From ea565dd5fdb409175a562fa0816416689de2ea64 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 2 Aug 2018 20:50:05 +0000 Subject: [PATCH] Merged PR 10318: WindowsDefenderApplicationGuard CSP - added new settings --- ...ng-csp-windowsdefenderapplicationguard.png | Bin 21965 -> 31967 bytes .../windowsdefenderapplicationguard-csp.md | 74 ++++++--- ...indowsdefenderapplicationguard-ddf-file.md | 149 +++++++++++++++++- 3 files changed, 200 insertions(+), 23 deletions(-) diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png index c8f2721143a9bfffaf47882675b400837f67f34b..0f5e318d8f346ddd3b298ebce6876f9bdcf01d27 100644 GIT binary patch literal 31967 zcmd432UJsA*Dj2rqEs6oH6kh)nuruBiGWH64GFzUQ+n@B5fPA15Tr>H5}FW-bQNi# z3!w*;-jNo1xSQiqINyKo_r33bt7AAAguT~ZYp*$VAB4rdY$=`iuVQF+o=|22)G2OA8DgZ}rcAh>YMiJ~0b2zt<(zap~Eh zb7=_!l|ph%XgY*k&g&MY5Pb^+9??f6E^Xv)xQ$+z%+1MZ$(b)*_tLRZ@EW8B=0|e- z6zX6tPmZM@Eb`q+cR3s`TU}U4Xjoqpg7JK-Xa(6_C~Jr8SbBI2R`VQO6Y7rI9u4NB z8;%nz`&p0SNZMTfVYC0U*d`p+suJos^~Q!czu+&7G_bO=>MuPF+_L!s<}_AMg%G1j zb|>c3;A@uZ^3THVo#`nkQ*ZbF;J7-ewBvk?gv6Iw1)Zl?CA!fzh;}}Oiw?iCKchaP z>FT1^RO;0Q4CI>SM-w&CS%-TRKq zKRFQ{I+|QyR>n_I+qEE{{qB6G=6kVm6N$xX4Qq3E)f5X#GhZq?ps?y0I1UXz(FwVx zS5L1ZCf=jQ)h@n%-&EvGnP$b%&v5 zsRWy_sChu+Z2Z zllP7XT`!c7Qb~dE$nPxN%wDO>(+HEdJlmC|pQ=7uGDwWGH^IE%a;(HI#BgZn*O22Sii*vWO&JaK90ZnC-KX{CzKsLasGbiUEW zu~wH;M=$7A7Lm)n=!h$O5PHkro98lMnxiGz>iJ1JuIyRSt>+n~mCo?pyI1qm+~*OI z!p8PwDl-^P7q$7Mm{s+4&PyK9>OHbRS;U9Pa~bGN)BY6fNqB~QLr&$#2-eB&vF;CX z`mtktB)|r9T36VO)en8Ke0YQDT6Eys^Lg60I5_9AcPxxl+`y{T2oJ-sPH^_Of<0u1 zi28l9{#FizQ?mo1bxogdr&|HJs;H0=aA#da5YFnkHN4g3K*&8oLUI#7U9%@#BQiK& z+BL1U2vGzlZ;$g>pXm+A@Q<|^EA}z+5?UG49QH@!MdTfCOGMXzFBq{+Kvf!ofPWqGt1`M-N*b`w0gQs}q(>4Elhb)py3&7Q~%%N!=2 z?VnAuauYI@>?)C~z{n#N6L>s}~Z|!C#u<2L;tor&M zmL4GA19YBF*~;W@!8^Usn8pT}QD_T-_FQ$PM)mqPb-?E-!L)#Qy51z$Kr)%OOWsCYm$pREYSw5eoSmY$NV7*)<|W&{SJxs{k0VF>ng}MxK5R zv2%-NM9+0KZVXB!a(O(*zUAJZ^xvP+-(T^eVrV6i9F2F2( zYS`GH_X~c*ISzbw^Vnqs@PmZM7k;p&A`;j^0PHv}3m`MeU5bDH(N_nxy)6K`fhu3w zUsh29O!?D^%j)RpN2tC7peE`6=jET)Y`CV#T&A95U4xy4j@4-|qh$(B~}P9@}18*Z}4= zPu+D5QM2bbfh(oS+6RH)EK;J$`qf)q8|uTD5dbScP$)*g_ZDfA#W&(>D8N)~T~R(F z+e^^hO|P9jU;rxt9@zTU{^nGgL%?%J>Bgc7AY4YbA3H|k9Eb`(2wy;8Snv1@r6O0H zzq{<*-Q5B{7N~UsN7x+g9ulp=EGgt@&-Pi6g`lBpnb{Hbl+- z*eo<@bMRexx2dTK52tduvcBle3q{k|s*ULkHib=VbD2Du`=?^3`<{iUIf50UD!O`0 zzDuY1Je}?OB0}uVsKQg!WG&*)G@{28@FcOOAT0pWrqA-AnQ*N@bcspxKb8 zo2Qv#)?XZDPiJKAR&#!M(Vg-2d$o$n;V+LFR4$&!By&IBA&W zCAQJU3?aQ#S%B+Q#lJ}T_H*U(-bPIwW!YAMio|{$y?)=)Ss;%ITvWiBC3_K?g?;EQ zB3bP$Qi!*0y{_+!%;$I~COetiUO&-q#It`cLg;0s-L)*wNy%3d7K8X@j0{UgJFUNJ zO(S29rXp+m{+BYx{l{mgc!wbOjrMX;_m=XUIRzUBI{oJ(?Gqk*;Jt*{vmiJ(qXp5r z>zfrnxZjsN%I}cit~jaxIMYYyl~w*A2!Gz?>pXh*COmak$4R?)E*HnKZ@XsWy&r(s zVF65@hfNo)C+<*Sm;_mF8et{MJ%qbw^Pr$)>xz6SI^3bQHUWMh_ zaL7h<*;TQLw;f;R>&t`mze^y%W8Cj$AN5w1$=j%IAjoynRn~f*D-2ZxQ_;@frNj5n z-VZrBAT9Aq%vGsEx!_EjwQKOBg}Rp)l~r93wqWM3aoyTs5G3Amyg9l-+m{bfY>{o9 zSdl&uvVcrx-f9b|kua+PGOu^n(iIR~Ta!fL=c(TW{DZUTHFa}JrbPrrVC;U_*&gNm zQ1nIB>6BYGs`Un}&y4XwHyqnnmJzIG{P$P*YmX<7_;Vo&AO+g0fp}fVEKi9N{5=<5 zLQ3U^?eNNg#=+DktX~A9MEtt?{|cV=W$sajs%U!S$zpET2ycbIy}^O-%nFy0%V zRw$a$CPAru2cg>gNFs+()#V{(+F1n>bVWA?VaD$kRGzIreqSPtRW6uKNDf%TbR zOqE8oe1e#-i1nJwxLM`sX7;_X7yjbac7gkwq846y@I3XXGGjkTpc@|^!=CN_-+=bXxNmzNJG^lkvAH`hK`^J_Nd^l41Z zlH|Rp5oz4$aB&+6%w(W>L6AWfJ=@!3l&1KFme3THzh9xE4lNjA``hE1-|*G&yIkc2 zdp#x}R|J9SN1u~tDr7GBKE#9lvDBg)$2o!k7j#wmb{Z2$6ixDMlMfZla_Exdl?cT(# zDS{Y~5oo3Ez%pW?5@O@f%teHCW?iU>mKKuDQDuOZ%ICw={?wiYjyq=2Q1OoTxo zLTNn)r_b(Yf({_^`8O%!hBrv!f^o<0^v`M_K=m(C0ZV1P@@00V8m_{4x-5Jk}RTC7sxw`@t9FlibFj-n%nFdwBrns>RWvU|CwJ zVEKner{j`#GxfcusvOMbH-Ni~S}y__!5(rWX{Xh8-;|aO-`MW6mvsy59d?W4(;~kv zEMpT7g19*l`@*P~DCDWxbXzy{`yDJ7aU&}z5XmQA0Vi0-NBaqEKTV7>Z{_lQAcyzn zfG}~pV^8uNqeu1De9hj7&lZ#{TuzwKA9v-aOuLb*b(vVzc=;A^=-uhXy zUn7quP8N?08Uax;_Cz???yry^bsBb!`hbfXoR>s@eRhyaC|;38ii95|IC3XY=gAJz zikpF#5uXF`eNX|1hFJ8i&2P60#rAyDN&V$D&rv)TQn>5VdRR3>2KfK)DcEOQx)u6}Rc zAOeJUcOgPXFWJk@+l~;-SN&lL;4YWW0Q0HfK)m78Ptx_AJID{`GV)KYBNg3P@3@Zq zP;IYqS$zG?`hf5HvH?phP=FOz7dU$oe@c_>-_Cmf;-cHUx{sjCB*1g6cHRS58Qul1 zV)~OcxZb_LJ-L%V|46TH6-?rL4)|+lIo!&|rp9Yq7|3yK9zxEbT8(P9vp3oj3zmQ| zd+8D|r(6Xbu+iR*uKEu}&dfyAW+qKd0m-MO|6n z8e|Xi+-;H}98dyMUwB~JeN;JMUrqkP&mZ5}>Qq6`<}`{s6oM#B!}5n><|EC6=QOtG zSDrKIH#`!aB9&R{{$knhI`c`fr|iPk=WKm#9jy;bSAn-c0=$Jd_=1=%u}*-VX|lh+ zc;9_={hfw0TN!p7bR6xPJldL*LmSk!A&0n(@V`0ZEcR;kS=vs5WuuvC6z!f7A{awZ z0&={AS+PfHaxJNbq~KJPxWI_si0@qnJfez2KNsDa^O@0~T9a>5dt zLuuTvE_AX$e-Gy|)z;?%kSIz@*tO7}4EciMVkf|8Y^v69?>x_+9|sH`(1Bv~Gbl-J z9tWP_ERDXn@3@Q^X#xF}lAgPk-st1Kcg_SZY(4bBh7s8BQwN@S6%hm^m@PF9vmljS z9?;3i%OgG}?SSqC-JIrb&jNVhDb)FfMLDDtvSno7&dK^mH z5l_Mhac+OxOmb{(oGjm4sp=T<$Mgt*oUB|U>bd+v3L#Mc=>1IYpv z(j7_?l7)lKf1G@ZzyQPvz(vXGAXM`L0P0f!@EGL9*k=X=7FVyVi=Cy|vT-OP|Ui_0cdoHNMz z3u?c0j6#4FLF|84d+~YupN)hxOzPnW1`0<)NQ@392t%Gq4+^(FfjWNY*A2e#bKgQP zBQBExvy??JhJ&Tb&!v-(11ly)$&w@j+;+G=MeCRO+{FGp z$uW&IVJjJvh3SHy-L~g!EiU{#)t5n8vn5O0cWXc;VH02%J>96aWFsoDmTg)OA|w%}8f@b3y;->k_b(FT!! z1)2=QN?1lv*NVG_c!KC`6)S&=aSL~V|HD#lKI43UIV9%1Y9m?J2v1(-=ZD4m{pUt4 zzr2Es+ZZ{ZZY_b-vFl8h^ur{ww2HTYjR;5IeyxhO6#VAI>%z!VO1@2NS2VpWtVS4+ z9@Ah##&m*&(j&oxqfn#lKrNLK2&w6~cCe?3jO?oLT_&59TcloRw9ddzMghJ+oeril ziU#j}PCz-=1#?@|u5qQhwHQDh3f3R!Yt!A?yO>gxQORBAe>1*0u@jUM%YWhde1Y1; zxrmsTm0oo`-t2ideG>I8ws$tHN4NA_b+#iPpY^a(D%EolZpn=s)D$ZZ*M(8TEb}Yc zO;6x5ofXnDhm>sf#DbUW+nE-~@pOY-Be>aXCHyNHy&-l=Exau>5?tuStU`~@RuJdm zW?<&t;2=JGabewR!Yv#6u1jKk-t3!x5Z27&Zh0M;(DDV%CcAvySiFWhN=G|JSmKp4 zW9E01b;d-rx(T8qG>1un-(EcuIc)#)oci?AUDp!DN8MFr;x?+KYBlgu?fJ!1<$`9+ zr7Gv}Ws6*MN@%hhe6N%2h1q--cpeDSF~LqN;So61A0or8J(kLQZ<+#2Uw+qBFD)_H z7+UYPwoE=W#n8(AvVkc8zT1hqKgqmqmqXkp(r+@AlE>s%?T_S-&fIs-1=mj=lP->= zO~eJ~aH?rrt}s+dO}Dbbdq&}7wB^>Bql?l>o-H5B#avQi&LMqMwZ|79m(sCt=!aPe zcP0jVaV|+DbXN$uqbFO>^1iyPWJSIg%TjQx zP#;*e>%QE^UEZfIuMROlpru z3w=fLv`95w?AMw?V)}4#r|RPMzTO{@sWWt%8_p}#wRS;rWBTp_{upHznaFJ&4bAu( zkI(LpOBrZjC+&g2pAvK%hV-S|aEnbwp)VTgI++_k_B|h~o2}f+ZB{J5zUE^te=XZ{ zC$ZjKA;zo-SEQpK=auw?_93%UcDY6)s~)O)U-4rfwz^nVuHuwHqDt`#>vvyaREYBj{7wN zJCB&GGrFHVc$(kI&S^vPK4_b6G>IoIX0~0sm&f^FZXsh9&*by-a~Q7HoLrzYX`jB~ za$$%sWH9SDw^>o@P)9P2QeWC}pIM$0YPdQ`XZGpUr?}4;iZlxfXBAM774e-U`Y!d~ z;BX(EFrfOLGh1G33n;neM~TN!93(Obj6uhY)+XauVVVC2bAw6pLZxBquAU%CReK2|$I1mf!D7wPSRTfGtBv&Vly91waMl06+w zw{Ei;b8Cuvm;%)%Z{g#wX@3Qe|1II}Ux}wr?2=1?e(`Kx15Xj?-+1w`Djiiqp~xRzz%LWG$>ZPrU>)XH;s6A-oz@Zqmj4NOco!1)=# z@LD_SYbq8pVQ~T4qO(ptccRed9&SSWo~?UXHSn?!A{HYF z9}+x)Uy+u%ZKl@KVmLpHSz}DjI<(EUJbksD-E}hvOdEf5e`<9}V)IKfnNNp`M^XL> z`-krzh6KIsQz)|1c=oDzDpRM~j`xOVTig{)%s{iB>LS8qsD8J&^rcSZEMI45du@DJ4nLq<-XsfVuNIya_N+-^0&m$X;$oo4%KyDV%%y#HH_5w+0*t|osf!G84B zs}VL0!*&q7J*VVyXmGF#)54rVxcqE=Q_PQH_4#40;Hysm*gIBs;XK%r8vX!( zbCI@`y2p*lsBg}&*ZBe1@urq|v7i}MF2rQV)>Y-!Ta|E==Ik}@^DGVVc?}W-hND{% zj=tLD$fok-YM#S%l9NxfN-;f(){l3tBB{{JzAs`l*ve*>X}{}Y5dzkJjLn^O0la;Wga%HU58XU)`&BGCsW za}(htukgXE>_<2FT2o6QI}D7?00ah8K4S%>o?8hV;|o#w@SM!%GaIZp`{=l5Qt_kT zp2f*m$ln)pH)e)qfK+o?Bqm*6WhTQTbSaO5)ZTP}1OQS+waYZuRIo-ZwLFPmp58*C zOWv4aXl8bkU!kqk{c>1z8zH>{W6{aWxh%S8lHs_(M@|~0_jT<*L5tYOOZ!*#5@?v4 zF@F|SgT-45-~td}p_iwM-ZP`TEz0W{qExYZGA;yaEi5aC`rSU8Zr258in)K(~# zfKCJjJIMWTXuBBK+O5Z$0JgfmfA;3IjasC3sKEW!l&(>Hur;@Y9N(ulge5+lrsciB zpD6LN6fz9o8B!zef_xZvB~>0ofv1{cVkjLhS>*3NDf7Sv8bQ4S4E%pQ5v~7W-%q|I z8)8aB8ca@|NVl(-3KF5iuRUkUW*0nshsHa*_%{#)ALHbA8|Bqyecf4Fj^;cCr1QnS zgr@gu=;zII>GBPf8LihZbzNo3J&C$yL6HofSTN=7oswnvMf9X;pQeM4@hl2JRe`cE zPte881W2`Q^y5cX?KDQP3BprCI`$slPw9ANJIgA|PXn0dJXBgMrNvGv2^r55Al-SOqt2VhjtUY2y|OdGEdQ4nfR^$1m(3>^lb$>qPpiP6YVLB1=tK@JcQ}wO88Gk4ExHdVP`i z+{6nXJ4$5%usdYGZgK7?^5h~m1nJ2m=~PoQTmiA>cmEsTpRN2~m{J|+m%k9pp5T|k zBy8Qc^uV{^FP&8W|EkOYv>5%BQ~iGst81wRlq}|HxrmUG-EQG&89fTXTXp?_4qbZC zJS6o^#tqlg6SHT1;u6=dr24-|oBnk%;x4*Aa&Jzo)H&#&-s;?l0g9%H+H(R(0xQFh z^BfJ-mg5xKdRYl9ysc_dFOOmgqe2mUqJ$q)NVkE0R{51BHxApvy)9_9}g5-?vgLbHaoep!nGN8UbS66V~2vPky=XGgXj zk~XZ;uqt$2Q?El}Pld9z>)kGCg{7j|&pyO(gJ;`~F3f}1Lz;yR>Yppg(9I8LN?oG{ zklZaXJV2&*F;PzZ&!{i!a6HBBx#M#x$vcEqno~X&2l8=)~DCThv<>8IZdJd znsIVOe8cDD!N5-nIFr6c(`8VxZ!&kRN3KMxC4Z|r9&bm@uI|<|y1~y6oka3+!jb3ZRS2K4a^Zt3I4wB*yj|0PAIZRzAIV?HyT9h5 z(t3J7!gE0nGZ_`)L&Q;x{O*ReL$YDFYh(&4x{tDTtZEdHU^&Z!>}RvxP8mTH$RQ>U z%6AeME}MR8Nu7T}fvG#~y_c7Gg$XO(*r_Sz&TY{PbfPU>Tl`*SBd`0>*-?^juuQEg zD=%fBtA^bxv;UgEK%Hrh-NUE>VoB9!i5@*xCd0>v&Y_`$hwTi>6X#J5Kr@buA9Q*` zCR^^241!syiS~2%K;_rj2Q}gqnXj3R1qTJd9x2ebX_pIbC{|>1x2-%!PU)Sm`WnZ( z6ay0VjzK+mak#yCyU&E&A$gzE<9^o*IRX>&XFy;2 zxFuCjJsh5idNn*k#|wP?9}teF~@w0LnlXT#x90fP|?XEYc;Y?QCN{vh@UC*9oS zgI~}Mw5ls!FP3qlQ8DQh92A#W(fN$(d0)G&*nd7TRej5b8_|EIIW}9zrD>E#!#RsU z`TCyAO?LVfcpLJXP^fa4m5qB?l{2o!U+(BWn_oqgJFMRb&h2+Mp2|_rU5~Y3stZu< zyy1@AS4)P|qQIe012@AEN*q&QndWMjda(fEBe-xuX{n$$uZPd{{NbM5MIRUJ6cmKE z%w_XV-A{26GoI*|Fp+oC#5he2xF_psP&35?69wHzU*U3r@ge+K7*$(NF>9c6hQ6A% zh`MI3anE6@N`c*ez^A?}6PtdB(cxgDGXxA9OXfS#AcOSGZ*1ZwVikge-A)d2oXjb5 z-O8QWy8&FKnWJxv1<)dMIXZfL2qz!)yn(JV83`MH`_5eF`f^og|6-5FV!|IAHYdP8 zPG7iiv}~|lr+)T|;GZ1^JbDcvd<=)7=Q1K)KOEh3G%5Sn<&};+_yUx;*&YUw2N+Lk1X3&zE=XQ|w3EA75JIg%@1dKWY4`9sEn>m7{?6ze>=0Nw=|ePTh-UFZD-0(Z63?EJdi87vX+ZFt~M~)5tL32arr% zvs7_B68;dQoOn$=bv?m~5gSW=^ok^aq60tC5Eu?yC>M3aw9x5yoDHPsqUoY1{0qI* zGt5VV1)9Z%9V^bIo6jHJ{~Ku_Mut^RJ>x(Hq#MK-T8E)2T`LCCpFV1>Sb#nb5VtY+ z@wu6B-0P>?0JD48mdV&^lsj*Pql%FtUGV!)1T7gKYAw0;_AfQ zZh>mgqPQ(MACY93v~7%c^tf*2es;&P;n6i@M?ecH*h_;_uSksMlVZYs0>t8cVwO(2 zvR#-{Djn!W_hH)bsllfy6;u?RY7_}|VSu4q9+rolzlfLAO&w%;N8>lV(z>$)(H zPx$4wbZ;~aDZ?kN4}+S{TRNr!a+GZT(XG69hDz@K+c(COHV7o!TSOO{Q-exiI=u)(}4~;am}eK{fKJ#)7~39#tRd%PG%vxaWVG81A&fd z&_@N9Q>HtV|6JecnFmM4|DTX+|MjG67ieP40pO*tukXW15Xl%&m_Deg{@+Zx0Kgj< zd2@`Usq8o8r5PF-jSUoA5J)bw{o-9kAKM)=+jnbyw6~j5T!3V9HNL;@J3Sb>J)P#W z!r^1zz~ZtS?6b_*J$Hda`MXB=L0ujw2m@JKReNRr19qSm5K%fzl@2yCF_|cvO7fUa z30SP&S!^jFEDXAgH=grgG@$>jDFaX*D2MR1&uL)wm{0OpEL$iU?B0iLjYq}D#}kT{wT7toxwM;KIBS6?{xN%r@uGQwal>JSqMZI#Usf8nCnfC={le>2fub>g&GQ5`I1a)3gL_UZ8DL$N0WfcpG{2&aa(e#;-va`3hg~!jf*$ z#LSx+_XMpKXXI=Wqno2xzn**BxH&tpAl-nRG68)mb1?Dp+*)nPF*O7ezbA>DTDG}> zGH3h~(Q5<4s%`gmtYh;foOqwGc{9s&hULuqgg3fbeXX--H)?7|0)Bm$ZKteq5wyh-b42f6G}mEy_r20fJALnk2fNJ72W zz6-lExQqh`y=|LLnmm$E@f_k?FWrKKhkNJ3Fv6W#om|eUoEs4U`nXU+Mm-*4SF?fMDXiP z+^~Ch1uN7h?Dm#;ZAcCSA(Zi5Ci&DYijvpWl)s!i9BqtpI&DO$r8Yoa7uH)BNiVf_WfB(w2>P(P%oh*mwr($FMm#$5R8dksHj zSJiZ(C@uuL2>SD`O4RfZhFY+!*FGCg#>IsN+bEY&_nJcuT`0&^S>|Zr4O*Nt{FRXX zRZ@$CqrUZ|%$Dz|NJxkqX`BRJkVG{iF0BI0!@eym#x?Ip``#eWpr2~-_+bN!u~ddU zy|rpjFg=}Df?e-en7W0}0&3-}!JYzhMI&7*)BH6jHN%Xrm2JF@#NOMnF}s!!`*y?i zrb;hgG5dy%-q9gBe&mT$>cOj1DVx5FD*2;x! zjvwfZqIvJ*U0|Ir7`gJ?6Kr;Rz3?Na%_6_0rN6a@^A%|0R5!Et_dGIqg7s|iU<%pR z=&j1F+oYkeBV~@pd-BM z!;B!I5~b%Xvo=$Q2q%)6v1YCK0B|sqY{B)EM_(M z!gWN-ZO))ui?4jGRWC{yWwuBnZn#q+Msx1FfIYgoZ#9HYCghbwldfF?UIkun&0f?b z_87<(ve5%es zyB_SL_vp1AG|l=x`Z^=f=K~Ogk5~63onk4YRjJb8vdFu?I=VicL_POCaJ>W=8{&A% zuWl~-bn>@;f11Q}!og3dfq?a^HO%%Atk`CxdWov3O9g6`Pj(l5Lh4sz8E={#&L~X6 z^dFyj?vk}0_MY*|(%wF>*J72nho?86mP_B;GO{0_B$&*6|%@+T6&Lh`2e@e#y4)?ORSz-uI-Q8z2zkr z`gFA}!(l{!cbI6CNl8-1#}5_N3L_ zLu)jF%hs`;sX-@!CDz%c!|?^by^>v`a8$jfX1@gUlgcBOei=b~eCsA(qLAOp z+xZV*5y1y=XYvaA2KVPH_nhEwX8RQ*SzU*A8-__}#!~PU!~Z4T*``*Ml3l z%$V+psX_`v37M+_LJAR#dgzvk#aK-tJ_s{`TQ%`yoWj|3G@S{fi^Nagu{&CFvqNc_ zk>jjmj^Fr#Db}8?C!B&!@U=3V__=dngW(Q0)QNS!bJ}#UTMwO!GcR|da6YooQsPIV zRkWzfQ%;1*shX1eDD%SaPbpxCun5qI&}*M)<0ec7*;? zA}3i$%Y;jQoSEhCSDq2-tyt_e?Jw`aG?RTw+2*Y zaql`=)2wQJ;Hn9QN$^+EW6UX@IXsgA&svRRCf((>L`7fiu*4&+tD zxe2mIJ?RHCz9|up>R65q>F+M3gBI6_>#*X&!j)DV?^VK} z4b*=8mDTZoP>Iv9;(~(ZwJsHaZ0J{yg^DG4t~6Qn=Jj77X+1)67#^ad?^NxsH17}= zRIjWb(wG0han{1o0IL!w^ci837b{oWpj%PUvW;O6+z)`oNKkbM{SPA~(8pae5^~B! z8JlWdu~1U6RP8ZR?WF?UTl@AcQiAM5{4bvZlqCHscf=mZgya&%vqv}7)YS_(FH!s& z_J3LH@xQB$0kcZp$1jciiY|p~#DLy>{nEoy1)z($Ew05aLHCFK+LNvU6f<8XvHu_K z%0Rb=`I5j=cIRoJ{xP2Ga@dUaZ*^zM8zgDq%ZkhCZlC`qhCsQmG;xG6-+4?!0tl|Z zI-QY_fjH-cCqAM+PcRoz-Y^qU;OtU=<)&>P#@{tNS07or`KSwfSv3(2x3aVxa%h+E zAk6m<4HYSo$o;km`D9TuMtL-ra@Zjp{yv#>&#|`!}FRry(6N{A*A&`E|Z>Q}z=um-tH7EfEyhYhxE zfJVSF9r>$<#dpdu#zwOZ@QGp*H0EM+7IkV{PhL&KHy!m5k@HoWRd>>D4<3pmyJkr(ES(p8OvAiV)wyf<6VOsnj4mq$Vs zjF-Wk>l+N|vN(1*Za+XEsP@`nb)RPQ0FL+mn*0Hj?m>5c&b51{my{c_LVglSYwn`A zGkaKPtL`ZTni=@N@Rx8p^#)9f@2Av|SE=bNTw7+d37_8fpgynT52uRxoFTtFoffv( zkC{5qQ!c$j{7Ha-wytAi6$(me`SitM!IrxzFC)RFoyzC9bDR@v6%Y&CV}6&?z{<<% z=07Q~A%ZfKy|;%wmg=$%gb(dSOEb_la6>>2w<*2e!{Sx)0L{GAnW*d6lyvD1#-dIW zKg)-hxLmMK!-+6$mBkq_sG%lF%VzJS%nH*)xqLm4gp1L`dk z+cR+fcMfuWS2#b7BsL9mf9pskUTj! z81?r#fQZg?dAp^mjcNej2qf>QerGL!==LDy09yf}MRhM<;?$GBJKzsI5)ffBMC?Yt z;$23pXh;}=-1ql6f^YZG7e@s8NPSIzrvU)RxE+lKP!;dJv*3C9bncO)?%PB3#a*Sl zPbiMeXA)Ld3;z8HP;Bfni}?qeP|wpT7zs&R>5!(80Awu!i2?l2W&!P?xcx_`dd&hHivK0gJTx;`Kx*$~_NdpnJsbPwL2LI~@Ktp(9anSub z@>bjPXFujec!9CE_prCH5Gm^UE`=EV1cWyQ7h;hSm}M^?Q7=l6qU9~>dmH+ybJf-9ns)`XaVy%i)(u%kXy;!pDM zvP~YLalEQrMApCUmTS8tjKRvP^NnxLZm-t;co<^3j)I=AaRn`u4)&}}7vB2v-l3Ni zXiWRP!S5fSD=G8j{Wh4detxq30XAd7r2U!$VKrhfb~^@*3pPKYaskO?rRVvjX71US z2A|*3VeOhMa&X$^W;ZpKE6->tX{GCwvV9EDa~+G`xi>J^*D5>-!~bk2!IAj$8pDx_J#QR_}*W2g*{L zSq&0PRMt-+jZTIXoJ-KfLyF+uf@E=CN2(>i+q~WyZ_&iJgM3OiSG_8i6%3TpRtGLN zR#w5>{Za}aFZFaP9$%^ba>>z(`h|1@Q)~AUBMO{PmFd9Sn>oLF$t>?@^$=mVy3%8< z=jX&X2py?=E1BBcyb$tVIGlM_k5?I>^0!f z>D2WO#;KTQ6#GWfdO?6&vi$>z!ZK_Wy6?1Pg@eqnuGsQR7MDY7#w71T_gAJsp1;nv zG}ZV_xQuuZb9Q8QFR5xD$3Li%qJL>Pc5&T+Q-x14burROh&0BjeB{aXiOYs$Q}$ly zr6}}(|H)Hh*$>LjXttalzE!DhyVP6Zf?PpAt`F)Lak!&kZ(YWmo*+!T#o-4vW)I>2KqD& z70>jxx$jmiI%T%4)~sY}hBE7JZ62ztvF<2X6S-T&m-A=|i7H#B1^@EVx6Q>?7fD6m z^ubs{HJu4yN0G#eOYF=O{+hy>e${{;{1G0f>R*qu_AjNhkrqe6>=v&*46&5PRyggMa$Kx%BY_6n#;j0}IQ zrS4f%R{H{_nmKkZ(rBN+0{2VIWDLS{o%0 zN`ScoUj=gzt$?|w)OjU|d6^!~yGu(-=3R_P{}!+S8SLLmzyHILL)>H_E>Sz%LXw?9 z^>;L>zXhLCK4if+6JZ&NPa6UW9J;S5B4#-d|49%joB!kmr@8bdV|{ zd5{gE^!MfhM+`3`ibK4~bTcvSu|reBe`VqJg*+~5m#%wSNgcMlv6@# zjfZ|eto4S2>efTk<>4>z)D7A=-dL_4tK)~2;6{Sm$g@?xq_V!7KKmoXJEmkA*yz4W zyo>+4OnJ3ty!`y>XYxNTtgC45cD}ybEsJoo5=nF@gP2Uz#&K2hl}gm)SE{&;4Wmby zMx7jNejXHiXg$!P)mCfw8YEgaIxJ;xn1Rb;MMDa9uw?xBgp8gRgon$@;oB2g?xbH# zZl+o_Q%R)IGOmyQc}p|bi9C0807=S%@WV?lp>w2m7{_t;Q*0sZ63UgGucbHBXczh! zzsy`|=I#Cd8l)ZDB_lj53C>23oXwACfL2ImT%YWGB;*ar7f1{A;QQU7&2(&Rh=l>z`sqdhx#isqnULPZR$r6; zMd7z{cVzoMm+2(W?xdrg4JASA1KJ2r>D@XeyUqafvl4}(*%dR*t@otmk#U@h!lsBx z?=dFU9C0v08FazyTI%7V0XM4v8llUv1b4L`G_+dE`HcGagw--KCqG!`&>qhR!T|1g zrnIBsaJs1#eS*qYcT3riT6oovvXaTMauUsyQ8 zFtMM3(vg=9RVURM`edbogK`tv11L9fa|l*MgpKJl4XKyG@jUuwGiG4-z5bGWi_KAB z0jFGe-IB8Re^t;r;3Drk%t6>u&4>|!qJ-2=y)1=_G9CJz$9Jb9TT{LO7i#V@+b zg8AE>uoM_;<$zb7FI?d4&Ye^!Ziu!tM8O$Z;Q=)9mGilvOv5WNdT5rEv#rx!cbE#j zo}j|pY-!S5I3O3e5nAl-L0|I}a9a&ajE`f@Z6s!O!;(v7-g+kec+f)$q`V!f{tj^` zwIAr8`c)_Hx`9XxJ9oO_6m#ii-PUn=BzS>Fyrb)?yKDUia@dHE?0P3&H{g~%>?!|P zAQElaN^Zl8e>)Pe<9=|i{;z_aC<70o4U^naAWJWRf@S1NwFqamJ~A%F&pMwAnTAgOU8Y9J2%wS;BO(M+U>OvpH|FXnf+1}m=aw6?i)#pQ zx5pod*FtrTDLSbLk)qijV2}08=#BR+7!?(~g+OIfAGVE$A)i>v#&#_17Sm(pf3&N? z9NSJ)b2a!KAzHWMU`W)1w?y3l=d>pxk*Bh z0x#S(b)tng4vH(K5@HdcaR+m1sBJGPSXp>|V4=g$(~e=-^X)Mi)UV3QU*XdDN`}1p zLTZrMHSw%T>xHmH@{@NHZw5%bw6}e`e$pgN)@SM-DgI)5MG0k8SD=Or(#{y<34W6ZA(FwOZ0-TNyf8MjgQ-_T?wMTbIv_? z?t9LC?teT_vcuYIt-bcIe!e8XBBuSCi*fh3cUK8GshnyMOjuw1k>JB2S-(C(7ua3? zalvq(jyL?=9@p2;^;3{6ck2g`;1Q#UF443IP&H% zQP%IJ5WwRUQf^qF65wNG1pG^@N*0z773iv^+Hte~BYOy`-0rn1F+PyS;z{U(Zr}`j zIbGK@_*Bzn16!U0X~=wBOwtwC#jNw+B3}!1lnTjN%zn=j zQZh_o(A!rmILOYB8K!zWDGhhbudKXI?Q-*-&C>-L`KH4qS)m0Fwifod)4eoEJE)bu zp$k(PRvl%#+|3ggbDrcTE9kxzRKkFXz5Ct5;FzF?-kZLPvpRvk`ZLp{z_2e4xtaAP zoCb6B_y0{Y=|A^O$*l?hr7xV6f+GpZzIPalckP|r69Rj*>lLg1&GI=JX}n$V&7gL( zgNR37ljPm8ihzM--(QsD;NC`}yFjJTJmES}F!;P_9D-Xe^_;?AfuQf+ZI_h2y?x@Y zgBz~hGg}Kn43vD>ZX{zyDZ+bk{+%(eEcME3wPpP$LXIZ$r&-NlBQ6;bqATr$Q9R%J z0s2?O)CN7Ai zBB7)?>mzUZZ+greTz`iT3NT!SzPu=wb>Z`vW(}_h^?xSmAm5O-++{*NUn2gLZh*Ds z=7VbtnZm=OV>EFEHIb&h1ey1OvAe-YfL&-`;zBIHg8Q{{b@~srKBzVbRuk<;%r$?Y zm+1dEJ^41zgO#oR6y^bQc>z(hq-Gl87WX9tnn=pHC5c&?{PGy2YCu;5?0P<4xxqgA zIo_WQZr&*0-9&U2edNKK;FJ?3&R^|MJ38Nc?|yO>U;5N>7yjU-eIx$8>LA3h6TCss ze;_tz;tO7d28DwplPe?Y!1KMbNCp>pA$|ED2{@tk&&ixyLCF@xMEK@b3A12H{rF zoV=yT)NnOrT`^)}DmcV!Vd%Ya3*%6BA+b8Edu{o}>cmlh-p7frs6Uu+oq&FgklN@?WqBCGSoowQK*I7dsIK^9@BECCqFnoH;7X&t(5$^^tgw0ZQ7Cv@gmIo4vF@a`R0U zTe^}8)eL~Zl_Onbtmo-tAq z%CX2hlqa=b96EdvQjd{uJ<$_$8_`S`&B5$5;biT8*hRIM+rdo^u)M!$_V?5lXgn zEb-l`xm`>IvgvAV@C|3>;H{&8`0D>mBvw7--^fQJp6tMA$*RW zv+`3GisklAQxTPTSo3+^JFdpP3kd_cf&7mqlDjnv$B#_WB%ggCM0By(207Q0dzXd8 z5;T2xPMf(v&20h*co>tS68(6OCS_!MwZ95OxMFWdWfLxBCkItYE@t68t6ldS_%uZ3 zdW*LYe_+Y1bbHbv8)=YL#VlR;HVHKolBt&AQ;ds(@i${`Bg~UHwhh+@d;ictI57=O zXA~I~+;NjNDL~i#P6`?+IQr9|1bESv-f(31JDP)sJcw{*n@)q=X7hKs4^~*3K8WPi z-&y1t%L$3Ep7_H+r>E{xq~tXW%_S~AM3pU_gY~HMS%82v*SMeOBRZTB`8gEfxer3RLnBJ4+rn0Z5SISm$Mx|RR)5@lw>PShgD(5RoZ9&W!^=IMC#V;M&62F(OG^E9{I z_(BS?XyOmNd|J+l!O+v$KCTFQOn^5&7foa?Ab=#!=ifNi!6d<~`Y*r5GJc30Txffq+FuvjRM>hL#=CbAJRh2sUQ+XfA1>4PUm+ z_su$4H>E%;+Pp7&4NMC-#2#C=bX(rYncvUwYY93-S@Y!GBiYZ^C9P9nt~^e!`36QE z4M>4|tRW8p^PZlCAO|s5!PJ2$CUZg@o#3f&vkKU#q+!Jfk(%Y#=;}v+(&U=U`noPt zI2`5yvG#93W@)UC@^}ZdFI{+Sb)ICG93cJ-)Lrbhv!u#EVu^DH11wlf^?o{DS0J&F z5_u&BeCJQs_95JvT~cb3z2oSQFwTGIV)^HVt@#Blp#Milv^<@pbKqf)!+N~yw5y5G zPe+|>P5iw)3&R(Do)Tz-)Pv{13kR*Tmew1@T&#l(1(EH*NQlrE68y7<`yu>rOo8kO zn~J6OV`p#}-}@w@SC4D(QWvdowzin`@73H}$5yEdi{~W(A znp=d{m7v(eS?vZG&;b|mFEN@ufH}4U0;(5n6slfC0{T@k?(~9@}t@zFFBQLzEt0y`a7!(xg zr?JH2yMnbEtzRs4DmUq$Jd`o_bBi}hCHA>~-VC(hyVR&^Xh1T@qH!BBX=hTC#vael zwHNYy(Z#R8Ip^)r(9<%7IY5ji=SNUl7cfV&@`mmCv%bnYnR$WsLFcY~3 zIK_Sh1N>|f^+7CPWqZ0jSQ-OmEMC$xTD*2rq-RX?o=`e#Z3-?gOrk1C9pktjT{L-+ zvEwpEqir~vW!4P+3l)SMDvM-;uUNSxfTqXtrdN*XUvIzTLexeEgaRL(A=ObFlLFmB z7D(zl=!0tem5CzlKYtt=A<&mQHt%@*^zJUc=39txJT2&>=cJ+TTS)>{S5`*19ML$5 zpnGVDHN^#CR@UQ89m*g?P|y&bYJuZz;!l;0iN#Bv?`Yu{|KpdVMA-8JeZ8iV|6o>w z=W}Kq-UfbJ-oHlmwajpbo+C|p`<_O|9oqUfsTFZJeOUGN(Fg{MJ^HHSJY~yODbQ-4 zC(L)yREW`sXR%rc(>F4Z9!Pop zAd9e@9M-`9dh-AC0(~;%VWXvT<#V0|xmJBr(<0sIO2NN zYP8B|ex~jK&n;dmZ?|Y}7g6)yIsY;h@Hiaqlxx2+J(b)}Ntqv=0{&QrI9970%Kn%& zviZ6xzGhe^`7P@pIWl^^_0vQ?JA#tCRo@8^8&{_&Y2(yhx+p@6YF1h2f4kn4m6rSB zX;h)}#%Rq`+rUc+28IqanB0|!vFi4<;1M3m6AuV8)kY&kRDK0$C%Y&bQZ?mI_VKFwga*D0gG0Qjq5B?*!3Z+DQc9<&jD= zd^DCmnV_couq~&lF76b=`YFDE8R#NnXwSJ%YM>ABoRU>)%rt$|io;Vu%1KDlTYpvki#rONbC#=^fT* z(n4%nZ&huHTF;H*K+~&|?f#~c38^mHvL(^l&xSA2-jT5*BiX~GBX*COFGUOHs@GsV z#UukIM+zpDi8DEMYB|dNEZ^*u1}$^Az@IL&rx@4dK}QkCq7mNs-GcMM2-Saqi;MIo{o8C9eEHMA?}q_^7eo#D0f zdWh>ynon{`6LjS%xIj&xz$)kdrSOK|pCY16pAHn@kLP`T?>^bW>8O>Y$@hw6xXGN% zf_^cp_yA|mFL%N-oz!>74mXb3p5pRWY@In@yB1KSeDXoM#DI2}WYEBauUW2KXO;1z zqoeVz10O4I?yhldf0{lS_i@-hnrT3%w;Z*-dDQxa^%H#}b-EK^W3>gf8l&a*o=WyGD72ycM~~^&~^{Sq5z;R zlh@o?Z>iB+3nQlR2bdc(QN*Brf~#8&twoi$m3^i;qlJ!>{{r?57>6`Q+648SChiq$ zrU3>bFm9*zOZpoe%@+?mh|L-e-n`!HBO>Q^qWs&z5C~MExPvkrP|v|ZakY-s@hKs0 z3b&8IHjX#)I?Jpr_9{;cpj8wVU9=FbO_?>Vr_1IoBO3C@2#u>g$`LW0r-V>OqX_oA zC)kNM0x$$A1tQS0G~P{hkY5&oEejz=ejfqkA!z2sr$SnHO_jx|#VBVpdjf4Do@7>Y8`aat7TY|P8YNO6p78qK6DJB1nrvZ5f zf!$+blMIwLni)aUw(kJYvDm_Ll<{mwPV#>=z~zs37ZQ3xh~@HrP>+a(XUBziFEi^5 zu!+WK;z*PcXl*JL5fPadyy8Le{5XRRwp}3w;;PCOQwwg4`}#y0SWm+Q^(sC}oFo?T zB%AkRVpC}O5Q7^7E321bpLS}6jvdgz7oS0dh0CN6K@HL1=BUV8#K*UNJ3mVY3Wx<$ zv*ArmO$4{GcvY#j6i^=}yt6n5G-T^fbX=pK(a7;jTI~%4ER?P|akii2Ao{0Fcn#)ios!xWCktH-YS5z!=}b?V`rKi6j%9Ix=oH`WBu>14jv^>SkgU<(Cf~Xi=S850xXB!Ne)l|p^KgS4S})$ zxqCZTpl45hPB}X$@%%qr0DAq%N&sZ}kteh-#|BnC$oqwyO8}cNadT!Ez{d|V^XlvC z|H``t5c7wolwI+EM>zlIkHqrwGO!xyH!^>x>evH_%ZzBNZ;jR8ir)jOFS%N_zxur4 zegS~N{@VlbyCT~NLV@8OoN_Wz`s%4t50fkDb}VoKTgtF0j`KrH$_twU`rUJb1#BHq zzqLaKE8=$%Ih2QWF<&|G+~j%1w^I>7^r~9(n*2Kg$GR9zqrgiPeCLu{c0{Sc*$fR~ z0M$9p~9`uf5=K^NaDZg1nfNW1EcLVp>NS)WA)?hfLfGD7QK-k2Oo=!AhvZtWYtn6yK( zflh7%I$a5OJh8DQ1!~BXMN(l~_AXkL%`J5K61KE%!%AvvR$3#$iIPNauPpAkFT9g^ zGrXT3keHg$8%#c;u3wgUPEOkIXdPf=x`O#kqr!)e_f5{^G0QArnpv#7c`j8A9<~rH zc<$~yW8A~LdQ^NXPsYZBKpKxMI%}>y^7Qpl#2D09VrZXf2*yfTQ((&sZs*Zgk{ac4 z87D`p#+to1)(!xKhqWe;WntX-@(oT2dv484jO-pKRfg*EWuw>D<+lxbPOoc~K_6dsd!3 zO|#i`7o9LWQYMQ=hHAQm-U+;V#2p$*xQo0MX7q?cS7!9p71pW9g&hqOy=%q_IZ|!$ zsKNhK#H5Mo;;kDu1F+Yf>1~x41JOr&*tU|QwO6pJ2~&P`u6WgoLR?qPCFH~1K~4=< z&Q>g9+}i{WAf4PhQQPyHh6j0ITDm6H#PoA&hIsh8LWHJLd_u{m4Rk{>ByZ-d6z_2& z&Jjw@N_N)~PMvvW-Zq`!N$b!6lO-Is8@!IfbcGDw&R0dnqsT%l0nDZ%EcdhU!9PV- zHsZK+QeyH;o)&Vjeu%%AD{by+5ijOjzSN6|hy^+vd_{k`yaWWLojsuB7Y^TQibkfw zq!Id8?Q>dXw457L`R)YIr z*K-|fdUjs}cM@L{}UU!>t#iHsT+w#~Mgi1^slY5EUt&Bj;d(a8#H>sm9^zE243Tg8t zB;&Uv8iLi%_r3Wmu~XmSQg4Y1kH;5ukD2QxyZeo?$awwMr+~|{f1teTyj46YMcB)I z+H-2=4$yjeH9DD|Eo>4iGq2xj_l3@|BTLif>KvMfF}Zi?w??alh;aLZUWnp93oDBY z2bnTlkhzlgsPCuX3|=$$S3P`@LzXd_96Uyvr+~Ty6LD!Dm=jL`^k3Ox8{*JwlaA)?wgP0+Jn6e^Fi#|4$4+1x^Gg z+6EmT>zfNL)BK$eEw6e_F!c5HEfc^$eh!?0oIVZoE#k1MRIIe*2GD^samuck@5-yP zf5g%8#}ZoG&Erdxuj?pju5NJQ9FdAD7No{ZR#KE0n(2`qD#e|Hr`^83_Cc1Aadh+D zPiK(CZlS!i!SyXR?P(TpPjaBCxQMKSnQiqIZX;v050Ui|&pb5svQ z$wOh$0D$17mutx=)-rx>^phfr2FUgdPZ_Wl$Z5iSJ_KlRkuG@fqGhB0%v#%*O3#(4 zB(F)Jdm=!7NgF_nQHd+i!%m-3T z+7-Tx%Oz`*B(g(pi-q5$Xy;Qq<^6S0kzAE#4}-u ziKjQJ)>PeefN?|?de94pzN-nPN5!`Qi*;m4olR6WMd|rv#AEdJTN6cIEPJTl-QF=I z$a5*ZG|A)9hc^=dGP+Kw-BehuiXpV=OGVOF+^_4b1oE zw?JzkVe|e9O0L;RYGnbagj`-DXDOV;wQ>qpK+XTSd3O3w$7= z+>mB#03v(pcmth0@~gI|O4LaEBW5ocNR`PyQa~h-#bkzR0(Z?l=NKT(!b{q`v+Sv2rv*aGF@6!P_*zCwu0>P1+bB&5=oBLXG*k=!<?CX(Hm~*si}SJ9M$LdS^~m6<$|tXeNfG0Rii7%LLkiWLW{J~Ej>};?XJl@ ze)5^5`BI*qG{n-p!>!CAuxJhN z>;WPsfcVjS8wmdC^EE<*o;y1iY?o*U^2fhW@GjVdlYOW7J(Mw0+?M+XDMO<8IjtaI zLmnvE&$$wH1tJfh;^!Fr1};GRXcP!|SX;OtTZs+`A98zrnMK!9Zdg=BWMt3nh<9f5Tg`xdsSzA_~xm$$^fy5bmKYOYoH~xa>jLh*RhQOkgSudc-wPjY@!GxOEV2ikGYHBrzA#0z&f^qoDEL z&2pNVbGHVb{kWDf1xmeYy|-Q}+A059lv`SwR6g4Pvk)GsydBSz>TpWBp%qZvpLP>SU_4|n6a3f`t2^JI zZLU0fFLI222&L(+p^9l2)Y87CbL4EtxUIISZAqS!?fqYVyca|@YEKzyl`V?Oo&-k# zd2?LR41rw$6!M24gtzD7ehmBB1G^uTup>-qckll=NO!TO(7XcJA}UbYU0?s>0}jLn zN;(TV`{(;n@L+?F!PEQOT^y5<=W8PSySwDG)AcCT4bX7_?3usItNyF@s)>sW30dI2 WD7DqiAqKupr6{X%J?rZ2$NvlE+weR9 literal 21965 zcmd741yq#pyDp5aAfnPOEiEMtiV{OgGo<85H%MEkv~+`X4Im7iO6SlZE!`k3{XK*F z6Zik@^X+~1K5HM=a!I`NK6T&Mo!8^_L{=OVod_Kb4Gj|_@mK*3?Lr_L+IfPj=fQ7W zo}WmA|IXPeh>M`*AW0U$4;Nt%WgeoTRtjrU$c^c+M=P|s73ud*Jzn;fQF{5 z2YLKZ>AChwrIZ%GS!gKvQ7+1bO6>4v<^Ve(B{8D8Vay71w zyUOM>YkXs~=M?o$-L=ho6OUP?RK1%e@(mU~yu*=E%olAeq8v;X!O9gUk))8hn)pLm zS=CWhS@=1b+u|1Q_Q6Cza(S7yR+`tQZ63`i0u#&)?TMw83hMuK{%pRb{r!ESiwzA8 zZ;yYR1HapsOh8yzSZG(fyUn&|yysBF#ts&TJmDP{z;)ZV4L1r854Rkz$|k>odO`Ix zPu7!Q$MI^{9H-duu=W0)7Ce)YQDV_8D!j4ENTMZeP`fOtv+;V{%eAV%Hk?lAscmpS32&W z95$cqVI6g%#@&kRg%0%h)6xbAIe!;wl)q}d@gw1&IIy?S8cW<4lk*J z8GSpq09Va%|9)sX?&zDmMz%%-*_ohYC+08)dl7UqiOGsd|hI|tMhK51==Hu z?UmBAAcM5so7G#6TC~$GE~D`|*U-kRxei|4sgaD3ZRZ4g@VP6H zg=+Ww6lMjSqB%&mc(=@pjZtx1DRV!?75^y0hc>Za#=^gBvx4`2RBuQ$eDCDkw=d9L za+l{0?tIQc;9Y3Wje?G=BavqJN$?l=Y#wp4Ws^M0mzG+IThviD9kxxmkN2>gF-g}V zVaY!dTKYeXY3}zg@lFq{a<=}o=HLjaqUU=9Ku!W ztEd=h!iQR>-mS(*#q|c<2E#q*D1qtgPnm6oOi_-C@o8p0b9zfHBXvZn4b^hxQf8yi z;AMx|8FJyw7*>kr!3ctdF4 zoip;5!Lzd2AXWFe?y*Ren`z@MQoSqyT;;^l-$WY%LR@bg)%3mR@yU@*47(6<& zI;6kZQAJ-|CHb+m6iZ=f<-2M=uF=k4Z~fq5`MFJV^NM)&>bwMhV5WhEXR1q>wU@EP z24|>1Uy)jNSUAz8+y-?_(NcxaHDd;k^$$(2E~)#Paf4X4>3`r&wW*{Chr!drloyW6dVd#pA* z4Ve}d2`h$VxG{Rsyr;}`QvdSRBILHwU?{VOBzjV^r&A@aMJ&Ty>)}GmD|%dB)5Ofo zQ~_CwFA)j$14Rft>5ek!uz0(hioR2}?CG{?@IK#BWn^UR3cd)&>f}#Gj8(ZExNa^d zU0JjBO@57Yh%D>Kn1cuPx;l#vy8Orr?wQ+@x&WU2e4!h9Nj0bHBwDe9Podj=Iku@R zISwJIu(^Oc`<=LY@5fZNXa^Q}@_}3zvaGPM&lRygomEc4NcTT#q76uqk#5J40iyjuYPkY(|?dl3Zf$M_+NUZXwswx&ugOj{>q~a9R&2q3!41E` zQGc~ZgE3!#pQ0qJLG>t`tH$wf4z`eh^vub*78>SsSSNiXx^tjg{fz?ML8XI)%Vg1nv6^3kxGlXHESc2@9>S0GThF`&{|v zy5SDF%MXB^{K9TKL*lB%MMYbuhsh6Su!V%?YPxyoZOmi&yN~WU&>5(00;}WUxIZ3c zdH+5)_jUkS)`M2mqfMvg1tlco^KagKpwk((x7gp_-nKsi4gp#x5tu`zRe!Z6^!a*+ z9KX)=n>WF3@5p(CZQl-PoJ0G_4EBS;vHzrUW4+5(AF0Yikzfdf05+GlEeH1V0R|XD zX$h{Op#dcG;G{7-%CCIbPd@EaE}_;?RXKA$kI;m+2|rf}zZ1U{m8|YfW7vAVM}^nP zn;v0eFaiFTh%otVg!aMw;+pJ9^k#c(bfBl`T)B=(XM5hQw8!3Ez^s`QDX?a<6m?KD zU*}{i()7v}TbNxn7)G~4YzEK@<8JADu=HgY1v}vB95zP(kmETf0?U7PE2hxbB(~5= zcf*Sci*I~n&zj4^U`!bk%07;BW!qLopItK4fj!w|u1C~TuV_;WS2|S+X5atG6sC+7 zutzSiv9Q>Fp>uXpPMU0HoD}E@-WO(m{^``S3-XNt%s277-kgJYm}9`px?gx(2NX`=FXb4Q%>~@{yd!bUst<>5w70 z{EAt=EV9S3%O#>S?9G&4vvj3ti=QAn1!S^#$@Aoe7axbuWd|_Pt9(yac3mWbIlwDY z7+ne+u6o?YKtof%0%NAK=|9=%o=Nl9T4Fz$`sO0+y!{?bH%#eHGM|JYXNZV|G-V)R zLKizlYoTPOjTT*Z)MKVLsZ5AnGfumaz7wQwhpzQ;4?!>_=vgqAN@o3Jm4Yx!y5e(F zS?tYK?=l;eJKk{k3bT0rcE)nuvOt<9E%c&37rgoXhQY(zhHa)Znl}7wmkVd9SVg%t zzO&Wm(LUujT^-4ng2~c5>bB;ueZQc{fq7I5RPhNqQoUh?-|=Mgq>QPcFz9d~+$d&k zxtltZ?gr&bQ&~EGCy7edwOfIlyhFzyHO^wdA_HCy2Ihs7cn!0L+~iHFdf->A#lF(w`IxSYj4x5 zkvo0xWn5ZvQ>^?}pJhT9r(v|AFeMh9D zgOh@ySEy_V4{?q$my;$X%Uei98j|LbWO8bgg=l>KD+19l4U2G|Cnn4d29wn4R9Jd2 zZ>j?v+fOlExw2kbxT9LSs)Xy^#3>FlnpslAc%iM-J|A-4mLsiWAej#lrs+~6vTYAB z`o*^`+Z1U7r}C9?nu?}BvM9H8XV|pOy?yzo11W#ZB0G(5=?n!VI#9(8op=C2)&Ez_?CbA zT_ag!IcJuK2!IF4FHk{>lZP*jrn+A5^6Cs5%8ywM6udF>O5qVjr&NA)lCQD*;k{=? z2tm*?!!~i>aFCMn=yxOiv1MT|3KoCM=AK^T5Me@9`#OP@hqj9$UzI0DaqUBI<&yLS znJdR<2LHfIE{lwv3jure&6Ts+;Bjfpizsse?Cpo?_8+plFLiAz5623@N4CBC>*hPH zRBYd7+LkLDSwyBN(p(DYNA9&}kh8M5C;y)95u2m&4p@P8RgsjwSD?I}@yi5KelMwH zoQGy8F)fh zN%L*!vDVfu0X6B6An_6jz8E9iMeY3nMQLnFRF_=WJLNK=RlbPgc)NKa0w>$x(DsyI zddu#&%rK+yh7|JjaILE_ueVOSk;tOZx8TaEB%3tIUWRm{dz5?k8x5; z-Bp=iXDqql3)CeP#9AoJdIiYBQ#vb^+$Il9)7h=DS{?hUYKYcr#11uU^>I(NdsFob zU~xemTztSt)*tc3(? zPj}ZGPEJk&WG({McM7;dows-x-_%D|!_i?!dyz}~Bw+h4pNqk*IgfHK2p(IhT*W{+ z3Quo-fl@G`{D>D1FTy-Oow^y9Z~Y%W7>{z_3NI(*S5@W2gCj{l4_;LB8sQH7sc^j6 zv{bsZs9;oV9Kp-M#m2?eS8>m2r8X-%I(mNs%s>`37w1JdaLPF>Wh;S)7SDV96~s2< zw%@dGKab~jc^taCI#QZMjsvVGIT$0+5xL*hUFg-EBv)0|nujOy*qv?t zbu-4?{rmT~rhsc?{t6+YhH^2OE4EuAb$Fsg-bbRmhv7qxwbJuwcEG99?ZSW^ExjYJ zINX;beMmta-H0{nVX<$oZFvc89t|~!4NOZ*%PrfwNgi9o8x>(kBmA~`O>A4ltFSbmpZnfa~(~GJ3AXS7WPcO2sRTf zdycYch77G&h}pTqhJ?O87rzE`WBB!{X=U$<#=Q)z@^lZVcfVS^Xih8MS!j(=&Xs>PCS=iGX94GoR? z1vsJ9<-Gsaq3*Z-ED(D#z)XyVKa+Q z&aBlV2Yma2>p)xNOA+W`0v+uY{zXBgo2|kDn(k{s?iOG;Qq*wTJXufm_4RFbMnDK= z4)RT2sC-jE9PvSG=%u4N;7>-Q#8l8mH(D0%A9T3es9?0jkH} z#`+BW0>z%-H616pLpneA$6#($r*q>stpmZ0@bQnS`uh4-4<{FptocmB>-Z49S=`9N zJ2Npo^iH+@!l$yb%y=M)^EXg97J#S$GNlFIRBZflVFS2sm_XPsAs4TpfHd>cDS95g z0D;&8;6UBPp3l-!kVSp`tiP%2} z;Q58gPfQj@xnWP3{}+Qi0r^H$IQJmF#C|F4SpMQX_s^%^p~u?q*Yq|wPXUy@MsdtB zX!bGt3HGmn03`HE>yJ-d*&!(jzd0!^q5%?uTXIwnbp9Fe&2@1rm2@zrp9>59FmV-$ zzJ2cZ+HSLxe1Rqi{j)rgw^Tfgy<(-2 z#XYu@XmO#Zg3r;;zRphN$dHwbQbmkVk=<-!o+RnHw4fgT#_m?z_ zWJpC;U#74Vc`QZ8-SRW^f42L>|@kC3_W9Hg5N^}d!d}vZRIPUp2OLdU&$$%v zG~idH=%qyIg^7>P8x5o4BkG>}g;xf>l*DT39v3Q6_NW9J%*Pq(F2>GEQz9VzYgTV} z&`VT%sF4PKhQ@g%g@+kYecr1%DH4EBP^Vs)E^n?p}g{CxmgBramCH_NXt==LEP?E>UK;|wl@dANbqS0I7(+UF|oPE$b z&38Q3@i_v7juff#^Jg6|PRWrEjsbh|BEWdPXt!w=G@_N%>T7WV0R%$lPl5e49`f zWdDY(2|dw^skn`PRoqU`mr{#C|ML3#nMplPi0o+2P;|n?19i>GNNU{c*@0IYx-;en zy^ZU3)ikret$JHzeB5;*GHLZDcftrK$c)l;i&PmxfPf~@;(PBrPcXvkCa_-Cl9$ELt ztm*H$kssaW6<3_jJA75#qGSXn7bv9ZsE87i?jz&QRR>Y;sJgsxk-b-lTmH{@DTNDzHPYv) zJEu{??_jCU=Z;1ShMt4kmQ(ZbCZ0HrI$l!kd0~}UaZHT4S$Ld4yT+l)>p%LiRS)&c z-Qo1gh)`XL3cQj|(0wOyh*sw$5RG?yHw+h7RZ7h4p(bV4hsNdJrxLJmh-cGf(?X&kB5MB^j5u zrSYoklk+@Mx;YQJ6AGO#p@O77M(w{8bZdRBjPhl@!$Xkxm&iIJbXF>pj69~6XXgG5 zUZ-l+KX&<#419)OBlJIW4m^w$wZPf`jm76+GzL6pzyRdSlIY^ytPhPv-k-$83V0$! zWPafU@OVHr*axjs80Cn25S`mc|Aprws0iccKPKY;js^U8&Fmvjr1Mk*<`JvJ`4^61 z;o;i>ln<(ZnKv+Jkk#!9?x^B9=A@|eK+49cYiRTc`=Po0vffX!5v%-%pW`m<-WEB8 z>22IaqI3PnjNb*MWRn$$pnhxHzwERrIY(K6o1<|ZJyR3N6b^67qk?@#tq7qP~6ECj=tO zbEhpy_Hi38Pv4|s?G&)*ea2mt;`B@L@6QMwhw4BbpK6fD;mmMA)rQub3+I*usoe;p zjGhhQW{*sAo3St>LjY^!ZDUS|-5>#FP|e6Jk_Mqngt#YEG<%c(nL9RNX>>G`k6D&> z*pt`-tAN2{uQP56@Q%C>d%n7(UTilFZ>WNYNZ6|@#T^A7H_%YMog2iBAq+bvgr|qn zf876CDZ}>0e!vJjv`(@88qWBX>=E`EjdP|b|JOubAa?jlhwy1i4SMq`v!7up@Wu!++o&L9xewrx z&C#CwUl*u@E8G)}BX*VT)*>N66=!yd$Fw79q>J-@M!+H`8}Flqy zO#h-P|8-EJ%h9Q>DlAO-e-D=eP`LD?SmPfjn!&CgM2_>#FdY()DBzUC=;T1neIZ`# zMb)ohA-x~E3ySd_FI`X`J)08_%rokjP5)1B-8cBZ@$U<(Pm3R%lQ?(=yFc1j_EHtU zzUCx$EGABprO0qQ3kiK1$#E8qUV>Z>Dho;c&8G1&_IhT#aSj7X#WvB&wPz(aE8Mq@ zIF5l*$=*rV(e8;QER-W4HIw#J?Qs^ud^u(kE{J(HsBnI-R2;2O6=@Ub+ZUQlj%475 z0>oKHuODoNLa_dlp~`@fOeUN5y2b02*cJ?&^5*R=)GY+OrbPmkL`Rp$-HEx1HSO|w z#(doua`z!RXlf)nR-kBG!7-c-rHt|&Oe=f$qw=LJ^^MX=LZOgga&hCwAM^7Mv=pes)qSsj7X;w}qGTfKI##q(L zXnuz_35VAKy6gYga=$lFX|DHf-df6c^Eb&+F`p>fsp-VS{*Wq)gKvaWGTQh_ytOeTSUp2l+F8>T_TrXeKr)`D{iko4L7gq z$P{2*)p5Wr&6t5_%H|+474=OOeG^?|XX%4m5~Cmr7SyDCYf9lwZ|ji^{wuT=-hRB_ z|C&wi;|9XUEh+mLk~*PqGj3XU+LmD9Wy>&e$f8D6dhh+5>JRfDr{G?h-kf4H)_S!j zdJwFI_d6@p+rjRMF4nRdz%U}&^P}KT!|OsJx6e8=**a$N7)(3Id0B{L>NC5CRIk3c z2459oLk=mN74bs%YeP_salSkJz#aH^4f%fsowzMV)Godd%B!e=d*Gbg2WoH{0{@S@ zOlA4`i6^%pXy1__$&9Mto=FP)k9tl2cC%NcP@O~;bWoCbE5^D(L3dkJz9F@Onv|1` zovnyO&a5i3bV$1_`kFDv*%KcMmw@>hS{Uf&scC3*3n7YErL7IzU0j@Wi}~=5IK{HF zES9ZD6=V89qUlfiqmVUkTQ*9MJ35LGy3A=4TxifU&@PLVtoX~NJ_tGw!@UBkm-EG& zL!?ttHXSxq^rl0(*y)vRKZ^I{*WS5q`i@NQktMC9S!|ZqVI7J5k%#$CZa1|FK;z zM_S%*NanFOsqgW8WRHxdG;l0znJP7i;S$mb^0~KaD~PjI$($6*DT|>FRd_ZaFQ5Ch z0oxW+LAv`>$Dws>&}8#mN8L?mx6PRy8^fHJ%6CqiY=zo7awqXY3`#STZd|Vo^V(-3 z8=$9;bnTKhC?#UFw4i4FGp7s4p>Tt3+4?L5-}xvnGh&cz<-r5j=<2a{J{RsZ3D28O!Vg(Uaedy)^>vy|`*>6{Sl!~?4ibItf|)G~Q&*k>UV3__r8 zocahR=G^)+FDmyh$83g<@v?p>c zhUJ|p1u1`)rUN1&B9neMJMF+_`G{eg;jG{$~RCHemvig`1dKx0hSzNZtv@O8R}?aCqgSc!pBe{A{6^0McLtJj5qSJoB9jZB*u(;spY#9Z`tDL&=gm( ztWA>HM&obayLZOgQ^Jl`zc5aIY$XvKCV9IH#l-N%l+KVgyO-ZtM7|khlPlrHq}zwN zGIqUo*!Zd<`V=7_M?hijrz$p0O=cmkEpB#R)tkXL`aX8`naSv1bz1Yn5ThqxOEbdB za`!Rq9uma6KaggO^&01oHcc$M*Z|z~aM>dSxyNHRC9wuOs%+K#6x*A4 z%O|EViOYC}3?te{P4K$XAIy5^BUOCdEHLxaRzpNhabU5R4a`>(>X02<#kxQ7K zPyJazRY+5?3%$1zW#O)IMg+y9%$jZq_3prU`xST>bx*p=Y^VJ4jUM#DDF5%x=$UhM zGCg^TINMY`T~P%N0iNxm%Nhj9XS|+pr}#o*SZFB1<&C+jv035i5srO_HxqD+y=^jfmbNyo*M zzpJ*|X77~uL6pjyV6%<0!?C|Y*f2iZcqEC0dx1A2j9+hzMzHqh%q>_Zcm5JDE0ugj zvsxx(N=)c7PK^D%zmgaKCXD&tqoU#uw)qf7OOeV(tIben5T5 zS|$D3Z}ae<+QAD*^>;tT*I=R^j>BY~Dyv_|Zr>S|+RZk{;mu z3;B3!Xy?M;6x|nFsacHWLgkS2(9K7`Kp7+NFVOz=Bp0@RYqv_uNjrDXMjYQ#+y$!5 z;eM;itH`0mLipBG^!6gHw7iT=kYHjDjMrIAE(p1E?8F> z6NM5FrxN& zm76jKr4w~I4`~DKmwD%fdXQ61x0N57CXT}P`hs4f$MjV~Lu+IuK<(|f!~CwbqGOSs zke>7YEtv_a0H0W{{+__SCTG$1lt49u71iCLZ(>=7N3Eq`ft z+$4JX`-0+m?&Uos(TZWz%))R?%VAh@W{cv4!y=Xl4NJsYID5YCSc)FZub!=1ZZmT` z-?;0+C8Ws!eq{!qXzYiWzoa658a>`w;{j2$Q(sO-0hjktV?ZJ|rrw^S1&qgf)yg`t z1(K*zgpdrCUV1!Z9PgwWT9FxKH!||lAVKg6yZMxn#6)JR&fjq z@H%O_TB9=3pfdS3B8EaHxq)QHjOIy1Fbu^*@oXNJC>XnuG0DxovA}?AKy1 zgah#(7m>oIe~qky@?W^ahPbzaFAr}AopC&V0Wi78UXh{*{1ksP+yMSET6N_e zU>rRb>?snPxWbkIpx0Prm2j>`6m? zX1)`X-OOiV?zrbOleN`)@r6v?D+*GI&6#moZl%bm3iUfN3a6kuQoi$sY-Jqt$ zlSPuXC8l&KZPT^9FqoM&6LL122>i%C9rjnx4tGX+^S4UALiGi;V!Uvk^j4G+_?T(x z?6RsutCP4J7JH%QbT z{_P+%K-jKB5Q}tx?mkVpjd5|6$D(j8-apDT7L@f&vMKpe6sn*~uU_pD01B#;>G!#` z==$wrWF(VLNML=5^m@JW*lI4a+TD*H3uc*-MQSkK?|P)GS{tyv(a6!^tn zMOPL}P>I2WhG-yXVrIayhsn@hQ9ks*P*TaG(7yi}^1LY%lxX~&(+JBM^=|semleX7 zAhUn6LEly4fSEhGzxTB}6Im5Pzwl%?Gjig_GjjU|o7B;It=~$ILi7uZ@NSrOtjlo)ow0>(YaH266m2d0#xv;FLX#2Kmlu#i& zTv!@nsUKZi?otS9xrH>It+4-VDR%u$(?PX$*&$gA7=f-dt4emwOx*m83k>z2IFyAg zm|AT;SP6}`P2|x@Kx%@ z*#$oU3r>6-bp4TyL9?u!kHhrBZ%6`&Yj87G84@IuEa9IMnI;-;v#)?JS;l_P z8+%0&rx$;oaq>hjyXT!l@DF&2M!CE5V#x5Ewd3T;%!!xjK2tX35~Fuv4`HHRUC}>6 z1rYjjCzL~yI#lYKip@=36{fQ35V{aM!>2f{myP{i?Y~N&ni5+v^SZP8v1B-ruedil~ ze%ds<;pVmc#6I@=sJ9O=E&bJa_5nfXv`37=P6dtNd2;apj!%Zndu1ovp7i$^gmjU$32_Wv^9|(Ov47a@a{N9Y z2X^W1uU0c!?UU1{M~w#aF<#0Tn|vtv#(N zKi4VvTZnMcq^(ru$$lR{IvSY7-{Tb$Y+K40p2%m&%AZV!^u+FADMf}SddxD^+~xKe zKH^t$0iN=&M7i72%B7>+xC<{lQcwFI!MS{c*Mqb2iZ-g_WVv@z+WSghUig+WLh|HK z**~}kQSRXe*%AZs9=2sgX;D$C2T?g1Z2JYC^qxm5VrZ^8QVIG34oUoluMuH-NU79g%VX_OD~Wk6KkD<+5j=v+@W^w&)NI=XPf9>bnQ%Py;Q z?sk$hU~Qes(Jv1WKf}R`T{2CPE^LG*Mc%x1-`DioTW0m6^oA}k25x@)gM0VNe7vHh zf*krKZtEKv+ZQJt11tKoTkzE7BqS+Td?ywu@=V_@YP*qSLYlF(FW8p%fiuN$7G%d{ z`XiQL*0G$9qM;GjE*VaKZcu{2uUz1-l|XNoN-?tri4Yq)mpWuTev*jGmOZT^hnzuM z@Ep;`j>$5yaM0kgm{7Yvqrdl0KjY=lxg3k}%CdQ!AkYjL_1ZxhgzR2?MR&QX)W~}z zEw-mCFksA!J(0Fu%pn0Y_`eT&=-r{Us6fA?vXQJ&j>D~tWa|!g1-WtI{3vIW17v1Y zw3`@IYtLVUL&gC|bMTQ>zvi1Jw}pgv*Zo2o!qXg58t_dM!{uuuDkQ})he=l$RB~@QjK3Kx0BD&W z71(H$cETO(`d%jgxqsNm)Iq?48~X-m%KY8+cmcU62->APYTL$ZmfBT~&1Nkpj1s3R6Lj8j7{ST){F>s5qBA5}$v>arQnoqOC_VtCNRiKKVH@Pfuyz z>k1-_bUq}tr6xjowKMV|ME6W!#yxgWJv*QszSpQzwG#3nQ9>q!9cIZ%8(#31HqPX3 z?2>~I$9e{pPvFJqp>Q&M2fZo_)B3(fyB=3h?qF)*LVWEN! zNkm7+H;haFCr5SVMoeL-1i1_~Q=mvIv`<@q5-#~8M@OqXE;DXhGCfkWmIK3Ysz$c^ zt9JB)W_!;vZ=9_Ikr+gmk#W7#6IbF-s)3ZpsvnO^uqZLW+W|4R&0 zz1yM%NF&28`U1vj``doFjU(sUmo%?E!_ml(jdFmvXB{SlwzuAPd^Y(fS$p9MQc{Ba zpOk<9%L_1?})J$CQA1vLYN1MlQpG94XV63z} zh?wJu-)jr6KAZt@P}Nqq6o^s5TmpU~@_!H6LmPlx8&T=T!SC+KIA-L zNTRm>XX^!M+F$0iVx?G_1?}Yc`1srZboGCOC*Sx2swhK0u@FM~3dGd~KRdO9_%4Dz zw`V`mj>aD3W6?T)I*O8upg8oCiGUGPxN?T(5#)d71x1m8dn+rTmw53x=)7o1XCOz> zP(envRnDjHJm|3h{k|dXY1$=J9?c)&KzQcO?M-ef!~Bi`6~^ge0*)x?#89*9m~Mzqj+R;|cAh0NwWw%1?EK zG2;hQ%Ds+!||^<{|DtDQ3MuS&clDHlOA+No|Q7x#UbBO45L$)_I1ir&j@6b z?}4s3-~)p8|Ic@RntJfyYamMh#Roy3f3&4m=ZTE~+K)8e!o0i$&4HgW z9^jv%t{ef*5MWH5CR=Wyo&TxKr=A8{!cQDHO|!q~{OQP?Cea@}`#I&)w$VGNkjf{) zuD>f~rCf??_MzoJw}SXpteXecuV33$7|!@I>ad*`UBa1Pj8u97Uj!Q>T(-XX}`6ektC5j$Fo_VZQNL zGgHGH6n4>YP|nTuFhtSUdl_Nw!KCPXCs!=j@({GI zR{!`)fNPoaCK@>6Cnz$@EpG&a3>1|kzWe`6kybw(@#!|SrQ^@_@C3^BkpQ)#aU{_- znSv$bwL2}AOX>F%E*5f!g%Gq))of)6E{uoZ{>_vwOj&?X_+a3Z`6Y>kF(RD`2yZz$rtyn*4- zf?BbWA0s~-e+NBaB7afCG-Xc|fPPq}(k-xIDUBs~t-cu;o*2#iBVtkw`%^4v8y`&J zNDC?dgxX^ezIcA(;VIt$lt-mdarYBN)QsOg!f|VCwOq2JWB2ds^htd3{$4l!L@bfuQK+r%IK*j}uVe>VI**f(CgFGdkA z7;i(GR3^KdTsh_Bd)(9R%XBekH3g+#fe}F-Z$76-UkZV{qNwJ8q-+Km>L+uYvx$ts z;&f!szqdl|M7=TaBqYL-x#txka|1;NfaSU>BYttG4Sydh0UC^}s^0KXYeP`cM!9fl z$ktkmw}}mkISrBO39enxaabY?GR}&ud##S`@2nA&nMpim))sw47wAS*Y&P;rKqgjf zFWBj|{4d^gHfl;J-gHcde37zSrtGA~heacYI7P5kuQt1=gKy2)oHr?2m+lr9DU!s0 zJfLdsxc|v!fKDAd=}|4ToiG!*q7qqZ7$zHvBcRR?jQmf?N<}hY)fE@Ysz3DbS(V@FI?N4REdz*k(!facDCSPU(H^2~0tmF%+`g|a zA97M8vqqNll$VxfoG~t_t4At++K&GoQ}(|yjuV4Wz>TiFJdq&m4%h`KZeHTRDf2i# z-^N(iJ(HK0i_6}9(GM6m>Vo$H+MR%A3@&CVwixZkx`KvgcMc$amm=(Fcsz_Yt%F?P zAPYslp8s-y;>Ep*0mSbgfTk_X<)r7}?u_C_()=P+iw4AOBV+k3D+Lc45htc=6S;ho zB2CBoSn-ijKb|c_xoZN3A?TV#u^*Q}Nnv`q^kgs1!$I2fCI^Z^p5j@&^$75yPua*y ztEkIJ+6Nngb60IHdVVl-w_O}$R2?5cU1d{%V#fiBrM4?muabggC}-;JXAh(^#74d zddf0BWjq5{;~lxy!A$&xVfq*Xjj(QdKU>g&SEi3XhIzFeDvIRlFte~&qyr>Mb(Dhv zx{^?rh$T(Akl+)p`Z6(z*+i10e??z35V0Co&l?8sq>v{KQ{A zyDalnSmj~%`0-4J{y8rKmsU zbL{r7fZ#V7*(%1}(S9{4I{aj3m&JB^#M47?|2?12PePkG4xbmG9Tw8*QDmp2E-*~0t zxWzg!!4IL&5L`v}R3dG=+r%zYhvLI=l(tQ*vgP3AKyj=w?m@Hf9l(PuxP8STn(47{+9w&xF*awK*q zSj*0z^4mY!0p&vECr35V1jtk$2t0!sB zDTJW(YrmJL2Ds#G0G7Czv`@afZkkDW=rbDAyI^_PFK@?lu}bIU<}RVAL_;7LN%tKt zw$xFNh&Q{h?KZXBQN42n+Qx3&mm@hG^Eep&T21CwM~_7(EU?q$GbI-vCBVitTH@{o z5vBy1OAiLAA1Sq+3zicq1uW~qy@jWUwNM|_1xM8@fDui}nPhH-EBr|2uyPv znQ0)Xh%}Fj5fEZ?3i;q*>#)(gv61f{g!c3^%K3Eu_hZ-#pq&&oxzk9MfEI){>0~jd z0ng`q;8Y)M{|al~UPFy@1$G+5-jhbT#Db6J;q48hD-G$2U#EU|&b^ip&GJK>zm5%7 zt|TWDs~q(t4KG5y7m%6w?Yr9_h+T)7>vqN}Lg-9XCRgo1_t^+K;3r*rasBiIg0ad? z{f7!^>`LF@r5XuZmYDL@iOy#A4;XcV#%bx^x7O|?kTGbs zjx#pIX)iJG{^-QiGx?xD&Tt|n=B2|;aYEzDyk~qpQgY1v_>jxY+BcnIu9F(4c#~z7 zpopro=poq-+(2$l&)m6Y`pU`f#`y7=n`{MJ-%SBmOLo_{3o|&}#itrm{08-BdIJ9(QY1 z+Vq$>#uv`Kgd;InXRc4TF_;JKbY{7!*wZiYwjhz}JlrnXF$Xqj10YZNLKj?1@mh!49-i{eqV8;y1|jVcYcA0x5EH66I23IF{J=<{Y$39_sfv4mcs zR*XKa2&9QxYF9#Lm@R((3CXta?d;cGx-ZFz8KFGfPBAxVeXJqZ510|-|^ zFVrxElMa((ECW4zh9M#vZdSmoxdNzlKNX`ls^!?dU#RgXJyZ4fR-0fVCHa6p{!}kh zE0u2Re^$-Ggp}L|DWjif-Vd~L>bI;FUWU;CrqrdM+RIe~Mcs!2+zsq*3vHoo4)B?0 zC^_kO{XVdZ>a<;8LIv}X^DoY!5;y?K%20p>+y&5A1)71;KCXf{gRdu!KyScTI`{DK biExUrCN4SFOW-Y_p+Q7tALocXef9qVqPpIu diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index de75c4898d..6f359562af 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/22/2018 +ms.date: 08/02/2018 --- # WindowsDefenderApplicationGuard CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in the Application Guard. This CSP was added in Windows 10, version 1709. @@ -19,20 +21,19 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se ![windowsdefenderapplicationguard csp](images/provisioning-csp-windowsdefenderapplicationguard.png) **./Device/Vendor/MSFT/WindowsDefenderApplicationGuard** -

Root node. Supported operation is Get.

-

+Root node. Supported operation is Get. **Settings** -

Interior node. Supported operation is Get.

+Interior node. Supported operation is Get. **Settings/AllowWindowsDefenderApplicationGuard** -

Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

+Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment. - 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container. **Settings/ClipboardFileType** -

Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

+Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - 0 - Disables content copying. - 1 - Allow text copying. @@ -40,7 +41,7 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se - 3 - Allow text and image copying. **Settings/ClipboardSettings** -

This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete

+This policy setting allows you to decide how the clipboard behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete - 0 (default) - Completely turns Off the clipboard functionality for the Application Guard. - 1 - Turns On clipboard operation from an isolated session to the host @@ -51,7 +52,7 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se > Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended. **Settings/PrintingSettings** -

This policy setting allows you to decide how the print functionality behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

+This policy setting allows you to decide how the print functionality behaves while in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - 0 - Disables all print functionality (default) - 1 - Enables only XPS printing @@ -70,13 +71,13 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se - 15 - Enables all printing **Settings/BlockNonEnterpriseContent** -

This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

+This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explorer. Value type is integer. Supported operations are Add, Get, Replace, and Delete. -- 0 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard. -- 1 (default) - Non-enterprise sites can open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge. +- 0 (default) - Non-enterprise content embedded in enterprise sites is allowed to open outside of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge.. +- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Windows Defender Application Guard. **Settings/AllowPersistence** -

This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete.

+This policy setting allows you to decide whether data should persist across different sessions in Application Guard. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off. - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions. @@ -93,29 +94,62 @@ Added in Windows 10, version 1803. This policy setting allows you to determine w - 0 (default) - The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0). - 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system. -**Status** -

Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get. +**Settings/FileTrustCriteria** +Placeholder for future use. Do not use in production code. -Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode +**Settings/FileTrustOriginRemovableMedia** +Placeholder for future use. Do not use in production code. + +**Settings/FileTrustOriginNetworkShare** +Placeholder for future use. Do not use in production code. + +**Settings/FileTrustOriginMarkOfTheWeb** +Placeholder for future use. Do not use in production code. + +**Settings/CertificateThumbprints** +Added in Windows 10, next major version. This policy setting allows certain Root Certificates to be shared with the Windows Defender Application Guard container. + +Value type is string. Supported operations are Add, Get, Replace, and Delete. + +If you enable this setting, certificates with a thumbprint matching the ones specified will be transferred into the container. You can specify multiple certificates using a comma to separate the thumbprints for each certificate you want to transfer. + +Example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 + +If you disable or don’t configure this setting, certificates are not shared with the Windows Defender Application Guard container. + +**Settings/AllowCameraMicrophoneRedirection** +Added in Windows 10, next major version. The policy allows you to determine whether applications inside Windows Defender Application Guard can access the device’s camera and microphone when these settings are enabled on the user’s device. + +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + +If you enable this policy, applications inside Windows Defender Application Guard will be able to access the camera and microphone on the user’s device. + +If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device. + +> [!Important] +> If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge. To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed. + +**Status** +Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get. + +Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode Bit 1 - Set to 1 when the client machine is Hyper-V capable Bit 2 - Set to 1 when the client machine has a valid OS license and SKU Bit 3 - Set to 1 when WDAG installed on the client machine Bit 4 - Set to 1 when required Network Isolation Policies are configured Bit 5 - Set to 1 when the client machine meets minimum hardware requirements -

- **InstallWindowsDefenderApplicationGuard** -

Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.

+Initiates remote installation of Application Guard feature. Supported operations are Get and Execute. - Install - Will initiate feature install - Uninstall - Will initiate feature uninstall **Audit** -

Interior node. Supported operation is Get

+Interior node. Supported operation is Get **Audit/AuditApplicationGuard** -

This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete.

+This policy setting allows you to decide whether auditing events can be collected from Application Guard. Value type in integer. Supported operations are Add, Get, Replace, and Delete. - 0 (default) - - Audit event logs aren't collected for Application Guard. - 1 - Application Guard inherits its auditing policies from Microsoft Edge and starts to audit system events specifically for Application Guard. diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index 33e53da2a3..dfda523b86 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -6,17 +6,19 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/22/2018 +ms.date: 08/02/2018 --- # WindowsDefenderApplicationGuard DDF file +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -This XML is for Windows 10, version 1803. +This XML is for Windows 10, next major version. ``` syntax @@ -42,7 +44,7 @@ This XML is for Windows 10, version 1803. - com.microsoft/1.2/MDM/WindowsDefenderApplicationGuard + com.microsoft/1.3/MDM/WindowsDefenderApplicationGuard @@ -248,6 +250,147 @@ This XML is for Windows 10, version 1803. + + FileTrustCriteria + + + + + + + + + + + + + + + + + + text/plain + + + + + FileTrustOriginRemovableMedia + + + + + + + + + + + + + + + + + + text/plain + + + + + FileTrustOriginNetworkShare + + + + + + + + + + + + + + + + + + text/plain + + + + + FileTrustOriginMarkOfTheWeb + + + + + + + + + + + + + + + + + + text/plain + + + + + CertificateThumbprints + + + + + + + + + + + + + + + + + + + + + text/plain + + + + + AllowCameraMicrophoneRedirection + + + + + + + + + + + + + + + + + + text/plain + + + Status