90#CBGEy6qm(vwkR+CDYULF(VoZ
zPY-Y_=UnoRdckAG25Y4+Jdcl}lHSkexmm%Tp$DNSEDag72dV9O=k@ivYwdxHuUO87
z8QbX-bnwQYBWo(R-F4U_mDGm`O|&9J{9%
z=9+KBN~AS46d-Xz*t~)tHBE|YfTg6Y{SLXLn!`WPU|1%tVw7r+i-Mh_3$y%m$?JZK
z>8njKP6?U))b?(6I~r_7s?)4&$Z`uU^nkf&1|KMVJn6g|34!~+rjk!q2OSA(915q>
zs!1ShDsHpd!m_kQ&au-t(f~P+Q|LI(`E!Bz;ILS~y?tXPedwD$?Hs+KLlD1Q?cqvG
z^3jRzn*0yXT5s->0b}=ma07G7qwuOu{S_TtFL3u50$7oq9GPCo(&a9FINhs}US1|-
zU2b0GfuiItJBT+2i;$?$K@qF|3C_Qby;@2)Gp<~&J4$xRPbwFL6(eXa4xGTtAH{2F
z;vCANAyGvX%%sMVxS!e|B6ijXkw)BH
zwqd-Xr>I5$pqLnN^0!T5A~PAOqX8@v)4t+7vyc%oORAs#}Qr_E|gZV=Byeh-$s3*uGJ
zw)45^TW`jgnm{8I+%*)%N0rPscNo@6q3}`)msqRdMZ2R`fMAQ0#XNd?77(&$^4ylBZ3_|Xevea+umHO
zc@Jm8by*?vRd2qn^l){}QNS2`w9+5SAqK3vSPA+H{hQT_{pNlKhWSv@0&?vPO^W)b
z{O~-O%1f?C&zhivk^^r&&xtOw|J}X!ak!bJx$7+_jVP39u(ln+9d6lEKLMNp=xGknp;-(
z@*lhVS`yHnG#0oaeW<>fJW+PSv%P6fF_Ys;RyB)XLwz6RsJh=kSW
zakj?!yH-ZoaxVKk0&#WLps(aT(|)_!$q>nIcw|fKPR&qxfJfnp
zs^a5=bj+tOH^nXmI;dW3Mt%xdySlr_G@pPfxJb;q_Rox!B^VsQ-@`f7kZl!Ok(`-A
zI-Z1STVdIFx5hR=Xof^ERy$sZ!XG8f7HHbc2Xea^?~pOAiDcQ9BU_z`;bG&F5c1;a$t2`_H&y(+lE$i2g@O1phacHO&nG7O~w&@R6vYEouLHg
z*81HmLZ~%&L^NL_HEXp$VSW;!Zu;(aeQ*70n++Cjq54ivtfG4eV9!lRh;fOjUS+l?
z+(;Xj!t;5rxoc@aFH079HUSQPVVE_LHq9hz;$t8Ss9E
z&clB`>&O{rDk7$CH*Q9x@*2<74hOle-35`FCQ~LEmVS5g7)>Rc+E`$rQvu1VCp!Uh
z(pM8DAEW{B7owiF)eQIAcIIQf7&sy`K+o3uNByf)9Q~oeodWsk%|+qI8M0jcj$xkk
zh?a#AZO3MYS6UKFS~Bmy^eqYCgalY@cvbs})K%TGNkVN5uB1?BP#COnH8Ba6672Gw
zdlWf!RmQ@}{53U5_s|Z8+Bq@4ofV$3N|QnkRRq$SB4LQ5h{~i7qCThvZp8*59GNzM
zOq&o{=swq(O1WQCH8gP7Z4nhDGE^jlvx`{EY4}q`EwUlrYFWqA_yPsAJ>@C6M`t%D
zf^`%WglD=XxDi_2G+;}vIm%|$?22R7s=Bb~t+-ae+3Uer148#WP4AY|E6DO6{>f^*
zKU(1Q8hJ70r3G!Bo1GS|Z%Vx#rD{LFdoiwv^|;KKOlDA}DowjafGbpRZU505eR#eS
zu3P2(%s~+_oNza#9m(VRq4cg_uqAQ6tA}A
z$l=&6R*NiJBKb>~xYGF#?F*)1M{!4tVb`S}mZmU05-YO#P2{bkg0d+YP)a8iAivXU
zLKO8>Zt%13`Njg5~jOa>b
zZW-b=d;T-PjlQ!=nmE5#aSv%)2Q6MKASTiltK%hf<9s!G{3B-mf*;sbFzy`Abhe^k
zTnRJ}%OGws`Hkwah(~IDYFK%BFu@%xiHQlFHcQp=G8!7dwPtW)zToyoX%9*4verb>
z6gX3K!J%$_6OT7c;(ZA_*oqw}&V_h9FKFc-cB_3Qzi|YAnK}=uD}th1l;rTGoU~V3
zfn>FU&A$Y{GlllxKx4}m6=i4g0mOQBJ-X}0W2N8Ziljr6QeRjP?-4K`(`GqG>Am82
zg}nn0ym6A`BX)o66@y$n$O}S2-WEtY7J!Ad$;+PijZV~VPsbf`Sdz<6YT`9gMst1r
ziHN+Kpd&af*;KeaHi^Ylqbi0`|^X&*W*ZfPbeSUzZ_+&6+Z^+O<*WaQ!I$vIO=>H_kaMwxQGTs$L4qqQ?Ph%t#i0_lKiQv)@i(hBoMcUQ$SF4>k
zqet4}kZMMts%J$80}APrYF^;Ee?i`-epjq25QC+FMrOg*{)-Q~Hf|+(Nng`|5(O;s
zrHI3jKRHFOf+QiS#^y*zrHCDQpXfInf{9^rQt>)jtEf8?5zlaSc*|#;4}Bws&yV
zq8LRrF3v?!d71t3UO1zrHE@wB#pAp^g%chtG0y4frw&0$N|X0kEPlV(#RT7b6!jODe@G%kx8JWAjUJ@svkAd!1$-XRmAp%Y{2&Dg=GK_H#XD-@;{
zYPb&sBA)LGCWSEA$(q2hwjLRw7U83A+A|)=fWL}>?~u(Zt;|}MR^{3}+4`ktgj_QI
zpMuhYsgx;+{NNr!1R!^0mFblN_RMM5hhHP=g;b0{ev9ip;8xFR
z9t}AeXg_-uYV(9(_jW;TZ=#Bdl18vXRn(&Fl93fmM%i3~hD5gM+UHT!OUlKU$13Z8
zV>wpjwzo3o_{4KS;M-Mx)*nx?mlt&lR3H!8bqj<@x+Vdcxcdom)44~-WlQ=u1p+nn
z@=50-@is4Ae}XZK+K3uB=i9`G@T@OTSfP(E-MU}JqQv)a^tE^E@5ndLl1~G#eYKBI
zPUv8p@h1f>xrz^lFZmWjrUoQPXXTkIH32c1)H%L6&FOQ8%8!iFr$`~;y6o=ZwG^~G
zJ;{0$fqQ>?Xd-0mu=~MW_b!iyAOoQ@7;J&Ll^IHp93c*NN@al#b1^&X
z5&jW)>o9ULz|~D>WEMNu4evz~5{J?foEe&~;M7n%FUT8bQh5$}cO&KoupzY$i==9V
z1EnQ1;nznF=$nd)VZHrnyv4_p<80xJL*XnP1y_!ju#he7v5B(OyN-$T=4pik{=t_){X$HDfUhXlrn5nB-!469YPLnuJ=ShB0VSFXUi#d3GWW@
zsGA|C*_1$=#s`gKVCt88OR7qRRU7`FLZYtpWT?IrrfUAB4GyrqT#`~t3%FE`*ao2V
z)eiM)_%(E(*u2-dGLPfN!urhGRAU0e7Tu-cK09R9hPbvJo7JRqvnv?0p
zMIrYBS(0K>YF*-X0NeoWg_h3(&Y)@oI2pf)n=iWF@BfSB^bV@j`#<2G~6Y
z76t4B)NiTr<1mMn*+&C|V(Xud76#)1)WSMd`o;)f%z-*-F43jalw-Em
zU>D#hA}_Q*+n{{8H-hQ@Iz;mq);l6cr9s^Q@U~i(OE4MSc@*7;^2+!ECs#k$BsNrJ
zrpk=%7qU%p(2m62(|lXkCC@k<^;Rh3y{$2*94OFm+4#-4ziB*794a)AGf8zXzYuo)
z%VDOr@iqbzwNG}XJHwkiINqMfQ20pF=bXh!PZ?XJ{YNbG^UIZ7xe{lux~XgF9R{BU
z=r}W+0bnIY4f@<`lD=ud2qWZDX2^JwMzU1kdMvyk`ps_le_A+#RHL>5!!n!?j+6E*J;bOQ9qksKil9<>~hQ>
zZlMbnm^0f%GWc9CC|X}394Sn!cj{bCkd$&>_qIUsFB50)hr3ouRir|_{v>q2`=xmraazCfB)4@4t1dYr&)XM~6DiM8-~k#KeA(un0~4)6fC-w7Vk2r3uZ
zqczy7k;h@$9?YU1_)4@79Dy%+GZdll_Ci_hQ7%zUjIF99z!&P_3%+25A0`tKjfL>s
zHst6&FJLgvSp=rTsNm1)H0iuO-V5!YCz7|R>5$>!dBJkQ*Yzi1D{-!V%4v=AC|sFt
zpuJFzCHpT?Nd`b%nesAx!d_-NYVBT+u`mp`r3Kih`aDq!qW(DvVH@{$L65!p`0lRG
z&0c{vNbuL<07A#Ufyxw-1-$hQcGLpe(mG*rJ<>L}&$JAsv<}F~3p$<)XC-(#!*kcP
zq(uAyvwPUXkPt?bF|JK@pT83Y*Ppy!!4z7;u
z1|@0$k8E`VnK2u^*T^%Ciwkiax+bNXtB`j$y_>~F5*%2a<|v|hFgHT2b$cIE&srRk
z0v&BT<|ZWFV{wm*D)GR{=2Gs}9)x9EMch+8e
zAn0k&(<7(KaFr(V5W`B;Ul-HjC8jtdb*^!8st2n`TgeAbtnAa6|7|=r=ZL@XbpV^})LmS~~
zr-@9NtNPA^SLE&CmgR%#ayU68DOfbZp`mjSrVIHj}-(w7Z^fI{nGZnqDR(Q
zms<@ps*rI?9tW6TCJIr0i`F=p58X=i*f51DEKzl;HC(+K1Ctnn9@$`_J#gf7ZJyDR
zCqyHR+n8NCwONEy%-3X!l@slp)|f`3h{w*4h|hsDhN3TDIenjl?_cQur5)EBw#ofZ
zy88>vNA^dF#8FBExfz9|vG?ng&+hXOqn*7A6QvA)d*pa}U8Wq+=c_XhW@d7;swtK<
z{$nY&)BVSg_oW_pcu8dbI1QF#7he~8M5|~cE~nsKOVdj7{rOsT1cc5rf(!o>6Eogh
zME;{chYLBIH^18jsW!;FCVuPbw5uWE=wnw83g1UVGiJ_(5NamjDJ%79F
ztJHTVEA}H>2JX2js+U7gjQ-lXi^O_;`Yk?J8z7V|cFA+NlL{09{fgjDOb1u5RL)TQ
z70d>kmp^yhIsYK9ZCjJbo6d@4d`noC93sS<-n))`hFe4mtjeb)0B)oxBqX#i;WwY#
zofJBN5@Ut=r@;tPW?EO6KPi@b%c6ZgZ?Y|bf}=f-48f%lkDB1?+8C={5Yirj;A+@7
z@q$aRat1d6@$Vlwz-X;(tezv`{Ozy!%8-ngM`86$uBp`?B!{1?c_;CW>DvupXCqD_
zhVmhx5J?sL7gleS=Jmv-s;KZr;M}*9~IJ#J$-r9i#k5sj4Gh<
zpX%6;@T9v(pm2OAlCT?h4&n=iBz1N+X@Xo5PG5@!O((5e`@_LES$>3&g)1OWw_uNv
zp#Rm-u@?v}*kS&BRJ2t~Uj_V5RoOWoW1v=za`cX*YM|3@iKiOC_W5PZpq(Fu$}L4#
zK->MmdwX?fpo^T^(8NKy$p9Lz6q($S12s$ROz8iK!rmb9ABG
z4UJN<&s~W0Mbc54XWhOy@oyx`VCR2H%y_tj4R_LiD%!f+$^e7lue#4i;+xe|z){xe@hY!%46Q^T9gX8hB??I-e5
z5q_UwI)$XnHh(x5_(`Or#ZyqflZ0ODBN2L^o)5M6-U(T~=u^wAQ>(>q=%W#xZsb{(7d#%+)!Hcz#5Dby1|fl?lw_%NFE3
zY`K{_bf5$-U=48n_|8g_pK`)Y5mLL)V~*z5{xv~n&eJx>-3?#YL9YM=KMkz8ey|fN
zvD)5y;9kj67qzrx2a$n)7J<+kUY(57wao5iOy2Z1U$oH}8L~iT2)?iBr0tP3;G6RK
zq_uF#>SrZ_RvzKg*`V_t63LNR9&D{Q?|pU2bH7sA)M`l}Di9xQOB~3xe6rRa2@@0(
zbwcP*O+COY*+s?zTJCRjfC&!@?^s)Ihua+1nJzJ=_qNGbzjBmr_B2zbE_b#-@?RN$
zBM0NH%-kF=7C~LsB5@m5%+iZX{_Nb!Usr);=Jl8S&~WFfYgVDN1RY
ze;I{45X8ZPa%JMv@s7RL>x8_$sU%=}(|4adqnnrnBd#zpeO8obgT?b^5Tuiifw8@f
zzkpRkP=vP-PiyLI%er8o3vk1i=*OVw_>TDXVbA(j`*44ZB=E39Ybnj&11M|SnKxoU
zs*Ei6a3RFUA1lxX)eauq`%rwk&FahAlem}FBih@Bir0Q~m<#ZI=5DHesq5&UXovR
zq{I@S0{G
zal8rR84U6A-&!6jeht}+p}Z@WN~~iMYj4gQMn)5`eHL)sAs}v%SXSn;*{N`Fl~M0;
z%rdrAHFHy~gA$F&fkj0gse<#pAe~njO>A;b=&qlZOj&Fa8O5B
zM%@X^Pb95;`fWP4HN-F3jfbf^!z3;OmK`<3J!Ge}N8x;;m~62?G(MEtWfD(3+vT5|
z+=~8U*;r%9K0X)LHD3C?ffYL(FCWlJ&;X3Y<(a-QOEg6Ggv3~P-O31?JT^-v=C)P^
zcNVw=F&G;Yce|_pP8MA0B7x=5S0Z-nPH$*CJ|He&HBw`dPAcc=Krv-)Ew~9Gktxpy
zM^>j(i{BaXyNTf*e>w}YjcdoXJHE!Bao%_*o2|}31W9$vfp#N|kGRi(hB5Jok`|=)
z0&&H%psI?g|kBtOM_T5bo06Rt(tGD
z!GE87Vjkihv&PReooSZK$VUr)dR&>pI+?{|cW~64|1;x2Z{Vj04C6yjKVxg!
z2E@K<_v`#je67hZ?p_#+YPQzCb}7v-oB({34CDuEjl}KotW@V=RRwjN!=?5r#u16H
z)8IhH=w?Z&{i4euq~RuV2Zy|3Ov7!1S5(&?@0pc+yyET`MY?;V#twmcBIsYh6oYuf
z=M&S{8%7LrEh%@AQ(s(LTg!BGx-0ZBpd>#_t6@*JbNZ}#({8&P?uSgr`KXZ7Fxfvn
zA;xM552t2C;#0Hsr>EnXEbRyu=TMMUtbWUT?t>=NuOOswv;5shS6AHiD{mnxH5)iQzm`5k)ETDJtcDQim^(;
zlhxczGltz#nL5A?vgc=NYdXhj$;*{c1W&vnI5gLSA?!?@V!<4vACtGU>iU7SbIrcP
za{(`T{^q`^wTtjM(URt0PU)426SuAY?a*-S%<&J@bI2w*Bj|e@+&L^JYy2{mrp2m7
zX}WzG)$W}>ic4Be;z06hd37p~ioQmnVp8j{LBNgz{8n516@PH@VGj48-23N60}mRF
zV!h?vo%Ky|bVN|t2H?H$HyapM&paf8H!(+*nZkML0*
zVueHNP%lX8|jpjJl&Ulq307c0y`Axam;RD_Kb|&Zz`k#r56w0*07v>T
zsaRf~ZZx+H=Lv~XzQ&R&H&`}N{26#~ULy|%vHWr9pSp}x1X4hvJk7$3s!I7o?~%)s{bwrwnK#e7w~=n#qu{tSey=u-OpLbr
zmVlo>)4g(=tT3e^*FNjUJ{KC=Ol^O7LC`i-a>)o6@gDRcDgpNPK?o8T2U*@vI=&%?lY>?
zk}#P3-dGMEZVs0rwPnHNR&bx=C@&o*muN(%wkC`5JFrpkg_Y%}+%{ai;UVHwB1$a!
zI7^XNK!We~1E~6fRb=bY~N%qqJjk75Z{Qy_*
zJ$^-Nb3h`Q2u6&9@K#ug4NBqzk~b?c6GBy0cNA(*)S@GTaB?g%G!fAMEx~RV^PBH*DTFVfSF=!gm)@?e<<%t*J^Uw;
z;5Y|aKsNGs828khG4P`+MAU8)rToF;DVa|AnZse7;ia{bMc2#gyJDDM-4{^=f8>dY{
zX^UkD%xBIH5tjV4rZ8oqeCO{YNv&oWauv@pXCqYNwwBmWC%nER*ugVLABDF)m74e@
z^rTrA$^7eM{Tk|N1+A_iIn_jl*UYjM#7n7}OWO9fgX{+|PcQcXB-5g!xEHCFGxU-A
zzXTwyU@`9xT;~w7#-&S)I%?GtA#yM`H^!S^=P-@N^9=U)rhet4MujD{NbH1Ec+j9|
z-zE&96b3s@;VX9Q2|C1}q2F?;r9VUzEPwylAbX!?
z$MpLx1Y0ih@~$P|xM>LIMpC_eY$2^W^khk!aVIN|VeFmSVuH?`ylnxq)2EVC@&Fvq
zz3C#)p0qM}`Hed=>+_vZN!Kzg7eb;UC?FRu2f?o1NT#%SJN$`f3~
ziEax1_!sJt3&voD&m&IV0SruN~;a^C6;x(d<2M#~NKLZyY+9p?!C-j!#<|Vg)X2S)fX&Qrwhr8WWTN}-oP~!(x9U>v^
z=O^89z}(ElR@%oK`|Zo2mlA~+<_0aYhc@UXVGIW}Kw!yyaA-|Ae`e6PVC(jD)r$kX
zpV_kCl&GQ2?I5ksN-7f&F-fzpO{RYLfQu)p3$ukDVdP%QoKH?k136S%HuBr~(grLA8;GPN)#B{r4o
z*BDy9t1vSu2PC-xap^SOBKa%!>Dmc@J9en9cc00SxNm)|IH(}77;$lI~+rr
zO#QcUrom`qAfVguQsGg6GaycLZNdY>P#097@sy0>}Gl=yIYy
zd=DFKH2jt=m>=tfV8`a~fstEccrbsF)vCnJ^PB-aYyxVOls~Z3%&nm96af(d2Ko$+
z!3X^2nK-(D>|a`k>Y>bL6ML+F*)$1%jQT1Iquk88}OmuZ=i`fto5
zsY)ITe$85o6251!G#Zx!EkxoWHe3Q3>aI1K7;!pUx)So4HFFqOs~-JC+{u1=B6NHq
z_%atfy^$F#aAB^yg;<@{UpCOS%yv)reK`$@prjM7E6O)Lnu$dl2@xj;a@GROorj9&7PtA~
zMPcKLV#Ny2+ZJBDyrxV|x63AHCAP4Hvugc0F35odmE9^`W2Ug7C&Obp^Z
zmw{5Q4o7;WsR{k}XM)*%Q(YUszfEbcZus9xT8AUzuz87yLlJC?ifdB-ylFTWl{R}!
zB7Pgd4Pmf_h4T6j%h8ka6z(~}z+ZX`;^c;^%sb3Z!UVq)AA3UB9UbIhOtYdoDPZr}
zqzL>{hUcv8Nrr}D@OTpvf|C)&HM5vKW`1HC7JLX#`kJoKt>iLIeZJmoAiGfsRH#
zB|(LS(C-Tx@JS1{&$dk5lJmlve7O|1_I5&5^EuS~f{jA_?N&|hDysXlO0ko`KCzO=
z@8VofhBd0)6q^TKRMUFdW?b-K;9l{q$@H{VsihpId0N@c-C0<09fzni2Y8$F*aSY2
z9IgupXUK4F0Yh+m7*32c6WC-=eF7y0GMZmp9d?a^AjX0Az_;2Pc@G&G5rq_U;U_#^
z59^-$Ug7g4t-+*@_A#UF&n8{YjFJyxc}<&T)1zmghPw`5N=b*1yk7spNbu~gM$GDq
z9TZI9J~2*}Ga*HP6oEFY(BQ;AklKWacJvX~#6!&Qq1t^)f#?k)%gwrfVIc}x2=T7J
z(M5|hmV%pBJ&Zx;M0IkNX3SyGEMFs2e+jKdPnW+H%B0&bt_(q$m9rjeJRUXvj|pnn
zeFwJeI#0*+(wlvQ_*Y0~7Tz?3H1|7Od|l1YUkA87(~VZ|cV*g^<5qb|KGds=e}W<-
z^Bl*Z?#XmZ)0P;0oWS<3x>5xMqs$wi^@TvE4RH@P&@?Gk2N*mIRpT$PU>|jUf^*dB
zAL#Ug%jw16A$>k9pf}>pGV2-hQ#F3SWVOZYP>(k2OfbF;w_V-9wr~8K5dZCfsLs8W
zxaZGoEzjU-$@6
z(Nhx7sv%RVJmmL=iWmGZ=<9{#mGtj{^3!zOaY9Fjsoj>~t!#l4@xx8h^HEi%Y*l~~;HvH4J9JyL
zU-WZ7R|nJ%7&g?=kkXo;VEK)BS#(-rGI5rJhPNW-J>kG|QYD+{3~UiP(UH20y)SE_iV`a6M9&>~aUYYVR=J_)$&ppB9?2=3LbSBo1czunzr&#%3R-=ufFbM)189bto5v^hIE#pemdO7QwN
zVBh#pLK1#hxb*Z4J9%eI6E-XcYScwSiolHLuY0xl&Ojy^?i@ma`(jIL+jdA}z1YBcP=!ild)U<*OK&y{f)y;L$suk5ai++q=9NuKt
ziH`S&Pi_o;io}RKEV9iPK%tYBiI+a(4&#q=okn2$s3;I`s&K=0rgfUfaQxjQ?)w>Pd+
ztGXm;V*_l>Mw+5(9UINtGgGV4KOcS@rc))%4w^93UE0FV9f|R{Fq|5zf;W{>YV}>)
z+y~z;tvJ$f`0O{Zgq#YFN!7Ku$xh!L{b|SemnrMrre^}dw8NiOo1V;Bm-IWk>z8J^
z$J5r2s4UBe^fIULUZaPKTx;u5f7on2`=HtIt6Iem?%rA5
z3#|%k6kKj#HZ5~=%2N*;!|x_(!e^)|N(cUMkrzn<2DiL<4f-;s=NG4ot%islF&vH}
zM2xJB765X;=WTDcRu(F)a&u}PxQ!MIOGup#6vsQ>g{UmY9F;M7zUD!-d^RdP>+dlx
zMB&=_d=guhbjGaMJH#4Q`f}v(kk6_bWb5eDy3@iH&6+Nva#CUy7fg=m(S$b^=asT8
zx;W664NY@O>wykkUWM{43}>fqjyLv&C5`c99Wm34E{ry=Kb;%6T`x8dSi&#XiG~3^Yc0IvT1%JjXiwKZ2QK=A=vMu^TZ6bx9h0=iUg0ky
zN$2a|VZ)27i;m`3q%TjtzHS9hbRW1}U|J&z%F8jrk~E|&l}JjNtDwxtg(%JdV=8qX
zS2~ZE739u_EF##6;YMe}Wey~b7LXHeV&YuM!(owW*Qbv@=NVw0TFQ&vUnnWk>l+O+
zr#h#!R%Vnc>w3Pq;k0cqV|2A`&D;;@C2eg5W_y>Hmwa)Chh9%Izx``}#RPtAX6c&V
z9*%e&WqRySv>m}0*-qGZuDe9Xu~H4f-42{%$3en%XyfR7p<_E|~MnqKLBAsp1+-iirTDW#JAWJ=xiy%xgz!)
zD5bN#22(pHtkqC-;yBgzp0p%qp&1^IO+x`0`T3mqY7M)JI~YDF2#r|}No&4j^{zwI
zOU{J&xsaW>n~a#F?2FV9?A6G!rC)I5SQ^%Wp}1@Mh{`I#tLYFcMTXI66T~1lHA#D7
z>G5%=J3kw(YY=X#YEncbQWyU<>-Hy*l`EHFsim~t4lhSbx~o$;nBPUHha)N>7DJzo
z;~U;&-OiKbY26tf>_TPK$Ha(s?%TYM)LaeWqr5Tg?dHgaw^%Rs>vIq?!-l|M=d;m6
zXG0NIT6Qe|ibI|5ObvB0
z?wY;t4VG;@!O5r&A}(_$=14Yff$peV^Z8^+3c(YDu&PU7d0G#oWYQ_+vUtgQiVU6%
z_jfkRLUs(9DN(emU2(E9r#WX2@$GJO79PaHWe^sIcJ?F};N$E-PIfY0!J}!2pSVDNwFEIot-V1wq~c
zR;6~3e`p2!j@9BndI)xA{ikip+|H7<2Pr7j6FfQ`i&bJh7jbep&9$kUOf*IyQW{R9qv5UV{b`pI`>NTK8W_
z&{Lbi;$^Eid^8TNQviW37GxZXrK4BYm30*Kx-dM@l{4m~Iz67UZcAJp#C=w$@L6IP
zW1YJBYSmKq9*Ck57lM7AsSz1_tHBm~Ycnd7;wUx~Q;+mEuaezH-!_H;8R_ppSZw++H>MFSk+DAwHDyh})pX+D5)r6*eY1K0lgcjNjTa
zkCLjgrMjquHmw}d7=(jKr=sgzblNTy^PLrmTz22RjA@EyO>8}NxlttA1oOb6JCLGd
zNp9$%Eb1_smJ_+{mXXwy^fK?(d${AuKtA4m0==Ahq;BK5#X=sw?|MoWui`{)H$@3K
z)M?LU8QRur@^hOAnROS_CIoTYy|aWG>&c7B6NAP;Nm3P7YT@_>20@>pls-psPI2F=
z({Gbr)k9744t7O0a@{?T;L!33(FHA(9sZCs*M6Dx4an?#?7W6DI>P(x;G!vx<5?|y
z^4v`EOx2hp~NW>xX_nl$uTM~Q3D(^*kTRr!7j
zTO^93R$^jlEo8QyXAY@_92e5?B#fQ-lvBD2GZ+i#e`
z5btSRH8~7@YcaW5wHORd9Nw~q>32QCb>n(Cx+#jo?>s@zyoW`f-9VV#g#|(Lw(g^I
z;{9Adri0hECqhRZr6H49wCHZ^GvYW{)Jt7`2_=nP=(}3UsjU+6TrLOJRkHAbN0{Q5
z&d%u43m&J{beupPIG062u9bT~qP(S-v_oH@8hINJ+;cVgdq1R37|6|UBy#y59^v*0
zMJ(QuPM0vg+gC1T(7Z>O@0Z3`do#{HiLeiy%}p~0Gwu3o33Je~d-dlGyZ(L_-E||i
zF)OI;&{LgzoL2d1qSQxTX%X#0X4P?9*jehv-FMwaUCuG`8#_opy#veP3%Ku&8>q=m
z>ObZTJ?*SpeUyNCxAO1<*HW}>H#wpYN>jG-Kw6l0L|
z6o_%?=4MOW?k$)PozFuL-cH}C)1)+Z(pX(WLz`9{A<FREfq<;alC_jZodWp
zGdeG|u;sb!xZL<44=?aw_gBfrV_Kp<<(k;%Lz?O_2?znFe(?+v6JsK9NzOwzkDi-AQ_#4L8jgLStqmMRlDdC&W|HRz*R*
zoX9(H*@%(2JK2y{-NUtWN8>D_rJ=KKL?t5hii&tXdGFu6^1)&;!1Fk`SjB=V;W#-t
zaoIJG<1Nl$sR_p0sgBr~EF_Uh=m}!Zt-=^rchh!i1H}t3$6>%aS_ckeW_2!Qoo(z*
zRdeNd*Y8Ok?YQo`x%jzyGInwRl})V_WG2(nSWSFFGEKb&WLFCX^YCWUun-&_tce)u
zPepbbSw%Ip^;sI76(bgM$9O-SJj1#1nkHg1zv~&UkeiJI)|P7Q9j$Q@k!rVXy>OyE
zBH}K?-%CW?1AD5?f(a4Xj(p$PIU665nQ1gkyLJJ-u1<^?GmEa)EcSmUWH$9enf*s<
zOGxeN;O`&qVeOI^s6MzIRp3;bcCTjJ-o5NQeu&(be)D7KtYUA{7-kK%`j#BKTGII9
zvW?RZ@syMW&gGCQ6z*Dr%dBUws)t<&9q?vuOWu%J8
z^{V-(1oY2ynhYdGT&Ob7^fqoA!(MCtWphq^J?PBZY?
zci`Z|%;_`m^l)RS$jmz0brdG;qg-1$YKI6DB{+*b8L$G1j-^A=7R|b!nihV^r?KVD4acm|bF_kt$FMTE^gar+w
zy``0=nmjCQz0jT7$O#8?auQ?6sp+GqsP2NtZXS*cm^IcPSGQmWg#}UFn!<_YrF2*3
z2tCiET5Ce(p^fbJv=@dsh9n_(tMpQ|LJeH5`V*u4oCuyW6Zf3jvyZ||)ixq>x4_EI
z4t3!k4mv-;gm4dBJ-i684yLw6j_@vma}aZ6
z!R0uywS~P)3J5i=6=O7wF10OX24|)>mQvc;$E_0;hzO*V
z?dikdov#(#6f{rda_2O?3Cn?d!Vl{|Luy}YpW5XVId
zo_&E%bQAN%dIF|gEz(~x_%)Vz1%}|~=g+9iuVk)JrV9{J_SvrqMCQ?FVTQfmME>-*
zS9#^xCm7~oWsFqLe1X{0Rxhpql~K#tS7DB?pC7Jv{hH-FaxaE|{1KLuhS-zkiUpj{q)Pcnfm^?FaS{^t7>d*D>_=
zZuok88kf)gCi*@duFf_CfBk3F_FjZ^s3`8tL!0G-o5R@$57b33V{?(I@xI;8A5jBn
zY#oLBlj*%cW^z3BA8~YJRLE4Eg}BYc05-9&LgzY#XPyy}q_~!!pBG_1-dG6jX%$hw
z%k&7mFLIx1b9-#swbUB3y9==wMxviS&Q$W3L`-bZtMQm}6CPWSQtjoy&~dX-?>y)=-Vkb
zUCCH~hyHy8z1`Iu+`kJOH$S{RUBA7mrHCr^Vt=PgsNH5A98RE+ZAkc7uDoIj!88BL
zO;duYJMsa03cp=K!ic2}K`Ijw8Ar1>s|jx(KVu*!U*5;tgVfSGietaTYw%EHQG|yM
zHtI@*FjAM#9n3|GQj77Y*9fDpHWz_eAi*J`zXO7qx8No`ZOw=X4L6=6Fmwvn+n!5w??&qD>kp;`265c?*0>Y*W~H$)K8BVgoh)8~fp!su_FW(np*g~Fo+-*C
zk1w+e9_^Uo;CNwYnTmj6s!296!U3x+tZ)zkn?dS1cMfsBA6vCscitnOrdkoy8Sy3}
z+|MYpVGEw(s^J058&Si~lX)~c*fP}VT#%z}Z=zM$!1IX+jW8Y?Ja{Ts-94Gn*Z!5O
zgwx6UY6qulex4UWehQcDKqNyC$z`>?v}_HlR;^~`nyoCmC7Z~2k&+vC&{K8dYqn}8
z;HIl2Kd%Nm-@)h$i{#M6SPI_BMt#lz2*W%~bn^BMC&P;|vl;
z!qi-iXHN&m;7b>mNX
zeL6YI5@aTEFeQt;q~pAEXf)F!&N+f_A}^O^ZemJ#VGTN!1rtW}aCF5XR9DT%_#|$C
zrs@P7P38MGrM|LaVCy&WW8xiU?AkXVv&bFa|7MiO6e9XIaUwdCte6An`o?2p*+*w<
zpSV^pr6-RQGI4}4GOnu3!`IFIqQ=O~I)MA{j9~erZ*#i5@gj1yWx`F}tXsN<4AHi{
z$W5fV&BD<>h(OP5YU*`DPe$PAnunLKw=@5bGKIJL#qB3Tf9YiEnS#_X()8hV>)Ef-Ozg&KW#1D(cTsgLyh1X41x
zi9dae2I2JF%>P4BVrC;U$2uzO+s+y*2G3-A-acA-#Wh8cWhbuNRaZuv-b!Sl2C9vj
z`gfyk?xwfLTJ(*I)`kvYK!qc8_d=a@n3I*W8SEvT?dZ8!BqpFW5!bM^#KzY0g2CU~
zewgUE9I~?ykP}raGLjL5UsFh7jaHo3LSzzlxQdL{H9C?eNt{FIx0R#ax3Z(}WY9Dw
zXRhJMsZ4URGO6sX!NXp(*(rkL#3VA)P7!}7XJF@V;(%Y6AE#rZ$<4~(bapyj1E0uP
zSb9Q5E&CFa$rIyj|H+ZejQDmybpa}oIZpQG@a7#j1&+bm+z~HF2lhvvCRd#Qc$CN#
z!tHS|*NDt6ot*S!_C$&6en)a?;o`&8jFW7L&m}MG1UnDNVVWb8Z*O2{Y>kki8jXbr
zE^IV-O`1;Q!M!5W2onKj|M4>J{-NaVJwRqw7SRbw5Ih5?n3KZB$$DXdwY?Q>Wz`~+
z5f0C*f*R4+YuBtIx#mCX$1lmHe~B*jiU`aSKmR~1gts>lX|t2}5PG{z@$$0AL}Ute
z4O%RFo2aX=r@mfA*o3ionRSp`TuNP=4i6E<+S!UU*Tqd34NF{tM1<5`L1uX+s(?A%
zFy8OnbNK;W2hBiJlTM+C90tv~mk19>0!B}#Gdqpadf~CBO~cpS1NjL-er65fV~6AC
z_>D&ymL9k{fq(E2Y()>c_&d^6mQRDuoH;Wm;_K@vKDWco%T){syGp=5dC)_BW(YSSx2wKWr>6
zjPTB!FJR0VW{uQQR%uSiuuy!0Jg_rYVWP1U{q95Xu$hdqD<
zKxaIBBXAdTw{`Wx+uH{xYYQyx`ekMi%|e+ndl-Js4%pg=z7;xWXXk*kIJfL1%q=xIxH{tD7lMhdilUMV>boWUyuGj!
zGIVwi#7+bYc8*=-=9eP5MKF4(pXet?LcBbwZ78Ry&xU!krs7~_j*T$5o-Quf3cYZ4
z^%VN;h_jn7t}cPNyH!%v?M#5TyHWRDTz!OWyeY`arMj^hjg!cjMSrE_SD_79z-<$}
z#5m}`M-wx(=wl%pVZ2o)=Au1LgpUYC*H}zxRWshhhBG+C2S+O#yzP219Xgo^XW=ZY
z{qXnIla*6UeRCW39)3bc1{|H}D`)rNn3_~jUfIi}n{LNfD4JL31UgGH#Chw{Nw#zR2S=PdY|lC;Q@Nj=y+wPRh?o>XrO>JB
z)-J}*ya_KmGn`yJsn5%$vD=3k3&-N^=xCIgi|7|y3p3Q#mN>dQ5+ow=wz4cL8@d=Z
zZH@^3#CQ??CZjU5V8{r6s>OM#>a7#Ta(MMr6lEU2zrtb>1s)Dtj{u
zK1gKDqIoz9o%9VKLVHCXWmT<&&6v(GZ+q;Vo#?DDq`F1N#OX5#_7(kQZ-bMoGmf?v
z=f;o-3`R`!rYJp=x*k^++%Q%2vkyVTXA;ttMV8108=Lfa2Ki!T?S`k59`CT>IEs5v
z3!CBO;fA}X2%N06WEGWRV&g>Mpm7WvYSAz6#wN^#ta@|P$*QQqX6ORu4RsUt#s&{p
zSFA4b1mNf3`@Tf~->k+fvY(FT8jeQpV#>USE-)~^Hw^k7N{+wJ5u5vXV8Zu(U!$O)
z@Ix@@dufba$(OCy@brAoOMeveKhFQpYP=0;e6(yWRzq(4T{{n%y7b+AQ8k7;MxFce
zTtPwMr%{t}n3Wj;ESl?~IFFxzvL1+nf`Wp=MN!rRQBY7&Q20goO*@drwC(K6`59~8
z7<$P#bc+0@^WWk4^)R%ib8u5C|NWQmE<#r^+dkY*<@dhh`_t%ZE+*wv@lPsyQxW+-
zo6{Qy{`&n>bLu0$O01_Lc@4WVTL-qDhe1c`-Y5!MFRZQ9ntzBbN!0^?eK#$+`*{0}
zf3Yd;(qz`xl*W-A8GOgf#J?)qwi1$#74RJ|L;Ymx6IZh*`)7Kqskey(i;q%sehDK%
zZR}E($JQ8U>TgeNq_?qv&$mR=^*ekP^b;J2MB(u@+avz3yTF_Dg_&P
z!(;sY%pc@9@YheEua!+N
ze?^*crty!Xt2UFxTlb*-zIVQV0Ip;2W#KR<+RLIzt-MG9KBtSH4T&We
zaX9Cr@8HC?O2*y%09OwF5i)B&%{vcoGQRSy?TXc>296cUIVPy^4@;=PHY^aRSLhWTj
za!dlb?Pi2}I-Y$+Qm(?Ab2^gK$!XMSRd~9&oSom$(^*GRb_qo(2_)o~W9R0Htp${&
z#d0z>iL&|@+`a6{*tvtFDLHgm1rp|OLs?WLC&l?1`qX$>HWDA%LbpXVnK{K+IQyJ?
zl~SPBwviCEpM=yrn!Bv=^t7X~B$2$rLQ+%P@CW2J!d2?wZ2T#OPRIJC@xr4GcQ(SCBqlG~@T%yN|D$?resXU!RubnyN
z$qneGN)Bz?Mxo@5r>cyKJ~uqYXCmGu=VTGqKCYOHu%oZFg48&4YG#Q5s7T=FC_y9_%g
z2h=7iS__X+(Bq9&OEQOqEK3`;cnW#vo!G+uxIA(1?)ZlF%Ucdm%HmEFnUG9*OAnsz
zZqyZ=L~rejrMX0XUO8PFOX|{g6B(aNX{R*-LT5UQBdNq6vx)fe!aN=5ERQ9wGla{-U1%>k#lgsAD%(|fyE|h#@cw&8
zMG~7M6NMA%#WQ#as>+ibIGI9DPNR^S7nVKEoGh$Dn-fQ!!3k#vOH{fRB9HCm$k9Bk
zBLeZ))RPk1M!QM`KzXHDxp-r*F%kEc%!!k6l-HW$9pGe~@F&wIWOm?W8abkG3kr*{
z^$x|NF_k?>W65b%5$q|(baT-;-E;OpS9p*k(b?qYcH=eJlW)%AC{Ea6l$p-biuO{8
z&~bJo3;l@~*XXkG$3a&}TD>V=qW#cL&XH`){XB%d=s#Wvh$GpZ_b<0;f;^2mebpFMZjZ5g3z5py%S+>)^vzKp;YgUruHOB
z`cX{x?jyRq3x|$up^wLDHt!YJl4$C)z*ROfJq;usEyLdUiv6$4_r1n@M!Y`@2Gb^D
zRv)EZgxIZBxnzm7ye@hvo6GHmQSc&d-AfeJl(O-i7ui-M27!AUTV7qunF*D06;pq2
zXEcu9csbi*(%Vg8!f70R!)VXi!>PPFwCx$}TzeSTfG}LujqHnxqqDt~#6x+;$X?e{
zMs!v-z1j}89*e}%JpfP3E15o*XPRQaC#wr!D09cLt-in{f^i6V(lM>SMLc{3R&n&_we$2sd$Ek;nG+{
zMOiG71p_6c8&dfss=}zqZ$7(;KH;qGr3!X@e3D*ASKJ-UarX(trLTmy*T?nGTrWPr
z;(RSO3B|3OTdj`r9kEX}nR+rp?j
z_8CR;F-7~xwGJc9ql>No{DOK5cYK`8aPbkwz|x%j$W^3j-3SSBC2q@y)SnlaSDyTU
zsFDT_zOtTbmk^`Fu{J%Y%I(52y!Fl|@bbmHJen<0CG>UFv2^oEth|L|ch~dwm&fR_
zaluvm_yh%uYYrT5qNjM%eqyU-rEKNMn@M!)Yx(qO4qgF4sB2HNEvXtOPd^;pJO~Op
zZ%}tPAZ!hRK>^f79pP|Z6P3Af#FsRRB%+%`8Hu!Mi%7_}GRmiT>q|tJYNo^vZgh%LfN)#c@G&M}EZ0*mKiC`J!L_Nl3mr7n9Og)7?b%u879ygS``X8l$7dOO
zY&vuK``2kkU9>A%!}91lp?fiBb2cW9v&Rscfv|t*@gnKCh@a#akJj#!3liQFoH~_D0H$VlL*yvOKDj
zzvNV9|M-`xB3YMmt`t*C-T_|u%g59?hhbH=jDPMchPrs3`7#?H(GIJO_xU2Bo}9g3
z^6c(vg8aNtR~;u=EoAF0vGawc164Ur@ny75wB48LP0z7kI7s;s)`8q}kI{{fu#V+m
zA^OV2#<^b~d&+rhf4Xt9X;9(YP+qP8K(#|4d(
zFW#>9!l76aG3R#13=L=8$O-gSHB)tR3q5o1W&8-SZR};_)wW)=GLZZHc`SUL)B4P;BB77*UYCy7eVC1C9L<~BUeaIz3Y=yJd
zB8ky%=jcGk$@T0AjKEn0E2iGwSjHETd~_329~W{84`=)xSBY%n;taZRJ`)Co7>%}!
zm9rZj4r<)}gK!-)mn$=psO{||Y1bZR&lXwcKt}f6%;2HxClDS!mTTvZA}uGD4X;#j
z!!@(Tws59g{}_StZb3IOJ6Hq_b|LsXHDY4tfv<}>E`EVHT2*lPlXCpr9E9H3$wdli
z`PO4c3tR?O(%LHgu?RM-&T}B3Val}289977lP88#-PTBBMK&JJ6PYw(xX`=l+@g;m
zRp*AAohyDJ{Sz;ZnAk97MjOdxo%B`buz%`Qe4DbdZn47L)XX^PGr71GXD_+#k|!Yp
z*`5(gcV-Uv$K2c;XBRtkk{;iH2^eY{=x(pa%A{RHl!LfpZm75~;ZTE}>5z*_eFII<
zXr_DEqO!7QaEFKhjh1;3Puwi@HhdVjESy2)kwjw|ADQy(47^N)p*Jzb)xn0?{Bwp-
zZ7cdyWXnOJBFM?fWBlX=j2{v~`1C8et$iP9O=71>v$h%N|2=c>B5u2z%ZG(C=c>6hr4SOjM0d&
zt|lgC{nzR1rLC`LU@x)VxKTvAuJY&Sj%_ST<~38Uu3L4kHf3CksueeJdZPS)>t`XW-bqT(c?n6{hL*&)mpx*
z=Ap;fn=wBfNm5!3*Nv3du@KkpY@n!6^mDfZ)5Bf9)h99?bvf)ia)jLc0?KQejl~LG
zeLP8Qtfn?~7b>rLm=^5hvx7;-@lf7yURre)Jq1UPaWE=F>{CR2*SY&T(^V?rpe&so
z&ju7o;=Vd+C=}-pgDqoVB%V
zI1Fey>Wwm0HIhAM-L=Mj3%WdcY`nX1Y^errNRmWb
z&PFC?n3-wM)x?u^!Kgp|pBp+_=o0#qvEyA1B+B|zM5C-fDre^X$&%P(nQW_{%B(<3
zhTr%gON4ED@1M^im(lYbcMG+rjO@9|sxXuP<2d^7tK%E`6#VYCRY
zevAA>2Vy|i-D!MJxI-wqL7XncUrqXnBXo|RDLlLv;}(`uWignUGiP%7l*#=?75@_^
z!ieg-(SFBbPR?P&sNK7UipCDAO0#ftvc%TXiB3%t^-UdQ#q1)ZN*GxyKk6)Esi*5oZt$Fx#jnDf^aDK?|wtTJaV-GIN|K!nPQZGrvA<7rlCa
z2G6fR=6gX^n3
z!j@=9!hLM$?&=aw)ScXF6UNLC`-=XYIm*{qxUwHBhR&#E+48;A%XTDVJNry8$L&nC
zhzk?0%jB#5Sw{Uy+qZ;LT1ng3ipMxve|*pmh|zw;9au)~#cz5LPG;XW)3)vrsH%5R
zK5`bm!VEck4dY0BrZ{gYYhT?pu-A8CN}$M=(n?i~m+wLROc8o;?kZhm?P$SewCIBg
zf%Mj$8Mw#U7gZ~+QNY@N?PU1ypnj)xF~nf+*GG8_nBXDoO53*Gc!&65BOGjRZ|_-M
z`>pVkzC`cSRda05ZX#o1h$-kGVrU4?_O_&E_AqPS7+ft(a33+7wqq;Vek6vhf*!(#
z`P0{FM#zK!V@A=_)qHe;Tz=ES4(~yu@ieVr
z^Ol|D)=S*D@H(8VgrYVTvUSIPIzkpOW3V%RUVenwN^IM-ML3j3+*H9t%nZl6rxyo5
zZ=5X6g|TWC*Bgr8K!GWHHy4slY~{e|6kNQAGh$dEj+%bYuWPHOBfp9G>}Zm!4BUC+
z0=zx_s3|zWj(x&FdyV3<&;UH$Txl#$Wp}2YtFD_%Z~Ota9*M=wC5%D7Ho`HAXf48B
zL~D9_3?^cKp@c>^Zi4@?X%rm)l08QgaU5|Cvxj(yHnyX24Z-8AfI!<)!p2ogITVwD
z|C~n|6FP)2-)g>EyMvg7By{dW89w%MhT0_X)y4zlS`X*)$wTo?I?Vc`DTL0Pf~{u&
zV?E5!S-3OUQ$(y%5AAIhgpLnpaELFvw;#aKe-K`F8d6J(m^fx4&gXsMud;C^qBD{;
z+v9KGb
zuVd}OqqO_Z=B}xsXNxULLRa)ETYP+-FcAj1OJzfNP#|O6TiLK~CsFxY9=?Ae-Zr+P
z4=dTV?GP6JJdD8|iLBmokm#6vEJKIlV|ylImC%Y{#?9N^SnB*TyDV0Tb3|7=@cd&7#I+5y
z>NSiGaJ?{CvGl{id>=;(H4F`Kq1WJm{~$L^MR3$3%)ejAB&?-$Hf-5POnN@fK|^r2
zk+0cHe$-(y$_q(|jUgd91)s^ca+PB=E7u+&M%W4|U?Tq3Jp;PufJ4|!M(TEn_D2!Z
zHIf$}n0j87U*Y&h&ci%*1)GKbxXpWtQP%FvzTJxrtJe`zE&52-pF#2>TvjyKp1?We
za{SM$a(f0dGc`5Bun(Uw9A7(gG(Le??AyS$=w{|TayjNU0Svb9!QecMAlqJgto;f1
zurWIIcAX7FCQo6q$w5|Zh&0}ZMd%b^SF~6M`r~P1P53xVHh;O6=rTRy#{1zf`o*lv
z49Y+X%*Bj0$(k{NKKO`WXxFyGSO$#6%ie>Q
z!Vj?8%O
z2EG?i_#IHfhG(Oh^Xjc41Nk55wbpn(U0u%If4m-({B<1cn8$Tv9e-7Q{C_(Wy|254
zFJ8Ngd+xrAC*Rx6-1##v*?Gvwi{rSs+5P9Q4F1Qcj{1PVzPyB>g+IV~$e3zG;O+jc
zS1^B9Xd7Al*0X#hJ)<~}-w{n2TY2)~7jXUK|AO<7s7l$*(|_5|#CsNED*{&Q!MFbE
z&f|xm)WT9wP*6~~C`v6X1qB5KggU*d&=l2IC_A*=3XiiGbm~8p}91ZwBqIq-d>R_9vq6zL-%9E*HcgYzO4R<
zYQG>oU3HXX53K6>A80C!C9|USC%%;<(NLI2MdQz38?Gkv7@H3z(s6F0({B>Ju7kMr
zDJ#M-SvDOU4TJl
zj*piInhPeo^&{zfIlAo~s@lHCxfuF5esC*kHSHL>o7sLU=_f0FbIu+L;UZEhROo_~Mhzinj9ajj6`ZtepMu
zaQMcml0T4!%tP!ym`k6KU0GrrIh8-v5q*O;8bb1l77Kw9ZQC1_aFLulgz?0wBLyQ47zp-a^?NAscI5(
z((9-w$R;;Ci^8J*NstCZH|4VIGK-DnXk@farN(PyR>`K*Kyz6&4fU1em(|c`>_>@?
zx)SQoWEOp`)YLRnD}H1HB_GpTSs^0P{*R6Fsja7}t&t-6yyZ>Cat$)w^|{7t71he?
zg^RwZtf#S|l>Fi{dV1O^5%(^CUVWxRMc
zDzn
zao8-{CiJ#Z*uwUnh$Iwc&*o*Q{l?>@
zYG&)sQ@91IIrz~Enk?*St<52)wufLZ7f$W{0Q=yX*ytO1e_uSKLIcqZ6jjPSwT9z)
zZ9nI?PwwPoy*nylEcTs_A!67_tmTS;g4Vnpy#M)0
zG>(?2O*=VyG@iabEosNH&}e?E=;=iCYCHUVyh+~wH7#lCGumxpw50Yg&)1niY9CP?JeRdz_o2*_&LAN*Egp7hhbBa~lM@D)z72Mzx0*7G2dGKeP{@
zKu1>peK$e#C*WXK&5nO=!F~D!Y~>gAyNdbnW1;Ia2BV>q!|#8F$+)2$edHN-^*Q1s
z%v;j2m9)5BhDX(2-aB4`tuQ{7$vdc24Q0$26ZUV65d##-vZ2Z$C%!O&BvQpg-g4t|KNo
zMi^)Cj)=gt@-*wxTX8dOysiN@#e{*+P|7X}j5#SY?!t
z+Sv!2^8LKNAr2c$wa8*mlc=*7vMwU-WI68ReP|MnJHJSa@91zEBEP2Fdpx$S$N7A9
zBH?34iu3Ivr_+J@Q^%+fjv{~0Cq&sy#5d<%o?9w(#NPoAa`|{$y095~vSLM_driSZ
zel_VldK>dO)#$>k!Om#wGdPiF&%EJ1ytDd<$TB2KlD1H22qZr0fUr|TaFiN&^UDN=
z4z^_HzFmY28bxN*I#SEKL=apgvNB;)(zg(6c^MIw87zHe73L#m;n}j6kB^uzX;lA8
zhPskicBfR+*O1Hdb%mn8{Wf6aWZo;Q!ehDH&Ue~+sb
z5sj7CP~$A$03T1Lj0wR$V2p4wUS})eekZ-HoXD}~##L%(j|gU7F^8#>
zrs3(RLf0o@>Ez1vIajk_!4-Jfs;TWfKcTiDIAjv@=Fg+MFb3OUmoa(j6oz>BkYkK?
z>=`p|3Rhk=k73rK483fUae|;Hgc3?r?y@oaQ%
z={J#XXTKll>8=qG
za|1VDBjj||wPIkUaH7bR@S)*&4V}Q`iT=hqJ0Wwf<;pqpx#x~K6eZ^nz56TdM_s{;
zNt0M82Eq2UDzTR*b7#+D+L&-Gj03;~p9wQ?%gClvE**ZLi7}V?eve`~GvkW6%$&cF
zJEpZ0Q&3C7wj_dw&1I61<;+kuQF-#?G(V=#oX)ffqj3_S-7se|lNMab@a)R|?;?iG
zZ#hhUlG^sq8IW8Ed
z;IWJdxUfQj`{Y|$aK(J)&mKWXMm~pDe@yrlx3fT;Z^q?wg|i>nQO4Gv>EnhF9x;(I
z{<3a5F>l5Up%>S1-KcibD>{hINn+3xA?q2F2rX%%;`}o5B1?C&4ifU2Mudls-EXEa
z^WHylwYb(5w_S}@K{|eyjUmh-f^nnAbNQs9g!qqPY_JFR9=68JwIMYY$;pML_73`*
zD}|HrW!&{Q^y}HxB5)}0@5hiU<}qjbP*OL3iuYw#i!nWk>7mZVl*$FXzD>sJXSnw2
z1w6gel$ZZ>8Ku#CFb%nkS>m{>#{{xDr;TC4!PSWI-&R{pz!-Pz2OcX+QXYw0TA4U?
z7L&(cMtgfZUPF9|jY^{~ITn*CQ)nwGry)C)A=8JQok_3uAJ6r3r!i^vY(|R!t-s}g
z+;HVA=3jjyvwTjI(eB8oMiVNveIiiFBy>sy?iRm&=kY_hWCtRb>YID%1n(zj~<=jY_fMz!Y1B?b?Fg4Uc8cMp}aqe9xb_M=Gd6`C!uB{
zN~+8_!iv?)Sh{>QDJ3Gakv}mp>92!iYKD)k)3@d+n2PQ4fHd^95Vd;)ix)59c&W%b
zRI-|wU@n(M5TBcxn4^}Brr6n3PQ@h?n)B27a{1>hUb~+Vk=5u_66RLc{eqRPzjW^Y
z<@7h{(3h-O`Z=rD?xy-1-^fbxBfg}=tQ4QG+8r+<|NqcELcSKVhqbc9S7nY~GNmyq
z+IZ}e&8HY;qdKn?i%J+jaovQ&m<@LI{yh1EHvh#B`Vy!BaC9w_jQtg
z@GIlB)~AW>*0Rwu8>r{iLt*4`)_=5^#Y@(a);;j(#Y`izM)9x86ekxCEYxRaU;i*9
zgOFKf469_BZHi)~wFz!x=VIBN$g($=aipN(g2y*1;bzswNL+=Lqbs(i=7i0$PAxJfI}tVX_PXL=J7D5e2H_O@f4w*+XpDu*%y4tJ5UMSqZmVSPhSlQQtH>Aq
zpwgeyL+{aZu*&9nam{*6c#}*g+ez}{NSz}?|&|hEcB6#|bLe-GL>6|fKJJOuu
z)_k(FTyZg!v17+ZK9Tiod*a!k$<#tES|`!h>qy$ZWk%iDnyeyB_`Qo+m7({(%Z|-o
zF|Ivo_(Zh;WoHGzEG&vVB2@4Vw3=d6F(V~@Remd$HkYtCyH
z)4!v%`R*9PdQ%|vd+GW$mWi(iZ|d9Fc~hnswe0o8Gc5>GLs9j6SvBax1dIWAeEgS$JBA&Q4Pk%Y|Awhs14v<0m88
zWv9rFJkL0ph4_JOa{kqk2@I>9?^IqF9FKb))^|90t(JC>m>uyTpFH1Ec%nn;?q$rP%=xN_Rc6ec&>9FP8LBcCjkPwH
zfC1ySh4EBQ|8;#fre(D0z3@I<%Tpa9(3cbSi}hiJ-JdFBQ|K)7S6L)VQG*r;BCD3Tfixcav@F7O>@NZrdU7a%ci50h@)?9#nc-`puglgwSE
z3Cmg%AL+X9(}URr%HGM2cZ7q;;M@MP9eGUJF8Vc{`~Fm*jr3JJvk+xfo~(jWM;!C6CuNxC0z
z^~d0ezGW}7EQ4=0aIrsNXDYO`m>T!P+V$1T5u?W}Dq_`x>VY#kh@a?SF9xk6l_>fx
zut?s@ni%^MQHJu#Q+2`dxJ&isu%|lRwCucRt~x@R)dOLBY{{X(V0UI4G(lhbz`pHn
zj{h)KBnlrowxj?Vitl1#<7#i=yTpisPoJFke<5-GlTiN7hDO%Fg$M;PIGWy${vvNX
zbe02n-%;fS1Yo#84Q+h+h36;ZC!Y}S95|}YW^EIna?5B)SBxMyx9hzd-Huz}!*CN}
zm@tvG_W4q?rG~q>=W;n0ei+}PLU4H#tFgTWmE;>G+qU~T(02E}j8k0M(9|Ib*EK&s
z;*ll~acMq=5>C2NQ|o~Ep2S%5k2=ok
zXqG9eY#c^kpGIs;WkWGh)MK2iGxH}j(7UklQ+kZHi>nM
z&ira-zCGIS_&fu0cXjtoOhP)(S%29xl2~j!IZ|tVo0vNVk$O*$eJBIXAEQ|$e5xWt
z#XLT?$DvS*j#5*3;zm~j&4Loj6z?#DAl;iK+Bh?ZoAL3ze})7a24{M)7p$T^d)(OK
zBQA&cMD>h=ia^BJg+Neb?1q_6xG-nmy6n(k-0Og|-9wPXki>0@^WN&G#i)-H%u^UX
zP3X;3_JUZmbKFhWoa`9{oVWf|b2VImJ)GMoa<4WFCI=b^A-KAa<0Maw?;Y$Bu{HVu
ziq=u|O&`~{m)<%p!fx_pC#@x)R^uvGF+#wdR;vEieejzp%flqPMS)aW+GYlDOm!?aK5+F!c0pR9LX@Sk?#cxVx`LRXV>RzV*Cm-Ki>+7o;2!%{#_v5
zHi;_NlQL@IfeiYY;?m>e*gqyS<%@f9oEGc3Y}f{Tj9nK9+8oH;rigd`u;WF9>0*8b
zVI{%6^mtZZltaXhhKPr)pYtCOsz%zKPEiQYwEo1$72xUeM<2yDGv3+^j&90?u}~u@
z;Xqq+Nqjb(e`%EtjksHHXK0=LOHkoYOd1yO-Pxn7{z;^^|3*?
zv~{=1j%+dcdBu6^O!-bv$8hc3`bX)5mhcU@E~CC%Dxz%#uho*e(Z#!QK>XXf?9|`5
z)=M6LI4oLa#}@_q2eOJt?0h=Er&ASG_AVO9aLYwTtY|=fPX2tMy%KBjS2;nAdQ7o5
z?p*F(yl-;iW#U{G+~tvSe>Ov
z9oR!{u;Ngh)^(0m>7G<;=aGiq_K}={J>Kz=7nD!J#)9A_TY{GX&pfx{W84wqV)w^q
z(c{trF!Fl@hbmay_r=ytlr;-NqImm*hxi%E?#bo(9bk{fG-zP{fEZZ1?0g|s({V!v
znM_I|9m_`eaqxXWB*C6T2zMiWJ{Wp3(FMr;zmWMxYk?#dis^jdG8-l!bo)7A#Jx#v
z!*MIdNy>qE4$H#a1wiJ!ln`~`3|UQRAbI#*Q&V`TW_?3qv8fGyulnuL;XSFPRRw&>
z+Qe-ZIyLKu?tE81F>RZNN
zJps5~X+7R;Z+rf1AQ>is>|bz>OqB20Z1!j@ASP4G@J-mcAc8c<-C!Gc`g=NPGRh>H
zo{=Xzkg0jPNWC2Buva#@2H{{Up~ClF>1(#fO;ew9j72pV^TA!0uo~0-X7$F$n0`K_
z&$GomG_m%7dWhRlwIFmjQKtF;cA@E_bfXaVn$=M}PM1y6mbA4)D*U|w_NzL-uYX}<
zV^!GJ_Sz0eRSwL?wgcfNV0ycX37a;JLe0JMRUi~N>f{1p;jJzwmGqH$6Ydc4>SO2F
ze4cDL%+jh<_svB%C5r`K^@RnS-9}Wmk6W%QIum$xRVlqjHK#-KXyHrznJi-|^wk5Z
zi7~9SiZeJUO0ONu+!KC(4a#H9QSj(kG+I^F_8`u^IE>yFU)I-um}COdv7gixz7Ox2
zwifo$Y`ud+XgH`@s8<-NSx<@@R!I7Xj*q7I`-EilvsYxKX&iW`%vOP+Ck`Kz*cV>g
z@QqaHuBI<)3a-rCQ&QSpG-FTPsd#~iyg=?=lnjo12nPPOz8TC$e)n;_U2fh~u;-PAi^*Ln^
z8#*Co@ZHt9K1fkuPbiy(U0!uRP;^G3{UPi?H!k)!&q`NFw4n`
z=L-dxC#Z9I#Z9*D*5R;4pY1}BGlFZyK*rpi=sLEZ5+Cx%bIqJ)@DxzisU3q~wBCpf
zEAq{0HXJI`jA;pUV%e$2hv%lMmrY@)>mxqDj7|Q*keJ)jGU7dBa@29TyU3RBvFUNV
z)QoILgz$kGDlklz8l6PSOp1oB`59KZljA`jO~?A)HEQlt2&XDoEaUR$E4_E_HD~$E
zh^N+-ymEWc#-K6Tj1ae{*zenlB^RO~9FK%>>7Zf`7PO=U%O#ahs_t4|DNJM8$GFZX
zYfSeoo_%#TxvjOI{FbDa^qYH;dvWmbD5T>z5cxL^<~xn2;)KvZWz#G_lJLzbq(bXi
zQ(A2GdOcC9H*Y6GpCgH-5{P@W3?kh4L-U)=d9l_RgNt;3r;pm)CRQL_NT9+0(OczN
znCu5YtVmQux5-|>tAx-J5th*4%~~D&xz0w(tbZ?Ce&h?`@fX=$K1_J2B>?dQBX`c~
zXr(b-I{RJEHG{2ASM1`IZS7_MLhsFy$U`dF=yER3GAX{A#_$;iv~#ptC}8@{l~Zig
zhm+kVN_*ZoJD;=M^wB2)zRCHyp-9Qb4yyRK7-;v52zYGrdGQkMA9_N2=@}=eq##?w
ziz@{3f1w!r#{%6lo`VRWwEaazW>isL$$*8XKOOLZc1N9KV`celdsN4EsDTZ
zz%pyhwv=CMNWMDYw_Oc-bJHk=7Y08&QKpC<9bBFW<5b1RwiQ>fQYA!}YksG{-*acI
zm6No~_9G21Q#M@n-KPnyN5A>BKE;+!xo$5M!!!VIzTU(HN_lZ#*>v?yf0sZe-CA#}
za8FF@u2JoyhA8tOK66v^_E1IFVk}i$hwR{aI#MOjf&?rwk55S{_d|t^P7V`#l@(Ac
z!H~W)gHEAb&S(HzUpTzIIs|MAel~b0Ne=Ml(Z^<(rh6IqkCC>!17MV^fSM_}-}8bZ
z(rQbgd)e)0t0_~&NwZl{>tu^KBIICNDRG~giLET`0Fi9F
z!IpwuX$>X43P^KL+mDeOWXojgdKh7y
z7O_bxR&i1Wl{=FJ%5%{ilAC!TY=
zwR-V1`O4aja_NAzZk>wR
zYlZfC3afs(Q~CbHeEIl~s@x+T4L2!`(BL6|(vikK1!U_1W%*au38PkB@2j=kq_1q{
zm0a4(h+X#b?M+azO!nL2xJJI|Txw~B3;QH~g@>#2aW%xUgo2T|yP}$3kn5nxU`Y*+
zcd1>P_;M?t!gfvp4dkyYoM6a7>b+7j?(i|$q++GG>N)mnVI#<2FS;1b$dGmJ`sRz5
z&qgX>!)R3kI;|~#TQ!>6m}{66@rS`rs?_!LqA01kM9uqthVVIc@O~o6a=%%izZK7K
zhM+~S-Cx%PDKyzTRhc?p<1H7(VUzr@Tu~gr0btT>j-)!NOeNZAFo+tDOGyjx`vNN`
z0WPcU&yb6!Ubx0iAM~#jkFe|Fx0lcX9~Fha0qD9O{&F+x8)#z!tQI5yiP+|h^3+uu
zG?AEvNE5Y&#*}Fn;`FQrN)$o&sLU(5k
zzhS$_uyMKEP+fyQEOSwdC_s9dLjAoPAHkPskRE%J`}LQ^jx--1
zlaI}gun|$3`Gth*g4y|qVgNKyE^p_1kb%phkUEa-ah8Eju_
zV=hel7to14aAZtx_3-{%AUZCO!!I4_yt1xAP9_tAfcUEpB$dh)~gNfM8438v^fyTir9eHz(DZ(m5SCE%#}`!sTShVv+cvF
z-}9d=4eWM9+7v?N=VC?tFk;&%i3&MpwN3Mp4)%ncMzlX_xh|0CI=gX@417aGm4(BV82x)Y*3?J@s)DcVB{lu-(ZUKZBs9-
zauhn3j_g6fkr;kz4LnsI`&iph&pDs!(n172kfG+tjSs0=k$hMt)}@bcyH(jKt
zrdJhx;*5T}a(G*bHZr24XH56dtC6$PHvzb6dE2!7^4Np0UahjOnUhCcjf;R{`&3nQ
z=n+R;E=Peab{y}7-`xZ@%+tqbIRPvS5H~q$)@D2(P{(mX7BVeq>Hds7egoAZz8p)&
zX<#UY1)Yjbg5|76`~kif;#59REN*gmOT~ETQ{_0P_R7{Kl&;w~-&ZL_v|1*OcA&^W
zYNBWQZgHjuJg!r|Xi)uEX-IlwLFV8@)e}(w_k79)#+GDG$SoL*MQI~PP;f;1wjqO7
zR`)k6TYxu
z&K>L+gnPmgQpnA)+8@?Abew{j6)&}m3mBppt0!dj+CBM1TzxoekR@BU&nvFinNsGE
z7nSNn&F18F5#{4;%>((+_3;%j&{SFZ_?(nS)%B>X>fN5<`GsNY2o6R7DzCZL&W?6;
zAdpUsefZAr^XD;KD7$wi12w3BXX>;&E);g8Uf$oMK=wf~vfufrtpZ4F(z`o}jMhdv
zGYL6eD84|+7MWhG>x?Yx7xR0%4IMaWCGH&&NSXITvw9cT+`=4r$1`C5Pt%69tw}rt
z4;mC4%aK`Dh@K%q#zE{7S0k5R?VB{-C(REEMf{Uur)vyv3p4fZ8ZHXb`Z2L
z^B_U9uu!B49X1;n2hi!o
zNdUgLm;POMGqH;!dACf@sm>$Ce;3Z@O`IkOM?Il9JTVj3`ft!ASbxw1{Xd?zBn5nI
z-?vr%pa}d&)@K}=pMMi@bFksiHynW1(#*cAQ_0u6YO4?>HdX}(m<%&H@bDe2;Lx&j
zyRrwN+i&Y(!Px1pC7Q%R7KltQa>Lj4gy8vfHMp@UUa2BFx2)qQ*b4UGvHn{
z+0Qm2omJtMY`w>pp#}vPJ6}&P+mnw&FZvTmA7@4Z>&u6D~
zZGk+hJKA#UrUBF@3a6+69qTGiLV%)~NmO-7#Ez2El#U*TTq*5)-k>g^#L&YLl@mbG
z)G&8T9Y}At0&3f8hDV;d_bhAmCKMFu-1e-kUT&(-;(okQ-{RrTc#NioB>!goSS1s}
zTEk_2LMiXF0T~Fz(9Jm>%eS~Er<1e6bt1tfO^l7rs-MYjHEM)!5o>XKj_meWT?fQm
zlbBC(Y!;B$?A|=iVK&vh`&P?$W8wZavj}%(_QgW2r554shAW##0AReC!YXF&Ej69S{cB+awW>4*)Fm(P041w(M+3;3N6yO&SGG?=Hv$S68QTEr4KA
z#3~_$*QM8&U?7v{xKT(B^KUI)6Z#1ij6n`lAdoQ-sIo<}1Kw
zhtUa9?c2&12^hvyBzIzigpNxiCm1gt<-8oUi7X(t`3j=nZ}QV;^cJJTq|HR4LiuXo<(KPC7>dEgbOSYp&#@aRl$n?LsE9
zO`v{4@dgV6rrQ9sT)(ZKM;}8W89ad#*gU4FB;u~T*&$Ay@W8=xn!evf)=qvd1r6L#
zEwZA#drb7LpH)6gXg!Xk`VJ@Vikq2oPx6LmZlXULa#muTJGG?m-3@lNCi73bA|*iW
zZxx0Vu&=7v_y&HePz~OgP>kGG;VlJ=^0OwX)Jt@28;Ei&7YgyD@lLFItAEHx?5jZT
ziTynZ$WIFlAR2%CTG)0%-O5M`-EjvOIS;>xh!ZXCm{OmbC}m_1ksP)8fkn5GP9Dg*
zNr&Q2Q9$Fdo_+Tzsq0n?#AH|gF5#cN`#rpa3HBGqgRo3SQN|ze&5Dmloo0r3el`ws
z)F~s!4euW3H^8zv;o~Ki*F~$2Yc?j|C;zP9?M9%M)tFGVof75g`sV2G#SBO-{!XZw
zS*3fp4Q}G|eAQukiWgR6FVV7An{Zob9ioz9V!RiX?ihlz-bRr=>;hYTLKPS?-H*Iw
zwmIE~fn#@Ob6LHu@cmgALisLX;|mu<(TbUTHsbTNQ%$vvZQnb|zWF#E@5mSGF>Tv8
z(4O=fz^bdlX%{;WW#=D{`DuXUp8F7#f!8$#!RFjLuMVKJ(XKomgA$9oA}A9^WM+&H
z{qIPJhOrcXlX;Q1NVj6!YTUUc{*GFeDV)Tt!G3TLDLccU*;j}b3v>Hp_R7cCs2>^)
z9$ILzH||-M2_dV7JA{YLRv#(e?9TfPK31V>1B|)6Zvj2PPSP@rjfcCnqA_VCZi;j@
z6lcL`5=&scfBoPebF^qnv7#b5^qq}#+5DM^o@48C=EbRw79UoUTgy};6oUIZ4IR%EI`?H8PFc^S%LW9yp8#oZ-xs4g}
zt8F`(Cr9)8qL!gHPUY=R1F#*b*`F5l1uq*@!iV|ge^O7P6oH`(r1I;XN!8Db+xJ|%
zFTJs-MrZ^C&{r;vB-|r
z$0eqe>Y51o_Sdkp17_B}+!O|Dmt-fm8ptAF|7Cjeqn!?)Ggpwv?MWQq4e@KHRAu}Q
z6I|W>93kth2|+7IxL7ghf$Z
z@T!d6a@D#x5c-?G1n&_#F5GaZ(erLXZDT=^X&~VEW-5LY#n9;w?+_He(7DDAK@?wqlHJul^;6=yroy;*?DQ#flU@=B{Ovfi3)l^dR(?${$LfofG-tq5RfsnJ;rUzF
zQofFq@MgjW_M%YSCwEtEg7dvpvrc05xRN4#nzSz8ZuU$I)!D=))4vADr^s;c>Nt>{
zQkiH`T3NitJAE21{-LykE47migFd-3mi>l$la$J=4A^I?^=~~jN8T!@<$t{jS;v|C
zSG$@*`p>Tyg>-OFL^+;m=anCe`4Q}C{udVQ
z9{peEzfBSkerY{#!qI8BC7r}%g&gB+Zoe0+c!qOOBYV2b86al|ln1gWkafJR1J2BP
zA&jT(P~eUr-)`7l<(Xf)%aGT1j97rIc{%Mnr?F=$984RWbRcC7m^LPPqV0Po#)5r_
zIZXGbZ_y{$r6QdGlU^HyB;N9Ic00`$8$b55IXK5I$$=~*9Z}Q@W&^F+RFGsd#muQQ
zzFjsHobsIT^MUAFP8Zmks2hYtNtxdJn9lQYE#3?Aw7)};ib3c7Gb+K$x7C$2-e6bJ
z`_tUgsl5h^g+?=FO5>GU%KAWtRbEOiOG$;)s5aDHsoBm%H8iUUCvImEE6+Dc1BVPF
z59B2{NKHLKFvvclx7#egGeCUl)Xm1RN)c0*itgR?I>1mc#_tvmPS;k|wWe`cSZsJ2
z{$|@Y6IP6WU5p{O$!Wnkm`^c5!6c}*K5^NCW%iu3DSgFv2796c`1+=_YQ4uwl$lM{
zI{y~W1Md@B&tt?Eq~4l+ER}UcM1EWSp*FZ3V&Y>4M;^iR_Qr$glhaA_jQF6NH*Q^d)3=}*
z9Lf3PCfCmr?p=F<`Toy0f1%}9>1Vi$dqgwAe4kD(`f91H73-JoS~^<&w_-&>B|#NX
zB8cv8MP=+_WeXkK-5^4}|
z*=x%t2o$|1Rbp#smZYM-naT_@+gPgP9v{@lrKmyb~HC^aG`53LNTu!esy&v7P9cX3^r(8XpWxo
z(hFL%t((40O!zjuBLE@kF8+Ds%*IB$9PnIAH`pk8Z*D9Q&21Tw1|@BEk7GJPnUlAj
zg|_Nuo0K~BF91HT{Dx!*F2J-+NgEpT2#ky6*f9sWxl?Tx2xb;7Mx;zvJ&oPCwSlaq
zO@^cU2U_MJ%F#^$jHM|$@E&=eEK*ChGjpu_z@@=9Rwo1hJJWNGoD^emYrPK4D-8k1
zdmpD5-5fdRY(W69cSSF_L@%^06y2Xp{mQS4-fW%|a_kxAmnEfEo(2t6XL*is=)UXk
zM&aU8pD|4N?3|jT31g0p?csEu^4e`$c+FY`4^7nk+Lo>gYwzRjz4a3->5YVr6-f+!^E~%A;AWhdncVv?o@BDo^d-VP1THG+qg=G@Q#b
zqu1Eq>FRR%MZG?xtIQ-bj~`eK0!yt4ogWE019Ie-X0`|hiQfr}#~kfFAKOd??)i}M
z1>~EIR@iwRu_42Z1-ipN79UnYPjI{Yp6p(>aVYIXlOr5!Ya#n(1DExtBGjd>#(SrK
z3oIDVLezOWvf&xW$A1FLm=fr2;(dKTeCqiWlO>WBv$E!8VnIr5px}9eaNqhVPruupLp*P_3zV^?k~F<+4q6bE~Cf5
zL_c?CK^NI|Hzx7$JbwS?`hoCwb()lpLbq{aP(T}d;^I?FSIMSWUgZkWWlu*oiO-{_
zxc8MXk$6iI|Dl5fum~8foG)%6dXp?>h>7KfJfB>rEQ|P!R0lk5U&*9@bHm6C^_xev
zPe0sQh4VU@S=3kf8|1PnRLt^N1!dRe1dYGEQt@x-S;489HkBwy(sLV!Z6iah7_e{#DO`cy5
zV?Jn8U_>joG0mo^&JU0SFSQB?)x*)wZwMmc>qPKqI{~}OV)4oZT-spL_Rb`U@tbx>
zJ8Y~STV=vH6{)=Z2IgkF#A&nRjGXGF<0lsXo{@Nn62q2nqeNaHSX)Wv0}kAYkU
zjLvw3Y|(1hXgo`gjz42U?K>cNWvv&De7e;;@=jO3XA?{%_&D(Pi21_@1K}^Ig^mhC
zHe=bDSvj|l6Eg3zN)Bgms&HyP({X$+zQcKb8`kqZXVLFLUN>FCA$P0K5=E`pK}~v2
zRBzuRZ9ZT>o5pA3nDmw6zq+Rk1%mJXlcTHn+3Ee;e_MLUw&e4KAs}E!?+^U&Z!^G)
z`mZ)>D?I^P;jicBsDLQWgb`Z3hr{hMig*L5Df&@-avLL8v4t*YJ<(h%GKM+HUxObU>{r!#ZAAOon+Djfa22Ff19|;oea3mZ-mRDB1q6
zg;|rCPcYv1Y@F|@{-qadl4)}l346DBb?I8#T$eB=Ya<)x^o9A^ixwq;^W1<
zZ}x`WoDAyIJKm(q8SO&Emaec6j}0a;MsvvCkv#IAYLc(CW-s4J8Z36!l9=b*`~)Z5
zX7TwQYd-k0?E1KucqPWm%a5I-?YY}dMkdl;?tu5a>Mr)0=EkpbJeJl^
z_!Ds(r`4E@T3%G2_u+Nrj%#Q|*zh+_F~uG4TNCctmliZqtrbwdq%Ixo-Qwg#z&gBg`zY$d7AP0s;KmY~s;Cl&{A2C7(t@F%jb)LGG)lb3@%hf-sXGd3rlG8
z+b<4ea6!Jc5T2zoE%3mW!Mp<$CH)>`RGJ-LTaY44jV4>9vzV8=6sgt9*oax>(C^=L
z$9Gc|Fs
zjQwH4L6TmQwwM}q#}3_q$Lf`L5Z-#;1H=BCJ|-^TT>O?q7yK9AQr;>r1VlE#(Ms<3MHGyN{oQArA_wkQ_%9Ej
zx~=X0o>527hLcOL<@C?g^W2meG#!|Waps&_1Ix6`OHK_5-Gv)X@E|=inW*pS8hR+<
zvBi>R_J0%p@*k~x=VX;K(&ET$@tfg^XFW|SS09laXiU^ppUFXpF_LOj)u9_quI)VwaQF_{_g57N_6x
zeUehPQ7>*!>1W(Y?Bk%1)CL6jykvx8C8@60q_t=HA;AY9Y~t>nM>VLyZ~wE2PjH+_
zDzWA2UawLP$fU6b5y_*oz~Jj8ppP(5b%nm%W@<=a`YNjrGP%TWRP3d8#*
z)63AaoYC;Br#(+1<-7tEQ{;s;76rYHO=)_pQiUKjZQ=TB4R`QlRVR6gNNuX@pgB^-
za(C#2#9Fx2!CQc#QxtA8;@r{Ie3fkhlGU7p<6g$II75x52!0nW$)0T-9~(RR`cmtM
zMp~eOOE7xUdhS0SKD;-11|Iisnmezx-BU$y`DbyOMhM86JSeKiI9nPA`@vss$aNNl
zArSL${W}e+>{8?1(fISdmX;ZNYe_q^_(~~cy5xxza2s0tS=`r#At|36prVzbA8E>@
zLhk^t>})QI?Ev`WN$9g0bau(`Gucnh6V-Athjq5W80~P(OZ`!sL*l|Q8
zDxZZ*?u@nr?5T!MBWn(L0lrVVBXm^IkwkVRdAv7^s^dmcKoNr@cKYkbs0O}g*6nHU
z8~48eD)gDl!~8F{@(BFj0I2@~>in;e*prc9Ld7gy&QOKPcP9`A_)uQ3K0buS%Xo?U
zvj9V8x$6xH>VMGD9da1BE!n8ajCd?ZYehau)XF2O6i!I)b`}cC1yjeOpn?4spuq0*
zpho()SxqS9-SM*6cFUhME7c-(o}nUApp*jx)gK9lU2gzT5GGg6DGhs)be3?fyN-;SAA6~&i1D#6KC{)@Z~{H;c$5H1Wn!dM;7HJK>v?F3
zP26NW4H$`H$Ywr0+UYBuTuK9fFpy)_CkBmn_ozgvoc_4p!mFxMVy?C>6ox8xujhxA
zH1+-EqfYz=mYq29(DC3!!Dz6rS9d{Mc8trwI(7We0uT(-Vo|J&Ss{CtW&5Gd%VL93
z*ir-iuE31eeV3FpVBfBfvDCds-@g9#rdm(c&WE}`T*7qj#1k{kS}!_^Irb^&wma(O
zC6&rYzgWt;r7DCgp%rD?Z|e%?(|taG+`n!>K%fygkpAK+IsS4MAGss#MqOkv*6-*{
zo{wH6x^+>$SgBllg#n2gPR``@BVrdTp-)Xu)R-D&(>9z~v}(vWu^CyPX}h|z+J{XQ
zx?fmKJIa~dQVcRWzG0v6zti6zs*ZpR<*5xAc#%Vxl#B<8|DxEDNalZ1`plsXaAJTk
zsu&Nw=YT+?if43QWB05L<5Fh>3hUQ0dB<`Jvl#W>nu0xX28OM_|0VLnMRSL8`fcSZ
zQA8uw|_2V>9evAGjMiAq)|8avEVfmA17aF1gcku9WRcDXKYpPNe`n+-YRhEIh@9=8)#%-{
z5;*&_DyeqEz8Bqf?iy+PtE4ohv(vyfY|Nr6KGu=@dr2ZzvtZHr-6ia}6i0m)YCa&b
zdpL4+1GB8;V3Gj7af35kbI$9s1m_@G!Wu!^!b)NRQ@oWNMw;%uY$v}SoGHA3pGWux8cE^owHwpMI
zIqOaWmz%amak)yeW#Km$wA+^>AC%&YDL4i^U%%U49vK+owT|YF{0K8Xk>)V|byZ+rv?GA-*8kaI!kN2HSY-13otOqN=8H
zog-%`W*+R5jdHM{KW}hXdVvfc*&iR8{jfA5`Tqqv2;fyzXDwtO@`k0$j1NTW0K7o4H`Aa?4Mx!
zDJdY5Xg7qV29fxXP`D`XtZzulPy2527bk5{kkb(}bavP>s);O2CS=pnF0`Nky#Y6!
zhp$I-hpnrT?`m7ZRxo%#sTlY%a0sR}`@%HC^IoY__%cE?SJF6|r)c2SS5l7zQ?ATA
z19w7gtXsmRSzY4de_iB;3!8w*8axq$tK)g_?%KYN@ugZZ>4lv~*&-;K
z$`8r(&FC@lifp%<<3F!^3yMP7FXu2GjGDZI1-E!1i`)nrb6jX;5*6=PI#ysOVtb!i
z)Nd~S!hz>c;SLQZsswssR|mpVtTuwr9L5KP`JLvoEO9llwitpSz~{-!T!{FcCU@!vDD^u~S^w3oQ9!!UV4x+h
zPF7~Y>G7```#1Q(JE4UKi*Pdvhy&N!8F1IA$Atbr$=m|?Er)&8;&saq0P`iA^XyU4J^Wtra@
zZC(y_Ok4T3^uILB#NGnC*#)cMyU4AeR@{sdHwI%nf({)VPT`S4R>CO#H{}g
zM&3QO>-%4JHpLaq3Oj_48G_#UMT*_lRwha9h(`ijrFGCSV#<;uJ
z9pBk+4lO_S&Q1_xNU`oVt$BL;{L-rb4+?5Ps0#m=Pcot^Ap<`5N>I<~%m0B#`u_`q
z{x2c*e;;%Q6nrP;AV5Cft*nr2|9zB0)klR{+u=i*&E{!-wisH2kRBUHmrvX@LM=_s
zI*#EjceF0mLVwA^mnSZmg0Na&qId6~4T;#e2lsWcZ;GdrF74DZHr_O+W!P11
zNPJiYGvskivoT*cc$4_gFB{Y28p>JsD{R~Q*Ha!&KZf18vpUfD5d^ca7wrivK=ZmQ2ym(g^s}`fGyh?V
z4isZo(cg9ktYrDSQzqsI9e)pSU*A?lvd~LNU_iroM%AU>K2vFn0PV=ypnNN&a+l-hgsk
zGZvv_ZBbk#ns+NeS$z94^9HZs4!3*cj!-nUJN+Sz|0SskxA-R()av7$1EHe9z}tcb|Mhm}{D5=aR&lmE%a=r&%(
za$p+c14_23t})kELZKd*!_{1p3Mt4PywUnLXEE>w2a8LgWT5?ilFDkw(~6jlNbA)t
zU-F`56sQP&-)UFWqc!d7K;?%2hI3SE{QS2X0B<3>eBU?*7|2G>s-rtSTyBmcHAnfQ
zvEtn0XUdEj;@A?4{H;izKmQ`B_dR_9)!T}D#UFI$D*TxB0wNvFzN)6IlPBzEnxFAm
ze6Wn&OOND#7uNlX+f$jHshQ^-lTik8eheUl+fCT@>yh{>*J1?Q!A+w^>aD-Dk2y7{
z)j>3b#^dJizI1iwuJ&14@MXslUFd0u)oF^wU^L1c*l%XErnhV#TJdCnfAMj$PDPC~
zMJpWF^-F0FZnS9Ci3CKR<2S2-sirokPPU|+1H3WpS=boJ%R=qjug|BuTNO9DLeQL<1U6&b}9C5&cUD`zxLQFsK-I{3>ZD}Xxe4o!x5t(
zhcnd934!I7M>S1=h*+H4KY@naltdp{Axt#jlvS~da)W;AgS_)=O4D%I5|Bv|z+g!0
z#Z0Dh9!+>Hct;3t-p#VkWK0pCGce?Ze|lASL@Ub3YOGsL8(OJf`e+AFF1EY3_YuBX
zdV$@h7KtD=VEFg?(6l!q&3IE(5fOBV0oRu%?l=vWo<8jO?>=!z6n+MnC20QO4-y}%
zFWMS+B3Dxz_suOA%-q~k9xZ`jrt%=L0XUnM{wsPAJlyR1x`A16OmBO~>G|D9XUi8T
zQ73wly8z*5u+Kw|&&3E}&E@i8g|;lhsCUv?gnn_#;(2F33)SM+5_?d6NHAr#(7=Pp
zM4g>2!TwOSj#0e>fU%rz()9=<)(aDphRAraY9UKzw4bjQ+64L6&kt*Ih87%jt~?~>
zNN0C{zCaRgJ4)F@r9(?*LcONA@g1R`xpl~0MwpAGIM)l~>t(ubl>N)EksUDec#Om%
z5zv|3YCD9I@+{CkQ|8;L9a$qHQTEJCzle^=pDRL`a{ULC$k*>xJ*ojjKaR_b2`i8&
z#trsTJK~OqY-LxwqM4*)6F$Rgpss1ns~L7t)1A>viYDZ=VEpn69X)+}RcDW7YVGX_
z{ivKg9TO0JF)%jk)^nbpqWD@`R>k$;*y^SJV@uY-*OReE_yJetvxarNR@k-Gi?gMv
zCgAN{(%KeG6*4oiE{3{NYXXhS5D^O;&;?q`D-u1w
ziaD%STD(rnY&0?*PV^-|VrsfnjQ(&-PO%}IPH=@uNEmZ+>b!DJX+M!$w7~UxXm;dR
z-@7p-^!3qWEx+cYoIe^Ft;_>2Cr-Waaa0wOD0w&*wAW|cvI|*+4xF*5-VFFnw9)(+
zJ4q}+3W=(`akl`yp}Ec{*XIBIE#Po(V$A@cM!b>K(o~QN&6({qO*zzMyXb}+Y-+GN
z={9xc7m|*(bQ%^)8i87Sw6w>UJVYYKXxqmpCc*`^kmt6+x|E|I@)P8aSrUkJcP!*G
ziIEjA*`)dL#tFcLu=@XtA|Q7<&B>mT1iIr(F2)WX`k~=XSNG&i&%oJg0}P#2+N(`w
z*o@#NyfBzpETZRJ(d~}Yg6t?vv*
zaG8xZ@#LP<2~`Kuw43rXa4uraK?Yyudpe)!Kef(+75lt)kI@L%{bb+{Rk0o7%&yXK
zyq-1`tJYmmfl?E_R1CuoA8;&j7ZX_%9n*$`wrt0?ygJt6J&W0nPE%OtTI;n#(Gf*&
zFUl?5!7YQaWNi1O$H_K|fYrF2-(;PvzNj8ZCqGwLNvyyI_Kbip(0aP-?l>)tF8euQ
zQWzHwN=`b0que~#qfsp?t^RCOHbO%@Ed79KglIn#%HvhbNc)svCd}OBvE!hBa_|;X
z8=)ASj+sxMcXrjYAJcIw5x7GDS9M2M)
zC^Y0fVBdN318!4cRYF6&+tP-^<%;-;@KR7DNJwod-t;0hO@r{xKgeTHSn9ee7o2T0
zbY0BBJ7a=-*$H7rp|jMhRxLxokYNF|`s!p4T#G?_th*qbuRlY!f<3lMo)1}6j2h6f
zvsZe9o_bgV-jQ!OV>r_@1?*Rw{!R=8YQ75-g6neDuc?d+`+F55Vt_*KAow=I?&`@#
zj46;RlY9Y0C)11)*q@SPpkcnJp@y0&FIvkYj2%2bygV-#q~6RZkTiu%md9hM
zjGErPyxlWaaSgxQM9PC&#P$pdD4NH
zyeqo-s`RxjZN_|ir4ha4g0Lhs1S{N--l;i!TUe?ui&EG`Or*`KMLaqtwxvHTfPa_o
z#rzuB<=|}219N$s(`%3X=0-=jb0;^m!*uDcksA-)*&+~55)rDbv5&^<=Gn2~qxh!4
z%E%rxznkj%=K5kq$zK>1u;{a)h=k6Z9-Q}N<6Fu`z4WsQms5>oy)4+|a0E;-#^@@m
zNI_a~(TV(0?$-nI77FSdM$YgjtVU#Q<>>@u)y-)}8o3OZcP~Caqj9(5mjB)$UTr!0
z3d_#|S?ML9`#)5OV;doLIA812xP=WHaV%V}T@Sdlh+rZ3E4Nx;_9yHBef_Ku9=elw
zpjB=Y6VErg0dAa}qYKX&s=iM-G=lzCd^C&TsL}Y$X8~u{Hi_tO1cq&Fa7rp+!canR
z*rQ@(&y$+B`N2m$E=fcT)YX2ZME%-VuI>XH2J-$u&1fwFhd9^4)#cyrIo#?e1KM_9
zPEihAnm?ToX*B1N)|U9-mi{Ge$HE^0j^=Yd;SROfo1W%aBj?h6ayTgStXLePuLcBY
zqyHhxV_FR2q=@RFyb~uN#1u!5+ny
z)hm)gJ}0wbor&e@mLwD#0i@YMzQ3%p2L|s5c=facdq?%zSctppI#9`S8XZcDisXW4
z6{*aB6CvM^Lfn+K8R{CE1~vEpC1Xm_0Lja&Gf!e=M;z9DlUo;p@+6g|fC62p8=d@Qkw-%}j(&TC%e374-}^9P+639x@?hXf)N1G85RCcq8g^
zy0xBM_n3Di=T4m90(w6Fb|fSs`sFr8QTqhfqg#$)Hl^5@8Uw;k9*wnidwQO7T-be`
z+Sz<#&hdMP&Ix#D7E{O3UxU!v9Zf^1FFH*~ix_u}z0HI^1ZXiOLOYx?Q5#Wi;Vsm0
zv^ps|Rj~K!OrvtXbghT9@`eTF0QK7>i@J)HzMVQCkW!9E+%$w@hR4rzR|@dWc;VV<
zw5C&S8wKL3d6St;^rj}?M_GJIAPALrS6>GXi1-P
zRu5$;2V&vdll8a_KbWiORg^gm+RGACs*vo_nYo+w69REwB-ekRK0yiH{uz^{astU3X7nEb)|6QIC!|(e&6+iK-S|t2idA=#b`@D57&1J=VG+=5v09{|
zA!gi`-&ohDlE3eoKU`>1?bCc+;Nwj^rl?U*(}wB;^m;pR{;Dc(=}y$fwOFQ)IB$tH
zFyGx_1={glXzWpw4gIG#$J8T~hj1jn`VwA*n^E5yOn%xt;KAL&brI}K|i!b`Iq&T4GE>mc`-H`JnHYX^3GLW0-w
zSkeb)^$2;p*zvz{r2;vYrwg6Eqxd{i{|JUi?(J+x)ugg0$}z}6=0+H*`>FB-gjSvq
z7~1iKP2uqg4R||DksPu+5NyX2ioJ?Zw{|7|4Rh?WC;WcbMAjkaT2^b`WnkxoVHlg5
z31vVobcLN#(bPo*^d*Xbcic|-hl&p5SA(_jZ%336F~}YfOKh5DJo_M){_Di1U-orV
zi!k7rE|lT&bo<}ZT6H4Aeh(fW{gAMoZR**MOp*I<;r7H1%)HtJ(_rxI+SnJPx~U}t
zI3g{E`pP@dXk&?bzIj^h2~kxH<|6(t>=RKIBUr)yHlk1!?W%?Xg+IJfgr|qwVgyPA
z?EQ7{IItIh(@42AqkLlepwLufCPq;d0PL&aIb%*la#~Wnm^F4(^K^s@k{#IzC8JP)
zO7{<*cqtigEthn`^JDZgF|XuU-Tc-I`%}q~IQT<|m}Fq;<2haD@5zm3&zF_mi*vc8
zR3^hfVotU6;ZNJIiJ{;x6NGhGL6buUjd4-6dy-E
z>mfJje*5TK5gxTH=NV7RhT1DBmhoV2Mak<6PH8nNVtj>Sb4iBv}prXXL
zsCt$l3&%fNkCinz4e8BybwekAlV~b!?}TUBG!6mja~PY&s6C%{G0^|@FlGflyO%JFgjMj@
zP4$jBLqZCbaPx(`A7MSW&$gL-8|c{#xxO`@|EP2n5fl=2}dsuF2yC-@bvNC
zr8zMA1tjtpJ**alV-fmX$c!YHCxS(E5dGy&?6#vXWi_K^&^Mimqg<#q+YO)r1-~*K
z-d?*68RCW*k_qp$2sAGiO!Yy*!MWEwXbuP>I~+?|h@v&Y(^Q|%1a4V&e`|>>Xw$&+
z;zCC3{@@oI&_+3$jz_gegXU^#ZR|)T(2W#+K*TomrV8cac5OSQ)`fZ6zC2cny4Ot7
zKu}VfpE#%=eH_(4m2_o@&l|Cs%(~{v-$8A7cw~K!y@Gsw+YFhpMuh?y*M;vCsL6Ps
zSpI}99n(!ouoXpe=~e)JY$GGyzw*S=(#9A~;)UrQ6D{73DJOgoH#g%rygo6o;>V
      4p<5nMIZV2
zr~C&cdW6I*Wp&fncrBIxwO{l#UWO7~HnEi(zQ3%rQ_jAPtM*`?UFwxkt*0w+C8SAE
zz-wp|`{?R{&a`)!&z$r1*;dxENJ3Wf;5C=m7fj^hBQwSYkoXjY(Z;E0N
z&B$P~eJRJvto?g%No2(!ii07t0Ul)YIsI|P)=PFayuJM^Bs((M3pV{>PS>W!G4tLi
zawJ5`Ak?qMtjiTFVoha-stxRJ{H>Y4J)#~Qy
zVT^A6J%0DY)CN8MdH&nZ``tbx?aT#x>aw1=Ft@W+)vb8uJtF2>*Z03{nWsHt6a1P{*m`J>GkdPd@3*vdSj3;x8A*vJ61BcNYW+1eNO4f
zLB;FZk(>AG*4erG7YOVc(H2Re*~}i9Vb^+gv)*tdapm7c^2!3FFq$0CF6_1!`sohkWH+SSR6}dU5ue6l4!HI
z3WngqHMXNkc7L$iPeXk9tC%G;bHTBsLmu>OfwK6}{F&px4%HsIHOo&x_vb_1){bM6-i~7dpS+9fFrqBob<>!74Je4})v6&tvgGl-e)&X&_88#Dt6wXcQQ1h{Wzco52+!VByX05%QC
zkVyiTI_*6pFR6%nw|_P&euq6FF4*Nfg;htjSXRr4Gm76_He`8VNok1X+yge&!&y~@ia
zC-VpHs+A4dB*HVIfNDf8i$8oVwzsjJq-t;05Ok(Dgh#@)`AJHISx
zc4@aid|THI$(!Q;D__$!k>zDue*a7UMHy!&1-NZ4N#9`Tm5HZ=ytY7b^BU~=Jj*F;
z*pirFVdRuo)n@%-zTtCZVaYgAGAFctjrx|*zC)Me8-UC=$!xA5qVPimx}kJvwp|*x
z*);khgAFH>mFA$UK6Gm}(`l=VuRn?Kpp=O3*2Z?AKR#wKrwgk+D7*7+*!IjUQDxB+Fgc55D;NIf))bwk+^pp3F=eYBl
zrz5dS9E;gvCQqHiySoi%@}8#kv?YRQJa?K`R4V&>L~q%o$oyjTVJf3VZ&giec@)di
z=0EMvQ4K`#ON%m)y{7s%)J!oZ?#Vrb__oQOt
zr&p!fd}hcmklpsQZG_#PtYjNcdT(_gM;9q#`uCxSy;#l2i0vOlozz~*6}S+3vs#6!;@4a@q}E{URvc2aC|hpE?21K#-CE!#cG
ziUP1CqmO2`ZGTSor`I+N@+E)trW*_UPA{78>)R9}{Je^`PH=v8(!iMF)fLTV6nAF$
z>Es|bnT?++Y>te%JG_pKhVe*<#l**PdF?iYQ?Usa@O
z5SIHbH?JWMwHFk0nxs40_Am#2ZagUeE3x4jKnSZU$J}jBO8q<;GZP|wMSR{x&)ay<
zxNJ)e7xg5RGGHr%_EilmdTUJ)qW>=2{1k`1XyF%9K8?+zl4B5Js3#9ZZEn(qvUsAp
zMSz$5Rrt3{g9L`RJtFDe^+s;5t7X&tX2)+He)*UPee`&gopWJ7>1iJQ%vbd2xv3j@
zsKB)mZ#4vZ6)PZhvm3^&*m~sdt)Q0d-^pO{@(IC_$T|KL-#hvmzgv#)D-=oU@C;%z
zsrT617vVK7UoWHmlJNvsI;%#3AL1eW!LyYJ6NQ{*0f3mk+52k!k35uBGYFk<_m{rm
z_f&~!`>DdYR>X|KIU79G4x6VOsN-aC%&5u#y?Qo0(SRY4j7UsmdQ_)kKyIoVI^{3Xc%9fgq
zHVf%LaA4PbGYVbns!?Q}E?Qw4-LQCJpXWviabz2p{}q)&9>^@*_jXw_5Rz0{ox5(w
zPSVh?M+dhN5UpccvtumV${62=nO6POj^N(L3`0KgDywOm`rEUq>`hlK)%x4Tc8Sy_
zZB5Dy5R2;*HWCq2xYeu|;fgtuwdyhkM7s;qkN9iM|E=A)s+_ds_S;yuSL%{*y4-fW
zwdowf@eUsO^I!bbgY09P=ZpIJlVs4MBNV=nBNGMDwwO93+Xf)AAjOR
zo|0-x#<#bbV_?dzyzN{#%I&lnlx-vHIKmjeUn*>N`yCT(hk{mKXA7TOpz#^tW#(*W
zuxW0#MJWKC4`=`(Cm!Z|Zg6Xuv#lgE+Y=q{QgeTuO1On|3+V}>B%$61$GMN|fM)9=
z{PsmU&Pz0i9n1MN68tG{=De~s?}K|8@K|0pgySo4r>D!=K5O|?ALIl3>ZvtNV8?Y`~x{a0DD}QVa(8mM1i2)@Z>~IKw^=K
zxVx^t-^yn1=xAg(bIbL!4@p#K_g<+R$=t+(go<0T1=0ZRGo$!zcAEoyu&Ad*!S{aO
zO71Cu%eR%qCCIbDftiTa3TR*rd%HJ=!f^NQFwEKgg)pShow(3Y!9IrX1h|*`w@HQc
z{=&6Z*8DDV0rO*UUFJE`PLoNme^x`_x)v*CqHVUEL;J1I)wB@hdh9HB*{wC>3rkzW
z_7EN;deE<@$lxRd`76QRbuW6}^xU5G-ZPyBUKML{#(qda`7zc;(8-y?tKcb3io=>>
zx)hvval#^%l}@wgcY^z@f=NQ>#nF`5x8$>IKf>HVdzMJB4bXW|DRTf+;B$;Y@9Ys%
z5M#-*Ih8e#F(DueG%D<3_b2j{Y|7Q)z|lRaBjb;AnOT~!KJWalPGS)XZlNi8cMeLg
zQ0veU48U&ad5LhY>2T^Wr8RQ=9xdkM$RvPbk*C!eW%4ty*Gt~DiN@E|H)Gc~VtbZRzPKA@O?9~`YpCJ(}XtJG%qfq`H%k{7q$
zkZ#EkYAWX@mq)rgo$G|7-6QKC?{b!om`x~NWuQBJQ-mhT)Gg5U8(v(7>v7x
zIyQf4Rpsfc5gZ$AL`S;)Tzk4a+9L=ADm;);kz1NTp58Or0DUwpI$yk;a-7+30q
zYb1y2ui#?EjG8jr8vM;iRuoJ(Y$dJuW@p;MbNw^=3M|I>GIXLwHiFR%Lm6M|w!zs}
z<<-N+=d(uI?Up3EHLOXd$lk514bF3-&QlJS%dba9UJ(f&NJ~eut{5jbVxysGJKHBR
z<%$tKQC>GkW%TpLELF*-F-+aa)bLSqA)%(BQE83L$cNZ+3z+-KoN%xVgjs@)9u0-{
ztf}-W-$FseEJipskv2{@E=_P=kPJy#!@7N3tD1lG1MZx$G2D^|lGJVbTiyGsC-Gqe
zXtqN!qnuAd!i>W}y;w>vdkZ(g(V6O_E|;6XAyhC0%_Y&M*`w$(GdCR-;UIV<_v##8
zT(`22Lp3$+n65aElUKPjUm-?>_LUX(=w=5Hl$u(akxe?PoV1d!K2{Qzwd1u1T60VM
zXo0>2nv<(@{kIpF;ta8vt4}@(NL77%|I%WlunPQdWnAP*r<{6swRI$Y?e)#y4LORH
zd4~PMvP8^uog%RzZ(2opgHzMDG|tUt1ATpo?59PIe7jen_34EqRsDRad}q+|1~QGb
z4=0G7Npp4U)ImCXB_z?B!ObGx8kQw#k=mrLa$p--``DI_9{b#)%IqV>vwednjdckI
z_={6nS5*dBYnd#T-_g!%Qd}ufP(a-+Qn_8~f`>%g+F-
z$=ij}Qb-bdf%nBbzkXIlpR!Xs?w?Ou6&>BsnQOVe;I*T=vRXOL#A$f4X!IdJ)Fd)}
zyb|<4u?DZtv#vwnohx>Ce3`VUN;b46QE*4?DoA~&WI#eY)HMjk>3as%g~Zy>;M?
z^sjew!i4-}8cgDF3&qm*X*UxNl}$PqSXnxaSgJj|#_C_X(s&iQYwuc*{NiM|JJWl}J$tG=@KeN1^(=zl7tHFlxk}QGe11hSza&9WCZ;dg|+4+5luH6ruI*UO>6re|Mn}Y1q0G
zeWV8t@-1~#{Kmt?fAjTe$>JR@#v7Tb1DU?&&GQ!QhEuX(ez!79AYu6$6fiD^e`M&
zdpFMCoAFL7L7s!-;Gc?XHjC#!2NTwm#|E90Tt0%$cvET`iYiAUEYD~lv}{&oidF|>
z6yOwxWw(X1+y@xjI14jQyb)O?s?yGClc|r`i~__-^W-b(46ymMvZ`UIsM=tEx`;~&
zV}=(?bwP>AM^kA=@@Ch>WKsR^%@5=%5ll|sk3L+)0Et6+$`7GfLSczZVLt-@@6iKQ
z??*_cP#0VKr9+Mn_B=D(Yb27_!v5(^8E*tBb(>UZs=sf9q+TH(5sA329ieRt(e_?B<5&L1p{{$*
zO}}ftsFqUH>2@LiEXxDw&G;;@-{}q5s=JHuLq+Aj>@EmHg=TbjC%=7E$ScCRzX|BY
z*V^J4`3c1U*^a+SHT4FwTl#k-sJ_WsDrCslE8rS{gr+vDG~+vCl&~-JACIVa=KVu-
zs92Aqt{H{Wr1N-tY6>Iz@8%vopPg?c-jJ)oV#-MZQNp?56>~_BV66t<11(&rj)HMM
zxpvLQ2qS6{fBtNWF!#C=`jFTX&+hjVhDBl-$|4PcPIYQio+*>Hew}`-lMzN9=NC63
zUN`#qaPIECi;BDjrUI79k^#%jb!MTgjzI2i2I~dkY%Xz&;Am#eEsg)X`a$ab*11P6>3*qf
zmEr#7OGGcP%ZXOO8_y^#9p)&^PA)%^C&Ku5%%
zxXukn|C@ov7aA>qnACs
zKq|re-a}Uo;=@#fk-dIKE3c{qt4;4<$8#NIN;tAgAQc@IR@3s>+`=D6`t;cqcxs!P982nA9ju|Jj1fzO4(ksry?be#(cF-9bsR^>O
z&OeRqK0}Sab#tHIG)lGR+w|~b=zPhhDgH=sTK$8%Wbd@fwEbQR-lq2es$(#WCCl2#
zd$2U0M#bRb%y$9-EW?ZH*7geJ2s6TU16IllGd1dd2fe`^@#CcAVik&S4GonX*{hOh
zvp^n2ERA{XekkarbP*VbRG6E!!Alqdj?
zg0Frvsf09dcEU8=lU55k4V2U+@q}F{5AMN7(`#|qL>=4bCc>am(1q
zaYSw^#Q
zOJ^YE`piaWCEaDMTJsCBZK1ZEi{0Q)h8%LWLs^oR)>6RN|9+kUWX<_1uG7SO)^_<<
zP|SmJCfGN|_NO5Mr~ZgU+*#5_ZwVG8n@Xb@>2@RT`BQ)OexV($IZ6l}>|)9pwXeIg
z^hrk_1nWS&%6qi>HjKVi##d~`Y3k2*w6`-OMA$FsA6VE%@9g5NL*bqAEi(4VWT2|ehgih^$!z_aILitZf#U>%Y1t(QACxF;Xt%d2W$4ao-Q
z2Ngxab@89oqHq~D^ziI5ii*W$RT~|Sw}_-1mMlK8snaz8xKhm;(~mj~!e!r}9R}f~
zDjL6aa&`)snQnU*5QX0C$8&R*VN1%V!(^wkns%4H$bb}21~hM-#~k*J-!p5K2DJe9
z`HsZ6(~c?oOuA6|*w!(g;@PBq|ABt%3w_zC+x&pN=~KlWqi$R1A_br*dwoByhp^hd
zW*2!0qe`bG6?c1rP(VX*Eb#4mgDW#P1z`D*j3NU9A@ZyzZKK@cp@r*;O-g
z6*UdK+jd$%7~mlD*9C}=5B2|fudQ_DsBm?pLElx1Gus!N>n1=-p7pG^R>J80-3
z2yR7`R4P{cN|m%Yk+XBdHPgn22TDX~r1Gw_)=>gXOQkfHytk~!<-psr%B>|mvr
zwC_n&NOk+a9MDp_Tn|H?oK?Va8a^hiETae`Ysx@}#U%5RKRPylm#AVQE`bN-$0DfK
zxR;q-36%qB*`S^LP{v#bDHd;3i8=w_MEI_M%L)R{d|;L4hB`h>Sv^x_$q0Dc(dUP*&+@zHaGX
z>FBtB09Kqkt^LvDofHD-TfQc2zVT18x2p~x(!vqUpE3OnO>5QH_}3;(!0sImwjQQT
zt8HI%048;P9LsLHJ-1lkTFf0*XG_VAk|ya5dWr=3lhrObNPw7-Trm4HQsu33L^%0d
zxYQ!<1PwUoiM;)sqawYHbctR&3XAh1u7NDf8v_Go+w{*ga3d-0K)%&Naz1xrC>TaO7xL{kN^$VfiVl({{YknQgd@N
z(&jt9IjiL74Siyu|I_;aF|xW575lGGaaSHfGTMfQ4p07cOA>*&ceL?VjdY~|Qx!p;56kaQu=IGYnR!aZCl50+qQDIDbhZje>)1j)F{)YDUR3gTyH`U;VFj|B1$-8WJQ?slx_cxPKI8Uk)AQpQGJfRIHw8B@L&&0
z6XA=-^Tnu~uJK%l5N|_KSG-ET`r@oiV!yAevu{c2=>{+uC$~brS71kCzhjKpLyZNR
z1?*ZAP$eS4J7q&lDJR?Q*&-cW(EWz$1n$7pX=vyeewN8|#UJ1oBZ$l!E
zg#5xB^Y=;5MiBWXq)+;1Hdpr25aRZe69S#aX*rYJK}QS8Vc-kNR&aV|`Ru#ymwDp1
zoWqSY>2%tXcFy#;p6AGM3X$t^y&mo6WUGsvF&1p);nIp|G+_H)0lj#Ei)z(*{+S*U$WW+dD1FJaeDuWw}&4p>r=
ziOtu~WiMV1YhNR6?$oVFc86lZcrUHf5h>601}^%Y?24Evhs8_9a-3^GL#>=ZIF7+*}6*r!v~y
z*-xQFxFY-V?LPDKR-_>|25wyZEsMU8+3ZK@wcfo4>0NvKJVjuyx_3wf#*)jWUSitQ
zv08tP&Tzyl{;k`<9>eO@LF(@J;V4Th&E(nxA-w0Cmhq=|HN=@!J{|uHLL5iy0I2*G
zsJ*CX^&+DFnS3tdW@WX?CR)x!6|H~`sdi~24Y?RIY2gn`a+Rhb-V7bFm3L^u>Qm6|
za>H@C!00o^@)7+gnK|p6WtS+y2dPvSSF%o`Ax*%lCAtk4c`5p2((kMLz4F_I3-h%>
z*L;>nb)Kva;(XFZn-f{YT`<+0Ma-jexXSAj^D$lI)A4Lls=jUN$Uw*eAcRnmI4NWwiUbK@A-QU_OhZ!^y
z-R-zwxu^EqXmU(17NN{B7mVv&C_8oj;f80hQ_w}O&KbADC~@WnVsFcQ?>t`b3Z-qJ
zQJD~uWoB+L51_)7)2p(ta;j~?@>&GUX{BOhCQtUZkz9{Qk+`%{rt6+6!?asn_cE9*
zr>n*^buQ?V$LoW*;^CX&p?-b8CKU0GKH8l*6d6+5&v)!31v8~__7e*C566{Uz1^mR
zR{Tji*7bPH>xS|hBllkEIh(LBHBSDnU>o81%qE2Xotsz5GFtf~OMwYr6=QRIH@g_*
zB7^CkF^8G@Yr2A={4-m8XlN9R0520ZX}ot;PuIVUVtfXEI9eU;GTAKFMq9{-#-rhO
zJj+8c(1l(=u(9WJbHg8Pm@BiE@j^RPvTRJ65~v~xmg*e*ETlErDA4Hi*TWP8z(Lc#
zqZtkiwrwU7I|=|gZ(xY}vIt@qKJ!>nnrh-ECPW+6JuL+$p~;#oooKsWC<7~##3-pL
zh&~=)MJ6-G5|RmUIY`r9jBuws0GqvmNKtfUoIV1dc}C|z+q@r`A6X)?NOr~gm((#i(r*rKph>Q
zy4F3+{%hs<4_-%r$w4F(<`N!$^E>`#Ew?!d_@~sTYbBhJ85aK^;tQ)M=d~6)CAyA^
z-?2v?JfjVjkB`9*PbXm(d*Ac@x`jcR@Nn0AXTNpEb$ycH&)c}Z6G49}C0^_*f%O+6
zmtZBi?0N*7Ck-1p_c@NESa=<}VGq`mvS~^vLvAY+36BE5<6M&f*6Qg$`2&OpsOIOpC
zT!{W$#e#K=CU{x55GyvK3tU#IQmD+A*T{WYBWk9)V{8?wXa!QV2pduEVK%|E>6_dz
zEK;AH$F?Y`fTUqfP2vQfyl>U}dT0G@!
zvhIIMa+ibfbGy4QTF>j+4Ln7!;5#wjSRmtvU{cWgjl?xe;%FE&W8B;VTm2<|m^#h7@
zlVp>nXruF*^O7`}@m+;P@G3uI+9#cTYQ&NxEo`Y`fqmBX=*JQQX#}dD5l-O~%4anD
zUzlav8vywPD*uH&hkxKdH~%{|Odikq{eRPQ|2HM~|F*$96nuY3bIIThsBCkv+34CMBPF*^ibw6JtjJ$dfeT*n)
zSZqdQ#&6Q}L)N_NGE}qX?Zez3HRZ*fRkJrIUlkOvEG#s%cmVkMm6df8ZttgPyK2Ca
zi<+_{EY_3LGTKViL+h1So?|X`bsl&YSIPH(e?F%|9vDy);~R^3Zz?9Ccjw~W9l6r)
zY9NmYWtJ~37_zT!Nq0sj?AE+aue_2c5WwhTK*(<>HEO5U&Y3bzoced;1h9+SQ3V3H
z-4aDIhT2O*l-w43-0C<|V{a+)vsAa4QTuNYbf!!VTLFuL#lp?N&V%om)$%A8X4;%i
znPp$58d&df%7@By^1deBowR3rDVN6m9k-dr==E#UY>}TtX^L_;fE)lA4{6uGuMz%S
zF;qIp*PzrRchqz=UC4NDe&a|(Bs6@Y5_zo+oZtDHGL9so26FJEet2dEe@XVL!
zVM$_jQ&BAz{+_Y32X!W#>=Ylwxu{X=GlvG>q+4%Vzy~R1@U~F(@E!5kWIA+pB04T@
zR@-<~a63UP@F?Z%6d(HGek*KRKXsS-drzETctXy6U_-)R_`PgjJ}wDgeAE>4hdt>js(NtE=Dnh-
zZM^>>lHZ}_1q7BfIDizzI_~qOTbNr{Qfj@=Ixt}#3OpRycKwCJCr84V*S%*uJV@#k
zCU!9XFT&m`Dvqe@+Ig8nx?U*Q&MWd?o?Z^crws&z}xt@?(}0c~-Lbevs(0Yo@fz5%-PoDunHp
z6cme3q7qMHm1L}7Uu3+8d#Op4jRjt{Lar~3*ssWAE*N+(0~D@zjfc<#Y^)`YtD#BL7-3T*%-L8;d#f^;j%Pk{_w!q{A(+Qk&m#!mM-7q3QlNVX&B_btvDd#BIE!
zc+fBHvK)W-Z#&jVYe~|hi18Y3Px$Tk*GjGgn*+&bFt%L45ko4`n#>y9$!-$Vo_Dlg3L{89EpIy%7MOiQLCC$2w%o~?!a%wk
zHCYVZ%#fuTxhmN0WGVitG*xzhbFOF*c`CZWUjmPwcvt_Z`4%xIM;i9YL1e0Q95up_lqR
zc9T>0rnl-3w->MQ)GP|)?p$1HxKqogtbZt2)$h^AHVO^gvJsaLii|5*lW(6{yhBdX
zpD%G=np_2~tWj4b9#x&aY4T$7{v~p*jSBdMtMl*i`ctOGGZT-lJu>jqc+s=zFcVpWzDeg8zWuj$GNw!;)Uxz|Lnc
z*CCn6^Dx;*?%reu&C
zR0Uw~ZH_$w7V8t&Iy+)^kJ{1tr;h9?n40lHb`5w2Fl#1$*7)p5#BD2=aQ&L2f=zm7a(`tN(1v#vs&18WGwO+K_P0=M|rtu+>Ip{bh*
zH52dl6#g5l+v)W&VR?FrX`McQBQu6qs&vx>%E!QFJ@y7RWV9=c{<(v{NddT
z^B?eW(2XlJ3yKJAo3x$3Gh4l9_dNNNn`#rY8kpqUu`(h%XMXY8#Ls)XK=Q)ZiJqiG
zc2#ET5Xc_1)}D^q>S%rb`OFhy0?ZRiKyQ6$xNppJ1bPr`1-uI`*=RZm95c#lbX+Fz
z4By9X{k~dfL|gW1-oI7sv4EsGm>49PNBG**-R};12p#6e>&BXM9nLv~{PexTxf?Ea
zwjUj|95KFM707)y{kGM0FW^N7T6Xgd|3l&h1w7K3F>U=-OlPNN5IlA8UsOp&pORem
z0wb*rO_n|esSdW_ckxjNFCVc}+U1IdaZ^Xw)q?atQhD{34p_{v~5r+;rITEV;Yo^5qt+EOB{HwpNm;%Bpq+;Z@m$kaU5f4PX2FlRRK>
zn7fX%7CTQ4?@u0Hop&?SQV&l|IVrMXZ{%K44&Q|IGnp^V(D?lvNulYW%9!ptk1J!u
z*eZP!nLiehu&BBdGh~eq?R!PJyUp+ee3IAkBA7^FLg<}Kif}si3&(h=idJ56Ncls@
zGoXNl8$7FArpdgt=lb
z0*f!qEFNyczJ$tg-cPg7SL^qU7V?kuyox*J*0#6GDiw}0PA!=KRcd3$yMLlkD=Gmw
z-QWsb{-hD|al-QudKBs(Mmnr4g>^Q57g`m5LzycLkT7)rMt2ZG#G5?U*oT(&c8VMA
z1?JT6T1bM`_sP-E$K4DwVZ&Gc>Ut1#$?o~4pg1)^>Fj#Rvu=;!72)3AS`1-3;c5{>
zhA1rF9GGSpNMtr9xh)97-}4-Pi|~$oS5-J00;djVkgqyG`#lW(&EjK{a9O%uvGwQ|
z;|cw_F$Z~p-lt?-Byoimwt^&kie`Cq{Ei*_BBv
zBuf)+tiw3^mz@)uMpbh+q7bh)LT%HJ!~N)c@w9BYc{O?~3P!3%d8<8~pX^2;f(iyY
zzV7%^$<66_Wl{{ytgml&N<_lq=KA!ZBR@r^d%7yJcSVFhcN5iN5Ull%rUoX@F?!ly
ziIU(Am7ZMF)gc@-E)jd}ywPa;DiLit7U8RUeIxC;#G@D%nBE+a8RwEr;YVrVI%=XC
zV0?^~lt40?U@&N4BHJn$WJ;&!ZS>=1iN*Q68=sGDTv&Krl8{bJ#o_%5J)k
z2ptt-V*H8u3kX~WFx0s_Qq14VEX77AWAlRQ6=_q;ZBOKt+Ay&fdYUy%e*!T3n1a5s
zIc~clLDsWHwH16{vS}P*F#Ik?nb!f!2vKE1Zu<70UIF58EH!WUUlX-}p2*!bCqXu%
zBc5sTXkDjON{?Y6?b6bQF|p2z|JY68JanP9!7f|6Hj4r=o_HFX1L2mhdg`T95|q{
zU0j7bY3KN-U)Bl_#Tyl7^!Sik4Qg9D2VP*^Hfzw=d$hd(M3uGnb_pYMECrT+(`IuL
z$XpAC!?`s_E7Rl|5@Z9ToGd3rThq{!;`_l=@awE{o>OVj5gm!2MS}bW1?q-IK`U2a
zIevfv5p+PHmXYiS8^$#urfrVkC0)(HHpwrBXX9K_Csdo=3OYL15)%hyE*J9_p@%R&
z74_%m6Wd=#Z&;O4Ht+Lzy@`
z{>IS=8T$}Xb_>vt4xQO<{@KMwAXzqrk1=7MtXLk9C`NiaxG!hzgJQua6bj?Ubc_bd
zBw4iZw4M;HilyUo_;1r#0zvFML8ZmkRPe(iT>g0s85k{vfZ{2W?JBV9k{i(=C&9Wp
zwj&dREh;3@is#1o1ELLb;^13oc&MC=Gdq_Ks#DUn-16ta1T&e8&K^wUz4Ik(=C2ds
zO^=E4275_pebWcFiDr%J$z^N5Rj
zQrnVlZ!C_accCVBxsCG7Bi3T91!f${utp+rD2pM)fGR-fRA46oT
z(+Jt##u$pi#AO#_4;r+H5o_v5QMBON@4iEPdeTYC&i&Q=QKAAbuxL`54%9BG7&=6ZXa~?yn7vU3sQ+?JmsN0ZnW0kl4X13j
zmel#3)7f_G%+@@f#oT~{$?YF`Do+~WpFVB5Bc0A_dAo1%
zp;q^uR*>x<9IV~(#=j5p@?|mEgl06|JMDC&`R|`tI2f)a;O&6sX*ls+
zmfPubJxZheA0WJ$ddE~L1#JF18~D!$af~=#%m#uPYasJ>gLbfq`5T;4UrW-))kLm6t##wF}np>3W3#f*$QI=mh-9_`o_vr
zhe~{%2}FcJk0qRLUL*$v$huXh$9z}fV8$G|M;1&FuV#aT9udx=W{!e)0X%oeL)d^6-=)~76byQ1uJ!%dh)Io)X`mLI{x#EuH+BvE(&t3w#AFYPI%nt_?
zwcTA|T;vTjtA3BELj?ZG3cT`q>@^a&TlFOOLH@S^`UB3@@O_*W?Rt7+Lu#2yL+3KD
zy0G_Q_ecj{%*>E=wF-o!Dr?YouU(66vE}+%!u1c_l?J<+kjyi|x)m9opa_Wi5gb@3
zzIRGCnD0g*k>2t!7|-7XJR7m~5ZdwHU0RgH=VJF?D@JY=ZVgqt0DKAb-rx}t_Bszq
zz~#8+2{vt>*s~!1z{M$e0e01~;iv*Kkg~qDLhA!?zAG#g>5wsT|utZ%GEpyrX9mG{>j`_$drj~brO3A~Re>1WnO|29vf{SxOGx@^B4vm`7A
z+QUDqGw7wgu195}vc742cmsc~v|J-oH0eB`lL%+CZ6qDj%hBZ(c*P%o6kfCLf1SRq
z=z(haN4IGitWRpJm^mVy^$Gf^`#xS#Kqsu0m*KYDU)y@!kxeARx%@onUL{b;)RHG#
z_mC}Hs1OmC;m?7hPT|6Tg08U{!Pi>wie%xl2bE61#!@_Z5yz&Ul)jMZ$d=b&x#8_6
zx0bDcLJ)s%emj#JN00_;+)mn2L8##E7uTMQWyM^q(+fH$KHPDxkeCFh;I*f2)8x&9
zcSkewBl6dRf~D87YdY#JX6q3%F5>cSKKRzv65Gn(
zr|~NT1L^0_6<+r9X!>uDcxgzWk4H0Gtp{+Y`aV~f=^{Vd3N3sSw(p=wgf}5I-Dj_L
z{-G(WmG`{-+Uo8_Hn{11&YlRGWoXx#FfuvA>9zH$6Q
zUub<-q6Vs9#32=m*l$I+Jb_!{(U^}2R$Q1<1!vj||ICO#Hf9GgE`J5PDPF|a^y?cL
z+c?k1?Z#4!<&X}l4GJP6F--J4$630aVSMremS-)55A=p}UV|p-lg+z1`v~27e;vd$
zx5DK2xzvnB?R1xh{Vk6TW3>O;FdKZJF@l*8N{V4Sb~rR03J_1jeJRHO51r~
zKrEh!akb*tZsGKO7i3-#mK*DS}?P1Sr&nH{<=zc~OOzct1#&Oi!6
zUWKQ`4|{^Qm}>teg1N_D0nar9W~f$8mknku$$RvQcapPjF!8lbucbz81=Z|-n>6(&
zvs0wrSkv?7HMpy==_k$))6PLX;1Q4i5nB{V|33%&27lDPFCmB`<2zZYyeQ}@t|X*7n;s`sdx~Zo
z=c{pabMZhiw%!dCWDwILAlqd3$}Sgx8wv^RsWU)IE;3auX>a?AtnQUPMJry)jBTPe
zKU_q?LKoC9)M~HCNlow4K)3XIX>w~EOSz8~<*$*Xspa^V3VG*SlKOKLZXo!FTc2>;
zruOxx%H)>Maplp&bk}tW&r%zybZuD=EFh;T#beVuXQ_m-qzxR1CEN|6NVS)45(qHL
z-*)utSSrELe8TQR9
z_!1c7`t>CQhUTRy5%wfbx0tD<0nsn|c&OWq4sa&EL8~Qg`(WwsN#~QeK=#;ehsNOtZ9%VhPT$R9l+zt1A!<
zlOOe}Dj=bM^%S7|9-|!cF0Bjm)tLP7fp5{u`>I#+!;?3+L8q3L78X-BE<;DpSRzy1
z4EJ|+mEM|OhL)+iq)SKZFY-9Mw^2g*U>obax{9uvl(bh0RYB>m(qDS&;!aMZA!w7{
zMll3Fm*7s)>#G?0&Ga5cExMKHEuE<(hwkz8RBSmN+&E>;p$5gFh8}7Rw~|LPHsyjy
zMj@Sy@i~Wpf5W805)Ai5{#24S6--FLq?m;ipoGk8F_H*!Qeh{jr77!I
zwgyi#qd&{YRL(F!FC9n%8y~%>3sbKO$j6qUPp>TRR&CnkfTi+o@Kh7`!9u
zpjc}+rsf0Wwcy91a(YVYH%2e|LW;8O}yp>;~pth
z{f&#@vye;GYG8I9r;@6!Zk~f#H@eY`nlfFmta^F-G(8IjSi*=mbJ$35S4&wTXH?40
zO4^SEn-g5p%!sAAz)3{6T3=ByHOpMg**u?|q7|%dGM@r=iMRxfR4mw3(6uy)BTKNR
z%Fq)&Dg4DW(W`YO6Bs}oFLdy3F1v5{XVo6k&+v*4XRWouyKeqilgc^<__zyQovF_)
z0}p!nuXX2hH+w6#7r%UPCuVEk@UgF#*<0ECH(~lby26M!RDdxn4%QA|itrAWMvN
zKJpDc&p1H>k9igH#H*slJf<2DOsmRN9MhuB?}<*b@Bb@adu1CNBfK&u^<|$&q4YpS
zL!0U8E_<6>iQ%c`lHrS7K`xcC5LQ|$xA#Jj7gGALV!hes$pSWIuH1JDmOLF$+Tm(d
znOZc3vbznx1v#NGEkgq+(#!JfaJB*Q;JwyKK9CL)vd!mI5$W!yv%9+^86L!m%{#0m
z=*31X0GKOON
z%Zm;x>dVJX4)63#kGn1Lv8Ap$zS;_BjPwp7(prPUz|Az;A93--{)3Fuu122xuo~66
zQ*Y^>3fTg3DJGP_5>t(dwSVQwSZsS35iJNNrma6^pW#?VdykP{Zu*&LomF}88gU7?
zrnH8A$JeeCS(9n%TtF%+q8%Vm>057qM-@z0D|yVDUZ1kY&{c0*7#wn?(MsHj)R@AK
z6!a4-c)+ttXv!mu^Tui?MEw9Bn34T6D_$V?%^JC4RY0zW>;a*_U%(o|cE@hFVy%KX
zH##jSU(S_`qDQ>Ueu{gSD^0oMNVLH04fdi@?;D2uxFGZ`AvApNney2{7!vj2-uk)rBoOq>EFgyn4RL};dY4ofEloBTFkYJ
z;thM)mdHg@1aPzZH?2(goHE!xqxLN+^yeFtAX26G2C5l6N%DxU2$f7s73wuQFM^+)
z(<}($0ys(e<#EEeY|SK7gu4rfq_x_Dn+uQ=WAnDd7jxn(?0kQi2oLT0LIVYOT5L%q
zF)&t|+y(Edy_GyX`NJxMKlAzp>UAzDgV#d-MGp!z59f9U(rYJ}57(jGy}YcdBzLbz
zXm_M0d12E=yD{>|i?yO8EH6-By_ND?vHuN9S1kC0)YrIDpDGU`QRQ-(>S
z+GvG&++RbA>vUmD-X0Pw)>MP)a_w=Qhg5RJ96VN5GbkW*!-{i?g}Gd|Hv{tQJ0~8(
zR1}oKJ^Z{IB~F&pedK>FD)6I-w6$f7T1e5BLDmd-Xqc&)Q#3XoBS{hv8RlR)xl=@*
zzn}7@`Kb3u8Fg;f$YZ^s|F&gMeah4kSjgLnU7yZ6s^o^?~Zf8
zH~j!&lv2fd{)0ZZfV6)Kp3Aw|8hPXk3QqDYIOL;l%6++W>nj_L~aU_aleN0ck
zEgF|a3O+mO(n_>49Knpc9zeX`?I2I}HDYT2(z+e$Lvr{y?65nK-{|Sym1}_oYFlrGAS-(*no}O9;G1}8thoTVvceK#c{`aCWlF`
zOAP~GkGA>}-aG_;wv{pvpAq%XDGH4;#7Q{O)_0Mmxuny|2#U0r@aOvPO6zwubGpQu
zqPZ|;{#zs6zN8s;JY*tP<^r0jsZQ@lAE
z6atf3f9aZ~&va$#o&$6NpS!;KYQ}fb2W3B^G|zM(oGV$9p{@3nM9f8Gku3G=hU9f<
zIJjAS)U=&@Z*VwoKcgNMw8@kwIv&~XG2bZgwEaVQlJSNLzNpgPFq%j59eleZL1?mf
zB(6zA^$|EdlVaMq(Zem+JuUBpnE?WA2k^&5)pIn2(R5;nBcCFfBGk6i?{RQ8e;Yf2
zC@rh+9a0S?;CC8++o+(VQ+2f+gfAFh#oT@44`ldD9CU_t>v?Am!6Bh$VMv7!@fUc?
zJ}OLu?XT)jjxe=H*K4!6`BC8edL;ZpHBRK^^fysU_C_3c^^RabN_nXs)q`wj`1Lm5
zgE=V2h5bo)DK@q>dLIbz27z6_di7n?DJ;jG>n-J=niv3bhgL+G3MGU`%V5LisOIq*
z?64W`59j=%kDg0O^Hc7yyht{VaTjvdBw`Cpeq)}(#^IRxL>}75?W--;N`^cpYP8n}
z`iKKX&utu78{VRHF~1u7qlP)u!iEe!AZHeiYoTezO28$r>}~F}AL<)#)|;qlBG8pI
z4Q`Ud1>bJ%eKSJNL(@>EMqOXVuo2~~XDIy$44l3K7hxO!&cgiZVVj?Gj-)R2Ffem~suEw@6TjvAFl!J_jBizED+@33hs)3yKai3kssI
zMl3#%E*iuSM{@qlLyvfEi~Py)qS9n*nIJO;=U&f=IIt_1a~bIkUGkM>defX
zFJ0Tu{Tnp!O9_A#QCVx?{v0sibSNbL~qu@Dn$gE{}+CM3(*eKi)-z`~y
zw?2d(lLG^sx>em8qJW!z5U6P@IzI}BkmFnbZJCXl`PTmd5jV}S{pQALl?B`rS59jk
zW-6Hx|FxDC=4d&L-cmIUzI8Cc(NKl9I`Lj(VV4Mpb}3K{n$&eCM+Io@d&dIn8+m
znbzbRLFJ6nd#=v>_SpJb&Sofs+9*8bQ^ckJY7dz#6^ZvQSP;Y8-oFts3x8qx4vw2K
zq3sH^WPY0aJ7=6y7r3PF8G5MylzQ`%$-42(*{x|pUQ`_&mRk{*#qN<8BPif~l;CHa^Q_(Zd;H
zKke2G@%2{syH#55uAueegghqC_KezNxGkEUM!FFSR&xE~^
zPY7tyFtt~XlhY8(jSl6`7d48^HFnO4`{Yr3COuS3S;c+NtlT1QDc9#6aB}6HV7EIWy=`M?xsvQ2w%uNnlI~Yo!woi&gA&8y#?F*UYmPb
zVf|ADarbc1emWb|f9noSX4esUC0tpOk$mdFa3ohtd7
z3NsumO@id^A4|y1H-xCG@@lufP2o(o1hJ$RJ*@;}c$T2%ZkQc=V*K0QfhT80zYzDd
zC786{(9~8}3X5Bmrk0wAHhr>@Su;n(`A@j{*pd!K52;fR5qGkRQ-2ptzdvr1OhIa}
z>X%b+HsTt)cB(_I_zx4Q-}pkrLF`u=LOGW9&(Z>31|Dig+^m1MVNrOS3%gH3{szQO
zp%4N5;u%5HnNY?C4k3;nvOrwnOrp_fTWWi3lh5UKHO@`oVs4%qS#!t3mP&NoZpGn3zp{H$SHRO6+X
zO@ORY>;o$h^Q>jy4f`5cr4+%M;Y%$ZZAt6|;7auW#c6;8$j1ZlxbA1LOq~9RsqOJi
zo{=#3-bo-`HhTZP%$+d&{KREDX}ovIc&RB0-CZejIC5P`?KU`taEeFZY!uA-a8Zv=OO$}Sg;0|Giaf76f(9HS>N12ndm^HXb!E@UpBbn
z`|Vu?ckINUr$`*GW
zr)mB7T;2RZVxnwju^MdA!hWV#I&`*w8!I?z+g$6r$^ViHLnC~1O~iFs7e$nKcyyt%
zM<*3@LR}#qxdc}5hFrEsVFPPoY!zOgSz-u!arqYnc+1>gKNtVZZ^9iatTt15Y=(*-
zjV?qJJkmZ}PRBFHEJO#I=d3ok*kJ2*K1SW3+yuPPp(uLFWt-5}1~eo)=OD-C-s%UB
zYE418Cl5(`Gk@P7;Xr>!rD4jHD(Qb%Ro%PonYa1}+#iC;s-gAu_y1Oi2myv>)qSA+
zSo!m=zKeVcZQZrZPJljIz^7CDlB_4VxHzII%|;F7(u-mfVS`OiSGZ~Dy|EHME|x|C
zBgxb)%XK|QZl;OfnofBaKCeKamB|T=B+9dYURfrS0t#}H4AJ4PF^d2fY3LKpCGg_G
zcwEhsk5d=mVJSPdF}pf6~tHBS0ap&9&b;ET4X<(K6-9w;T?1`X`&cL{|i3B7$-?FXi%k
zjBG+kUwZA0+hkcFBB4K*9L3Sr|AfRo
zv>Z$Q_BvH)Do;_Ng4l%x1@P+=8V~aqO0YpH#VsL3ZEv}R8JD5FJX@l2x~}Pcuc}Os
z!VgBw=RzQ46EpPUv{2?&bdCEQJ6fiO;k9o4<1Ac1y^urjMhi=8<$KZu|jeu#OXMEap@kTV3`m4N&y#lD0iNJ
zdh}+$)g!3}$va{Z?0=Q&@96(`Obqz?|C$m%%1#x{VpTs`-%86+ga1kGa>B
z^nN_bZ27uinl>WNLEh|1W?%)IRRc<+tHT)8Wh@8f*@omw%GupZm`Y08FCA~XK?`@s
z@1U0%utSoQE7`{ms&~~%ZD|chidh&YL0{&79g1Ip5*)(iil4c*FsLi*UD?803h
z$RUB!rC{4x{P~V?;bT=mqO7sPs5(4-u_D8_Cd9V=3>0MPXH=E96N{KPkQ%mWVuEt4
zixkc3mv%khP8%32hCHLUh^Lc6pz_i?gg3p1z)l<|YKgH_$7W!0CGS(UNWfnA?uXam
z9856Khk;PU6Ja9G6|DMirHL(>B$tOC`)Hh<=Of!#*Qo8OgTIiDufP7Ix!#N*rkW`N
zJvMc27+3OYD=cHc4($JyQXLpL!8oqkhk_tD8j{k+R~G!eJdG04z__cJLsj}04Hh-P
zwqjO_c2PMIT~WiHm|2J<-2tYSX_8!_XdL&DnTe%HTMG*XOw;@oyd9`LdP!Mgs#Fb9
zjetq`L!x$2gdRX0F-wnmM#8L>bz@pg9iN`9U>3tvQ$f%GQG4K9DPWK$<73W1NWwO&
zFTFfof#uG!PK+Ch&s6=>-HLk`lUMjtK65!OJ4qDS8}T1aY{+M2uyqI(t*&|Or|JJJ
zT~F7BYf#Zp=j^VMU)c<{S2OSuV=B7)GksJ;%LHRmF)Wm|lra-k1lidiZOPcuzhZG&
zX(Pj?-)T5=8%Ocg=mjs_)pQ^^8J^ii^F;FmFa(8&{%39lZ_I6F97RODzanY#hNckt
z-AKY(8MjUC5Op}O`zrV_b8_N}kr5N);^VVLm03L>BHU+F5}jJY*ZW+R<36j|3oSFS
z%x@4iv2c=QCf^Xr@_T#o71Yuf@$>{2HJLU<(K|Z1M$0U*zGHd`osgk`boJZn5=6Dor)H4G(UeQcz5z3Q1>8PSaeD8zOz-`afme?p
z)NT--R2jx3>>;aGQ`}5=tcu0lOkH+2e^;5PPV_m#UCdz)sj`EPqnp*r7@pA}j;LfA
zys^BoFTgqqcV1$~TG*7wYX94JyG-Sxi{1LyaYUrNWl8P(fNX(aL#wzlx$4F$!mCYh
zMCNy{%QdvGHRcSNkx&4utK@d2#FbY4t-ON*H&R}A!_sb3-Wdl+`R}yv}#g^+kLHiaAu~78q;cX4^wK+UN
zz`BJc@nW67g}~%E>^uPlkLRALS6i)!L<%E=Dm7>Jo&d)SjWm9+o4;!dwP|drHtLyn
zcF4YPyU=tNr6;F1BegvkQumc>Gfjkn%)Lh50LxbDpU45zEUxBTD3Qc*>pB{@!H9RQ#HQ`s1f<=iU_1G-niO
z=_hW5ImpC)li%!3>T=Zy>TrW2tJW#3Rj3Q@@o+hjeSZ_g^RzM0S#Bz@$RoKqLz8wh
zr|wLhpsupR6%l`aZtq0=n)t6I!fW00dNP&mrt^)28G#YQ7184k+st7h31_N(n?z*%
zC-xtvwY_t9W)3m3N+Ct?opK?g-K@`r+p_7PQS22ll>7HD7@s-Wrcx0atO>6}&YT=!
z4d?L<55TI=&onr;M#PZBx>AS3x0{o>sH|GTpM9gQYCCrDNbn^tOXk^~S{izZkzD`M
ze4cI#C3}9YuX^!!PGWVwOud!a5|>R1^e!?1mT_u#fFH(&kit>ZknUp^HvclIP++&^`#I`F+`o7U&c
zg-%OvyFKnkcusR??1Rebg})1bxnVzZT8%11nsw4TxLT9x+an-c>DJkxiD@8+e~8;c
zY@3G5$p#`*L`3cW@G4U9`Jsok*rU4%1-o@F^5n9#!3T9y+#%!MVAEUJPT({@cE&VQ
z84#ZT6bUfn0vOo|4VnH`q0JX8u;stc9bgrh$B0*eRy&A>a4u>fA2jJgFc0TCl00oI
zi(eZnUg6x8!)=MgI+xOV%Qz)D`NDGN1+TR_LArN(lqtH$v&AEt=f9KuUfZ!2TXubK
z&p}Gz*I9~og|36eWMwvj#-*TNO(w5iDFxd)-798XOV#-kTry74M@gaM$uX=EWVRL-
z2BZz*M0?vuBGnhVgZRoiS#hoX!arY{-NCV?Ps*OIsE8pRS)hvo){l$}SBS+C=Xaw~
zX0~9;a{1+vo7s~OpJ^7O9@;&ejobVYD7sAu;v1|>V}yPlw;_?w>+Y>hE{x??DqF`+
zOcbRB1S7o}CEOs(8lL3)zQE`)eO?rKv??%xwx57N>q~=(F3I`hJF5+tRcqnAfxhxn
zA7vMZ#&?Ba2|i~Yu1WHLNho&IiZCd>%3^#^j_)I&)GHKQVrk2Grp}gOZ7hRdwsNB3
zo;HDfU0RLc-&FIi3zx`MOlZ81p{%srsWXHpais2B8xPs+>v~;BxINJZC`*-H^OJM=
zJ~lN^34iPEZdk@k&IND1w!HjUi2Ser03>zX5e9^sxKSf-3MJMhi{i=*dSIa8)jioB
z)`zPo$^K9wfrsEngm?>uE1kjmozazvZB{4^OagPbA*ZyUGEo<&B2;N
z{DN+I%3|uBg9D~yc}~`dJ|7U?XtZE>XWEh(c6fIXES-;WM6F5?b)H)#%+bmdLewL(
z5fUM5;MA0xDb9X_6U2ria+xJT>h1fIDY{-Q^Dx$d*ifr#hQ~y#rZApDx&wO$-s1J+
zz@Y7F8@l}Rf5?d{XxY4H+U0Hd_^2*Vi&m;|`(6hRL(!pSef`DBehYSOjesAYga}Xu
zp67ZT8W96Eup=86G^phOBfm;%?e7qVmK0@yY=LKFQ+RHiYU;}$?B>=HmQ)Ao$z4x9
z$(nPTV6C5ZR7H&|k+(?aa=RTY>CKiD%z|Mc>gAyDIt{G@BGc74mz6q}Z#}8RmRsGz
z8L;3F7(O=E(_KMSUap)-TfU})cUizrWIn5m*^ig=o!ws_m@os-FA3>HtZBiX?{EhL0qVZ|_T*WK(XQv)
z@|K-nWB
zO$Oy>_q~=sOtkWXK^AHbx-2n4v&%+O
z#%tLBR8<%8A3Qe@;y$(>nPmR8wjXsP-z%jqO;+6eF1(oc-#NVHDQRZ*?mBFO>xW4W
zC!K`R0A*Io*DOB`MpH8|moqDjUm%E`k?{@!lZ&JfqEcWLlOItgKy6oK-+gWy(^2K?;^fx=s_6(~civ!h4cH=50GKR`va+i*1#N(;_N_tA})_CZI
zD?NvV^*G|Flq^MU+2*^UumK+#-e
zkld3sg3C26!$fm(W0yo!eNA$ZkGtcxDftT3H@>ZRxOx;p^*G_=!h$EgmLI6Sd0;
zY7%dwIYbKTXgck&lAC%#g;}xPh@~zC6})GXo+tMoc!0^>MRnsA}m9Bvjih8|+Bd{ve+FfJ`@2ogF1|vF#mJbDS?nE^NtzJ@vnO
zm9jZO)-fEi5L=-`gE{04;)u4kwgfG@_}6{U1`&_c8(SS~8vi9&zQZ)^wi;~#DeNo0
zeJXS;Q9m)abd~`{+k$pH?I-`S-YMqsf&Fo@
zNES`<`eU(FA>jy3d@Gj8(xrc6eTBVA{}cTA-oR#e+g(=}s|m@@u@8T}!yVr&0duL_
zkq=^j9)W!6i|PPXi4zAi;kkY5#dgyDY@dR5-jTuY53=vaYxeE)QN_&rxzLVnX2Min
zzQPmYWrEYVNDm7QUa&Da5AU=5Tk<2Us}HZl?~Wud+91a6aIq}7(#Wn_q?lt%zv8b-
zP9&K8qto3zOF~GdUJ*4LzR8vrxAp!T+leapYln`?^6HwgN%c>jsnkZ)T=#=?jww&xG9|bZ09Dn=5JFK6c~mo^zu{_8d6fW~3HqA`
z_+5-VMC4^IUJIZpAJd8XiMfS#puMZhcSh5iF|8hp+#!WFs=6AZnU6H4<_&Ki+f?%i
z?(TX}C;#UGC89fUqG0fiLkIAMbNmY03?bPS;Xe;evTwtx7X@Y#EnBO7V@6*~uQZ_w*
z>EPSre<@}!!vDs|eh+W@#cgL-`#ueNwwOL&UlySr?W@12`ZzvE?KIeCPCzSw4zEbJ$
zX@N(KVpdP2fN7x_>yj5kZoI&(sK7vC;;1HgS0nroQO!2uoBV=v(`jKFiL=^Xn-PrLSPueze8Dn04
zIK{pFDmK=1@o1o4bt&+w3VDOIv|W^kB4nk0p4E*b02*m3IsbGv?g4y?y-7hIUYdDD
zuPiB>zRa2tzj^{%J<x03$fTs5XP0;a4FJ9%9YSelZN{QuI4npuF(mZ|>+H?AAUT@RNw#
zv5YN7H-BYEt1e{K=k)buvBA$ZaWE;z{rx$Y&3VqmHW;*$U=z(_xhLP?y5lIQTVqsM
zoehK$|Ch{KV`=(_X1S;MzccV)JO2s6i@o)VB_>7F_QKYjUjIXY|F1YN|1{P=Z^r+T
zioI$(-^T)#9GhKUI!&>~f37~DWBy8lfrZg$Ve^=8s;=%cw9>b(Tz_`vV(MJi3F=TM
zUut4kUaq34Dd(bi{>Yz=1Q(Bu8Gkytzx5!sA2fKwMnl5gfVF=U05S*L9%s01WB^Vw
zHXm-`0Pz?$$R8HWP&P=MFrUyDrMUlV_=ku|)Q-yV)w$N3&=-g550Oo)Q1OJ+!O_bP
z?LODsf2LtCqZXb)+dsY(8Xa0*3!I?kJ11?Ikl8*GK1T^yIu`{_U_ya<^Rm!>!MF=l
zuES{SLh=WO?Ul>>JDt-vn^wUHKyn5(W|8`5HJ^*wAmfwP*N?k4l=@@a
zs12;Vgny1E4>QEYoq9mfJuG-iNJ;i1wyJ4h4qjbNvPiwhyP}Hk)jhutKj_Z|SCyuQ
zk85$45D-Kg3fAeqwYJYIZwhaUew?;j%0)If$h}KL|B#pcGc9UDHGxh-uynp*xi#c+
z_0MAG-&XpGu7ykOEQ1H~SoFL=sI*u_M|%M&<7Oxxh58(-{Wh;HD!iwnA3j2z#Yt9a
zI{&UZ8TY5l%uYdcep3}@jYnu&hY2?ifsUT;*q>Qh-H%rjRa3P9N9|`msJ6qdU@AjO
zTUZnx3sNM@u(G%}s~-}_X8K$w2LBx1Mju2P^
zcC$E!Zmp%7-)C8<($^#u_7zpRpvKYmJg5UCtSMvdV$s4$S(HIA0`E`4NwOk*>FlCD
zHZE=Wo1bX-`LzYXF>U___wsz#oXZ(?Uv)j8-TYG%+>IEqz4;S
z4DyP+wb5VfIJ3dAiU)`2!;&zRqBW@UXo9Y>NP%uT%P+09^@)&#hxexBNP51l9$U9|
z^IeQR*U6IcNv8%E#R^-x_s#O+@$D3GSL5W%2`9^qG>22&zkJv0y`w&I
zNw55Ny8MpPdC-RN|C>xZ0*s5@vC?D0-AWyQ&1z`(4y0l2;@3lB?6K?4^={v*se$pUXGJ>NQQrF3lpsgFJRtuE30i*;a9Xc8FeGBG-tWJo!?rg7IB4N>nNPkSA{Y#I%k1A?*2a|4lT{(*sM<7>%2
zOUqWspHOi3JSMVB@N*g_zGHK$aVr#1xajxQT&gj?!mW20U0^GmlgXtupsuKaR03g3
z4FD-(21`KLk%5J5bnMfTq2KlB$pn$9BqLD&!<^PofnzxSaUViFs%Oj)D@UEkX-@LD
zk|GuR)s?U(H7cL%8hO4p(s-Z`%gGy5LYD{YG_ZLHbJXHJD@}SJF$53L2T|)3ccfr8
zi#`{TW_-n18Eu<&g&6TZjNL4%g*|2ha{Dh6Vfr*St{B+iJv~V^lEzQ}3+{-{%`~`9
zjDX8^+CMHO9)jjyZMaZZa6ovHgal+1%{(}w{j18%NP-3oRBb)6
zdG_zI@i9SoVC8!10D3w>_taFk-Igv+Up%9RNINRNoVFICKSjFqrLSs|ct1LR&)PWG
z>lt-H?XahW+~B2ErChZ$0I_wY5v{Mr(l^UB&1yuj@y*}He
zIYomRh3h_XGnoe@NiWDZaZQV?Alg<{d
zf;9b5!DSL9=>6$B;`I>!{yA$rVdkV{&lLC}e6OdqShtm&t|!`efUfIja^vSA?+0vm
ze8<%Std^Fw2)lCryg~OyerGz&=T8V6dQQ~FB#`axYdW;@vg1ak%AZGoQiLD(#5DsQ
z+`l{*XzN?JW_Ix)cHa5T?@AkjGFE;Nh`bOvT&vvQsDSQoaDbaa^Z{uo70}{aFDVgK
zsT}C3jp!h*e5y@?2hn?bu9d34=K#yr(KPe8txTPd`-M$^Nc;Mj^|3HzVq=C=y*o~m*A|^y06gsHwC;^o1O~|1Z1LDS7a|J
z_;k)5fnWX+ck#D$)#}r+QtrYL4e5yK%ttNwPj7Vm5ZxgV2qLfcCr->G^Cq|RY7SPM
zT=@v~iBA|N@pa{mf|u#NRO>9M*S(9
z1lC)|8&4}V0+VxQ%rF81U36xxxkg^Bk3J)Ko{RMad(=2>AWRGMN}OZVJ473{!$i~T
zTC`n7LcgZsgup9NJhk4b>Eqp%W26tL86O%gicSHV?^F{3$bI=v?#h4-PnO;dZJxzw
zZ3z?QxE%M$Hp8<8k1n@(Ybgt3GqO}WzhGv+W;p#z?!2TyDWMWEJ@C#6)a!^&zO^8`02Y
zC8@nOWHo}n9Evg|_Y@~xS?{oh3jWgCb@tp}c2?%b?w%}?!W{c0AtY(h#UUKLJisa}
z-W5;1Dg*I-x^2iIZ%T1PfcL%9nNFTH7CD38S81)t$hi|)5?Ge-bVa|sYkErEa>p!s
zGtt5W@AuzM$Z*P)$cYbt)a;lf$!dkTvA-?yu9xQ}{EtmBs5QzWHVkP`Nl+*RoSYbu
zKH*yM=D|)kr+#i|d8EgkQ{kJtbK2pHRJtgaSJ$?e(}S_?&%E4GhxZ+p(%;d
zMZfOcP07jkXB5!?f#try!~ukBq}oE}(`6otwp@t3zWH7P19RbQ_s`{j`Pji2%*FuL
zka-zf!_vMN$KIcJpJ8n9^_Wy8$GGiSb0HD06baaP&HO7ny1os^1mRVYqwaBL!wWZD
z!I`dKv%drFb#V+HjGhGc=$-pzKsKjc_~=YoQWys88;noMD(TYn)%t1D3Jx_a(3X0jGepmY10{pMap1k1oCnv#5!;lPgm^lZ?fm8h@_I^
z&O3q}qstJ*`u0bhN*Gct93B9lZz)8Jp-X7TP%l_f9>EEndJBc>(PRQ0%V(s((q
zZ*bx9a-sR(R2lOHftKs1WAiNW6o#dlh^Z(S$uII@kJs8xNNKtq;{RI8c0)1(EOUw%
z`i-IL&T5I9T~PJ7+1>sCYl>H5ZEALH8Fl6oi|jZgK}L!zLCgDlZx1L^`{q)kZ|b~iES4pc9uCca2qy%Ffc>*rZg8WdD{J5tFVK%G
zrbRY8d4;#sMq??vnP4Xg8O4n*0cK`LW);fdKcj-u7sbL)Ol~!Z)1AkEX`0MMPHsrw
z?qPooezLlclFjIo=&{#prl+9BDX17miio*5$Vl$$jdXf9V~r`8BupXb#HhS(J6I1-
z##Je1o``$Y;yUPHROnH(`*$X+C*)2Y~sV-*AtV6ea^AsGZFHc>50_-5eVL$I5OG!`GycgXMWY!0Y6r3k-!|H
z?iEHs9I-^2IvA(zvp2j{4a+$iSO91Rm1P7m^K02tVxsrDoMEBAvbs+;tM&@&QV0km
z;WRP;s`%I`|F*vUkTQSkUNoeNI>YD%#50**`UUW2cmoHb)?Do(fUv603|pwZTRe(Y
z=gvCLkh9~W5MwlKx|k)^IK1XZA!-zU5y7zRA`#VTPzE=d;Jz7+o3!XDNCR#OsJk<0
zhCB53^d1`DyZO0n+V0;^W16f2x9r4(HB&<2KYT=0))CLg5cemn}RRT8p
zOfuM<4ncdJYv*%tS${R9dl)XB;nyUV|D0yB`$wY2e0{wUe6QOKs97j)njy)i
zNmU;1Mr6GrL*g-HEAsv)*X0!I0??`GshoFWn)HapmKpH({>v_8*?U_j)?E4}HV2@X
z_YDVNGd>HsX@i(kw{+oRvz=SCd!g
z{&a-SJQvHy2+BR4yX=#u5BOnMhm9sPFzF4lfeUCE3uJQc~xj+MIvKBE@HcaX(X
zXp_4~-S8Zq5m_t~c%^X<+K^Jf3UE1Fhiz*sKwWZIaQ*z}n43bq<`6?4k=$05#JE!_)uTOAq~GUb(%}+uVCzDkX&%kcU_(%
z!c2C49X@`)Sgf0-@F7M2baN~Ks}<>X;cpEywb>tWTU#^@;HOa6ke4~6Fm~N
zQ1Y(fFb+wfG$vxcXM*ntbP}@(jC97@hW{fD_2K%YE*nf<#tZv%~=q+{!bD=#2IfoO@I-W$hHuP
zQ?4>V&dWiHP&G%**z|~2ObD<|+mW;4%pkHtN-m@F`e_Aom3y80v&P$3p8$S40Ow-@
zHla^1YI5cT6B0*D36{={|1RbK`L1J!8;;vMA{$fK$rMFc?j16c)*Mzb*%;>gHh*C>
zTwSNE2>fg)`k3r&fRUqgOU|U`tMmv{KwvGkEv-wmsa%;k)AGB=EcjVP^@84^zOOVH
zSE+bkJJ{y<2#0pb!7ya3RyT`f87URbWku2sDavj(SWM&|X>yz5MMbl@IQD*Y!Wj
zSlzu&SNBj6t83;o)70Asd9%X7Mw|XIA^4HRW7G42G=y1ZpsiZvA=Vd7zSlpv>%4t#
zmY5!7AWbq+gv2i^CYJYJ9wo1e2H!~h0N%L7hR`dG>-T_R_@$MVPRC=aR_Nyun(Yz`
zXb)GK5O^)kyctpLtazP%Ebhz}(k>{H1&A}K|3G<#v&dBXjvlASImWOb#j_&rx1_3^
zR#r5mAhY3@yqgrF4mwees}LqE1Z^leQG-nqLwy_k3(e5LPp|v9X7u
z)6K^NJO;elBeRWp%)I4LTsysTR>2uRW`?LNvm6@ged)W*(Q(5_@rHb9J}OkAM5!dzu*^6k!Wuy`T)J-
z{$jvUU?NqOIS(@&!Mu2gvjX>7cICVs65>n>lT*xBSR4z}+|%2oRo)MK|6y}#sUS*@
z@1RFXpEKW%$?Gc(GC^x#OpT1ks=;-w^ZDHAR>-FxS0nDvVVTzx;1kW?uo^ojp_sDs
zdM7T3xs;%w;O%8Ecq53)tf5(K%t4gwjurIjKn%8YF!I1~5iYc&kQo}Sb95?ufkwx|
z^RmtTCxyNg=i*!8;LvA2-=el}w~vL92$&Y@44FWw92LbzB`5>n#yH{!jO&SKZ5v>Q
zPZ_Af8;zl+OpzAjt8Mr~{_fDKJNq_|?fO7sLsOI4!lN7=Z&K0{SwTUkU?t^=_p2%0
z{2P_6$q#<}@(j>JKZ}(>mtBGEI`QzldAUQcf7ZbpPo|3==C4vFfco1)6uj_Q|u
zx-_qREo8D2>DA7+gc+ZrReBH{cxq5D+;Vfp;
zGthydK{ET7$h0OoVuamsX@lq>wUpH7$k~Jj=#I-cC$;F=m=mphxr_Y4x@78kBr)AK
zim|IiXZCM=yKGanp~5wdZeuo?$BZpQetmtiO9Tc^CY|Gqi^R=~0(Vd8gH7gY@+(5V
g?VXG1$5{6Q2Ds69{KEKjkI)MuuO?R^^ETi=0H-EpsQ>@~

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-software-flyout.png
new file mode 100644
index 0000000000000000000000000000000000000000..941dd99ba84449997b62f46bba728eaf5a9c9161
GIT binary patch
literal 67565
zcmd421yEeUw>~(8Ai)X29TME#CBfZ-JHcgehe;r~1$PMU?(S~E-Q8ty8Fu)+{nu7)
zZEe-7-B-I)HFaxx?(II^eY*SmzH@Gfl7b{E5&;qb06>+N5>o*H-mwAzuoj5$&=S_<
z77+CE!Cp$s2>`(P^7e(1R{4AZEktmZmKR6ZL59ObCH*WPd;kED0i?x5)!frgRzcos
zv+2SR+}S)8TjhQ(CG~nN3uN2$!1uVz((Q&H4X2TIrf*Hanpg!QwdKngUA|A969o7u
zdiSm)QGfKFdNBClo8xScF;4bisW7>dSDU{G6P5jA`k}po=cj;C5|&p7e%Xfb-Ho@o
zoqcAPW@^od3PK+mO?R3QyjyWvze{6x%K!W^$)J{sSpO=H;qd}Q=TX*RataDZm@hw*?C
z`13IBA@Fp6XTP;YnqH8;^Ko2g)ep-FLST>qMkcCEJ2@u$k9{SxUTaZ`>o+bdm<=C(
z>;U$ji46u4g1%UP-_NN~&~gqCGj<%8oQh_`l|y%1ac5436#fccRck
zg9(~pb%ZDiCbZg*`)_7N)Bk7UC^U@U{70<3_iccJbwmF5d;a4Nj$hzeq5tj3{HMaf
z`2X1a|ILH=Wt%K>`^;jZkgq34nFph~j9ZBFQl|QUIM+b3@{1?Aa7=&+Y|Ji#ACt2|eem;NkqMi)lROcIcU6~42bzRUi-%-Du
zqpmc7xP8W}M&&qJW~q6^?2GNPdst_*sJ0zor?$2&lh(1s|BZKMWQ@UWc@Ag7N!0(y
zcDfKFAIbHD$S;Yf+e^o}LM-EuO?a}$sB{9o5I0NzQ_GdCGEgsD%dkz+pwH}n7o<^6
zA7n026OXCCvnS_FV)1oB-+ad`&Is3NweP*XVx^?BdG`^^(5HcP8G8qtkYWWvB%|$5Ec1>oN>ZD5ZGFJ
zF6iYrTvgEEo$VAoN@oyQ*j(+AV+$)OX1CK5xF%#{Uwufk#4=GVaa~IAyrt3Zmt&2CRw`3R?j2$F&}zun22GAWp}H!gnoU**lqJu5Dq7TKBX07s
z+MwwzL?HGs7lsTPS!}af?+*%jj#j!7cj#B;YZ24(N)*yVcLXPGh6Pl~6{AecaC*?+~^_HU`=^VX(#NYk>
zt8s2CY$|41sc&d4D*`8SEw*hwHy9NiNrtk?&qChe^sL^3t>u=Nlrw5(nkOGxAu>wm
zMi4r+$5>$_5Hkz^!0@G6vpgpdA>xL%XpNvDdc;v)%FFUqd-onfKgRX>shX&_ck(7&
zAn=G;R9PQ0G+qY7YT}@`(xT_=o&U1grQG;oLm@LlF%Eu+~6%6{)V~of%#Ud?=1)vl7XBW0hmbn;-5Ebl
zX_qWGYdO1mV}J6zWPJ@=suBIEh{tL*j|tt?$szjhL1N)9di)w9yD<#cU-+zWb5o-(
z)5t$n+6iMww=EGT2b$xb|JO#cg#5TvkBwLIm#uvIM2(OB^1U)3icc)6!
z=Wg^rxCqp9%?>#uhj}9NN+th}bxj|%!=QBTc}T?Wf<<@Srv=vk{nn-=NCQ0irkFaX
z>MtTi>`z~O`b`liWxep6>QLH%F4%VUN9tAKw3jARwc%XiMI9Wgy0{XQu_i>MI^a=<
zbRt`)sH%K2g}Qh>3|ApVBOJs^=
z${tTA?rzp(=Bfo$rUkp`_Y#OqzDCC}WyR-nU|AkxP%DIP<}t@qOLuZCFQh1;t#v$+
z%GbnNKs0OB6zakpidJ_Pmyc&WJ+7=+(cZ4DaG-jWquCHZSi=Os8kR4GE#hJJdOBvH
z^;VrmN=CrOFXkWercsXSAgm(aUGHxCiY-&kL1a761bE!|R^}$7C0TDMJ2h5A`1Ea6
ziYxT-hqfde=MdM}W0w64Bor)jJ&>-T*AR1*mZzRO%d1DMab^@iqmR;?CSkZ$w|U?`
zFqa>S)jaz^-)y^$IR9R*K^dGgvzq33!n&hMyDnHF#MjIhBd&#NTpJ<^eUO1T11KH;
z*#7Xj*f|6@Xkmnm<99U7XH>C!?roAL%um!k$#%zTpcWjL<3Jk$8iT~G#(++-G@8I^
z*sA~;8{_U1p7)NzLRq8d=Rv2
zcK(arPIOClm{A|_SJo}#ea82Q!0nGfKW#`~GcJFLv#j+#!)$C@#T<)z2IVzF%3SK#
zneT&^M}9QB{Wf}b&3uORHKxo{RJ17w*vUowdrw@p)W4nLt)`9&^Q>?Kdn`WMEm%PU
z)^emqbKx-UzIyGfwJXn3hw;U%q4LK{Ohb->Y`p7C(lQgX>UB$;v>~-wxgS5}U5X<*
zsMwg+Km>G1fPqVDdU}J)G_%SM`cWWuE@Z*+*c_4weH`jrBt>~+xIudHFWR~NG&7MF
zWx()=$-fxH4TkdViwurMth1-)`gZ*}{r8JWkH8MMddQeo(*>+bpOE0s#?8Xm`U!xZ
zTV2+c%oZL`*|QG8yFx`7@pj8YCd17=6cG?w__}9|*E)r4q|;JBkTs^7djP|86CfVd|$i16~f98&sB5$C04`T&kcH1%iCj
zbDC|IgclniIiQN0T-9a3Pnw@qr>(syAW5wn
zLj?b@nIa-k%n}5x0
z-6@s~g?^3Y2vs@ffd8_|GrLgcJtd@TE9?o%j4#G5UjU5fNSzY`Ef>vY@{c0NNSycS
za$R|)6#I&jX5!^AywqUHQ?vA*2qh(sV({ntxu0{F6Rhbn11XeGxd^6lYIE+iz{VeO;rl@S65HtUI!B+
z5*^w&G79jJX5M^XngJHzbygB=o>OY0OPr>WOh=N&}yzT0#GhEGuYlj-8s0IaG
z#1d1%+nv%_z@VOmU7Aqb2~qANbgO+4ZU@fYUab%gXL3wxo)n+dZ$#Z#;ME_T9%@Oc
zA3xObkeri*C(Dg~>R{!f+Y)oDT0z-o5hpOAdt&vLWnp(22xO5I6V&KGmOMjBVy|;h$J=Q+njb&c10P8ZM~1oU00=idme5gYlwcsdbczjj_ca~&
zGZS1*E3bRZpfY#)+;+^jrkzs~)(kXx7xIrpg^s;(~oa0zO`V*0F
zAK&3|e{+^V?E2NLT@nIOW{It-xSMl-s#D!%8?x4K8@+IDYgVJ
z@}niWad8FSTfF{7`czeKTU7?xf`O!lNqZZd2kBIF!k8mj?Azoya{9xBwilO#$k7>M
z>wapPnxE4e)&lFveB3w;d!ztMZ)+>HnX5R6mJl&kbRv8KjlGM;ThbZVvG_8Mi
zK}idDJ856Jck11fo7G4Nw-^-IrNrfpQ0iR#Q1R4YttxeX)f<9IZugaboh1{nsd})-
zJ4W4&)ul$AajcV`r#KDKj?4%?u!;*H>-Wz#U7Ff_%4At7(xwc$;(Jwtb;Ki@vJIAm5O)TQM076JC+aP8)At3%EvXRHqgo@Zz2a1B*>
zqb6Ga=Ev=eObW}wJ{}GefeP*9Mbx`b+;@k#cB9CMqB+yFBe=yi}0L}yyoZ<
zrLz1USRy%gOtAktb0nc+;qS!dthn+_hOH1C8fgF32;S<`mjCGWfs&OmINtM#Ksh6p
z0=?VbVwdk05_q~xn~nX8G~ejf^IA-B+ZnzJ1`^c;+B
z2H(NeYRo!6xgl{o*xv7IR{l%+6Q@|R>1W1xQM^tE2iTHV=2h5kCA~2#BFXeNIYqbR
zJ`<55jImfoF%n@4F?aY-JN}NAr}C&PnCpFQs$I<{4-_@@;?n@b0cy@n3uB*pfUQt=`{i
zEkdiy(q@fgBc;Rr-5Eg&0o$-|xH3_{|H)<%6|nIxo+tX}D)DDyP%~N!!qa&W0z?#e
zxk{@)Y`rmOTc@cp_gC$n%82{1auGzrI4DN1$-wzU2ma$NTiZmfZNHGg@dHb+Q5+Bn0>9BRS9vy2Dq#)OdFnDDRdI(6b0{OdZK6uWh7z3}vEz*@HRd
zS`)6^fLE2FN%OgX~EAQLCsCj`ok~rg*pe$*bSEPXOisfOp70xE
z3>?I)0j{5{*U!PfR+A23nX3whTiwEfgV`8MIu=UgMNTF5*{QzKc2B=R+7t(4^>46P
z2gXb9#K>=(3!88}&BMQu8Y}v{5-t7H;x|(Tf
z5regLen`{%K)RJic-g_xUe82gzTfqSPg*DSH)BE_%V*R3i9>tkYMySLx(_`NLw--W
zpg*Nlx~b1-$|=2k=_@%k_FT%4CIo@pVS?!7m@N!p)zZQHOzfR=M4cHkST_b
z(|)aTeE0QNZb-*uAjdus@z63BbR$|YN0}w>ivw=7X86V!81m1{W)C&QMUj91aXnJn
zdM!StoFz&|mOJudZ3k$HiK*>U(p2n&`5%0%(O30-R4CDAQR|ap{Ul9r2xo8ln_Q@aa46aLssC_ga
zOij>-Nf*Nv9*)PK=9xI&+d{<&>zdflj!HO~Pyn18C8h0Yl$t`zw&m
zk7?)puOzltuv$pDVgudfI{a)|5x$+APOdJXw$UrJ^XXeYi*lQs?P-EwTB;XW#Nt#V
z1-qGNLsj5p@}IcUm}}O-m$TYFK5a;|uItU!rrPQ{)O0M%J9&
zp{`YJBtsD`CFe{91qi`Y@w*vsYI*j_f3)}iDeZLLjB-+S{SikW3I6gdPj*qtw_BIp
zmOuy_#Tdff&N`_D)x?{R
zVDUDFg}9(5b8n`-S?-uuIvP?1z8ps$Y}uB02?IK3zvh2@rVD!-eHoLt&`HfBhDyYf
zjf8h(dm4S*hko(P3i_Ql>l6BbH)y1hA405P<%{2dV%vAAH;gP#Bm4PcSL~fZ`@dgN
zBg@`dHQzj6eqj9!s=W4Vm8bZ{>@4&n<=U1y-j<2XEkXJ*1X;6LRK`F?Ve%=~&J#hmYx|G@&nkbm<+
zzrPP1_omMG?^*keJ};KzF|BGc+yrYD_a7JFY~Z+%$YD921DM(h*N?`sxG#Q9(15i`
zx=RC8CPoH?*^ohae6(#V&syFht9Kp7KlaR(Ze&oD(?MF`oZ`R!tk2M?)EFGDh80d>`!X$UwrWd_
z)%YNs&-2Kb%xvC12=zxA`RBg1y~InXvotM?koHhQeG&7vH~gK~8}z0k`OjrAzWQS?
z)YY}QV$wgA@0h&Z6kGb9H4_QGVlefEb2@)hwQEDn+#mYLpFG~T5QW%c|9`Ike+X4T
zm*xLZR3*=P0%B&E4HkiRIIjMGksfGsGPprdLIb5P|1U*onz^=V+i!Ke9VV9Dw;y*J
zj5}mIpCGhD6$akSXf~-~6F&slop&39Nza~vHa_M^W{Ux9AeoKbV>^-c{*KO3hY>`)Xl|*UFi+>|4n2`!ILe!OM2#)>V<$S-+Ag{O6
z{&^MC;hrPfy7&EQ=@0*Mj`@vful?-`VT+m}>yAELoqon|JFcKd!L>$jRJ&HRV3z@<
z7htDBMLRx1yE9g~s^9Ji?gc4v#dg@bCoHI?Ka6?Q`13aoEqfkIB5^{TY%&lz5xwa3Pv`;jAR(733KIRuan{Lz$EhcQk
ze4KVvUJwfvM^lU(c-RLfBqXRDiS*sb02+v~@)3C*ADT^S={N251$(uETVxNOW?%6j
zEx(a1^KpP>lk<5)Q^9+2CW=7HVJ8(E^Fm3eGE&3O+-$#Fm4SsA9^`AY^DzR%W+nV+?wxc
zgJr=1dcDa6UDMw6xmed6ODL6>UiN6y1=Cs*Sn~OLz`Sy!#_6(27~$v0!PD+}bVqlk
z?RciivEOU=8m@0t8S;86->Ha{rv-U-sr`3FxmHdZIF>+(E{)|#KAW!Cmw(w_m$ZZb
zR4H$FN`dj2nDRme?TMd5^~@B{-oj+u(k&orq~Ut9kBff056G8yubTdTb&Nls@5;@4
zG?{OQp;rC6|2@^ADg^J)VGPM$h&S-JKUP>h&L6N8hzShPTqh83>~E$1I)7|>!25B1
zd6pR^pz~i(^khag_`YE8wZF-rPpSIFv%ZO{*Df0b#NP{gvui24#~ACXnY!pj6c9%??B
z*C6~3fJDT_hPH1V)Ms3
z@G?bKl2nf}+HxNhd*4mjA@>O=3z>KV>9c`+rVo2N3gqr@dQ}ZZWKT|N-0v>tKR&b=
zNPQj`j4#wmqJGi2*B#rOzgfng=I}jRQ4L86Fpw2+8MhSDmpajnlYLDf7}D4rWdhr(S1VHBEX^Iv5TN_5K2bq;x%x)5W&X6F=gvd5>JIe<^~T-pd;g
z8WmTNLQz1v8O7{%3vAZ(
zKhjIl6F>0u3j7cN1+tBWX7#F1reIO4ZPSQ9KcFFFOu`#)fvFr4@jI4
ze!2^(SW!*3@Mh)rARqdC@2bKFrJ$yeNb^YCU|P_3qs%3pZPABjx|#FSuioF8GEm;R
z*e-dAk04EYaG{N|c{3Ft_CXkfQDOc?OnUy|N1rmks)Y%1KgL=hMa-gBTrT(4!$!&o
zGybMueD(tx7<0)veBc?@fYF-(^o{&fcsTzx{hg)=?q|fpU+>Rvb)o4k&U~kN3ehGt
z*S{hQ5yqS8&jP0)^>01#_@ZZ10_S(=|e6dN*cYUf#n8{#u+6{`K<9YceMRNJ~d~
ziYNAoShR$VqnZ!hbqD-!1;GWKcefCYA#S3~8zqXS$4n^h{m=Ydz8E{cpB2XJ&!(rr
zbB~64;DMNq#f!%l`SLNjl#mXui#zviH(;t9&MTlDGHdOS6Z_*U%%|UR!o`&pZj{~^
zM&D|1;ShQ{5Alvj77@{Z9ymQ-U6j%V4cvOZlhC*wU!t$lyI?GOcZ)`bmU%{3uV_wj
zr4cvVtX%0x->!Wx^hpj^Kdt>eh_Ds2Lh+TOms!ELvXEds2_oF+A-V?^B}g0#sVYyq
ztYN)xtARoJ+`&ta>q`!efCd!euA`&83yUC)@rzHoG?nVn=;NGwLT~w?Ho6i_BZ&d=^dlB6=
z(BE0&_z0y+y}p-lpz<6?Dckp6AZL7o>sJ^zVV9wcH4bkty+_L2Bi@ts5WhNdF%8=|
zLd_C3x!5xactF4f8f?+9(hnb!lg|h*HEjXGMZYw!ypp95c$+R#^n&n5GNHmRxupfR
zh^bSicMnm7+vWI$jytuvr=ybNCZ~nzdcs0IY~PSW+r@TN!Lx+;XG$$SXpW54-4|H_)SSBL&^K
zs~hDkRj!F9I66b*Sl)|k>%cRgaLom$VK56uY%hM8TWQyF&~RZfAa5tHwF-ULQK`yW
zf%FUpBLv^?{i?4jG@7=%P^e-hQu|vx_
zNed;z%fUXs0xYah4JYV2n^C3-P3Pr_aHbYabpi>Vz=qVk2c+RHJuSVkWa)+sW6psH
z7)~4^J`4|Fqi;Y`E*dbCgx)$N7$nU1dtr*O(r%pdu|WV72~3@>l7s3gzWUg7{-VEe
z={*`erD~cp;w!Q5|75m~US&F#Qt#gh6FKyxJ+77KmB1c{A{@mYYgA{ZZ-T9|)5^
zgI;}A@Wl?_O2ByVckM%B^Uru6sW9M`qdtDxmE!(%YAJ>EsqVT(8KfjD>}ijjd*ZHC
zivlGP;}ua)R^Kk*{Snd4^UK|F5&>O*hvw@~hm|HC1s2Zmq1#gxsLZ$9M70p5VOfTbbLTjD=d#z%gO~$thLMO-4iPsa2=(ew~PlQgt%&XllL5wEt~P@(m2|<)DJrEv+W`_24`^6^p;&D`R(^5B
zDSU3HLCW+qTJnDGqP~`N^0@mxbB~KZRofe1h@Sj(I;W80DF_ixZ=WaQ$-siF8OaMz5yB}QcO*gVk3*($c3Za$zOM%ax^6Ew
zCPyaZ)vk=K0i@ysWe(5Bm-7yHs+9MS>#exL_{Y8aP?2X8f%V*j+0I)y)33sL5{lO-
zeYYh}sHhxE4oST2>JTz@7+)TeZRAhBWQPwv+e0(uFeiDEu5;Soc%a$;QwF5xb;}Kl
zm5u;qRoS%;r*E7#MQzO+EHAn2z!L%`S^u3BIZInxxX$$uC?m|4?mu%gjsw6$V@_{L
zc)#&F0soa%2ltkpxcQ%Uel(r{pnvL3{@-=ta4BT`?XKu#2*h{!Zt=eztorZg{gsbN
zWQQ2s{h-u>js}6bs*pO%q*i6`e?+kV*&IO*X}_cqo^|4`Wvp~mXyc9%Lzum3z@F5x
zby
zXiYz2wSX=5_6nQVU^wfH2otvRO$dTE9(sL~xr;IY`ogNrW8)%t
zi0~_Ke-vp<1Lnj!{)zfgA?1`g?sv@-U}ii6I-VpO|bJ(bZzVh0*>_0
z9*Wx+QjF>ogEn?U{m(7-#>A&AaE7y9Q|uas)E6*uh;^f{QvMd!%E|+;dh0155=LBfR6C+>*+71
z!y;Kw*KkyO^C|f<{TEROz_C5=K2#e(snY2BT=8y|m(^>E
z^sO;=74-CSBIumLWR32e+C)uqfF5ll_J?nQoQ#Y>MyvNUx4KC)ih6nq%1mEZF$^?3
zV@CCBN_#NYxr_V@&<;HdM?Dd<5eV$>@5y6*Qg+2l2T*wgC`cN}Pr+Z)u}8*hN72bc
z*%$PxP@kT@X(~_t?CFqlXqRYKDw)|v%4%Re6u<-9=#yM-qiR1kKjO|tPG0l$T7Q)i
zw$jf(OlUD(Hghe7x>ui@K`+FR6USCK5Oz8KsE8d*;jGL{2nW>$FZLS63R2dcr7uEt6LiwhW@DP)1Q
z-&pLq^SB=r@g`ws-A@|PQDtK@2eT3C$z5O3(lq(>nkz~0V%C!0{6~DMBmRY<4QuUG
zMxQzRX}_jY!FxE>;ODR*dbZm{fFh4XSxe72tFtkJ0#O>%ZpSH#`nn+QB&;ytEH+Bk
zPJnP2WdJ#8=evxP?L-fc!v&KRcQxroWd%;jX*KIBQySvCx_$M*-5aAP6P(_t*UsCa
z`I=fB>I9kB1Un2WL3_!1D6064(4T50|_b3nT+6TqvpEG0x2L4Qi+D7UcKFR`A
zLSIIfg#s(2T*R70ZJLoQi+hTjX!M&<(+kf0fI_(l!OI$*u-mR?`eH8|=_(JA&RMrl
zdci=D46Z>UrSttdwRPSS?7o*zg{a6R|=kfv@ifEtXe#
z$m!Yh9;5mC&0eZxAkc|ac&{h(%nAavF
z&AWg8gKj~UXNFiLz0jQq;-AY$EO?g-aYvg^pCAZo$0vA
zU7m4*ePNXnv{s1@2qvA6xm#s4$ZQPmS&pJ;zGl)i$ikU7S9wC>uvvn!5k@+v;uVbb
z-uN^+^4zNB!ysb*&%F&2EL;>BK-rt6hVyE(2vh(
z{k_dOQ4(hcUX|$)!tJ9s5Ibp|ezq9+0U9NUVkW&m`*sUf+;M8S4Hnl|7b;yH-NXG`
z4Wbc8Ie5m~p48ufVBExfD(zwPOth%~TNJD{DBgoL{
z$H<86YYx*-~aRI9TL93R&%YOR{SuzueEu(J96589K3qPlCpbjXpeE>
zE49>LkYblQ;dnQNj@~FU-auaVeiM(zf7P>G(YgG!O{!mi?3;a5fy>HV<)pkao6wo#qM)UiMBY*#L
zmvYV(UIbmq7gxZ30n@~iHwB#_!&#!4XqQt}g}6q>w>gxgus{1R>pHH3`_uHraGNA_
z-?JF9;Tn(=a8pt2qZ#c$rbZk7hKRUv;FB{J!GZhZrs$idS`})17u6@&LKFfohH=A&
z*d4QbrRQN~F&O791pyvdktLWieMfz!t;+j-=ynYqhI$Q*n`_*qKZ-CGWpZH&Jc1l{=iEK77z6#7MbRZ$&^O{&g{BB@E&x(@XL8^
zTRzJ{qcAGWqiS+vPdpI02lmsoq_6`BuhN}6mI9F)#0zijoP;x({sOjlIDl|79KC0m
z^s8(ru=^ew9N4O+NYXJMljOlLUZNa
zpd(nIAm%6u)!U6b%Omgd!>LQ}qj?uU?4P5~usu?tshm0g`^$nVP~Hj{96G0iYl|Fl
zgqN3*z2lj$GLi0~*mttnU<``ln(w;8V}YLgry|6GEHrn8nzLFX&BaL|T!r_El&)vl
zwXc(!MyeuN|WAuBO5b;tfRHh-3x7
z)*ILI8s&pZ8gumJ%D|heHF)!gZ?F@u=>%4C3w*w5^|rt<-YodF?1KhNRYXlTdy^U&
zcLSFrsDA8o5Z)T9xyCRGPjwN%64J`(X(jJ
zBcPAV$cRUm1;fS24IDlFzP?JxQ8^2}i-)V!@Llb25f
zsnU<>7?Dwj9jFCxidp?0eaq!>DvK4yE??JIw=OdCQE#EW?
zh``U-g~%fVvA80uG9`ZO^vE@>_bAINA1YMbG?;LYUdk@eAb>Es+-4Pg8^`-ou_BW4
z!h^T|X$tm0ybtjv+O!)^U{MUZ7{v6Gzcgs5h!CV63T#}hzErBiJHA}=L25rx+otYT
zMcR=<2Wmr^{M6;hYeYG@dR$XCGv7ABSx7@oZKREE=)oe%vK<%vcyCmzW)pi(+K_$b
z@QwM3=J9N6}-mkRg^@tw9aoaMRu4=*_1P%Ln|JTiHW@dU4?Q41B$({>Gy^dwKlg#fclfr~u)t3ZzCmu&a_38TZKSHykcI##{VV4?3Bhc=
z3%rZEV}kxXK!6@p8ehtyEsR+U&k+1fQV0cgFXsdYQusqwgtMOJNK~t}TRwK9m;pG0~gmub|Q0$GX?ozr#
zdpY&s`wHVzw(jCl6FcYN@ZLHDfRRr{$jB6SpG}_2$ZS?kgG!Ub?EZM^iK%y!x%iQT
z=C6$Y+4yNJljiEe#iI_Yk|gc2R_p3&@Yy!*Yz5*uy1L2aFB&u;cR7Zw`xcAX>e6)M
zSZHZN31VvLmbK;=z6>*uU}LHhed-Dp>ngvhU0+l=4Z`}z(nY#CS9<5L{jN$Yo8i_x
zZAR^dC@pQA!_*3u^kMuHw2AJVqo_z;O%I}2Yp7|*GMpdOwKdd(xS9fcSnQ>yG{
z_cM)C8$)k{FIxxq6$R{;!H>m#lQl0<=xj^P_3_fKBWX>%y!C(X-2Db)l7&9~+uO
zD~#eTJbsN}T~##FmGFBl$7l#~?e*ErTGwEk$!oCGFI2QscNy1hqHFCwAPmvl5o-L#
zzOwQVQ1?)6s4HZa9UCSbx*4N;0T*c$abXEwaJ1f8y39-tZ^zo^xkw%Z3t)+-e8@!>CDR~kUqd+
zbe33AU@2@c8UyEp^&d4HKnZe!iESm!+CZ7_m-))0x+^E)=FE}~Y!}MTqiVoyeLBqE
z#CM>!`cr_N!B7dRTSiOpJ#WoKhUm#)*aApQn?QtrEwv16Ge^|`+4H+Sl
zGG)Q-YY>Pyi>4?IoZ<<~-6hplfN6i2I+_^AW#{0J8jqY8s8CszYR~_he#{~66-n;6
zlhiC18pw
zRc0X&ANLCBI4ZQHfBU<6Ca2{9<8n2}5@|)Ff$Y@Pduf-2IFFa!Rqe`(H3W&~(utxz
zR>I`EyFF7&ke)$N`5!U~-z5wUoSQCZm!pGUHYa+PJ3gHg=2`BlT({&-jiD9m&Mx13
ztOjv#BQpAsYN+V(1{m*-<*v*p3>y|hmveN3dO3hw7lDgbdpNtcrNAidT+%wNUp;98
z;k84Wfkhf54f)RL^oN>maHfuVH&w~^@pIza(1oc*OoTrovpQa}PQwuCM8w-x4%k19
znzm+X!yX-5`eJeStIJ!BF<_=Wm#0Abj*0bEOTX?##(sA+1m>DPOuJOUwl4J0LSt=q
zDm`GlKIfn{ud`N%Jdn=!6%LncX@IeTe9WUHb3cI
zL@di3=d_hm4apo=JLrrpWTQn&6UGEZ#4Ls(zp$F|R
zD+X<7X55OPhJN0Ir8_D2VLeCbl(t(3Pp)A*MahIQw$aFUZn=7RLy{B0O7n~B*36|H=!_Z~f^dBo^rfYjC^SIMjTtz_ky_AA;!+5J%DCYIr
z5f?ehSHIdc+`SyCpL#sdsLddvFQaFJZWPhJ*tXMrJi|sTUq}@y48YsYQ#vKW83_JM
zM;DLr{i@R2&1^#*vz&Hgjoo$A*rSX``%{PAJ|azL3`^KIX({V1pXN&Hb#_KJpW*P04tXvFHL5|Cg#{v>|D0gT4ecVWsr4q~9^j|2)))5Q
zVaPLSj1_Ok!E8O#FIe--+|&8RNXm7CE+WS*+DhGu?X8`c;&$qzqC;aa)S^K(O$x7FbV3I`Xp
zECxA^BcWI|_#%yEDroLtIek8L|NpKi%#|tGXzp^)(v|HU9%$so2h;z3cj0hhnm@_^1YY4mmRmJ$KN6TvGckKU_3s7sZu^Cr#uMd@K
zxB_%d=m{|hf90ghJ3DA{LsSZ#*-T7$e<4?fpgY*3JruKN3p?_n-dwd9o4
z^o0u7NHu#Ua#&D%!s&k~j2;KyO!&FM|J9*gAiH@R2|SHld1=
zP375!v%5WYE4FZ_(YnSTPi%u8s{$PQmm`g%dQHP#$<>B(s
z#@LhR6`H?#8tX>V7eb=|c@ctdy6+E5HYn^P$MSlEXI4G`ldrYE>Ec*bHr#KTz21NS
zt&#srA^tEF#hB?eA1ljemFMovLP*dL7maIcP!?#)rvvR>oT!!-|A&KtZF-0Sk@9Os
zXsS>`5VqSqnf=q~$%)EEkS4CLCtlKBz}L~V4CC#v7mLR|uD@H7h2sc6F|SDEg=*X7m%Gv{Qf7b5A_W)#c6KYCB|H|h2n)>{xQ{eF9
ziO<_|mo2XBUf_)1oj|2xg3ZQeC8+Gqo5U2oeygvijz(uP7#CpJh)t-$&~sM*DyBNN
zuUx+czMuN`WPio@(B?(p@Ub&GC~+t=dYa!`VQIewxEbIN3VIsO^YJ|_`6?7&3tFNj
z9oVnhOHI!q>W799vYo?^(~^=$Ub&xn!UmBkI|CF19y^7%R)}AJl9G5J@xNv|xj$z~
zh%u%2L<4QRYPeT|Kq#*$L2lk~+-*-d7iYXgi@IS025CWFZVej)iV)aP;J>}HwC4vM
z&B=TA+Ee`i^pumQMbKIQ3h)_G*v=CX&b@&X1VJiLyP$Dmz!Ro2H3ja`u%a;AyW4ROWs4ckuF<6%YoFCi8adJ(8>Ia
zw;s|qZP$qkxHvP_4JPVmzR*Ba^M1!I-v;BP5og%7Yu9>lJksd>p;HI&c9hxc@6qpGnP4^6X;V`h*MVopMb0Y>hPN1afI3Ecfn
zM@dozeRk}5#SR!%m=%^6cwJ$i;!V{T_uC6ZGj)OAp>XUDFW0<{+a(5lwu!G;6Sr0{
zGsM`S2smEujf5DsPp~{sk5YTX;ZWz1Gj&mriwUFTK``8tXScr%Nc=UzY%;yC?UFj`
z<%ZVY_+XUg;f%ngPSkmm`S|gup|oq1oq5}qp_h6uh1zEtwI3h`JmTyoonHW!5D0}$
zC;n0d*+kwhUE?Qx*tpiw#>kN+>`d-*0#pnCN`BiCxXMLG=@m&kne%bBqnGn3_PeQn
z9%goqgCKM`x+W{tc
zIp6xKDw(ei845yvIyX}nK
zuGEf@K!@6}(hj|RHVBpf7KzavS-t_(J$I<2kH@?U%GAl}|sTPVM05++iZxS`b>kmGkdUDQLVDDLR*K
zl-yo2zOgbY&V8L+H08er3F>7tL@7e%3->^7&`8_T_C~K~;#k&VUE%H@PDC`y2Ml3=
zL;FMh|IYUZLwHia!yr)J_$NO6zmKT?uWFts$Q}=^1?>x-cmioBTa7P(XXhgp)ipCv
z#^VvoFEH#bSWg)!M`GLV?2IP)_l}-nY|pxNVJfPCcx
zkf2NWIRYN@<+ZLr`sKVI*)QQp#Chard!kIu7Ae`UZha
z!{Pc)?3GVE(3fXdfTwd+1Lx>udJQ(PTcv|Jpt+tqcJHV3&tdHB{i3U^SHDhIJ`k5T
zfk3Zg2MXXPe|lV9L{9raAg_876vVUkmI{77-H>RV#Gx8Y6Q)GRITR`O>cgHG&#odP?hTCpMGBNravTuGx%
zd+olH?ttDtmQC2R57$YYgZ&w2Z+!TeCa(W+-CS?eV<6@nTpC$u8A|*y&}JGs&tuOB
zpqC9_R?)t9A^}oO1?w(|FNu<_BUMv#G@q7U9F~(c1cp9`$7>5b;i84h4wTqicFVOX
z4jW`Scn12}`*ErxfQl+^&II`u(F7-an8cbzuNJd4tK7jRGKD!x8Oq^<`COIcwDNk=
zS&~naad|@boqb>pOfdJ5*tJu=+Zz_ZeAao`LsV4~a8G{Flx^
zc4RJoFi;8O^0Gc>3`v36$`1)BBk+#5=21%>j(xbt$C8iK#}>Vy7DTl`Q!pLq0lR?c
z0GOUDq46CaqW9hbQU|tB;Jp^dVdV#PwJlyPz~_g%{}rn&Tn4q+frSw%I388+#g2d0
zwH-=DDb{|gc0TOBt#kMFKL*HPejGq$6Ke8f|0QxiF-;k#t6ciNKb9V@Rwr!X*8knU
zN_K7yW>uY3zw&E=kM8z2>qzzD54H--kRu~Q%8>UNkrx%?6;F4zCP4n=K<_U_-wFn7
zEw4{d0g&I{R^FX8Z+{;kTapRBcfr@)?>=-N>UVUlaZPtk_GSWxkzKINr!t8xXrJ<
zGM+f99x=uJeBzw;XZ2PPSJAvIdICdq_4;0!j0f9pXbGKOuDq6?YjtS2{0rR#
zo8AJhv^RRjTSddf))f=Ct}#9TzgoJ}R9gj@W{~TMoQ)FmoFU~od>ei{
zv0~@J+aCFJ+Q0zl&p{S^5^yW70)K}PQUUwy7rKd4Bx08AZe2#U#sefWKG8DgOSCQw#F)d(&_1w@XOij;0@pIi$)p+M+
z@WxkWR|@uuwgM#%;sy-2j{?>%*#6DRetI2^zWkalw-n6XR&$ihSn=}_FijV+c6#Hj
z;c9p>if)m`t(Sfm@JK`Riue$Tguyy|P5G*t^O*znR1tOZrKMPj8%z;rD|ib3K&bKJ
z?}v{@a0AQC@GL-;6$O}{hmaU^K1$Lz5GX0&L8Rtd70Ap>9oSlO;sI%xI0{QVM;H71
zp7bmJQeccYBX%_ZFk8^i-r3F&;MI5V?8AMSxe(sADCCkk;dQ?49S59JLU`#y2VR@MtWaL625
z;N`3rTIgujiyH0loA)1&C+K@_K$EP^qyT;q_gP^a_&FVyXa0k-PNSJS{d@Oe0jX=2
zC$t$Dc-eWQHT4`?^Q|h;KjQtLW!iH;M(sg+Z@jf1qwG!Zh1%yNdkNFHutU5Huz-X+
zh8q#KvII1X^xZzj#lTmvo{^#O^8H-N{Jg6Bo#nuHDkcYw3@v-?fV*#K^Pao{Bw`~;
z{?SJcNgonZ3#W-&$4U}%{T)#yK7m$IbN-|O$Zmy~rESNlds0(q16U=ZifO?NWX%=$<}3XWp`XpjHP}1km-X!dF&xgFr~xvf{F5
z^-D3oD7D0^Pjdm{j?+YUlyX<78Y})-y76I)Xzn?U%z2D`@sA2itN7Fj-B(sJ?B(h@
zLyvZxX{N_P&JwK28Zl9x&?|NEO4YIw2=WAB(NMw12Vh<_f
z*ow(E)#FYQ|8f##i-d9(m|9ao`)T+4>r~7FV8NxdorF8TrSCr6tvC~kvb?Tx0O}tp
zJR_=+CPUPuVia2lkYeJ8@0OWJ(*nS!iKWX>{ePmPPV*K0JxCm=SIyF%6WirYrswi;
z2MV{f-qvv=5}-wGR?aMkSDy@#i(Iv0*(0F8J*>kW*SIGksN&;oG=tFxckv}>h`bp)
zCGEQ)s43TnG)TrZae_`C^W}lc1U(hoK`$pY80EhkpeLKC071A_4&3@y-6gLubbn7t
z5XrJCDUg86yF`BxayJ8=teAgkY&!UzrP?VFg0P?IEg~Rh-@ueqA#l=!;8b~U(-xm<&
zz2|ts7u&g@-e+aaY~eO?>$SNdb1VZ@iFHOZ-i#VN^F{OZ5OhtS0=3y3NaZ=_r<#6x
zNhN&{nUA>0A`W|^OR9qz8-{`FBLus|ub
z?%Aa`meP8n_Viwnw7b>FUA%Rl6N7(`({O-T=w9EXn=3?o9esHPfWet>Uym*d-I)(O
z3B=fGW&PB*5RZQSs5PL!^Qs=^mkzbpFV>h(ybQMzMI|s7_+9=rdvxPR{reV#HfA}&
z<}47yT!JWA^UWKeiUY%)Q4or3KqaNNIN>aEctt&~15+N^K*Dpm1!5Nc3{3~RkFsRR
z=eV~|KSF@Sf4x75C=H8@B@l!fPc2w%KlfF@Qah{}@T>#t@Jw1d{bRhzunEIO>BCh&
z#*eWe^0)QRFUM_e?x?d(w@+7>sXFFGy}tY_rS@vkcOY1A{+}{}Key8O`L~t0
zsJ)Td_O9OjB>OYB1@}eoC}ODBnzF3Ehc`;>yUfpbia)D2oMUqqWuqcvsXye3twx-A
zz9c5K85@lsi~rgZ$QPcuGVVa6I%xTX=R
zpSo&?u7)^2TJwzNy@ac!J5W$S=^H}^Oy2}8Xn(o)$&5rQ^d5|pl^gjlagTZsPL$_F
z;R&$`gw~~jMAW<{?|BQWCZpuXQugCL1x9rIh}p3BF5jsjCxT(AUkLiF?K}*q^g!pZ
zN<{@HM_*DNg3{Mr2i2!PXNT!xoIRctDZ39avX?{d+}p*=1V<*722;PP7#zrGZu|zl
z=lhMh5}T(KgW7Gir%|5D<%agFuWtgVYv_4=N-yLxTF+-Wh4#;NsI7{$TW~F^+WVtF
zk8@3AcrqEof)l}mV9>v(XOP;!O$?MiNXj4EFjb|#zUTY=K1=z_fo=3i53J93Sf9@^
zzmW-FKk-WtNQD9izQfWD8lLnl2(_LlSrGEx$mvP0nV6IqNDY|uaD}B*Th`XOxfo0?
zR~TF}SBF$vewTRp{WBo#8`@+cZSrt7kCPQokV=Tu9H`)TW}0f9x|O2th(~I9$pHyz
zA4+i>2YU%B-EG~U({2L4hd5z=8p_AX-}?RE(r`KBFm$>8R-3S_khvWOOzJa#^uPbG
zP#4(3n=ssE`lU;E-V&E>M@+%FQE!=_#glZGpgo%m*2kJ{I<6}7{l>?9teA2FF@fto|>hwk#g+eydJk9Qy!WMFaR{4gg#*-3n<;wbjL|ghFdg^>0
zhx?^5{v=34IW%5OESJ-Ppbm^sJi{VZ<}dI$Pw4T1<0%iLgvF
z(u{Ee+;wd%_RI}`EO{!p>jt@{xj~g3(Pj;fDLwHjMSe%=2)~hY&QaE(SS^1V+{_v9
z2s$yhTT?%+H-Ue_=Dcuk8k@Oo_9t1Zj+N7n**UB6P?v%(;JCWC&_0A;LM?DtHzIwA
zXS#K7k5PB`Cm-~-BW<|-h(K@87<(^gY;~SCmD|d_oRFM7G#UQ1m*PHbzxT;SZGY|3
zM|2EcGQh4#?VjwC>&n%1{U%`QSLpW?V(g*WOMc$=woe`|R6}mIAy(qC*Gx;}#+40v
z<|(dlQ$iKf7CFz!?lD|aZSB4D+YEEQFIb9B0$jJldiqH6>XXBC2~B^m8V5!{&yrcF6#2>Chd9>&d^4vJZ(`v@H<9$uW!N)FSG{6D-E~E8DSDwk;03-B7Eu
z)i(SWhb@WF%`aGO=EQmx1&WeWDx(2D78;GJ%Aep#O+%!`h$eYa7TxE}j=bRrF=Mh~
zzJ&X9q8s3vsv68NU%+|)T=uRQW*bFJ=T9mA87zY++*lZt!WIOtZ){W@CcxUc_&-N`moS=Q4PP`fzIOnL8$US19$Ofy2hs%ZVqL(A?0Xt0_q(#Iw}%`k
zJF495$vlll*NdT{b1156Q7BiCN~14=nJ6;Uq}LC5*Fy52?5i^t=Gta0YBWi96a6jV-*Eihk8fsp6*EiZm_MeXZr-oQv*tl~_K?C%c2D
zPe8jQs
zeFKA$(n>@G2s^(e0&WPUtzB~F<~1x~M4@hKN>GIZq7IYQM-%ypyNdCKp0y3Dq{6P;n1~ybYYbhu}%wxttxN<_NP;#v@
zOeRn8h(=tIfGLI0cG<>P-m9je!u+eiFx;h0f~%cNYNQ9JMJ_dm`oZCks%XVCTD>T>
zz|~^@Q>xXogh*K&k`R;o?5yxB`+E1ZGvy7sE92p3=<-a*!@Oz(bbX1a6BY^S$wkv
zj`dkose*?v!x3D$-x%03yG)nZNQ=>9&KeO~tJmBm&Fh-umk$pZ_sC4NVI+m2-=<|)No{50tiC~qtu`pENP~Fz%XMT!mQwO*Ejku-hzc-$3?Tx6!>DkI
z{#1xbBC#H_%Kd$+p=0eM)^tx4?4=LtKURzN93!ZW{If<+
zmJrhsr*{!Vn)AV-CS2?KWJUUC*EL}a``q**#6hv+V}yqn0{}3anVr88g~NLb3#cb!
z4+!o>-#^VKM%=Yeqi%^ZI>ODL5tQJ44Maq0C_@
zu5qK2yCP>rTUFDsy`9cxPY#s{G|lfTRJIHT!GG3}ZMS1D^2;rpPW`aoh>TG|C>WQO
zW9mqF_)jFSWxTN2=DGuJ1Xh07gUo)K(T%7WByWxyf9fsf{@@&3@+8i3ebOTo)xJVJ
z%Id(c8H471Dw($b5a6lJ%iPkhB!a8TX`o5EO<&WwdqRXNqK1}EcHh`E!Y;|bB-X-q
za5TZx@Xpw#K3Rk=-COs%$L}QM+QFh$b+4~-?1qw{7~Vsz^$lFwZ9i=HinQ@Icj>VsT&8d8q*P=>bQ8dDB#_uVR&i3
z1?hoNYZd7W-lGYz{}uFSp2a<}{q-4cNKU{;Q2v+?IJI|bWHfXW>2om0jSu?~eb%eu
z^UARN0+W~@unQCn;y3vC};&W*KG%+i0n
z07$X?RD@3~RG^`No1&#qDSf8&;bX1Y3v4%9DBw%&-3)&Dd_)u#2_~;)A5owFUPGoS
zx<$W}6Y~KTC)gHF{4;^jy%lS1LuRaGzqc|N&$!ocj@FP(^fSP-ep>!iq;Rh+YpqK7
zAA}8JrF%W{y@x2F4tcAL;?fJb2k&J1@&?tPhQDN$nd?tpWfQ1p^Bbw4AK3DHZCRYv
z!29epbJqi}hNwl$
z>xaJ_s^}Ls3b^G>2sp`t_tSV$KRLJ=LZu$;Q`fGme5?jT=LPgbcQICvPn|qFy@G?gCJf)%1@sF~1
zW|A4cEX&*jK4=c!y><6%C&N1U90Nwz&0VC;%|ShuhhN2K=|dokwI^L-txGQfwMx=~
z#gD?8JU`;*r`nZH`ezbG#QEmx>(!U0JR9osnrIhim28eD&-1xJD4xEO)A+cg?_6I>F^_(CAA}>?Qbov?(z;~il_^N+@&`noS#qagjmLOn
z{9ub+d6cunC9B+U?7xTA=TBRp7zS0q}yiWsKA|DJH|>?tlCP|_a)S7
z__)(%8vfpnJEJ0N=6kh>;_HVgg5xQo1Yl91X0t&9_KCOq>U#<-?~57cR*?PhM`*o?8s
zmp|f3Giw$dcRB43#1q;H%ErShI
zLN89$G*exp!r6IFxx`*H~$NV*F*cri5zWuAexM7ryE)D@`2^o79Ijc^m{SV?39*FD!p3uie
zUhdYuLf=S#-KcxE(CVDW>Oa^xPWlI8BWr-ZLUnh}n?@9BAQ9j||DtwBltaylC!~Vh
z+#FH(33|rf+}`~-
zd*{5IW!o0|6Z{@L;sb_8e>@%Wj)T7;cR2#cm=-{oQP=z&%R#6ehEgubcrCJGS!yJ}
z=SbQL|(oiO0
zMO>aqom{W(%;#u163!Q7*a>r_6>>tfzeL*
z;=nTVWcGgi*0Zu<{DM>gw!_RC&Y~m7_!7jp_6z5dk4@A6;ObLEL2?y^*iTB%{R;C~PL|{`nHKH+ee8{f(77%%3&!X19`Se=DYdf6-&BqD(3(lYnm=
z1&ZXo4iy#=#=bP?5wjS&(yj*3XsU^gkyJR+g*>GcuP7+F
z-1XFGv-oZsu8lo8e$5^p)(IKQT#=!6+9@$qEm(H0FJBNllm0t%n2xr5UDYy2fSLJ8
z3xN2%HF;RsfJ}SBg&&#?F6Cv>il}!6LbwxDQ=Fi3sbQZq)MHoe1SkHlV@sX(tqsL0
zEH$X)vI`BbIB(iqwRF3!dTy&jsIx_%?=U2#BxuqSDK37bns=mcIDIv}17Px1rMU~!
zx0h(&pvwBy@#xWHge%$IxSiroHsYmvN7MNmySmYG#DyXCtLmzBc1kvC_~4M7<>P}2
zV2ZeBw649j^SzAS9*D#s`$Yc6bPBkb!R
zrOx_a(hrs_L59$s9r39QA+5pht~8i{oJ`hF9ODJuYA2?&O~3r#cYHw(8xsnow7#EL
zga5m-EyMBqS{*=GO**Et>;a(HJyeDOTw3xLOA6yyABCJ8A7q<^#SlA{9Ec^`9L{L~
z5{36EHR}9|8Ctvc=ZQtjd3O{CUG0E%dn+`z#QeOLmZYR+Qj(f-&8PxmKo0RO0&VG;
z(Rp&v7%9cN;VFC##Z|ZJfPmZShSLcsyX-Oq
zZ1Un!mNUCI^hL${7jz-(RmifcN9bhLEb;VFVXACoRQ*_XnlJ23PmFwOjnNNTRKj2O
zZ|B?S
zf%)N_$^u1E`!c64$k6?(T>56Nh4b2~F8u6&dj4x~5>j44=0urnDfktwhYq{d0BmLc
z7t9^ZDpHvJy}k@1gM+JcBWHKStGjjrs#8^Q7Na)|2l68H!1)%b$rOlyY%9CI+KRCk
zI(%`|dAjo<&3#L(vD&((e8JQiTedPEoB7(zs+laMB=;krEyJFG;sM&$BthcYZAgo4
zAn*16a%@8jByuD*nx%VE)fKpGbO`@fNT^FPw@r7LNlx}r&_
zJ=V2=P8Ol3nsDz4|H|-5PUYe7lp$~zqJTsOojjb#@w4ll;=fULaLaih
zO*Fw?`FzF)PoTRY+WDOfr)Zt^u-Xo>%_vqyxxSfS3E(Ard&RJ}M4c->q}Q%Wv|YVv
zZS_PF@VUkBPOZ2Ir2WOuZl+u?MNnc}do7IEbx$BVB)eOA>}Jum?O#dTM@OiEjqY>@
zEn~XDSq`|vRyzT*x8UjUr`jrd!+cHTZG;9TdQzY9J8TF--KW~t=pp_#&WZz8nRGTq
zt)1k9quHOc&Gd&CCJcxBbJR5|OF6*&b*d#n-7NhpB?Iw_UeZz4-VWxnzHMyRbec%r
zt$1n(wa{)F5?_=We{R1-k(5(W&}S&jWk1~_yu5!Qm+-YDUbO-43i&vBH6Ao09DrZ8
zXc=(5lUFS>D_VjLE?5g=KUl6D+>M$E)QUD#3#WN{SV4v8ZO>>PlVqfV+O;#1MKPwRGUl-3Uv%AO
zksU|M6%5pBch=7hFfBuEVM0Z0zk8`Bx>!4(R}J;6qML6rzqBkMs(d(|ixCl5{cw_f
zn2*cSmN~CZJFh`Im+IQa7@40nlTf@{vOpR+UNmofG=y863Vi^y59;6*l_^s}GY+c0
zblNQt7>m*pBmr#M>7{zvoKN~L?tQLYucXaWKpUv0qz}eimdq@_yc1T!dwV>jXA#kN
zT`PpnW@GZScIWoI2$}i#25-oOS~eVNqJu
zO-2~&G2%GW2U{1KwNwuRFVv;{Jt40?U*YV-90pZ}X?fW_FfPz5Xn)E}xl7kw(>e(<
z7^#oaon58sLu&D~s+29-sW}_@Hj8YKnDn`hdEQ>
ze_zrSGXwHrh>MN+m}zjf#}JNDZNjRN&~{1h&O4K}yMFd1LUmG445rln4h=SoQ7#gm
zNY@={nA68~O7KxVY)7u+%-3H&viPgiHUi!8X+}pkIgMQxsbl0LSgp`^1@o?XU_DY+
z<9K|Ui9$QoOe@=Z@^zi>+9GQ4JU%x2wph6_ub72IAr1H7*p*my
z8Ks5?Grpkr7}+Qg4_ceQdsdo*5XD76p3mRa0Jazb&oddeL4|^gU0xs
zjgt&0-**7QhZ^nmeT>gU8s5krz{_N)zK8u>Ooe5}MuIu*!abF~U3!d0J!gnu1~s_2
zy(ru`hU9Jrw#We%wZXp=7S%0nk5b_*%pf*){xIO7ocUA<8zZ?rBrf}Xeb12n-M`*p
z>$~aqW=B-~FA;lyYRis~_oG(Y!J-u0gk&|)jv>W@`=wr)D=KV}d2&VaX`oFR4?(ND
zeGS;UQ0&08!Z`g|pqdEhfv5}|rr8TDy!~*oSI-a}_oA5tNvfZhl!YKDlwVg`ds`wO
z+iNyn`y5-d6>cEZZhfJu6;F=zi!mCO$IdUn=*}@F+UT7n#13MZu|AC#1R-H31&JE8
zu7%DQV-t~NU5dao?Vt|D5)bW_m$CQ*3M=)*B4q|ui2;dQAW)oTzR=z5#`7I$^!Qui
zXmG8Oqm@#Gs2{KNwSJJ-`UVi%_lLtn|$ovbe#dOQRLP~w!IWlpFQ_2P@HkyeXlwa;~17UteadS$C%#i_pxsc
z|3ywLxh?vDV}vBAIR8awBSz~&4Gx-m>D9SVQoEg9e|A89-c83wGq@*9u4a*%wfmj_s@WWQF&(K!we@r#Q*&(b-=?At(dol0z#Yca
zNi_fhsZDq_t*)@m2YpAh9|aUYG6O7f_{gN?y|K#^c5g)1Q&D8kPh?>zM(F`cYmV7C
zB;?&T95gO7yxcz3z6*aeGRn>*_*y7zCBRNCENxc#0
zZpcYx5q2*eAf4kD3|oHO^All9cS3!xs$vt=4wYk3Pg$70qvQBN{$sWYz7K7gRnPJ1
z+brA=P?B(a^OyHgoPKp87NJ$E;|G>5f6E-#SYkK<4%2^tSAy3?t^$FI+NC7eLD~ZU
z=Rc@_WRHC?hpK+?+0&G~x|;0Ca*6o%+MnzO~*TD3pNw;bb{cxUV44F68
zGsmj~Ss~WK-R$<>rdSo$UVm>!YZ<^`b7WD;nDh)zI{&<+7f_~sbLp~9Z-$kj4{r;b(vwV
zz>Q78>6!Do?FYndubWGnu9LSmvbBAK(JiyM^MFu1YF;>Irl`d%4y~lZoyTT7q{<=V
zlG6FuCz%ilsNhtq>u+`*XaeXvB^)Y#{&XvJ<1Jl{{Qh6MI9IQ><9O)LcJ$0O*^JTC
zs@XsD04x^{GFwNTW(-5Y%MEx2->S{mh#$_IQw7qX)A
z*|Z3tatZ|H1W@iVV=NCI60K4pl}<`i_i4BHj_759lbigxy_<_khC2|gDr)wyY)j#&b@7`)j;twNDIax+pQ@7{Q9*
zkAG3jw=@ddG1OS*i5w(EH3K*l-0B{jwF>$zI-m_uOO3l9yy+OognoOT{T%jDOM{9{
z4XbhF8B5XY^^YQ(Yx{TuL2(Rgw&j*15)5o8j&xv&6My*phQ-i-RN@4Jw{X?>kIPhICX%wJ)dHFE5Mo
zV*r$A*Wfv-wD{gxmFo#s^SAE`q@T9#E58-~osH6fB%N?1aP5F?^grf`wvYei!q})5
zPR00#vh}{&=)L+f_BRZdoM3A!LakhO_gAh2ACR;)
zj5PS9B>Wg@LdaIyUTXfPxe8>)%scu{%XQ=jJUFE?KRUi%AJ^I~`V=7<=<9|2O7h|W
zzALjH2$b(cST$g!B98|lnsAI-f=8wX=f<0?ObFHvY!E&Gt@x9CYNI!U={r=+-)$V;
zmangW-&v5nx4)&HizcU9H}bc|tx0i7=kmZO-tv8B|3MU6YM=Pv@em0{n3s#5^6o!d
zOf|Y$#?2+UhMGxA?!wy1uuK~G>$ahLNL`(Cf_qA#?tXfQ#~fPj+9a4GlXv`ru(+<@Z&T*Y1X
zMV~#R;=tcP+f1yeVlZRRVl6)Aa1gLAaNl>#>UTW8x*(p9F6r&PQYspH+(EXmZiy$w
zaeww2YC2M(pCsz(w2$`W*ZPQCJcz>%b+_>GO4Q%IJh*eO4Zd81Sso%Qq&PaZJ3PwF
zAkDKa9ye|0MFhrm=T0a0b1c^-UJbWmMn@3#yS4TQqci56nze@WTxrRYr?T<++zPSp
z5uXjGURmPlp1j_?Nh+INpVRIL=GtnTo51r?-%hT(
zQ86F-tDPV*!aU{f{VVwe_TN{v3tJ`Dqhja+
z15sTL`lZjpdO}DM*vB`;`%YY-E~JUUp$cC}i&Ce0*h%i*W^H+oZP1jHbklm(*R|UV
zMjG3C|I>};*=2!tWpTg<*SB!Wc3*F$rgh8J97z7U1(!=8V>KO0Td#2qKI&@lV5Ewfn^On*GerV_@@`hv#GJ5dV!tUa
zwTIgSBXz$2?uEN4C%%Wr;Wpx|MdabAgjJxHOZ`D8vICgLK4&Vk($#&7L7rNYIO()V
zSvQJehaM{R6>mwZWjea{;1#y1!y;G}EP3X&(cxskVpS-|MGqWJ+U{qwzqNTuk+O1h
z$z6mcFI=Bkfz>GV6Fl9+b!7R2x8Gm!l{ZQAR|b>&z!T|a<4d|{r|I|bFnIcR3`AIx
zflX#dv$gRB6f9f$-5L%*ow$jE*po#y>=4=ySdig7VTgZwN@zt68c5X?!J@Ai7?T;Nl%6MNRGS1=yTm9%BW2vR0hw3>7m^w0U2q#d`iNFv_2Z
zpkwbh8XEpnp_XCsgj3$p=LLGoVn`ItNFV7#9{mC`QiOQ+SALmSJNqmy?u#4C$cW9n
zrM8P|W?Ho2%o~{B{mH5^p3WE5c(?tiBP(5onVWKDBrz5-|B+m#@1CdbTtrcuj5G2bLf#K4uAYZX&3Y3j;u|<(9+dq5s+)vK{lCThs<9vtS--|
zCFJmZoN4saB(1n<4cg!bDxwqs{V82b|20;kTS`j+ky-@OG)qmiBzF9Sqz~j0;+hpB
zM0x&V$JzT~LeMSIRRfMnWF7-`6Mxxm3ige-zn0^phK7$eemazz!H72zGcuz0TDe(J
zncCNWCKshU3wmn^O$;Zk%b*;WTHv5mSnV0XGr~EdNX#TL=_xMS#qxx0L1AhjmU7x)
z^CTh8F)ycFPK7k8ZJqugZq_(NtE|f2MdI<9{Aqm$tK19hJa
ziji1Gx7jo0GTHR4Ujr;cFjwXpB7U2);S
zIX^9+3)?I-@?RI!<^b`IR3g{}%qw#B;}%l|7p
z{oh*J|9=-f+Bw0V?C1t_*d7(=G`$q9ot{slY28l^e&RcM
z&w0icW4KxF3lhw#sX;02!EHR4_BJ0sqW6D5awwVa`h^ofdd-x2_;;qt7V6XOq;>h3
zTX+ttxa$25iYJHWp#<=ZD)W`u=;pnw$ONt!p!dT6E=gfHt$lAleVG(LvdZd}>-zo;
zEIZ2hVgqv;?7n+~DPr2b@`;wsgTbYlWEwIvFEVa?W^z&pC9RJ@-5_y5J_-^K!ccjb~_-z`Uq*wsh4ORiWWMX3U1ULR%5~jWrg?^_s)p
z(h->#L|166(!%J;7=g5%vp?N<>L+b+S4rLj1a>FMl=Etr4cu$ieCM^xa8eM?E*6+~
zK9ho1T}L+hmpQ>n{mVhOk~QPcKZLPJ;`*yrFC+P0c;kh-rlDyyQTl2wz!y#;2uTbm
z46$2{E<1P3Xx?lJr>C*Y&CZL1L!=>FHm05&r*sx_hn*L@av$lZf8w#kOlguTa467O
zsbK9${@I1!KQT0)bWSgWVICp!P{GPGPsaye8ZAwti(r8WUNPI|(voyn@AeUvGNIJJ
z^#don3Rv~&1`BN`!Fsb?yXt~=_L1V~{rH&1*z(e_!d0E~*(0hOQY_u%`L~LZRMER8
zo5$kfxZm7l*eq6+rGOUw^oRiwA|Hbe_`R0RBtFZ&SD;i*Xg?;9vXe|QSSP<
zoxcZo83sGwFt|6~ZXTK!PFs$Nm^+_bz$CJ&b<9j9WaXUtXx6os-816`nz@7lhwqOB
z#WnL%-o9LOJU2QbmUoov9Mq$|2?r$(mX^(5T;_WmKY_ihpXM^ow~t8Q&7WM@?p0jN
zYRCKf+SzOH_)jU{RNY7$ZaZsl6(!g^nm+P8Zj3-tEmx-nV|o-NYxm?M5zJ2f(d5zY
zZ^iHQH9TICmE4H1b6ziTIKC@6JoRw#OXjiv+vz8f-SF$xgwr(9l9pJ(E{b=MD?Nkm
z`1jf>T^D&e@g;`Ogf`ISsKhx2CdqLP#Fl><}dEU&?RNf(B#h|U~O=4
zj{Py{`tO^ZfXhd7FJKnpKg&`+34+@+Z=kcJlH~z;)tC6WbU6GtbBeGDJmsFh=fic^
z>Msoq3%G=8S9rNK!ddcIT84bX{bb1d!rNTob)^0)&@Kb2dGPC5{~yzexei^sQ?Av=
z6XE)~2J7N0F1249Z)^mT61})S1cv|M8Ri4e$!~M+5bV$4u*68
zq=vALtSUHfw(Hr#sY|Vc0`)TlGzXoh#O?Q{px|BB?u*MiwbQp2%EK&Hltjdr;le#&
zbC1fW7r)qfrV)f^Z57x()i&7B4s5G?m2J-W-8J?E0@HG1_5oOGWX)Xl9NYP_Xkyi(`wE`Xn*+IhA$$x)cv}J6ni!D1;37L
z+^1uiSK(Sk%sCHM1gYzNF>RzHQs?hUZ7hFSuqnB0^?Mz&OM+LKxYt1!1
z%IQ1*onw9+0TCYF6=bWeF&~O=+sgO$+R&*86%8M(my-LVok^j7HD)MZgm640OF?^a
z-Sr#^p_F!nX~(_Fm)RvUXVYdpJ!!13?XBPPk#wui|9w1cU^~CD
zbDvx7N~xIFZJIa-OXPzezwPW)*pxouWZ+il?^r#L{5sh3NwBfR?dhp#AEl&Kd_6~c
zU6I);$8pg6@OGjA$)m9|=!v6{VdrA&OsT5A6`BMQ$+nzvGn!#ADr$;hb1&zR#kFypY*Ruj=rcs<^=bLD
zw;sPke8cD1pDk?Pu+>Jbo$~xK_Tu5wytCDMIMkGoh}bn}v$;HhXKZG>c5>*RQnu8;
z++HqJYfHtl#qc!0%tHYd85-Kx<@G>z2b3`JGQ*-wb!##Hva$GtJ5lSSdSk%gn0mT)
zNccIUds8vuyi8Nt_NCFHPs+n5*^BkZIMIZ+w_5HJPjitS$Sa4YO+qLj@>qX(@nbCH<`1S
z$hyhww$;;w!L)%Q64BLj$=l2U8A@~?{*scfA
z9;jHC6ud5LqT*X{P}wY}3R`lMIINr{xbn*$IWBoJNnaj+Qo4a
zKik)K^qbRC?JcCqW01aveSLVX))w57>@M@7M(%xmHyD)Yc!q6d#ow5y{V5dD?xowL
z)AAH+M|jQfA^VR6RsWw4{OJELe#!p>K>Gh3ZPCTI#2-yIIqMsoY}CZ1wmh$h>pSe)
zYu>%W>PGcO25sFtqow+>Ez%B``M=Az#9o_|+v2%06`S%a%WK=T+N*=NXJFf+xK~v4
z6Bnzn(?bzvu-cNw%>MQ?%#@&zq}4;cT?Xb~%~KM1g=5#ZZT5f(*Zl%}-a71__LLI0
z(JQ7u;?yhso;DWctlahY{~+$IqvCwpEzu+d2tk^J1lJ^3aCb-`!6iU~yA#}erkcK|@qC$%nE@oqc=xZ`$zuRr6Y
zO1U|6HDmQBYsVb0+8sr=Iy{~Uk*ulzd1gum^myQ)&0;*8KfWxy?0uGWX-zxId%V9T7p)1Qj1inLI!1=B)uJ-P+jl!Z9I{zvN|M-~yV(eo7G~D*B;YP+o_4isE
zpCEc)@TaL-;+-C92P1AwyY0K2VJyLa|?d79zKK1tap;l1EZ03o3y&{bj=14a@WTaPT?X%QK!%%N8km@phJxnE~u$YaxGG~
z`%)Ej_GQ)L<;I5eKuesmw|uM6k17HJetk%fgWslIRpEtXUsS{7JEU&Coo|wF93dCm
z9pTHim=0JR-I~f-E26FVp8YRqnGC0R+z;TLe7G_1F!%PXM|;SpD!05^->(+@hyTr_
zEx7DCzgurLsqjvP0UKj1*>I)WztJheBYi$Q*@|v#x=~v~S)MLu_`ZABb;HKmG1Ki~
zJ=lHkz31rbh;+O~+Ov)euSP{denh%uLZy~21aSjYsldyR%aI3?VJ-3jGE0~1ch1MG
zOyJ88d1Y`{1=ywjsNj`auO?0GN%3gT+wT3iP5RK@
z)$GYI5SVF-bR)^NMM|cHcv#Y+0f;%?l`dgJZD!MqfjYcbjoE{?dYfdYuoE{E67E>X4j!4Vvp)33R{>l5h
zq$2N%2vqjR8x>a?L^L{!OTkeH`5wDOK+iHx80xg2_9E0F>WHaR2#0GU
zr?#WlrQ3~xC1rm9dMaFGBo;}mAm%rMTx%TnRoEL6kQZJ0sDqr8_c|&JkHQ?g%r(B^
zx;KG&2yT?GUp7O}u5}U8Ydg#W&GDw=Vttov)a4KZ%2YAZkj-ExV5gKAFem~knh}A3
zZ=D27)|~Z5F%Q`*?AEFSpp!e$(*-v5D*HY;=N?@Nq@mb0$;CeE4z#!jD|IK~8_^&P
zrJ_d;4QBCYBVq|(ZkLU%;UT$5z(YbI>Y*f?f>=jzQT5Il3$v8GE_Q(A}K)9
zS)gCH3;x!<9-!AJ%-9SWYiqk>2
zV`Jk1=T>Vv$)z)upvhKy_Nqf_0+)6MywLp+?lNjb!eeVLeo=-rKe=>yq2I_0PrAgi
z9MgGsC{5%)TfuwYw~mAge3bK{NOPQWS3^1_FA$H1I8p8h^!2h}Z{C_Js`oC7(
zORj&0zclbKhuCar<~6y)A7v=IJl#;7em+
z;qlSO$b|=C&D72~<tizMB6Q<|h6D<=UDe_4o*kgIAZ-3O4@CYsE`8
z?YmI=a2#*(*rlnU4~B~i5Fa@zuL4ZD>{ydkR9Xro>@QQkgiW!aCNcm
z4+)dE>2LHlo&=fOG30E=EUe=H~*wA8K&=
zL}B%0Q^CCjWwRy$3WnS~(}7w>mK8>;l?FGmtKWujR43_twd4Cralfc@u8K#YI8QPZ
z^IEw#$-Rl=T%y=!X|^bAySTvoJJ_)`qcwcjynou1E-d8uFF61udC-w97je$a~k@Dh-SfL><=EMH^S7WHG2
zj#csJx4*HIqPk2>UG&rcf{9)>=g?^lLCvrGA@ui|Uy>Fgz5iHAL4qjyoyVe;C6~rP
z#51=xKoVBrC%JD{&0QjuapyF*oYM70-RQn#fqz>|1xJK$-k&zM$86XUx!J?lbDOri
z@t)UrKQFU=iR@E2h?JUG?HUXmq9|h@)!Ct2k<-Nq8zAJhPL>&!HVvPzH{egxQ?~oA
zz?59c6lb%4eZt9w%jee=%d@ZH6rFU&%gGemiUX@Vq={QU!3#3)tZ4^0tjpD?T_i-WuO#Gx-oxA4|
z)7{q4%Sg4U@2T8_7Hec
zj}F(@cJ@#(1m_AC%FIz7lt96!MNk~ZdMnM!6`)d0eN||uQ&C0gxP8HKwI@}}%iRRU
z@QrW59;bt8W1n1FR~&K)M2~g0R+HLZS^C3c0E}x(^59F)9(sGbdvvYE3R*6n$e_6W
zh{o0k79F_)!xbb>8Ys*7(iW)JV(nx4HjWC5`D&TN@wp2N{e2Ryer1Q)
zEb6Q5C*#pc2wPw&4!M>d*>~oC4tPC}^;Co@&X|d#4|dr@OJTC@$RuZaVb;_TZ^($S
z#f?VF#r)SNN@986e)+F!cF#Bws@!`9fQTL`ka;BD$j?$zZla*vQ771Ts2_g#*nj6K
zCGX$AloRm>Ce?|=oREYoR^;X<6k%Dy*>99oGoJJVI7w_p%K_6Vl>Gq$eJ$toF0hzu
z@`CM|s+|hGc39@D0F9e4x4vd#c-ugd2uBS)-PWt4H3944_eNcn`9mXenna~yAY?=u
z6ft@X-r(Kt8(idF?9&S~?}tc}WPN<{RD^}iGe7b3E!9RvLBxYeK_AD?7Rj0_sfrzR
z5boXCy?>I^bKrhzbP*ZfQxP~H;GM2NcK4+asDJ4yX?8y+ZHasZSmQ2?K$0?g8?x+#
zq=`1A&|v7BXN*z5jePv#=nrM$RMJq8)5HUy{+(Vw90TdkA~bDWZiYT#L^Ga3EVVGm
zWl$5-=-3Y_BKPJZ!r2+GylKpB(#+<6Z_RVi{m4HqmtV&#r!7=}*zc2ta+D*%U68Cb
zHG@sp%vSw_KW`ghI{#M+N#?nq0VRXzYg%+74mH)}!JKIGrfCD4892w<(wesOd16_j
zk1D=>rpGgI*I1V-T3}C~{I<{VDyzG;h5LId)INA7{5U8j&u#+Ap8gm{=u?0#P5yhX
zO)*1xBF62>8)A_%nCVo5Z!ss`LGto*0$?;&`|AC+SR!DH5%^v+<2gbR{-OaGr2s_T5&+%ljZZRE7^skEh#Co=*FQ7(ML(
zFMgCAs`I<>O!vhk6dKGrnyw?DNGhPt=5<+*hrb(swV%!`qq99O;E6
zLr;`O1O;8d7Jm#0Tnt?CMT?B8d(jeC!f;lQL4&XK@U(u0J{9sxNgO#m}
za;0Y>D~J{#Xpwf}AV<6Kn(!mjip3C?d-=kpSV{QXhvt^JnjX1EG5
zikBwib-Tw^A;|HBwZOK}yTiwRU_?WlA^+9_q~SJU#GAH#Ub;xj)0Ws>NqT%j#IWT1
zF~eqWe7AF`YD44CsUC+dJB!smSwZA2=U!-<%!0$$6>MizudReDdXZ^cCk5SddD;h8
zt&rbDKXD1=SQqjsI%gZrFg#mqS0-6x@N3$dohF?R2K$C{ruhJ5wS1b@lVHdrFF|bF2i{hI+Xqa+Q$7|QnGpwB&H;K0-*F&OzFd*epvF(
zvo%v7_GUS}CS#0hV6IRkzVo@PpCwJqeWJRKAQ8EiAdD#zUHPLpZfHu9I~>xUkkeTg
zo~kZ))F5=dGXG`!V0cyPRvc|VGZfTdsaF>3Y_GqPNo>j{k){4!^A*xY)N{j1G9~|b
z*h6ZsM&jo4;N17zY7s1ByZnvD-1C$xnnz)nQuVKl>OGDc(uzYsUS^ZlzAQ}lckH)c
z7M^}SdF(-zU4!PcKsMQ@GFmUS2lnJ5qTG|n+WF4-CMb(DA7GR!bRxoz$=M7yvXv>?P9$=O`1WMFaCN1M+7{-xN(9In3|^ru=o
z^pcmKw9%C~iN~pbr4x?v;=BV`g+j6?j&iAnd&Z|j_L~8>c@OcHk~yu3A{VO3geGer
zO`tOz2Uk+b*U?8i*W|M5_0i>7byXRiU#=v#!s%Okz7zI#_DB^(KUk2aP3_c_F`xgO
zrl-Zs)B-v~slf)zd@saWn+zqkZ$a41&)Y<#`Wf
zu#_WC{Fic!m&HR-;>9
ziESY>G=-SndaU~>*nWk{V?4VFlmNZoo}U?`wt>gwU+c-9bxRnTT3a#ZZhml1vl>1t
z8nHvp-+vvXAIlO0`sNT&Q1IMccAGq(-22`?%b$4!9)<{2kei8QkvUD!h_ZHdhbNt4
z9u`zTPSt(fy-q{J%11)dr;pK)Jcc4HI>_u=V(c4-ZTSbM?Exz_8817CNqoaD?nc^H
zSpq`9aM~hQI5rL4xG6_^d~E5<`qH#RdHL5>5K)z;t8F~(kXPH~=5kYpmNY%RmmH*u
zFU6nH^k@v)$KwC}@HCEE@)=D4zNO4hV$?%Cj~2@a^>`MOSm2FMaM~bW=n3%9aZnvr
z@@r&
z0cS$lF1NOYqC&?n06)$^7M+783ft>jvtVGeC@0l&YOsj@4R$+~(AR8Tx(C)zd*z^m
zha9))po2dWFEc2U%$hm&^4Nc*Dz8R}hAkVCF4y&4NfIx&;xsR;ITAcamT1ow9cWQ>
z?YY%-Rthgxf1l+mN{YTk&U-3oU=~P-u4mKchbP#qmFSn}rKzk~ob&aW&jf1cHSy({~E;ql#Tyyrq
zjV*E^a#D?P`?RL1SbG~+no)xeWma6;JOqm=wKBP95{CjGAb54Ava_?3g)yfO3YBax
zDT15oE1;v`S71r`%LraJ)~jSQp0;#zTuZHh3RK#$TiL+=~KivwDU;*#t>QvM
zSF5d!No4>}NmpmoOY)~mL8|YKZTLUz*%kiK`p*4W?(&b;?mo>Y`HG?0$Nsf6Ub-b_
zbYSv7b9*2%Ux?<>TVmEc&wer?c${erfmGfIjkoTX28&W9O#Y$;;x_y3HD)QsX06$&
zV;R~KKXEU=4_lG4s%#n>Rji&T!+I(OkN`6zV@>Jpt|<5FUD@aA{70gk>p
zAp0wL_iE}z+|}!KWD!pK`|K0)2Jwm_)a#eTcO$R*Tpdseo#~rmY33+CvO88
zT#V1mcW)KdUj(S~m&@ZeFHEWhaS?Uhy}R%s&2cgp%C|bV=_4Xn(NC!z{5oYlDSw>$
ztxId=%N+5Pf+aH2M*kf&q#$l>K5SS{4U5MGFZb!F?qPKb6!O!?_5Gbn2x@0^qNKH|HE8jG&Nu!S=1b>$W($?Kt?81D
z*rx|jbJ9oF^Dl*4h)x?A%CA1_33a)Bl^ZJh>ZSR{t);5^IYXY_o-+T6V)vm}LURfB
zbze752{d3Ak~du_xo7#scGLKrk5Lz4xDCCsYO)EJkaaO`G3?S-q>Y#ue1vDExqKJ2
z_`VWk39&bz2s&i03m&ENX{W1urEr#6s<6i>f=3ZEN9Q(W)}IiHnoez}UT@v*7D~Pw
zIsvjbrm3o7MMK~%>`HAc!!T{ui_47;QZTQ%#thj@f1!JhI*D$?fr<5<5srMM2%k_xCm8L7OyC9eCq-w(`lFA{GsjKkUygoP*KiL9J8e2BleZ87?Toiv-bD|w
zHJRii6GUK
zF0>|D^#eLmZh#-&(dyIB=yXW}`Dv|&SAMoP_U*%azm=TS^Yw^x@;j7Ybu`b&RhEyK
zG<+h#_+3H)54E2Yjaj9E*w-#kX8OI_7G$(3k>0b4%8q-i3z$Kf6vPvorCh)z%4#eW
z3?4M(sqsyWMGmx){%-t}F-5z$-rQrUK`7v0abPg7Q25aY^*Ot3b**!r=BKX$yaR<7
zj8^~-FF}kMs9u4sIJc`q&N%e;?SB-40PWCm)tw39wX_gYZ@bKaVE%;l`N;R9{>4o+
z71+`X&PciiqD>Jz0&*|ewB>TI0beQYd&lA?22;7c*+(#2q+h@JwN?n?^w
zF}*^ClFT)0pR0P)m^cG%>JukcP4rh&iv89wE((G8*^d&T)uR|k`DQrdMxTcE%V{-C
zk732ci5r4GB%wZZeOPJTcXS^jmVVDM{W$zqhyUQJ;+|GKjcfW!r2;DFL9OjIm&6@`
z0!0=Fzk95N;}gGiB@$}qwdIa~+Wu1J19ZZ-G7)1K-woeE9p|(7)w=Eb{*$jkXU={O
zq7~VE?!PI5KdzOxcJ#q&k~bGsmIvw=hOBDrj!0zfeJfw_ZA>PD-VJEwQqER!uCxzc
z_PR%PKke7E*5mD7tP&+~njAJuL`FlGTs^){{mB&S2Qoi92|e2x&&t~UBqb$9FE|)g
zXvjy#E1@9xkUZDR`@+SkaT>m@5;^>n(_|+-WX*D@F@2cs<>0_T!`71U-%zJr%ZX&y
zHfxEw5i6g6GoPU@n4X9ZjX;?%NeU6PyWE2H>$1Q@AOPR!@LfpCuP(?rqumTL^Jj8$
zlg!yI#qyu~WSvhQR$Fdi0r(r6pMv84Vm-s}?*a4*t(abce<7g?H40Lpo>Q?;IZ%%P
zX}Om@e-Yvv78(4vsN^BF@BYsvn4+f_LKA=XV%F*S(aI{q`+QO=F5@)~E19~U2W{Y3
z8ly&wNp%h9`n!-9;_@V@6ewXzw~o^&&%aW^+wNG!JWoT1IYVOB-_i8MpG-RF^WG(dJ-GGD-tAjBq@v
ztqHGO0#FQKwE#la;X2+!i`6mMiaHVMO``7}b-V8cF_P2Vb}M({B#B?JdN*f_h8HHk
zb9F4lCcH8jdxX05P157;g7rxjV$sChL`7OD9N%bP$SvIbKnu&eIAshPtlBgY~O@5ep6dAKxhghOv+qXrsZL>~Q7^Ryv^blutnKg&QP-o8HLDb-D^xP*QM
zUqXvw`>Lh(9xoncjQ>2QxEWAhq-;TNZaU-&?iYRZVt1jts-k>jNndL)%MG?(N$N)7
z^Ig=+?XgId;}Y(fCS;bkUbtx6*1IYUUeOkc&bOti1?eqz!mwHrUeTT_qyLbu-3P
zfg*3lHm}QPN)Z>#ZJ=fVl8uk^VD6jn{RX2!K#e-fPP34HFYx%YPL_!DW;-H$bB@&<
z>;y5Rsoa;Um}&)5oQ+Xzrp%NqaGkx-+l6(X+0|UT%t#!HlC;~%$#7L54ul(QX%$A9
zsshCL-NF$zkJVPsqfA(JWO~m<4w3$j%Bku%?-lgX34PNd5f#;YS?Uo?fM$J>?jfps
zjH|?i7UV{E?L}l?Ve53xcx9^X=76J?o@c_*4yEDIx)fs>{EgrTP#PjTLHHymn9A2O
zKm_8MNLdqEk?DVbbD6b)l;C12bW!%Y%1zh0RBiIo&)=?B6|RTM;6-%}Fhx~Di&bCo
zxbON_{pdBvbL5|FQ+k8Cqwk1#ywodMWKQ@)zg)%f@*LMLGJ`G#=p8bbs%~URSuQ5r
zBYajii7bXsA%f=|w%^UO!Cg*v=dw%&Zk`??+Oyl%a72m;Pep2)u&d0Sc$&HRj=MTV
z@5RbYW*bX1SC7ddTF<=eQjQQ6rys`9znYQ$wGtfLfe&}Yxy(JTJ{#L=tBvWJ>W|3t
zt-Snx@+7<(8KK^6dXu>FT*@o*Wmi`h8%v+7E(VGE0z;Dv2TsOzHxuVTx@ZIr^(HvQ
zL~;Df&%!mMA$2x0HAxJ@9mjO??X^jc^FExz{DkLftRsF*(CX`~a#PTq-%AFa1Q{qd
zwK3_O;`qBW)y?7VKh@32PP%k8>BA0Bez-l5XSqtsx2+!L@bDAO`42Uv%&|cq?3j(6
z^@)PtDv!KBYII^v+^cEuSQ!1_Czi#*xI=VgwB03d3cNTpq$(+DaAHj%Nf~L(5BUkW
zw7+%_$%M4@>}CMgn=A=az~;(d9(V`~^wJzu7I!#I>%7-lk8VyI>icwiYvPe~^K99f
zB8PWttU3Tzv)OZbvlVB+HY4Fw%hAKouBO2jGd#*H`eea0UWmoS#5X7$$6&E=Fg;U7
z@+URY@!dGe(G&>FCF1gr6}uU%%b#s?KCoTLBF2`;?;d$lHU^?cSr9T@(QXnKDHi5W1#kYZy&9DWLyXPDSwHFy=&@Gj(bQ4yFo3WJf*J?mv^6#|Z)+}QiVd9tGm`E-?N=bi
zXazhiLx3c+eNj@FPdeKw@E7J{y(7|`CH$xaS}zqIS9PC(o7`7`P|AB{-$NqMk(s4G
z++Hi(FM_nY9u+&a_ITayzWquLE>CXpZnRrS(kiddC`}Fn6DvI+P>rV
z*3Gl$eseP
z#f%xEe|);zo(^lYzqSb)%f5Vx;AxA_JyySHf17&5a@K^#u%X@j%O2Nd^7ss*eK-h_v<
zpRO`S9(giuSFA;zxAe4?*qWW-q9zsq$zpU;2Ik)v7+^Hef-<`!h!LpNp0-A3_(}D%
zM8AqEDRWPx+P_SRctlenw`i>shBe)3bl>{XR)qY_R-;7j(I~d^bqxqTzHD`m#;+N0
zng5Nj%=CEMGa%GIkC=`-4_0rvgjeaJH!oe`yR-G2WPwf(y^3vTytBCYk`mM@jPBI(
z@swI`-$k@HRdUiTveiIY`ub|_-S3pe;eq@QXOh0>?YSjm)ht2XV#aQEAu(~7mMd*y
zflWfPONsvJw+62YOk+u~(mAi4>5hYaBbB!JE~Wxd*es-$y(EuBX;@;!!;L6vRlnEg
zs$yqyC+Iqy1#GZ~11+;M1b2aMPUh^gkD=O{OU}Q-nJf9JI$Xe1mO3s3Oq3!cg+$*e
z)dqCBbRo%72E!|_Rxi1wxS;E|GHBRHFD9$Rl~0Bz-${cxV{xVfGB)yen%3mPlF6K;
zM6UW0*pHd-Rs#g&s0=Kjlx>ZNbd;+^sT0CI`DHG>IuEAW*ss;^QI`|*DZ5|2P1l+g
zAD&a)-IIkjC0H+BJeq4eWvAtXd|F>2+r1sGGkH>fYUb-sFYE21*pmA#CzmvF#>(Bn;A=p;~ZU+|b_n2`RxDJfP
z`ZgdNAjO=RqN^EeV)W^^-SH!pwoYEG?`;S>;Zyj7xgJI2ZU8SAZRyMB_>UN!CCWf-IRFLaI$vDN;#2wII1Q7RPuew9BG{dehBkb_#4
zKgxa}BCcE>s|#M-6UaquX+3|=hL}(P=l_|EH}WGhS?v`4;qszxRwSk+wLs8W<4EYL
zR*0fH4khl?%4{V3{L>D{`z;5
z0_TSB2ofzqa@#F-0{MdClYqA@kdj+gHb4m#khtS&1g}XcTz;NVEOHD-SgHT$El#g5
zzG}M!8!%}I{*Y*Y%|m)TIR&M??#v%4L$${sCv9-tDst1#JlCH^!=zT2P%_h#pF+n0C(~sLGDwvASWq_Gvr?>LS0$BObCq
zzQb$Md6$h%m5C4{y;$bwGy%y^3QUy3X|M2}BYEQvE0(2Z=IVfM(HXMroSp#?F|pv+
zNJlD=xtE7;`$MMhc@)f=LGz~wlJGrnjjo7-LXhv%72tgXk6092V#BVx!cs{NiRYeO
zm);ECwFSdq_mLw3scQ|5SQOOPjSnSsddBHv2rSvMs7g!nH9Hl
z;F-XXHk)tKP%Q0y_YFH)mr5(-Lig|n0^PoPlizdYFML?nzU{LTtsyU9gkw9}ee`{2
zo0q6}O!!caYQpYLsohkrmu3F!tf6ir*g2DUrgZL8KeXbc*PAG#dvMs^tTJOiUv|aX
zLNzEV$FebWIHSN969iRWz_{j9E={DhP5y4;7a5#%_Sxl5NMBV|7?!K)18F;FttXGq
zrS!@Uvl`_6_BJ67P!7b3P@by?sfX#fw!*klIzLzO=h=zE~fs3SkFK`?qAimqL0s
zSNXSgUo(Wp#(q6dl}bFVy>n|hwWe^=U+UQ(U0g5Q*?SP96@EC=uku)UmQe@0mV7M9
ze^;D8UGIA01!pVDgyl9CWPo1A-|T-@wC$Et;@>3|`HB48kUKv(Ggu-&4maz#Rq%ZX
z%Th+%yyZrAD10evhOelOPr#JUhDzEu_i|`R-)C+}^WPp{;Wxo7eIZK&ze-I^-7_h4
zd3hi1-R@60=q0q7+;fC34Bp)7`}QXa{XmD9%(X#Ic5OHy=BfwnPLdSkt)6~FRH-sM
zXpoISvB2H?A7P103=#j<0uXT`6LwlKuMyxY&Q0J}KS?0|8w!O%YG@bbA?~`*pxpYO
zrIb)d2R3r+9n*__lGA378#cEux-bJM3VgG&<~o0LUwPaj?
z&WSmEp7Lt-=;_Y@@kfNVI?#^PgpYlNrTk&!_MQO&NsA*-Y?04f?iU~BcI=XgG>Exi
z>g%va+BvZ>Y##M;HKIxe5eckCNu&!D&QiElUots02)>OQe=Xo}-#coxKCpG>R&Dgr
z9g~(x0_z)O;>cfF5YxYS=R`Hd+mkdp=7*^#oq9jvS(KjZeUkr_7x~D@K!-|0yg0@&
z;2!AB|0F#8_#v3YWTY))N*v5~j*XhLT?JcQ9AHk)!AApMku$Qc;Cp&DTQQtlyUvG|
z-6cB;;jz^5(e?Aex0P#Y8gH?b-d4v<;M*b4ZSTFToO>N+zc9F`E8F(mf+nxZ+b*@J
zI|lS~;E2)Ji*=Fsu^on|ejD
z^FVdve(3OUAe5%jdd|ok2Hza)AG%&Hq;tJP8B*3Zlznd@+NzU~x^5@%_ND7YN0gPj
zVuXFa+2+ge*7AWLb}HPT5%Nh5wGWOQKs&8I290%&Fg+3t$B+cGX#4;@a6iR1dk;s9
zU;i?!8lyp@>J;mYK+1W*5nSeeDH^fDb6lRg!QQ3_{BJ^}#i=&y-ATHy=I9}2eNX7!
zyoY+N&=ik5D8!nS3CP05`R9oRx=A+Qy-YQ9=?M2Y^fYA2Y8FQ>to^7;TCdpgV|pZc
zeJqkZuqS|uRry&8H^CkJgPSs}EnHN57Uj+mkb=_%kNby%Q|t*;;Muld-aa8x;wxJXDbN+Qk5oj0{}6p7J#%noA2RY8j~wW5cE=}~k^<|H6=D$+=$i1NS@moS
zE#RBEs7RJjbij~ueZb5B;+#BWd2@?hw0P)=CJf3)9?z!HtVY3TZd>B&kO%yuqin~s
z$Isx%L8)OSVA#cK{&Mn`k;qF@qgO6dWml1#Fwt1|z{+qB?<(RZ;3<`}QhU-;&CHd#
zhJ$@Tq&_9h`6_-JOlVh;W)V`V)VS+=|8p2T#1q^kj4LYN#Rdo`LOt
zarmxgc)ofM?^w7)40uDiSixWj6O#n#H)JR5FG#r?!5rJ}2VM}yrwJ3FvERA=u^sL~
zz_ypQ&a@G|_rC;6Z%)9ah^;f>FOJxtKY$)vL{fU*Tl&PVyCOaBbZE8qwIkw%XzN)Yf}*%@UAbjf4mNY3o1J`+
z{lQ#Y;1wFSq}N*ylB2xieOEQ0hd@adNw$gVTPsn%`a|!d`nv`e@MvGG_WZS@JVQc^
zgv(jG)8-)Zcl8#bEy5993D=Yz4LhYU%c#x?OaFcfBw&P~TRMu-LunYKrLy>e5BE2r
ziq6ho+h8b!C$59XN#|H9_W2)#)yO#e5Bz=>L;C+p{{DZ0zyC!|@h&8kAP2miboQ3YpSjW}&tWk4y1Cz|7}xJjzj||rkl*b%h2-OLwy5$^
z(dmNl$brrmsCcno>NkO&RV=IKKN6HlqJJn|Yd+5T92S60U4zTotyb4arhrAwV6{2E
zklAjJkON6|xR&z)LE9$4jw?^DzbIU5(Ir;|uwNNaD3esM;QBJ3M31#T&Dp*rwb1^i
z&NOVWgf*(EY3fKyLH&=i2-&pE^1~#n>I~k4!Yiwz)N_$HSWUJyvh!0*QWtM>Ye5oW
zohv5oNs*2Uei_=5xO(0WOJ9~w`nKGx7Bi{0Z5=+?G@o1;>GW6WPFK0bpmFc;aadFW
zR9m@b>RoC!$JlXeY*G%r^6zc)TZ{HcL5NBk1>N5BUnCTAG1a&e>8Jzt#GJndf+HxP
zT$Z2$xYgdcuIxgB(9KZ&F|Uxj;*}PQ_OJdx)cq%j(}C*6>R=>QnS_t;MgPKwjqJz;
z#pk$-o&z-*2D&Wy4ldR@M5BmFQ^6US6ogB_EoD0Nq{>!re9`k)HA>WhFI+4@PjxEp
zK@v&u!@}#}YRVAAx%qRS|5C@yF(OQ){5I|U=EzPZNgLr_t9SD9*eGRu(_GxliB+p(_F_ELDkpE?@HnX$=3p3kq&M2c
zW1T~z0uUwrsd(S&W6fBfY)2oo;F!44wA)7PT9aEAZWAM1r|Qu`GTI;dT=!VjBZpTj
z(!MqOP^wFWD8|+-&Qq}on8Vx~5wnV?)KHk$9=hSFo%evSrC*`#`%x-j3ei&f{)87y
z!-QSGAo{b=cr~(i^PTpuY3vkYu8iKazU=88YTvWtE2or
zynGfP3<)$281Gc%$f8rYZ-v>4{Q^s=#i6mbhkIK7a+z0I{9LK6IAzjN!@Qa^52*M+
zX#bKl>);Ve^}~vl6%}$$Uf`Mjc|oJ9PqN$A#-9I!l*lXA>XcHh4^F;;<*cPKhQz4hsgW~2RgI*MT9m6puW{Xxf8Tzz$=Ey=|>^uUrK=Z{OMXf^p~^gce?%|Dw@
z=Nd|%tkg@;cNzllC${pP2S=tCH%u+|(K%vPlj%~sTiFpX?k{o*4z+_O6@LPyCFF9J
z51+jJm!>0!o<+`qg2(kjb=+03_5do#c!4QEK~@I1nus8f8sWtN)T%DN6p?1`r8OzR
zY?^A$i|31-#bLq&M$cRQ*29}QI6sgS;NGK~k5tUrW-guAkh3pL8(T@MthWHT+kD79
zVV-#^wg6wM&doptN&@P(Idpqva9^BD`AY!psFuu1h{j3O
z$ZeKfT4jV5SX8K9}$dymSy=f|MQW5On;MX$eccWnRJ~hMP9EI_0(->6|Ncb85u#3tc8ze%{$Je+QHNz4r
z-*A$v_Gw+*m&a@0J^SIQz|a0@qz4rupx@V+iyyAQz>T>qU;fR&he`8Qf1YjN!h7M-_Hf=_!s
zZHS1D+ojg`A(|pxmxf^5@5M6wu1C4qt5TM7Stlz_+-Hn44%hFzQ}KVWl8yB}d7=y3
zx2m+|memo#BK3)_EsOd#Qja=BdlKQjZv$x&-rRtEa(JLy(asNDtP!1aZc4N|YND9V
zYtrp*B6+h5T5p*Uf-#fLO5;ZC@DFF#;*sJ7YAA;bnlw?eQ(^!zaMmgl^W&?#1yzxK
zI3rv$u1f~A3twA_^XKX2KNy-nNy;~N_eYb?I4cRrcQTbYBPXQlttObP`fi1)W@lbd=G{U!9^j-j_SQ^J{UK`gX)
z4!QRma1dKXzRXoc*Yp+_&h}xCbq<7{PoKv+s9WuyN=U!*4JFVkc15HAvq_%5{o4I5
zgMDf6IWv2+u17@N6te;I=C)>W?ZpX~P@hro&%W79o(l)ZC!CtA-#J^zAek5aA*a6f
z3RDk$#|O9Zd{#PqXx#lUBsNdm=7@?n+w8q7Mny2neQYSjQt40Z(!CGdRv|}|n#Adk%s&4lk7A9@LF~(c
zCst{vsX3f3874L-r`+hlaX4Ejn{&|Lj_GFi#6_Od6{p7Oj84T%R1YgrkXvaXSa@mg
z8L(-<@;?28iSF(yjF#A=uY(%)9_DXui!s<)>`~ttKR7Y2WP
zBh55OUb))R=GVp@P@4b-6^Hxp;S0CdKl$YckbbhY7~3qXFPHL8@1e{ue*Blk==8#^
z>hK?k&V+TT
zyT7d6%q=n_og<#dLmbt;ajBN#ljuo@XscA^X*hnD*ORre0ae=WB)&d3ZYWIhV~|7*
zV796qPb~w-i42j1^4({HulVvU3c4#eYGRqXBdp(Ti8qFlIG0S$)_ou|?MBA)JB*a$
z?WY?JP0WF{i#zy0P6JzT6)MJI>g!)41%;cl0|;FyKY)1Xm&?bR@rZ~`%B;Ex3lI@=
zHc#~4L^4}drWH@dSHW}v+ubqixJT{qNS0d>$`gYh``dzE$dSsv4U3jz=k7&?ja4
zCL8FO`zdF~gE-nVx15W&+@rAeTCi=A$tXd^k1iS(QMVn+l6S;z2t3
zlcYp3XRNxXL9G+`c(oeEN?DQOc)GjN8hbwH2|+5gzj#q7l~wV6$G8lH-x
zN3?g-eX!_pbJqn3)1wOD%&e>|thDSznLwyD9a5zW@r!SO@`U_1^{AV^w;m2C$}!(?
z13Z1oxZ^HcDiz=+iY8e6nsLL>imsxb{9N(-Uaw);c9Dae5OL9fM$Rlq@Q?HSJN>`6
ziTeKwTM?OAr!BWvc&;@MU_sBESjscEw^~Y^AwaWP>WNYKl+>|?x#8>xgt)@f1Or*0
zN!9)5`dLb3ftPo&9dh$9?{U7Q*`|aEjc@K}ruKdYH_~v+!+b~kqv?G
zPRqB0o_c%@lg$IPxNbsuSAPhU?f{8wOJ%8u=4}d1S+ORy^$ouK9BIagtTTDuuLEaq
z8mHat&lc+;zCF6yGVyB?_Yw3Xue{0S7Ie>F`WV>kpPDrO1aDW!dRYTj)n9AwT9^CX
zY~4Pz5;waWhnX$cL{qu*M_*76`dj~^Hl2LET02rZ<*HYEKzelM{R_-D30Mk%OET|*
z$89n_9LP>GjIpL0zYEV!NkMeN}Ig#GNvHj-ugkjJeIAa-;=MZ*4p
z?x9jn+mn(07kIOCIU1cx`S!NK448~TC(O16F)u_Upee1rWNb%!A*)h^Kg6Il45Xkk
zbXQo6S;*z21Vk_@W+Xq_;bF0*^dTcujk%0`Y`V{xAdvH8YmK0%@f&DWHnkyr2or&J
zFNp)z_+NIhy7hNXpC)8YYaw$wA+147$+QorW0l-Ms=e>?!>`AQ@*nCjO4D58W32gzrd-Fx~Wxr+A^X&Z%I
z=8}OsV6{)OWRFWi_dpgfzxiJ?7pJt?+m>ri#0K@W2+n6qeNnW;k?z~3cq>#NG87S7
z;D`q?pVvT;xF^>G#AKXRlm5HNlYE_mU?b{Z2OB)(CL(&Sfud6IoC($)gqk$mg2z*K
z>ihLSZK9IOfJ7Ovu%nilaRO`q1(npH`PzN>5wb_q*nRzw0UfPau>B@8EZs@h_S{67
zOa@q@FMB|0Wh0!PpPVuTHxQshlQg_s#VNl;TDBFTO$mfe>;-9hY4{U(;I-Wd9pP_M
zN9m2IILYr)T~a{JQPSc@^n1_FnA!3op&z>y01{vpXWCE62S|xoFz?@8#|bfX(DZF!bLQ(4m-FKGvSCHxKW{E
z@Ak)cUaUf3Fv=Q#bRo=-7>P|*`;;O0>AlzIaW1({TUz``3JSyvIFbv+Dh2`O0`2Nd
zm3V&6bn54B*%DFHjjJF0TX^dXi1>^xQc>5=>?rD~7TvTere}y2$>qc}qZNipPp$K^
zn$?_?)IDOW@xYQgI@ys~f=V0}^ISI^?2Dp2HIrhXL*8O3i$Jx2hm5&V83@;%;EZ&E
zFrfe;klR1&hkcF(={pg1am`CpC6$Ic)soDf(wfnmQ~Xz4x6WSe8Q1IIi3_#l##ItZ
z#x7Y)3lWB;g>(4A3$EJXEz3T?-K8}KSG)+ex*I^A$=Q1vUidLrkq!7*)5ha>y1SIM
zqmSLHwC!XIY{Z{UyPSz{Nlw=|QuF9exI6K-pNR}!$_qk1g5dK#vF=o|K+m0?5ToKw
z^<<~-CQ%%YRq^*4lS^+l6k9-gxpatJL|iZrU=HFwy7r_Un$HE@pBU4ZX3+@zaH+KV
z3CgS_kY2r~$4oXH?aFtYSwGS#bJ=aoci^dfIZ5s(-zYAt5TL}-ud6Jv`Rzrali7F!
z$EV?*i$8EHSt9(vYnk1xXEGW9s$?%ssXk+*%krnD`A77-^DwriN5gf-tBQ3+y2F>k
z7$*I?bqSvn*oT{ZLa*q8oO2(6*yO_B7JYWOyzs)-K-{Qkd@9rtQI*6~(w#5ZuJ&wA
z;A-N_w-))kK=^&uS-GUI{UOc+ak9x*{-<;U$F3<~;VEYe
znjcig9Eo)y-b1ICImM)N?~3q>B6->Xb>#GI^TU4sh?*zQ^oxg(iFAX+FNFXV0KDY`@)~m9iJR*PjRX~~y{fmcks4H5zAyf{4EULy1w)(A8WXi@Z
zKEG|+;S9LKpNIHI<=86
z>p)~=I?lb`b)MVH-f)S}wH7=0Ivf0mjU+$(o`wz87kWOBM^s@lg7K#1QraC&If}
zF~}vk>?n(G3+@~t=#%HIAPI^P<}%%eB6LC0*{ylbhE+S~wI~)zUn0Wmbu#tZa>IxS
z;D0|Je^!DbY|Z^%iU?$>Msouy%fi1Hb%HP#iNImK)6P4_aI8q7hF633e!rmu$k8yT
z7QoAWFe?a0*FrQ!pY3Z9%fH$O|HQ_Fn)|{i9%#`xP6CpNBzBf)jujp+-U%P4`#tk2
z-j!ZdOSz5?E*;jiAIkq6xNLHPWFp4HUhQ!E=i;56$X;k5yK7@39(6A-;JZW7>*6h6
z&WBknOol+WWzd?q?#DOgMdj><5(jXjI&M@FlMOqi;W_tvghj6#Cxf|Xq%E|%@mu*4
z0;-xxjt<{r+)ikAs_oI8hIk3
z06+~@aI+9X4@UK+lGfv=dP&a5W7k2I#}=zQ7zj-c`sFG)BfrQT9!bq~(U4!bqv+DN
zZpzxd&cs(8yHV7-$HBnQ?TIz%x@I#{&iCeU5u^wc83x#%W^Q=}?|9R?gx{vumiKoe
zF{k*E-4i0|xijick%*s~^x~Ssf%g{?)W~}u#(B4@+@YUbnzL-YHP&=WjZif8SALDmDuGMV7
z9Qk*ebVldvx~;MJ;d3+}2Ik@0yR4+PNccS-fj^`kNEp4j-Z7AQ{!)xo^@Clvp7q$W
zxN%&0cSNa=%KrSbLE%<0$6?MX|Ij9fSNRLIjUSHHKzUG*_<+{jm!(LaIhq=GTO`97
zm%0=vo5g0lQm13+8IRKZIG%g_=M=r|gSXV?@?0!|a(g854KN^T-v{4SR13^;unnX=
z)#^h^!?fn~c-eZT2^PK%?64lpg)Flm1vO)CzmZh(3uLAx9j>xKnwU92v{#%^4l^>d
z)C#k?%V8>stu0`pm2P6?iw9HF+ja$nt=$W3qIfbv49gRV?IK0zR|D8%ymrl6o{hBb{l%sP*75ERTt95%QAwZd}5GiQ@+
zv`eF9_UuEZMROvXSP4%3pv^?s!pnF#NuTZ;oWaqukbv*P8hx>fhVhTmW=
zJlpXRJH+eX4i#YOt+5c0a2r~cLlG7yq&m2OWoBsF{y8|ra9tp~eu~%EN@h(%u8
zi{z;gajcn`=ec9H_pE3%p-*)*9sRRhEd6Cziy_7LZ3m2yoUaN2T4%Ec5s%~60K{iV
z%bYH!BIx`1jYEZ81LPkRHds||?7gYf%~-`fP&2vB`1z|hr!~EPQ2Qn->o}b+X#s%r
zfG6~ryJNOGBVmCGM8stBECLuBed`^q&Y!AE5)BAp9?Y&Cn%`b9pwRQiu}i1Z7%DdAVMj?QG`&PzgwRMw%Y5|MOg6YT&M$S&)*XMo=_7hw=Jto
z6@gk^&DDOddbl-z!*_CZS&@@SwP2T*(r6Bie-;r*O7~yEfclt{v=!Cz2>e+8^!dfc
z)JE2qw5XYm&>mok_zzfBH=gUh7ZcSb76Xcah96^lzttNHI?}ZSsg}2kj^B?x$8k*K
z65)HZtiEi{$zWx9z#s4maH=>=PKlctjxc5QEJfA{i*1j%$jpfOq6z`xQLDb!=x0g6
zNpoLrp}KIw=IcPFS<|~6q3lJIyT;$;!F~IGLfBJZpKWS{&RCtUPmX$MFA*kD{jKZ^
z=_K3W+*3W=ypot1WXQ-JF_)OQcGL{r&qq>7m|q6LC%bzAe4r|P*>lQe=>u9&*2Z+g
zAo88(+jHbfZjh{0pZW~Q>l8&$vpLy;6|p}X-!u`qiX4>}eKd_*v7Tea*_p@pc_;(;
zHh7j=8aOR*W@T1fi8X|MI%H`FYyh9xH1@dyv!=$Jp!Ns6-*b^n$lpQ7(MV1*tzagv
zz}LtUYVPYO_}uwnZj^$`G&d;*5!EKZT`3%2Y1ajc80e~c&Om~8lnwjxxoe4fzI-=V
zTiqY;$U>tc8+rK~IX>!N!G->K@h^?8MP(I+0uGHnjbOS?i)xK{6f3GcfGL!#2uCgE
z!1Ov;#!jLTDn19l0evhlZN#^LuTYsDt=-+m9H=z7@Qh$_KweOYHG}Vgbx3$=
zu>$4N8tn<$&EGUROeu9W*X%nBr`Hn($j-!VPtSsvLLlZgOVM{GrU6#0*oxu&1j#q#
zG@693*vMZ-h1CFBh*7nxsHiWS+Tm6e<)FoQpX0yeKaGUgPq-Qju`}3l1ai0k0tSH!
zq~_|(QmkX?`D-y10h04?Q})uEhdj~C&k|YYX31;l4LRTXbV`0TO6nVQ3fiy9&y-^v
zLD%#Hev*x^oZbr_D?IqFnjfovBIp^fSlhY0uK|DAzRIGDe=RqSk=!;Iec758H+ss~
zi-?!x+(0L~<2?Q!RaQNaNykLIK_OdV0yH7;{9z?7O@R9RoprMTw
z#;e_geLM9DxWtetQvKc$KaZf~XQ54}zHbHlSq5&AJ-i|mR>9~58ef)8(;@i)iA|vF
z8US2Za3nAPGV=rz0i^8$0~jrPZ+b!?9Z*(`AZ7%1^K6blvdRN=vqa}B8ajsh^02Rk
z3kq~fO^OR0w!@-*O*|M+#^dNBZMnUM^+AWRty!tXB{>Xn;Q2X>f~ObBMd9ho<6(A`
zGW?vR+*~*WUzJIzTFV~*lOmRx%w^Zdy<)esv;0@FrPddy<@HfE?E=taQ43kUbIsRk
zz|dQ3GsS3DHnk{Th}XhQ%N1qz(fWE`zhvwOZPE8+KD_Q5_ksOW_H{D`XVHXWS;R^@ue0Q_euFgR=jFfB*JNys$$KX+m|}Tl~IlzZU*_wryY2Banula#!Km>zv4$_3BcvpQp_c
z>z!@lsDF1|`6d6T<44Z9n`CRVkGG3e2R;v~Ln7d^#iZfJa;hW}?wx5Q0YOKe`b@y@j@F^ML&d)n?jsn2%z;9ULp$G%n`2@QOo
zG|etoR9tz}NM@pc9MdtY8)fE;Tw?8%qbFo>gBpo#!9RGQ-L4ReOs`uJQmAvV(#np?
znWo|cqu`+=y^a7toB_~UnYjm@MCAD83e&7z;!kf)uF-txM{-xLceZZPf@K0D^C{a^
z`X^9<%TR~Wz{-PlfeBr412?H&DrjH%Xqb+d?}a>L{VL70E&o8D;`*{l)sh&FC@u7+tTcnv+(&T$_8!&dQh)p_Sm6F{2G%MiRA|mY)WOHoF}7_L+t^H=
zzHm4dORY_Nhk7#fAVacvxl%>^1n0Icjk|cqX#cA>e%MUpg7kA^21ib*tFKv&ax3sa
zUCu~fu0pcwZ>Oh^=z5*qZxLQpUAiRw19Z}e>|6v8o8Vk|S;RjE6ya7>dNF4mb`rm9
zySnAR^s>hrhAfYrTqsm+YjGV2A*J&7a1^OmnQc)v|6K^$UN$}1FARzug_|9I{3`=-
z8|y@CsT}anfS9<3r=;q`RV@s`7WJ!gY-|Q0ui(N|?
znyZ>p&AtXW38FV!UN_lZ8L)rCUNXz@^?q2
z*(b*_mW>&wKq
zh`C=SUVPiDX{;OfEoTKc6)=5DtQN|#=e;19sCV(8Ng}wN`Yh-q*L-z`t_^_YW`<4XO2Sr$RZ>Gd>8|N?7T||8uh5HH^_5QVA`mrh
z+hxHdk%1^hq#nWk`yBnvK5UztVfYU>B9S^#B3pSJe#q>(X3+#G{m=Jer2Aq;XQ%c%sDq*ptsEcamuO@N!t(Etwf6`YP~Sk_7KS
z@T(UE*@JPnH8#FxA%n{WPXceqh>c+#W*37H{_X`y{Z&zJiiGnI@3&4#xg5j2ZG?>!
z6#O_ud*8qzm=0Q|0tj9Cv8M(XlAdP?O5g}45=M>lyH9>9X8IYI?%A$OTeFDe_O(p6
zx?5)TxNq*oCu(vEV%l!9EiAyXjk>`w51a9smoG*v$v}|>N1e2y#$KD`E|2@K3#~%u
z(%62g5fNQam#_(XCh$I6`3y0KlI!q^fL8??ASnzDH`G_gsN#T7mbkXT6#;QK~@-bVdBY|qCR
z5Tw+XlVOLvtfaeq-G|Pu6WmuwK9$Z$Rk>tYCxKJ+f_H5DRbd7*Z2noSvOq;B73mKi
zZcIOZpl<1%=aw!4qQWcv48p$f`y`G(jIyR+-eH!zbl@>)bMaV=<1T2kf0SCGVyq5~
z`G?MX^7XtT!=6go_PiI|oNb7dBj!>$r$Hd1bTv!iFY3Yu9g6F`h&rd!$6U8F4yLgU
z7t6{jijnRLK`l*sZ%b=TFlZV@22ILbi<9!&rGTucFxO
zMKj_11@T+uf}lzccm2PQ|wS!CjE1Ra(dBPXw>_5j4!X
zYhfPDJ9q9XtXx*_?jv`7Xw$uE&u|`tPi#euZ-0Fd{D)jNu2pGnoqPJH$}{(#8w5h9
z+(p^3(dfk19r@CcYZQL==5OY)ahpGXIJgaS=9cbXgNWb)@0ny>aLd7cKJl7)tj<2%
zc*O|V0{o?Shg>WZXsug2$prUTlD-`WJgufmOSer7@8FNqhwBoun0?3LlcWw)y*#
zX|AMO?$$hEod(Aog+Y2ON(u^!z--`Ih>0Of+tG#uFZT452y~hS=pgNCUNb)4oENv3
zcI!wd;bTOh6YzoQN=gJEP6?mH(a6m&7-G9EY|Lb4-k2~`J^MP+g&{afz95JUi
z;$pe)6kL@X8IY_TF>mrbmp+%2*bQE==smpLhfQgB>}^mL_j6mm04GZC*>l+J
zUwJ@JU0R$kYwXmJMjjb~20$hD8NI6uod@f8D>aDp*pr2aPe?w_onc3QI1YPQ`U2i6TrKf^g;eSWo
zcS~#7AU3&F+|+I_Ahyq^rhcDtsocJS!BD=~D!^b?SDMP(ZE?ZDeKr(g@Sff}GSsT+
zfsx4VC1C2fDjQMhyS#Cfr3(6C>SA5%Gh_E=;+x$x|J2*e&oV7-{3(0+$DNi5ckKu_Wi&(0NYwHeKTM;|d~g1+!)$#_cI*-ucuWM(&CSdfP^
zYfR-wocyfHd}72g#`Fnqm(H=B!MKkWZg@+V!YC^8YOm-p{;k>-W!91#QvvN
z9rB{~hC}b{6#*7a%x9#WNWOAo=L0n1ElI43jhWStmAF>FkYyBL@)paGvPF~Z^Nbdq
zsbA^MwG%>rPG?>flma*QH_|T8Wipxkd3gJuHqTdY6sV1Ik3=~Kohs)Onk=v?Z7Die
zc4>AS7X5ZP^zLw>bgjj*GpFm#u)}KM`yY9gr7e;Anvcn@sbT6rVJM6|g=jEXm}>1-
z&g-%=;OF1pj6?vl0J019A!#eJr2ZB#kcxSgYB!AMZGN6jqasO-EtNTPQ}Zy*eF==5
zQCitgaE`x$b}+d=@O*FNpwhs`QES)AHJbf@Kc@aa9R&}6z0VE2-=O+}$B)=*u1<2v
z^)qJr=jP0Oba^R*!Jn@a|BPFw3W({j$I6$U1~?=8-v(1tkL
z<_s^*9eNa^kz`l4ro5LtWPlL4Dd(lPzIy+VamIF#=`!;b7kd&}YL00;l-{##E3#oL
zWD(R#G+xs5VfM1e__8#;>-ZNgXK-oL>LXoGV2}afLF4znwRTvq*J1zk>j
zLh(F()ZbH%w|$;Z<8*0^tB5PBI#WHSJz>^Nn&2+({~)Mvx}@r`1S~zql=h9w{q-pB
zzW<`|2!>B@c8cPrUoHO&2=aHvE{-xT5^Uz*YikCZz3EX>73I)h$BhJCZJ
zAFVB}Ema7FP7Y`XqD=a>1aQ7EWJ0_P4ZHf^<9~l*3x_3l6{3dX<(BvmVHY{*eQS>4DMm-9;Z%_*FGBkAI`DIO`y^p=;zv6)!TthYv_UrigdWAY8b
z(RvELX{h_?rq83LvKae#%Im^AL}mBr=N$59R&MFz@eA4ByAt!HAtOp{Vt%FVw7*gp
zy`UkBFN~tLE-bMsFu8U0%Q{WG?Mx4?jBS74mPnn!8D(6ExX5l0HY11AL4uWgTYsG{
zj&mosqP9!wCf09QWyrO&-N_QLxVe!7Riq%xNol8@-ol4q?Yi`UrfJr(hJ=d-9B(w5
z9+vf$+gI;Hkrxn&7w_@ErCCLGP#3dsoO!heVIK{2Xg^{;x#eSQM-g);1f9q|24Rye
ziS(dBwOi(Ns9u{G-mfvP75wqZ#z>Z(b$_EgZS0ati-Jh+Bq%<@-_-BT5WZ)_aznDN
zyX3U0qfVg}CbXjOgRAt^+p|}KQ|fH%7cCSnEtTPf_azTXq(e?
zCbMCSe)_FttD4I=Twp*LC-we|!pzATu09fvku<2wKczy!6q5`?qH9u&X0_)=P4=!b
z3o>8`=^i>hHs2bS{a$97Z)KaYcSUR9L375K#TpSz!7D^~m1kz&=DVCOA!A+MTx+J|
z>V;dhMoA#l5pJ@|t}Ib)U)+eQqJf_k_=09xCFiMej4Ch5qNp?j>Gv)b4jyF^FZHR`
z!4I*m(Xbu?isW74Bb;CuApexoKZ#MQFM49R@Ge0-V$#Hg&Nb8P@u+SD^e_k{Xr;
zGlRaC0XfQvRbS$Y>%Ew9rKJJq7KSO~87`&*
zcVTMsU>Y9Rj~{G{uaJpwHkuKFDIN>(DLUj5B|sED>?@8AHF-|Ac9?FCpQ$>7lJE%<
zKD}IVyuj@Ot4GdwzjJR@Y0}Dfer0OZC|vdxqv7m_iyZQwUs78(ec6U{`?KrIG>0_m
zXw84b#NF)dMCEjPeutm8IiM2kJ>*2?I;{xR;qFI)wDzu@#qdRuda4d*O_Y30A}H>C
z%$v4Q8w1;dKYrNC%u@Aj@T*smwD9;l(DmlMRD#-Q;Om1RkL0u!>%v|bthN6t#j4@3
zNDJSf^WKy*-B@qcGuC@`V^1A4zf+C(X21IB*8RJJ6Xk`i{YIVS`>T&cpx@rx6`p#F-G5_6UlMM-Tk6LK&K>DBDW{ycF%h&SHMJJ&
ztzM-Z{v=rXgk1Sqp|r`IZaJW(Iy6_f&W#kG5uyo&OeE~nFQ`lHhDdzY@HQoN+y}$38MK2-K?D>w
zEQ4>W@g&6BxKLoG)pHJ~TI*H3>4HY{84dO=j`ubx}RS@vz6_AY;sKtPNb9iqP=k
zLu#`s*7FuzFt$EQIX8<8ekoTxe?{0&$v^6Zi^%9z5^5vMv+8Au$onCawT{H-!cZ$u
z{Qhd0rxf?rIor{VO3BY+*ryhB)Oa+szf9v(6Em>5JzJacE3wC&VF(Tmkx^PqM0K38
z(fDQ)b%g{Ai?!xLZ#m1lPt1^s*8R#JgrgeRVVDWpgeE2X_aw3`sB<7j<
z9S-P!pMT|4klUB7Q>4Pm6JMjNQQ8Y8cMs(W1M5*K(c~`zOLh-}h&|uZw@jbK`&Y`*
zn24dcXdy+K;@Kn+6)^FIQqES|FnxsnVZ~Z*Tk>CDcO-m?Td-J%Ct39_&xmE=ikBcM
z-p%P-7b{k0L9fGzv{r(c8m9wCXMW8Bo%2VFri08~FuBS0Zx;pTICW<-Vy>
z1Kyye8u!T6+T6EG_fTnxT+I*?2|w134nHR|d+ozyC7YWnta`*4q}B!vkvXKNhV~JQ
zBhfxZEK!FERrlCJp@R^};I2`V=f^U!!`JXvCa$6sNp+Uok4W%m=Uj{t&MLKRX$UEn
z!8+%&OgIM8k9M5a$%6+uWlrPGekJ=@_(+Lnwg&qu2C6nX9S6KWs}6GBw%!;l+s0F3
z@%(BM2)wO>7+t1Ha|9+sufKK;R^gg+ebvMd-qBIgKFKHhXDGKZvJ
z*Rw7SC(CXX3f8Z2|4NzTa+=C&lcuDc7Q3hgo7&MK?Zoh~`P`s>dC;M}blx3;a3tWp
zOHK57lhyGUkfzBYC7U$3H4$aJVa)K(skcynA+0a;7Z
zz&qN8<@6^IR0{-dDx_$znjyJAEetiMqI4mWZir@THX6O77Y!BM?rT)s|XYSVwZ*;PcZ1=
z>0##buo80q1(ZGy?R2Mhw_{^b924d_4TE90)BjTc*;&HB(+b7W_u1z8WK+H3aHoVq2K
zUZH0xzAn9;#`7&OvfCiJw|rVWJit-hu%-iiy@O!
zQf3WS|1vQgIdn^u1mhu*Zxtm)SAZAb{km}X4ePjz0KO`?U#f{U#aJs
z2~Dm_jm+d+xPwwe)jTnF)!7J|hiF1A?{lYS-MI!z;UvUvyKL)RlW;5Fn=TG;c$ubj
zi+C}W{PAxMWTfVDgUzZxnU%U7HUU*3{
z-qyT*wh+|t>JK$)n>Qq3+kIrWil1~V3JH>qC&OG*HU$M^H1H$5W``G|**YL|;RsZ4
zH}F3KOt5o@xQ|6a!9`Cz%rDTwlO{?3{?QzO#o(W*!>gEK>>@tSB@*(NNeFfp+uOay
z)r-F{!i-cf@|0gW=hzd%#rRG6t6~8LPtv8mw!F8Rwq8EwX>dz-Cy>NH@-oYvt}s;n
z%K1B|*_BNP|Es{U0${1|stKa&1LGkjqN)zW+Di(@4_5+O-ead-c#bW1P8AL
z<~9)v8=oVx8yTP!-ru}T5^?9Z7>kZ<_s;T-mP&mv8hN??#iOVFdc1ejh#M2pt!GSN
zh^Ded!DOynbJql;Go*jT#N`Y%M9$XtO~IO)m1N!6`2j=WsGeWqlvk|k$T
Date: Thu, 5 Nov 2020 09:40:01 -0800
Subject: [PATCH 91/92] updated text

---
 windows/security/threat-protection/TOC.md                 | 2 +-
 .../tvm-zero-day-vulnerabilities.md                       | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 952895dc9c..1d2ce21e5e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -64,8 +64,8 @@
 ##### [Address security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
 ##### [Remediate vulnerabilities](microsoft-defender-atp/tvm-remediation.md)
 ##### [Exceptions for security recommendations](microsoft-defender-atp/tvm-exception.md)
-##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md)
 ##### [Plan for end-of-support software](microsoft-defender-atp/tvm-end-of-support-software.md)
+##### [Mitigate zero-day vulnerabilities](microsoft-defender-atp/tvm-zero-day-vulnerabilities.md)
 #### [Understand vulnerabilities on your devices]()
 ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
 ##### [Vulnerabilities in my organization](microsoft-defender-atp/tvm-weaknesses.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
index 5d45968b5f..f85a44aca7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -32,6 +32,8 @@ ms.topic: article
 
 A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited.
 
+Threat and vulnerability management will only display zero-day vulnerabilities it has information about.
+
 ## Find information about zero-day vulnerabilities
 
 Once a zero-day vulnerability has been found, information about it will be conveyed through the following experiences in the Microsoft Defender Security Center.
@@ -62,7 +64,11 @@ When there is an application with associated zero-day vulnerability and addition
 
 ## Addressing the zero-day vulnerability
 
-Go to the security recommendation page
+Go to the security recommendation page and select the zero-day vulnerability. A flyout will open with information about the zero-day and other vulnerabilities for that software.
+
+There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed.
+
+Open remediation options and choose the attention type.
 
 ![Zero day example flyout example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-software-flyout-400.png)
 

From fabec0fa50a7e2d592975857879a73d32b4afcb0 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Thu, 5 Nov 2020 10:27:11 -0800
Subject: [PATCH 92/92] image updates and text

---
 .../images/tvm-zero-day-patch.jpg               | Bin 0 -> 7672 bytes
 .../tvm-zero-day-top-vulnerable-software.png    | Bin 0 -> 23435 bytes
 .../tvm-zero-day-vulnerabilities.md             |  14 +++++++++++---
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-patch.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..e0fa906808ae25466e122dd4f484f15a01338090
GIT binary patch
literal 7672
zcmeHqbyQUC+wKfQry$)aE!`~*0+P}p9U~z%2qK_>lz<3Is&ow9Fd$vhFu>45BSWVk
z9DHBj-#N$M`Qv=wTHin4InREcwf5R~JlAz!_ugwiH`6yufIAv0>M8&r5D2ioy#P0}
z07U=@4ei&w9q6|c0~-Sa9UTJ~3kwq)9~U1V4;K%QfRN-40UFfEXL_5RDQ9WCoxS13|>Vn@#`&
z006|eMf(fz?*T-+#fXW8jf0DK>ritCfCdDC(9l7@P~Un7-P!@@#26$@0t%RSb#1Vi
zJxK*a57cU^1-|Yesqhl}$V3H{4V%d1!WflyVJvi0DOsB4-8td+ZT(N
z)fH`ZOB$qWepEexOW}*iU46=8o@spii7+*419jz`-{YBQ?4m!rl{$HB`NVllyW|4I
zLmEd(WO+OMc-esZj5=#I*5mqkSS?4hBR;9}uKO}+d
ze04cAfVE!tG-%P!FYh_7wfFI3PQL^Fc5*pe3VOD&Ww8VtRM`Bdqim)~`;B;CIoTpr
z)4)YiX*PGlEa4W`F=X_kw?j3Kjq>-jU)XOXv{9WPUrI)Cr@uw=g*&`e_dl7XqA$SUIO>^-f--cy#T?9ESj>NOTvu6Xr}+lHg{x$>i}q}>4oY_)%S73enxUJB
zz?Ir3wlg&rmQ>fijDoIz^c$oVloTozXS}eB@y&CVqq^cQc4D`(u>QAN3BmG#lop?0NNGQ*XdKKQN;-PIxb6lYYj50Reqzky)X;v
zjIY$_yrjDF82{xfEdojt0R`|{pEoHtOjS!2b4&HQIeY*g-3OCzGv^mIKa{s;k+w71
zUH-00Kk@RQH`viakk0*KiQ6U7Zj7l2>0~W_TzS3dD!gNqQg8{Y3bRPU_sY
zV1CB4U@vo}hIy|XhSIrf@%6WO=Q@wVx~Bs2KE
z3=sW}%WNR$1h1Q8)p)Z;a&5U~tg2@0@${PLGja!TXZexAo;48Bk9|>JrgafifN1vM
zGJxo5=3fyVf(E^B0AaPsygct*h
z`URZGV{BDP*5BZ&(C_q<#E#ipIP9*=4_y9F*0y9i3w80$!)z_*c=;CR#oAM*>kAOn
zdb0YHmI{-w;yKt?Y`?PPw)EIV{w2DGV!VAj=hGi1V<)whtz#u%H&iKWmAbw+AB($F
zA21qHLc|!>D^aF*i?;m-ZV=DcgW}+qXflc&?}m{QPf^DZg7z-9R8AqPwfC8Vl-PA2
zeajJEES4%?mH+ff5XFIz@o*UH04V`Mqim4@o#N|iHFZwjY^%Ob#Lj@AKCw=qH
zanZgU<8u0dL)HU=+tMs#>}?AAcn$~h2UuGka5~o1L(Y5TcQ@8HVa4ONmtm~|vgR8x
zWBZa%3TwZba*7d|-cEU5(tq0Szt0UR5NjHF1ISdrz?JQxxH{D7HH_jwYyG!pt^#zJ
zPG}4jT{i&fcZZ}waeNo6S@DHo4&mVX6=5LJ9{~paodvAcY*tK0)B9MQ
zCX%Y#2~F+~TmD7P3a*yax6|RVm&}*6R!4nuOsfB2N|uoR>fgnp9^NhV9d(Q5Z|vDS
zp25ScSFeq~yyX7lk;WLH
z8d3Sn4+2>0jJ9hcb6bt^6UX0OyB;JAlk^wO%iCjN9YN_h3%FvRmpN`)7wh}bvHo0Z
zWWQwnr4iR}o(9qEpfwrilZ1wU??%oLtKUj7{9QG!E*82XZ6WzPznkzMA=Nj$R~Ssa
zYS)GYS6OUU<6(6A4Pcn!jNY0WZ|Ne017KDwCC-d?Z-ym{p8hCxgvpzYkvG(cM#WH=|Gcu;BKLjDj*!)
zI+RFPJ?4OjBv83wJkYSn$|(T;@sws>@!^=!^+62WuR>lvB7XgKC5k2Q
zXJ=i*vL($qtk`V31u(+1huQ^~mF(=?SAzGCDN9X5kcv#{Y8$)h*tPN6=3*eC+uoy+
zcF*ULRbKko71do1m&)re#s7&g|uIUhk=KxBEGs
z=)U=n4zrUO?K|on-Yt4~AuHb8ol$l27z5n-%e%CbGk
zl*q@O?KmeEgx0C)KcrLH<3}yt^3q1v2J@p-IA}}T(Zr?R(Eb?P3<&hAnlH_8seATb
zaE=F;^__G7uAAKoh-xb;_>?!|^xZatP3`6Lo;8uF#1?0r-Q;eyCC_yI86Z;9s+;$@
z{`d}0-c+>(pKb#znI^+@d(d=f-0gwV8(eeJ5B2P>7t!st24Vx|`H{`a$W~Gdmltf&
z7S&^=)i(fKw!sf^qw`D&rFl`Bk+VaOjFeyT^W@_`&cu;ZW5C^9oB`(%Fn3%^q(Q1K
zxgcy+=}Fx}ndim9Gp9QxQ1D&Mw|&;Olma&ZkApLawDu0}bzxU>E1FOZ
ziKUT^sO{_B#ntfVkUL%6DEyA67RFwlae2*)sx5Hvy>}g^uThh0sB}MB{`yP1Z<>lC
zO_WRGECQ^D>hufZF^|XOW@@u+E-7Z1E-4i#>kfNTs=Y1hyJZSdj-cK{VdCnzOfw-y
zwv@}9Gulj0|VJ@wcKPNq%ldK4p$H>5h|YU4(M
zhPWdLjSVYWasCm5A7E`D`hz~r+0#>+I;ccwPDpr66|Go9N3Rn<(L*RpL#-)OhM}9l
z^?_Lxq|oV_t-J~rK67HhHJ9T>wfqd<8poXb%_|peByO)bX2IY=T9?F!VJiQ%#aJ<{H-t4+fMa$wzNrH+covBUYaCDwT8-`wVFN=mx~%xFTJ9hbVt>=4v<|BUAoLW
z@4&~@(A+@@Fw#{LOqz;a?(l<}RV`$!-mckMbf@o~E!B?lpxpR|go^vUZS>Y&8Z8Q6
zX;+{@ARbO>Fl}Td3%+1EI`J-7Gr}T$%JLhT#3p^A+XrD6ZxYUn;%W9x<2C2;MJg=hBi@G#QqCka!
z<&gGt`t94pJXl&P*ZI3|GQuLG(PDLuM|AVclV=&{3}X6I6XO;g&|$H2K1i
zv%Rz9{VYM)T6bFDS+XDgXgEpdjwYJCgko<`;Ccfu!%BYSNij;LyZuP3>FECLzj*ng
zmK`y=m>3b2thpbd87`3K8#sMe!SW<;i(FEspmux*y2Bg7!&LLeR$fQHMxKlyE5dtF
zDtJbCK*~x`N8~EaTWdIdSDZHeC{=Qfz9-6+fvi~xVGmF6D|HHxIVmxXPcy8qwGZE)
z?X@ND41Z+ni%)qqq#}-0vvUk#3qFD!fH1e-)Ru~w2
z26|`>6KtPW;*cYl7^T9{sfGm7e*zdZN?ZAkNX|^%4me&gy1;J$AfxqbxXztnhKTHz
zcjitjW_WKzIR$F_zNH~cZhOki*Hvm<&3Dv&73;7=QRKMw^`2=@LsjImihG5G1lb!&J
zmxprnf!3}28=WX3rSgW*=O$&mZhK(MNk8^X?I{wf_f;`>$k{Ei9rXM+pf4o-6XkG*
zi)-_j2er4gs8@6^>C*Lxc4nCELBmpg9JA$Kq@jdjgs$^Xg=HkSf4b+6Lvvb`5h*%o
z9}NO9S(qDoWyv>cuinPb0fpYm$|G~#6zMxk!8>5^J8Mlt>C3sQE*1EBcZZ&_Hc2pc>sZ!stfCFuk0nOQyh
zd}M8Om?bgSKr0IAUH_<>q<$dP#fwzQFw?9XWu7cKo*G{dxgJsOYE&~GY;{R;+$s+R
zZo0B79(3m;WmFYl%@e%&lPI6niewt>_O?^Va(vQb6FZZL-3}}%W3Yts5K*H@I)3K|
z7Pb!(Y*;*!Vp9thQ*DjPu#?=b+BAY}Q|ZL^+V5-Ktnq*$U60&I$~gtbyWchVbVZ(R
z?45JSgO&^%=z?odH-KXt*TrLHP#XebNpmU7a-qVFhumnVqgc^-t>1yTXnw0>mehbb
zWW{^NVJ*RUa752tIqr5>ry_I`cxdzHiPl`=Cu_&UGHw4zO&pCFznGls%ix674m|M{
z7kEksM_16)4M6DY6-$}b`E&Jizg)`&3(MT^T?NMGy{pyz;Q8D--)rU)Kl~H@>p_?E
z;1$bO(M*w8Z8)~~d;USM!1^;Y*4IfruQI0NyJQ^#@YFu2
zDMkprP9h0WS&t2oE_-;X(MIdGlfWgE@y$@4$1^5NKg3Y3T)49)b;f&E!BxsV8HnbV
zP&FCOuLG|#bS@NK&K7>pRZ3gr8#F97`hv+n%&2)Bwa4cTL$j}ogD^EIC!7!reZS18
zL_K;C))pT+jT)qSA><-Pt<_{aoTph(8(ufwsbGWAS0Bz8M^>4A7JHcKCDU*cydxv`
z^Ue*x5pe_foOK*L$G00ix3YG{IqH-e)YLy}Y^F3$GA8)oQv)lB87Na;`iFk3i(ga7
z{a7=Thld23mQ$!JRgCliSVm0pHB((RtWi_1(3^hv+eJtU-VrS@(|>QOY+ol<#ERrQ
z$&9%wy4*}fHFZjIel%>A>z)o?x%*xRukYgkFzlOKrD+$3<71|5{bV|tgb8cwOWe=P
zt@v%rv#zgV*XuLa9Ws&YYhju~@tEt3z_SMhUjYD2PK|0>Svpe?<-`h
z0hXJ&~BgnYGDklfmH`>`COSXs}G);)hjw
z2fFaKn92>0Ub>%(2K#wwMbq0xhbBE#6U_dOsg#p!)&tcU(?gyMS@z2?$sSFxq>Sw1
zj$4!6tM(?=uOJ?QaCVTyF;u38-YQIwO}jWT5aHsl8E8Cl#k9`MgGWl@1t~0A875qioYIEq@plT>3}_ab!zxDNem@go?N>P-%6uI&@H`(#EYsS
z1p9>&akebG*dvbnvctv3c@{XdH%Fl(uh>HkY{QNVp9-7d<<{Swp8a+otz^NDYr)#8
zk%lE+$}v|gGB=2+_2LJWDuId9wp+@Jh5S_iGDCQ?;(lB|#34d$g3qBQYQqI5Az?$w
zT2xKkx+6O?#}THQdwyvUW@_f$JWf#JH}0G@T}({j!Q*tE@u5Ln3IyhUSt|P^;77V-
zPz|iacXYNpc{HSwOrF@o|Ldl}LyP;9K3FjFc;4CkRL|`}
zSj)MkD|47lRg=79O7t@E(J
z^<9QHfLFF^u1?S!Kqb$M;ky)Zd{y^4Z6`uvKzmAD<5~-16MET(U0y>&@b724kmgom
zX+;*TmK%WP*rzPh`Y~iyj6qi?i1y?IvvbRsj;B1=b0J5E{kVU
zz#Qi5pB6=Ri>~AeAo2{YQBKqK$49PFlNLhS7ka*I|yBRUbn
zc{Q5)xh6CQ*57gJw4yr1nLJ;r=xi8313BGYkrE<-gSu6`)!r}<@yQhDd|(v#lNh7IliR(|7ie{|IgP(
M`JXP~0Nu>|51_T&9smFU

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-zero-day-top-vulnerable-software.png
new file mode 100644
index 0000000000000000000000000000000000000000..0b3b30e812cd71bbf8996c94a810a488d2c288ce
GIT binary patch
literal 23435
zcmd43byOVTmiCJz5S)bI7J|FGOK{iV?(S|uLy+L^?(Xh{#$6kNd!voR*POHFu9^GI
zH#6t1d)K;u^eVbuy812Zt-YVUe^2pKQCB1V(d19wVs!sk0=J7BpChc4=-^ZXps*j!S6^RZ$DD@mZ;e+Fyagc7vGBUkbG4%
z6~GwUpKT>29o7i{C9HZ*#(9jr){C+GSG_f6zTF9DHM8{7)^Q0-HUe7L)^keTjxQoz
z=oBF9y8?Ku|H(oF)mUL^r1cdSd{1xiw>cgAcZna*3s}_T#j)BRT(ME_C>+;h{KB=}
z?LoN{J#;>soV`~iOgI*gZo6ywZC*tx>q0@Tv1w^h`g!$=e|x`sw=~8@r0dL0@DNw<
zOiE$Z+B}icUnh>z-<`9lH2)vF?Yj0Ww~zL>?LDy?elL_2$MGQn)vY%#n)#86u{~(C
zmwa{~n)!!)c(3?)pHU|>-_v7@nF=2RK1{2bq{xSdJJ-JqYDj9<1utu%nM~PWF}5b=
zVJ~i@YWblRTHEh}|5#NY*89J^j`%?iv^A``Rrz%LLuJwKAwT^hsK+OaCyD2x|0!$-Ileen*)L@hCdqjf
zkvc7X7fA;y-#&*{Vx~;bJJh$H#neMyhpW;x^GDcWLN02z<fh4K9q(HVz5(SM)wm4@&2zBt@nSc>phpX{gMWMWbtKwYdK$K`
zz>m;F5ftqAyW~P6zKvPK56%0JX!{;V{Pz5X6KFiBUC(z-rG)q!90|6eX+?neHd}oy
zpJ6TwEyeW@lGPh5U8i?5B?+R6>(j}tNkqDM#~Xe#)g3_#2;8#R9zLte-HmNnc@trk
z)ot6K$y%a4`LZ^1dDrV6_z1MKPg|WI2-~`o!cGzlJ9+sg&ulFHnuf8e&Jd?jRtO{e
z))_CdiMH|zY$|t|AFu@f|2A@d$e0x+&U^S>VE
zGWhgjzvlRc&}=B~Vmcr{pV{KnO<8Vq;^jKlWOTCdQvdJot8~Ry!s~YM1
z5zm%N&YomSZ$v@s6U{Cr%P>5ey{~#b;ljiXaaP(r7clH4ny`q^6iJ%6n
zNWB4B-Q89}Y<5kZ&6$y_THbq8{`!@B7XyY?EislPVHfKJ0%9Y+(VeFPTrMqxBws%e
zQCOuXjmk)=+{f`gT@`p6$zteexU4wZJco{poD{R4mTpA0Fk5g}3)kOIubuKS*W1QK
z;nPi?pM6T$9gZ>XySq(oa%854-fiEnt`3&X*4z4_ad&8eZ@saw@lkrKIDNx-d+&Cs
z#S?LtwX1(DdsSqOwQOfx@NBp0bE^g!Lj`(_n?zjT^5lsbhxd2p7gP$m3;&MBK?&U$
z-4@kQqZGcV1aeUQer|0fe{B>!otY#2#C{U-{;3WgDfxEcI^7A_dX-2$GFwJz)CjnK
z6X{f2HD=xywBEUKJ|xhPo{2`SpP0f#l+vD*i56m?gF`o2Gn<#Ln5y788b!Atko|o!
zdjU8csz=yF5KW$2q7;<`z)28-Pd=1V>zfqu7u#9@{HBx?Cvs)Eol+LG>Pe<^v
z_i2|)t7k!t&OupY+8@uT`xWE%F3S^6`D#^f+0wN3J3`ka5!ngANirqdtD{WJr{x>;
zR`x`+i;w&_E&GSO9zO=@z~H#s^UF^nM8jp~S-GR2EB^~rEae8^I0C-^HGUoM1TP@l
zaO1#I_L>))mU<%qdHQGgK@ZdVcdRolr0snc!%B`*b-zZ(=GXipq0zX;fo`s71g%?A
zQ)W=pj1#?=1Hrf8?|xG@h#VqdS<}0T<_&WnYHth9a$Jc$kBx6skd-&;4>xXh5vN?_
z-Rw_X&dE?@W@hYX>_LL=C%V=!@sns;p=awGk6$t@2`S<(48NnRewx!)No&hN!VZKEfbqH8c_>n6PxXh{R&P|6YJTz{(0bU7>*vemEgI7WOqjdK
zXmlwkjj{nzQsMAp#%k^bqV;-?#@j%cD0p!G9Wkl?bCp}SNXTUv5?li~MNQq0lw!p<
z=N@g_n4dJyLNt6qtgYHVGSclS&s&OKt~X1ihJ1<@>C
zinY$sI(oK`WEHh1SPC9qc0Gkx9B4^#pR8dXihY>wB*SrqZnh1)#1M8~th=&ir=t!=
z*Ue8q!$p9I6ASg!yADYMeg8IId#3Fm*y=i$FIaXx!3}mp*a-o5kepc3;;Iu@8=p
zNUN-)9+sTE?x$w#A$}muRtuCgIbllu3ap8&;`XgApa2|z_4HxTSs!n>u4YgJQ>SZ4
zVD7ow>a=NBA8$VhJvoH~d3Mlw`%6NWgn|8^)u0)MVDIm_4BOW8k42St)+MKpdylr}
zyWgB&&O1P+^(n+Ev4=-}CH&+4GOh?Z4ytrUJ`N
zH%Bh|zfsoAEZX=4J0+eg0E@HUFiq9GZn<8oz&gd|T>sX*+t9EauU!8&&Dq#U@+o5U452iWMw1O^*hetEjnBH+j!Wn+E`u>!@CK&678H+e
zU#RjIJ{@OXf#b89qiJ6k_vX9#H{!ds)01{I&)qs-7hJCR+p|^oH9Rke$*E^!x_331
zUg={twBFA@bOrcipnV6VSEtliH4;sUsvIp|)`sYB63&21`8EPmy)^#&SO?ya}`
zuY*O2F=C33s0-w*{4V5>zJo!Yh>6+Yvra5hfgY31`n!RSqF+568Bud%nLmXTJd6)E=LkeS`>lLP3Y+gk;Tli-T?b-5
z&>`V?YxA)W_ZXxi$*el)E9)0o6PrKWIm+S)Cg+KU^#f<6?TMwMA#G2CN-d0SO~OjVW|=d4^tSXT=!ZK|weJS+j@z9gEnq^oyvUuCmspu08FEjZ
zthvG$((92~FI@(DQS(8v`x=hVG-7P@)b3Ipze4vU+o|6YBwOjl7Z%(WZf>4cN13ih
z+j`+sx6eJYQZ8J1jI(X&U%v-ARSG*A;cGWs-X^_2xwl5S5Eb&wY?;}d4(+sxrZUBA
ztIFxH)8W<2Y?b)#heMtSkw+S^H@SeEy-wTYIZ*-;ow7bS(#rRIe+Th3ZJ3$BO&*Pl
z+t$<8#wW8I?XlEB1}CDLb0z$wr@-MQV!9&n^@VNFdyx5ws5Oa!ekNQ#Oi3^DG9%xJ~krB55r
zUv9eItF$~%t>x&+masLo+Q5eZ&AtSgB3v*YfrMK%yRVr9y(~ED{Xe8yoy&6K?!)-#Wv$IXJyJzuu#KY1(7^Y`14wWRh?U~`>;~y@Q#z{fa#f9tiNnl9{mHwn8lDM3lT&!#|
zx=46+Y*7(KT6%h-K|!bI+V+LyTV`?WWn*Xmd*Sf}!u8}MvNwS2B56yW6;
zV0mA}Dx?NY5&!c?8Am~V;c0`|dKiciUOQ7u?{q9Vsko_7We$vNtSprme@?T?1$qfDK@MkE1k@6`o
zgplu@GWazWir%P@d4G;?tiu9Cd~%9c(!O6N+brmbga0M%z(w%cOz5Ix6KWHv6iUci
z8c!!X4i(Y#z;J#Q(b*Xq_swiWTJ3!SeWNkhZdE>O(0{cw#_F&>{x(fT7v9NM%P-;&
zBCDzgIQxS9%-W}=)Vmh?
zZOE&?U7X^3^|Ye#9qee~Dr5_HeP~SG0=;}h!U5u{$G=>%+%8y=*i|8UmE6Z6JX-NFlQ;>3a#NgY0F^?+hfUv+W#akbXRezBMqSRkHBGdP<
zRi|uuQbe#KQZqLhxBqEPsHl1O{#(?ir-ZCUV_qjom7sP*Wg4?fDs5D^u^oAq09qG;
zb^OtlY<-eoMOUvB2Ez!<=OE}VL*|V_g?5R*ghx`U+UuC635&T%csCYHiPnuV-fRQ0%!0juiE$)iaJBR`|)tZ6ElS9SKRltgn2MMjP`Mw9-PP
zKH@RuoeQkv!EXW!&`m1?G3sGMS=%EX3?!Xss9|##c8~Fyr$o%)mS|6a_XxVN3M9cF
zrtY(pj5x@D=@g8!dU`W0sG%0lSLlsVkM^k+i~}g34Hk@dl8WxpZUgX4=7@yqa5pju
zV3Xi0cE$mu<2!j%v2soH*vW(bA4a!yfq&WxM->g8gdpvYFC~x_P+h0YH<{dY?#U8w
z4LKGkdjN+?61;S^aT2uR;xr1rmWHN9GLz>maZ|lAmmoAu*fNhSezeNybcPK$y&OeJ
zi&)WH{b%k~>Wtc-k0L(wH|JCqc6LRzwXs+Gle5hVpsHoBM3#oREyc8!66(My>0D7;
zF^JH{ez;uo^twIsH6$`XPyPaeMbWBOgv3IHTkxCo4#%?K&zCvC#)15-Q$>aY5$xey
z2;z`v`BnZ$EMz=9-hd3!f86>nhIoi0CkT4LWrUoH+F-uP?(?@7&jjnsFLqV?qC0p0
zO*DHR?jZctzUU5wM*O+u5rnHx9a#JKju&3wD=z#tHd9D!Z=7!3C~{7|cq%7$%<&?l
zeuX}Z5u|W?a56&<20pt0=56;D88ay#Ingi{=b$nWng?YPV!8c2(DO($-|`fjD+3O$
z^8Ftl*!M`*0dNyO)7fyhe$j)GraSCigKNB;7~a+t#GMa3wWU~Ni{-3os5KNk8v
zA3D(lDHQk!&z%shNF@fmGrfrn1!B{iMt~=s8@ph6M|@v_+}f)aY_rZrfHP@9cZSSS
zvgrFgN<$xoOPdO4}k?3Ys-}5nvt@h!bd`oANpBy51{%8%X!MNH$
zi$8zGx{?IdJ}ugd_YJ4FSj8otv~QP0rB4#mtPRX#PQ4D>$MHk!ym||kH;)^X9V3S-
zQ5S5)2mI~9L!1DLoHfL@bd4C#PJEA6TOZt>)C%V{Gk(Eulg+5T^4jcx1>IGH{+P=b
zqL`~7KhlDBCXnyi(_ZTK7aRc~J+ldvo>UerK}(Y%|FlEh*3d=TXoKnEa#|$)4f`6k7CE*9
z_J6`#tPs4Qd;e5&0L4fte9HTN=M*G29;iL?VvLMnOk})1xqk&;ANYLcLe#yFoSv;M
zCpU{bfipf3DZg8*fqnJZ=udejOXtpz7HB$x_Pt|mutcwM%07V+AI|x_V>&6|W}oSD
zK^6QR*!$FmIftE1d)S?t{cOct^)5UejFXDtC*JFv?d;6va}@}3d{NVFYpXgBLEnm7
z*afj#-F?b?bTdSRRm1%4%%%$@poIv=Ks)bjrDnLV0eZCqZnpw&5k~Q{NaIaIlG=M=
zLPXm1@BedfIiAUejVNI3e)=&~-4)@&!hooxp(DJ}^{k~2iC+w#lI12PVPazvAX89w
zUcQC|v#sN@i|gV!0{+3|=TIgJqLba?J8(j}mi|RO+TG)!@O7DBZ({BFJ$wB9o~!MW
z;gu$8m-%)OWi%z3@p!d=OH*N)>{;nA|4_BkJtoU^Xpg{jH@1MQyW&1
zYu_Il{J{{$8Y^4wVNnLh2>Ou8y0#}SHdjCY%;uP=bcK*CSET|4$f;Qfj8}2$73~l!
zA^(gq-%(t;IMN!uB{qq1CLW#$)xLO_NS^4h{$-*=Pds~|ocq!XWl;w{OoroPQr%6v
z{z5J~sy^<*{?-B1sm@aL?V>sA(c(l*ouP**Ggc=ZHmv{Sxwn&@jdjk{-yTDm!V`A$
z^M+lHwOq~>4$9`bDjo#ug_zXj*uG6gz?^?iuc11N3S9kdA@a%OPij9vY1|?}G
zGReTVZHvS9j7%p%R=ByE`%2dY;%7?zA*~S{*EB-P?%v-oe-}>Vs-IC&v$)1JiU|qE
zbo;yIv-ie+qH%Q*S6Mh#!!H9qckwH7mQGrXJ)_pq+MHYK4u>7$9aDK4lQ0qr5;Ns<
zHm9hcAM6B@Xk3*Jvis0r1q4zTC`aSN6jkP9@w@=DUxJuVHbhLHVaWzz*c>c;Nmd`^
zcS0ZN2^2CUX1bifJms}FM1z#XppeGh>z}W|G28x;g&=hz?^9{4SGJ#{uIV^@%%L-+
z8czM@+FYK;q+_^UF>2kwAH699JFC(4Ku7wGE!gOo$zC2U-x#rH3iZ>Bu?}2VuGaha
z0x9Rl6d<1@wQLmAOPsp_%P*|fUnO2L6n1k~aUIGsNHqkY2#f$L`Pal?H0fh|)7}G`
zCV!njx$bsfSntV>flkh|oB2L78>2r;VR^JfM8ahjguxm35?YhCPpw{Tf-Uw05*yyh
z{IwSuZQ%AbUssvrTWiS?4#QV9az_Qem|8&xFo-KDk@@atwu2m!wFs$_5{ciJ26NJV
zJf5ud=-bFVxHvbEQ^hlC&FR(Y(FQae1;Z_pSYwsZC7ogDdPLLKyAs;siji-&x+qns
zlvKe7)8G9)Ij1ov<6iej@bGA;`8k8eaN}F}*QH-0I+4@U`cgjACe87-Jnk{C@pFdY
z5BvYB_f~Lp19^72o;sqkt2sZFk%git81B_rR6UC$!=sgoS~^mXc{+R@2J-fyk2EUg{;b9b-Axoo^UDs;n*|CDTWrCfPBE|{FL(E`ox7I
zlOJx8y{_8D{qAqmlH^)m%u5
z*2eSE7DHt6W?~huWhnc3t%d_1#F4Wlz4lH|X;2}F-ttcM
z6Hk0o{BDJx8A|zLSI^N=I*$9gSP^@7f7v+iQr#ILp4}~Dhc!HL@pYzXh6z+Wyw3=w
z2Ib6#2gdNiE3t7T`g(Jq=!6r;$|&sF`nCB?zx3AJ$iOh@gAusx;#
zGAu6e`~ff8*epNL9KYBj#>2^(jCMz8cDm9wMJ0}=o8=qdm9@p4g1X1SUIDbYGYvs<
z#6*VYbId+sh~v&7slXS6vot%*?imfc9uSNdF^yD@b9|30x81KOK*=Ud-xw2-c8nsil`C
zt%m85t)eFe2vNQ-s+4s#>6gYBl}&5~7v*oe?h1WM*Ud
zw1CyR9yC~fF2}ci3UGev+?;&6Iuh`4K11sRmvw+U0oe+uhRBagvmU&-&8{auiaJHM
z>O8Zj$uT2ez;NF7UCG+K%v~#Z5Y6u6>(OognLi-+Vv#im#hn!Ob<*o0r7G7e6ZYXc
z_mBW*2DC#v%>C(=U#dMG9T@9=KdV2<^5y8W66fUZS#UHz8fEVR3uUk52S@6b6TK>I
z*KYuYA^%KCO-R0FPadCyzBye*6XAP+v>Udz-2ahtMReN!i^||X8@htaC*t=KV-*S~WhHOAJD=`DFhrlVyQ@v}FrfWz+%E|7>J8nvIb?97FHW~y9+aU#<`
z2U7Du`a*m}XaTp7N)n>~uWO6UC$q%9eRCYd)VTW*`}XeoXdZx{0I^TJBZ2&mt~7qy
z@q9TpYyOh{>lB=w8euipi7a51tG48(t_X8R9U
zrs~&^So~EH42a^Hl{PLZcXYqs3AvxVmZhY#8X;80
zE#|kqmu+*K(c@W(~{78|6PN7ME;#aXsJ2eRv0WMgVoU&!yE>*dG;2m9z~5HBqn?b<5c3@
zr-o6fKyoy1agykJgaG{2(3KB`gK|-|=wYP7Qpwc6I(9jf)xRG^(;6mUN3QXX))-T`
z$6^*L2PNGZ1?17mB4uy8`(-CCP=GT{@)&cZK*?JPW^|aAwqtqPn_&uIy7uhh*H85QtHc>qyr4hC0+S@a^5Q#Kf
zG`KqZtfHv7J+Qq?3g5Vxv0r>$%2G~tuSB4`+VsIx{cAf9PcP%ZD080?R9PX!$**&)
zo1P^qAFdam&mB?`-}M}PM$-PhlSzjg9=zl`i}rqgx92*n%pCdb$_EacDa6He
z#lB6uMhv5f&dgIVS#2jY<@O6gNcX5=?)slil@t?&9=@`wCMfB_tJ)Ug)W}PnuUhr_
znDUc%yIm$7UuqkYsjQlPBRVeAk_^)K{QSFVF4|KG0W~bB51H392_{2$c%?6(#vy9SX|*KV96P5BPhyB#Qd!m-29Z7D@1+{R#;Bt+h
z%fL1Z-Q6B$e>X+`E9+b|W+ONqiS;8-LkiclkClNZYwE~2KZ$YLAXgIJ&r)r43Un9D
z)x8~QCUlrd{Rj(bD&w0(J_9tH=FTejg*|anM66h(Yi^KGZTam#rKAamAH$vsfSyVg
zMXnkW><%%7HQtfBhRaJ8;PKB(ujB0+P}7UXFKm@oT{M+NiJ~-ce=QF=qpuM2HGteZ
zrb}ekQl|w5ddvnCw~tx?F~Vq7+K7cZH7z5dx>&AfCtQ_8V1icfN#SnG4Sj6l#HQ&y
z#wa5p(3d*lSAAw3p8f?k!CTd>~6RyltAG2v1*tVZki7Jrg-4X1((iNH?Wkwb;L
z1`L&H5lXBkqz!HG#WZatpzSLc8eyph$>9X+zEZM2?6T{el$`6G3;beCkIUg`O~@7g
z&6*3Lvx-V3c&yCYf!Nt_cyw;gBNDyNyjU?*EHN}9h{jw^fK^v9gws>*QU-}!4rgx~(me3Sa
zorPF#P)BK~&6c6@V~S9do4oo?EY@Bw6eMft+siJt*w1=y+lFJ;G=AuYTI;%+aJL@l
zC@GNRznC~MVVVh*oy%pe1Vs49kP*=TNIq3ug?Ht!A@qHa=7$0%*{1xZ^*21jEnRnx
zbM}zml$N+NblQIoi)Y^}Fp-G{vfZKd0_U^+E^24A6Qh~{g!U^gc()0@+1
zqRsNf2k-i6c*hlz^WGcZaFsqP+f6m;X*2*09AkOJira-+qT6!m@2^>f5F8#tRTAk3
zLWC{p|IA_`o84lztHwG`ok?dLJ2;VtvFz`5JAvL^)mr&c8UNK|j$ZHMntJH~AG@T2WF0p}T={1M-R8!}csuB^7ZyY+jT
zTc-LzFrmQlX|d``oUn|R2CNIq>jLD~EJme<1BYw1b1uYEX7Jv!W!`26y=uqYa5Qm_+$XMQ-#KmC({zl!H-Q2sTBO(o0yEim5GB08qljj)sgAkmtI)&U=m
z?#Kyv0}0K+CtG+md}%VNgZ}zCS;*f8O;RHg&${%sR4YEKWW?gGIjh77183M|Wo|h0
z`Vq3>UVY1kt+S*EA6Vn9XNgWE&v~1^&Gy-f@ydJpnHuA+NPlYdD(v2*EQ(LpImw=M
zd-tX<5Opc)o-Q%&A``uswaW@P54cMD$2@Zu-os8c6=y#kJN;zw$v>O@RF;Kuvpxm?
zEXuAcigZ`9i_e4IYstz;^S3sqqtvuK5k(!5aMX7zhmUMVq!Td#-9-+;bz>wNcN?9Z
zUNkBo)9u#jQ$6(<)xvztCd&s`KibRbE`q)nZ{gk(KKV)G3dB
zgLN2ViTh^9tXJ>1E^C@U(y8uYL`3f)0+fw|!|CP8^8tLgPS1;>E6HE#8`FVEGEle=
zaNa*$Z+FM`os`rOTA7vY%F2ca@1p|qx0b(ALssk)$D7dnA25LbpeO$$Ip86T#4F=e
zd2)e%kDrlYIa8F?d%t(Z_xj`EwkV!e&Q8FqKHx|3uUdb^QTqzlzmMN}@+ZXQTaptS
z*(PItE!JlbFHaRxV?aP}h&)_A>}SCajP02E+6-!gbpcy1~nZ^I)Qf_#!9E(Nm?S)H6E|6YMlZi=>GVwuZhmC0-47$!JWTW8#YM86_`<(zPwqsoNC7|LPa7L8fg&j%
zW6-7^8|e_ELGMs$DAJCKGlAm<&aO+))$Bmw6?-9~p%rV?Qwvo>iHDqI(
zn^#=rj6Sfg`f4UYZypXiQFqe{bN5XE4f(?Mre_F7Ap1Aq`Y*%8iyg*bh-H{Y64(6@#j-fPL`Xpah($;
zA5Y!J>h<@M{x(927r6aY?T&PAZGE&mpq&4U4}UG^0ISswmH2ZhCv(6ri-`;b)|SO;
z&aA5&zj&huTuI++Q*l3?u{v4G#IJtvHBXs>
zM*XuGor+hdXjA`K+2Hol13=k`-jTrT0uw0c5@2h;e7}I^-&awP+i_D~TvG8I(5z!=
zQao(rZ-+@dm(ert{n^sFYdl=;eFd+o!VTDXU?M|$?M#B2%H7!jzf_q{y!rPRq@?D4i|Tq07i?aqjE{g?L2hX
zLCovZ9>KYrqnu%$LN+UFz(QUgXVN6-)1WjbX6ld+c>A*FTz5BY&e}=-Hl9c>jRy*_<
z+SGISDR|=aVMl#IjnZ)Zf%%F>8Hd0s^#P5GYfRc~)BxOd4dcz*JZ$F@5yfb`WrA&g
z(@$-@l)@Am#YmXHc!&t@o*(2z7ja3?F9bQcjXsazDE99)FDUt4XZzqA)dAU5c*z_~q9GKiuUU_`eSSbZI@BCWw20MvN7*+1TLhA(r`OLSxBULrM
z)vg~2i&)1-hnZ#WGr2?3ov>Sy(wLz4zL5(=IJ$gXF|^?QIoqcLdm(9-@&!X6`jt7UOWX6Lkyi6*mW*c6*64fyM>-x1gPv1v|d7QqH8Y@6~5N^D{A@EB8h9%
zK5t8-b~?kR{-M;oO-fIPBi@aFQOA-cocfs$b&jO$zmn`frZez*fusz6{@ul1e8~Fn
z8GgH&sbJ6WA*(X?#oZn~^O5yo;Usi=+u~`PZPc%ts6B*yY?P>{)YoC&q6FT~%M+V(
zV4>&0k?pA{4rd-H(p<${)%HD2Fj+g<;}q%Gu*hj%2)d0X0YWu(&
zR7c5?rLyRk++J;WcDV15_U#5GYpp)k
zIn!g-b=X@x$~EChf#+6$pK_BibC-C|6T93MGv1upkY(4P+}hB4bfzUD(u9YAiy#Ci
zx$1b$`cJ-u@$>Gwm=xLC_L&yUVq=A9tX%P38MJwpKJ0M2
z_Suf$m44!ke{i{T|9+uyn0roj{GvP#hl4L9wLh;FjL%HKSAbeLSje>B`;)*M^no*y
zsHZXCerpqar2fh6y_6-E9jE3U&^5beTa0`)CCK%N%xpqh*t2o=gI%XH)wBj$(QB?K
z+nNt=GcZHsK{ubf)fax+IMngf)j0g+E@&bF9V#FAjH^^#w9WVKX-^N1?QGk|7bQCz
zfBbid(6$~bWy<||k$3CS=2zhBS!c)V_WE_>%UF99OuQ!8t}5n;YD?h
z0zME4=#LC5Z)*(bHmZ>g7WL=;0QuuQF@~Ik6N%0g{Ph5IXxQfj!ojf`-MxX7UPc!2
z$ENvuPPR<6Scd;OdWja&c+sHdyrD1JTC_qd_9y1D+F$Y}eftxSBn>q))
z_MHzxvyP{)z5%Pul`ro#{O-Ocw#Pu%+!o?J_<&HVUWWv%fXAwJA?US1KkuJDD=pp>
zE@)25xeJPmZ)t+(ZcHWTsO4|)$2j{c9u$T*eoAFaO$JP;RF??oWM&QQM`O^Ra79eB
zQYbwF!$un;#8JDNgY13GzZy!sU(Iobu)t79`#rcUd_HuXkxmtkbDg7_DZs+~CLYno
zC@t|8ld`xcVL*K4y!blpEzhP2cX_sE|4}1jP1^&-kS=GeI$`~!aFQ<^%)7Y
z(mPD;yN^zZ+p_~reEDbo=QSsAp!Vi<7>88s)^_uEeMVH%Wq>#5bE*q%$McFC_-v&w
z3APO$y-IGY2)5d2we4p!ps`WD?wK85yQyom?KQoxKo}$Svf4=9em%n0xbV`b`v9k_
ztjgr^(Z0TuXj3|r?bKj4Oah0`6*;?NeJt9S*y!%NC
z!2-Vq?vtRemk^)rO71;dJFw2tWx%Bf1%#Hdd%ob#?a>+HJ>2NBzyFT7$~Uq4B~jK0
zY*O`Zlfa+xj`g*p4Q(UiF{q}KrrH;DxgRfz(=PyK1IiEC61L}9Zm`BNc8d4>>F(?W
zrh|4Dw&ximG=JF+CB#T5LEM_r9f3gI^i#{d1(IY0UH3UR)e(%wdf1r~5Hzag09Yl4G
zGJONt>UDZKp83E=MMXg%%l3r_RL3g>-=Gub#;`*e5g83l1Z`DIA9f_$8-&uR)&u73
zTzHUufXwwkd1XqcTCek9xxRRY_wpbw3d`r({|&-u%)-Qhu`#(+UaS9c8tcNZH99dw
z{7>F*emV%F$#?#DjOG_2yV5^F*N2r((r$x-SNT|&c74Jx&pGp2<>SIWNloSvs_L{$bi6I1;4Fehd*&WK;H9(L3qCoYAy#7`D
z-+w6m|9^y%wBaTa0~a~ipDE(2fI0#qU2YxgN2Ao`im&<&nEOxfK0%cXszDd-7mZ!dvJ@gaKnjFRa+p=
z;NZYEK2?aV7g|&og`vlWAj;G)_;OZ!B9WplBEZBp;vbYD9?~z16}j(YyG&Y@)HM9-
z)Jo$jH969mkIZZ4gsrJW!%n5d_v_yiq;Sv%l9CqTN<&6Sm*;!6(d&jnw;qT=T1;3?
zNJhnW8Xj!YXFIv5jJUYqXsn$TMp#odst#Mx<(hZe@1IuJsW{s=RlJ&a!f4^O>DEbK
zH07zNqV{uWhl#I&xn%UjumbkutT0uwCFN~rRmSdIu?g_)GKzx*jJ7)y)5tW>7_
zeM&We_!~l^2K_H(x+k%a-@NA`y7$WyP*C`v-u^GZn-eP^op#XVP@%>$rgS#fBMQZA
zSEX(QIpt5IB|UjmJd6wx_@8$D@`|NohFPAlCVusfMO+J)G8vJ6FeJ9@VcOW$$LN4{40%
z)gz#f6W(=KQjBRVs9ai8+P5-vV~Vph+N$r=R+WXY-6cvuTgse5x~Y)*i)ySU-kiDz
z*QJ6U`GfY}sAFF{3RPAy(if}cqnJuV<+3xQ(sFxPi{v?p#tzJStxhTv%)@A
zVaY${0!ec=jdY3E55&%{?GO+D(jV_i+aNAjtqOqQk)|fJ<~I+(2D2c^*n;o>2Sn)@
z6Zu~zN?3DxskQ#xfTWeq8$K$u5>i&$8RjEOB4%iN~se6MR?AmQ6itWm|
zN+r~!85TB6`m7^7`*JO657+ccCB{){o`C-hA|d#B7E&R_|Jku!_M#R0zaY|F&p%xJ
zTG84Yu-^}n_0;)upJx89CyTUltx~W4RUc*IPIl@3l`3KxSh`zQTr|rxSK=cuuZ1_4
zV52fh>Kf-HLPf7sNlBokm|8ykr;AN)am7U`pU9=2nZbk9>Rw4VXtlblG0f}Z<=$xm
zPo#=$QWd9#`#c;3BZ2px{!@&koA}>iqyz0sjd%OGq&GBV>z;djN0-)L+M{_&OHs4W
zHXlBwFzDhoIr!ygrB@l-S(VLaX}Y4EL2fn3a}apd?^4nE+pF9ENr>883aI&ix~Y-X
zudq6KXd|B5oVy|IOYeTQ)4Rq=>PbpiC{uc^6Mgri=96!wjW0T~>&Jy32<0%|vRb?P
zLq~av*k9#g*9^{&;4rK0q@?8;}>f5VP#xir$4
zG)E;HOFRD{k=JAuYK<&5HlMkiMSR+&gj+6i
z%ESj;6>3VZQpaOHt=j(UtxSTV`XkDEm1mTu!bBh~qBSqlbydfTlqt~WG^1jKw6YTI
z>w&kgo>`>mN^H|F9m=3s4wF38C`(=SCvUR97RDWrhYet=>J5(%W;Kr9RzxUn*CqB|
zR_qEtC3o`hH5$D|rM~XuyG{Y>^dSTKD8fpp
z&jW7GJ1*b;(ow9fzMKY!Mqip?F$LT>%L|-ljbAsihvV30E^d^84S)4{!2y@H^tQco
zLqX~s54rP!y`DHg%o}MyNE^L(h})SpN-ER7bouJ#I_yT-O@uaIH%3Yt^#2V9QK1Dl
zlpAilXMUiY1c>fu6g&U7?)>2V_Gbh`XAVLJc;U){M
zmMDv1>d9&wI#F$@JoV~p?56?9^FY6zua=_&Oi~gRasgsV`hGCkwaScUGKtr4gz&B@
z+-P%c22fU(NUv==dF>LL<$``UHYK1?fdk^QLp-e>3Hptx)(`UO5MmYcepilOyV9mc
z`9Sdu1Adnz7VAhYCpgDiy5v#(f3a;zf$PyGtlmC>998-Jw{pfBL(7@87#KGiS}LH8bm+{n>kew})}H3?R1Y&#{S`
zxllM@unkFKgq=6xyw#P!eM6OmUfI0o|4z@$d1Xm-na?D=oJFY57PB
zE~7V_|34_;P?8O?jm=BF(NaCBAvHA{HFFi{-nRBZ4ef8;``4-T)L#B(1bdYIV({`8
zP|=Lz>!Dvl4f>R
z|FV2pXwC>1BM@I02{Zj_K4!@sva48(GWXxgpgjGZ`QX;quO4gD>kcY6i5zTw@Ok~I
zYn;V`1~XI}uI#G*SaD4t`m<1$*a2$UoRz-6Ii{0RzD>Znybhnioh(
zwW~CUL6aNHkiC&#gBuq_7syM;zMW8fWkGX1^jO{QbtQb}kfRr5KdrbvRCv*&$mZR>
zq!bvMiBUjjy|p~$@aRr>V&sqKI!oVcyw~L?IEy`5&Upb0^nThgfS;OfPDT|S&O>hf
z0$x{bDXE{_4=F%lRFK;Yk)lUy?BlJ`g+=a{o|lSrkNx_GQnNn~=DuCyg`;FQZL1Wd
z1b%;!)>=E{*neNhsyxjM*;R=9b~b&3xOZ1u^#wlZ63F!c#152V#%|R4J2~f1eFg#N
zl=ql-)u5XP!IyME^7sANJQGM<7};t;arbztzvtQb{9)l+1F)4MM)Upg^Nx+NqO0iO
zgrq;|7f(y=*DXcW?ZF%Ltzir@EI;Hc(dnd9O9U4|r9l+CFTB9zC6h0zW*zr0#uS7b
z+ue=lZH(ON%q1G#!iKJ^`@^V4a-jTavE1T5Ud
z^|Z~s_{x2``_22&u-t9U>l$Ht!Qna|u0ph#?l`C6hmQEV7WcXa?NY8f#AFh0QYrG>
z`|6;RcWICnCxiiCp0AE}=b=vj*-&?k(vhdjvGnN8C8_iM>*u@y
z=dX{c_Xx*>Ds$ce)zQ6}Qx;l~KOgu2e3PQ$w@AyVW~pI|!GoJK9WsPu0H!J-)2{Q|
zmR#@3jr7#UmsCg_dP1J^2M9Dc`adAq1q&crigvP{WkZw
z@x7*QJ1#PKl)o=gu
zwaO~S<+oMrPYI!VnIQ}~p6NwJ)>&Cu#}gx$`-o*}WZ}4Zsy1qS+TqI*tvThwh}ieE
zVGKASJo?AKauWVMh@(cBWr#7&^hrh(i7{oUKuiE!)Ku@)SpL@yCFm38fdi_HZWD{_
z=Of-li-jcB^H)_FKLwPYimj}T#WqK<=V!W2PP2w}Jo=W=G0#Aw0$+o6F>5i!1kbezZ=?e
z=F%Mhn@2Y)pyW|kL+se4Sy*^D$<@w!=0exgSgv(qLI;7dA>9yNb4`49M@q7|#ewH4
zK`Y-CZOz|~efw|RBE`u!>sPs4){=au7T8ucB;u$2e|r_34Bv3rmKGjz^uPG+koULe
zt=4pNQmsN<>yaU>EVhQdWWWy&u^#&~WLB+M4Bg?|#x(h|oxu&+3vraGSby_FGw;+f46`1cL_$(km
zB?mKn=?_%QcGb%ju;b&%wlj4y+dtqsbK*z8_m!y3Q($`roZkaCCEhDXb#
zO4NM|3zJJ76glhd;>*C+NM8EG-xmMz7xgMN%-waleNwYgJoi4$$>}bDpPsQ(wtq3@
z7s3>(iba(St{}WF6!505FbekxDt_?MU${0z&*R*PCtBBpFfA#yOG0iTlAD`ipyf!+
z1e?@G288=^2k&N`1-f(Tu8Z+gj?cMbnW;3&fSF&^T89J#IXV|&DR{>xti!ugYVgS&
zn4^cK(~ZlF|NU|X(FFVCyY%=HO74|CChu$*J4D?he=C(V;z}?yoE+ndv=gxMPJXEu
zzeg%J0@hL-eZQ~Qhuf|5#W?O1LhFR8;q&V6-km09dy>vk#3amNj6}+!HW1KOTz_^x
zON{)H5V$>>E{i^tPObQ<(cih*R;n%Ty#eh3__jyr#WC>1?l5pFJ6o>gl~Povel6ek
zePQ7Oddiq$);PQ7Eoo7htspeHc!cjmjqW8!E8E}XlQXkH4D0EYQf3X!_h7DsM$H_I
z4h`z`3k*HAVW|%o)VSPtbX6&o31wVV_jLf%Tg<9CC6(@_@XZmy7TthnWdMOr(*C>d
zY6pn{WapUa4)`a&d}$9R=HmmEBqHTUM)1)*Krw(1Bh-$rIM6%!=DCU03S7@wV$=Ro
zpWC2UGejky?O;@7u1UR?^AE91+Phh~1Pms2%@QcC>Z)
zIoi8+B&1wT-g7R7gAoGev94Lt43#ZnK?su3mg`qSnXMv8a?>Z0$y@6;pKB@-Io#g=T+Kx6KVcU$-sy>zQE=ahrW@nN?#N}uoymQ3bwUFE*>v!{f6v{U+)Lln)q0OUSpdC+g$3a(jmdpxmP
zWEsTZvzX-{nhe@QBpUEn&SO7SzCI-q@7pkz>-G<^U>R^1PxA=UG$+A+JOFspJQ6@4
z(qNEhzD+q59X^e7RIdgh{JB1yk;mg7l`h(FNTz{A;l8
zbxw?m+=M6i9ed6Lz5KN|;&oP*QMKveZ#j!NeolB6kiN*itp^dvl5ko)xEzqU@X005
ztzG?3sbN>_=>egJ@+@^%1$2^4N(!*DQrN84Jb!T2ES=AE#)g;R*OD^soMutKH)0oU
z^}zvW>LVB`$@Kw15&KS@iOaczK;
z6*}Bv!R}10lu10XeuC|GtRX1*Mt!qP8o!l77-tMHF8<$?nPI95SKety4$aFXDhk>A
zdzT>$Vre-z3k%%~%dM@2B6%`i!K^~8H)E~giZe=^WV5JK#J}OgqBRQrbHx%h8f?n8
z3i}i>`)OoLo?>GjL-nVhq~psE!MM?U;)83gxHKl0xK&{Lcd@*VrSxgJIUf*kgRD|J
zW9x;wlna|zt)MBgW@vGV;O$!dvl&e-E^Yz_67=u(?A7eW9YfLMi)a?`wu;o&cW#Y?
zNxO}l>F0xVLfwgxwHvgpiNqgp!_$6uKmaj!
z&Dw5bA8Xu7)=SoQtPP&U2i>*BGq^Pw2XcEaV%L?igGc)98>M|D|bwzygO==?KY=sPl>=`=2;9e^`@&80EO+gCO
z_**9c>B@l{6TWa#!3^T3i99|9%AN=UEc8co%$wml*L34hPnY2Ba*2UiWZXD5>EU{v
zvAsXGRwlSgBgDst9UWop*(j)Vii^Y0BlW$IV(OudX1Vo21R_0;FX`7-8OfX^JFYoF
zyEwYHll#Mg=qo;s(bSeQoAJQ;rk{Ntg#-xJ%AhYiV?eMGWrbT
z2qc>9S69X+E6){NvcFHuQn(}Ts3c*L5M;gMK1~U)N8Y`uIO!UgC<`W^19neFZ(QsF7C!{DLLJAA3wg3l&$=9Wq9z
zgw<_n)#|$`RXy&O=CS6bNfrz#d8zgD>|%ai9-@?>U(oBOEx&rx3I-DhS8-YmOIBL0
zp+3q^3>R_jKHL|}L%`rWD?Bwa`u$=9F`rf$Coa_VjDde2Xv9|=T
zn~auiL5E13zv-q~4waoJ6M&KAbUoI{{FwvQR>GI!W`gVyLChQ_);~HQjB@~k{%F=9
zPs{auyB|Lo6Js{+6HFIXekEvhsQjFX(+VBPwx{p`5oL}Da^MWcoQ;Pca%&aDXw`Ec
zp^c?lbnt-(N`inL(!}>k1|k_l{Ow*OE+pE9@8%S87VsR3xU}W?fSqrP9?39l4yUNO5!}qPfxCnlah`D^LUayp(CtWP^kQ*Qby0w}
z+Tm-~N;Djn$1|7pRHd7XqDn6{5Qa8}2`;Cmmi+b!sDzrW*9VdPz0u>&7n51)45*Lf
z>T$oMoT|+W?`y8BRRhWM3Ds<1y@hWao+{Or$@pNZ$Z#KglIQ`IU(oQ5>gpGobsFXM|3oqc(C-@Ag%pqy`Zo;Jy`(b)ckMO6E=Y!Ss7)4a;x~+
zN}R1oZCtS%V
z8!<&a>miQj?ZI~s#w3Ep9nlvo`{(U{zahnJG#|E2&FonO5`c1W|P|CP+FR3R3_r_H)gNID39@L+EVR0
zjX#eW?q0U9E_)A?K?uYtr~-yF^9`<6D+LFxoR8?Thp?4J>5o{)$n~+q0
zp%Ljayt`)zum3tiEH^DBF({IC&{$kYuyc+W8E~if`Nx(h=LFn8!g%r@ytep)E&p}k
zizY;4qOg~dE%ASlyD7&DaxbJwlALS|3%#@WF*-nbhvob$_&I@Auw-g;AAz?HXZ@&8r@D<|sHxg!-uU`w#%3@GaVM9a1oBi@?
zw0Dmb{}ueU