From 5bc2b8ec7bc15a97a852b57c8555cc4720f37c3e Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Thu, 19 Dec 2019 15:28:37 -0800 Subject: [PATCH 001/157] 1643831-windowsdocs-configmgr-rebrand_LK --- .../ltsc/whats-new-windows-10-2015.md | 597 +++++++++--------- 1 file changed, 299 insertions(+), 298 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index b2e5edb37f..80c78d4413 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -1,298 +1,299 @@ ---- -title: What's new in Windows 10 Enterprise 2015 LTSC -ms.reviewer: -manager: laurawi -ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"] -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: low -ms.topic: article ---- - -# What's new in Windows 10 Enterprise 2015 LTSC - -**Applies to** -- Windows 10 Enterprise 2015 LTSC - -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). - ->[!NOTE] ->Features in Windows 10 Enterprise 2015 LTSC are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md). - -## Deployment - -### Provisioning devices using Windows Imaging and Configuration Designer (ICD) - -With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Using Windows Provisioning, an IT administrator can easily specify the configuration and settings required to enroll devices into management using a wizard-driven user interface, and then apply this configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. - -[Learn more about provisioning in Windows 10](/windows/configuration/provisioning-packages/provisioning-packages) - -## Security - -### Applocker - -Applocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md) for a list of operating system requirements. - -Enhancements to Applocker in Windows 10 include: - -- A new parameter was added to the [New-AppLockerPolicy](https://technet.microsoft.com/library/hh847211.aspx) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**. -- A new [AppLocker](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server. -- You can manage Windows 10 Mobile devices by using the new [AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx). - -[Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview). - -### Bitlocker - -Enhancements to Applocker in Windows 10 include: - -- **Encrypt and recover your device with Azure Active Directory**. In addition to using a Microsoft Account, automatic [Device Encryption](https://technet.microsoft.com/itpro/windows/keep-secure/windows-10-security-guide#device-encryption) can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online. -- **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#dataprotection-allowdirectmemoryaccess) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on. -- **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the [Configure pre-boot recovery message and URL](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-group-policy-settings#bkmk-configurepreboot) section in "BitLocker Group Policy settings." - -[Learn how to deploy and manage BitLocker within your organization](/windows/device-security/bitlocker/bitlocker-overview). - -### Certificate management - -For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile) - -### Microsoft Passport - -In Windows 10, [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. - -Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services. - -### Security auditing - -In Windows 10, security auditing has added some improvements: -- [New audit subcategories](#bkmk-auditsubcat) -- [More info added to existing audit events](#bkmk-moreinfo) - -#### New audit subcategories - -In Windows 10, two new audit subcategories were added to the Advanced Audit Policy Configuration to provide greater granularity in audit events: -- [Audit Group Membership](/windows/device-security/auditing/audit-group-membership) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the logon session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource. - When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the **Audit Logon** setting under **Advanced Audit Policy Configuration\\System Audit Policies\\Logon/Logoff**. Multiple events are generated if the group membership information cannot fit in a single security audit event. -- [Audit PNP Activity](/windows/device-security/auditing/audit-pnp-activity) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device. - Only Success audits are recorded for this category. If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play. - A PnP audit event can be used to track down changes in system hardware and will be logged on the PC where the change took place. A list of hardware vendor IDs are included in the event. - -#### More info added to existing audit events - -With Windows 10, version 1507, we've added more info to existing audit events to make it easier for you to put together a full audit trail and come away with the information you need to protect your enterprise. Improvements were made to the following audit events: -- [Changed the kernel default audit policy](#bkmk-kdal) -- [Added a default process SACL to LSASS.exe](#bkmk-lsass) -- [Added new fields in the logon event](#bkmk-logon) -- [Added new fields in the process creation event](#bkmk-logon) -- [Added new Security Account Manager events](#bkmk-sam) -- [Added new BCD events](#bkmk-bcd) -- [Added new PNP events](#bkmk-pnp) - -#### Changed the kernel default audit policy - -In previous releases, the kernel depended on the Local Security Authority (LSA) to retrieve info in some of its events. In Windows 10, the process creation events audit policy is automatically enabled until an actual audit policy is received from LSA. This results in better auditing of services that may start before LSA starts. - -#### Added a default process SACL to LSASS.exe - -In Windows 10, a default process SACL was added to LSASS.exe to log processes attempting to access LSASS.exe. The SACL is L"S:(AU;SAFA;0x0010;;;WD)". You can enable this under **Advanced Audit Policy Configuration\\Object Access\\Audit Kernel Object**. -This can help identify attacks that steal credentials from the memory of a process. - -#### New fields in the logon event - -The logon event ID 4624 has been updated to include more verbose information to make them easier to analyze. The following fields have been added to event 4624: -1. **MachineLogon** String: yes or no - If the account that logged into the PC is a computer account, this field will be yes. Otherwise, the field is no. -2. **ElevatedToken** String: yes or no - If the account that logged into the PC is an administrative logon, this field will be yes. Otherwise, the field is no. Additionally, if this is part of a split token, the linked login ID (LSAP\_LOGON\_SESSION) will also be shown. -3. **TargetOutboundUserName** String - **TargetOutboundUserDomain** String - The username and domain of the identity that was created by the LogonUser method for outbound traffic. -4. **VirtualAccount** String: yes or no - If the account that logged into the PC is a virtual account, this field will be yes. Otherwise, the field is no. -5. **GroupMembership** String - A list of all of the groups in the user's token. -6. **RestrictedAdminMode** String: yes or no - If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. - For more info on restricted admin mode, see [Restricted Admin mode for RDP](http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). - -#### New fields in the process creation event - -The logon event ID 4688 has been updated to include more verbose information to make them easier to analyze. The following fields have been added to event 4688: -1. **TargetUserSid** String - The SID of the target principal. -2. **TargetUserName** String - The account name of the target user. -3. **TargetDomainName** String - The domain of the target user.. -4. **TargetLogonId** String - The logon ID of the target user. -5. **ParentProcessName** String - The name of the creator process. -6. **ParentProcessId** String - A pointer to the actual parent process if it's different from the creator process. - -#### New Security Account Manager events - -In Windows 10, new SAM events were added to cover SAM APIs that perform read/query operations. In previous versions of Windows, only write operations were audited. The new events are event ID 4798 and event ID 4799. The following APIs are now audited: -- SamrEnumerateGroupsInDomain -- SamrEnumerateUsersInDomain -- SamrEnumerateAliasesInDomain -- SamrGetAliasMembership -- SamrLookupNamesInDomain -- SamrLookupIdsInDomain -- SamrQueryInformationUser -- SamrQueryInformationGroup -- SamrQueryInformationUserAlias -- SamrGetMembersInGroup -- SamrGetMembersInAlias -- SamrGetUserDomainPasswordInformation - -#### New BCD events - -Event ID 4826 has been added to track the following changes to the Boot Configuration Database (BCD): -- DEP/NEX settings -- Test signing -- PCAT SB simulation -- Debug -- Boot debug -- Integrity Services -- Disable Winload debugging menu - -#### New PNP events - -Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller. - -[Learn how to manage your security audit policies within your organization](/windows/device-security/auditing/security-auditing-overview). - -### Trusted Platform Module - -#### New TPM features in Windows 10 - -The following sections describe the new and changed functionality in the TPM for Windows 10: -- [Device health attestation](#bkmk-dha) -- [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support -- [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support -- [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support - -### Device health attestation - -Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device health attestation, you can configure an MDM server to query a health attestation service that will allow or deny a managed device access to a secure resource. -Some things that you can check on the device are: -- Is Data Execution Prevention supported and enabled? -- Is BitLocker Drive Encryption supported and enabled? -- Is SecureBoot supported and enabled? - -> **Note**  The device must be running Windows 10 and it must support at least TPM 2.0. - -[Learn how to deploy and manage TPM within your organization](/windows/device-security/tpm//trusted-platform-module-overview). - -### User Account Control - -User Account Control (UAC) helps prevent malware from damaging a computer and helps organizations deploy a better-managed desktop environment. - -You should not turn off UAC because this is not a supported scenario for devices running Windows 10. If you do turn off UAC, all Univeral Windows Platform apps stop working. You must always set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA** registry value to 1. If you need to provide auto elevation for programmatic access or installation, you could set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin** registry value to 0, which is the same as setting the UAC slider Never Notify. This is not recommended for devices running Windows 10. - -For more info about how manage UAC, see [UAC Group Policy Settings and Registry Key Settings](/windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings). - -In Windows 10, User Account Control has added some improvements: - -- **Integration with the Antimalware Scan Interface (AMSI)**. The [AMSI](https://msdn.microsoft.com/library/windows/desktop/dn889587.aspx) scans all UAC elevation requests for malware. If malware is detected, the admin privilege is blocked. - -[Learn how to manage User Account Control within your organization](/windows/access-protection/user-account-control/user-account-control-overview). - -### VPN profile options - -Windows 10 provides a set of VPN features that both increase enterprise security and provide an improved user experience, including: - -- Always-on auto connection behavior -- App=triggered VPN -- VPN traffic filters -- Lock down VPN -- Integration with Microsoft Passport for Work - -[Learn more about the VPN options in Windows 10.](/windows/access-protection/vpn/vpn-profile-options) - - -## Management - -Windows 10 provides mobile device management (MDM) capabilities for PCs, laptops, tablets, and phones that enable enterprise-level management of corporate-owned and personal devices. - -### MDM support - -MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Microsoft Store, VPN configuration, and more. - -MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](https://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification. - -Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=533172) - -### Unenrollment - -When a person leaves your organization and you unenroll the user account or device from management, the enterprise-controlled configurations and apps are removed from the device. You can unenroll the device remotely or the person can unenroll by manually removing the account from the device. - -When a personal device is unenrolled, the user's data and apps are untouched, while enterprise information such as certificates, VPN profiles, and enterprise apps are removed. - -### Infrastructure - -Enterprises have the following identity and management choices. - -| Area | Choices | -|---|---| -| Identity | Active Directory; Azure AD | -| Grouping | Domain join; Workgroup; Azure AD join | -| Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | - - > **Note**   -With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). - - -### Device lockdown - - -Do you need a computer that can only do one thing? For example: - -- A device in the lobby that customers can use to view your product catalog. -- A portable device that drivers can use to check a route on a map. -- A device that a temporary worker uses to enter data. - -You can configure a persistent locked down state to [create a kiosk-type device](https://technet.microsoft.com/itpro/windows/manage/set-up-a-device-for-anyone-to-use). When the locked-down account is logged on, the device displays only the app that you select. - -You can also [configure a lockdown state](https://technet.microsoft.com/itpro/windows/manage/lock-down-windows-10-to-specific-apps) that takes effect when a given user account logs on. The lockdown restricts the user to only the apps that you specify. - -Lockdown settings can also be configured for device look and feel, such as a theme or a [custom layout on the Start screen](https://technet.microsoft.com/itpro/windows/manage/windows-10-start-layout-options-and-policies). - -### Customized Start layout - -A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Starting in Windows 10, version 1511, administrators can configure a *partial* Start layout, which applies specified tile groups while allowing users to create and customize their own tile groups. Learn how to [customize and export Start layout](/windows/configuration/customize-and-export-start-layout). - -Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). - -## Updates - -Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. - -By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing: - -- **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met). - -- **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. - -- **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). - -Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). - - -Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). - -For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](/windows/deployment/update/waas-servicing-strategy-windows-10-updates). - -## Microsoft Edge - -Microsoft Edge is not available in the LTSC release of Windows 10. - -## See Also - -[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release. - +--- +title: What's new in Windows 10 Enterprise 2015 LTSC +ms.reviewer: +manager: laurawi +ms.author: greglin +description: New and updated IT Pro content about new features in Windows 10 Enterprise 2015 LTSC (also known as Windows 10 Enterprise 2015 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2015 LTSC"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: low +ms.topic: article +--- + +# What's new in Windows 10 Enterprise 2015 LTSC + +**Applies to** +- Windows 10 Enterprise 2015 LTSC + +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). + +>[!NOTE] +>Features in Windows 10 Enterprise 2015 LTSC are equivalent to [Windows 10, version 1507](../whats-new-windows-10-version-1507-and-1511.md). + +## Deployment + +### Provisioning devices using Windows Imaging and Configuration Designer (ICD) + +With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Using Windows Provisioning, an IT administrator can easily specify the configuration and settings required to enroll devices into management using a wizard-driven user interface, and then apply this configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. + +[Learn more about provisioning in Windows 10](/windows/configuration/provisioning-packages/provisioning-packages) + +## Security + +### Applocker + +Applocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md) for a list of operating system requirements. + +Enhancements to Applocker in Windows 10 include: + +- A new parameter was added to the [New-AppLockerPolicy](https://technet.microsoft.com/library/hh847211.aspx) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**. +- A new [AppLocker](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server. +- You can manage Windows 10 Mobile devices by using the new [AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx). + +[Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview). + +### Bitlocker + +Enhancements to Applocker in Windows 10 include: + +- **Encrypt and recover your device with Azure Active Directory**. In addition to using a Microsoft Account, automatic [Device Encryption](https://technet.microsoft.com/itpro/windows/keep-secure/windows-10-security-guide#device-encryption) can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online. +- **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#dataprotection-allowdirectmemoryaccess) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on. +- **New Group Policy for configuring pre-boot recovery**. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the [Configure pre-boot recovery message and URL](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-group-policy-settings#bkmk-configurepreboot) section in "BitLocker Group Policy settings." + +[Learn how to deploy and manage BitLocker within your organization](/windows/device-security/bitlocker/bitlocker-overview). + +### Certificate management + +For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile) + +### Microsoft Passport + +In Windows 10, [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. + +Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services. + +### Security auditing + +In Windows 10, security auditing has added some improvements: +- [New audit subcategories](#bkmk-auditsubcat) +- [More info added to existing audit events](#bkmk-moreinfo) + +#### New audit subcategories + +In Windows 10, two new audit subcategories were added to the Advanced Audit Policy Configuration to provide greater granularity in audit events: +- [Audit Group Membership](/windows/device-security/auditing/audit-group-membership) Found in the Logon/Logoff audit category, the Audit Group Membership subcategory allows you to audit the group membership information in a user's logon token. Events in this subcategory are generated when group memberships are enumerated or queried on the PC where the logon session was created. For an interactive logon, the security audit event is generated on the PC that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the PC hosting the resource. + When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the **Audit Logon** setting under **Advanced Audit Policy Configuration\\System Audit Policies\\Logon/Logoff**. Multiple events are generated if the group membership information cannot fit in a single security audit event. +- [Audit PNP Activity](/windows/device-security/auditing/audit-pnp-activity) Found in the Detailed Tracking category, the Audit PNP Activity subcategory allows you to audit when plug and play detects an external device. + Only Success audits are recorded for this category. If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play. + A PnP audit event can be used to track down changes in system hardware and will be logged on the PC where the change took place. A list of hardware vendor IDs are included in the event. + +#### More info added to existing audit events + +With Windows 10, version 1507, we've added more info to existing audit events to make it easier for you to put together a full audit trail and come away with the information you need to protect your enterprise. Improvements were made to the following audit events: +- [Changed the kernel default audit policy](#bkmk-kdal) +- [Added a default process SACL to LSASS.exe](#bkmk-lsass) +- [Added new fields in the logon event](#bkmk-logon) +- [Added new fields in the process creation event](#bkmk-logon) +- [Added new Security Account Manager events](#bkmk-sam) +- [Added new BCD events](#bkmk-bcd) +- [Added new PNP events](#bkmk-pnp) + +#### Changed the kernel default audit policy + +In previous releases, the kernel depended on the Local Security Authority (LSA) to retrieve info in some of its events. In Windows 10, the process creation events audit policy is automatically enabled until an actual audit policy is received from LSA. This results in better auditing of services that may start before LSA starts. + +#### Added a default process SACL to LSASS.exe + +In Windows 10, a default process SACL was added to LSASS.exe to log processes attempting to access LSASS.exe. The SACL is L"S:(AU;SAFA;0x0010;;;WD)". You can enable this under **Advanced Audit Policy Configuration\\Object Access\\Audit Kernel Object**. +This can help identify attacks that steal credentials from the memory of a process. + +#### New fields in the logon event + +The logon event ID 4624 has been updated to include more verbose information to make them easier to analyze. The following fields have been added to event 4624: +1. **MachineLogon** String: yes or no + If the account that logged into the PC is a computer account, this field will be yes. Otherwise, the field is no. +2. **ElevatedToken** String: yes or no + If the account that logged into the PC is an administrative logon, this field will be yes. Otherwise, the field is no. Additionally, if this is part of a split token, the linked login ID (LSAP\_LOGON\_SESSION) will also be shown. +3. **TargetOutboundUserName** String + **TargetOutboundUserDomain** String + The username and domain of the identity that was created by the LogonUser method for outbound traffic. +4. **VirtualAccount** String: yes or no + If the account that logged into the PC is a virtual account, this field will be yes. Otherwise, the field is no. +5. **GroupMembership** String + A list of all of the groups in the user's token. +6. **RestrictedAdminMode** String: yes or no + If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. + For more info on restricted admin mode, see [Restricted Admin mode for RDP](http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). + +#### New fields in the process creation event + +The logon event ID 4688 has been updated to include more verbose information to make them easier to analyze. The following fields have been added to event 4688: +1. **TargetUserSid** String + The SID of the target principal. +2. **TargetUserName** String + The account name of the target user. +3. **TargetDomainName** String + The domain of the target user.. +4. **TargetLogonId** String + The logon ID of the target user. +5. **ParentProcessName** String + The name of the creator process. +6. **ParentProcessId** String + A pointer to the actual parent process if it's different from the creator process. + +#### New Security Account Manager events + +In Windows 10, new SAM events were added to cover SAM APIs that perform read/query operations. In previous versions of Windows, only write operations were audited. The new events are event ID 4798 and event ID 4799. The following APIs are now audited: +- SamrEnumerateGroupsInDomain +- SamrEnumerateUsersInDomain +- SamrEnumerateAliasesInDomain +- SamrGetAliasMembership +- SamrLookupNamesInDomain +- SamrLookupIdsInDomain +- SamrQueryInformationUser +- SamrQueryInformationGroup +- SamrQueryInformationUserAlias +- SamrGetMembersInGroup +- SamrGetMembersInAlias +- SamrGetUserDomainPasswordInformation + +#### New BCD events + +Event ID 4826 has been added to track the following changes to the Boot Configuration Database (BCD): +- DEP/NEX settings +- Test signing +- PCAT SB simulation +- Debug +- Boot debug +- Integrity Services +- Disable Winload debugging menu + +#### New PNP events + +Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller. + +[Learn how to manage your security audit policies within your organization](/windows/device-security/auditing/security-auditing-overview). + +### Trusted Platform Module + +#### New TPM features in Windows 10 + +The following sections describe the new and changed functionality in the TPM for Windows 10: +- [Device health attestation](#bkmk-dha) +- [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support +- [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support +- [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support + +### Device health attestation + +Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device health attestation, you can configure an MDM server to query a health attestation service that will allow or deny a managed device access to a secure resource. +Some things that you can check on the device are: +- Is Data Execution Prevention supported and enabled? +- Is BitLocker Drive Encryption supported and enabled? +- Is SecureBoot supported and enabled? + +> **Note**  The device must be running Windows 10 and it must support at least TPM 2.0. + +[Learn how to deploy and manage TPM within your organization](/windows/device-security/tpm//trusted-platform-module-overview). + +### User Account Control + +User Account Control (UAC) helps prevent malware from damaging a computer and helps organizations deploy a better-managed desktop environment. + +You should not turn off UAC because this is not a supported scenario for devices running Windows 10. If you do turn off UAC, all Univeral Windows Platform apps stop working. You must always set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA** registry value to 1. If you need to provide auto elevation for programmatic access or installation, you could set the **HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin** registry value to 0, which is the same as setting the UAC slider Never Notify. This is not recommended for devices running Windows 10. + +For more info about how manage UAC, see [UAC Group Policy Settings and Registry Key Settings](/windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings). + +In Windows 10, User Account Control has added some improvements: + +- **Integration with the Antimalware Scan Interface (AMSI)**. The [AMSI](https://msdn.microsoft.com/library/windows/desktop/dn889587.aspx) scans all UAC elevation requests for malware. If malware is detected, the admin privilege is blocked. + +[Learn how to manage User Account Control within your organization](/windows/access-protection/user-account-control/user-account-control-overview). + +### VPN profile options + +Windows 10 provides a set of VPN features that both increase enterprise security and provide an improved user experience, including: + +- Always-on auto connection behavior +- App=triggered VPN +- VPN traffic filters +- Lock down VPN +- Integration with Microsoft Passport for Work + +[Learn more about the VPN options in Windows 10.](/windows/access-protection/vpn/vpn-profile-options) + + +## Management + +Windows 10 provides mobile device management (MDM) capabilities for PCs, laptops, tablets, and phones that enable enterprise-level management of corporate-owned and personal devices. + +### MDM support + +MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Microsoft Store, VPN configuration, and more. + +MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](https://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification. + +Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=533172) + +### Unenrollment + +When a person leaves your organization and you unenroll the user account or device from management, the enterprise-controlled configurations and apps are removed from the device. You can unenroll the device remotely or the person can unenroll by manually removing the account from the device. + +When a personal device is unenrolled, the user's data and apps are untouched, while enterprise information such as certificates, VPN profiles, and enterprise apps are removed. + +### Infrastructure + +Enterprises have the following identity and management choices. + +| Area | Choices | +|---|---| +| Identity | Active Directory; Azure AD | +| Grouping | Domain join; Workgroup; Azure AD join | +| Device management | Group Policy; Microsoft Endpoint Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | + + > **Note**   +With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). + + +### Device lockdown + + +Do you need a computer that can only do one thing? For example: + +- A device in the lobby that customers can use to view your product catalog. +- A portable device that drivers can use to check a route on a map. +- A device that a temporary worker uses to enter data. + +You can configure a persistent locked down state to [create a kiosk-type device](https://technet.microsoft.com/itpro/windows/manage/set-up-a-device-for-anyone-to-use). When the locked-down account is logged on, the device displays only the app that you select. + +You can also [configure a lockdown state](https://technet.microsoft.com/itpro/windows/manage/lock-down-windows-10-to-specific-apps) that takes effect when a given user account logs on. The lockdown restricts the user to only the apps that you specify. + +Lockdown settings can also be configured for device look and feel, such as a theme or a [custom layout on the Start screen](https://technet.microsoft.com/itpro/windows/manage/windows-10-start-layout-options-and-policies). + +### Customized Start layout + +A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Starting in Windows 10, version 1511, administrators can configure a *partial* Start layout, which applies specified tile groups while allowing users to create and customize their own tile groups. Learn how to [customize and export Start layout](/windows/configuration/customize-and-export-start-layout). + +Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). + +## Updates + +Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. + +By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing: + +- **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met). + +- **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. + +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). + +Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). + + +Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). + +For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](/windows/deployment/update/waas-servicing-strategy-windows-10-updates). + +## Microsoft Edge + +Microsoft Edge is not available in the LTSC release of Windows 10. + +## See Also + +[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release. + From f27bc3752460cb5b466ef5042d0a5428e68bd8f3 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Thu, 19 Dec 2019 17:36:15 -0800 Subject: [PATCH 002/157] scorecard terminology corrections --- .../ltsc/whats-new-windows-10-2015.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 80c78d4413..3749ad2dce 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -60,11 +60,11 @@ Enhancements to Applocker in Windows 10 include: For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile) -### Microsoft Passport +### Windows Live ID -In Windows 10, [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. +In Windows 10, [Windows Live ID service](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. -Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services. +Windows Live ID service lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Windows Live ID service enrollment, a Windows Live ID service is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Windows Live ID service to authenticate users and help them to access protected resources and services. ### Security auditing @@ -117,7 +117,7 @@ The logon event ID 4624 has been updated to include more verbose information to A list of all of the groups in the user's token. 6. **RestrictedAdminMode** String: yes or no If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. - For more info on restricted admin mode, see [Restricted Admin mode for RDP](http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). + For more info on restricted admin mode, see [Restricted Admin mode for RDP](https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). #### New fields in the process creation event @@ -174,7 +174,7 @@ Event ID 6416 has been added to track when an external device is detected throug The following sections describe the new and changed functionality in the TPM for Windows 10: - [Device health attestation](#bkmk-dha) -- [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support +- [Windows Live ID](/windows/access-protection/hello-for-business/hello-identity-verification) support - [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support - [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support @@ -212,7 +212,7 @@ Windows 10 provides a set of VPN features that both increase enterprise security - App=triggered VPN - VPN traffic filters - Lock down VPN -- Integration with Microsoft Passport for Work +- Integration with Windows Live ID for Work [Learn more about the VPN options in Windows 10.](/windows/access-protection/vpn/vpn-profile-options) @@ -264,9 +264,9 @@ You can also [configure a lockdown state](https://technet.microsoft.com/itpro/wi Lockdown settings can also be configured for device look and feel, such as a theme or a [custom layout on the Start screen](https://technet.microsoft.com/itpro/windows/manage/windows-10-start-layout-options-and-policies). -### Customized Start layout +### Start layout -A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Starting in Windows 10, version 1511, administrators can configure a *partial* Start layout, which applies specified tile groups while allowing users to create and customize their own tile groups. Learn how to [customize and export Start layout](/windows/configuration/customize-and-export-start-layout). +A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Starting in Windows 10, version 1511, administrators can configure a *partial* Start layout, which applies specified tile groups while allowing users to create and customize their own tile groups. Learn how to [customize and export Start layout](/windows/configuration/customize-and-export-start-layout). Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). @@ -280,7 +280,7 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. -- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility + Security E3](https://go.microsoft.com/fwlink/p/?LinkId=699281). Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). From 8548ff01cff59d13e58a59e4cdd06beedd289945 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Fri, 20 Dec 2019 14:47:14 -0800 Subject: [PATCH 003/157] thirty files config mgr rebrand --- ...hell-cmdlets-windows-defender-antivirus.md | 4 +- .../use-wmi-windows-defender-antivirus.md | 2 +- ...d-protection-windows-defender-antivirus.md | 12 +- ...indows-defender-antivirus-compatibility.md | 2 +- .../windows-defender-offline.md | 4 +- ...rt-windows-defender-application-control.md | 12 +- ...s-defender-application-control-policies.md | 2 +- .../select-types-of-rules-to-create.md | 2 +- .../types-of-devices.md | 2 +- ...ication-control-policy-design-decisions.md | 2 +- ...control-with-intelligent-security-graph.md | 2 +- ...lication-control-with-managed-installer.md | 6 +- .../reqs-wd-app-guard.md | 2 +- .../wd-app-guard-overview.md | 4 +- .../wdsc-device-performance-health.md | 2 +- .../wdsc-hide-notifications.md | 2 +- .../windows-defender-security-center.md | 4 +- ...sed-root-of-trust-helps-protect-windows.md | 2 +- ...sed-root-of-trust-helps-protect-windows.md | 2 +- .../windows-security-baselines.md | 4 +- .../get-support-for-security-baselines.md | 2 +- .../windows-security-baselines.md | 4 +- .../ltsc/whats-new-windows-10-2015.md | 24 +- .../ltsc/whats-new-windows-10-2016.md | 357 +++++++++--------- .../ltsc/whats-new-windows-10-2019.md | 4 +- ...ts-new-windows-10-version-1507-and-1511.md | 12 +- .../whats-new-windows-10-version-1703.md | 2 +- .../whats-new-windows-10-version-1803.md | 2 +- .../whats-new-windows-10-version-1903.md | 2 +- .../whats-new-windows-10-version-1909.md | 2 +- 30 files changed, 243 insertions(+), 242 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 326511d75c..45180f8c80 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -30,9 +30,9 @@ For a list of the cmdlets and their functions and available parameters, see the PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software. > [!NOTE] -> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [System Center Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), or [Windows Defender Antivirus Group Policy ADMX templates](https://support.microsoft.com/kb/927367). +> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), or [Windows Defender Antivirus Group Policy ADMX templates](https://support.microsoft.com/kb/927367). -Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, System Center Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. +Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md). diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index 0e88dfd58b..bac24170b6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -31,7 +31,7 @@ Windows Defender Antivirus has a number of specific WMI classes that can be used The [MSDN Windows Defender WMIv2 Provider reference library](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) lists the available WMI classes for Windows Defender Antivirus, and includes example scripts. -Changes made with WMI will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, System Center Configuration Manager, or Microsoft Intune can overwrite changes made with WMI. +Changes made with WMI will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with WMI. You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md). diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index e1d2d9c8e9..f05dbf11e6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -60,10 +60,10 @@ Organizations running Windows 10 E5, version 1803 can also take advantage of eme >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works. -The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager. +The following table describes the differences in cloud-delivered protection between recent versions of Windows and Microsoft Endpoint Configuration Manager. -Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | System Center Configuration Manager 2012 | System Center Configuration Manager (Current Branch) | Microsoft Intune +Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | System Center Configuration Manager 2012 | Microsoft Endpoint Configuration Manager (Current Branch) | Microsoft Intune ---|---|---|---|---|---|--- Cloud-protection service label | Microsoft Advanced Protection Service | Microsoft Advanced Protection Service | Cloud-based Protection | NA | Cloud protection service | Microsoft Advanced Protection Service Reporting level (MAPS membership level) | Basic, Advanced | Advanced | Advanced | Dependent on Windows version | Dependent on Windows version | Dependent on Windows version @@ -76,8 +76,8 @@ You can also [configure Windows Defender AV to automatically receive new protect Topic | Description ---|--- -[Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | You can enable cloud-delivered protection with System Center Configuration Manager, Group Policy, Microsoft Intune, and PowerShell cmdlets. -[Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) | You can specify the level of protection offered by the cloud with Group Policy and System Center Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. +[Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | You can enable cloud-delivered protection with Microsoft Endpoint Configuration Manager, Group Policy, Microsoft Intune, and PowerShell cmdlets. +[Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) | You can specify the level of protection offered by the cloud with Group Policy and Microsoft Endpoint Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-windows-defender-antivirus.md) | There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This topic lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. -[Configure the block at first sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) | The Block at First Sight feature can block new malware within seconds, without having to wait hours for traditional Security intelligence . You can enable and configure it with System Center Configuration Manager and Group Policy. -[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with System Center Configuration Manager and Group Policy. +[Configure the block at first sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) | The Block at First Sight feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it with Microsoft Endpoint Configuration Manager and Group Policy. +[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running withMicrosoft Endpoint Configuration Manager and Group Policy. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 369ebfe876..64efaa5752 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -57,7 +57,7 @@ See the [Windows Defender Antivirus on Windows Server 2016](windows-defender-ant >[!IMPORTANT] >Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016. > ->In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through System Center Configuration Manager. +>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager. > >Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations). diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index 4187645c2e..45d2f577d4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -57,7 +57,7 @@ See the [Manage Windows Defender Antivirus Security intelligence updates](manag In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Windows Defender Offline needs to run, it will prompt the user on the endpoint. -The need to perform an offline scan will also be revealed in System Center Configuration Manager if you're using it to manage your endpoints. +The need to perform an offline scan will also be revealed in Microsoft Endpoint Configuration Manager if you're using it to manage your endpoints. The prompt can occur via a notification, similar to the following: @@ -71,7 +71,7 @@ In Configuration Manager, you can identify the status of endpoints by navigating Windows Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**. -![System Center Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png) +![Microsoft Endpoint Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png) ## Configure notifications diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 765289825b..1accae5758 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -143,7 +143,7 @@ To sign the existing catalog file, copy each of the following commands into an e 5. Copy the catalog file to C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}. - For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as System Center Configuration Manager. Doing this also simplifies the management of catalog versions. + For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as Microsoft Endpoint Configuration Manager. Doing this also simplifies the management of catalog versions. ## Add a catalog signing certificate to a Windows Defender Application Control policy @@ -217,9 +217,9 @@ To simplify the management of catalog files, you can use Group Policy preference Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy. -## Deploy catalog files with System Center Configuration Manager +## Deploy catalog files with Microsoft Endpoint Configuration Manager -As an alternative to Group Policy, you can use System Center Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, System Center Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: +As an alternative to Group Policy, you can use Microsoft Endpoint Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Microsoft Endpoint Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: >[!NOTE] >The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. @@ -292,9 +292,9 @@ After you create the deployment package, deploy it to a collection so that the c Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy,. -## Inventory catalog files with System Center Configuration Manager +## Inventory catalog files with Microsoft Endpoint Configuration Manager -When catalog files have been deployed to the computers within your environment, whether by using Group Policy or System Center Configuration Manager, you can inventory them with the software inventory feature of System Center Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. +When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Microsoft Endpoint Configuration Manager, you can inventory them with the software inventory feature of Microsoft Endpoint Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. >[!NOTE] >A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. @@ -332,7 +332,7 @@ When catalog files have been deployed to the computers within your environment, 9. Now that you have created the client settings policy, right-click the new policy, click **Deploy**, and then choose the collection on which you would like to inventory the catalog files. -At the time of the next software inventory cycle, when the targeted clients receive the new client settings policy, you will be able to view the inventoried files in the built-in System Center Configuration Manager reports or Resource Explorer. To view the inventoried files on a client within Resource Explorer, complete the following steps: +At the time of the next software inventory cycle, when the targeted clients receive the new client settings policy, you will be able to view the inventoried files in the built-in Microsoft Endpoint Configuration Manager reports or Resource Explorer. To view the inventoried files on a client within Resource Explorer, complete the following steps: 1. Open the Configuration Manager console, and select the Assets and Compliance workspace. diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index ef6e327975..6054e9f6bd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -27,7 +27,7 @@ ms.date: 05/03/2018 Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. For example, after a WDAC policy is created and audited, you might want to merge audit events from another WDAC policy. > [!NOTE] -> Because only one SiPolicy.p7b file can be active on a system, the last management authority to write the policy wins. If there was already a policy deployed by using Group Policy and then amanaged installer using System Center Configuration Manager (SCCM) targeted the same device, the SCCM policy would overwrite the SiPolicy.p7b file. +> Because only one SiPolicy.p7b file can be active on a system, the last management authority to write the policy wins. If there was already a policy deployed by using Group Policy and then a managed installer using Microsoft Endpoint Configuration Manager targeted the same device, the Configuration Manager policy would overwrite the SiPolicy.p7b file. To merge two WDAC policies, complete the following steps in an elevated Windows PowerShell session: diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 9633a7cf60..33582e68a9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -62,7 +62,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | | **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | -| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. | +| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | | **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.| | **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. | diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index d6e8fa89a5..cc4ad5d2e3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -43,7 +43,7 @@ Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (MDATP) for better endpoint detection and response. > [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) +> Microsoft Endpoint Configuration Manager was previously known as Microsoft Endpoint Configuration Manager (SCCM) Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control. diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 87a4942ff4..6b431212ee 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -48,7 +48,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. -Microsoft Endpoint Configuration Manager (previously known as System Center Configuration Manager (SCCM)), uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow SCCM and its dependencies, sets the managed installer policy rule, and additionally configures SCCM as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the SCCM administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for SCCM's native WDAC integration. +Microsoft Endpoint Configuration Manager (previously known as Microsoft Endpoint Configuration Manager (SCCM)), uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow SCCM and its dependencies, sets the managed installer policy rule, and additionally configures SCCM as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the SCCM administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for SCCM's native WDAC integration. The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 22df45d2a2..1990f0a738 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -38,7 +38,7 @@ After that initial download and installation, the WDAC component will check for The reputation data on the client is rechecked periodically and enterprises can also specify that any cached reputation results are flushed on reboot. >[!NOTE] ->Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both System Center Configuration Manager (SCCM) and Microsoft Intune can be used to create and push a WDAC policy to your client machines. +>Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager (SCCM) and Microsoft Intune can be used to create and push a WDAC policy to your client machines. Other examples of WDAC policies are available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy). diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index e22de90c86..c3a6983cd6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -1,6 +1,6 @@ --- title: Authorize apps deployed with a WDAC managed installer (Windows 10) -description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as System Center Configuration Manager. +description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -28,7 +28,7 @@ ms.date: 06/13/2018 Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC). This is especially true for enterprises with large, ever changing software catalogs. -Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution, such as System Center Configuration Manager. +Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager. A managed installer helps an IT admin balance security and manageability requirements when employing application execution control policies by providing an option that does not require specifying explicit rules for software that is being managed through a software distribution solution. ## How does a managed installer work? @@ -159,7 +159,7 @@ Specify `-mionly` if you will not use the Intelligent Security Graph (ISG). ## Security considerations with managed installer Since managed installer is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. -It is best suited for deployment to systems where each user is configured as a standard user and where all software is deployed and installed by a software distribution solution, such as System Center Configuration Manager. +It is best suited for deployment to systems where each user is configured as a standard user and where all software is deployed and installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager. Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed. If the authorized managed installer process performs installations in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control. diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 9496c86d29..e514735967 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -41,4 +41,4 @@ Your environment needs the following software to run Windows Defender Applicatio |--------|-----------| |Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803 or higher
Windows 10 Professional for Workstations edition, version 1803 or higher
Windows 10 Professional Education edition version 1803 or higher
Windows 10 Education edition, version 1903 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. | |Browser|Microsoft Edge and Internet Explorer| -|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[System Center Configuration Manager](https://docs.microsoft.com/sccm/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| +|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index aa8c80886a..390bee5992 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -32,9 +32,9 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern Application Guard has been created to target several types of systems: -- **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. +- **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. -- **Enterprise mobile laptops.** These laptops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network. +- **Enterprise mobile laptops.** These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network. - **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index 2669eb3ab6..16cf8c2443 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -24,7 +24,7 @@ manager: dansimp - Windows 10, version 1703 and later -The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using System Center Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager). +The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager). The [Windows 10 IT pro troubleshooting topic](https://docs.microsoft.com/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](https://docs.microsoft.com/windows/windows-10/) can also be helpful for resolving issues. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 875fd5bfae..b8a43788fb 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -47,7 +47,7 @@ You can only use Group Policy to change these settings. ## Use Group Policy to hide non-critical notifications -You can hide notifications that describe regular events related to the health and security of the machine. These are notifications that do not require an action from the machine's user. It can be useful to hide these notifications if you find they are too numerours or you have other status reporting on a larger scale (such as Update Compliance or System Center Configuration Manager reporting). +You can hide notifications that describe regular events related to the health and security of the machine. These are notifications that do not require an action from the machine's user. It can be useful to hide these notifications if you find they are too numerours or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Endpoint Configuration Manager reporting). This can only be done in Group Policy. diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index af8816db71..4938625700 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -72,7 +72,7 @@ You can find more information about each section, including options for configur ![Screen shot of Windows Settings showing the different areas available in the Windows Security](images/settings-windows-defender-security-center-areas.png) > [!NOTE] -> Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Security. See the topics for each of the sections for links to configuring the associated features or products. +> Settings configured with management tools, such as Group Policy, Microsoft Intune, or Microsoft Endpoint Configuration Manager, will generally take precedence over the settings in the Windows Security. See the topics for each of the sections for links to configuring the associated features or products. ## How the Windows Security app works with Windows security features @@ -98,7 +98,7 @@ The Windows Security app operates as a separate app or process from each of the It acts as a collector or single place to see the status and perform some configuration for each of the features. -Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Security app. The Windows Security app itself will still run and show status for the other security features. +Disabling any of the individual features (through Group Policy or other management tools, such as Microsoft Endpoint Configuration Manager) will prevent that feature from reporting its status in the Windows Security app. The Windows Security app itself will still run and show status for the other security features. > [!IMPORTANT] > Individually disabling any of the services will not disable the other services or the Windows Security app. diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index a7def9d5fd..cba2a4eb17 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -82,5 +82,5 @@ As Windows 10 boots, a series of integrity measurements are taken by Windows Def ![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) -After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. +After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Endpoint Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md index d91fbb98a5..a17ad45ab9 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md @@ -83,5 +83,5 @@ As Windows 10 boots, a series of integrity measurements are taken by Windows Def ![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) -After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. +After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Endpoint Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 30b70df2a4..34077fff4c 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -51,7 +51,7 @@ In modern organizations, the security threat landscape is constantly evolving, a You can use security baselines to: - Ensure that user and device configuration settings are compliant with the baseline. -- Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. +- Set configuration settings. For example, you can use Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. ## Where can I get the security baselines? @@ -73,7 +73,7 @@ You may also be interested in this msdn channel 9 video: ## See Also -- [System Center Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) +- [Microsoft Endpoint Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) - [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite) - [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/) - [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 6ef956ed10..175026482e 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -40,7 +40,7 @@ The toolkit supports formats created by the Windows GPO backup feature (.pol, .i Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We are currently developing a tool to provide customers with these features. -**Does SCT support the creation of System Center Configuration Manager (SCCM) DCM packs?** +**Does SCT support the creation of Microsoft Endpoint Configuration Manager (SCCM) DCM packs?** No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement). diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 723c0bfe49..29c80c909e 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -51,7 +51,7 @@ In modern organizations, the security threat landscape is constantly evolving, a You can use security baselines to: - Ensure that user and device configuration settings are compliant with the baseline. -- Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. +- Set configuration settings. For example, you can use Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. ## Where can I get the security baselines? @@ -73,7 +73,7 @@ You may also be interested in this msdn channel 9 video: ## See Also -- [System Center Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) +- [Microsoft Endpoint Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) - [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/) - [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/) - [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 3749ad2dce..3453b80131 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -34,11 +34,11 @@ With Windows 10, you can create provisioning packages that let you quickly and e ## Security -### Applocker +### AppLocker -Applocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md) for a list of operating system requirements. +AppLocker was available for Windows 8.1, and is improved with Windows 10. See [Requirements to use AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md) for a list of operating system requirements. -Enhancements to Applocker in Windows 10 include: +Enhancements to AppLocker in Windows 10 include: - A new parameter was added to the [New-AppLockerPolicy](https://technet.microsoft.com/library/hh847211.aspx) Windows PowerShell cmdlet that lets you choose whether executable and DLL rule collections apply to non-interactive processes. To enable this, set the **ServiceEnforcement** to **Enabled**. - A new [AppLocker](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) configuration service provider was add to allow you to enable AppLocker rules by using an MDM server. @@ -46,9 +46,9 @@ Enhancements to Applocker in Windows 10 include: [Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview). -### Bitlocker +### BitLocker -Enhancements to Applocker in Windows 10 include: +Enhancements to AppLocker in Windows 10 include: - **Encrypt and recover your device with Azure Active Directory**. In addition to using a Microsoft Account, automatic [Device Encryption](https://technet.microsoft.com/itpro/windows/keep-secure/windows-10-security-guide#device-encryption) can now encrypt your devices that are joined to an Azure Active Directory domain. When the device is encrypted, the BitLocker recovery key is automatically escrowed to Azure Active Directory. This will make it easier to recover your BitLocker key online. - **DMA port protection**. You can use the [DataProtection/AllowDirectMemoryAccess](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#dataprotection-allowdirectmemoryaccess) MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on. @@ -60,11 +60,11 @@ Enhancements to Applocker in Windows 10 include: For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile) -### Windows Live ID +### Microsoft Passport -In Windows 10, [Windows Live ID service](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. +In Windows 10, [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. -Windows Live ID service lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Windows Live ID service enrollment, a Windows Live ID service is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Windows Live ID service to authenticate users and help them to access protected resources and services. +Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services. ### Security auditing @@ -174,7 +174,7 @@ Event ID 6416 has been added to track when an external device is detected throug The following sections describe the new and changed functionality in the TPM for Windows 10: - [Device health attestation](#bkmk-dha) -- [Windows Live ID](/windows/access-protection/hello-for-business/hello-identity-verification) support +- [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support - [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support - [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support @@ -212,7 +212,7 @@ Windows 10 provides a set of VPN features that both increase enterprise security - App=triggered VPN - VPN traffic filters - Lock down VPN -- Integration with Windows Live ID for Work +- Integration with Microsoft Passport for Work [Learn more about the VPN options in Windows 10.](/windows/access-protection/vpn/vpn-profile-options) @@ -270,7 +270,7 @@ A standard Start layout can be useful on devices that are common to multiple use Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). -## Updates +## Updates Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. @@ -280,7 +280,7 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. -- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility + Security E3](https://go.microsoft.com/fwlink/p/?LinkId=699281). +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 683b980e8f..727cc608be 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -1,178 +1,179 @@ ---- -title: What's new in Windows 10 Enterprise 2016 LTSC -ms.reviewer: -manager: laurawi -ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"] -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: low -ms.topic: article ---- - -# What's new in Windows 10 Enterprise 2016 LTSC - -**Applies to** -- Windows 10 Enterprise 2016 LTSC - -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2016 LTSC (LTSB), compared to Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). - ->[!NOTE] ->Features in Windows 10 Enterprise 2016 LTSC are equivalent to Windows 10, version 1607. - -## Deployment - -### Windows Imaging and Configuration Designer (ICD) - -In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install additional features for Windows ICD to run. Starting in this version of Windows 10, you can install just the configuration designer component independent of the rest of the imaging components. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) - -Windows ICD now includes simplified workflows for creating provisioning packages: - -- [Simple provisioning to set up common settings for Active Directory-joined devices](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment) -- [Advanced provisioning to deploy certificates and apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates) -- [School provisioning to set up classroom devices for Active Directory](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain) - -[Learn more about using provisioning packages in Windows 10.](/windows/configuration/provisioning-packages/provisioning-packages) - -### Windows Upgrade Readiness - ->[!IMPORTANT] ->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. - -Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. - -With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. - -Use Upgrade Readiness to get: - -- A visual workflow that guides you from pilot to production -- Detailed computer and application inventory -- Powerful computer level search and drill-downs -- Guidance and insights into application and driver compatibility issues, with suggested fixes -- Data driven application rationalization tools -- Application usage information, allowing targeted validation; workflow to track validation progress and decisions -- Data export to commonly used software deployment tools - -The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready. - -[Learn more about planning and managing Windows upgrades with Windows Upgrade Readiness.](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness) - -## Security - -### Credential Guard and Device Guard - -Isolated User Mode is now included with Hyper-V so you don't have to install it separately. - -### Windows Hello for Business - -When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in this version of Windows 10. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. - -Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC: - -- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. -- Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. -- Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**. - - -[Learn more about Windows Hello for Business.](/windows/access-protection/hello-for-business/hello-identity-verification) - -### Bitlocker - -#### New Bitlocker features - -- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. - It provides the following benefits: - - The algorithm is FIPS-compliant. - - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. - >**Note:** Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. - -### Security auditing - -#### New Security auditing features - -- The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices. - -### Trusted Platform Module - -#### New TPM features - -- Key Storage Providers (KSPs) and srvcrypt support elliptical curve cryptography (ECC). - -### Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) - -With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. - -Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. - -- [Create a Windows Information Protection (WIP) policy](https://technet.microsoft.com/itpro/windows/keep-secure/overview-create-wip-policy) -- [General guidance and best practices for Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/guidance-and-best-practices-wip) - -[Learn more about Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip) - -### Windows Defender - -Several new features and management options have been added to Windows Defender in this version of Windows 10. - -- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. -- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. -- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. -- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. -- [Run a Windows Defender scan from the command line](/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus). -- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) during download and install times. - -### Windows Defender Advanced Threat Protection (ATP) - -With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. - -[Learn more about Windows Defender Advanced Threat Protection (ATP)](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). - -### VPN security - -- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients. -- The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection. -- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607) -- Microsoft Intune: *VPN Profile (Windows 10 Desktop and Mobile and later)* policy template includes support for native VPN plug-ins. - -## Management - -### Use Remote Desktop Connection for PCs joined to Azure Active Directory - -From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in this version of Windows 10, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD). [Learn about the requirements and supported configurations.](/windows/client-management/connect-to-remote-aadj-pc) - -### Taskbar configuration - -Enterprise administrators can add and remove pinned apps from the taskbar. Users can pin apps, unpin apps, and change the order of pinned apps on the taskbar after the enterprise configuration is applied. [Learn how to configure the taskbar.](/windows/configuration/windows-10-start-layout-options-and-policies) - -### Mobile device management and configuration service providers (CSPs) - -Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. To learn more about the specific changes in MDM policies for this version of Windows 10, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607). - -### Shared PC mode - -This version of Windows 10, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](/windows/configuration/set-up-shared-or-guest-pc) - -### Application Virtualization (App-V) for Windows 10 - -Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally. - -With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. - -[Learn how to deliver virtual applications with App-V.](/windows/application-management/app-v/appv-getting-started) - -### User Experience Virtualization (UE-V) for Windows 10 - -Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Microsoft Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. - -With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. - -With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. - -[Learn how to synchronize user-customized settings with UE-V.](/windows/configuration/ue-v/uev-for-windows) - -## See Also - -[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release. - +--- +title: What's new in Windows 10 Enterprise 2016 LTSC +ms.reviewer: +manager: laurawi +ms.author: greglin +description: New and updated IT Pro content about new features in Windows 10 Enterprise 2016 LTSC (also known as Windows 10 Enterprise 2016 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2016 LTSC"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: low +ms.topic: article +--- + +# What's new in Windows 10 Enterprise 2016 LTSC + +**Applies to** +- Windows 10 Enterprise 2016 LTSC + +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2016 LTSC (LTSB), compared to Windows 10 Enterprise 2015 LTSC (LTSB). For a brief description of the LTSC servicing channel, see [Windows 10 Enterprise LTSC](index.md). + +>[!NOTE] +>Features in Windows 10 Enterprise 2016 LTSC are equivalent to Windows 10, version 1607. + +## Deployment + +### Windows Imaging and Configuration Designer (ICD) + +In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install additional features for Windows ICD to run. Starting in this version of Windows 10, you can install just the configuration designer component independent of the rest of the imaging components. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) + +Windows ICD now includes simplified workflows for creating provisioning packages: + +- [Simple provisioning to set up common settings for Active Directory-joined devices](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment) +- [Advanced provisioning to deploy certificates and apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates) +- [School provisioning to set up classroom devices for Active Directory](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain) + +[Learn more about using provisioning packages in Windows 10.](/windows/configuration/provisioning-packages/provisioning-packages) + +### Windows Upgrade Readiness + +>[!IMPORTANT] +>Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. + +Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. + +With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. + +Use Upgrade Readiness to get: + +- A visual workflow that guides you from pilot to production +- Detailed computer and application inventory +- Powerful computer level search and drill-downs +- Guidance and insights into application and driver compatibility issues, with suggested fixes +- Data driven application rationalization tools +- Application usage information, allowing targeted validation; workflow to track validation progress and decisions +- Data export to commonly used software deployment tools + +The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready. + +[Learn more about planning and managing Windows upgrades with Windows Upgrade Readiness.](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness) + +## Security + +### Credential Guard and Device Guard + +Isolated User Mode is now included with Hyper-V so you don't have to install it separately. + +### Windows Hello for Business + +When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in this version of Windows 10. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. + +Additional changes for Windows Hello in Windows 10 Enterprise 2016 LTSC: + +- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. +- Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. +- Beginning in this version of Windows 10, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**. + + +[Learn more about Windows Hello for Business.](/windows/access-protection/hello-for-business/hello-identity-verification) + +### BitLocker + +#### New BitLocker features + +- **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. + It provides the following benefits: + - The algorithm is FIPS-compliant. + - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. + >**Note:** Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. + +### Security auditing + +#### New Security auditing features + +- The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices. + +### Trusted Platform Module + +#### New TPM features + +- Key Storage Providers (KSPs) and srvcrypt support elliptical curve cryptography (ECC). + +### Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) + +With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. + +Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. + +- [Create a Windows Information Protection (WIP) policy](https://technet.microsoft.com/itpro/windows/keep-secure/overview-create-wip-policy) +- [General guidance and best practices for Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/guidance-and-best-practices-wip) + +[Learn more about Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip) + +### Windows Defender + +Several new features and management options have been added to Windows Defender in this version of Windows 10. + +- [Windows Defender Offline in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-offline) can be run directly from within Windows, without having to create bootable media. +- [Use PowerShell cmdlets for Windows Defender](/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus) to configure options and run scans. +- [Enable the Block at First Sight feature in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) to leverage the Windows Defender cloud for near-instant protection against new malware. +- [Configure enhanced notifications for Windows Defender in Windows 10](/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus) to see more information about threat detections and removal. +- [Run a Windows Defender scan from the command line](/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus). +- [Detect and block Potentially Unwanted Applications with Windows Defender](/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) during download and install times. + +### Windows Defender Advanced Threat Protection (ATP) + +With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks. + +[Learn more about Windows Defender Advanced Threat Protection (ATP)](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). + +### VPN security + +- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Azure Active Directory, to provide a device compliance option for remote clients. +- The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection. +- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607) +- Microsoft Intune: *VPN Profile (Windows 10 Desktop and Mobile and later)* policy template includes support for native VPN plug-ins. + +## Management + +### Use Remote Desktop Connection for PCs joined to Azure Active Directory + +From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in this version of Windows 10, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD). [Learn about the requirements and supported configurations.](/windows/client-management/connect-to-remote-aadj-pc) + +### Taskbar configuration + +Enterprise administrators can add and remove pinned apps from the taskbar. Users can pin apps, unpin apps, and change the order of pinned apps on the taskbar after the enterprise configuration is applied. [Learn how to configure the taskbar.](/windows/configuration/windows-10-start-layout-options-and-policies) + +### Mobile device management and configuration service providers (CSPs) + +Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilities for managing devices. To learn more about the specific changes in MDM policies for this version of Windows 10, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607). + +### Shared PC mode + +This version of Windows 10, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](/windows/configuration/set-up-shared-or-guest-pc) + +### Application Virtualization (App-V) for Windows 10 + +Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Microsoft Store, and interact with them as if they were installed locally. + +With the release of this version of Windows 10, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. + +[Learn how to deliver virtual applications with App-V.](/windows/application-management/app-v/appv-getting-started) + +### User Experience Virtualization (UE-V) for Windows 10 + +Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Microsoft Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. + +With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to. + +With the release of this version of Windows 10, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. + +[Learn how to synchronize user-customized settings with UE-V.](/windows/configuration/ue-v/uev-for-windows) + +## See Also + +[Windows 10 Enterprise LTSC](index.md): A description of the LTSC servicing channel with links to information about each release. + diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 4c6f69c1a2..2eb8961b72 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -417,7 +417,7 @@ If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.micro ### Co-management -Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) @@ -482,7 +482,7 @@ You can now register your Azure AD domains to the Windows Insider Program. For m ### Optimize update delivery -With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 7cfd7c2c0d..c688e4952a 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -42,9 +42,9 @@ With Windows 10, you can create provisioning packages that let you quickly and e [Learn how to manage AppLocker within your organization](/windows/device-security/applocker/applocker-overview). -### Bitlocker +### BitLocker -#### New Bitlocker features in Windows 10, version 1511 +#### New BitLocker features in Windows 10, version 1511 - **XTS-AES encryption algorithm**. BitLocker now supports the XTS-AES encryption algorithm. XTS-AES provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text. BitLocker supports both 128-bit and 256-bit XTS-AES keys. It provides the following benefits: @@ -52,7 +52,7 @@ With Windows 10, you can create provisioning packages that let you quickly and e - Easy to administer. You can use the BitLocker Wizard, manage-bde, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices in your organization. >**Note:** Drives encrypted with XTS-AES will not be accessible on older version of Windows. This is only recommended for fixed and operating system drives. Removable drives should continue to use the AES-CBC 128-bit or AES-CBC 256-bit algorithms. -#### New Bitlocker features in Windows 10, version 1507 +#### New BitLocker features in Windows 10, version 1507 @@ -278,7 +278,7 @@ Enterprises have the following identity and management choices. |---|---| | Identity | Active Directory; Azure AD | | Grouping | Domain join; Workgroup; Azure AD join | -| Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | +| Device management | Group Policy; Microsoft Endpoint Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | >[!NOTE]   >With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). @@ -325,9 +325,9 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. -- **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). -Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). +Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 71c7f06847..1a4c0d57c0 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -195,7 +195,7 @@ We recently added the option to download Windows 10 Insider Preview builds using ### Optimize update delivery -With changes delivered in Windows 10, version 1703, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. +With changes delivered in Windows 10, version 1703, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index e13290b34f..051d5d4b6e 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -134,7 +134,7 @@ Portions of the work done during the offline phases of a Windows update have bee ### Co-management -**Intune** and **System Center Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +**Intune** and **Microsoft Endpoint Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 45feb23e75..f13c8d694c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -53,7 +53,7 @@ SetupDiag is a command-line tool that can help diagnose why a Windows 10 update ## Servicing -- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon! +- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index a9384caf8b..89e6ad37a5 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -32,7 +32,7 @@ If you are updating from an older version of Windows 10 (version 1809 or earlier ### Windows Server Update Services (WSUS) -Pre-release Windows 10 feature updates are now available to IT administrators using WSUS. System Center Configuration Manager version 1906 or later is required. For more information, see [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054). +Pre-release Windows 10 feature updates are now available to IT administrators using WSUS. Microsoft Endpoint Configuration Manager version 1906 or later is required. For more information, see [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054). The Windows 10, version 1909 enablement package will be available on WSUS as [KB4517245](https://support.microsoft.com/kb/4517245), which can be deployed on existing deployments of Windows 10, version 1903. From d71cca8254f6be86ec1e5a612362708ade1848db Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:04:33 -0800 Subject: [PATCH 004/157] Added new TVM API topics --- .../get-all-recommendations.md | 104 ++++++++++++++++++ .../get-all-vulnerabilities.md | 92 ++++++++++++++++ .../get-machines-by-software.md | 89 +++++++++++++++ .../get-machines-by-vulnerability.md | 88 +++++++++++++++ .../get-recommendation-by-id.md | 93 ++++++++++++++++ .../get-recommendation-machines.md | 81 ++++++++++++++ .../get-recommendation-software.md | 81 ++++++++++++++ .../get-recommendation-vulnerabilities.md | 90 +++++++++++++++ .../get-software-by-id.md | 83 ++++++++++++++ .../get-software-ver-distribution.md | 86 +++++++++++++++ .../microsoft-defender-atp/get-software.md | 84 ++++++++++++++ .../get-vuln-by-software.md | 93 ++++++++++++++++ .../get-vulnerability-by-id.md | 86 +++++++++++++++ 13 files changed, 1150 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md new file mode 100644 index 0000000000..34c6863e7d --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -0,0 +1,104 @@ +--- +title: List all recommendations +description: Retrieves a list of all security recommendations affecting the organization. +keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List all recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all security recommendations affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-microsoft-_-windows_10", + "productName": "windows_10", + "recommendationName": "Update Windows 10", + "weaknesses": 397, + "vendor": "microsoft", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": true, + "activeAlert": false, + "associatedThreats": [ + "3098b8ef-23b1-46b3-aed4-499e1928f9ed", + "40c189d5-0330-4654-a816-e48c2b7f9c4b", + "4b0c9702-9b6c-4ca2-9d02-1556869f56f8", + "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d", + "94b6e94b-0c1d-4817-ac06-c3b8639be3ab" + ], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 7.674418604651163, + "totalMachineCount": 37, + "exposedMachinesCount": 7, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Windows 10" + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md new file mode 100644 index 0000000000..01869cd89b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -0,0 +1,92 @@ +--- +title: Get all vulnerabilities +description: Retrieves a list of all the vulnerabilities affecting the organization +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get all vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all the vulnerabilities affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of vulnerabilities in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "value": [ + { + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + { +.. +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md new file mode 100644 index 0000000000..dd922cae08 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -0,0 +1,89 @@ +--- +title: List machines by software +description: Retrieve a list of machines that has this software installed. +keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of machines that has this software installed + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/machineReferences +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK and a list of machines with the software installed in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", + "computerDnsName": "dave_desktop", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, + { + "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d", + "computerDnsName": "jane_PC", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md new file mode 100644 index 0000000000..37a235d516 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -0,0 +1,88 @@ +--- +title: List machines by vulnerability +description: Retrieves a list of machines affected by a vulnerability. +keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by vulnerability +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines affected by a vulnerability. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "235a2e6278c63fcf85bab9c370396972c58843de", + "computerDnsName": "h1mkn_PC", + "osPlatform": "Windows10", + "rbacGroupId": 1268 + }, + { + "id": "afb3f807d1a185ac66668f493af028385bfca184", + "computerDnsName": "chat_Desk ", + "osPlatform": "Windows10", + "rbacGroupId": 410 + } + ] + } +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md new file mode 100644 index 0000000000..86f7eef853 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -0,0 +1,93 @@ +--- +title: Get recommendation by Id +description: Retrieves a security recommendation by its ID. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "id": "va-_-google-_-chrome", + "productName": "chrome", + "recommendationName": "Update Chrome", + "weaknesses": 38, + "vendor": "google", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 3.9441860465116285, + "totalMachineCount": 6, + "exposedMachinesCount": 5, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Chrome" +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md new file mode 100644 index 0000000000..772dc4e34b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation machines +description: Retrieves a list of machines associated with the security recommendation. +keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation machines +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of machines associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", + "computerDnsName": "niw_pc", + "osPlatform": "Windows10", + "rbacGroupId": 2154 + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md new file mode 100644 index 0000000000..4032adfef3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation software +description: Retrieves a security recommendation related to a specific software. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation related to a specific software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software associated with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "id": "google-_-chrome", + "name": "chrome", + "vendor": "google", + "weaknesses": 38, + "publicExploit": false, + "activeAlert": false, + "exposedMachines": 5, + "impactScore": 3.94418621 +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md new file mode 100644 index 0000000000..954479aad6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -0,0 +1,90 @@ +--- +title: Get recommendation vulnerabilities +description: Retrieves a list of vulnerabilities associated with the security recommendation. +keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of vulnerabilities associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-13748", + "name": "CVE-2019-13748", + "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "severity": "Medium", + "cvssV3": 6.5, + "exposedMachines": 0, + "publishedOn": "2019-12-10T00:00:00Z", + "updatedOn": "2019-12-16T12:15:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md new file mode 100644 index 0000000000..663bac6747 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -0,0 +1,83 @@ +--- +title: Get software by Id +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get software by Id + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves software details by ID + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id} +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the specified software data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md new file mode 100644 index 0000000000..39a3275bf2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -0,0 +1,86 @@ +--- +title: List software version distribution +description: Retrieves a list of your organization's software version distribution +keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software version distribution + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of your organization's software version distribution + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/distributions +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a list of software distributions data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "value": [ + { + "version": "11.0.17134.1039", + "installations": 1, + "vulnerabilities": 11 + }, + { + "version": "11.0.18363.535", + "installations": 750, + "vulnerabilities": 0 + }, +… +} + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md new file mode 100644 index 0000000000..67bfa09292 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -0,0 +1,84 @@ +--- +title: List software +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software inventory API +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves the organization software inventory + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software inventory in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "value": [ + { + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 + }, +…. +} \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md new file mode 100644 index 0000000000..6984c10ec6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -0,0 +1,93 @@ +--- +title: List vulnerabilities by software +description: Retrieve a list of vulnerabilities in the installed software. +keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List vulnerabilities by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of vulnerabilities in the installed software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/vulnerabilities +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2017-0140", + "name": "CVE-2017-0140", + "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", + "severity": "Medium", + "cvssV3": 4.2, + "exposedMachines": 1, + "publishedOn": "2017-03-14T00:00:00Z", + "updatedOn": "2019-10-03T00:03:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md new file mode 100644 index 0000000000..f87c04ae43 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -0,0 +1,86 @@ +--- +title: Get vulnerability by Id +description: Retrieves vulnerability information by its ID. +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get vulnerability by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves vulnerability information by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] +} +``` From 0218a6ca9fe3f9ed025fac09d1ccf367e047ca8a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:51:26 -0800 Subject: [PATCH 005/157] Added TVM API --- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index c06d033182..b5bc9edc17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,6 +43,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. + - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
You can now use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions. From 2f0a51cdd0b644c2f906ba30d92e03a72be08888 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:53:17 -0800 Subject: [PATCH 006/157] Added TVM API updates --- .../microsoft-defender-atp/exposed-apis-list.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index c91de23386..8c836888bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -57,6 +57,10 @@ Machines | Run API calls such as get machines, get machines by ID, information a Machine Actions | Run API call such as Isolation, Run anti-virus scan and more. Indicators | Run API call such as create Indicator, get Indicators and delete Indicators. Users | Run API calls such as get user related alerts and user related machines. +Score | Run API calls such as get exposure score or get device secure score. +Software | Run API calls such as list vulnerabilities by software. +Vulnerability | Run API calls such as list machines by vulnerability. +Recommendation | Run API calls such as Get recommendation by Id. ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) From 3e3f11677650c357e737dea21639ad9b7f40177f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:14:52 -0800 Subject: [PATCH 007/157] Added TVM API updates --- .../threat-protection/microsoft-defender-atp/machine.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a4227c1113..9c68f4125d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -28,6 +28,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). +[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. @@ -50,3 +53,4 @@ rbacGroupName | String | RBAC Group Name. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined). machineTags | String collection | Set of [machine](machine.md) tags. +exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. From c3e3a1371041006e50653c3b157b5636724e84cb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:15:29 -0800 Subject: [PATCH 008/157] Added pre rel statement --- .../security/threat-protection/microsoft-defender-atp/machine.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 9c68f4125d..304e43abbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -20,6 +20,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] ## Methods Method|Return Type |Description From 4555f820e4f70b9ee3b4449e5f0f8be938582f09 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:30:35 -0800 Subject: [PATCH 009/157] Added new topics for TVM API --- .../get-device-secure-score.md | 85 +++++++++++++++++ .../get-exposure-score.md | 91 ++++++++++++++++++ .../get-machine-group-exposure-score.md | 94 +++++++++++++++++++ .../microsoft-defender-atp/recommendation.md | 57 +++++++++++ .../microsoft-defender-atp/score.md | 75 +++++++++++++++ .../microsoft-defender-atp/software.md | 45 +++++++++ .../microsoft-defender-atp/vulnerability.md | 48 ++++++++++ 7 files changed, 495 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/recommendation.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/vulnerability.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md new file mode 100644 index 0000000000..7a81fe0182 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -0,0 +1,85 @@ +--- +title: Get Device Secure score +description: Retrieves the organizational device secure score. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get Device Secure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational device secure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/configurationScore +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the with device secure score data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/configurationScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", + "time": "2019-12-03T09:15:58.1665846Z", + "score": 340, + "rbacGroupId": null +} +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md new file mode 100644 index 0000000000..2ce5adf1e0 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -0,0 +1,91 @@ +--- +title: Get exposure score +description: Retrieves the organizational exposure score. +keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get exposure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational exposure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + + +## HTTP request +``` +GET /api/exposureScore +``` + +## Optional query parameters +Method supports $top, $select, $filter, $expand and $skip query parameters. +
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the exposure data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", + "time": "2019-12-03T07:23:53.280499Z", + "score": 33.491554051195706, + "rbacGroupId": null +} + +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md new file mode 100644 index 0000000000..42995a2265 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -0,0 +1,94 @@ +--- +title: List exposure score by machine group +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List exposure score by machine group + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Retrieves a collection of alerts related to a given domain address. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/exposureScore/ByMachineGroups +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T09:51:28.214338Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T09:51:28.2143399Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T09:51:28.2143407Z", + "score": 26.390921344426033, + "rbacGroupId": 9 + }, + { + "time": "2019-12-03T09:51:28.2143414Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md new file mode 100644 index 0000000000..c9dfd44b5f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -0,0 +1,57 @@ +--- +title: Recommendation methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Recommendation resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List all recommendations](get-all-recommendations.md) | Recommendation collection | +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +productName | String | +recommendationName | String | +Weaknesses | Long | +Vendor | String | +recommendedVersion | String | +recommendationCategory | String | +subCategory | String | +severityScore | Double | +publicExploit | Boolean | +activeAlert | Boolean | +associatedThreats | String collection | +remediationType | String | +Status | String | Enum +configScoreImpact | Double | +exposureImpacte | Double| +totalMachineCount | Long | +exposedMachinesCount | Long | +nonProductivityImpactedAssets | Long | +relatedComponent | String | diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md new file mode 100644 index 0000000000..06f002a203 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -0,0 +1,75 @@ +--- +title: Score methods and properties +description: Retrieves your organization's exposure score, device secure score, and exposure score by machine group +keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by machine group +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Score resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get exposure score](get-exposure-score.md) | [Score](score.md) | Get the organizational exposure score. +[Get device secure score](get-device-secure-score.md) | [Score](score.md) | Get the organizational device secure score. +[List exposure score by machine group](get-machine-group-exposure-score.md)| [Score](score.md) | List scores by machine group. + + +## Properties +Property | Type | Description +:---|:---|:--- +Score | Double | The current score. +Time | DateTime | The date and time in which the call for this API was made. +RbacGroupId | Nullable Int | RBAC Group ID. + + +### Response example for getting machine groups score: + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/byMachineGroups +``` + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T07:26:49.9376328Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T07:26:49.9376375Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + }, + { + "time": "2019-12-03T07:26:49.9376382Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T07:26:49.9376388Z", + "score": 26.323200116475423, + "rbacGroupId": 9 + } + ] +} + + +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md new file mode 100644 index 0000000000..36aba64d20 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -0,0 +1,45 @@ +--- +title: Software methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Software resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List software](get-software.md) | Software collection | List the organizational software inventory. +[Get software by Id](get-software-by-id.md) | Software | Get a specific software by its software ID. +[List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID. +[List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of machines that are associated with the software ID. +[List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID. + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Vendor | String | +Weaknesses | Long | +publicExploit | Boolean | +activeAlert | Boolean | +exposedMachines | Long | +impactScore | Double | + diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md new file mode 100644 index 0000000000..3be61d9006 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -0,0 +1,48 @@ +--- +title: Vulnerability methods and properties +description: Retrieves vulnerability information +keywords: apis, graph api, supported apis, get, vulnerability +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Vulnerability resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Description | String | +Severity | String | +cvssV3 | Double | +exposedMachines | Long | +publishedOn | DateTime | +updatedOn | DateTime | +publicExploit | Boolean | +exploitVerified | Boolean | +exploitInKit | Boolean | +exploitTypes | String collection | +exploitUris | String collection | From 50f256b8ff4452751800c2765d732d9d72462ebc Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:18 -0800 Subject: [PATCH 010/157] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 7a81fe0182..d2f1bb53f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -61,9 +61,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/configurationScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. @@ -82,4 +79,4 @@ Here is an example of the response. ``` ## Related topics -- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) From 3ca2208e18c820f3d4a17169a5e5e2c3d8c845dd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:58 -0800 Subject: [PATCH 011/157] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 2ce5adf1e0..b71e4ee8ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -66,9 +66,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/exposureScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. From f6c235d9a57adfbe729be5f1b0a1766beec6b689 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:54:44 -0800 Subject: [PATCH 012/157] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 304e43abbd..99a215e8c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 7cb440f17418effaa820a15a90cc10732c5b18c8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:58:02 -0800 Subject: [PATCH 013/157] Added descriptions --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 3be61d9006..f024339c3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -25,8 +25,8 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | -[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | Retrieves a list of all the vulnerabilities affecting the organization +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | Retrieves vulnerability information by its ID [List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID From d030104010b31f5ce85f03043acaee902fe1f3bd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:00:26 -0800 Subject: [PATCH 014/157] Added descriptions --- .../microsoft-defender-atp/recommendation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index c9dfd44b5f..ea8cfbf381 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -25,11 +25,11 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[List all recommendations](get-all-recommendations.md) | Recommendation collection | -[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | -[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | -[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | -[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | +[List all recommendations](get-all-recommendations.md) | Recommendation collection | Retrieves a list of all security recommendations affecting the organization +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | Retrieves a security recommendation by its ID +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | Retrieves a security recommendation related to a specific software +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | Retrieves a list of machines associated with the security recommendation +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of vulnerabilities associated with the security recommendation ## Properties From 85fe93712636fca7b17cf9e1354d39f636335eaf Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:01:53 -0800 Subject: [PATCH 015/157] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index ea8cfbf381..2e38f54fca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -48,7 +48,7 @@ publicExploit | Boolean | activeAlert | Boolean | associatedThreats | String collection | remediationType | String | -Status | String | Enum +Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | exposureImpacte | Double| totalMachineCount | Long | From 9f7a62f14ba66223605a1eb4b11886c49305e4d4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:06:25 -0800 Subject: [PATCH 016/157] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index b71e4ee8ec..fadf3a064a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -38,10 +38,6 @@ Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability GET /api/exposureScore ``` -## Optional query parameters -Method supports $top, $select, $filter, $expand and $skip query parameters. -
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains - ## Request headers Name | Type | Description From f20f1097c0e04d4205b66422f8d740b8288bf093 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 7 Jan 2020 16:15:14 -0800 Subject: [PATCH 017/157] new topic --- .../web-content-filtering.md | 206 ++++++++++++++++++ 1 file changed, 206 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md new file mode 100644 index 0000000000..b1eede6e12 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -0,0 +1,206 @@ +--- +title: Monitoring web browsing security in Microsoft Defender ATP +description: Use web protection in Microsoft Defender ATP to monitor web browsing security +keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: lomayor +author: lomayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 08/30/2019 +--- + +# Web content filtering configuration & reporting + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) + +Web content filtering enables you to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. + +You can configure policies across your machine groups to block certain categories, effectively preventing users within specified machine groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption, but web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. + +Web content filtering is available on most major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Internet Explorer, Chrome, Firefox, and all other browsers). See the prerequisites section for more information about browser support. + +To summarize the benefits: + +- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away +- You can conveniently deploy varied policies to various sets of users using the machine groups defined in the Microsoft Defender ATP role-based access control settings +- You can access web reports in the same central location, with visibility over actual blocks and web usage + +## Prerequisites + +Before trying out this feature, make sure you have the following: +• Windows E5 license +• Access to Microsoft Defender Security Center portal +• Machines running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update (for Network Protection on Internet Explorer, Edge, Chrome, or Firefox) +• Machines running Windows 10 May 2019 Update (version 1903) or later (for a better user experience from SmartScreen on Edge). Note that if SmartScreen is not turned on, Network Protection will take over the blocking. +• A valid license with a partner data provider. For details on how to acquire a license, please read the section below. +Partner licensing +In order to give customers access to various sources of web content categorization data, we are very excited to partner with data providers for this feature. We’ve chosen Cyren as our first partner, who we’ve worked with closely to build an integrated solution. Here’s a brief description of what they do: + +About Cyren +More than 1.3 billion users around the world rely on Cyren's 100% cloud security solutions to protect them against cyberattacks and data loss every day. Powered by the world's largest security cloud, Cyren (NASDAQ: CYRN) delivers fast time-to-protection with award-winning email security, cloud sandboxing and DNS filtering services for business, and threat intelligence solutions for service providers and security vendors like Microsoft, Google and Check Point. +About Cyren and Threat Intelligence Service for Microsoft Defender ATP +CYREN’S URL FILTERING (URLF) INCLUDES 70 CATEGORIES, PROVIDING PARTNERS WITH THE ABILITY TO BUILD POWERFUL AND ADVANCED WEB SECURITY APPLICATIONS. +The broad range of categories enables numerous applications: Protecting users browsing the web from threats such as malware and phishing sites; Ensuring employee productivity; Consumer services such as parental control. Cyren’s comprehensive categories provide the necessary flexibility for any implementation requirement. +Cyren's web content classification technology is integrated by design into Microsoft Defender ATP to enable web filtering and auditing capabilities. +Learn more at https://www.cyren.com/oem + + +Signing up for a Cyren License +Cyren is offering a 60-day free trial for all MDATP customers. To sign up, please follow the steps below from the portal. +1. Go to Reports > Web protection from the side nav + +2. Click the "connect to a partner" button below + +3.Go through the flow from the flyout to register and connect your Cyren account. Note: a user with AAD app admin/global admin permissions is required to complete these steps + + +Data handling +For this feature, we will follow whichever region you have elected to use as part of your Microsoft Defender ATP data handling settings. Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds. +  +Turn on web content filtering +From the left-hand navigation menu, select Settings. Under the section General, choose Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On, then hit the Save preferences button. + + Configure web content filtering policies +Web content filtering policies specify which site categories are blocked on which machine groups. To manage the policies, go to Settings > Rules > Web content filtering. + +Web content filtering settings page +Use the filter to locate policies that contain certain blocked categories or are applied to specific machine groups. For more information on categories, see the appendix. +Create a policy +To add a new policy: +1. Click Add policy on the Web content filtering page in Settings. +2. Specify a name. +3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. + +Selecting blocked categories during policy creation +4. Specify the policy scope. Select the machine groups to specify where to apply the policy. Only machines in the selected machine groups will be prevented from accessing websites in the selected categories. +5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected machines. + +Note: If you are removing a policy or changing machine groups at the same time, this might cause a delay in policy deployment. +Information worker UX +The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. +For a more user-friendly experience, consider user SmartScreen on Edge, which will show the following page when blocked: +View summary cards and reports + +Select Reports > Web protection to view the web protection reports page. The following cards provide summary information about web content filtering: +• Web activity by category +• Web content filtering summary +For the Web activity by category card, you can view data from the following periods: +• Last 30 days +• Last 3 months +• Last 6 months +Web activity by category card +This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization. +Click a category name to view more information about that particular category. +Note: In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. +Web content filtering summary card +This card displays the distribution of blocked access attempts across the different parent web content categories. Click a colored slice to view more information about a specific parent web category. +View report details +The Report details page contains reports in separate tabs providing extensive statistical data about web content categories, website domains, and machine groups. + +Report details page +Use the time range filter at the top left of the page to select a time period: +• 1 day +• 1 week +• 30 days +• 3 months +• 6 months +You can also use the filters on the right to filter for specific machine groups or content categories. +Select a row to open a flyout pane with even more information about the selected item. +Web categories +This report lists the web content categories that have had access attempts in your organization. + +List of accessed web categories +You can filter on the following: +• Parent category +• Machine group +• Whether the access attempt was allowed or blocked +Clicking on a specific category will open a summary flyout. In the flyout, you will see: +• A graph showing the change in access attempts over your chosen time period +• Top ten domains in that category in terms of total access attempts. Click a domain to view more information about that domain. +• Top ten machines in terms of total access attempts to websites in that category. Click a machine to view more information about that machine. +• Policies that block websites in that category. Click Manage to view and edit the details of a policy. +  +Domains +This report lists the web domains that have been accessed or blocked in your organization. + +List of accessed website domains +You can filter on the following: +• Parent category +• Machine group the event occurred on +• Whether the access attempt was allowed or blocked +Click a specific domain to view detailed information about that domain. +Machine groups +This report lists all the machine groups that have generated web activity in your organization. + +Clicking on a specific machine group will open a summary flyout. In the flyout, you will see: +• A graph showing the change in access attempts over your chosen time period +• Top ten domains accessed by the selected machine group. Click a domain to view more information about that domain. +• Top ten machines in that machine group in terms of total access attempts. Click a machine to view more information about that machine. +• Top ten web content categories accessed by machines in the selected group. +FAQ +Q: Why am I seeing the following error when trying to connect to Cyren? + +A: You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you. +Q: What exactly are the permissions the app is asking for? + +A: i) ‘Sign in and read user profile’ allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. +ii) ‘Read and Write Integration settings’ exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the MDATP portal. +Appendix +Categories +We have grouped individual web content categories from the data provider into parent categories, making it easier for you to block and monitor closely related categories. Below is a list of categories we currently support, with their descriptions provided by Cyren. +Adult content +• Cults - Sites relating to non-traditional religious practice typically known as "cults," that is, considered to be false, unorthodox, extremist, or coercive, with members often living under the direction of a charismatic leader. +• Gambling - Sites that offer or are related to online gambling, lottery, casinos and betting agencies involving chance. +• Nudity - Sites that contain full or partial nudity that are not necessarily overtly sexual in intent. Includes sites that advertise or sell lingerie, intimate apparel, or swimwear. +• Pornography/Sexually Explicit - Sites that contain explicit sexual content. Includes adult products such as sex toys, CD-ROMs, and videos, adult services such as videoconferencing, escort services, and strip clubs, erotic stories and textual descriptions of sexual acts. +• Sex Education - Sites relating to sex education, including subjects such as respect for partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases, and pregnancy. +• Tasteless - Sites with offensive or tasteless content, including profanity. +• Violence - Sites that contain images or text depicting or advocating physical assault against humans, animals, or institutions. Sites of a particularly gruesome nature. Sites that contain profanity. +High bandwidth +• Download Sites - Sites that contain downloadable software, whether shareware, freeware, or for a charge. Includes some peer-to-peer sites. +• Image Sharing - Sites that host digital photographs and images, online photo albums and digital photo exchanges. +• Peer-to-Peer - Sites that enable direct exchange of files between users without dependence on a central server. +• Streaming Media & Downloads - Sites that deliver streaming content, such as Internet radio, Internet TV or MP3 and live or archived media download sites. Includes fan sites, or official sites run by musicians, bands, or record labels. +Legal liability +• Child Abuse Images - Sites that portray or discuss children in sexual or other abusive acts. +• Criminal Activity - Sites that offer advice on how to commit illegal or criminal activities, or to avoid detection. These can include how to commit murder, build bombs, pick locks, etc. Also includes sites with information about illegal manipulation of electronic devices, hacking, fraud and illegal distribution of software. +• Hacking - Sites that promote or give advice about how to gain unauthorized access to proprietary computer systems, for the purpose of stealing information, perpetrating fraud, creating viruses, or committing other illegal activity related to theft of digital inform. +• Hate & Intolerance - Sites that promote a supremacist political agenda, encouraging oppression of people or groups of people based on their race, religion, gender, age, disability, sexual orientation or nationality. +• Illegal Drugs - Sites with information on the purchase, manufacture, and use of illegal or recreational drugs and their paraphernalia, and misuse of prescription drugs and other compounds. +• Illegal Software - Sites that illegally distribute software or copyrighted materials such as movies or music, software cracks, illicit serial numbers, illegal license key generators. +• School Cheating - Sites that promote unethical practices such as cheating or plagiarism by providing test answers, written essays, research papers, or term papers. +• Self-Harm – Sites that promote actions that are relating to harming oneself, such as suicide, anorexia, bulimia, etc. +• Weapons - Sites that depict, sell, review or describe guns and weapons, including for sport. +Leisure +• Chat - Sites that enable web-based exchange of real-time messages through chat services or chat rooms. +• Games - Sites relating to computer or other games, information about game producers, or how to obtain cheat codes. Game-related publication sites. +• Instant Messaging - Sites that enable logging in to instant messaging services such as ICQ, AOL Instant Messenger, IRC, MSN, Jabber, Yahoo Messenger, and the like. +• Professional Networking - Sites that enable professional networking for online communities. +• Social Networking - Sites that enable social networking for online communities of various topics, for friendship, or/and dating. +• Web-based Email - Sites that enables users to send and receive email through a web-accessible email account. +Uncategorized +• Unknown – Sites that are not yet assigned a category +Limitations and known issues in this preview +1. Unassigned machines will have incorrect data shown within the report +In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. + +2. The data in our reports may not be congruent with other data on the site +We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. + + + +## Related topics +- [Web protection overview](web-protection-overview.md) +- [Respond to web threats](web-protection-response.md) From 0199891df647a35242eb2d4e92d409afc278f0af Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 7 Jan 2020 16:21:57 -0800 Subject: [PATCH 018/157] formatting updates --- .../web-content-filtering.md | 69 +++++++++++-------- 1 file changed, 41 insertions(+), 28 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index b1eede6e12..0a2c4e5b42 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -40,58 +40,71 @@ To summarize the benefits: ## Prerequisites Before trying out this feature, make sure you have the following: -• Windows E5 license -• Access to Microsoft Defender Security Center portal -• Machines running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update (for Network Protection on Internet Explorer, Edge, Chrome, or Firefox) -• Machines running Windows 10 May 2019 Update (version 1903) or later (for a better user experience from SmartScreen on Edge). Note that if SmartScreen is not turned on, Network Protection will take over the blocking. -• A valid license with a partner data provider. For details on how to acquire a license, please read the section below. -Partner licensing + +- Windows E5 license +- Access to Microsoft Defender Security Center portal +- Machines running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update (for Network Protection on Internet Explorer, Edge, Chrome, or Firefox) +- Machines running Windows 10 May 2019 Update (version 1903) or later (for a better user experience from SmartScreen on Edge). Note that if SmartScreen is not turned on, Network Protection will take over the blocking. +- A valid license with a partner data provider. For details on how to acquire a license, please read the section below. + +## Partner licensing + In order to give customers access to various sources of web content categorization data, we are very excited to partner with data providers for this feature. We’ve chosen Cyren as our first partner, who we’ve worked with closely to build an integrated solution. Here’s a brief description of what they do: -About Cyren -More than 1.3 billion users around the world rely on Cyren's 100% cloud security solutions to protect them against cyberattacks and data loss every day. Powered by the world's largest security cloud, Cyren (NASDAQ: CYRN) delivers fast time-to-protection with award-winning email security, cloud sandboxing and DNS filtering services for business, and threat intelligence solutions for service providers and security vendors like Microsoft, Google and Check Point. -About Cyren and Threat Intelligence Service for Microsoft Defender ATP +### About Cyren + +More than 1.3 billion users around the world rely on Cyren's 100% cloud security solutions to protect them against cyberattacks and data loss every day. Powered by the world's largest security cloud, Cyren (NASDAQ: CYRN) delivers fast time-to-protection with award-winning email security, cloud sandboxing and DNS filtering services for business, and threat intelligence solutions for service providers and security vendors like Microsoft, Google and Check Point. + +### About Cyren and Threat Intelligence Service for Microsoft Defender ATP + CYREN’S URL FILTERING (URLF) INCLUDES 70 CATEGORIES, PROVIDING PARTNERS WITH THE ABILITY TO BUILD POWERFUL AND ADVANCED WEB SECURITY APPLICATIONS. + The broad range of categories enables numerous applications: Protecting users browsing the web from threats such as malware and phishing sites; Ensuring employee productivity; Consumer services such as parental control. Cyren’s comprehensive categories provide the necessary flexibility for any implementation requirement. + Cyren's web content classification technology is integrated by design into Microsoft Defender ATP to enable web filtering and auditing capabilities. + Learn more at https://www.cyren.com/oem +### Signing up for a Cyren License -Signing up for a Cyren License Cyren is offering a 60-day free trial for all MDATP customers. To sign up, please follow the steps below from the portal. + 1. Go to Reports > Web protection from the side nav - -2. Click the "connect to a partner" button below - -3.Go through the flow from the flyout to register and connect your Cyren account. Note: a user with AAD app admin/global admin permissions is required to complete these steps +2. Click the "connect to a partner" button +3. Go through the flow from the flyout to register and connect your Cyren account. Note: a user with AAD app admin/global admin permissions is required to complete these steps +## Data handling -Data handling For this feature, we will follow whichever region you have elected to use as part of your Microsoft Defender ATP data handling settings. Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds. -  -Turn on web content filtering + +## Turn on web content filtering + From the left-hand navigation menu, select Settings. Under the section General, choose Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On, then hit the Save preferences button. - - Configure web content filtering policies + +## Configure web content filtering policies + Web content filtering policies specify which site categories are blocked on which machine groups. To manage the policies, go to Settings > Rules > Web content filtering. - -Web content filtering settings page + Use the filter to locate policies that contain certain blocked categories or are applied to specific machine groups. For more information on categories, see the appendix. -Create a policy + +### Create a policy + To add a new policy: -1. Click Add policy on the Web content filtering page in Settings. -2. Specify a name. + +1. Click **Add policy** on the **Web content filtering** page in **Settings**. +2. Specify a name. 3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. - -Selecting blocked categories during policy creation 4. Specify the policy scope. Select the machine groups to specify where to apply the policy. Only machines in the selected machine groups will be prevented from accessing websites in the selected categories. 5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected machines. Note: If you are removing a policy or changing machine groups at the same time, this might cause a delay in policy deployment. -Information worker UX + +## Information worker UX + The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. For a more user-friendly experience, consider user SmartScreen on Edge, which will show the following page when blocked: -View summary cards and reports + +## View summary cards and reports Select Reports > Web protection to view the web protection reports page. The following cards provide summary information about web content filtering: • Web activity by category From c6210ba9ef8a75be5cba467926fd670ada08ca4a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:23:43 -0800 Subject: [PATCH 019/157] Added TVM API topics --- windows/security/threat-protection/TOC.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a483760fe8..e754cac2b3 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -435,6 +435,34 @@ ####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) ####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) +###### [Score]() +####### [Score methods and properties](microsoft-defender-atp/score.md) +####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md) +####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md) +####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md) + +###### [Software]() +####### [Software methods and properties](microsoft-defender-atp/software.md) +####### [List software](get-software.md) +####### [Get software by Id](get-software-by-id.md) +####### [List software version distribution](get-software-ver-distribution.md) +####### [List machines by software](get-machines-by-software.md) +####### [List vulnerabilities by software](get-vuln-by-software.md) + +###### [Vulnerability]() +####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) +####### [Get all vulnerabilities](get-all-vulnerabilities.md) +####### [Get vulnerability by Id](get-vulnerability-by-id.md) +####### [List machines by vulnerability](get-machines-by-vulnerability.md) + +###### [Recommendation]() +####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) +####### [List all recommendations](get-all-recommendations.md) +####### [Get recommendation by Id](get-recommendation-by-id.md) +####### [Get recommendation by software](get-recommendation-software.md) +####### [Get recommendation by machines](get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) + ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) ###### [Power BI](microsoft-defender-atp/api-power-bi.md) From 9ce89bfd00b09866c447fb98304751ecc86f6cba Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:34:24 -0800 Subject: [PATCH 020/157] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 99a215e8c1..5ae61b0e70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -31,7 +31,7 @@ Method|Return Type |Description [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). [Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. [Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 576d40493fc63dda1a05f074d0983f09fd96446d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:01 -0800 Subject: [PATCH 021/157] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 5ae61b0e70..a488cd488b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From d7de8b4d66cbd49980bd4dfe4b095ce41be237e8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:49 -0800 Subject: [PATCH 022/157] Added pre rel info --- .../threat-protection/microsoft-defender-atp/software.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 36aba64d20..5d4dd015b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From fb05538330bcadabacbe2ed30abc4854133b88c6 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:36:34 -0800 Subject: [PATCH 023/157] Added pre rel info --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index f024339c3e..1ab9f93f8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 66291fb62ada8b1c4c8e3a6f628cd580b77d1f54 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:37:03 -0800 Subject: [PATCH 024/157] Added pre rel info --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2e38f54fca..b5169fbe69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From bb15be19a76bebd5c0724a0c2237ca2c49adc353 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:42:16 -0800 Subject: [PATCH 025/157] Updated file paths for TVM API topics --- windows/security/threat-protection/TOC.md | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e754cac2b3..1d0ce5d117 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -443,25 +443,25 @@ ###### [Software]() ####### [Software methods and properties](microsoft-defender-atp/software.md) -####### [List software](get-software.md) -####### [Get software by Id](get-software-by-id.md) -####### [List software version distribution](get-software-ver-distribution.md) -####### [List machines by software](get-machines-by-software.md) -####### [List vulnerabilities by software](get-vuln-by-software.md) +####### [List software](microsoft-defender-atp/get-software.md) +####### [Get software by Id](microsoft-defender-atp/get-software-by-id.md) +####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md) +####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md) +####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md) ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) -####### [Get all vulnerabilities](get-all-vulnerabilities.md) -####### [Get vulnerability by Id](get-vulnerability-by-id.md) -####### [List machines by vulnerability](get-machines-by-vulnerability.md) +####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) +####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md) +####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md) ###### [Recommendation]() ####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) -####### [List all recommendations](get-all-recommendations.md) -####### [Get recommendation by Id](get-recommendation-by-id.md) -####### [Get recommendation by software](get-recommendation-software.md) -####### [Get recommendation by machines](get-recommendation-machines.md) -####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) +####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md) +####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md) +####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md) +####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md) ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) From 5cc7e54be6b33b743d81c048d2c736afeebde260 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Tue, 7 Jan 2020 16:44:49 -0800 Subject: [PATCH 026/157] Scorecard corrections in seven files --- ...efender-application-control-policy-design-decisions.md | 4 ++-- .../wdsc-device-performance-health.md | 2 +- .../wdsc-hide-notifications.md | 2 +- .../windows-defender-security-center.md | 8 ++++---- .../threat-protection/windows-security-baselines.md | 2 +- .../get-support-for-security-baselines.md | 4 ++-- .../windows-security-baselines.md | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 6b431212ee..2734953d67 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -62,7 +62,7 @@ Organizations with well-defined, centrally-managed app management and deployment | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. WDAC options like [managed installer](use-windows-defender-application-control-with-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | | Some apps are centrally managed and deployed, but teams can install additional apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide WDAC policy. Alternatively, teams can leverage managed installers to install their team-specific apps or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Windows Defender Antivirus and SmartScreen) to allow only apps and binaries that have positive reputation. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | WDAC can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Windows Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | WDAC policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally-developed line-of-business (LOB) apps and apps developed by 3rd parties digitally signed? @@ -72,7 +72,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | Possible answers | Design considerations | | - | - | | All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. WDAC rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | -| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can [use built-in Windows 10 tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific app catalog signatures to existing apps as a part of the app deployment process which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed app catalogs. | +| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can [use built-in Windows 10 tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md index 16cf8c2443..2ce382c919 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md @@ -34,7 +34,7 @@ In Windows 10, version 1709 and later, the section can be hidden from users of t ## Hide the Device performance & health section -You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigiation bar on the side of the app. +You can choose to hide the entire section by using Group Policy. The section will not appear on the home page of the Windows Security app, and its icon will not be shown on the navigation bar on the side of the app. This can only be done in Group Policy. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index b8a43788fb..27bf7e7c31 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -47,7 +47,7 @@ You can only use Group Policy to change these settings. ## Use Group Policy to hide non-critical notifications -You can hide notifications that describe regular events related to the health and security of the machine. These are notifications that do not require an action from the machine's user. It can be useful to hide these notifications if you find they are too numerours or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Endpoint Configuration Manager reporting). +You can hide notifications that describe regular events related to the health and security of the machine. These are notifications that do not require an action from the machine's user. It can be useful to hide these notifications if you find they are too numerous or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Endpoint Configuration Manager reporting). This can only be done in Group Policy. diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 4938625700..56b6759416 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -33,7 +33,7 @@ In Windows 10, version 1709 and later, the app also shows information from third In Windows 10, version 1803, the app has two new areas, **Account protection** and **Device security**. -![Screen shot of the Windows Security app showing that the device is protected and five icons for each of the features](images/security-center-home.png) +![Screenshot of the Windows Security app showing that the device is protected and five icons for each of the features](images/security-center-home.png) > [!NOTE] > The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). @@ -63,13 +63,13 @@ You can find more information about each section, including options for configur - Click the icon in the notification area on the taskbar. - ![Screen shot of the icon for the Windows Security app on the Windows task bar](images/security-center-taskbar.png) + ![Screenshot of the icon for the Windows Security app on the Windows task bar](images/security-center-taskbar.png) - Search the Start menu for **Windows Security**. - ![Screen shot of the Start menu showing the results of a search for the Windows Security app, the first option with a large shield symbol is selected](images/security-center-start-menu.png) + ![Screenshot of the Start menu showing the results of a search for the Windows Security app, the first option with a large shield symbol is selected](images/security-center-start-menu.png) - Open an area from Windows **Settings**. - ![Screen shot of Windows Settings showing the different areas available in the Windows Security](images/settings-windows-defender-security-center-areas.png) + ![Screenshot of Windows Settings showing the different areas available in the Windows Security](images/settings-windows-defender-security-center-areas.png) > [!NOTE] > Settings configured with management tools, such as Group Policy, Microsoft Intune, or Microsoft Endpoint Configuration Manager, will generally take precedence over the settings in the Windows Security. See the topics for each of the sections for links to configuring the associated features or products. diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index ad7b000f8c..5aff586c57 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -45,7 +45,7 @@ Security baselines are an essential benefit to customers because they bring toge For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of these 4,800 settings, only some are security-related. Although Microsoft provides extensive guidance on different security features, exploring each one can take a long time. You would have to determine the security impact of each setting on your own. Then, you would still need to determine the appropriate value for each setting. -In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects backups. +In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects Backups. ## How can you use security baselines? diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 9898a9588b..b4b57d20ae 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -19,7 +19,7 @@ ms.reviewer: **What is the Microsoft Security Compliance Manager (SCM)?** -The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we have moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy. +The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we have moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO Backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy. More information about this change can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures/). @@ -42,7 +42,7 @@ Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools **Does SCT support the creation of Microsoft Endpoint Configuration Manager (SCCM) DCM packs?** -No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement). +No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO Backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement). **Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?** diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index c39f7df6fd..08675f0f03 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -45,7 +45,7 @@ Security baselines are an essential benefit to customers because they bring toge For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of these 4,800 settings, only some are security-related. Although Microsoft provides extensive guidance on different security features, exploring each one can take a long time. You would have to determine the security impact of each setting on your own. Then, you would still need to determine the appropriate value for each setting. -In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects backups. +In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to Windows security settings to help mitigate these threats. To enable faster deployments and make managing Windows easier, Microsoft provides customers with security baselines that are available in consumable formats, such as Group Policy Objects Backups. ## How can you use security baselines? From 11e09a543c94c199032751bddb8d41dd98ba0026 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 8 Jan 2020 14:48:27 -0800 Subject: [PATCH 027/157] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 5d4dd015b2..48647a6c93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -36,7 +36,7 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | +id | String | Software ID Name | String | Vendor | String | Weaknesses | Long | From 6b5e4db65b6da8fef453e7fb56f5e167a724a088 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 8 Jan 2020 15:38:24 -0800 Subject: [PATCH 028/157] formatting --- .../web-content-filtering.md | 179 +++++++++--------- 1 file changed, 86 insertions(+), 93 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 0a2c4e5b42..f075fbd3cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -104,57 +104,37 @@ Note: If you are removing a policy or changing machine groups at the same time, The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. For a more user-friendly experience, consider user SmartScreen on Edge, which will show the following page when blocked: -## View summary cards and reports - -Select Reports > Web protection to view the web protection reports page. The following cards provide summary information about web content filtering: -• Web activity by category -• Web content filtering summary -For the Web activity by category card, you can view data from the following periods: -• Last 30 days -• Last 3 months -• Last 6 months -Web activity by category card -This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization. +## Web content filtering cards and details + +Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. + +### Web activity by category card + +This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. + Click a category name to view more information about that particular category. + Note: In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. -Web content filtering summary card + +### Web content filtering summary card + This card displays the distribution of blocked access attempts across the different parent web content categories. Click a colored slice to view more information about a specific parent web category. -View report details -The Report details page contains reports in separate tabs providing extensive statistical data about web content categories, website domains, and machine groups. - -Report details page -Use the time range filter at the top left of the page to select a time period: -• 1 day -• 1 week -• 30 days -• 3 months -• 6 months -You can also use the filters on the right to filter for specific machine groups or content categories. -Select a row to open a flyout pane with even more information about the selected item. -Web categories -This report lists the web content categories that have had access attempts in your organization. - -List of accessed web categories -You can filter on the following: -• Parent category -• Machine group -• Whether the access attempt was allowed or blocked -Clicking on a specific category will open a summary flyout. In the flyout, you will see: -• A graph showing the change in access attempts over your chosen time period -• Top ten domains in that category in terms of total access attempts. Click a domain to view more information about that domain. -• Top ten machines in terms of total access attempts to websites in that category. Click a machine to view more information about that machine. -• Policies that block websites in that category. Click Manage to view and edit the details of a policy. -  -Domains -This report lists the web domains that have been accessed or blocked in your organization. - -List of accessed website domains -You can filter on the following: -• Parent category -• Machine group the event occurred on -• Whether the access attempt was allowed or blocked -Click a specific domain to view detailed information about that domain. -Machine groups + +### View card details + +You can access the Report details for each card by selecting a rowThe Report details page contains reports in separate tabs providing extensive statistical data about web content categories, website domains, and machine groups. + +Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item. + + +- **Web categories**: Lists the web content categories that have had access attempts in your organization. Select a specific category to open a summary flyout. + +- **Domains**: Lists the web domains that have been accessed or blocked in your organization. Select a specific domain to view detailed information about that domain. + +This report + +#### Machine groups + This report lists all the machine groups that have generated web activity in your organization. Clicking on a specific machine group will open a summary flyout. In the flyout, you will see: @@ -162,58 +142,71 @@ Clicking on a specific machine group will open a summary flyout. In the flyout, • Top ten domains accessed by the selected machine group. Click a domain to view more information about that domain. • Top ten machines in that machine group in terms of total access attempts. Click a machine to view more information about that machine. • Top ten web content categories accessed by machines in the selected group. -FAQ -Q: Why am I seeing the following error when trying to connect to Cyren? + +## FAQ + +### Why am I seeing the error "Need admin approval" when trying to connect to Cyren? + +You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you. + +### What exactly are the permissions the app is asking for? -A: You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you. -Q: What exactly are the permissions the app is asking for? - -A: i) ‘Sign in and read user profile’ allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. -ii) ‘Read and Write Integration settings’ exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the MDATP portal. -Appendix -Categories +‘Sign in and read user profile’ allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. + +‘Read and Write Integration settings’ exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the MDATP portal. + +## Categories + We have grouped individual web content categories from the data provider into parent categories, making it easier for you to block and monitor closely related categories. Below is a list of categories we currently support, with their descriptions provided by Cyren. -Adult content -• Cults - Sites relating to non-traditional religious practice typically known as "cults," that is, considered to be false, unorthodox, extremist, or coercive, with members often living under the direction of a charismatic leader. -• Gambling - Sites that offer or are related to online gambling, lottery, casinos and betting agencies involving chance. -• Nudity - Sites that contain full or partial nudity that are not necessarily overtly sexual in intent. Includes sites that advertise or sell lingerie, intimate apparel, or swimwear. -• Pornography/Sexually Explicit - Sites that contain explicit sexual content. Includes adult products such as sex toys, CD-ROMs, and videos, adult services such as videoconferencing, escort services, and strip clubs, erotic stories and textual descriptions of sexual acts. -• Sex Education - Sites relating to sex education, including subjects such as respect for partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases, and pregnancy. -• Tasteless - Sites with offensive or tasteless content, including profanity. -• Violence - Sites that contain images or text depicting or advocating physical assault against humans, animals, or institutions. Sites of a particularly gruesome nature. Sites that contain profanity. -High bandwidth -• Download Sites - Sites that contain downloadable software, whether shareware, freeware, or for a charge. Includes some peer-to-peer sites. -• Image Sharing - Sites that host digital photographs and images, online photo albums and digital photo exchanges. -• Peer-to-Peer - Sites that enable direct exchange of files between users without dependence on a central server. -• Streaming Media & Downloads - Sites that deliver streaming content, such as Internet radio, Internet TV or MP3 and live or archived media download sites. Includes fan sites, or official sites run by musicians, bands, or record labels. -Legal liability -• Child Abuse Images - Sites that portray or discuss children in sexual or other abusive acts. -• Criminal Activity - Sites that offer advice on how to commit illegal or criminal activities, or to avoid detection. These can include how to commit murder, build bombs, pick locks, etc. Also includes sites with information about illegal manipulation of electronic devices, hacking, fraud and illegal distribution of software. -• Hacking - Sites that promote or give advice about how to gain unauthorized access to proprietary computer systems, for the purpose of stealing information, perpetrating fraud, creating viruses, or committing other illegal activity related to theft of digital inform. -• Hate & Intolerance - Sites that promote a supremacist political agenda, encouraging oppression of people or groups of people based on their race, religion, gender, age, disability, sexual orientation or nationality. -• Illegal Drugs - Sites with information on the purchase, manufacture, and use of illegal or recreational drugs and their paraphernalia, and misuse of prescription drugs and other compounds. -• Illegal Software - Sites that illegally distribute software or copyrighted materials such as movies or music, software cracks, illicit serial numbers, illegal license key generators. -• School Cheating - Sites that promote unethical practices such as cheating or plagiarism by providing test answers, written essays, research papers, or term papers. -• Self-Harm – Sites that promote actions that are relating to harming oneself, such as suicide, anorexia, bulimia, etc. -• Weapons - Sites that depict, sell, review or describe guns and weapons, including for sport. + +### Adult content + +- Cults - Sites relating to non-traditional religious practice typically known as "cults," that is, considered to be false, unorthodox, extremist, or coercive, with members often living under the direction of a charismatic leader. +- Gambling - Sites that offer or are related to online gambling, lottery, casinos and betting agencies involving chance. +- Nudity - Sites that contain full or partial nudity that are not necessarily overtly sexual in intent. Includes sites that advertise or sell lingerie, intimate apparel, or swimwear. +- Pornography/Sexually Explicit - Sites that contain explicit sexual content. Includes adult products such as sex toys, CD-ROMs, and videos, adult services such as videoconferencing, escort services, and strip clubs, erotic stories and textual descriptions of sexual acts. +- Sex Education - Sites relating to sex education, including subjects such as respect for partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases, and pregnancy. +- Tasteless - Sites with offensive or tasteless content, including profanity. +- Violence - Sites that contain images or text depicting or advocating physical assault against humans, animals, or institutions. Sites of a particularly gruesome nature. Sites that contain profanity. + +### High bandwidth + +- Download Sites - Sites that contain downloadable software, whether shareware, freeware, or for a charge. Includes some peer-to-peer sites. +- Image Sharing - Sites that host digital photographs and images, online photo albums and digital photo exchanges. +- Peer-to-Peer - Sites that enable direct exchange of files between users without dependence on a central server. +- Streaming Media & Downloads - Sites that deliver streaming content, such as Internet radio, Internet TV or MP3 and live or archived media download sites. Includes fan sites, or official sites run by musicians, bands, or record labels. + +### Legal liability + +- Child Abuse Images - Sites that portray or discuss children in sexual or other abusive acts. +- Criminal Activity - Sites that offer advice on how to commit illegal or criminal activities, or to avoid detection. These can include how to commit murder, build bombs, pick locks, etc. Also includes sites with information about illegal manipulation of electronic devices, hacking, fraud and illegal distribution of software. +- Hacking - Sites that promote or give advice about how to gain unauthorized access to proprietary computer systems, for the purpose of stealing information, perpetrating fraud, creating viruses, or committing other illegal activity related to theft of digital inform. +- Hate & Intolerance - Sites that promote a supremacist political agenda, encouraging oppression of people or groups of people based on their race, religion, gender, age, disability, sexual orientation or nationality. +- Illegal Drugs - Sites with information on the purchase, manufacture, and use of illegal or recreational drugs and their paraphernalia, and misuse of prescription drugs and other compounds. +- Illegal Software - Sites that illegally distribute software or copyrighted materials such as movies or music, software cracks, illicit serial numbers, illegal license key generators. +- School Cheating - Sites that promote unethical practices such as cheating or plagiarism by providing test answers, written essays, research papers, or term papers. +- Self-Harm – Sites that promote actions that are relating to harming oneself, such as suicide, anorexia, bulimia, etc. +- Weapons - Sites that depict, sell, review or describe guns and weapons, including for sport. Leisure -• Chat - Sites that enable web-based exchange of real-time messages through chat services or chat rooms. -• Games - Sites relating to computer or other games, information about game producers, or how to obtain cheat codes. Game-related publication sites. -• Instant Messaging - Sites that enable logging in to instant messaging services such as ICQ, AOL Instant Messenger, IRC, MSN, Jabber, Yahoo Messenger, and the like. -• Professional Networking - Sites that enable professional networking for online communities. -• Social Networking - Sites that enable social networking for online communities of various topics, for friendship, or/and dating. -• Web-based Email - Sites that enables users to send and receive email through a web-accessible email account. -Uncategorized -• Unknown – Sites that are not yet assigned a category -Limitations and known issues in this preview -1. Unassigned machines will have incorrect data shown within the report +- Chat - Sites that enable web-based exchange of real-time messages through chat services or chat rooms. +- Games - Sites relating to computer or other games, information about game producers, or how to obtain cheat codes. Game-related publication sites. +- Instant Messaging - Sites that enable logging in to instant messaging services such as ICQ, AOL Instant Messenger, IRC, MSN, Jabber, Yahoo Messenger, and the like. +- Professional Networking - Sites that enable professional networking for online communities. +- Social Networking - Sites that enable social networking for online communities of various topics, for friendship, or/and dating. +- Web-based Email - Sites that enables users to send and receive email through a web-accessible email account. + +### Uncategorized + +- Unknown – Sites that are not yet assigned a category + +## Limitations and known issues in this preview + +1. Unassigned machines will have incorrect data shown within the report In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. -2. The data in our reports may not be congruent with other data on the site +2. The data in our reports may not be congruent with other data on the site We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. - - ## Related topics - [Web protection overview](web-protection-overview.md) - [Respond to web threats](web-protection-response.md) From 12ef63d839cc3bcebc8465af4988aeaed51ce67b Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 8 Jan 2020 16:13:14 -0800 Subject: [PATCH 029/157] update wording --- .../web-content-filtering.md | 189 +++++++----------- 1 file changed, 68 insertions(+), 121 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index f075fbd3cd..e0dc5419a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -1,6 +1,6 @@ --- -title: Monitoring web browsing security in Microsoft Defender ATP -description: Use web protection in Microsoft Defender ATP to monitor web browsing security +title: Web content filtering +description: Use web content filtering in Microsoft Defender ATP to track and regulate access to websites based on their content categories. keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -8,140 +8,130 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: lomayor -author: lomayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/30/2019 --- -# Web content filtering configuration & reporting +# Web content filtering >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web content filtering enables you to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. +Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. -You can configure policies across your machine groups to block certain categories, effectively preventing users within specified machine groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption, but web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. +You can configure policies across your machine groups to block certain categories, effectively preventing users within specified machine groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption. However, web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. Web content filtering is available on most major web browsers, with blocks performed by SmartScreen (Edge) and Network Protection (Internet Explorer, Chrome, Firefox, and all other browsers). See the prerequisites section for more information about browser support. To summarize the benefits: - Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away -- You can conveniently deploy varied policies to various sets of users using the machine groups defined in the Microsoft Defender ATP role-based access control settings +- You can conveniently deploy varied policies to various sets of users using the machine groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac) - You can access web reports in the same central location, with visibility over actual blocks and web usage +## User experience + +The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. +For a more user-friendly experience, consider user SmartScreen on Edge + ## Prerequisites Before trying out this feature, make sure you have the following: -- Windows E5 license +- Windows 10 Enterprise E5 license - Access to Microsoft Defender Security Center portal - Machines running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update (for Network Protection on Internet Explorer, Edge, Chrome, or Firefox) - Machines running Windows 10 May 2019 Update (version 1903) or later (for a better user experience from SmartScreen on Edge). Note that if SmartScreen is not turned on, Network Protection will take over the blocking. -- A valid license with a partner data provider. For details on how to acquire a license, please read the section below. - -## Partner licensing - -In order to give customers access to various sources of web content categorization data, we are very excited to partner with data providers for this feature. We’ve chosen Cyren as our first partner, who we’ve worked with closely to build an integrated solution. Here’s a brief description of what they do: - -### About Cyren - -More than 1.3 billion users around the world rely on Cyren's 100% cloud security solutions to protect them against cyberattacks and data loss every day. Powered by the world's largest security cloud, Cyren (NASDAQ: CYRN) delivers fast time-to-protection with award-winning email security, cloud sandboxing and DNS filtering services for business, and threat intelligence solutions for service providers and security vendors like Microsoft, Google and Check Point. - -### About Cyren and Threat Intelligence Service for Microsoft Defender ATP - -CYREN’S URL FILTERING (URLF) INCLUDES 70 CATEGORIES, PROVIDING PARTNERS WITH THE ABILITY TO BUILD POWERFUL AND ADVANCED WEB SECURITY APPLICATIONS. - -The broad range of categories enables numerous applications: Protecting users browsing the web from threats such as malware and phishing sites; Ensuring employee productivity; Consumer services such as parental control. Cyren’s comprehensive categories provide the necessary flexibility for any implementation requirement. - -Cyren's web content classification technology is integrated by design into Microsoft Defender ATP to enable web filtering and auditing capabilities. - -Learn more at https://www.cyren.com/oem - -### Signing up for a Cyren License - -Cyren is offering a 60-day free trial for all MDATP customers. To sign up, please follow the steps below from the portal. - -1. Go to Reports > Web protection from the side nav -2. Click the "connect to a partner" button -3. Go through the flow from the flyout to register and connect your Cyren account. Note: a user with AAD app admin/global admin permissions is required to complete these steps +- A valid license with a partner data provider. ## Data handling -For this feature, we will follow whichever region you have elected to use as part of your Microsoft Defender ATP data handling settings. Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds. +For this feature, we will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds. + +## Partner licensing + +In order to give customers access to various sources of web content categorization data, we are very excited to partner with data providers for this feature. We’ve chosen [Cyren](https://www.cyren.com/threat-intelligence) as our first partner, who we’ve worked with closely to build an integrated solution. + +### About Cyren and Threat Intelligence Service for Microsoft Defender ATP + +Cyren’s URL filtering includes 70 categories, providing partners with the ability to build powerful and advanced web security applications. Cyren’s comprehensive categories provide the necessary flexibility for any implementation requirement. + +The broad range of categories enables numerous applications: + +- Protecting users browsing the web from threats such as malware and phishing sites +- Ensuring employee productivity +- Consumer services such as parental control + +Cyren's web content classification technology is integrated by design into Microsoft Defender ATP to enable web filtering and auditing capabilities. + +Learn more at https://www.cyren.com/products/url-filtering. + +### Signing up for a Cyren License + +Cyren is offering a 60-day free trial for all Microsoft Defender ATP customers. To sign up, please follow the steps below from the portal. + +>[!NOTE] +>A user with AAD app admin/global admin permissions is required to complete these steps. + +1. Go to **Reports > Web protection** from the side navigation +2. Select the **Connect to a partner** button +3. Go through the flow from the flyout to register and connect your Cyren account ## Turn on web content filtering -From the left-hand navigation menu, select Settings. Under the section General, choose Advanced Features. Scroll down until you see the entry for Web content filtering. Switch the toggle to On, then hit the Save preferences button. +From the left-hand navigation menu, select **Settings > General > Advanced Features**. Scroll down until you see the entry for **Web content filtering**. Switch the toggle to **On** and **Save preferences**. -## Configure web content filtering policies +### Configure web content filtering policies -Web content filtering policies specify which site categories are blocked on which machine groups. To manage the policies, go to Settings > Rules > Web content filtering. +Web content filtering policies specify which site categories are blocked on which machine groups. To manage the policies, go to **Settings > Rules > Web content filtering**. -Use the filter to locate policies that contain certain blocked categories or are applied to specific machine groups. For more information on categories, see the appendix. +Use the filter to locate policies that contain certain blocked categories or are applied to specific machine groups. ### Create a policy To add a new policy: -1. Click **Add policy** on the **Web content filtering** page in **Settings**. -2. Specify a name. -3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. -4. Specify the policy scope. Select the machine groups to specify where to apply the policy. Only machines in the selected machine groups will be prevented from accessing websites in the selected categories. -5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected machines. +1. Select **Add policy** on the **Web content filtering** page in **Settings**. +2. Specify a name. +3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories. +4. Specify the policy scope. Select the machine groups to specify where to apply the policy. Only machines in the selected machine groups will be prevented from accessing websites in the selected categories. +5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected machines. -Note: If you are removing a policy or changing machine groups at the same time, this might cause a delay in policy deployment. - -## Information worker UX - -The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. -For a more user-friendly experience, consider user SmartScreen on Edge, which will show the following page when blocked: +>[!NOTE] +>If you are removing a policy or changing machine groups at the same time, this might cause a delay in policy deployment. ## Web content filtering cards and details Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. -### Web activity by category card +### Web activity by category -This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. +This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. Select a category name to view more information about that particular category. -Click a category name to view more information about that particular category. - -Note: In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. +In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. ### Web content filtering summary card -This card displays the distribution of blocked access attempts across the different parent web content categories. Click a colored slice to view more information about a specific parent web category. +This card displays the distribution of blocked access attempts across the different parent web content categories. Select one of the colored bars to view more information about a specific parent web category. ### View card details -You can access the Report details for each card by selecting a rowThe Report details page contains reports in separate tabs providing extensive statistical data about web content categories, website domains, and machine groups. - -Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item. - +You can access the **Report details** for each card by selecting a table row or colored bar from the chart in the card. The report details page for each card contains extensive statistical data about web content categories, website domains, and machine groups. - **Web categories**: Lists the web content categories that have had access attempts in your organization. Select a specific category to open a summary flyout. - **Domains**: Lists the web domains that have been accessed or blocked in your organization. Select a specific domain to view detailed information about that domain. -This report +- **Machine groups**: Lists all the machine groups that have generated web activity in your organization -#### Machine groups - -This report lists all the machine groups that have generated web activity in your organization. - -Clicking on a specific machine group will open a summary flyout. In the flyout, you will see: -• A graph showing the change in access attempts over your chosen time period -• Top ten domains accessed by the selected machine group. Click a domain to view more information about that domain. -• Top ten machines in that machine group in terms of total access attempts. Click a machine to view more information about that machine. -• Top ten web content categories accessed by machines in the selected group. +Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item. ## FAQ @@ -150,63 +140,20 @@ Clicking on a specific machine group will open a summary flyout. In the flyout, You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you. ### What exactly are the permissions the app is asking for? - -‘Sign in and read user profile’ allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. -‘Read and Write Integration settings’ exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the MDATP portal. +"Sign in and read user profile" allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. -## Categories - -We have grouped individual web content categories from the data provider into parent categories, making it easier for you to block and monitor closely related categories. Below is a list of categories we currently support, with their descriptions provided by Cyren. - -### Adult content - -- Cults - Sites relating to non-traditional religious practice typically known as "cults," that is, considered to be false, unorthodox, extremist, or coercive, with members often living under the direction of a charismatic leader. -- Gambling - Sites that offer or are related to online gambling, lottery, casinos and betting agencies involving chance. -- Nudity - Sites that contain full or partial nudity that are not necessarily overtly sexual in intent. Includes sites that advertise or sell lingerie, intimate apparel, or swimwear. -- Pornography/Sexually Explicit - Sites that contain explicit sexual content. Includes adult products such as sex toys, CD-ROMs, and videos, adult services such as videoconferencing, escort services, and strip clubs, erotic stories and textual descriptions of sexual acts. -- Sex Education - Sites relating to sex education, including subjects such as respect for partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases, and pregnancy. -- Tasteless - Sites with offensive or tasteless content, including profanity. -- Violence - Sites that contain images or text depicting or advocating physical assault against humans, animals, or institutions. Sites of a particularly gruesome nature. Sites that contain profanity. - -### High bandwidth - -- Download Sites - Sites that contain downloadable software, whether shareware, freeware, or for a charge. Includes some peer-to-peer sites. -- Image Sharing - Sites that host digital photographs and images, online photo albums and digital photo exchanges. -- Peer-to-Peer - Sites that enable direct exchange of files between users without dependence on a central server. -- Streaming Media & Downloads - Sites that deliver streaming content, such as Internet radio, Internet TV or MP3 and live or archived media download sites. Includes fan sites, or official sites run by musicians, bands, or record labels. - -### Legal liability - -- Child Abuse Images - Sites that portray or discuss children in sexual or other abusive acts. -- Criminal Activity - Sites that offer advice on how to commit illegal or criminal activities, or to avoid detection. These can include how to commit murder, build bombs, pick locks, etc. Also includes sites with information about illegal manipulation of electronic devices, hacking, fraud and illegal distribution of software. -- Hacking - Sites that promote or give advice about how to gain unauthorized access to proprietary computer systems, for the purpose of stealing information, perpetrating fraud, creating viruses, or committing other illegal activity related to theft of digital inform. -- Hate & Intolerance - Sites that promote a supremacist political agenda, encouraging oppression of people or groups of people based on their race, religion, gender, age, disability, sexual orientation or nationality. -- Illegal Drugs - Sites with information on the purchase, manufacture, and use of illegal or recreational drugs and their paraphernalia, and misuse of prescription drugs and other compounds. -- Illegal Software - Sites that illegally distribute software or copyrighted materials such as movies or music, software cracks, illicit serial numbers, illegal license key generators. -- School Cheating - Sites that promote unethical practices such as cheating or plagiarism by providing test answers, written essays, research papers, or term papers. -- Self-Harm – Sites that promote actions that are relating to harming oneself, such as suicide, anorexia, bulimia, etc. -- Weapons - Sites that depict, sell, review or describe guns and weapons, including for sport. -Leisure -- Chat - Sites that enable web-based exchange of real-time messages through chat services or chat rooms. -- Games - Sites relating to computer or other games, information about game producers, or how to obtain cheat codes. Game-related publication sites. -- Instant Messaging - Sites that enable logging in to instant messaging services such as ICQ, AOL Instant Messenger, IRC, MSN, Jabber, Yahoo Messenger, and the like. -- Professional Networking - Sites that enable professional networking for online communities. -- Social Networking - Sites that enable social networking for online communities of various topics, for friendship, or/and dating. -- Web-based Email - Sites that enables users to send and receive email through a web-accessible email account. - -### Uncategorized - -- Unknown – Sites that are not yet assigned a category +"Read and Write Integration settings" exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the Microsoft Defender ATP portal. ## Limitations and known issues in this preview -1. Unassigned machines will have incorrect data shown within the report +- Unassigned machines will have incorrect data shown within the report In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. -2. The data in our reports may not be congruent with other data on the site +- The data in our reports may not be congruent with other data on the site We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. ## Related topics + - [Web protection overview](web-protection-overview.md) - [Respond to web threats](web-protection-response.md) From b0bce3a9eb4ab14d03c3688f9872ce9bfba04357 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Fri, 10 Jan 2020 12:11:52 -0800 Subject: [PATCH 030/157] corrections in three files more pending --- ...ize-microsoft-cloud-protection-windows-defender-antivirus.md | 2 +- .../windows-defender-application-control/types-of-devices.md | 2 +- ...dows-defender-application-control-policy-design-decisions.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index f05dbf11e6..b62c159a74 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -80,4 +80,4 @@ You can also [configure Windows Defender AV to automatically receive new protect [Specify the cloud-delivered protection level](specify-cloud-protection-level-windows-defender-antivirus.md) | You can specify the level of protection offered by the cloud with Group Policy and Microsoft Endpoint Configuration Manager. The protection level will affect the amount of information shared with the cloud and how aggressively new files are blocked. [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-windows-defender-antivirus.md) | There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This topic lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection. [Configure the block at first sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) | The Block at First Sight feature can block new malware within seconds, without having to wait hours for traditional Security intelligence. You can enable and configure it with Microsoft Endpoint Configuration Manager and Group Policy. -[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running withMicrosoft Endpoint Configuration Manager and Group Policy. +[Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-delivered protection service. You can configure the amount of time the file will be prevented from running with Microsoft Endpoint Configuration Manager and Group Policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 892957a7e0..24af43bc7a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -43,7 +43,7 @@ Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (MDATP) for better endpoint detection and response. > [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as Microsoft Endpoint Configuration Manager (SCCM) +> Microsoft Endpoint Configuration Manager was previously known as Microsoft Endpoint Configuration Manager. Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control. diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 2734953d67..e853a94851 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -48,7 +48,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. -Microsoft Endpoint Configuration Manager (previously known as Microsoft Endpoint Configuration Manager (SCCM)), uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow SCCM and its dependencies, sets the managed installer policy rule, and additionally configures SCCM as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the SCCM administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for SCCM's native WDAC integration. +Microsoft Endpoint Configuration Manager (previously known as Microsoft Endpoint Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. From c949953fe6be2bd7c8898e3dee1926bef966e4e1 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Fri, 10 Jan 2020 17:38:54 -0800 Subject: [PATCH 031/157] fixed eight change requests Jan 10 --- .../use-powershell-cmdlets-windows-defender-antivirus.md | 2 +- ...e-microsoft-cloud-protection-windows-defender-antivirus.md | 2 +- ...der-application-control-with-intelligent-security-graph.md | 4 ++-- .../windows-defender-application-guard/reqs-wd-app-guard.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../windows-security-baselines.md | 2 +- windows/whats-new/ltsc/whats-new-windows-10-2015.md | 2 +- .../whats-new/whats-new-windows-10-version-1507-and-1511.md | 4 ++-- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 45180f8c80..80c59d0658 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -30,7 +30,7 @@ For a list of the cmdlets and their functions and available parameters, see the PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software. > [!NOTE] -> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), or [Windows Defender Antivirus Group Policy ADMX templates](https://support.microsoft.com/kb/927367). +> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), or [Windows Defender Antivirus Group Policy ADMX templates](https://support.microsoft.com/kb/927367). Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index b62c159a74..4bdce1e5be 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -63,7 +63,7 @@ Organizations running Windows 10 E5, version 1803 can also take advantage of eme The following table describes the differences in cloud-delivered protection between recent versions of Windows and Microsoft Endpoint Configuration Manager. -Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | System Center Configuration Manager 2012 | Microsoft Endpoint Configuration Manager (Current Branch) | Microsoft Intune +Feature | Windows 8.1 (Group Policy) | Windows 10, version 1607 (Group Policy) | Windows 10, version 1703 (Group Policy) | System Center 2012 Configuration Manager | Microsoft Endpoint Configuration Manager (Current Branch) | Microsoft Intune ---|---|---|---|---|---|--- Cloud-protection service label | Microsoft Advanced Protection Service | Microsoft Advanced Protection Service | Cloud-based Protection | NA | Cloud protection service | Microsoft Advanced Protection Service Reporting level (MAPS membership level) | Basic, Advanced | Advanced | Advanced | Dependent on Windows version | Dependent on Windows version | Dependent on Windows version diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 1990f0a738..d516a6f73a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -38,7 +38,7 @@ After that initial download and installation, the WDAC component will check for The reputation data on the client is rechecked periodically and enterprises can also specify that any cached reputation results are flushed on reboot. >[!NOTE] ->Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager (SCCM) and Microsoft Intune can be used to create and push a WDAC policy to your client machines. +>Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager and Microsoft Intune can be used to create and push a WDAC policy to your client machines. Other examples of WDAC policies are available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy). @@ -87,7 +87,7 @@ In order for the heuristics used by the ISG to function properly, a number of co appidtel start ``` -For WDAC policies deployed over MDM using the AppLocker CSP this step is not required as the CSP will enable the necessary components. ISG enabled through the SCCM WDAC UX will not need this step but if custom policies are being deployed outside of the WDAC UX through SCCM then this step is required. +For WDAC policies deployed over MDM using the AppLocker CSP this step is not required as the CSP will enable the necessary components. ISG enabled through the Configuration Manager WDAC UX will not need this step but if custom policies are being deployed outside of the WDAC UX through Configuration Manager then this step is required. ## Security considerations with the Intelligent Security Graph diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index e514735967..c8d5d6ec1c 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -41,4 +41,4 @@ Your environment needs the following software to run Windows Defender Applicatio |--------|-----------| |Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803 or higher
Windows 10 Professional for Workstations edition, version 1803 or higher
Windows 10 Professional Education edition version 1803 or higher
Windows 10 Education edition, version 1903 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. | |Browser|Microsoft Edge and Internet Explorer| -|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| +|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index b4b57d20ae..81d06744df 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -40,7 +40,7 @@ The toolkit supports formats created by the Windows GPO backup feature (.pol, .i Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We are currently developing a tool to provide customers with these features. -**Does SCT support the creation of Microsoft Endpoint Configuration Manager (SCCM) DCM packs?** +**Does SCT support the creation of Microsoft Endpoint Configuration Manager DCM packs?** No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=40855). A tool that supports conversion of GPO Backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement). diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 08675f0f03..c5be88f4ea 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -73,7 +73,7 @@ You may also be interested in this msdn channel 9 video: ## See Also -- [Microsoft Endpoint Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) +- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/) - [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/) - [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/) - [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 3453b80131..0eec41245a 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -282,7 +282,7 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). -Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). +Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr). Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 62fd42ba64..e49c027a4d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -326,9 +326,9 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. -- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://docs.microsoft.com/enterprise-mobility-security). -Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/gg682129.aspx). +Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr). Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb). From 4f3e1cc7ff1d7866b3fb653d98cafa34187af7c3 Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Sat, 11 Jan 2020 07:11:34 -0800 Subject: [PATCH 032/157] removed another SCCM from security baselines --- .../security/threat-protection/windows-security-baselines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 5aff586c57..48bfb00d06 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -73,7 +73,7 @@ You may also be interested in this msdn channel 9 video: ## See Also -- [Microsoft Endpoint Configuration Manager (SCCM)](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) +- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) - [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite) - [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/) - [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/) From 6d436cf14e99dc0186db10154a79fbb7ce54341d Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Sat, 11 Jan 2020 20:16:24 -0800 Subject: [PATCH 033/157] typo correction --- ...dows-defender-application-control-policy-design-decisions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index e853a94851..1463f7ff50 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -48,7 +48,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. -Microsoft Endpoint Configuration Manager (previously known as Microsoft Endpoint Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. +Microsoft Endpoint Configuration Manager (previously known as System Center Configuration Manager,) uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. From 5059b48e12e6a9aae1d22d82d9721e3f6575b21b Mon Sep 17 00:00:00 2001 From: LauraKellerGitHub Date: Sun, 12 Jan 2020 07:28:39 -0800 Subject: [PATCH 034/157] corrections in three files --- .../windows-defender-application-control/types-of-devices.md | 2 +- ...dows-defender-application-control-policy-design-decisions.md | 2 +- windows/whats-new/ltsc/whats-new-windows-10-2015.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 24af43bc7a..db845a4507 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -43,7 +43,7 @@ Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (MDATP) for better endpoint detection and response. > [!NOTE] -> Microsoft Endpoint Configuration Manager was previously known as Microsoft Endpoint Configuration Manager. +> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager. Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control. diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md index 1463f7ff50..04a21aa98f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md @@ -48,7 +48,7 @@ The first step is to define the desired "circle-of-trust" for your WDAC policies For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store. -Microsoft Endpoint Configuration Manager (previously known as System Center Configuration Manager,) uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. +Microsoft Endpoint Configuration Manager, previously known as System Center Configuration Manager, uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator which adds rules for any apps found in the specified paths on the managed endpoint. This establishes the "circle-of-trust" for Configuration Manager's native WDAC integration. The following questions can help you plan your WDAC deployment and determine the right "circle-of-trust" for your policies. They are not in priority or sequential order and are not meant to be an exhaustive set of design considerations. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 0eec41245a..aace786788 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -280,7 +280,7 @@ By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279 - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. -- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281). +- **Use with existing tools** such as Microsoft Endpoint Configuration Manager and the [Enterprise Mobility Suite](https://docs.microsoft.com/enterprise-mobility-security). Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr). From b26bca20f18a1626e2dbffd3205a185a28a09135 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 14:19:01 -0800 Subject: [PATCH 035/157] update docs and add images --- .../images/web-activity-by-category.png | Bin 0 -> 49774 bytes .../images/web-content-filtering-summary.png | Bin 0 -> 34263 bytes .../images/web-protection-report-details.png | Bin 0 -> 74232 bytes .../images/web-protection-reports.png | Bin 0 -> 139107 bytes .../images/web-protection.png | Bin 0 -> 144909 bytes .../web-content-filtering.md | 34 ++++++++++-------- 6 files changed, 20 insertions(+), 14 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-content-filtering-summary.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-protection-report-details.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-protection-reports.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-protection.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category.png new file mode 100644 index 0000000000000000000000000000000000000000..8c4e86272a2e3088b5edc21fff467d1c34592ec6 GIT binary patch literal 49774 zcmd42cRZVI827DJv{9W@QRTi{yJ!)LT5VCQMq=;UF^h;Dqv~!IZ3(q%2O+VyP_)%j zTM|38_KF=sc&|Rs^FHrC@4xT(!zYqYlIzTQp4V|6$M5$&-WWXBWCL-77#JAXw4OaR zVqjn_XJ9yMe4ZJ2<-tPdzre#8KO@b@47k2q%fOR!E^2ye3=EZttjG3D!1D_}&&>T8 z7;Xss{X3&&ba#`1p@UKDsTwrUW^Ib)SZ|N7YwI#CHF^JIP3%yGCbtIn_{VNhwyL;y zuDN;dK!eZY(C_}eP-typSW|o#YBAJDK~9s&@+ym;$@n%hUA!-mRNd7}`5dy*=n~p5 zPwq!#UE{jV2wa+h|GPHr^z7gNu2`M}hRwhbF?uKP@2D8Q-fkEB`^dk4-sa5Te=0RM z|NcmZ|CFLk|30d&U2XXvAAONH!}0fpD!SKexf=h~@==T_<_p3q89wP=EmPFtoB6uhkO*YigU8Q#Yw3=DQU70$if zihCmv&o2>YPLdCTc6#NoPv2bIApidTM(A@zH%hEo`*nlprPcH7Pd_k~cLfUdnOJ%{ z*@kY#gdMGekSok&oSA)g7_H>!sJdUd$3&6VuW~x7$%mXfQU3kk9gkSv03W2cM2e*C z#@S!(^<-z{$zhQSVGVhDlual$@9Fla&mxpqchyaVhnyzu8kgEk1x&$BOE>7vM;pyY zkX{akN3%@d!*J`?Yp{GdG_;GEp<+vf0m6@txYx)2s@84zyQoRoQj`=uq?1irTAqPAp41YEAJQ(h?f;>sML~R}qyY@#^u&xV|^WS`frd zcLG+4y{*UFI>>~lrzc0{@xc1gTNg;+OfM}AI5%)XNi zFC{t~Nj4#kZOsAeuzuwukDNJO?+A)vE`ZWiIIMC=rJ9k^`3=?e9R$w^*=zz8mGIcAtUa%lFMAO4~%7Wa}s6AD=HV3CKG0+iOz9+8FLDE-uQYEVAiBxMGLI3ztrT2ixzQ^}UbE;aHZiC0g{(cuko8PgacSo; z-^47GYx2UAkB*WAbgcMD5qXD+DzqQ0Hq?rw=dd}nIL+1Y@%7&Rwu8wjnM;am_b2=k zm5xgm0+ItFXzfIddFRRq&QmGG%0VaP-t(YbQ=c-5)j(O=>XV7NNx!u*m(N;9zjI+> z;5+!us9%&-#6+$8s@Joh;SfDvzP)R@_uKy7b(iWq#-ykUe|EnU+iX?jC_0cLiz$cI zhQs6;^=R;N7`ZiUQaNZ9TR-W&5<(0AwBNk53%SHCce3CMT+{0I$@H6UvYchr3xoSGJa=|Lx^=J{kL5gX^u`n}AX_B< z+ys|_-+L2r%LdQ$-h2!>KEi*3cLz0_L!XZRN|T;y!<;eXELHWSq?eDUFAo=WwWi6) z^0DxRRvgJaOZ_SQKK)Tp6>FgAAqw*2IfuVcrcV?eh@b%zp7o8~eJumWqPGl`6|!*d zzy|g0_3QN4GaR<&NGXQ9^8?|@_%X)7A;YuoC54gYmQMr$Ye^!sU{Gbk$da=PU`gfP zo@fk5$&xLe)Ku(KP?4U-X}&4SakQ%U ztc@0Z-Azci0mXRf(Lmi^MyqHsm#jzeYITX~(!i6;wRoz;B4%O2HmDHK2QoQ(dc0FV z<=5{@&9V(Y9IKlS<}roI_{?DUf%iK13}}kXPKHsRk={YuY?puBu@;Fv8`GDiFrMMv zGTWb~rRT?ScN$L0!bz5oCwVt}x^cb}zG?bm40+0E<@RpLZ=FRP0sO*%;k--ob64uI z+CTWh4b5ZCLlyo!L znU;0Unercwm*{m10_E+6FTMZg#Olp%mZjJ2nX{&aX+wqeFPHUJ>0jv736yD_pW8hy zRKnC+7-Db5c%R&MYQF4QzbEkwKIx);r~Qz_fOfn)tdG@3VFLa`{y7`*TRY7ibzI8) zBu#Md6gE-kS?8rCI$)9{>xA*QCWdzZVgj?TI5baqH8*ys5}p+w#iy8>g^8fb4a8$W z2f(qakAw+2v6mW`F5nKE+U7N4vS8miJ>oWY>ZgOAUGW5Nup zzuWQaF)f50?f0&%mR>A_CH*#NzImHno9f|NT4yc^UWAH$afCLM(yw?7r@4GyhSh&G zHgg>ZHn?4?ZFu9vX}WFumn41VG=d|f>j~Jfix-g@LauVsk+bzzVF|k!O(yt4J5gnn z7dFHPa@{VUL$`l=WuZvA3t5QimwJ{QbH!1jX^zV}wQn(%@i^0lL=4e#wVdJ_0#!6K zi%duep>9l7??W*2oJ88vrzr$E4ChqR+E%jERH*vUjMCAxu{0`Xi~#RN8Mv``nfhEP!&1-twNu?IvK)bm9G&W&=zEr zuMyx_s4Wqpb>kNDcuRBRtT{nvWbo_f?t`uVu^3M4x&7Mx#(g~VrV&F?7>>un{usS~ z^y9-FtM^6d`O8YX75GD2kwmE`^aoM*Q~#-c)!;>~e>)+tA&N`}R?mqMs)+kTR=RYPOlhS3`qW#fr{eezvQ zmEAQgk(xHb(#10yW)zEC2F$i3-+5%mAER^rD#Li?`gBw4HbR$fWC6&NW6pJA=nl1qvK(HmGyM6ghkB{CgDM~oMdn4j!rKLXRTPD?Y|bXyEF^Coew=9y7i5-S*Czq z9+p#6sA?W|!3jti5qjMmBR%nQ(@R4mz$#eJM-}ti(wT~M(_R4i8`d%*9Tu=MB4SDY z)`D~JN){r%B)x>>a23v&FFpklTBKvJN8Ai`kU)MpxUn3qZWB z_9?7-n2vMZo^wxB+6OAU(z}_qdF1p}CtVrty)B{48GWXR-#YZKBWKma^iV-26~4f> zY5wK<{vXqboEcTd0^tb5B*i`HjE67tj7yBZ_2zS5XUgb)h+)_}_>+hrnQ)v#>%`P> z`>40SI$PkgiMd$VWVEcDnlvf(0b~T!v0kYne>b$XYDt9i+GwT3dqYnJDaY#Xgt(f5%mOF}GCX)+?8sI$NnA~*B7=ap#-;yaGsz^XFpEsKMRK_4E znH;+^kQ=SoRvU^pzE<_%0zN8s|QSUN$LR&BR?$_>7TH z>1fyx-Wb?2j!fLw^GR?Yd#mSbQKu|<16|Sv&}t9B9TC)rO&~sL58t>+XZnc0hF< z#yKF|KxqASIZVGDC6PWmV^*673WPS~WCS%Ol!WTmWuzoT?!N(D^f$csjtsr&n`JOcp)3v)qN3SR~2?w7s()x6E@xC~a#84)8 z9cwqoW3~I!C5zS1Lz?1F5)z_eB)D3dG$NtdN6WyW91hWvVPHpqZgeEZUPnyrZd{&y zDfd*(yn(3Ru3k0%U(0}$aZmnHMoQ5a13k#m-l_|b&tO$do&UjZM62Zniw?ps4L6kv z>Z-k$BF^gOpO|0`tJL5_W11L4bmBUjFRH)W`+Kvn zE1!tZ<>3=ky=~}s##i$EQGD8d zO$)*d#2h^}bse>GMUWLrR_1IobLbG9KgUVzw6$NEN0gSg8&pNl;sa8ax3K5%p%VWm zcg~B=3@{7No-34_$HyDn-7zbyHO_j@?a!)eax$!betZ+d*1io^3carD+?zP2^F69{*06iB z*u-oR^|`!^^*!^uAvR;C^X>A?4Byglo}kCjonq%m&==@V&UkXp#4C&ZVoEM;zT~?$ zb=Ps~;r5f57?2IB9U>kdb)N8gne13=-$;1uY7H4gfW4wOPSyTFev+E}xskiPcE?aW z7nazm7fXObBW)huG`OEndW_t2y;XX9E5)SO=U zfZBQ=QicxVTemBXK_65(l3@8h*(@>WBB#~#?Jn( z#6*q$5T$0~Y}tPkiWbSam?~uhyHTuWo^0+3XkM)>O&1`_s%Z!?3&H#Ht%n19mkE1T zy|K|}68!aus-kLf`A}cX1(VlS;JYBfJn<|eEd<{i*w~1NF&8XMAL@?&@(gwPj8lTK zPC>|@7@nD08Z@0W)tDaVgjj1V4+q6dt-wI0vvx&XsaQ2hZbSnBsF*|3E#lc7-41 z5+%Nuw<%AcB#bu~#vBsa3NY_gW zSOH^%F2VpE`b|D3roU5-#aUL}-X!QM}*;%WG3b6`P)jypAP=` ziZRp`2z*@u3yO}s`gAp^?9h`x*aJwaj92inwzQJ)pM&&D*FjAQv&$1sBYK;9^%9=w7g-r)iXw`!5%$o_REC^};T-MDD#sP8<>-sqw3nFI zUpQzQQV!j!%ZD+rZv`iodEq79n;f!CA>0GcqG{*26oK?w>RpF^2ktIWB9~icrYN>T32g>`}=fKZ*gFRm4r79_>kRyrHP)WE! z{Q73UP{ZFu*$7N%H2iE7ZNDr(%q?Qg=JV;*7&uFf_w3ylW3`QaoWCYEt4-t;I%2t=pxKCRf!`ZG~MTrW?=o_%% zm@7V9?WFi}PV@5{@S|5km72lYTqlNz#9zV6XzeR}Ts!}{=aq5K<|k;EFKC@H7#LAw znf(CBqGWsS0}amGdt)sQqXT7Mo~;(S(QH&FM6*MyzJiOM$L`zjt$?itq)!@MtQp{I zm2m44Jq18SUk*1-l+cznvZ_dgCuKbf`Z$5$-W8s@*7N00qLOoYt3r=weZq&c=q|pH zkubC~X7*!a)G?Y_x!AfW!QDBu2V38u_HH*Mc-foq`*qmid{vpC9_R`M@8UnyDqNDF z2k3=$hMZ>xPXZUSe%b#9lQZQhF6)W+nfBOtKF^)Bp0*xM&e*2g`l}86N%dbdj!U=9 zjuGa#;WmTTSD}CX9J0@4dL5_M3Th5gWbgp3HskLB66)e-egihLeo+{P4f+)6A7z?wck`8wko6#jdHxfZ* z`Rr@O<~19Hc0`Rns!`uW73*-l*VMI5#LmQr%j-Vypaxh-A5HZVRs}>Fc&rUVL5oE(z)g-}1=XGy7-q&g2$t+m-gVaCc zE())?J+y=xXbwV(C;w{;ZULst%bk@5#LDOccjWHcU}t>6twM@S^UPT}D}0KdQ*(e< zxaV-=V&;0CVLMGAwdUu}H`|yqusp0xK0T+4efgz2Lq(&3ph#%8v3)Jbrv)}m{vF`XN=XmPo2t?nB!|3f< zbtX1$0(gl#=^atOmLEneJ?v~-1ugRh-L-FKTwcqMh++W88vEHZJs4-6AMTKe&^xHF z^~5w9YRDHAG0mZ(T$%pkp40$$4bsaV`+8PKtvc$x+f!oNwI9c6@`a7e>qLzUI(@0V zs7I<~9j-Ja_dCjX2WE|gnsq5@r-d?&4svVjLCBhfcVZ0ZA;E+Pmp~@l%?Zmx51=Zp z;+DPH;G3v$X(5<4&Uu)dNxtbsVKMo;e}YKw4JHm;aieDygBJEo=VA*{e{l+p?qI`e z?gkgE#wX;S=n-Nc<~+U@?}}|tS|MUr6Rbsp@EgKE2#q&*pWfqwXFy9Yep8;^ftb1@*omHnNEDbI`UdAvnimIbBuE-f{Av?2>VSOJp z9C-sQKI%YKvci@~YyhQw+uj3m$Sd&NGxjzi@9Li@ zZgtOmZHzK~R~qpGC4rB3Pc5HcHWY5UdV7stcg?Y3*Yv{E3)*k=Ig?~PC3*v*S?iRV zywWL~oryk2>l5Clfp3ZnO1~*C<@~xPE%HbFG@6O8p`Qc#*|)pIO+eNfYP)@{xbASM zN20d656BpzM9hrh=jT&x?M)G@DK#SkZEb&L0P;lOkv^xzy3Ul$-ot_xs-h6UNt@B^ZzNQue`{+rpDCKeXb;?Jzj3lFYRU_ zpY@fFHtde-YN7M6O6V#6h^^3^lwBMa;!bXj4teOW%JrcHf^OiMO`DGSC)g&&4KHJc zlH!346{y~1`29RF)6lM1RR`=%Qw&_@E(^&$tM9b1*NB5-UK(N}ac$kIC8wzyMHm4^ zz{#9!Q}c|!4d4&nlxci*l=Kt=PB!&?jq7P5VwiMg0$GLc57A8yZ!vvoqPj8M5r?Ef zz~XGS*&H`l#&IX;Zp$UP5f5{7DJDT~29f$Gw<&~wKYovBITdaYt}#&_js?xs@If1R z-hnWl+Ae%dHN4$&?`}Tm@Jvm=S!!$fsZNLPQhRY8G4d6f_{LDR7(FKM8BH`-i%%C2 zEEQ)PZYoy6N{x-Xh#Hu%N)Z&64>P!LX|0xrf1eF;+~nc*G@Hm()oyQ&G7r;ik33F>yfhvTR!Wkc{AF@v5ZOqyZGTVHlI+cYe2MKfdRz{h+Gkkk#*yxR8XNtf)?|1~ zr|vUNx9tOD+<@C4J|`s?U8Q|W!`hiQ2@2a5r!Xk!*CfEKbA#Z$26|zEhfLPljvv=c zBeq|`N^<_7AJrr@Ce){&tUScX8q?qTy@mKs5|Fm1D+^XTxByi;F|O@ z_#<#4DE6bcB`G<_;Q6w3e=Sk|W+tmbe{%S)>%WABA`C~LG$o43@o;`ITY9|KGsCc2 zWACD*Jq;2^L?86(t?!LhOJht*G6$QCOD|Fu7WBm}ru82Ene^-HdpJL*!8P4W%my)R zEjZOc-(~O4JJm_G=-Pd!?X5~X|N8V{5b&Gj@PG@<_2+wh&!&_Ym(7>?lz*D0gWHWY zP@=|@p*B9LFUOoxodVTfS!#Srt?XYKF4F%l(Y*G1AwvO<0sLf}1?f)Kvr;V=VXryQ zH#&tx+PzM-??0H0g)W8InMu~+U|3k^Vk%K* zf&(=iyiz^WP`EuELUEc{G_+8W41{-C9%&uv9I1?Lvo^)BJg^hlGIOcY_YNlQ-Z(qYIff=|cBf+V+Bcl!m--ps&%gsf-c%Mn$FN zD=X=omz)3eJz~3e(Uf=+~hQsaf zAK*O$>Bab~PrcrfC(UGDR4}{Kz`F+S;D3S+a$~LdOBQbIJuj;_JZlO@^2m9Wt-9k} zMy@rSW$?W&!}(X*2Z4Q2tF$)ewsKs+JGz&e>vp3A||PEk#A#vCx+8e`EHwf+zs=5eny7(Z)r0n zr-if?w<~%K|1n0HIzGKqrD{V>p|-(swCjvXX>Qy^!=AOPI}>IhOyE9&?qw2)yzCWoqnyvuoPN00hEy zLjF4hhOb6%IK)h@{4Z(^`}B3!DbL^6Bh2#p|Np?c{qIr#e@fi_-;5$X+NmdHjH^hl z4rW~Hh^OtZJNysojOD#Bz}`)VABi{Tm`kVH;5xjvjhG4q>mCq#IZ=#41995a!leE zuR=|ItviY4=ST%yEaFnZ>#;lE=^zL2ppYlG7-S3M z;R(Lt3=DJX0FxKX_p-sWmSA$ytSi=f_&ppjVNb0Cbd=3M?(PWa+-T;;I=0eQ#E!zI z6i%(tZ#gd4W9z5Kkt`mMx+ByX3BV{iS^;Y1l-H4fF+Q>7xo2}+i9K4EJLQegb92bb zw_;^r2r_hRU!4v~t&hH>@B^8;%p)0SjSsFpl^6s7M+a6;iCwaQMV)^Med~yF()`pG zxmSB?ik6!2bkXDuOFq5CwAEbSPYzq;HBEZx)E##MopS`hzzV=*p8~#ZCi?PrUo4)E zc#q#7?>Tjk24ta*{{aMA=QR|m_n~@83xOWPW9XL8`G+VH+0bSdFm{3SFLsChU;)p&imAr3sk&djs|ilo zh@u0N_+0`vJt=`-lM*w=B&%qm|F5y`ROu~$&SyexP(t_SQ;GNqLO{n>*F>SGM5WN@ zz|1Wn20KEYI&!S!<#!=k5|M_t^XyAN+g~u$%~+tmbdPb zos7Peec?K+4?QIPg-F-Q$kV+dero~k~jh^H&O<~ z+7#JU0%>g>Fq{%8eMLx9e<^EfWTDO@o zd`T(&5oKz)V-5bpW|^LMVYA~hr}Lh*vF+GUp-yufV|F;L?qLdu6<0A++-}jQtl)9C0Dzlp z2y*GmbkkRo?^8ZGa3Eb=egEWAWfC{IN^nuO(mG&@aH?@4VuoDIs`u=UgRCX#r#NEk zX-vi#=+Ea0%Xby&@1)B-#;UxUmbT6U2wWv~I*c?OMCFwmC8UGhCtc({DZu@=#v3iM zG5DlW#1xkqe>13FQPAFk%q8tSI#L4hn4S#61(^m~*HQw;-Gq=EYf*o80h)N+y&S(n zw4~?22pG@Qn#Qj{dWLL1TsX5oG*WURXH*{N8U#x?*{(@l2jIRMfD92X{W*4WM4{|Q z?%M)1W77T~?K=I0N87@ZyqD_tro+Pl*l@BArgU`qrX2thYb3Y{j;E_`XUH;Ibd6Qp z`Xwe=R0X~yR!$RikSwiCXEnONwQA z?i*RS25k0i*8P(Z%Ggf7inrfl-^)8TrF(C2ngG?7m-TWX?eO+}k5{S0u6IGBK>TPu z;;R6rq48=>S0b`cY31o^nG9)ZE(r@?jRRm#=`LQgws3sdX8T!+!eKIg)jF}p>*s=w zdQaAaKO7nKaSzI|^<1l@f=Z2TAAqiw8djq{t9xa=f~72C0h#@WHOurKE)IZ@ep#2- zChn6@8A{Ez?kn~vGLNG>8ZIr|Z6hr@4&handXsDP_3F5JI!7HvHFmyWGD@=@kz}$ zvi&w119A}7DIKl1m#D@$r+pLN6B9N~2Sd#p%x;etGlxdxr}3(bI#opv=KOJ-b2N4< zA)C*#z1YMd7Xr)}i$WZ`6ERMR#9L|Gh@`=7n@^9%dXT+7DDIDa`)5W&+1+|e(!<{_gZByGY)ZV%uHVh~u%;kiwpJ^s?&pUNnj2$2D zOx7G5I6G_?Xa&@zzG*~h=5ej}m&N&tL0Y9bY>}OAHJh8wMNDrx1xXe+_TBCObUJ zJWHAG}1}cpy;uZzErjo4(FNS0q zE7=|C$zGCe$5N|+f!do6mKJM(1dq4?jBsKWso;$gb+S5!Hu=lVMx!PMfm1#ncw)X< zhRnVt*EeoE*4KLQo0Su);&Vz5_^Z=dM#1CyQs3cNf{BYH0we)UXMspN)G$}7qPYga? zdNiY2x;&NNsZ32MjLHlo#OBw9DI)Rv5_j~vph+AV+l{ql`_ zz+NAsA|^cLPOXFeakcp0Zwr=n{o4k2Iq@|q8OK(a!}m5WXDK48(2L;8f1WTmAE`am zbCuT?YI-hAsS1YgcU>>c^HWkG39WluBmC)u@PEzt3iao&`fn&7d|`CE9EEo8V7xr( zz4+O$t{KM^S^BEJTxYTG!o(%J9Y{fYsc<#-Iu)aql3aP=-rGn2YBDOV104w)90Tz) z!}`iwPtOD$o`lMU8F>WQQBkay$9ExusEa^*>r%; z+cR2tB3ITj#PoM9t20_61TrhNV)qA|;LA!p`uVyEx0OVf*_0&xhXL~Tqcx${z3$J| z!u7_j*F0-slEXL9@Ic@em}HX(?Yun9rY|=S@KwFpA1!<)|DK=8J**H7eef#^p88ou zpccqaCpOwBHW`X?52RB}ne;NcJ;;H7*n*zlkvD8l1VwawRLYPa+xfJ2vLks-^O`C1 zzb&T(4*vS|x{iIKrFY|u%B_P}BGyxXvRDq~OTbSMG5_K> zPTOZ(=N7-Y+bmebNR$xGf!bMPY8^{;P5r40zXVh6y^dd40WzD(HBfcUMx&v@==zG+ znA9LZHD|DK%M940DNkirxp92oYviZKb`*pJuaCoz5ou7?(n_&Be@}ydygz+MKeRig z(-AS6;0T!K6)c!Q5ej*I9LpE}-iK@y*=SKZ2Ti)kkr~^R$PNuJXIaJjpH7VL4y9~M z09^*niYmTI6OFjNpxqA-#-h}-VwX2vfF#&*s3s!n97=HEY2keEWJIxuLDjg8;dkBM!kufkm^nk4 zUj8gLH!r-C=$~kRp&XH%K0i`w+8?~P;hC>N{$mqH+ph(2hytm;5&C)8Pe>nJL3lULn<%bTbRO$V>3DD) z$4J|FhsdotPL!=1h=*3-Y4MY{<8%6rOF!Ie_~mx$7Pir{lVGJ&pmI2Oog~x54@#GX z_dPm2K6n*|3(5dDe*q^Bhm)j6?&>c~PrdsD3dcb8JTM$#venu@Axepde-f3uwJF*? zvmaj$3jcEIPTnFHrjTnsy&Gy6vhrCYwA|B9BV~f}^L|%^D@Z(HCVzfkGJ*gbl_s3N z&wYXo$YN`c8G1WpWq)oNqh{o6v}lNNA1tkQ9=l_MHu29I2`bx>hqXr?UJ!Rp4*wi@ z{4#Yqzb0&4^Jhxo#qA$gJFR!dzC<1FOa;GMwkQxhZil~|$x$Qj9`97A?{Y3w>ItZj zTz*pMxy5xQz9`YLsHamr`7u|6Gp%cw558X4ui+iK*=R;87_Wsj!xeYRs*g)}ZutRD z!zzyCWy3w@-9}#+pL`uKV~6h1D=mzEa4d z8MSF;r4;Mg9B^_g&ADygqQf^y9_{NC@)rj7I^NkI{i8n$wDU{=I{7TJDN>tZ$4CJ; z)B`w^_a>N5-%0mXq@wX2NrG+vg9{G1*s})o{m>oi#+;v!FYSFW8jz-=Og)w=6s_(< zN=?M6Mrg;msr<=!r5r&x=(~Chb8kj{g;==3@_`SfOxDEdZ@812$VxUx6l$#`P?jAm7K% zk2u6bR+2@4VpW?n*s=H3o207!?3AL5j-NhDKUyzzJ82$CP8qMK*p>H&Pbpnm+>@KG z0eYU=Ph}85P*e$8j2J?GqWveVML#a_pA!;C=Y^H>&jN6Dvx5qNh+wsnc8>Ms&U3z-cZQT_OZg3>@yP>o zCX1w{kPUeMkCCl%+qOuy7I;obpAUbzTCivnnjA#3-Y-ba9ckP>xbAShj}lS0PUG>a zarqq9m(`VS%SEbijmJmTy6U|P*N?G>;Qb&+&w7j?8rF9@{FMMW`LT)gS4TbP@}{PY zRm4pzPJQJ=_GY3Yh5g`}{q2e3D64FNHfn6%xFFL60b@!fJ6W_G{CU+OVOTx6so;JH zsu;?}X@V?jy<9%0DFtGU3Sq>i)!J+X7J}4_SIXVx9H8_A{a;y%k(8E}Sdf0lF5VwB z`gHLR1iZommM9MyJW2+)6<9W7XQ9l4h348+RdqoN}OiY{tA+9HeSn8h(TCE{dS8W z>tmGt1(+V{46EFP{L)NxwRX61Qu+XeaFhVEN+PV>vZ>7TTtw<;uXb=;dd#6J_T@b3 z@v=9n=5^SH)35yee`1%vPgJ|;Psl+PN;8~FiCDa@>I+*Q&kW{^+NsR!AeU$ATuCAz zDvyjJu8vGEkGeN^LZ2YU=2IsEY|vsA0D{_RQJCp<(&V=C`d05Gd}D|()zHb9;~Hcd ze8$zk4R(cNy(n|ZOe~3W&BZC8V_8Nh=7TIMH}2B2+(=8C@F0uvGiIV88FW|f5%acR@wqvq#i(gMPzJ0t zAKcjVIhJHdYV_$5HN?7BbtH877o=`*jK1#8k`^l6w5(C-Bnh(_{q0txQGAR1WnG@X z;JoQc`l43fcy?oxu7PwvzD(F&1nMNQtjno2Zb{<2OX2zcd)29}0h1z?Xv<;WRc{P@ z@WG`zb*iIhH0WuEOrY77^X{R{9PF=_Tc=9=QeW*2S1G_Z);6f}hFGtIhi>LYnZB@& zJ=IG}y92L|)ogbDSJ)Nce$`Ey{`QQMxOD!%rY|i0Zc`5ZO4n)l6^#R+Cqsa@OskhS zIxbC_B%ELm``6E?li36dL%m96Ub}F#Rg~Ql7q)%Eo5z!Rd$Dqwwl{IB*6#+X(EI=Feyjo#|L9`o8@V_a{5 zks)+FG9nUgE*+|bi>@jp=s|sKg;q>cZS;;rH zwcVcI`TRO2yZ2W3?VS(PjTXy4*xElNINaYH2hfov3*&P}V0kf^f>3_`Bg%5&9i{JL zx{J%?4F160ewv%zJuuIu;X@m|1;N8jSmA9ENJVB-OYK&`lD&Ck=@P{?$#k&xk;RX^ zj-SQerlG4RggsRz0ec0q(ViMK*Q{nipKc2__*6U~V|645qV+56=pw|Sp3euuoE&~q z_8KcTF30G_+!<7bMoTkA>ee`+MljZjmQBJQpoKoqp|8kPtvgp(dMi-G5h+pK{4=Y! zlO*DUd9ZNfSxJrGb^y=L-u(lb|a7xtb%YG?B;5d3LRzIQ4}3PDc& zN$3eE9}X&d+y@=ONIYsl7ZaclB{>HUu?vGG!n`qE3RgYznbB`;R%OI9`F`r0u&QoV z83Op$YxScKt^M_5(Y8>hLi7Hi;)>GwKbS}mCy!B1EVLwG(hij+p zMB7^0unPLKfJ;QA+InC2X%nNr@DncV%K^53CG&5ubWG)UfxULe?PPkER6#LXXI#UX z1Zsb#RC>QP3R*|3pF(R|;B5l3hbH3_%0}9^3-$bubvT5_I9IX(>nOyRd6-;4EEo13-Hqj6|e&oy~MEI9Uwq5wEf=V>M zX-A9>59Il>z@_c#aPBgRqO&QPOULKW#vPB#_S%Vz)d}b@s`Zu*X94MC7T{=QdE;?x!5b5r5l!e>p(MlEb{*MZ`T;!}Z6!L<)nrBe1Z!4}zd; z(YU)9I*5f`oAvI96EJ$hGj%kW|K8Z18^t%o#aR25n=MK-EjYXMy&CxIAh1Ek3SoJEdQI$ zgL*F1JR_8!5hLX=ct%@hAd1Fm?W@JpOk44Cqk_kiWlh+!qDGM0qpzw85czC!EECX? z`h(dA4pm^|%MkJBMG3rB@f(>LOZ@Ht5zf{qRiK7_X)sW*%MspJc>8MZc$rUicvv`4 z<{eQYI+7s0A3#CDdn=xD!K81FOiFo?pJgzW%u{bJ$v{87{Y}eEJ$hm|NFgacsO0n9 z{Besz<0;>V{0*Lx1a*6e9Uopq$!a=Uu%cxfI9#6TqMw7jE=n${jS+MbegqNRt0rJx(oivj-+8 z{a0_Aw9xFo*w#yf;ZF^l{_6)QTpl~2dQ(iS!{XDz#@P&e{;9aSvw7Hm3p3UD$o|EA zP7Pei`+qjC-kDNm<^GcEmnwlP*EUQYakoP`9?8&#&i^;KV0Z>RrKeF?p)FS;oaI>` z_CmZ=n{Iq9^Ox2xio$I_MnMggZ{&T0#YE9G1pE+r|JARJgj)eOLnv4CoO z(!BdLqd=!ht>bOF1?d%w$Vjj?VrtJTLYnOsfu8O@scO$5TA=dQ*Zyc_^_SNR!=|Fs zZTD%IiSf?|Cx;ib%Do3uX<>|`#~wAJcfqS{EVlj*B|B?6?(|kxh6R<-O-_6 z^jD2GdX=$Ke0kvHNXU5(m3B$RLa0qf+p9_~A^FXJ%0f`^^X2_qLqW0eRFkv_fZ`S* zIfv68jZ4mrHo>iPuHytQk}~J-j_Dmz;bZOs?Dy0c397n{SZ}jN-;g7u=jQhe@4M@9 zXbUPd(d{ZPb*Y+>!$X~_H?ul#+sp%`(;qch4L}h4BE7;8rb_NKvpZ1O(;ip8yh+-Y zhJe`r!Q6XBHNCa#-V{LrQP&bwK#GMfph!oWEtofUh3Mz56fH9)X%~(AzN7lDv-?Xe)R+`Tj-A%c-(@hoQg|d` zry%iilyJnvmhAcjOkj|4q4_cQt%)aOw&FE~CPccp3FbvHT8Xx;oNqZW^%8IJff}1< z9q%XEncn2&`)W3hQm?t$)1CAAqQZ6U{FNYpIAGdJB2l-|?2Jr;MG+?Z^@`JOVEo({ z&Lm?9Jbk4362p16klMHAt{urfr{fAsn>Z!E)mr>|Ts2>yao0`AJ=>7E zHNNIQgLg*yoOvix!rV`;huu3yMVqnnZ#yUM9+Jdv2m4I4R#bb z#f*O7T8nB(TvhhMeDl^oN*j-GE0J1qHVA#r6wT%{{R-|M$JCpqD%|tx4eum9zQOVQ z46oA1+2_V1gYBFCeZtOy1h+8~NC zq@0$uFni~@8>I3em@?W{ewUxL_gYytJKpX#5Vx~<>q-S0?|QIw>|geWl!@0*n6@K41xk*l z{rhqoO5#CBNV%^ww|!2NKYP1}E#*8bn`|YS@8D9O!#pe5s^r?ATH9vf8zV(phjazPVo*k-#R_Q+nO zd>ornN`+;W8RG8i#gN%d!prmYKID%t&(EBiqmwh_kq9-7)fkL0)}HV)mDim3Qd-yz zO_pu0B+Tmd4szYkBnA$t_R%KHd!bxcQ9A-Y@rR+G*Ww9a<>Y{o+O(B@-61gVl zn}>3hk%U0pB%)?EavpkIrfA%Vd@RxCJ}=v~dUubUVIQ0+eqh3a7cI+MMki@!rqNT# zQ}-|0xnGMti=IX^o}BY6%ME`8AxwWlKJyV-Gaqcy3_Cq0y@}f6lMnE%N|%_~l~eAj zfHsNzN@Dv;o0!341@+|nO7E*~abcyp=q)OQqA%9d~MFyFk;4LIueYxDjtDCV5@gVzN~O(D%)5TLo4pStLsrh z#6X}!M9P)w^3kfprZ_ffZ1us2N|sOo9{o$0V`I8<^YVzOhv6%!h;6}<%Kz}a|p_IncdzHiQj}i>W%e{T(wy1+yz*Y!~D`xvQa}syXJ}+ z>}o4!Z32vjH#-%M+kPQbwY}Ksvg6_}bX0~p8K83pD&{Laor~mWp8CG~+F9l*Zf*;K zAhL6rSB;kMb1|X#o@~*}uRFD040ib|sBttPH502FsnzU0aup4AOIsWLz{_o>%9VB# z|M^{Yv7%)~ht6y>G<>ZTw$&Y1%=xiAGkAxqs4%+|7CBM*ZR8q653Pj1u~*$KBFklL zKj5HNb>aFHV{h}|N`!oaJE2WvtTIVFnxL}u_Fe-M^bpp%mOFa4FCjNs((qb@C#BhU zq@2Jyrs2b3Mwq0IL()xV8Sc?+7>u1Mb_P)uaVl;NS&nnL0 z@nsjGoJ*b(p6vTdd z*Q3D;K59YqB2OMC`7#!6+ZK`6kA}kv8S>rZmw-Tfowx7fLi5c;A4i*fwt&b}9H!x> z8m6H_qMQW&LS_G!qpha2wJ zD2INtd`Kd9ZVj_AXZ(YTgE4*KnD-*1uBi$3UB?vEY5QZ%cL{PQ&xn+>yL~h*I8Ug$ zH0-ysa_7{NpoA~z22h#|Yg-FzLN-bIVG^(U2T0Dw{did;`Y+`pd#!=MOqe$QHJg5GvY-ox~ukpqD9DtNLM7@g2Gtux-M<3EK z3o{Q=z(6AidV{flXDtc_L}Am=Jv9gUnNVZ+V4O}U{qsED{jGO#H1U6(En;q8oi_6ctm_neamuZn1XbDSFelE* zxvcAI>mE1fCEhuFm#rmO-@O})wI4JLn`tg9`^f9&tP@88BfkGBgCgVF%7<*2N&e87D>lfu!aN_WhFbWxHNT@TxSb1 z9WJ1+V-=I~@Hd_`!IuRdcWh@(vq^QjtAy_aL35+=Nvm1Ks>QiVkl<^N3Cs(lnw z`^+kmseCbruakK$Vjil^|7m=N?E;y^|8{3)G^}V_YlRB*)dOa97ev50{|=nNo0OMJ-ff=~ zLjiBTH*M=xgO)<=CYz4k^1{-2wD05ykJO`%UWso!Bz9U|`XR8C#`^bW>kk8>ovg@} z!8ojL-;LRkSP}}U6(7)NzotCXf3>x&N$vNauabA+UDK)FYfqJW<9B}*sM@=O)F;=7HG-T^e^ z9E33XDZaDfSc4N_ti<@tMrL<*ZaApimQso;IBeYkLk29itN@x$N0)sve&&w*f&i{` zM{XCJA32p_FR6Q}-gYnH{k=Gsh$B|k#3(F1;~{cni}Niwa=Lw&!k9`bJt(V1_kB}W z%V{Gn#u0$l`@+&KF4y*WE9;Dls?3Ym%+8BKC+SX=BWekp8DwI^HFdG@#RXYgZYFC+ zHBBuF^HY&5_9BasQ?0$5tz%YA-rCDR6MBI&+_P!^NcHoX`}b;Ud^^^JPK(PVuEihY-Aeg;OkZ>n>EiNCJj9qbj?ic0ePWPf+-NN}7-EX>p-!ttX-~ zqL1mKokJY2S(2|1&$EU!n!3s^Z?^$R=d(AD`DD(UUFkU{^E-fF4UBd*g+D4$PrPuV z?&p<%GX)1@{~K9?{|jZ~e*@9*|KzLq`+UbS0DlDg<1uo7?>~-YeRKeZS77db#jI=Y zWw2dJAOVQo0>*AjOK$+?Ttm7>7W}ydJM*;9q#dl%7e>8xp+ejC7||N7(#Es#J_ajFzC}*GhQ=UGhGYTErt%a z_~m=A7+>bNF0rP32v4V{Q-3J>dw~R$nFt_tYBbLq~?J*uwj4HGrQ4@Q7HPXj#s8Ls{}le&hxM$2=uJ&{Yq}gtNhu z{#w+O?^Ug3F9%ajc}ksNi1JL^P}2g;&|u1g(u83&;35 z&0eIZvrf2L69%P_umIUJ<}>WmG6lpdUc5@dO|;43F>l!3>?g^wr1MOP#13*oM#Ui} z|B=k`A>NOsM+GB?S->ew)dnAinm2YfxVfff>T^CTM`Zq!-!DNeS!Ks7UBUw?x^mRa@wXWzC1SNZ(I;r01j zPJFvCqEuvpo@Z$YsOEguMoZuaql#|%E*W;ypJ61JR(z@_wocw&QV^Hkve z&8lr9zwvz5eRf$&6S8<8K%296y*X?Yx^Tq@2RH_8gm8f5nORxCcr>ajWtpuj89bKa zv)$k_FeBH5`W~=nM_ref*`nd=TqvD(hsu+s3oWww3HL1;<|pRupB%TTX$5$Cs74;& z!B028#u;|+Eq72m)wI5=Qdf%-XLj9HNfDhu1BeLtsS`P*r&!~by6c}3h^_~SIfF|( zf|Gd;AH*o>%!ot(L2mHwDof1t?doQynQQWQ{gq65DId=#;$kk!1OjJ<{TK>aV~3i~ zzZU7S4G@`)15(HveFrJp2qNIz;Y(!XgE!9m-sF_9CTp!|H1IK65j&x92-$#K8nNdq zil(nYreEZpxj$fPJU@pDcOeC;;lJIUIeOMn941?zCNQXVvVBBJT%W0{gb)Gj-aeGW z886S?6>1dIcH=IUX)tT5BW!yHAyRW@bzTbJe$)AjLyKY2sLJx!;^~ZJ@3ymd9!Hwh zI8_oo$@5`kpBDS(xhyS@;G_MON2R^aE9wpC(KhDm=ZgncZ=Hr+YuOfffbWJFdEDE+ zkCmGB(%26PY?oiXJls}5IGxU^&-ir|1vg%oEAldc2_olKRXI_y%mF%5?I+ici@n_U z?cP%a4&^6ZYZ^Btrepnp&>G6O3ph+|POAI6xS5XbV^%5g3Ft2%3l1PlzmxX_Mwnol zDFjG~7Yym?1dPEFZSKh4Xc6yfMs9Z8wl2Mr22|%0v^EXHGald8k?CgSs498KIOF~C z?*S=FoAm8lV0k&^hv!39-%g!AXd2_jtv)OQ*f>7zEX(~#wnCbET*AI{=9s*vX3gK< z5&8S;pLqX4Su+6B0>W2EOhuq@%Z50vc`#k{O{E3lElOe2hPh%>Y^x-hq_vOC$UPh4iw zE{r7cfSYI27+T>PevdRdf4Bj-oI%?{MFm7q`OOeLRVnbS5CGZx1F^X`Piaez0IPqN z&IX9{o2@}(g0bVxqf7##k#iotwKBONA@!ma$m45bTM{=r@RG=d9yXs{uUgB#GlcUA zZtXPD8*=dwZ`-)$Mc!$)4W9a>kNpK(eSdP+!3^*{gVz>+112dLFZ-ZSgd^Z#lKZx| z5Iu+38=9U+b$na)^NQ5<+8L|ufcUPIu#j4+toIc5lqnq_GzXibKipFDFeb0jOZnt1 z^6Ii9Ap3u4wd&2a);pyzXRaNRYr6>DC;1*jzeVh9IMU=kpd=f#?(#yN{&_VLuE)wf zZ4>ZP+4qXON)=dEPddl$yeG46rvCZ5En!`z;yK*PMJ4SsX zv*j|T)gq}WKct&|t+bdj*2l`XO~}g&_s;mo{9`@fNfGG!9l-wO^~?|>ZwN1SL8-jy zJ+v^WaOdjgWy2p<=hAT~$1e-G8lbh6tjV*e%|pg&jXfQ$VXem;BQQugl0SA)CoLg} ziQgDSC)pKL6XyKwQk8jECoX++&QC@w-}Lc8Wt<4W8&&oaKv~P)fUb?pc=baSr|%zGxbWDBsgv{g zMmOY|Q+{Yqesa>U0koQ12f*5L(Kx?qg4=t{XFFAXbO0Ci6R;^AkH2}tay}2OKo~cs zdHC?1MF$Lk)b_R9sw4m$42A<14bCqCLo#G+sCBiF?RLj$?a%EH{87bM3eb^qK@V;4 z2o2ny7rd>3!sa$OVV2*}NY2#jW7dAC%wNFZc0iPtusibqEGjJDzr}DiQm51bO7gSV zB8RUL)wghqYu&KQknb#9;Md^U>2OFFC4B@CZl%Nb*3%YUV3Z0jF1ybni<6%DUMjez zw(Cw4m1)Q0dUnH02%pK}_m+KEr^1=XV&@?l5#U-e?`GqF;Nq(WYxB;`zVHrgG+b`E zVVVf1{R6lBHYc8qK5!Ryvk6*c;tH9$b>m9BC~r)QFqe;gi?6v`PQ=g@SAHZohGdZ) zrTPS6pA3Z5xg#^$yt^c$+?g!-;H=dyIAH%AeexF3L$=4yyuU~G#$VC7rXzmHPB9a( z*n4bsdT3(RPxGhXpfH)21rxTvg=`?;|F{b$~ z>@x=nuBA)*2i86kGWLiNZ4%UhIogV*N*X`T)6WOe$7EQzb};JHiM}fjbak-P@^%F| z5&ikE2-7uCl5HAhE$`TkrSMwQ(Y^?QGcaRM zXfyge*RAd~;kG7z3}=Bln<@vczK@$;Cz`oU6uZmJf-_+nh&l;#uVIFQ&0=5UB_jdW z)7QD5nVtK(grI7R_W3;?M;g02Hw-8O#uZJ^*L3Xr5UlpxvuU21{NxIQTqmD-n&8a^ zI0XU_K(UgU!Sbt&gHI~OrFJOGMZ&td0r(g)TFZI|Qk^F*>jKk~4{(F;&HFs=X1dr; zI8|j)U#J{hIjD;{lIEKDGyW1Rqe`~z*XL~SF3R4X+SemJ*)#D5s*1Qfl@@ zprp-jgPakG59Jb}=C%bj5fHdTVzTjAH_+70PTNk+ol#m9i1Z8&)6X7lCw*dxe(Ygy zR%*8r$7`+bsFIL#ET=_zALjuw;svvC5{c zVWM{aLu5u4!e?FAcvf-dsBl>u-Kg$Z99FX}Kahdrnp5PS#R3QAHvHmzn^jSej8etJ zo-nSBYXmjh+fn$W^cwCfwr6{q?G6-|6-OXLY^65(KRA7GE)z0k*A(~@R1omoB_H#B ztIDoK<;_s##pmZ|i<)Kjtzjh*V1taxJ9*G{VJX;80q~AkRwCXqcL?BQbJnz{7#&?dRT9UkMh1hXoSZlI;Q>1;_CMvRX>GtrUX} zxgCbTJ(yyy6Q>icqs9+=Hz{MGkB0D>ZYLA<(}&MT`D<_Yd2x`;O}>WNdQ+?IOIDDTu2 z=ku<+*rm0x?4kRmd?I9So~pKN{OqDS{+GevqwL)IangCKpA>|2SB%Fe`T168MPE?y zG=GIR-sRP}w*jRWj)eP}&6him7l%Yj^VP<^ANacQEDr*Y^3g(?p>3vEAY#x4WNA^%JAr`I($Z2|Bw`&8*< zV6ktcO3Lz4tP0Ru(gP2x&!Sx|e=EaDNZAur-J15HTAufe|+9C30 z8_<%Y>T)*ON1Co^aK9*(k}xOVvpqk~{u7)T?W#yG%+cF(tIIJA#wAxc4=Za4!1LuV zrB6Prs-3;Vq%Ea5qN)hr^hW^A(DTyX{2P|vH?Od&Z-<{{NtLpnvz{+HpLM2cOM?i$ zzY`%U40HmXMJH+td2Bwtio?}8hFB2iu+sxlhK;njpTwAPKii|RHm*vdBM((bwReDy zh`?=P3SHPhw>S{s<=g*Yrd&(WPP-zZ7ZH}(xO$t^L`hURESFU!m>?+#josd}^VT(4 z&DGX>UdhaV#yAcpdf8M^5|o!InGs5Im22F=eYptFpJMWlUrD=H5?=5P_#mcAjref4 zfsN01i__)Zgs{9$vsM4m3CesjDhig&nj?kUk>1Oh0bVDxBv7ni(Z*b*1!iiT6Nj5k zV?%SW0mYjGUeh-$8~(cMqwhExm^P-EZ}PTjHW(LCOE?k@D{~QfI*WX=OLx7xZnOg? zHIpGZC2nco>6|>#s@+bOs_nZYA4%O#Y_Z3*{(SBgIQB=*+4Z>GR|!eWU%le%mVR=- zy%^)qxAfEM+!w;!TQQ%%Jm|y;CrM0s%6@R($KX~q@39{?6ISA2!1&z5NR$Mnkn_80 zfVBZrqKkbFk$e#TRUe3jA>F9M_ny@COH~VZpOrBTAC2BpsCalSTiGoE?{#CK>v;Nt zqp*`QNGYE4eWFCXqm z*>@g|b(9}2Z??~WI}!Dxz$rVWM`wGwPlpYZGLJ`{;N}|A*fp_NPIjYg=X8Bc`;`qN zzjB)@*sfhZ2}OV{d9!5}UoJ`o+vEzO$ZW1dmGF!?&R2GFV;O8~zz^cslV6=*L&o zVVA>}lHeZA?KfU%?#}_Z_smlRI=btPBhls$m;XjeAJi^B^k~xLs`>76w~!(lIG|8g zDD?he|0SuTt$SEK2oV)HbV7WrDXqme40tmKytSmxTQ+;jw!C@DP<+Ik(Z=H0av?H@ z^6OsMdy*;jGibNBO~*{tq7lvSVIH2CQlb8bN-*wh{)@@x7`8xF%WV9d3y-R=N6dPc$WGyc~5eR%G&vyBuC#b;T%fz~t3cAK%j_ z`GN{0_7c((EK{YI7looLPV{N?nUSxgb(DrN#e7{2EuX6M^pYznR9N<8DJ(^K=4E1C zf3)$&EgXs4!}6An4$lOH7^Z*j9t6{U>GKJTwip0)iyul8I(!SsNDqsTiGm~BnRYJ~gZ11YZygHp1(96H%p*&YQ{S&cld zdw;r^FENS#ypZ0P3#sMAi(a;}_pKi6Nt&|3a%|pWAY$q7J94;M&f<J)+v{OHrcg_pG2e(Q}vrXC7lmzHKUn7>Oy+xQ7)c zgJ^@VW3u=Ax|x#a{D<2vsPNBiF+2xs^s&M7Hj(0?^!c8DL(Z&OoJbGH6|4ls{v>f5 zag6`eu;qu@XS@^o9UvjXsuQ<3pQ9EDgG(p{GzJrDH-DMY=jMmo81G+N5=51Y$7ShI z5Bm5KszKF(g%?hPaE}0{Cp3GjXDC^rC8BUC*nS*htN)yn0}b;*h;Nt_oTgJ3yPq{+ z(dzy_7u@AbPiA@RFIOF;OS{ns>s8N?6V`c}Pbcop zkls9)_`DRCl|ovd>Xp!h)#; z_hC9Ibl9`rYRlV%&pdv0i5Dcq8dPih>k!1@?g^Xnt}JHy5!G?Oc^J-Tlj~VUd1g!A zvnt5=(c#?N?r7Vs+7Hs@U;mJ&d!3=ZK1cA(-a6X$oy$JC6VhF_>@&XV967Y(j+&5a zfKkHdl+GeRr*>XH1iCeJXUrvh=kYNJY8k4@J~Xw5n3^NIBdEYdtiNXRZnWY4_H!Rv zqYU1bm9;N={@p9-fm~z|1RdxNEQ3hmT!gLF2=Vmg&?@mGkylM^w?qQNwX@~me*R?f z+MqsNvL-p8{o;%D(2{%T%b43rkUV=R$<%k=o!^6wSA}Z&J8PMS$d|X(k9Yg_Zc%!( zk{zSe(z*Yqb?f6KTc9_vT!AMH9O!4a(|5|n7Ah^b3)#XBIDJ3lpCRCoPKC=^;mZ|y z{8bD+CPBVy3ad|Am$No~`SFl3efe-QMHBn#JuI62+JmYoKU+VZ@eOmvOb;HJ)wj#o zFT;*uZOj~LwjooWcBjgsaA>KHtthh3#JQE9Rz~lFa>x8sA5$4O=Rjdko>eK*nsSW$ zsrtcMtPkL+SnnV1uKfTAMP8L~8>g=0b~$T_$o4hB=c+6*eM+s9uN@Mt@iPd@$F#3n z6?E3Fhhz__JPbfeRlcm#*P1=mdmjSwi@f=0TLjA!&@SI-7?2FnFOy*auJzd! zoleds)vXWFQ=0Mm8C5aJ{l70hU3Q@~m< z^OUEO$#a=$Dmw0Tv&pp+T5G>910$ioAORIY(h-p`bcvK23w?d@TSY}SL*KKOx%I3u zJ1{i1D{XZ@?06+D1-^?~+-Hw5y9T%|(t--3*hqL72(GgVkSzX?H5_9+0LXMldnxL) zN{4-P>vJzjSvuXZ(iL3ToNlwzA^XH%L7SsfhdU@q`{qsV8`|{MtegOMyzE-&RQyK` z4tQ1g!#(uyrO-B?H6Kv&_=S)yn|%610nDJv64wEP#>RK9 ztlJKTrALAsHDIAxZMtOG`-aTQ&d6??&;vW8`83cvd81Lg-|7nlpInC7G=8>C+<6rF z39tfsrx89G=bo&FLrD{}phjTZXg0Tp;0iS2g7QFuKoY>Wf_{;Rn5S7KzL~*-GfMCG zuJ-U71<+k}WZks~y($98T5;P<0W+O78-3Vz73drV<3Bvx%-O)TBwjq7h!`{Q+Bh6r zKjcpL4IlY60Dj^n0t9IL^4dGqJe!_tI=VfB7l8Iu8-H-ylGw-St@P z4x5@E7v0nHLSoJdI=Z*d4_U+?o6ci{tQG0$5H_?pFoz=J8hkde!)msxt`(=q>7)eG zssGZXMTyCAv%^a?5HfFZK-K3+tLe`uUhia_rlmI;4@={>9BZm6m_1b4?_ zBs-UqpVNN?ydIa={B{384$ei6{|o2xUl~I7e{y8^e;eE7|JMoVEQ3DCa{Ety43oM8 z5QAabA>w;dV958q$l_!zfD<&+C^HeF3XD&kAKA*wKm&IHwE*|2#ySuRR@o=B`r0rF zKz2|e&xB?x`*lXF5y?a(n#M#z{~HewFnJo|i#&z4x#rF12`{HLF zO54-Hi&$Gab^n$rSsqm|W~2pq`3&VKZfdgAiQVA7vmab#hiX^(y;=kwCFO&BXC?AR zV6|1V=P`0H1!0MU`+#&jkp#H`)mnf;eB%;IrGWk6n1jx`fwmulbOWavtCrm|@OBDX zr>-)4>tOmMX1v8_QgsI7Nnx#1{##*NwiI6Y1pC>oKcA>6<*O?HD~Kt=W8I`G!kc$b zb*kWIcgIMntyQo=7q8LSk^}FK&P1O?3!z^-C_lDEu-yjLLpF|-_cofpAYtVWO!s$i zD{FA`AZ41PUH0o4DP0qM>DnTYkDTb@GGGij&66G!mb`xH3M}YoK7y#?6=0X*EemgB z8I7|0I_fCHu8CfI+|G*5#-%t(9#l%zk8&#Z25?d@bP6UXbLtzF+Ok8~Uws1LBEOLgBdtuh%p?1Z%# z=6lTonnqL3YE$_F@-SEZro<7?pSE_D5VqQ`V=(n}(OenIZCGYY=RfupJA?(Ply)5j zV2;OE7SYKy_v+Bwja`CD5*?8}WC;tqP%F?crd-f_T}lralr8rM*dqCVaTY&wx6&1S zr`ED<>2Y^WAcwhdP5Obkm6@-HRae@^5vFOY<10pRDx@e1!cwc%@Kad%WXgzN%nD07 zzbf`GV)Gpd`J28ot=02vm@6Hdi+Jq@(#uUX=!IFWAD{^I((8nbJ-gBukWL_q~x? zXclv-+4T;?CVq%_6eVHM*mtFIG-=dSfjtL6Otg_VYyz~ipLdpK`3+|AZ-7j>$3%!^ zB0trp$M02V5iwSD&{IXS>*!VWJSIdYKmEPS&lqMDTfT1hL8X_j!N90rY>W21IbpYQ zqN<^@3||k|zNR^s3xU36lj;~A%pW3M&-IFeORS?Wdq?jM(873*C)&%u?$<-`?dZP- zFn&uy;VP#RQg$IXZM)t({n44XYELPJYj@uoZTC>~id@ms*t;jjG^GYkH}6lXp{AM* z6&a4KSxU2^y(Hg{i;rXP^$d1Il^ScDyEGZn1*LRJGikh%u360PI-V=*QDy0#ltgZ> zA5O;-z%6id-u-P(f_v92fMb6+qqu+W;!UQ^eu1%iv?^!A^26oQM38aoj%{md0U|`G)t+0h%8cCwuh9Fd(Rv?)$2MQ zm)^t*4=Gl|KueK8*IkbRFR{oyCK4Tp3nX8Q5Pr^(ufiga7gCE=+5P$P` zh#7OhOorH`479(Dua(xqG;)<8K_%2It;DY{FvHq1Kgt~pHSCAgL_#aNDi3Qe2>O`E zuyWcg8*phb8TQkO->dnSBK=U~9H;Y9>NA$Zu~@7*-riz|r+@YNZKH?%-#mFa+)wri zT1BMlwUd=|A#WYR!jf);4#Uo3TTA-iUCk?ecHfbO^JbM^W2%j=sEiu-%&utW90<^j!&P2R?VYs$Da(dVUMI%>9>V4WV=NB1_QBe#JSrEvZoS$J2N(9I!>7K^>H1gN2)obxXGOxLa z70Gh8u}Gu(PoKza+!CMRXs#2z_g*hQ3bfra+J$;S5JrJnX1V*hl1Cx3;;`+Smc|+{ znR2vt6XME^GW2zKp>hhZ@1u7KJ#+I1H9ucG(nokEn!J5$>?8SI)RGXU;h_jL0bK)I z!Vx}-qIIK;myg9zKLO`RrivYxHD_-i`>)QgY zug}D$p5c@A3}b)wSI8I2=ejKmh1IB}&WuU!9P zA@X2`gF`@c`xij-AccDSQ<=GnGVJq~b@qBSQaxFEWS=W)%jM6NdA48rGT?V2>Zz3c z+9uIm-(A3hs%|jAwyZCFY9b(NdAjoFuym1r;~##W%N0LrqS6YB84@~jc<4FxL={H% zdO5C(&&G%@j2)yJs5jjD>1G><%v)OFuErN1rk94>WJM{1`VJF+g^MX^z2TgS!NUrK z@&roQeV6CUK=X~XncaUq#2n3o;2{>enxpv0_3q%&==;;rhnEEL_h>+=W%2EI84HG7 z)4U0rxGTz5VjmaDXr276@e5>r36UxvvX0)}dUSXy z-)U`F@ti?4tAa28o$K~cyZczNiO?9btWGO`#p<0_?Ahe#ZF8ykC}h3W33pzTs?q)JHcH~eUHM&N({70qF z0?K){R~gK_i#qt*uOZ=KWkh0n8Q!U`!vx#VGkLZGj*MxG1XofW!JUrFRKEfXW>9zAkQ$nvs;Yb2t5!`+d zvOdqfV+k(vlgT41{|b-(zpId|rO`o=MwI>DkYjsrnLoABfa3!{J?$u1{?`k>Z?^qU z@ucqf{@;J}Ul4%(zfpUNCoTS>GC!5TihRNXo9pE^fMc6G~xb2U<;^nfYg0 z{9%)>gE?!*2D@$Pw>-xm;D_HE_cQ=)@Am{yx<9Fvuy%{*Kc0qB-B19=Buy3fFrMD< z66UMRRTHE}73@?uqU$x|4R*_fSeHGpa1<}dFS6|RrOjTM%4rGSuP?ydf#@-qs5Pt7 zlfAcE?Q#sb#lBWWnq{pnG(o7a3{S#41^=jA|8OU3gm$qe+5#z}bg!bV zIQu6v<1zrDMsM5WIO@?krSS1tMP|6P7v^-;!y-+y;kMocWh)SBLjW?4kY_av#!PTl zy_P9gp1sj|0B3RD-N4Rt(dG-}i=diQn5vG#o(1Tv1hr!YnkZ}+AV$f?^a3iL$GFbj zA-I{W@S)8%r)J<{E$V}@=S20-V|`8f&E!wI)t(dU$EkYcO=N8v$Ul`haDGW4t>kaE zw-j9*7b>C)S$<<)?J?#mSw|}_edV$jNI){SE$w={8bpP80|5%+?@z4Ml+fWrS|j+- z28V+kAGk$&{@N))r}oSw(Hvgx&m+D-@0JB3&u5Lov@GNoNME=mpSYsv!BS>9i2Al}``+efY&4`!zB z+ZVsJyv~wuLG6mU)q>#Y$Uo15SlL9>_NKC(db;8zUH`(TkmWa-yMeFt{2zkBPnv#~ z%m_i*!Rc$wZu3nq+libI0Aw@sCH{tYd1k-1b^#4>n^kn0wrurO6xIh(4?MuKi$svX z+xBz4q-!E*ztK<)(iPalBHSJZR@AGaL7~uGdB40gG0V{e(7*z=%TijzIJ|8YAGwE$haTP9J6_b{3#?t1u$~&e(&EPEVEoXb(t#AkmW|vqN1$c^bv`BQ zLL&6L|HY56mhfiC=6E+#-=VqwOWJ?-dhlu}jU5XD|K{pFC#rA;$^_@MDii;~jSJA7 zBsHyIweU=oax8me3Qz75vw8bb!+_0)Y(0Z$g_7GJQkE+~0Z%LBt()B6%YyoxvixGP zm!kM+%wZVtDiJ`qX-NqeZYR<*jD0g5LBeO8%A$*rR7XK(b{ViGV4A%yW~)W!S!-I< zfqWTB2(H=(8`328`AwLD*W-&LN}kZ>IjcyYxMg-~=Pnh*d^<~6%Y@{6sKlM&`o8OL z(cV?%I&rbZ*N2AULlNg|^RsIU7(M9MbWF)s@0#I`TKs`}cWcUzF--**WC4hPo!O(k z9Vct4QOEo=>!xFeS9-O88RI>VroW-3k)*u4s$ezPcwgwo0}!DLF|^w&SEH}eK_lj`stc|{5vQT-eZgkXGh}U zi*tVCbpU;i2FK<{&G^nf8eklql!F2CF22BLGoX}lK!uZn@!^|o`rd@vOmrBBY%O83 zK3WCf`OI22{eAQ7?CQwdhHAJp!t~VA*OUgPy5E>=zwr4s^bm+==aCL7=Y@UzL(+m* zKG+*`WTjP8OADqY47Yn_|ApTN74S6B4qJiD^jSZ9*eA~2LwsXR2+__LRTMzBCE<`j zK8UG_2$7Ez_al?CK}cuIKN?NOS5^(+fvSeE8?$?ao)ZL@lFBqwLUlRXt4Xbj!Fr;- zv@mM|KvQvwD>D8};p_Z7Z)BPV%kJiSIugb7V65 zr^;ri6a)@p1u~ep`0S|cO@m?ea?~97O#SY~%{tD*toIpJMBkY$w1C7t%c%xs3!u>K zP_IqrrHL;tgOGEKwOqi`DKEg23MNALK4YURzAN$VELbP4MVT#Ju!aYoz z?nQaD;!2*^URd`A01NpPbv*qII&2}^C!6edCf`_}JQJ{u0fHc3KvJWr4F})-(lHyZ zfQ%n{qMDDV&(t6h+F{0f%hYgS|{j%N5GeMa(#TbA%DK1(8$l+9a(_D*HMx#dHr z0XWn~{?d5Asd%HO`#;+NsQD_t;%EW)tsoXtKbDcTfnyTN;h|J*WyNH8(RO_1Kh#h{ zOkHL9{;^cwu~7kSWBV*mpm=Ovo@-ARGwr8de`tU!((`O&lYAVB4g>mqKMOqOBJ!yW zZBbg2JSTiW=YRn2hNQC6(!Kz_Y`H=1+$RmZ++n^;oq&wqj2{Q(HTj#Y#~JZeA_I?Z z>u$4%r)@O1nF_P;%oFoxWqD}s6WI|PZDmMR59jZ74jkWK#hLDud7p!pdbOeYT}bi& zbP!)bx7s%bq<|7$%I3D2EZ3P-ar2>s3Y#grOjVV|%v#o6Oc?R3+SNugDZTl#Crz`H zqgwy1#`$qgCSaOxDlk#SoA~=Dfz6LUMvDM~zERaPa}i{soJgZBmo+Nf)GBfN0JP8m zdf`80L)~tsSSi`i3ApK49>3b$L}%>nftX*&51;=W@7zS#R$N`fi>=RBa+{I#*+sTY z_F@l7Jneg|4zdfNLvtcpL39#e5ZrR128h1->k*|@haHvaX4lTXKAwosKM78*Gp`_9 z+;?!M%`6#+w(D0yS(zVL)j7a=US#1h6j$ZVx@h1}*gZ}SwQBLrWpmh*%vTv^8}Nxh z>`KE~mrTiAn^fxtXBMJqU2km`7_ps%K1xB2hnNnwGXC>2i>ER4@w+0)o$$hihI@TO zn@Sh%2)U()*dl+XKV#8YOVZ+XnXO%0)4YPYV~Y%GIArH(*U0RNTJ9NfYp*<44UJ0( zCZdXF_c-@=I{~XV#tGac{2x^pol?O;<~rKo%ilpexDh4Uv2_>QLW-B4e{iYpK_;@x zX)efsJ}-;4_TUQ1;YP!Rne`M9k5mcBaZMm9V}pdHq7S>M6m-6oLKI}i74Kt{Kkh6= zvNh#5D`gHLM?7EQLoK4qBP66tO^(=Op*R6!^APOH{^L9DwW8CvQP{PD{}#bahV zI&~XP{DLVunDV=-b|YENXXdHyi1~`7Edh`z2=Q2Zv}Z!)!$8xb3gZ0=pL!p??V{Bpkr1>#7y;A(RRElb8<6Vq26ojwHEpn~#f9QR zqX20O)47Ea)|35as76Y)-c#!1!y67F3)X(+1NJ!n99#;r;DhoUOpop!~r3W$IFj;4aXNPG!2~xR$}rDy&*XLRCV)fjB2H+6da@p2Q3Nb_?$MXnQb6 zu~&uR0Xou_=rcB>7`QP69;ddzl}TU@Z3LpTn*}Ktzqy$<7X0N0h|S7+3UEAtVPSsD zX<`?k=ufwZo3&caL&Z$$0J>^CFZ{PQV64>6`0sBt8v1;EvFQ7uR8u%Vxz7Ig4pLBe z8oU5E;K_*fnk&D1N<~aK)cX|p_<%2{z9wv<(RL!k7|p5A+1j6HS76m_B^v<*h>dv% z;C9Z=6SgOUU4ra`fjPLauXu`*a~>Nxq(4+J(t}A4rwk0{?R3h2_yGvxjE6R#-2(q`2vLq@k3U6nVa+Q z@V&U7INS;j(^)6~Qp3n8fDmw}p~`{G|9E%*ykV=`+=b`6ezdvs0r0*6&w#J|*;OJF zB~!MWJ2wpIJ~5rpljN=Fvm05Pvpx$oEz^jSmS&u9*X*w0L-D*bOx3ov?ftZ&Kdn0p z&b1R+e=vei!MglUu0=#1_z6TxoI?Y9EA5B>jXLexzul4l&dm5Pm=U7>_e?~-UW zOC)&31vgVgjXzV_=n!}AU-*v^Dk%B?TeCX;zrSli={q3OR{ciz{m#ON`iMu zi`b%}#GU`Km{k)r2D~0?8ra~B^5*KC)c;h?F048w)Suy1#>wHlf6S>Je(9C-TGrbO z`OhksUcwDbDlqTw3Db(ZFgurwv+iS zkCH{+dwcIJgbECO9KxTJLiOd}jjm)FZZoR4&)FU$_3d(|^vtR2P)9Owliuhh`)PHB zJr>KVeZFU3d2oEVZAbwh0DBcN2C6_$ld~HmxuvkG7AeN2~(*R#xx%$MRanK z76MOewb3~Iw4ufEcn4U6RBr$+$E-}xaTpa0pJ;}6Q5)w_*e-uKboR4yet)XykEj`E zuvIwzzXj>7>6@=m0PEaGVfpY*E0$2x`_YmyD|nc`ArE=qiRIZQ(?z)us@>FXz}~2X zKCQlw|DWs1&i||{CBi=lu`d~){NFKt8v1Wk@Cu^dSp!dwp-DU6}n>0EGe zl`JTr+yY?x*WQe`JmvsS{1+lHhNrH=Z(dcKe2v=b8lMryzr0(9q5d9_Yy_1zni|9? zQM*|W*(j+no;{QSb?#vPhJpvVS*^J?U>YW1S>shue%Q%8Uftq`o!xn6I4V&^tB)Y0xALm0xDIiiik83Y0^ch2}S7;nxLZc z0!k4DAu3Hu2+~5YD$;8RBvh3e0w@qV%zk|5n|032`7yI*tvR!1{G(=tkmt#r``-K7 zSK&Q(!kRBuqB@GlzvD7JljF!V<{=_fI@*GTrgJF{DEllyD7%~G_eZZNkmMN*`>*RXY<@hESt6pjLHjQ&~`dL?wF%>n(OAy@K9Pe6Tg666k zW=;6ns8*FE57_0t2aibq1Oahz22i3A;?0u-eAbBQ0vwl^bURI3Yf?214>H`89rB6c z@!t65HDw!LdcvqE98vwiG5%Hg*P}rneHH3JS~yrvu?pUe0AhFW(BeWSqt(>oayk$^;)ILI5 zulinsj4o7KAmx%NC}^s;$&=tpync(4K|4N;)0I2+>i1Z4d5tGw(5oQd*86_Ld!Rdb zb<{GigYPwcxCdWtX6ds&44T1pkpoQo`ZmT4s9a~J0S$O3*Z}QdVNw9SH1~w&!#tLV zV~)pQ?HVVl&CA=h)aPb8WW_7DN1*mwf!8|-diX$Fk!}Pcz3s#9L0HIZgm3J{Ak7aV zhFPYShp8rjtZWF|Au`c0UcZmHEtewJpIr}JVgzRutT7nIkvH~l9r*$l^{$M340emZ zPP6rO1%*<8w;5qpHmGU$1a`OuX@j>d#$}+-qf~*d`#SW11BCN>ZMlOc_|WIdWa}UDf1=@x4@0W?r9n zNr7KEx5_IzmlrpKdo4mqA78D--yDe$Gjl=q;oJcDmH@zLiWtM|N1K6o)>t)LuvQPc zuUC}px7>xo15ro+K&fX#NcSQyekH=RZE9g)lJnWHf58BgTw`)f2@IequvL#&Yo%`4 z*n0QX2E}LEG)50)$FlD4ZavEj{;7Kz?~ioU?_UV1GTgg)h5fY1YeO7<&Bc;DerUO? z5MSLiwC|khVPVQE;U8PXJ%Gv#wkvP9NK*$v_&-pX2V&hJqRSJW5gJ};xvyS%eNl2b z5XZ3xaf@V~%r1#XS%;dM5bLti4O%1g_2$dk%%bX}KKrgtp5W|C;%+*GGMB0eYVy z>@B&j{y=a5#d)$FF``lVg0^1HzdpW+tBp0a8u*Ik?~YQ*)$q}d++iM}o%7!sY>^u0 z;rA))$yNA+Pl<6Sxc*!jdw?bX*5ZZe(b}-@msVBoqL<7+mf2fP0OswX(UjPz~ zqhj1xPsgopC8kI8eM80>$rTQK&BtyF)8fZT%PgnX_8hO2ioPEk(m$`re=SmT&yAh6 zPwPA18A(-FWy}rBPs;2-!0w#CD%POpxCey^HsIHnTV~5 zh9cGd7e6!Mz?QKnFDs(;*;-H5n@`t7B5%=X%&f}u!_Myn$!2;5$Qa3~caLQNO2pr3 z@W+5dCBBM|sym^DN>_k9Z5q;!3#;9$d$e~i|Mqj{V%JkZ_ z!9F>#>=O0$a6ld?sVSrC$E|@bTHtD&b6+QPXM;iR3{yRp0%jo7yCWN?4qp85&b+k( z3*pzW&_1gl7Q3BS1Lf9KHRTc&H$DUizjxg|7%Rg2Qr=^!3L_66g{2;S+N(rY(9*cL z?ab8n+480Ky|3hcF||kHlBgzN+v1R=H)EvG+;Uv{V5qxO30 zc&x+OEuoWylBiZ}^;<0Y8o23+qm@orx+HI~%!MNKa;9)HGYwzSwWO+3d_d|&OnN(X zz7fGWjBj_aL-&eI+_na^tN3e#uJ`5R$VJ}y@qS!dXF5Dfz3TY1$~+(PSl+L{D$*gN z-B1Q(8Z+Q-;kEPdpUzcAJb^9j?Co>Iv(;c!ax3k*p<>R5L>bp1Ma<~q#@V?<*HR*? zH)je#r(iiK!u~mK3U-(_AQDE#s`vPUTFR`tyCW5+&je-lr$i|_71*_T1d&`jYLLBsljk-oRjTV{E)34j8yCPnQyOAB_z%y!C4KEdEh4#Njn6N zyi{)2%2hs5#XO)Dgf_j@90V8&PA%MMS1zpDzLP!?uP=2@HvaZc~!WWBNV$tXXLdLlw*(} zwQXLosh))?eem~GU=SmIT}UQV#4+Uo><)(2co!O4ueZ$7%hycQ*u@p@M3!g3+@SY> zKP7(fFNbZI#3G|yN+e(ex*DnDb&~cKcXbkF+#f~*izGhI6o)+N&1JyU$ z17#Kdp;!7NyAo8gv%?00+Q(dx-3b|NVWS-ryV7vlZ!XZoIR*qJVcd-Fm_MDsx|1RJ zZa7TGuefCgh&=}bWYbQZKIu8?T!uh+d>_n=eq}hlBlo~Klt>)PIx73I(XiWETHR=y zboho`Cl;bg->ra=R`AoeC@a?TUc<}jyY-rIMh2~q8oyB;9c7X2X8SiXkvxyr#Ijvv76O|PMImkD+?3t1)%pRnVVX77BB7l3;sExz~xr-6od0OOG===#+3sB1kj_Xevk5}%9IKz`gh?)xbF zVczh=X=GA%xy8K$D!*T2rt}n0b~$sxPkEH4UFH(H{%Y{utH?TA2z1m z6#D~|41Zs4d5_m1OmAl0RSo8@^8FlE{-f=027vqNkOZbl-~|MGwQCWh?64EE=^FW$ z*J1g$mA5AOA!ALa*nib+eQtQ$sgjV(WMRd?6rV#c%7dZxz7>Et+CBdgSPDa`wHO(W zwr40KPv_3%D*Dz?K-6HtHLl)jKl~KDt1q?iuEb3Xzg>&svJKrmXh*UL3jNadYaxH3Xf;|C(c;pJ>En)k2i>l=WOd{8D z?t7GqSGxyMD&S~K#@uANYS@5FfZuYHQ7D&`I%GwAg&_O~h{p zn}OXPvKjQ;F`IxA5h;cq(f)LqVQFuDQU;OJb92JI*LxrcqreaUzRVxoX1wk`}}X zL!Bt;-+7b&>T~aefAqCjrpPNmDzj71Bqq8F(k5InGoQk?Bd)TXZI}C@&HZ2X+Gxy| zF~m>J8ElA{_TO!e6SYSo{lLoNGKu5TC=7XmuVId$aA-YEX}?b>JBs(D!}5>r+d+uJ8^7L+F5$(sHsu)!PL-`vC!GNH z)6;R!$4O7?t+V?3U>1Vdm>JcvI*h@Dy$CUM8gIv9Z*pf()VC!oQG(*jL;mZFMQRTI z{IxCaWssfuFhUB2=iPZ8Qb8Y)jLe*EF*L(Ax`=Tb;u8W`+Fmn|R&tzh8B2DSgKk>J zX8tdgRxcE7{Xc@Uh-ZQd@W!)eTzAg>PfoqPC`ATwXNb)L7 zR>GLV##C@^BVsomC9;8dK_D&A>`e1nc*sdPAgy6pa6GIWD5a|Bk zjGy`6yKzsSL5Xh)r>oN{$!c96Uh%IJK7&ueH4#nBGWzuFu+WPBt!~8xOZ{bN)O(3YEz>>;aXP8oTzu)*$1GkLh&skW%I+ z7&IhGqb$Q;LW4j6elQd}{90ukQ z`O}FTFwm(f`0)?N&bhbcO)j64e8^UQt*At(*ydWZL~n*SK4)&))${Sw=UY!KYu7Rl z8B_=>yJJPg7qKQ&@<8cQciYM)6tbQZKL{y-gSm#chG%ozX2<@Nis23j3!Lg{L# zEq?Jr%wysH6E{9MmyC@k(!j^Cw0&vr_4xxC$IS)H0@l1|`h@aZu}=5XZ9=LVYVX`^ zekJC&W^@^@BAIRirK~EuX0?`ic46XMs=M1z#YHdD z{7dd}bbr$(Xm46&D1F4i+y~S=<5D*hY8Nt3TA!<0&NXwHw+Pq*sjEE`0q*;kMyN*Y zY;5{iCA5oql`wtEW6hL~_w_l(cuUKUWgPI`8WHcepc@4MVGpwIV(x1lqCVA(a{|ZB z-ePC7L`C2HLEnbFRL0SNhm3mzIA}aajIdFv&*^) zxK9zh(oN0gDtEyg3#($EUcJ4B1aT@$_`IETHdY`2vj^Pzx_9rdD7tx#bqF%UbF8Yj zdYf2{(h>&|+%cuwtQ8KiW@if8_gX;A*1*38!X9aLe-^i@_>e+TtXQ2A9 z;NRZcf+;l*etrM)FVgCkf&1l@kYS(`rkzzhB(0N+P(5D=v%F=0{X|&KIp6^|#kzrK zQ`im`k6UYEP@_P}Q8BA#HV2EPa?xswQLq+dIHO$rbi@;6E#j|11uj!QyT*-hjsPxK zA~Crr&?*WLUIMsP^U2PcxmG#iD}Fy;0uNyBb0c=y5ObI44HT}DcV|t``Q83fKLg*C ze1ys6Iei?h)2=e?w+v&dcC7uvc7;6SfScP60zkq z13D$#!#9%leZ3SX8dFRPt*85jJB3ue%|P`d8UjEOd&OiJ4v)4hL%a(@vcg!w48RD? z(ZJT}IjxMEYm{QgwtlBJ#7Vka)F@{@gzR1U!~Ja>On+`_hI>e9^^8|if#IW5L})*mfu zoJPu5y)+OuASg4Y zX4z#o@S2fsAf8ecEa^R`?`PwRe`h$|N2+3RFi8X-*nolGB;0x{c%8;}x=h*@g18+W z^xP!#R+@Qh8cN16k+T>M$^Oy_8I9M~02jMp4gdp}h(murm^pJTCG%KT?TiZ8t8C9U;wK=-1kmB<{LDSmsHGLxMas)}2lKi^)Ru$v&^0M>6NA!`mCq zY+N#h;ud9PcL*N?zy+rF>w#Bb1Na^dz zQ$}nWJ!h_0FuJiP;Vd#P{L?TfzfUU`vE5!D-pQoWmSp+ zb2{g)R1F#b&({;>9P=$O&U|P{6gQ*?Y8A<4V^OBBQ9kvT^Fwqa9vx334;&f_nhxjgklL%Ouj3N9 z6G1d|oMCYh#Pq>VOl5thAhrGGK8k0&g}L*y@d!FQd&DF+kIf{+F@Hh`SR%fcjZ30( z*2=biQ}J8nAKsfj}9e$r-WZxFVMj`dlhdFkhMN9w&b` zu612T`;q$~;d?C?Wg#u5-3o01bM<+L5nON8y$q)S%h1c|A!EX4dgTkzB;`?Asq04q zz-;o;gCb;actA`sKJqgH1e(R_4QFl=wVHq<$Z?Zc1U^M%Adw9e)*yu7cBS>dx5dHF zwYqF8pOGmJQeg`>t6Y*)(i}3sN*#AXn=LuKvsug`XX;VSS49Sl2+_mb{w51?VU*D1Ik;g8I*w$pWOLx3X&fvo77~bdH z_b8Qw3w6;dXAr#YGJosbTPF)CrHT!RBrXX`*}Pp(J>-9MldY2UJK7m~gG&R>M{Bcr zHQd{kQVJ@Mp8e(&?U%#xBKg5r&e_#;i!zU5M8meDhugKH)|7yXGd!G`&<#=A4G}$* zA}tQ?K!`y_lGqRHD!LdKqtSrYzjZ!$Qp~LO-mr4Oz`L8KUQxUxpJww!oJ?U}oS0cJ zKvi;x`Rfdr8h%2&0CDJHWfJ*h81Hm@+;zqeD1{;#nb~wgJV}9qP{f@nMFp@~3}XvM z=!lO>*{=X_u9UQExzAXcptQT^s*jaK%+_lTIrJmz)<4}&Bf|Jbtaf*FPf`&NaV$Fc z9mIYXCAv)8qXSoJb7_MJQq(|9AA-s+SHkHIG_UUMq0k^_Ds6B0AS|s!B}_5W!rXwe zK!t=HD&SMQzYypYq(2EifAiADsU4qE;?9=7=X{`dla`kJi(IA3yzEb&9W3t$M^9T> zKZ@_nr-n6mfiAiQ1P2r^+)yw>97q1jR)#dyA!o=iFuKw`5z_UsPRWm6SiQB;?B~b0 z`L@*k(C+YCY=&?e4K7$1?zwrpH4ct;2B$zxnX(^Y1+u0`BuV}_kH?I&30A~cxQyPGa-bH7Xp3_To^2R)ehG!Gk931~-o$jn8MS8`h(LG+n`okFEc-pa0_zE7kqEMKw!% zz|`bFdiDRLCj@IbZH{wK5f=pdt6i}c$a-ZSWv_1j{w4hMSt$b;<2c1{EUQIv^0%uj zzdf!JI3UiLi{1TIyj?|f?r&a!iFPbOt5PTGO~P0p{OrcB4fzVxovh7EV$Z_O?!?=q zKfD$ivHLhfNkWio|0yf~U!|KZ)egF}cMnGw`*tt{Q@E7ygl|A$J1uCJP@&}Z$ae-` zSI7J6i`J{_;2KOjRI`0#&%W3fYiu^w13Pw{fK{t?(9-oFTh6n+&)haX?=9a|gX<~z z6?*9QiJL~b+Id>=E=B|&88hS^5iz))Jk_URBq*5Rn@6gDBSCeN&F|}y5V~>wa}DDZ zp4d<|?riUWVDK${>bQAQ_<9uS)YyH^=c}3P@e43WHgeLnlbzZybt}K@s(H<<=FavN+PCvAB%6+-0r-BJnx39e zrl}$!*1b&H^s7RXa^v7P_e( zCYI_}S$n^H56cf&_nP7xvO0B&f2=1{|Im4d7wl&V(uuwn!PVUN z;K$F1TGww%YO@;Hf~-oxgQ2HvNVyijyR?ENJ+G+NYj-5_9_Hteu#{S=tE;p5Nl8fs ziNmc77YpCH%JUZ>&K>H2+XhIS4y#t zrT_bIr@p+}T;DIYqS|c{5pjU*n_90{Y^+i7bY9ml&)H*ShmJW#PC0enYtZxq>h)QLDPlp!%wU1>?tRA`$dzrOz_XTR+IvWYXBI!3@2J5%0ZS&z0zsswb7d<;?_9o;GLQJb^eK--~b zzTAH`|E#fK@B2niTy=nujR;#Cm$s6lT)^zA_^rH~C(Ey%PPKf>Ih121Xc5k96-DhR zo?cHsF7FTz-@2731^Eg=LBZ>nwipfGyL=kjc*f_l`zn{o0>+B-mv|&YMwz1yawabh zFGQyDq+4DScpjg}=iBWy`ND>WPRa1r)zG+jS~yI9rqaay$x(&+CrjHB>QTI{7tEov zDe2_lvCM`+fgi8?&u`Z8Phhz50+^bO-px$?Wb~FgN3^_8Mz-1{s1vGHJ8>+5@w8ini3_jQ%mmRrrsu_ zhG8Fv0GuE9H7X<+g%t-bcJA}tQ$_zNj*DYL-S07xgs<6L-m8sOaF_>Ls5;_NiUR#x& zF8g`JIzWif9Xd@N!V74oM?|lPd03y}p<|RhCfz#ks@WR!C|K6V;KSO=i9`32CZ;bU zU3!hxs;3X}e){`yLQ^vTy64g<)QX7tinx2{8}=j);Dg!w){+ky<-9nh_FS{!22bm` zK5ANJ0a9fNWE*kg`zyXjB8KhVdBrPWn!db0NW=ZnbuHV#Uiot|W>T+VKD zT}rLT;ANz4bKLHdi1lX^HuBA>=4VSamEgCs<)l#v5}V;k+++JpfKf89PEc#7c49B! zYp5M3{TiaS-#V5|MRdF;Wawg>j!Y^#PX7Ju*?CWnuMN#Tj_2(x9TH`tG!VqYl=Mmo z<0a`KqdTi;xo}O106Ug1Tal9c+TWX#V}g#NO`S)B0v-&Mkcjb5b69#Ln%>0jjfu;?$|@W%DohPb|IV$j)9txn|JGs5zX3 z=};C?)owO(BCDFLpJkg|7)Fvjjb7=Adm-5+k(6(;J!NhlwqToR|Azi^t9JxisQcN- z=M$W^aEahNZ1<#N?E}H3^Kmq|@!pLeDA9})O=Jp>j)|c~w|H!2<|dmpv%Fd!G8+)r z`5|gf{eI)3o8=ocwPWb#tu(D>!tkt&s(pc5l%X-k+hczY{!WH!kY`DL20AJH6&3B_ zLUm1h@A36-&fjQMmPt*Mq=P~skG#_giuJn>OYUE1*KuW>?P^nBD)x8p-r94cV^PhR z(aR+wrs~+ODAlinE2tG3MZ(-JK#G5}h)jh`Tx{lJYiz^p3!>^w{URj48LyBJ z*S^@$eKW^-a;P$lgqb|0*WwF($W{}+9{q3!lXm-4@$}T}1^Miq3LdrCsqT9%sH!*- zqe3m$0jOtOkLo7Kcs`%fYkA&gva~On%VDWlf^)1`{JH11h0+51v1s-3rMJ^WoDjM< z=Oz1I(Fzxilqd)yzdK%~{hqky3|-0IHK$Ds_%7r#2ry=-fx4VFj67KfBb$OqjHJ4Brmx~EXM>`iQnqf2gX zpfx*Bso4w-++GlPsHzfWh{Z?atJb>28C~A)Zk+t|1C#)s)#4th%lfT-iCLpvCVMmp zvSCs4WjGz9w?E_)pIBQtce=IzU}j=^gXNs~daKWz_(yrJ*5TN|rx{cCd|ns)ofLXkgESm^m6t1?~Q zO3K$N|6)5-VHzHb#}2cY6$O4fdnyMfYy^E=(Ix zoxcotsbjR3w07Bdw;N*OJ+I%pbSdx|6j4`2Q>`jII`njBS%#vv zx$N^YE`4`sq7s|+>xsS}+OFuE8e^=A2*wn4K0env2fQV8SHGeK!Yk{t-P*?bI`5?$ z%XzgOKm1Cy{)%LPrR*U~=^EXH#fP5a)SopEH^(bE#MWBS-DVq7E*tNDHpMj$T=@uA z>gnEoTNSHD6b@7D`d&v66?T2n7t&XsDg`dNNtO}L?&!k=1@By^p$d~}lhNY#VJn&X zbWbL`KYi={^(L==cXJUJQ8PjyKg3aHyKFQ}q}+M8+X z*1LCI7XVsy$7&)^owt8vtg<{v7;b`|+qOGB!cN*MjrHW?$4Y0Nc`@279O6z*$n$Ej z2LTg=Ke-KWjgh~DssDOF{U2>y3GY80`iLKNhW{Tt!R^#Gqg=`{F|Hc9KSDzdwHsG+ IuiOdwF9jZ&J^%m! literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-content-filtering-summary.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-content-filtering-summary.png new file mode 100644 index 0000000000000000000000000000000000000000..c6c86c4c3be8ecc66b5c1bdd2956a74ea79d91a5 GIT binary patch literal 34263 zcmdqJWl$Vn^!JHFaDqF81PE@y-Ccsag#f`JxVu{j1a}C*B{+jS1a}$SWzfN4o8NzT zUq3IN-KyQLqNthbnd!dw^gZ(ZoExdCEQ5hcf(iozgCQp?`56WVz6k~fmI(z3c;`Tk zk`DL>>+)Gf9Hw%N>;QOyU@4{~1_M(QkM?Ma2)usdD68uN14HoP^$%9=^ZPRxm{40e zNihu%qmxx+4?Immq;>cb`jT6H7(_g=A_WMQJbocP19_o&Ua-8{pQ*wd26Dt?aO)KV z6&2O2xVk7#BJFO++K^&u)-i3X_4|>Vi(?75y2Y$!m%TBeMy33@z{>?6(p?lY=t^L^)&Pd5UF#<$sW>W(L9#`Pid zFBZce?rXj>YtuVP@jLg|M{^GLX`J2-&+TGQjoa}e&(%gnA=`(uWmAm~l*GIy0gqSH zDnA%BzuiGPu|B}x;pjJrNvM)PzGd(%s&lul106Z=!a|HnQowa;rb~2ff<6Cy~5VVc(YR;baBUo~^Qw>R8DdYGt^U%-!vl zqsrFp{mBC7!x_1wS$*X!!H?nok81wHKDUld;1*II`@v^Q=+U@t-PdGfN*`7K_N3J| zPj$D`1?trnx8%NPLfxu<3t)z)%t8u#r%Q{DP+$?p}i4Z<))aam|mh3It7`bDH|C z!b<6Tl{kL0HiZ3GiU6G^SHdLx=7;|=m-l8Q-IwJCyScJ<>hU;I9_9GHWrvQ6g7eMj zTcQQyRyQSDIgQjoF8f1(kx?2n@a`QPmjJ}p9T z*8E2%X=JYURy;4{f4rBw+7loSdR}z-I`VjTd9~McH7@cp*gGyVPj$2V@8xyyPnKNo z2EH7lt5_!3F4kIyg?}0PF*K0#J#mLoOFj?|@v1(8Ou$XiI}o^13((ukYCC*Jt)JIN zJhDl}N@;r$5vQspF_@&>ioiH*yMOT88_T+wQCAs)ajDR2b}m9{t^4}#2dz^2;9{L+ zg?p&@hs$Wz_6d3G!e#<8_OjVmo3|iGDiRl#-{RR;$VU>M##~D#wGR`m(l*VaCs;8Xxb@ zdax|E2NRb#!{mSCdWnW%l9z(0Q3}s_N(AGGIi=ko;0lo1Gjv_GJJ5?cuCdYDvr+x} zaMl8N6fQ2uMf9sY8a*$+Voc$5Cb(Pe4`&OtLKEIijHYq^zRozi*c-31K!EEaH1<(D zoU33=qE(ve70XU^`RU7@dlUHN|n#^;!8ZmiRegH`X`%VV38?uJ(|-i zrY6efb17C9k#sypUzt1-{5C`Xw3034eON+zrMz`F^GDrcvDRWvz+43w7NXNM8X3%| zyNRw~{=K;{tw2gBga_7M{-a?_OnZaFi?9;ga$a=pn97WgP_Sp>Izuny- zU`jAXC1iL{*|uhcNg=p?X%+xO;;#NdzhCK2=Rr0 z+;?uzx8?-I4SD^+Wb28an?Fm%-`KH-!iC}RnzGZh{dUekPPBHO&x)m61M8N2u;0<_++^{nS}=7A^lm{7nGMN-~V9+35oGDW^9)-`i`IKObN--{Y8T0J0r{LiDlY5J`$C zQ3jl65A8-{9h|GsFLGFGUs5MQX`{qIDG|9VH5W+!s4g82Cy=Mu#b!F=!Y)5YAln=q zC(q^cUMXE8XF1#N-uk27-;#cMB0IE_f;=27iL{Yltd!h(xG!6L4Tu=@HA00#%5VmQ znIG!}AJ2N6H-F~{?rxaza=aC^nJfR%Aqwj|?xfECG@>_y{3aBJD0?hH>{KB|(O-J! z`+6rV34Lz<(~8UZ5Uz?~We*J4^TBSh-M6)U{GdPfh{NlO{wX7x@a3oXsa$D=3dsBB z$GAw&x|$OdG5ITkjzk#x++8>Z@U6rExTp;aAEMlLDDS%?AdQjY6rCFB3 zVfyG%wHA&l0H^gg_q}qa4!rXt2Em&6Zpik~5ARVa=`z)Z<3(4nq!}a4)0e42sp#GN zr+_v1Z1?@Myi5Ui4~)V z@b?&8uQ2Vq(T%u4B9g$`A5Zx^aP#_TUNFp2a(lVnrl|RiJ-d&v)8>0UY$}gOvwrk= zh^Ud3YDYVg<*g4Mo}2K~7(()M=bq_ujWH2PTwC0ebYOT;Urrlo+8ynn&2n+Y(18Cw zy97*}mPond>Q0i%-&u@M(kaW6^iLP(GFhOp>89@otOu)QjWNW&j9BLWB6qhmfP<_* z?P0-1oDN|E-ufE`0QR4>OMaf)|Rr#}ek!98V3*I@Ue;g1rv`>U4fz z)KNPb@0moCso(7}$h%|SG{o~#TKFa-;w`2|=VWj|Hug`%)cCo-*3*vaxvIjZw`2@P zO~sqOC1;C5o41*ts8HY_wGE|by0)IXt{IVfNO_fsDHd?N;jOVgn(V3=%$aJ3V{4x%k zWp)&tD9|j|VfQuqtxWElBan5%7Z1JJbeT}!t-ujVu!|Y38y98-+~lmC8+ft%&9x+Y zffQAUGLu8w4(pY2{@y&uaEz~R!QNKn8R;R|s6Q1o%y9*nTf!9Oc43j?2IK+TDhvy(MzllKG9g$<&((39JJfZoz@0h==0<-iBV?fQOJj zxxzLi-kFzVrbbvk4#>o43?m%?u};ADg0vo-+dWF)5}U^H7uMypDfu}rHfQ7-9s2x8_wh(ypMfxv9GY@RK&Q%~2HCHIKO zb_NpsQT?}7d>U!c;_oRD3t{(I`z?<;%6K7Ys^8wOQpS}~(a6t4r!6|!#C)l1Pa5?E z!pzX5{t5^97;^=TPW1-YYO0DzkH{ZWp zge*FZr}}m%0gd2N2Ntb@zhbcbuFtX}trZ{HPMh~AeE(s%RENhC)ex(XIW|zI{utITyXCqZwznukU6Y(~Npo-R;3S+J1>I9~iLBS-F-Ye| z67qV!3{6?o&fx`UmbF(_Rq54pl&gwTWD0uz*bQ~w8BX(Q{e0Qoa!tBjKVRx)sJTLF z(3Y^~RCz_oCVI&aCG~vy$Fp{|*o2K@u<|>VieQiz*D z)Oa0E3AJh2Wk+mo4WP>pv0Lv9Y{`8SB!uAm^l&rZFOBep7Xk~rk}DR>)hS997OKOh zf`QM~itfJ^%k$;=@op*l;;^jhTW)j|h&&SkZk_@mKq?Ba#^?yUanRm)D-Zv%1UbH=MdzGCBeUgu|7 zR#yWzTl_Ipgdnb4+nDcBk_IcrK%^;-zqjJw<69&=zV!;zGIss~2 zAnA@88?<@Ud_P`L6G83~&){*OuxGKzT_z%)iF8_VTEUKKq3-PGJD*ZuJ#d{9N=KWZ z4yF*f(lcwVQG#ZEo(WA50U@q=P)=dQD!Q>!UC;#emLMD{^M+Rw5kS%IaMwa1UHS5| z-VUBz+>Ha2gEBI4WRus{D_v$(XT&J>u=C{F05Vyw!x;P=vibZ`k8N4dldUQzUx|tVJq#*o6x5! z!`8SJAQ`?F^oEjsF86SHy4(JfyNf6PWrj%c8Zd%M_$#c|Gv&v-E21kgN9BpYi5ix{V0yr;=r`= zC!4vc6#7RDy|&UeJ*mruyGueYkuFp9l6B!0l!bIIJ6bG}i-`8P8yZM{UN0rD@iD=f zWaQg$JGu)EApiH}W(XB1a9Q$C)83$OF z3;UhnTuTy<#Xn#yp-84%-_f z;W$!7I3qPRVVW-y4ChBkYE4Q~37GYwR5YoiaYzL#BM5PR9i3 zAzaefYMPONJRuu0iQ~pkqhdme(`0VEk|n=DhaTN0`=*W1lV|`nnuNOPYEBjxWrhaq zdt)fnaelWzd*!wDm?PkBzd$diZ|k5UIYAnQ$;TD4?tM64MY+?btTvXX*m*9A#nmg> z9PEKGKo~17OZq@IU`gW^ycWyX0c!Z|QGEU(vNUM=qRel)e^Ap5+oh)$6RUujC?V9i zK{5d^jT=e{-DpDA-9%wX+p6N4%N=B7Bj^a7nA0Ou6h-w19Tsz&a!wowKiVAiVrHW! z50)^DM&PDZXYyUGkLP|NbmW(i3Imyct0p5hak-DVgkBLFEdE6qdBD^C5v$k6P~z5| zqYEpxkHy#~pLRE)!T!beP?<=9Og&HyTl##QsZM5i`XrYk_*Zk>7yKS{1FrUUYIwJd z9b)Ef7paupGXJf*OKRHwEbt}m5+2gG$E&^F@3$cc~LWB*iBZK>Cj$)R16aWLqvv-XR8_{SKE4t1( zsUO0Dk`um;(__-=dPFc6fKjqX6;MqI_H}Zo!)+iJ`iAmT_0CO;>73Imr;Qn5TZJUg zk|0@|Yej&NyqlW_n?)^Oa^Wv^=W`Rh>5O&09$!3$EDgeqvaJ6VZ~pljg;<0rCI%JC z;L7|P1XNjVo zOp$-QSUUnLHp4)nP@R+-pUT+X?z1y!6QZbx+e{6Bcj_-SSo4PX3ZvN|&h>v><$mH;jM{Vr>&64 z`njDPf7A->_sY&?^RvaFsY5i+olwwxTXVCHCQsLzlAT?-Zb3`i!Q-%NOR z*oV+7cX6!F-$LGlq*dC6FvytL}~#pU_t>Z_nt>XE;cHY{ztz~M~k0AMC3SG zrXrGfB6)COqKHDNL_rZ$7(zt*$ztOug^FpP_r%Szsl3|R6h9S{V5l`vcS?Q01__~X zO_YVbfUZlW<}w29t`YsCKcTXH9y&#F6fauQ=i5^uf%PJtL^~lXjxqg%f|Lad4@bdu zXr9U>JWVl#w?>uKHv13zia*?9b1CYccGs+B1LCV>Cl(NI#C)~QZ8aeZv5CqSM<7mg zEre+&Tn?l#^ohR=>_@oDT=t|dUEasyBH0RjwBdotON1B79b`ly0!3P7!1Pq(RObbc z@bQoiAoldHVpHC78q85znRHqyqGQRNMF~bz_-uRL)I>&~IQ6j0q?uyHN(+lW>$ZIV zlU)_q$rl5DfpokWX@7>!rBWt4BRgSgxk|&Mc=gtl);5CmW_EnU%rooGX}No?1EPZn zg=+Ra`>;0+*Fwj{T*oT<7>0D1i9=a-UC8*Hbr|dUvat+9iBEaP)gpu)U*IoxGiFDn zw#loo(D`D~m6yu2X>yq293FX6QnwW_y^5jJAgJ;6->es4wJca(%a1iK%rI_&U?IL$x9V*Bh zB_NZAZsLeMW8SI64_FQsTA0Xd+`7U*NBTD|17!~ z8bD-0%-`bpxWZ^CQ@_&H9COvpcK1j9_cz_$IPBlX+->@tkpS;Xq zFW<8NBuW#^Du^aa9<$vQqOYE>GX7nmaWLxrxwvf>)dI^#lC{!z>JGlFwMCzCEbGD0 zP508bju-VC4?-m|X9(toq)kMX7O%lf^*7ezwMJHhuDIyI?A1IMx~W1X+&M;a@)y1^ zx1iO{@B6A&tRA+`1j?4jLv4fSy771g9*nl zmz&P6U@t*be5UurAX()V>uE<*q8E?(*a1#?x7gTOej+(Ojp21XED3h#cyR)7nxlx)_v`-U)ntHWdY8G4~34s&EK!j)> z8^S9(uoTfg&A;WvHHOL2NBYm4Gha}06M5P`!K{;sZ$-Gs2V*RUhavU)1!iWb;Q+Rf zOGhBagsQEdU_qcV4vT5h1%eC+}Bh!1tCQWRD%-TkbJ9s+M zQ)9B_t>-K@WF#^AxW3fM#?zb9GDdyRaY`cPXrEI>8!k9%71NF+S`3h^$qd}o*Ni{q zcHmm6wfGw*F3+)LpI^7=u+2if7_qwM((xBI&p&wF(gLG)f)FpSJxnyk{q-**={Gtv z#hBKE!tHrp+*i$%_OAQf+nVl8ZE0Bn@vUqD>CD? zRjwj1G@+_{op4d$FvNn|sQVQ4T#O7CNPA<6&F4DnjnJu)=fe*gnFT5X4yZOOA2Paf(CH_i6$^J!5*a)CxAcP zc$4Iqxl@Mf#4eTguy2r%h?_J`w2@u4q$5`i36?sHVat2M``8x2u?GrIAbg25y`S(> zeS+hwtg)f9Y2b*YHaI^RY}MIyq})Cn5`xk*KdBSiSM8Xo>gI`S)g0W<8PhNN8=j!f zg~yhU+DIZCu2_kR$gO+A^(Q&ey?uOB46_r(da+!RRyKRuQW#iIV=~izpT<+;<;B;R21JUxlVUNT!4Ydk<%KtZ6sv4^f1S zr7oyW<1@R=dgxKkW@$`*qhN1VeCfJqzTvq|+N@;XR7X zqzu6n1Dgf${73BK?V`^fC$kLB`va-1gZJ?GLH8IWRy$Vbn^Nh<)u2J#!GciKaHQ=- zv87F;LFn_k&b#qV&WR}KC}$pXLKCyHusV*|lFyl+w-EQva7tn_qt?Ee!W%KL&m9*i z!JQq8@F6OQ#O0PoK*m=rO>L@hTB!JKbX!m~H%Wd3J@1CzK00)wDI#0Saup_-TVpp9 zn<;+)9=6Jm?>pw7tKW$j_}*8JOBfLDtJhMTez1J&k60L-z)y21senu*1EeBy2n0G6 z-1!GA3&IA-Y#~GtcfTs`ZI$ffdSxJpUc{z1*=Ht^$JsZbR8?{5<|i71^tb0Bqa<5f zlC!ip8cJbDB6?21pD0^?XEDja3GgNzi|LS{{EcrUlATsou~Dc{+;6^bej4qQ#1aTXpxf3aGjDCjpS8OpjHBMQ*s5cnAwjd+ z5TFUdBtW0+KO8$f8Q=>S40A#EXBIun`VfQ!h8r_bPD(>~}WA@68T>{#K%VcNBBMxaS zsWM=~@9Gv^xK$&i94bf&B&x&F*WY(Chpe#S;oea7J!z}y_C4)PkcNp9UE<=vvBl?7PB2$r<7X9vW$Y7A`mBeZ!Cdsc~j&d7~~`Iz9)~90~gj+VEz!~*!M&XanX!% zlirX|@rkAz&)w{mIyFDg$+&bHkwa%XUceJuP`O_$eyolmXr_y`JKvXUM06qrU3L{) zaUWSr`W(eZ z&HLQ=v^fzq3~DNxC>g@8H=l@>qWjX%cu-8<1ydn3a&$SGpnvLbH;G$0s_Lk8MYyrN z&5-6cxS8~bF~K;9F6rMR`;n2ZM7?Qr z=yK=VAc@wDbFz8wLko_!6OSheV&<9A#u?poVRt8XmAHc0@^P zP6@c|5>6?x*)WhP5PN{0e2Pub8hkmu`_l*yr)WzW$J&6lhc$=Pc`l=u7vntUeuD%m zLXn&tiCgAc+{wQT%rTtp)MlO4%tD*yI`SW+Ins<&$5 zQy_2mnPZT!Vjt6Xj{ox;_T)Zn^*l^=d_7-~NmmdxEj`*|ql2;RSSH^!=Q_Z_pd0|y zjqK@4^R=&v(6vUyAD_@v6ETsV1Auj)1`H9^^L8Wr+E*cksm2c%JX@wMp*TTwaWTRg zE_l`nf4@jug32!DIS4>VPFrF2G!3)huj-StPv^h>G=-%`*+sm0yyC2WDHbO& zgImPLg$Y050c=8)D~pykAyI|MZ*05{Foi%^)Z zRea$965z^76;)UZ|IUW*w@*04eTzSxBB^b&2JLFKVo}AO>|LtZ6YFifr!r+Cm2D|03)Z9-7 zp4+iccenb+SdU;`q&xl7g$J@pc!-m8F^`|aFPYo1rUVpN`(b*_2b%m60gtnQzxK28 zEH9Vw4GW7BV;|j2?Bz4&D*n2n&ZJqnie*VntZ7ut$!pf6B?ivSFZiO zcjT#rF;cwryQY0-ZJy3Y-A1Ve!F*pVhJV)k0aV#@XPX(5ba1G3eq9(cj+z00n&CxP z6G_zblpVmSVF@~Ru&BQPRLy>nx(>SCanpIrAVMD|lQXQ&eg&W$weS)}dzjOI`N=Mer$-tQRXL zFL}xT52p8%%?b1WIZp3?`O5$Qdm>nRAfED9RFy^oVAA12{O+gkwX2Nk!D4uvfI20z zSbrpN0ItaR$*j)L)Byshmqh?+3JD1r-2InP=vDvi{(kvi`cNP|a(M?PzT(~WQoRj_ z^`_+NOLr)$+{<&$5Ww^)c( z1^~0mNn!munvlY*@1fDas9jou@2JtMMopK$-|BN$d$kWXB;om1i2roCH?H4-a|bxz zZ2(Ae-X6p`n5!?ld#P@3_kG|#xVBaSNWZmf&+0T0hir6G?wO?*8$AkNVbh?MHqU7< z^4kdL7m<4 z981t9Ih@eVo!j=H8Xv&&T{AUh^11ZiAEdw|`z4I{zt{=U0JLU)2)#1=%Fam2P}ucR zg(Z%Dt6RnQ(;2m~ECEZ9I9~HB{0M+jU)BR)IqZ*hj%GvPX$U7KIDPNA4rXeC9|53d z&LJPEC*~KEp_x$YPNED&qU~bc29d$iyT7iPCJ|J<5bic8nk7pg5NFx-N@^$Nn7}A#)0lG!2jH*1dN> z6{Jn|mG-(mEr4a+9yb;Rq-}bGiKF<1rC+HUJG0tFcCBtC3u`Vapa1BVrEuBK$O3?& z87TO5fqI+Ii{%JuIb!*v(Oj#T!!FTayGkq2v0M~iG?Fqx>d}bJ z3=b#aI0{bb+Al+9Puy%ZHLUCy4*-fuu3HDyUu?68{_F74UMQQ`eb4-#A!q=GP%M`r z-F|;h3J`c1U&b<}P62N8h$ml2DmH^Fxm>qSuPTHeus3Ibi8&(1xkHl(d2wY<|H)HkqMHZ(Mw1j+#aqy)ioyk4a?Ck;$7%Baq%# zzq`;^gysUM{SLo^B(F?FX_aPjIHhOreRN5y^G+1Nfa(&k>M@05lA|x%kIIdvFlYQ^ zG1N2qqcdr4Y}XXO54BtV(igQ;3qZWp9etV7qkBx6rGI~Z)Yl^9yg(|m*h*1VcDpy` z^*8!Dmi|$JfOT%X54t^+A#*tQhY=B#09`@G;qJpb^MTl30Ad5&rYR9C)Eo%vYF+j) z4V8#`_7mq`1zZNL(rwqgq7pIz^nWrmtJZ7S=qqlkIaG68 zA1|)$=X-;n-FnY9IIO26k5=>Ac2*;Lzb^(otRvMbO)^tvCa@}J@=`OVu>JyK)L|gv zv>IEU_=DmGF8N#(C78qc8?*jqZ^7(boXKam{g;E3I@ot1ui!nvoaGcay)q9O=Jf{Q zt2w+*2GeL3lJ{3C3ILN_SbMi38ixTGX8B4u|gBb9T3?&*f|@O-?i*%FFamWvg%21 z*g9`6&J6j=J6XHQT1_3t=;g1jTw-VX0QZ~SE0lk7)&1fT_tYb9{|f8+_h!HlCdY-M z5vB%Q&>bbKhN2Q&ECuf?>?)@9AohkEijgqr?l(IMIG*JW__9?QHE-gO70e2&WVbCT zz@TV2c7Urop7nBM5b*N?;qPr&KTDpa33)>&P^(x=uC4+9=KTpS^g9KQefjrKf#SK* zFnJd(CS5+(tEI^Rf6od~=6Ua;zz{#*2g#PTY6pn$DywBx5-vkB=U2rWuVc7+yJc?A zo2*8Qmv-MdMzAU6{q+fBGy(I>Q#^`&@TG2tU&}%=D{rL%@rpVyg#M4`;ppVtTn3(R z4b}b?@PY>=1{KC&{=M-R@O$LN2r`$j{l&~~C`=~gr2+Q7A=hpF8hb52+F8@Z?kqme zF&E%*H7Rq=N5FkN{kyT;phi3gh&Or3C?tYxgP62{J z38;B{b%sN8rS@Cd(Dz^1FkjfQ)RzJ1$x;t2klD>sm}|7Js5;58B20}LyM0*B8skR4 zse{BGuGo_{*Z^>?DTs(0y{5OOd(Df~nb-Z)AWg*IuTYFU%+9Ri*!!>70~43B&%=q{ z6Vu8RA_kRGI``~GhdrOm?#$X^yiCRT!}Yvz(Tn9%x0fyKT4?fjnK%;WCuH;l@lZ7V zjyD*Bj^#9ES2T_Q^R--k)p>r2wCu2kOCSNMv2#6|MRQl600=oK)N(v=^c-(fP zI&W9^_m`ohk&M~WP+!_9)?)iu++^R#ic71b6lO1$zQ3ZEB^c^3Y#K|xrzRba?bIDq zYwI^PuHIz}O!`!`BghC_zDfZH6@l++$D;?030a4MZVSONU$S6syJdL*gsRY%bb~D6 zvs91${FsD!E=?RL0}=M!j^$ZHC+$`NjQPCB4$G0%xSa|9{^nO#FtVpcjOzKf)t1;o zR7XFyFsxQ>vwpTM08G*y7xzXw_6~kmQr8^LnIr5fKb8%`U;p|qMd|sbCW|%E24LB@M1@FE>$NC$Q{BUsx&9efvmJv=fR>gCPaC~&NC5JbZ+l~*Vlxt@5~^eg}# z72d`Vy4{Svzu{d=FxINn`;g42UE@b8U{+=uIdlQLM=#CS6pl@kDz!Bo7E9VAjI|v9 zG<0P^dt}(Y;X=r&`}S0@e`V#DF$*O(2l9$KXRd2T!^NRZl{GNyK-sOZVCc71HPAAZ zf4kLy)P%yJS8w}~)6&lx^cFRlQo}Ke`S4l%!w2m#gSk3Y6g~fklk(@7J3H^2)7czY zw4_|^kuW|ZHg)YG2(`zRPo z_)N!+RNpXJ4uZyo%B)JvJC z+}J?~O|w?x<4^*1FyH~9Z_w=c$OSz_y~%vVNVu&Q=xq}z$XArwt9(V^1t@`=wq zYC$kQSM!LwBwT@37F=r){cPLwDR1vL=*qx3j#m`i`8?x&R3YpAc`{nqI)85;f3#IS*|uw zIQabGgG2TTMSQUmi9Q6ywae$FNFf_Uro8X!bNJ^>LVuDoYaBsAc|TIfeXPTXpztmb zJ{y)6+HrW~5W-yg7KiI?6GX-!U-C`-a2W>v1OQFzj@vtphr0FDI65exUf%st%8vNh zktI|n@iU9*`;9jUHl{7EJyFJlI_Vg z{|BY9%;ryT5!evG`t728!Fi1})D6P~5wDg_T%62HUHvb4q;7))o9H8#1<-6_^c~^R zZn+*U!~H142F2?rYl2Oy`SXWA>a8iGIU=m(;n_gIz4;5sBPPqvueFVb9!{3SN#Vkm zH54a!o>O%=J~TkYLr0!#PzhdzL|fWeI>yN0}^$y5iYT%=U!$;DF$^ zHllT7^CMI=;U_$;5@Dt>XflA13o$_69#!6fAFmvHr9=5ze$aKej^vBxb?;aFAjf_F z)HM=IN*1QjC?nZr;DenM%U$z<-$LOF95ZDb1~I1OWPV>a290sc_edFI2xGSMxl)^qvWSHI#!qYQ80z!+&}ues)zBM0(wkSYrW|MP97LRS;^-Hkb3 z_CIQ1Yrfo`-Eh|N=;I^9==qt2rnuqmp(1(a&14qbXZy}OH=JM9ij3FqvFZAlz@Kp# z$a_;-$z0|;`FQv^zznT8tEdQ|zEdMcfA8om5`x8Zx6GCJA@$-x2`r&6PxyUd3&Qc6 z(K&w4a^u!Kim^?%zx;3RVn0qYzxvMb_i~E5J0ui7R|{%N870G+AL?ctCOWrVoRo<8 zoI}R*`kN?BE6;*LqrVI$&;0&0?I3F?=DSE!JBmdQg zfc2ar4!{IACqb%<-Eg17F)3#DQ2eHKUDiMURz6|R#Oz6PKWV8qLA9^nd=%PUFH(Ul zk_H$V@1c&Wxvqy(UJ(%6qewbIw0;9Pq+a7HWl4GS-kNFZ-c*solV0^3>z($Fv$!mQ zHZ9C^PyGfjmbbxCA9m~e2pp0(fySGVWgdPI*&fkzot@JoKv3T1U@OwkcefIQ(c#C_r7U9@+g$1EH!;U=}>@U~*lQeU6 zC9j=XKN&QKy$Dbn;nKP7zJ*v&5qxCSYHLC#;+54ZH~0u?yR>hrrLDb21fE9vQ-BbQ zo^xhm+R-Sts&OnU=*I&_W5TA*?cY+h5#nB^9=ceMFTPz<#Y7}-qZe0ZBQhL9w5I_` zWGm`Sp z$oqbi)BolJ_jtkWd!W$!F2}hcO_IcWiv$&5y$i$y!5fs%+D!Eo}bU zJ3dMOnqh>)p2mw%Td zP)#(^rllMHQl zDhT`BsBHJgs3N^`A=cdRdFNsS3XgxT{qK1rdlXvJGw#r4qU$VE z|IFBK+Zt_<@m{sno}ht7`!N_sqqg?zwLu~=+jh0<5%)$A1CwBo{6tfY`8B&~x5r|Q zZ>vlw%R7|LYVupMtJ3wroYimhmE>n+lA}D8#vOs+{9e*4x6@b7sp@xyW8yo0<5|PV z`bK>JBS79D;j*RQQ3~bb&U21=uy4t`hO`5%^m+bv&% z*Yt|GL)K?OgQa(CCd)NgJe4xOm}Um3UyRL;1fv{)HkG~Wwz_fhLNq7_8g(Ae^qT_! z`k2Jeut4kmau+Zg>y%^S;9_**LW1>3hVt{S>87#q;W>^}fOf@9jhCe-94l!T0-}So zUp8>JEEMS3vUWT=|Ft&-j8~GKaSU!{xl8D3AuN}$t18Kxq7tJqTJ{nsP;#muqT(fN z&`2MW8Ty+f(lJ5ta8?9reIIT>TE{TSG8!nPTvjE4lDTZi^~N3Jg6dWTZV> z^GZ4g$+@nYNj0k}x`2^_OMe?+(rniXT?$qLZtq+|6}f4@W-yz%74S-cjf1G7s!Vt@ z?!0f>H0cmJ)qg9^YjOi3;s@(;Pf$SAd*M1jtKo24@wh8g(7x2`?RkEi79{`|9GOHb zpT=R)!(h4~ywdpE=(7#FNk8hQQw!Z_J5emMg=X?il`k#>gG|6 zz)rXxLd)?qMj>y%(ud>n(ak*|P5%ITkD7=Qnn1=NqX+clB)xi@BW|yeXkKZZ z#Jgx#OL;=v+~1BE19Y!GmT?l$g(W_>Xx+Ylm){ibin`QbUD4xUmnzJ@fY85>Nc&o7 zk3e+AV!=@p56r76)2g^Yv8P6srqn^(e68xL^}cTU(8s}~7e4DzBmTG1yK+;DAGbe# zei?z!l*s;o!(!7mRpj+d@c}?Ml&nFAwU4J*b+xcUsCaEz1s~xDGJ4tGK-TtLrPgVc zGWv(!*}YnMR}ipsgc_3zQqyy(T3s>AeJ{S(YjOASzppt*(Lz0)sxPZV8Uy4-z%#NP zcYSylWuYSq^sy(^`Ybvx{~DmDZZ)e5C9Zwh7NPo1w1HIHUfYk)TGp$xjlX9$*$Kd@WCc7@mVHXxw> zHHsyNx^Li2Kb)XJ-#l>J?yDZ*qvFNkUoc!SUA(G=i6;$+P2SMs#Ld3w*X&?K&TKG=qm{s`CVB5C43gjCyZGhrn~IzqeIHs31F@EwsHoWL)9Cx_RUROaU+nDa&uy z!N9f@T2*=<7HhvI0ir_&>XY0N&&G!P|GiDcN|4s$P!ipc<QpLZkdN=+K@+y-q+A9P^Q(LquifRL_j$GEglWvE7 z7SPlWl*VZQX)Fm)m~^UEf^yxiOJ^_k`l9C;-;4u@^B2Hb($YVTdwsZ1(9&$j-F_U%_1Nfqe^2|)=Zq@@J`DWyR=L_oSnK|n-8x;qsZy1P4- zW(FjN9$**DMgec!$Rf&IhY$2&iH=pbumt#z;KzRu5iUR%?SOaKgskd(ZtN>E7> zeY@9sVjhK(4T9Q=_jX+eH+jFw-50Oe zzCXUbb(++(zk-%wtStIJq6g+fpze9+)i}(uc%jx}LKwVXIj@a81?Qx4XTBBgt;p%a z91r%b+o-+8hD~w#A=xfpxgpahZx7k%2kL<%|FM2<*)>c=@jkrTbyE}U1K-Wi^*_-ZYbFr&?V2sQm#aR zt1srt3Ie{{#WJ+H!y4!xmUzIDwL-5jcQ{%m>&r$!{KQ)2=(*A?h#~NZ<9-`!JDIOA zg9`ZgQlCjRO6V2qWr>S)3dm-mr&(O?Bz2qL8BOOiZ8B_d?f2GM1s1RWM7+@am7V&1jiId^^IRHbc0K;|l~ zbtQXlR(c~*eZ6~E#piRsD?s+fFxfr5BsA83Tn;ZYkazJ^7U3GPnh#JJ4bf0?#g+2TU{%q9hJODEjDRYt8rN5D$>l4zGi>LrCk>F2b@9fxI&8+q|5q1o^&Y6MKkvm zbB-#`b{?fkw5Z#5UrwY%J_cfdoI5wO=nr#QDUy6;n>YJ2OK%e3VI;VFHYkh zavKljzNR??#_wFquyue$h2=*Zy)lMdxhbVS3Qgs2Hy=0aUM+3hn?Sny0DEq3)LDcJ zVzhtJ1O7Bk>Ri|OxBgq_^`Rn{zfn9cKt$|r-iPI@rYMugIGpZmPUe4D`;#PepIX8$ zb|_g;Ye1*)eZZICXbB&8y&C(ZopXnT5svP19ACtd?W79R82^sg?-t{?3_eHvXFw=g z^Q!##IcwWU@=P~hH7(yOORusv&!Q+g-^^P!((9LY(UG5xtIcFXbCs>Bxh8H! zhaa?J3Yz&Uk4GgElp_1@k|oN;2LqX6;tm^7IVZYSe?H)CDfD`n5i{FFai0zeR;G7c zZ%d24W@)us5}p`8@j|U1pEiADHv#aL@<7VxaS;T0oYQK|ws7fd(C~Z&s>JgK=;$XI zQ3w$I`+sNH@;c=xgtLKY8g_^u)OP0sEd~bG;YQ$NhS&$|jz5K72yIXKaZjs?GD`aD z`d_bE509Q5BBpUaceC$~sarBqnv5-#10}|bXVL{^EI9Q?v;7v}YhS4xmH0hL)^c|K z;nvw!wp-bX1`5yND@LLcc~-J@WCAz3B7L%c=&aUf+9656Hak~2jcaEnQ0i>tnx_nX zu~6@F*x$=&>wj6Lqgj`S+vuyQ}tmPXI}@*Z+bc+A)AJ_C6Hs+2yGg?>-G(R*yv zs?<}UD=EP-<*3X1;T<#{>|Rv|YXWcxw=VqJJ$Ou73_-EP3c2yqgFS0^9@ejByVBaM zZjw0*{HS2;IN1=lU_D}x`+7||PW9XY|4HR5-sMDUiORz!TgS2(rF3Lt5RQ(%)W)qW6>`m9*OXmD)6e23DQ}G z*`;e<2cj(BMO7Dz&fN;2^; z!f-yIG#>NYk5{~0^rtfrz|Cwbeb?OZ7`44o4z#q-O{WvDQ$y6i<0mRj!e#DH*1wVB zr023=>&V-s%~z}=W8wqYXlC}pO5=JWySbGO%LO_S?9-v`NPovmh(dPb~1a}VOp;;)U4A>!1@3{clpkVsr5s1vm zV@8aoRi+13Oxgpp^b~ikG3q2usOfsv`pR`4EHQS?G_Y=|8zL|CqK6E~1bX1SJ14mP zcdV6B$lj)J`>hG#84#erD-s%WbMzI!eOZm6TsPwPk%< zymQo(c=L<+J!-MEa@CQF{#_u^lgu{R#;hBq7^yX*M&_B>?^PKe8|Ba0{y;4|x;V^~ zLBR@l_wl=8n?6`GeEY+FdQu?IypmltpdDCc2_g&v72q`M)&BE=2Xx$qg!b;~#Rjzz z{*)856dDW%))zm8qj2{sdNK~@P@<214M6$k?JsdeC4Q$G}R&VZBPyBlDggnjoTMx2W9oex|P%svpo4 z3=W=j+E8Oz%6rZ-P=g}Pye{qJ>fR1UVFyD}S{}RC@#6K5lpa(w7jL|kLB0nL%(dfb zI6hhgM9gUU^wc=Q*%3yabZq8h1a+NtXMr~tFftPMZcJON0 zL#+=>D_=zjUa2OzIq~*p$|^(5>u~+Av1?-jRTMmo{3-iw8`TtgKh64-+6(IEMibXuf~WTjXu_MM#iZU zxx7Z^9e!6P!?dzbk-~8J5`g2TYl%>!ck7;Py&)l{%E7YrIqfrTcQUlb3ViBHn-OE; zfAtre$GSwvPZozx`fd#=YM(}^5K7u~f_fvh?ZfwV|Fqm(RPMa};o~DgN3~?6T;LZm zPbV?YrO%gku#2AUw-OQD42h8;1N_0FG8VSq%)c}DC%!%(S4=zhuerv?-t9|r!VEGhL@gwry&&o91U}}+_)r}` zRa*6t45@;73hG?`h`?rs&!{h6zY^bsxsU?HDkmez@fG}ezE*j9>PM|3H2vl-f;V-VA^G9s4m@nNQ}HAJ6Pzz zH0n$h0$u#_j&p6&fonsXW8e7$FpmVz$Tsp-xAj6vwNG|LEdFi@R+u9^Kwco7RwzV8 zQs_%fbD3V|y@$f~Gkw_GjDs~L^SM^xTLC^>W^v8}3UY7%Jqo=Vxw-#I_yG{+fdiR%=ev zZn@&soI+Rh0qfQpYsRL-fhhj{$g4=l{L+9xrv7;VZ=2Pb`T+#b1cJ&Eox z?RVuyEts~o0FSd{5(aQW5%6#EVE!%A>g9xMJ}xh+;;82iHN4z5o7wv9uwg6BcHrN8 zPs(u$YQhWl+6h^m!Gld_gt_LuYC!8TG9sThrn3j6pJJfi2J?ZBO(m};nmun4GsAY@k3T*tK2ITK-J);wJb1HPH|kdJ|5Q9`i9`trplT_jfshCat1O`~89RBA@2uiaxHFS>r z;Jb!_4P3GpA|YJa6Jg)Ogxzt*h%so^13*jr#e#3?OfbV8B0)FVptH6wSTur@Vi z5AamJH{}45KQs*?5$)ZdIWV7cY?8G+_E7?xg1Y)@ z2Pp>8N7U&fnJB)rW+VKU_rA^i=e%&*R3aYT=3-tW3EvGV;0TPRUxRANHdrJ9gt?6y zL*2Hg``LQ^Jp)~3-cTzrcoJINV={Mm?A;KB`%}p=U?Di1X1i$+AR2PNv+%y~(8QdR zQZda|SWlC;U!`%=8bnzy?1+cJ+>06ZUR#`DaX(=c^Zt{&JW2EFECrc*?@qPt{5ud_ z$ek9pEuIffO8v!s;ym0RL?E5*v55CkqT$K2>N~QwtYRU|6{x@N*Bv-6YL_fQ1eAyP zB=;Y(zHmpq&1VT8Cu5iu!T011P>S7j=(F~5N0z4tec$n%S!1Qi%@)0ph}!k&;5!5X zRJ@A~9to4|jJvay^XIoTAwZuWEM<2D`oOIQlU37&;yfMsu!+eJ8U0VCxkZJDzQ}(5 zY+zP5+xY+xY%Dh-TsehI=0|;`lA6bSkTQ=Yo-PZ2|In ze2NbUlVlQ%`5kl< z5wrNVn;GE;-}}52&!k2b|2^oJ{m(q+6Zqnt0GRc{6!sba&%55N0e2_~FP`Yvsrys` zsqF%doHST^Z%S_sb(T|(e^ONYyWKDTK0c0&&mTi+duOsoSEJfXNFlEdi5;QR;WRPf z1xeEp&UM9G%4LN4WG%@$U2v_FFj;CrwyqprX*Kc(CbjU7;1bj_uQGIui#UmCg#Mge zBo5kTu)gq!k~&zdv;KXtAe~-~dOFg|A|JL{wp}%a0o#)CU z7_iqz!|5dXq7|^RM#esSesM**FLnTungCTfTT?Ul72bo|J7Uq)jxik#Pn!gZk%D}I zry$I*COxR*U@Vx`MSLM#_|&U2_*hhh4jF30U-AvR;)=6&!Rz1hjl>glGD^x;6UK78 zOfrYXTrB--$u{r(G4(g*VE^s7f_nKlc3z!{X_ibDcK|zoWQjp-e@{5AYdIBm+eThn zv(>m(;Dyvk(sM&i&5(`7PlqSMp1Vu!ve8d{gwD)*T(w*XOI*$RHoHbS?AA(P2FKO^ z>}1(Kpz>8KJm8XA(r=i>Ja(d70TsQf6k`Dh(Q}`pZ!Auo%8l}>I4zoa0}L6<#NNK@ zn~Fg+Zc0bdrh*>s$A)-j|KFYmiCkiO5$g$F;lf)tr2dH=yse7!IUepqkr}2cH$fwCq~1e@t%`~ zQ*n`Tmh6kmdL#9lW<9JFe zah4!Yy1u@g<$;_ewm~5`*K@B!pOM@&4w4J|l3bslMmhQ-cEvgl56|7UU8@KWIS(mD zTA@~cc?dCY2Y|ReL9LJc?M6jKj5rVIBz-^Y#PkadO~Qp<>zMb71g-SvdpihS0fXH|?Cdxned z3b%{8l?7`}K*FuAApyCTcEv71rf^-{-GJp?_I;U1k^pjTeLhEm&XN2#8SIp*@~tXK z75YW8-K5Q4I#46QFa0XJ7;V4msJ2202)sM@lfd0So-W|a6U^6g(|$ptGTZ)I1-GtI zrR-15N3oL2tbZ4IcN5jW*o~Ea5%_T8UN>L;Ug}Je&qbcD;I}FVEg~*fDFkrMG~sUpP8;eA3x`cbUC0~L*1Hrfv7i>Q3p!W? z5~O%=g6J;V5pEFCGmRXWd3~KGC1f-!f zTq`FBn7OPDd5_l1o*34>v>Hu+3e@-UbP4UmpNvjJ_wHpCkTeUpSdES^Z9-dlwsxh} zMXCcK+N-R}vbo)YWIuAUBQtG*OTR(%;%$=e0oMbU@$dv8VXBlDO{aFr3{ zsVAyp*cyy}mp@^c10zUSm;C4X233P$GW>f5D(O#JFAu{QD&2SIw(q@5fsVSbll~BR zX^tHnf&eZA@1u?7`wIb}Q#UX9?@Rhiv6rfGqH(zO`2Gi8n-lqyzL5gPjVA_52kHdP z&04@((J?^<5AV5~io~zGXMcTt;pk0UtYhpY|L%#&a<$V_oRJ6 z$01i~g?(dT%Bj0+suOskh z`e**V$uuy8mo@;ovyvyczbBcDc zt_I@xR^93ryp7|3c<%|-+sv2JB4^u5)B;YKrLe_D9mlK1%=W;wP7?b12mIizixh?y z-@zjdyaF(Noc_mQ!^zji2Gn72V3}?Iw}^^m_@BRHAs`_7KX3e>uP16_Cux%Tu~uG9 zdQXX*mbJmH91dO@e0Pfs{+>VHE5rNWrqci4e}9kubL9_c7nKy;UasJEm+b#sQ~&SX zN&nA_FI|KdJ-C-sP-3l-z`e3^s6TE$_58c4&&}m)Z-0n-DXa;g>Vjx?B^E}B3_WM@ zqs(IhjiGaNkLqmGsp8qys{D3b;h^!Uk{1seutwQmSJuBcuAP7X2}s7*u{+F4`XwQc zy!rCLPyGSWxS9ZTGnWW!$W@9_UhW8D)2pzU0?S`Zx8CP@(+N4b~1@Z}g#Zs)vnx(X(s>%Cj7rdeD2_#oIbJad(Y$`t!R(igmI} zKh;iX{;Mwj&w=zb^gFw0x`6+WxlDD+Ht&(zS=H@f+}i6Z+;>6S75szWZuRsdkW>4g zqxkgg*?(`t+rcFMb>7FnjyA@P^aUVqcns^_H!B}39<21{{o^LLfHl=maetYwcPRja zM#S_pq%FdVD!N7zPNja8Jq7sR1fGAysMGbbVUGwsS(F1%h7J1ngAdnpodh`mODqFHnpmw01_Iba(* z%~`uSLLQ6Zpn@&r>T~6GklnOcoYZ7kT1+SDJL4V4>Azo4G2r|yKrd5TO2ZyCb!Vx^ z_qD6_d(u+Iy=JuWE!>JGM>m+q88feIK0!rfkh{AgXM95Kb%tqT|~(H`r> z3}qT+LU!RmP@DtzV>vi=)LUjAYzc0u1;Nn&18cBvq@UJFzWL^B`uX(%NkCSKK}{ba zn=+89EG>uU1f4f0*tTmAIsrG~y8I&rSk#S`s2mpRnEwM#pa3}WX~o@-SHoV^W&H=h z(%+zjHGHGhp&A}s*ww#vO5&w>6>ik-$N^vezbueGF$nfkxu9?YG8zMTs6jy+88~?V zyU@TE4>0zCr@|79?a(Z6f11{KFcHRP@$%-{dHK?7o4%HU=+hg0#W$?_uW0{3UK3FC z@dgo+N26gr!uH0-axM~0S0mR9;ylJpoEe~^iUfFzi@%rjw4YX0Ch^U{v z0^==K>k-fTx8D91Xl|BHet-HQeCw}(YFS(R59-Ng5>%*-ajujL`z{&~kg6HNA18EM zC)0#|!2}4Mv)dk~L4MUW{WYVMf2tzs806-P!$8P!s_E-WB-#{iHF~X3YSd`e%pEI% zz`x1qZZT@CNv7QO{o-rU=}-PtQ#YPRj|FgFahhx<6RmFR(ie>YOQne~;4h|{-+ed< z_bJ$a8-HiSG?#wj-sWVT1}nYsx1%td7T$@QK=k}}`Chiv(F?TX8&5M?<#2z zayxoK{Tkh!Pj>XS>95yFS8WX`HT;)FL$~uTX7Du8E(wU41W@EFL&;mVUYw?CnpoLH-FkMglaV*ZgaGGrhaFDPtM$42N*;)0+G9-+jZq z@lSr@?`_nTxN7owRtkYXd?b>(pXkimc zuZ^sbBbdi6Ere{D-xM?gIlg#Y_(_!(Kbd8Nl_&F6EoUbzpSkwE&xrd`2=K@}*X=2z ztz=Bvx#Y0fK8>6_)p?=&u+I#XirNfYe@dSM)w@~1=i=j4BbeYb5WX$k5#aIgA8Rma z0+e8&BPZWqXyT3+ED0B! z`dTnTMiwg_PDidZQ{$F$>2g-F1GasNIrq6_IMh<3QtO@dpkG5i_SV#VoYZGf`6+XL zw98E|<~A|9HJcNXDh2uN+g%^w!hn#<6n~knF#GvgNAMLR7-wO>*zi`r%6_x_1`dW8 z9hWYFF&zQseC|6`wzJvwxqNF7N3Hc`s?4FT`XzB(pW$`{<`)4tMqkZ3itibM1#T;R|b610Pg~ zxh%FQMw7RP(>S9Jw>Vsi$KD5C>QveAOPqi{Cl~_d_vp#Tt6|1Eihm8?wpmMKIBz}; zIqhOMjlvrkx9~EO&+l!?arSDY=crY^Z^xvzFC~O+$>EXEjctzxfJVOE-|6GVgEO0N zwtvc`>l76B-@b9H98~trM;!o1ol?bWf1bl)!(0}|4C&73oZyG*h_9}khPmI4w*J0G z!@VR;Q)vD`q4P5U(Riu@B!Q=lkUx6cVR9a>pBt@??er=<%YQIDf5**8^#CM8&`W3l zGJy@H8Z?>!sKhh6avAi|9L)?)`(B|6oV0qD- zs?Fi+4o+xQNBF3Gi{eruh;#VZSHb<{RUmKcsSLN$E36$-$$1@`+nqXyuwcO(_OhI8 zn~F`5R|(p{(+Ym!<3W1ksmlPl`~<$}v}0w@!av!FeCf{MXJft`HMRD$&d*#o_=v00 zBIe;Qf2#EZr2o8+WbSC}cg=|{d{IPn^}G6CJg={uY=*qWtFR7-|7W?ZYUJaSv1 z=I;k%MPh(a)6Q5r-D_o7Se30lXJ_u%s92Z<+gtMeg-(ihCw>gWF|7dp;7TAa>3AD9 zD`|EL2TOwjNQ`3zpqu|}rH@BlRaZ6Oh)UK^K^{@LP~w?^G4lq!sD0t3-)8iWjD0U% zKO(Q{oO%Wpbx<(jl?K)E{5$`){irnIg;kxq43nGGpU~TkC^!5+v}KH^4km6a3*}~~ z`=;m3V7$X$-%w-^0wVb-de!sViyHJ1r`l6}|7tDnR6NMAmD0>pW@{X(*K2hD_*gwN zvxRi}bGdm>qWF2?87wsUgp*sn^}0+JF9{5iyW0gBLz|_PGwGZkZ30HX26P6tl z1WsQ{?Fb~Q?!g>pcnzJ(RDly5rRVj{2D0x`Zq}{(*-)m&ezrKyt3ViD%ufB>swzG7 z-Szl`$gpT1ssiCUrxncfUPFsdS#JJl^GFHy?(Y;avUsGy20Pph@RX>mfKwp7cM{iE zFrKE>64cYuU`8Q96MyYz{Abg1w%2hL=|O1a?(gRev=fY8*l~$rU<6+?4Zn7eu}{e_ zMJ&~SU7>=cW4*yN>SsULY`;5jz@_gp0!D$ta~3h5_YkN;)F&O@TQ0-vVE|LEF?P_H42q(uo{eC%o)eA+&5qM8$}E~ z9!>N;%Mqj`v<+i0N`+9tcEZzco+rJ;(qdh>WyE)l?rP_&BpvH7f4u@Y>Zbr+=+*sK z_0GfEr;w{-%BL%uiEVAf;bcGnl3gJ@WO!HEliC$bytR!5y}FznooY0D!-T-X3_dcZ zQFa=Uv<~2Qw6s@|g)$8gBls-oIK+94FL9vZ_#On1LGIY6R3u@+p?%oVQccq7`?Y%^ z>6R+JZ6d2BBwsE=f*A_}@kloK(SJXOTn6~bpKYy{q|+pg^<0zZ^VBNQ2-|LHl&;V? zo$Mr)iL8v^t>c(Gh~($Jl$-z2gKa{bj^7eGg7m6;v>&MGC1JrVUF z!>IL>EC_vaBtZ3w>pL%A&Sr2-h-V=`)n3j?t7zJ1^wrn)yA3M6{E=#(_mF4b>$6EEj-;T({Ayp;NgXkZ zE=*SkfU7X?7#p(esJd#WI!8F4$|w9I8|qYY)_G8WI^FH$qMNp3?hDgC z^le9uRZ>jiG&YA9E+9sBMNE49>kyQhL(3X!+;a4%tdB?eyN)l6B(LJ1 zB)RFjSb&J7Y|H!IKMG^Hzt9DOjsNY;P0Nk4%mORhBs<6B-n^TEbng8g zShB;3KG&c=!6Y6H`@m2tyt9agP5xyc?*!P|{i_s3mE>HNIAuhJC-(+lE^fy5SM#8E zy;>Zdr0^~$X0!}JOD5k5W$=z!-#xAc-M8bE7gXl*vPUX)%Yv6Ys>xOQBB2C^Pwto1 z&CY+T`e8$xGcb+T+z?kaoZ&C%CqDBY-J5B)#0wr>xmYZ_L!iG<{)%{nc2%m_Gi6>o zf58Qx^_TiNE0^tOQ=3GcuylPQYB{DL7p$Fby@&<&R;bCG*4`QHLoP>J<;CZJZg8O2RiYrtkdL&&~yYDJ3km0R{2&0okhugHv_itGG8unTs1ES-f~L>ldo7W;E}jc`;NnKbugkA z3^Q-Qs5a-?BBFn0VT31>`RZ*~ZG6~$!Bd++`}39%@eAEM>G9xmQ(TuZg&O_YY4czpuLA%{2_&;=i3a82KI-3E-3B7a#CRj(ii3 z|2~PVPndZVi{?a^mny0}{XsP@NDz*siukd;*Wfs9I~E@2LnitsW^DE|PG;FwnOLi7 z-UgUry4@m5SwW-?ELm>t1xjR6)3^cOPE(}rEttv;{N>hJmFjf|ot!Y`G<;U>bjY>W zBBjS{nD6&S(f1(V!5dv3eV#a;_Ri@AG>Gdw5%xRB2DvB8zbb*Tnh>gqBE_uc=ZI6^N#nLTNYi7iogni-Pidv-X7 z^^F4R0rxWS7y80YkdxCJk&J1UZ4YlTGAJy2z~@~8I=hn1C4|9KFu&17eJT>_XL1jc zAe_Djl0?mSE`08k6pc{m+5>+NtyY9_!;|L_(Z|Bs^`27_?DW41-f&Yh?x&Bczg$l5 zK*LhBf4zn7xscoCig{aU_K zf;~J&l`IrU)==eE@*7g}0<)ZtJeQ3f#A=XZt%{_b07W=5`+?)+)Ko5o7?#IH|Lc6J zzQ^x{>*YC-tF&Hy*L(2GG~AQbo+_o;kBTc2>2z4V`$EcUIJIaq;=>vY**d)pFB!OLg&K6eoR$=yqOEd`DJgK{Me&H<<8imLsik1vR z$j~{|?UL!|aBF*ZBSfqdWJfL$B~PT&rGH-xC7BEyS`JpFwhixDgX}y)m8IYdAC_+} z{yN$d@L?E5Y|v>6P~mMDx?cr?W}S_>a!Sp|YTu4+{C9k-l=GnsQH{|Hc?cQ@j2LEf zh33eTW{LZ8me;xM!#56guf-?cgD9oBmtTY4Eo_GG>I1D9chhbA&)**IHuN$>eckcB z0Ar$17m~o^c!e2M*WkSP|H zeD?7zZp;TDQoBDP9=tW_@7rH2)q7i)a9p1x`-~gQC$3B;s!;D z7m-@JXptAu+7ZA3kIq9rl%S}V#GJxnK?P!`7r_7n98Z!!i){@ux%AzK)@e8j)5(7& zc~`u30gB@+IRk<0FERI@swj|s9u=rQ7|S#VIFS{E!>*ITr~DS4}%oRBhiRp=*vUA z35HDp>k+ybK^fPBCM|X*#iVt|MN+8Pww%rC*=Vf6jQ;|ZAv|t|0wH)eeC@@Xa^5;h z(foYF=U-N9+12T6O0gixcNUY3@8^-%jgn#a`+1|M493ZMjSW#)G&DPS3NIut_gUx4 z0tE~}UdvPx?~RLIEe<@WwYSW9!RkIdWaN&$@IWY#Jhu4dsRi2qu^G2uKItn+G_u4{DGrp;TS$AX06jUPtKH=G8ZT;Z`oa@3Yd|UI- z44C;K<#amx~_=9DL(>IakZt5q@0ewIf)rUk|8$&5iwv zY{BFc*aOdTeQzT#39l38_7CwHu4mp|M%`V>b3u&xObJ%4pZ>efx_}&G~|Z@gjgcR%+w!=0tT$kuUv( z0SF9xP8>`^{U9EBb(Ko* zb(V}#EzCfl+1@(9PZ+zp&SW2CtGESeAML!rTB?gbEkAPB;eoG3wLW0;dG%m%+vE+4 zchtUD64M%Za%Uc}WScKFwKNPK3Y8e>A-~gu;s=25xh`MFnF6;-gCS-q237W1 zwF=++y*hsyi^aKE%4_*?ffPPX!hEekoA$GWR2 z=0AV>hRA7Xn|s$DeEFbZ}Nv6XcnNxXdvRMV_5D|5Xg zUGQ`F5XEG}NzV;NMPd<*zBAI0kXE-!wB0S_kE!gVPhv9dAF6Ssw#^5n>$j^*_3W#6khcBjjJopZW0x237<>~=Rh6(lZQ zcZF_v6l!$D|Cg08LSfx{LE1Kgfs&e}+{V{DLk7s0dvgQW0UO7fxLGA*n(M|G^_u-B${==rSMA~3Y^JFd8cXI5?oG;{(zHJC~uA{vJ8G ztV$S}%qf&6eX+OoS$-#9E$uc(W@;Ih$gA9rF{uZf@=xoX5z#-WpKl#oZcmjo^u23v zwat42_xIlB$$sApfE@7a?Y8Q0FyD19v_djUr)+sU0{=ojai`Ac-wEcFJlm~>TYwy+CyY;@)5TP7^wg7t8@>{|-nPD{L_IG(e4(Lzd;vS5kpLc_a zzUO~EWCS(LQ~pZm^#F(LmLfiw#nr3-evVkD^8fugKKI>VM3;`o UXRY>pz5`xL@@jIWGVcTaFCHpYsQ>@~ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-protection-report-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-protection-report-details.png new file mode 100644 index 0000000000000000000000000000000000000000..bba1d35a384c397dcdf6b8fda2deb53869838ddf GIT binary patch literal 74232 zcmeGEXH=70^f!uPMN~i(M5$X4X$mU6D@Y5S(5ry7&`an=P^2gz(nA*rB?-NkAkw6_ z6nd2!APOV_LOJaBJ-fZ^bl%x-%gY>J^&T6A>-Fm%t$B#trdPX` zd-WHf!t5sU+UvfKy4?}}T!RZ#;lsPd7fo)Aa@^7byx?!=e`xUFvLe+hwS|;^T?Q%) zkI40VVaN7%!>&GJ&AnGIGOv@o@WS?Nfy9CI$t&rWL(zxCX*d4MnH(Ar;b-Rr{e8Ko z98&!~prCjQ{Iu}r`u@6JB;A_%>;0eisN3Pp{~qheyI=a(_z%FJJo@|6W;V6Q#RyPc z=+8vh%{%6+cx~0m>A%5fxfPbjR+n{%Bc|L$-)rydh3^C)P;l1B6PUMQ>ZHMN#A=Pz z3?G`v`k%+$dO%)0W8f@ctfSw&gs-wI-S>DHk5j7!nFUk%cjDNZw|#pu2;-)E7rYQo z&kQe_La2-A{zLDpZ)`eN2W2GzUj2SoI$2F=1ygdGo$?IMjr8ScL_Ny{uJFr(Hy7LOg(OT??6iD=9txbzl+% zRravJ`47J>Q3&6>mTAyQHmQD}W!*)#2wS7qP8C9bLSMxv2_c)p=Q_?yvXPM6zsk>!S<64ZXTvM=f_LIH}my-KIP{WWikKM6B8*tL;Ps!G4e- z`xHi)O@(on+Q<7J{eb^#D;BCl>t~ptb6JA{_X_bl2D?mnVZM*T-a1X(MkAiN*>hEz zz%K=P!_(xJ@qmfNFxfs_^H2*^Td*briaWl^IzRayk0hE$FZ=@WO?-(-8Hg`}9v{%V#DJE1*D9Mpru=z#fRwyHSQa;Ax=TO^$qtiPLN@*`7P z%nzT=furkV4VbUKhxKw+$YeL|V#`Q3zU+@AP4nT31G0TA?HmAK#Ndk?YG*|HR+lW_ z`D}gV7n5y(8;r&TEg~~(;htaX>(;ro_hgw&tAKWzulEKiXLRn1m)w@+MIY5NbKLV- z{zbQvGq2}M`dFR9E*`7WG$VkmFbk;z|C|Jf;CR>A(cF<)ObSPydu)WhA?y*gU2n*X zXyY~-y15Dk=1cpprq}r5gY7CTm^A$U#VPmOD|n0r5FU3%&l;95t*3ufIV}Wu=LVv7 z+OUt`TEOg_6i&6O0X+2?87KLDk)g%kVYOze%s+`4bNQRkEV4TBy81Bly;=}TOGk_k`4=V6Cj?F!xvC=BD)HQ($(be*~FFE01a7>*Tz&AgvEk>cD^ zZ|-P^>T}QGt@Nl!6WDh8cOBf1q;F5^@vh|*74(NXKVjtKTBO8Sr#czkhHN}=QWeFe zX1Q%%UyeNK+5Ets&M+PCI^xEzl2mnCfRz)Qer#D5qORr41h-eV1l1WW^=wWGZxk|G zVpHwz{B6f5D8NvCQ!WWw!eD@kB4nKFWk>A~F@2?PJhY1s4>dLxOJ%?oibYME2tM`*fe;JeN)^ z0*8v(H19z@J3s#jXI75e#8tT=R-DZz@wd(Wk>+Jq5@+(%JHC04bV4ZWGcfu)t)Qz7 zz@l*Kz#uHiC-&HyIZiF`W{T*EKJ$q@+hR~-fb}Q?(bWazSY75^VNf-WEYc19@SE3+5TGrp z^L{kPmI_-o9rtk&rH42tz|UU^^CM79T*WHBlg=@>V^8*Q2hwvVx~*B89iGl-`}jGh z<*V-di(k!6xi9PLr|k)Idgxu{*`ni@UIRt4eTdu7xZah+T15qU)NPuIjV1*agqJDw zX9H4Z>-y*vIBvMoP5{Wp?-L7FM5oWWs=LdHhd41;)|n&Zodb+deuRwMPVn|gg&A; z$F--A?>}pPK4C=|uDR*h=dyU|N#0!Be(g0~;v(H5?54Jh-A~X6=L8S4nxFb*p=R8 zx9^Oh?$g2p2g%dHO`5>tDQS)S`sH2G#6TWZph#bUpj%dluRd#7;o)$g+97ig=ZDT9 z@^(E#ws~G~cD*7M*OOYYC!Je@Qofrh$JHWkub59%Ecx+=XXqYP!_Cy~L1glnLYoWz zljQH0nC2q|Gvy~Lr(t_z+FPSfw_Zo&PhScELoFRT?6kzJmCEh`SFQ&Y9Lj_sLZyE} zvbWeJCl*m{Qm+X~m-v$*k#t0XwHSGuG?NEtvbhkDC8G^OVGTD9?dP~ut2#J*qz0C5q}-F+3W&XZ399y6J<)S|J9+UlJMpa06&RMSQj1F~KDWbC zaXrQwC<2B_X|A{^kNO`pW_E8dMgvI z{3QT-s^410e~D`tnm%hG2hbBd+W=-d>R!cdzNLF9fWAj2Ow#gFH+0@ zEAn+;tx(4P(pa$)%pQH5T~}n+?pV0aOFklu?)!v|PoVaCju88auDb1V#4B*J{OwZ! zu{am-`n#o9t)tV)L@W23*Gtu*^l4vuQekI5FF(zm)gIq}G>AT#dc}(?uQDZ!ez4V@ z63Htv_4v+nXmU32x>xSAr?h;8*fp1bF(>^z76`5=eEPa%9{9NvmmM(Qy&lyzZKlvR z@&S<&PaHPXZBsjjDmWIl%b2WF4)sYi)hLf3Ll7VleSkiBKVCz3Ny{Xi@a^;aHqfOz z-HLLR7R?*wQ%1I>w}HvyE!3Ipj!bi72nK8$FI_v*I8msucLJn5U93lFbq#!E`A#mq_*^43UdXV^Bo;`W zC{0wvHwV0{bs?Q=^y;4`c83R2l%1a%;q2uugGt{w-GV@0mlWEJkudQ}1nHX50@XXf zi~sB|MeR-3Eo=_k*{i1CfRn1$+9t0e*Iqf(J*Aq_`2E`5>@&;Y%s0dwA4vW1AOHy&*l)wDnuiLm^DpvdNXWsvhOq5Q{9q?@FAGiB< zd^C(X#124E?#MBRdWGzLW;$-`*GGob(#T}w#Z-l+w_Yop#D$6#9=-bydE(TplY|7M zDIq*Am`K}2Tra9Vb9!$*B-^vqwGsaRGEFbL2dC1rSZ4m!mc2ry%CQ7|)~FC4QtF|; z-k#AJ{HkQ&f*@L)K(o;Tl|1fICd^K)jFDDWDVE{Y@T1`bYi21j9}Rm_9Gi$#M^vSy z4J$j#RSBN~lvVv8pYniY&tAwMA`T9Wu&Sx$8vcguyiOyqh=dks;>UQ(yZJO$wr6XZ zPFc9g?BGbaq=po3Ig0u6IWOq`m5RGdN~X8RrhSO@HfTQ6&hHN?s}?vdv4#jI)3BpP zTU}WX*UeccEqGXEtmDe~9ub{I*rW|AFO6k=?#a6%q=ytWl{C0NAddT*Q>?QDmc)Jk z=>4W&O0o*^f?=LjG*IEAf~G$4pc7&X~;4_dt> zP{~&gnJGRvQVVW#%mTW_!ketgG`jCZx53WyJ$z?4r_uv#YId-_h<1L#nO;Ynx%W>z z`(~8BeOI1amO0^B!|3a=0@eG_o0;CROd`+!RhSSDW*LGw0l;u8P7%Nsth;`uWWwoc zaXZ(xx4}p8EJEU0k<#zz7)Ok}^4uUSggz!;8SL#_IdrrbkNS1i1+yX#N!Epy#|3Xu z@lK2vbrQGM-b-!S#5vCv=jR+-5;*;htRa~&B^fg8_qRpR!MG-9VKetCaX81^t`?EO zo@>89s?s9a54-0Oj;57gkH?PUh1NIo-G#L*P&r75n+c&KSXdB~rodfMP!no=z4 z0BXr!M~c;K_Ws4pI$b?}$K7${g}r4ctafJg^6R*u{cOVC=e?$GM_&m!Tw?Wr*1r_U zJw{|JEw?(UFvUm5JC+wnddbC@0S z?Am{8C<@D7sP(mARK;xQI@#rlWG10TXeCm{{0E5{v;Hf`u2kBskgt^4rDM4ABxiF$ z2ndGndxl3Ltu%(fg!vXK(f?L$)rGp}Yu6~Y&SyCJK zyDa1;N^oS7C)m4udeT=uj@1k5URm_8QjzKLZ(kn(WGL9(V#RZw#olzlxc1|-34HMW zavRQ}mmB2g@7o2v=>vsGWc?qMoQqgdTDL|4o~C5U(o$79K23)E8%uEzz8T5s5S8u77EGdz~;_| z7VD7C;ATw({dYO1k+a8Bl@{*%cy@{Wk+rU(V8ET zP+w}5$~HvLS9IyW((|&b4FKNSYmJGPP&=2`k}%jiw<9`UC3|!CJnJC|EF2pr6Y(Qq zR!Vxst>1gAe=0s^5&vVz<;WGCqjx%$lUbs=#cLjS(sAUU**70z9(gL>>e(AKFlj)3 zASTV%M^k*9g(U>Hn{2e$Nx~HQORQM0SZO~0KZ#gW7@~iq?CWOO@tzGN?FY9GoXu4- zFW33gPAyw4GfZ>qgXo_G4{JtAZT3hpW7=6q-1cBw}Z0qE+op=+!Ee<6K z)}j}RvQRvgZVO|DMMFnAPF}CJ&*jr`>luDy z?Nc_?YbV4^JNnwd)I{8Y_ z%m3J$BHF;D=)|Q79sB*5e0IEU7bCggo$Xk?C2pc86r13SEj>mU{%ON89z6p$IOuJj z#9A|qSL6v@>>6!jR8>ZjwmyEAiBKDuj4f1{U;i;Likm2Emfhw#^@sfOqjQ6y zey&llC98gG1L$!NEl_ZvAnb#~vxxLyjEA+hdFG^rx(~62`>A zNkhmLF-c-q2y1``6d6h;fTo=&#ZXTN1drLJ_*kpv)|wUU6hyX8B}tUoj&J&C1BZsS z1|-%@wq<*!><(@f*$`3eYE+BDvXhLrN8F0w-#MxtOqXdM}ypTn5!8RUU&X0H==mUWA%TG z{}cOB+~WFAh(+=B{r?Y(`xLLJ+W$+;|4jbBHSB-b{+Ffs|6brwVc{FkVxoUPewUJ* zhM=H873jgbxz=L@h|e`)#Eii+VvKOl#+{=-0k{8kWgebmIYk#pmXAt(VfSjAoRg|Z zX|WXN@p6NLni6S@!92k6AegHH@s+{(h6fA&(t8Em_xtXv!j->vbX;`D`%Ng%ohz~CojEUCA`W7+E+em zjDD%Fdy$}}w1i0!iGV&XByN4RgWjYdXr<3g&yO?TfNqGDw0aMo2=)h$Z2glgx+_VF z01InyUz3KQaA%jt@Gid#redIoP+gltC70;^70MX>224^iJgLkB`e__%mFzr-IUYR` z0r~%=%RVZ)yEZCr%y}mMvKO<>?7N|YXb_B`7;_Y;v!$%X>wz8TI$2&PA%e}ssIw3p z-6lFded{s>g@g5nmpBtq#og2O3+i5t5`)5y}nmXorPdB-cvt9iWmr4r?X^S)MEPnlooSr^vi&Ema!)h1Yb34AA%o?ERMh6Lm!l zrEVSog;XV-%UtrZ)q77PQ_Qf~iXK>Nz3e^GPJeRB$mpcy!f77u?2NfNB>nkYA@w}F z!gKj2Sn~X{N^QZc?+YL3u_B7SQ1}XSZQ<0GV&3(;8P@akT&E3{P5Uf1qAGh>w^1u# zS)bhg11^$=UM6p(=WD~b=XmDAxo8)LJ9m~JBLr}Wm-%b__R53{37}w|;;s2ubZ%3b z*hG;r)0@rsX#ZDN?5byJx!i0)OHp&1sJ`YlM3bc$ApSAGw(0?m@b&$u^0}9NyK$bL zxki)Y$|dAsX|jpAXn&K*BI{|*3u7;C5DI*{9i=nmNeQq@ ze=RsY1bf&yl>a(l<@9AghZ;|&QJW#3vFH!dRN6+eZz=$Ogdl%A^BNcR_}o1-n9xk) zhKI0X7H#jKoAphpk7i3k@QE8v$)UC}cMV~yP&JT?6J~;c!h$SG&wiKE0b`Q{|v4IyDL)`7)gTx%ka(bLG+r3 z4ozyo<$dvxcQBo!De-xya=&wRt*vu2fva*J@r+Jl)er0t6O23F z2ft*9rJ8ihDw=hB*XmN4@>6e(Wq!hf9I_{2Qu-CU>NMtXc8V*^_@If(#KzRr&#*AU zDd?H}X-$?*dHT z^Fg+eCG});<63zAUF47PpKnr4xZ=m)jJtYUff&3&`;@wdCa%n&Y!1>=m!j23dgG*r z)nwY&hF{E&nU2D3)81rh9b+jF zduG%G;}r;4&9oN4@-=$cjvt@j_hDlDN038QljW8!K5~~{CqC^+;K108y0ZND)J2$m zD?sl!MSl&iWQ_GkT7F)om)JOQ-N73eoM3_%&Kf=3`Y^}MM=+P3Q%Ei0p~WyoEV?1< zWE`bP z4C{Kzyz-#&4KEF8v!MFTAaZf5nc^@FhC1IK7mFxdeHonIMM_UckJ3lzEgmhAj<8CIQr{TM1W0V=vi{F%e>J24W`%TpFVb@>b_?nL6Qgl4r8qVCJUFjF@Wl5RKeC{dxj&R>VKiI8`mW11M5#!*B0m zX$4IY;3sOV-4=5$5k;o0URDX8%zxmgtgSLQg-D0McN~o|PRpp@Q>TCptd1t)>@g-L zIXR5d6iiSWVDngBdSC~-hYRZelDsBU?-LE!&VcWf-GC>T|Fpg3uAT74FOucULq(S!KLQDy0t?V*63a^Xx`=^MA4 zmSkJB@qJm9Aiw-w=tDle_z4=ftiqQkkNA27Z_@d>lJ#01DZ}Qgh6ks`xP92dNE5P% zdn|T0(S{gbqgkKGpl>xDc7L47g}2 zzro-%Ne^!!0Q2d;P``^=z52;j*Ss}u7_&Z?N6R;i7txsBH)umbHG_*ie5VZfNg;Q1$ReQsZpI*IlsJ51P zhvj**hlrO*MPW58rWJD-P!_4|-0#Ols+^kZG?8d9%rGq1Nhl9h*q`NYN0IZss6o{_Ak@>Lgw{(W?B+{pTPq&J>`Z#-r)Di7z`uoKW?35 z$){pyj2y7*Pno2$Yv$9fCZ;38h_;1Caigt`3?YJIK8BB3@2*Kb+F=yp7d;){+O2m3 zcNMro*_>1lZPqcaK@GcUKdl@YqBXOG_&gOv@vxX}W1CDHP^p-8&SQiM0i9}+u$pOV z-IWI4#xzG%2-aJ73-S$HdKj>$rUzdTH5m8>^Ic8k%<^1nC}c1_bqpYo%lYcwAj&3o zjQ4n|E!MDZnwCMj1U~W8#zN~w_f))5SE2r6a7OTh0}{9a$Noq0ljvmwy)By2q;gp^ zqlCL_G6H4R-!rVHa2A`snS5qq!#BOMo?sdgey^>%?pAM>*R9cw{^l;3za*=5qRXed z)fD*zKEbxMdIZ`Vh@o#gRrPz0n#_4+=~8YKpyj#Z`>D3UHCv~0spE6bd*J3r!yW@~ z)%C5%%N8f!ovA&4Hpgh)uz;ue<*$hcZupS;VzlDZPTJ#wOe)Wl3%+<(WUjSoG4P48 zehNL8OV8mzr67d~^KIC=aA|!Ci5NLVvQZerei;q55RFx6BLg zYiIwtJci!_Szd&n5Ky(@H`oy&haZp}Q`2wo-6ht?x3yY_v==eVr^}LE@y!fQ*TavR z-`IAE<8im`^qqw=aNpwwnE9uZyiL2d>J=<;<-TyZ-$c2V^ha=6-qF;q`Qqa?B(id8 zQKUI|ZQaH)(bk5)$v<8#0B+q;Z)aJtynbozv|?yu(XdWGh-q`z7=Jd0KN)H}3y)#V z+nJ4;n{KiX>UqDB+V-UQAcB;}jPRl!_Z?a*t!UsFD5CjG3jf&D+}7i*8;WMKjxou| z57*L|oDX|4)i9HUS2tj63!}Jwo3fWo-kZeLzfYrCtf*szj9z$r=g6o0xu<+@RWwu8 z#GcdPP!waihPHLF&V?miVVgVP z@9#nlnMHx$7wEzJaAO+S>!Ew|Dvz>HYmb(Cth&n`5^@uU*FYOj$CevTAtI zP2AO*K1c9Jlk8IC^j7=s+o3++9)wh*+&1qB)>ob9n2nsj!^~X#ZROK&&Xq$?2%`zt zWuWTjQi>X4}9zc4UO4Vl8!Yt$LZVpWS^JPaFjk7r3_>3`sz(s zhMdOPA78QW{CFjwo_$kczAADjM@(Op_~T~ESARh#uU{4PFMW{JF9WkAdy1Wk>Hc66 z)+b*867-a4VTEjYxF?3A;grFg;eJz&Xn&n`9bpvwovXihI&}XznbvjW&YtHbXxlZ% zm5WcLM-+e-#s#CZCj6Lv<1IzQjq`f$xlK-$^*4?m-V5<+5cZzqm>uWe4-|8e(*~wI z9vcz0QvmmU6b{|B-pl%VU)83MATTd+G=cqDXB;3f`)SDYm+cd??fbxdO*3IYs2{pX zRICREF7CH)4aG_c3GZ`MpBk6d1zY!Vw-0H+2BIG5?v{7+@D8YOfo{PtSyJotvwv3& zC~AE+-!aEF^Bigd4eCVieu%Pg{xcud+@9om8Z;uI!`VvPmoqq?!WR}P&+u4OF;>SD zyFiJJFgYp^n@IS2pBDX8Lp4KKgT;-lHT6yDYgo~}?2_s{W9kkOzZAP!X9ED64sog} znr~uhCo7LiMqWvjFDtc}%FFIR{)&W_J@(hz)>m8}Lc+MYU%)7F2yRpb z8s@?4LJW!(cH$bg}AVYtNM=X62SxlZi+UzK_E2R(QOMbBFX?325 zm}djx{AfO=?4C%~cmwI@$i%mQx;hD$y{P`+6|eOP_IKZpP+9&3+33_mjZvzL=bPH0hPMNBoA zZ=Y^*WuSM(40wIpjH%XMH#W_s=7r6TyrAC-vZ;(wpA;dERsdTLgrl)(RP{&Uf{RHj zt;Jk9{(Y5V@z^vFE>=J2h!u(C53sKWXdJ%knwM5GcLKWnIB8iDptY^Eq zs!tn`eCx(vw&t7TPtjD7=0Br8!O(tK%-KRjzSn10c z1as~8Pf@uU%`mlJi3F0D@HiPF)#IQo1uRqQ8Jbgm&1Isa9o+I@OtMhC@Fo!#iRglQ zf4wdI>`CL1d&FpiY0L+2QGV0zrt* zg;z!Z$!AJsy!Du3R3Dw@cM#^Kxm3F6Y2cL4Zq=O!=0BVIlHj<|;tzS|nlGGENg*k7 zeovGG;~@-xZPVLvb^35--RiR5T@7eO!ygU>kr!8FY_j)#G<8z>Xrq~7YQxW6ISnA6ase-K2HdN&uRyU0#V!I<< zEt@sfW10dx?umGop@014#H_W(tNtelfv-SYcp_L6F`! z>WPRK{>Sq|aq7+clkd6KG7bF+MAn18Bb z-Z3K&tma6}Qt;G4OZt?ZVVqqdShweAbl;5kW+IpBecXO~iu}CpFCy-!Bg?Qi8pOgg z#!m~~EW?)OEPX|_b_mHwa`Bc_uhoh~$<*&AoXwRZMGHroEG8d(m2}ZS+;HvQ)jlN7 zUf`5&s4suU<(P{eVp5=#t=zn2dH7mZ{Fbg_c|ZEWZXa&$lyz#Addzz>ub-2;xbrmk zgX|=1$ydEnRSxXp)`zaz+&`(*FD=*7b?Ja1t$ z1Cjb(zss?snhkD`KQDI;w4Bvl;uF|Eb@dI`Z88Y%+?rd-dZgIbRG4gSZ4I)x&7EOr zwa?txFKM=0t+ZYafs-N`ZB#)QRnANpXf6?B1{ykOp3o*!Go1UqX+R1}m#3^s&omUcwBmmT-Y&5|N7>~AqSH#}6M&)&*R-~GSq3T z8m6Z=zAyRLmQWC0d51H5mZ-_OJGIh^&lC$o5U4M*o(FFX zjAPdOn82+~f^1|?tx#UvCYOe2*m(SOUrCacb1ID56DXRwkHLf2zhRtZJk?CiN5Ee_ zGoN^Diu*wg&VoM$T^fF6yjL*4nNT@b5pJ3ev_uUF+3ml*8-vg&dpvO(x=BBLpd+Q+ zwio;MYYL;1v`MeyvO~$PJv9bgvMg*5P5{tCw(HJ&;E+H{@V1;fC;kAj!|u8HVJ3Q8 zTFIFI?#5}xGC%qFMZ%oXQ;iPti5d2UB=7R*+uz+zn~gkI#0uVbzC=2z?_%zz={yGL zRbZs7yYF%NQj;!E$sHsho^-7y9APd#AtV)8ML$r+{Yv#*Qy&bfN>P(Dd;-lYZf7JP zE8U3xaOnt?!<&6md0=>XbTd4vD6_;ke2ndy#}g+L$;kWGos#7WP$R+f*64C}fT%6V z8enSv`Kd}`>U55{+v|Lz>FP&3h2|%c%fyX%P>t_FjLaUPVSIJ7i^N`-;EVFyK-b+J zPeCnwV=VQ7aw#`@b38~AdUjLCl#wvpRs7RW{v(Kd~huECi4?4G*&0nQ92CaE*Ht26< zaB}FEv1crKI6=kdgQzB_c37#nQF?Xf_kTbx&gU5q74 z+Z9_~vFlPjDA(WYc?*}5gIi3IJxkkDM;gXsdW;rtVu(qswLv}>P4&-f#+n?ny3{q} zyh3s@&|>puSk?!qfq;XKak&8Yn>M!U1J|MT-tMw~3XE|r-D$KS653Lw9$!ELl0Rnf z)rHx6wT=uF7VIk%zC(NoST3MQMJp-W!wG$|oYXiD|GPqu5*oeX%JVY1LtSStx&E-? z9Mz}>u=NJtfzdwq){{D7UQWq`rU|(U4&TnGR-bG- zP0e-)HF7yj7b^f3Ta&0XDaPRWw_C>dc$Ar2PYeW6MIrH`Zm&BE4SH>o4^vnxB{VKF zhgc_euP5LJ71rJ{3vVA%Cy%?|LkJ>gk_u=^s1t{afyjd*UUY$()O9Zn<0fRH<$`J@ zX#A89m@+rj)RDwtg*L5ePbw@Rx@eSSH~lE=SJyd|s^L5ckEkv(%FuXLFoE#|KVKR4 zS%1~m7uO%>63{^pUVciwAK@WCeM0KP-F>1VMU6`0nuLtOp0`x~isbk6(x3k{t0Yr!0HCpTdXUB2qoE5JzQcaljuz?i)l9!(khxGJd^)~I4_amSqK{oG zTKto#ahE*H(+eM@9#V?JLmChFuRH63N`G3$8nzhoTgsZ=kh`gVvGcTNWmhSYC}2`J zm~iz9M~ztEJ0GRzwY_0xt-D`HgMl!6>^Bc-6JHHtR?nQGAfMnEZJa)y5APe0Xqr4z zn;qXUTJuhT#3g2dDQ$TUEYoa^u`q{kQii*4?7~`YTz_t^@Tec^G?nj8SHobQ$MK)f zk%Bn@Fs|+@Lgd$wR1jxM5_U!9AHW986VpyzVl40L-$TXo*enl?)A;dRik-ozT zDj?HZJ_P*j#Js}V#*t^q7!e!%zhYIp$MIj3g%5qNl#Xw8W1^XaTA`A&eN1vn>2^KZ*Gwt|=Sw>$17l>uHz^k--UuZ=nQN({TT2bt_Yxa7xrCK&?$un+kOT-Z8ZSKZ- zT)q6@(c~3S#&aEG_H(8q$94=g>%V=-5f$6a_QrGC*FU!}OPZEbIrooO=eAgrmu+Q! zJL@FtNNE1B-xG1Ppa!$e!u0Ro$B0!ZZ@JX-NHjDHYK}ggUw_~v%xjZO#L!=(D#eOe z=WYtuk1lbv$#Eh_7!%$+2BAz;#r!z=FgXArHdN{G0N~z=>DtDkq6p=)DH7}IjW&82 zf?q5_so-w#tw2rNd-h%l&5*#a=T&mqGD8{&IuQ=9NqP1Osu2vl^|#AHaqCdKuJ=R( zerwA8wu}*g`}!q+v`-UWss>4WNG(2`92VV?Ji(F<6b7JFkr}>#B|)kM#5Z41GMXFa=mx*DaczZkpv4rgx- z2FyGEA}tFK4giFJ2d}hqz^=y2YmqErg+6O^(TUS|!n76Z+zM|NT^MzaQCHD?J}x5- zP0NnWM4!@@+9W5PzWp))3DjvCdv4%p59TysnSp&>iN{5YfkGBorypWU_h?Q$F;|m6 zTsKMD9^t2@!R-4E*c?BS5f(Wqy+zxd!RHT0YkIM*;MK=9d!up zEO|KLqGF)^TX&W!ajjhD!_HH%UH1$3V5eg;%t?pyHyC_8Kb!2o9H&V&tovO%i8;Bm zG?8C8b-cxTMEKh3SzBVI7bm%7@#SmHeL)z{OzRuUx7p@@xH%;Tn%mCC{^gm^aenoP zuB80$t-1A6r+wr=G@FeD8L$^Z*QSTUw$!1H8)UbuaWPG-wp z#bU+uN}Zx*Z>y{+|EaF?MX?mu#3XX+eL$J(e!?XQrs>MI)j&&>fTGP+?tU~1X+cJ< zw5J289hR*ahVB<6{hoUrKUmnA0Zf`fa}6g~mTSa`mJI{Ls3-<_iYv-K7O|{XTxY|T zqbT>jW9Zb8jp+?oSy#>unl)3G!#VKr%`rkN7-4YCUiCs0HlJmJ`m8w)MQDcVbs`+QbFgQl+fO1J;Q9}a%s?5iKbo{Jqyvu*Sqq;3Nd65P6d ztQjb_#^dJXxDrL<;)))>5dtfCYQFNnkP6zJvS$|;mo1V?GqQJy5VU=(E9x83N3E}B zd5c~~hGVzs810u$3CAziHhNB9$T-)Mm1HZ=`Cm>?DoMR2mO|%er6u{pXm+$$C%k2< z(Sil%!A_Z~482>~$5|iW^VGd%HqhlytRWe=bNOQnZC?`UHTx`CX(f=HGwz$yYClV> z$X7cgQHRYB5Rg#rfHh-DViB4Jv zYM^uMsr7JIv%!BUz}usTkEYtGU9t)VsP3F7aTS}t$bB8ae=fOrUP2a(fEMD7`T2W0 zjI`$TbD^?Nlokg=3+V5q2%^)5^cC*vvz2nYj&{;Fl@8?3h5fDvzvj{szg` zK_5(zutv)gF33C&$u*m!Q%ufPUpye9psr@Kys zZ6})pyn6GS&Q|9@^WBE|g(YTL0l1XrqRj{_mfvYtHDqM&p#|x&Ws#gw@H84r6Ik3Vx-HrI*@|RJDMHGQ41Ur?82_Q1x>4T0J@R3at>h{KeDc#afJ{(? zct)akh=akT2!vw>%@DYeds*T{0&fnZg;BXofW|2`BprT+gE2Cq$V~}zDRp4BWl@`~ z2S~Xlik)0$5g1acL~P@0BHjK=gTGP5oJKK=d+008Tze)$NrB4ki(*cQyZ(2QM6uAI z82aDF)llI7UprN!ODfWy|3&Ygcg+V%|2kar|LOl+{7)TA1RboOhh9cy zwI3Y#gIzMgTJhthCw7-MUnHy=%`^D68h|h`E2JTZ(HKgzt83lcszWZS7}UdJ2AlYY+A2Zl@)#_ z6YG-YvQv4hANVRzQ%1|^`_7q!=^zy3cah(W|L=*;8$8b^a`0~q@UFTcRg+h|=~jyO z3oYbz8Cm_h;KAzSFbyKxI}tS9B}_GyZSiez?v%B@;1OqWjhY=fVCd{_TnM)9{KRPh z^HETq?8H(Vd_2i~Lz8F0`<`On;oC-oj5W|}wd%#26%W0VOYw(){xwZ|Qa*g;g^bIr zm=>*rtLQ((yl@~mm(r&SXc46khR;kZ`?9`ZXangLQNM=WxA$bN3ud5 z!knarALZ@{W4|><94#DL^$oAz8C|C>mQq!ffeS`B22?^q1cP0|Qi>zN@X3GXpePCp zxI6QC%9nZlvQW*D%(nQZ^X^2oMq`dDA~9h7d0;R>blcs>FX`0fozGOnsbPu2CHusD z?{RAlrcvc+;y#tkk;8!vtVYPMf~NdDLuz^b)fI4lg!-VdjEtY`JL}wnMW0M5(t`Zj zasr{C_4BUk*brl+s%hU$Up?{cQElp^8(MD312MG{o8t$4-!LR){f%RIoyO2R-DSIk ze)Q09dMQ&myiB!zz6YVdEREBbr?i#Y?*`sUUUg~Kcbj@2F~uUx8ha*8zcS5;6CfY3 z?PU=ovc7T@TizxY;-axW#RF$k5F0*n_ofu?1a`Ajm))DKoN=t<)9Ed1NHSlr3-nS| zJ)_J@D4ZmjdQ_HJ{prSUStM@+U+RL+3u!FpuQ`vo;gWLCql6#xoT&X*MVcYabC54@ z2;}LPq||u(n%II*Qc2Erm!p18-3!BZnaC5g+=JUmt@B`Fss7n?_&n!~N8bAYMD^gA zWWbcwycBZSZA9jdPMdxSwm-ATa{gdGwf%%;GeEDd|8eccKL=tKgmv)Y%%ITZG8gL; z>9nH3X6X#)^VGqi$Qta@X0-`AQ#xsmxAAP|UO?l{zW3;7In~uvp(5_S z5&>aQV@&x|75!ofo#K_M4Ok4UG}N-cmxe1ppOH9tw8(ugGR&)5-OFvW03+X^szR$o z(*S&+6J#RkL4|R`aFhLd)hXO6&?H86_Wo0pjZdRS6TEU2k(DQv#gNnQ-7?cOk>t4-~LC^V`gOP=~0=*zpx3>u152(za^M_9*6cejhwkAfOi2^7>bE%Rhr;1__V z6nJ8TfbifEQ6sNL`uM<~(jN$*MuW3zRZ{3I|Bl{6PYFn$ zEPfw8PU4}ke8nu6pD#@tIZp3LIEIyC=6F4!3VYq0d<*PB!jbsi0!>j9wV5C=XIE^H-nu z06<1AnRTCH5PH1T?(^#NYk>QH|Csl950)wISaA`V1BA zN}Mt6B;SACYXI*!!dJ=qT@{7)XOX?4oX|?t@)||1dxe5oURk{kDN=})aKKw5Uny49 zxAa)T4v7z53Y!%Jpdc%P+_6LnBB+r%!PC*3LLKEcuT_h|;w{LB{oVuX*|!3dan~JP zNVdJ^cGyh3MI79#oyR{oUF_`}?uTY6?oCAvNf60+4M~>oZPWJLQeEZ&fvVS{w}N`5 z`cZ{ay+yxsT)gj|LmPMB_-cQ;f*~c{D=PN^Y&)6%<4+CnfbXW+ByOdFA;6S0W4^N$ zi(UoDMz|jKp%dZi;29UdQ%KMtr^~YD)!u2ds)IA4tNoa%WwM0=?0Hp$^^37~$5i9V zg7jqbW%nkN6A~k6hg{SOL*;t)Qq!6{plP6AW-NFHQaKmY3_jkkJr2V@5 ztpBy_+(bPImuGm4LblfAT1VhUB=s=1q0nk>e+q&E4#^@S@%zcb9k>tHosO4+cci}K z+o=*_xOsMEfq=l8WO1V=651BF{$@J_ca(N=kY9A%d$(*lq zC3!s}4NPX+QjUdvDj9D0DvOg^W)`;zjCgR~iO_AbnTFv<#@<&zD~I@*ONW@Y`ICa(z#XaKj{B zn0=;^=m{a{^r{oqg(_G!ncM$z#OZmIQ&N{I4unWDMMqi|3Vg=Nu4DG3rWGhoP%dp= zV=L@x5Q%UJ7^)zvG;Gw`UIu$47+@D7rqzR2V(4AWl)Yta6&QG1|4y$cW59Q`MZqvs z-vC#`WDcBjZIb;4!)@w%{OBxkfqAA*b%f4lWW1`dwEaS_HDyz@U+l_U5v)U}fHqI0M47HgN zdV;3Z_6WPzuJ)4CqV4V5lX%tAYq2laZ)hQL`2tO+!dc44%tho}=J$hZwRH2`kr|=K zRzb%fUxQPS7;Z}7my#ulC`iiW@Or!fO+cyYdfoyETYAh0`Q@s>?PS4auOPzfUmJ;f zUmB2s(9Ct#Cs+O{v(QQRk9E#PjEYkPm#;U@PTnTym9;z8%~l(KX!YKg|K;vbY~XK~ z>0?ULq&7a1gN*GznRQapXb4PmxDhY4iTlk@Fcg_xJswZ5v;8Vj#MwSZwXz~KtFm*+ znJ0>hkt}gtLo217f+>C;^2E--RiS^H3TF0Rc=P!m#O?)EE;I(luM-Ur)nNrS*}JFf z-J7z^ZY9ZkgVlaFa5SH!VMAZ(H;!mNhE~gzf{O4HJkST(#Pc zBif(|!|g874>6&%CH%{iFRBPK@hlc7ZtrJy!X?KOd|Z_PTkey_+Iv42KFfXgeiFC+ zW(`ZDDm=zJX(gcpR6VvG9`jkx4&5mx)U7k;Xy0s=ceSVthnLAZbGUXUD4co+MG_rb zsmX!^hC+!}X@dEjv8+DP$|uPPl&cP@-n5fk<^EkVa?alsYp9UB&{o2?tUpza>g7D` zw3*J)ouk^NNXRRD@lQPUM(hdfoLlMQ;@VIT(f^)KrtcHESsN$FYuyCD-77;<*%~=9 zJ}E%8L~?a)LjeEDNVdWQN`d%J{CQ1iqmk!1qh!!^2cN{);JmtQrm<>4pi7Jq7p=m< z8sPkSkU?U(pm*<;cQ^r?sQma{l!wM8r+D(UHk+y>)P%v9U#iE*GcMjh z=L;3H68ocEw?FH-^JE38&U{Cj{<`XIM-5n9G~q70`9|v31DaFYLory4`xgr`4k}d{ z7hiFu-EZ(ldf|?djFV^Cm}OiKtU?DCvUeLw?6>KqH+N3?{Ix)8f#5iT0&sM zp*yhN-?innp1aj-R~;&N0++7+66$%@#CgiOV&bNm6?T=8OUpYy{dS=fYD%0qaNj5` zbD{qdxAmgn?m6RmgC$9W!mn+=q}J8*>>*>blyroa+?SI~y;7p%tT@vYn|+IyF!)nM z;O7A9UP!C_&ytG79G%MGXWHex?w!2k5)Ev72!gi(|L#r_LP_rJzzlO{^I7a;hK4G) zn~5GGjI-;`gqdWChF zeR(o+zr1#mw%!I-v;AT(l_lzZi zHbi6Rl)dxyeZgB8`zF88)b>lJP4TIMVE?M+e2+Z}StdoP5xBGJ*;i;ooi7sqSmB{nc@vEe z)uw@xtO<4t*2#qMo`9aqF#al+-Mi0?b|N=Zdi%1Ug_^jaY+Dg&4KI<;Y26*XMOuEA zG^ShgrWUqnoe~%dm+Ut3T&;U4wURN~p}{F@io%l`Qa5VWRwaz6Gg2-tox|o$@{&eR zj4ftFX_XF;K{l$y3@0|%;i`S`$-ktc5-kiA6JJ3Q-0^;~Z*V1u^a|Psm zf%B}(jTVMqTFuHD>=|zPSJtgHZH7;+t=-kOJaQceWg@P>)qQtW;rY;Ugja3VON7%n zkSu}v+~boy@_NQ#;O5rjMWK@XXg-EkruQ(8r+D}RzDWs>3^Z9AFTLezSqNCkad`0fso0Pb zLDWyXQ{=E@ddjy{e7xw_UJG%zGQ=6n*~9lPmVRy3BzHuCyfD^24apu~2NazvKKR|x+1TKUUuS>Zr))Gr&58x2Y>LJ)SPwLO_u<*~X_t6*1P%A#oFfJ1)jue35HFpwI< z8iZq|rBpPW=O^Osd!San;%TuN)uWm405PSESsFiwZ#v^SY$-=JXwXH6bKXC16O{Wq z*LupQ=PMZ|onUZJLeur*g$GFwhJok4eZ|0NYPLtn9(d}$q}Q7?F^L~Hn5>em{Wp!N z+9rdJ+$C?8gV!#+=H1t`#;6aV;JnA7^N&%q%HD8vf=Z<%p}r)69oS5eE=hpE#Yrb7 z=Sx(QFu$$(i13m7)ApDHcO5Ma%d(hR5&Y+?xyGr6#* zOmP{d4Kboje?VMKvq2^>#Jb12gh@`* z$jvpzb@Guy6~d^~jkEM1HK&s{i?-~78!~XY6m+imQ zA8gD2A$8K;@qaWBob+2`L~Uk*El}&s)<>z*hCdlH9i7KgnMp^SX6}TO#+z<6LX*^A zs#SCY@=sI#)H&#A3LJRn|EhHGzx!LC?f+_x4(e=2+`lBhPxenbkLwBjJ~M1qT~1@c zb=NiIu^%Bf>X^B5Z}iu|S^gyuo*U3WBdbzC;Bq1#k^B#Zh)&sn%;@&<+BY_xaQ{m! zG?#Fi^ae`Pi7>fDMKW!@qIU!V4Ng*2RD;SB^Z1}hcC@O1g2WmCg}PPG1Basvb-&hJd0{=0{TwXo;Xiqk-Jw^&j{1ORCREDI~P;zJ(^**bqlYO~&>RYGb=+X2#2d z@Q1VvVQ|y~JXLOqobyp09}pzC>w-t?0Xvk_iY05Ch(=2k7=E?k99;B z^%fON8$l^#PE&_MvKhl)HqLSqT+0>}G>*qw4lNRQ9jHeoY6eceO7Mh~3lCrAAz=)tV*ozrYx} z?KZZd;pN3trACEc#v&L5i?wi0=A1z}Q)DR0d z+|-0gf9fjIG?{@5QX8xK=*GI>lTRb{%ke-dbu8LEaDgUs-fPna-)Z_nfSOpt#rM|y z>fjnQ5XkZ0c$LEkE8OQEgOp3p>*Is)l2{$?N*0Azjd&X1Py(Ph~O}~nGC6u2-0JrA*nWzMkO)nP~xzo?^j>Sb2Vn$HI zc(-<&l;Gif5Jkq;S=wQQctYHo24sHi$z9lbcb@ft=XWd*0Dbh1JJE#mws3ulTWE>z zew9E^01p|gnm@c=JuWY4mzockrpF2A4X>Sh$< znNOgE4$S@F$l(*J*eyJ2x>vFO8_Q`+LamxyS-@;DV1)hDG+#f%3u%m;=InlO`C1<4 z9|ZP|n4!WsH}!231_cimM*Dgn{As_>8}fHdSX#^vp$uA?&w-N$J;zvB6_SYimBhSS zuiT7Iw%JvSV4l?zX3%j@GwgR?oW%OP|6^v@n3(kF`BAv8?dgQ2wMo>PC}2LJAzsp8 zteKF`r21Wv@uCxg!3NQK;iqi9GcY^$7o|A^=;#z2tw4^qXiF$jFxnK*`R=$fwmKkD z738k7^*N9w_dvnSRpWa`C6=u$c-gahrOip=8X*lrOp%it%^G_ z^%xjm{8O9*j?<*G^mZcSEAAgHhDNj`;s`DE1s>ns_wIZhu!&!HPClP&=K~bz46Z|pE-xGGC1ci!T6KyJDb8?2zq<4j*DqT2pfB z{;_yLmNgw_9o_td9b#353+jya*!g=G-;&>;!=kbh<#&Ahf(@-{+W%{rd5H#Vb36@d z4^JNwg&&RhovcyQt>&#_NyESvEfcOu%wQT%Z?;9DopdnIUF%9Xx9P<<1Nw1QrA~-N zKhnaUUfO)*_qE#4tNWk}!S$?xf+e~jH_?z0<$n$YU1@m^z0?tJL?omAM?K~Z+XJPe zrDg{~X5@)o^{_0B&LeuTHzJXzhja-hu5~zYg1F%S=BjvxlIa-l^3|D+iU?UgX`F}i z6wX;jS7(aF7dxj+5!X5!aN1^hA3FSa-MW@{li{Sbc5-@S7tfgvo}w?lP}wQ009c;S z-~iLvuvziUR@Eo!X`;0_-yK8t^JOh@7p8N&hX$5TEXlHvZPc4)75NH!qwZcOs1X%A zMmi3}2*G&m+25PqDKKkGN21`BAsDvbo9zxt2ncl?!z;ZngkPn>I`|3O^pfKxThYxq zted|76Ij#D{V;M5<(y>z`HNkaHh6lID!=uply&31MT`4X!jWK!UX6dTzFB4X1^Q!; z$+ue^0#et&e6S_L88OIPvFr!|hBLui8)vGYj?i$8hdfU9Cr`De6Ln9NN>`Gg}16a z)oa_C)`f>}&aF!aqAyT)>yT1bn}s~~Gb{45S0Q;C*-Pz_ir}mfPMSMX(K&^HF6Zwg zPnCmBkfE#JRnMI62@5Gk{6ZPaZ9Q2Et2nHQ7JFD(F0p;U!H@L;mqcqg%*hqlQ)=dV4L>m{%61PFHcuej-eUg<<(JP5Ga1Ow=)_NG(lQ`u=w30|cNFj@&evVPVJ zZ_*Igfm@VW+E2g+d#r}%t(uqbC(JaqgxInn6d5;Jkn4P9Qq`D>9L*>KQzydBJ$s&3 z@%pgz`bpXpHG{!Mh&0<8kloO4Rm4QWR&EDxS+~svN=*9{6vNA_s0#ASjymjyPNq@t z(?7w`$qkZgt+?=Lpiv;0revNl2Q)X3Q`%rTI5%345&A-lM)^ys8Uuy`TtAcb<1&zw z`V088hW?@iJ-5&Ph6<6@1kg!Tg?{#@`bP5SQ7>y1HF8Ep{PpV$ARx9D$(g0{3$aPktTfvm!} zuU|`hT9z{!GX56PrlZ40a8KVM|MaT!Av(RX?K3|m^-=H-Xh%o)UjwcF&u;YlYH0fO z>YufvyH@^tby9-2Tg+mo0baZ#R$yYLncRKqcArefH0g1jv7E4oOWEz^9N@UK>fc(z zYq2NX*e<2s5xK5cWpB^9<-XJ$$_b4dPvN}Su+imX-?u&4;90s8=rZhe;_uN~r3{SA z`{Q2`A5&P9iH=oWmQKd!f4%WkwaKF(&A-W+tXDYbzc#m*QtThji;cWvAy!}WJn3S; z{Wbk=&gp|qUg*kfX0G1CyKeyx7N6HO_$c=HKMWOP22SsEd#~#ZNLm0R|57-8BWrX| zLG=T|CjSX4NB!O0n;jm`LNA`G!9q8C1L;W3HBAkghMq`D#@5`) zqI%#4mvI`iOTYdSZ(8{Q`l)cc%z%pme!5Ssj3Df<5qt~f9NFih(0_jV^BLLMxd?0< zHBg0?%fYuIMC)rdUd<3k7S6g({Kumk_;}daw}H&>A1EJZy7imwJiSoC;>P6%PK`Kv zPUF(ns~VM=@uTAhH@r3|gFO{g3}XjVRvzmaw~2WEc0H4PCJWb4PKWf|KPEgsD`m6# zIphR?bx@I#+Ec54v99!610Hi$WjY9=K?6iA?&+nK36&_)E{wn@ zcu;I=M!=ht7>@^3XmdPh(j6GGx#T#0dL%yA8+8Zg)9GtHg3YOR3HaLXu<~;70iq6| zTe-1XFiLjF0S(B&+3Z)61er_y7Wp_9<+_d6lI6{0C~;zV0{q8bqPI0n?T5Z~oV#s8 zT_;P#zd_2gZ*b;Te+s za5SE>=i7@2Gf3QK=diy>k-Ut79nn8t>xyI#+MRm@d5d3iM=OMZR`c&o;3qbpnr4&q(?1ZLCWwv4U-jy(d3F^sMBZ29^9<^Pt|$23@5K z?CBXFv(6XCQKoxaVFj{9+Q!A+Oc$|U8&gjphMzhyAC-de4$f_|{>1!#+eO$tJ(z_z ziZ8PgUJ2wK82N7VLwA1OcQ@I)1#1bC89qeaGGvsmPo#nepZ0|=HCvTkR+ zy!<(%N8|9@T{hlrE+C2~^&DgGD#1{yTUY7Tfb0WpU(>23`VPm5umLQ%uAD9(LhN<% zcCGbL51(Q(g)hhu(`%RCjb-7f4>)zxoEhCmBL^em{=PCwg=RAr{B;%Ys>~q0B*zjj zE(+)3MirJ0h0Te-PHHv#7N-WAR;EYC71>8~_~TA8J=x>Ju1Ss43?Mem$|Dfu^X@jn z=u@+;W<#4_fhXpNk=v{f+p?DaTO;83fmv_a#Vg;(LvmWsIS#ySDw75mSNtvF$9WtZF{q|NHt=!h2+ z6Q7^=H;4I@>1RvY(#RF){6)O@_tE7^#{HL>N^D5HFgz4jHxLW@>75xLr-b7 zFXON)RyWQyQDfw~KcJ;U)_E}uoehWRo zy`8nkF`tR^@4Ab3X^kb>Uhujh-L;Di84fot_9q`z_-jOe_|1kh zX7|;nk{%eH_lY_S$Zc)-CL>~&-G1zNu5^pYZt^~eRX$5a$Z9Uv?Vv_8r}>R0-jqTiaFno$4skamlrx)dgANBm)AV3kg3CKZ$H0Rm-{g2(ZJXO`=vfcFD{4U zGGN^Kc1$PNm*>;fg^Lh&2dB}O?Emr(<_r5_vhiv+f6rUed$oVao}pjFo6Sr9uiYX$ z`ZT(e|IRnS%3K(IIm_#2*+PFt@Z^=rWKO1vo2S1xPy4?!X2*@Mm2}@(Y=6FZl=!^Yh1$fPMQJ>b~ySxnbX{w?;tW*S}V7CltDcuV$3CFiz{ zyt-L##Oc=u(QQ8ORng%PR*8l14Bqr^tLYvC=^NZT$?{*~?hgGZN`AFlPsG_ck;L{- zGo8vf8XR8Z9iUDW#cN;Jnevr61-Ru2UJ+<9KS-c@JZMhA51xFPqFyFSyEx|*T`rWo zAUQnY$0K~--VQVUf^Q?6BMU|R(Y2idhHMV1^k#6Csfrg?)1J^K@NFRx7wMbYkYM{5 zwc}N(%;9a;C8m~5;#$4vDiFyS_}HOBh@EBVsDc0d#u>KRYxN=b{v(Ew8wk4Ee+gAp z@PM`lyhJu2Y8l>!)Bdv{+j{k}kCV~b_XCxE@xga2zS$gbgAd-spneSV31zov3U)FI znUp?DsQcz=dMb9=zZkzIbB(}5jTX%)vwQA~jAEn8>%P=DM<^jZ?Mco1#qhH-*FWRP zBXv6Xdguwx2NKAfh?{On`T;r9^Eao@(nzmAFMeaPC{OQ{zaLA7O-dO@63rgy>|SP2 z(PO?OXKKy7*D_9wp31k;|bjI9pvVwWVA-jI_j<##p=<++!hFhb`Ot; zYW2*2xt`iAz3ePN5eCcCKU&0uNr&D+FREURapHJfznT6<00ApMsc ze}_x)T*d>S<vtkZXkGIMgzbt5ix$(YoVlRB!=*?T~F@!-^nx3{K06vQRm7Sg`e zo2jUtEh4XW|Ni})#jLZV0xv%``sEe{b~5&kzyGSe2C{O;HwG79wwycj`hd&014KI- zy{1}}nY;Y~j+I1=yk7WtTj5OFTBc{=LeYR9uVB0T`_?J%xPeCVA=4ffd!VWm^7J`Z zIUhp1jwiqOhK$)MjnQ{0A5wxIc+qC^I(>(FW<4+Ia(g+oJlFKXt=8_62$R2K#8}3~ zmou}*uB;4B8%lNJ{;$E_YZFfjd<@wiZUMUW)?Qf2VPt&z4Wn6|J)C}tX{KD}XQQ#v zxkc;t<;bou6xK{IT61LBK{X>$?y;9uX7Q!A>Y%9BOq8#V`dHW5SEm+GPex z@F#jbH}{S6??BJGM$i$HLr}S0x;M z7H&e|QYzdF(}JdLR-^%-3vAfa`qOO)revC5O|YfL!XLPsY;xDT#Vf~?;5u69#xK^O z_i1C2mBy;yx%_lonZ$LJ%GJc5Jk&gOv%*S9ymO7kl_uo7%9_$bscucM&c`mu^QDKq z%q{R95aQt}`?^~RuOE0t0$7w$KkQ40ch^4|8UBei4{$HHjD#pwljdWk$`Y9j1GYu6_Zb z;qFnjfULr=5%&Cah6@@z>u^U%6pfhtUh$&;fPv6O$r@fVbW3D5#`1NyU-Xm3j%QjyfJ>A3C|AX8~ zAKOP%wr_Qq^inL+b2d==+@kVR?865Kp9vYY`(6z#d5O1e0`pma51;=W{rl)hf4FC) zafLT%D`eOmVa34AbeZ|6qI4{GrHyvmrbDf2bU#Ac(GL`E@k|z1lmGI;~qBZqA zEOGVdWHz221gN+*O}T7uQM%1a!MZin(71c_TeyD8Ks7>+CXO~|@fegw_qoTOYW0oU z_TBnGO=#}x1Q^*wh2y9#Kau`4ypx)PM>Ju>sc;A{{9wP-T7+m$u$g(R#oNl~z`MO; zSwR4oSxc~WB7~*!l58J0f|$}3$88|Wv*t&&U4KChWy453ByaWEFcU!Ri|%(l8ntpM zTTbk=Tl5YmjA=+*}&z93tirq7#crX5A?|dCD#TidxK;lf&@R zofqB*7{_sVNA~viYPZeN>*iX4@Dc+`1yDG#*X7s%SEm~yo7BcL(TaO7+r${O@*<&m zdrC?X1wbe~Z}dB=^sn3x!o$o?3gFT_)ReyXR2hM5d)V9J4#OwGa0!XqLPWbmK@amm04e>KrMS znSx2>l#=2&HnYgo$nFd4^6R-j6BNv}H)TIyd^A1T$l6339zc z2Oo98A|x>XNib@H)Sl~(^NlBvM5lo+9bkvk6y|L(sFeJ$etL^K)yD28u-2NefUsi^ ze|SDhlQG)<*|qc6%=75Oo;m;Q;Ma09Ki-S488!S#c}9QbmC-|k7SoJ8zq1dnoj7;l z^m#Tz-D9WN+OP2pY2@sZa}P!9ynK+8UJF?>yZ$5&Ujm>`tj_Br>_^Zt0deqrssU&+ z4L6+#{zZrbkhc>yC692j#OW0TUKw*jqm|{dByGClo7bu19dVb1&09TVDQh=CWMZ9Gy6440{M zXcK+kvvLRvuy&eMsI}XrV5l&~E5Q9}FXZIWDVAm*n~PSvmr^1P%$Aq>k<~BzOeV-) z%dNdP0;~kVa<3<xK!xPVg5ljg7 z71$31>QeZuiE12&(?~JWV|VC51A;`5jLUtnNT{hQ-lJ^eTfHH#7P_jm7X8%XITpKC zL3-=On*w{*E6cvBng2+Q8Ytpd|7DDuo&h9zDVzR^U^91~mq^4b<$fQIMf(r>1td!IifCd{*UjDII4T zoXwU8va!+Kye#HBj+oI`?YyryuGDkYY#uJpkUn5o@R=Szzn)PcS{iTlQD;XTaGO?b zuB*ehIwrm{25Q@4kP?bVJQbMPhbphWoZ&Y$-UP$fx0OkWigIi}5+d#`A#;}nm7O_2 zK5K8UDWGsALr8-siwEY0k4VpIahGX6H~j`Al#_`=JW8&oq@1Hw!^q|_+uGKd=j76n z1i^5b*Y~=q_YBRP5`?$$6TR0RN?QL>q7EJZtlOSiLoJcRk0~CWrj!uCR{H^Gv#k$DF`1f!Y{6>2?!+c9c@BtVsEl6Hsq7*#Z8)QR(CNYn&B{x=CB@EnKMWou`5y+ zg@cS5S-e-Sl`(Uy&Lsxlj6oYi%@pYUC zL;iR-s_OVopHWQnJ>n3%Vokv#hSgaN0uzT?9|Dd6MWU7pux#W971)bd9l#Nv!RWWA z&6P#)u!?stZTn6N-oVPCBabMBWS{Yk$r|1d`V+w%Giv%En`lL-v>)`?gGgqLL!s!e zCUY0KlhKK7EMXX^co_6Rs}aGL0=5|nRPi&DJ;bj5N@Lzx1!?mapDj4y*UD(Qj)T6T zkH2iwq7i!hQY**3fU&%^ja{t-GA`N>5IE)<`k1ra=e*)8!%;GWdY4JgVBW*W&ACLw z***iZVp_}>xLhiJ`QaWRpd8c9N*-Vl8gKv>WZ2ZyaTwQ-#=(v@TmwK7+9aVyu1%^s zU<{sxdJkN!V89;OCDa&W?o2LAzK`F_@jy3ed(Ge3zJ3~9DRKd1PbAA6S*NZo*Fww9 zE}c@~Pr)rSCYQ-R{N!fwW~UgW*4;oRzaS-|#RtIM>Z;v6XAMT}3{GJ~kGg0{SIk_y5|;OcOZE*b{EODnF;VbC6w7?rE2j|_NwNnkLOvx?GragL zv?PK*CrEJfjfdIr8CUY>eG@^awzXbJQqG;@y-E;tgI!UgM3|;X+6#bi0wG12w&=qN z6zux1+N!tAymJbRqXt%`e62PS&?*tF`42O}TQdSqfKgJ>xSEy5%4Z8({=9~q0Gm-? zaV=zrL^1;?A{-hftjWtQJ?Dle@l{HbSai>mGh4U2GN*ge*lmLDJN6q42KqY*ZL}>6 zQMm3PaSP-D`3^<-JsZ-P&1_8qfONyL-)jXB>Ds$S-tX4po$Lo3w1N&lRz5qY+j3`g zYgkjXUxvSCrk#T_a1hn+p2Vtuo^SGs7|{8@d0~^D{YzAK8M68&lhk=0Gng& zd(EH3Yq5o4KGK594@DpkCEIi14w+bhMFK4^&6o4& z$@(pI-iTgNF06`S^yPiecq{I#&|o3VZ*bp-~rWy&6#yL z7jK;C;pZXaX>$EdoRG>l+P#$i`n`z>%V9+co?Ff8bGT;z?Ta&**ES?=!`C)rY~QSH zaYD94=0estvMa_Dff0_gvbK;=?6*}8#yh|s#ZJ5_mLqpf@so()>rbjCr})da^k|#* zP83Cj1IL=6F-0i<2Xb}OMN_%eZ9T8l)aK>(Ey9a_Ghg8+EH2s zp-@5a$I`H@Wz8EA&^&{l7e((1W-3dyijq5DS3d#a1&(3M%A=U8oZva*2J1p_%nT-5SUsZ?U2Ni9;8Up!F2jF6#CZ2Anc@faWNEYtv#OPwPjBy zjYX2b9>(iU!6T}o(J@uTQjz2W z4|XJ<8Keb#QEksHuzafTUK7TaA-&~JrTUA_&8%So*4@0X-~Bd@?CFZonw}N45@P*0 zyB+|;2DX`JzOm|03|S^kj~y$rh6OMne=M+Yt@qXUK3?m#{^VbtyID6N+o!-kv_91C z-m++nT3T(;N|znGl}HYXILGsA$!ZX|Q=f$kT9%UpQ`#?r{TT$y4fjWsX)ZwE-BN)^ zC@xce@(Ir@@Xe1xvYLqw5HR{kASHwehvcvhK784P(D+0)u4-L#_FX?@4GdOneJf~Q zY)mQvOl~X}u}-=o<;6aJ`PsGV`~t@Bn9Bwp)LA$RL13uCo-P60bK`+Zdb6w{KN+bO zT8m(`S21l>@A11=Q`I*s;z(bIHWk@)C+;1Ytsqz;5mU4W zRnJB3vdf<*Nm*GEwe_Qn<%J_wdHcZP0Jh$sM4Kj7$eCNhaBA(0QzkQ(lmh#LM}7Il-Du zUZXfP?x0V6-C7hkw9M%+VHCQYfzP%h;DNR_{lI~uIaQlXOmH&U+uT>~B9xx4P)vmU z{aI^{hW*=Ia|0=94EME_Ma}Pyg7Zs&C<_2_)$jr|g7)QRo>j7<^u|QFz&F zYX7Ij{;NTHy6=`Jr5?P|_FU^ld+=ton#072eCG_PU2B*-3L(!3Mxm(yNv zegcQ=-ZQm}OnS65l=3|NSn&iy!iJ>RZG>E4zm#9zwcLp9nZkB$w7Gf>9;Z`h`Tfy| z8w%5iV&ZK>-tb%41l`w3jqbUMlFq+Qb1K-MEAk4_h#_$N`{U`PHQYop# z{n7jPVB)+RlLvArEBs*hJ_FM!zhynnwbmx%1}2FgbrqqTRWtWq)@9xukjuml2}n(( zuxF)6X+`p)QxHel!jt>2?mbeTCI-1d0X}V3-0}nluN%8mzY5`&UE?-M()2U#f!bYg zK&V!*OU12pIXc6DzktyY7o^W z9E{|kR_n})r#05uQ6-QO)V;@T+dWNh1z2TXOl{(TCfWy?MgS8eY}!0X;7ZE+ZrWyJ zh3G*U6Lr_ZxQ)EnA#3R@46p$1ssUa?8AguL{d~ziz&8D-r&F*!D=TZxx`(S*#<5{- zl!+%Lj-0?$v#SQJwFV!gSz!bn@4geXJaWlt;3Z3C5*IwSp4Vx)&7hW=cwd6E$7g=> zT_s_Mu9vqCO>NF>odsT~j{xP!VT8PvfhJGu%n%#T8kF+Sl5iILE24F-(|`;#^zw{5 zKt{%q9ieDq>Bb8^EN5z`visQMpIQD`mjuX7-L}}=SzZ=FI1h3i_)V?v`+w+4^rojf z{g)ZvJdmV1>rlw%$=j+*oI6FV5Yo!f_>=kfk>lv)M_vi=z)2jf4#=n`%v=F?CudV`c~WG;Ag zGniDd|6yIEp=)T6Cc|0hP0gKl;tiZ_q}O@{ADNN`@i+4tHMF+KcTc%bc2^yvdoTD` z-S^?u|9zykw>}t0YnUciL8t*=6`KZp?Cah>zG2fKi`N$Kn{;;P7d-B{v^p-`oT-EN z+SmzhvCHLgJ+XNZ3)2obL8t$Bi{1CvxfQz~5EF6Bw>GQ3v6yIs`?P{r0Gqe9NnQN( zgo}se4J&}|&DN?E7;MhCZKK@_yLMsM1@YB!> zDr?N1bWbIdMF~?;aA7Qj4N;drxr}C^AE@j9B}I2l;O}QE@@OTm{4eU>JQ~XX?;oF( z)CdWwY-zJaB}>_(D6*SI7*Z55_Az!MgwTc}d$t)&c4jakNs@gx*|M9l8w}?6n)m1a z+;{hVf6wpt*Y9`E?>eVCr!zCxb-k|F^?W{GkLCHAjvzQh2uW2OKR;WOWyw0P;+VL* z{((49Q{hpe;1KWxPEEE>g01a`yyEyvop8EAcJCK+72V3#+^WUb&jg&fY%|qRZn96{ z=kLm)y%nWqHpuP2$%9v8m{ji=RB^=uWvgYuj%wyME*4E9n+tVXK_TbV|B@iy_AMj7 zTlABqdcH;apT(WmYh`sD)s3M89Hvvzg$VC?aauKKW|OhmHnh?GMQD&Jb*PPsmaAUm zAkWc8iZ?1=mQ&b5?Ds)j|K_Sbq&3URIrN^MH(9mywfjYqTP#W_*p^p^Nr5OjI8yq3 zZ#&$ucbH2%r2f%Ew|!(muFqRl{A$P^XlT1wY&inWz7(mDjBH2tndW>G8k%FS z^P^Y)*pSB$f1@uu%dH2VN}78HfvmJBe3YpC&)xqZCSLy|i!njc{P^QWztL#F*(m>! zEkHCq?{3la6l6O_W5?V>x&Ou11(m8dvO&}?T)$BHw`BH<;otKZ0!jP$Z*t>bFB`p!Rd$v%=7(}(b(0ii?ehGN zUkd0(?nknE@2>ZeGgt%v40biAYlJ&)E}2WLk1#r_s?93;^*ioF`j^kOeoV_+Q{G*( zLQ;0A2V-LlXg&VEO<^~?_%~|`2xwuwbl}m7-O0Cs^35u=g_5*?J)6_+ zHaA@~L>7li!PZe}ZzmM)NU3ao4%qdfp1A#uMSX{u>0){yE|wiSKkAaPzm2)$#$y4G z-nwa%E!){34{xzwKH>I?Jf4^R`+g;RwzSGu4F%g--Xc-JCB_Yu`=<{0&#Qi(ZL4(- z-!sO;wXvFw!>$)bl4NO41nQo*ob8;)(Dq7i<)YhmfH%$AsU#*@u}PO} zk3yTtjCwc`=-r^Z@g;bxXfbP>Qn^tjy8*ngC68j2d&~YcA#L82vO8_gF+21Xmi4sl zb@e)LCh&RCUrs$aVEn;49@yjX4BEKY-nCeAoFuT&cx0)wA- zXMXfsXO@m**SBcTR@vQ!%83|OvsMyuJV!O!VL!CQd-VbqL5N94|KFc$-TV?gWowD$ZtbZ4-{ze zZ!f%3G|a}vqRyB6{CGvu^UU1}9}9vfQa(B?J4e3Em-2xtNt5Nf$lXfP!6TJYv#?)k z7do2L>I)ZGq@yv&i~aB6Vg@~O+9h+Et5<)09&(~1t3ofV-4`?CfXwE7UaU4UwH1Qo zb*acZ^d`%B4tr7kO)Fw017tQnfTjaMkz!?oHgSd9GyVGXeL<$e(WDZeB z(qijC-hcI0@9BwQ#qnM0NClO;$RT*%(n&g^_sK3ERoA~$PnVOqNsm7zgj{WTQTyvA z{V@c>6Qw7GJyQLn&f)eaBtXDLesD+5b!K5}s1)Cg`%5YGISE{46N&JI(3C-Y+I6i1 z_Tx#4_v3}<2~%j>Hp}vd1I0`@&jX!3?hdIXxV~L{vMuymeA?Sf=S9FT#$_;~(a~Z66~5pSJI7D z5g+kJNmqUTp#m|=gb-B}1O4ux9r|-$J9HHYVo5AJ;H5KI{)7U7W3a-}yDr6hYVn3n zz?|iuvCyde8zBefe1DM&X;I4)&QY)l1730T-9)?0rkAc0etmojH%742aq*@v$1l>?U(&BX5UO(CF&ylnYC(1YHO0523B|qk$=8(dUol`n|XT1 zn$j2m{jY@qC%+q|lnJ`?N9?tXX-w4nx2IBU8r-bhH~-WIO3rOG;BtDsO(?}>yGH4= zn$i3pXlH#ezO|Oq{#23!ajO+6=e@G%xEIXwkQ`x2RA-5DqqF?5*(jQMO(+{zh+nLv3Xe6ZV|8X%Tzm8Rx>nKqaJNjV3JRFr0ay)}N46ek&^e z25Y2->SHcg$P%2%-r(d0OagvkAyMsodIN&%laFmkJa0;%NA1|8)--niFvySlX6>(6FA)|Y`?o=S2)_-LhfJ}Q;^HqU!O5ZDD3X9?M-4NWeuv?1e3i0(mCHvII3cFEedf4Z*@l1(1 z;?m~ZI?L$c-EkL6;7*d(1t@%INt-aIX}u=U8c3~npL#hwGE9u1`E~7Gb7?=?ClHx^ z5;P&fMs{VjY!xl5(!EuAr`o*`=luq3Rf~v9>z{^F%NDm6d;CNW{4>>L3zZ~jkPo>x zb`JswP&Y}Y3@lChZ-FQV$@S_~sO-qr$mu}r6-_h-J=Z1!~)!z6&NZSCWgM@`JJMw#n9+Yuuh9Q3WW z-ik$7(Z)@j)xJZa;@mOIU0Z!Z?EH2Lp*Kn`$B>xyUM1E{B5ZRJ_6{kQXj#Xti;Lui zmW!$#OUdcRAcmgyU;qyAGhEfFdO6$l_U+X^IfECX7duKb`U;3idjZ>u;-(qUt8<-= zT_aVRt*1P-DU~iX3W+f6p4p<_EcQNa|F5}XwaE)OzH8qF{gz_u`p<4Gcn^7;Z}_Bm zfiPRR&@+UvHR-?c*y{MbwvM#7IB_Z^HRp4KSdO2BoF)9??3ePvnh+Kaye;V?ZSPM` z2P}5X9_lNgkS9^A>K1tBF0Q4*KG_3ivi2Y-r#+OtmgXer0ioxKq`J(D;KwzFa&EQ6 zJJIY;1uj|MyJ$sm>M2}5VwH8+M00Su)Or3Ud^63nk}2FSuxGDknp_baKTQ49?%#3v zGK@TaPEI;{gPF|L(RP7ZzSxaEF`^``oAH$IcSk;cO#kPcZ&Gc@91Y9VzK5~&=MYeS z`keKV-6^(hN2oqmN>l0VRni`&t>j)6(P8RWO`8*b_OZNPY6zG?khBM5r-@5^K-`cv zu0ty{^1H=mDEl(w;5Cnjie_F#O{lvKs@!;VGVyLbCs2cG6V$Cw5gYFgL0PeYkxoKps2wTVw;^3(b*gfRT z$cw3o5b>1qXXT;r_R>8RHY2P&>l+r@G+5>^QH}%@C1Uf*bdtA7m#kjbOjQT*`ikha zv|1FZ(bB6uE^wPO=_UI$;?7D7C8&fL2_FmDx4+Px+JJ%K1m#Kh$-mqxRMuX-{81m) zz*>8;G%zK;Z|tM{u)pD#44<;OtpG3VxoXuSY-e}QN4H2Msk}#7ZxS_AH72n!;y*2b zwhdE1UaQ;E%|lc9!Hasx0*~ezIlQK^f*`e&cn0{Ut^MznI+J z>D#?DR#E9Mx+6G7B`zJ#58RnJ32*-9K*ATWs&CCHB~CYRsM@fo?)57JKnr&h$g7@K@~9SM#6J`sd|iDud(a1wBD|*@LE1gq0K4!jueHl@qJ54LN_ku6nz1p z#WnRNeUk!lzkRVpMs)+>F&|`+zu9v##cM^Zk0&%30(H6gYu7Cisw<>?825G+s+5~_ z1ZH`NBLctB4pNEcjtu71>lf+=vcx*@^F@QobTe)7j$)(qqtDd&=LA3PQi;43l00vg z5M`UQ+}ome`qfqqsS*JvxB0Tw>6RuuU*Y{r^lX#$GyJ~|4AjRW?7pA5E6f>s%V^7& zR}LxTmGSu{huda*c(&nY6HBC@X-+A<#`YL9%eNRlA;MrA2j++&F<|!rW{2A(*Sw;z zrvQG*?v9={6hSgK>7X3x-hC#n`yBVKox|Bm+{~H_R(GgtUczo5ua>;?E6l;k5hnkpgQ^MpB?@IeHk6F= zv}gw+!B3jjbRnxwWzUW`;?}eErvz5V0rHa+{hBnFC;$QcJ`e2h>HJk#IAkUlds<#ws`JjJUywERDQ>cFD%>+ey%Yq@+34o zxAS=_b>TXi<%T+yU`OTw`;txi6;C`$)^bz9=Ryrb!K z;UN5|Mw~pipka^(5)#86dM#jYHGmRO=@VPeS6foej^t!gQ zf4E>cYRE0xjXuBEdiL!<<8+F#d~xad5m%RaHZIxEpdYRmMUK!T0wWXT&9bOn; z5)Q9Vq5r%Zh^_!=^sB|^fwv6X9hQ3pe;8#H8XpsLR2X5qEe)L&HAzp?bPYM(QRt|| ztf2SQ>&@;QT>ktK^vx}dNG&1pa*Z79=MpsWUbkSO=QzR4kbr-02!@O^4-v=F9j^^L z$~_Vzp!o27YRyb@dgmuwF{SjQp@pCOVC!?8pFY8bvR4#5(hw}eBYvy8=p_r59#pU? zz1J^6ni|$1em1`Csc;?(VLk?;dAA94@(L2A!C$0BayWdVq;o1DfM36fSC$9x3FLZ0%Dx z#mR2H8Prm2+cG@br$xrdWcaI(CD;gazx!!FvR9t$_Ct&URo|WA5wPg(3CWs#wzWD8 z3wyKpv~if|z9#+|Wc}Sl<=z~_^ac&MT&cK~%C}n4 z&>2n8OW=zQUmC-=rrnR zs-R0n?LYf5i)VxNcJ=n0gy;R(g-R(yj}>#0nW$Gs{{5?cQz0ipVaO$qV@isIa8|zD zmblN2QJ^vEd>?_Pa9xo7+{{hd*9fk0y`Ks4$xA{Cj_*n6ks2qGa!pt$D=!{t47O~W z@vLJ8Ji-gVKnaxdcmo^eaXRtsUVzHi(TdsSCOA6w?eeo|5y8M=Qlur$5^cRRqKJ>a zIh5y~6CO8gcB|casx8n@23UE72{IKk_DT zvWM^QhJ|C4a_63<{%U*jv){EhTQ}*!kF%?>3(iE@(Y*nko}cR!zycgkn| z>XoS3V^rUwT}sZtEd#xgr*QaE`NbC_o@1lBt5Z+D*3>RZ%g}|Zxb8MxVfL#njfi2`qML(}tXZ#9_{NkaIr2wBjIMx<$Vr`mu1PC$74~sEtun zfFr2*^;=^F1e4&uS&@AZ12+(_4^gtD$RT{9wKjE}kXu)&d(~=28E@ME^(9D9rxt*q z4GeiiDqr^^veInioPXPtIrJ47>nqFJ?K5}U9)^I%SKfcH~V@Aff z=J_-y>2BNGrHaQ{a^dH}F@h|`m1Ovkk81&eR zaP;ScY^VA`b({|bc{l!ZKYKMFhHE=F_b){G^aR6fY+}-Q*omKO`0rMPqoO_wMNNNw z6r7142}K_I3$X{6nfX0j?r%sQ=*$g|vH!16ojx^q^e>tK{Fd!SLpzOP_Gu{PzpMv5 zmU?=6E;t+ZN&ZqZ)ZD>XkQS@KxD&u-PCqxHX;XY(?MhL!2Iaqa#%`Lf@lqfWPG5V;-6n+eGLl$+fD0 zA5WW{x#qQ$MsjacF1Kz7D?L;RQM>auJpaR>!ifZ?iC{^VPQswhr5c;nsaAI~dc?m1 zNy7J#SRf{re_ul8pZAYqTzlm3=tZYX#GPW~Kyf259xPDkD+$C>5Ge3cFg=wm8`?T9 z5V=UC2Q1w!K@OGQ$KETjIC}G0?A|WTyvAqUu{BZFsao7Pmo*-ovpYt0Z?j+Nx9_5| zyk-5W*F?0uWBv2PP70_oX}`^-{*@h%vsy78vA*kblfCnUpaHzT>TY-0`Ha3|`>qRp zjS*9M)1^+N!O(ku-s-Cqu?Tv70j&&}Dq>FIo}Oz-xP)$tV`e>Wnyi2tc9*$C)a|Cs z$^sQQxyUuKX=HDs!msDLrPmnq{7{9nqwn1h(v7+aGi7!pO7*H9t&SsL^qa#ju6jiq zzTSXKI!9Af0w}xZd_e_%S}#TE`g?`g6gpvKS88M)VxX{=lIBlSrElrCzp?!L)zj)o zAnw>=&B`zY+}oGo>;i7jm_nrjb|!=fkkH_R6HT!dhMAg^tlEAX15cz}t~~k0?@J}2 z5on3THUaeTn7S~Hx>y15&W>98?&45)o^gQ{F<|4D;^Kj}UnS^8OFn6v7s@N&&wBn4 z%c(3Maw4>{B?d;Hl3f6iwOD9(M$74AFdtO=Bl@@ZM%E?&=CWI2AD5a`_d0%EpXMh} zfBOOydarz5P;=i4@V-{s%Q+3t#DhnLB5X}1k#kgc^9m4zUS?%(zgHmm_0&+h^i@fx zWb7WulRVy;nS>8{kV~$BRuXoRSfK%Z+kqiUqB=qSjV7 zQO33INUNgu(DWP@SN?223m%!d?$n$AL3#Nrm(xif#Mn~UO*;Fjkt+8m)WJP4lLnfE z0{QRSZ;Sz^9@N_l`6a*H0(l`>TC~BLj!e>?FR*&#*m{Nh<K^`I<4uCx~ zII2Dt8MwEaDs^ay;jP#h4dF0riI*gQc#={iKjL@Q>v0MZjH}eoq9<*FyvOYTKFNCX z=ld%SuoZ)fi$Lq+@{BoD@c1Rm1*SvR7@KsL`X6x;h_Wc~q}!yP0%{B$&aayKVHH*rcgXZ}o~n z5jCX2q5KD9you^|==ShYHp{LT0MD-&kDA9DgvS?nhMwns*I(^j(weF|!hB_C!w7Qg z8D{|z^Tf{At`_Pq%AbMq-rJfcD~@c%nDgqlnD87yhRhcde(7e~myvlT&1}HhrR2la zC)sOg0~9BWZou=d&ni&)edj_Cs5wDq_~r z4|^KCS0B>DffwR;QD5HYmxAH;G;tZXLHnF4im^bOd?1##c7Y#Vq8+olNUBbmp za~+bGK*0u!pVv(zAUZpF4ko`O3WeVFAY z0rbcDA2&(aek;u)btS90r?lSp(!fK;llzMrP_|szktb^<`45S`*eeIwy$E|`WjyNA zAh;rqzQU!S9qg|mAF@A#+j08uw{v|9EbPc&p@gEsqU%!o`xq{!;vFFRp)*$6 z0{7f4Hq{Vs^G%EDLyu{zTZiAYK60s=UEvO9ow@;(w83IR0h{SqsfD6$EGW zh%w-Oo>}>?!w4X3JVa#7tYf0MS~Yl#6Xl&LgT@TFp0-CNF5*45z>Ux0_3eQP0+yq!`lIE4&xqgInUW`p85yX>$@x$z$SB@Ro^=ON z%^8I^yP2afW;?VII(zoTQ&wz`b~cx#-e2+Cbb*JS;e@?w_X?FUflUDS4T=zO=&f+JLXY3;a!9g6l`o7XDt^Hd1jbRXmglyik9FSwQqh!xJ1*px5rEC=H;5jQF9K zMIWTUO$CgVyD$q|gx^++Rk_vPN`lmbjzWZ@d6ioh_F=lW=;e-F!?P87jMs~iJPY51 zs*BHkJ3rU|D7K98QaaiG4xl0XS|d4BL=BcVCt`;{s7GF^UJ7Q712ODdt4;{@ZR*a~ z;}=aw_12#5JW2JRiXR~c(jP>g1yOQ3yT=Q*-!SfFvLbp=w$I{GAlOWdBpszbbQ@wAE#rjcAs88sCGfoWi*IDs&vgH=raE$7=zgG!vqFE z8d(yJ#T$K)LnacKtl*0YFuMux772}hOI;2=SYFKJTi6?s$#+2BsMKpYv)pd%Op-JT(*uALJINIL zs?~nlFG~=RK7ne^70i%(i8#95)=~opvcEmOw;XBC_r_OZc2j|I9jEUS#{Roe=+^a2+rgv(;M5 zkGNq4tTMxV^Hn}Q`St!WgD8x}0Tv1Gaeaiut4x2!ygHG>7!&TW(St_I>XgN3!eZ@E zycA+iog2UvZZNrkjgr*+O)&ywFqPP{FDi4WY^EVx8+kl???1Uu-`g#C(w1Ud%n#v# zXU&P*?ryL5X0M}35t}!=3zrk6v_;lv8?zHk+z2$^&5jb?B?D<(JV7Db(wFxoyhLxPuhm+GL@jV)qC6Q1cwch=i=__aN2_=W$I7Y zi9bSguW!IyLk4zT`QP!EXyyyF()!a;ys8iT*!XYSF>XmMPjTYqRmUIi#L7|g_qxg! z7=?4VpwD+uNZosE9oce;I4tP^)*n)*)$R7HiFe9Xy3Xb0m;uP4|Cjt~s*&-F4IcI|1;B*G6sZguQ{ z!5m!sz;AlcKz!#}@$0i;Ln17yhs|QItqll+DUK(o--k;_X}8k$_v3pW1@gFOU_SyI zf>UF$ZQa?^S7%46@NP5xRV70rr5s3qZ!D|iz7OZ(Fnn1sq(-V3hw9ENgj;hKGVHAF2C?N?kKq-Mnf~X|;fLs8_=( z0=t=>=42uxrG(6&m>Q*{PO9wm_WMcUm$Wvv=W#5LR&VBXq&0P1j$GV3uY~ZZ@uNxy z+?Ej%`%!-T9A2uUZ?ehZ`j~BK4y*GcT|TzyPsND(mVJ=4jE-j8^=aIGn^VW^hc{E>vVQeb85} z=??I_L+uZ}v;C5RQa?)V1GD4WHbCRY2s#m-;TaTTljzJxIeL_3+9Gk$>6XX_dT|g5 zinEf57{y;@V&^`CFlS!w7g{i~bP0{s7VJ3v1+4HLXWE6OE@#ZjyyTbtu}vjpe;;EL z$nC5ytje}>v_ud*ON2vM8bkR(yczH9(a%J6ZMS_;R(xMSy!LO;ZC7i`TQsaNXQ@8- z_1T57;l8|OZ0c@~gHSs$&_YywNPTsq%l=i-qi>Z%_2;T* zbg#%M_sw*ci!4j+UOJa_%~gGPw!`wb`785m7ZiLx-y;_^E&-kx zUfMX}F%VI(nXSldev6>24hkiJfcm8)uD6bj`I3i`>aakh`XMM{<||SBspyfVg}EN5 zkGTrrOeZAG{;aoPFF#XwXSoSD$G3@~){7wwtvMKdj8 z3e;G%{qp05%Knv7GWV&D@+BUfQb`J7@pt9y&G{a3Fl(?@^X&SFKb4MQX5Qqw2K~$8t?RX=`FkY>L~T6SvzFJZg4UQV%{d zssKr%{85twWvh=qeh}?~$(`SKdUXq%-Mt%vs}~-F@@IrND)fVfY(T3}-QFL}yt+`_ z5>UU-#YQF&^xEFm5}%LIJDzt&sE*Ah<0edA8#@?Q>pOQ~t}XEQrK~oN(0KoW^`+)B z%J32QUG!t}TZdHhN4z^T>U}l9xRvYwC1~Cv;o`^3Ow!>hz6>{;x_O?(JGC;lv;})& zH+sS@O?xCglXwZpsa)1R0S_IFw_aquq3%dD&I%VW-0T<1!tHi#>^axN*i2IP3ye3= znw(M6o!BpAjrqdKcAQ%?PQCQyWx5ZPRp_IKkp}gY>gH%j|HMtiH!qcbPK2dQe};Le z80cs*CFmPa1I_Hik<-YW@c@c<&U8)LyI`iT%jd+v8whN0y*uadh@gzlJB9*k?5X`G z&9~zshd)~<`|?le$IL|@z%^W-{`%u?HpXmyuD9sX^r&G+-+r~JPTEV{+*Q9#Nl((3 z8@)jBQ)gPDSx1Y;t1W|7))U9o?6V_QYbkEiKTr0SJXt(LRNV&=uVoBo=3tmgh>0db zc*0tPrAe={(6n}#ZEWtu-m3OUv?G-G~NY*pBH?YvP{?K=R zAJzAA{*NzKW;yXu-pdGEduc3k;Deq$+C{cehtj)pK}EI3mV!t5#}FxJ%xItQ^IV$e6g-A1 z%fN`9H|z&9RJKyc-eZMGXta&=`CG)2sm= zZE#K4aPzdq^|SYH9YUds0~(0O*vBZ>pc(5+al+lV?s%w7G>yc&oj${V^n)AWIe$(WeU4>$-K56Kwd%V!0zMPBgwsBy1Sq{(c8?S5ysAzEq)yt9?mPJUHOqV z{VN)!Wo(q^$eVU;t`FyIoUPY}4#Mk?U_->lXVcy)29c^t2*--f?Th)GQOFYXGl$Ds z9Ck@DMB-y3)oNixBY2uThC6v_6(jUB+0M42eS5-=@BO`v_<#StOhD)WgMFw(QIFDS+RmdY_*= zbEEXq{#-v3>*Cp2-3dJN0fX(eE$rgA?HK;-#rAEf*6GWPa^W^@G)$efmM?~3wzayf zF##hz1j%hp8)YGZb`#d!a5AYS_p=ay}~O zRfxJUGs^$Xi(WKsgAD3;%&T-rB<{rc{-Y{K$MO{42XBg>Q+b|FvElyX1sWW%7@x}y z3J<;nsCW>?CK3pC9ra8aXU@ZhL8{hdi9w;-_Onhk!CFnr+-&pdl*`Q0f`N{%wJU{| zT^DqbV0ls`aY$Cbm2mkMf&=p54vo$gt9o4N$113+h6^qU6;Oq0r;Z>w9(Hpl%1X>B$g{;2(@*z7i0d1o##i~4To!zTNeTt&!9Q2pc{%0=o4 z@Iq=?X�?l#~R1{`5NP@T(Jq4`xR(}Kd(`Nx88l{{{>kUx{D8RHViuN2DDEubY6 zblLOg33FnA|I&9yAcB=zZ~^k}NbccROVVW@Be+B=X*IMp*9w*QOCS#u%7Rui5X(Pt;ut#`<7Y;b|1>+etN_bPl%#t^%T3P$O<4@2FrGFu3fX&74FY* zXwF|(t^GtGU9k`53j|Vr_X#WvJN1qC(?8iaSBZ?p)gJTZXipPY$^7;*S}|`OAX|;! z^xwM>NFH6STY8cE;v!Te%7iv0HZxP()GlDR;~p(YSSk4Q$U#o??8z4$^jE>In6J5i zkUABVsT23ezk)a@&of@R6>omn0F*lKGV>d%f@$`;`wk>m3SEC{QcJnYt@00>eD!XU zN(1xBjGfhnZXPYb6A$|{?*~A%&7*HIWrk<9@R27ozI=Z-JgwPq1`L4-TjrBCOV6%o z`LE&@qH59)zkaWTyr^g2r6IVKq#0!pBJOCY%8o+^UhEy`aZB{24v!A_xIvG8*#`pfgeE#E@+E_N{P&05{zdmjat(if@!v_v zP9WC$_s77$|C@xg`G0Z+ri1_i3AKRUz7e>RnwGWsG?3il2}?@6N5)#jvO#7?L7Q=k zCn!uQay-=y|3&eF$H4U$9t%!B`8R$1Y9HXp9Upyr=~@8^TKgLjyzPGd`gN(#3@OP_ zm3z)E1Mm9=lDfiQzoy3Qy5nl)reR1Ps%RsXJM{fx7-)c3BzE`_kf<@(_v$IJmbPpa%23pRF|^czW=Y6Z7Lr;GQ4+g9hw+cR{33 zJqfD>);mrLx1m&+eg%4qH8LxMzB-d(;0+iQ^#1eO)JtO(Xuy5*Bg1pH>}w^>N)MSq zAX(4;;-?H^>eHh`FA09uSEZjh@iwtyBw$ESVfGvxsZqOL;9ND-XX)EY(iBke`2GuA zEWmN6%K*y)8`}gxA`&&%&Cnq9geul^|6wq^{u6v7|N9(z+NTB$c#gn+7{sx`hF&qG zYEH&}N6%_c$VBH%!*G@)#_-D5e9OaVmOc#+=7+xM27sa+FvA@D`>C9Ky0ZR=bQIRv z9(E2JoKDg6T>Om$eYXtT-M$_c0e&yVGlSXSMr#T0T;#=6PBTG71^#A@rQe`l4m6AS zHR9#5PLf1di*_@GbT&htmw=6I0+_osm@g4*0Gq}+1THu7hKNOJ!emVl4d{gN{rq#9 z%n$?o-(;%opC#VMf&Sz)q#x}SismWH`&+c2J*=La!AK)~X0zm;cIWyva0D!c_>q!7 zX~Sf@cOwI9nfN=T?t#bfH%({|RzDWanq*Re9ek%$D(p<$Ehj{Kz8%jayaQ9P31iD0 zwo9C zz9GQZCDrD3Oa7S6Np&(WcPs)mJD%}FRt)#~uC(#T6`lY5LACn||LHJSW>KZrQ_Sh< zKuc#-27pR7M zfPi%+rGLWnL)20jgziu@pFDoZ1o-_xV*iiBz)X8SW6XoyiC+@xq{Lt*H`Af~kf30o zcew!<`}fCymC%qXj;T+l7##xU+5v_!@ZZPj)C8-50mgIyh#D)HwjMv zsEPkS{JKHp#^Q)G36Cnt&(A-`kr+G0@{ddZ-{S-cGP;+k$z~4d0x+*|{UIs1EznZv z@7~^N?*!a`Uh&*nZZZc&Xq58IR$^PnXP@<_4n3GSprMeoyOW%f2|xoNE&7ihs%odM zFAeaPuf>IIY_Iluvex+&-5z z&SB9ohH@`TYUgzgh?qBYp32muQ~(A$Ez3;@<$E_tp=Wzz_7UKftpCAmA#w0^oZzFD z^1z3xDTI>tF%gc1Vtx8*C_v7Yst&OGt-U7stl}IQK1IpLfZB!=@Xm|RLqJoDHkFcQ zViLDQpL=~dpdFHMQw%vy+9o&jy}WY@B4BH>+-*{uw$`N|a%EBjQL{iI$a|T%3bd}@ zO+Ye@&a}K34GZQ*ngz-`olx1irwG(CmzlX^PVYe8ePkEsIH}a`Ngh5~${1%Y_`Udn zw!z*~XMXx*+W9IW**vEa2NPK@6X~`B|6jmTq3HE4M<-#G{F^r2$o8lyx?-E{lxb5; zGD(KM*>tt=Yl%>W-@wSjksO|0)9Ou5g45_}#gqU7nC?Nx2Jk2>K>(;M2wt8dO-1`o zBN;xax+Baoy@dz|1~|n4!Q^N5PPVok$` zQrnUp01bY`ENHxI-?+I`ZNw;Z5cJmK9bkEKtd)r7InHWTm5+@>^|(pni?93el-TV- zlee~jjQpVVYaH|o(c7l@0xG5~r2x7Y?J=BC;mkf z&A_v6uaCXD9)HQo3Cz?A01*@1O*xd;3@%?#MfIdh!FF5#PiqE*RhQ-3%8^6)Fzmf8 z{JOz;4qcq^eON5WkoUW?b&=ptFR-@uOGB|t@!tpbew-h28Q6J#oG+5g4Etan9II^>R zo<#oj;pz&r666zaD9dpv3p*f2Di()f`maxaoKWB2p%x-)kv95;A#Pb3YjA2`18bCk z%eR`NPh6>oLF@;LZ5^+pNvH(#3Y*eeM)v<*KLMr5j-TG z@d(O;Rm)KEB=h`mUS^VJ%X>N0)6PCl1X@*y$ab!$FMl$3H!H!?Z9aR}Xn+!MiteXs zRU_A`HBqKAHYt+moUv|^Ona6q*UAS8T1nggkmKTeXJYl(1^IKG<>U`V#X#@so3A*t z`EH0Hd`J?iNQ7Xxc3eUC(fx8!5* z-ZSWl?#wS=W(b_0vC;1vy>cmI>zIZExZQ#vnqTD5CxwLrdHU8LF3+)0-YR>D&4n80 z=Oc=1zta}8`Q-9h%~td-OW5QsmIx@Kpl18H;o?NuOZd$uSHwHUQV*?@09Eq=EAr%I z|BZpd!7$O$(>n1NT`N-R*%x8l!NL2g7sf5Fkt=8 zJD-C+X5DHLz+$t|&mXNSZ zA|@*|kHCf0K(>5-bCDGS7@c%38XSQt!(QMll;+Ih+5+N2T=YrBU+c4zvs(%SIG0W$rE#=t$vmcn$Dtmtt_a5Bd}vrFP`x;)wLg)k3PcjvQCLjN{qC}CkiP%1a$XsGCn z3zg)a@6hMu+R{7W#B1@O?O;~Io9m#IbXOgoV^DAafDh7)PLy4EH|#pLK_Z~<0}75| zB`%trD^fp`(hF{5)oA!1-|g=x^K#RXT6h)t&C5M@=*ySCc72b_BWRFel4;~n z(S$73552P9|0t?j5F(vQe5y@SH*Oj$CowknQD>RgZ_) zB&e#uAjEYZgEutmky|4f_dI2|i^O1!2910I@ADY|+#9X79;yXB`9AFr$h-Z_s`z$F z)sq-(Wab7V*&vEHPhSP3-eM`Humg`8=aPo}2q!*N@_BenZTt3dAA_T3%}zc9AePkK zv_%R}g!(b4MlSZ<&F)(fmYKcEoMjHx*{o4|xCf09BHyh3yn7LR9BT11QMLt%1x03m z8p;CiVSjm&^WTwN+GfT8eoMn--x*+t5?SG~u>(4$cDLua)609bMZ%DsZNwXcTd(YH zMVW}197Ti!i9?lVsOZfxc4h&S>u2xoV}{X1FUn*0?cdhN?s zTdO(TqPt`gbEe1%*wYal8eRb@0D9+3$`Lh4PrEIRd69uR53B(%So^rY;$m}X813Cq>razkApD}>}4+RDD z^&h;Lr|>_?hr)VI!gxljFdv8tYo{!)^LAin38r?*Arq*~6Ye`^S1 zkAXewdJ-9ChdQF0nmexhj?Qn?6RnXd$Vj$>3`-B+wEpo>!h!v-u9wm!^0TB`cLF%l zc4k*Ccv*R-&w%Dq;p!X!KXQvZUB54cp$^;t;sMe3#SgJBo*hF8xo<9wJ=dtz;f09i zm2x<}&|6bo{$pIodIa{$AgBQyn8CHF@ERwjoFTmbI>@TS?tUlK>zI}A`5M~aZwMcG z3M$z?wz=}m%3}o~R&af5u29iZe&Su#T<9I~Q~o8d=TDvI_b?c}X?;{^XXyr8SrkW= z=?+slJ-i{+OAtsY{pV9&r{G(#U4p=vpFRlqj{098{qrY{WHYe99HS^{< z$;YX`_d{-5js3$~p4~agEvVo*_a_V#UEi4F8HQ4ZD7nD?ZT1bFhm4XL*mfO^YXx#` zJRX{kXq3@u+HWC0QpIcMHs4|_dDa=j*#v4t$FcfQ(6w&o`4|&3M|a~3DfM^8de_fe zC!ERHxcR0mAv?HN$7E8S=Q`A^DOlW-I}R6rLtX?D6aVs%lNSc#LLaUwq`h;Yirj)3 zd_R2>_R?3%rz6#PFv_o(=dgc4O#_nf)1Um@>DMK^7;oK(}tB z_#@GGuW7F-g8+|x@F^|wWLEm;LPVs*sU-+BvelY;VoF}p!1ZSh-Lmg|VvH(h?t#uE zsrooOd9f6{j$wu1oZc;yo-;fB#@DPT8Ae4Vm5b>VSUq>4sP_A_arOvVYK9@0MC%aQaWAB8;>YXQZuBnyCGLuXbB;zqNwPPIH}pq@TKp z2P`;XMtgH>n<>xjbBZ3nfRfi`uXm<*dO<&|qKA#r|5tNo9uM{U|NT)(4I+({y;8O; z$x=cTiON0{hJ>$+ac^SyXh^{~DPGvzA>@7w=49<6&#IlIzEs<757JP{TwmGSE;tA@Gh zLyR`1_5(C63c;Ie^_gS}O&3QUBbzo6CXHXp?ws~KdGQ|ZV};YN4(;ZnCx|#TghRJ;mGi$j5KY4e9h zGXI|5PfXa{`MC~3a^@Vnq)lgGA^tK}J%6uv&2c#C2$jrfC{s}5S94$!le2|;J$s?t z&rWQw;r+hncQz*2Q;yzfIbw>HtC)>{pzz>eavs|p8Kbp#wmj1GOJtE;M@>PxYhZrP z1tD~vGo?U_Q$fPu!6XYMxOrLqN>$H#5Y>RTHCskM%D@$ice@fRsv`wlJl1!{c&3U= zm!wH&-}KaPdWbDDbpNpK!XPT+|wnoxnh+a&1zdN*bIk5eg^S@C)F}s1{G-vB{hIY;v z;ArmR5_rxCyZ+!|Itgp-b4yJg*{+m_0Cu-&he&5}-1|DC54W1Qkf9ChD~nF!%#*_| zUO;2%QJ3Oqb%qjXS0;~p9GbyYsoW3QQ-vpF8CB%1O|9@hIvPYYffI`4qOaYjh4H(+ z2e3z6mTJB7;c#3PBcwY42W0#4-rszzr|$OcVu~DUf2&vbLK4eg-_1)Nf56}7I%0eF zPc@R7j|KZq?YTCtX^;wM&MDcNQRhdNp6+)Xa~2quO9rL6390eERH-e>y+dj(H_r*#|1z_2$J6!+kqwncbb` zYU}OA!i2lC1_>#uRb|Oj^f4)Pntq?)M43Ckza(bJ9<5tDG}=NRW2+QJiFy*TnrwHb zFg6mSRu{A(jJ3J^!&J#Z7aIy`1Al5udEPU1W!++Mg^zr{c!d7jo%#v|Kv(^^-g8W{ zWXB$~JkQC#sQCBqAC>!BK_Svc<}=reGM?~1p3maSnmZKU8={;Fs0FLng%2IpnLoO= z@&V#VI`InwK%O zVE%KBW_8?euef!)mX0+SxfGGMkVo9DFaNfV)Q8o*)p1Upb{}Z7UMSp6BfcT;cz)LY zb`HNX3Kg1#sJ?oHJdKEja@x2vPY5@+o(29RTN$;loEDpN9k!2k8t!nyd<*p`=y-UG zs=w;Fr0W#11JeT48T&HP@du+j{?Uu$M0redOg=wx$5~W9& zjbiXdjU=y4zph_@UI_lQ%d5kpMP6KBMhINeZVS5vTyEDEbs&+Wzd32}mxf;_z-yvX z-vu{fVFd0!|NJ#0sKnmE#53izOm20vVzCX-$11#~Gt-)H z{SpGYHQFQtwmi%=rC3AlJQ-b~Ohct53;y;h!ZHY{<8X_+X08h@A?ky>1W+Q|>8PBv zNem2iL7rqiB@UUdaArUB^(jek6#`fz=Htve4&I}^=Un)k)^o&8VbyHb6dA&N>$ z$`fQhQK;^)O9FB2I8Xm~PKE68ge>e2wg8`U0qXlK4~S!l7-q$BBzYLrz;;_MIm3M0;LoRR~Jxj_&)S^ZEF$eK2#o-c;-r)Ft{ zoZuE%-YVq^jRCyXa6?jax{i>8dFT%6n^n}#zOw(G1FP-%XB8RB5qw$W(6I=lb}*C9 zW96uu0@d~otUv{@EbbPV799r#Ze+sJQ#W}44@H(%q`p*ahHHWaR%cOCtn10~D}8)P zQX5PCHZPZ!hwu+s&*oOgA4V}!Z~HdJF=*1uac?$xC>6e>r#!No<`BJ9u+E#?*Cc*w zn(m?8hpD=(Ft@Cm6-k=%r!(crwu7~^l9DNpmB59G+|!X~{uHSJ=FICXUFZrqjl>$vz~9Gz|E`I(#m_q8pd?46!a zeIDpwIgtW-R{m`5tybk*(B#%jPr9a!BoJ{}~ zY#03izbaRPBM1AIA&O?Qg=D`nh0oBe0wX^IL8M~s9{jwTs0&69gz@JR9I@Z&4G&-J z4NHX&pK@_V)Z#}qLDZdIfuz(Mh!od=B~EYth311xVR$ zGEm<7-!B^XMDy|yU5dnaOPoGraflm7fF1aqk`p7Zjtw&DDhLzwi-HW3Mdf0Dj=TI1?ZEtAYlVI)0z+mk%9)Z&I$Ju81U?f{lIEvWb?p+Tt0XvR- zCS#QHWJ*U5W=4^(PIncj;>4|5d-!a*Miwe(vF91SbyJ;3d2jb2gLvzD_^w(*(YGS#D2-1+I)9ND{=(y@Fd!8`4<@cMLy{ zew=69{WIUHt(opw``^S_UypN+&6D4|G-_UF`rbFjAurq?CQhSy3N4Am6`YFrd=0=`iar2Ws*f_wx4 zxN0qZchd%c)68Q>+_I^mJ(<2lb2A*|HFq-cOk*6ED}_9JCsxs{L1ygGwk)B3>1Rla zB;n6OJKHx>N(S>JV+Y#%>%V_GjNmgVm)vxkc)JVQ+L7s)`eG;B;-$U^zG=!WU=eg? zMkax^vM&oMVPxTK3VU}m@u&-5Xhfuco3eFB7U7$+!V2|>dEh!XwEtzwZi28s&0&VC z`&F^xP^}!U!1PY&K6%TXz*z%g?a&1t&*$hkFgK);wC_#gG3ZGR@wp7y)@AAyTz|G( zcA(~e!;Ew1mM%>_!WrgW)~+G$4RNNC?a*U|w^gS>qs74lsK`gWi<{Hsu93ekhd zkUaj5m)7W%t8HCkv>0bKUo0s|9t95S8w*e4*N=j}k%?AU(!V$$@ULL0TU z_d~!HDKi<5WLlWqWZ%dB*DG=2 z=)t6g3#JR{Bp}@yYhc8VL+z~mS?=$sVyGC&U0I$Pee=ICZI9b8Ww$Lcu39y{JPXJE zb5r$-j!;F(En4hm$@{2@&}55^s(bF|TMnwUY_#2pZTr=IEjR?uCuL+uTj0tTE?aE; zwIhg7huJp{eR|yQ8RPcQNxEb`9Ws@hWfO6JG(XzijX+sLIJ{mW)u!_65GGKh_mp+1 zllwg-X9oX1?r3ZN`ow#D%}ubSkMDgK2P~ z_0##79N763FXZ%Bbn}{ET+E|2S&-7KHbkKfy^{uN|^G! zz!)`OE%;QK9B90_^OUX!v%B)HU-9f z4+D6IEsr%`?bAYw!5cUZ1Fz8jmFLRvg8I~rq%G4mlpqD0J&zN!9*jJC3hS9LSI9f~ z$gyH&^=vt#P&nnYzqPrF(%Sc}_RO(~5jhl(V089MTP-OF_k69tb5iKQiO!fgZ{6JV zSNJJ6s9`y_j1_meBTXQ)0GNX9(Ij{CS+^Witp-huf z!Loo@#VHdLyNifcY298}zcAL;&#nrA0e`x(CIi>u<1G=vWUakA!1UrN?V^Kf7V|^t z27xPpZ7p;mCMY_vlQ}#~BbjJJ<)aRaHz&nSd+H}BA9eNEILpj{KbFvvxKQG@NXGM< z>1H}PGt&kcsPYBp>Q8sHt1|uE?b+FS%Gl~lBvS^YyKR^SE_QHAs%}aqj7|(5*kDOn zc|pBefH~+Xu;nv$PjzEQ4;XkRET7P=ZA#ZJLQKX->=+aX+9{M_U%y*8MPfh= z=qw&RKuEWCPQu~)%g;;q>|jBkQXIA)wQMRKm>3N<@WPYmt_;tnSv2wGBhuFOSaY!3 za$V;~+kjJH1hrN5vC}lN12Yuar(ygC62lFi(K`TN8Aipb-4d@I$0Z$MGTE-MuWYR3 z(X4aUz%$jbI>5Q#Dc4v??9#1CB^7e?V$UKGL18o@H;m40Cn(D{-IeF&?f zpbdY6T(2ue|6|)vF8*)ZZ*#Hv-JQV=T;$qsp)9uJDZXDfyx;f>2)(0!c*^NK0J;_j z$5UvdVt=?NB(;eNc48mIb`vA`yJp3NydvD?Mk(TEc!v1ypr-T6tXz!Vh@DSV=nU$C zC|_%D=jNH~Ay+Y3`MnXhn`k|_v8E|sNQENcxvh`9)iL}QZIgBlr1RojClC}Du20yS zY_4N#o22HV9e)M(PMo$jp0E|Al+5#5xi=Ahk4hwJQX}n5lM8b9j1#G@?(tW7Mnd=* zJ42zI9@jKhDWI2O+nwI|*-MpsjPX*P(#%xQJSZN;s7j#NzRVtxdlnmz+%hZw1$$Yp z7e(0htF0+L6ELW-OZ(PoylezHi9z@TAG^Td!4BYp@J_tt8><7vX)$n9b87Y_OkHq} zaaD12q|+&>Af@o^i7#&y*L-#hB1+2_Xwoj57U`;H+Co&gFEaB}yI{KvCF0uQuHTs* zxF&bSKsNDTpwb2PJ)eYh!rpdCWhUmQFO82KUn#&Oc^v?cj{S7<`(Y^@EwN<;VNUCx zIle|duwEi&D{zrSc|2ujqhxP?F>9UN;EgvESD9Z->2R#fJdHBkXuNrKyD0 z&=4%x&Y)z(_?cUT?6!V{cVp@Lc-(PSIi0hkZ!UJpNr75hxhc9hzcsoEuEL`uBXIHYWd!;*vp zc3>@9{xa`g^C{t`5~*>E2E@OeJ0k@SliiOFuem8LPP9Q|E|Is*_8NSYS|<-5?wsQO z%J^ze01VO7=U)8aAY#b9ihm-d+&FSp^0OiR`LLmP_@g)@lvkg0yT=tRqy9upoZ6!c z_k+!ZWdX@>TFd${9KMW(l8wvcKL8*RMB9AvH+ z2LprPxMta$KiOIICVC;W(F#DKIyUC7lIx|!Y|Hd1l`1w3KGte7UaROhRbQ4QjI~g2 zdID|@=Fq#nv!ngPr4@>vZItUJ>t$l$4^>=8Q1=pizeBFUKJ0^o>5^HD1(CQf_JudVQ&U z(TtFdGTB|Cdh)t(Z5AMJ3856MY=rgZU3LybhpqvS=p;XX`bXb^M94{s=s=8Ki!t%q z=w#LI=ppT>Y?EEbUCQKGWN_O_uA8XXKd(DXPR-RYaU>b`p6`;Gx8L4_|JFi z3Fm8CLX`gV5y&%83W#pnEuKpFWD%xu{U&Uwj7f@Jju7kk;sFd9=rVlSYpV#+u!nn- z`JPn>$z=5T?rYzN_Fd`;ptD#SPyQY3!xiK=IDC9n;@HTH{N{-djMp{xub;En7$H~A zdfA4v;Rv8B80eI?Z5GZ`r5vcI`w2jccBJx$kJZo`xuZq(u4L;%PpTu7tz6F|t=34U z>Hp4nYB+LBY0Z7E)Zv2=Ddh)j6AFEZ*3QS%$nmu?b`dn^9malqrUi%9p|{V3(Hem= zPE3}xFUx#zciJ1or$kYGawWw5PaDgy2Nh?6Udi0sGjy+MpgHR;U{x4FN&4^!eADN= z$9!0jGyo*lNUg%2Yt~At#3)Am?;KbusxkvWp=BFMR*&$5nh!pnL0$G@`5ulvJXUM< zuY>oaV^Yz6UTpty-C8()dV1F72Wh_u)WFhpONaRE8#$p6aSBtTRyJUvsdn-HV;{cT z;rWKzzp77r znx64=1pA#-Iuq;$aF>`t8->X$#JWU5P4Ak4*3NDe-_DXdw(gYYqScz6U4MagF3(;r5U5+E^|m-b<(z#753`9XE^ZgvNeO?VG`7nL(SkLOU;ewWrK`EQBf@ zxYd0J-|h7Y3v6mrp*6h&@9Ukup8C`}{fT3;;!7ploclL!9CBjLDp}Co$|^>#x#OQ~ z>1zWM1)#^l@_8`t^(Dx*rE8v1>`w_1l+f?}NP1~Ng$hr4IL4R6!+_PC`jLG1MKUMl zw`2RUM$UboQ}pS<^Zb!?>AF$Bv|-NC8%*35s#?Pd!o<0FQ;TIt5K5Z~xRv%1NZ#tK zrC;bv9Pvhpf*P0wH8*hba4&Z-j%<7kkVWg+$YF0V6pf6;7FnkdS&%(fUZlR9m+hu4 z(XP8tQQHzF8SOpq&^Pp-+L6dbqRv@GRh69)(F<&BKN=!7 zj8@j*@b?$cmZCwA4lxFq5dPY8kktbn&-0LBpF42Kuq!?Oq`E2KqtfYy zsx|F~cmXA^89SwVWdKZByWGxr#i*ZAN)2TMYJ3*;BjM<3o#hNW*(2D`x8}G5)NZVdSju79+>36c8s|)kGxiI)U1FSBJU=_6!Fc&&J7C^@jGT@j^gAmX#T{)cv7{y0U_V7KNZXW8u_ZT@GQIMyF0>UP7s$ zhG;Zw0z`iX02e}bI=l*2q0~LD3uESRe$GS0Sb-$f*=CWv3=@a@)u7^8eGJ?W_j47M z&=Sbiz^0vtEkdR+e&irxKXJFVkPJEU2C&hGAR)$*VvbIj2J!!k1YNYgPSi0Ot?2-_ ziMzA&?!vzk9tb&xQM1Heo&?hLfBSlUx^$sE-O+l}veUu!dxW%GZ>O#?avDM|(rh zFB}?O8Mknp9&XZP{%)gH8TuI=Lj$pGUGueO0N1{+*BORMqX))D+7rCWEHhw{BKLwV zC=M0q@M82~5r@?DZ2B0*)k&{ftm71;kPHM3B@E9Sls`fM%05R3A*%ATF^sQ1w#=;A zW3d;;6*BXW=*Acn`!IWY5?A7_wVJik`e62gzK(!r8?%;a0*n$a*HYXe;prBTuDhgs zoR|=A!EBK0SigqE=ddkPUw$lT&4x9)0I=X>g)`G4 zs&A+d%2Ek!Se2bCd2d+G8pA~OORY`e{A3$9Abby@S7>SC9590gC%kJe;@lAJ-Cw>d zeaS|)q7i1;G-e4%t^-k~Ke;h3zab8fWfC4iS6#`oam`qePZ(vwZT?LOMC;$_W(=7; zs8E2UT%ld5OEM_wbQjxz1;Bn*`G-fap-RGCRL@^i&mJXfHJJiH1(`bWI~%%Ge?5kk zyRhN@7tc~FM0StyW`2o?xX7LIqmilCdf{Uz``Hy%+AL3^l)b&hzQHaZX)~ zO!8{KgJAJ39vLu|JF=G}oL)e$cW;Rdfww~I@do5i_kim8geNY3JnsD^^Tq|q!B_Tu z`6)bgIS|ojqS%) zt&8B(=ri#o^!VaZ}{SH4~5@Sg!5zqe$v94XleY|y#uil`%f^k+irNy?^ zxdvZgMVBBPN$K6*Cg9ka%QK2034Xn@UQoj!R^juXN=zTn%$fmw`O0pO(|HZGo+DSg zLh@iA07tmN3mh+0;SNlDNSO0k!kqaHAfmtUH(Z3@o6=a*3HXdK0x_1)a%n=tU4l1= z=!KHSY*Q#Xck&9`^#yU0i7cgP`J>Q{wvqV>NX)q3dniQ`#vzISD4lD%`dHYnQQf4I zJUqE}y%(5%?4i2$L}^aa9s5}818?R2iBN@JTD(&?Y)fvQL~(8J%~h)rcf<=`1xcPh z?^lZQLA0n}@$wYdRm`Ir3Ze#b^pqDWBDgSGYHx#beRHo&6019}W`ddIhd$zrPg9dRQtr zB~Ez>pJ7na?m9nWiUe=O%p17O1lT#gU)HV!tm<-5dS3i^BM9YWC5lH3+wD|lP46QJ zfpw@k^Ch(w&l$v+x)H`Mt*^uG`L2SVSk>!Gi58Ut-$l@_Cq?~Ge+(>x5yvVJUA+Yx z9BYV-nP2Fzb)tBj8;5^+%J@>}s8%I4KKeyd3?d%za~r{lB= z|NN-P^zogjwCex8aQ^uGU&6UV5T8_P0%72k$BKi_aJu{Y>An9nM*k%_CyfCT-Hv+_yE|xhJ^SW;mI|$DV}yqWMApdEdzVe)v%i5spkE+r zC4^GgUJ<*@&sdTk?(q6i72^5AcLl9GlK}~v_5xcDsS8KZR;et{5yC9w;D?V=rvCbW z=Jfv`a)AHm{Wv2egV3P;s%JMY>Ca6L`Sbr&+yDFD{JV^nWCq$Tn6wfw-I;GXZrRKe z<^5G*n?uE8DrWH`8$6EoQjgVOqzeW|?l%bP`OibS?bIh$V*sPRYeGgCA%!wlTIz!* zv$ZpI+u(cea}f3?+ehnNzF2xC652VG0w`~XfB8+n{8EM{~Y^8hZDBUFXRa*M~MG9%NM{XQv1 zC7RE(qEb)(>uzz?CZp{8^lVMdgR%=Ww9ZkBV78Ei7{XL{);61c8ng(k?Of=pQu z6icVpN$m)4$nvhwHNB$KbgZ5%a3hzixr7>JBJ!_i&{*mNFU$ceq2-Zy2J=eI8z{OU z&bNPke%kkx3$iHn7}TeY1n{u#Kt&whzJ^_dpZYUCA{XxGaY@cdSsF^Jjwg2|)F}We z4goimV_fdtyQi_we#zzgO9=>_F`%k<{e4Tie2hwFwIZ_gULCvFa(}qL*tzp>h4xXY zB4(l5FtS2J_~0h^uDNivQDzR1rNCm;Z+QRFhmzU~0-1opLx6=)lF5KfN!F79zPm#k z;NBX~Hob!wrwx?M@L|-6%VzB8NT9d!nteNfliB*^FY}YiHpn=K-Y_e$n|u!A5Z{wa(RqZBcaVsjmXn*P#|jcm^(DZFbq zk$KCW?aTkh3hK4PGnqh>|1Ch?+Kxv#0Q=bAOW#owyzlGZ3Mg@wya9EdeiC#=mT|?ERSGFOYQ_-dy%Afg(~%W@&U)bMu((~%%|#Dg zqY!ARU5}N~nOisS1WlZ-_Gbg%}uMGv2`01CNKW#SX%53W6->A z3>C`=NEG+n114?icprx$gG3fGm*bB`Br};`w(!F80O7RC`E`d?p46=A&i28Kt{Zm_ zw4+4y=iCHhzsa^4m+j>97b;zjDQU)Zm zK@K7umMqrVBQTipoXW7Oh?wp?^TZI2&6lmBTP%*V_LnMVX8Th5J zL8iR`g1O(A9`0zs{i_yR_Mcj;!^%S!7!6p|eP54@#yUJ)g@^aYT~OL!g%EjM+N}cQ zj&%LuG7@nIopD#Ia!}Pru&POfqwEtP^hllK~1BDu&*7TNi{B@D_P#Zn~FDz(%BsATdXN+qLG{ z9G5o&$p$!H+3WmT@oiwP&?y@&-KV>H;Cy}7zKX5`W-|4@?aWLQ#L8M*nA0?|{32?A zmok$I75MXkg9wBz^W~`3iiWo+e6v`pRP{uEw(sj<{Nazx(NN%OuwY5>xJ0o`b?|Ee zpt!`6_{3Mfue@J#$s&e#(+QRJDeLsz=r&gjJruL*wyM$cDSfN6$K#h(3iT~nQwaaz z9#OxqFZZN^p*b-k;)U`2qh!bNgHj^rCf{)s(pUX8n~*v~ui!fYf^hVd$Fr7(RjFyO znym>GbXtIPyiXTSr^GZ9*v!81;nT&e^z=HxgCPB{S%{N zG;HEuv7u+i^-?O|j*5-E_1}3IeedDnbAmP{7(w;AkE9l;)@6V{Y}4WLf)wjy)UVm4 zvelu3qmianhh>Rk*x~+)lWER(zZ@LxSR}S~H?k4IZN8Cq@6%HZ8=1m zdoFTUpwUK4$}Ay1>B$Zk#iM-kd;2jadd=y^2`<2ep^je(4#p zc?qpX#_Gri5nFlkGA1)tCYZDMk|qmQVn)kOTgK|Ib}|?DC^EGp)Yn;^Rd0%xHW)dF zp%wwn-tDL77fQbQjy5kHT0O4ig<6x3`U>GKJ&S6OBzm|rNoN;jxZ(&$Jq~=D7!F^ zo<3wGXqdEgfoZySjv66GNA3OV?CBu+0?hH1bq=`rs z78>ZEICnO==I)A3Ms1=`DV?P*;j|XMzb+*J;-SQxS{aV3T6?HvS7yteV+o4ACLBL4 zTwOI6yL9>~!UY%3!4f|gkyB0^okur&pF%YZyL!p_`1hPm+QbgoB<;UjZNK^=SdUwtA>(|rbX^9 z34u$M@IJZ=rkGQcn|o6<54Nt(%_mEKqT%;ioLE?eVUUjj+TKoWABr!)ZmaHn*J{G{ zBmuoR_AUL^&~Q$>m_e-A={r~Xr|eITApqfPELqhQoNw@BKX`3oTL{$W9LErt-f_rZ zw6{*eKBPev(ia->6Cy~kX;kt9)ft%EEqdtXE28||c;hGNFPI=hkY?*1sdQQM*loFH z&C*gxs_0rG=f|b#f;Q+_>nl)Giq4TeqWB3RLN$(jHhYp%87QT^vk?W(vv{3xujf#s z#PmicM>#WzzbAl}P2VDk`vGEqJtf{+lD(9>u4g)k4KHeprHB}0q|EOEOkBZCP2utF38IvLx3k7 zA$o$$BAW1&RA=HZb{bbHst6m{`v?>DO#iDP6goU}K!;saxBi zQ8y}RULaOYv$B5``d?Oe?9|9S4wUayh|mDzQ$1YThvN?2$1Zh9N;!iIK4=fvU}dTP zc&n6~9?IBWw_2Tg%GkIo(QkPDDD-hl3jESkjoC8z$B1`08<%!AwNq8(g&_b0z~BOP z;khDKBFn=5LK?PXYVL57cRXqL;Ld=JH&<4p$m1G;XY~bCd}TgK5nfKdI{N|txbJ+U zgB!3dCuY?e`BRr*@Ob|$bu}j%!@YvL8pptMZp;a;h2fx{OVzL-7C?ES6)3nIdB1`j zbK*bM*U%CLbD-bXqdv_Rf|7%&7r6HoRQwuAHj29W7N*dReJQ*~&lX$b*l_0B8)W|6 zY$x33M;nszQi%ZrDa-!mMY=L^J3o!g<W+;_VFGA`wS|(KAmJ;Kut3IVy~R_8P)} zG0nx|Ct=IOP=yW58yMc$g|~hZxUdQ4O(ou!A!(5sySBH?kcWN-h-<|fg|eovy;j?) z@`M66*XEnxT%1H?`Eaf|XJ7ZpXbTpj(wbKs756_36;9D-ok*(9K&+-tdxcnE#9VHK z(lK;nk!%z)t~%=_SN-H*0EcHa>}uy;cl%O=)2xEnE9*+k1M2LaHs@JXavMnJEv9zvynuM6if>A6T(|LF1!wfP62ShOKYF4!~5S^gZY z6Q9OKr*=G>awg~ky3MSuOs3e^bmxQhKl^rsNh? z;yi0~cnLB!b7P^qbD)ZQq?vPzAX_r@{&|+S>&=aKtuhk9q4e}bF{wv7;T#44{eodTewI(49R2v1N4PCv^*X z7FcU*PZulZk0w{nj%K0c6Y$edN~%o8VdP;3u!`~Js{~bz;#XXl z#0@msR2V#AirRX|-UC+cd1=~Z2J1UEOMA;Ko!yRiu-D@oEVac#=c3n za$*sOO=$<tJ zYy`j{%ie$NQv2OcY;X_x`{5n@5W!dhlZvdo4JzfGr%~_Af&k?arbk2472n9dQ4mxR znHsS4Fsl*8m)o~XVu+9O&oiO^Z!Yot#B$vqT^t$gtKi^ zeBinN#qv{A@+;O+Upx*?rko=;qWJ5FkzN!0`cC~n=7Y$xd&B6Qg8HH)?)|#_Qp_?E z=5I7zJ75qwkmRy5Xz3~~q+C1QXjXSG1`@D-jZFClF_X%dn#4pouBH5zFOClqJSQbT z_|i-|@k_*zV-p#b`fB?R9Pt%eGo9n$vvmmryl)f^2q#lHW!8jke@Y?EDXVs59!5Fl zHr#o0p%=<6uF{B@-s0d3Nc?mvc>DK+`fU49f@ytkm7_MP{(xDFlWi7yrtY&DQ z3?$Ew9!wTLFLd7QWl(bo^lv6go9#g;M@9}vT+98<_Zn)MA6p%mU&DNhiG#Agw+peU zCV!;HWA=Lc5kO>~!1zbLJ`BCEIZc$k{4915Qry-Oopu-NECjEg@?3Lv@*4R1d}3=* zjRjbsp>83B>CxA}11|DdfRW)(oe>!62Bu60;Dm6OFXmZm-RF{uHuIP#Q)tO-HwfT^ z<8zPLqt0{!4z#%?^UZpKYjH>wT`*iNT-Mi22F;hca!C%PRdd9KM5;0ZE_nvJ=Q%cz z0bore!*0TrgoN7pSsI=4sX56x*EP#I%yo4_nAWmgV6!>UCgsvAn@>xUpd42Oe2Ii1 zZHf>CKJ_Was|&@)vF$RIJ)UT%@a)3Q5#5io6oCjx046TW?Z&4)iHP{U8*lyuO?eK4 ztzXHDweuGXzdQou>#jxg;D@7#lv<$fDos4vS1i2WnwnBaBT1PHR;^sP0emFr=EWe& z;Fo=62fyhxKFE*oIo94>e-rxJ54P#ykNh$8Y6L3E{b-FRk7PxA_KVqco?*JGmJ|rb z_+q22qFBXStF{LGk-k_Kb{M{`egyvXr#&V%D$H!Kye3gr_M+-qmJFTF(+8|5RE>hCXl zF|B)4tgTR_x^MsHn%C%f9+Gi))>o5j5*935yEh8PdxfC1#$&6W_5)w<9@z=y=b`w3 z&dig4>^;c~z55Bw6%oRi7{oZIzWA3co4CA0@7rvMdy3TZO9WMG5oOa?(M7Ztamgu< zRm}ca8O8JL+G=_vXJrd&fVFtS#%*z=iC@q=-ZcHnVGi&58Aidw;#Su)zL5-}G~Q*5 zin!8jgiqC~Li15UisSD`c)+&2z|-l!^8&?Bmn)O9y%A4t&X18@Dtb=mx*SEIFy4rP z_VAMICou14LNp6yan7md=nWqqt$#-ay||Z`C)X6UCQV&>)-2W;eKld6Xq`ahA|7Oj;qac@W(Ec)GHkbqu9)LQU-6cQ)Lf;Y@__@= zlmD_d8M;ps&bg$}E8azlsB*W6x`@}WQ{)SCa~!~U|MTv^GWMr*GXfsQ7}C1oJ4d*V z1ma*3hI?+y+iD=jf@FSKb^E2L@p^=Ao5scGCbqX^18%MLgd2!a|3S~T#57E5W)Coc zUzcQbO00b-_xR^U<0}5U$}>XCO|i*B#B9LQYHj;n5nA=O*M+C}FLOGL7B;=rQghPI SUps-kf|7!YeAb1VKK~6=v-v0h literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-protection-reports.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-protection-reports.png new file mode 100644 index 0000000000000000000000000000000000000000..58fd25399450ef5aa202a29f4e7420a65a8edaa7 GIT binary patch literal 139107 zcmY&<1yoy2w{{gRP~4#ecXw-XE$)&6#WlEw;z5JE6mN@rC|2AFR@{QSyZ(Il-tT?a zpEb$K$y#U6%sx9a`+4>=;i{iyG0;fRUc7jLAulJT{^G^!@)s{&k)j|y|FY-a`TY6f zrHi_(#EbF~vYqFPHLjP<^5O*{_J7_l2k6ekU%YrKl$ZLX z>1n*5_4eCT&s@k@eQisFKgO)lk0w(4T-NTokJcxvhpn)t|9f?=?z8Rn+$?k7SfCC{ zY`hA&%-W#p|0>eo?7}7A`UaSC1i9uHDcwH?bEY|>t%zN}lk7442~aV`%Tu5#=J2^ZHLk9Trg`db%A zJ>;L&@T8yHO-+GH&JxQ+VZurAdyl7Aq}H;bc|=q&*ywgC_i|5F~?>Wh7FB zkv&tk7dt5q{pSdJ9NI*492$lDH}N!|S@y!;u;Ks5+J9Q2KOh{3maA)PtEXjIIq(hY z@wg(p$?oJ&idm)(UbXxn7$prJ&fQ`A885+V|J5ngrw;l!RW7C254o{@HRTKudH>t) zGdx$r>5p@s?vdGBuK|xoPmfqC;t#dhMgjPwn~*`b^20C9pMk&K_VO%-(;2jW z;Z>UthED#}pq7uP@#vz)E7vGeI_cBKE=MJ$?0WbRfOwz%qme{joPh;ZJVc7+MTl)j zS5*hEiA1sL^N1DhVZ!zuvKF4jr~ULfnua15lNzDdmy83Q9b)4a;YaD(&#o>uyZa~{ zIq(>F^mFQ$7J8PDTgRV(*N*xAPmkLZ#aQ~aRsr`nXVhM&>kSvVhW>~ULI=X~aFRo5 zLmZ#Vy+d=~g}DYSl_}krf}71@Z| zS!(sWi@mT`zq|CpZU>EKXT36gUQaKt#pEe+?sDydN3D3G%f8>86Ms`y!mmyNpg<{4 zeJ-VrC|o-CE@os?RC^OC<-zf^xQj3M7BFMafkQ`H`Y>BJd}s8?4;8-2{82Qv^W8-~f3 z%}lOxTlHA}P=ye+UQBM4hrhn+?s2QUGo3h1oM`VkSsy-~ck8)IWaML)z6mp_z!ejc z9J`&h%t6hGlv_L1fY+an$x>38^+ff>QoRilOee3$LDi8ynuE~XUnt?mcQF|r-5nLsIXB>LlN(Vqh?^yO74WLoHkGd9*rZ)%1 z)2Mv-6ki~h%D@;eUz{VwluaYgC6XoZQ`2yj&Rc!exksCXp0hYdFYYUj@oHLRVrXFH zSSC_!676Q!=RdMZYlcKD(1M%E2^A`@2t3c*e#@b^sk-AlUL09c@-&aQo76OwIzOIsyVfxbl9uie&WUvnh~^8vEE8LroR&3z~Skp2Mj@=rBOM%%aeuJ`wiWUOU}_8AhBX_L3Ot3THWS92%pWQE)#G>Y>{7i(-Jx*jELT0kW6JoSx+Qd(^h*XGm+WG#>Hhe8=ne3XGN~K>nH7|I_IVw#c#_1+M z6+}H@E}V9bO9VRK=T@P%#)0pJfL6OgK%O-aK$wc?G2Kz;>R%mTCo-ik1WWvWJGVn* z+2^VyY~b#w1zABzMu)|GEj(+_1kitb`zV-z$to-e|EvBI5FN>A)KHeN+`h2NB!6ZPi!~tl9#R(3sd;Z^j*Hj z;(9#@ethbmL#QTA)eXauk=olk@((S#u*r2xD6*O>#bDC;@ojp^X@DYwa5}Bkjvld{&Wf{IKb~ zvK;3u41h{RcSHe_@|Lk}v|SbS<5eWEZ^SM7gJhyJzAF#XF&KWp%2uX(wVW8ukE~0t z(&Ray{K;-yDRZbG<>MTWe8-c*jAgXI=MTLfO!B@uli~cii*8Uo-&*yQpJSX&fOi_a z5$dLKl&h5F+e!Z%Wu92=Jty)L<(LwDjg8?)nrl8m@IyNnpk6FzVzGf+Iiik)X0gQa z#S6zfhF02!Yf4yN;(n_QzS3BrLY-SmAJ0V__wc!81`~6ndu`p3okH3x^9JspjW2m2 zCiZmiUUl1O8r(%ssR09r9gX`ln|7cnqM=2gqv@UI&Th8OTmx#w2*)gM)~V$cIXXsH z3jCQditJPHAUWx?#At|xkI-fOv>Auur){)x5>E4*Tm75#7(S_p6 zc=UK=E95y9rmiD{DF`Z>PnnkdpI%ebP|^*ZEqW~Z{ZMUgeVp6#z%M5&X@a6!hA>04 ztD(racWkzup%}w=<@W*!M(#&Ti~9{G^7Hlf!?tQlMU5->mL9Tduq+R@|G#tJB7$}J?wZTp;-cl^bU4v#JV zs%&^F9Fv{|<~D_x#EV>zdB4jD=xn-L*@KIBPVaD2XT3vXkinrVVu<$X7>5SN?uncn zfe}QYp2$l+|4@}E{^ds$Gx`{r-;NWA8fa^<nQFuN?zGB|eabal|tWdC~SdUL+E z+J1hd9U`RR@1Ow#g^pu4=YX>bG%Q9W{eZy9AKKXF3iv%P@Q7_56IzN8=4s`oMw2@c z<~z|2t*O~o8Cd#A$Bu~lb#o{g@!85-?DCs4!cVOgZEgcS91?c7fh|EjBXlZDIUJx> znp&%+SLTXI5@o;s9#552^oB-9yBIVQiBn}KUeG7dO6KNC$7v(k7VTT~TxjcVA`T}X zi!t@pD5x}HOXLwB&^XYhkJ=Q&pyIb5w8{L=5qDLuqB}a+%+`9b%e7IQcThSFBu0w7 zm|LJHh_GrliEiwYk$7JVij7vgb&THYE^8t{7%hYQ;o!j_YJd)#&}J~bm)4=<_P zQsDVWgHLXA>~ZuSpRtj}sXWTbt~d88O!rJJ5n3>&1{g0UC;v1qJzhW(+0SP6o)|X) zZLgb+lwn~%Jj*F~&z&Dl3}j%P>#)?Yj9_ylJCeevDZk56n$v#njqBm0_H7t+c*60d z_sLA;EN4qK-{JM-4=rTt32^irKwuz|Dcmw)wrU$FEw!h}s9LCxFbaVunK0 zJGD13gV)x=LhoR$LwlQm-FSh_2OM{O3FYS9Tx(}T=sOCF?Yq5e8)=Ma@Y(OZGrG#{ zt7Z0VT6=lzItR_M%;}X~tX~WNO&SYpr=Tfm!&Tv*i7LQopi;|U^epO$*F~i3GJT=g z;o%Mx*@>qD{uG+2vZn~eIDjNBv8OA5FO)5Y^jgv9`5k2D;9|XZIlduSK>y)=A7zpf zsj5{5y=odUJnEC~6yOJgdc$Yn!(r?-OzPNjff<3%Om#OH5%;*zl`8~KVis0Ndc*+w zoiz5}J$NijhvRe~8-y<(A2v|}W+&M5yp@5aMr~;3gGrJTbY+#`Mg7TNM#PNjLK~*V zv1?m^?ddvl<9jTOaa>QyfeFXa7n%$j3qu5FEj8oLFSl^bF7MIV0lg}3DD;UrS86z~87>_44p4zdN%@c&yV^8s9Z{HEGcen_ZvYY?W*l$=?g-N+7 zWs6Z-w>_%Qv7?R`-{F`KBuZ}D=^d{p^vCvWv91qiycXZOBL>R*&?vJ2j8_S->o_ci zjZhqOcr5Pv>B-t}R?*p4QeM4Po^x#5TWDYDk7c#hPGr_V(&Mt|7IyTb4$6kdUjL-= zyxduryE8&6_?&=4>32$8ZQdVrFTT~8aTIy-xa!l-&Ds-{6Tv9z14t=|qn%dql;0h2 zT~0aom&?Ia@jOiQD!gp}o-3)UFxMy2%0hmbAb&$NnBa*BS-;*X7Gcn+=V^VsWTx@s z;#~5&WBn?Zg4vCZFPYmxdu$VtDEB03p_Cy=*dpZiC*!CYN}r<;N~Xu9kdY{Hd%knh zg{vYz+a?i1HcqELq62i>g~xnWqmcD{jQ7uXDwK0#N40ERy>*dCtPqrI>-t@6Z1rXC z$ksq#Q#HU$MbIYT(pLIaHkRCs@7m-uv~R7%y!RnExJ!@(Xq2b?)dBzYNiXF|Czkk! ztaGhp@Lib~oUg2l`_&X~m=`DuAatMuB+5NI;NOWAbRqcKcPuLQu-|FGU2fVmUi@S{ zaN8LEY{OdFSX@D1D(FFEF#RyY(abVzvEw46VnX2&m|p7%zW;FXsBl{FjaF$QIn3Ow zsZz-fx1QCq)LxiVY2mnDtX_HC@2+mPNPJLUoOG&(+C58=G{)NL4iw;KYVeRLUV&XI zGVQ$CXYqyw&V2@}e4gov(ZoO-?tDty?QV(HiUC%ceqC@w1NX_vf(tzN8Dm+vhg06% zKDdP4kq>DEgvYOhe}(6LosHO@ETa#_B9AcT;v0#j68(L(9TD)_J3j>y#A7^i&GN`| zgt6AbvevX(H~=tb+R7L7?asB&(Dr;tnzX>7YV~YGo{+y?*I>~5En+iO&isI|tfCY+ z`y5A>#%=LY61Y55|J#-%TQ)=sCMEz@f%W)l3iw>^S8*2~_I^8fSCVD45uaE0DF~?{ zT$>FUgCw{onlz&~n90fw2aIY1pm?{*hSFZTY*7AXlzmZ7qyD9fWQ+MF|}^(#q^`H0^4A1Kq8o(R1W2|CWB;Hh5* z$csXC1fWb(jiS#1jt}1BpUx!@gxpRP<8WrYwo!yUY{M(s?q3=Sxy8r)BEG#OjuLzA zz4CW@xwFH|mcwB|x7K$4RZTKW2O-cm5IO-4YUHNN)!Iwm=JsT%KbVC=#h;{*SZ6t% z*I!)U@^xK@uSpN#%e230GkJQnw;IdzC>WO~Rfo|9H0anw5es9R^(y~q;CgRDp6w+> z{JYjMOia`#*K07Dh{uj$$?r(iCBq&uYpfTf8*S9#y zINn~U)qGV(q6g|g5^GRY<5{j_1)?vLmsCb2HEPGtJNHZLJrNt=vN*>-sa`%9vn(Uu zc$jJP1aI@nuP2H~6wI>Z+nHvf-0_+JlZ42_KKhTNdEJ4(^3{UrpFjDs0FPWK$8YQgM&3Ut^(tLzv=QL&4plEw)HA zBh{<(8uk;7>}I)~5ym4GFXyyVmo#c0?M{!Kacbxc8MAg{EtG!?o`WUWJ>^H!aVBgX zxeR6wb(Fe4HO&2Pp3Z{&mgp@_h)xfsKgWfc;7%{cf{Ly~J^nN~XmhA?uHLedD6G=> zomnTBX!*REw0P)Xyr9`WOQC&^EWUwG$LT5AUcN@jg#z|8Lc!p}$|$(U*PBBw$K!=FHAJu*Uw&6GuI@Tv z%qz);l?KFo<-R5g+WCCokl&QqVTfvCP9?I+v{88Qum?I$F>3b_D$Thl257d|8anC;5Eeo4*Z2Le2u?&4&w%2;rA39_7G@T>l14&l5ec zD*{y{O#s#A@6Tuo_43wn7&;-V#D)U?XoVx?J4!*c9KQ#03wEPWM=sxh%-IOjjnnQQ zIt@%h^?M=F^V3vjm%gbYU@GUqm94bm?2pq_L29k)*0u58ZjQ?fwX>v-{vkhI2mpSe zM;tcmo=Q1_FOxRDsATfZE+jFim5OY_Gh*x739;^38+(yokn(j*rg0w| z?8Nuc1w{n;c;qWbZUXQ~ziiC$TCwd#7A%liabor-+QiVuKM?*@Zw?5^M*mFxZ>^COcUx>Ku=Sb@4sS9ZKK?`Tp<28AwpQ}Zpd z2)aO=$b)o%^7am2oqCcUD_YJti$+qT56S1g>nEY5a{KeyOqSDj)bWu_ms?X{kKAdX zDv=873x#7z7u3u4xaJ_9jFqC_D(aZbtT;Ho)J(+mXG`a|ja+I$>IWTc?hIv#;BA1m zmgx+`@s;sJ@FKNYoG2R@17XV%5)Dop`*c@&RlNduYK>BpdYq}xC5yf+W_st1zHmFe z>eVgZo4B3csJ=8&_Osmz;?I&^ej#@IY|*stmw+` z_WYXBgTnVD4Pp&vslqS!DinE(w$5*wZg8kZ zRXwC)J?H^DPPs5URo9)7W~M?8+CA-bZfopVs5`6tbdh^%%-Qt|V&yY#-cLbi)*cvE z#oAzBv(WA{;V6#TW+L>0YXi4k^oID|7~;A&8rkcM)SE_>yyvL%>x8imC0Pju9Je4o5d^{{c|)xN8uuHOh&oZF61o8OFZQ#?f; zH&Jb_<)WUnhf(HPPZVwHZ}FS#;|BSMG%R^xZ7^v|pCml^>q)@397(X8DGf6W#em-t4*4+@YH1P5jcHREc(HO$K zb~fj^7R?U^!kl|9!rFVse21ld7d_Zp_gVpgTw206e2{7>IEMk zZrwP|ci$wksA)=l7O%A%>kCF8L(+My!y}SN`o2)TmVuH*qyW89my4dTC1tR}u1aE@ zlugBs6Z%l5TaD({Zi=%kZ!~=FzWczl8Gye9kT56!ue@Fj$XTk%ciB$a%^pwP<$M{b zHos;Yi%kDJnCqMNn?e5<%F@lTZ4@Op&47mC^-p;38`x+HnjBT)FtZ zGg>~C;wzWjj?@~bmo}5XVqQ17|7p-xPGr*{p;bu188hxc(E+#SnCQV5W=rxF8G_qJE$OmR1lo_F1?i>Fn#NP{1+>g&qqw3uQUkFTrp2`R{i?AMn$bfA3yP$ zw+*|Tm>cg;A}96nZV50Cl)wfs6#w*VlJd*V-0=2TOWI^H(LhQCL(uHd_FtFSt}^p+ zJ`ZZq8-{_kp*B!YlEk0q6hf2Pm@%G#Y+sC-rPQeo+NckbM##RDZr6p4R#;?pL?alh zBk-7leZ@DVH>1*G5qFePkd6F~oz@$fDejEZ;}ca`2LG?YlxM};>*O1ydNm|t>B_f$ zXgU#7&)`H^%HAP?e(=knJXNaEDyaS<1qkK^iQO&Sd`!6cePjugyE!FN8}?D8Gan?6QOlfpzhUgA3nA?0pZH2z z#j2|kp>*fT8^U-ta+iP$H4#tno>`MpOTT2cq)P%ZIHwUnU$4zweN1z22coC)eIcQJWF-!_$54zPu1-3%LiKIGOy*ag&kLRih=I~F6c=5uXmb` zS|!gmhliPw@Bf3BTCJsYeNT=)OK`8vRq8QomgtfC{dScKSh$I0m36PRS$;h{S1VOh z#2S0i#C{a%^ld? z=Rlt`>Qdcmw4HH3sLX*rF(_T~-OZ%DnJR-LnDf`{Nw+2OSd)i;VukKPL6WcsSSf=O zyX~Hd&}M3%NZ29sCYVb&n9P);$^C#Ou!uB*kQG8aL6;#6_vJBLfXR>Rt^e7|@ed0( z>;2F@*niS*35$Z<%r1Wc@Kn(Jbb!=6A9}e%yGO>(w&&4nVDX7 ztb>+j8B`_16^A_=UPwkfM9o0_^}|%DIdfEwh&&Q!8i!>Mk0u-NnX$T{tu}{SP~cOD z+ThK}A$O%LbNi+c&({uO*H&Nxjkv`eb42jc@nZ0iXwYZuc?(m6}7)ta=8ibZjRx6=JGrPL_+Js)wH$7`(7!s>*1dJ{`kS8 zk0vl;H4u8~EEC@mg*b%(AAP-~Q}OXYNd~u@?=~0J%AY>GN(S&Thm=6#eQ{!LxDKMk zE#99beSTw0ATOM7^AXq5kWn8sgarfSj$O9wpR;={ zDDg*|eR#mW&&WF3@e}|8_7G&vZj|ffVfX);i@xGP9vBuf#6sZl3dhgY~ zZ6(~1m>GF#AkYQH>?G@v9qCkS)eCAyN|E7$5!!y5x{Yt)FVPzWWn7HY&Mv`PNT;ud z;osho@(qbRGt@qVSvz_Tg?l31siVGUL8}!$aAP7)s}~A*j4`FNHQzI$!o4pJf&${F z=PPbfIcI_1nllMlgBu$gtY#fkGD=PvYu-4(=H;N198WIdfy9z;`gMEXeQ(e#=tgvU zlHF{lr2=x!GVF!hO~ps?_%Zx6uiMX_YYL95`p@f*6+Bxs+KTpGPNO%5d^rEl#on}R z5|h?wqsx}=*nj|Dd1jp7PGQR9pWd|HBZUe=audUE=;i~*VmUO zw?9AN<#@gi-*do4cpC=qvE3K9Bk3JV1@?qV!t-0+pcl$P~i`w0GJZ}c1RNYGL16G?wI7_CqtS?0>2WvsdoQhLPw-Kxs8=OcI7 z)8myO9=ov;)A9(<3w#mrP9lVq^_H#djU`yS7CQWkQZvJRb1XCvfB-UzLi;# z_i4Wdo+mS$ZZ%dN()c1(j6Dk4P2_ek-YpV1q{25{p#xVkauIKP(`#9i#!q@J%Q?xY zQN(kU?_Alx%*sl)aWMIl`k74m@am56>}BylQpw6N|1yWYs??>1;d2!X-Ac7B`=??H zQmcAQa*@mNf*b4+1cuim9?{oT4}G7J%%i4+@F%K`}h3rSzgn&4tAew6nnib zR7~MCf7mUl-KM!Ha#D&t*9$iwMz>Jzy{jm47viGufIA+yW^xHKY5xq)Zt)(d+7AuA zApKC6g4L?>l%)~MXRlUa?AHvq*jQmT654uLfPPigE_5~*6uY0%c5qF+Pi2S7XYiF3 z?%NN^Kh4=zq?y5?+_UwN`F6&EH6*y%rQ%WBQ|r4T@urZie32)*Yfn2vaWuY1GK@P> zaKUf{ay|CL45g~>X^Y0vPyuZ1?uX%46n!`S+8DGg--hz8aG8JE*K9oRVFg3}@f_n} zR=n_OB)s#%@H7ei&`cn-_?tP!JKHrbQE*qdALGN!6BosuRZ%BYXl!|8#hK%-n-B=; zTNkd#$>@zG&c0(A3bN)Fo3Qi^HPJV$wzEUluwbM-vzXOYIcz|nc5;5+@wuX)zmiFPpcRLrNNpUZQ*;rM|3~eV_T+p znkChgT-yHCuAC#**P#CtQi4N?2Oi;iiAKN@oX%^T2E_zfL_kr_8mJC*H#-<_k0^yZET7ysq4 zmNI&>hIKzLvqd;e6l%UAE#Y6zO>zfI}QcSf?BWzF!a=log*!>lsdt zl*ka@9&#({c8XGg4U5FnDq5UciWI@^54Xg6YB-c5oHlziUJm6v8gd!k*2F|v4qBg? z5oL(`OJyOlJy+!u2>1TD>bi%T8$NEI`!ilYodFBv9)yJ44q}kpY*xkP&2t!`iP7Q{ z2{S(}$LVu8+&p)>Q-%hwU#rY=Z;$3wH}3yJpzq6x6<_K63a8cWX@@iUSH^9vsQQn6263;KyRnEYo$1 z)b2>rtLHz^^PR3bJ?e>(hpk7;efDW zB>`rNqxYsX(+Mm^I6mccCo@0G;QG?I>3?aL*-(&gNWHlu6-L^eId*VcxrQF}L$6hv z#aN8}E_kVF1lvzJZjL*lQL(j_H36FD z=Pzo_&e~HE+G1iuVyQbPLX8bh_&B^X0behsspW(0<@EhYv&)+>!%6LAO_vWmbC;a& zi$`pp$uG#8Xcd53r=RDz2Pw|8n5N@m)F`CnEH%(2Pv4IAAiUo#g1QMDX+YQ#?O~ZZ zPf6=^*Si?A2lwO?&5&6*U$l10S{-i5;fT3tuy)!p-Wo3&wkJ&?%vp2~D{jLuyJ}o} zpy11bJ+c%Fvo;+rx%bv7UWt{vOf{L$$83+)@Gp7NMtgN#B|B|kyh7cIu+6oqt2sVA zXK@#Hcmxf$n=il)Ii6YEPEuaSwugG|nTDWUf!Bxr%pgm{#u0aCbowUOI|EMhloM=z zHWN=~Bzr@T--ne`(5~SyKuqtLLsMt34qpbni3sTudFbBMa&mhFaBs_4-^8L}@owMS z*Q=XwDYV99LD6H@aqx&U4P@?>^;-~Hrcv3GWnb5kq#}7Dqw)O6^K=)?GVVCF!-eVc zX7U%EwmL8F;s|@AmBbHI_rQNns}`C=_rHcWEqE}C4@#MIqQ>66ly>!f>}r7?trf|i zMWlH>lpOyYxUOG(G;CwdTu+;$cWW+?KS*=rvH58shPTZ zLEs~ucqsL1Srnk)L4pHe*x<@N!o;o=j_vbEflTFhfKdHk$deq(0D5d|pURJ5rv)zP zItGnR_QGJpB^wCLq%6mWczU^fnbmON;l#e_VexJ)G<=V6+1-~Mf?@fv=8ym*5An%) zj)CV3gEoV(KW;cc!9|lH^_8fGl+2kY?3aV~6fQ2EfhI#x zZ8+(Y!@Ses!y(MjdGpWVbBGc0V>G$0VXk3rVcJeau(vM4{a9pu?-pn7A;OdmZ5gne zIj8f;CipF>ICl66`9xa+JiOR<{ZdHL=v|EJMp(nbv8egd7iaN{d-; z&-uKG+y{vy?h;fIa-KY16Um-=$NM$3X&4mk31pWkdq<-N#uAJ(-)TPEJ>42ciJS+j zB?_;QTZyH21#nW5f{%<^UGm zG2a)od%4tfw2(CYTsjw_+oymrK1*XW5X^~h(Fu6O{UkprnAn6czb(Np$+WIpO@b2D zw7C_#^hVhlB5dB2963-Mp?AzFxE4F2R|@oT=6AJX*1SQTm0tg%|5DzI`9u`Umhr_Za*`5DCtC%>C; z&y-{Cj$`uj7zV`O`rty3B+n!v_Y$>!c&UISiDbo*9`&wMNmE~uRPM4%RHclbtd1n^ zqK2yF=C<_Omu)yKfwicX>Ws$HseClZaUVVN+TCevEA_fc_apJkkz-4HxM&`}bzFqc zQ{rC^wGxYH3^aVtLB@?iB%t{k{;fNT@f^qxaIrI`#EQ9ak+L-vED9e2)tNYKjhy3c zEJq*Q<4b$pL;g?Tj0^PdBR%rXNd{)K>*WQfY4M8tt?xxD;4`PQH=OyP96G*%0d<3NvHaDBx6)b64VE6(wwfQ#JuU$oUqgKzoBo?s?fw7@mF1R-7vrJTdKGJqlQ9w5GY8jsv`XxtOFc$LEr?nd8< z$Omn`)U9@6BN)mFOG8gFISdTZ74je<7|w_eIom=<|HnAq1}4E!2Gm?JxdRS|QyWOb z=&nA8+;yY>Y(5^yI5HX8CysZ;a{wU4RlDPkeN=*!Iw?L2#-C;M8pWUg_e)bllh;|1 zrE+jdiVDdBd$UI2pI%2#lcieDJOj!1*c36N$0&M8)O3@SY9{Rvyf(QLjeojNY{Did zKlq<{Tqp$G$wUwykCBR{irNDlWMmaAr~ulIADBe?Ak&azRcebh=EVOK?Yk}EU>G4w*~Sqfe9xpM!3?tAYYZ$mK%$m>H_PGTfB+*?1+%CD57#D!+N;B_Pu{cCh)#cAt?gCimx0^=f5W-@HW6s zDu@AM&4}q|3FOP0(+$a`X0JGL|3}^Js|gixD*L%wy3!FC(?3(c%2<97zzwkteMcN+ zRVY`eTQ>?-h0V?Ck*b80{Nqz+@$1EBG1Ay`F)-JpGc@#BL(n_^Lyfwo!1F)r%zv$k zpd2z9GDRBj2d*l=VP+BKPvw*dHV5MlDoXl=C8!l+7s~?8p(PC3WT3nrp{er9-OeQ#tWOZH^#=cPVWQ?FdRx;|4cvrtv|M}4EzcWsh z&GJFhc_hQE;;u04>3;l*IlTy?EOLsDc*j2od&SCj-e9su%|nCI{wbi!l)aS$ie4(I zYjtdIFQF^jL;)1}*HH9w7KpYxl2EqBV%Wi_;%`efvrf4#mF=3C5`u&r-{j3td|R2y zaDQLG-vdIOX3lKvvR5gGeo*St9Q=xfNBT+mf6k{+K0kRHtzVj(wjIwTsN^&BReeUi zH4Z;@s{mXULsn9Il779snGg$12k#0{1Oo<9PS7zL1I%PG5q${B7)VlW)HXNlv=ze=C@`_|yTELUn0|;GUCCd? zlOAZ9@oM(ZHBRUTB)(c!Dwq^OE}zQ?ZdjcYd8j3qK^0G><1NaY6c z&vo_hFuxxiTEQBLC_gd)mTSW1*tY6wxMY761Vrlw6ZB z2qxB_bhk(j({rgeOE9WeY$%A_X>9COC`1+8CKup9yB{1U$zj*W5sa+Z?1b$fuj8s) z2@#le4E`YP1nb%;WqAmCPYd8@5h2ROuBITPdv${((Iw8sAa#lv@7F*vU+7f3%Bgf3 znRwqRA%RUJ!3Cgs(H>w4qLu4{trJq^iKutghf{lnhEsO`z>dX9xglw19aKf_q@8$& zI|kkv;5EdGcaOiEt978AYp{*fC{|ItlmE@quue$s{(3B)zS|{sl9vb2!I<)%>LMJ? z?GzIe8vhWdZh0%8mg>J?_HUqnyEa1H>UfQI@ahLAF$ljg7K1Y352j&BhlF&0pnC&b z_jp6A_!zkGc5wANjT_MAuxfG5>$*RQa?o^+A3(qe(2+7I5H|%l5~-08;IQRQQ&Qhu zeOz98kmf+57P+MZ0CrSf(kn*jV0&WY#Q|0r!1>gYU!O2g=>vI%@Hhd6K|ziyGP)m3 zrC^~DD-07|Y9u4*p~7#@u{a392^pZ{Lgs5h!4b57&Btt~XBedwmGO0m?Kfj@30HRf)G4T&-@z0C_(JUeLNf5Q^dmu2>w24S!GzqN#u z$vXYvB@=Tdn!nud!U&hGA_Y9xcV{OAJP<5wh62zQpJ$FBNpX|h;Au~%$}wl16&#QP zrxF3Y(g_R#c^+v`mKwe%zr$=_S}VqOeTcx0xc@Tw_<&sLvHa4o4ZJ8qLC$EJCLyHR zwb$MmR_XCX(Z9t~ZY&b^sl{idL4Bjjecr*a(UaoSG~3G1P67%_9?VTl)oo*!mn`v= zV!naAJzyG}gg7X+66IQv7@jF=c`8`#h>WTDI{MTe?`|X_LSc&_!Tp>| z5|K5}m+u`-BH(Kq3F&+rkavyL5#_nTQVi+o z`+%JzJX)zHdcHe`dN9`@IqZEg3ez^Vd z58ND1|1O^(W3|vnsJy4$`@3$>sePH!Ec8mY)ex8~ceA@qw|djjs38FMq@1g>j=sGh z{SFQa-Jbl(J(4YCVxf+8C=MZD)z8m%e0|Ml^R3EE=F3f9;}7F{nraJp$nEgF=~-x< zZj&$eb1^tNpZ@c}OK8V0{6V$iZ1!|T;`GUqm|Hhnlfla@nU57lRd~EMQ?gKshf(PP z!#ZE$^ZmbsgypvxdX`%)2LGRLeGuLnD9zxv(WLzC5r6mI6OerS4A9+T(~Y{}rpwc6 z`kZIr_@(2T(`u}Mu{`o)rl6USKA(LQH+@X|@)L=EgKgMl*6&o}X@uYJJUN8v49o)K zm83+KWUxijIBn&Z9fh;a{Wa)d4&N}v8A{6cqO~;|blO4t2H8-mq$r8Q zd(LhF5+S4d$L$<TWezzZ;nj0q9mK&W& ze(iG`O5@V*vLw%J@ivn35zuDM4r9_{TATSuKE>`uxQ^VwI~ zjhV6-Rll_GLZ*OdSG&Zw?m=UkkY&MgMVXB_)kWg}msJ zx{Y*N4BWl2H9KlIf<%SO6!5Grl_{zgs!L}I`Cy}4L`h8)4P$#szPTJ`C^fEoRcE8! z8@?txy!O0QVhi}WQri4255p(rr+Q9!?bCJIgJ&a^^et7$q=WReIKMkOvKTkNK__67 zIoo6%&9lZW)oXmG^=m4&8G5o~b!O$PDHV(I_X|rVALet`)BbmbV-`0=OK~$#KS@Er ztUbz%qlUjdm@EorpVWKmtV3_rU(9#tZttSe*DVwirx5Q=WS~$ zr)74nY^`;hCp7%Od(FV>RZ1#DN0|__%^|%XMr{-_F*{*&%KFqRHZShkGC!TkU~qb$ zf1E7Q!evf&kg+<(&@9n>IqXMj;`G$MJ@5EI$n7XR4wnwFeJg$TMnp4C+4Sv_6bBsfeHN&!VH#WYMB;<;o0u3wRykNYE~SAN>*>h6I^u4hYfc z`CgAQt#~gmF)UZAuY}Oo3ofDDgy)16DU)=H({xN86xFU3qHn3y8@}D2t0yK+X8l<9 zyUgiyh*$3Qhm}Cebbg1ZG#7#oEJ8@R>JE1k!v9TX8L)zSwPB~P<<$U&`PT_-afq2Z zTl#@S<{;;!fiI(@RVY}fLH>WV&JU+hX%z{%kHRR#y5 z6M%|>$ww(dGS&u#^d@g|8u1M$mFTR@f5((jP7QvK4ME6o+(lBnOB8ANu28l+(`?3_ zXXXH4x}_^pCNs6*sW3$CY9=-t(~tr|P;^Er9p+#ZNleMTQ)M_}OdYj@k4D0(#oDj; zXPR_&*P+S7zf4Yt1UJ83X9-4HVC&656?W+{Z#pn+PZ zBUD;CgB_h(2oGIgO+TNmd=4a{J-5KBI=(opI8afG$%9nKa_T2*9Mp zNGct`8FzCiE#$zU;e!whS&+|Fd&SMEX$OpRrrMnQ7IQmjfVX7znSX~s61^c`VldHp zD4pk;ERiD!m_xP8=Ds}qzR(r$f60{09`;kCD1sxpXR<$Gtjt9xIP{G$@U+Dj`x)+j zoan)*avx^0(`_R-n0M{?)+&ij^!{64-wW5ng;&EF{O#pgKA??Nw|C@RGa|;#b~~na zNvA_;qPRX+hca@iFK#`KAUzj0Up9X6>egF`CYLQjR=$(YRN7!iJl--}j2M68E{2=+ zuhIgP23IFff{xo6Q2|Ox$>R;)$*k09}Y59sTkw3PNX{_h@Hq8w40q zzbE#7-HUl3Jz+6iX|Nb=+8BSO{}Ugh4l{O5 z5NPZu9kMtG2&PYSj(^_C5&LNq7Ms__0xW zcRD?;^8U0X3akLO2V+ZCSwA4X36rHxt(p86hI>Kose^4(A=)_D*lepzI8?s;TJ_YD zLGQ`215vQEe6e_V0OP*+GZ3TjK`e}r6Xte+1+{dPG-QQl%q0H*k@ePLQMOUr?;|Lk z(v2X}-61GQNeL=BbW080pwg{$cPU*%H_XsT$Iv6)9YgF}pYQ$NXYc)=$H9Pe-&d`5 zu5F~$@RVVH5IyerM>z~v{IO8-MH0qgO{^3l}%(t^@~75c$wN}y*FA5Ji_ z1+V9w_@wM>BGn1Uo=U#GW#W($U|Jgs#Ksi9m;3eBBT@KyGO~NvudQS-Wtp7tSB{TQ z@_AzAtyk6ce03mpfnZxC|a|L0MYZ_B~w7Z=gJFxaNh7MUUSNu?#Io0W(4P51TKGeZ4pTG=n8 zq#V1(8;e8lPNRz%K~bL*uBxOpdvpbYD3@JHa>%TE3kevk0~JB+AX8~sYPrX&zrz^G z#oee!vMyx=p0GF|Je!~vw+uMCoKr1&K^L^nR&`W>HA-jSp4PntAtj> z4sx~78|RAzzv#YZ_80eMuJxf&>>x&&+fJARtM2e#KDgPaZb8pS%u_e#EyK&fEj5Jtm^%xQI8QxEX^*v5IvJAEWNc)djHAbUj~)byMM}8 z*nYx&C;&7Yo&il;1mUEd!4i$mh+$!a5Uro_3URtUCHTkRMSdTWly4jxb%r)+`;VG- z6N3+q9J4(lGE@YtJu&iT5qVu_MYD*}qoeNzlJkSUnpR6udY(OlcEid2HKN3M{=>?f>p+#su;WUfuGK zi()X;xgF^8PduM+7kS~5luUN#v(}6?xuOeLPd-M-$3VY5@;#oiq+^^K9A&K2dfQ_1 zxb#$^Dy9P#LDvR$wV*c*8(pT6#M8t`wPVz9AVgwRE6VqzVMrq1ON@x;w+E;QORiz7 ztzqvnKw2QmnPSkJAW^uzKRc+Ao2|_k&0c(g3&dp0QJ?fb?~i!>wPQ1wWOW;nq4B0f zSmRyoO-t~}$4^Gn=}*Wd%*egYcLGLe#Byx=W49Jt#nH~U!_=gF(0{yVlBW!_v@kRU zUOvW5J#G1aw8DGGg%=>hW5VNYMAV0+iWS+znd5bQ9o|n}R*@7^DCavf&=9(|n8P-u zn9RkdypI!!TXO~cJJZD|S@GOq9x8;E(2xJo>rUF8L%=Hg`%&?d6)O)dORv74O!1m5 z5S&rXV$%7a2!)g0kq|LQ%jX5FysLhr6GVy^ZPbvDy0A#{AJGhcgoZJ^3$hf}z8Eq7=w8ZFPe z1QY%@$0uHIb4mlN$gFPf`^a8B#3Jc8M}v5bZ>=I}c`GQe{e5kcvBCjYq9;f(^!1)CzdZz5D!SgR(pL~$?*dKQ1b?W0e+npn_mO?(|ZcnCu z@I83!!S(6GW zY$R>S3-PnvMKU1q0Qy+wj_jHakM;Wb$OX(q*gpPbF-eFaD-!scB$Y?R4tj`QcKlzp z_ujFGu>42VkxQI}r;`uBXt5g4$Mm{9hyujh9KHJTzBFO(mSKmsn+3uUaMpj{i~qWN zP>HbrgrF=I076-9yp^U#&M_nWWsG+n2MX%&rMd1-WfRAIi@pz3HUn+&G1lL)IMq$Prl`bnj z4x?9&U=Zz*seHC{E73#p(=m)Y`fpZqN%!~b4#)(4jq92U*OFI&+QX>ic^D?KKCpu* zLf~gb#p_-^JZ&mzp1P|${lfMJTx&!n_G=M&f4<4Uo&3KK_>0G66hqSz!Y|!p`QZb3 zS8rAi8H~P5kZsLv)r((DI+XCi>NrARmscIsuHT@My%b3tz&tA-`%rx45)u*f|9vj% zF4^={d3PB?8rtWN8J_90x%e|pErlg_$oJM#r z;(tKCBUm1yFCRlM!iVzc(TwBWJjvr_j8|3)1Ssa>9S@Xvd&?m~*rbSo0(Lp&%$Lq6 zcJNy1ZHL3^e_Qqf=EwHHR;Tr+_6nXX+B)br`t5#GwlFQVzx(Hb)Zb7f zJ_JST+i%kH&;~TA_B@vNWfDSkqJb;L3VZW)sHo^?-SPcIReICN%iRD^XNw%eEC4{z zKn}5+i!SctAxyj1ZuJtS6gui1+OAP=wy+z@631r@j_LT-Df7l7c=e=rko=_+@r~Qz zSGIz1qvHh%?Itj7liPMA6N8INQ}u%?T@GS4gEHAf}BXeS1YeeL2W3gHl`V=)q zk+9o2{&#u0f-bvDM4WK9SEFsHzka-D20GITRnml@se&aYbf|dPuC&-2dpi(2y-N2( zd)wtU5}>NbQ`0Gi_*<{Rj}hrg$eo0T0%4M&?7(CNV`FKN!g|ne)~yFh1K)Md{I>^8 z`JZFl-(qHI+`jJ^WG}$bJk;x&Qu@1|oUkP=sO*PZxf6XCSKLz-NaWW4nkx9ybZTI|Sg(e19`Y%=Fp4VoQ^LU3R0;DRvBacT z$!Os!Y_`fqc;0<4(yJ{Byq+r6#lS#F{gi7>fcX3O)eSRCmU?VA6nZTEN>X=Gxu*BUB zXKtjI)?8b9TE4^pTGsfxzbycnJU3O2ZrvyIv%_Vw?hxG96`6~?PCYz~AaVB{qiOg3 zg=l+yantUbx))2UGU&<@!7n|)QWtwm)=Qr2h_=mv8AJS%w<#{uI zDAuN|Xxm^!(foIpgykF|OdD@m#;4emhUAmK2A~Y@y^sp-aRpRx(`C{1khDGd*e&0)_F_nvXmGEc?yxv*EQRR89o>tpoMVAnUy$AnkNvP0ig(z}qD-eN~0 z$E`kfpag0%5~-LhW-r2)#2t_n#~hLr`T<}Wgprgl{cjqp9{-ThjHR^}w?QJ2HGrPt zyxzOAn#beU^>`>*h{7}k|8)uU{5ag5Ennd~gJwe$;^+S>Mgr=yKPK{DJ5@|7te>)t z`zJl35qIsXG!9U2QFz^Q94_pmajeueqRie~BL4rWuOCv(Oj@t3XUuTCEi3~smtYdtnJ0@C-koo^b zXSd^(0gNBQ>N|9_{d`64MgIH1$nGqH^4lNO^0gY3PqXA-HJrd!4+H;3YbV)_i}yX2 zMYN>HNq=)FT4MYewEIV^H#1k_fi?}#lrgk`VTeZ`>K2~A{2G8!_XU_E1KqEKcC(<1 z+W+TBhAnf0qV}<|8=ur8IR9qT3u+%4?yVQl#D@sj0{=|a0n`n*u`8ZPH&C)=DJ~Av zCse@65FgUnUH>H}16(JUx(f;pe*8>?h2XU?3IWICCyNAM|D?X_kDR+_>9F^|^Dfa+ zoo82F@I0So4XOD+RSc{+2^{;mS9#rL6r_~4w)FcG0R+`CW#IK#xm4WVPLvs$pl<}c zYk%i-2d2;k%%qnQ*WKr0*AGEj)-x;3`u^7ZPZ%DL?B}Givin~5MYE*WviY8jR%w-z zHBgc92^vVaD`6Yv#4p$Iu&NI7o_*RAatLM4rlWjw9Y=1yCs*!pTs*uY-VSF zWOs2RUIhucT1JNunX@2;E6CC`w}fi~pQGBWv&<%kH2X0rtGE2#IUPrufXUxUdf<9XfVsYFSdp#yP~BLL-bthP z4aWDUnu!~M(M|FafG_Bd1UC3xU!+2JlM*3FX8yPY@u22XN^IA$hYH1@%mZm;$+3sp0kkZT^I15->& zZgLlL>iLcKG!Oott*@Wo<=pn(JeX38)3Qr0R2KTH*_CP6UTkJ@g02C* zDec0-ps-?d9P`vllyo4<)v^BXw_Lmf$9x8>FroO)p=|B9Q&?4iGu0pVg&I~7jIX$hxT3br& zQf%=sD9izHwKm6a9Y9=#Y;ThZP`nN5rFN;f{0P4mEvXtI4j^~(T?;mgV!QIRA6IuS zn&E!J)4k`L!q^>YsXn>E!V14ddU`}^kkc=;OP!I8j)%?_59+|bbddhou!G9<1;|LF zByD?)HZY_kj>r0R_$a$;aChO-W_VlkwI12baw`B7pv@keyH;7*R&52vf&clfKE4AU?;6%Z}9 zj)z*2Xx!R$olnzvmS>5%Vr`CO#PO($IB(!^8MIh+WxVvBzN-1I_~8TbNTy`Kx>C}b z?q{hkCi{k-u;|!YM%l_Bd4{(QT*$)FjHn5+k%;UFLSwS1;!qYMDL#$g869Vh`_O}$ z>p45B%yr9`dqS%a09=ZM`!v*U>-uw*E#KcEt4w;a_#3K_4Yj)mwG2U9TkrOks~#z7 z+Qnbs$(t!-ls`7;9WajoukAhgQU6}kWEbi>{iS`k*6W-tJrT0O8=81mh|ACzFC?(N z{4E1c?bUq!v0NHE>rKzirG!DDdE82=2TpCrlUrJu!6B~dw1zpc~K2D4_RjA+a;?y_B zm^($rOM^AxiHQ&x5SHzvyga5-jH0b% zqsL1}acwXuA^k)t9-d!;b>^!OPO1rW!`_SEO?Av5C-{au_QxK9?c6Ffo z7g}W-NXqN1_y;?JPSmNVw!MrUZh?SC&9-{i|A?{UcBXEm<+3BE{mK|}X)-rXf`N4` zpZ}YJ3)W3D4WXK-w1XB5hZqAiQO8ErJwK{Mq-`oBeZ&*IOKl;NM!GB<9iHf+{wy>! z5=g*Brpt9=UV2+GCfgSWwk~SI`J5ID9VYU!IMX--a4j#JcVPwMb|w>urn0msn|cJa z-kbrjWjd#~zVOH(xO7#RjcG=rd+X2nLMkf#Aj@W{3vQR9d%^%$EP8nKruozYbTQ}# zKQIMtbTf7HlyhRAnu}Z@Kzxxwa2(S?GX%d%VW;HchWT!1!EoB@zGOLn^tol*be8eL z{s7N{<)FnxrIN5ctop93>wG=wJ-z&eVWrP1rHkDn?S86|Y{?6iv0`g%0bBSJ{!I?) zFCeLBQ%e1-83Wh`450TKwQaGK{l52w@)KDI&=Tpx{EYko%Y>7ZG&3uO1Y5AwswZ zh@cKIF&sehc78!cSI)50Wq?}JgF7_7# zz>R1gsL`7(FE1B&TjT()^4IIrP1EswMG?=F=MekF@a>5r)4QAVji%K)m)k4Hp%i}D z8Izx%-;1H1Frq5!i5C+^;Qo^;!zG9v)eE&u+j6CYn&@o;19vhmPzTTf|EtDQZ9;3# zs|v(HGze|6^PH=HpMEf3r*}itSk5?ic;s~fyU1X#JnZ0#NC;z;E!0hkmL|Q zHMgl@T^_qE(fT>5<1bP^uF&UA2KzN8y4uUS3-zRT}FPh2GB+%P)?svxn_<|>dI2iZoT>sgxs@t5-TF+TDrO|1V3Bfa-ueE-mpBNzYRrqD2 z-`*@Q5wJyN^;GxNi7KbLno%brbFj4}8PX4n*2w4m1(uW((5wwSXeIj%p-MkA5Dx~P zWHe1@a$~noRya{+U`(Jmsi$32#`9h-sPWGu~hG#B(~>ZkEouB>*O zkEmQUbr`?|HQui#VL2PDAQx~F309$wV6;?Cfqm{q`TDEG*OGWZ>s8MUhgp9bcE-(F z$B{Z?l_iYJ7T!Q%Dioey!6r!RePYJZFO z<6sHd&VB}f=y@MYG&k~p2lW%BFf*xr!s`;b`b{5i4KP7wag40M4oi_8fnW6BWqaT% zCwVC+i=gbf+sc;xOsMo()Z9w|Gs;JPbBYpRJ_b4=RhW59dK7>)goaBc)U%gT!{fi? zGv`kbK|0cXbsWd!Ynk1J9c!M!W8Cs%W`KlUMWT!Q`)~?B97h>2wpm3F15|uKu#>co z`=VWG^kthoSv7|Cz*Rl zz1FY&?_076x%M8cIv{q7FQ9L4J`lF=%0`yz*O2Pf+X>#u8oi>ArgOd_qjWEX30QTo zekRXCi`(YKLGt3E&1zNov|O;D&9zr%_@?@whs*+KCQGF)$D&PmtI|VajCh%5!K^X7+2`Q1JSrhfoHNPqhv(RsEivAH#pAr>_*>n|6eTgRL2FHFq# zfifT%zhet?!f|iNb12a{URY~3nz|v1*t_FG%Kf19Y*Z<~g3bgor&WXFi@Xrr@8vs$ z*U$8l=xmAcY>Rb`sG7BZ3Yned=X7NH@FwqX-lAb6$-qrU z2eV&z$LU5Xv#Pb75;GxqRKchw5uPK}k_*D7H#ny5Ixm*qtcZ$O3~BRYnCWsL12KtI zXi}iPN@T;O!lQ!X5Xa2te{z=$60W^=(KbYK?A_$SqIV>xng3|j*~PxNvj0-EJNE=P zFLi~DO})qPvF?UPvM)9)RXOdB4Jm7IN=-EpeB87yIC}qeh7$=Y?6%1`wxaSZ8(*sA zHufxjKZ_6c8L=~1R)%4z7AomATOQIXrwfclhFBwuA8Fe!Eg*j5Bn`z~^WfRx?2gpx z;75m~ko7X{P5{<_e(3u9!cr=v!UgkUv%9b_`=xqCCCA=`M_%l)Twg=x9Si)cbm|@N zV2?x!*~D5P9gNNe;_uYluF^0c!>it~F>uX}c1iVRruBU{viCs-0Q7Vyv9=z!%usF3 zHZuF&vC_4~MgXn{-WaT+*el`+|Ixgz@y@}O&TFH`%bj68W2Wf88p0|XOO^rQGM-cK zEt*#MShYE}Xyc1)>7chxJl?rxVdKd>Ug;R;Ey>U23IVPqITJJ8zO0J}@rx+xs9@I} zqdTa|m87?u%MKiUU(D@QJsu6uE3WX=sgks~5&)+J-Ez+Ei2Fh|wZ)rvtkh}9`xaR0 z_0qc#JF^bg419jX)@lHYLH^_5{{FEx8RlB6MKs?VH|S_PF)uUaq2H+)0|~pP0BQ`- zgOL(f;(cjvwb1ZvzTP1MuyPJyN|FNt7PN3!&+)2HopAGGl)Bjh5OE|Em3thoX;;~@ z0^QqRtpRD-Eoy+AORm;8ZQ5$4jZvB*onj^oRqUB_=5nRan9tSC^!FRQSBsP%dA*OZ zCd>5SqcO?wnjO(o{H{%qfabX^-e@=b<+tP%ag zoCZ*vx*qsgzceHGCWj8?}$*~fvhfu`Tj*abR@WYal_tDe#j zvVL`M-wv?)JPXsX;!~ppQG&4^A0TXB;8NgnA(;SK`As8O|FQg-)Al*Vq#Z+3G%r`iHPG_r5?l z9!WdOF%EY=#uYrZTnh9&v7kWbCMJZ~+Zy7%Wzp4U#v|1x#gm)OYR+I}qo&1O9SER9 zcYI%@EO!UQ)UA5Lrg;hgMMuTI@3m^H*Li+cS%f`brS(`fCfmnSwt!MmtI6UjidX$Q zp}R9&xnT~tXWMhAh!&PejUz6qfaGcnabtHwpm^-ZN zNkk9Yb*isVYKY0VfJUIbJr&VQRZx4_@=V!#rpeW&M#2LuY%!VFC(NN^82ti_Jw7xUQuBRJv?{5u#m`HSw6EdZGxA)%1ezA$d zb!VEmSrTj6@)odx#k}sVQf3l^_h4hV^ap0Q56%LOq}oLvxoF;uXfP@rI6@4do| zt5hFZ_Pe{uHcJ^#X4p>>Z=bA@SKFJfp;9p~tv0#`2@o|)$?pv3!O}K;y!t(1+CYp> z{Atg@8b7JuBT-Gupvk2Zqgz$KNugZ;y%ik?`n6!NO2+mhu*X*EC#pY%wFr6KJhzBg z)U9#L*j8h?D#d^Ze-Ldm%j<0TSCgJi8~%pSFaJI{x7g>uC!Rp0x6}vhiSybc=TT z?1uO@yVlY1kMo3m=htg;Arp~}p$r>)pX1=;`2P215-)r5WqB1l`&^d<)?-mpg@agg zMKg=^^NiLd6XUL{Us|EEcv&~IjC-Pfzlho;u2K$gi`ESiN)-xpi@oC z3O3c(*1Gr++1)lh?~+yo=jFCRr3(iaXrG^)e66pq*J-=zQtC^()Dop2%~ei`Wk~iT zS$*G!QMA@O*w36+OmaqJ*>*E?AnN{F;hk<>!_{#+rg<=^1lkDWBod{f<{SFok*K7GW~Kj<=uZ{0 z3H~urlw(wt3lK5sy~0;$L|ibsJXgca#9lz_oKh%f0SceRknU$JhR@BH_JNaRja7273$j0j5=nGCNeuwXoDm{lazFT$X=TD`ar zgIla!Esnb*#qV3OUZ`dTJq_}Q9?Kvr%_q<(%qC?gNbP?4Zz*KTG`OsXH%4Ru4Rg-9 z&h)T|b{UvzvVbX`bgl^jAt{O>E3!)`&hfg-Grj~wWBNknO}AX#SiZF{;qMF;%kSJ3 z)J4XoxTrVy0;oii8^aMn(F|=a+v5!`OZa8JX-0w6qZYW7CP6rm&4H@&2_Vtfn-BI9 zWXrV)neIzu4WPbU-I}ivo_1J_=1~kTiU9J`>b&n3%U#X20xS}T!^-)#YKb=9cRO_= zURM}GwsVnP7g-`wdRHK{a)=kVAK{>uwaU#r<^h1jdOf#}j&4y2B-nh7++O<9yzN zXTKLM!}TaVZzjf)d2vU=b!3!``>yr|SqWGv%U0L*4Y9N@d|M8#?bqg_|x7xJ37ai9iq9Cqn-4uh%FD>GOz ztj~1(p*eKu%)~SHo1wk(Dh(%4yZC_XYHvW1lL*#mCz0)64o^7^S^Fma-8J8;%&@%; zCpXw+VA7f)bti&zn_+W77N7&;?anw5!{4TPljt|QxX`9$N>P&xOhcKZ{4tmRxkKW} zM7-dvG9DJ=Nax3&>>{F`rZQsuaaq;o2R~gZG_yNrp1G9QqN_cCO zf}aB8nAQ5n!a9Rhl+<%H6h)!TK$YDTKpN7vlaze^$S$~Nq#nGq2FhpL)>5xnhhxVY0f`?np3xJL^q05@{RKK^KmUwtRqCecenk5 zpu;eUQ(HU-U6+Upar0U&7OjZ3M^8@V1TT4CVyPF(KU4AU^Rcd{$TYT|Xc(#FAe(Te zL$CMV>Y5sXXw()er#uBN)Z+3w-(!vvKm(d|rPCn8fKbM6`bM|@6MK{dR))Ac6mW%^ z^^|8+F)jJmg9QycaS5e)-4@8r1`}aJ^x)5@c1_&tX35;B1!cv$buYx+wt|DO6HVvF z6Z#VP@#i7i^k1to$!DjcjS~cf%k+bG5(bQKdlXGd!%Y?;FOy%o)6Uo1e=!cYF`lh7 zt_rSe3RMf&%w#biOq4}N(;V5XN|Q_2vIK{9lzu4S!y8oW==NPZqK#+MrKQn@5IxM3 zi@9+G<2l5LMd>1%{ONDbcEW%@VJa(;>tvK58#O`%V=&&U{nP|rm%e{Qw;_F)LQm>G z2@@DgP+E>$r@&AEh~W$9rhY0G30t-eOvq}o_E}O#D&+iL96vu+SfE*5oxMF?T>*%6sPQx4ljqG@Hk9g)0l|B^a9?9r^jHi+Q`V%f|_i zD3!5rDHSN6^BLY`FN(XZ#*?#+%$6=SjNp8>{st`c&x|2>;bU<6H85r2Xfnf^Yfyfj zLFBFu2dIf0Hk!dpHzUf55+Bpgl_&zkr-r8g;LktIG%q*AQa5lGh!vQf{>MouQMkbB z1M9p;Q3|RrrQF4P4)$J_!O=Tvf_IPkIi;mW@}0iDG9J(|pYE4T9eng?5U@2jJo++I za64FOzKa&-PU^fd+_NX@BV~!{w!akIEsxh5E+78s!u?`|?~tWNLI66HhDtIW#Q$R` z0wwX<>DQ|~rPm5FBTesrJAIbU8+NUC?pb5x0O5{d#6n68>YlP`l^X4IFneCrVma`D z|A8`_-CWYK?APJbh(TWUKV6p{suSj~k*L4AQSb=FslCAstZ-mF+nISP_*1B7UFqIx zq74%bpFC`Oc-{!rA(vVr@F&CgeBCDi$!-B;`A^nm2_Uv(s(Ut)w(|`n!>JJIQCi>L zV01-xxo{)eps!D`!#EGvE^63Fxl$ucWR*;M`6Q$LCPT-7q@Aj2z&RFH4>$)bKKII} zU2pNk@S+>xz?>$ahx4rzK@r3RNQuY51w-K;w4V)L-sBl9%2{zjifU%7Jx@1Mi>gL4 zMI%1((IyMK=ZHdVwKDyEbi-}`B1t54QDexG&6&0EZ@^~FYb#?4W-~%p{w_YAMc*F;qK-t{D|F>`b2z^#1h7| zJDnn-M!g6;fS>Ggrwjqd*M$1-9~*wYcW1>mQ0!5JcsUuVDAXpAT@mdZy_KJ%Rts7k8+ z!OrXP8?2o6a&V}nT(=D+4jK)s?35YC6}f;Bf1^I+_g9rrZ<(Jnm`;I&evS3x5Z`AT z9F|X-V;-liCi1D=iP0vQw@a(ecR^s$Fe-w95#SpBc%&ru1miQ zd`1I^0}j3L|EyySc&4% zihMe_uwQ7vw9%~i9_JWB-9W`>+DyF_`$&f<|DD2$~!JFE%9BOH1m}n#5VY$PHDEyJOJaM*XdCP@A_hcCzWQY0s2D+ zJwH{K6Zi;axG$Sk07u-cgWr8jBVEFE0Ebp2bX^<; zv>8;biE~;|GD9$e|5M?{Sh(D@DBidCq(H=Z37=4dyB*uI(s4pe6fzRRj<+ZE++07{ zR9# zh8NrH(m0tvp!>U4K zj|3%a$6AU(=V*yjMnCWlV?oWPn*m{zr;xJq7|tnfkkI_ysj$H z>XqyX9hTtqJwB0*sB*ug1tt0UN95Pb+D^Qv%9yEmveLJTun^xuv+U@WZHSg#6g#i_ zw61%)LGn9V*BBYxE^ z@hDt41Q8x@o;AzXUSkP9z7+-Pdz65)nDDjt+a140-WU6PZd=(nI5D)MT&~NE7hpl5 zw@5k>PpsV@zl>I=k8-HOO!usW+qh;Nl_^pZW=mSarj!&i{oz-|Kp}q~e?CjlMpMbK z4g?*RuX10ewOwi>k^kK^&oXm@M}fbDv35xry}D8rhk=)LFCjwUT|e01IHL-RtKvrb zUj(Ip`7P+Mj|!`3xxe;f-hYgw?Q*@K^Jxn8MMHiF&KoucEeUK~>Xm|99Rs!<5+tqi zwjCgcv%#!2mPQ#?DADg_9QqnS&{6SxZc)FrhR6W!WU98I2ww_^>gp_niq?hW-l3K0 zo{h|zWn18Wr${NfVV;r1{Hss@EPW`XrB{w~`+P@>eA}h-0n2fzvY@q=zi23CTPN+c zp4C1*QW3VX;Ix-Dr!|gNO+%LoIHVZP;?yL0`CWYCLyzo>3RGz{(19C^cvnS~keAq6 z);-#*18D17*H?mX_4?CHe6BxAFD1A|Ho^49!FJx%?Um%in}I4Gyws{)7786YSj+;K zqNuzZ4m5+NgXZn{_SGSuFIy z^8EX2tRaYe+ozJ!Yf2I1s1!`7uYZ)4*5G=&YpLQ9X#_Uk$|_K40KKp7ZRzVmQrORT z52#C>HwSrqV4vx98n-+o-Wj+4axwB%|e799iRrlmET&HD8-!TQ3R&CEb0f@@esLW|tHb=IY4VlU>~F4w@B z^N1hZe<`xsw-B+gohQ$6jpiEj41SEMFQQqpzWV9KEu|7|^(ws9N9YY9${?@aHEC3Psg++UpV zQ3zJklT{Qejf$7MkNZW7EdHBc*~}PJw2YYe*UUAV;1E6?xiI$W;)55kS^se#*%i^B6a->0s5{bXpU1+CAz;Wjh zf5yMD=&F{rz4c9Ry=qpX6ajGsU~xyan0w3!XaOCvsR3|E?0YQ;ltrW&fGnRJ%8-=X zvq&0lz>*ET)ID?*Sf7&_Jf(g}GSA?zC2olc1V`DucBnkI}_|EiM|pP>n^v~f8&zgj4}yUp?xk(^#`y(mh5Y>EC{ zWy44PBO5VL?@jbCccHPIvA_ISba3n}(Qe00<}HogQoCh&`|vrU70;G3Cch@AnGAnM zC(nL=l#vyL0J}3=M$DpG5-_cen4%Ab;6-JXI`>B>?8YWB7P6Qy(FQC;G>a@5N&4Rl z0FnuptFygyvVaOLPRBd{u|?7>b`I_eat8SEf#p4D2|ia`rP$|h`?M&GMS1%*Qju4w zc?Tz(b+Y$FOgQq1GwR2kJ^wp4i2c%6Y%;Ea4voNy6>61W29OqzOlL&Tu*(ZxH6R%$|NhpWF6)C_ zsT1;hilbogvo;yE_N&_rqD5Y_=~oMQhX<$94J2@Aqxa9M5wuYJDzI=Kqb%_NCbc6` zj?+o-Vmvn6TRb7l@L^}^rw8^Uq}@c&=dAutVSP7?jPu86Fgk&13&`~CG1rH{E5}9W zZ6zbiS3N>*d}j0YMF+q4z}&DqRZxIR4{=|&T{K*1u>ol>Di^nbTJZqJWK;RnRyyF< zjl)0=#oTdRxVdwg`r$oEGir1J0yPPHEY)1Dji;}*hYa>23J$oqG&!(h!ohV#or?|4 zammC##z4V+g@L5%{Y4HveFJ`YNLx0i;9s-~e!L9KR~?R>E9cEGq{ zN`6AKhEBGagZrLh>u#PDFfU#Qz0p~kdU1D&h=$p83COt4yy+Un>tw1&a^qfdWKTm# zl5XS&vxRh_|BQ_ZoA<-EL?_*(MNJ9Ro zZj`;trmFVZ~{i7 zeogGScdiTUnTCL<2p_cRMUMex*`%)picz0|=2nLSqlsGY$sgVle}+K=l=|S&IdGze zt+l3mZu=8SV|gQu|A4o;^ZLZmLWg4d7D=Q1^J>-9&qqL5KtSWhUL4`o9>_jnGN&K5 zz&6Pl2@sVnX%Ib*%?*w(d4jd&ubpiRP6MC1>ojwGi3GbspALn^pr*+`VO{7w2$Ap8 z4qHz7cCqnlhG;->qDP}hRUhPD;_s;6Em!+g6}pf`p~bF@@SaTcbE9({Ky*k(Rp=gB zeE6XJysMxcdsC3h8rs*9AY};qnrxpC_7ZyF;Qt}HE1{-*gf9yFAn%=P&rd34qduDl#3oOHGmRoi==G)ja zYgM#IW6Ah}+EoymV))rF5BLjPH1Hug`uFy5)&bKIyP2OaH(&PLu;V|Of999XsM!z< zb7((62Y|VBhNcwM@MqvVt{%?I{a*)_{$x2l1ywS%dcUji@fO+)Asvd{ZOiMn&8OFf zS2gRV9!fsQ!;!L!R{p4~`FkNL$T7`1fS+XNlvO{FUDypa)pgHe@pEczMD|}zgk?2b z}P3{&C>DU5OzIEjFK}?aEnkT7Oz-E7dV@ z)#;lh+%yPBBd1akZ8?wQgcFgaRJ*P6g5U9)B0TV%!>&akv9r$CTU>juO&;~Vfgbbd zI018d?rmJ<%#TLR#m!cN-3kew1-B5lP@%A{gs-uNF43cYi}(vb^*`3Etv2k8f4vFY zagdIC`bBT1QuVO;0{C*6bb&JpJ>_Dt()H%lbNLfOd?K{s&fzqo-nT!)nl;>sdtoNh zd9eXjyOEmbYu0X8|G;H})W$y!@*G;3kh)-{Uuuc+_(vE_XS4dr-|0(?rTSt`PDA-$ zFFEBry)f~2;KmB3+Akb&`hVKM2D*DxS$=|}0!YdsUy6a-cAV<1ef~7(G-l1hx-s?% zdUw11J|yQR033iGE!DqmJHLK$jiK!TOxRF%kPfC$vf%u`AjZW2H~Rn;WViT8RoA)0 zjY!s13magbNcTll^nc@`D4$% zR~!kKwekM|=n8S98*v^<3W{q50-ZTojE ze?Gq`)vHrwwI73}^_MMq>EK$cwI~8ZKS$s zj1e%_H31fFld*ZA|MTA`T;8F@1ln>=u`~cB@Z!5GH+TNqgr@)kp!Izl2a3>?-Rh#m zK-W}o7}bTnBjU8k5LEiGxIl+_>ODe}wCgzG!oBb1GjiY_(x`XUuv!{1nx$uNVkT7u z|MTZB)f^%C&tvkyuCTD?$lZI}`Qt{Z*kIi5iD2fpo_ z_f{f*9>@DREs5%C0wt^OIDJAAKEU=11@0cp1*OCmYvgc9-W>VnE2q4D^YgOo((t7t z9bh%RyDfXkwYVGU5EdC3sb7!W+Pq+nR4SF~cFORBaM;^=VBall&k3xZMgUA_9#X31 zj2QUxL5-3gcR8F#h}&I)3bs#{)h?dto#xq4zvwut>81zNCUFoIzl+--0W?eAhwC#38OR@{;Yqd-962pJ$epV|QXlw`4 zBMnBfj})3uAWOD;Tn}9A(&npUo7ZLh-Km>v4=NI4j%~e!RMKMLqg;mxF)D-5O^rW; zaIj&OWEFQmO)>Lf$@)m+|KaMb!=h@Vwr`Q{?ilIrZs{(SE@_bNo)M%Q=@J0}l?Le& z7(lwaySrh4cXNNw@qEYo{te6wv#)(!d#!bzzf;+H^SSZWi}c8Q*%#RufXrO=6P~VL zJljx#wqsb+;=5v4Z=7c<;Q)CmxA{IG&IE`y=p3ePF+fR8Dm8FfVccwu1W!T2waDKW z-Wly%4PPudv)2p%=hGBRwnX53DKAIbV7wihaT5VR>*0ro!}^r|ZNVk|l3ra_wgI(E zgnLPGMx<*V4s9kw&`iJa&z&o1ADAL8-P*{rNN6*g_xr=H8zV2m;kDhNy4$FvG<96>k0du}3P)_H3glyX1bUCsIUHYKY(CI&3tG?x&~-|8aoJxx zsOCy6B~LJC(Y8HDS=>YG`kvo`>MacFV9+{HnqVP^xBK8qSglpQS~jnDxgBfKo$iu} zaF0wFM#orzg4(<)s|X9(!wm@MIZw!AHvwp=km9@FWcAd=3OFrBB+@Emat8rda&l>C zjAM*p>_zUMa#CA#s{EyX`4LCl|4JSZ(kHMR>co(7V@UpZKr#)uCtVJ>80y{DGCMAS z%jUI-L#el$1=LhJrFuax@y&6Kfz5S#t>*M~4$CnBE!J!;Uv9R|ol!oXJQ|4J__!Uj zmoDJR5(g3m1~$azbtF^zHP#k0tM8|^G;T$1jh`I+G?)Si|{v)?t!NLdwsE61tlJ(ceMjvYjr2!Uj{9?aw=O; z*@E{QgMHV1sO#m?6u#uM(JNl-p+t%KdA%Eqr83x{PU&+_Twp-GQ%(ZV9kM8i;oUekj6-``eeuhUO3Vu!fuKqV6OTNP#T7%DB{vmM?3A4a53VW1DR(-Nee?S)g zN!C|^iv%661@19HTrw|s^7_)=?J`juQZ>jtl}09aA_IS7t~x~#>zQ)}Q7=h7lG-r1 z7%Pp_xbwF*tLyosT@5FTGPErwa91^Iuoqg3%2Ph6zh9^5u>I@(j?31$72hXKkhtHq zl%7wz?AP;*N>yruPeUzqYLN<%Ii3ffY+8LRBAq9-Z$fYxyw;uj+9jlOf1HyMjNe!! zgLt1Je7}MwqT}K`)+08axBUsM7k;%%os&(rgWRkJVr6)UDvyi)y&#C}?+?GIqDgf{ zqW%H|U^4(KEI+B$QjP~lh_f0$_nu*6_o+3V$4tz6IGZ`xQ!KUAAau@LvEE@J*t0}8 zf?6+Vh=zz!Ei*<2u-+fU8SAw;2wO+tZ01-->7vP^$x*$;R$XI;7NG3Oe(w-$K zGt}@%=9=wKvvt1cag@SQ00$*%ESB4Gm>gb=NUV_=yu_IQvX6*k4Wkj;zbtCyJwn>* zO@@4{tk?V1E6jYQT0|?52Sl_~mhg$R3L4pUPQ#{GS%RgV+4}Djg;nG|_Li`5wGv6h z8#vu;hGLxC9;tY@*@(zFco^RyR7U(F4|);;AEK0-w6fJPLrYCtT$U&Ak|PA>rREWr z|A@P+er{AErxqynpV6U7aQ}F)O)2Dh{$}{W7{`?%m__>j`5%*#C{B%h{9la~tIp5V zw6aDI9rfn?Kw3F|^YuvwfIh_a(LR*Z;~LJMi+^tp0j65v_A?wRi<Y^UtrhXr&q$;V#HgOz z)5x0Ux_K&bL7)?oJaEzp(B%RKXJ;?K#d0vDjq@pc^XK@;zYwqP3aA#NR(!ryOU8GPfk|{{DaG0r_y4=IRf(C#^ze9P~bB5jz-SkJ=%vg5Jl9- zsyr<*O`6W)I8bjF`%97tDS54VT`wdnUAxAKxJ5j!QsIt%1 zly0nTAO-NyjMq(J^G5i+(peLrc&B~MY25O8?meSLZxLoXwJ&Zsjl5h=ow6|*V(49rs=dSF4=%@-uBy3wM55luT=6@ayRLO9doFMP&gr0i zaN^XjhN9?A$HS9scL`nYh?Wv$9?Vn-)^u3NHmE24NgetYni5U)@fel?xBzejoEKg_ z4-i)d4t**$-9ya=j1({$-NAiV3_&vP z{x-xq+M;Dlz+y~Q%n`|iAB0ay$g);YX}3YPIhXPvT>}|2%F!t};Bcp0o zt>!+%FE^bJ>lC7XB%YsUpqG2^yO$|t=6DK6i@h~)y~D=<1o{OZj`Q+#i7qyfbu9zH z>0CaZfG-c1kw_u`Uai~@X%;zfPyX78UV4ZlNhGDj4Mhhtj+K6*4|rZKzHR)d#b#88 zp!R#3pvn-XmTXc!60e)f2})qpxEfyPNcP>R5$#>veY&U(5)nswcvG!?fqd=$?r1r! zI)!-TRyU|z1g-aHIh!ZrU?Sk@_K(gF>F^b zQhraro$#X6T(9r6<=m3+UFTzn%ZlNlA5dx}|M>T_iFxyMp4J2rlTJQ?avF0qV4g5v zSr-4PU&hl0gSl_s6-LZX-OV=I@n;H_e(Bf#ov&4sD&%sCQ+}HxS5a=PmG7aS%x(%N zgM2N0XC8Xm_mG?ap>f`vm-xF3uPJW3#VTi==QOm6Nw-QwnSe9yzLwQuYnxrjdz)@w zx8ieCTkM))2~s~0sA%U-{6^8i_D^FMPUs$f53OMs#!p5oj`!tazjc1cY#j(#thHqP zOTSYXG^oSV<;;;gp<4REwx#vQmiv$M%yJC-ZU1Njkg8myN}9}}PZUi&)G^x;sP)EP zs#L$0NNt`^;h-+3%Km}jkNp&eHrl_U6kx_O!YUm znRk7Vn>b1#I#00{NIlA~F+hvPNo6aXT?|Y5x-&OXTxpDO@wHH;QVyfAouqo`-AEzL zTV_>_0dO6ujl1wibIJ?}n@Z+54aFtSd*i=rGT}qu>6^c8kK3+HQHIk&R(TCOOP_jl z|F3(I$*3To76+d)=I1Eu?tB#?S|o`u^J5JvZKvmBllISdg|C0l{0s_Ih^LK;uV2RK zO|30S;I#qM8f6@+UD!JE4d+Tmqiqf3s~x1Ki&){cJuJdtqq&fDB?frByjP0np{@lKCiE-ucN!yJk_7Mt`{z+ZAM| z^IM1@Vedu{l0sxF;AE=oN1P_{J75DEb8?fl3i8bFD@JzkW8Fl@PFin*ANIouWu)s_Q60!O0e^Mk@d9v{oe=2l|FkcgP8)jrUB>F`%`6%UJzjp<5muvWWM4?u9qIujk5=&*<~xHByGgd=U_== ztk%$b&&U7cZh{okl_6@&`W0Hs`z5^J>bDAp4Q`U5l!#O_WtE!>Or2d_P}6a&q+wGL zFc!jXoSG2GEGiCf0~DFAh>G6_CquG5l*MU&!xr2{W7+Mp0+Z54+)>>=!KSIg(aAEg6%O)i>FY3Mh3MX{X?Mb&uM46KO_k%P`a9oU>eC2#tr zJ16N(@)t)OTn_mxM(v-Zvmqf!)Ii>Z*1AnUD*_L85xM*Oc{wB{p1&U#|3w(y@k$n{ zEqdCJ(i9#wD-Suw{L({!b&x(`@pB>67NzP#&3+qi6W|5~xJt&tPrVK-rRml@mOw}w{(PQ-nnC|Yk`7a(6t^>EfGif+rtBGtO=^?PQEdlC$hP0Iwq5H(A@0uLA6 zM?(a4j9xmu&&s`LPb>F7UG^s{-uU*4QuvoBrU;)*TevhWak+B%re=!1Wo*3?vQ^nFgLA-ba52 z0vuj}2a_q`kz=J~eL{Sp{05d6`*$^ow1G%`jw`sx>J(By4zyOe1OKhDcr^IY@4HLe zii^t)_`^?43jW_SfU6M&a2wi5aC9r^=yI3_X|qm$>}ndiRg=|UY68qg+p@UHk_Cay z--N(!oM6^O;?QUvXy(uZpv7k*jFxrzi^x}ELXlBz*>y{bK3ZcaxY?HqAHBmNEs0w$ zSv2r@V_ZNGRzc#bTdBxBm?^pvFw5vuhx6K zO`GV;6Br(*W?;UYJxAjMkwQd+QW|OrISX7KioSYEdmOFwBTW9SiAW5SYdC)^CuiP- zG6QN;XZ1X`ZHrEnbf)6_G&McgVBHU+wdORAM5PU!2xaEOrL}5w#eMYidb_nh1&Ge9vPC>G5Ftb1 zK$;=hip^k%Gk7rO7(R?9n75qUY_=MViAHpfS+mVf=-+GE%@M^O9~s97LSLVWP)TKq zbKe>Mu5eTSFGsZg4vc`z0c@$#dD5W?j2cvvzxBz(uR+k&AY-{*YnfkogbB1Z43i}* zD2(bkX*?5Q@{wDZU5y3En(c0$umoCShLNmDqN{y?aE~P9eufZ+brg<9Ut+dW9{5wg z0FO+-7Vh~#YJ6BKUBC(t%zlb~zJ1p>*mOKsODyhxDK)$}r&XXM_shoha#sN732ukW z!3W#&mYegF;32|u2{EoaF9kKtzTxCOrhd)N+ekG2L|S_tASfGH4;*Iy{;vJInHUlB z+l)x&e{EP-su0>gm7pKuc)Tc?2YH5bTZDIA-!)^__549BB>^6%D>ak=ZGl-sjK-0y zSak@4TCsQ3DP?QqJrn5tIX3$Y5r8H@N8?7XW}&&<=HLT5gIYGq%0A&(+084X*5i28 zE@ax1kHsxYWrgdUM3XyK9RP8gCVS2 z-|s9)E||TQd3Uh#cAowO$*-W=&8sScQ#Li!Y)RUG8FlaLnDiU7 zT=axJqY+6eGJhDU^*+M?9Cc;vWy&*iIC~7ht`C*1W?{%?-DmjT7xNPq)`g zdrpNGoubbarZtqNBE#1?zAj5tfav7-^st4u4cNu0=xr*r&TY|jQ&s%Vf8szx9yY$N zxZ*|^<8Z9=@bRH2$T3lgdAxeS0^H-c0*stS(sVZ3^Z_obo)p46+)=0K?VA7qnxvmu(?-@V$7)cTaf5k_ z+p^j)IL)TBv0( z!P>WISd^l1T?%)emJgZn7x&|R7U4r0YXIx4W9p*V<@|fHpk7=-#A6^bmQrT1tI>Q~ z`<4IJzNc)IoqLa93)d#ZodcN89E=#W{2drr2ndNhsWf;uAOTQ1Qx(oB zb-~x)I-}nI7=x>BVG1E#BgLh)Q&8#!F;muaj{<^14z?9X!rKXc7&Gy`e%Ihio%=GQ zr?}q0A-nY{4m*;5KOqCPv;__e0E;KRm2i~xsPwoVekch6*++fl;ZjQ~hei_sP~eTe zkKmHw6baB$^_LXUeYFEK1kVP96gartdW;kCKrv-f1mi?ejz`6P>C`Y#Ik za38U%Yu1= z^Hagsb|v(cY>smj*y|m1dQK0Tt?TqDxC1 zdrKA+Oz62M^3iV$mWJnl)!;g z3UzrwZc_b5cFUb;`5${#!OTGR3oD80wAMoW_yt(3c5g31&+Wi-%t`->NK!d!=d;*D zH|;iqbKkrGPVcbJbvS~tyv53=ZFIm-<`UR0yv_`65_$S%)i53e}Ni5gT9bdI6$ zEY;<2&xLGNjx2FfY5^LgPIA^%@37`JC3bdQR>~SY*lJ?eN|)vV3C&V_7oaY~6 z78BA!7q>dS7 z8y0pj_D0P1|8S3%$n{KFzscZ+BP*0+xr6MTbyPHr_W2L|Wy-I9LMe2*?KZ#y6cy)$shQNY?4L z5RQpMwZ^rA;xa)6!Csw%07@^WTa!}e*K%RoBKqt{SzvM;A5t?@?w%vb0;t?UZdH%W zk{?N8$`%C7yTUNXZu#D0F z_OViGaD^gN}+*Q^dDSA4zndyDJYb+dx)PD<*fJL zM#+Nl!9f10dU=G?@9z1mTgf5YvD( zlB&;xV zzVy(_BnsT-O9QabD)@7LiZDtA4qB#FHlpF&aLfY%v%Y+Ky%ra44$~$&>1!I;aIUF*$W1{FAjG1iM zAT06~)+zBB(}I|k&}Xx(S-2Qlqpj7R5L9lVstt;H9g2{!(EEI|4mexQfLE#N3oPbT zdTnm>I_1Xk7sMRYOt)b_Hh%O1LX0OQ_JjWGA`l`qgxm}8TWgtusOO4MFW6LC@j@na_HlOO z?csE*%r+P$Q1)2s1he5mUxC21SZH=F$5I8r_9N-Ladf z$YoA}7e^NF)Egg}fC>#c+o%F?QncHC*N1i?GntSNt?7?54yl?C z!lsPN@gEtlnn+*|24JK_>DBnw`FpCQ>RkxiMe$#Y%#!Z-tE~|-pzkcb-`ITARnjW zQ=j|XI=vq2)uE*A8v&=K;O>F!7JVBu|IX_b0KeBLM3TCd0mv$T2`-oqW%8$sc>cCa zdbT+ce^nxK?BUwJ6!=grJ_qP6=ZqQEt4|*5o$FeX(}ozxd+EF5@OxdO@PQaNXr#aM z=MI67ekY3GgF{}SDiMrHy$;&VSK@=)AD=q9*?)knWQ)2q7@7SgfV;p4xepII-)Cps z4G(5CTMZC>(AFjuPsstBYWj}4J_DDI&x{qq(hTS+C{)r?oajbLZM&MT?A01rbxP@U z%xsRRYI0hN{KUPEX5)-&o4K8jUni%sLxa!XeJCw`i#1SG`oS*Cx!)B)cF@gbRW{^f z00oT&+=YN^zh$XO&HN7t|Aa|jwZ2gsivGmKd#JYIuUgC{TwO+WzXFPb2NVS(PI@h2 zyYsHLsq2#7DD_9j-y@#uz_-s>%ubfZ#~{3(8CFAIe*biyI1{!30dKn+U2W~SPC*`# z>czNTp?mY^|GKEW!>sAAJ*c#v`jkAFtHD$CHN=f2RfmmE%D@&S;SCq5Sg7#A;We> z?nm?S>gsCS(5UPtU(`0@;M&U5XY&I7>@OqohG?!2_RZtcTY?xvMA>F7E>U9iG&bm3 zK`c`?Z@gJTK;o*MXvO%CTmc+?;tqmeQ;z`hW{~9vgB@Oq_;bce?NO;=XphY^Qpd>? zYMht{<@Mt#_9)kJeMDVdM!@c+60Sz!djx$mcA6kIb`I{lbn#*wbk@}G))&^L290Pn z)zwu%W^OJ@jjG!0<@j6AHxYyCnS6aX`eg_snfwDGW#^Mi2kGy62WhQ2vC@y^ z27fAF7Zz@XiRmUrR2Vg8Z}kSGrhVL+=V#(zml|878Jv#((s-eVq(5y)1jir-AcCMXprpb3#^i&xjv0ENI%!{b z4`zy9dwD+&F)pPeDUmQ<f=(8HK#VQ^nQBZ2*8d2$lG)tix51+)Z-59=Q7T=yQ-ku?Xr{A zEXV}5FKt?41B22a>2h`GtWGn&)s~9lwHO|IHG_FMq0*LaLXM77ZSXI`9RP|~sL0xJ zKIOGGyu>(xXJ@6oRqPSP$MVQR+s*oO z*#T@>AtdK8RSr8+fNHM@>1vm8oB4Bc=$Q9j8(YggpbP|fcE4jYY{4M^EojzN#6GLv zPE2U8``s;&Kb6z4yWw~IRIJX?OqppHj2$|ErOjmcXA~w;Jzkm{t5@Ygy0EHDK*;fy z>w9>T)jpPu+xm~0|5*^Vf>B38k5&Z|{GOc^D|5-Y;tpdKxk{ysz_Ji>rP(8dUiFYW zQF9YsHkS#mZ67$VUST%eTW1D3{VkhWjyTx!I#Qc#T(fRkiHKjGM~0kN*`Lki?ixe+ zNmM@GPBz~5j3BQcXkc~cXkh#uG0FX`=1-2R1RcDI7r{|LKJ`Fs8npagP%xB`*3(na zv!tp>($2tiO+L!S$YgAsLkBYCwvZ2Zc> zoHHRi6yBZK47>!Fbo{1EYZmSO=%xZfV^t$6C0w94nSd`pe!;YW$5(`X?{mvykGa4t z5w3oUb0{3YQ-pnpg*~3X0A=UGh-!zuWKPTsn1`@JQUXq8r%Z;2OvZjei$drRw!$Es zT8^#5Cmu_6OMNrec;%!v(%K{*we)17=a9Z^BMMa776^V^j6cQDV|#d*RQ$(hQS9%( zeDLrlV|g5v3v{Fi)$uppNyPTS{*~93rP%VG)z+QDX_E3vbpLYG%A$bFsf&M@V6XlPsU5+JPw{Ij-LT2Tu5w(lqb zg%Qp{^LxiI$GjXzsfBh!!};A6m6CNkCnw8n1=l}kC`}}$7Vb4l(TkRK+-jKNWTW$o z*7JG3q~AB9C||Y*-Ke7n)#n+N$dbd$qoSEypUP|NQZ7-^xEn$1;sldS`V7WQ5oY6D z_FXGuo*u2x1pn;OVX7mvF+te5^TcZSdR-+x*516&kdW`7c7lx1;?+Ve#y)p83laf!@-|}0jSnp? z(*r}Ys#Z|@LK!bIf6w1y8`tL*KIusKGiR6m$;~fYmJ!FeXq#*6n$Dt2!D`}od||{v z?h4EKd~a##(;d5DQt7htjiJi|zhI_gC&cTbwxKKycZLbMsOT*UrXw81@oxTHBrTt) z@M(xps(ZFDYZZKAM52zE+}F|^!OE;qwLfzBLL?Xk5(FJ4<{Co5L|C786p~4`%LRSH zq_zIkCq~qJ<>lM7N}pGI>e$_^Xs;X%$065^Y6+#8@~w12UW)&(e}E zjO$kY@r&R7YSx!;ez(qf5!27zND2WjNi?-|W)J*7mmFFkvpn#hdR*P55)d(;gk4(n z(MYnqF)K!+;k#`>>&1qvdt%dyL8Haxb}>Fo1uce0*q~{5J@M{|kM$23FLoiQJ4EC( zQhC+tA3wXt=YP-d>buF`)8H{)fjKcDp4f1|WI4}+bID^MDc+lWDiQqlJ85n0LX|f} zd>`9Y)%<=-;qfj{M#M!ceAm~EMXb>9SRjDBzF%PvJ-n&Xf5ywhGYl8aE1fvqT5x(^ zna!{fDOPQ0`%PC-k$fudMP6=ZfoYDOLzh|w=gZ#Fm|Uofqg$50?6RTO&|$Pcvl4@@=OPq+WA6@(;PUK=cq7h^x|&u6(jC^+{xLR{gU+K(!{b;o=6pW!j#|Nj{pJ&O={K=^XUX;&%V7C4g>K6wu@>2n14Q>YxxAd(@5jZNPlI3upk%O0jkJeuRjrg znN142ze?8(gjf+qGD%9+;46rxT)JBf4LMF?zrnj2r)x(uyl1fp{dKmIMUuG6qngsV zSh%3hi-SfZ`*mp^h)?9pD=ZAM(hOVj^dDVZHj5~^Jj9~dG6ZWAq0J2QmfA5|Qc|*) z-qK}eVFBb{Eg`>##1KzO;GD3QU>?sPu!?4>{5~mq>ujt|zg}7+bTK>J!X%OMg}&!y z%Xe#xxL3I|mKh{Wg>pmaGyY}Wj zakt&}LP9i5AI)HQfT!Rn7Sz=%;fEf1;Mf|~kjX9)f+WoQne1!#!Q|sy)Vg+haBH32 z*n&3Y<^*LlevHhjIIXPrr-!LK+>|f6L@an04En73eul&Ln3-Oy9}FJz{o5b*(A+~f zQl0g#9Q(D~qlszl)ZQrKQK}T~yaWEo(Gbtr@JCw4%XJgu4h%rs$A7tWsZq{SD>KY?MT`*zyyorkv zL5I$Pik2uVLKRIDgW%AuE$eQr{2G*H@PniK@aJK|(G1jJ$_lIf0Jxl2?KUGEA3m`0 z*ibqwHNg|A0CcMsys!JMKT8e1z+hq65^8y5IYziGu;44p8T?s^YxmAaiX^1kU%Y@@_T3>y9hI%MOLwe!r!u+ey;^1k;Bk z$=(`>59adYM!fkdC=h`&a96`+Cj6NM)ObaEyU~76;?!_$L01k^Fq1N=pf10sDqKj= zb(|UFSF_kz$}O91VE1rNq+6#MknIE&N2WCy6p5YWU;4WGtsL*(Loe^?#U+bb(d0_{ z=H-jl`JiI8Wo+ub(9nPTzIcWVb*1A2gTQCi{q_@7srfugu4|OSLCGfMb*T3u^H1PQ zl*d)dLH?eLFu}+HfPOo&g+s$8ISl@!gLN{J#soh&_hfgPv#}UQNPq3TU-H*{_wEzc zIXSO21=jIOcs1gMmWhtFjvhZ%G}FP(fQP{6e?N4%k6LBVqDJ@WZmX-`Sz4*_-iXCr)w=&zX5dDt?e;c^xvi8Y{jN zr7A>^5({pr#JHm?o#S;M9BH&eoP3(h8vo(3>mrF87+O$+nT(tmkfRJN9HfcO;J zw?#vo+pru!Ti(1UVzg3>eQ)F~e!u9)`*idCBqZ@L7QdPiZxmYvaiL6oULdaAzt+?{^G(Cl&x!~;2VwrdN zs=g++sjIIg{E1LsOFyD2lcx>G_ob#xLZ?k-n?EZS#M6yUnkZ7^g{l@89276gT3%gz zy6@w~6<^xf-X3kGsqJh?{ZWRboia6BlLh_b!QD@sOl!0Mq12%6wfj!$_sruBMpfu` zCYi%RHL9?1&ETh>UKGD52-+gDbogue^`Y8~r6t+2C|A5ryw-znTsgW9gN-ce10Ohs zNw>{5ddT=FBtjNjGOVxOGxi-k7=_ZGm*H;_wvCsanL_mzzSq8H6@BzDblrQM%w`Y; z^br0H4E4Z#5r67cqgX}vYblPK{JXT3`ye?`{QmhiFknOD8KvIHo875tnY)9salB3v@ zeeg5K=ZGIsQt}Zl{bDyz?UIJ2rRB(&QZ $@^(r%$_{Ec~uPi-*sdV{m+ z3jjxovd0*b;5uc|9i=@B`6zikeFTIcPg~&XIuh40wj3DTY5ItWn_L@+Yu{&OW>vWZ za<=KC-u|h941vd|YwO9QrPv&4W6G{_K}+o)daSj|N#mv3x+#hKTCzqrXogU2*W-EZ zXq1b*6jepU$wBXn3Cj6=1QGRQFis9%t z@&mJak%;?$*GY@xHLxj$Xuol7J!3E`?n-xhpri7=u4dTyh% z0N=>`YulIkcRzWg2b&r(pFVlSvNpMDZa5iv!U=S`MGyEhf_d9OUEaDwuG?rE`(9t* zAbv77$-xf2LjUncr&61hnX3Q|JsnM0R2t(I(*kaEPI{^X@b!s%BQkvQB> zzQ~%Wt``c@1J3|TX6a1??Ft9M8e}QUpG$09S^1Gm*RfU5vqMd213LY%TO*Z zXJ;ErHe@5>p7}=p2=(}x3-hKOT@IozEVQ-zbiNp&$S3VBg-%%-Pvt zB$rA2%XA9hUmzWk7G6AK-<9!C;1PVsoHOf$-VB=3C@75U@@GIVm9Kc4U3)$Y}r z&Dn>VRkT*0t@H22j;k{wGWs}UiCaGHmb=p(jvUFpUsEx)O8zL)f}h;#!6MfE(gS2n zi~bqk^4Bob`HkJw$kJlOK}9oa{bGP90QrjZe!%R>c@9JdpH1Qe0j_D>w`~un%i&K5 z_|Ls3X4k#W-I^ z?ME^7T%$3`%5X7ZyzTGtHQ3Uof2{8p^sAic(`65#Zlq+64f-S49=Ugsgpr}YM6St% zq4_rHhh9CZvMl7CzVQKvD%zDRcc z1om$5l>(^K=4n0N^$~MswLozB^Mb^3vyKt}zwe^o@^zWl$)e9`Lhf@6D?J|s{vbA0 zTI_KAsjGcI62qSwDE!}{L0e=x5n>?9B`ZG}UM*?~q0|U_ho-Jh55~(sE3U_zai{Lj z1?}*1{MQ6<+l%a>k5wX$Y*>!b2;9#dJINWlJ;SEzP|*nz#keziMl0hXn(u4Tl6o-| zo)(3L7MH_d>vuoPN_c-<%`*PNSODu5G#uS<1dr2BP>E4bICJU+&dqUoIIERdbX`9X zj-QmNH|@=w$sF&AT$|Wk@AS<-oRop~=DA=+rh=^ju*xQ2VH}QkeF!x0hBOd?CHKtc zxJp}BhL>%|Yp+&slBmK~hMgxpYWBImFdsImyn-b$_Vgs5P7&Gzo603IGN#)YZ#^A^q?=l&>Sx^Qy{4Dv_1}91 zx98~jw|{G`YZ5pD``Z^S+;vr*{rj`UA=uuG+0~>kYHTQ&aXnWBb`&BK!014yjj%0E zvL-gq6Po5&2v*Z>#>IpVO>360wm zEc))$pTZ_I)_<*tMT#EZGJFFcYqy9xFdaYcd5=OyOKvC2X4W~Kp4?%3rpD2R_lqG5 zlJ{v1SNn!8{uL`M*|I9{X|2_ABRZU0PkHvPaJ2blbc&_XvNtw z`jb5C!Imf3UH6IQu?tOem$O_}&P(GbRtCo8akV#TWrwgcJ;=4m(O|A~R=Mg`5>?zv zya!>bTC?ihz|wt^UDrkU0k%xhp#w><=gonkF(kc7*Tg{&Y@9LOep!|^RqG|dmH~WR z`y~e;$phG>Z}au6E?hRK3%9N;Bq4SRz%$ zRJ|7wZi;up6_pi)5G}ueI|4is+Yr!fGwo&C-?BCudNl8>)^Hi3F z+2vexu;5Q#URz@}=WiHxy^IaHcbK;{_!(cndFau-kDew9G?iXD|@ZGGvZn!}CQ71kPi5^%+OJIOz@ zzA6u*Vc=G+pBL5319`Bjy`DZ9cuVU*u?Va5&mD*jD`I7?#7yMFCNeOCAZT;HrGAK>XYq%8b1*n+_0-U4o~m+sI)%-M?>#);Zd4Vus)rvsra##? z-l-iF`9nzWuV7ZzW*fElP4$%`V9D$G{i3wIm8JW$6+=jd$Hb9?AG<>)%;~Ap!SBaL z_)6|n{f$m9DC~G*g9vta`OxQaQeST-XCZ5J?YjG+iE;}0bTdAD{TB$M>-Z{sP~GgH zw-cn!P=9IP-nPog7_E9QT?Cusa%e=|n*lF*Ky*0Y&z_e^+$LKnX6gklc#E#T_{)Ln z`9tGR=oJIrs9{Arr6Blr<93|5Eed>c*_|}29qOM;GqCphhfcmRQ*`X3f(1(su)Fr>{M!TXJvEBt?pr}% zLI0d@P92h@hp5xJ{AFOj1|E$<`=v)e@s6ekPe+nHv-=aPBGZS&a@Gm#b|;1(2Mf1H zwQ>yY;*Gzs#*cXRa?~lt&$5D7;xTELhL#@^slsXpl1(})EKVNH9=d8~#OLmgCKA7y zl$_jHcsh`kW(|5ggKxVkE6rvfR7LP06nn>eUSQ+)tk~Y!zStS=ui9ST+ucUq80n%G z{5|d3QQQ@&c^?-)O`PlrrXzBSk;i{K!Z$U)-RSo?5%gy%Ry}@lft?;0=+$37@OEb? z`oaGH1MH8cYfwE}?yYFK;F1fv)82({!*S-pSz7%g{qf_q;2DfpV`IP+M&q>W&Mx7% zq;NLY-h!&T;)n0l@FaiXc&OmZZUlL}x`p=ole+SIq^{R+CXx=)CqRx)Q5#s8-N zsqia(MaZH$B6<7DpVNcFgCET~Sajfa@$L-;25rE@ zvGFwCJ%Vwv)u|kfz<6j<3Z(eAp9CS@;Ef6q{gP+;+*rzL)XlOM9xYU+zsgU5WTA zFqVMw&lp*Z0wE!bE?;i^D>6Ks8JrsOfKv3oU!|d@r+1CLpo#QEw?CWa<#qk&%-flx zg#o4pSv98Y#`Vk=BjIR#{h3MZb7-n$K9B~ z{_^(Y{`65!&<+WH9QkQ~bZ%Eo)L^=@dE@E^7tF{***}!WG@=tu1ZCBqPPiU)uWOLh z;}U_#Mxp<`zxF(#Q{|Ng>+=&)C94rHoyP1-lQE4zdfbk&dut5ex>qUD-qg4^igp`$ zNEl!{hTmyNV^yyd>6DDF{43@;OS!wwbpETjd;j+fQLdP0VT<@_Q0>Pu&hkHR)vCL` z&)S@%*Y1NX-)ivrn$~!;U|(iqSKZ^gPY>B3nQoA+F5a1J474^ngkO4H84}k(_WwLo z`BA!xzR|OA49a7!62kIK1BaIO5ApOSIjfX|3lVW z2DHI!-NN?e5#38jj|2 z@&D7D*#8%a|KBBbVFQZ)$;JcEZjZ$iI;l4+cK;1!Z^=zd7=ubXzo(&Rx+G49+^}R7 z-Dr6n&w7v{9Nq@09?jySDlWlJmp>`LYNa~14aDlj7P-(^CADPlSCwx`z&+U>CZoWDW)2vL=WVC zrYLe*$@-zrfpZPf|BP?038i6MKa@UAXLpIECC8;DKa}s@?oSt~N1L7?6IBT7z8Bc| z|82!T^O*0O8yjjLHQ#L0{Zxd`f9IbsdFt({H;KsB%j%E0aYO7f3JV- zvWuw7o-5`rhbN7CAi5-)AKHZAWTj8#FJW(RsLKY6$0?>r&|YUA%3CM6^wm465fUQP zdRY1fIL?u>A|w#V5)?if@wLFs{W|xylMccX`6+x|~i@7Qnlde4w#WW=Z5Ph8*umHQg-t|#sZpQ=z`8*m1ht42yXwl)f-6ou1+jP$RM80OcE^g%sUCvY!;L~7uFV$J5Z zQi{=eEc6m=9B*IMK@xC#(d_{?^m-CGUc`Cfxyjlgq-ZaO-_z>B2Ajxls{V4rb13lz zkFdnr+zTmDSO&?swCY#GLsTcxMuVnnd;yAH=f?W0?sqD!CFab(4iWGmcT^k?kaY0o zIl8>NNy?I>g23nBCfQaYH@yfQ^kzUwIOV89^W~Ct{SNmWx5t6^TP_4~^=H)|RD%2p%2|AIVCYig)#g#dh`KudYHnTP~qiZn@8h|gq5?&f9qUbt}yb5{`J zZUa2mVC;ap8`@NyNH7Nd%gg-wrFdS&+Y&cWjA96yOr3+K7KyCL)|4DnUJBOqLYYR7 zm?DXXRjcD?1(Gj`m%0D6z-&ax7)Z5zJwAXUU7%|{Yj>;2Q|OK9Otx#?amEF^FGg<< zjaI7@Q&+7hp(5_`zo9bfA0ivu9F-kak3m-%G*mWZpC zM-e2m>jniVP;d*2z7)MW>zA~>MM-i zRusPrv@h|yfkB~5ttc$9dektd3~q86zMx<2lH|;IE!ilBxJMiV{2n@hp(IFGI# z6lKlSz)_@dbYh^&UJ5*~jyfIXoH{w~fhhbRHdg~D0f-0QBYfwL?m;O0S$_-hz0%vb zK0)qmhGWZ!%wME6VbhC?Jp>eUA+7+R+qzbPuD|$lPoel7)#|wjc{JS$Wp@Zb?oD3H zn!{aeQhpd=&a+{>lcX1>GFDql8e^x@3g+JMP;#A*wUO{cdkq&~n78d|$!Z{n4vKeF zRT}v&fmT7IQ$2ysy_d_Q_0_&407EIbwG!g5{uuv1e&EsuifYcCVDGX2Rb5{HxFF5CQuZ-Ckrr6U~(sl+K$Zh!f#D@Ub^28FB)6WY2Q5T;PQR##Am@no3es8j+_wfxe# zcdEmq4(?i4eE1B7%@6bh?QeUV-~w3vrXJ6sR!2wxJ8C1Yd*?bNRWJh=7kSQ_$RVQ> z2dM9<&(xY~c-z6hGq`kT+MAdadT2Sa7G`?ns58LuF?KK=ur~N!K53flzz)a!RAX^L zBY+4U!We`$Ac|My_hzhKp_Brh?iDjk=~;q_FaDFLI**puaEm8t68Yaqij^ zo+8OOLXmV9`)dOg>JMLKNh2$1+g%dD8X;~O(JXmH|K8rUHU=~4?jIwe{NOdS2>XX` zRa?1L>!HpoZZw@9lTD|`zXeZM>bm&X+k9J@ok%;0BFb0em;!@(V9Wo=j6c~5vQwLV zRoszLj{ES7XNT*)vv)WJ%pWDo@}|EB(iLmW7ye$$EF?o9u=oz0_*u~}b5J<+Uub91 za@}`XoCTXMcOICe38dt8E8Ykt%^R!=ykyArMhFh&2orO*pC;?N5ZkJ*zx8Lq)9xnF zRMtCcQu~KmZGR%U453RENgvLBMyW#Q{0Y4nD<}B9Uv^x{KHFS;afCg=A>m>;Gu;x*yIrPZ@xw6>Q6)w47top!-JiaPG@DXOtyU4|Kp9 zC!~cM8O)pDC0teL@BiJ%4C z?#G{Q;6AY2!%iNaKfUXUMZH!lDRCDl8H@rm^A3b0i0!%mT+A)r1-T#eLkS~2W#9iA zXy<-e7seqcMkd3j_{pOz-k@K?97{$&rfo6MEBw7d8=kT(K6XF1r2TVO`BeIuSM)A( zQRSVXa|adlK+>${vO`xE5j$ z?09U9nB+A5{TpyS9S;aWb%-Et5pKB-G)8S-$8KR*wXf`dzafO9pqnWp<`L}8K@(*+ zrX=~d%JPG$%JnJ|mw+x}?Ko^b7gcv=cQL~8UpMobP9FNNxDFZ?7n({#pQU-C)t)fA zSf-0OE>P^h4HTAtp|LgD&jeJIHf9XBVKRG{=<$n`NU?gNt#?0eFeXmIdEUp6hqt@+ zW?TaTXDTW|etr)YPsu}}wwV*vp=8glHkv))`y193&Ufu`(x;qd`}D!v&@72%GBiE zb2P`g%@rwxrs>S83dW}y%ubg}z^?rDSz1@jUS1$|yx3U;Z8hq}sDZ%yy}$zXJc+RC z*2L8wv?IO>*@qAx zjd^-2L+9wg_TSt7&LK<=jHTdO~6KfEfMeFNF;{z_S>(IvlRQ0>KRzkM8iShHPx$`eTm z(Wz$lkJ<*}Pke)EOGLzVrUWZ_9=0U!pFUiuKUl0Bl|du#|8tO%qM7J;U_x|9=SXanl!87Yt4FKrWm0`>^$(*x+MRnRIu)Wwb$4?5_(_^U?EXU^xnXI zvyA(LY|3T%`s$oI8RI6mtPrdtuUf%-3Ml=p}x7c}G=hpCL^;=z`RH=S4ag zjW>uBM+(6+p1V7-NH=cZQ3zY zlmz|N3k+%t-o}`Zq|UX$4hv5_Qs^a4M>HQW9_U8)>@-ii=3}08@{!w<%y|dv z92A*3a#-OWK#X=bX*hjxU1DFaQEh|-!)u&mw_NyK+bNqoDAty$i30?kW!5?Vv)mX) z^hWEo#7F_>J+kVj&JIgqUV={DWnm;0MjxYv3DXL_&z6$70%!DyRDa2C^v(TR^?n44 zfF~|t!5Dy6H}isPa1`+iVk{2oXtFA{-}v+zcxD~gs|k31*9I)1i2FzP(2Df(FyBm| zjPdt-VP@#7T=rO@>XYz-|D(+^XXAzgy~MUBg?E$E?ZFHz2bU!-m%S`=qlQ?zDnC%Z zGBt+8Rnw3NZv)BD1G%^{1GyHvQDZ}?J3K^D_j=2P7Z$!{ zy(vTa5=bFRg)Fm!**z>aLr-!C0|M_}9N)DGs`m&!G;$sz$I9Pix5xC&QLJOj)%MM; zc+c2JKo|dfT41eEOvMl;iKe0l-v2f1p$u+2Him3#h@&r`t5%$}6y+R-L=^Sp%qD^H z^x{10s!WkjMdLSP2M0|jTMG|Am`C(0&J!GjYmB6|=*-v+=B-t4mia;s;%G-)xWC5) z5s~PZ!UJ7hUFQ09o9)gHi7@=ZkZLEu`RCgXbcn4a@r;N14s+6R>4o24x%uRH@Mh*n z^@GSH!;y7?y$e%o$73aH-%RzCE8gh_Aqq)SLZ$V^qMP9T+_*fDl&?^G-sgyQD*ccL z?oKpq)r?q4inQ>i`Q!etX?q(Kd57`N>k>rk_uIqGaE+6VwJvD9FrgML{*KO|@Yl6( zetFckY8$cP1hLAmk|J;Z!e+KGc#t##7+#9inf1Ka>GAa%1Ir% zBfxHWHt4k7ogB9B+3wy46w+mfMl{POF{r`5-n?b9Kc!P4*9o$Cub&Vc!7RJ|3AHd} zwdv9*BT)sI3o1mi*Gv{aB@vc0dza;}W>CEC@+3)p$o&gyG=DmkWEvkhiRbuz61S(r z#s89qT#`^m8`UM-8UvQ2e$neC!H=~*{`F2$_zC=BRrF0}^Q%a*L9+b?rVhmJ>o*1} zn`M=qSNe0f7y&Q+mK_5_gBE=#-eF0MS}p$AeT{ZY`|4E#R(0& zcb7ARdQMU3)prRAU??FR$oL&Lr_l_7+`JY7aq;{dbUqPeL`mQ@dBlE!tl7Xd2%Sb} zB?^p=o;7ah*IYqdETW*u8I)jQs(|q_Ba2Z~{&KBq{JIKs#FNpJQQxa#nGVQvTC$IZgBpZV^o#jMFM6G=kwX`E zid{{&;!+}wIhMY~mR7A-y(h;_qK2y)i~1KtT4MN2B6wRK3}u=E{mb2IY(cFYFQ* zF0)2D1ojhp4PA);E8m=iud9JQ5kg7aeFvCl>lCPUsA#Wv=REI$vhys3v#`Ft zk3ozQhnl{EB!j?RM2NIc(>JsFO?IVz<7>{YM{QTfGS+W`63-YH47*OAZI&gG%h2x7 zJ20WswKbYO`S!IXwY1*$tN=aq@R^~qdNE=o8F*O4rr~?WcIPghAwY>qQ3b37@^d&) z-t)a@My?I8fm&~R6LVgR26{tU=f#uO-3=-7E-Y`4G#gu+js@5am#-~R=~!R`xMMC! zlA@~vK4^dBfY6%EqwZ=$luo!iBb5e=2WhH+91hJv$By0ts6H+5L2Hz}veBd=g78T& zHq^gUIhyKOTfVYZ4P4*>fi`fJZ+Vb6lSTHu)t*{l=PJLSi(!_%r@dj;z5Dz7Lc8GB z(Ru)K1M`gjdewr}2zm@J_uR)_9HdnJNL4S|hCy-j6}=#aoBy=_Otgx@Ny{F!KN4y@DA;u~j*AuQ@qmP*+Gxs+MKH0V zEQlj{Os{-=THd^U%j8n2fXe6oWCQ2l|Dn|&Wu*>I?)+n%gLhc=l}Q2s>bb20aBN$t zmZu$qPu>=V?|3P9ks^Grma0mi8lfppoQC#S+a)D_lG|3jBNlnbKzmFI;Q9qr?=JTb zE?bfx(*oCyg2#4z??4`P6?RvNH_y$mJEu5iSDVNA`lyO?cx{stAOLEm+O-U6lz|r8 z2kHP;RX$wb3n6STvw|e4yE=^F$jv5{0m@R^m+aop-nt4oRAhgIghQ$!H2|dP^{RUw zb*iy8TgkNd6I!a6uDp*Cfv+vBf;`T%{t}7z z>UX6HKtEQ=40rXP>sbjbM*uI$i8LqYpcx+~TS-F0Xx`}~><=O!kbl`fG-L6)CH=$g z1k*T;EZiNDjWg4GBY6myOfmfWkdqUyJ~_r{wQ;WD##LEHV!oacuFxs+C?4SW#me6U zkGjqJ^~f13KDJvsBOAe33Cm#DDYt8PBy`nl-4U&12>P-g^_OLYyk>)Fcil>@IS=fo5gS&blV69{NvcEB1j~XkxufRo|k%} zJVW+;cTy*|G*}rQ`&3@}3m`qOZ(~Q-%kIJk=PQBzZe@&(py%h4{x(k4KA`H$7_Fe= zM(0k0{)B!a-={9B1Z6vKpzpzd7@l$$$B%#Qt@g4ZT;)If4|OM>`ck?2Q8Di2$2e?S zoHgkc2Y5=@00e7Fh|XH{i%sVS`GDeS^uSNd)=l4^g#QsWiexF1kwyekaV$BMRs=Sp z1bu#06Tc6hXSILZz2-^^t0TT8CRD0y&eW8+g5f7_XLCn?OznE>ftO4V%owP0`=)`f zJW@4+=z&f&;9Fo2hE#-qZAH9OMD`Ro7qzX+;V*VJ>rXy4_->W^n=5BN|N z4x+Mtpow##e0@QpvE?P5m$YBvIQHv1`7R^BYMk?DwGQ}v-Y(Vr35@%`fDl|o2p?(> z_jD&brlsv*ZlJmrQoIDJ*Pll~XMQTb#YfrxGgmJE{-m3TP!Gra9`;El#9T63)Z-;o z4!GM9&a!{nKrZDObTjE?&Yo@HYUZnjYXm=Nc-|%ckTlN7X*aKk!#;eBs)0@$*4mjl z@;++nb@6sCJfS`9MliqJa0t0ilGrS>euKYpohoao%OQU?Iyn8J$~bONyr9V47e;~0 zlsqb>vYsgI{2CZkX+-Ri3^r_sNE6i@zXp*Ni(h^^{)c0xNnYH%580B5c=}Ai-mOY7 z`xeq_F6z#cpOt$ly|O%7*pxqS%xwh`HXV?q}`h7VO_u2yb z9rxv|zxH9wATBz2czZR&h(hh+#J&VArJFXlbI32Q)N+=PRmWVWb&+~b4O?(%fwMu*3d1-olm5( z;@rDzxmaAw9~pvwUwcJy+1k(&NbPD;wcAcgWP7`jNCy_j-1wj7Q4?RnRwJD#*T5n7 zoH4y;o0Y}Q<}kd$fojDPpX_=L2#+uDKL%_%V31xb6C-}#O^HTWM;i8jcsCB8LA04X zTE^{-roFS3Z0qDBUf_q1ymnjNG2C>mYljEdSW8LKY6d5pmmRp`AvDN+(-p75oaPf? z)%UTr$g1zn0A#N7Ca`MN{Cynkho@@8@|Cy2{`znBt@}1 zCJ=Uv=A%UPJ&p`@isSYI1)kZHIx+hEEN8m4%Ibp+@42{KdJaeFB;rsPl#&vbrkWh9 zIy>roR)Q0dTFR~e>Ki}tVEW?j{POnRlTM&=sn-viXHfL|oaG>R?qR^3dt22osOD)D zJ|u=4oxxdABAC?`Bqy@z`}T{{e;pCo2G6FOi?|^L_+ZiFR?NvR7!#99dW7G}^{Y+~ zFjX@&w`ya;89?Q=eu?dWw|3`p(gCMNomDM^stRWV;wFsGex1+#j+hAdv_E%dVlAJ= zO*4fu;H#QQt+}?}F6eB>8^r;#7piossaNq2G6m=l$}V+p1nca3h8fvdItR)u?Wc^B zBVf6gz8RV|w{1ep-aOR2s(~)1#9{3s*c)1l)0i&H|q4RF_WbUIW@Ls;)N8+jZs_PYK3%1HCpRsB;pfY4r*#M`izb9R1rz}ti@ zv~0^>G9}unH9Qv;b|)~LQXhyI!zgYscv0Y)H>GuLBltuWAIlp+v^%MnC?cnY+(cC@ zANW1L>>qwF$b`!#y;dK(tD)ma+qg4sv{ZEC`u|uub_$${=cAw$CpgkqW4c!Tmz{pc zbQwrz|GVy&T=rVj12M0nQ5`0>BAIi!`uIUn&=h$CxzCqbk&&|L{_o52GRJ(9L@=56 zwAwep4qtx}N2(+OWIfY3aflLEGCxLs(1voov2w=K2FaN z$DBl-fz!o2`Emncx+p(IDBG&ndVuzomZ_X={r|HTr$_s%e_PC^%JLwUDo^7``Rmz#+H zbOMypVfC@pYNG@p?(bO|Um4y-WhAaSd;GTr=z|K`oe;MeYxO?$7E(6+8!sv&n~ zbfAJ36-sQk=jo1Qu(t8D!!_TnmlJA!cyrX@=!&t|Gci(eLow%19r_-Rx9Z*J1F^JMSGGxrHcr!<vVO08mXDd@sQL{^a^VY7bbKyhBV@`1-R;LR%$9q2zo^_NGWyMVZW@@-f?z)$BhWS$VssjAM!~J}%mfWZ5p2`(9|JjV(W!H!tFk zBkxT$`CSK^{_P4D9IQbVLZ=3#_fuJ~4qW1!2r>s&qHo8R|Nd&tWC{-p4!bBb8aqf> zLJL^V6gCo_pC7&xbh=W^&q)t=dJ z5O0E@FTZ>jH)-K5Nxs#hky}AMX?t!LTAnt(*nIPnJgX962F;+EfFP;PtirD&-eba< zUV*Ck=8TiF{$2U$GT z4x&~A*{zV!+kpQX=Y~^QNdwAH!N-VKFR&=TwzrF|c`YW;3itbAeSFTS*A52UWU|g@lp61)uAn_MbmMtG=Ljci-_w&cQ#{ z36nl@*`hDS&m^+*m!A9}q-{+4Hk&C@d{IlmZ%0H8xHgqB;jL`GDnsSe z=aq?_e=;=$X!BOidi|masaM+8-q5jGw*6znT#U`qtFJ!!8>s3>E*zOUB3ts!HOL3X z)Rz|Z%VB18XsM>N-VUhoP1x4>b2a*;1kV%x@+SIjKdQGYplw42fzAj0JtrP>K4b!Y7%YKgjyH1I5@ufr2gExTJITT^|dobM>OZ54=YSf85x5FbKdV ze#|47TAMq@alKRET{F-~N5r#h|Ni#5E^jd_Ej_P_^1-2dUheG%_QPKy`TgD!4;acX z-JUNn$v!&7B;Yi{CDq`;*Z!%_*+KAY-4)Ln;mJ^@eQfc-NO8&LYbqmGYH0GY>yWBgy#q_`qmJ)TVa2NH&X_ zbn+A&D66eZ*;2?l1+V$IVAzpmi%l}5t{lUHM~~Z@4Tl!c`j7Fe(`a4?Xi_^xIR6ZWHp*k5(zCecBTjf;?qv_|9CW8 z_WR}%Q3$WO_uckqwsJ^9oPw4*6R^XsygD0=e8h7F0kD43z^~7>KYqVZ<0zWSX&hHk z!A?X%lBpPht(~wiEG3fsqI@r0jR?n{UvOAa-VM)9p0hWH!LM3;Mt_rE@yEjD6`(oHzyUV6D@OQz9JZtB>wt0)7gj;Zin#TQ zLT15L>mcL7sJS#-=s0IaPc_)cPZG97Lmm6syB+NHtLDux9tU=wN`B=J?DJZ!KXZe{ zW-9BULd})D{U_4?Ywy=TtNX_h+}cuRx-?LPGD|3|>DT#_-okW=YRZ;pzgm#4zHhwX zgANhsDS=22(yM*>s4A84a65^6gSL!ROgXb%0+V?UhOoD6SJ@X zHC4v37@)&3h`8;oE$$#${AhU;__Mj+nb3OZr* z5uUyL?7IQ{_<RotO1ZI&f6T&IZ}Dd8N^TA|RGrDB_!QA%mS>;>HwJZhM+>U|I20@o#E zbzxNkmwp^qX0TxS9f51E09}B9j4M6Zf$nL^VrJ0cb4c-BO6e&QqNJ`co6L!<%QdUm z_72I>Oy71wV67FW0FaBDscG{YDT4Tni z{qgBekxR^xL$b9An^!(H|3qV}#^IRhSzOfXy7SmKIZ7H+_2@sjUws6$`(K}LP6ql0 z=!i>Jv~keutIgLRH~M#QC8u(2q$J&9ApN1omEo|pQQi+tEsxQ!Xg}(O&Bgzkj4j1g zgp?%Y;$&H6WE>&^p(>td=67;PJ_I(~cid&SRWM=pr3 z5Y3g2FwXtEK|hzX9pjp>KUV5wm27o%U!*OX2J_ThUK=2A}^vEe+?vk$h~7&<2DOHRvoH)HR8bgBOfT7}DrJJ59ywnMe+ z@p?8CC)H2kS1{oOnO=MdSAaJY-s>t#$BBS`tI~cz&%>ri%u1QCCvnh^G>$8jkXrs$sS)x)%>x zuR1QxY&F4djvUEq;hU%z^wxrz;@VVPkh@L zZBm_LDmzVX(pi9!=NLJuRiA{!#kWfDe*dz!$Y~*(d0_AD?8si11$|fzRV;-VX@mYN zJdA|v1hf~yRQ^^PI}1NO_bjo)hQ?jy@dkkG1c=Er<8CYU?x|&x#Z@E(h&T+3d4+uk;=pq@UONoof zm}iI=vtVbF3TBGBjGOoa=32z&46}NRP%|MtZdm2Bsj67;GVq`~4@VLK@W@e|3`>Ko zIR~2M#-T*%yA#kQ5)MH5d$;08gEyx=Rq1}9UKIGLrtODCsPOjPLrLuyZw1~~^K5^4 zA)h%Vs!{RpSX`7jR=%!F*!AN&CDnFvoQqLkYF7~x5cN@!VFa( zL77X5MT=?6@+hX~H3Gd^7FvaK@9Vt--gAO;k1h2sitIPQmu;wg=Yc(2!?#1rk`$#I z)f;WyeMa?ck)^e_ytEIc_LWg~P!#H#Rc^UijaAfnSW_w^O;ZimR@alG*J*@(?oeE! z2-Xp@#zwg%$YOj8ABlo#^689IV*1^bM&?1)&+8 zj7-R?OmbhitvzPK!Q2A!(AMxsy7fv#_s{q@V?H&?jbN11w7L|c#^ic9q}S{e2n>;| z(CE)VhX4@oy+i?3B3dhlUDsFzq9IEjvHK6+)OO{bbu?Cn+=e2*hqs4kg-3NPGgBun z_%eCm4dkdA%b|h#9)~ud7pz^DF1ImZ`Fl}upQi=9Ep#jFp04e0)BsC!E@BW0PaAW{1h-|5N|ww0ky*wDH>+a}k4v2zv#}R?uG+$lBo! zyL0(J;Aj|?3@c~M$RNo36Y81SbJZf@JZ8G|2)m(AgF8EtG_obR0H@GW~1{cCJI z2#YEvYUf;Vqh)YyVDqMYT((1Wg2ni=?FPf**hF%wO0%@AN1yMsT{#Y9TFgrhq9ukL zdhKBJk#qMoW1;Wc{#lKB3e`Ii?#*$Bm}5~ws+Vn8KB}_(klnuQq;n^xcR~_b^OuaD zB~{8ICKOFt`~rPx^GSt8Dh^kqB*o1G8~YQ8#Rn_&wQ6)%kA(%~UXj&%0MS$ZkAwi~_BQ?B)+;E23dMs;gnmJl`t(h!b7f>izDZ)21^|1#;aHeU>qd6zLiKY;AKsE8*S7|` zHN;g2Pco%5ZTgvvckJwEWt=X;TcR&kOWuD^^m;!2(OtSUqP)?tO1Bl8Q%oQ(Brr>x z!HWE9g*2>@C(I+0E7*CB=J!yiF4=M*(-O`zm7JO<2~Y1Kj~+c-D9TEGzR9bks6qV% zH)qPoh;wv>>;H5#H8YmwTSwmznu-oiDMy4vM3G@iS1jkV^q6QoDObA6f8gciI_+oq zrQ4wp4*F!w@SgBO>lVgzu%|bshKB$7XQ6mlt*|}p7DS)GTS~?eE|TFy97mSAM5)+h zWWYsrVfDpGc9E|r-K8|pY)KF21=neY%R-}7RY?z@H$=!dQs^l+WKI%U>b%2G6aPhn zNX9rP=qzY%cjv1ShAp(i$=$b3P3mfXbMXbQG-t%&`MhW@zy5LK;opXWf2-EC%M8A3 z`ks#q$~5n!>Pv7rwL;`q?jx5!=p;<~7_pmgTSvP|8B|^)hcCiCB>D$_)Y6&@5Vl;7 zdTst>mN!|e*gn+R7)=NVs57nE~rDZ0-vD^>4Xt$=NG!cj5aIOJ@*iLJ~KR!e@<2<%6aqiF&f%9`x?^g<(-RzxD z&5_AGlnnl`xus+1RkGl;cT}pTR%BA{jTU~xI@iU2a%N;PJC%-4hD15m!`yz(NiAW}eCgLGJ{s&y^m@Rg=F1ENmcF_9 z65D(R&fA;`7w0|meTurNqRLhV4ZUxKr99!#?D(D!%~sN5kvvevE+p%j@0UG%EFa4! z#n?H~6Tu8@h%|<8-0MM~;`OYK0gwnS4G)5dRO7!^r_y(VGCaHktiu;80q@yl5tp954G4RNNy1wlxEwPeYul4bu0h>~a6}E6D!< z*gvJ}aKB>xxW)Wg{9tt~=|?SJn{uL#QTi!G^{tuoWY^Lp1MPyij!QU0zC6oOu|O-wT=*6#bB|HZn+!+Z zVb}+;8f}4R(V#TYDa37tVHP3#0?NCP@q3$gXa8aB8Q-DpMbvAhs9$+fv_6-OAMW~T z)LDPm;m32QUu7|f#xk^`dSVX|whEUz^;M_232o%Y|Nh9)_DOwv1W%iwBF6SKtEA^{ z7;>Nsk&;}E8dnO(6^IEpB=auJ@?)1aTG3AwtnAf9EQaXNRSmZ3Z$(o8;Il^5>d#4ECZi zql6)UF5L%?@THH*4U|=4+&IrcT0hD|TW@U{&;6~GKrfX`6z*kLF0sE5$Z2Sq-6k-; zf0nGaRKw?+@}}*ez=rh*Kh-kXqmpf8DAdp$@g;z$ zYIE7rkN9`p!a3iV)|RfqWRr{0beI+K(JOG+e_VDOI+9%&P#3q0(sUQnRb{@0%4(`T z;m^?CiCl5A{AR{$zvh}Lpt$^#}4qiuT0dw&uyog zR2vz^wlmQogE=R znpD~zw~*&cwp^p)UY9&*Vjw>3K2r7G3w0Tys(S>}V&$!jOdnDs?MN6a9$9|+RHR!a zMebF*h*`GyyYjBV-XEbe>5q+CYSnaJ=w%!q<7AvA3Th}mDg68tonN8GZ&ivty%C4r zC?i&zh9VXW;3p_t&kQ}BW*mBD7*p{PGa(?3+gz5#b&#Wf0y{k2gV6w8$?>I@h~-cJ zWwDII19kn{pKOC}?4`}^FUAC9_cPA&lZqM+hA(P>g21)l&dHeGYQegX+HSLyuTxkQ zi!0e+V@YR>l%k5LXTm(kUVe=Kn)^Jb!oKt2XDRdzMLR%5-jc`$&HTdNt-8jniskJ& zNN=x@QX=Awa0nK$rNND9Mkyyut9A}B_ec|OHj#jHjwI>uzBO}Gs8;Z+USo8Fa^nvh ztLIFyLxX=hlg8DO!2od*PH_R$m6;o1>bz~XRLwJ%RYSrS)nq!@iWK^!zPT{4$JOI% z`7P7g@{(>-EIH|)25MA&n#dF|>*or<&_r;F^??*;#Kk9hE~-ACgwK5f_vWOH$Et4m zp+2V?j=e${1B1dODPM2#cXe?S9g}t+UtnPyDuu!i{Q_|8GlXagF1Q*$znTrqx_&PI z%aG|+-B!q_3O`<&sr0hOaqGX0E!EyOUW`=s(3PMHySZgGcTvqO{WPLcyUN!j2Gs_*4g)Q0*eo1u6Sh^y6$2UKq=)!yw>`t1I&k3=M z!Qx%bBs#DbPNzot$LEAB`>+ruD1~=g$8bB{S}%x14AM^+b*2<^;cphP$kvh;WF4D} z5WOK9SQ4g~eqc_jHif8ZB%oK;^Em9V4T(K3WlK^l$T{2JnM*CrXX$Ps+0iD|4CSQcr{N=2;ckVi*#V zVX8CZn^Vw^jpBc^RgyPH<9l8cc=xe_Wi<{WGdg`D2s#~@WH#@^ym>>}^du_{{A1_C zSHcH3W2X!`$9@@S5>>tU?^Zuk=B9jKf34U!hYf5Ma+euXTg9*_xEzao=2#3pg5sD2 zIwmbHQ9IC1?? zKm7ug0&-vtG5C)_8b5y>iA}q>rM=h|Kejc@9qQ(KE3b?*<%vS3K%P%>mvsEWBUhU7 zCaXG>bARD`EL2h_%|uP#BEw}5wX!R6?8q|i9Tsabo;8=%>6F&ta6A3z!b*_tS#eXR#$;cTmpO9Pye7PaQ3Qm=Ka8QZCGeXs(0N#g)Q&5zJwD z5rg2oPnA2$1NtyJW#Pi@jSQEWlIN}8F6CqdFCjP8g_h-FWG&ov=zjCj>k3*`uIdg((!|kX&mLGWcZYVf28{wkOw&AU8N-xT}cdQ~w@7z?fj?I`Q=fRv_ zjK3&OR-0i@%a9-J&>a{5sJrGr4Bsp_u8@o@ad<0dH)Cjim0@Y|C)@Pqfeq3d9p1(@ zH|re%ovc!LOIA3}_`89~-*@P+fZ9Vz5nwiW3~D|-MiNScGhmEy!)<+qG&8%;z> z2g+Gh`N*`qD_lc#Q)0EB3RBQ@7+ynC;M^)-INgM(<$TJGEw8X}3%z8fQ&J3rh`@u^ z7@tt_&nA!fC;6dL`M)_`a|$Htm-S*S0ZqIm{?kK1dP!fBcpR!_--s<$BbkLn6i8*BFWQ0ylXS~&3!SCzp+KxmhnwaB9s{85ZeM|4T)M)=zVNr@yv86 z2i4Wv&(hU|8J`tzFCFM39;TU5h%LZt#sg)eTj3c4IL1d4?MHvtXgp3^lddlsHSw0X za8-v>4Xy(T&OmNhQ(=&BuJPLr(dsI(rpnLQp4gUVAShd|C7Fg+0vWD@Sv1aRKobY+ zxYKfZ4T6EYJl&=jB`WlMDj5+Rt57zS6Iz@zGgq+Q$0StPPWn{_*E>7Pgp9UlTw1|N ztXDFsTAU@h3a+x(N{e{9xZZ1G*Fm)2kKcy%__X(UDKfedK)v$QAj-qcpN~*+f69F^ z4z!Z+#7mB2Df!?BA(UN+P6jWKUzPctp(P&jhMHnVewjD0_^ybk#g|>Iw~Cx;h@S7t!wiF&LVs}53_KDZguqzm1~9V<#`ni(#Mhg-(| z{zfF(^ffxR=rj9;{Z6A7+}hIlP-aM$vS261a}pi1s|P+f%1&r6C;)9Q$bo#>l^$dG z?!;oL!Gcg)-9J8OyQ1d`7v|QIZ|YzAJeK95jq%z_LWWKfmzlCQ6_qK)mDg>TV^-DT z;u#4F4naYaO)RL;m#Y){jnLc^!nq}S$_CkJBdO?hvCwmOGjs=iR}14#GWb9fIOkCx zQAx%om)0RUzkDp8`%;GG$>ke53?afqFR*Lu{>S6v-Sg(FK<|>mTv9i7N{>OdTwaxn zm!m{FI1r<(F9Y3;wpa>zc6iUaaC*ramS^WL@%zc7kGNp6tB;3HkIaW zt@oWU*Yf}$9M>WcdR?8lTGF=PDF`F!_!Ck2HpKI+tg+OTbc~9@C}7oeYXD<&4H=hj zHDQ-NpdJpH1noTfnFhMLY>m8W{}0U6Si9PEjAe%PE4wZJi4tDi6>;9DJVX}l zmboQF6ljmMaE*@lf)%6bGI`BYVVkbQ@B2^{jk;^QP53|yCyBhm>rv^Oz+ z%F@IW3jgDOBJ!`p|AY_yr_*>`z)2XcnNt~E=8JIzi`gvDK1SL9#l5EBa6E34aYUsI zQ9$+}zznoFtic2irD;T=?sL&q-u|IN?kfm){UtBp>*s|_i|TIAB$_L?h>Ua2Rfm6pk`d;n(x zTM32d-GyIyOsMLrR$(L0()*RYIcGYSYo>u~4Tgv^=JwziD8ZdvR9hw+x&{g;i!7a( zi(H?8Yo(kL`FdIQ(`9k~Ih8Sy;@pVX>RSD5{|RCX(OY5SqZeDTH0~VwwG6qGZt?Wj zl?EVbEiOtl)7S?G*bQMsdJ!e-sByhU7sE-sq~KZiT;~_}JR3`T(9MTqy56IZZfe}Z zk-%>iy@O_ysUB^@OJp2pKdfCVXQP9Y*)+zls(cEl%|Z*{vdv=1GQ}{>NXMO^Ph-p^ ze>s?kprn@LTBVW`WX~uf)fadk${TiRRgI`td{*T#Ls;&3oe)aW(CyO?%MiQ3IW{`4 z>Wo=S?QU*7ZtyCV$r|iHT#D1L%0lMb*Z`O1V9qVb9w;s%uGftH6a|LvecUkp#rS)# z|2ITBi4v?m{xEB9Zfe5%*AH(lc#FTM*p?ho*{__Q#cA80@KsXbC|pRY?ZDQKHX9Fi zlz9pb*0x(X#@RqDIOU7Q(66)C0%>ArhV-)T$hpUeMu`-oD`z(4*6IXE8i(W$f-?W` z53TabbBQ@l=g$~L8hjBpqHr;5S<0#{#J806{o!dPJNJ^XMO(%L%nw85>3mICga#Ml74{POLBTv&2l-Q<5;v1evoIqr;HWSI-~y*~EjHJpJ6vCtrJVrWMvM|Y+$6Pv zf<#R3R(LSoDKVPu6ZK72OcjruhPJ+#GOf#B-RC)@^;AO+Wn`|3R-fB?%h0xH8HT}3 z?O|2xrR~{56`zAK;ipF`iCtLC@vF*)ArG^2jJu7F&&H@rMP<$KmArg)Ul&5Y+Q5ER z=$e!XK#(lN&(d&GGnH||y@zq)Tgj%o27Ja7MAWqZB~NJRc?oJmRfWMec#0CoyHR6# z`P=ZxUNAFk**`M~NSYe~^ve#xCCLa+^XEf>)EgVFYdtX7{f%J~ryp2YC6kP8^DFWu zMx)gRv88$~Xd?@C_t!Kf`-QnS)#|auiCA58)OPT_QrK!?rjRGuixA)E89`p8_uQ=5 z?CXg-zg4>>j+mLfM;xP9^GoBYBC=39Lb&vnFjP)K2F zY0DS#{GjnB;t#wds{(9>TjVwxCEa-g-*g_B+^Y{-%Ik| zR{a+G!I>6QgNcF28XMaqiE{vxy{Mcv+en&iwVbLo6`&Qiu8Qr)zAf>}!fa?P6csfH zvc_lBpH{(tC2|>q7STV`1e`v%zgw_pJG55y=R-gK*0{A$lTSSm{!=P3MzKVwh7D(bjQP)(Qw64 zTO|`EJ8DJ)%APO~pV^pBkB*psH|MgoKi? z*J5DW;7`P!UE19WhCUDkeIc*kn@88%&4kB!^YYbp5Gp}yWo-{Z@5^HC)u#95&OfG( zo56gsjLtU%=h;H>bOCS9gQ+ZY$}b4>Zt>>d?n*z4V0o5o{pSKZ?WP^W!wl#5noGSv-<|GB1rN&1ogI^;OKFeLDVJKMKpg< zJy3Y>UBCAoHnWr4(Clq@>W}9ELoI++!@6q;!7M!K^2=o)yR=2d3tGR${-W@KIbxKV zr#T**)nmbB;nY*#mFLskp6FGc&`FrR;2VnHU1P!1#Ut#t5Q!IIp1&QfpP(HXWmVZw zqQKOOFu9+`)|?aTCMe@q85!c$-3(Q}*MM?WrBLK5pPRvGiR;r;Ns5PuD}GO}17i=D zKT3~~I|&I5%?OyRcMVuHldGs6=?ayovP3j6rw9;b2_3mXLf@pg2x^VP6ze-$MTcau zhS`i5$josK10#&3#nSUWMHrv%C=k`yi@#69oUN#ZWj1$8)4Lma9^=rbccX-8(lJ}_ z8p)ApM%M=&7z`3Zs0SJbokZaz+RN!{S@ID6P=*QHnW6tfEr{Jb=3URoLB!oflfFXVh5`({Y!E( zpudFTmeWlB=rpcMja5oo1YpSkp0!6T36? zNV)gd=Ng5PT}zM)7mjvz6gnS+sp z*JU)lW7(q;xAUBU)RQ65`{~LMGn4_bFS15u1N|JnMK`1Xr?;{izL%Ez*WcXCs5LX3 zT_$IQE3SF7UGt&hm7y+a#T{A!1_p*u?k90ml6iBs1yvp?#pQ;ya`u1GgJ3c~YkL%m z1r+$$#s~ulanhWYN{jZ zrD5zZa=y8K&&Gdxn6zx;q9S~po*wWGalWnwyU7hMMEDyVzUAu5u|5JgFUWa(y7Ms< zr}U$|Lrr&_6}zKm-nX&WUH?uzUB^igNZVa{p9!qr|Dj%gA9nGv*P$Vq&<bUG7MjT zK2pUG6Nuc8Rc0g~SAH{jy1`8B6z;mqPvZwnLyd7=F}B#RXo3V{`Nhb#MAQU)9luvZ zZk88fK?5-wdab0;&ECvj&J23m-SE8{O^N#|f%b<}W*Me?VeM?!YGXP`I_+4ii|QJ! zwuBF)yy2-!I0`Kwbc@R`CM`ul%P`T0(O-nBq1NQQCE2t9(mA5wex|GImDB_&;#ctJ^>HY(ec`f+~7h9_iAY4LNtqp zsV`L%vCrv(+vxYEWAb^yw-CxDXsTV}un5r-J*~CahU!*Uq886)n$X2z53QA9E$!9Z z75}D6yR|GNxu>&NIYR!mhJ2w*O>TU>oK;?4bUhNb;AKemJ|T2n(oZ)t4~F@5(1MC$ zROh@lM7lX}p@C+I)cKmb-O$2u5{oYg?51tUpaalz@Wu6`#~RX) zfHpccbIDRm;k0qbaT)tltJmbab{x<;-7iJh=Ft_3$Glf%S#jYL{)C`KCv7+QbPc?U zA>BpDVXSFoIsg?IYciQ3f$}*ql_ltyB|C`DQOcNeROlNk4dugUXS7WE;Sv~Z-B+`H z9v0E{?@UlVuf1qq+oDHZe;*yTpJ%@6bS`xjot>S1A4+tZ{Ideo(XknQt>-V1 z8!BK$hhLC|T`hmd>o2`in#nSekjo?|zpG&4EO~!@Fm%%se0TRckA>QpZpOOka6MI0 zRyG_5Iv$CKTK+}Y`Ze)*kQuY$zx{&-amaL6p;)Xr%**XrjiJ^Inwo4GkqG=p|ax*zBd8+KZZ_7-5ocpSLGFU!Hfaln%r z+aI4hSIkbEeRJcKWdCpSm>$=svTlQfez#nG@gE+HGmI&sPVnt&z~f=n{5osv4d!vn zUr5jAT09z`4F>!+8>SL^9-G)bbYLGFpP3o)N*sH>JtRHdz7MS{D#BcAxfqN+?^Icd z0TJWy$(P#J8;_s_*;2@zR&p7bs&k~)XoiK*EgO9_sHbzLk+_Ay zf57htyi;J!*Ch<=IzMcA#L#X(TkNGq`idp>qC_SB3H+`8MLOj+8~9rm(jsXsNv8bv zd^}9tSrt%1SX$(zWkm2d{d<}ss>dAXX(hDhD4ztdQ< zI-~0K_0XlPHnnCnhFDesct)`nE7Tp*#>!%%pjC3Xf*r9JRvR;N`35U}ikmxd>2ob@ zym^(=TJMslP>f_HIdbZ%n^FN$1^B=mYm4eX0Qd6Q?}ZX0%a<| zsRlH3}$`;4+$uY}V*9AbYp~1r0^v7}9Js@d9*pZ9xSGbl#5_@(DPJ9Q|)S zt`y;`1Gu{de=l`?{_YuH2Z4>c?slZXq<(%#0IW-vKSE-=yf@uF>H0e1EwOHs`(0*d zqdOLMyyHIh632<(Rz_RcEf3_tBrDkadvE+h8H|dUY*HJxN3ZF$q#uiSqIx6xxoy2N+*1qpaNl5cOAjMA=uq?7n~f3r-8RMAt<9rEXqcxo^(= zzcf^WY`Rw3%%D^0HGU{e>$5YdkhC^LC%ZTM>PDTF=U6{xho^zw`$G`xe;UDCxnK6N z3SOG-o2CoZqRDD5Vauj%TR2Cp4k-1y;|{ab67qZ`JN4An`H-DFT!QwFKiS+Yh zBI5N*?FlC83^iv$-EQ~2ul#arG`SYBS!+iW-6H;#rooUmtz2* zRoe)*7tkw{=6-%RM3|CiATntwC~hY{xBZNvDa0GGM~5VnW>72Oec}oOE?YvDzQ@BA zd_&{3P#9o&tznLZ5#ZG9=)jWzS{27GpCdKun&CnW3kH9AcVRjE@(ye1rc}G} zgj^VcT&}!LQJP}d;_5gjI%*@k(aO@JaB?zLPH8xDV|vr)Jv=|{zyOka5_b7*54(3f zXN7-%A5#SwcG)PmCjWKk*6d2Qfp{BC#=g2do=rJz z&Kl|=R^N)bjOX`uLjCs9`;G*B@7>z2U=j+b{J6!xd){2rXkz-5v()8$>ou978=m;= zTvuqsLUnd4ZAGgjGgsf`1nG2$o1~*|=w?UacCj85$aAaQV?q=09ophc+YO8~Tj>YMZ5NGC_mm_(k6bjvP&3C;%8=K8~%;&}^rFsV%a7p}& zHL+YPu_+{K99eo|VuJ0Dda$TzF)t_8y7hgUS>o|HX%F7k-!*rz=U!sZJI@RC(bwq{ z$xFWyJ>9Bh3ok4$A+z@qI1HryeNMEHqZUp)dyR<432%{tbKZPP#Ltn1@^Dh*p(@MLL25!7HWp6&g57ro1)MP>bTgBg{(=&-quYDC*9=K_ zsIi)A3j%K;UXnL~L6R;Bl{@m0oDU`kss_|XyR zQpv2x#j3st>vcQfb1qR|$gs_fPfv4}A z8yZ+K!{!QRMs3!?14kZZcE<9&MYey5ZMo_~P+l)O%i?kW-}kM*wmse{Ym!1Q%Fg{) zsD4*L6T51L-88?Uz7uzaXZgNTarx@2YIm|V=L}^L5ryS2n*`1cCXD_FsRsU}6cI6H zDvO)`biY9`dUs!-r$$(d<1!E54{|cyEof+Yz?0lKl`*82$(%%Rg@2Zn$|F$0y{pbn zj@Ct>xjq~UpA~|R^%juE3eGRPlURisvo4;0b3ta9lM;M%lI#JsyJF0`PozjuHlBImyg!wpBAFQ|jrjtgKW9(nyy0yjfp5!=LI{+(+ z>hHq;jWsky#2zDyl8@6QP;3h(vdhY*KIvc{-JiQVw2juVWL}jtjlwZzmx`$?O6Vob z``Y{Ohp*0k2e(-H#gB$JTb1+XvvnEG)b>j55q&@ zdk>3}fJMJ=(u3CMgjk;g<#xNokk0E#6e;Z?JArGs5lV0iVX#m(OZ1AU)a-`6R9h)# zI0oSoT(p^vt&V@H_Q}9pmhK``dXCqR-p~9E>utKN{HZ&^_&P5{dxZF)q;PTMWaTOyuUWrMw4e#~jq|Ri_NEGDcMbp5`(^m^m(BLNQ6O21(-p>BZ0 zBvW=s3SFwvWLrJORHc$0AP||bQhMdkm>^<1IfDmJa;~wZ0%IT)#V}Jgo{erTU6u}~ zC=kl+Y!IIMTfJVh7Y7P4D9loo$_Rh#-3x=In|&!jj-YW$Bh!S(^Id0_fC~qT-=)@>=S45ty6TjtFqU-%z+n2#2t(YrV$R6z++rkMuYaP-SaTGM2djO- zs<1`RT3ngJ4Q9ez27vRhbZMHi-_Wy^U)6<0SPt&2-OANXXZC`cXeFXct7Yc%X=rp} zb|rXcwn;ES=kLb*JzhTEUP<@MgVRt@`hsHV+y^v8H`*tY=+-^C(&dRcVfXbkoFeI? zX-&BBIW=BE2Uw+HC{^^Ou)<}ny5Eb2%xKl2E#R1O1hh!ex?pc-+yAFrwcch?s|9ii zJK{8O&WXLbDT`A_Q&YTOH+-=YU@#x*I-0>VfM&cez7zGUVzLQYb0>=4+EwG9Rwp89 z5}d6CGpxYWRMNjsBU2BCw%C4e*CXJJEsA5u0#N5$%X|~&rx5c2wQm+q#=SA|-QQX; zjy3)+G1P2f?*|Jk5tE5WrVC5JK3RCx*h}6q#P$R!KW8JAh&s~Q2;ZXd$o~1|P&5v*OKnPqC zusL0{Z2he4%YrMAsq|Gx;~!n|J5}t)%GK<@1D0PnH9b?iYxbAlh=Nh_jC4JOQug-e zm%5Xjsid3Tov)J0Eia#$@AK1W;BRxZYA!Xq3I42TE>J`HpOtzDw+d*~j*&4m8x?Iv}3%hC;qR7{E$b zDwM?xk!$oCR+D|pYPB6MvE{3?nW8;g?}kN;lvPr$Cz=4(e2cL8Rny&B@1aaH){oGL z?L1P`&F!$A|GeZh@?cA?%}mPHSW;lH>En_>bCMCqwn1RNP)mA(WH1<+@`MjRRJ1R9 z)fggsWnqaQs;0j4X~cv0K((_P=Gn8cE?&%KcFt5o5~AK|--+I+OI5nB= z$)5&RG;d<~=mUDC>-dMBePMSs`sot=NFU^@)b9zrO+Abf@ULse6u&(rOQYy^afFVP z-b5wgwHQ4~odORns~|Wy2o&W# z))(1E%xf!&CCANof0a==xJ(vtGe6J}kvtO;Wj=ETNTzk|i_IO4`}wj#cUr zg zo+ttMQ8_5WwK;7mcQ%CQT63YCpv`cx2*{~eX;ezp<*KC^jWq2kp6O_`!@IIG%0Nmn znfKQ99>-2ETOv8nB{5R^c^DRUDIfgsnTM8q_24MSERI;$eWJ9j{@nVy4P3jP61{E- zFDNcXuC&Kix6J~*W$}Ww@^a!Hez4>I2r0C_#tYJHhVi>_pG}Fg0DwU|@Yy*^?p0|u z;;r&b%`Q@VYsyMplWs}tTK!+($EiUlxw^kJa6{yc%m0?^pjG>Rqtb6#-7Rf^3mlTi zZP~qo!DP#)aJlOUH=iWh{W%Rho*fj24Bq@=1)$DDBu@Ckc@7GY z@3fvRAA_YrCK6E$3{QDkm>zgFg7NgO2Y2T@-3mSS1Q}DV<2kZWYk@;@SyNm zNl^*wgIW>yCXI$aN^LH#?^3ZzY9L%w-yp*k2E^l_ZhYCZ0Vgi9(%6a8Y31H{?h(dd zVN~DkMrhSy^8*D<#rL?n`eb^nJw<~)_w>cIU))*m@7RSJX3cfD#==`ejugln9JsOQccaBK?2fP;4BRzM1X=W zMIKE>bj}KU3ROhr!cr64;-(;G)D-oV!hr}Stc(yPpKkIFkL&VR!NUWm%~}`w?ZM=5 zMMbk5tR$z1&~;(jPcLbF6HRwgM}~cl+oXHP) zQrxd*QG$B_UNx@cnQTz~*_|BC#!2g2e2%Z4YjxZGt~4x@r9ug0V}Hq1!*oVkO^t#} zon60-_xh{!*IFNqu&NP-R7>XHV^(j$AN>VK3*38(QsF35STWmABr2F0jO{wJ{H-bBud}eiO>srp&Ghb?>N; zlwDdMOy>m!wnL9H(f*RbSg+~_Pk*Qd0ro}3G=jMyCpiIIc^AnDh}FqTG;BwVKVMU% zWo)E!Hz~{mOMVDM0H*~8WV0k4<{c~UG98eAy0fx|m=};*ET^&pgcuSvx{YWW%oW5H z3^|uwK+|53mjl??LL}PDW*0 zg0WVC{SP~}?tsoDHnjUVH;5ATkZjFHB`uw3^@-FXW+u|t(-R(HT@rTHK%jrVOlMuwiEuTpl!;fdzLqsB`8AD1Dpl@kq^0$FLDEN~wu9=^HQY)S5sK%JJ-5=&~{>LXK)>vm*tz z8m{uJxbnuZ!$upbKKP_e~G}+0~t656g>Q0|`U&%&fH63A3H_n?~ zpeq+;kn+0KrPYM;l6LShv#kbi@H2zn!N4t3Z}z>CA{C;x%Gr!8rK*%-re@gxXu3D=3p8>r+>1Tep6bKkrBPZ-J#*(&n9i|iP;WFPwrV+nI^sxAO^Ja| zGB?m0Be&TAL|K7s%gcv*Hk#A<%_suTtKncl^+u~kRh2cYN#^o?lTeX6&wXY)e~`px z(q3eI2lVTkAf{sEM>9AfFCR$5SJ|AE8fyqTTb2ub^xz|J%#F7K2B@=v(S^Gza^`s) zmR_9FkW?FI6mnb6fc~(>1wGzleq5y$b4Itbx}-Tae9NAU+Qv4N8#G*`Yk=x@Zlo}lPtRnQKkU<4B#U7cTzC~>Ag(24)UMXEP z%cD?2ZzF(+z&8ys7kgrdog7X_Q^aE(aIW)=JgXdUm*_@5L|%iwpZ4NaU-H^^Q^Su> zJ-rvqVK@H0HnM!g*A_sEXQ(R4+w zGQ2swa(p4aae?jFej@P3W>-dct;Ooxw1QtgGg)$|+{Jp@>?FyQl5f9np>$4E7af?= z&O{`{&lf_b+XB?1S_zG&Nld>no-bj49x742IvhC|0ISum)=gM-lKkS@GFep!0X_>X z=j@9T^p4nu%T^uoy8RSm-VokjQsCw8LzG@1T0J z!@GrNo)#E)^bh=qeZ9Atkx}a@{gJ_?JT<(NlJ1@({TC`*AySz%r8juaB)iXu${yjr-yarbA@U#}1|1_J2snY7k zm`G(3eVELkrp_Mdpcxt*Q)RXnW|`>yOe`;--e+Fa*giyLlBgXY6%>Z*2r(2v!Y3jh z|L%JEXL3jZ>ON3{Pt+~`r$QD#_P{1#a6~Y{0O&DPvKe*`9QvwMf zS=d`kOvqWuc$kkTnxmZdj)59+YnMt88|(z?v6qbNVnStXR;<)_jRX2l;&>atK6TAe zb^;{XExVVExc1rHzt_CqI+nE6U+qLoT(EjRN;{E7?deju%ITm)LD)p{Lzk;Jf7PCr zl07WrFC0DodS0ieeNt1JhT5AyVzJqjmSr-M$6u+7rjhUU>>`4~6qNyf&U`C96Hkxn zd}ganvy>)GpligHS;+OXD0T_A&bpjMR`e#ri`F7-N^>%Z*4zQ;;Nbk#=8&cP@ zmRsJ%jMmN--AFyR?nuA69Xo*i9}#n>;innfH{j=@xFfZKuy#{Zf5n#M{AKa+?;sl0 zlJxl-vDl{ZR^Jh~TQ-rGGJP?CEI9;3f5Sx-TUNl zDFe7s8NvuzJjYFtNQGb)vp7lCI$R5K&nGn1{Ad+@VSxZWv)lv*it?A|=<+JmbBXi` zKk1;@9#63S8UqJFKN1l7Rio7q^9CXEw{YQ4Y(#sb6ERb(0@h>VL5>t|aDnx&O#wot zc8%7DvMoEJQp^zq-wb|!EAN|-nyD`P z;NSuJuG|0!m2(yr7Sb;@)GsO^<(XX>$Sb`Uw?eFhfRRT$vup)7>H=kgck7(jo+~5f ze;nBI2yHhI#LP-!T?@(CAMO1bZ*ZqSikf-g`rC4i;B@thxo}B0;Q5qy zvI9>1Il2tR$npDD*zqf8M@CFEXfvgP@K`_G{M89(&3=`)&URC8Lao>2bOdyar7Xbp z!r$-Ldvwx|nGzH-KKcIvtdR!@Zb&YJi(%B#5pWR*BN#xwS*L$;88R>NFL)?_f{=_A zx!X02tP7~xKnWWCv|z0k{2+&uAB=5ZA^;sAt26bO2LBlNpPtcd9lUxbJBB8UpTusU z>#|e1y=B;;Z_+yIc;q!&j@V}v0lG9`$-&V(Gu3wtEkh2fm=}XH(~@V$w(q|ueusoX01F!?3nx$W^CC-Y?#$N?1s6{~#=@32umvf;d!6m2vp?Vd*wrtf zh6Ba2S$%IV1iWLe*p}c160LRTy>0NvAt2roX<=f`crazppoHZtXgfN*(huVB<+N7l zVXZpDg?{=JVCaiG(hnEX!7Xhescns@#dBG4VFXtS2i{4>4u?f8i7eHr-$9_&H! z@=dn6^bGg0QP#Yi1FZF`wj7(oB}C}6KT#p%{0CxI1Nj_lOLga z4a>VWi+#jR^Ix48${{9!_t}%P;K;x2ur{A~ZMZHMDCP-L9cyGW?N$WVN%gw_b51z4 zrAv`EPIK9Gk=NmT-2JndaC2wducVb7zV4snqXQEb!6p(!4=`Nk-vS$U>z1E)oOUP^ zmZR%`{{09!e1se(V|^O;EVxfmgYB5-zgu8hxjyuX6TXzy5tn1A>3+}>)sT!K2m$j- z-%fzN{Zm|9HUNWj9HY}q5gTlrH|YI;$A8;_CBZVAH*Yi<2KL`4EGj^5Z=rqA61@1Q zioRUydv1NS)hh&^_$S>a1(Qam+zcgk{)6Zz0;|UU^J|>`Z6J-CVVBm3cFt>xV|lx# z^P(Ts|4G!@|9%ljsQPCyQ5*cF7{E^X@&6urqa6_>(6NJY{y&qLsQvfaFE!*vq^~O@ zSKvGvLEg(kDYL<^Pm{RZ(DV1Xf#E4?!P0fGz zg^|8Xltzq_El%?gGC}D#-y(~s*FTQ{5fLL+VBaTlirT|duE`Kp3}AJk7012z)+@wZc5Y1#iB*m&bb)`DOyf)*h*iMndRQ+$Sg9buEiNi$5kk=27<0%t%r53(mASBf#w!w6uofNK)xwv#V{{GK()-P(D zpU=W9lAG#?^!meN3mXV-c|ra-xA%_%m*m^ehj}BAsQd=ur%Zm=h~QP0L%~NLQ3s~M z$jWauv{{Ob9TfgXE5# z|8tFS>;J~1_FLNAv>Wb^lF+%=Jqt70QYWo5 z{n?RwAOy;zseQK_`X9T|LYk_^YoaQxe3P^M*1e-ps&a$YCW1~(>;G6UxYA-e=Xf4q z>vWa(A97wh1vD^M^d-l#kN@+-9;&B0R$&qV6&0Q|{ z&Jw(waTau|y*t(0ROtW=fX_*{@Z`X8AJs^niub<2{1U+F?WAofLwY=o#Rl#nR|+!^ zX6K$t;2{qGPr8sUzW>O1S0!6K<^tRE<3_3OOLN?Qz>)gkB4zw;C;twJ5VmSG?H3Y-bc0*W4Jh)VnWcG$f+zB*GNJe8Xw^z1)`r zWB`nFaF1`uNrjBda5?Fz2)6_#i%q3&T+W)iV*`2#BYG6suRHPd2Qhv_lp84uV+%X$ z{<)NiSrGpBXiKHHF_YwQ<`~D&;~avFpLXPZ5(x%g>C@cvi^PazV-DoAQ1f_3o4grj zFFUT}vms*9jzj4e9#jMQcI;5^8V<>Rg>toX7{)~7`r*g2WmOrEc!;7Cf61PK1Qt|f z>*@#K60V)O&`)7z_(PNY~WoaK|Iz zW%&+&^nGJr80Rkse=jat&JiAVp98zPR;-H^ElU(ce0AWe`#$j=OZuv@_xGeevr1ky zDgt?JGp9a{-zfQ$sPa&wMhl6}QN5aQji5f%@?KF-_o(`ozpO*;MQ3)g_=Hya@m2U# zqNw4%^=9ow6R)RCBZ}*!ND4nM;+2UO*zl&Ki5TZEn{}jLfHu5m(UFSih{SY#i6Mw9 zI#JFxIuUcuZz>&la9C@zDwd7rABgFNQW#Fd&9cv_rymj*@RI(t^*cq6B%8nN`>GhH zpQP+1o-j+hH;++I^hOyM)vLaqrFIT8wg6*h&4^SxjXcFW(H1;@x)G>vjQpN;#F_w9 z_k&K5SDFmzP?j!-8pNY`9$Fh1A?1RG6PZ=;Lgunxy-PDn!I1+8<6@d{FBV~aiJ#Gn}kb*hCP2A zKu!V!AI;8ill7ay({j#qfH2CH*g|4+Q!#{wF8N9x*Hh4p_FjM7?qZ zad82g-1d9-VE^N`QoQk}SJ!#cd4;`ZVo29oN2TN0<{jRW=-4pRgL?u}4gj4zc*P42 zd>3b}E{|x$?m|mDK}>yhQSs9`p7SWZ4mG9nGk+;brk;%IP+#fyJFLhXuHS0ZVoU0A zn2n%2HVO%*-&hn$Q1ZFG!a7z<+2{X1Zx7wj~;~4 z)c$*G8@=)%qkzM!XPtK#wBw%Dl1O)Q1Wv=k+Cj?JdxjWEI8c_Qhpl!%2AP8?L!rhE zw2X@8lyp9KMz?dYL`5cirX6r2Cf1^AJ`ziO;0Yw9Bl3Pg{;Z_`OIqmlEAn{4k)fKs zMhxUVvRR;Rt2b)I0A*2c+8@KMf}n8LbAqScZ2qJD96044!Olxn87uB}eMrG$|BtG# zifU_XyFNY8LW{dYDemsp;lZjK6Ab|_c=O!V)Aw?m8&Fft+ch4s`)e)S_+M`f90|m1;1m| z&XInanwpAuz}(;JnVH2tyVxaoJuo&i?g*D@s%EaAZ?wJsy^bYCVsqI)YY-o*Y~PXd z|1x$XPL&3g5&z;dDr&CBi6e^Cvor^*v1_~e7xc<*Ep|&hCJIeq(;z`3NtD1;d`91W zrVRrRzaAFZj?wQ`&V!LG4;()G&!KN{N$r=bmhLL0EW72pG_ulhSRr0yiH4Bk7et3u{CuatROQ>hiu;r|6g=5Xf=bUvciL*?zhprqK*eqP7{Go8s7kYoC zfB3v_ucj9Ba#|f-bwupP0Z%uE;EgPIiW{k^cED@VsV?)t!=*#(fho5PB_R?s$z*FW zrYzX!hFW*=%vjagl9?*$lC-pR+lh_08{t420!^BvpH`MJ{5K=A5 zOxp0tSf{XZ0dd6UTh5{aA4Ltu&<_|wA-EGSyn)5;M&&6ae^t<19kpePL5=CC%yfMv zKCM7FPxtL=Hs!9D9Giab6^AZ~M@D&!)333Mcl?fxY7%p;$3ppBX&IBr>1RYlL^G`c zQb@AIpOgh?uNUL}g5A&IiodsyY;do@+p{r8eirRMGSn#oD;bkt5C}GI0RgqAw;6~A zpCk!|5PxW~inZK3s5e@T&D^z5N!r8gUbnr}eohbTED`Uqhc*D~L@kLaiR zz-jU5LI|tG=c>-M8J(Q8zuRAIp)qT474b7~bkBtvnDkkqTlQ##OukVgYJ&`jo^1@; zff^uhDz8VFOGfH;9zRz>+N{GS{pWI%ve0|Fz6CWF15PZ4g!bTitxG0aDsEYpIOEA z5YVhH0TyEuix74@V8%VU(GKP5>_}SdODL{ldp1K9$nWzTD#bV(37pIn`Apw0{q+VO za!+Hqtwg$;mRjIp$+|IQ^~Fu%)7a=Z7}o4n)AR%1A=Yr^+Da)@?(mxU*+$xLvOx_# zyq_@~12sPT^qg{zQM-$mK{&}XN1WPu!x4r`7$ejAdPe z6|P`9rKc@EQ?~mjYP1r8+^^Fr;W6iY$HhWH)YY)jbocq1@Ai_M@gvIXKZ#sNZxeFG z2q?JTA_h%rYa;#TVa-qM5a7Hd0Ok)|2(!_Q3ojBDL-O5SG1V3qiT0(m1^V$ryLy9J?mP{(y%#Y->R4b#c# zX}h5;32DvSTsdF*@$pfQuzQ5h`w!UYZgLi)G8^(~wb)p_7Pok<%@;bjo?f2X?XV1- zYb;RP`#C?*>A@!X_kB?)E^ry+|32a6j#!FYeGAlSTCl>ZojFpPHB;P${C3OF@kLEE zE@=0HX=}ya`ZCYL7>0FahusS{OtMG}m#(y5$VD7FF%UBJDu*-=! zqBiL?3^z@vyd&!aUrij22T)4}0nUCoE=S=tJN-6GI4)?_vBLPnSKkO&Y;M4gupAc+ zhu6k)A%J9>pp}E>r)tisog^Yv6|E}Gw!EA35fPv67WNRes}Ug#S46AS6Aq4W&{|@? z?fjG}Bw0+vVNQInd^r+R-Tnoc?@w(|s@*LQ(cAwjd2!C3qdFAv8qB0HObU6@+jMwaMH$w2|$?inarGeu_1w2=(W<&Zc-%?i*V`zb^Bi`(i;pGmDq5DK@# z(rQS{lx<^;+IpcWF+<)>9@*&T*uzQ=c;&Eet4*&&7Mosa%^EVTT%K4s_YU6K6y-{QFHe2+u1_N<{54P#9szOvKrw;XV9|>ua#fmq|s#CXm zX5iuLj1+czLf<03yH(7BHyVgt7n>PU89vs;*>%*s3f1cPsM&M{j>IWjt|z(;VPV|4fwVlrTp>M+)}TJDhUv&DAsfGOB!~&{ss=?IXO{ycdtq z&VY2q4MkYlghgoyOn@!F zilV~rk%ulbh50^# zg+~V8QE1aDJrQcZ;l)ebhK1mc$e)Y11ugrEd_JKJyw9t)6UCc$vH~$BmkbL7JnG+q zZcE}oyOoVVWXQb|I3qEZOl7$fU>QU(kS?gUev;aBi@6oy@s&I&f%Fu$V;)Bk)Av6L zdd>+&<%g_)CIoFeoUzD1Q@JIE>$2QSr16`@ak1QT7@pYpuh+MgSxYBX)@L85RtM2h z%+4&+oiX2BhA;@VpZx1+uZwyq&jKK!?SDe%AQL8h)B0-bw*Qy$ZxGML{$l8hq_fD7 z6O}-80gK)7Trp_nYk*dNsWqxw#Hs!lL__a$Hcgqu1g z4VB52|NX$3Fv#io%_Tzw*&zg;ei)drZTf9{g3IoxhSj(U8?(S5ImkBb7!dKFyQ#S* z^gicCiOi_=DMUkgM)`%b>sA0QVpA;p!l1;-W*(ADd%o1tn&2lj)&H5lq)_l1XK$0x;l;)?*@yJjg zGAc1t#DCDkbrF_*@BZ%?h>h!-W2SkLt?CW6K#675HeXsolOexV1eAj7#Gl8}Q5OmC zc{5Wwq(X+i8KP)cADY@XhPu)%F`VSFR;WY}zOu0?Xr5aAa!APh?IhfR9ov`*jy+oV z1+YeTa)u2u9O9d1#b-$k(bLq8^R~yu#X0JW#Mpn@ZOE0@hFi${3ev|jIi%%HK2o{#`rvkh*#NYxCCT$PBO&-ga1%tBtH? zzLs$u%8EEtymABQCwwwIYf;w7$kRBQq-gKV`uXuJ1Wg4yM(jG77A5F;<>CCu185M9@;WX?t`?&(BCdlC<`ue)WaC zUxr{k$1Clf&LN-6Vyn(}M=XDH=iAVi0iA{)a%F+}{v%7jhRc6)5Nz6vd{qH$%*tHd z#p)i<6p29tueq*V|2~6p``_5_M`nnenp9Af9s{H-`G8Y4vxRCiwN6UpsKVnLvuZTL z%pIP7G9S2FoDN0BH6~y$ITmDb53o5qbW_il%-!3l|oq3 znml`STfi-yovfhEMeGTpo8*_GMd)ZRt$j%`x{|7T;8139u=|fi5cl9)ise9t7q;lI z95;>TtC4a#6KURyFNz`2r1e-?=yUE~lKe^xt%C!Hz7DtI?VcE8g2+n3%<#86NHCaCRaKQ%>Dy+5+iX}6N~&Txcyv(bHYRR}=9}en zm{UGD)jYM%ZP#({_yjI@7{V>D=Gu0K!(x?F^CrAKTAL6h`#hqRC_fPP%y%I;QrZRY z=pd2>zaW6r%6%#9^R6N?zxtMM<7srZ65y-%67?Wxjf^rqg}`MobY#j^SgcAANPOYC z$R2@Fkyk+5!2WzBqL!DUXbFPQ_ef0tT`l)JCC$&pd%%$s*$nrKiiS|2r3fzNkDlM* zs2t6j9a^tv#U0K4W&pIck|X70k5(D@ghToUjIlj^^k!ynE&U#wVAC?^9kRKIEyb5W zXg9`V1#U>EJimDpX>i+DPD@>12Fn~d2F0bwL7<^OZ<>%rR4NNBbe`ECmo8jJd4}e> z4*tpQVSD&))xE-o(&dZ1{C3J%nh|8nFGW=|BN|I`t_a_17OLEo6v`K}FDSk8%s7V! zZb6xZw;As`S%P~0eMIJ-K9I(e&TSmD-ed}emCEFE6 z_}*-7PdN$2rk@yja{THMMnO{xtfJIcMf-bdf86;l`4Nzb9M1@KuTij; zv9IHiFpJ}+KsufBDcm$<|9;YYzZ_#ZhLBt%f#MTARrl3sNr(pFK8`Ge6)N|RlyVF3lVcSz5lW9172K5dNxuJp zku%xak*m?{PP=_s9(!(QBA7vEL_S?$IhnGtvK@KYfhJjI+b8LUZ*JPnb;WDmstDgU zn>3+^TaNZ}HjidEvCi&%vB!x156|BvGUROy1=c$$+$f1X?tP+rhNqM2xF6Ud(wXm75F%A`H9TGx!EG>ez^6+|& zU-!rX+F#t$g-WHhhnWGI$p~opJCb^Y(5;tBRPcLFQ~L0*HW=f)?>;;dP}zZ4j3lG? zz$LIu`V+Gl;B>v~>{i)z7hVfp9S9meQTF9i{?-b0#++VlB}*7%PRJ{akFzGr9}zf? zbXVOk*~VI_`>X#>c$n^qoQVY6k!7^LbjA9cSYOW{ey{lXuP#0vB)P%O{I>bdeQE_e zm&nrmAh1S0h>~ypPtb?EuWZ2>*B`8CzOxKFqw5v_0R>}V*O@1r;%2g3xagnKH0NFD=XHu zvQc6`Drk&2_h)O(_Wnt~y0AXXv*;Zd5b2iaSe_m{hfrj^O>nvO6iej4zV#u{QjEfOt+NS8;AlmcD;M4mjXMw%S5^uf zk$Y-oYsjgh25v?Lf#;ObKG1}dpxcYgS;M8ejqVRRh9zt1F@G6+8BjZ14k?q91^UvD zqWP|0JE+k?m=$8;70p6zS*OFur^ON`xT@~e8=h{%4(4{XH@mqID^l&(RNuP3B_<_> zZ7aXu9Lx=k^DcxuK_S|gqMA>wI@sceQlt|%^a?Ob%z@mHzhb&0-71%halT5ojB-Bi zJ-G%f*c}%b@o)1#&gS_c+aFvlZ&~xK>i!u*&L5o=HfLbA>`>+nXtb{-l51D;MaMMW z<&x3|uqmNva?#QJ!*%Ul6U6%E4!@Gx+J+Nq!>pPnNtQ-e{+hkPbxCmBtb0buy{#Ys zR^LS{)Fy8~-4KTgln2KvS%hMl4%?f1Uu&o|yYJiFudc)5LKa_&W77smyeOChkBDJ4 z)^t8@%Ov?-0UnnMzNo)OmXg~tT{WnBqvOfJOwhrs6Vz?~Q6SV&Y(vPHUB^kv|90*e z(|_r)ym(nqRueWIqg)_OvLcQBFGRB_Y51&k1c%|?peN!LJ0e-C#PfM$!7-hjA`1aM z&bR)DU2O_-V}B1tM@Be$G_vWY-_HA@jQy#np0Td&8EArN{qb&qu-3Pl3p6v0(*vw! zOG_I%hmkD7&b@qxyzQ4ux3;+PtnJSyDiFpk{=X*s9yf9UsmMp!hcS43M)XB(K}h0S z`&0DaU%<5}5=p?FKG-)!`mz2<(5;B>&i+2bmk%t#){eg0?2K5$8T?Bv%OX2;kDeBC zZ+!;`j%_+PkwGdDva|ECmNI5!f0WxRnv&?@hA6uRIl!Q(arcf7 zD5`I8G{pdTjZsuSN?tt-Ak7ZT2yPDk)mK!zD}51bXTaNCU(i5JhRShGk(b7KL$eBh zUL{Vc-`*K~rWxRRb3-nG6;fqm=AFfY6oY88N+T7znZRx z1E5>s;V4|eSAL(v?IpfMq^a|VxQI9^o{PgS4!g!W{*lLAQ5fIAPnGF6;ToDdwIlMe zb$fw~q{vS_F_)waOrhHoB{sXm79fXfa(OW?$tAPvKYo^=zVXc-Vuam8+hWotx_9t( zCn2kkSwledkXNSq-b^#`DNSos*qWU&fA{CZs{IU~<yMe&QQldpQ9G`ruw%cj-g%8};Y;9B7JC+b!2WeF8 zhsunMblv`1>dNL*5*>+EI^R-3Suu7YKJTt&VQ@!A^6lKI2Q!XI74Oa{Do9IH_=uvi z`d@1Y9KBL0xqcx~9^uzHND7eW27cgf`*-)Ww6rwaWb~+p)XO0Gmj<;^0Nt*Xn_9xv zp;cfrogUfh3@0YY6)tkt95MRNDz3)bYLBvIi-yv*mz}G!A?EE`3(LX@!$99KBI0vh zh^6uQ@$0J_CXtJaT;C5P%v~usj20t8^A4R{-Zdi#Gn#%m`+>$}l2m=mg znxCZo^H3BaUyX5Xy}AtOppgJJ)R&cY%(%|6+y>*#MPR{;m|}91x`syfopY%scvf&J zM@M&{BWtARiTe!qx%{``17=DpO54jS1!uXX7+4O!3h0ta-jz9bWgwGtPk$A_yP4ZW zA6aMx_t(?UiBI@W3gngjL6Hrd*?hjkz`IHw8qCi@_G!Hk-D6~A@mR@9NhB?RjFO&1 zJq)lxFAC7)7wnCkuCf@vUb4-o9h+K=4n=+0Uud3}{&$;>Zl(cAu+1|T6&t6H{6Zk( za;!;1G@9dTs$q#;+aZJ}`6(eW{Ugv8Sp z-#rZrHx667Z#`OzQG<2n-o8`lvIiU2Yfq*;D`ApymvZMs0dUVEqx$}vM zsb4KmQOWM7q9uQJ^j()P9xE#=7sm;9Bf?i>>sh`(H*z(b2Z~KBPELZy;s3I8a2BYz zo{e=BX==Y#{qUh#+JPZl{6IZ5VfDwF^!EHmN}BaI7Lb^t$#2%cmnv+w#R`G583fnY zNK!JE$eo)f-D+H!nN&TFdVQp3oP&Ep0Sc-4(v5{oOaB z^pA$BEj%>A$oyM|w53qoNlWib9m}U#AAgZjGlAD8DZ5z)R40xd!y>Qx06&>!GRe8P zbaUYL*zP-(oo%jj9f@Hl7nkT`i;ru*Hw&&y9x)P9YM{8|VsPMW7P(P4>X&d^+Z{7w zK;3+Ta+0y4Ck-uSjNNwTQM!Q9v3DPBN_uMCWQFXe!YCjo+B5gTm0z2G4cQMBsHm@stOK@>8IAuMceCJT)9*VV1oLW5Re+aS4<*f(Q*3p^Y=uMo;1 zll?PJ?&V`k9u28*s0*$vS{9PS40NDfZtH0T0%fyf(oShRzME?Y+7*0q{&J8eZXx@H z`sO9H$fwXH*I6qnz&Hr%B zN8IqjT5Uzz?ratOyZg`({sDe!doK%QSUTc3cU}X}~xa{Axkm#I<8d&D`>G6G@f|NB$V!fK?hw~1ERXWb z#qx{DlI-HXF&XTOXpyHsJBA4Cc8E9_BN#U+Ec7Es>Ah|HRWE)no8m5S7G>gvsEVDP>JP@? zsh+K{0isDLlE-o7){mpz%^@Y{^kn(s{K4v!4aj27K|+s%e%4S|v8uZgh9 zO)p6M^yVk0tvJchrLWJ6Ol$;^56d`#6WC(Pg^(OhuC@x!vCeE2_YEGsKTiEv2+}$l zR1k6y;2BNCwaoLUc2~kmk#=VY5aV?2?^$LI(8|l`U1?jUWRd9Ir;q6?{iAyNPVano znkRaUU34~f?@}u@oJ?n8V|=v>3ttSC(&+S*Uyrh`?mZH^Fz7tB8hT)tACdVZ;-5qS z*p%(2St$8al zn{u9l-UA@S@vIlP1}%DcJCVP+|)+U=+9@Q+l+zxd~9r_8zaw z9h^R`4n4lm4Yzxvfn<^saDp^@eglkQZZHf&<^}Hp71SRv!?;`%z`d2BcaY<=Wf?~h zoX#$Xp%jevTf#KZAw;sp3Kv*%k=K!>d5HN3|C;+ct=HxnPpM8Xqj$S;cQx^bc`>^? zpM<>U8$#AzIQestxa+35oHCPKz$#-a!3{TAV<-L=sD{ITg5ok0Qnd2c`$>6M|_Z)L0iQo8?64Ew<`dHaA_OvBRv$g1I9 zKhFq=1}CKn!bU>?EC#n-DcGRrT!Kc1WhvfqUEn#L+kZa4JgIl#$qO?pc&E)gBNA#$ zRK+DfG7Ch&^X#NY0`gi$I~$B`7*d;b%#H7jvo&n;$Ett;iH zy?#7P&|@i0L06HV+HPdUu<2SiPzxKoO*ytk&s{kc2|f!)!M|-vzoa9|yJTdMN8*oo zUEKBjJ1_ZcpHxZLKH5IyVdi4jwHMTVZaZ-}8@A6ivO8+vl;RaPcCN=wNkNg<{vn2I zPsY6x1TQ(3*QMjDCSXcyIuX&F<7)fIgP-9dzBi*g)jnnZjZiCPx`j_BYngo8TGAWv zj7LmdKwA{w^4fZhf7?rVX6~Ay+J9p`pQldB&^g_?h6iCyau)B>J{$oeH=27nr_3N} zsPN(ae*-fM&o1*Rudz!;G}t^u1!C2uNz?gvYg|o-ZMTD$D%el=yW{wfZme^r!QEb| zl9*ZE1Lm?F;OMB}WQ&bkTwiokWFJ~Lc~4EJ7=Fw9f8#+LDv5liwRZiyigNDNTsL&5 zyzswqGD0m^02+?krBarzrX2S#P8bepJ=2$$_(Tndf2&y@AW+nRU=_+Z#?77_OF@@! z6B~~({Uk>h0f*>64DQ|Q>0VQx!QuzX@_j`?r&&r;ul$-@yTxJliqzInI9s{@%^>@)u054u>978O-$NW-XLZr#_Q zhdU>%67<}SwKDzbF%0+NaNXc&FNp(mz0P$6Fc9o)583=^E@+c(?kOSIy7$oOkd6V| z4R9=Xo@LgG-1lW(g$QMT8whW*#HP;3DVtYQqi#aIRLy7cc?ap;!j%i&absqW#AoW1 zZVYYyyVN!u6&&Ntt!;dk+$1YjmA(>U75vyyz!F?MP=Y>rIDJ5-3c|-cacmL zs8>+`bralV8MMCsLfKr%%h5c&?Mztk)`+#rK(L2HSyQM5g=c(!{V^;;6>H8kVKE@~u5&(N7|97Enm_viQabvAoZadMx6C$53 zep3UQ^}fr0xPRy>PPd8(Y2JH%ha?G(BT=#l-`wEuXgLf7)6giy(}^)7usiu1UpOqO zNx$kn>L>QjV`6Flzgw?+Q>V4*gZRAmABkIvB?W{UVWBPtEFE3(@-f+mO?VT``LX+! z^CDgs{EQ2}xK>qGaoGSEwUN1GR+DAH|7L(jfZwFUue@}puZB*>y_~)qB|OQ z7;-Ns&;O_4VQrz$jwDA@&Qx`iQ;|f$U=}}*_9??|iZ%E<04z2V%cEYEPj-JaV;(yE zP>uhP=L&7TkXJ#HhbxPat%8Ff+U6+#5_B}h$hDKfOlvYLbt!XPTypuE(5_3o$+F0< ze5Vb)u)gnR`$S%1JECpYCrg?ciSF%Va(CEFxys{0enVa-)@@|?d5Dp_LaqVqqj_=) z8H70&*e6Sivl&<}+>ZADn|cS?U0*2$3R3;+fBrWeJ#Q3(XJmQK6nGh+)NvOsWV`=I z!uVmGW~RnnAx+RSjOBhs3D~oqo(1T@F2z(&!FKeHmU-l0hjs!Zk*)LSdf>df2fq7M zm%#k1;LTxyP3bR}eTL&CM7?ccZ(jEwB@l$-pa=;s>|ToQHLkwcs9tmHP9V{hA?w25 zwRSWhI&NIE0BF& z!(Z{)a@-xd{A2pug%&+aFp0;i!d%5>%nQpLizH*o^7FBV7 zn)(e-EmNh6neY!s>)ES(Tw+44);Pt*q~V6KXYm~7J2u2`)tID3T>X~+NlKsRp!bf| zR9Mh&o19$heNac>j6^F&M6~=km~5U*nf~i>sL3Ly_k(ZnT}*K*h68@| zu2j6)s^1Crs%dRGf%S~dP10Wm2QtBFWo285~hbkDTpf;7=a594R)EFk{ol@velt*m-_Af5#(D(V0n zM=f%3GRco&&A3yg$!nP2+WsW`C-BtGoNjGfmr(0IGf>mDvb>#e<&3Y41P$|=ZVIpSLfm_Zb;5G#Lj_M0Sq9`h=?Ec{0bj+?DOH2r=o1Ou(o+_R6AnYcIjs>VN zsMSue$`G`kt>Dm#8tlde zt>jQl|I##92!9h?4Lb=l558V++WS4=v0a>=m%w9CC7j>48kcxQIknKdS;gR(n}|YOop@EN6RwwzSZ`u zTZSxYMrc;Fq`W$^Mm)xO0A0|d;TK?So&unG<`yy>FQ%v(&F zU6yfAz41peBqwm|AFcK%ARDllFsUPkgN1rrPJWX2UW9!+oRCDTl|%4$*S?acVp}tN z`&_uUylht5%_bxsH;)xGG@3!8#bjX%#@q7NwE8`w^WH|jxB1oBz{+>?kV33avX*~3 z>Fle9T$6V!zd5w_(;Hgow5sH0CBpJ$X?J!zUn)gcsF-iRq$dZ=4;lXUdoh?i{j+&# z?GJQ1;mw?|HRD*~6}caKG+8O@WD46b)GH#S+;pQ7yCezoRHNE^qSei1(g>64o^5;c zXMo8(-8F;HhTpa%Uj0if5G0tSPggp)|ISH%vrLqoUHb`N0K4sPnj~xoI^sDUG8ZPJ zc>IG3GR!!yswAIw9FO@2u+*%nUn~$Y2_#Gdf^7kc0sT^)TW!#W={cLCUqFx7*W~do zj28XeLkuZNEYaIXFRS$!|7xDduDt-RzpBnTR7odnY%QEv#pr0seX*3;z?V z`B+<=(5sUv+S9AbRwdq0pXz|Mvs4ejsxaxi8FqIP60^V?2zoJEDamP80WlJ6xtTqc zmh&{7u4!z{IQsmP(koT-7yb_HPEB-!4$HI(cADLF18FL)rz4%wXtE+FttUh!n`!VF zh%uNkTQr9hX;ULgu7i?Q=A@gO7>jsm#S#{wUT6h=R+MoAVb$4JZu;%6+HOHOe_WUeiJpgrl&PCY?(4_{wvUD@wc1!<*~6<{;;>I2I-q7PoE) zhUBw*__B(gkSbcXGE>F9MNQ%ZIkLsrgBhWpZSU20K92lWSf;FC+3jmtyMN(sDU~Nn zizmLpekN!XE6u;Sb!Zb{p{W($g$Y%ZUgFgWT|-lgxPMRSG>L^(yvOqVB&p{D`VHnS ztrmszHfQ|+`!DxA5L`f=wC`v$)qR}!{8_TJFllKRdwXdqL3X3NiZxc__8fA$=B$np zsVdC~86KibF1>a-T_-jx#x6_Tymk@DIz?jBAHUQ3YJ%BW7fmglm-_mmF|lvD3p})# zZn4NT8VuH+oSMo8{-~^fJX`)$QwOX8hkCP@IDCh}a6d~FYrc(Ed97c#mK<|dr!C&d zsL>8K5`?_@(VS+UOA3(?y%?|(%Spl_-f_|obeFOayN5icncaF4i$w+EYr9s3TH4Rv zoT76V{z*pIW!oXDdzTE-KKzmVC!W-GIEJ{zAInw6yfyPhf4?LP!@cTK;wIc5BARJ& zBY?$66cict`h`T!3|P`_sy$A6Ft)uq_>#hUeAANUv2~<~tAQ*;E~HQ@&|BHKj`kDA zlNv=jkMEp)e=diUA6!T860TVhXt$5<2SS`lN9p|EdU_ zC=y|>34ZKkso>#x#l?u$>Kh!Sgj4&`kFd?|_qIh3h#C_xaKektP~4*qD>k3(6bxZ7 zLO}Z^>z{7pyePhvJRrXFU-b@@-(|{h7*Lv)^Fez?(=;idu(XBZmlB3_z%qcM(jvEv z7ppI&jJmlH1bVyx4zWBie3CpA20kr8S(pqv635n#PRv5^T>?x$R;5hGk}O$8Slu58 z_44wjX0T%=l}X~ycH#apv`o-K?-=9iWSR;dl{NcVd#f9J*H+PA23<1qxtVD(-#d!7 z4z?w0i|Y0xn*4W6t#5Zz^79!Gg*#MXE!&5 zTjO%{Isg{O40J6cV1o%N?DScbG7yD3;*$(oEoCI&N^Vhtr=~Mxv3OQQK7``#URM>> zulM86AI6DNg)aez%>*P$XQXXcC<5=#pF5YAS;U+av8A|DyWxdv&Eb9(fAuFD^7q`# zLB=ShBjI4*AuFhR*AqtB8a%NQr7uY4OvpT-g`n|%-<_SEJzE6X^Oqe#9tT!nyu#{I<+kV=hAxh_w*?5w5p|g;miPO-MN8=)#FcaY7fq=i>B7%XR*{n zT^jk-Dn{+#TTb}&-}E$iG;(!eC_8&A{J}=(?qpL5+1c@ufvfi!+q6&0~Gfsm&Y`5B=l5J3@4 zE;sM5mujB{7OE6e2(U@ZLLnU*pQeg_HViLh9&D|S+iWw^4f`1-%hO3Qe9u~4 zLn}~;9GhN_{WJHGa%1zm4&#%?`S7_pQ~8IxQ_$I%Mq*wbaXM`qv&c7&p5ij@YI3_d z0ATrYBa z+I?>)s88(~kKjEcYI^sH0>=c7MvE zEV=2g{^nBKBSQR4R4$6uNGS>Z!s7wwa<;?`n#(GO?c={O-Ff%jmxoiDg~We zG1E9qy(p9|#c)u>G2RC&tN6RSz}m{Hs_w$g&DFMmLuw>D)nbsK$2o=8#!D-yo!y^0 z-Rly_mUD0apFgqZ&>Oj>NpN@A^M#P*MbLdciJp;ByhA%nP4S(2pLQ<262NgzX-Ls*_c@PcUeDUl zhqC&z%w=JNQB&e~`bEpFD!06OEkkyhQjDexnqa0?y4${ECM_vumgZs4TtdvuXrBDA ziIZ?B`^BsL#)~b616I7=WWJeHEj{!0{Ilm`pI*tc@4gpqkOn0-R`z>Q}|?^Kqd&AHA{q73R z^mW-c2DfAUb|E%;f;&6E*3GN8nsBI6ImpwTT%S0lwQy9xV8(MsY<6igCo!HyTo9WP z#asTofP-d=i}dc?i?4PJ=bGhZWx{rV)|tcC(5@ic_+LF23fGg#prh4o&DTROFaL1@ ztKG;Z&{BoXyEi`-5)7cb7F}|3`0;|H^q+GHD$q_M-Z6@guN#wQJ^Rh1$!Vucb5Kwm z?Ntq)SYKaP2UU8wR#LVX6-GE1eJ^gKM2?dud@v3(gf3E{xWuI->E}mee^S)Qit8znTf)X8p@K*$zx<}xFQ+hl=HY-RdNd7KmB zKY%zV-!#z+aDCLl%RzQ@qeOJ zksk!Yo6X@f&0g_!r4(3~eFR!p8(CYM53exMwb@Qef5&GpEXqq*n-}y#JZ z;HbV?^tzBhvZQ<*4Yg2bgMbyPeqG4!Z7-3eB8)GTv}CAKOTfV067mpoyTI0+gm>q53 z0?>=8zeuTAB3l3$is18XE8AgII&iB)X8|}+4^o~JvFi8Vi7q9hr4JttmSygWzzseg zGrQ`k4vt`O|HFWH>5g>DZ-XpjR%H$1HA({A=GL7CShg0 z&P_dfwDfyvZGfJyIP=G6gUF+edBA^kT32E5z|m}$1PB$)H5m65TkSwcRTx8+Z|=$D zIe|+d4?(Que;peFmSBFyO&+WbZu3t7hoMc!5lZOkc1&?y5YOxGty7NId($av#{4EQ zQUdBhDG1Zyxs0kQh-cx8I8nCqd`treg z(0}JC$ZwyFd^u8A=^7s(U=`DvJ!M<9#Usdp6HB8IZuM|h3R-DHLLDd6n!tNZjM?R86SZSC<Uus;$Y>a%&D`585gQuE+fFP5 zTKsBST4e5R*Xpp#B{^?+YD5L1);ahc652#`FYwZ-s)k51?qjB z&0Sqd6GyxXGN4)tbYaD8O0~n65B}iIHvoD94q*_gUxr1m?;xd)@?X@1+P?+iU9L7T zV50KxFG!5<5Ru&EzZ)IUobo~qew_<`Gi{%Ez-0HC@j%`M=anNj$NQn0S;9HDmhF|B2=+vC?U z1Y=|7p+i;`h-BMc=hF-SebMgoM7oKDgoLnSwh2vyWYs&h&Yb^ zq=)6ydH>_od4NnDrEkr9W)Bbd5m-X_Yi4a;*WBlPyPeSZ4&)~OLCXU(OvwHKgLjZ% z7qU0g_E>5WgrkUYC2}0G__A%l@-i?(3FE)da=cc1y0W_&|6gMSCbFcc=J%9emA41J z&7;WU#_TF&_F+g^M~$<+{rWQ=0ktoOta~$O;j|S>cC+IgDE5?S;9=gp|CV30?pq_iafnUv}sL4$a|f4~_gvmrcBalK9-dyfl5!=-k=bvP zJ6f@5>=fcA{9FIov6;ere@lAlIpixXkkzA8g9J649TG2hfMHNBv=jaSp0(@?flA}* z5|I5YtL)r;vxzD(1AJ>wc(}?SUGQFHIa(-8_qggHTL>P=wY^(XGtdyaSsWMAS6BXl zH6S^E!XLa%H2I#|W@tz1=+p}HC?7BbzFe~WDhGfu=-Ft2(C3XF1C`TuUFq16;SGum zsmsUWQVp+{eFz@8!{_Sxj*&|DPqG_byFUTizUJTErGsu4eWAhk{^q`mpRw-}F2$QI zHuR6Z`9>0K*i6qdhSQA(-t0W~!V7I3PpW;P;o?H(sB}u}-oEdss)j6TeUtMlUE0Qz z=tBxkZ~d;rNy`J~HtyBM`MHDx44WYmMHo+xCxDYk773hqJH48kzC-~xkJDAMiVipo zp#|yzK|9cGWA5&B)th4tmd;WZSe!t9HJoUA5xfSLzq)os#)V)g3@h*cRr`>Njd0_a zKfbEv9_;Td!j>dbSt?&?v=5kn%4I@A17`ylK3`hQaL7Vp-YC16G@DELqNC|ZIs--| zXWL0?Hw366OK_r<$Ad2Rd&bpbfyi8g#Dt{q>GZ)aqL91dx)82BD;TBk;_W{tVq#EK zcyp7k_saf$oRL+~-z|u0Zdm>w?3CmJAzK;V-ri*@h3~)}vRf(9Z_F2!RZpOnnn*K% zATmzMGB(}Poss=EACco8e@ z&qYoV^k6|(ny38O$*d=YHbE)y9jkx@@#WIB)ZT0Z6-zJe^}H2^5zy8^m@Qe+V_+)< zyEsTcJ|F>|{xz!EDbjVwX;+Eb(-{oj0p6V>vVo(w!irZ%Y}gXsxpZJRO{j{wi)a`s zDNsenDf*s(@J!9sJj@Ss3TRx68ZoR+0?uM>m%JF#TI=wSpXwok`2&NAu}0&3cBgMa z_vh0?ane;jsJG47?g2Xz5Zg66UP)4FUApZUv9RB`EO;A_ZL^NmU~ZzQ77TjSEMo$4 zp7Ulcy=3KG&7e!ZCRZ{7@D-}`V3s`<(pqomJx@G^0mEXTz)sQk?^Drz8V6nDM(J$T z&y6(K#TPsuRHC#8!k5Wd7JR1{ubkKMKz@Dt3!dn=_#{s|2TM0s{xGm~C{}m%>b&iA zYg`PYI)u68@wJ|ow6F9$_9Eu;Iux%GLdu z1hbj01W%e??$*njjmO)W2e*_XRSe<2;eb#FDi*(LzR3V96^j7 zvHv5gQIHY%4uzE}DFW9|>D+;nzUaJw!=BLi!45vYB^47J;=HWm=Ldf_gBMPZR5afX zbub7C!4IWFr2(vYnF`p#;~lvz+c)5%M9BXm>n)?AirV*K0|e>rknV06KpLb3q>&Dh z9C}El5g58lNs$ieuAz~T&KbJ9<2^pl?_cZv0Bg;MnKkFEvuEG?O1!S-&g*C75>GDz znh_F~M7pUd0v8uoW(hcP3r>wX;fl#8gx9`Giq70bqgg?O$|gMr0j*RuIawi_$wV#Z z6Uw12E=p_>fBv;Zvg=*bW@nteNM`pVr1q^un=$dk%%u&&(8x%h)k^g*5L~3iRuZ=h)PV)|9qMlK3J$`qGYZF>43Y=W<=%v` zVR?B2(PXsO*#b7422IV!bHD1rE3H@GRr(FAy?M(C;Z6Q9PPe+>h`Aygv&&4mpZG5X z-pmlMIO`e5hWZ?}zNAKr*hDXrc)aESQ#i_MfE#05P!}OXOSAP?;Uvp2=Y!t?oxVI1 zH8x{Jw0E3jyBQ3sG3S1K)2QIqt>uNDG?pHX@iQ*}3-WOVR5bKR=P~gsl8M3QZa(W_ zZZ%3918U!6Dc2NnZtg#eWodMFH{ganMz|)uivca3>4v_FJmUu6=#= zRe&Py{ph(Af{adN3e?nT*4y=du}SlPbBeB6uqamLalyEAC*|Ars0BJ+m0=zo>rSzg z=<3!w3QNJ+wgo~h2*7VI9d0Oumac^;hS=o#cxT%bZ#-k{gFAfa9-TwPG3|%Q(_q%`g?QKGq-OY`GugrSbO6 zZTq1!A=o{(qTBa9E0whlu=}L^C~id&|47Np*uoloqLlbyCLLy>sHXhQ_4rsus|pww z3jBQS+GCX^um^}Ar?gSQ86gZ@pctkQ`q7LB_H5sM+?sdmdFnbAlYJxCH|hc5MZqMT zdJU-R5n0E}^~7VS;H;Zr_HlhKXh9+1o^S+4D8msta(i`Ya}3A!Gwc01wo9jVag;rw z(mqPh<-ou$BikJ1`C0;OabL+?i!SiYQoTj}?BHb`5$Fcc+MjpPPEG$czg*m^{B#m2 zZ^CA5_;uxeQ^?vVkKLqgad>z_(D%6Wo$V92rO8Vo86-*UE}-r8;WUl4u2^j!Ny)6e zM16N6a&W>305`I(?GMOmJt>IAc*xa9{irsy3BC5?P=XuU0+SKucPZ>0t&>!8GCnBN z0c}L>4+ls2BQ-pphtk72eAF60%u*kQDTejWUy1s>8eg6W_Bm=oK5Bm=f?ISu&o~H~ z!s=8vn{q$qN9UC_0~N3%QB2fF5UF_~i$3;5o!=zQQgAYOJ$b;*i252a2~s^t{fr6Z zCAQ=#bKpauGlKf@8;9Z5YEY6BqN>>QM^)XtksvxzOZd&$NZ%b>@@kuyqu@~3>-l<2 z^69m@_N6Ftrv@r@Wy+t*^Lon^Kuq~OTKSX+n1hwzn-cOzRuD8w!DvU=3oF?}Qc#cx z$f4u&zb|>}tZNPX6VO8D#OeKN!l-qJ4Iy`FQjZgb4DsZ`{YJC4ma$FL;q`UCzxu$19hpv9SdI1cAwB@38rfirqkXre*x(pkDV|oIl3v6EiQ%UAolA4hlE-^Y4Y6#Mo->ua!;o zp;J8s0Q!XKg@_iy<-7@F%10Y0l`(inEB*4}WOYh`Ctyu;+$?1~`qq_(K}5cPm_z!T zQ|H&0z+}{ZIlniI;iP4eps#sxU7GfZFw8!B>Z#AJLLt`VS#H5{K;wyb=}IH=K^bN$ z!>fbFMy~HCUPX{K+&N!4Gc2kmb=2=9b%TRwGB2L)x7xqg<`V!cOT)#qnDct2WVT5I zN&T`5ldm5%y}%0jrgvh+m&vNa-tc&C7dyCN`70bw3#jXXbM}o`Fj81X8*S(P{n^-v z>htC2n=Zc|?yks#n#{Uit*@`Y5fz<3-x9xCj2w>QZ@JmUTl9VSjT#Zo%Qd>{d6gc5 zBXQT`29h|C3JwiUZ$5F|8U_4eVk$Xh#;s(<6Eh49z5T?2@3zbyf%5{SK)`M~oX)kP zR)~CVV7%eMsXmoBlU=Wt1ZGH9<%6)fo)i#z!&riJv-7&)uA&`wIzrshXI@^q^^-d*7S6+SXoQJIk6X4%SK->3(44xk3rTF zjqm+kpEs;k%$P0IMPIKY)SbKC>*@HJ$+)=EBEzT~C>>OR(nJUB!{!I7e8%3jM*T_d zi?3ps`WyDVHncyPmZi2RAG*V^GgfdY@vz=`GkyHwY)a{77XSzrDUs(DI9F5v$49#z z)P|m1jH1D2^A9UL- zNBLF2s>h@3D}sQX);X;}>yi;(E`1i#Mka4nWyGzyGQ)}|3KQ2YeQ(!T@8$aD4tNVE zm$k4nlM2dKF|0imfcPDs=Ul@%(V^b)%aH4m*`JlOvTnx@ctH=jd(Uh5Z_1mU@SD%8 z&Smg7hy94g(5l$k*og6NP>ua>tSFqsI0etONfVw}t>nzFmL0B3qDuDak8l?D09LoQ@v=o+q64bwo{HH!Kb-Av9_OYnFCFV+D)^AZq^g}sKzVw zx#~D*`BAR`>vG}^`{1s@a7JKQzR3$ePXyq=lhA2v#*_NG23H4tOG)NXu$0B{e`=Pr zxT{;5ZT4Y1yk2k@-u|tApXsI2YC|UBd*nwmxaYidVSXfN&nvWfgB2rSr(-cMgKc{8 z>&ki0Js|$vuqRtLUE4CV_c8MPq5NZWUn>zIT5m7rJi|OaLwVl1TSSTY=2?D=GGtF& zD=t3GCb^Glwuxxw{(`8b(SuyHm$ZUygvT>ggifJL-X?3T#W{`HMrmurn@D}ci$cP` zbDP9DgH-pbl3W$jN*cc0{gRKW>t&2ew_`It(>%Q;%MmzQWVr@r~_;2irV zthpH(`Nr#N>FW6STmjHxQSkKKjZaMlbIp`>=3y^|r4WtwxkZRM%(H(;oOwNm(Z#1O z&M1$N0*Tpi-romln3zBt$40xmMA-h!Ek`zmN)PK_GcWr)F?a{Z9xnXGjFCK{w+4x$ zI8_)#X5Q1bus9fT8_v`9Y=@h~LY}|6fMFM%;Y*!ujS?V)MubIuvCb>Z?Uf$4Nm^-w zk3&+D;a*Ncnovr7^DER%i3bcUN>F$)ki?LMa+NC+zNgH^*;T@}EUjf&l-9dmuPJ7j zQF%ETg9$Fu>MUqA5>!QrkbR6(pppqDnXH{+AI`V~QTd$Pwlr)r^z`+Jap91~Q%ePi z2|DRJWj_Ed@VJ_!!0ET0m}eYZSYbVyX`B4qHAmEc`$yRDX{Ea4!&GAT*4OJO94ka$ z^rr+nCjJf->_t~5YjGj!UIENaHG!jhpM%-J9jzk)Wt%iEC(+|x{LEsjR!G)yBg^R9 z`2J<@y|P($DDpxd>E*9@iiRe`lZlDmhP6$@Dw`Gm1{CkrRy)9Ad5ufK#;l;F%CZcx zqB(2}V8udGP#y@HJv|}6{#y|c>8Ef%vcQ(rhFiUT*jv>@GMvSffA>S7^3z;N|L6!{ zMz%(r{iS|QTGmTm(H2?|x$@RgEl#-bOio?hJi^E)MkRo(N<&HSqLbXq|B+94c{Z31 z1!_8t&!>@^60*%40L&{gUTXeyEtgIWYp-fDp?pJ;#9V@Ecqx-7uY%e#m3|1n-urHN z$A=ri*4==S+-?DlP)^|#Xm?r;hLcD-%=61wi!d$_5`xC65)h;aFf#tiV7r3i49088 zDBgDhCOl@9f|mfu@`^g4^F zi{;uysA{(b4*=$wZ0}nh8PgTW6=q@*@gT`#NR_tA&`HEP9~ajcJIW^SeBCrckA34z ze)D7$YhS#Q`fAa$BF$ms-B?GnQ#;*`4T;Yx0%74e3}#I5-nMt@gt4vkWDJ?$iH*N_ z`toe?ZnZo0u1hmfXC~bf%lWkj1eyA|HyRKYCR>6t0|0}88|Hk%=mVFr`Df{?pL2lu zNWK5c$Z|6u9yBJ=I|a+>w5Zucf4&q%6wz+fH&1vJ@U6}me4kE!yl;VR(QU&Pmz?>9 zi7J5NPJW*o<^~<|RrCC-Kuwy(5n#n~h{t>1lW_K4W9D;siQ!`?3T0Po{UaedAiqRt zQmqulvHGRNWe52jL2#B)u=ARJAyEgMV^Kjqkrj#yzjP||LSc~W{YiLteo{mYZ?lat zZ<_t)hk`Y5QHhDZIV$gAfVb@J{yN)hUt|B`ly`>UF40d({IveN2f$DK_k8&pys_|7 zWcF;-QO%4+)H@jIJkoXi{n!1L7l{JDf6Q=%&ixI6*6FN=pCE=a-Cqf#>T2uc)>fiw zTM=$LG`1enoMWE8-1S{BBX06Gh&43&5|wGsPwgbIGnn79`|VvKVbb@OVMq!J1K_Kt%TSf6O{#vHxaCP1C|TS1G3?_pgbu6Vq{N7Vw7tPhEa zI^PxG$0D@5{Tp}+KP%7)t>lfG3vLkNbTy=`l!*ymf~2HeySEgDj}jjuCBC_w zX_)B7P>gH2TTs4Iq0%h+#(Iu{kxn`z)%Hi>)CvD#qUvXHu>j;Oy0xW2OmtpD?|nF; z?0_T@NmZ3YI^9LXh~CQGBjWJ7b&9G1#pnIXd%9Q69or2Bjf82WBAW*dZdj?*E8m7L z|0tR3PYI00IfEkvZ6=iL#Y9OqU6#|C>4n=X^~y0D%U|6{$4Z^M|E4o>8xayd?L(nt z-wnRlkhthd)88E8INQj`+mj_mw%1jNyy-J>*CwoXJG|x?9W2PDI5D%Blo+G>ELJkl@z1L*5$^2h6avB(Wj?=~w&eKRcqsrB?GuJ+Atx-&(syZxH@v5xN>0*7L(HdRSLwORHcrvus=C z5}cj$7HP}P6x6kYFC|6fN#-WXcDucfO$Gkq%xuH*GTJQjh8g+U$mVxs3j5B*w)lIQ znVC^Q6?~W75$ED%yC}$OV z$OKC5!O{d2VIGA3{*77I!IF7R@tv`oM}4G|R^V`pZ*AT0p$out?(*mF_~*9N*tl%# z<+Zn20JB@c0a)-;jaEsl9Nxg%&ZLdRCH*X{O1<)|a@h$tMMClKhxFO~b$V{73Tyf! zoaEMBQ#Cd4_KdHcwN7cZBMIMHi@ePiCIlvv-q!k+z?Uf4 z>E!sneUVsrCg0$`PAOo@CD99;MwgyjpQ)MgA4UBpHABLgok?CyYM68#z%J!`$^%&J z5!Ra_T(-HBB28s=582)ym>K!54J*4=`ef5o$k)BdZ3jNv_nBdquxNNgbi`kKEL+EsAR^pk+2<3Vn~b zUejqpC=GbwH9eC>>bwBT_XTXaAjAU^n`+kz{fiOgP#krx%A+

i;r^-`I& z2Yi|)U0oT}vAkd+SO+}C4L_WqdB0M^i9*~d?yQ-&7!%GN?@eS1qSsSuhw*+`Y?FVP zNN&sOW)saRU~Hs-JuA3(2F_l94>W?hIaO%anTaxO5n91>ki|qr^rs7Gc zqZ{vH`Kvs3`|0;|j9)8Xy2>cey300U3fn^E96h|5R6V5oTiXNcciU`VRnQJ3*5pjEfcKlR^C35@Z}8C+rfp@H>8)bs^AL9P7S0{PD)O!r7& ze>+%b1H7Q0gD^{FNNk&YYY&7*YKpia?TKknGzZXX3633^BEU>s&DEa5ct4c)fzGY& z+l|JydCU!Ez*teLH=Wz%O~ZwzO_x&6j|@snu}5B+?+0)+=1Mo>@GXAN3ZR1I@7YqMG5#N6V~nYPJF7SV32(YWYJjIA-JEzbbZroZ=es3qP0rR zkJ}=ggwQmKJseog%x%c2--?O%QL(Pr^6>>q4Le@O=loHI>&r>xV;h00;wQ^`{f=L} zDeZbQk&J>e6VH-+ZAnKrs`l$Bi`>U=oIao9FVy21%Kug5utcIdw(fs0v7jS9u~_%s zAPj%bePz~afZ@g64QXrWak_0{l^8p|!D2QmPH>N@oSVvQfKBt3@$YG;?`D;{fr3&d z?|5`TE?jt>?9=<6ZJv(QoeZ7e&O4n(M(1?;DPyjD3%9qNJMTBPt*YK<*lk@P+PdEK zIjmrgxl@X?ki&wA)F?t1^$x7kiO-wFj=>LaK#@Yh^?NR^BuQ+@6d^s45W!J}?s8PP z?F|c&N#&n5G^_wsbf-hYM$5W;Q-ZQ>%u-}+isrp(a-7NY`~g>Ooeb0`0?9mMN7am&pj`EqXW4C)WSW}U0??l^}THuhVGUCi{!jy%USWys#!}VcmJmm&x!eV4ED?El4W(33` zEtbf7Emzxn6Tpw{Dr|6EbB1lKHCmH1uu?TFkoa1FH*rZgf($p&o87r3O;H^r z7-kAF+lA7(@#D^ViO%dtGmM98ADeWJY(-Sn@S5B0Wr9xEqrV?$kMeYywB-jSjh(3u zI-L^u8!%glM;kqznR?vYLmP=(wy|^3t9PJHzzOZSk6|D2Fu%MtahAt9Qe>^*UFLS1 z@wQE&jFf#mALIS5Fgg6rz9Yba_P$v8=xI?TBkc92vcTYTqrt~fgBy>x?tl7$m|W}0 zYLe`nkAJXUd5~z=ALV)KFfKb;A=UDOf5uj6Lci=z$F9T|h6btW64u66hi67pFGTsC z?z0|$wU+hDml5*{n*4w*;4>1;YVcEfTDLhdGP2cpHQiQV-D#!uW$#|MIX>^6GzH4M z)TLaowfUNBrjVXDwbiZvo?R9^#BI&t)V}hjbfK5d=-~U)d|ZJeS8tU8o39iK zu4T(LEP@No3Zm}{7><1b!FbhB6P`kpv3;c6AmY;_h(8!+B)6lw>_K$PNY>dHS zB+~Id)SF~2q?!{IhB+tcQPE#wfmGiB&=>wY_Izx73^;L=hEVc%7P z7V&4X)<+Kr^<8F^|=$C7p)GI#%}LC=zm zSjU6)K#?|PJ2HAJYGQOS77hhzy7BqfoymHvu#$mBc;T#o%jJBq_K zi?o(^?9qGHe=2QYc@9{R@(ygxt+4QLtT@6mBAkOpY-e*@m3oJsG!=n>gT0owGtK7W zJ)&l+`V?7Py0Up z3CT#C;0DsS&iLF&h;^={DiwzQ6Z_l8K@zPmUv68vU7zb%eL8E()F(E-8$@~|?EjGV z=HXDb{~K^LG$>|}C1GZaUG}8xjO=SAvcy=kOZJ_?*hR8teUwVFFIi$Np^y?|-;&6l zEnDw3&-dH&e1Grz=Ud0o(J}Yj*LvUAT-W(I&+|hD4eN1qEoVqQWAp@m*^hpYSWC}L zjJp3yNY=GZhD(%3zQ=?j?ki0lwd$6!4F>Nrkv1db8ff&!66Zo>cdOX!5uS7C35V}NF}14k!$7Nk>dfQ}Y$pxQv<0s} zUeDVm)R_bOzy^2R)aa?T3uqe8Q=f!7s5JcW?iz2YM+@dEOb9S0JP4}u@M&6|$g`O( zK-ySo$HDRsY0;xC`!+9cN`7K54igkuB`oYLemN|?mk>Vu`>pG%HoMnH|KZW$o0NDlcC_ojp9r-e!q&5@3?+i1*>% zJTrKvNH&j`Nw>7yI7!7Y8nti=ZL>FAZ|(+cgfR*C@v~ws1sLNDu(~Y|53<(uZVc>;&1BO@wY`yB8g9; zJn@_Oa&hmRO?7y^R;7oT{WIG~8D$KAXw1@I04E}MS*~<9Msb$`bSL9j$MD?$(1eB% zfF|U)U33RY&P!r6r#AT9yz(bh8D^#ff|s{_-d+$P=fwfe4OLsI^1nADegZO-#DKOB zi4L6zVmse_mmL4x3;0o1;IbZz<9RfB!((u@Y}Nm=*`LVIj13^{_*U*EFY}UL%_GHy z)>Uf$F)W#3B(axby-TyW$$8ik@NHOGttvyfklVH+OK4w-r5db1GYciXGu3U)dObH zM4bNrVIPt4n7otW>|F{My?S+Y>sy}_Fgar4p*7}XDrb0UAc-J#nPfpeI4)%eeb-^NFT`UUx)qY7{el(5s0yP5(+>JwVuBpotjpPTM!!Li})yc8}XiF6cYP^~DR8B#B zplbf>+CLB3S55LZ;5`Eg9)4wNPof-{1L~1CIK4~HrWz?bH-ShQ$-d*N(jZ_)9}a|^ zc&cCAWPJ=@jw5cEM#FTI6i(`&c#qv1CPlrw$RnXB3WKi{)ZvjGkjooyNa3Gv19|IP zZ$Y4Z^;@=EZF9iho5Q9OWg8C#hM$ULG37;1lH_(XfcMttez`rf^eZT5V!2hV`>ZnW zx3&6tTESZ{hLB2X*$T(oH*V_!7a8*w&XA*u#@7Jk(j7_w<{<*Wb&Ff`k-MxFeMX6h z3q}z{{U-qt+nQv;12`-nYF#J&OOCQ#-}JcF&qlTHb8*0(Nwg?n(=t-la^N_khF)&d zJ3iQX1$-kC+kkIC&i6>MRS-TdZG3#KKkM@Qm`y-L9|Nqnm3BIX>b~qN7g;r`JHL{1(5UiRg!gyyQn%xp!`r!(P;P z#-k#g-Lz8{1{fU2t?A9>2OAky52~m~<@#dpfTJ2W4>#v-;4k|q`zH{IgEQ}|?y8Sg z*(V*c&HBwn+jH}xsR%hAwO;%qX;dsj!@x!{)VL+EfkBo;WCI>1ovv?>cO@y11n6MB z^QgE_A22=1sRx4|MWS29$YDMM6895PLQ0L(i12u&Z5&C!y$f*BaX^rth{hW8X)OEs3!BlRZ;+IAeWjhwf?57yrM%=6>R%k=qp^-L+3 zEbG`%wXX{MGZEgvWaipSUaI$O;op0f#+^TfPkJlu9PJwH#Y*{T#82*cR5wpNt!4=N z?HpU>VJ=|YB74Rq!0otvyz993os^5T<>$jEc4_ZbOheujTn0)$&am* z5^zq^8Mpf!JZhUDxL89MaI3QZbdN5+i?^7V|JsN6EN<5rA4#M;7BE#7_gk;55>y@i zs<1oe^WNHJitASC;+er(&ybW!4<&;imt9lkLUc67IZ~aALMCjFP1CC1J$0?2JYTeu z_CqUM6*pc!I$pZy?e?k;`-@Pz6GDAwIwsrP{B_xlk8>&Q zISz|}>b}r`*|1)zH=!V^C zkZ^A3WXJEfWq2^?@m!fx4$=XH^jy5?Qt#1Ur1LH1e6C% zs({PaatAw8D)@YuL~J8DE;Vw#zksC+i=yFqEMxWqW(l+po=h@pN-Rk7iV5I~Gi|bz z;qG~SdBkkKr4fit%vrUY;+RETNkN-JPZFc>NXVjzXwq7rD+|*dBHN5zs04(~va5K0 zp=3NCh7C(=6{B7#Tk8ImP7wElggfGff%d@ub@OhPlMhe{xqy{kxAlo<|5e@OE!JTL z+&Wk+XO~swU>`|D^~TqLNxutTjrv{r%?^fWlONx?mfLFZrb0y^{8(|-^BWO3d3_xV zcR=gq0lAIWcymAar9#dL2@3SK?)x!|r#&Fhm<`x^m9mG$*D_HA6}yV)FX1W(() z?jLi_n=oiYDXR#HqlO4vTrP7*t5Pf3F1sFevEHNkx1=hyRAm}9k!+$a5w9jQ9ezl0 zluMn9GamW2u#$TB%J|Idy7736G?&}XDPI0QMJ@>%mE#xA*UG0qu70$SHm#oxofMNA zdpcn<*vphuDZE}Sq8?pohx9x5Uh+5qxX2M-+EbXm&j@;JG1!c)qO00zq`yG{1^a#QLu9e6S6;D$b^+OX)cnZj*Ft)uc!fNQ{5dm& z|MF#ES7+Mj{i+H}B3`;;=}z+;L{Of)@A3u+Ug)e_F_}~f!}>x&#^?&EEg7#i$Jp-# z^4M~cHm8cofX6kWcP?g;P~fKT3CR0 zB#9i+Z+^ZlwsRA(ciqeK&7yab4`G4Eig5AzQp4N0YamdbF&o_p(=xUc&_@t*Gb=|= z;uEVpe2gl4XuL;{^PFpACI!Y~Uu}Bt5goEepH+SlVqbz--NfKuP32l%X|5WaYOX1L zVj%VD&N);2i1G9aNA90Q&(F1^M>Q2v&(DO5c2EYjbhemQOh4UL=Y|$3yUe)-xO~4N zwgv-w{pk;b;YVkK`;6_+g*_NBow{2$OM*MXqN_AsK6NgZRX${!& zt^c74q1??Ny445_W4Q?3dzNr=I5UeGg&=Y**7yi^33|DMkx2mT~=; z86Jkilmf9xl~a}JWk8MAzreT|b;wKg@&ftU!S0=*(_(5I_0O?k1%VLOwM-~-S=k@_ za^yIul)zh~tQG1hm7?@*#D4>-^R+$g(m3>l4%`K=v<$0HPh9UwIxLYebML_<_dSsr zF){X_T9C(G3^>)`3aq1si`3}sJJ}S1o1Exes2Fj0DhvgIMUb1Eelygaw)C_uAcMlX z;z9ex#hy1Z8{gl>$fe-r5 zTfof1 zHWh8Zvni-cC(PO<=x*mmp5gFqHL2l-CjI#GEc<`8vIut+1PM?+VANP2j2d=FVvLa& zU=k~A9hFhVRB@aP)@F*MA@~fXBTN3klV6KZ-t(>9zisZ72Kd7tW~qBH7dGG7usU&s z!)e%!WQDw;{1coNN62{hVl;BO9E+?cM&kp}UR#F^uq!L$%4WzEn3HioutB{xp)~qK zP0pRGxC|O|9FJq*~0C%wuhCF;DrYCzPDPePWb9Es;|7n46 zzGjJ>j91ZdGyjyuo3ckbM?tU64F%smu@L_BSoPhgPLUKb;7RW&Yg*yTR-03)MJHdt z>;d)gY~L+!|L3y1H(wgs6%I@U6~jP}Zes7N^h5>s7ToG$sx7aH+LLIVs;= z+U&uqLK-QFkV&$}dR;5inuSpFYrZw-TyA%jNxu}WP;psoIX!H*f9=O$b;;z%68zx@ zq0zAvtLmv%5c+jq4OPf4;@$=pWU4QXIM*lf5(%NZMh2J9=Pl_@T^2pC}yc zmnQdVS@M0=Y=EFaZ6U+v_V~-!Ez3Ag^|nO@uBAC3(v6cq_i#3%3tfsqw>=w)se{q5n@Ukl_-4ZpV_h7`+4?F(K7Ki88XBtXj zAIert%uL00#vMo2>log~@DgB3-BW6bl$M4ACn7v+5c@XlH?F@vc|fs34@3##>T>%W z1(CiOmU2$m75&n9$n(*9k0QavY_}GVVO61YsPb}*6VleQ8SPFRP9KMuyP(9D!N+_u zM5YveYpAh!PFynx_AIc=r#h*&Tp>jqhF*F0)dGSh&z6fjLR5~Ls*mCgnN9_wXf@TL zYefZ8f&E6NHQZAc4yOHcbKr2c?V=03I$@4(-a>8xbZFC`N-v#>uNF!*z7T2y?v_se zvZ`)=U~TeJAN^_AdDLxBm*`AUL@0Hb(hpcV_{5ZZrj5xJY*roLzD}%ZW7nyL)NMg>zus z<%c)7@gk4vYF8Jx%e`$2HgV6!OVf`n`y9X4M86i8?>$%_W!zmE+A*qfmUr^ewUSx? zRlKX5U1`*8gPS}W_7_YM`LO&bsnWjexecAd&`9s?5<8#;dSIXe_djykaNb<8x`Z*F ze;iNoxCI*`IOuQE)N0uOGtED2w%&qLsmUY&8Uej+@;@llCJYMrQWkg~o>wPL*FswI z6?WV1w&T*NM3u?KB8n3Rpcdi!D((m-I3M)=>5!HO8UHtV|`R!tEm` zLN{A|2u{`$G!#}@{s8sZ!(~V9>_;iiZc5#gK!x2|KQfJ}YIdc?q}En}Gc+w+`th&N zJid+-DP*izX8m;C%n+Vmo%;I*dX(_QYX z2F3_Iyvz%f*yzMMMUnC)p^j4hDN)l}?kOW@t@0`X%$*)`tF?fB$OLD|1|Jk>e9@k! z>skGwv>i%VtP{&%m?OhC;yRUT^Rkw=etqCM<3i#yP@5q|rPN}HQKrr@ zc$_(XE~A`}-gl}uZB)th_tjc zWMct1a1+aB05zQL#A1CI-)gzF60%1~p6*Es$mBb`|7(i#qi(|xSzCt}l=DO{H!#Y5 z^GwAJ%3mJM?gMlqCbx0tsfoB-{IT4aa%@Ag2Bx8(o zZ;R+a#P36I&pZX+oFhKAf_IB%YC&>Z1IgY8Z#*xpZrgJ85F0Oyj{cUXQ4@M9Jqw~x=~kQ^XFfKzFE{YUvk3F+erI3#9bwNN6&Y0@DtVE1V12E{ zhPIl{BX3hCMppW3?%`2p_`_KYr<`y75m|?=_%Ga>tqOsz&S%nB41BK7h1|I5iywd8 zz4!~Id`X^vl;U9zr^Z`$#=;*y9j5D#ZCAG5P+XFdYO4t64LYm$+wFJV%)rO(@GSX- zY1zi-d$zfyud9XXU|3ylLL!}g_Fz;MwaO!IsrP@=9R7IKLwx88_D_;d&Eb3GhwEB# zGxP5_WjTcGENuKeW>u@|G%2)1=Q z)BtFj;s(IvDf22c|3{r?je@P@i@&?cKMDBY?wauK^WpBBbDhHE=L;-Pt5D^2=h~bW z7|e4VF3nuJjpMSuuHvK15QaXG)* zMkRAoeRtNKfX<5wvaa(&$x|jOdmz{ljn|U$TU1N$t>k#8#<_ry2plU4PK* zQD*D8_w~g4h#x>jw*qlm?qI!)d5$8Sk2!5bMf^;nP0B2OhrP)Z?S~SUzr1{AdWlxR z_NP1WOP;)pLvUPnd?aIB12Dz4lWM~U530wfdrSl&CrF_!k|NL8?f`_Fsm^g0-fX)t zau;>)A&+j31IZ;?<}}{ZM0$cL7eYU$f0MBNG;Ke({od7*G$`3Lt-@fO@i$TPF|7=z-s^#Fz6aY&!WSh*Djh_D3mTh@cPWia zpHlPhDQA~59noS1zVwg7@3Owr^!v`a-&rpGn~Bexa?1J<9rZh_k&FDTGLIy_8kfvX zsviJ_{G@b8eLHgGL~i|u=Dycd8~`wm-%i=icO`f(=6bL+=wVFJFHqJO)=hhDWVy<( z1LR;5<>;yhQfVAh=^v^h_96G<5nn@Z_CL2m09km8O!uQOLSDt3%EH0-rx$xQ%Cmq5 zr=dqqITGh<`4+WUwI7st)X#b;XJL+aM=MJ#Y`3bfSDD0cQJKJ4#V!d4im9kP%Uq2#2;`${P+b$@R6ripX!Ym zTPJ`Mx`<(3vck@od;7W1G9ld&%*(+b#ldqoK~rr-(XIH|ps1?@n8*9soMS}b#j#y# zJ7CPS@9PazhUt<@pQ^GC+xqFzh_GHNQCE_q%2MYL@#Fd1W?~5s+pIN zZTJhnApkSvUDHQwPE{p@?|Vqx$qTA|PH%QeA?WcXk-O z*Jgql%K2}rGf)`ckoQuWF<{EQt{YqI@`&cfa?s9~+q?q^jyK?}9Nc>t%~u2@z%hLQ zuU1I#xfC!>m(!3G(*dxL4B0~HZKH>qFE-f=^Mb7nLcLc&_LO_7*|>7d#B7W$d3%kl zinh)7)BEM05}1?a)jkj+YDpXPrQogWFw}&g7Vd{UfOwbQd^ijMAo0^Z79bB z&Q8v`Evx^+VNu(n`DUK;30HVFW0f@wr#gK~5R@Ekx#kxZjoBISB5p)}V#x6Vz+G*V_AbzZL_g0Riwz-sxeHyEh z`dn}?H*$N!`O{ljHZ)GG)Od*pX_IOEQCBt|s(BE5AbM44f@D*}Z^Nv|xk_l%VBw$s znPSYNRBi7l!m-nO8Zg~jUb2+Mb$43#xMAd-0c-b(_noZmjf-0=wyFHRPw&E7qvDy? zL!IAq>$5>%=5hhM+SXFmoV%CC?}WBmukpN=mOa>NEy+{4&fGO##}-fkvP3;tD6Lre`XC+3|R7YUnSAk7&g%LPam@afJW zoNRm$t&pDyJv|3JfV8LKwfMods%VD}!LA*sOp`8@8^f9Eg@L8sw@7`cv%8s(JR#~y zd9M(^wy8MJl5t6<9DCsTo5FBa2-(VJAC_CPR=zF9vuKj6S;MmOS>i2&j?)Yw$_5&~ z%iY=6wAn3Ey%Y`w9e9=9f#Ht^`5A+Di@LSRMqUy2!t-IVyz%;Xn*3HYtV8CuA;?2n z(Frt!AIm6qnM=udGr$;GHbZd(Bh3IEQ)l6wGL%h++7n!RI5#7uRX>W0A+{gM1*LK0 z9(+UMWRUqd(YA1RV}jk`_EIW_jjAB2MD;6Bv-B3F$^6)%6%40OBC7L&jDK!m+!Oq3)me?JuW zE8Bs63!bThP^r(jk&ixxV!#PJTchK&wV+gFr()MldTZfnD<78iXS%<6peB;V@gQI= zGfL(xO>^&2#5pAxwvmcmRl0KK-3~DYt4mG5t_6(?hh-u4c_GLG9z5+?h{d(0YbycP z*aT^12t9T8l)S7EF2{z04d6l#17OT}3f!saPcu4mGCaq=wdznzlLJ27`F>Jsn`y_6 zFP~U0?iA{N30wHXX3Ix$qVvJ>DjBl{=#G>xH{+33(bbV5T$FHIXs7eKwe4i0JxxKY zqu|I~SUZBt7@lfUf<{5wv{-RvbF0eIc8Ajf{!ob|L2`y}?qU$MX|vx7W%%`)*FD6L*^#t_I~> zKM@b0$Wx;SV$R{PfAKcOk|( z*d`mZxmJ-bC8lx~Q;?mZl^>andn3UkZc!nviQ0;YR9N8~ydpu56G{=25>Mn3uXu(D zF6YKIeg;J)W6o`fDeL!mgHO{C?Yy_Uqmd3Jx^E zuz`{bc;r@HmxGdFO6X5AB2!QT{4|^486RkM+5*50!CXRcMiz@*qLl;x87?yuWofHW zI6E45evT4}8+i!hY%Z7L&qAK9lKhsz4$vQgJF8QWqt;LcBl zUwTJTY5~Wb*vM1XEZ+QD@l_aw^5d`)Mr9e3z;;)$DRCa_-{oXEiG2iSYv$X$sV;CVCBmQn6A~zw}TF` zg0OV!&yLn^P1IqNy6-pGEfyXEtwhqfs5p1Mv+MzISR9mXY9}fggF)?|Qsls)?ted< zD_o`$c%L)R!-eT-kHs0Db=;{Gs2}F$!;sG7kkSm4VU;YL=OQfP8U6_F==*Ks&g_y( zJZfV@7^$rey-v8de^v~~($_(*oa&88Zb-kOeHC*itZlIz!6};oy+OY^D*>USigH{STU@MrUQce}P6uZp)nL>}ioCS~ zcdpVw%!YQ8(?)T#`@9>FvooBg52y8h)E3OlL%jhYm!h-uQ@2?R)O__hx8|?;dYF6b zldbsH!b)Y;M6KIG?W1=G?ad;1lV!UZkng9rC4!Vs9<_VP-rnFEq|?sXz<;7V(P^~G zsL70h#htBAYZ2J((d#=K^cY1(brY@FElcAR??+_s^6a{|LOw74@LXU&%Ln2+X}pdl zGWBgmLws9&5Rs;=j~EAbdcV&ne*NON$YU^6x4`AgcM}9rDYX;961rCGCGIzxgCIynMN|$&j2r<1#rl!DRlM`JaZVBNoA(SJj-! z==uD?wZaexq`pN0+zfm-^uY9*-{ zxk&v7EQ!Retu3t0y=?A3jcR2i2i8X!E*Gc?qt_iM!9so(db1I6bi6lxqbUF|b|OXo z8L`;JQ#A7+{2d4Eum*Mm)s>7NBqg1Dte8NWh7zChuEUSye+uqaA;%L&bwH`y-;Y75 z@uX6748nr{Ee@?u8od`DTLM(-mcw99?VmjH`7;BEupH88F}}_OorM=5w#EKC^W4EqB>nnoMrWneUQvGkI!w9H+giz^8^=0~QHBfrs%K0C_#P+{aj{4NIT3lSb zG-UYq=G_biY6yP;iu-f7BO)JBN{P2al2IKAl2H`U;s1F^yKjKvWLH^Ua)*(V>d5b} z20wfMnLb7)Fwj;z&t5%Llqa>?`n56dpE}Vq9Ljm11^JYu5xA%j92kG`>iwrz6w=ev z)qtT~A@EST{Lwk?-|qd=Q>3#x*?V~Tk)k=T{%ZIJNQ;&TzyOe_=@R+F+i4v=CLqzC zCUyhQl~~ey$pZM9{#TLg?R{)4wSRoR3;*A5ccR?DK+{p5@%v z1lj)H8Xe%1i2yc{lNxufasZ69n&B}0$#K`lOT%}ZUKu|aRDF5bP2wdhIj}*CQ{xPh ztQ~WFNiwPIV|4t_$S3cCO8ur)jr7UAauuJzaXG+7vN-)ZASD(7pE3`?19}HsKjqqK zzk{q?W_}B46<}xi&i}`&EA2l78$;Xn!O<%Ta4Da?t|MaO&?|O4z$jF2sWk_L2`x3H zSAikuJV^AG02m%(kInA)NN;s>J-ceVQxMHT4Vebar<~Zv*(kO`5D=~a4KIER57)X> za}zrV(t33~t(0`1X{`q}-WYwP65a>+Y%D|8fQg3(s-%!C)7cY1*6RYAR#-Huagkb80Fuqg4Gz{$_N-yOgl>Cu?@dehG?;B9pQysPS{{fBBCR4loGk0S;o z+?^mBi7nvv$n1mLi2g6nGO!shgPV}}4T z>3CH)l|?Id?R$O%wqfCM9B-~KDmUch*MqTDVEV-Vvb0ju-`h7zQ&aO(Ozpdip4!#G z85Nk&uK5C<6n#7Bi4@?2f*;A9oAeIs*B+=J0ut5gH68YQBj7B~0u~!x?Q|2n%uGM@ ziN~djZx7cRjU5Ui?XFGuKc?BaPI`#oVparP{nr$&PsXwAmLJ;JHcUWbz=#-vMZoHL z!P0W&Yo`)DGB^EzYpS-j>*Ml=VBmrdTmj($c+>hHMXUpfHycR86{kXb)uwk5V2cUB z?TX9gvens6Z_8Ac#)@-kqs7=Ck`z`IJN2t+ihZO5*+%_*Vq7PasSs;1@Q=96WMcEs z0gxH#(a>Z-HS73TppvT3a>dn*-Ywz`U1HsozaT5`*>QmRaf&o=8y*3MQbpGVr;czM z;S4<2Fi7E=CdqmiP&z*!gNUlx)>juWnqhmC1+6F7A?JCY&$(bGZ1(zrvt0#vR(RkT zWy?U&1C8&<>m>u=#e4!Gg8W-4e9Eme6@QrnKRFQ}OG9`7{s>`TM^1YWqQ zYtJ(_N>Le>ao?3PNGOU2Xds%a|6U~&)xjPfRcqndce!GNK=ZDP&Fvz{!xH$0PHcB~ z-0d9zs~#?&4KTjJ;|#Ak&tL{T)Rwl}JFwtMRYyH~gAf9Ax|0rC3t6`9KA;euZ#%;o zU)6t2@JsXwhHQGW3DH2DH2 zl^Y5u^fO(&ISv)?Fb2FW zV2F`yg+_`oJ5}K3w3PrXN_j@vKLP1#9uxX%$f?6Fat3h}8~YL% zhP7#O|C(P?76lo2(U0#2|N08YfLuqfhi1^XjIP1i@u{GzvIjdq(wj6`^dXd9O4TSv z65NIs7p-Qw7SA)6G;M+c30{Vtm7?f%Wj8x+((b5a0D0!Mnnl3Y)C*q%Mr~T*RD&vq zV&y}b{)k#2D|~YE1Mr1}1Dc(?r>ebxjK*e~^Ka|;MJuP_rcBA^Ut`-(dsZTs0 z8}sR)zxymF!d8c#-`G+{O{s6p-{E2U3&_z$b|@w`_L1?oOwsMW{@ymJCa?tY6YN0tTa7)juBsVzzxeT^zWrZd zJfCf51;)zpL*tIA%8%*0<-)FUL3wp^GCX+A#_i#_SFaz|Tn)Ln9GX3N|(LbQee11rp)D3xq0|gRm=tPbm`=L zwx0Vdlny&S5nCz2{=!>fu7;;$4q;XJfaPuQ z9-{}<-ljsGY$G$9A3^moQbBFgrJ?hyToCHnXf>D{Pb%WzQRHc+v#?iqr(9OqG+DaL zy>jeiH;sW>UL}2QWVIhp646OW!(8f*Uvgvbg-0U z9gDsm8{%;P*fuU9Nd_|CK#*5%PTe=!cmcCfJ{DW9T5mi1V&xXewmmh!m1y)BR)bd@ z(=<0OR)x-b6|Fs@I!%y&E|V+Mm(e92)_cRIi?=K&H|kBvMh@ zR-kn7Ja01tlZ}_`iZg?il2Q8bc)W`2OA~@ttmu5eSh%{{4Dw_ni6KK9`;DD!+0w2^AqNobk2p{C^Uz~3I$e*#+IZ1Vhm^lI<~aV97bH{#9^&D`DK-SU9h6UW&?3g zXH428aPJ~}u3_nl!k$si6MXPu5S9^%=kK(lH+l$Eo2M%F&W3eS^HR~V3FhK2@hth) z5=GRN_dOKmAY5JYP#i-zye*QYZC|WlQNDwc{0vu2@>iTeyrA;qAXeX~4QYBqbtu}e zs?NyoLIYm>^b@}jEJ2ET>GHfP*=i$w&rptij> zs#zLP2BtAuAKHupPFJu+7;+^f8c*^lKopdpP(a3@0kTcFYY)#5;C35I7bRE=FI9HY z9Q@$|;BWDuO|T-!dyaHG999QpVm)u+5v9IdqMMABieb^o!THWiyc^2xXWMf9{*o9# z#GS)cZwcwFTjpo6(hGsp5uXt`ZdRg2d`di6Twc6umcoWCelwnrvde|39gk@f#;Td% z-ZPQ2`mo+$Wi~m*g>)=e6~b1s)PWW2sj6z1(+W+&PofS}H@>`8t9uSLGQ%(Q4L}Ls zrs`JdOIXRhlwp818O|It-Z3FKRAPIBG4xnkI!5yFYnyC5D}$DF7X+(HzhX0< z3sUK^o)xP_cSuH8Ba$~hRnVK7pd`}HJ$Z0 z)S6tNUbqL|FL=XQ*3ln~sq8NM`%|^7?7Y`~X&oM>sHP}kg7^S+f#UNA?=VatA<7jF)>y=k57-c!f2Pb zstujCrl+xpPrwAh9FydF3uW-ZmTk0j$hdr=iArd%cc@TBXzXfxE>^AlcHjUp-rUCN z6zU<^MKd*aWoSz3SAfW2g#uaaUGfHAeR~KJ1u^J!!!ZW5tDk-3+bDVm58+unvf;gK zbd(+9iRB{~|4Fd)6}=glDBAu~g)okDZ`Hzkyzk|u>+PN5&X|n5T{?%!{c;0Bun==v%0yn~#=US?bw+5GjkqMPGYtSqb& z7fQg@R;|-UXrn^p2XOG!r$N={kX?ItwlSTCZMtJj9x~T5b%!z))Y(Ae5p<$Ue*LU-KlqMz+r+&&*f{$s^t-eT7U zh2A9hq+8h>o^wIt((HL?)cTgSSVuiGE*aYd4Y(cTcqemuee)TPZumVt1%kH#0MN1Y z_l_5f-E1uEv(3Q#2|=NI)b2y-$|Y5mMVM1mMn%KQK@0xL06 zQjfyz!|i&OEx)m5!X1rHnRt9vOj&VHW}Teh`vXv@=YItF3QcpgOCH2APqBtZdDpYz zogfWesUrjH1~lQT`?>#t<3f=|@}~hRw?+kEfDb`wmw=u8AEe_9nH;WjaG=(ZyhZ~Y z@Uyosnf`O}hz39=Nzo8=vJ=2c%owCX{y_>vNk~Bzw0|75UjU$3MyzSf|H3X=+yHhl znR?6!48?qGvKr@Ad zwmYPa#ouiWyGKIJ`2PQ)W&qX^+kN8#^s1yMLOov>AV$M6u9YeDC7&TL%wdVF5I6)?}Y5C8`%r?&Nv`KN|t#q*$pFHiMofi8{$ zL@MV};MBip&V2yCWXRNh1D^mbv(op}KY(8-Wa|+aD?OPmM~(bY66#nY;S&3&*huhQ zW8>p{PUz$$Fk`=nf*@}AXD%?ly(M~KV0t~loaAuTp89usodDF@e*xs{428VV1x0un zS@8dZEIEP-%ddNwWYK@s;s1ijh%j;< z@G#8u*W9D;W&qb@m!K~JF!$d9dkQXYXM(A|uaiGUF$*jP=}8O_fGmYPU6u!lIKBf) z%!8#*woli7V*lKP2AD7-E^@4@R*U?X3h6#@OlAO^Qu}JhF9N;q-@hFC1Pm2ByB~5{ zci`b3WA~ojTH+7^z509p70Dw>o%=55e2CURguJ)~dz_Zm3AS?=0nZ>n(rqg6>76T% zLnZaVEq!h#f-d*@VUzJc!^bE99;brc($y5j6B6>MclUpwv<*6PYGqC+l{#Vsw6KB4 z`Q*>2t6MUWuu*tU9RP%H@#sH;%mTas3jni0pu)>=Drj1}18jslDcPK10N@&W@Z)mu(f$KB;6DA#tes2| z$Rh9nEp&TxhRkDzZq@!S-=W;nndP%I$`O8e-~#n{ZSk7?q8t6lxr@@GAdNgbyNvgd z+9Z!o7UPk7i0$*zCfSpH&-;>YW(pUEU#APRN)!nB(_Q3za_35X!=1}H-)cP=-eZ;T znN(-aub;3=IvO5b!x{?7`=mOIeSdu-A}E*y57A9z(pgq3`aRHywQGN;OUscqtn=GX z`V%q6R!QfZ!%h0))b~Xrt($N#zsl?v)QTuWzKAW{|-`IB; z{VVu^%iis~b}_GN70$A97N>GCt$g&=G__wQJNzBDlnqSW1$V*eIrAXI#;A9T1FQ`0 z(6j8{;S2kK@dbQic3KCd9cyI6zkfY|a0tEgAj6j9!FqTWVEBH;04 z^f`j7q%%>JD6f2C_8I6g31qTtmkeP2l(KFhNcRGh56E;t8QXR1ws{%^QuvjGT><7x zNL0cRc);dB=Ium)EJ;vhnP{+-r0QPdPfI|U0wU6UvI=eH^U`1d!AOHm|NPtE$Low0 z+dy2~0nW^i<3&-cLpSuE*wKdoq6=l=21rq(yD;b)zX9Nki_jVp4QUua0pF*Z172`a z)>Li-*o${i8ej(RNQk5`K)r6$vuy#^+m1C!cKU4?08>M2rNPj&E9;~*~sCK-gur~V4G(PVp(_WCIY`@>Py?XZ_e%SRd zC%GTBv&=YN?_FSLmRAt{=J*A{L0r!pAdaQ)#rm0Ei4E9WWlC?77R_D1DsYgH!4myy zQa;h*w_DpG;YtydqI>QB9$nv_V6$z1JJK!H`b2dl zxY250eHPD;cbUk2%YAO|v>caN0*=F9I+I2PCP+UG*VIl8`T%r)f&>|d1p2g+ok3Ul0f0^C z*TwO207!Em)&b1C6U<}U3X1&T8Bb#R^gs+Niv*nqtW>BugHuVx zYVA1X>)O_mnH`nq~ZWld1X_PMegSZ35}JD4?Ze|`L<_AZ^$l}6s6og*A~&{_~|bVdV72$$e!if z+YG*@cTM}u05`*Z+%(|yF~1k8(%u@jbQdduJ_QErTs2|qqSX_gBqAFZ{!9f{`6H@T zv>d1<;;KUTM?)%Eksrc)Q_&rEIJxHwXD!|cs!)2310 zV1@FCUC&|NT3Yj5ZgXR&;ZMl~s^W!;Ue)Q&Rt3%Zs?SVudm$GY(%;JRP04u-`fj~f zm@9o266d35Ea}I3CQ%?Ep=^!8XKnN{)AC33o4ZqjWm6TNr42K8mDA;|Q+7dOk1k+- z$x1TAo&(U8*1!>fhx5v2M@h8NPlQtnd4XFR%SlUq7VMOy(BDmTD>>Kvdmz`%T4D4) zb+`#K;h_V<%G>QoDaU&3z)zC(1=EKMBX2`~qvx0al7l{~bhrTFus#NnkmN#^{oHMk zRE$UFJ`jL*047|9?uEr^p+~v*d-<0*P!6$I0Y=xb=h6sqj3Pa@U_H`nIyv~!BT@TN znTGqCeU8WVt=cEPb1@p#vS8io@dc}$cLlIUco%%Q$_(&Jhd_|$q34F`K212)e0YKN zdB)enBuEs;Q!Q!Ao6INW_22 zxFmlazOFqCVwb;*7dZ<~KB~}hi|O%+4@eI%A77KO`f^!f!We91lieW3t+FfS?cu5; zHN$rV6L^KB)&PXvBZYli-s~($bSO$ldDSWm^0T3+I%1JUL_sD#cq&m3f0|qT8&V<#yy)C{Inu%6Dd^=W``R2|nrI z6G$O6Ke9|j)fLzP{qO55a0epJA{rvw;5h{&Y**u&q9vC1^4z{;5!Y+cmG9;zlCGoxn7;Z zYnA&oeRZe(5MP&6xk0?e6Td-A?-=8;0@60on~esm$UeqPpXCcc!vnsC{Xgx!XH-*L z^!6)=noyH~2m*o7dzB(mL!?L*6+w^^1VKeaETIbo2oMNO1r?AgBGN^aA|*6IDWX&< z0RIDf9`f19J9X90ZA_|t?RJ=$ zzp5@=b< zK>wSlh}U;tzC?jxI^D`+x2?TuUA?vp8fiB@4Vq-CI`^@B>WfbG{LEwgO3C0}X`6%J z8JpG{+?`6D`?kV`LelpJFwkV44kw738cUbpd{qd$2_wl#DbRAigH*?NeHaPS4_v$O zg+b=KhNjJr*M0SpQOx7WUSVRYrH?48VLj=o#zv z^8`Z>-7Wbd=n{}MMl_NQyD-04vKX0%*+?WRoben2m0Oa3e)P6dLK2hoNMebeILwEM z$5gkHAc~Rt2v39b!tR9muL2~5W^YWu>0t_qhJM*VD2>4TMsE7SPFS5m2FNBaUb4C+$%w5DTK=q^AV1l4yUpc;SEKCdTwadGl@tO0 z#kgJg*B@E%UyS{lo>W~i%D5+{v3$PRVE!fFPn7qGy+i};VeLX+FN=HSKZX~+pA4cV zFC80J=|rV9 zcCXfN6^*QiguM(&-$0$Kgj%)+4%AP9)eG}mX~0KuWE3mh8pmdD(r_}RK&WGW62l9B;$;3F7)4V)bp*n{ zI_o@%4*zi;Hr_;j~M-jEp+C2g$ zVkS6aeNL%H)qGt$s831fz3rjxIqTEX2^QSmVhj4GRu)IP1I9mkxl+K(=7A9H9aw$8 ziI7P)_M_r>z>HaA2Y_2kI0nnb+N@ExNs8S)5lev@;miSGT7Sdmi; zCyR3ze4BOkl!bJ4owY!9_8>S@X*k%<20Uw0?4 z$&VyJ{dT@}x`Q>sUM`p>Tu0+Y9}Fz}LXWu>Gte)?xz7gYLWl4>lEhjO;b%Q7Oy;P1 zNfS6KPyQ^8$4iw3%=F6?I!Etf$|NvE`s*A}Op6z5U^}FjCVd4zTH>;oO-QO4ZHeG? zE*f%$_euw=V_>==Vw6i9C>ouRF7`&rKzI!k*+-*KP4OX z!Gr55^ZVqdZZF;oAN-ED7xuFQ-TE#$PN_MriSLVvOQ&z~>`O5+6njk(Z0)ZKHhiTKGn<0b8S}!emgYyR zDlqMA;xRa_uq<5dPvB4(>kaVDB%iP&%8fj@uqEo09xYwks?C~$F|WQcdtQ%OD0zl| zkkz}v(p~S?82mcHEFjP1+AHVu7{j#MuS`#2_WWLNZ1u8M?k|+ILE^=yc6T|Bs9(d{*sV6yacNZ?2uoW`6u}pZlq% zVm7i`WMOJ1z3JXc?7#LyWos2oZ6`RztsIIEgCy%?s~(d$j&sjH-hc9uylZf4=?Jnq zq%%NM(aLsAE@P#mFDUyB?&R#CbnH;EGdWfMAm0IRD~efn&?>cZd8u9jZ)bC_>gw(3 z;e7j3@?%|GYiug_1lvc@oDzr+8paxPCUw(#R$peeOokhStjym&9>BEr0L5=mv<^++ zG#&U@C&(_yT7^|pUrt=$847zZycVXA3S;2Zi%fE&i#pr}fiB9s)|*EHIPJ^c#15Fh zu57ZudO>D_8#A{Nqlux>@eudLYew;68*8s#@cB=8!0GGJ-at4krsL7=un)x{cf!g( zJ`X2uT(XAK@7+n2lpT+JW;UBnoglT89i5rx8o8Fk)$bLWr|o`RUH)TdV`xhpSv!63*~A zoI(pV-_*BRRMao`91%!`sb4X1FHg-1^fld;>1}D_qwZAh73w=vC5_A+tgs0ce|S>P zN9rNZ9M`1xBL9!6NnwU|p`I!RWNA`_xC@)mI?UL(-MPQNM_fkAe1#3IDdEG6EULzo ztc<}+di;YT^|uvp-DxH8_MZf5vwR=%EPyaDkMfCmu8;DoKW5}Ehj{7iu*abul@ZM0 z*I!-5Qv~g8aF^O97Z%Qz$tvVFH5^s+!4^ipuG&CSs_&sGd4KDtK&|BdORWTS>rIi~ zm>N^!ZqyOWo5WR2M?#}QX`^-i<@CNkaxfNBKPN|?c%WL@=-TOK?WyWsoE zHHdD{^W*-Vrvn8_Ie+Vf_pbph^?XEC&XN1c5WpubN~k#TTYa1a(yRRKE3bfDf8$0- z*VML74z5%J=#pvI$Zr#L=#Ul&PK&dH9NU5^V>A$Ki`U+~GZf$lD&)74lLgz|M2{jF z76sELJ?-HxkU$#81T04ekBj&5l%UW0(d|DA3dcl|$LIEVFq-JaeZ z;G|h}Du818_m#*?K^iop@*FsbYxs?jORjD{kGFMORGuz4yZuCuqbPAps5c{6csN0^ z2{KUV1rMJq+s0Pobg1{dUvoq9y9@__R~x24BmyYy5W1=5UkNn$u^QapeHz>#dPCse z`(2j-`>8EdVMhN$2Pn!;S_fXLZ=aJuFcuJ{(nR}m7F4SzID?I^{O85~*06PuAP~ao zH8pev-iv^)Cb)v@&()NHzEd*p_zbk66wr6~Z1DDf(Aje&a9hH4Y{?8!$>0;|&}iL2e)!|P_B%8BFbHdg)wuEeEncI<4Z$gd%v$k?1XqKILC2%7#fra&53toRV$*m3 zKP%86R--5>m-Jf`S2hNRDXW$-rEf9>pU5>Af8)h@?BHasX5KBxX83dfLXZK+Xtn_u z%Wja3E`?sni$+Zb$e}Y})6)NEtsDeR2q1S(GmsDwpmt?!X=$nClk)6r;czy7Gz5cO zdhsVnVJLvroj&&K0oHlKh-Dc2mpuPT>;GJykHR8;g2I{#mnU1N!FH?n(Mh>J6RB7H za}w*qAbGgmm#gA(aui@))(o3bIsdM}YVd4EnSmn^z7*WL?oW4RG@8u4NUcez`73g^ z2)J$ebibD8M)&1my%M^spo(J?V4HYAZnJ3Rch*9nXo9w08Kric1!%NS*6_J}&-c?q z1)wumg0k>u2>~wq1S)-(XSr*9myWntUITXHvyw%lf$K7|&!;mX#4;1)ygK$Z0H_YY z_8vqA8Pb$EPq}5dFKz%0Ie`Qjh}UBM_aAUW0CC`UEZjC@J#0=NeQn)U5C7+=ym4GdBv_UFEj}X$j&uAC=qTP#=0mLA7SnzVCCR z+Kv^|nbEm5`NCw8FFLcHAh%@X9zRPc4Ih`v1#A3MaP1Gy&$Iw3PlL~%iqX#oHQsa9 zq$~RICBv87b2@i3b0Gj8>w5}!|HXsb_5d>j)ru}%D6ZeF0E#BQ?o~RvfM2Wxh%_Fk zMA2rc>aQ+qjfjKi)6ohB=|t|;F4gT9kj@hjRtJ_Kh6SKNt;7(hn|lz-HV9Fo`zN*l zrfYJHcS4rQ4uG$#+JFSBnuC~N1*pXA58m~`s_S!Sl!|r9ohk2~hd-|2&4K+ai2lM0 zhRf!Vz7K#Vg*4#TJ)qmd(`>INIh-Utdu9SDURl*0jU)kpOn%E3HY_ty zD1fYt!&lyz(p^FAUIhkkv#n-9M`|Oav~Bn}D zfr}vhWzK06afo1ae|b3W=-E%cfJSezvh~=TWk4}wwk>yyPYVX=O(o!UkiZRZg0qVX zmq0ljTR`@`)UQ*18V?|GI=>wN)X5C40PdauEUx*ICSbJ_>wbc`!~~$O%-PeAnH>~K z&SM54CY3?AtmE%`XMhmL!hoSqQtt+-JAUyLS0h0+tbUH>BZB9EM)|zF|9UGXf+3<- zVHxc+8SjpaT|kvYY@P<{;~RW`?+nnGOqo1V0@`awLH3L{m1`hQVg4+v#2=J5Gt$LvB78Ff@X1|mZA5JQ*}=Lw1GAe_7ZX%a*AVG<|q z6%?BR$nHryfVq2tXx{@3r2GbtQ!rAG*Qrv?^s~^r*aSi4)>wQyaS>9B5PD#Pvo6ht@~a?dG?- z0alz+{MN3MMc&N z-^bS$NWTdps4k2M7A~NzOh5$8R1gFXHa!0RCDVSc}%ZBAy}t>v9TTp zice1f4l`X8ZDLY-1(?-y)Vo=!GMlfmLrcegb|`fUJDH`|@lj;OMxjI|4`VNNpb~SP zV-Jd&sn2AW-w6cFv51^pr(k5Y<13{u5J~F|hXhj7D}>znJi)Goii@RfqB8?$7Kx6z z{?Hl*@@}g^rRG|4?_N}Q=}tJT$cg8EiuRwcKeI=+c9nMEYl+TN;6*rbO4D95EVXI3 zm7Rm_3qB8S1-R`})fn>D7whD;5jrPJZW#D}vQm=QgoDQkqFN$S5+B6C#g|my6 z7>L1+p7H0jC@HfacNDE9TtBE8!+149 zr_%f`=JT(N8=cw9jkU_@(M~nd~O?WW^ z<6@zW4MWC|g3|U-xkiqp?Ij9GjZSt-s&1OUPpOmV)+Hop^SbXr)1*saH*|6|(sT2-)e7j+)rcw9_!ese;x1>dinG8VlGdY!9koFSe@{D%YxbNKfe%G`oG}s2 zr(cims^49*`V!CgVGhi6611>|l#-?Up{y?*2+GHm{$8SSC_qp4j1ZA$cNBtCLxsq` z=t<_rPl1q@p+4D2O+PGvjnI)y_{JT1(~yB-L_+i%al>gE7JwNCuo^}X;Yf%=7+)Xu zGFa3v9gUgSA+m?FBMrD%()4hM%=r12CimsL#m=A@+g+XcjM%|wU9qH! z%ti{6j+DU~LibJ&7C)7(a11cTVkm=2m~AVbH`wTpk7|#fT+p z;!^_>il?5nGGG!#*O)0PQnQ4V83zUo+Wu37MRrkZsBgj^Cib$jeI=w8#k;aVVHKpi zAUtsZ8|xJprp-BQecZX)MOyfZ){udrf^<24$XZ7P8DFnPW^wWteI9yvs6&tR*qPU* zAV-6UX7VQHqQ2;UXRtpac*5G>S;J*cZAl!0_s6BR`u{S->7*iv#6C>6ykd4od#Kp1 zPWBOHB40=xTp1%qm_$ed*c2X4lGhcTnN@03Y777d)gK5w;X(s7c_T6Aq|Zne!YG2B zOPrZoFmBB;52j0X!*8en&&_c(hUC8j1-G*z2o2WwjsA#;zIfpD79DvQ^{C+3%82Ty zeDe$;>?q$zQr3iNlbO?I=@;d+l&?U-G1x z^Ay=Idn)Rps>=d1_>oy$!K0t;)ZG>BRTLEVge>#op>_`$oZcU#*=y@ z(yU!<1ov?rO((K=JA+n03w{R;i7wFbcB6MX0@L_JF4nj3CNX#JT>79@9qJ#hklPWp zzVjKIf@!OG;=WJKO66dEkkdq$Cb#&29}#TVNDY5J_T;cQ@B}2CjaYYV^3D_}SX})O z2DU=VNJqaN&f?BO6T(P#asauWq+KBunX05^QFO;TjC8F#YCMNTER=qky>~Uh zDXjL|SUz}_GmTs_2(JEE9zVO^vYPxuS9;1*R*FEH{POwn`1;o3^q8(Af$}CWCO{2S zOnL{LBlbnZffd?yo~SVXz(j*gXsAR_GzBu^czm2%)npQ0JWDG@J|GSXh$9~ntuM3L zV;asOi~wJ!tG*(2Tz&1A4mq><0MJwLPWw?$i`n`t51WQO?=`z?J6O{jBQFV170|j= z&P;_v?l+D0U{c;38c*6l&YCbMCym`atWy?cnnv=*aYyfjNv|=!z7!(nw_|3Xs4T(6 z#|-hM2rN01-kg2No?ddDW4yJj?nMeOGBY}^-HiWnziN46u>@5PZA%sJ6!fW249w)W zt`j)G+1>W-rPASpCifAkFznhs1@p9U@*k%@DcLDLuFHbR>ns^vaBrjoi&3G7vvRIm zk2P>AsFYTQk4^07)GZ4LCYSY#E;FO}bn)>qh8)d?h0b;c%n4%gLifavRBA^PH{@@X zc_RH{O{MRw zZ89>Cc1q(6m%Ukab}jKxkLXv-ncaHUHVwzZ#N?DJiBc%b&}ph))Pg88l8$;#CUa*= zSg;r|5jQQ=oVFZ?kRj~V<+B?Ln~IGzc8LshRtWy=#zUVpg%l-Oyv*V!pxvc9 z#YapA8@;LDOhz&1exyz9GEfTGY=rLR+RACz_I4Ux7H$*dHZ6 zsa|1;2o8PajEUV@!nG1H7Gf3zyc(RzRqT>P?ueL>!IQ}%(~Ta@l1h}~z;D(H}$th~KbVR8+| z5fS?o!dIP})R;_PUj1>RjX#)DmmNzwXjSn*EB=Y(4+1Em0e0Soj;=t7Ivakg4aTn7+~?lp`8 zk>rY-*jC}!Y=MG{nIE@>Bfy14>J&0yen`R|JxuJ-r#~nfS98l$H`%$%_0RDaW1vqwxE@NQd${$)8)1&f4KyRO- z_bmA>4ms*Wa+KgCAd2f|0e}2jR(Eb2!_}cb2#HBZ>oP#BVoknXmJnJX?<@#A}yU)!-??OR-6P%979695uV+CUl`06f0Tl+>W|e4y{Q#PHm< zztgJY_J_f2I&vQrB`?$D2VsrRZ=9<{EW9BW_nqBanLi_d19JB}trR^@)X{=qOFcR3 zJ-;v30uF)7VgEazvc*XTOa%OLAj6d5rM%ZKazLf^?DLiHfXBR73moywO0e>;Ve?Dl zyNPNI6Tp!%V|P?M)L&(&f*J{oFQp|UjF#F8T^g*dtT=hm);2Wtz|!^7^O9xff5PlPg*94_k(i#%h;#)c@+P8KITiAk|_vG-%<=-kNF!@hn5rVD=BjD_G zN9mt_e#HpuF;*8`0(N&f{Pq}q?AXm)xAXzl^@|2Qu|LIPQdKZ|qY#u{CIC%=2KG!* zyEv@{n#tVk5a|rbU0}}?4ajD!bj|l32@1qheFQ9@+Q(#POZ!P}C3r>?Lj^E(E&#_x zGnn7`+GU>FNrLUD)F2067$K!alSw>B@m2mD3crvV`T z9XGGdx(HP&dFfpXcy`6x{;r;OfnphP=g0(FWyc6Q&^)fcD{XWo~4X{|R;yxTsZT?tol$89n>c0erLo(sfY* z3daYbjVOEI=yZV;xNg8^PG!{%|>i>g@4b11Qw zQGWmctNKBC(sT{K(&|_Ae!A8te7or&&`L*{{C{c1D`q{WZ{LNJ0mVZGi`vsRes8U zgomVx%r47>nC18dp#+6Sjxr@wloz18gcl;}4uO-L08U_&kxIz8{oWuI=?UwE zAmvB}9M^}qeUaz2L8|iO=|U6@MOau3cn9YaR$(*5ogUar=&QX)XV%}IbkHoUSssLR zZ_pkNi>j84}mCtWs=;?jh(C{0RD-24MF%$CuD60swUywXHMG-NPt;B3@LWo z>U?a=auV_G@z2tV-@Stjwu3b=^V7%{M~M9pLdn2_WisDKn*zev5&KfGKRhH`J>TF4 z3g(~y89(1YF7s>C`-EsE_B5G)2C+G&Kq zG=AnvQ>P$IsX-sepBw!kSK)(MnQDMbT<3`gHhpq@!{$MjHBmeKth{skD#KE`g+QW@##g0PS5*6rffa zii=`dyPL0)4pql*h~7gLO@JGaOcl>aovqPx1Sfpa$mBF2q}qoE~H(P@$ZEvX&M^HQ{9PxSHMDQ{)t9PGywh{dg z6YvJ_tZ{z-J6dv%UReURu<8Ni;su~z$$g3Oo3Gy!S`$pPpn2$JFQ{hZ2ov(Rw4dk6?DVw=6|_JmI~(>4H{Wq?VD~8l6c7 zihfUa?RhRAyb17mJgA>zG(Aq|55ggdVr&$F%*4f29?x;vs@Vi0{|N3Au*;`sZwA7s z;O44Fo}$j&pxcRuQvYS5blWqOfjsQJ2rFGl0Gsx#_psAz5pgzHLx9z;2s690;THf3 zYwTk(cjjGYV6lh4J&5&vJaOHc`}b>cUNzW`3CqAvn+0fjEST&x!`xA#ZM6r@SWmmA zxb&o9sjOn|rG2b)&26b96|m(>ARWM}Aa!}aV`&GDvO0{{?IY44Q$2&oh!TTXqJ>5* z(T!%KH$N^xebnr9fbb6X9@mfIgfo5cT;3^2tNi-Q%DzNpH#bQ;j8%TNPob(?pC`w{ z>ZL(}r8!k#U0~?R`P)>Uj7*ZnU~`%Q_Q(K_p|#Wpc65~6doXMh5Y5p>@7vfe!bTus z-OKjs+Y`=^8<;*`-cD<3p7+!F1RX6XYmWDvwd(eTM%~eo-GxERX#@~MLGCElMPE4a z^zv6NtPwn&x*mR(O_wSqG@pwZL*NLUNG-t5=|lM~@IbX89$RK)YB)4-_Byb`XBV4e z6$c_B+;|RNK7#@!E7P>Jvc3@3VcnBS=GFeh$CqKuKQ5n>u*Wg*(2~>pedOL(jXW1|j*V(*`s*uUWnVU&Qnofo_1Gc2= z$cxqQLZ0{NV~qora7VY~?8NpL2^6ruKO?gJRu|W&f5t)F>!40~%CZo813P&}LMk2Z zyo_H7`Wz7@=V>5q<$qLzo+%^3B47IGp2G23=>^pfv|yaIE4|bqz5`XPnC8s^rs-$0 z?3t4%7fx{Qb-+86)Y|YM^EU)0OZRmh^IS#zyi+ra?lzle9+o$wvQ3U?Q1FXp2?Y`Qcq~iqzoKFS~o!b88Cnyri z_euJZWH89aq-$+(==Hhn<+jBtSjU8owp3WqKQRS=8`5zcE7~cNkc1EK{d}ruyO`ZxwXr2dnm~BSK#>EEf7I<^|8If5ETzTarwPh`F%h! z$en~!wK0PCx`QRL`uhN@-|nP;#pgj}cY4qHf4GyNeL=?murC0yY0i3|y9~k>E}&7# ztVQhhxd>Z8VPEC;p&nriGWgWg|GC0uJKU_U3r=0^dE1dA_szhNemC>AY;pVYITS&+ zVO9z~5_JNh<*tFYHPi1#cd|Er;3L9iW??umUm@SleBrC|}QeET6HAs_7^`TKF$ zei!BO(SI3wN&yK&I*aEenHu7S3?yM^NpG08zwq~_qgN|f#bfX|m>D)jZFc^-qQ5RK z&y4=WGQ#R?#z&EVTCVd}{HZw*LR`L$@|~zrdyMSq{{e z7eMazK9C>WbM67DbaCCKkGCjSOIc2vz6)DL4EHY9SfbgDvviGW z+r&{huyH=%RDS-Q_)jiv ziDuI~yh}b?jW4o$N*CQmtG!IbQ+cymZtHI*1ih%0)XWtqU=%6(!zDrYDJoXyDr19g z&;~b!zf%9gv+o)us|Py`is-WN4_`l?7^$&}^iEqBMQ<%Wb>l#?|GdW`!t&W*{hg`v zY99P(QDBYRXsHo1_d!`vR<6BI`N}Ri2Yh}X7)M0Z*_jk z$!nP1p~>d1EE@O}*`L<-9C|%`ZN}}8K~}%(fX}h%8D-D!k%vasB~B@OsM&7p{o9EA z&;G-TSiBFJk9~jgh*M_!m5Zs=VUM}xm=%hHT&(Z+XbxH5pSO&gADSgLw zi>F9DeFx;A6!7l1uDsZ^__@Fu5xDDHGW~K81iQS>u9XO=k^kXw#a?4_F|$*x0*Or zUnJs26ZaG%AH5ot_1WT_=@-0aUF*$jyy|9DGp$PNR4ZypDA8H}xUjeqO1rQ8k#a&d zK>2n5l?Ch4V~^C9OXPrmrn@`aX>;I{w&wr+{Ywp*r)Y~cWxU@)0x zczUS$*-_Zv|UxRT|F!u5zjVHqk|xsnYdomu+wH*4#rK zQ(&hJqm7&2IBcO$)(#HoxiBt`m;K3a30a9izy5~b>%PC9FOvvpnws9?{r8XK!H*?j(cioO`!4?V<^Rmr@hIzsgp;(yw4IsR zE{P!`7FJeiDh$h-XUnGF6%H^D&7d2&1sCc6HKE=|z<3wO&Mwqfa2tf lJZfM5`04n6TTiarqEjn*dnRea62AldXLQ&MSBP~C`Cs&nrh)(f literal 0 HcmV?d00001 diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 7f470ab3ac..1d5525613c 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -17,45 +17,40 @@ ms.audience: itpro ms.date: 10/21/2019 --- -# Manage Surface driver and firmware updates +# Manage and deploy Surface driver and firmware updates + -This article describes the available options that you can use to manage firmware and driver updates for Surface devices including Surface Pro 3 and later. - -To see a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - -On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This design allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience for receiving the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always be appropriate for organizations and businesses. In cases where you strictly manage updates or when you deploy a new operating system to a Surface device, automatic updates from Windows Update may not be appropriate. - -## Methods for deploying firmware - -Windows Update automatically provides firmware for computers that receive updates directly from Microsoft. However, in environments where Windows Server Update Services (WSUS) manages updates, Windows Update cannot update the firmware. For managed environments, there are a number of options you can use to deploy firmware updates. - -### Windows Update - -The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS. - -Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives updates from Windows Update downloads each update independently from Microsoft instead of accessing a central location. These operations increase demand on Internet connectivity and bandwidth. Additionally, such updates are not subjected to testing or review by administrators. - -For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 4: Configure Group Policy Settings for Automatic Updates](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates). - -### Windows Installer Package - -Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - -For instructions on how to deploy updates by using Endpoint Configuration Manager (formerly System Center Configuration Manager), refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt). +How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distributing updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network. > [!NOTE] -> You can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence. +> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505). + +While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for maintaining the stability of your production environment and enabling users to stay productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals. -### Microsoft System Center Configuration Manager +## Central update management in commercial environments -Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager). +Microsoft has streamlined tools for managing devices – including driver and firmware updates -- into a single unified experience called [Microsoft Endpoint Manager admin center](https://devicemanagement.microsoft.com/) accessed from devicemanagement.microsoft.com. -## Considerations when deploying updates and operating systems together +### Manage updates with Endpoint Configuration Manager and Intune -The process of deploying firmware updates during an operating system deployment is straightforward. You can import the firmware and driver pack into either System Center Configuration Manager or MDT, and use them to deploy a fully updated environment to a target Surface device, complete with firmware. For a complete step-by-step guide to using MDT to deploy Windows to a Surface device, see [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](deploy-windows-10-to-surface-devices-with-mdt.md). +Endpoint Configuration Manager (formerly System Center Configuration Manager) allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates. + +For detailed steps, see the following resources: -> [!IMPORTANT] -> Select the correct MSI file for each specific device and its operating system. For more information, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager) +- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). +- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/en-us/configmgr/) + + +### Manage updates with Microsoft Deployment Toolkit + +Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/en-us/download/details.aspx?id=54259). + +For detailed steps, see the following resources: + +- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/en-us/configmgr/mdt/) +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) +- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/surface/deploy-windows-10-to-surface-devices-with-mdt) **WindowsPE and Surface firmware and drivers** @@ -63,3 +58,93 @@ System Center Configuration Manager and MDT both use the Windows Preinstallation ## Supported devices Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. + + +## Managing firmware with DFCI +With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see: + + +- [Intune management of Surface UEFI settings](https://docs.microsoft.com/en-us/surface/surface-manage-dfci-guide) +- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). + +## Best practices for update deployment processes + +To maintain a stable environment and keep users productive, it’s strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates). + +## Downloadable Surface update packages + +Specific versions of Windows 10 have separate .msi files, each containing all required cumulative driver and firmware updates for Surface devices. Update packages may include some or all of the following components: + +- Wi-Fi and LTE +- Video +- Solid state drive +- System aggregator module (SAM) +- Battery +- Keyboard controller +- Embedded controller (EC) +- Management engine (ME) +- Unified extensible firmware interface (UEFI) + + +### Downloading .msi files +1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/en-us/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center. +2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3. msi**. + + ![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png) + +*Figure 1. Downloading Surface updates* + + +### Surface .msi naming convention +Since August 2019, .msi files have used the following naming convention: + +- *Product*_*Windows release*_*Windows build number*_*Version number*_*Revision of version number (typically zero)*. + +**Example** + +- SurfacePro6_Win10_18362_19.073.44195_0.msi + +This file name provides the following information: + +- **Product:** SurfacePro6 +- **Windows release:** Win10 +- **Build:** 18362 +- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows: + - **Year:** 19 (2019) + - **Month and week:** 073 (third week of July) + - **Minute of the month:** 44195 +- **Revision of version:** 0 (first release of this version) + +### Legacy Surface .msi naming convention +Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number. + **** +**Example** + +- SurfacePro6_Win10_16299_1900307_0.msi + +This file name provides the following information: + +- **Product:** SurfacePro6 +- **Windows release:** Win10 +- **Build:** 16299 +- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows: + - **Year:** 19 (2019) + - **Number of release:** 003 (third release of the year) + - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) +- **Revision of version:** 0 (first release of this version) + + + +## Learn more + +- [Download drivers and firmware for Surface](https://support.microsoft.com/en-us/help/4023482/surface-download-drivers-and-firmware) +- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager) +- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). +- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/en-us/configmgr/) +- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/en-us/configmgr/mdt/) +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) +- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/surface/deploy-windows-10-to-surface-devices-with-mdt) +- [Intune management of Surface UEFI settings](https://docs.microsoft.com/en-us/surface/surface-manage-dfci-guide) +- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). +- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates) + From 2def8f00b5c3110da138a369585b4f7448d761dc Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 22 Jan 2020 13:56:23 -0800 Subject: [PATCH 059/157] Update manage-surface-driver-and-firmware-updates.md --- ...age-surface-driver-and-firmware-updates.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 1d5525613c..8bb23669ef 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -39,18 +39,18 @@ For detailed steps, see the following resources: - [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager) - [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). -- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/en-us/configmgr/) +- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/) ### Manage updates with Microsoft Deployment Toolkit -Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/en-us/download/details.aspx?id=54259). +Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259). For detailed steps, see the following resources: -- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/en-us/configmgr/mdt/) -- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) -- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/surface/deploy-windows-10-to-surface-devices-with-mdt) +- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/) +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) +- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt) **WindowsPE and Surface firmware and drivers** @@ -64,12 +64,12 @@ Downloadable MSI files are available for Surface devices from Surface Pro 2 and With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see: -- [Intune management of Surface UEFI settings](https://docs.microsoft.com/en-us/surface/surface-manage-dfci-guide) +- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). ## Best practices for update deployment processes -To maintain a stable environment and keep users productive, it’s strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates). +To maintain a stable environment and keep users productive, it’s strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). ## Downloadable Surface update packages @@ -87,7 +87,7 @@ Specific versions of Windows 10 have separate .msi files, each containing all re ### Downloading .msi files -1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/en-us/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center. +1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center. 2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3. msi**. ![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png) @@ -137,14 +137,14 @@ This file name provides the following information: ## Learn more -- [Download drivers and firmware for Surface](https://support.microsoft.com/en-us/help/4023482/surface-download-drivers-and-firmware) +- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) - [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager) - [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). -- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/en-us/configmgr/) -- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/en-us/configmgr/mdt/) -- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) -- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/en-us/surface/deploy-windows-10-to-surface-devices-with-mdt) -- [Intune management of Surface UEFI settings](https://docs.microsoft.com/en-us/surface/surface-manage-dfci-guide) +- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/) +- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/) +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) +- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt) +- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). -- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/en-us/windows/deployment/update/waas-deployment-rings-windows-10-updates) +- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) From c8783df43d74cb690c41a770dc6ec2f5d4494af8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 22 Jan 2020 14:30:58 -0800 Subject: [PATCH 060/157] archived older versions --- windows/whats-new/TOC.md | 7 ++++--- windows/whats-new/index.md | 3 --- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md index a0a0ac2708..a043492918 100644 --- a/windows/whats-new/TOC.md +++ b/windows/whats-new/TOC.md @@ -4,6 +4,7 @@ ## [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md) ## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md) ## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md) -## [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md) -## [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md) -## [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md) +## Previous versions +### [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md) +### [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md) +### [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md) diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index bad28a358c..b7051cfee0 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -23,9 +23,6 @@ Windows 10 provides IT professionals with advanced protection against modern sec - [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md) - [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md) - [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md) -- [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md) -- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md) -- [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md) ## Learn more From e016d18c28aa704f41fc7b003c9aab1cb0e56265 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 22 Jan 2020 15:36:13 -0800 Subject: [PATCH 061/157] update table --- windows/deployment/windows-autopilot/add-devices.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 4a2ba1d5c7..cec72b237a 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -123,13 +123,13 @@ A summary of each platform's capabilities is provided below.
Partner Center YES - 1000 at a time max -YES3 +YES34 Tuple or PKID or 4K HH Intune -YES - 1000 at a time max1 +YES - 500 at a time max1 YES12 4K HH @@ -137,7 +137,7 @@ A summary of each platform's capabilities is provided below.
Microsoft Store for Business4 YES - 1000 at a time max -YES +YES4 4K HH From b34800fa7c027d81bbf51d7672eacf9e335985d4 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:17:56 -0800 Subject: [PATCH 062/157] Name change AlertEvents > DeviceAlertEvents --- windows/security/threat-protection/TOC.md | 2 +- ....md => advanced-hunting-devicealertevents-table.md} | 10 +++++----- .../advanced-hunting-schema-reference.md | 2 +- .../threat-and-vuln-mgt-scenarios.md | 2 +- ...nges-to-security-settings-with-tamper-protection.md | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-alertevents-table.md => advanced-hunting-devicealertevents-table.md} (79%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 84f646914b..6bd34daec8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -114,7 +114,7 @@ #### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md) #### [Advanced hunting schema reference]() ##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md) -##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md) +##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md) ##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md) ##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md) ##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md similarity index 79% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md index c7fd28fc75..28d0176f0f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md @@ -1,7 +1,7 @@ --- -title: AlertEvents table in the advanced hunting schema -description: Learn about alert generation events in the AlertEvents table of the advanced hunting schema -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category +title: DeviceAlertEvents table in the advanced hunting schema +description: Learn about alert generation events in the DeviceAlertEvents table of the advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -18,7 +18,7 @@ ms.topic: article ms.date: 10/08/2019 --- -# AlertEvents +# DeviceAlertEvents **Applies to:** @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. +The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 8eb7542ce5..6e13b372ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -37,7 +37,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce | Table name | Description | |------------|-------------| -| **[AlertEvents](advanced-hunting-alertevents-table.md)** | Alerts on Microsoft Defender Security Center | +| **[DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)** | Alerts on Microsoft Defender Security Center | | **[DeviceInfo](advanced-hunting-deviceinfo-table.md)** | Machine information, including OS information | | **[DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md)** | Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains | | **[DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md)** | Process creation and related events | diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 55ffb2b7ca..5f9dcadac9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -174,7 +174,7 @@ DeviceTvmSoftwareInventoryVulnerabilities | where IsExploitAvailable == 1 and CvssScore >= 7 | summarize NumOfVulnerabilities=dcount(CveId), DeviceName=any(DeviceName) by DeviceId -| join kind =inner(AlertEvents) on DeviceId +| join kind =inner(DeviceAlertEvents) on DeviceId | summarize NumOfVulnerabilities=any(NumOfVulnerabilities), DeviceName=any(DeviceName) by DeviceId, AlertId | project DeviceName, NumOfVulnerabilities, AlertId diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 21736ff5a6..5c91ca4d4b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -219,7 +219,7 @@ Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securi In addition, your security operations team can use hunting queries, such as the following: -`AlertEvents | where Title == "Tamper Protection bypass"` +`DeviceAlertEvents | where Title == "Tamper Protection bypass"` [View information about tampering attempts](#view-information-about-tampering-attempts). From 61d45e9795797ce9901f8e36177ceced5b75a9d8 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:25:55 -0800 Subject: [PATCH 063/157] GitIssues + Redirect for DeviceAlertEvents --- .openpublishing.redirection.json | 5 +++++ .../advanced-hunting-devicealertevents-table.md | 2 +- .../advanced-hunting-deviceimageloadevents-table.md | 2 +- .../advanced-hunting-tvm-softwarevulnerability-table.md | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8f2090d66..91081ca4d6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -981,6 +981,11 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table", "redirect_document_id": true diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md index 28d0176f0f..50d1242878 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/08/2019 +ms.date: 01/22/2020 --- # DeviceAlertEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md index d57a965bcf..bec74d489e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `DeviceImageLoadEvents table` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. +The `DeviceImageLoadEvents` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md index 9efd108ce9..5af1cfe1f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md @@ -28,7 +28,7 @@ ms.date: 11/12/2019 [!include[Prerelease information](../../includes/prerelease.md)] -The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. +The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). From 8075e9c17621d985e5f87b0a40e9ff2aee67bbb7 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:40:25 -0800 Subject: [PATCH 064/157] Update advanced-hunting-deviceimageloadevents-table.md --- .../advanced-hunting-deviceimageloadevents-table.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md index bec74d489e..fe1f719c73 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `DeviceImageLoadEvents` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. +The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). From 0795bb06cd68742bbbe77d6ef23911c873b09826 Mon Sep 17 00:00:00 2001 From: MightyPen Date: Wed, 22 Jan 2020 21:42:52 -0800 Subject: [PATCH 065/157] Fixing PR 1849, about 'kb-support' renamed from 'troubleshooting'. And had docset-related flaw. --- browsers/internet-explorer/TOC.md | 4 +- .../clear-ie-cache-from-command-line.md | 86 +++++++++---------- .../kb-support}/ie-edge-faqs.md | 48 ++++------- 3 files changed, 64 insertions(+), 74 deletions(-) rename browsers/{troubleshooting => internet-explorer/kb-support}/clear-ie-cache-from-command-line.md (76%) rename browsers/{troubleshooting => internet-explorer/kb-support}/ie-edge-faqs.md (93%) diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index 6bd312c3b2..06bc5b95c7 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -187,5 +187,5 @@ ### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md) ## Troubleshooting -### [Clear the Internet Explorer cache from a command line](/../troubleshooting/clear-ie-cache-from-command-line.md) -### [IE and Microsoft Edge FAQ for IT Pros](/../troubleshooting/ie-edge-faqs.md) +### [Clear the Internet Explorer cache from a command line](../kb-support/clear-ie-cache-from-command-line.md) +### [Internet Explorer and Microsoft Edge FAQ for IT Pros](../kb-support/ie-edge-faqs.md) diff --git a/browsers/troubleshooting/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md similarity index 76% rename from browsers/troubleshooting/clear-ie-cache-from-command-line.md rename to browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index 74054a95b3..0171b57d2c 100644 --- a/browsers/troubleshooting/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -1,16 +1,16 @@ --- title: Clear the Internet Explorer cache from a command line description: Introduces command-line commands and a sample batch file for clearing the IE cache. -author: ramakoni +author: ramakoni1 manager: dcscontentpm ms.prod: internet-explorer -ms.topic: troubleshooting +ms.topic: kb-support ms.author: ramakoni ms.custom: CI=111020 ms.reviewer: ramakoni, DEV_Triage audience: ITPro ms.localizationpriority: Normal -ms.date: 01/20/2020 +ms.date: 01/22/2020 --- # How to clear Internet Explorer cache by using the command line @@ -18,49 +18,49 @@ This article outlines the procedure to clear the Internet Explorer cache by usin ## Command line commands to clear browser cache -1. Delete history from the Low folder +1. Delete history from the Low folder `del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah` -2. Delete history +2. Delete history `RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1` -3. Delete cookies +3. Delete cookies `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2` -4. Delete temporary internet files +4. Delete temporary internet files `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8` -5. Delete form data +5. Delete form data `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16` -6. Delete stored passwords +6. Delete stored passwords `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32` -7. Delete all +7. Delete all `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255` -8. Delete files and settings stored by add-ons +8. Delete files and settings stored by add-ons `InetCpl.cpl,ClearMyTracksByProcess 4351` If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions: -`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9` +`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9` Command to reset Internet Explorer settings: `Rundll32.exe inetcpl.cpl ResetIEtoDefaults` ## Sample batch file to clear Internet Explorer cache files -A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip. +A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from [https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip](https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip). The batch file offers the following options: -- Delete Non-trusted web History (low-level hidden cleanup) -- Delete History -- Delete Cookies -- Delete Temporary Internet Files -- Delete Form Data -- Delete Stored Passwords -- Delete All +- Delete Non-trusted web History (low-level hidden cleanup) +- Delete History +- Delete Cookies +- Delete Temporary Internet Files +- Delete Form Data +- Delete Stored Passwords +- Delete All - Delete All "Also delete files and settings stored by add-ons" - Delete IE10 and IE9 Temporary Internet Files - Resets IE Settings @@ -78,32 +78,32 @@ cls COLOR 00 echo Delete IE History echo Please select the task you wish to run. -echo Pick one: +echo Pick one: echo. -echo 1. Delete Non-trusted web History(low level hidden clean up) -echo 2. Delete History -echo 3. Delete Cookies -echo 4. Delete Temporary Internet Files -echo 5. Delete Form Data -echo 6. Delete Stored Passwords -echo 7. Delete All +echo 1. Delete Non-trusted web History(low level hidden clean up) +echo 2. Delete History +echo 3. Delete Cookies +echo 4. Delete Temporary Internet Files +echo 5. Delete Form Data +echo 6. Delete Stored Passwords +echo 7. Delete All echo 8. Delete All "Also delete files and settings stored by add-ons" echo 9. Delete IE10 and 9 Temporary Internet Files echo 10. Reset IE Settings echo 77. EXIT :choice -Echo Hit a number [1-10] and press enter. +Echo Hit a number [1-10] and press enter. set /P CH=[1-10] -if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah -if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 -if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 -if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 -if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 -if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 -if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 -if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 -if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9 +if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah +if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 +if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 +if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 +if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 +if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 +if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 +if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 +if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9 if "%CH%"=="10" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults if "%CH%"=="77" goto quit @@ -111,21 +111,21 @@ if "%CH%"=="77" goto quit goto Home -::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media +::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media ::that are saved for faster viewing. -::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by +::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by ::websites to save preferences such as login information. ::History > Delete history - To delete the history of the websites you have visited. -::Form data > Delete forms - To delete all the saved information that you have typed into +::Form data > Delete forms - To delete all the saved information that you have typed into ::forms. -::Passwords > Delete passwords - To delete all the passwords that are automatically filled in +::Passwords > Delete passwords - To delete all the passwords that are automatically filled in ::when you log on to a website that you've previously visited. ::Delete all - To delete all of these listed items in one operation. ::enter below in search/run to see Low history dir if exists ::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low -::Delete all low(untrusted history) very hidden +::Delete all low(untrusted history) very hidden ::this will clean any unlocked files under the dir and not delete the dir structure ::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah diff --git a/browsers/troubleshooting/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md similarity index 93% rename from browsers/troubleshooting/ie-edge-faqs.md rename to browsers/internet-explorer/kb-support/ie-edge-faqs.md index 578f76499f..b482acdd49 100644 --- a/browsers/troubleshooting/ie-edge-faqs.md +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md @@ -1,16 +1,16 @@ --- title: IE and Microsoft Edge FAQ for IT Pros description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals. -author: ramakoni +author: ramakoni1 manager: dcscontentpm ms.prod: internet-explorer -ms.topic: troubleshooting +ms.topic: kb-support ms.author: ramakoni ms.custom: CI=111020 ms.reviewer: ramakoni audience: ITPro ms.localizationpriority: Normal -ms.date: 01/20/2020 +ms.date: 01/22/2020 --- # Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros @@ -35,7 +35,7 @@ For more information about how Internet Explorer handles cookies, see the follow To see where Internet Explorer stores its cookies, follow these steps: 1. Start File Explorer. -2. Select **Views** > **Change folder and search options**. +2. Select **Views** \> **Change folder and search options**. 3. In the **Folder Options** dialog box, select **View**. 4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**. 5. Clear **Hide protected operation system files (Recommended)**. @@ -66,12 +66,10 @@ For more information, see [Internet Explorer Cookie Internals (FAQ)](https://blo #### Additional information about cookie limits -**What does the Cookie RFC allow?** - +**What does the Cookie RFC allow?** RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following: - At least 300 cookies total - - At least 20 cookies per unique host or domain name For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer. @@ -98,14 +96,12 @@ function FindProxyForURL(url, host) For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/). -**Third-party information disclaimer** - +**Third-party information disclaimer** The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. ### How to improve performance by using PAC scripts - [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/help/315810/browser-is-slow-to-respond-when-you-use-an-automatic-configuration-scr) - - [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/) ## Other questions @@ -135,13 +131,13 @@ For more information, see the following articles: ### Where to find Internet Explorer security zones registry entries -Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users). +Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users). + This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11. The default Zone Keys are stored in the following locations: - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones - - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ### Why don't HTML5 videos play in Internet Explorer 11? @@ -151,7 +147,7 @@ To play HTML5 videos in the Internet Zone, use the default settings or make sure - 0 (the default value): Allow - 3: Disallow -This key is read by the **URLACTION_ALLOW_AUDIO_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone. +This key is read by the **URLACTION\_ALLOW\_AUDIO\_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone. For more information, see [Unable to play HTML5 Videos in IE](https://blogs.msdn.microsoft.com/askie/2014/12/31/unable-to-play-html5-videos-in-ie/). @@ -159,7 +155,7 @@ For Windows 10 N and Windows KN editions, you must also download the feature pac For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running) -### What is the Enterprise Mode Site List Portal? +### What is the Enterprise Mode Site List Portal? This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). @@ -185,35 +181,31 @@ For more information about how to configure TLS/SSL for Internet Explorer, see [ Site to Zone usually refers to one of the following: -**Site to Zone Assignment List** - +**Site to Zone Assignment List** This is a Group Policy policy setting that can be used to add sites to the various security zones. The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones: - Intranet zone - Trusted Sites zone -- Internet zone +- Internet zone - Restricted Sites zone If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site. -**Site to Zone Mapping** - +**Site to Zone Mapping** Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list: -- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap -- HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey - -**Site to Zone Assignment List policy** +- HKEY\_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap +- HKEY\_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey +**Site to Zone Assignment List policy** This policy setting is available for both Computer Configuration and User Configuration: - Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page - User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page -**References** - +**References** [How to configure Internet Explorer security zone sites using group polices](https://blogs.msdn.microsoft.com/askie/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices/) ### What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer? @@ -222,8 +214,6 @@ For more information about these settings and limits, see [Connectivity Enhancem ### What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting? -The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server. - +The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server. + For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](https://blogs.msdn.microsoft.com/jpsanders/2009/06/29/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer/). - - From e829f856293970a961fd9392d08604d1cebf3a05 Mon Sep 17 00:00:00 2001 From: MightyPen Date: Wed, 22 Jan 2020 21:51:13 -0800 Subject: [PATCH 066/157] TOC.md 'KB Troubleshoot' is revised node name. And removed leading '../' from paths. --- browsers/internet-explorer/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md index 06bc5b95c7..28a0957588 100644 --- a/browsers/internet-explorer/TOC.md +++ b/browsers/internet-explorer/TOC.md @@ -186,6 +186,6 @@ ### [IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md) ### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md) -## Troubleshooting -### [Clear the Internet Explorer cache from a command line](../kb-support/clear-ie-cache-from-command-line.md) -### [Internet Explorer and Microsoft Edge FAQ for IT Pros](../kb-support/ie-edge-faqs.md) +## KB Troubleshoot +### [Clear the Internet Explorer cache from a command line](kb-support/clear-ie-cache-from-command-line.md) +### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md) From 96ac31a1730e4b48de202e9767469dc0c59904bc Mon Sep 17 00:00:00 2001 From: MightyPen Date: Wed, 22 Jan 2020 22:41:02 -0800 Subject: [PATCH 067/157] Fixing metadata 'manager', and fixing valid ms.prod by adding empty ms.technology (odd requirement). --- .../clear-ie-cache-from-command-line.md | 17 ++++++++++------- .../kb-support/ie-edge-faqs.md | 17 ++++++++++------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index 0171b57d2c..ca00f5210f 100644 --- a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -1,15 +1,18 @@ --- title: Clear the Internet Explorer cache from a command line description: Introduces command-line commands and a sample batch file for clearing the IE cache. -author: ramakoni1 -manager: dcscontentpm -ms.prod: internet-explorer -ms.topic: kb-support -ms.author: ramakoni -ms.custom: CI=111020 -ms.reviewer: ramakoni, DEV_Triage audience: ITPro +manager: msmets +author: ramakoni1 +ms.author: ramakoni +ms.reviewer: ramakoni, DEV_Triage +ms.prod: internet-explorer +ms.technology: +ms.topic: kb-support +ms.custom: CI=111020 ms.localizationpriority: Normal +# localization_priority: medium +# ms.translationtype: MT ms.date: 01/22/2020 --- # How to clear Internet Explorer cache by using the command line diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md index b482acdd49..de3c6e1b86 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.md +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md @@ -1,15 +1,18 @@ --- title: IE and Microsoft Edge FAQ for IT Pros description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals. -author: ramakoni1 -manager: dcscontentpm -ms.prod: internet-explorer -ms.topic: kb-support -ms.author: ramakoni -ms.custom: CI=111020 -ms.reviewer: ramakoni audience: ITPro +manager: msmets +author: ramakoni1 +ms.author: ramakoni +ms.reviewer: ramakoni, DEV_Triage +ms.prod: internet-explorer +ms.technology: +ms.topic: kb-support +ms.custom: CI=111020 ms.localizationpriority: Normal +# localization_priority: medium +# ms.translationtype: MT ms.date: 01/22/2020 --- # Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros From 8fb90a1e4c6e14662607203a83ebf5051559d771 Mon Sep 17 00:00:00 2001 From: MightyPen Date: Thu, 23 Jan 2020 00:20:05 -0800 Subject: [PATCH 068/157] Using trailing 2-spaces (like HTML BR) on 'kb-support/clear-ie-cache-from-command-line.md' numbered list near top. --- .../clear-ie-cache-from-command-line.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index ca00f5210f..1b0af06095 100644 --- a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -21,28 +21,28 @@ This article outlines the procedure to clear the Internet Explorer cache by usin ## Command line commands to clear browser cache -1. Delete history from the Low folder +1. Delete history from the Low folder `del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah` -2. Delete history +2. Delete history `RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1` -3. Delete cookies +3. Delete cookies `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2` -4. Delete temporary internet files +4. Delete temporary internet files `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8` -5. Delete form data +5. Delete form data `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16` -6. Delete stored passwords +6. Delete stored passwords `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32` -7. Delete all +7. Delete all `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255` -8. Delete files and settings stored by add-ons +8. Delete files and settings stored by add-ons `InetCpl.cpl,ClearMyTracksByProcess 4351` If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions: @@ -128,9 +128,10 @@ goto Home ::enter below in search/run to see Low history dir if exists ::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low -::Delete all low(untrusted history) very hidden -::this will clean any unlocked files under the dir and not delete the dir structure +::Delete all low (untrusted history) very hidden +::this will clean any unlocked files under the dir and not delete the dir structure ::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah goto Home +:quit ``` From 6507234020fb450da18d10c77ee6173a06e7adb6 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Jan 2020 09:27:25 -0800 Subject: [PATCH 069/157] make sure this is pushed correctly --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index cec72b237a..b9ed3fdd35 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -171,4 +171,4 @@ When deploying new devices using Windows Autopilot, the following steps are requ ## Other configuration settings -- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started. +- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started. \ No newline at end of file From e1258442ef709e5f1c99e8aee79e8f7abae26bdc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Jan 2020 10:31:57 -0800 Subject: [PATCH 070/157] table doesn't seem to be updating correctly --- windows/deployment/windows-autopilot/add-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index b9ed3fdd35..4c5f020f92 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -129,8 +129,8 @@ A summary of each platform's capabilities is provided below.
Intune -YES - 500 at a time max1 -YES12 +YES - 500 at a time max1 +YES12 4K HH From d4e07a5ba35a170d569b9aa9310ad04694bb413a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Jan 2020 11:09:41 -0800 Subject: [PATCH 071/157] adding workaround note --- windows/deployment/deploy-enterprise-licenses.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index cd4f1c3e5b..e43658fdb5 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -25,6 +25,10 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with >* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. >* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key. +>[!IMPORTANT] +>An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
+>Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled". + ## Firmware-embedded activation key To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt From 324c994b186f87cf074265f7b95148c375d2bcd8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Jan 2020 11:37:54 -0800 Subject: [PATCH 072/157] editing ProPlus info --- .../windows-autopilot/autopilot-device-guidelines.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md index 63f327622a..43ac6da548 100644 --- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -36,7 +36,8 @@ The following additional best practices ensure that devices can easily be provis ## Software best practice guidelines for Windows Autopilot -- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers and Office 365 Pro Plus Retail (C2R). +- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers. +- You can preinstall your licensed version of Office, such as [Office 365 ProPlus](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise). - Unless explicitly requested by the customer, no other preinstalled software should be included. - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed. From 4cc70c6810e4ae0f52204a0637bdf60ccff44117 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Thu, 23 Jan 2020 12:16:32 -0800 Subject: [PATCH 073/157] Updated data detention note --- .../microsoft-defender-atp/tvm-dashboard-insights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 662c116683..e2d8e04113 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -67,7 +67,7 @@ Area | Description **Top exposed machines** | See the exposed machine names and their exposure level. You can click each machine name from the list and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. You can also click **Show more** to see the rest of the exposed machines list. > [!NOTE] -> Machines with no alerts seen in the last 30 days do not count towards the exposure score of Threat & Vulnerability Management. +> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score. See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal. From 4870d2cd117308e400d044f2a6b5afec72e4b558 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Thu, 23 Jan 2020 12:17:28 -0800 Subject: [PATCH 074/157] Update tvm-dashboard-insights.md --- .../microsoft-defender-atp/tvm-dashboard-insights.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index e2d8e04113..74b76d9984 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -34,6 +34,9 @@ You can use the Threat & Vulnerability Management capability in [Microsoft Defen - Select remediation options, triage and track the remediation tasks - Select exception options and track active exceptions +> [!NOTE] +> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score. + ## Threat & Vulnerability Management in Microsoft Defender Security Center When you open the portal, you’ll see the main areas of the capability: @@ -66,9 +69,6 @@ Area | Description **Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list to see the details in the **Remediation** page or click **Show more** to see the rest of the remediation activities, and active exceptions. **Top exposed machines** | See the exposed machine names and their exposure level. You can click each machine name from the list and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. You can also click **Show more** to see the rest of the exposed machines list. -> [!NOTE] -> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score. - See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal. ## Related topics From e77db4ef3ff7c2fb4ffc6b4cb8cb1dc31abe7484 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 23 Jan 2020 13:34:29 -0800 Subject: [PATCH 075/157] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200123123014 (#1924) Co-authored-by: Direesh Kumar Kandakatla --- .../resolved-issues-windows-10-1607.yml | 10 ++++++++++ .../resolved-issues-windows-10-1709.yml | 10 ++++++++++ .../resolved-issues-windows-10-1803.yml | 10 ++++++++++ ...-issues-windows-10-1809-and-windows-server-2019.yml | 2 ++ ...issues-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++++++ .../resolved-issues-windows-server-2008-sp2.yml | 10 ++++++++++ .../status-windows-10-1607-and-windows-server-2016.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 4 ++-- ...status-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- windows/release-information/windows-message-center.yml | 1 + 13 files changed, 65 insertions(+), 12 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index d8af11db00..b586fa4b0e 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -82,3 +83,12 @@ sections:
SummaryOriginating updateStatusDate resolved
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
08:10 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 14393.3206

September 23, 2019
KB4522010		Resolved
KB4519998		October 08, 2019
10:00 AM PT
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

See details >		OS Build 14393.3204

September 10, 2019
KB4516044		Resolved
September 17, 2019
04:47 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Resolved
KB4516044		September 10, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4512517.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 26, 2019
04:58 PM PT
" + +- title: November 2018 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
08:10 AM PT

Opened:
November 13, 2018
10:00 AM PT
+ " diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 92e479f7e8..82bf0df89e 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -48,6 +49,15 @@ sections:
" +- title: October 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Resolved
KB4534318		January 23, 2020
02:00 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 16299.1392

September 23, 2019
KB4522012		Resolved
KB4520004		October 08, 2019
10:00 AM PT
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Resolved
September 19, 2019
04:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534318.

Back to top		OS Build 16299.1387

September 10, 2019
KB4516066		Resolved
KB4534318		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 378576d142..bdf3c62854 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -51,6 +52,15 @@ sections:
" +- title: October 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Resolved
KB4534308		January 23, 2020
02:00 PM PT
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Resolved
KB4519978		October 15, 2019
10:00 AM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved
KB4519978		October 15, 2019
10:00 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 17134.1009

September 23, 2019
KB4522014		Resolved
KB4520008		October 08, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534308.

Back to top		OS Build 17134.1006

September 10, 2019
KB4516058		Resolved
KB4534308		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 82cba46203..d113831f80 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17763.737

September 10, 2019
KB4512578		Resolved
KB4534321		January 23, 2020
02:00 PM PT
Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.

See details >		OS Build 17763.832

October 15, 2019
KB4520062		Resolved
KB4523205		November 12, 2019
10:00 AM PT
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4520062		October 15, 2019
10:00 AM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved
KB4520062		October 15, 2019
10:00 AM PT
+
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534321.

Back to top		OS Build 17763.737

September 10, 2019
KB4512578		Resolved
KB4534321		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
Microsoft Defender Advanced Threat Protection might stop running
After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.

Note Microsoft Windows Defender Antivirus is not affected by this issue.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4523205.

Back to top		OS Build 17763.832

October 15, 2019
KB4520062		Resolved
KB4523205		Resolved:
November 12, 2019
10:00 AM PT

Opened:
October 17, 2019
05:14 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 7401114369..caeed9779b 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -49,6 +50,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusDate resolved
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516048		Resolved
KB4519976		October 08, 2019
10:00 AM PT
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

See details >		August 13, 2019
KB4512506		Resolved
KB4516048		September 24, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Resolved External
August 27, 2019
02:29 PM PT
+ +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index 18fc3ff189..47535347c0 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -47,6 +48,15 @@ sections:
" +- title: November 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusDate resolved
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

See details >		September 10, 2019
KB4474419		Resolved
KB4474419		September 23, 2019
10:00 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516030		Resolved
KB4520002		October 08, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Resolved
KB4512499		August 17, 2019
02:00 PM PT
+ +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
+ " + - title: September 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index d38454e785..3dba1c748b 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "

This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ -
SummaryOriginating updateStatusLast updated
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
08:10 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
November 05, 2019
03:36 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
" @@ -97,7 +97,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Next steps: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
Last updated:
February 19, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
08:10 AM PT

Opened:
November 13, 2018
10:00 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
After installing KB4467684, the cluster service may fail to start with the error \"2245 (NERR_PasswordTooShort)\" if the Group Policy \"Minimum Password Length\" is configured with greater than 14 characters.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
November 27, 2018
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index af729c8f0f..47169eb98d 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Mitigated
November 12, 2019
08:05 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Resolved
KB4534318		January 23, 2020
02:00 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 16299.1451

October 08, 2019
KB4520004		Mitigated External
November 05, 2019
03:36 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
@@ -87,7 +87,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.1387

September 10, 2019
KB4516066		Mitigated
Last updated:
November 12, 2019
08:05 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534318.

Back to top		OS Build 16299.1387

September 10, 2019
KB4516066		Resolved
KB4534318		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 397f577291..9f10885c6c 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Mitigated
November 12, 2019
08:05 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Resolved
KB4534308		January 23, 2020
02:00 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17134.1069

October 08, 2019
KB4520008		Mitigated External
November 05, 2019
03:36 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
@@ -91,7 +91,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.1006

September 10, 2019
KB4516058		Mitigated
Last updated:
November 12, 2019
08:05 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534308.

Back to top		OS Build 17134.1006

September 10, 2019
KB4516058		Resolved
KB4534308		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 51ee30b209..2e9516660f 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -92,7 +92,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17763.737

September 10, 2019
KB4512578		Mitigated
November 12, 2019
08:05 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17763.737

September 10, 2019
KB4512578		Resolved
KB4534321		January 23, 2020
02:00 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17763.805

October 08, 2019
KB4519338		Mitigated External
November 05, 2019
03:36 PM PT
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
May 03, 2019
10:59 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
April 09, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.737

September 10, 2019
KB4512578		Mitigated
Last updated:
November 12, 2019
08:05 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534321.

Back to top		OS Build 17763.737

September 10, 2019
KB4512578		Resolved
KB4534321		Resolved:
January 23, 2020
02:00 PM PT

Opened:
October 29, 2019
05:15 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 574e1ff814..4a7f56ecb1 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Mitigated
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here.

Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Mitigated
Last updated:
November 15, 2019
05:59 PM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4519976		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 0a5c7ee17d..28cf31facc 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Mitigated
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520002		Mitigated External
November 05, 2019
03:36 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here.

Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Mitigated
Last updated:
November 15, 2019
05:59 PM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4520002		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index ee042491ec..671d2a1748 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,7 @@ sections: text: " + From 07cb80d7ed06d2a9bdc5b18d056b497562544f24 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 23 Jan 2020 15:19:19 -0800 Subject: [PATCH 076/157] Restored a valid metadata for ms.topic For descriptions of valid metadata, please see [Required metadata for all topics](https://review.docs.microsoft.com/en-us/office-authoring-guide/metadata-for-max-content-on-dmc?branch=master#required-metadata-for-all-topics). --- .../kb-support/clear-ie-cache-from-command-line.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index 1b0af06095..27232c758a 100644 --- a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -8,7 +8,7 @@ ms.author: ramakoni ms.reviewer: ramakoni, DEV_Triage ms.prod: internet-explorer ms.technology: -ms.topic: kb-support +ms.topic: troubleshooting ms.custom: CI=111020 ms.localizationpriority: Normal # localization_priority: medium From c5b46dcd85995a551cf1a1a2b9b3935e57f39f0f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 23 Jan 2020 15:20:18 -0800 Subject: [PATCH 077/157] Restored valid metadata for ms.topic For descriptions of valid metadata, please see [Required metadata for all topics](https://review.docs.microsoft.com/en-us/office-authoring-guide/metadata-for-max-content-on-dmc?branch=master#required-metadata-for-all-topics). --- browsers/internet-explorer/kb-support/ie-edge-faqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md index de3c6e1b86..18643175f9 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.md +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md @@ -8,7 +8,7 @@ ms.author: ramakoni ms.reviewer: ramakoni, DEV_Triage ms.prod: internet-explorer ms.technology: -ms.topic: kb-support +ms.topic: troubleshooting ms.custom: CI=111020 ms.localizationpriority: Normal # localization_priority: medium From e24ab43023cc1db3e7b8f83cc98d983019f3d4bc Mon Sep 17 00:00:00 2001 From: MightyPen Date: Thu, 23 Jan 2020 21:26:50 -0800 Subject: [PATCH 078/157] Fixing PR #1917, ms.topic = 'kb-support'. --- .../kb-support/clear-ie-cache-from-command-line.md | 4 ++-- browsers/internet-explorer/kb-support/ie-edge-faqs.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index 27232c758a..0031c6792e 100644 --- a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -8,12 +8,12 @@ ms.author: ramakoni ms.reviewer: ramakoni, DEV_Triage ms.prod: internet-explorer ms.technology: -ms.topic: troubleshooting +ms.topic: kb-support ms.custom: CI=111020 ms.localizationpriority: Normal # localization_priority: medium # ms.translationtype: MT -ms.date: 01/22/2020 +ms.date: 01/23/2020 --- # How to clear Internet Explorer cache by using the command line diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md index 18643175f9..ef07a2a337 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.md +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md @@ -8,12 +8,12 @@ ms.author: ramakoni ms.reviewer: ramakoni, DEV_Triage ms.prod: internet-explorer ms.technology: -ms.topic: troubleshooting +ms.topic: kb-support ms.custom: CI=111020 ms.localizationpriority: Normal # localization_priority: medium # ms.translationtype: MT -ms.date: 01/22/2020 +ms.date: 01/23/2020 --- # Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros From 431e1dd4a9e5c919b8716f470e6a99edab2cf8d5 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Fri, 24 Jan 2020 10:09:51 -0800 Subject: [PATCH 079/157] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200124091729 (#1932) Co-authored-by: Direesh Kumar Kandakatla --- .../resolved-issues-windows-10-1607.yml | 4 ++-- ...es-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- .../resolved-issues-windows-server-2008-sp2.yml | 4 ++-- ...tus-windows-10-1607-and-windows-server-2016.yml | 4 ++-- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 14 ++++++++++++-- .../status-windows-server-2008-sp2.yml | 4 ++-- 6 files changed, 22 insertions(+), 12 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index b586fa4b0e..829cea21b4 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
MessageDate
January 2020 Windows \"C\" optional release is available.
The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 23, 2020
12:00 PM PT
Windows 7 has reached end of support
Windows 7 reached end of support on January 14, 2020. If your organization has not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read How to get Extended Security Updates for eligible Windows devices. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
January 15, 2020
10:00 AM PT
Take action: January 2020 security update available for all supported versions of Windows
The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
January 14, 2020
08:00 AM PT
Advisory: Windows CryptoAPI certificate validation vulnerability
On January 14, 2020, Microsoft released security updates to address an elliptic-curve cryptography (ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10 operating system, client and server. While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to all of your Windows 10 devices with priority. Here is what you need to know:
  • If you are running a supported version of Windows 10 and have automatic updates enabled, you are automatically protected and do not need to take any further action.
  • If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows 10 devices and servers as soon as possible.
If you are running an unsupported version of Windows 10, we recommend that you upgrade to the current version of Windows 10 to benefit from the latest security protections. For more information about this vulnerability, see the Microsoft Security Guidance for CVE-2020-0601 and the Microsoft Security Response Center blog, January 2020 Security Updates: CVE-2020-0601.
January 14, 2020
08:00 AM PT
- + @@ -89,6 +89,6 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
08:10 AM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
02:08 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		OS Build 14393.3206

September 23, 2019
KB4522010		Resolved
KB4519998		October 08, 2019
10:00 AM PT
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.

See details >		OS Build 14393.3204

September 10, 2019
KB4516044		Resolved
September 17, 2019
04:47 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Resolved
KB4516044		September 10, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
08:10 AM PT

Opened:
November 13, 2018
10:00 AM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
02:08 PM PT

Opened:
November 13, 2018
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index caeed9779b..9856117a73 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -55,7 +55,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516048		Resolved
KB4519976		October 08, 2019
10:00 AM PT
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

See details >		August 13, 2019
KB4512506		Resolved
KB4516048		September 24, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Resolved External
August 27, 2019
02:29 PM PT
- +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
02:08 PM PT

Opened:
November 15, 2019
05:59 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index 47535347c0..8f891fdf1a 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -53,7 +53,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.

See details >		September 10, 2019
KB4474419		Resolved
KB4474419		September 23, 2019
10:00 AM PT
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.

See details >		September 24, 2019
KB4516030		Resolved
KB4520002		October 08, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Resolved
KB4512499		August 17, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
02:08 PM PT

Opened:
November 15, 2019
05:59 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 3dba1c748b..4a3d572494 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -97,7 +97,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
08:10 AM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
November 05, 2019
03:36 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
08:10 AM PT

Opened:
November 13, 2018
10:00 AM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
After installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.

Back to top		OS Build 14393.2608

November 13, 2018
KB4467691		Resolved External
Last updated:
January 23, 2020
02:08 PM PT

Opened:
November 13, 2018
10:00 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
After installing KB4467684, the cluster service may fail to start with the error \"2245 (NERR_PasswordTooShort)\" if the Group Policy \"Minimum Password Length\" is configured with greater than 14 characters.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Workaround: Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
November 27, 2018
10:00 AM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 4a7f56ecb1..f88f58ac4c 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + +
SummaryOriginating updateStatusLast updated
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 24, 2020
09:15 AM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
@@ -73,12 +74,21 @@ sections:
" +- title: January 2020 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available in mid-February for organizations who have purchased Windows 7 Extended Security Updates (ESU).

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 24, 2020
09:15 AM PT

Opened:
January 24, 2020
09:15 AM PT
+ " + - title: November 2019 - items: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
02:08 PM PT

Opened:
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4519976		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 28cf31facc..2ea115dab7 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
08:10 AM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520002		Mitigated External
November 05, 2019
03:36 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
08:10 AM PT

Opened:
November 15, 2019
05:59 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc  WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.     WUAHandler   14/11/2019 16:33:23        980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).

Back to top
Resolved
Resolved:
January 23, 2020
02:08 PM PT

Opened:
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
  • \"The request was aborted: Could not create SSL/TLS secure Channel\"
  • SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​\"
Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2

Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.

Back to top		October 08, 2019
KB4520002		Mitigated External
Last updated:
November 05, 2019
03:36 PM PT

Opened:
November 05, 2019
03:36 PM PT
" From bbdd5bb9e44144b953d5367c62ca07c20878558b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Fri, 24 Jan 2020 10:12:45 -0800 Subject: [PATCH 080/157] Updated description based on SME feedback --- .../microsoft-defender-atp/recommendation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index d41c53fd57..2da5fe1030 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -45,13 +45,13 @@ Vendor | String | Related vendor name recommendedVersion | String | Recommended version recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack subCategory | String | Recommendation sub-category -severityScore | Double | Number of secure score points given +severityScore | Double | Potential impact of the configuration to the organization’s configuration score (1-10) publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | Secure score impact +configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities From 6c0701c017c8ab72a246422294b6aedb41ca1743 Mon Sep 17 00:00:00 2001 From: lomayor Date: Fri, 24 Jan 2020 10:50:16 -0800 Subject: [PATCH 081/157] Update investigate-alerts.md --- .../microsoft-defender-atp/investigate-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 755dafb1e4..297de5d17d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -68,7 +68,7 @@ The **Alert process tree** takes alert triage and investigation to the next leve The **Alert process tree** expands to display the execution path of the alert and related evidence that occurred around the same period. Items marked with a thunderbolt icon should be given priority during investigation. >[!NOTE] ->The alert process tree might not be available in some alerts. +>The alert process tree might not show for some alerts, including alerts not triggered directly by process activity. Clicking in the circle immediately to the left of the indicator displays its details. From 5a847281fddabbcc207c430651de92296262bc8d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 24 Jan 2020 12:06:17 -0800 Subject: [PATCH 082/157] added support statement --- .../windows-autopilot/windows-autopilot-requirements.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 19a71f5d22..b93eba2709 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -36,6 +36,9 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur - Windows 10 Education - Windows 10 Enterprise 2019 LTSC +>[!NOTE] +>Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270). + ## Networking requirements Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: From 9d2341f1b5fc04c5a157fc7ca98b6e5c31880f73 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sat, 25 Jan 2020 15:31:41 -0800 Subject: [PATCH 083/157] Update landing page & TOC --- devices/surface/TOC.md | 5 +++-- devices/surface/get-started.md | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index bc26815d56..faefd0d8fc 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -28,7 +28,7 @@ ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md) -### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) @@ -40,13 +40,14 @@ ## Manage +### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) ### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md) ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) ### [Surface Dock Firmware Update](surface-dock-firmware-update.md) ### [Battery Limit setting](battery-limit.md) ### [Surface Brightness Control](microsoft-surface-brightness-control.md) ### [Surface Asset Tag](assettag.md) -### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) + ## Secure ### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index af2bc13af9..c81e994d70 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -46,9 +46,10 @@ Harness the power of Surface, Windows, and Office connected together through the

Deploy

+

Manage and deploy Surface driver and firmware updates

Autopilot and Surface devices

Deploying, managing, and servicing Surface Pro X

-

Deploy the latest firmware and drivers

+
From 51b7cc02616b183004229b9eb2a773c568bc4b6b Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sat, 25 Jan 2020 15:35:30 -0800 Subject: [PATCH 084/157] Update .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4d2ce285a9..10c1b78366 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln +devices/surface-hub/surface-hub-account-overview.md From ed5a93a06c49ed53b5c466f9c81797e2114e2010 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 26 Jan 2020 23:41:33 -0800 Subject: [PATCH 085/157] typo --- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 698e0aeb8d..162531b03e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -118,7 +118,7 @@ If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP ## Microsoft Defender ATP service backend IP range -If you network devices don't support the URLs white-listed in the prior section, you can use the following information. +If your network devices don't support the URLs white-listed in the prior section, you can use the following information. Microsoft Defender ATP is built on Azure cloud, deployed in the following regions: From ebf48163f309e5fe8c73e36ec937d7db90780a36 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sun, 26 Jan 2020 22:33:25 -1000 Subject: [PATCH 086/157] Remove old file & redirect Includes updated links --- .openpublishing.redirection.json | 5 + devices/surface/change-history-for-surface.md | 18 ++- ...irmware-and-drivers-for-surface-devices.md | 105 ------------------ ...timal-power-settings-on-Surface-devices.md | 4 +- ...icrosoft-surface-deployment-accelerator.md | 2 +- .../surface/surface-pro-arm-app-management.md | 2 +- 6 files changed, 21 insertions(+), 115 deletions(-) delete mode 100644 devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8f2090d66..1737cf2bbc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15572,6 +15572,11 @@ "redirect_document_id": false }, { +"source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md", +"redirect_url": "/surface/manage-surface-driver-and-firmware-updates.md", +"redirect_document_id": true +}, +{ "source_path": "windows/deployment/planning/windows-10-1809-removed-features.md", "redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features", "redirect_document_id": false diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index ebbb3fc3b5..f99bfa549c 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -18,6 +18,12 @@ ms.date: 10/21/2019 This topic lists new and updated topics in the Surface documentation library. +## January 2020 +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)| Updated with the latest information and links to related articles.| + + ## October 2019 | **New or changed topic** | **Description** | @@ -37,7 +43,7 @@ This topic lists new and updated topics in the Surface documentation library. | **New or changed topic** | **Description** | | ------------------------ | --------------- | | [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. | -| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | +| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | ## July 2019 @@ -76,14 +82,14 @@ New or changed topic | Description --- | --- [Surface Brightness Control](microsoft-surface-brightness-control.md) | New [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2 | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Studio 2 | ## November 2018 New or changed topic | Description --- | --- -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6 | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Pro 6 | [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New @@ -93,7 +99,7 @@ New or changed topic | Description New or changed topic | Description --- | --- [Battery Limit setting](battery-limit.md) | New -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface GO | ## May 2018 @@ -121,7 +127,7 @@ New or changed topic | Description |New or changed topic | Description | | --- | --- | -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information | ## October 2017 @@ -160,7 +166,7 @@ New or changed topic | Description |New or changed topic | Description | | --- | --- | -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)| +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)| ## November 2016 diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md deleted file mode 100644 index 92527470f2..0000000000 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Deploy the latest firmware and drivers for Surface devices (Surface) -description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. -ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A -ms.reviewer: dansimp -manager: kaushika -keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: dansimp -ms.audience: itpro -ms.date: 11/25/2019 -ms.author: dansimp -ms.topic: article ---- - -# Deploy the latest firmware and drivers for Surface devices - -> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505). - -Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows. - -## Downloading MSI files - -[Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface) provides links to download installation files for the following: - -- Administrative tools -- Drivers for accessories -- For some devices, updates for Windows - -## Deploying MSI files - -Specific versions of Windows 10 have separate MSI files. Each MSI file contains all required cumulative driver and firmware updates for Surface devices. - -The MSI file names contain useful information, including the minimum supported Windows build number that is required to install the drivers and firmware. For example, to install the drivers that are contained in SurfaceBook_Win10_17763_19.080.2031.0.msi on a Surface Book, the device must be running Windows 10 Fall Creators Update, version 1709 or later. - -For more information about build numbers for each Windows version, see [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information). - -### Surface MSI naming convention - -Beginning in August, 2019, MSI files have used the following naming convention: - -> *Product*\_*Windows release*\_*Windows build number*\_*Version number*\_*Revision of version number (typically zero)*. - -**Example** - -Consider the following MSI file: - -> SurfacePro6_Win10_18362_19.073.44195_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 18362 -- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows: - - **Year:** 19 (2019) - - **Month and week:** 073 (third week of July) - - **Minute of the month:** 44195 -- **Revision of version:** 0 (first release of this version) - -### Legacy Surface MSI naming convention - -Legacy MSI files (files that were built before August, 2019) followed the same overall naming formula, but used a different method to derive the version number. - -**Example** - -Consider the following MSI file: - -> SurfacePro6_Win10_16299_1900307_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 16299 -- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows: - - **Year:** 19 (2019) - - **Number of release:** 003 (third release of the year) - - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) -- **Revision of version:** 0 (first release of this version) - -Use the **version** number to determine the latest files that contain the most recent security updates. For example, consider the following list: - -- SurfacePro6_Win10_16299_1900307_0.msi -- SurfacePro6_Win10_17134_1808507_3.msi -- SurfacePro6_Win10_17763_1808707_3.msi - -In this list, the newest file is the first file (SurfacePro6_Win10_16299_1900307_0.msi). Its **Version** field has the newest date (2019). The other files are from 2018. - -## Supported devices - -For downloadable MSI files for devices that run Surface Pro 2 and later versions, see [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). This article contains information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3, as they are released. - -> [!NOTE] -> There are no downloadable firmware or driver updates available for Surface devices that run Windows RT, including Surface RT and Surface 2. To update these devices, use Windows Update. - -For more information about how to deploy Surface drivers and firmware, see the following articles: - -- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) - -- [Surface for Business help](https://www.microsoft.com/surface/support/business) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index e43a14a63b..b1f8eced7e 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -28,7 +28,7 @@ low power idle state (S0ix). To ensure Surface devices across your organization fully benefit from Surface power optimization features: -- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). - Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). - If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. @@ -178,4 +178,4 @@ To learn more, see: - [Battery saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) \ No newline at end of file diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index 7fbd031cf5..8fbc32d7df 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -80,7 +80,7 @@ For environments where the SDA server will not be able to connect to the Interne *Figure 2. Specify a local source for Surface driver and app files* -You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) >[!NOTE] >Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder. diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index c5869a15d4..fd98f72368 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -73,7 +73,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep - Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). - If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). -- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- For more information about deploying and managing updates on Surface devices, see [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. ## Running apps on Surface Pro X From a109f8f5be9790be3b3287c0f35db9e3e649d2a3 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:05 -0800 Subject: [PATCH 087/157] Added pre rel info --- .../security/threat-protection/microsoft-defender-atp/score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index 06f002a203..9a903d296f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 5e3621cf0517e3124711ac430dccf120f200b655 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:43 -0800 Subject: [PATCH 088/157] Update get-machine-group-exposure-score.md --- .../get-machine-group-exposure-score.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 42995a2265..5664ee56dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves a collection of alerts related to a given domain address. ## Permissions @@ -91,4 +93,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From e8d128ae4f186881f887710a45a7197c495a09fb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:23:33 -0800 Subject: [PATCH 089/157] Added pre rel info --- .../microsoft-defender-atp/get-exposure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index fadf3a064a..389758df52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational exposure score. ## Permissions From 81165d62ab174dc92a930151e2e57d5e45252ffd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:24:35 -0800 Subject: [PATCH 090/157] Added pre rel info --- .../microsoft-defender-atp/get-device-secure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index d2f1bb53f5..8a00435973 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational device secure score. ## Permissions From 92693e8cc85939b6262213cb2fbf5bb7b275c88d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:25:12 -0800 Subject: [PATCH 091/157] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 8a00435973..dfd844de6b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -27,7 +27,7 @@ ms.topic: article Retrieves the organizational device secure score. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From c1e2b40a1e8d1dd5ac92941092d1615be2b4929d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:32:09 -0800 Subject: [PATCH 092/157] Update TOC.md --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ba2038ad57..5fefcfbc9a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -499,7 +499,7 @@ ##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md) ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md) ##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md) - + #### [SIEM integration]() ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) From 29da516e02ec9b354e5b8a0823001c7c31f02492 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 07:45:45 -1000 Subject: [PATCH 093/157] Update maintain-optimal-power-settings-on-Surface-devices.md --- .../maintain-optimal-power-settings-on-Surface-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index b1f8eced7e..135851cb06 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -166,7 +166,7 @@ To learn more, see: | Check app usage | Your apps | Close apps.| | Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.| -# Learn more +## Learn more - [Modern standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources) From 09cc860c6bb00c06b23b8493446952a9b99cca39 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:48:34 -0800 Subject: [PATCH 094/157] fixed file path issue --- windows/security/threat-protection/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5fefcfbc9a..a49cb4bec8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -400,9 +400,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) -####### [Get installed software](get-installed-software.md) -####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) -####### [Get security recommendation](get-security-recommendations.md) +####### [Get installed software](microsoft-defender-atp/get-installed-software.md) +####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md) +####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From 5ee026b828b03ed53a1ed30e42b8b42dc30b346a Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 07:54:19 -1000 Subject: [PATCH 095/157] Revert "Update .gitignore" This reverts commit 51b7cc02616b183004229b9eb2a773c568bc4b6b. --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 10c1b78366..4d2ce285a9 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,3 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln -devices/surface-hub/surface-hub-account-overview.md From 99db46cd4490f827e54213795e2ba7a58d30f27b Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 09:48:20 -1000 Subject: [PATCH 096/157] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1737cf2bbc..12475ff7c6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15573,7 +15573,7 @@ }, { "source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md", -"redirect_url": "/surface/manage-surface-driver-and-firmware-updates.md", +"redirect_url": "/surface/manage-surface-driver-and-firmware-updates", "redirect_document_id": true }, { From 8db6694234d804bb12a30caa932c74d70512e53e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 27 Jan 2020 11:53:38 -0800 Subject: [PATCH 097/157] update with hybrid support --- windows/deployment/windows-autopilot/user-driven.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index e8fdb8a2c2..45520df78e 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -28,7 +28,7 @@ Windows Autopilot user-driven mode is designed to enable new Windows 10 devices After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization. Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available. -Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options. +Today, Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options. ## Available user-driven modes From 5ca81d0afa05bacbf17e488ac0bf171463fc962d Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Mon, 27 Jan 2020 11:58:29 -0800 Subject: [PATCH 098/157] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200127110202 (#1945) Co-authored-by: Direesh Kumar Kandakatla --- .../resolved-issues-windows-10-1903.yml | 14 -------------- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index f6f7b30864..0554cb4e28 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -37,7 +37,6 @@ sections:
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved External
November 15, 2019
05:59 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
November 12, 2019
08:11 AM PT
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved External
November 12, 2019
08:04 AM PT -
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903July 26, 2019
02:00 PM PT
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4517389October 08, 2019
10:00 AM PT
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.

See details >N/A

Resolved
KB4522355October 24, 2019
10:00 AM PT
dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
October 18, 2019
04:33 PM PT @@ -54,8 +53,6 @@ sections:
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4512941August 30, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >OS Build 18362.175

June 11, 2019
KB4503293Resolved
KB4512941August 30, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.

See details >OS Build 18362.175

June 11, 2019
KB4503293Resolved External
August 09, 2019
07:03 PM PT -
Display brightness may not respond to adjustments
Devices configured with certain Intel display drivers may experience a driver compatibility issue.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903July 26, 2019
02:00 PM PT -
RASMAN service may stop working and result in the error “0xc0000005”
The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
KB4505903July 26, 2019
02:00 PM PT " @@ -116,15 +113,6 @@ sections: " -- title: June 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
June 28, 2019
05:01 PM PT
- " - - title: May 2019 - items: - type: markdown @@ -133,8 +121,6 @@ sections:
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 22, 2019
04:10 PM PT

Opened:
May 21, 2019
07:13 AM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903
  • Server: Windows 10, version 1909; Windows Server, version 1903
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 15, 2019
05:59 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.

Note If you are still experiencing the issue described, please contact your device manufacturer (OEM).

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 12, 2019
08:04 AM PT

Opened:
May 21, 2019
07:22 AM PT -
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:28 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4512941.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4512941Resolved:
August 30, 2019
10:00 AM PT

Opened:
May 24, 2019
04:20 PM PT -
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index f88f58ac4c..1db3c602ad 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 24, 2020
09:15 AM PT
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 26, 2020
06:01 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
- +
DetailsOriginating updateStatusHistory
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available in mid-February for organizations who have purchased Windows 7 Extended Security Updates (ESU).

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 24, 2020
09:15 AM PT

Opened:
January 24, 2020
09:15 AM PT
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available mid-February, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 26, 2020
06:01 PM PT

Opened:
January 24, 2020
09:15 AM PT
" From 7583518cdc2d301344c35a968b0a5b11f6bd9b04 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 10:25:53 -1000 Subject: [PATCH 099/157] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 12475ff7c6..7713cc7237 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -58,7 +58,7 @@ { "source_path": "devices/surface/manage-surface-pro-3-firmware-updates.md", "redirect_url": "https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "devices/surface/update.md", From 9652500324aec4990118e4e097ef83e60d71e15a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:40:36 -0800 Subject: [PATCH 100/157] Update preview.md --- .../threat-protection/microsoft-defender-atp/preview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index a605c4517f..4cde145e4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,7 +43,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. From a5f51f1e5e99c0c4cd4cdf08b7186090e84f9469 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:43:22 -0800 Subject: [PATCH 101/157] Fixed spelling error --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2da5fe1030..221645d516 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Potential impact of the configuration to the organizati publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remediation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact From 7e7f2b1055ab134af49da4bf52402e05195e40be Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 27 Jan 2020 14:02:39 -0800 Subject: [PATCH 102/157] Indented a note in a list item --- .../maintain-optimal-power-settings-on-Surface-devices.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 135851cb06..2631b5f837 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -32,8 +32,8 @@ To ensure Surface devices across your organization fully benefit from Surface po - Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). - If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. ->[!NOTE] ->You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings). + >[!NOTE] + >You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings). - Exclude Surface devices from any existing power management policy settings. @@ -178,4 +178,4 @@ To learn more, see: - [Battery saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) \ No newline at end of file +- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) From 97570ddcf62f66f95532bdbff5b148f5774acdc4 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Mon, 27 Jan 2020 14:27:34 -0800 Subject: [PATCH 103/157] Add information about policy deletion --- ...nder-application-control-policies-using-intune.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index c3ccef8510..128fb4d3a3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -48,7 +48,8 @@ In order to deploy a custom policy through Intune and define your own circle of ## Using a Custom OMA-URI Profile -For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy are: +### For 1903+ systems +The steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy to 1903+ systems are: 1. Know a generated policy’s GUID, which can be found in the policy xml as `` 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. @@ -61,7 +62,11 @@ For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to lev ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) -For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy are: +> [!NOTE] +> Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot. + +### For pre-1903 systems +The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are: 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. 2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -70,3 +75,6 @@ For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) - **Data type**: Base64 - **Certificate file**: upload your binary format policy file + +> [!NOTE] +> Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy. From 777eadaf98117cb4c85b6b8e23b930acfee515b9 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Mon, 27 Jan 2020 14:56:35 -0800 Subject: [PATCH 104/157] Add deletion information to AppControl CSP --- .../client-management/mdm/applicationcontrol-csp.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index ef81d89611..121f28dad6 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -234,15 +234,23 @@ The following is an example of Get command: ### Delete policies +#### Rebootless Deletion + +Upon deletion, policies deployed via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot. + +#### Unsigned Policies + To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. +#### Signed Policies + > [!NOTE] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. +> A signed policy by default can only be replaced by another signed policy. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. To delete a signed policy: 1. Replace it with a signed update allowing unsigned policy. -2. Deploy another update with unsigned policy. +2. Deploy another update with unsigned Allow All policy. 3. Perform delete. The following is an example of Delete command: From ee67b0eb8ef386eac41ae2bf55a10ab063c5cfdf Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Tue, 28 Jan 2020 09:03:03 -0800 Subject: [PATCH 105/157] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200128080053 (#1952) Co-authored-by: Direesh Kumar Kandakatla --- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- windows/release-information/windows-message-center.yml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 1db3c602ad..a5cd7e2724 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 26, 2020
06:01 PM PT
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 27, 2020
12:27 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
- +
DetailsOriginating updateStatusHistory
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available mid-February, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 26, 2020
06:01 PM PT

Opened:
January 24, 2020
09:15 AM PT
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available mid-February, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 27, 2020
12:27 PM PT

Opened:
January 24, 2020
09:15 AM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 671d2a1748..7cd86d392d 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,7 @@ sections: text: " + From eb32f5424d22e7fd04b79fa660a40720b3909224 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 28 Jan 2020 13:19:35 -0800 Subject: [PATCH 106/157] replace Windows Analytics card --- windows/deployment/index.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 9530728934..97469bf8e3 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -10,8 +10,7 @@ metadata: ms.localizationpriority: high author: greg-lindsay ms.author: greglin - manager: elizapo - ms.date: 02/09/2018 + manager: laurawi ms.topic: article ms.devlang: na @@ -35,11 +34,11 @@ sections: image: src: https://docs.microsoft.com/media/common/i_upgrade.svg title: Windows as a service - - href: update/windows-analytics-overview - html:

Windows Analytics provides deep insights into your Windows 10 environment.

+ - href: windows-autopilot/windows-autopilot + html:

Windows Autopilot greatly simplifies deployment of Windows devices.

image: - src: https://docs.microsoft.com/media/common/i_investigate.svg - title: Windows Analytics + src: https://docs.microsoft.com/media/common/i_setup.svg + title: Windows Autopilot - title: - items: - type: markdown From 0f3890ed43977bcdb2d06dec161abcd14bda239d Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 28 Jan 2020 13:20:39 -0800 Subject: [PATCH 107/157] remove punctuation --- windows/deployment/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 97469bf8e3..857c663214 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -35,7 +35,7 @@ sections: src: https://docs.microsoft.com/media/common/i_upgrade.svg title: Windows as a service - href: windows-autopilot/windows-autopilot - html:

Windows Autopilot greatly simplifies deployment of Windows devices.

+ html:

Windows Autopilot greatly simplifies deployment of Windows devices

image: src: https://docs.microsoft.com/media/common/i_setup.svg title: Windows Autopilot From 1d7e85350f50554567d3c7c2f54b32960d5d1cae Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 28 Jan 2020 13:24:40 -0800 Subject: [PATCH 108/157] change icon --- windows/deployment/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 857c663214..4414c1e8fe 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -37,7 +37,7 @@ sections: - href: windows-autopilot/windows-autopilot html:

Windows Autopilot greatly simplifies deployment of Windows devices

image: - src: https://docs.microsoft.com/media/common/i_setup.svg + src: https://docs.microsoft.com/media/common/i_delivery.svg title: Windows Autopilot - title: - items: From 41f53cebaa7dc2c4b73f1bc02c9b95a6eb68d241 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:12:56 -0800 Subject: [PATCH 109/157] Added ref to TVM APIs --- .../microsoft-defender-atp/tvm-exposure-score.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index ee48894e3f..ad6de378c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -48,3 +48,7 @@ Reduce the exposure score by addressing what needs to be remediated based on the - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 0fcbab892a7dc12d8b7555f20afb6f832559ad08 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:13:29 -0800 Subject: [PATCH 110/157] Update configuration-score.md --- .../microsoft-defender-atp/configuration-score.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md index 8be692ccbc..a040722887 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md @@ -74,3 +74,8 @@ See how you can [improve your security configuration](https://docs.microsoft.com - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) + From cc6bb572b7e5effe0292b2f9559b24978b32a552 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:14:17 -0800 Subject: [PATCH 111/157] Added ref to relevant TVM APIs --- .../microsoft-defender-atp/tvm-security-recommendation.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 047a7888c1..112dd7f664 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -110,3 +110,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete, - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 1d14cd30523ddd9497eadc750315756d0a4420d1 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:15:21 -0800 Subject: [PATCH 112/157] Added refs to relevant TVM APIs --- .../microsoft-defender-atp/tvm-software-inventory.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 0eb7c6a988..63d7cc7f56 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -73,3 +73,8 @@ You can report a false positive when you see any vague, inaccurate version, inco - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) + From 204723c6cc462dafd290ac617da187d2fa70ce5e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:16:12 -0800 Subject: [PATCH 113/157] Added refs to relevant TVM APIs --- .../microsoft-defender-atp/tvm-weaknesses.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index aa146289f2..84c9dd892e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -133,3 +133,7 @@ You can report a false positive when you see any vague, inaccurate, missing, or - [Software inventory](tvm-software-inventory.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) From 2317a7b4ea74721216b604cdc903b53bcec71419 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:17:14 -0800 Subject: [PATCH 114/157] Added refs to relevant TVM APIs --- .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 5f9dcadac9..fbe6fcb05e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -212,3 +212,8 @@ After you have identified which software and software versions are vulnerable du - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) + From 239f3152affdc7a419057ce9ee1fcfd7fc8f0367 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:18:11 -0800 Subject: [PATCH 115/157] Added refs to relevant TVM APIs --- .../microsoft-defender-atp/tvm-remediation.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index a7dbb7c0ea..9d775ff451 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -133,5 +133,9 @@ The exception impact shows on both the Security recommendations page column and - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 38744145ce535846f550441dc796a1d64e6a15bc Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:26:20 -0800 Subject: [PATCH 116/157] Update tvm-security-recommendation.md --- .../microsoft-defender-atp/tvm-security-recommendation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 112dd7f664..b9749ad819 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -111,6 +111,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete, - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) - [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) - [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 717e8490d1789c1b074ff93ab18caca7982255c9 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:26:56 -0800 Subject: [PATCH 117/157] Update tvm-software-inventory.md --- .../microsoft-defender-atp/tvm-software-inventory.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 63d7cc7f56..4428d8a925 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -74,6 +74,7 @@ You can report a false positive when you see any vague, inaccurate version, inco - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) - [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) - [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) From 7b444a3ec0122428c6f3afcc216b49fc8e6eb1dd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:27:20 -0800 Subject: [PATCH 118/157] Update tvm-weaknesses.md --- .../threat-protection/microsoft-defender-atp/tvm-weaknesses.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 84c9dd892e..1ffd2a0270 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -134,6 +134,7 @@ You can report a false positive when you see any vague, inaccurate, missing, or - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) - [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) From 506b78e1a956bf52dbbbc91b41ce11f676e52b4f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:28:08 -0800 Subject: [PATCH 119/157] Update threat-and-vuln-mgt-scenarios.md --- .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index fbe6fcb05e..fbefb996b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -212,6 +212,7 @@ After you have identified which software and software versions are vulnerable du - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) - [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From f2e86763ecc8c126accecb9d959e3801166d3dab Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:28:38 -0800 Subject: [PATCH 120/157] Update tvm-remediation.md --- .../threat-protection/microsoft-defender-atp/tvm-remediation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 9d775ff451..9426fb0fcf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -136,6 +136,7 @@ The exception impact shows on both the Security recommendations page column and - [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) - [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) - [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) - [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 4075d9a19dcc499854372e521ea6e67e99085c88 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:29:36 -0800 Subject: [PATCH 121/157] Added refs to TVM APIs --- .../microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 98d455063a..d4667e74fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -70,3 +70,8 @@ Microsoft Defender ATP’s Threat & Vulnerability Management allows security adm - [Weaknesses](tvm-weaknesses.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score) +- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) +- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software) +- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine) +- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability) From 4b646f7a2b9ddf3f90c58bf9f882d945b9587a10 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:50:01 -0800 Subject: [PATCH 122/157] Added TVM references --- .../microsoft-defender-atp/get-installed-software.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 1b2a634eff..9263243f0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -83,3 +83,7 @@ Here is an example of the response. ] } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) From 0c5f16c00b0dcfa1a90921e92394039267b07c16 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:50:49 -0800 Subject: [PATCH 123/157] Added TVM references --- .../microsoft-defender-atp/get-discovered-vulnerabilities.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index e20da5c5b7..f41e0af06d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -87,3 +87,7 @@ Here is an example of the response. } } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) From b439d4417aa834330d4a9a593a78002c2b18b2a9 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:51:31 -0800 Subject: [PATCH 124/157] Added TVM references --- .../microsoft-defender-atp/get-security-recommendations.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index 4256ba1c8c..61ca64ff6b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -94,4 +94,8 @@ Here is an example of the response. }, … } -``` \ No newline at end of file +``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) From 2f16b745e29dfa1218232a15c1ff919ed89c13ce Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 11:52:51 -0800 Subject: [PATCH 125/157] Added TVM references --- .../microsoft-defender-atp/get-exposure-score.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 389758df52..f57f5e53cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -83,4 +83,7 @@ Here is an example of the response. ``` ## Related topics -- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score) + + From 2ee4db89bb36fe1798cbd9f504b49cbca92b792f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:07:25 -0800 Subject: [PATCH 126/157] Added TVM references --- .../get-machine-group-exposure-score.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 5664ee56dd..a85a0bc44e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -94,3 +94,7 @@ Here is an example of the response. ] } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score) From 70a1a9aec9a1660b6f27ed81bfd0e60ac2868d5c Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:08:45 -0800 Subject: [PATCH 127/157] Added TVM references --- .../microsoft-defender-atp/get-software.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 67bfa09292..21e52ab884 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -81,4 +81,8 @@ Here is an example of the response. "impactScore": 2.39947438 }, …. -} \ No newline at end of file +} + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) From 609d04915386cd1a6637e6547ab13c607c3c4b2d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:09:53 -0800 Subject: [PATCH 128/157] Update get-software.md --- .../threat-protection/microsoft-defender-atp/get-software.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 21e52ab884..4df1ba1700 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -82,6 +82,7 @@ Here is an example of the response. }, …. } +``` ## Related topics - [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) From 2a2dad4d1d70f27f6de2bacd01899644e284bf4e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:11:15 -0800 Subject: [PATCH 129/157] Added TVM references --- .../microsoft-defender-atp/get-software-by-id.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index 663bac6747..8e7328251d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -81,3 +81,6 @@ Here is an example of the response. } ``` +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) From ac0fe42041155c2c4eb62eeeeb16177453f818ba Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:12:11 -0800 Subject: [PATCH 130/157] Added TVM references --- .../microsoft-defender-atp/get-software-ver-distribution.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 39a3275bf2..76220e5515 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -83,4 +83,8 @@ Here is an example of the response. }, … } +``` +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) From 07ec4a396b73acdd6bbf776178e4a638002ed037 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:13:16 -0800 Subject: [PATCH 131/157] Update get-software-ver-distribution.md --- .../microsoft-defender-atp/get-software-ver-distribution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 76220e5515..7446306e86 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -81,7 +81,7 @@ Here is an example of the response. "installations": 750, "vulnerabilities": 0 }, -… + } ``` From 9cf3601833a10279a72cce301207b3c3b3f8e252 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:15:11 -0800 Subject: [PATCH 132/157] Update get-software-ver-distribution.md --- .../microsoft-defender-atp/get-software-ver-distribution.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 7446306e86..7e2f080a07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -80,8 +80,8 @@ Here is an example of the response. "version": "11.0.18363.535", "installations": 750, "vulnerabilities": 0 - }, - + } + ] } ``` From b6858a1d8c9bb52d5d56439c1f6034b586b08199 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:16:30 -0800 Subject: [PATCH 133/157] Added TVM references --- .../microsoft-defender-atp/get-machines-by-software.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index dd922cae08..7b5b1571d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -87,3 +87,6 @@ Here is an example of the response. } ``` +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) From 6dd0b715b9ceea4aa60fc0ce26cdf5cc9be39a1b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:16:57 -0800 Subject: [PATCH 134/157] Update get-machines-by-software.md --- .../microsoft-defender-atp/get-machines-by-software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 7b5b1571d0..3de42054de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -83,7 +83,7 @@ Here is an example of the response. "osPlatform": "Windows10", "rbacGroupId": 9 }, -… +] } ``` From 61be29e5c5a3cb9c886c74134784c060e38fd33f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:17:25 -0800 Subject: [PATCH 135/157] Update get-machines-by-software.md --- .../microsoft-defender-atp/get-machines-by-software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 3de42054de..107a9bf353 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -82,7 +82,7 @@ Here is an example of the response. "computerDnsName": "jane_PC", "osPlatform": "Windows10", "rbacGroupId": 9 - }, + } ] } ``` From be3c676758aa5785c6a93bed4eeb1bf8c70c7ade Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:18:50 -0800 Subject: [PATCH 136/157] Added TVM references --- .../microsoft-defender-atp/get-vuln-by-software.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index 6984c10ec6..38d7cb6c0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -85,9 +85,8 @@ Here is an example of the response. "exploitInKit": false, "exploitTypes": [], "exploitUris": [] - }, - -… + } + ] } ``` From 1703e034e13df898916d4ccda220bcbaa211c0b5 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:21:51 -0800 Subject: [PATCH 137/157] Added TVM references --- .../microsoft-defender-atp/get-all-vulnerabilities.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 01869cd89b..f058b00c4a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -85,8 +85,12 @@ Content-type: json "exploitInKit": false, "exploitTypes": [], "exploitUris": [] - }, + } + ] { -.. } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) From 8fbc2c9cda04bd628b535c8f61f786cb0d1aa432 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:24:12 -0800 Subject: [PATCH 138/157] Added TVM references --- .../microsoft-defender-atp/get-vulnerability-by-id.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index f87c04ae43..2c5e79eb6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -84,3 +84,6 @@ Content-type: json "exploitUris": [] } ``` +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) From 63ed5718690fbe7401858999ccee2270d9ea25b8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:33:34 -0800 Subject: [PATCH 139/157] Added TVM references --- .../microsoft-defender-atp/get-machines-by-vulnerability.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index 37a235d516..d2a41e31ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -86,3 +86,7 @@ Content-type: json ] } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) From 05a439cab2b4e702a74f296bf7eb27722c8964d3 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:35:21 -0800 Subject: [PATCH 140/157] Added TVM references --- .../microsoft-defender-atp/get-all-recommendations.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index 34c6863e7d..d6bfcc9c65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -98,7 +98,11 @@ Content-type: json "exposedMachinesCount": 7, "nonProductivityImpactedAssets": 0, "relatedComponent": "Windows 10" - }, -… + } + ] } ``` +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) + From b93a25f13bb93c17c563d80bcb92af397df922a0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:51:10 -0800 Subject: [PATCH 141/157] Added TVM references --- .../microsoft-defender-atp/get-recommendation-by-id.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index 86f7eef853..dd826d87a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -91,3 +91,7 @@ Content-type: json "relatedComponent": "Chrome" } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) From f7f48140a013a41f63a7f5924aaf9fab61c4b0fd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:52:19 -0800 Subject: [PATCH 142/157] Added TVM references --- .../microsoft-defender-atp/get-recommendation-software.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index e8473ba5f8..de192c1e9f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a security recommendation related to a specific software. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- @@ -79,3 +79,7 @@ Content-type: json "impactScore": 3.94418621 } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) From 9e2772f1ba6875bd872eb873b67adc60730c718c Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:53:14 -0800 Subject: [PATCH 143/157] Added TVM references --- .../microsoft-defender-atp/get-recommendation-machines.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 0060478641..3b7664b089 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a list of machines associated with the security recommendation. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- @@ -76,6 +76,9 @@ Content-type: json "osPlatform": "Windows10", "rbacGroupId": 2154 }, -… } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) From 55894f5ccc60d7b7f58954a7a9a9f4dfeed68c63 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:54:21 -0800 Subject: [PATCH 144/157] Added TVM references --- .../get-recommendation-vulnerabilities.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 48f13ed4b9..c9ca363c20 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a list of vulnerabilities associated with the security recommendation. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- @@ -84,7 +84,11 @@ Content-type: json "exploitInKit": false, "exploitTypes": [], "exploitUris": [] - }, -… + } + ] } ``` + +## Related topics +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) From c2e7e51d872da98c8c49c34eb2899885aae54671 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:55:53 -0800 Subject: [PATCH 145/157] Update get-recommendation-machines.md --- .../microsoft-defender-atp/get-recommendation-machines.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 3b7664b089..ef3f78c2e2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -75,7 +75,8 @@ Content-type: json "computerDnsName": "niw_pc", "osPlatform": "Windows10", "rbacGroupId": 2154 - }, + } + ] } ``` From d8dbab7247cece30950d4f0f8da348a9080e1f2f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:57:14 -0800 Subject: [PATCH 146/157] Update get-recommendation-by-id.md --- .../microsoft-defender-atp/get-recommendation-by-id.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index dd826d87a1..6a56d41c99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a security recommendation by its ID. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 9cade067683830ead3c91d6b66ffb2bb7e6f4554 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:58:16 -0800 Subject: [PATCH 147/157] Update get-all-recommendations.md --- .../microsoft-defender-atp/get-all-recommendations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index d6bfcc9c65..1735811830 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a list of all security recommendations affecting the organization. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From c42c53496453f417bd2febce838f2de5d0be3c28 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:58:31 -0800 Subject: [PATCH 148/157] Update get-machines-by-vulnerability.md --- .../microsoft-defender-atp/get-machines-by-vulnerability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index d2a41e31ae..5ee5fe1b47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a list of machines affected by a vulnerability. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From b0547cba0dcddffaeaa4b2f8f65ea8eedc2758a6 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:58:56 -0800 Subject: [PATCH 149/157] Update get-vulnerability-by-id.md --- .../microsoft-defender-atp/get-vulnerability-by-id.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index 2c5e79eb6e..e4ccb6c433 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves vulnerability information by its ID. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 17cab28ee90d7b3b53aa7480fe8a8a7d49df8718 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 12:59:13 -0800 Subject: [PATCH 150/157] Update get-all-vulnerabilities.md --- .../microsoft-defender-atp/get-all-vulnerabilities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index f058b00c4a..e0e4243d76 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -25,7 +25,7 @@ ms.topic: article Retrieves a list of all the vulnerabilities affecting the organization. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 8548497d4c7bef243e4aa1aa2dc69588e2856aff Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:02:31 -0800 Subject: [PATCH 151/157] Update get-software.md --- .../microsoft-defender-atp/get-software.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 4df1ba1700..1ec2bcccd1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -22,10 +22,10 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] -Retrieves the organization software inventory +Retrieves the organization software inventory. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- @@ -79,8 +79,8 @@ Here is an example of the response. "activeAlert": false, "exposedMachines": 172, "impactScore": 2.39947438 - }, -…. + } + ] } ``` From 1c5678ceba4fcfeee5edcd755b4ce0fd9ca6157b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:02:57 -0800 Subject: [PATCH 152/157] Update get-software-by-id.md --- .../microsoft-defender-atp/get-software-by-id.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index 8e7328251d..c57fe74368 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -24,10 +24,10 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] -Retrieves software details by ID +Retrieves software details by ID. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 15cacb671f46e56429b885aae76e12ea167f124e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:03:21 -0800 Subject: [PATCH 153/157] Update get-software-ver-distribution.md --- .../microsoft-defender-atp/get-software-ver-distribution.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 7e2f080a07..2ba8c06b69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -24,10 +24,10 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] -Retrieves a list of your organization's software version distribution +Retrieves a list of your organization's software version distribution. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From eb0f7d829245f1e696ea4cc96ca49a8d9b8a4034 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:03:44 -0800 Subject: [PATCH 154/157] Update get-machines-by-software.md --- .../microsoft-defender-atp/get-machines-by-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 107a9bf353..81d6659101 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -24,10 +24,10 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] -Retrieve a list of machines that has this software installed +Retrieve a list of machines that has this software installed. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 092c06896a7d11d34bdc7ca8490852a6eb1633fa Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:04:17 -0800 Subject: [PATCH 155/157] Update get-vuln-by-software.md --- .../microsoft-defender-atp/get-vuln-by-software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index 38d7cb6c0e..6fa52754b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -27,7 +27,7 @@ ms.topic: article Retrieve a list of vulnerabilities in the installed software. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From 2fa529107f2fb9a62a8acaa71c49acac39c9e661 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 29 Jan 2020 13:07:23 -0800 Subject: [PATCH 156/157] Update get-recommendation-machines.md --- .../microsoft-defender-atp/get-recommendation-machines.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index ef3f78c2e2..d74dc47279 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -65,8 +65,7 @@ GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chr Here is an example of the response. -``` -Content-type: json +```json { "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", "value": [ From db0b320aa9f01eba013906c1f073d7524b6c0f33 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 29 Jan 2020 13:27:56 -0800 Subject: [PATCH 157/157] adding a note about a known issue with ddv --- windows/privacy/diagnostic-data-viewer-overview.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 64cfa25866..1ef548e15d 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -149,3 +149,16 @@ The **Review problem reports** tool opens, showing you your Windows Error Report ![View problem reports tool with report statuses](images/control-panel-problem-reports-screen.png) +## Known Issues with Diagnostic Data Viewer + +### Microsoft Edge diagnostic data appearing as a blob of text + +**Applicable to:** The new Microsoft Edge (v. 79.x.x.x or higher) + +**Issue:** In some cases, diagnostic data collected and sent from the New Microsoft Edge fails to be translated by the decoder, which makes that data appear as blobs of text in the Diagnostic Data Viewer. We are working on a fix for this issue. + +**Workaround:** Restart your computer and open Diagnostic Data Viewer. + +**Background:** Some of the diagnostic data collected from the new Microsoft Edge is sent using a protobuf format to reduce network bandwidth and to improve data transfer efficiency. Diagnostic Data Viewer has decoding capability to translate this protobuf format into readable text. Due to a bug, sometimes the decoder fails to translate these protobuf messages and hence some of the Microsoft Edge diagnostic data will appear as blob of text. + +Microsoft Edge sends a set of required data about your device, its settings and capabilities when the the “Basic” setting is set in Windows 10 (operating system) settings. This data is used to determine whether Microsoft Edge is up to date, secure and performing properly. Microsoft Edge usage data, and data about the sites you visit, is collected as part of Windows 10 Diagnostic Data when the "Full" setting is set in Windows 10 (operating system) settings. This data is used to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. The diagnostic data collected by Microsoft Edge can be viewed using Windows Diagnostic Data viewer. \ No newline at end of file
MessageDate
January 2020 Windows 10, version 1909 \"D\" optional release is available.
The January 2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 28, 2020
08:00 AM PT
January 2020 Windows \"C\" optional release is available.
The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 23, 2020
12:00 PM PT
Windows 7 has reached end of support
Windows 7 reached end of support on January 14, 2020. If your organization has not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read How to get Extended Security Updates for eligible Windows devices. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
January 15, 2020
10:00 AM PT
Take action: January 2020 security update available for all supported versions of Windows
The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
January 14, 2020
08:00 AM PT

t|(nv~GF19sYhe?w%a{#b84e8WAD2TSagdB$Th6skr5R zSxWjecaPf4w58fe7e;pyJyA_5F?T=1)U7bi)N3jI%}+vsFI>GD%6#{=t&|VyW>L0Feke#@za`_ z*nLekaXa(O7kwK7$!Te}*_djIQF1aCWwRK|URG4}c@Nce!B2K%Voe0QgZ+A2vJ|rz z>Y>a8XvqJxs{Ay7%SYD;9Qf1a>2!z-mdK*jhPN^ZJVf+G1g^TS>#2OEZkr<*g%KCp zvo!M&oxGN-RHRF!)?HbsOs3ch$N_|fSehBQW?9!Q#jc({mamSHz)6|;_RA>(p%M9i zadhjx+EOM+8}tO!8NuG4M&ZMIXuucYy_o8Hq}Wkc0_Mr}gPdo-H$*r5{OT;MH(Bz6 zM)B0Fx29%_3wFlij-6g?r8_^0zy#Ivh+Qc~`4F3iQ zqEOp}Q;1wQxnkKjt7Y>ALu9Wrsyx>kodVPW%h#TnzZjj%3BIm+rf9Z`Z0d=2&(EH` zCJ_G`E#m7|X=X6RfY(mAt8n4HcxJdywPxmk02e&L0u4-?E+R_UGQA(IS~O;B!=Mt6 z^$pi!nRX<}s+ObL4(_X+iKo8%xmH+U&BSJ`YZFk~5M&Eq^<2Ee`-@xsxqmCEVSfTh z%zAn}y8dUzLfx@S`Di^FaMirhTi^cRAY;tYn6=&WmnJM|^wgA!Y@)yZC0bgNWf9g0 zlNpMwP52eT=32M{eGpGz--cX{DYXYk;0+h8l>Naf zea#-LQMw*&S@R)CUrptOyL5wRe1qr#caeQ<+;<)`1bB~yZbyx*B|$zFHX&L=NnN)J zwseCe)_h6OKdIn|aevyB%S^{#qtIvST;}HSj#J|kVqNr`SmDIz7uY|4`Vw5Dp5+gs z*)$hRyJOiJHc_}M3WV*0$xQ|mfu42&KIWS-n9$kd?M%C1#e_+{BPD<~h@VaC$LlDYG6{l{I#W(8XHwB! z+0kM-qUXF=4&JD~L_pR_;kcHo5Mez2SL;#5-AX*Na=V}A>F!29>WNt8@?ynM23gF% z`w_vjQyQ@bVam!RVHhPh8nFYMAG_< z1OD?62e2g$$QkKFlOiJUJ;Jm>;8lv4eJFbN839T)tVcexn`h%_O?ELMBJ;MttqM60 z=Bof&gN&pd^h;_9xI%CKaG8El;wcn^vXC{PC^L7h1|-{|0W!$s z)mS72Mq(h%1b7Mm@E;4?B1r&mTxvdvG`W8P5Gv1Kym&Eux=L*9 z)fqc&ljBDu3BX+jl=h}0gqqP?uzqG(i7wQ#k>36 z_5grLejuo^9^vJ(hQrDO?h(`o043{Vt7r*4@>K{wByl3r`5&hn>Hpv9mfQfCtZ1@U z{#~|j$#Fr7ap=n9W&Jfgl55y7Bmii@F$FXivkl-p$mWH~(}l?hp4r$@i<$&{khd)J z+u4Rfs=4^DUT@*%d$GVc*TjUaeG`RI*1mzM*SAf0F!cKCrrPXSVIADj@oN^CxKvbt zCZ$4%`RRXd73XL8=NgGUxy;t8b4$EKy{Z6(ZoYF%-{vdrC`wT>n<8xanJy}yX{V_Z zk_~?W*?)FMh%k0fQvTUznk;Ehqy06jf6)cn8JuCXt_?WQGD!rv$b0v$eHcHJ6Hau` zY1g)D_sFBb#@>q>S@52Vk*lapMICG|BD&6mlF6IZmOFd23qkANzu_BC0iMv=)uTDI zfEB=NP;KlHRc#SpR*^Km#z_ogpH~yHK`70dw(H^g>n=vEvB%u-9VJ*$^iFpt@3GWT z7!tMXA4aW2u~{``RV4#&Irzm_IDf8Uv$r?pkiUc>jj54~vv1jY8cjvphD~)Y#XO%Y!g!a~%~-Z> z=EmqA$9uOfO8RkSJQvvDY+i2p7aybUQ^*s73m7#0#_XcKsr{hh|8c_;t89|BX1JtwJV4jrgb z3&1YTDcjn18AS?BsNP-ob>V&!T4ke0@%4v4kH^ct>l4E*=ZIx`^NQGZ36ZVj+ezp6 z<;MJx2RJD9p0q#oRpLdp3!{8Y{zY)5AMMKt><8MHLG1Oq=gjUDI2Nq8uA*OWY6KBU z-M4=lNx{yG@m!SDGNJ`g+QT?eY^CMy2{l&PQBhGcT%ulo7Yd|lu%$^?Y6>EsCs`}U zY`g$rkCDDNz8h%hGXl1&5DN7PWg+;64s=nF;69c!k%2dOU{v!%6BC*QL`3P}@DqLY z!ombX)`Jb84vWH+lkq6O>H~aQ#v6>YzS7`}i{|m!+2H54Ob(zmkyq8mwas-{ z9_+P)a?C7VoL8jaglD zx}N&@QmK3rCA8z4I0acDMs7(BibEM??h}>Hv|hLWEupjl3#Zbg`a}3Zp#UPvmY*W3w**$!^8e6SZ0>PKUCLT2q;gwa1SU{-=UoJjF3lp{3|`0#-QCD;sC3aE zEt5rP+aYk_A+PzYqfi58@RJ&N9i5%IJr3qWrl)m+Lqg2Pvc>xc20BNx#4wA?%F5&n z44P&ubp~ow!*!p(d-qP`!-v4YK9e0;*!2yT;h zeQ;0~?^HMt)MVv1G&D30w9Q|VXBY;zU@2!nEnvwG+qmK%bagxKj-LZbFmF1JQ1KA> z&fBYI!C^pTkMIb**7IvaX^tr}go!a-ZA^ zkHC`tiu3d<{nhv!XC7Z29|y-stRD1%z7zt1D5|R~`1-c2&se%m{Q2|7%(hQ*8#mra z(^5|^kIMg=!Nz7lkCs^#^$*A&CJ0m`&ox` zzE@CSsIg@q!;)CBbwTvc#MGDlVg9KPx)Ey4?==me7&|3KJI#fK)-;3K@-|ZzA3tUl z(_IMPrUNk2H>Yo}rHl@u*y`zjUDgOKUKx>r3>aSkOM6T~ULOAEhfLoe3UTkLVBBnQ zmY z=P@)isKGcYZSNL^Q&b*@Z_!ON$@FQ4rR)8&MxD{n$eb1`_~0o1K5~4HDL8$L9&dom z#^_`B%b(@Ua-R)YPZ`wwTod#^_t;~|R~NO}lI(nk#B%t4VwtzQBHis0%AUYccTRtC`&WNhpUrGVex zmHpq23ee^!d0t{dlDr2^Hhrr@pc0LV!yFfi-_)fYR9kD~dj6&r{{}Z$EkHQ_;O4(f z%gS<~U{CIK4jmWC%igDSDy$N{Gw=g`6<=eIt#JS6DUbh-^y*dD%#5z$r{})DzLfxL zYiVhj>fqwSd;joI<+S2YA+b-_BWR>}NVPv(g$@M5b`jBp*s`$9)>xsx@V$3_8*XZD zj<)Q7M=2{8+I_bwArqxE5nf%*TZ*fxtO?`7eSdkdV1r6^(IX1$?KL}E7Uz|>?w0I8 z>6Gg1A7cw_H;J9vV176B4wsOUbAvj#zFr7eNR z1cds*>nScT;+%K7AD@>#!STHy4xLg*-Kc0#-W-&ClTPyI_T+o>7Jlle<#{37~iWsz?0I##YKr(7$l%Iv27pF3Ut z{XwS~|7b<&xj$>R+u(QS5gZztU8(zTXcz1tPndp{Ed>9pRKif44a3iBaFGP|zlAyn zzWk)V49~B5xw%n1KdQDUSEi=;-6Gb0mXyohR?)9p+R!Qo2l=&<$o~4Nk8wKx+b$$F zG_|>u|GXt*xVeP?(fzmkwGqXam*&DA`%9Q6JRhu(L$)356y)?nBGd!Bo2o~Pi;D}@ z=)3iI(iGK2LUmY5nyS(MZV(<5ck9s5Cwt249|Z>^5fBq+)VjTTS71N$wj#Flxf_KO z&jlwN=UW+vBw>;W=8|&hyu^>OhRl$nT&dG-8_Dyl?*9!!Rm0_9*uoZ>?KxUUl6oC6aQ3CZB7duWx&s`tTcaX3e+P;d(DMGc`rxVrOFkP{1K5^CWD*IEqJM zA#9wW=!gqf>gqii#8aK`w}3&@NN4-|nQ6+TzgcEv`eIa7ftlIa`^NL6q#pyG@p2A4Ou&8q;qkbNx=^O>N(z@^~yv#I9@$2H&j*e$6 zK1H@N+E&rm82;vL3$ih=-adQ0Ktl6y5(nl1VjEr-`uPHLy2kLLvfq?I5TdNl9+=cM zGPo2%1EM9#sdykDpDt4{^QWQhw!oq9Nm33uJ9Az0>ruBiOdq$f@nOR{T;XVwBDvf@ zlLkXbFVV&wKYt2Q_Kj90mq_5ZWoBpX8_hz=Hx|RN-53_QOGiqA)%l%s0puu$mXnX` z7g-)wR%z5yoXtfFOKVFydS;bd8=T+fHlBxzj{7V&-z^Zds|X*Qy_tZomG5bmX>wQS z!m3;sh=O4~H1E%;DM_IoRS#hgFV@IOUYOAAIFyYDv)(RO`Jn(}bo{4+UYwbiD6Ohb z)mT%M4!+vqNK z-z8nS_2)SfGD_!DtdJ(dN|5<8C6H~Ro&p}{@=d;mI+3R5dyJ^|7%uZ2exz4xdM;=l z4hvAaoC{`fmtbl@>8neq6Bg}6}@hP`>)Z&ye%Bhw}k z4vm&-6egoDGx?U+)x7K`{ZpncQhDUx|2GhXNa&fBacND;xl|*G61DAQa&$)2A!G(5 zDoFHtKnac%LQ4ypSj0F!o#(hk$9WmhF&sN-E9!e4z9X|aB0;yaL1~X*j!-KJq3=^r zGS&bK(~kZ%J8DH0Z31Ml9yEGzU@x#}uXTVWM~4$`eN}GtI1>9ZGO;3Mrch-uqho1Z zfCho~Ld!B@38*bHzg16so-EwlG(ZZwHXWId307fR?KcZRcvWE^L?PdWdz%So5gN0# zOe^;9aG!?0Rsu~r=kz4;Cf5`LZd-}#h2Ojy5o~)h z`}-3sMM=jrEn7z7!RbOksTnUhS*Raxxx$d}0h1*QQ~fhB%P64rLcVyGD!@e2H314m zUl^;3h0&){95q@&=qFlsJlFei;qn9SJ#W{$d3_`>ilE#E(MrQmwn+tkJf9vW?I=Ry%*2|`Zq#iC~XQaa41MZ zKZ<$eRlcFt)+P*(P{uR#AUVj*;RI6P+m^%Caqg(R2(11BB?a5u=@|xVhtwUH9D6tf zZm75#S;LzaV0dL8jjyzQ=Z7{_~Q<;{t5{Xdvl=2JMA))_yE#JK|KOZ&HOT)*?7|jf zJ1cS~NB7yrM9D+=(-{`ak!XS`gnBWCgoe8S8K_ZsMNcC!x>&Z@w)M=Q`R)%(R)-hA zBL6e~b9#NFwpy(yGfPYMK)T#GZKJ6EL@!IrB09yW)2}0jYivl-%FzcH6|Vk7KKO4yhfz+a3KIaO%eA(oqGt@&ir@1JF? ze0OWo*Ij}4Cj-QGI27beq5C8*yfsyjJ)&Aq_pZMSR;cdzB>n4C7z7){>H43Xa=PJP zEPuS=dui4}PEHZ7NK@Koj^ra7mbrm}hC$HfF&nE9|6$pRk%i&;29M3VVplS`Y`UGz zczUvTu0oO^3L5F*8NbI68c+VsxCthO5PFn|9|!yUyjZhpG(f1dA5G|tNoKjnPV=+< z`Njnj|9A<}mu}(PB$XIDZhXp=ltd9dslw~;$lrYfLM+g$px9D69(BU6{lifSc{!29 z=?+rQ4Y>z@{aPj8jznaQ!0E5o{+KnsGVcmGKa~04g%kKf`n`q$o$f?sVn%4VVgQ(4 z5Ksw=&o=sDi_VJ;$0W?)Ww9C?u1&}*|GJ?in2!6m+5|7N#1%fC%xlA>el&3Z2W9&Q ztEd^>NH55c_f%!_l~E`+qJ?iY(1s#B>S93>*mH}EpRL6+GP3^CU0h)PWajMrvBZnT z#2E4M7eO=km(y?WfUM!~Eu}r6`hmI{jCkEm<%OXZ+xiA4r|BxAdCg@#NBdF*hcf)4 zw(@aMc3f5#+r_6uo|-Nk18A0qJN5z7*h}Mrt!iFr zQEhDD#}=6zU}k2O9Xe5y$)9@#J-Ech-Ho`&d*5!9)ZL`HQd)sup>taTXsM9Roz4n| zn{dfj1-E9I7Lx&qN*m4%oVK>E7DztF7;zVnZgP!F(`9xLgQgGi=F>Bn2I0)u)6}>N zXv*t|{`yt$2wSi;3@Tri_y9+w5LfsO*{P? z`eyz@di9osR-YLvpgV$&pY_$8oLsnga`3P{&6nr?iqX)o^|2`pal`^Zz};pFLC&)y zzdPJ@;xDy{7U8I`w@TLrZ)1gj#lo#lW408bS?RN+P3jg?0ma<3JNvI8Mic7^aD^v$rqhnVu3!`P!>U zMrJmhwMJj8K))#dWm497VHR#zz2qvm$`fIW##(P z8M@hHtg3)tsCctvHsVy06V@JdTUBK>sbXPb!i^hLZ1Je|b>?8DoL)tcq$G7dBU4)Q zfr>8MsQf2OX3?g398yB-Ll*yU#9KA;iVSHMv6n+YMDDLrMWUgH<8aT$(=9tv6Z-;F8z>VDy}b+bFi) zWnn9E2a*_;%URql5#M;J<}so5D>sjb=qNb_!{!?bbV;UepiSvZZ!^ z1Ib7^jOd5>>sW_7EebiEZy1K88K2@mebR%5q4;coOj4P>`JKc)dbHZJ;kA2~V(Qab zuu<}WFul5Qp5D-!M-}C*C~wm7ydKJUXa5&rIc+=C&OfS42~MhbP-DKy+4(TN`Zx+{ zJIKDNrhHg@w=(CgVZW4Bop}#X2XOnhDQGctMao8v>Vc+5_Y)0gj _4Gs-TQ_}u zuWIY+zAIB;kJ83}kN&UZKwmAZYsfssl>~p>r8sp*E zGsnmx$u2KfOMEQ?uaR$2{-~}0b-u};%-woe?y{!?TV8WIn{t$=Wih4L^(`f%+;uUAp*29C(xbUp!Hg zr2}Q(oSlMx+F70ArCeC7izDgu__*zlkDA5_ zBGyKi#CKnIn&~n3X4qzMhNwxlg&>0U{29%EqhQB{@@>!KbGE^5Mp{}NJ03wn9@g4oY&$gE$o?Uh0f-HrgS=Jd9kFI6Z~ ze@$CmCO#yJVnJ+EaC88a<(7S8Xhz{$Zvda=7hH6Nu?5{NYW^gqG8A8M{$@imIe)GL zih=#23jzPM(9(^taNmVwujNg~XlLX0;fp{N79#de!|f*LJiIrZ#?k<^;I7U%Z|`l@ z#bqh_m4lI^QmqJL&@S23Smz%ei1H68LEuL>WUK1&!aN>phBSS}L3dvb=gAJRfulp) zKaM`X$35{qPmvg6kUJhtnVDVb2lp`FVz$L{^3OCYS*k6CqP6M61?Mqgj}<m?Wv3byNR zpv>y~HZoIK<6dQZAYv#4d>~pk$g0#;WiO5RV$9jczFtrw#v#KY)yB73-OR6%G7EZg zEmK!B(IO}=_v5{h*YQ2(nWsMwzApNhAloSRPaiu&=6Pa(cBB2`p%k%4BHf#b1!e%D zc=YAXas#)rKG|*7VyvMKBh+=}n+=7sj(pJtJ&z7(Z(YBf(8nGTckdOd1zHf!jw+|? zO%_>(sGAv)!wy~d^s(8pPe9!c;_aN6^}sbR*04LmCO5V#$E~7up*FMI)gZ+2EML}^ z#8`BB%1A<&Yc?DL1*i*7kk@1AO-2qzPm*wo6-!^}!OH^_AVyK6V}Km6gM?JK+RAGjDZzSnL zNhPxXbvpp>?!{0hDtplQFTpqP4__=&Nedj}Y{mfW(T#J|9Q3t`Y~>B`M7MWF9D3Aj zw?CW!wzEOc^#5iSd1$i15A^|eLihVNlHLF8arZL;4=HnxaN>6E)5)Aif`7EC8jh~| z>93x@U3fYSW&aQ!p3eW9?+oJdPLT^Dx1 zwG5C(E6Gz+n)&qs2%-hL84F2IZ~sXjtVMVxjhK7>l0h;?3xD4MhW=$QUL8=8qvmp~ zRv~_jSr7@?rj15sQ%re6k=G{7f_#Q5hG7e>4m5T<_fR#uAZ$WxeZ`W;qmx;6O6s?K zxBvq6p0zC1&mL4$JrIJ5X6`N9YdN@(3L&pFA{kRkfrecIJyRa z%^n$Mef=vb!?Ec#;7e+wDZhlwphq;E`lPGag~0B0eqq{(T&6-?ht#T8v@W9T>M`%wDSRIwQ!K4vij#p^f<*`fT#u&Z5PT=0K{SKxb7a4%yjT_LN@3zM}r-{uuzubpw1nR5e2|ZEpJMqWv*NU)pzoA>}`T8=Iq9 zcBmYaMv6U2rV;?s55R6D01=>$gPnmL!;&rA+h-IvxKf3 z$jGfHXPf?oxsqSjtF4iI|6f70|4DO=Zg|{QknC!5-*X0>yyWm(pk9eASJa{p!^m|+ z;9u~?=14}E$>V8CXut8Np5J+S-NTHqzP_%Nm6h0n%}r|rhV#PTzg84+p`owv<-_ue ziwE-2QBk=qQ;KW89N7qck)$#QX|}EIhhyv{X{mwO3Z+#Kpz^ z{Pj!P-@k2~DS~}(>hIr(`FYVizUds%LjT)>QQ#OdFnO%48h>o8qzgcG6Yr^~ zkcYt7P0?!P_to&PaNWx&lkwP5OGBR<=$)WlA z^gtZ)KyB36ttM=rt`0UG;isCLotpY-ly5kG)^!dA*aGi6AE#OVM~jdKUJhsL#hZyH z7lQv28vs4P&c~}#Jun#gi=i#!prD|&g98WSKj%45H#tSaO=@W_H^EHhD$M{c-qYJl z0|HTyl9CF0pZ}yW2AWx=!Qd)eIwgk>9}?qYV{riERmac}Is*ekp{t_57xeaDh+8$8 zL;rhOStJ1F2X`z`uf@Fv;5fdTAmkenMU`-AE4d#yt@acWzOy)zyYcRCzFOU~53q@d zkorG=M2-IT*3BH0OMeu+trvWa{DwwwG@mYQWN?so{m@8^i$1-SZjT!TqW5z#n)lT^ zCt|kbmP56#+CKfV{fD^ohZ!mc7A~dL8zDBzf!7mQ<4)E(ST8m*bGF-Vyx8VLK-J>3*z8%EMnXyNI2ygU&Jq*K7Mm?_W7J;N#9lA@`IKt(;43EWP<+jlCo3W%LOZ8B|~ z5*vDrfx&;*V(le5q%3rI_z12$En zf2kfovlPj{%3DBaVr^|Md4DWZYScIpD;ckwaVSkw{^9T+IoL^4Ofyao7I$9#lBTgy ztvkxkmx&ZwgBi(5{_BE>z6r-b4XJKKnF8tlzuIr{5Guxm@KwwSBzt8*viY9U{^2MEenwFWDEbS&F zJOV=@wOxocvIdu$68Y)7^Zpffu!$Gyu0h85{Ia!Mc5-51{NjsXB&6JiTnYy`0i$g1 zYX70%@tjY`c2RL2rP7YAVp7{0JDU>Y1ug-BrJIa+Jd##>OK}Iawv^P@ot58qGl~Is zG`y??y$s0V;TTEI)YmuE@|rH0=k7p3xXMTR0AuohW$ZNr^uI8eG_0QzP+c!)jKhG{ z0uN(|y!5R2e}0Fo`u^h00x3BQo21hv6>amuXCqx1LQaC!pZ~G~4q6oJ>78hyWo|Gh zJ$%qAhyIPxu2NVKUlx5~rWBn95ctWLBMs!?0xT-#&e|}QjXp5x@!Ea<9GuTca;liy z`mGSPZjCVuMdkLf^;BR&zCsNz^>x;p1D} zMhTG#Ta1$9W;&=Ui!t^HP%sq8xp2tRiikWvIpN72Bin(|@=pn+KHB)V2>!Ig(^MOWfpx zH%%ZLN%$w6Nbo_gOpg3KDTKOocgsFssT&eWAMbum!nB6zoC?fqI0zQy6aw2!Qw5tg ztv9q45Js0dY#&f}d|97cm<&lS^gef^P_Sv%Vm!0ZUp!5*bV)d&jLHYUBR)r=&~I9|7MDITx`gob2#g1#|PX z=2@He_IG5|J(+e{mE+Rlzs#mG^G7(Q&(Dufj6sa2*6ev`E5kEC0>9j{gQzY#1_B{D1a@ zIp^gFw%*ZN7iGMmxf!dWWKwvO*NORABZb7#yBB+Dm(r==-zN?R>Sn-90>dMpIZW7w zV)4;x(?+j(#KM9cPrMf8xw>VF+8U=_a~w)be@SbrVtRjkX{w8i=I|Yzj_agp6Vab%6`&>}r68iLa=@!-{r$Q?4p~|_V-4?PGkvS!skuts z__|nsL$%YWM$D+hg5-L#gbSa#h)^zsGa7O2hK-?)vJ6L0`1^FWwi`#;h?o)sUgw;_C&^SsC3OQ)ga9NtwIsK6@U8 z@EWbj$bs}1ExYN3+Ri$4MYhllY0JC)0o+VsivN$Tua1kV?Yg#6I;2awLAn_UX+%Iu zN=kC*PL*x}DJelxx`qY`>24UhVQ3g?82Ap}`n=EmzTY4C4?hprIp;dp-h1t}_Igs$ zNfY!Pv+1q~H<`jMOOY&v==;mRj78&C98Fv`)F%aV)wCKRFt>N!toGR{Jz-77kPe)( zEcgR=X9vUT?!ADAxNq`#VM-UC?c;l2+sayl)&BdE0xJnLe^Uca!vs`M+&6p27n+{d zrqtM)R$c0E*y(TGE$*i^EBv8b_Wd(c4)`^NS_m^UVVK+XyW0dc;J-_Ohr77o7~Dw} zhn(B&9zPCE?{?jIDF2JbD6iXz&Ajdu{CnE|(;L=*l}vW!uK}=z>YvrwH~ouInbGb{ z_UD-&WBhj=g$ls^S;z9aC1f;x(XqA!6bkH5mp$aY_9DrIlI@R-NH&@);*66Alj40j zKeD;DGyduddG6TNSb?J4cstm(Hjvzp@$Un%2fhnAfCaB7O3kPH7#61{y&9^v?Aas5 zP|Vkq`|kC~QEXIJTZ|7U`$c5u>2k#D1NgG2bXQgAh6)PlYV0aR6ZIY24~*!Z^RQTx|H z{stlYzWWP@whJzgcQ$!6fM6qU?7R5$E=+ai(nbYwXyFYmVpONv@bF$d6^n!eA- z`7tA_tjUjhj5hRIGir8+Y;|Mp``cEzN`Sb9p7FJE;C_geFTdB(%mGp}^DrnbMAkh1 znq-}85px(L;SLrFxr%0regD7!--Eb{!o$Nua~m5z+PI1zw52UAEr2^Mw;>>?e~gYU z1<+>R0uI!^I=5sc$A5hhp~qY+9>4H4-}QU}3?pim<#in{;?C!>e8Yh`XTM_T6znGF zT$jcZ5|*ZO)7ztb4({tZbkhY^3LPpB{M3Kk9v3R=b^cslKESSS_A$oe_TnOFsnz7| z)K6+YCLA9?K{hx^2&B=$kE4Db#%t_AVF9b{wAQl+bgdE+WsaS%cIF#Nq1CoB3JSfl zd$HJUew*g7j`GIobKmuVm63-Z&jlK=J5lB&^w&r}vmrvgC#R;&-|NVo7Zem=xUYpX zcQbXfn(1#n;0o`&qWWA4*hZ4(|M($fANwMe7r-*a-gQ!j{;7-Kr|>Ut_kGhh42F#_ zTwu-moOw@`+H>oB!_^B7sxi^l`&;58V0QbWt}ELGC1RW_+k!9;Dr`-5&9!hVpj?|? zr~so#_&3n!W<3*OMlB0@(lyZgtHlq+ehl>KI&vw>7>j71jSkwCn_;FP_4J!|N zNJvNyz=u74&J!LF(ch8JYbl@_*P>9xEU6@^M1QPJPQugfEDNE{P8rXcuSKsZEJV-F z&NjES6q(Zn6x z_u2P!Gd$!fymZ2dZ#+Tuffw9#+{c=YqP#gkxOrdnY8_AKCW3s$nr@K$>CYMnaqX+P zi-GYZU9t)?Mowh+kXI_NwLU0P6?Sh~bafB zmy)#$);^V|?(ndux8ssn#ys? zv_Ga5)JLH<)jaz(!9>o3^!>{}uj#*WEAe`#$dCeVD|y@=x}W@WUM!IP*$5pQ1gXzi zJ;<;-hOlg_H$v-Z84Ykcy?Wp}?}MUIq8|bHEaNBWd*sWxW?*Y}7z?rQuJ!3FIHFzF zdG=Qnbl_kIeN%h7z>I)9J8#B$v*Q&P6iKQX<9XD14vkMgJo`X8SH1?d*(yz8a&Jm} zvAiAM6j*AicM~`g?9muCaJ!8YE@}CHe=(J-&uih$5s|9KQIp$8a zmJqe6v!cU#M3nxgg#x_AKJbW9hVx`1sao z^{tBz*zT$<^Uv8zyb(|nYciC#K^1JrA#| zCFWTl*urz;OZ3}Oc7TfCht7h%elZ>uh;soFhf4nnsK4zAUWF96YrsPb?6&CC4icJm z!$c8{2b*}@_DF*pe}?pwkm`Al`^vz4g<`}ghTHlU!|mw3D|m@7uR<6{R(30J*^Jj$ zH2)T7U;*qv&NZliN#YUMYh&U1e#LrUM-XMvFPLq!KcHB^a@)*6IjEq#LEmq#MNRiE zM^zs5BKfTbxmZhp0cPO0PCOX@t_IpvmtxzGf3P&uNS#>f(my!q(6Q;<^A`Vm$3 zzTeCZ2Intx-4MIljZX%24+E87lV+aC>K1Wos?-tzpmYkz?V2F&kNCs*9`@w^;s}%G zqVNKezt8Q&zAqhw1!#mY^xxK@b5o>+?q7GhDpM6RjJ(2L?lB&$9{G`{YYpVm1C;+- z7GTvCJAh}8gnS;{f7cVIiRz9d)O85?Jj}w;_63k1;d{A{HeYin*7hZt!oP$_>4FnO zdwwwkf#~WMkhP+xuwN^C+@{>s{SL62!jJ2wGJfFRHF+bfmtwGN`D9aF^KnS(CzhPg z;rfv*xw=#cHM=$Zgw)^_Ijy2i?%!&dKgtt87U>~GJ;2aC`}1`(%~cK`xaqgMRTj?I zPvV?UzJHQ2(Q0Q~CQ%Dq-QQXkVZ|4V^SY+_v&9IxUw!_CgWxU;u}bf{6R4&6dogl! znBwHhvdWzV*TQ;$2i6MlWSQJ1Kh9spi~T3o$fKdkl#CNJmZ zDN>X@aN6;ug&47Q;9U65{2nWZv1}P3GU|rfX6^Ica1iR0hA_LAJixuXSy~n;6QnFP zRaaIFfc`s7rwvLQwR9b*YQU)&axYRzLm*y>b-9P_rdxo84{RR1953L&YE*69y(uv3 zqjwcT`yF=e%q6rpnN7^HH~A}FmP=z!bkMU0#Ih%aJ8`VI?L%*0lp;49@~m)UQ^;3u zZjiP(&NgP<3l(;zw0#xTE}F`dOY{ABi4)v%@cbfT>TXbR+EY?9vcr>&X3V-bZe)Tw z?QvV@?=^B9Yjqjs$9lY#e-W9zqixE4PQK#Vf%H7+>vUYuf2v_kR1HBN^iDIr40$lo zS#hnAemWIeR3EXDG>}$dvBL@ML`Hhtohg&f!jMA;z;0>*z^uwF{OoEiHcT4g?A0G> zrV&j?(w(MkoWhosX^HjDN@9oYo7wxdfPb!~V#>Dn+~?J7(_<2IJOZJ0qq3g%Ro`VuanB4FLL?^>$8=MV~X;W-CwnVgCXEkhqC39Ud3N1@c- z`oMm7{l{q=%GG_24<|Yy{o7%1lVlmRm7(eK%j%^xaD^dWQ7UjWh}&70x0YENVQbn; zh0CU{)+l#ve;})qs&O8;-6MI51USe3hSgIKs;vXg4#!d6TS-|5Vb7JV(Jobq301Fr z1Y#i2E@I3ux>i}1|E#sPvGKjOc6wD?S2rBcJB$JJMkCXfs|rVl*Xrs4;!JHZ105aG zwDj~}>r&V^&9kzziBUQy65OMI0?v5=+r3+Wl$8bmuz_Hl6X6snAt9-x_oO<@u;Dl& zb^y08fCL-+Lr;(V_cnl2Jj%YE1g>g5A9IwK?|I@daH`t8qn2anJJkTbxfL!*eIozP zNCq7M*=I|NEBouCMtu}Jd-k@@LuFwipbj&-*yf*ah?Xr?baQt{X7W(qiDF;c%nGY+ zMkY&1s`! z1c2k%!=FCg`;w55JYYf=GkhNfGtsWY!rD?=O(7Y3WJMxHVTjeFrVR2(kk~@N=^bS& z4Na+Yr%P5=w$WSyDK;Ku5H(drs_5MMz{N%23ag+{?f@`&I&f-AYju5{nueyWG8LT7 zZr!YcMSC?oJRBIz%|3_%loJ3X4&aVmeSJK%Y2F35aZFKa>M)AS9xy$mX4RRIq$>Lb zXG=Ug)tEh+Mby9p;%e3cuzvd+vU^@py1ioz#tz`;rJ`a1@l+RaO`vu+JU_kii71 znCPXYsVWPa5!F~6UsjyMCx^ii;epM{cN&oQ7hO*nuP`Y;Mm_E(>SZcm?CfAm#vvxX zZ(v}+!^87TOpK!5b)OIFjqrDqZwkVq<2d8jx740o1!rqHdzyswq zG&n~fXqcFu0C|1jPiblC%(^-fzzKt!HcklW&v0?i0s8Bza8g3Tpu9ZB?>cE47y$qu z+R?SMw(YlvpCaq+gDnd#2v1nn3MTy+{^R}CByxXQr#UIiR_~a#3BDmnU0!l)=IC(P zLup!=do@^5_Xu|_E>7UtgMy6wZfrjGyYx?>bOy55@*bB0)czAjm!%pW8gf_ztx&+8X79*bdg8a$hz-L514f@1L^^3NEP9laM zyb$^+#>ihzY-?H@FS6#y$P^*>Ms7lGMozc(fv}+9^a*}~W^AeBdeR2bt53beS~1Xu z29fU^+l=(|(ziH#Vrl6LrD-PaWZ$;N)pmyZ`NY1#&uSa354L(YnO(TQzu_?LVx65X z1O1<=9N^Y@Jvq0{NlL>REDgg;<@wGrO5ebI(B(ZWbI#rEYy)9lHCfW0uY29SNj&fb1_CYChCx3CzZ`y|(#O z{izjiqKs%2#;$&DpeBu7`=Y6_I9gRu2JP*|){H5+ZRGTFH1lu=iiwH6*JhPVOwto| z!$zF#^S8$<7;6G)bKa&FFpTUzPBf>0!};T7Rg zQ=F?50;j7XzCbx`MBNhU`{jv}F6DI>Rk5!gWBHp^)4$KmV7-eMC^cDhma3B5o#U`4 zu{d`b_Ls$}a~~d`FO>p91xbN;D;s%U zxb^Mxj}^Fci~-)ZPICBhbbMks&3w}V+7n4N1(rJD`k}F*U`(b24(aXfU2z|KoRNx@ z4Nf`#iw61-lH;`{4F7am?-xVi8=yE}h|&bF$7T13hT&zt!8 zZ{G{>sxaV;F-Z9*8x=(nZ2jgib4rU}?H|XHn?(T|oCr%+iEZ~jZ1O~;ro_#vQ!__IM)9KgL_R^_9z2fM+!icD8Ny8dQ9Oi3Cuhmbe)eg1n9f8? zX#eQ?zI&um4=IihsYPPzLG(U7Mnu;)#8?gB>b(#TBuhY9e1GsT$@s{hwpg9*{MQ?* z;$}~Zg*q3^Cg*gTCFvXfpY}f#2Z4BG!EC7-bXNgVV;6uKOT2LM-HDkU+WEL%&K;Yqb9elf9_gg&FQ7 zRX*&){SO)pvHxs=CX7Q^=g=BOnJvhKOv-Y zU*j(NzLH!+!!=PmN)T`5kN7^|-ZPo1mh|O!btB>%1|WG3iqG7gJ09iZ>l*dWcw7$8 zvW<)etrzQ8{!ZI;XGcV-%NK?fl9!~FJMVZvQHDk*f+#AoPkOH>!|DyXGHW@RApz^A z?GwS{8To>D>55mnw*CQZ7_YVep&*L?5%!;b)5}y+T^5pml~6PD96v5h9Z0S&`~YZq zLeXh?Tif9G_tZ^8V4RBZbf_C5p0t+=DF_V(fOw#WB5}5|`cm`bcQPqeMg*H(h#d{M zWv&8)4sWYS0AY3`IYs;UyY7=X9K81jrT$a*Y>@s7o(90_Xy7m#wr9u*<1g^!hd;|b*VEk?m3;LzOpXJ% zt!01mf*rS{o{GRC_o|4IbuzbFd0y-_eD9)C5IBE3h)Q3Bio1KfF(byBl%)Sve7WjQucg|2=KB;{~YfEJ%p+Eg`r*B^0BIq-;Y5p$L%`%nw7!4wTySM??x+|Be z>Mo%>hb(8gj1|jbpOuWSiD?(As5EfJ6ThvEPz7FTFHL3t>*mFEpRB9t>qkaLV#cD3 zMm<@<7T8Gi)HDFaL}q`hZr0fzjo8`YSzTT0;Uo1HZPYzup0y@&hQk?I+2SRsitPZi zB4R+te5))4gGED86|%``OV}A~u{u{IoL+271q1|S=+7wS7Z&pDmLgkWcO;erS~APZ zaFUXeHerM@EOjK<g%}DyJQTOE*a|V;i*-`D zP*+z6bW}W@qI0`>j4aZo>b%=JQN|_J{B<5s&P^K`*&)OBj!qKQnYrPRo^pq=@iFS= z(mT;*DqX#U1h_hE&R}tI@w$`z3Mz^-Mx4FROgCVb++=LW% zqWY8hX{e}LHb1pj=HxuO<>wR^^Lg_RO-5YSS<*7lQBhOhi|8+6WG{IUw;9$M4h5vW zC+$VrKB6PdzhD2mPSAf4RYrSqnF0FWv;wLE#e|rcPjmII$)&5SCV=4eDPZVvaC9W0 z=8eCcDOq;2c-I76fF|}qt>DGuCzvw2x*~kw8S9>&t}blq9Cf8Utyoq?bu)W6EzK$kb_OFcDk4@X_9+`$q)O2 zw%9&`VtoMCU8v(-;cJ!u232nhO2OoI_`y=!fb}=*tX*jJ%3_OOpcEj%Bz71d8oC46 z>M-^w$VioPh#A}n8mW$!Dh~*^SK%8<==!yNDzhJzHp$9v+dsgu)@^QCB`3xUXu7r` z6LYu|Bt=MT^6{g1SNA~Mwf8&#*AvDNT6Mj3bE`=~GgU{8UE1kNHxg{h%Vc3g$@Vsty zSoA)440Kg6|9*985xEWdFR%ad$PIciPNeBF)`op2?>(` z@^gGeP|C|ydrQk7-LVxl;Rc$T42atG04ZG!9bH}Pc*Y7b>&^fP-Of*Dlv>LcZGF{m zWyAtjrVVC2fFX6S6`kB7waEtm?340OE^=nNou7fDo;Yf&=4sq&tWlI45y1QES7Z%g z388Cqi)=k|@8jWX67BRp`BYSUZV`n+D5OJPJYH^{>JJm3*bWcs?)`$*|_ z8VWs^NGD6A^WWayZ9h{G+CGk}KoP6!kREx*OkFUxhabrmNmnyVnL2Sy7RAIDvEl9+ zxy2^F#tFibTq?s)YaV)+$^fN=D2tqR;-*!A*UNq{KAfWMKT8*px$U6>g!dw<8=*3j z?$8a+K|H=$HR;YX^y4qXw9XA~5HaHbrAJAHyVo**kx@aHzlZ!3AAvve~01? zTa~|zrCYcYs9|vFikX=sZ&NdXw4C|36Z8Ar@UP)ge7R_)=}-o|6an9ZD>mjoA?eZo1n!r=aBi=@c%k#h6}}rC zNHBtNC&Of>%pePI26X@TvYqk|ZVBP)oMnb`EWb`OfM=%5_%F=*o8AcVB&Spe?AKid zEvDJqZVcL!|C1X4#?eW+W=*~&=%foc*Q9s`PaqcTs-?ElmqFgYd@9@3$=QLGW&De3 zEAeM%bEWpKNdR<0At50}k7OA&HN0&YOeT`ahN%KAJNxAb6|e#%J=-96dWJaD0voNO ziR_H9fWR|DWI5qO(b0$_;)#U?zm5))2M-Z693V7KPL*X= zCt?Zdqw%@vh>3Lq^b-Z7{~`p!Bm0$|2AsNUzH83k&I*jjx5&@8!>SpYo`^hMA;;~c zgKtVHSbcBbdg17JUqZ5NczB*uburJIv+tnu$ zco6*T9EGeU6u%dv+i1E|2fDbiVwKfU_*CY;SDDp@1}&`=4IkgVWQa`%dr4!kvh2?s zrQ}jWq{o{t@k?Fewq&!e*jpA!0uHN>UG`=k?MouCad1KbuD5y*D@Fcpdq8eQdy~M9 z;{z4W;b4Ve86$_7=|K+W&yY?u98ly6TSS+l@=H}C>Q8=>uT|9jf)fSW8R!*2Qs04o zB0#tlaN7J#bum_Q`~7j^82;}F{^*t|kTnj4-qPN1T8Rwb8*p=T+wV+q($djU0T348 zW7yRrFJq*NE+H93&A=}iyiTQtwH_T46FRjiP;tT!*FyDLB{S1SA~B5-r%DH6I}xoT zxDUugnN8S;LY{;G4i=OKh1y|y!l%y|8KrvQ_#+zrjrzjT@jmGFuDdT~WF}>m7}!Np z>4dCh{O&~?XnjDUU_GN{9h2=n)G#qI{gz)w;XEGK)gvpJzeyt`^mgVeQ#&t3*}Vy9yVlpZ`=-7s7ETp9KXH32m@+mxD_8kHQpE2|_I%}4n{-IVE*-&L8} zpo{-Y{|rdR-H$Eefn>3)l&4}3ZfL~v7z0Jn-e+T+F38AShO~;0p~0%_m5{7HAAEOF-7h8G22_8?XC1p zvTwUmM)y9g!~o;|fD~vMxyUBYudcR%L`U=q(M}O59Sk&=H@&ASytiMAVFgN1Tq%w^?nQ_-q6kWlfY+=^V zLBFn#SHS60mg-bOS|(-^utf8J1%vDzU$w@Y z9L162l%BF!=a!xsjYh*Uu4)Ut5~RvaLm+@*uRw?F(IBV%-w+LiXBsoVKlN_Zzoy)M z`qNJN|I?@dDT~a2f6ZIt;!G}LAYn-ncDp|Pn>hdO5dD@^<=zHoXN{uU)EbEXX@8^t ze|+^6{`5E}w5x6r1#%Hz&nwZtVf=S;p%`2c+GBzXgv!0e3#i&3Jq-G9(2E_2_v|iO zX5+UBfa}54?%%W|5UA>b!XF6Tj061trw98_QgXZ91Q!19ySzoxJaX11xcg9}il&U? z6%NB!YHg3pB*Mk^lja>4dN#f2nMGh`uw5p;zT=b#*z~}#h3MezG)bw}&9cAGmgRRI z0SPXE?gEsQpzhv1wXIpRwAl^8gkIA~(Evjc+iJePoGRy~CXD00&WTjRG^3TW2*|65 zh=}*;?yq>Xyd4!pzr@FX6&j6Rj)&)97Eurd?JfrN*JuQZ$T0M!RUa}~)&scerv$bO(7zdlz^tBq!jqMoIHN2Y>$uPcm+~ZLj))l*4?OE)fUF)fN43=Nl76?TVcbhjbv34Sb#+23;hY@GxCOuWCfQA)R{dYO2F|Tqqw=G?uBiWS zuokleu$usm4T~>3FqqY2O(!RwND9%=m>66hetsGO0ixTU#v#Bi>%T}zA!|6Du?mig zl5uf?Q2n&9um}w25<4~m7_x7H0TxT<-&Qr>S}p@sVj|earkKhWaEpBjRDefEM~Y&! zz$gLuV=SyrfC7K3T$mBTNyQx$D&x@7oWCOrFu!)q5E2p+;c1(?oS1_^*`GSZdFFoo z^W%Mb40yL!9_4A#KM}L#aPU7h?`HV#4ycv0bCvxaK(>Hxfevu26cxj%-WVDh21i8j zuGv|z$W5V8dVK&C7~J);xDa5>%FaUb!fKW6f*7|X2|m8*X|?SFmHT^Y78cE}LQ0pN zsgF}N06z_dhFM6lrFEwpOLEMT2?kZTEqy*lT3mO`h!*@;ERf^Pk5oXPaP-# zAH+$eRg8^=jo%MpPQVzg&7{~>WL@D((K)><$GQ?z>HtYP+!?XBjRWRDr{zD|hd-6X zZ8tjjsU=zy#6OWM}(a_hoIWkLQO{TTY z#M4BD%XLOL(}iSn|6((HyBqfPJe-AGIFOSa@wvBvIBE$n=KxY=UPHyfCeyDWQ!YS2 zu3Zwm{(AyF+6DNnoc^H~G9fH0oaEh40JT*`T4KhT};t|1yc3@{*k;dbK8O*k|R`L?A*z&Zn|ixsml6D-E7K z<@UX8x6G_&gY&rjV%qDLZ=Crv($r-~_0NfndW+ivf4~e6VyytFsanFcUpv%-8zl;n z0Nc-=>XUK9|B3PR)b>?tI?I;7@=4=FDBOSR9s?c=pF$4}{zNF2+Xw~7TyY^@3K~TR zQ&dHO{1vzyClITIuhU(Zg=kNe{Sij^oSS4m57D`dws&LPY-)mj`9xIyQY+L$)EV0( zt%M-)Oy$YSJSE%i|NN#Pb*i)}SMyRA-7akROHW-=Zr8WR-a$)L7Eiz;)zp$Pouy1c zE(=VyvLkEg7@K$QP|C;L^X7K6ow`km)m~G%=zXM$z3)(gIOy$zb!RsgwQX+}(R$LvF)d3@{Nu|Sz zN+MR=MTB-%o0MRc)9&FGtBGK;{OXgKonB{ZrKPG*;#+E?j1mJ1sl?N4_U@vBV1cTu zvekB8hOMb;*50kb=wns>(G3y4%dGiVkjXDLGe4V55_i(g!_E!Y6PL40)e`$wJB@R2 zh_MP2aP;e+s>OfD)iHCNUtJ6ChvIZl=HJNHGQijo6rE{0KgROZfxxt3-B32*Zi5f- zL~nzv;+timv=pL`;r}Q)KWqpnBe!G*i=sOFU`L0O z-}|f=r`hOrS1ELy14@-&-=5%rk#Fcdi))+ZvqOps+o%k4hqtnUNu7i*xG57pnFF)^6Q&Pk#r$;Yf|5upAp}`;IuOhXjMIurb9EEaLu(uU5Hjv)^c~a;G|J!pgvn)GBa6x!s3HBdtHoOLi>iZ z<;nXaW4-+5yWMId!6yngr|@3em#vp;vmeOnvqa+Qrjxys;Q|=m~gkIe~W5H5FgF46^k;1>$TXw?a z+$ZKL2ZH)=x+lRTj#iph+lq#VyAI6_Ym}7jy_5r%XC(ky5Ess$&z2Bfn+yjS9l^QM zGyROJP@=efO%aA<(V*0SrkAmw73YM)l`IWs&nZqb$Q z{HfOT`ih4X`m1z!fHUBgKzCH~Y7Do-G7yuBV<^cT%O5V;$o;~oaYW!;Iql!}tuseHy98Bb)3y^C)8F zr`$yH4AWxkt9K=MZDq*<#TE0dE{%k{macR~#aXnWnjug3&kEX;+v{oNGig;D(3$4D zYd=5r^-kmVsD3N%U}VPBRDUfNHW)*OX*S?FAnY+{JJ2UgASSUn3;Ah$dI&sx^OR@ioTo2B3s(ubrErzLYio9dL5Z0FjT)u zgXV3BU9)*_fqaz>u8IiZwF{S#O$Yh=KdORrOay}JH>`f}G5V(i~5l68sq z&`>zWLP@utSWKx!Q$B%!fR|e^dpb#*je||cU>Y(7F4Rd6pCg&PY8bp>&C8i^-Z)j7 zEAuuqx`Nou*A>;HO<+P9M)@GbzN)P^6Rk${J2b;y!+h^O)s9`wT6N)@!!$xZS2dB8 z!o_Vtk@-!<+Aymm?0HRsJaIqTD`Q@0)>GchQ+i%cpAYXh%thPjt(!v2D=F;tv5$U`fLDaAxUdLTVc@B)d~@VGnRatP zcl>hqVrt`rL+si#wb@jBsMvYsl2>n=vh;}$-|RW>b~?EvXj$x>-_E60ne~q-mBcU7}wGRj_atwaDn&8yRt5<4JI5}&J}Jt^O*EgyB=`7c>!x4*D%r*oyYhv5Qu?SgBclmVx}(HO zj>i)k@tllzLfLf%Y@y}(?I+~UuC5k6ty8nh4qBqRI(lW$esd!SX^j4euc^u9AJQ<2 zNw>o5gmuOi7DypfsDjttE=J}pedmzNwc*ptT++(QN`LQm-&5H6zLx=z*AD_slko!0 z@tK*7mXAJgr?ai?&0tHbWNT1bHO$QVPN6b5y;P_A!xmNFY0l)jI+=in0_cznkY^DfP^X7-mSvLbduh>hr zt@Xv-%G+JjVc#d6nyQqz39^u7ah2XSzdFqAo%JqW{sORGtm6L4anRPS7yW=$M3&=(UdmgKQK-k^oy{cem)OMVv{;mGhQhyYn{N$96 zpjst>*7?TX7tvEZhljGRfg9JCd)y_Wa%L9$$KEg%;x)3q=r>x8(Bmhuq0-HujP1wj3lo0djV zRaF&Ww*pEB#0&m7SOnEJb0curB!F8MEH6u-;WS#>*l3uVM!e54+dmr=wNjSO-=&-8 zk-l&(hNZ9Xji#xgR537Uf?Q~oJu%m}jvFpFtpA}S<>4DjHT@a3S?l9@cAK+EvLf%3K3+{*bN`q`u{x|w=(`H~Lb@LMCO%@iG zq6iA7OV$_qrC=uYm(#=;Sf{YKgyw?GOzQeZPWADzg5p|n&Em)(4Vh!tInQ*PGcv>h zhP$gXV#4Hc(M115o0z-2l_yy3SIOAcw80hVvMpUWOBvZqbJ^&N%(*_$G#CvC*g2Qk?d(#Hjl+xyKFz3mK%~_1@$1GwS)(s6gw)>V)z!U4n;_t0 zW2~+o+ZyX8vob4VH)tvZ=BSn`%`b>i0Ko22#fmqpmo9Kcr<2WLJ8d(wTmZ6Y<2&y> zaZdygMKt8HfpVHiM(7c9+?4KaHlaZ^%ysi1V}%)#F3M_qiHDmEeOuYc?9CCY*PUiD zdUZ^xzC7()m^66BT_lExmG?QaVDnvZbsD^v#RuWx88SmCyFONLGTO}e0rYQo6bL;% z)ZaQt1Lb#}sEQ`H1!uIlRcM~Q{qJAJGJl$}=|0tKxgDj-&Zw_hRTv-Wes(_Kp%1>#><{VXyd#$Ky z-Wv?SjBBz5(TW+A$*Ohg{7P%rQTk16joKv7Y6>%v{!@&`12@$3$a&kn?IG$dZSXfY^X&)nFnD^$&!qgN| z2f+0cIx)4e*@L$5`a6Vrw5~;+Z4$}adEaS?%VZ3l**#iOqGfLx-zZpW2T{emuQXcP z@by{wmUcOnZa(N+K6FWWlW=;4*f<&VJu4aGY%(#lhkk;UDm8hw^0{FPIjqViq9dd( zfOhtel9K8Vj$Dd~qFo*@jzTJZi}Dz&pExznK)CB%ldxjfin)i`UNM_$0(N zSsgP%RXmWb^D;8Dft5OQs?3b0iBC!uRV6Af&3eC7{`?|uHa0wA2^}TA>}*R7yEm61 z88kLOPogpOV<0X+Z!s$%#RV;lE=To(pjCmDY%O)5s%aDJV>R@Xoc$p&8k=15;JJ&t z9lXjCEgqK4T)KFPa&uY&?;C6`Ubwm7hlfP%jB`_Z%WV`CU*H!l1fFyxBX*ilzc}vX z$@liWQCrB0DR&^R+D%GJds75=l~haaVeWPI-jOHr%NOQeTKiR`#A^u#qu*U0%U4?p zx$o=H;ujhfjUqvbMOkpKKB~C57<)!^)-4bIVzv1gIGLIcJ4mTc&TB4vtiAPOk-E7( zp+b6)&w5%~M!pLf4OeP!_4VKMtcNt^o_lI~i&e*MzF98uRSz2!E4moGs?h);?-q$1 zi___!`}3J~v~?$67VWd^HxOx{Ag`6v#mLjH4tAND*oSK(WL~|B41kM8=u)VN`+Ri3 zqEu-)#H$mG$0+76)~n{URrOXXlD0-X3MvBg@pZmh-E!NLtE#FFLgZBr8JK{JSV3kj zRUdOuo*-Tj6k=b zvOMJty(#n^m7_^1M`0G9_Bkb_Q*nA)0)D3d+EAq|RH0W=>s2wkxy?-Lc>pH4SbV|d zIsx=Fc1g~!8k0iBUL`+5J3nHj`yjFQeM0lawiy1*X%It5am0_jlkg*JP+?&{=E`;g zFhnEh`q+EA6Po_zph?7jS;~#8)!=$J;Q~HC&v*N6bkb?)Qhr>NS9$t!*X3mf@9!Yf zpO(_yJYS(z#UxB^$yA#Gy1ul!JT$oQ7DZa6kE4ja7rO+Vl=vVNw#ky8Op+3BX*LE7 z0;KK0A;-m^9}nOo*$Pw#=d05UofKXoSMKIVPn_x>1_cIsB!4l0bUTMBb%l+OI;vEJ z)Sn?bHFc4q-zRXBt=>e;4|DAF4yz#?;Vt)b;bS_vaARAtF@u!-m^IK`QbT?NO^~{d zYViugtAZhkm0IqHBsEiDs?mE6;MiB|X(PYp#d!I~3yLAq{RA~$506*3?xE4mGcZ;0 z@a7>}-Ov}X|I(Xg_kDiZi7NQ7*?UsG2g% z6+_zJJPvG9)p`9oE8t=cMW24BW&F||nf7Y8XoSIMtM@WB%1iQQm#``S=F+yQILdd2 zV_bv#=_Qcr22~~HGhv(>s1{Y_m*>n&91*W+9UPpQ^1ThVHn)7jfv>Oowd(a(<0Tta zABo)f4ohBONcG{tyKV51`Z6#cI-o?1B1DQhJlQtA1Q)^Q`5bP4`~jvcb*_bpj=l+y zXAB=sAUY)7^}yftN>t23d%*@ouZ{gmRx#hc5Xr9%__c$0yN1`1wYve8AJm_is=f|; zpMHV(dVKgy(*Cn%&KOF)CU-MNK1;oM11ssDH8~a(k>h zmg*hBw7}~6>h=&R0(=z}6z3JC*R(t{JCwJ6`G}Xu;A5Yl^IHTa*+}$?pk>+aDY7!B zPW2+!L0#WPV{Jp;dHGG+jL;0c;~H6Ky;MEd1d2{5v6{5?2Opl*T!vaD-m$d}OhDaO zCmRQnt*l1Rv#*-)kuXo^Q^i^hP3wC8>OzdTiFnKU2$mmtKT1D<3fFT;=IZRVAM!yS zn)Nuf?3rEcWqq~kapKxYoOgo-TUsj~AH50$gWl~H=UWaP44KC1blF&eN8&z;llvTh zKrQlS<9nYVQ}W~IC#&meBMdEpCYRl>5#DM<#*~rUtF87-?>P>Y5S&CdJ^lr)gEoM(KM_P+hjbXEBcBlO-&P!#wDVHE6m zK{#X3n_tENq?Jed1mtu1B$1t^B=3bOU(#tp+@;BsWLh)pcv}RD=FN72lbHBvT!VRB zNprJ->z-mFbSXQA4M>-)^{WQDA5He}hEG5ycVU6jY(ruTLz#ee;N|EgpLc%KOW!w| z*~?|X;9n{G-_4I$JCV#=g3eU@}pS-7$w7qS`^Nz~S z{2R!Bq+)}ahcm8pw>I|>%CD}cjicYX#ZuJ7Mv>;lJ1sfa-VTn?rzk)05cf`~W4%*l z{;m|%P*~Y^Z#OR>H7ucy?Lpt$AxkW?uSLbh<5LkjOIgA*uXG0A+Es}yDB2WM_(-AX zGfuSF#&0hkZ=7uNhdD21t42gB&S+U%co``o6CSbd&yOx&r946j8UrtR+MS06jMKvg zQSnp6iqKL;U8cXqYZ9;~@-uRJ^QY*!d@E7NHVboF@0%XFxjs_a_oZYo(1xq4`BG*@ zMFm+KsKc>WjPV-JhTFacO#^(UgNl+N_jF)**4uO^ZO~ll#aFntZ7#ds4%R-Ujk(3> za_Da7HNo0$7KC2|ss2-*eb6%JM4fK_l3R%kQAZ!;t)ym)tj!rr)p&2;f64gWO7jtG z=~@8arOz_>=);<^bIZ&Q2gdx_WmD<$TWxjImL@IdxN*x8+mVw#CxPgZ)l@kQIF@;7 ziGd^}0)JecZ(!|5UcOqa*%r z{C;D-5D7i1kU=11+h&K?b9=*%x6N%al;55E?ENT!jX_6qS3OQw6+^mpe*6&l&Yk^o zn{r3Z$mOlyebKK;O+^s2R06J&88O#aqG0%T{ZLkU#q@JwH&dQ)Q!A_Fx_S@rY!6r` zu&5bKSycSm!muoI&sTv4qWlI5IXAXD=n0C$}T?Irra)A#cH z((O{-`eelLhM&>Hfb*s37Ilr-qd!?ysDzc%)iiw3QhZod^09(W6N!1kMUu-Tck)}s z_dK=)s-$1}73hsKx+JCPW51*SKn+jFFu9oy%hvjC;fQSy701 z-niBh9P;YjDrH1@O=uE`#bX$ArdWp0qSr+Z8cp@JN z8HVqrzv&qSRP{CG5E3yly3|(z&xqv7`~)Bs#E=zO#G0fY_%H(T+8sX!M=t@Z5lFv@Y0!!CI6hGcK3ipRPPC zilA^lzUp09u}GhCM&Ie`0B6w3VO_v>RXxFMkwGll62emsM6BTw=iPS31m*X>If0%b zj;`U}&Oci>lVWgFdxWzAPOV*1Nn~ze6nFQI+hvWrj<;{ud3V?j!cMfF93&T;K4flc z%B#DsOm9-y?6shT2#LP>Znu|yVln#(A&BPJBn0zL^QNqcQaGuB-?1__Yd-d7+E#A% zZuX_*ro8XVW$p}?Q|P@Gvjnx3L>2g^e3?tXiP-mR8f5FY;%=m9GN?L)bL;0?gCaYO z4GlTN5sK6}pN_g`@qQHNp+lD@wIQ6R+|NopJ+1q$Y`sz%_q}*|>&O?lbwYl*TGP4I%9`HG!rBJ7-JHpNp;oXQqwckHzGH zql!>`*A`?zpeu%jeLkN&k6Cij;wz7{05B?{PkLza&46vAh~lMXR*C;*j~!2fyPeT# zb&a2EK1Ead&fsuqKx21P_jL+#?mP3$8AY+V&pM*8WEG)c;LR)GFNv6Y^(9EnR|Hd= z65%y$KylR-@0-5cJ#mIWE}T^F7n*w^?P2?RaJ+9Xl}n|Nmwt29FMs6%02YF;1y1!R zob*QVM^8P_+!j?4(-3oYx4T}x+BjR$?WpecyYz$ZWcIpbW&-c?1aVkWuRWXy`azl5 zi}VcjC?RNpbN&Ye+X6r^;3Bpx@an_;sc$p zwqe-cKw(-qHAj5sjOti8B+8lZ{iP5<>GwAQyh|f=jjfwcnMFZX64bemx_VKu`bY?+Yz?xGT@n+@jCj zVq`eb*WG9Ry)q&;Y7YPLWpl0ggkm&-RsXB@m9bpw&NZ*TfBw~}pcxt!4RiNfuWtQm z$-q!HN51&oIn{f1-+mOH0CuF3uPpA1tq%v=-}NgoOT2lt_ws9pSq_HB$n&hb_=FMY z{7(rTU+4ez46*0?wee*0YrmH3-(w2SE(!8lt3EX*ntx$wVV&da)!7GcoyxNCY~8OZ z!O$SPb(>VvV()e9+b;Z4Y0lpA>ectRayi@#4Az=f&ul8*e7qnfJD+3Svx5(IZQ3H! z^!n~i%d@I!rq+`Klz_exHZaaTK3DUs+A>pfYvFl?-=@E-nsKL-`P=g1a8e-~KL%sQt?Dx<=H@L-p`+7NE|>Zz?8NDlD<9cu+U# zp(sOxJnQ?DlZ{;uy?VX)$9o2b8=hr*Dz9ujDHz4bP*J{jd9yYH5Ip$X|9}g`=rC;p z3n*OUSO?-aL@4iI0x^<$M-_~Q!yro!Z)FdDb(a4%;hwJj*Wmvy_TM+#FJ5%029ksy zw14Y+@asy_ic5yNgzq}RZd;EBzuBEzUH$vt k*q)G28qEZriC?TOKh$tvkrAqIiCO`<0 zA_z$Dfe?^R2t5f90^dUS^X~ngbN-w$&U?o9sDbS@~EQ z7#P?e+}C)-z;KL_f#FESv7^9$R`YK00e=p8Jkq?wP~3TL0XR7FLQO}FfuS^tZTATi zaLnR*-`s}NgDP&4weS;Di_8chkctl36mt{RL8J0-rnU~Zv* zUo^HzV}wWC2xrfh_pHO@qV}!<_npDmbY}-OHgSuqJ?T4L)atp8hVvmGj{WOU_2`9D|2hmje&^!94jInA(g^%eAHqEPSIfC6Fao>h zca7(t^MM`A;SAsIm4Wf{(79yqrOiG)l(tlL6MT2AW#a5V*NNV$);gju?MtxR%T5HB z1?+8$_*{A6G+0;)UBSrh?aieIDEnMd(o-TE?P9#g+`@`%F!DY}hZV2d)DDMo2rcjF zrYhs_y*pFycKpBYn)Yo*{M1CZI!C3oH+}%0`j=g(q(#LKyk3iK0DUGnbsR;2J4u)n z9uv&Uesvf#USL&S7AIde+jJgs;=;Z54Be>YFbSD=0Fzh>oG`gWMZlWM$ZE4=TKp0cmScQQ^x z+A#Ya8sWCzXw1mDOkYxY3J*-_U5L; zgy1DiY^SSeUW@(VB8)#j{ndC{(qej9q}*riX`+I6F*@MeA!dDDfq!lj$nBndOg~+N z1?WfjRnY>|{kJ?4!J7OQ<vzL+D1-ko_hk60}CyjW)Nn{6Y*vC?S+Opx|9J^+YuI# zq{m87N(Bqo6|)2>>#>cw6lk$^0G(`7>*Gef_3*(FDj@)i+4>c+yv8m!_P8Ta&YPMs zSY$aDee~XYKKoSv_3)0*H(GRt{08!k+rP*-&4$VhI~Gh=bA&K+AfGgbR@1D}kjfjK zw;J)lSR;^tF@|)?#*j8$`V(&*B*%Vyl%4CHvY2%FS8@+4q)EsX68%5k7A z1-e|l1qFgS(`}xuS`u<}%&9MnVOIiC`&1`Uwo+5j_j1aS^OM`-9$iY+UtGX1Z)??5 zE!PmO(gsm+jJ>w-?X1x&!kYe@J(^N4lcY%HP6*6kiq9{Wgd^tz_US0LGEK23s)wFQ z&V3CNbmtLlpgklNo!>AvwVnxX$K|}f`+zf9!5axYuUE29ez04C?2mA{9E@V#T;>?Ua;M{I^_(5_d})Pk3NfP@`b< z#K_gfB1Fo-N*%43?Wxl^FtbZzbmdzk>BLD~z#X9|h0|lnu zhh7>V7PYRa0N!^MC4`#ludEQ@v<^_hpt{lsP*hQ;<3Oa zncy+6cnGqqdLMVKyVOpTwp8Br>j5KXJV7-8rcn`4a>%c6ks9(zNn7GyUW-O38(@ZOTNJ4s z0)rBR_icPeD^6IrkVb(@;49xp(s!LTH_!CB@`iI8p~Lc`!;~Y^sYHx?o$>AZfamEO z1Esl>Dv`HmKfQ|k*CNcVE}5{7T(VY8g;$BrGDae6B$Rai&7f%0M^Y| zVx?rOR%V#?XA!<6^Aydnqc6MDg0xHYvkn^@=racT)l1wj`c^IUT=l_ee2td}&4T;t z;0~$0OPSv}!-h5y!qH6q4yTdkqR$x7FMJ$}{}ELj5gCRAjXr17m3WDmK1w1UtgzED z=;fOBBJbE}RwEWw1eY*ZZZa2BPo*={2+ymiqm3SDfrZ+-5}eYmZ|^nc{HJcyA2n+( z$U#Oya&p%Fky_F70|f~Rr|zV*VOAb8nBf zf`^ffPDIHRr?jy4zYRvQ7KY_HSI-i~t_kTfo_wFUd^n9y#5$<`=VAnT;U!w*7GL6q&{G948U|UXAIQwg{p!+i=HVI+(?%9az}76 z4cq#!eP^dQ*=P*iB^H14xhaYu=ReANYsq2ErXT$_m{8{)lGAc9Mip5m(j%m_YEtix zX0LDaXK3y=J9-OP%7be>7osIuR4dLYVhbu>2uo!64 zoAH&9EWV4X#*B}86an1iKkC*Z5F*C^=$p|@|3ITng+Se+s#^C>{&D|whLRj|?Pjm` z)WDhMD52Erj|(QMD2e%pG`J)h{PTPbc!J_3Ewi0%dp1}FX|LGWP1Ew3ws~xLjg?;Z zWp8Ask2ZJ4aT$65A= zYF+$i-PhloxqV7i4aQ`kM1E}I@?3A`J51ky2mp_duX^ejx(AAeKi=EjUareg&GwUw z80RNd7G6FaC(TP9(=!PkH@t=y5fnXB{Mc1|;iuuvlsdm&sMb-@W2{T5?rmaXhsRTJ zIl%I}T!#ZK^kyx?ud_x2XhGg5_LKPSEx`@);($ju|APMN&U{7`gc>9KW;#Cd5>|># z9MUr*UwGIutHvxay{tK;){-0gsQa(;FH(H76;4OIeLt`)Z{z+2l`p<^gr5>J}N!RV)q7g$R0MY^#VL(Ycq>5fcOfv3m&k1?ks%bNg zHF94i*ISVp^o-i(x`BmVYwNzq1+`82)Y$X+bsub%bBnyFEf00mX*kO|e_#J9 zR^upj`Xc!5r#U1`<;5pl@#~stpe)!pE!IeDDk#LEFI&UiGr$X`n zS!ZuFji+blE9|cUdF4Dg{AAJ#a3q(aor}C zS%jN>%4umWQA6v7>?|j(xqIxB83FGHJ7X;wv((rxIA1BHpp5p4*XTXRN3_z}LL zF;i}R4zTShRr@86#Y))DLe8jtf^~d>WsyZ?uM|3kD=yJ=!pqR$8>%E8G0DZP*d<{s zE}Huo9hvaFo~UsmP`y~Zoknm*Rk07})aQZd9Y z4i@p(j#^1Wu>r9@=|~Cjw~x^OjFn;k8HH1-81jIVEqrG|gtpcqgx8_oRoXLTYNn37 z5K;iJ4j#tNoHmhzxRREJ43N@V*_iE2wwzEx_pvwRn{ETS6OUq<&m#?ZUR$7^)Q|As z=DOepU?qA1WNZ-XhE_N)vw)}m>W`&Fm%0aN*nl8>zqOuO=-gO4e^CTs$T13ldEfC} z1=f&}@0A~a0)XB)RrLRKgPJ@iS%W#nxQ}&)GkzC>ZGNN! z%hd9kfu?}H0;wVfohl@rvr-^cOCGdzV4fHdOodTCqY-qAlccZDI0dw?gU4>sfW!n( zuRX@0`L!unZrms1{`)N3SlmBJ)wfwOLO4UZ4Q&x44OGuw@l@KK*Q`kDI2285%{^D6 zciId{jSjNZH5=R{gKKQODH;Ouwv9Vt<2%DMBvF$ldTIi|+j_V4m@1K$3$3K*TtHNdBdQ2kSS@(F_}m z--80KR}%8mu}xnmMF1SQuq?5l*2=J*$ME$l<1XBfP96d+4VU_+*n*Ll1YYBp{~5d2 zZG$c|<_^{Qtwi{dX@YdV>#FL^(;AordKKj$`vP*R03^^(qdykQAAd3dae;wn_=N}t0;E^nZWW+`Sv1HwQh6zubv_c!d1!YzJPxj0+Kl{lQ%y)Aek8@qyKcI>Z}CPaprBUchL!hmF+z`jXA1p z3>e%dKm{fY+*zM_lW+r9bd%0JY~?$x8bnv33}5vZGZF09-C8Fq&vDbTVg+zsD}9I2_8(Kf7!T02f&x^ECac+IoDEv{Jw?I`X99 z6${dFK%8pUP6V5@3PeFgM<9Kl|6yS4sc@ur~8@ zn=k$jXol6nmR zYoxl^JBTScqz*=_q4C=Kms)#t$SlLfC&@a4@&AmzxADL5HF(^Os#NL4pu)6TAs6dI zbHHp42>Ir4k=3~qh!jjRN^w=DoND=k6pQRo;amW|K@on=1v#~Ty-q%iOlw|-6XPPR zxv^-!go3wfvB3zq*TLaTguMw@kQ}0@d9?Wv+%Z9W|qB0*&oGfYqK27B0+q7ZAS6Y9`VVq~@ zm;H&1v;a(>vs9?9i>e1WAMjCIHLoF+qFsydJl+p2i^<`S}UMZd3bSk92B&LRoXGX%y)FzM!Cx zHHI7~+FfR^J%qN2W4pQHnfq!t@X+BxQ-sZk`0&l zXZ7gy%0kh?qCoLF1(yP3gE%qgy;R!rTmjNQ4p-seyD9qQj+zbflJ)DJ{~p}f*#mdkIM_cFax48a>=^R6 z&F=o|kfCJZGUBTc_wV;P)ka zPTVwa(FQuU)-nn#WG)h>#m8;_1mi$SmOnGK&Gnm{0n&bOzmB$qcbjtFoHw8hTH2B5)bYxE;{u#Ws=uSk{;tQWRym;Y zi~@M=6nec)VhQ8jG6JCYCmA*Y9T>_&P8bdVenPc>a~+nfe^j#b;as;Nlu4vK+Z8m~I4n-1O!Yr1`8);U7+k&`S94^E5n1_ci86ffPh^eg$y@4qJO)jNxqR7da6^Q$a`g6>ZCNQUn;&L4?xGQ zQVs)cew*{)0uw};@5U?+zyfx_|4Z4VZV@mhhj!{ za6Hgo66>5tt|tO|oN=*LD`n(`i=0lZsDA0M$>lu`mA(1BE9vLAGNP28CsaB(#VGHO zMJg0Wf~@_W0Ll+S!R}-DY8^3vGBrY$8+)k`chv!4!YXDv64BI35VRV|dXFT0aBWx< zsTzV)Mw$RFYZt)cvTnT^1-95a0r=JvS>N?%3dE&s%3=Y+yfHMV30Iy#Dy0chV9ro? zJ2mGz`U-joz9Y5`xspCag!!rb9)7CXe=DKU`l|FYZRtu5l`}4Y7>Nd`o4yo*y>}Am z{rWJW8aGc?pn@gY0)STDvs1 ziR*NF9c@`buJBtidf5?CyIaQpR<-fuJD=r|37!$Lk%@AaRGdfG36v$cZY0J3mm9Hr z^4`#isi!N(Pt`DfUPUHFUt}lCS&%P#(kGIiAIKCsNw->s`Ct03G}$1i&4`q5 zL*gN$kKc}rLsvk6fCRB8@e~pq3yPdaL1ihaH{Bl9KE#Y?49yOhSn`y^DEJm#<%P=% zJM$LBNpLiT1h7>1s@(T(k369X1VdXLh8fs}T;UO?O>#O*>y65_;>1Tj>wGy9H3;yG z^j`zVG+00X1ADUT@RP7=(nmnU>7>)$ z7ZWJ7l?Xhna^?{8xrybu=0nV}s0hpKgyR!244Zx!j^EWe&-M585ZeW?ETuWo#Ue^j ziBwqLiNv)GmQFSfQ9qfMscy{9Rf`{jfzch2xsXgChTwrQ$yNVYcHsmx=0>OM zgF{g&d#{YcEAhsrwxrqQp}%N-500K^`O{I(Vti277joVGYw*n8uI~~JS8w^0Q zSvV9tMU`xClyjbHihCe9s;Ok+$}eL+|7l zEcNLrBbk{wAX5aD?fw`kS6ed(0p@KeMn6mFDgnZ!%%?Av%RnZSj1JHk$X|B3s6dLX z6j0gQG(=9IwYH^Cw2`4Vp8qU)(wI_OBa-sc<-LI2Vdmo{6cWxH=)@4yLepYrbEo0l zui6ay*S~MA37L^_EmcoWH$cYRG!GOy%m!tYvi>8%IcIpPCDo_l^i{KywHK+J!iPWn z3C9e`n|}-%s*DG+=v}O&JC$deIzz^8{nDnbHb#xXdWdjEy zYiO|z2B*_i;CekU)cC(fqr-vTe$hpS_W(mYzL6bG2KdS{J&}j5K{OJoofQm)?Q9}h zQen>l+8_iN8*qqj`E$w;Az&mab+*cV*QItl8?!$Sg-m}OD6|7~`SvdCa8JuQ(Ei>A z0;B90%QnpcfBZqlWqgdOSw!c{GeF`hrepl8Eo}hrf>l-!K=R9&{qh6IpuFUs%m@CM zJ?k}uPO^N5F>lq(Y+{keoaL|jt=E9+2q^w`z=B%?z?lxM6=Y&Zl1w`w5V@dspO=z# zX9)rO?>h=2l(xFnk(Ns^;{v17{lVQi#x?X(ZNz&RQ4+e7CqmlY=t2RDra4ht+N)6@ z3666p_TJy(XdVUhU&kmV*(MwkWJld3CP+R=19+p+PjW3)E$U(Hl{@6cYFaOqG71{2 zavMxjJ4`jBs_e|$5l5-A=nE9(N;kN{f97~z?(cN(aYXh+4P&f$4UnTT0<7HC{#i_z9#qQzF1DuQx}ZPpdV%F6bDj!{{si_eJe9pizsBjW5iIAG-GY#vdQ|xM0mmc2Sj=?1}wMA`Vbbh|rm5fY&36C@Nmp;T*y+&fJCJDY}(ao@R* ze^36Bj|Tr2!_|Mw;{PXdhQG`Af46r1Iq~QB|9SBLsEh7@kEXs~YAj(|$hMqgkFT-9 zoI5B~;JZhKW~CE?tcQpG@X3}n!BvzGCKpxnV_bE+f6t=NR|i_<9vor{A)fgC5lQnW zR?r`RojUK|AfU88`|S6PN`&8}c!mkZ9RHwV^+#Arn?NXKK0LB2GS<4sDl+r?qYvZf zn-oTDr%(L-G|?m{jt5+aIFnz6xxg*VHvc-fiXky$zSV0hQ^9|uuOZ-L%6uggot>~- zQ8I7$`?RcS5AoO}k!>rL6o96hQ#tmT4z4*LqoG%U!Z}KKtMusX z+Gd`vOZhP0?Dbp7`xbxEPv>h|u~KH-u{17MJVe~QP3QNS$J!LCZ9omz#%gPICiHq; z)>O?O5h`znifc5fCsfV1`fO$Xt}nwU1`x_o!cKBFOa+rB|Qnz2)w4E zF8PYf{dalGwl=0$!*97q{b@gj%khNYwch=?`)=bpU@!$<*9|tUK6}iLv7xN1B!9QM z>K;Pr^1~y?x_%OV{QOu;voIqy-jbdJY~WY3p@CC~nNNgr!B`MTGqEB$`h4=LTMbf*VliazaP0VyZiM|B5+?4G1uu}dSs&M&j`Ajbct6H_nV41sD8@N?%&1u``7D>ooU|?-q!R~`?1ITejW~CQD{ihw?;4X3SKd57(5E%C5zS;az+3Ue&%7vxtjU$N+;eSc#MeNiEOZ-3Bm@%p?K{F z4q5$^K48Zk38XL0xC+n|xQ2s4Rn4q!*9Cfw;Hx!&Tty2VC!^w5^-9RHM^KP zR^C;^H8+@0Q3j})M-9t&%l)gps@9HDcQu9JXCC5j#ka&OJ#9Kh?A?ybP$~fW zr3P@rFq{wATMP55o_X$sU;M=m9NN;e1gPMpTs-oiMUe^u0g2I(E~E{eYAKwp z3sz=Oe%uF!>>5oKb0-;eD`8x?Yp9P zWEj9oMSwOd3#B+G%DLEFlZlX;_osIZE$a1m67W~#! z(sXJdI4=)W-XUvJY;_y;4)EP}o^FAw0Dfv8BECF~{aiNz@IZ7;#J$!F5@woNnTIB_ z3*PMB+an?-K3@f(d=!w39Km$A#Yz%!_j&m?6F0u|rV!4%@{k)gx<>YGd`EygFCe{J z1iUMN%w|}LzFdaD+N8Rsk@Y`p*4KwPkMw30!wy6*+I%C&(%v4`UfX?OJ&YZO1C!h% z5=}qBUnud@1XicHqR@~5<;{(SfE5hV6EJtjy;cwU991Kat3Se)wA4akL*H-uTq^j-1 z1iW2a`o75Qk1$WQxVS0;sT-E^qmctQZ-B52=d?r*?QL|qd%uhFU$|?@e{SmaUwY0X zp3A0^Ti#Ou)q$Tt2RvEY9k)H!zj0t6MXz*xQEHEGs_PRs$$tirWKKZO4x7z&GtHz9 zW9_@5e8wy7Zhi$qma`zY=)j5yUDDa&9@wvfy3p5Bl!(n@ofm&B1TPv#3u}o4eHAr1 z-7RnJI}^8@?JQmX$z24$o?1;Cez~*OfRzlSRE_7J^@fK>ICh zam`2qoSC*BA-$9*lIj|?(U2_|t)*CnaS<|ouiARjKv+Aj%%;=}Q$WCgVJp=rtTohH zLBb&Y6_Ew2$oc6l4o1B`nB^pg4wyJ>zJgtWA8;F%$Y`NWsO9OaTLbr^`0TT^NY2(^ z64-lepli97CRp$&E1!6FueC*}dI&>ZzBS~r3lPp;B60?-+y#8!#%W7avtP-B*Y)JL zxp|EMaUI1fc`Wk?hj8e_Ppc0aVs0=k)qT1?0tn=$2}vcwG$I09s7bX177gH1!f9be z%HlwQkP6rnjoPO#`{=LG&fa*G`i?iEVT|YbhI8TP zigAFk(M}gJ@E6*!HG26>GQW|S=sRD=Ma4ATBQ>EVFDDxwJD&D>xHZ+Kg7;z)cBZdy zbO9qZ{3Zb&BQs_WkUL}E*MS~jy$2RQCT5e_WSjhA$Flr+MuD2dkP$kBrlxJ9U7jk~Fhtw-i$Bwi2nlbH=;gXJ>O|?Da#v z8A6tOR@)kzKkjT>yo(>jytpuRuWk?LG&0Uh0h+sJeXla=cJtzZ(qELX@ZmVR-rcF) z5<+_NO`Xe?ckwZO32Hes|zx={(pT3S8qS3)(%d^#^{v+=HcsbgV88~ zT!&t?sWesoJvlYsG-!N(sl0It1o&i3s|xotJiDFtU-DP7*W_8lc$l$87RZ;@H@jAS zLKmD78VOn3H*aT@!nP)vZ-Wb(pZD958m|S6RlJ0!Ky5Zagt}zdMu!~O*T(1EJ!{q8 zwRCbnaiuyZm3~TmBcBS8x;@3!vx{4PHlCAAlypt#T~iBN6z%DLvxxY|VuwXz#P!8G&uTwmk@Rga znuLVhi@8w*?HV^hI#*A8CUZNRx+*wR@zfHK9o7RSUKhs}neC1POmFpJ=QufVL~n|L zrm;7bjP5k$-jb)R)Bd1LR=8O&au1h2>eVuwj zRVvGu2MOH1lA#rU)nP6Pnxb8^>Zy2+Q{gla@LlA3{*v)sznt(!A6x$bd^VlcP18uJ zfgYNC+bKKID{Qs8 zsuLDKBgs)=g&x})8>@4aNg^MUTW6jV6WkXk3(62A`n|#FwzTIOWLWV7yH50E@P?K@ zBk2GUh8+FX5*m;2Vp)kG&V`P|OUUco%w+WdkLpUpY1>Xy# z9bU$&%&_>*h{ut}Hab0cdp!S|{59NaIod9b!iOBb>v_GPEKWU4SwJBW;=#OMI9uR1#G5;6|3BGJDJRqG|63w8%o+>%8z@l8P3$Puf&f1$)S)7a#GiczGb)1iv zwBRiY$zG`TM47f9m;uLF%5fe5gs9MplNbe5xFy{W8)Zd%RXue*cZE9ic)#=9!d8%l z!M=M9p(vlVmBDgN4yejSkLvrUE2MV3T{h>3@GIkh zX}+3pySnn}-NEoTj9ILk`44xJ&OcZIw)Ooyy=&|q>}Rl#oR_n#e)^iN(8j}BVN?b3 zi`&mUNvl#M{lXdKNcJmQvW1!5WI+eNU#agLMY zT?81dsGup0oq%Y_BI?bcz{l|XGf(+7G%sO}(G?^%|T$W6C==bd7V|q;!r7G{NvaXqLykZt2FEWJ4iWRbOviPt7Gl+>0;{ z!bGJ_&74(hr%tMmf8$05uuo~^5{JsPpM=<(+UFg(imuXrv5Cmh71tp(i^`g&NQFHg z@Aui-bDe8~j}8=cv~oJ}vR`s>;>%A9pnD6I%Z z>Qq>EC5Y6B-g4;GAo3^XbQTGnx!FyJ=B+%jmYesc;@1LJJSFGD0TiuH?=P?=2=M3M z$$S;EM_ z&RJNLDI{FsvoYxsmRL)E_e+YE@)`z+R8qMvM0q*DDp#VSlFPSF z98RYJMvh(CWZ&7(BQ}?IlzY8jBh1n%`@pU{>j{F$aUZfBcH2-u=&stw`$zO=F=es` zdhZG-i!DrCE`Ndb`QqjKhwL%;;1MK!@-G8K4kq}~alm?lPkvPixMzo12I&xBUnk|; zM15%t-I0PdwHZl^ed8x)4eOAR{k1)3Ct}|&#Z4vftA4MA_N|Alq?5tI{{lu{mK@On6;lSiWpSut0-Oo zBN!Punkjj8XO`b9?f3pj0L^zlDSoe~K-#o&DTw5^-yv4@&}_E}1z8B?$&?JnA}v*QDIx5)A-ajcu^+d z-FVK-f|*NSHpri5< zs*htX-qlW%_o1}tj`e}5zlH|vo-L=LoGt@CerYu1bX(P=${o1wl!0Ksrb)?AQLK)En$k! zTLdjzz;Ed(1TPdm*fevc0Fhmt_E}jwOvncC%DfH?Fx@38x5#%kK=8suv;Od^;Fsat z&5ETn22pTf^MV#6$4z2z$GfvPtg_US?TmBv>yy>D-(JZ-F~Qkv*G06_Or@PF^*EhO z9Cw>bULG@@`v$mk-RCl->sIgVD)bosQro97H+2Hlo8Q6OlZknTcWdU%YEDvs5$wD=!HoCf4$#em^j0J4 zZp7WnBwnh~O(zQ1fYZHng`7YJg&eK1Cys5GUWjsW4U&{w_v<{1e73*| z-2}kJ_7Ta!;6a^sa!FPJWUz$H?BK?>-#bAWdFxNlX>oPM-h2iw8(j)<#t zLI#3?CMb)WH4y{#V9Bg$;xC5*4-%F3psOI(8~n1Gbx`cg+yXUX@a|mI6XoGgeKOCm zxPbPXek?UJYzbQQE!!6lBVjEkHp2= zMA1!_2v{tPkA^uju1x-P!X+yB$6J+`$@HB9>;6P#@f=yhpHuC_D^lbNlWPZIzi;n@ z1}IB#Qfu>=2;21Y83|2x&xRJJ2C+KAhKO3V-t~z|sc(NV_F!LHyj1aq3x^R0feR>+ud?LP;Wam0aFAHy4J} z0X`hnTjAQPD!;pvr>+wVM{9#;QKdZL8Vt!zi!Z;Obdyi_3XoihayoS&q-MDoo+rebxNM_(J%kSofxs_~->R!#4F*Lk`jyr?dvF6(2bDr2O$&za8Mq7El2 zZhP=nDT_hUNiCECrvW=P5wz|1L79P1$m)@CJ>|V7QhUTx+jX32HRilv*3>!_CC?5^CsdSm|AL+ZTxMgw>HHj}VsH>D}JZBIF2YyF!KG2D&uTZ60& z4loJOi}qnu=aYqoO#E?~T`O2>>((P$9WD@FKHrpmZ;4=PTVva<41B|eb(abqidLjd z?b8+r)vDBwrG&d8slC_splRp134TtzVeZQIM8G*&CCQK8SPKME*TgAOV#QTaad0 zOeak8NYn%z-i7y5MDu>8wnr34%%2OGY+x$x$Vi_fSjZ)JIR(6yVA$L0)1!2t2xiIh zEm^h22S$vvZ!fA8QJo;}Pwdop?94Svm@a0|4eg<^IG>X#IoS&YdpabXvaS<0j`)UR z#InBe+d=uSPSn?DkhwRHGb?*_*pMcm=bQvK(U);{X6-E0Yf?+dHVHapVHD+3D_L25 z_~>!h(Tu=4(cz+JM#5gNhD=H6kKsnTp!l~0mBlQflrXJ235N;1Pgw6*k)b$T=n9|7 z9qd5=Y2dqWY_8d3p0z~J=E(BIAvmCb8F&dWS$lyl)`8ahrmWfzHd*2SS`zEz1xxES z>LS@kDDTv@*f9UW3-waTEsJKJb&fIT!vj(m^KvY zgjjc>|HNpdrj)DNH^1)9pfw<=$3-|JW zJEIIy6#iIfRo#}nE9c;zJ&F=v^Ty@9FC^f-g-N7IF#`>d!QQvSa#gEerLC>2*4w++ z^4Cju#&V5{v@9Jh`z3UE<4#19&|`wyoJxXhxJZR%ZoR6L!cSg)2KMf?nXC`%QCswE zl&22V)u7PcQlTkU`JF_+9L;@@3LsA4v3alWVhXaRb%l#GmI#KncdU#LH9TO|vd~{| zz{xn_eTd~Dr5VNsX=y`x5907OR8OV;6``%bN~Zvf_Aqp(Rm8bd&s@0GJ^fLGICNiq z$vY;L`z7>y+_JZZ?&b=q#>)x6*W)sjv{cqE1+fd$g{-&cG{Jd6MBR6Q$mL{e>j6^q ziGCaU>=>#X9L{+sx@Rr@F_v+Qk5zT<7#pu7ATH%pe|yI$7rsR=>|N_2jR`}}iLd_B zdfoyLc_mDfM3Bi@$sLlye-Wz; zD}#bK6ki(W3r@Cu2BasZgvTGbD(lV2u>v=*LH1RgpxbdK2zW>Zyc}VkC=(z6ogCr? zFqeJbcBnkpe3DkH^$x8=&KCXk7|-;ew;!M^{7OC?+r5Y1Tv+ydC3N~*YB@~yN$`Nu z+N-VG;mu=08?%YaNgBe`M$bdy{^!6#wDCu0;oIb){<$}|!&5XD6piN!!bN?p>s_Vg z=FH?@7zw|Ak#hEVvOJ_>b}spafc)5eO1p&hk}}%C(7TvWs?O}qt`^5ahNTGkD$O02 zz|eNy9+`AHJPA9SBB;!3>{0>{D?{uGt_xX32lm|xK%i3bkwrh7Bjmr!yKthBhe0G@ zuNtijX#l>pg9!KXI^GK}dhb3xga1m>b zV_nb2OY$vKa&VFc^qfQ$f}k{cfo0d-pJTq^WkGP-w?YmrXkA+nqVR)gc)d0%%)16t zkwKbuuoW{~iD6-Vn%uxiQWpv|d35L2kL4`+`2K9i(fQKcDGB+^*SLF!c9L*cThTu}ZLF8Ed6qY+7*T7K8lDUm+$uAukm~IO!>Gd;iMRZOs4q;U)H-16*E~wG75; z@$tct?gy2+#n>oV&%y*v9&%k!d4$r){4?oxBRj_dm6$M76zK5j`j9b2XR7Qpt(T5Z*?JyI)1#B3>QkB}fXv0_CK;dKKy1ImA4{l^DYaAd}tA*03Jb2 z?ZZd3{vWf<9xf}fLhbW2sIh0prmaqk6xV4ZS9Q`>^mtszyzs$$grJVG=Y#LOON-UT zm)rgf6Y&NE9(%9Wr&m&fd`5tV_j!@2m7|E*i{v5;32pqe$FC2|obm${b99f-=u=hU zi%fCfGk*SJ7OffP4cs{su-}%mlF(&gE1(omHOVlL>5*vR!(v%|g@5)DuF7%nnmY-l z(ip@*l{goYFA#X=`3EY1B^XhLW!`*M`NX+obNI_!Z%r_w{jlI`*xRo=u->Z$2Gt*! ze-~VB$o_uzC4Ys`?<{KvEnBap%`MPa#%*3pDTCO|!z@rqzs@}}<9Mx-)dS&E z(ULr;EF@iFau=&0(-J8A#+7N@-_In+Ah0`-;Q&4uW-v&1J;zoJRxnY5IJh1@G{QKw zDSRmq14OH+y%X{R%e_ zug|a)N&9`Be&M^R0EWqCkv@f;zDWRAV_o=^ersQ#W(g16a~Pbo;AUAb)cLm@q@HFL4&!U z(SyJx(u#`k_RETWdB`@ozq>hVr9Cnq5!`K=@+;U{=#s&e?dZXH?m{Q6>6RQ6dXIh! zkt9!*B{TeGRijvB`^5IBlljDLQlaUO+fJs0F+Ho_YL6hZrbx%2=`Ns=_U5B~HFyJqvOv_vJFOVA}heslA3zWU<~{NPg|lfrgJ$}&p3 z9q*Et3nR&DZc1QFKCYs!d@pojaQ&&!fi@7YIz+7V;GR9lX@YGl8b ztVj@RDtARRWQgC!VMl>QI(>$NpD~W9YyAk_aGdztY6bjOqa4YOjq#S(LE)Wd4nckP zbb4o|(OH87h}1xYv63vqnz)sSe&|8u!w$pI2k2h7>~$`j6}pE*+(_(YGPBT4MdJF) z&rQz4MX6zNb&SDxt69Fyd+ogO#NE2cV=FVXAJ8ln?@7MX95z?L>~Jw-!mH{MTzB>; zsCr8I9Pz*#Rr6d;zx`05Ra&gk0>6*;ggKE1B& z{N&*c(9j=T{B>)(1wAeLDFkUlMES0t!&2%0+Y1LGiIee?Jgk{JeIG-n$^(h0&~b1GKyEC-6D=;5as${xxvWr z7%bDj#zC(6Q%S5(uXpZ~TE2VoXQ;Lr82(I2s9AeKNvv^wAbOs))Of_;R4(mbF*rTDNU)&(~Q^$k9s@b{+oeP2CE482nu>APw|CQkcx znpLHrR5_xW{88xk_wm`30|@kmCBwmU>XLkAw}9q{!vMt06SNef{0W0Nq!S9!BPFSH z$lkxuBy@&!E^szJaV#M2b?)WByNg~3{EbxYuNMwsX~7zXnu=(#=qTz9C~iij-sfO{ zI(kBPXfK~U4HRLHz-9O4_L=nCf(r=zBR=>}DEE1#`Zww=38^0~5!>I+;STcj%kK6( zq_~dC607i!4WsWj8T96*El3fT5a_v8;fX9iL=-i_1nK#Of=24M6}~=M6tPX7($PWv zc!4h%3zU72eW1p)2lHCH!kF`9p=W23*xHpIH~g|KE3qcc=Bm1mZboHP5}R%7S7IXq zpP`?l=_N4ujtA5Og@N3~^2^=lg+L0^B5$uj^MkHldV;1vc!)BL1Av!y$F(M{KL42S zUR|&Bm#$9FsBGdX*S4u&G}q`W)g@rY#H|y}&OM%T z-lrODra_w?lIm^389;)p10+Q?C4B!(fVOxwM7{g)%%0CPXa#A~1XeT~LG(={I*aIU zCGP>IVio0Kc-^Z&y-zZic7l)AAIx!MY;RS1u5SQEkHy1~M9aWl?*WF*vsx!oXf-+A zo+pq@F9;;reSEJoeIk$Ec~P31hZ9nN?$oKoc&N4$15@Uahtvcewq=8?NvbQG0^+u2 zzq_0dOYqEN&YxX*&{`Mc<4WwO!X>e=I&$nTa?blWULS6iG}; zlGM09cyO|#QzlD;(gO7c2tSx=M(LrY){<$DA#?3QAbhF`G=2M4CF*agD73Z-o@^sy zp&L&!wxPJCN?%_=Ms1+NX-Ky%ReE(?EtW|ImNy^2e+(3{5I>-JRIzoN|RF}opQSLb3cDcvl;V;#8GzFdsj z=0Z(`Z5BP;obv|Y$JL0*PeVl>f4GEs%oIrH^|Q%?PzyrK9P~6YEm!5;U7fg-2(Nx$ zzgNduJ^ANAmmzvd`uj4qS(ta#U&O0!_Po@=C<#;P^JO!9$m+Sv^WV10Hddva0Nvsv z!14{u@ckC2b=)jEFxz>WsgdyCp6hp?SmoO%!;wxA2_<56PQ}&OqNRAKz#bPQ42O5lmv~Jj5y75Sfz%6 z2-6&~9Sas05CmSwl#?NfH_$o;!b^dBsN!+v8FqPk+=$8?c6NiX!#!_|9gkSa^yJ%Z z%*fB~8&%i8yp7cAko0^M$6j8+!i7!4Tllm@O9ux`tzQwX%8gw+&Z6ZGTLX}(Us#HN zWg(8T{jycB`B6>{v+x@U?FRiRlnf8Rs-+KlrmHHS@s}wU2kVJnUgLR-bouNP1oP$5 zVZYpi#Y-z;n`Tv;XcyqA>a>{`#A_eQ`_B3Y-!ikCuXLE~vY=Kck0UHe(xg?=EXsjMwr+mp%1Ys~{CMD6}1jDYgLq zE51@Q+rt}#OO{I>He)rb5_Qv|pV&>s6}mf#8N<>+L0z`Y5idr zAb%LPHtz6TFgAR1jNj40Y5`yQt=RAg-H$svAyxFYPnl}oygUAW!?r`Um0w$6C-DP) z0MpOih64KKuQ_3arw1?dLz3sx{rH)79#(cE%B+eL7toWJOFyX@rV9;92bCh*nHkgv zDVCv543NyNq$lBLCz%*5GhQ=QWCkVeQW5q3mtd~IF)wvX3U;H{y3Uo8KjXV&;%K41 zi^ByvL+>iUpdItyN#|i#t0>OH$|;n8TUg@^XJ_5ti1-9bWoLNm^P`HdhZuxkpX@fP zTA?10SBhJy6tWLREjV_CSrZe$4(Ih;b~Jgoi&g$h{a8<1WjFGDigN^?ydvv|WMjb5 zl?RBt*v>{a`DgZ0utooeH*NRO!&(4YRO3w=gu3d89>(c&nIgu~u+Cs7=b^$ct3S85 zWmn5vBD>$)y9i{)l7ta8eUZJzYzh8no%KUzl}YK#eI%o$o{~(Qi=mJ&@V>)f(?6OIj^U{g=IP z-22{nBo0u3J)A+Cu4MZQ47B}zfd1Ul!Cy@Ma#$pKw8G*I6Jt$8Vz=DAKNiP~+7vCG zt%DYjGqiQc1hPIj$7KfPJl{WJc~VS+qOsZYrU?K;C4-I_yO$O1*#JjdjD?Sdtk1{5 zO%ev!#2-NK9)6i@wjiKK`$|2XZ&}p*RlhrhM7rObid2vQt31`Q9iP;nR$h-sSk#$eT-CK)^Gv4e>y?qTxL4vAnM>y z;chqUN2;0o%MPO<;y9&nsCT558&i+(H2daSBnGq1vaM$W9)4tG@FCociVq%I{4_Kt ze2f4QdWtWml2-A$Bs+r!_f+_HIQ52_t2s)AReC38nE38PN$~W6_fo+kL%hx5koPLK z^XoT1Bh$l{{2YRfMO-*qAyB_3So5@auQyOtdO+V=Lh=XY&0twCM3y&%i_3vteF!Zo zz>gehp-MtGLap#$OYoYN-b=vO?`soPpTpeuS4pgEWB~&Ipsq>zZqVUaU$xV6*i|crO#m8_XFd;`;D#(46^_g880FupP4Ics%n^MlpH9uW-002 zhs!5rF_i9m!uTjfxf}hsUkQ1W%${-!m18D=%mLc$I2w$)_HM#hT(*Fn`Fpiw&{0S?&-CV>e(#_!%>O#c>am`??1Y$`=nd@$coV^Xmk4` zhIe%sE>gKOCXZ!o!7)PKqCrnqu&el1KacqvR4sj!P!;GZs{}0fs*d4XBDryCKv0!R zrZvA-_wiN%y*>AYQ26g{UsiWBvi%~?uVTY$x3Nn|(QTr8wUeRFy6BAon#k3i!#u;`uaf>q+O9odNwDshGXGL@uEJ<*ykRMgW41NTNMHN=O(nk+Xo{b@IR8 zI|2C6CC@t&7@|vOvO5i`mF8ao=@Tqn(hnGBNB5hXV4st`+F62~^L_?tDFuSh%_3Dr zy}M;%{Fipf^K%|^__M`*Kyf}VJv#odk49_S#kF%B*5Ez_AA+rdLI;LQ#iTAB z7$ZH$KK-gkm{m<+y#6*_StrY?4po5$f2xg}#Prd~Q zMR;|7O+mW=;wep_&xBFsgMTl?y{-gWMHJ>qsyuuQ(DKft2L0lI7E-1n#74!@Rw+O$ z<4hdvRNy=xl)Nes>wxBxbgo(jWmY!JzmkU}_OU7*S~qHL!SJCOB_m*|D{ zoFuFf>{7z241WgZhJW&Ssx#jWf3$1In!f`&LtLa+atFrZ8f@%)(1sMovVMhn`k5Z8 z;5g*Z_svF=RB(CE-(enBs&r_oES-kC?wq$sag{v`EQe=ytGf1*m@2(8=9x8u5Rh~I zhc?2?Kj%0PK_!d4lcatx;ig#^S|lQFos0F`42IHjxO!QFz}D83}P%R z$>V&k$tceX8u-r_(2$*7;^=w+Q$2A23ZRtq+<=kOXXrfG&S7$N>(^}~zP~@6bO-T1 z+)N1EG_+St%D!bl+SR}R{m&PW4)Nc={r{+i_?%gV`>&dbx+1egFKDnA@J49vBmGH^ z!X}RPWVyc&(5$rnV82;CPVnik2+n9cu-VVKOdVd8{qLvdx8c=>V5gy)`M>>=!=C`r zMwtD`M#w*&&+h`jrs+-t-a1SF*SkJs=8QQJ!}yP1_A+D_z5T;*jq|^q)Ms@6UjDy- z`2TXY$A9}n|66EP|9SuaMX1RCKmPE!r?f;6BM~!f0pdXHv&}Z3nwn1cYj;SB2n5N4 z9qXy=|9POl4U)XBHh^2F&fnBRP7opG0FNa z=zv^WEX(bFb~T*+>Q;48(7<2ZqwH|Lm=k~BU9@)%5oxnaKC#v*g&!Uet1ll@PecNG zBdAdVDeLHjrME_+XvMFHU^ZS3cpLJXSlo%*!Q=ZAXCwt^fPLLeJdM*L{P|NE4QQLf zD>G0GKGx??(!6lz_nIji5BG<*H#%0n*=b589sAF4K>MR8s;~_iIZ{9c_eNm4O!1Az&Iwa#K*n2>0%1P(*5A;jg2U zau@ak&30Ba%K7?CfMciEn}oYyk+>j7^0gfSc9lZ&5qG5ZWEjhkltAyaE?I(wc7l)w z;lmP#S9HJCeZdkthOn-MgUl7ooG{lPMkA1Khv%C!~-Ls zVWSa^WHU@FSp4ZI?2C!!eOS`zgPmAy3&I-E>7dvNVv&I(XiVaHB983MsWQ+u&5>xe z8WvtRT4kB}I&`6}IE(0b6cF-4WmTXikwzRkDi< zWM76KcOY2Q{r*h%NE+jD`vBJr7^XJvV{d^^>W)*zAK-HvhY%}QW{1U#5W$_ZCGhDN zypvvr-0!zj>rbR9u0G_nwAM5fmH+&1sI7yrYY_MOPTa5up)uwer&EQ}@Q-?F7vz={=l;^uF zO3_liNGIN}iS(;qD|5((g~q*On1gQ$u5}uvYb%0YAe95My?FvrkbuwDG&8H+@kxRN zAVDw-))x9e`9hahqmn?rZYZ)tC`MUNmbjtY*! zj`eeI73@%6OT1Ru-#jnjEvt`XsP>bctRH0kr$Y*n6s}V0R^{a zMJvuahBG`YJ;jv>lp$611oiS2`5j)D%-d)!HO|FkUM>0)8j{ftZ{7n3GRDwlE&PZs z?PMh&;1j#B!Ho*ulx$%g1u(8!tJ@qHw`+3e$k@fM6W80spMHHemv#N)=neXFTkD@$ z70Tbaa7ikwotR|eB=pToim6=y2LlGjd-h#!ZKDL8zJ^z9tjIIn5P)K&0rx8a%rLB- z&hH0UaQH+WEL@8o23(@-!aqOwcQ>OImVs=|)9}RLO&bp+NZCsC1!WPUaVsm&a-`HF z#_n@0d!q+HuwG36i~^j=F=@IqWo>cIq9X|Oi9^vg_p*Q+_R1cN$srj}%bpz5iMhk& zVA!LrG_3;J_OJy}1;tX;e6nC~+;B&T>qHkbLq=@dO}D}oquWsQPDRx2#R!X)Y-@Pw zr$zbSN&4<#xs^e_gGyWZh6Wd%fQJu6Mu~WBDyR1_M7Hj zVCk3#5iNRo0dly%S>jQFc%}Nd707y@whl@Uv2?EezQ%@YdJ_?5k91~(?4$uh28JO^ zLd7PiH~{9j_lLCHJI33n?Gg;i;WN{$A$Xji_v-BOC_ zBYa(D>(O6KJMUTp{t$MXGGcvJgx8n$f%v$Lzv{cN?(+|t{9yR231`fUV&uQFwLI9t zA2XBX^LiYiPLE~GcpXw~fpQ+=G^X8y-zC?}x<{)`WISDN`)>&Xo5^9=O*^Q$Up$Zh z@KYpU^wFZO9Dot(qMYq^_r~lts4QMTb@gfqu;to0Sv_m}E@^_2L`FxrWt}SGi>IxO zV{S^KR6^FL@jgeC8I}Uq2JnHGr4*jGdGs%#)2^EuX+e-@btlY}UNW>YvR;T;Qbf{E zwY?RK@f=d4sHR*zaPE5@{w?7eVVRL%Z6-Sqe!r(+WzBXbKpJ8dQ|>yj^gSS&cm4I7 z+V&1Ndg%&8_R_9fMZ_p8M+|=Y&L6%2>E1gSuu9Q<4%x(JT5akyMSlv7Gmdi!*P$J7 z5~tx2->Ei%KGxE`cCT?7dyD387!?6)_)3{p9!|OT4KPMw0sDzZ?r-3S_4G&~`;l|6 z4b*lQe$b`RS99?yavaT2YBf;$<92(XTUiO)w0dThpQ}r88n02F=%dwW%rGKRhYHIk z#Cb)tLfo8_Wz-6UX2gr@9fEq@cO6w%Vt*KP{N=f=Ok4V_Y_%~G`bsiw1x>C#(CX%V z{Y;I+ae9=MWdb85#lNm!ftX9T)dNpN#`g%7R)c&M7B#Z(z@02xr-3B|qkgHz{P1RA z_#x=4bYKqpOTnS`ulqTevRYN zr2sa~J5mh&lYFl==nyjheGUNiMhy8kIoP!2^FrYYaQ`*u1W(J&_71VuRE(zW57nDT z9?WZqd`;yHwursQg}S={ND~UahFu0za1h5dwD-x#+q3BFYBtSERvf=051!2a-W`mutOC-Q5Ymm$1i}dsN_3LExlX-F!PG5rrc#`XJV&_u%RvIfQeA0Z9v34hUm)h>Xji#OirHv1;zJ^h{Z3L z-xASZD)JkUpSvKn+`wt|stN$v)umsDvK>=> zH3o(>AAUd)ASSFFYeDFvwpXSbCsoefW@X%waIMJH8gJGUQI)E`@7*NaOT7(PFh2B| zEB)Sku{X34gW-R%xjCi2NhP=H_Jfwt%eel{H;v@qY>dPTR&2s(pA6VqfF|9}{k}l2 zPn<5OAJ0|_`~)X|Du~Hf@v;sGnBw;@Mav*P?_Arv*gx$V1?dLKBN=K}O^ItI_W`nm z?AQM{XguUk#^#rK+xdiyz5~rJXB#t^;V4AQZoGCmyytmG{Mf{|-qa;OChLQB)vn}I z>WQK&L(TfX086io@qY0B#`h=A3)VF=No6ZvEL~*{$sNX(i$nP;4!y{ z5jt@nEGYp%(8D}TMJuZ}*la5av+ijzqCaps#NIngT~cHhwpYwlzcP zdaWQvQ|eE73rt%;fAskZ*211xCo5`ZMyMToZ}Dq}`yyd2sTcDc;iD4b6IL|)27+s;H? z(99lR9g~dkX~I2Ucn^kA$8gWAAAY_m*D5E3faRaQuL_1r{j_nc6e#RImiW&*@;w zbDwpr8=gMb1HXR4`5n0#YNZ)r<=iW0V2KygmO>kyJUN;6a>q{u0VT?hAo+9VnZFKo zM%xoBH7PHL?=_c^c-0aW>}Q7-Siu+4a*jr^n}2=3()|hOE5L zzsOTjzNZa?>%Y|m8PjX4kq;!8>}X>4)jGiv#goS~FoG9~6w}%0Z)BuR(LknvjH-5< zzXV`md&Ywm{JiRPGarpGcPpeKF1xunoOl~RtQH_30eQK%g+DjyG^k4n1x&t~hjo3E zZj2)_)lk`c1BnEm%FgKPA?L0$gn|JeMdS>~lPX|8tEbyQ4Hw|`!Tb)?ft(SU-mZhM zP>5yFqQ}r6oO$Xy6tSkCw4+^-@4r(f_QZ+B;Ja13%=+3kjRP+O@nREU9xM0J)N(IF}o~hQYewVddHEtobOS*pCW6%&fqR^3uY6bM&3VFCo8ISj9Z#=So zcP?qU?Bv-|k8uD6we=bEs^rd4JhJSKvEXLA?z24H)>S`2?}N7rUgPhM4+-iJNiNzh zX|1s}Y%a-TPhtzh6ql1|JNLE-XeDW~N0)Rfwj4c5C`v zQb_14XJAif&7OI}!yA`NAqn^C^`h>TZF8~@DG zy`qq9SjqG+M&jVpnS`!n7=Sguj6TbwjTP(dy1grHSHY{TK#F7GDi8X6gr8box25Ma zw0z0u&!WWQUxzf#`lv@&B(VUL&Ii;k=V169i4JBj0LF4PS!7p*CqcA+iizy{L4}OY zwT-r{Y-W`m2J{EVO7E3VA|?;IExbsBs|O3cnS}wBE~|A8sleUa3Ky+ll{wz}(XSt_ zO4tPT=a3A3P!5$W_&0CDFFh?WENJnLFw>}ow+T1r6JaI*ndJijO|Z_do|x!MbH`^q zj9AX$EAw|O7_Dc!-W`c5fa;; zZz$WxC1t5_3oC^Wvh|pM&iCj}p$ppI1rR_=-l5jYfqQ&}guzc>2lUennlCz^!j5mR zAS$VB_b=DUcP3SyNa@UYxehJGx5yM!D*3!5iOl*xA^fWJ)&zizs%DK++tk=Hj3cO1^z1<3s@pH4T$6=rtF zXw&x~Jr{a<^9}N*=F+$CPrg1|*r+B@J^!$A)l+?3bvCDyWO6}DG=SlKmqiVh18ROz z!A>F?P9DR+8F#LSgvI5eQ6S&1s3=NqLlCvz!YZoP2q402dfVgBre+`@s7Ut4wsp>b zwv8&eq1kmRrStCL{I2Na19n4YL0y|AU+y>&vmxL@e|;T1;UT9U{!`)q?HhYTv-E&G zHcxNMRGWuc2~BUHWYc)@1;!;dYrlc~0v}{Hvnrfh=k|2y!Z=e?qKJOW7&L8b{_+mu zJDv7P2K8H~8IIW>-o}lQYdq`taWOAySa|mp*9xl@iKSU4YA3>J7Bz^X^qs-CEpr>>Qo`Rz`(bS$-8GVQO`!OG*PV(OalfTPzo0Y-|AEolt78I0i z3u75DNZP2I`p{8i(qAT(tNvp-T4D4q^VjwP3SFJx3H0FsO}7kuDX*9nq|#}a8dXi+Re zC!KFO=C}nw5xUK+_pO`L8QH>%%--~nW48MN?&FdiHYWe%>$9BY-K>Rf)@u&R0n55K z%rZjrpOrg|kFsQ~1GX@SdLND7`+@bJs=neQeK*bNXOxYRoD}b`!W>q^p-K!HK1?8= z?-%K`yd(8Ay}I$v`n$sMNx&6f&dzJy>s9586$+5iWG_*%o#Lg6Fe3>b~D>aew za$cWd-7rW&J!`rnL6}<(yM-L_Hp5AJZHmW@(1Ya0c#J{}M5a((AtEySlfBqHV2W z;$HVvXxM|M=grlU_FnQz04g$QT9ZcRUhZvuTSZWO+7rW8>A7kH_AjueXD1AKtJmKy z!3J_MV{13T(fq#kZvgv@B6_Wv9~lh5P86`=29Ry>^Zvf(o62mmf57UN2Yk{`bWyoR zBEHW=s}4c%7p`!`y^5IZLgmD zJFz)|e{FcreX(aijK_RBn<0L1;974_6ahI{Bk$OTFU{sq&l%ImQB!JySRb@Mx#SUz zdZpJh9r?WVcj*DByq-QrtCOw59&estj5S=J0{LYcRn$o{7ukjx@@EmW**5tA0L8XJ zvEX>LWE2Rpg;XW->rTZue0^KA=C1$nx<&rJ8{v84$mbH*5fGI0EVBE4GjhZZUUACs zitqXxPV)ye-0|Iil0E3?qOwT^|z7PfcB&coj!+xP5LL;g*PgX zqIsWpv+}LdkNF>h#?r@5;;L^`*rfpHWOD&}XVi-1h<}^#$b(RV=9g1CF)KNk`rQ`p z;<0lBL4Y*A^5toBn0;)-_S~WMzAvCr8iBDCgaQ~Nsp($JoH%=#Adbt>)5fiv6e60l z)-DfY8g6j9yWf7A22oieU{qHSj@-Ro18b)zyQ7Deib`zHZqI2yZ1%n6v%lV$SqKlt zB>U8;Uo{ODIRquua**A1?O-Gx=m0A~|BK%@E*LOc6Ck9SSjpgneP4zXA_0C2WkT4w zrVCuO7C_SZaPXD(k`@HfFT!~|q8`O`J0teVFC?4{Dx-L0hQV%pLFK_5xrSGj3?jKCO5^vS6W~Efscgwfof|^$ z>8jFNVrCI@^CQAy_1|nKEQoyK4rx4Qlndko4KY}95wy%74T4%;6d#QMx|Fh`4;mds zaq@=2e>I=?&g4kg6qCP`iKz?d zh?pzN2{1(g|D_$UIMMgY1UVTfv}?&t`hoxuhqWi}pu|va>xj@kZd~D*1!nJ%h*w#xc<2hcMty;1x&x*_{yNr@; z`@V;JuS$20?m6wQ;3_>%(pv&bsVyZpoKk#K5L9}jDTOH`GpA(16uu5~#m$vEcMQo# z8a)NqsbMbqA8|s6c&<=`NHXdf^X*43mRFKMS_<&F4_K?O3cj~2vH3O8>))Gl5MSVY zVGT+j%6>BA+y(T(TW*kuBG!Ihr>g)=6P-p=@=y8$ww9mA3nTcZE?YR_J-THPibExr z!5|BCW_EpdHYCs*%f9Vu|25au>bmXL&UFGO;t(Sy)6+Z^>?j&Df2yz4mXQb^Ny(tW z(ik@i$do~SlIt4*fAaTeR0`wHuN7f82_qmUY4pzL<()1T!}Gl|-}ma)23DoK7Zwug zOKu)Xhv7Ob_`y1w?%DZ&^#OgJ6QPXQe&u&2(J7E3kV(6KIm_Q%*kKoxi)k9djY|go zlqfl&fEaOI?O+k@W`@^>2;FNhOkOfvaIIQ@6tF!qKkCox)^G&iBiopnOfCCrD#kE} z2bVPVQUlxDws+2I*H|9PTj!HrzzJEBa*~IDDm9k}Ei0($**V31+d6G2y^tg%w1Ev$ zcLDlMRG}sgxjsI*R{%;GUA}9kNOm2dJG)}W|9-SDum0@?c2-9E&DE-DEpC97DaO=oqjRPwb2Fn#flr|erBSf)u3 z0bgUJA@o&Y5cT+o|NN4)CTjnKa3RRVXdJi&YS-m7XpWZrZd{5O#Bf3LfjBovr@SC6MK9 zR^j{t2ppKRpXCtzEtg_n1afC#k)F6-W@6%Kc`_jFIQW@y;k71h;U4ni5^-$7B11vB5L`>A8y=pKZ#PEMQ1K5_2baN2~l!Y2EB6=5O)uu!i07q=R$g{|sp zQGD6dHIQCuO6G-3QLe^^VZ|N}){~QAhj6ME_)j>Cjga{J>4s~9fE^7i^0u@)mIsp& zvJA+?zq({7%Yl42v3fc8Od@kpa4L}8zv#DHhqXs6_$Vs%-jVU?GDm?EZQb4?WxMBt z1bem#U4QQ}FDcoXAI+ego3+QNBGZm6O7jwZ8jCg~oS$ z&K`1(aFG6y6rJM$dZC6Mx+_e2mFRtU%FJ~1tDAx+7>#nRRSgR4`m;4zvI}!~TkhF+ z(kOY1`Z_Uj@9$VQP-*y@GKN1K<*qLeb}xQ;OlxBO=jBXzeC)AxBM`mK=S%Hwc2Ca^ zG%GXgxGyb=a0h)W+}c|nDYGEFgm8+M745$1c$c?G z-8hcB9kfsJUQ=Q;>*SK4(YRNFaGn}Si(X{xLeLuJPoD4&BpeV3ruO(k8+% zt2I023;v5Qb?<`iu?6l%{?CbBTY)Dlr&G?m2q@Hsr9iVn@3_{z@QNx*-Xhh!!3`2q zea3@i>r(fFPS%UnXyxs|3+k(P|GeHMF%gwvIjL4Vkb|nteroCd);QX~T8PtMw0323 zcImuj0{(bKL`p~JHYW#Rm9e`rF*p*d4rnq9nZDe+-LA%^-UA1H^Y?1y(2{b|YfgO@ zy#Jn}hPk&YAt&NDMWIOZ+MM#RZvc>6(xzYc<0Y}qesjLFvc$HvYQE{*{Y4DX#R&`O zvn#D2u5XOF?F15&%gv`s-7oxFhw`TBqaPa1 z0&K6O;Ke5Wq`aT?Ll8%xVkkyez#L!wbxpP96){h+3R7o++6n5>1iR>5mWn|9Tho+J z98IA(gL3)0O0-os=xoXRdiU#77B8p`)K#ZnF2MdGMx!WW)7b^f=(pT7tq$-HU)=Y^ zc>xko@j$IY9oS#Z%Lmtqkfb+{jC-EjvVTOuuyN2b(hlxXX@K2n^?ol}bd*^_oz&ho zdW^;6WgCCdn1@g(0-jD+wnKJ+&^iz>0J_D)$;se(W)+U%tKKdCk4{(>bb(@y=GA$4 zIJSZ!NI&44UOY@$Pd(D9Onwe@jjIyX)TqCc4rnKP_*=}0(;14N=oP`9;@W2$kTS#p zA_FyitU`qtK6A`$DP`r-`t?-97{d2hZEy0!Bl$q|P(!GB;S7rShjK5pM^q5xc&2k{ z-?nzY?`&q25}D-A8wPQoySxP>1L0H^E&IwnxY@Ma;SAfUe39)jA1ls=j&PwOi z7k+D^9KWV)wm#Y^%ifg&I;pwt)Op^V%ru32`Ppgd5B6i2{8JB~I8mEYUHLh7p7Uqe z!VhY9*H_MVUXwW&j=Zu@Et6KS;A@JzkU?zFN_P1`Jgc^qTyX46TON-DAHVyqq+!$B z<=T#}^%*({6pR-;clAa76J`d^o3%&9F9G`8*Og)?A#M$H0d_lOBVper=^TXoBf~U= z;!|?V0hSxpdbEY`c*~!mLEMVrXT-0Aj?VoLVN77j+EC8c_3)_sQ><1+=5|DTR{_RF zYm1j5iHr-bw^ny=!|Et`6xn(n@@ItP_@6Hj2&geUCW%x?p#Eh<|4<0)DzjbA=f0Sp zn(D1dE=zc#6l52dmU+2Cds$5dHd!ybRjvK-Buh9F=uQ~hJSY&|b6Hrn6u@GRKVkS< zXAN>oS9VuYJ%^`R?IIY#yzqB`9LJ3~SYDra2s13;JyUy+wDIq=NC#Y=fmcJ+eJSky z+H5>EN;*PP1I!kiy3qy!=;i3EkcG%wigUJ6p*@vWyQUXA!BxyAR(CY2!X8S(3sX>Ir3&8b5NlHZ49ZmVCjH z^u#uv4W1MK6T<#(-|ZyV)hhy%S5zgXfXZ1_X%}F)Ve3=)G8T?c#ow^K0+*;@uec2! zM&MAaI~#ZX`wMjy>}agWe;t8)QxDx6McV*j2N{>qs<--tZ-X;ZjWTu$Yk%)Hp5jN_YeouQsRGdWWW)IJb7?c@rbUqBZ#yFo3Mr)diys@p(2rA z_*iA4d1P-CZR{p}4QpfiiQeD%{oOWQ^%cB&M6y#K!It;~dU36y#`}OjdL>-!*%xU4PgbXP_KL6>_U0v_!TJa^= z61N3r^cqUW_GUMM)H~rcRq>pl8^4tC60B>H&UNJf7-q?AWez_{UG8#tw z#c6e^Ryg8qtxnkM@ysg^*hQ?4fK)(#0qUi55?F+$Eo@RDvF1fUxdpbaw&&$cG}=v1 z^DY6IDHJWZd+pK|bT*~HtR`?XrD+v#;r%ftOqie5oSi!s_??T%)5Gx28S zP@gi6P$deEN5}9Tj{6{~WRh%S=9aTh+fk#b*G7%k8k}3Uh|YvQe(=-fnk5(S-%sB$ zMuQI&)1CpSw<_W6Mzy}{J0SnXX7$E_SgG*hzZpeB|5?Oee1IMrJo;rE;Hdt6{dj)u zjP!4)-`@exL1(L-g!q5He|SXs=nTt0@BEle`QMZB z-VEvdrNVKfkCrymc+P{&of`C&wj2km;N9I*T=#GP9ZF;Eq4ZCIemG<23fZ0MgOFQ3 zhCq4>vS+*-bs5y87-?$XKx<&?eS~yF&gGR{wIGS?2FKav_~bb!WMf{qre7w3BrA$Unsv>xgtcJgBQw^O)sC85a4! zE;yCObmXZJTk+jVZ3yXmq~E4yfrm2;DigTBvtInf7wCSM!8)ZBDAB5cfOtA+IMl6e z-GR;4s%sxKsoaC9OM$yD>jM=aa>47}PIbL^=O@|cz!BEU`@>7gssw4$=K~-hUfDpx zfPh$;RRyD3xv(v8cFbig1GoCZf5*$Q)xmFP0XbV<9R5~&Eo-tF!R)H7)h&=g>MO0I zZsT54q-!k0=QziZDmcE`Xp{;@9n~!{lbriGo2MjomZU`um4oWT@DeNN%r3Zn9mj&Bo zG>Ey3XH{7LdDh~~)+)r`7?cm4K^d`{AXF{N6lVEycUJWCLPuo5epMK#k>|6Y^!FsX z96iqZv0m#4MRv7nY>!;uO_O2;*08g&GrUUm-#A&h8e~G#8n;C8oMlV7fs3Nak1uD1 z#nY6+*c3>6+)JXS%Isvtsfr}Ag7He?ifD+CsY~?g*r?P0T_fy?qx#ohGJES9JSG}l zftr7XnS}KhS&sQP3YXGXPI?V4sZhEZ%i=$~0VR&HetZPmT)NkWyT3dKzuhUmgC~Kz zGTG(-$b+q1H8K8>h5OuZ7YfU;C`Qcwt@Ck%d&4#<&d2v|cr`KD% zq*hOvQF&&bXwyTX5+ZGNX{~?lp9ntZGv}NKbm*8y9hW^AC|@OEb7Av-CoLbbaLWuZ zJd+rz%1J}fuZO?A>;No2W^C(-00KzcG%V1V>Zb`T%gz1rl6|_6w-^orNUPKAOzixu zuk)bw`Bxk$@E-jRX8^=QrJ9+hBoxfPYfZ!aFNM8UovBiIew`i3Pc%(h@G@Ds(q*iS z!4u?+JOhU3bka#gL3Sn3-<%ga7_;k6S;+=6mO=Hz@i8sAlH!0{Sl+SgIrI9uci#Z) zWp`p0X8TQ!)41u|gjujFyF($FuBfhPuV6-h=M}N{27K4gNh(D@YRzDGdV9+67Utwh z2Dsc@!Von49I#|2th&ksZiF0aohb^A*zDHE(w@hLmIwddj#vM$g4_^mAk36JLFafO z%pt}obOJb7ML;o^)|rVvUaplg7hh=Zm+_o{{@Mz#IAJ%#S8A4uT~N%9a-N;4q0S7% z%)kIKlhU75O(@uh=s$SlpYkr2u1Rl&v72$NdF56w(;3Qg8KPix;_T53+ASesMQPZ? z<%56}b#Pcg> z6{JGXG>UdeY^bM7+mhfA?YS!Y(2m^`xEPuk+5v8|FSi7jXN&l)fdIIByx zdEZzN^`ahJpjA6I#kN92!>%uIhAJ)f#gBSbI-%GE+~yJ6GY?&P3|VPiy6=2W!JLqWY6bb3o#O_zSdxwfAn;C z|6>%J&N4XT`ho3#w5Pnw2Tp^Ak6zJSqp}ky(9=+Uu^`!hHI?+Q_>^e<*OG^ah-$t! zYCvrvu5;tfbielT?61fjCojvXwqdA#Z=|xG%}qB!nm#2FS*Lau!W8o&L(VUf64Fyq zZ=ZC#TM=A1K1_X%b%WMV{+Ry&0YD3I8fSawTuR)Fzce+Ib<@q(y@5PJvaL0z*_ocm zlbxmT#|~g_o>8}G!9|8w&xCafSsu6Wd`eP^yA`TTnRTDuNDf-VYE%R-k^j6f)Z@Iv zz21z||a;mRzQy(~?(zfjOj4tb5bq|3xlp14<@qidVu_M{`kN0Pt&`KXUIP_gdB>HrgJRPj2otoU*J7zko0hyB@NKLWi(kQQ^g)@ zLANs`#VQ=emRu-&Y^(DLxiRSdg!39YYh3alb$>Ztl8m zf@+FNcxr1rxpdCcGh?4J+A9*U)JS5-IEZyBB^n}=To2ZM^z6~uetH|IPW;k!B+Tl!fFm14lM} znM-HQ#rxcn~kFJ}UgL((pOutQIKEl?9a^ z|CJWj(*z4;I$B$@yqGgr4DJ*BB_dw*?E*>aBdKP^YHE!KlKmGzW|veE%VP0g{F_tT zxGPKhUIl%w`cuOq**7h^bx_Mx7O1`4=4++ss)Er2laKIW8YMmxe&|ur$hMMnzs8MLM2pa=p$Jq-t^Mlt=;!nT8=D)>v{6Bv zWAQFh_Q$BkLYjAN<{MU>ec8+9#8qopIomnRp_eKj&T+jVICUGGm8Ya(tbM z@%5|EHhB4Ri|D*~Q>2h*$K4hNa?KP#)wsC+ zsMKf*xNl2t6iW~c>0s|-HZgdL87OG0%|q1|JSc;C={2}lL?RC%C)A6v0yvuj7kil& zxZX{~iyfr9>X66&i`C1jw@8!gmq)CKMCY(|9*`l&|Ig(1P(TE@kwH4p>r<|F5zWce zLFk14q%yEy4*CDJ)X~&m7JsfUE12)e*OseXhE%6-Jb4dpWC{yh+!*fGciU7-1g z426UY-xj*^0|*Q%jt=*+cV@k0J^jeZe@!a`l<{46r=x9v9;|Y2YvJ7efBm+_nj)S6 zdxpp;xJ!KTXI>Gwz44zXWcT*%D?flF09$W8>Wzc<_olQze{+$!$%pu4#Ktc(Muhe19vsO`7n*6w|>r1vnk$pXZFfq<3JxYvg_Fyx#rV z{XFLSxg*?veyyr13qBWtuPTyFRP6lWc)0G;EoT3M7n98KrY?7z#)PwV;PXVj2G&Dx zDXI5{#pLzdt>$*yx!WTi%|S0OdXQ5R5WFOKNv3+Yq~~rT@?R~pAY#NV$6eWkL?+!5{ii{Y;lS?){wb88+Yfhig+a>7+H|57 zsrc`CvJe3u47CdkMB8PZ^F7*(lzfb`Gx_sb@bkJKc=gpeeNj>PG;;vazkXvu1wQ&9 zc@(l{H})Mpu96sZO!%L!zNNcDcYbFn8&cvotuAPv|DOgEKygap$qtAsh;H=w|Fr22 z_?_I{JSTz zZvN+sK~1{ZLA-M)eD(-N+~s*c)gQ(E?-tEt$M4MICWKAIGC%NNAI+u(uVm@owpc4D zNkOv5{=1tYIAHKXimGk;Hz7T=<_f02@JarVAK)ugX~C}}T-?1|kzGTl0C#|A&o4W_+|j~x zqa**baj?3K{>~*V|B>XOhL3;+=u@_&XwN6b>MD{pW$7{IW+kUKXru z5+8Ad(*Mq>AtUZo2t4}Gni2Zg{m;k1PdKnAQz1VJn~`=~7Zvpd?E`Agf`9IQ+QYO# zVRL$uG{ntE(wk~B^PDed3{&VZiQvp-gx5*T{FH1 zttCTft4i}Q0sQ&LKEqJI*`f+22waHmvyok+_zTagiHh{U8?k-~4A*B&NzsnL!jp+r z=0_8Vd$6;rbwjk`u{^pGT}BL{g0v$U5bs*a#(l+mlZCf1NqeG1Q)w;ReN5{erpSZK zsKmoYgWncnN(>BB2uAtRW%hjqHbD=-&@DBwQ$4@lXpi8sa^|al9=yql*%! zAcO46%iulTF*qGdZ%?q;h}p(AB6gxSz#v=Z*MOE>-_UC|DLp`)1AU~6EFBHHn!{3- zk-nlv7wnpaf2+hC_1iN&qX1oL8ML(_bQ~K+gAtNc{_WKwqZO zQ-#g&AQ>lu3P_;>Pb`YB2-z zlnpPs%b)88Bk_)_H!nFm*&GP#&F(JKmNQ*$hMk2lN+J#oTV;|SDXgt@G)h=&Z0wV^ zoXg3?{o%rQ`Zenys1#%y+Lv7`XncWW2WG4ghY=}l)oxWl$jgMsRlyWGeLQT$NL9)N zdB2WWv0?}fyBpoFh~K@^r_&zgO-1g1EM07VOkU7XLt0Rkf$Xr*6Yt{tZ9GESz+U`GG8P&u`T-5eogdEYq0NlH(_MoiEf~G~vhG6kM1xF>8T4Y?dOWcT8lw86l~zc? z1jTX7-q`1P#*X(!hQ(n48j}+J;OgPH1EGq?7c{)EkLUOi;`reNJc)s6XqJV9UHZ&v zhu~tsR{5N95$%-z=$Q#8;*-W3DsdMIoOluKi-maQN9C@tz) zIeZt2vj1lxz`;V;up2V~JC)CVC!Bjt{DM949d|7& z*S$8_uL=Xrmkq=`CF_y-j7+aM$&BhMlmvN~pCLU(d%(Lau={th^I;_;jPQNch%irDNWB}XfOf9uV z;iIG|%XL2pfH5ZGF6shL;SdOxW&_Sr@Dy$T)IULBF$6ZIzJRMsFi0YlFV{;=) zBw)ZP1mj9tO-8U3kR4AO zus%n%g&yO{Hcnv|Q*Dv9ghp*~!jv;yyE7&*kF`mB%o|zBxQ@HfkdPI6qef=3qHh)o z^cl@#PtwTFRE|n`=GhsW9C`(M9_Aol=#w0}6=EU81bh&00+pf7UqUh$E_=cE@X+Tq z*yg8?V1T5zi0Y$d!|OL+luP41^=z`qFa@u(s;Xr5NvzSJcM#|2hD?=}>Onsp=Jlos z$n{9Svu3UM(b+sC8-B^C@=AzaJu325Vh<$2c;#mf?%(yI4=gtg!R8%F&%7eLiB`Es z9ek?A^pSjT3y8ml6C{IylK=8v!A8z>_u@IZeCr$z9Qe@#uTL+a=Q#vQoITIFh<`vk z<%GIs6Ka=abKumZJ<;`s+aCyQen1X=LYdjIju=~!EXCV0y`4F82eGh$$yAGXzhH$bPou}x>$iO+Q%dz)SA_Vl;K37fT&H2kcK1QF zl$D*~Yy`w`@A*$mZZIfhpfP(Pk1C#%95B)_8XBbnE(Zy=zt8!wPJbhHuQZx2b+Gx;1O?NkkSMD>y^ z3baeFC0*|`LLyc=tC;BaYm^UD`2-5Df2SwI{G^n}x=9)G&al8=VN@O1VY4qqWbMsbv-C+-TW;FMX;IK>lTJ`gZANB z4e2|{h?qO~KZwc1FASAp7!QUOU}sC;!3xn{$35s5VluG{wfG`wxPMXmvn!y}XvIrE z6s&u1At5aAD_!M~57a#ISKqT&w>@PY^LUMXl!D4QXbcCKrzZE=M+-ug>sBU4@y_bc z77JjuzCSwq`|w;*E-$QS4sG-Y%OT27n?E&a*Onr;N=iyme>+A5I))Udd(r6;e@kS^ z49R))84bVT+a9mO=V;gS`5hWll7ytpohoi?LUk0vh*c1pY=%~@Srm}+%%PR@83!Nw zY~<1%cRJL|KTB6e2p$jA$pWkqa}p55?jw;etjY3pI3vT8cuEi(%j)H0QDEu4hh4CM zLgXq>=lEo`#{QsT9?qVLRe?A5-9WrEE_xe$R+UMI4VX|8tO@1b{3-?AT^A+6gLAUh zxfKUW`fZD7;x-VMWxPGVSwKVfe*f^iDZ@s5b!t0$?8fl|$)@t9_bX3MUomwJ^i$Dz z|2ev9WDiz&;FwTzcHPh{`?E;DQqPx+6Jv$lgXxO{X^fSd+IqO&i`qwXZqVI_waCMG zr^v7ygYnfRFNH5vgvz>(u+#VWa^MU%k0NOopGO4#oLwnSBekh6Kz=f+XX<%V_IG%3 z!E05En{Uhr?R}a(-G^d*Wol{So%|<0&0?uT@f+zM*LO#&Q3JTVPr$4#eM}0BZmn7Y zUN>yKYAAcnZ{XXI;+5o7aWB?!)~@(#E&L^ztFk*AgNpg6E1ovmeD<~VX}B7<+5YSs z0Fce>7GfNPfxK{f+ z(DAmGp@%2-j<;)C58GXM+ADD+TcN@e)sG(I6h2M##JVbS1$XrWZoIm26BjoiIi{oT$V@1O#V%S-1S_rsC?^Ar-6}--^AF!Wpx%$G7L26w$^d4qA3dJKCEwI05O)ny zdUv;hc|;a#bL5lz3@g8i9O!L@raFzp-&vpbfL+09xoWEmF{*PyqnyM^1T>OW=tJRI z-{`(zxn%Ivcmp%8g*D^y2@UvDl<%&-C;TPyRl4J*>P;peqlYsWv{KADA2u389;7T5 zPBPY-HX;v4mpPey0&d$ood2bycqy58_j1eGxELsKyvSFFZ{rp|uPR?s6^zC7pT48T z3#=S&U@Ls>Dz+4L5<*w-ovp_#aq0oI3J1n~I4tpnM;O}6$U*_qz0NjP zfB$26B6mrVDHDKc{z$!hPX`~_kRCUr^x;WGYzi4LD$y;Ags`*gcTGpwp$3~3NIZjI;i(n;eD(^2zbIi%9>KTl z!KzX}LW_f~%)zlYX-z2VmBN9HxKJnOH!#*76_-Te{JahX--q+;ol(+S1S)ch=T*z? z%}>0sfL5Ry&b2=w(t}RzD{R5TIwmEO*@Ny#NqWub)>iok=HJo7(=F5`;$Bf^vo@9! zzyQk4b070?hb%bKEVc$G-L{|qvMu*C>jTVIEmZ!&5lW(C^;53t4<>aH<8&lWa>h+m zeUfBj(&LFA%gplg-IPk-!q~(q7{Eq0p7^2c(~OFyy~W*q-BCWjRM;oBdMX>Cur`(j z?3jreqP4V7;I@5_yIza@pyy)~(!wTxuPEbNEM6$o&xwuQcBvYxuMtX1#0tSiO{d|n z>EpBYuHdXEC|~@6aXbfHa-ct!WN9%Ig2FSFyX+hL2cnIOqT;V6pGBww zTchr|G{E1~UCquYvP1^Vw*m`d^B|YeJ5{ODE|L*K20&;iyac)Baci&51$I{Vm5T<^ z%7cTzX{)ka{8}pGiMg%~=>3PM(+GJ0xF6ih-xhcssP!seKU54QhdQWg$KC0+fgi-T z+f5Aoz~tveP&wCt$r8VF55R@yGSAsX`IAh6LHP$_e)!}7;#AxKY~)EGW~{`*KCw9~;R~B_1Sb)UVos!F6CkZ8JK|G!OyC$!}kvgK91?1xX;a zU}I^r;=aPPh+fCjz`5BV&thG~#^BqpY$DDa z;IIl#u&q_-jgm@q8E^nA11wBj*sj;^gbm65z)*327XB*HvM2Bhn8CyzJ@2T?2D~ct zWn+By#Vb8CwSxHj7c10EG=9H@jxv-$mF|Gr-4DC(+hY}4G#`&y4*oFIV0>{i=IZ-4 zfbm!b7l{ChLQLrcFftGYNnZQNGnUOgAv@n4kFM(dS^0JEW!*bthWKi-oN}h*UAJ(9 zyv`B3vtY|dr7Ah!vN!#;58d_p$4!8^9f!3taAQP=0vmY3IeU~d=E8Pi#EZpAqy-g7 zWEnE?;=;V?9jb~<2~>56PP#qBkInpAh5%Ix6NeB%@wD z_>jL9{Gmj8^)Ur3=x{Ck_2+=w+z?ax%@#p^KSa@@d%~{m7w4urYV))>q(0n%0C5y2 z8O@m4L9qNRzs8pEMIj!#YCR4%U|D5?-~ch+$#c>*_y;eEj*8CFJc(G`Vb1mG{m08j z(<|Ng5A=TV+jFu|c!H_?-hm#WxO&~?4Tv?Ur-KdXLRZ9iN)o3NI_~4TlG%KF0H~eM z=+GKk1=G%Ru(NTm1Zwz(vd(0lSzWMlKSZ*4EZ3ppPU=>e6;{1E&Km7O;#| zho4ZI<6n4n=H(waOg4z?aj+lC2jRAIVK8cV-B-kiGic{yfFme`- zTM-Z@8GVi;4(HO0Z>sgPto*&N3$-T@Y}SMpLhe_+@;zgb-?Ozjax4ymCV+iLG8jE) z30=tq#^mI&uyKnexaIUygF?tL8*Rev5DSj6(+B4Ut%FlIMm&;TR{%l_UCBCSj)!G^ z`hpL4%aC}&i_B71w$>B+B#RE^q$>`Y$VVuy2!Jzz*UkYJSjJ>p0SgF2NLM_fkPh<2 zUp?*Em8^}29C>|Kr)I6wkFA1B)!K+Q3loF9)lO#u;I{SKSCZ{8jWZLDi$iK>FJ5N^ z6@rxpFDDw50s3c3!=>|g^9d*3yn~jm`I696x3mnXa#w?UUHT>_kX0g4MBr=lMl%!4 zlLat2EovVO-j1>yHEa*Ng1KS%wI2*kjEWIs0oZq@md_QT9sZm0_O=dHnufBFr zQOT$-vzt)mPFR9FiAfiSujd(WN^4)^`o0dVB1jwq}Z32E*5##dLYH%E{(Rljdc+oPfFI zXTZB7Bn5Z;KwgQT90C?hSofTRHR}<={n$ZC#=Y?TFX}LYk2e533MW!=6T5=%$JA}v zCHYPM<)KKL(XEl+fV0%Qh+c!HtRz+iW3a#kMQRwZv9p`Ka~kBSnhh&0y)C%?%|Xc% z+)p774mMN_c%9MA+}XR~vS?mdrj)#Jr2g&rg5F0zlhVZl8}#g@R{6n>;pYjjot8e)uct^gWUFH7;I&27+~Ng1YD9NgKOyyS=2W*D@T=~A zR9{JBMep8AEL+aAC{*h&O1;3lY0oM-qj+nu_Hg8ALz85-c233U3nr~Leh83}<ka`3-@&(OJ5g-_}2i8S)KURXm^8W!>GBt784s5VKV-vxth_-4h( z_vh6+7oZMZxiT#d4|FzNqVG@ZT=-ZMRB^(L`Foz1YmGvZiimv#7Q)}c~<+|P=i z9`);E+A_O2t{kCLRh~)bnaU?a9(!;w_dj=7s=!k17sCN`{jEGY$rh&H$62i3=v@DB zj#d`am_YU*elFE*eH&E^JUiQnh46#<^1&Chm%kD%A!I za{A_uunnQ|?)PSeX>^tit1uY&Isk~uG7ePNK2t;8Cum{B%l4%aG#f@Fco(;}kGCS` zg3B^2Is(ly7R-k;3fKW6Uf&iM0)#MkZ%;r7Mi$>9#`=lNZ^2KuDoFT3m2mHX>$s+K zvJ%6BsD(!|TKJ|fC2~fRNQ3ygtwh}&@Ih~7O~)i3cy$;8x~wq;8&8>3tOstOtA5s2 zM#P&SjyVy>dH(3ALzwzEX|3AFxugXpp$&YfIkCe1S~gv)`<4zL&a0OzdnGVM2eV;3 zR9k7q+R#|U70G$rf*zh)QSeZ3JW?cyCa!z%vX0u$k%f`i>-?fTE8={FOiZ|9im*&m_{FD zXcD%|o|Y~rMk=|6uW~7+#c(zf95AXU9YiGug$J=yyQh&Bpdyj%7(_N3Yx0k#RCQ>3}HspyZ=!wmOIEz-QX7d+bO?@9Ou&`_nd1@7^-6S9M7i6X4z}g}GP-#el`M zcMH>Lc`}(S)Xw37rT$(nLepto+zcvkVPfX5*Q7E`T}^gu%R_c9^}?%g01}GjicAu- zGD*I{wp1?5HZ&_sX?Bh}u!-=Wgdx1GtxnP#*surHPgAHI+PO6;t}ORvD3Hg3Ti_a) zOAV8C~<=)|eW@Bpz`^ueJ*) z1uR~6UpIp8x`!e0M2V5K9_BH3^vG5`D)DP!os9$AOEZtTG*W!J!azi*nE$Rv==%j- zL%?xNfV>TfPgVnckCYK$#$F#0`yJMRWht~J2lk}{^`Xt(gF~%g!_)3S%G2u;u0wV+ zT;IzQT4OLL;0znNaq@=NB*|JRPLwSS+X)eQM>`jjt{@UQhFNhxl2t|se@tpHP1`Xa zc_>afEq=^j2Mfcw`Hud*Qn2>`St748n<1(L-PkYCGQx@zHow1FP#T3~AFG!5NRq^D zpOWLcq?MDfQ;u|+3e+F=+GQJZk)`*2%Onz8mJwRBO1e@Gkr`&GBlUoi#+=1FZD|3J zCQiK$OA$a8E#<-rU6s20xQfg2Qm^nZc|QU(Jv?dn*caF(#eDO&Nb#p}NC&y;^q-yb zq8qgU@wg~&J$NnN9@5=+Y;ICc^RBJ_AhgWpi*sR7eI|#Q07xtj%x!WarV@5$cRxfC zNq}56p{P?RM^hDMRnPkM0QB2}24%nE0dDV={ryWh2_`bqKl$kl!`I^Pj9NTPvg_Yc z%O5S+JYy!wQvXT8 zn!Fy)tuB}{(}FX6Q)Gh!$r)p2f@pr%glYSr zu}ur(6#MZqfii=>`_PzmIVt8dUFCrakEB)p#*rLW=eith01qwWPT>B(dF4TTS*JMt$ST%v|h2$HCZGP*Ab-KiDf>5~&{XtYY z%oz1kO|!f9WgU$x_M*gXKX|n2*g&c*S{MAI(Y9zh$F#565PlIi_Js$-RT>iNQK0b6}Truvy2>XPsK( za$Q5RjNMxhN;3ZM%UCj3e{Ii3eRu6XOnQS2F-3(u+G{{M5o~~5Va%Pu`LAq3O@4mB zeN0~px@9lcGxc`eN4Y9v$K}VGi#*7=SQ8GXy9T2*#Mwk@+^b!Z`EA8P_$PCcZm!&b z-PBO_;y+>{1FDIWCwUjU?KA)kCUg`ZLiZRohOeK?oqgDG4m6MvOWEiMH~DXi529n& zt5(z=HSVqp`zTn?7ga`xrf!&P1um+VA89?d@I+T(X1+hM76&%1!!2k=4U16{V`Sx7 zM=a_RlAv@CzSvi329l`T$723Xrcn62k=KsCHWbpS*@OdY}4?#_KLR z`FZjT2iT_jZQuE#KkN5C$S2l{`taqSrQ97Rix2N)6J6%#v1{zDNoF6b??cycuJ_A8 z-S6wP)~qs8Y#??2 z^P%Zzz%>piOJ&AeD~FkI&8{?tiyHM#(a16>*IpgUCd}jQSJwDhrmKAFfDpzyrkiA4 z+A4uBGVhD+QBgJx?qYenHjq6=;a9G3HQ`B*s2@0(KYXT|NngeslYTbK(bX%^F{H?E zJC~-TIq)T3`b6fL?&CLr&$(@1xN0}7caq>%vhd~H1^R`P2krnWTLd|}oxDM;TZtt< z9p45%3y0yLkMvC^0GEzLJpy#UZgKkO7TlC(Y5A#9*2=H7V25K(nbIOit2@BBo~&0G zRLqd#0BH@-sEk14UczuB5j)?|aRKV}cFQh7gBgH-er(}PX0R%yjBxqf8r>g5lezi2 zF2f?t#)fdX9Y`7;6H#U$Jwv%LJlsFbyqFKdV%F1KyMC4}ILJMnO#!3~&0mSe`5U0o zMN__cXq41MyTMY+Mq+=w0-Ir@+Q<9N@j5=uTw*^w0UZl6_vx-HS3rF0b!@ptcC{p9 zfFzN(Q+jQC$P7Vw;{hOU)t_0Iv=U_W$p9GpSivHo^%8A(tIG;Vp)0z}T>oMY)B#s9 zB~XSp8jZ)rHB+hGpUmYp2UnEx&125()7Y3yoqczNemLZqJ|T^#3R1PhELEf{PPu`y zzjcf7HqchLl+B@^50fh-RD^#$lLL$n)O`j@vae;xz|92bVG;Z(4yK%$LxVP#%mJqqO-F-{^%bql);+jBDE=YQui4c)-?Bh-0<{G zEc89M#LhVdkeR9w+>ishw0bA)K%RBIxLA_f+olsh7M45HEwvYbVUyCf>b!1Exvs=q$ z5mZak8>y5snckBb@9w!1ftu`G+j6f#o>!W;uTtpQ(~G@xdwcTwyMGJz8WUIai61@jDm53({iC&h_~27v)LmBcbk_2a?}j(qmKv z%r|pWFII)ZyCjqX_AJfst&K52-#mTuI`Kf8UV6ll*Uv9{iG}_}GO&apZduwr#8h}DdOe6J&CFJ2y|PLcqA?72u|X;2awod z)e|A&cVVgBS@^PA?jOHTSk>hMO)H9%jLWoZ_!ppA)SXx4DoGJV%ot{=1@d3A#JkvB z$ppp(Ym9dEu^Aa|qWg~HH+h=Ei2&zN(@7rSbxL@8M}Z>0b**@k<*Tf=k4%S#5Kzc5Zhq5*?*5d}dtxwsDFIf3A&;vD zq&@VTWic{T{G~^t2?O=jMB?6iR}=L`*(9;4-3ZzzikDVd`+mnm$-5y0-u2UZ&tJt+ z>ptQN2U?`cuR`_Ip+aA6<}K5dzKx6|YJVSB7aV_>Fwhj2sU6f=xB5fRAKECe@Y=fjrfyY6oaB!iS1TSc9UW&CAwiZo z@A^rF8L$=>pbU<#Xg;=g?1oO;N|D%Tag%0LJSz^B67Fhbp|wK6O&vBHWkmbciG}&` zGRF1q=9OQ|*(!LruJQq$$l-}_|!1w6Dp0 z##kyt;)wkSB*98L9~yYMY;9X8__rt0rDRDDhbbF9jSdV6KFNH7bj>yX2DoLjDC|hmtJRAG}cZh`XbQUrWpQ z;d@XOQ)qYiaj9A#kxFjjRl4`(5G5E^(@DE?Nw0TlTLsCn-w{QmH!Zv^H!Tw!KQw6j z4jlo>)}BYYjIuNmGm9}q+F`5|IGD8>6b`tU6jeKQJvLex4-Xv_r`#a!3Yj z@MvFqTT&oMaq0Je$=rD9F?-*RDAX=XOQ{Q+uP1bTr0boj@oer`4uA+4zZ_R^qWQ$V zt003IA^xn8V_wV)q(uw{qg10)11rPB(hAF%xc9+Mimv>6+mSRHt3^It#%oVW7!bPx z-|wC%{a0s;6gIPp6azkvpJZZ~8z(AZoiZR95dR+-Oa)-@-Bm!9$p=-pMnNSobq_zr z>rJ(7GXl*h$$|zXg8>kEdKH2$34xMqhI@AX_1~0U^g!Z_zJySsfu9GOtn2J#MVQAE z_sHDS-H9OYi0QhQ;ClCj{IJlE;WT%K2l)b9N;N4UEMuG>Ek z1JrPc6kLD$LqS|bLcS84)Q5Yg$>ZIVw4GVll~Xqd>F}0>kOoXV?<(xs)nBHttsT~g zkQ;v2|7j#Dkzd!-W@H#}sJb3JtfDihN>U@0U<2bB0=se@MKzj!vj-z?375A;ZP?$;K-Ub27ymgzF(bXIDhkQ|Vk#oYngHJ-5FMI_x3*fC}8CoYH_ zxMdHJyQ0iPhh9dAfJ$8_X8Em6moo^u0W*lFNVV^v*6({ZFePw*`6lZ9uR{=``yhKZ zUp53s08IrGQAx~enmW2G2&xoW05)crj zb-`s!q5N55j8Y5E#Z08QMsj*%m*KFOpnC$Fj`#DfAsVo>naOcwUF`0tgIqjMQvUS@Iw11T zaou`MB0!pkQ=Z?Oa!i6P1<9A=0t}{4OP7n#OQ|`)_OLc`zWvT9MQQs;!NM1wC7R)S zyaABeV&i?qFjcHpAU$`Ma~bg#V3XV2L<-z#xTFbyP3(}BmnVUqf8pW|`Gr0G9Xuz^ zd+O*8S<-*jx+0wOGygCXD@J<#+2Emxk-eU!!-xgRY#jfrmdlvW=L4Wi@$8DaO|t(y zQxxFV?B001EokHXoN{07L8km^DthCysJ3!Em~1 zAJ1bvjk}e8MzI+~p zwO4g2zAHMBm0xcGEfXD3*2L*#*%EGwd_}WZW3x>l9SZ6}0t6WM`lv`4j;kdhO8jg< zFpoSh*FQ(z<`ur0^|$8fq~R7H41&YqMW3wYgv*1<)MhsGhd^xv6VV5COCI{e&UNcq zc3aA0kzgQInEQf=t+DPKr@r{U%K}nxFDsLU;@K+>q(%VB5WwY%jDuvr24Swo=!7c) zdZG($L6gBeW)P_l)!S1@%hb+soj(go6Nb@8#0~9VIlM`*G-}gv(k(W)VXx^2z!1jW z(J=;Q_AmaLfrABV7=NFZ6p&{zcYZZ@sXNQeQ0ta-WB6#YKIww+vM*{~BDwhkbTN7- z0LXV4dHDlbap@moBTEi+(j$O8b^Vpq)I5K@sbmBJhKR$=L$PevrGeZa5`e!z8X8{4 zE?VR69tkAV>T92uDkH>r?!B3hJAp{U~#hSB)l9v`6rm;Dy_r6#2EhJV3-E=M?scPd#G)Qn!RBFF5ujd3u z0`S_~l=pqUxLsgwxep3>Ov;18B)G0(4cQ$KzC?(ti$-`A_U163q}$e>I}U;P*XFt2 zJ%@FdIaZ+i1?IGyvHh~Kwsu?X@0D{Ecs(l*u8s$2QZlN9j zg0#c|GG4zTM=}!fRAZpO`&(%jC_@jqJi9WaEl*sytauZ#>Df0P668mIWFyoR*(tZY zbgfOsM!FHp?IYHNfF!IZN{jR{uXp}^Y%;yV(%eMUzj0z~R52m^gnGYU-}L|rRHhs$ zOfl%JrC-H>x|@CX$wmXUUKdnwJu(%GYUkXtkuOa7gk>qn=#oGq6;l0YV((O&KU6;d zjjxB2omqP3o zJ{hxn=YCfPAHKk@TP4x4v^|AlT;F2UYvqW;zihDj2KdrNP;;_W;(Jvy7vs@nqeunB zjS=Fmwa5jNFkdl52X;}W11ehSLOK-OSx!L#pU)O8SE)w)e9PwFYg!vxXw0m+TtnW=r7 zFShZ)iNzUYQjZ(%Khh2Dy}#s)|5LSIX2N=HXdM(}(HTjyF^Mp7bHG7#=U_1RcY>9W zl92Zj!s}L!77d_midpND-AaZWWaLJQ-?p$euEF`dD|H=$Yg5uH>F`uxhW@Y6~NzgYpBh-DSdM-RJeGTM<;x8?aJz4yLe-FeYgB z(Jg!XV;(GMCc)e4v9$CXz_g;rW9{TOn}@-y=O!dvy9nQ{`u<&-Wh}gh>$JJuynyvm z2YJvk(t^4-fJ}4~D#sSRb~}I^fz%P&5%)|hw(^AL)@?Ok4S9=2vzf(;xHOzaI|frq zgioUSvniAf2>4oRpdiNqBwiNnEXel5Av6#oeu;oQkj|2|r^hHpb@!2vhQU-1>x5q9 zN)+uhx)dN^IJ(KaOMb;$)pVqLbDWhcW=L4`Vwf}_2fT<+8t45M5S`glfy4#al*czR zD7&8ScIgH;UWl3hV!eB=QYjEn%Sbv zw}6}c(k0iFS2d(=A`by|DA3ZoJ$uv{n=!}3VX{r^0&+lIZ;jjE?`%0yN7AD4bUWNS z-8{VSZd}_(q3iIQPfRk;Wan5EC}mi@Dp1P*a{sSEe@l;TAz<>Y5;zRFkM_{T17?WW zXKRh-3d#F-VVsUON4s%>Ak-_U>v&oz9}e;3pSLzKq7&V%Q8I~$7ZolCR zBL$j3HsD@Mm`ua53gP7D8Tid`>EUAXYB{0t7R0lvO z3IsBMe9KlbW9doJY`m!!M61Dm>=FcsFmW~M$n|s5veV~+LFrgWV8#;DioacCg(AhU ziVSXdC|7B$-87$RMw>Vk^D{v$ajBlVvh_s9(?s#jqCO)lpZXZ1Z>!K^#*W!**wNDc z6!k;Xd9(+bxR=Ud7FU=Ls)Sc22^On}5c=z!jTZB=vIp$(kJo$Wb5Y~AD zNTcQ;UkR$sixFok=44gI8(>8s#0@}&K$WtuzV?EAL>(+G3!<@yeW7)ZM6fW(ljc9m z{IiK9giZ+*N?k?1rWmND>1o2WV2;1t9ZA^E2StHq(e&Dq0x2bygFvXlPFEB7uZ7!hZO!Swgvk6M$xr^DE*JoX ze;zmuAkP1JyhZ+;DRug9ZvVYWejU`U{Og&z^52s|82;~ze{&uugY;G&pJEvlVx|RLovmU&n zFFr<|cG0GVE6(w)e9bEi8BI8K_#ES1J6_zY-&IU!Xc5Cqu?yw8!W31b%B4>ZVx)fg zMjkSmRZ(+*>a4}Eb~4~0%LOOxvFI)uQczT1uQ<~g3xc5*&M*3Ma!Bi8dn;BBn@7>$ zbc}mnhbn#QsjnD=V~R^x8uzsd0@#b{d&f>?$wYFzR{=P?87}8ABe0ViJUDx|%}?@C zDWk>>|2Bz>jdPP*ZXsr=R{#s91o9ZYs|p8edm?atWE0A+9%*~AVQvG=B(Jm~xbhhK zKIDdk>0Ecp%!OA*h(k@WgH?$WaqjQaJan52s=m>uNgFUuPft6`J;B~^bK#CL!tH2x zb}?*k{<+U3N*Ll`&Bs7p_&M$T7`YOI+o*sk<-)JtrOd7~rsuzBIbnV+N7ouH92M*f zK2xYY&H`or&TVay-r7dbHTg%ac_{8YO=c~snTf*+4%--lMNGneFSxkg2-f@Q9#w_x z`g5{hylh7^!b!)4gtw0N?o1I!JC2KrZT0FmXFI<%pIl4gLNYGvv@;@MNnfKkrz;&& z3c=B9At5eEh?$w$?S~)n=Ld_Dz?qYxKE1kD1)6+9r+XgmP(3@gZ`%5`t9|+tIFqSO zS#WpCT{!0cu;)gH*?|IA8xZiBMDrH#bO|ZY(1_}4>Dlnrr5AT32uh53tQhFYFZpvd zhG-kPHAP)7x-qI#6>Tf<-77n3;g;A&K;QJhsBMvu*w*^M=t_$_aDOYqHRqz}IQ?tnmcr**unna4F%h?t1wr!QF(o__bD#3t?(u-211XMtp0fhu4A)woeO79>|YJdaz zrknKbuNtptPApqx(R^Odu;!>84VbCtRs_)}dsMQ81fBOA|OE)uO3LlWv` z9Ng_0jE0=@8#eb+2gYi$l%N*{Q}Qb1fyUfWmg3$kSEPrc5D$KV0?6+wu#i8@))k>mIG4TN|u;w$B`~WsJx0 zkC?%K7C2V~L>^TiJ5qmtY^!~D7^yHd1Ik^5C=Wi!I5QX$fc0Ra(!Ck@ph<6;ovU7RH>Xg6(8dgr~;+d;LQC> z{pqK<-t*X6JCR)9GS()5&;TuD*L)CK&P7yI=!MOVNpf4kR$*NB>YIicyo-HfuaOkx zf@(r7&?Bk7-~&`b;je+wRS9KUiEp?@mNoMeS{sMGo)E zLhtQOh!PVl>kEE09|94jYnv9CfswlGat;4-36wahT=*3ScO9(hBG4`j;_U;QW}p8Y zuE+@sp!^uGxdDysr64&tM}OEY?}Q!KnQP=Domo4+*IdS%o`TbvGL8XRg&+o82>W*D zbtycf5hGLE$sh7&9$HMb18hH^AG%_z&>yDYw^@5uD`WLwlbJoXvv|N!wOW zv31i25+~G_oYuIXY@w$@fxb)U0z`fOglfA6Lw}{e>bhbRt@P_l4}5~pC^9MVzPcE3 z{!NOht7B{GDCky#9@vIJ9E*|VBlG|zxcnzwgaC-lXRFe#>=qx^RWW-?$N)6YhOV4m zo7leb^b!-nHt=J5=*1`0nip&zTZT9RwtrLK5K}V0{=g=6lqelooVC$*rNRQLtQEA? zDd@xtWDKjnXz*tC%%mj`)CvE|Mwri(TY1wJ%>ms5VdD(yAu%{>jC+|ceR_Fb(@0zS zFU>L06TNwZWh9uss+0&!y^zf31MSw+A9jQJ<+EW*mKmPew(jzSHRWvFCb71y3V#*c zA5V@lOV3{AhA;hiG1n#^+ZL_EI0>aze=uhkM~N}JMK_+yhQ&cP&UK%c+{mRHvSD*u zfx5Vx{y4pAhZB$3Jtpv!kkXjyu}PB|1*>91`TFKQ(?Q*o;p2`j+nwjwc=1#_nV6X- zR`xSUPKwo*Z-734O;aQnFBo~P=J1V-RtPk(r-8Z^hUAy^d0?gb=IaK5peV6U`eX8N zlo*;E37MvbCdQUgV>BwppqOc-H7T|?sFeH4t~+byLuzA|J&?gh61steq0j__U}$&p zN`@OL))c3jaiu19M;uACUFYnz(lIQIFU39h7i)%38n@J@UtK@sf+JCKGg^RPiaobx zptTqj12o#(3dB(*`q$)Rr5}9Wrylb2X8&>p%vsD*{0Iop@sSxiKBFTW z`7;1?8`~tvDD46nCvHwi#e8Uyyqi5som$;4F6}wtI72J0eIp5vXYDbqnaJ=@znws+ zF7N2in^!@y*nX4QfcO_N^LWO5yh|(MpPG=MQv`CQsx{*-sk)g26*Z607N@a5pM2mt3qL*G)18_!%k0CCyv;o1QHG82MDniK73C6S{PE&`_ z%>_tGFfd;e2{RvZNNcQQ(i(MkahFz$8Yk@%_z zD4!y+igN!CHXJU#yV!>UE&1S^N ze$!vRU-=7x<|%EG{#akou!g0d-y1-X;A6P9rF3t1?X+K62G^Y)2otzLibz{|D7DRE zk1kqnxt_7-+}SnxFMD-N_WvGG+u@8`-$AXgl1W&%Nx&}b6Rp8?GId|6chH17IMe<` zCRxLpD4fyLSgDEmd7T#5M}2_i_jb*-h^x(jOz20eStb6+lMrkzvimQx6~V$SUyEP+ zypL1Z{Io&iWq+YzLNP6`qPZ+KlI4{sRuHux6m%6bO>2T@b!P9CME)$UiX`$G4HJUi zR@n+T^%-6v2Qo9x@HqbV_>57Y&mPN{`0*5%PM+5+x7H#?zQTf!wEU-+GO%iK;6u&u z9rNIe>^We!e>)?bYL@7n?Yu4$6B{@ic;HXT*Ibr(@>}2H0FU|~IAzO>>MP!vQUW~+ ztA{&H)Nu{OLUfa<&&?@ar54@q;4-%WB{Itf4J!PhzxtIR<1GCb0m^|d(nH!=Y=zK? zqW%ZpB!w;>dt|h~x*Dh>s_U_@rMfQKD+i(ScTG8wfc}GSKO#uo_LRjzXtC+;jHd~h zD6wepV*e1)R?)Byo@h1)3iVEGc>0$bDi)E+P^Pf-i%pLPj3s!o-gqX6)5X`_&O2F8 zh{s7{=`(x;rgg+6kl>{%AdIH4SApj0Ui(9i%*ly85&)p%#w%`fb@SE9Tz*KwlvBKL zrZ(qjS5u*n_tz-pY|rPf$yLoVVDlBA8+-x>1g|s?N)5?ipA?frE!-e@XW^>~2wARx z(oMXIDslL8dI^+1J+Hs~`2a2?8!yfUdah$zPz$=%8dN%V;S3v)WvMk9dE~}EN@RR~ zb`P-ohP5=WSx&C^H2ePi%sdF+4G0)&+2=g?@9}nQPgJ?>afNPc5ugD`IdbSD{2Y5! zhSNCUm2vCG01gGG`EIWZ$hXT_yG7# z7@ZsdOx@aChZ-)x8zm7+6R#OtHB40w-R9?A64Jz}Z=IQlXx*brg-K33aomO~iCWLG z)-p}*deQVr_~9&C3 z8QNdZnwbO@`qP>a+ZF)v*+d@Off?x$vr5$`(ui=$U0MH*j3ru?lv`b zywnRQ-^4|sy11GDl7O|ldlNyL_mN6f?btTP8e{u@J zTE0-2b3=(T)xp{=Z;r}u-nQqQs9_peuC(bba;CoW$8#wMdNB|gtNRU{43>)PUbt{X z-P2@Hq`bOX-0BhZE`wcQFp=i*Gl3cwYk5RJs${~$?kTd`%P z1CREn|JS8O`F**v)V~oxooR;EF6cQ3pis#E2cZP7ueDZ^G7R)BPKniSV%Mxyyvj+hK(bZm9 z1}w887_o3}Tp(L!3R+jmdUNFbr=;W-yhY&Vxpbv+C@@Fr_rG7VC3}nm4r7Y3Y}jXM zb2Ghp-aF#Hin@_qRpr`@QEQRJ^!${_o`S9rZRbTYf%dx=PSH|2T?!*p?BAf2Seqr_ zW#a~E#*jJ9W9x0T|~@|z_L+SaS^l9NWO z1DS6BsJi;NxgXfB>GYps=bvMB{Vp^&LoW?hRoiIgPN%n!q8oUhJeo z6ZZ^Y&$qfmV&TI_J3y|WM}9aNDU$qyf`sW00%G9u+;~mWLs?GA`r-6*|1r^&euc0} z>C;2s6OY!m!J@=iX8LOj0G=iYcM~9H()xwvzzV!uZ`GO4rDI59dhAoh4#&kt-jTIcO4y;vPvb zP5HBN;-r9WeTACd+YlP4QCuqSogGe|9U~=n_LN6+E;WAtcejOip*U~Xu{>ZJP_gz1 zrGgMEV5M;^we2^>Nlfc$PfJGS*R)PQD6RD^&exN2V!2L%p6WhY(DYO|jcXRyYXibc z7v6;|hg(3Eu#)bj1Aj^w#5@6!;f$9d4s~5`0Ep+CDyGPr8!Knv7IR@_N5hs&w!U9y z9hn}3>lOfHuyBS{l%XNhww)&ThMwPtAwbvvw@-c=~K?1C~%IX?kJ9tchI;IKD4;r;qVF zasTq>A~M;uq!xppF0CXfWqwoK>quMqaOt?;*L8b^tFqCP%K`icqu7Z}V~MbsXsXeO zPuqh+!?$dazUA*?D zTVKFXmx27gzSt%9G2jNK-j@L_zBQYRiryKPOgqJbL=Oxlt%2^{Zox)XqZ1ZI8e4pZ z*XM&**I#vt&@8{%g!`=ost^N{Eo5ITg9dWT7MayT7|7| zl)63V^eSsctz+d-vM7B*Y#*ifwUlmdjc^Ki$5Z9^Z5#^)dN7+%o$|c3WY_CJ=Z`c1 zdR-8U$uANHE5{<&mc5_o%>e&RmR40Qd>SHMy5bQ7n8q@1!wA6KPJAE%=kI`RXRz3_ zlUW}5HSrhvz*x7i@#NC+C)*`bin9@=lu+i>U!cW^&t^kGRm(l z?s!o?bG2qbTm)b-pRgJO)8V6ndKdCYK zzce+#WlMlUc$_R4@eN@7ceTp(fYQ37ScC{r^w? z3}o*3Z{_*M-ws@b)U)2JZrGulH$2!KaHYSl@7!Rtasvjkq+;M3Ute04w28Dr`iY(X zy=fG#8wViDZ8tumRI4W26*v@Xl=Ia$nCDBD19=*)ppA`v3>A$wrs$n`q#xz>>Q$fY z#f`T-YAk|#I=UN;_RMU2|KBUXi-@aC;bfm%{yn@B9UX^Kc=2yuHZHD|QJxC>?Jr4v zxcP3qJCsrW1VD&7Vw(cG3;L7y7AVyj>bdmhguD%cQd(a>K~X~ox{e6NunSg@PChv`B3E>;z2TZ%%4yv%!^ zyHc~z(r>1!zu(xAph9N63Jv;6FhVp!_soFoe=4MIJi9hH3A&TS*~|Eb%!+Y7uqmlF zfrEL2tl0SF$t`gECJpq(U;M0S?WWL(4Ke=&=j*S|am-$M6=BNaH ziYhy8x#fPz%Z+PakKXdA=-Qv{4%#k(~D;Kihl^dd^(AtH1G+os2i(>+FsojFR5)XD435wbXzI0L@LEhFePBq56tDMIOnES=L8H3pBj%0*V2 zvugo}ynbb_V;l&rlays6hgG4n|HIK9)xUSMC3=0aFHZxmbCN0q-}Y8F7zj2m<@IWB zha!8lU*5BKaykWQSeLzpjqIFo?qFqTv3Kjv7999}AJyf+>20yDRO?jf83o|fS~$ds zN7=Y04}fb}xMAEr^5r$B&yO09IW##MBcnvwU1AChWO6(YOIO) zOi?>Pb$O&Jtb6Vt*wit-pYNZnyUroLtJE5(3Zwy+3@1AogWxmwQeUmexVu~HFBiBj zR7Cz0UQCFozQ631O6pJ}dZq#=jBBC%u`I+iI%quEk*Zh{tG(aHOvv-tg{p)y`J<7$tR56O+B;{cMX=X4gywam^V}*$qrp zN=i-b_^Ng{9AvhL!%YedsC}{1|%0{wQ?xt2R5}_ zTz%sjPAV)4Hh@GB-K_xKwXpF)N`YgATL?OB+iPRFqcZNXtXS1JKx=$bChW(vNevK? zqVR}3aXRa4?+=cfxeCyijz2cPT&fDUFI~_j@CU6{u4HwYP+TB6?vy-i2dvi6yodiz z_j8AEPLp-{FS0h7IMtj`9X#NT4rPYE;&>S$rjp!dvv}NJ;;e&gWfR29RA(8mFe? zq^SX|pmaMMfArj~M~(coEy0*^7zRgn4ia)g(_Xh&L7{-nJEl{|{Bicii#|$QK}5P~ z)-%wRf3Yr*R=DE1DJaIN+xi;Q77A}q`M#I~V?1$b9lAc*odQL3^J_e?=b;j4>VXA- zWTF)|Q6A8!5I@=ktH#SS)4_U6k6E=tQS*=Y;mOsTVDi2btIwqZeAE}b!}XgP3FkyF z?sS`0M+jh+Axl zF(8PC+-;22Vu_qjyy|IdVgv zxd|3ID!>IMcX5rmY!sA0o;*G9T)&`5Sz^j`3-vjWns%Z=^Rl(Y(tHKcqT$nUMN@*@ zVb$u|mq)?3$cLkDbM-=Jfc%x7&%l27X|$M5O&@S7ksoUULY5XIj5+OKH8f9^s+|Wt zSTb|wH&l@!*}s?@JE*-a5czM-(e>tMD$+Cr^SI&jwsn|gMlWcr?T}kBnxAg%l=_NG+J7OG@6?Dm};9X4SA23JVLB$kBP} zlba>LpZBnfDQZo>u0*$n0eyq4@0P4E^f(F)+#3It+@_8_dG2yD&XEhv5*_hRV$T8b zmekt_!H#7Bwd8YA@IVm2tuHUz)t|;j=qa8x-gMn##1we;Dw$i6Cpaxh`ALZ zFwmlU$cr-rpLbLgx4t=FOJ5?2(x1N?tKWeO|CalBV!jJV*;pL*2n`lib?f^-zc4`i z2O+7Kq#ZXUFxNV3cslQT{qi2cG7R-LaxKhW)J8BoJ3aZU51P-uB$sb{ZJ@9Qj(*o$ z623TOw>)XEc4IUIWew!-47XxzAw>&tUIdUQV~67wHb}7WjdQO$I-BxSr2^_0D~7)U zG>nDn{*YS5jsGzIRwunA(!bQd@W+Z}e6Ph|_SfCTaR8 z`~tf+IJ$e2*d_Dcn8ZXY5GiH9(VHW;BfiB(iHsgBY_DGXk1WTK(F@V+pjP{OM3_VZ z&;ZY&T+Fz*Ynn+UqRYcn?z#ywtpX`R*6Qx`j(`fx32YxY#y{Wii9h|5qECZ|%Yj$b zcV^xIaL&NKg?bszcjCw^m9OgwJg|(aS_YzQy5UMaUn6YJvq9nfr^gNg01qE2rI7v4 z0X4Rt(1`o;kt*Tb<AFE$_BXW>(f7}i#O}$Y1z>r<#Tnrq-t)L$EYbFVEh+VgI`RkezvL*AaQ&!j>^&=-IGx2p1WbBUA4*%bK5K+pNb%vKfSVkGZHnpQ)CLnHDye>D zLxpG-vThB}_Htd3Lq{~(J3kC^%dHc4{M)UIprE|58+TP0d8)0 z1MC_cV_w*-$AFDm&hq3c1|%+A7uWlFuK#7;p03(D?KH$ z3tku(QB>6pvdsp}^b*p^sb<*EJPfc&W0mG==e-jivOH#pTzy?YLez6Q34Pa{7D9u1 z^}f3{5mwPO-ClY|zT&(`c7m}{Yz+7Hag96AW5V-d&GikhN$pp%UK@};AP94{*&~*F zpB3w_b2Yi4pxtT^$hbkdE|$BootmjH%hNFk7ijaHL8HhewnTv1>L!dq0disLcB;a? z{i2*QgU^8H2jIma*gHQ^%#6pGW^4D@O#!@?)Bjr9_>`XMhKlZ8IYRf&E;t^{8_%o;t_gg!b-I;5e-x!=3xK%nAT zCrA#Zx4XE5$Iszc72*SnY%pqPk$h8n5k3M2#*3puO>qJK!R@Dt)0l5#^#vsm8=_t7 z1E{$E(ky-agXi92IV&b;z-(J0b?e#)63Xz*__x*V*B}UY3Aabp4g8#Q^dl~{4Bldkdf_l6> zf1e-9wOHE@FOiLyJ~fM&@Bt)WQl(J~aZB?ns*_pB7(n9qPIQ->7QFr7(W4dKe*doC z&4kK|W|r)+ghk1)ixC#eOp3W4QSRZdP3aeA4-A1L-b}Hp0YzMx8S~+&s1)>&r|T9z zyS4vz`A$u#d+(djYW@UQy_f8=?MN0$vVnuo1R6^ZxHt}iex|y2sY5Tg1k@KooH1B! zaVXNq2jxKXuC8)Z!{e*7BYG}x&(MB1<}0n9NBfacR-q2v%Pz0NE|-gh+(=8hXs$z5 z1A0v$buCeK0mlrRlo7W1*%n)!SKhI5h}aFN+xk<{s`X2vuQi0ZSD!^k!2TwB{0jWs zD@o;B1vKnfj}ee@q0Jg7PGCnMdJ%72+#FZcWzf@SEN>W_L@;rKPVBP&dVy7IvgW>1_ewYk}oDY>?bf-)=rJFIHBTN~}xbh0xw;Bm(a1Xp3`Zvq0mUEf5qZ)H8 zUEhKBqB_!=B^-n@E8K~aoP&~VbwVeqs3@SL&B!T!M{YWw`VkD|N>qJF3Ym^rTZUD+ zs-!vB_r@Rzu>!@W%afg%$}TM`xl-TqjDwm>l`I{D+5S&_%!Mqa0S7a_(yt+8ww;A2 z8Y!Z47%vkyo2-tEtI3WJ}s*R+J zNA)#W%MHN*B~ieUDVzQBW4}0%WTVJ&fDEc)&`of3b?=W)kt>F>kt3$MqJMXfxgU;B z@W&F!;m-l($!jl9!zd+;3_Wr#J zU4R!r^*q(ko#uB^D;jL&e} zO$3NdCrWJ!1auYDr$F;)LmgTQ3Y1MZzAe0o0H-T{9g zM)RU7B*lp5!rya7YW?Xp>~?GY*{A4cH^7i|0EZ%UItTH_4`s`KMG}5ck{y27-&v$u z!uwAI6zB?EGc{A6^LUNqpuA3TaWJ9 zxUb%*$LECl1f;gPyRWK40BaYGk@vLm##C5MT7~ymeI7%UncwWe`$B*dk+3xKItXB3 z+W|bqb#&gB{!JKG-BrP}r93Y<3{e9Z|4IQleN8+|8=9fpPgSgDufmWec5Jim9h9pQ zfvXo1`F4jnwPyOShkN1QK`(6;OQw+=dP8V*$o|!fr^BYg3ZYw3}#mKz< z)m1Uf8NWhjjSQTj3+wM+^G$2iGl3Lr7K}qCv~V)wE7DJ89LpWzfNUP!we`Q|4Un*j z@7{ej?%x$iQH|=FAL~MKq$znKS7rV`F8B6D{=^o^ht4<#cUDq;w!-#WKeH7@`7GA- z@eA*MP4hLzxYSQCt$dDNtN2+_Ts5}EBc}eyo?9;Z+%LC#F z@a`)raqU@!72Z1laOdNhve)`&K;9TOuUne20yxH$-VMpHo^xnC`i~d+1?)^w;#mBtvB-^H90IyyM%i zdO0r#BITsn`>9vWT;|mcJ{rKZ-nBR#Kp1pt_pJ&NqjKz^*4|6MJPMz9KixvN20SBQ z{bK&tH-V$>m)yS!PONp`opj(PiHTL~V=UMbfq~6+4ySpMPdgC&5LiRZWkTd!kL%t- z5g#{Kap<_?4O^UjOMhWA0$o4cX$Cue@)Hw1rB}g^HWej=VBAE0|x*^5P9Trb0*IW}yvAkJ(dV&f6*CZiT{O zV>#4G`lt}jpP`pg4`{!k=<)QO4MMv)(g4Wg8+aWd!p;hL(?k853-w(qcGZbZw#8lc zyn8?$tN>C#nhW^+8Q8;Z1CFs#k&!-`MyRM2UN83qr;Z%54MSAHG+5_o(+7-kZW%0p z%_99WwmanufG1icJkN}{Y<#h2@!j)2JW+ca;Ie8zXAp#G7?rCz zRKg_16nr6_rjM|B#MiCHmYZ(IM!aPqOJCETql=Pzn78n%8$5S`GgO$MpM$j>rz%N9 z*}9`|G`@mv1kej;s)?_f7{GDnIGCLWOM-I+K^bM7d{un*1`b0xa1{pjABhginnNd~ z_V*4zk7CZM?BA5+kcJE5^K{%Ze{k-G>l>cFl2_VZb9dbT83lgY-?(nN((ulO-K$sn zUR5|0z-2FHDR)AKFFvIHm@Z5X4}9jV66UUMfN@rnAZ^U8B|pS)QQ6&=|)#7{t?z;!lidNZYoX@AYmw z?rt7;IB>FBlI`eJm}T1b%Q^DNUJLKq>>s&?lGC93`4UsV!lK&qu60)c88mI_ME7L*IL?v zpvZj^M3$e@`EWa;C zDzS{O;ee*~mFz^1y%ilXz=S(H4Zw?P!&n|X-RZ=DyHzxOfq+y|m{o)A zqaNgv%4*u#KrYNz{U1et&zJhUo4LJ+QOZ!T_RV7h3B;((1lcllWq%@&3yj6ZcW{W& zgWpEKnNvPw-_G^ccqk?9HyVSZl8c*kz?+Swpnbm5J@Di%6Zw;8oV^DVcWT~n(W~PL zUIX|tdI#V*$oCJG!>vMt9w|MJJX#^;k9=BI;WyVvp4H4l)j~qir5cNzeit{?_#s>G zH&^$|493hb8F)nI(rlr3TUky-De9_Nq4z(8`7YXB9|54&ZY8ceb}I}hHR52Rd6|mjeQvm2T$9;x_-$m9w6;&~ z8yTTRek>>1!FlNI=kGoZugG5#X*$DmCKpch-t0t6J3wpwqHi419@6{(Nu*^C2L(3R z0sB&X{j7G4bB!DjnAwIN(=O^tu#(9;HC;}EXnr~o?JbS_ZZo3Ls! z=kxN~+fzFFyv)4{lO0P-!|_+QVbc6s8@dvUa}?=e>}lszP(_aRj&iw}^?&C9d5clpB~a#)VFW zWA0DI-UH{m22#S>B+Vm>Sv}BzwDX*_!AUYdK1N`)yGL$nFR6*wll$Qm%K z;MGQTOa#Qh2Mwrf+W{^2#NHU?N㵊^nHnMDw>Ba9?Tq_iGhf;HJwrPk=}J5Y$_ zylXx&-Bhyo3`<*l3NeWAGVI=RC8BTD$y(_;byJ!5Lw4wMrR{YZ9rT4w2qPYURXz5cDK6E)CJ)@qu+V!#@5!Scg-BUC9MN7lvX0Xp*YNH-=bf1oK6k1w z-`g4)n~_o3A1b9+OpJM%%Td72H1%5%I*(56?d=hiN2o#rd(nr0oe{S*8kypcZF26? zXMZi_`dK=+DW=z`3_jQXOYD+=S=rju{#sl>PaNXf>1cFSfvvHRNfxdNl*L})Wk1c8 zX=jY_CT==f9v{3u6~n$7&^8sz!&FhH7JE@&G0NO)H2JqJF(&C>aeIARiAs_sc%TO; zk7JIudTGkb2I_?JZ)rcRorkDVyOPUwY5I*B?>LuhpD6kG2xF~~x!vh8_!@KDS})Jn z<)&Ni8~*bBVl#QA|EXA@my1dU$np^bJCA1f%z=mm*+*u2Gq@3KvO$)LuzJruH^AclPfdaIASi_5b+q@&p2B@1K3`dMX1YNPD_PCgq0l zgPv_?FiY(FPsGIPoL{S4J!GJm<*Fx*wnIg0W=+qbt`1$TRj^3$@Xw16U@Z zS%Y8n_}Tn-#GHOil9!p3MfE1HH(3?kUTf@{&JaZSRNzB!@JCG9y|nFprf_M>7ngk$ zlydz@xzI~#?+)w(6Db&sprE`-(^!4WTu!z{E_0qbaSlME`X86t?gQpY2lXiAQRGUm z@!c(AGK&8VQXFC^Qd&1Iv11LNOIKaVx}lb-r1jTXQNu)NxYLSWC9d&T$c6S1(J!187?O60CId&x{IvN z0|jY{#|z5xcuuRLg60u-fSjD`Ggl)4u-qxz5gIp|;;vI$QOgiafFz^HH@AbLFKJRW z*#)NxY1kxjD!}7oj%Nw-*W4)R-8kr#ZWviy8>3cWTWjJNlvP;B-oYZX8kLXxfQ=LX zYRqran#A|eu&=Ma{#QGK*ppAFK2luutaO8nr2X;cTm1MGvE(wvbkf9tQc9*1Wlws1+sV z95(nh2q1I=GrFL_mZ)cKUI^j5=T<|CORe0%b#&wS&nU|% za|>NLWvi5VoL~Kyy<_taHR2iVqbr~-Z>6R!iMhNFZqApr(^9?7wvkI>K!j%4)_OS|;%SN~gb=o*;)qux75D__;;3y9w3 z%YpUO|DwC1K<+=jd1q^X2sq5YC>Xs37JmaH1hM zKWbZmRkNMz_9!zTG!pvmf5iw~Svp)cQ_LMtFV4{>NyJ1j+z26>LQcPR?0M6FVzBwC zEwMVaJbJx5)jM$NaGH|u)FOrAVk+{TseDa1BzAqO<=gSzoM@4Ob@5!jK@H^HCA>jh zf1yDe!P~)q2)Rhe7kO(X4!i8MnuvfEOZu5JiJ|oo+dBKmW>vL$RW;n@QeBVo z{kq`xQjpMq688#f!uCcdF1{h#pN)1+g9rL_<*7?e-nLxqRR1JudTzKz`AZu(oR$8pQP|cr*Gq} zWf4<(cL^*g&T@M$NfXaWj5X#Hdg5-&#WTrH-ZHE{oPT)EvZWisw~;kWt`cS?a~3v% z4z2-#+#S#=JW0&hc%*;JgRC+)+Cf*Do2&mYC4l00Etk^8mdwC3K~A5LxZ0&RH{@;W z)c~zcwA8ku-!EyN72y>g46}Cb$L66X4!fsS#Y$t0{ZKaSWRIM%77O_IDep9WXvSIl zevkISC;s^r#kM>AWQ075TP(%EKnG5*vUEQaSG4P{X=vm{QShD{i&A-!e05;co z_*0AN^7MiA{Z$vgBk{#8M<9mrvvo$p~ccVN(M) z{3>Cm^alU5?l1X{yQusCeMSat?5*lgnDqIqTJF6-Q@aQW(9*5`Q`q@3*59)r>qa+m z{i#b~qE-G+us>+MAYm#$HbEZ9APw%)r-h%FMh-uKI|S4Y2dM;4)M-n;kq&#DUdA1; zwbD+$QE|5B+o!k5*zT~ku*nR*=Dly%br<5Ec+C|L>U{@r`vCn|eP)kGO#JTA?&Z|t zgiH%PJaTc`_w)!=7Zd$AHSI=@)+pC{vVfwo%jj)LX}Y0%PIK?8cMeC~Q5<`XaH9BV zjw(b>LjTtz>4VoX{9N$M0&WApY02Pi{!)ExIFMO?Y(8BM@#~`` z7f1|=JTJtiD(O$f#p4+-zKG6GtxZ6T5t-&OCNF>*{euFcL|NE>JV>I z4%7Z6p?Rz@frM;-+VM5ikX9db8cuMe*TUrbX}k!_Q$R8rIY&?btsT2aOHr;BJ%wlh zl3_ZVN-5~mBkeK?Ca*-kWP?$0{=cML%wCexZMl5h6MYKi<9h@QX za42|kn8y@bp>}tX*@gQRIhK9C$evY4<1G}0NBI4wjjfrX^ac)>+>nxqKPxZgWq;z4 zLldOt+V3qp@Q)1WbLd30#ZRAv|2Uz;z7zKSVZE9M1X)W)-{2Iw=jWIERQBv+5=Ht! z%ZD6I6r|(B<|i^@xc=DH+C4|^-?Fbkod!8Fv?y*;1`oAUB}Vk3@6P2!e%#tuY%Pb3 z-GYkQEOF5!fWQd}Hfo5ubBesoe5t3T>~;4Ey)fMY@V!I}nrPk>gEih}4o zoiu2!_Z{DB3rV(C$-70f-IDI-%sN2HkF_uOY_%^|EU^Z>O?Phf66oUeRDP$^c0^HA zw$p>Pt@2*U_WR|xJY-$gySMafN&m*3qLVw8HY*)HPDhy#zXvw5lr+?zU_0C+mj}NN zKJ2QWOlOHTE`;%F0CET@R?W{314E3dJMwLhOhI{yR}}i8B_v6_IB#CL!b9xR?LN68 zfd|v2zF)4yI|mgK-CoKlGPp0pH@rE?3?Y7TeWqx?7^==GF~?q-QkUs+=@!3l@SNvd zRmd|&&I$YPG4Se%ys9jKZ7%u*Z{Dl(tuU(lU2{5*%Vesev2{ol7r|QN{Fku$yz!ie zBTevj~v{a`D35~8e{o>$27SLQy!pIN?O^+i!?5U%}nG(oe`yJm_# zC3q05f;ZZUY7*2G${HdrB8*u*JWQ)GDAxFPU!u6{P$KbH=p|DB!znR978gM5}zaOg7dj+rhB=(|B z*TwlW2Z+Buz25)YXuPsRO-K3qLtoTfL86s5=O`7M$Jr$SQH}DvXZ3Kv89i!sb22Vd{+gr25avN zpIVU97m!o1LA;mb%d`nM!^8(M6 z?#!Cnfo~cvxiiCq(`ufNp&+bE7*$sDs4)>a4O(t~U@8UF7FU^<(!z&F*A0dLdWV>q z{ioG5Qs*kiKU9uKwx*n2Rau;rBeq7k%=zEz?Kb!l$4pU$NUrCvdFXM6b+kQNCPRGt zUmN9rP|kjMf{gJ`{kF=dd#6skSUP;8+_78s!+aN5d68e~1^k&%H{zl!d?5bA<;@b& zXK%j$Pj#!G$oZl=*diH`SOr^fxB+1`sk zhwj$%XJ@q4xT`=N)-XC8$V<`6HdmWjEtms*3vyjWN`LYSg9isvG~Gw%(PKgu2QLdt zZ(@4RfEAf3GkCM2?)=#P)?)cVP&qV<%|;qnqxjYl0fZc^#(GY44hb|LV8{(Fpc>n9 zcC(s_?S?%PnTbFq@2arkeV2bjIJ-NBi|I)l#xM>$6@~$ zdv6{NW&i#UYf(|sT}lWoND0}qE2QkQWu3~tuVWvStrE(bU1Z;vv5aLx5n}9v!PvLK zV3@%ep11q{+~4Ino`0VIe#dh>*FVKLX0ExG_jR7H^R*N~EsG`XSPgOgC8le|c5eAi zfOox8sTKvLrLtDeUpccrv(nlDr7BL~K(oWwr(s2=FDUAy$`amxR2JsvfO$AXnLune(Ze7e?gj;@DVahN!Ph$-S&fQoVB4;X zhG<{|3Q+SCjQ#V(9i4P-2!?FB9lZk8?jwCZc!}rS+Zji=)!Z$`&S7HsJMdlgCE62{ z#z3MnH6XhwX8$w2bj6TgB0Z^oscacnWJHo$|80V3gaCR)-F`u#IbbJ=+~E|~KU3E; zD!cWL(EXXuCp3Ud`;z&2R#WG0_^_arL~Y+4ckAb@7hi;tj}~Q*EJDNWFZxIUXC~GT3DS|*U6K+PHFvBA@6Tp`n0O$6QfwCV$9-^-uFHUH9j9-? zSy)`1)MzzeSo`Yj0TJWmI`TTKV+d_*B$5ln2G)x z@mPs8us07H3puL1^M6Z?Gj7^&9z?6~eF3*|Zbw+3nJv}LBLNY)*1vTHflsDGM*`O1 z=(&$PCDs)np&;iB)fU7I!}cGGznk(v)A_HK<9jX;J*d(hbL9WC{eQ&l@Bh&+^ZuHi zNX_3$2+iN|hda5agC1{^DY}g5C@a2BlmC(!J<|Y3OHldrIi<`6kG~HKt-%k7!fm-z z|0*|pj%8t5w}1R&zX0@c=*fY6Lz!c?_B`m?1;}NlcH$7{ z6d?Q=&S*U4`rHdl zpwpx=O<3y|fcrX*=^?<`k;q21GLVA33z*a*DAICnjH*E?yr>H>|38n7*ST3>Vf*@U z_6zKys)xI?^uBfrRg>FDLpOi1LjlWzlgukxj%+I^^)^Tm-G+t+s(1*X6|%OR>LuMficJNc0Zz;7@`20c=a z`knFi)ckrqUXbQYWSbb)FXo2Oob}#nWj=7|161^5fe`>Ul8k}B$qOwluRHyJs|cA( zhJ0y{xwy-vNN zJbU@~xEo4(KKP1y?5l^?crD&!A}6bs0t<1{kDyjJbwHS(Pk>a^+{Dc7SNFGJ0a5=c z0GG9nnX+^ByGK>#-FvW#txle<_XDWUY0|!l6{a`>?g(S z{78Z+Ge4TLC=2x%!wuT%o4SPfQJ~$T=an$>lQ5Er_}=%JxsmDCer0B=Et(w$uuNpw zQ~}MB2b;(G_-Op)YkV(nA}PdVUfpDAE04~3H%pZ1>)&Rn@-M??+^Sk#lO1ZxIR_Vd zB-cMrcw)QVO_x);5NuyGU%a^8&gPlYKv?%($SmjM5%#He!B4{G@&(MyXTEF9BXCX+ zJ5F>|*g*Qf3G>%)Ultl%l;yi|58pr#)n+o!H^u@tl%vKAQrnlr56T{I0i_iBlWG=S zOGgr!Y@X~;{iS}r$q3Nr{utYdGhsddzu!@xHwUcb>evj{#}XW-_p!ftdSwr5d*d$)zm~f~djm$78cGFqqq`<&W--w8 zUEVfSTUG4cY77pe42r#chl;=c-n-i|TU9&iwxI_LN#nZseG- z`_jW@;Qi33J4e~2EdEI}Q=ww`=VUCKE8hMAT-{GP^j+4{-b$~6y62QamB{3rV?SKa9#<70%A3v#OV3A6d%I=MEsDWn(&v_p)@)_SG z*jphlmZITyHOyJ({6wtOBPt)pT%oDPc+|(beYN{_bj+5xbC&(qL_Jg_0SF9Ug}M); zRTK2~j}No>`p9$z5W*c_4+9ux`Iwt+QSAIyDgKDnCQOOQ>NNT;tzfCy3ixg{=|VDgtx`gtbiWx^K@%yB3TM3T0Cst#ZSyCMIfw0ZjEm5 zaH*$QFKl|?i%IH|!2T=hGe8oHdr&1cjX+ws(6oOYR^)g#Ro@7k<*TtSXwk_){++b# zEpsq+ipjf~+A_74Y*$3+Se~_&l-GA6G=(0z9NQ&N>8)X4Q zFt9@B3%eux(f(T>?#_L`qLF8qzRz}s-6hyKU?Sj;X3S3C>_S0dNs*69qtxc^EO9v4 zeLbr~gp99&46XSDz*5#vA^5%6aXlF}f12j9F@WYx>XuoRPIFKDGgfVJ-!XaTKO_a9 zW+Ks%Ko2s1tzH*XM-#|C>x`*B(rEkZfHw=2GMG~`tDOMb z?o(RuSA!QfxKph5VP93z5p0#DaafH(E`on$cE_;GXMD+O&`d6Y9dH^F2}9udQiq0O z&ET-~?-HVRlBQrO>t-emn9TtKtyoR=n1&8ldmfw9Isp;xh&RulB-oWUS~{s|AaHej ziEOzMqq4S=7iIT$XRjXS0+JA}5$B+`iPV%umU!X`OQcBuBh@6~js{s^{G%3d9^k`z&8&ApDLCGzd0rRk=j&FZZMFp?8Spu z%}<5(INs;Iyrg;WV@RGH!(+{It#=J%S+|uFs(p>)~TL+;xsh1-K42X+-jI*%JS{gmjtK zh5mS<^3f!Wn&EkuMs=b zZ*qy>2=T|*w|gi@18>*8I$G)AaFWia$R((h-Q0h(np4|Q$wXo0T}1%0X`#4gQkX}- zAlhRu)DkfrifB2BAf|A9PcgE-uWvl2KC;N#jPMHc? zKMrTY`6?Jcmo^BBzc%nGIzLfjB7xcYQ-x|ry}@Nra(4Rtjp07fwiB^_kvwZx8l9GU zZ&?l(8EkG1N^rjv0R*i|^N!1sd{;ReZn*b8ZmzsM{gavcyljdXzn9)^sctj`X3?}~ z*}4UoZohwh@PDCO;XVBC*bd8CKT0wj$O()6Kp_0s;Twi0Rq zeIblVo@Vnm6d$jemOCsR)F4OQo~Pf6lreJexz{_!DT;S4e6R&%s7V0Mf3Uol@3L$w zH-86>gQ1qUvy2owncuCo_a@V z(k^IY8ZTTtKqqz~QgwlQ(DPf5Y--s3Qvovj<9&-LMMe*yQ*UsafT=pN2`Ukedk5ts zBJryMKTa&591iWPM=~p5rrav=_RlUs{f!d59P;N*$d-G6azKDmTHiCi9ThNwePd*= zRf`d|712T(j63n#Od#OPgUiOg5Ux09mB{cn1Ve;yxr)+JQ$%oXpLCkydB!uSPmPWf zW>L~XR{NCdHn6&6h&RF{eb-hYvP+~dCFLk7LaFEnL6e&S``eyxFhhN&JaxynX0YboGN{?RId6yeV)p>INZvV=hwMPX$dZ%K6EVo?^|>1k-@LvCtXmxR!2i_<Oq^vRJon(^k?fT&#KvkRJx>7 z3G9LIT4T*9C?Fl&jw1QEOn6mIjPHN>(f6x>&ydyRD>qd}GGYD6t&fi1=|7nGA+HX; zRC_u)QXroAsiKuVV70u6PjEtlh{u-dP;o=X7Lv^vmHp8)qb~wA9=GXWc=1h=6K9}9 z1#hz`;(ohjv3T9KT1cVj$CK=aXVsD;L3CsKGv&xJ=#U{Mu zn~Bg}zZd734rMd}pUt`O72wPrUY8OQ^;#V)(Cy-yvcI70sP!~JP&so0g|CQTIT)r3 zZEuq`yx+l*PPk(PoSdtege=`#x~0_1&oh+hNj<@QNq1R=TKXi#H{*YE=-}TW^fei0+55g0A1xisLNt3?d zc8uQe0Issh%5nFp&9-ufeUe1%u1WC-_!7@%%U}m@M`3H$1ln)d$qET-<+=9EOLZ&c zU=#L@`|ILAUH<9r*028?|0Fd)f?m7N=?j<(I1Vb@r=sfQq3~()dcn|zznUvi>z53C zWm#ya@Cds%4oBi{3mkr=`xyl;P3Zyq-dTRKc1*Ko$PWkDRYV)EAD%o4Bs4(+9U(@p z7d-o}H#yx&S{Tp}b-HP3g68lriZ=@_1d45N7H?%p(3@N*K)=YT- zf7itAE}1oZ59@&|wscIwYApNJZK(M2UWGU9*+)$l4v!0SWKlJgOm`WUV7`&04|?T^ zKJW(&`~O^NMV)H5f0P6qWQ}?vDetT}86DSi8vRGejE{C!hJ`>E+UT&3)hd>-NDdcV zN$_jDg{$e2A^+s(Q)Ikg>px=hllzr`{fM&=WrAs8f=Q_RD|x+AgjsPwilN@iATj5f z37NRot#Sn-DrDIsc;vUwWF$0@OXY&#%7YE@^*zyxVMJ ziehbEeA2LWwjY(mh&$_u06mCOEam}zS6LqDIiUi}{4Sm8wx7tX2 z5R33b)B(=GS8BPDzhO6exv$cyrAeLBPv+kH>^WwoZpeOnyx(6&hx(8>b0Y3cTvDDp z5gQOtsS?55Tsc=E9UtAdIU5<4>{Rz_(%p5t?xC1F;Xz^}ajZ*PWSM!=+BW1gb=t6CXP|dhc@}9i2@zpnwkohfdZsirNt@x9YxkI5XvpXmE%;CMRP~JW%mYygKyTd*`*kHw1%?m2dh1OF6ECc-#R>tzsnI565}2D z=-^x>X>vIRS|P0zCAE?ljM8Go``?a?yoyw$i5n` zQw*%qS&znN)w> zk)z(sEY01NSL}=ONZyN*MJ^jfKV|Q#KGcxf3@)B1e*I*%&i1nt?Y?vtjzI~jTe1p` z8|}8U5x7celH}NC8Nz1@_+i@;Nz)Bp5qMzTz*S{EGBtH(Q$f$fSL$G+l~^8JiVwTc zD1Jy*Mh8d95^EbB)t(Lz*U;EQnL#p?clJnK|MGj={6#|+6L;QRY@*iIC>v!`FEgKi zLOQo18t0MstEXmCU6mG1DXhUJItJvfAe`oYYgwjCkVnuJjq3NdrT^~4U&bXXP+4T) z;ftYM(?53zrIzjEbbiz^7YiW$t940aw3`yF>t0#Lc}?VVHxaSia91l}&cSiI5kXqA z;m>q`U1&*S7Jl@z$`NL}VcQXcYf)rLDm^dRWTPz^C3`SUPrU5`Mq^@NZs6UbXsHv? zWA1*d*q?l0n1J{a08~Dsfko%bRyE-THUay~Ii`(t-9L_Lp`w~OF8-s|6Ju~$X)itC zgD4XPsj`w+D^yE6z)vNXi%9|jRZ=|gZ?xayr(kW6cZR67`f704*L zxO%L!%D%5c$88yy1>Wko3m#C6Nk<^yzznSsB*Sw6cy7Hm)~-2X6Hq1}lL<%{+O*#PgNy zqB)sYDLBTPS0hz{*PicwYEj&ZSC=c(mf%o(LG}UR`2>`mHW;3_*u> z55{yjE-~}|&Z_vL(E;|?rb6Nq7-K=l0I=rZ_0oHBF||h;-6LPcYvs9g2`dBZNwDw) zJ|wZ8`*eh@t}C-0Ui-yaSf-GDR;c-^*pI)I*qEev_SU}pcScEUos(R08H7U&v;&Dv zWW35t4^$Ul6eU#rfmb{e{N`up^gBch7XDxXTO+N0@khu^GsTpuqA-IK!tjxiV0vY{!zV zZ+rJ2mQrowoK!23sf39%v>6hA;1G^j{7z=KeO~lnzLFLBs|OA}QaPX)+k`6`{lS951C9`PNLRMljcpv`@>d493>+ zJv2G_HqSCU>A9!-6;r}azQ#mo7+dtiywJd`@H9LUbBW`;B%-5lGkIOTJ4wWhQE4a0 ziZj0ScTtC+g*qxR`Q@y^iEvdXb#AKM@QnZpj!EdvuJb^#k^Vr*8pNJ`x(V3XH^)0w zGjMF%>D_-nTD81MGf!I7HoB`ynD}_rvbdtf%wk!Lj=P=B2tl+?Z6t|?u_ayqxoN|; z{zk|B1TdLoIa$~P2JY#--y2U(lnnbaP*2AGoIaVxY&)2zWlL$`nl zf>~6#wk{J@xK^XVX1wh*^WpOOOj|CzsV^zGX$oo&tIn7s=y#2{w6m_6^=%%Ky7P|%eZzbuh!SL0ZYUu}WD&B30cjpf4W zsnPheN~Bzo;wd*;n{cHKwp2#GX7jc8dxBFaHmVUl_Ldz+)(j*4jsN@`G7jaw8bgu&P6ACqnFP9?U3)*ZJ($yxWc{$Gbgb^XV8QlDVukAd!wx^>S_U$O`$Gg{bQbXe}sra2KMJ5j#3-4_t+Ab?d-f3S4qyJN2ln$ zd3*UnOJz%r2^E-a%Fy*bomym%Z#SDzX*SK z*SBE4=xlqWP(T!A0b1<5EEZWpY8&@NI&^g8VyOz?rh0?4ecBq1)|RH|_XWJ^Dm>?C z*9+l~l+g1lmsL-^@x(rj6WNy3i+iMiG#iqbC@shRQ7pH6p=2V1u-n~m%2Ks%lKmCW zqG+)aeZdcrpwqao-duUG>@$YM&VgoDi*zk>U0jhe$y?=DE#IC{a<&zT$NDkn~tS(c;V zndkrH=+{{`=fGm7+VW+tdfPomRYZATE(uO-QD$h+J+eU|H!|0byyo)yJfxzv`vW0` z?q+?8TOw#;wc2kb>XyN%Oj~VP5DK)(RX5NVL66Lrqh8l5IcO$|@Rh(XK;hH2c7B_C zjG}vOrP;o}Z-psLDx7%HN2d!7altv%B*Tc$?fV`BNXNnGcW?Jgbc*#Yhjp+DkZrnTej0n??2YSA?;x=ZCCsCB!(a96T>L9a4b8W&=nf@) zHN)iU$J`ZsWnsD9-cbDqo#Me;GT4n5OLci@})7Wl08gS0g16eqrc;_<}6 z2P!rN`RbsX{Si>eerDwC2cds?7kpDo9(b3pq8;x(vNBZIUD5mN4?ZB>;7JSK3^NP) zo%g}RLN_<_d@>`%@0S1TVnL>d&Yx{Y3*y#te(-1c>0uPTtj;UkC-)w8&6_ zZaC@A;=!f*b4PoN{c6F5@nv>rBtP1+keetTi3V5tst|3(CiSly93R>1|EO@LbunJH z?4u4KCwtq>bS(hZhG?;d^pHJ#C^YF7Leqa{vt6j^ncf;LvigJVYhXcj5`(T?t;hOT z=hPs^oZ%wwJ^ArP(PvUN#DfQq*Maa2(Ip`-wN)YB)fy-eFlk2kA2mu~lZ9>Gu(8Tc z0<_~wHQp0B#OS@8o$!ZjDwG}a8Nc}2i@al?6VJ=Yk;U>0%um`0iW1_slNwo&p7aH2aq#VRYiP6N>TX-CJpN~b2PX1))_f#^UfF7 z`Btx41siLx6fp2H{X^TSgU_wXFH@$=Gy?Kj*U|W3+`HZr2Q)1`$ks4Jb#{^k{Ow; zwp_ztqA+(SosiYgE55?+neM-zpNNP5nX#^~f<;bV8H)JuE^Vbv5mqL%ITuq+qo1#iYQnq!1Z8VcbANPni z*$ljBo-)psP=a6J?dppdPXKtgf605tGwfckW=NhAArBVqV~0o#(Bd42oUCxCmo*|*@oRb<8| z16wpu+3c+exc~l~f>7wkbIJZC$1B(*NiiY6M7oSiUq{Z1n*{ZIG^xbZAeSiq=_KW0 zQrF|Fx3=rK(AbduiK1an7(z6F0!PmxAr_^L#7IwRgJ%GdioW780Yy(4e8}@vU$MM} ziNDWqiG+U4>(_mh_nlnM9Wus`KR54(M6Ai)Kp>4nnlJ%WrD`eNch;dZk^FxZJrV(`ov;~!7E`FVCl zEdMNd6*rrw1ssYKez($NSg3rC&X%9gN)EgDy!HpcBe9vOSWbmLSsN9>m&pw29oOTr=Xxxq{=1_pD(p1e?AJ-NeC$9#U<8H^+p+3-<65yrqMD z?KSyok!$V;I4NgS81$n_Xl>G=?Td!>bWx6zOKpRTk4en;7foyj%c3gdI?AicttDGw zjJrKw+ zlOD1^zQ3Hyu9AxJx4UOiURpts(jgG{|9Dh2iA_3Z)q%mUJuhFM-{8UWgy+On_PY|Y z&@>4{e8OGzPxj>;S61909h^Peo|7LE>Kuy-$brVm(cKF-h6E#}iM6|kCCk+PWazec z%9@p(%)IflI)BJQ)+=nt*&ClXSe_L>-Cmw(PxCzV{1Dlid$gwkto1@+XQ<>9vxY}9 zZTah8Z}Di`3sE8g{$%Qg#q1ZmcXf+l@OmNwvTuHFjED>u5=Hv(FiO0ZE1XPMgzYJy zIf@z~?SBq9XpOuw!M>}4sV0(~3ZJ`X9l}D%NvU2>tNySvZW%z+_nz z#rI+T`o2=7l{38pd;`k6BK)ZKaf{PSN{KXRslgf@I^kc>t3vH+a_OZ-0aiTmK=g)y z-`B=!-8~#>=oo?mc1d)myx*=B$KHTggBzj*)vC6POB)zD%U*TD!69nh_d?U_G74+* zr;_I$=XJk(AJ#3}zbRk%<~`wg1f%(I?=>jz59uRJAfvDMoQWu_3r`29?xJD|!2 z6aU^IDyKDjwVKi05`Z>_H?1ZR6ptH7vINz@u?rDuDlyXh-bKJCT=ee zU?xX;LtJy+P-@RQdm|zMapfoZ<)DP9lYb^)ubNtp_S1npp>k}dVpp)?0^+Tp^;F<4 z!qokBO)O(oCdCI>@88`vDLp?jfT^kM8uqJ_IrKBEadZF}jO^kKVU@dJ5FrL}zX0DO zIf|ve#rt4Oa0$=&l4$(uI5l>>B^VsHUafhCw+}=DJaRB znBwBqrG+K$#Z>mAPs5wVa+}nP=~iIMYh6FFKmH<-e8PO-;)%Z`m&S~??gQsZ{o)o zO47!&yK7RW44&)L@{Ja6z79)-kw)8PdK9Y{^Bnc+e>BQq$8pLRHKXOK(~I|F-DGHY zV2M%30M9Cr1vUgzb|-x+SG^Yl5|$2_gsn5weuAD5z^3r@b3C>oJ*3fhC{=Wc$qe%C z4rZ@PG(Z&i8JJ5oYoKXYuzuhjs!(EQpncHhJw}cLN6nC+1c<*l+xPBR|JGXC8?-0+ zAx+~lM0|4|lqbO}!)6@51X85pdQWB!WGbHbZN$}LL+*-7Hk&HtJ z%8bN}4)lfo8umhME2VB7NN5Ul%PC~xcraK2G2(a}(P*p-!%CSA~>1*Woz#<{UW z|6r;kvGodpSciItImK^DU$uo6wGI|guocUj_aAI7|f{Vc^~rln#5iDNwV?fubb-+rt)AI>aATPzNUE_Yd%)v}#A6+ft~m`P)}R-o&|WkLWk=X>cT@_j5yp1N^oFS>(B-ez*!XR_j;sQ->%@Z1(q zI*YoT@1b7uK_Yrhya4rRD2X_8iX#F<_1c$tnn@CCXD>&iEk@RA5&>D78YLK0bTSMwAUnR5k~J5Y zhvk*jDYiXBhnPH^{FAUwFXEU2?7m9eK)9`0f`J~u#*2@10j*)nRH^b9yxG=rXD^Ts zyVzW*uwOh{=f*ftVnTkUTJ>Z-;UVkUM)LLtR+SH=eOf60tps0g(8I`;-vgn=9VZjC zx(_5f74+T4o17ySA5!b{0oOA<%aE*bocWu(T?|ON<)uBI1 zw>30E8AiXn2X2?)lny<UgG6MR>-q~vAL!KU_b?McermU%&CQp&z zQY=(0<8)vgR4a`{qNnhrIY3dZ>wtLp2f+gM(hvH+m${>gC}`>$)ZD#&lbgQXBz4-;5w z9igZG@`B0nwP_NL^XWJ$E^+83axWho?GsfnA_*s_7>zf?gmyz&)~a!o{nWhECn=%_ zMvFbfuWEM_)_UQgks_3MdW}-I>Eme~5|U+jt!qvq`vLx+ru%z;(oo^dT2$S_)HWn& zAMF~nKVI-x0h}f_4%l>#yCb)wy=TG zeU_P9fNKwx5Hh&(}CUWCa2~?$rt4gGyPTi|Bj{8^jl)4QY-`>j+Q?H-{wGZ+I1h! zP|XLw>rXHpn@9n39GPUXlmGoeb^q+X{&BSsCQTX_x^DCYCE`C)HoXA6DaCk=;DSc> z&97;xl9Q5hoF)%A2vZ~F3n`JT4hy$j+dXgna}cO99`ybF@l;d>nRbEW;6NY05csF} zKfnFw&)(kw%C`U70&hRL{a-(T|0o9kFNwg%b07Zas|IWEkq=j+y)IT7^ob}VFR9+Dao6mdJ zzpE_8TMR0rjwS6L-nnK^<_oqazE+LPzy`lQT~SglYQ=|0c#~=1hHm7t5T}xEFs6R*3^L^6ac|m5rO>L#X97|GI}> z!CQ`-Gm4-b2m&b-(02k?6FM_Lb7Qv5%>215Dj&cOWdLI#ACRIR=6KZwUl(&<9viB1 zLW^3w0OwWC;P!u=p}>>2eVN&6Qoe3uRj)ww_m4Kk|6C_>H^(F7YMG#D`)xo{b~5$Z zR2-PgyR+tA(w6Hxk*-t%928)NhtZrW_Co!R{vE^jjB&yRG`0bT0Y(#26TaiSI^FtV zH6o)`B~FfFsgqeGiFK$$=^3>vlWp8u-7aK{sbMGJR%p3CE}k<=qo%@(NpO^IvAANI zc12{ON^G)hR%b!I*4w4sLEmd~xl^lUpmwiz)8Al8#36UKdX%n%m}~x`dbx+wh0rH~ zSdQV2~aU z?cu{JRi!P9S~=|=vF4b`?cJPa22NZiMfBBF#xBk|t?~ZEU^Ggq8B{qo{q= zX!{!JbPEf4vhjF@`-5daWs*TYH0|MZ{%-loWTC?+iE2^KV%#Stq1DBwg953aI&b=Y zGWHmqZ!QGuSK_}*p^g_|=EIMCcM$h)y~=upYo=o!`SA*IGh@U=WH%Hy++Ap6 zO)aKjKPe@n!7KmPXQ)N5Oh})0u5K#z-A`#BVikNCNMy0Wo3!_NK3~0fy~KFW?1_QR z81Br4vJ;~~Y(MI9TrwrKdz`R(K5SgQFj}siJ7wTX8=e2O;+?s_fnDR(OFD8Q>4C2X zeU^4LPliUGRqE0fS5KFb_P1AHRVuN!9V)O$x8fOaO_3&_(r(=ES*V?jtU)Q_mWWn@ zd@u81#n7w8Jtk(^(nJH>=UWEHB;2Gb}C`l_Vy~`h!)%!{ELf z>v;*TgIPr!pa*fD4@PCFMy{EUyY$yMA%h*z;zf&&ChjTwWbpdVfD7xz;4om!k~qWe z*)dnKR>#LRSpCwX`* zfRM}i_xW(uQ0L~LR&SBZY+LnHXTG-&8)eZs-xS}f>KBfV+T^CLdQnTdWsjj{#59Hw z#Iq%YTXS`nQyZH*9xKb*pa&a>a&RG z2iMa+*-r1nBn#u6N*I1(z;qcDq}#x=_KUrd&{cJgjXJrscbl~4d(8r3d3Bp*Is|uN zNVlwkHm1a$Hj!gGlD^o@OR~x#GP$HzkXK3H7o(O?@&T$epBI>oBS>QoH(+&XDv4}S zV`6;VYbWtOrO_P5Pl8oaoC!M4FKI4!t6L{&dW;R{tuqUXS7&jbkneg9=QU)cF3O6W zFmGPX+v%7y{_@1$H>aypuQsKMB2g-oJu5juw6|YTe%!rVh&jm#%{w1t+{1}(d5bvP z>-k)UHwDxiA0z%#LIj@Fy!3(+W}RhD6*-rx^eVpj=ijOu8=ODrwT97E zwj-+LF}Z6Gf>mQayZ{$IyNT!Jm84rnKFA)sR6=HOpxTqgJH-v?b@Z$GuauxV+S z-9ngJ>V5&`sJAuBKDsG|kWZanoX1sr_4^A42mPQCY6XH#j_jWyW_3LwNt1|eV{_)~ zsv@a8$q)7GrQ__o`si;LJTOkDBw7zF2(!G@-THX)>*%lo-(X$rC%b-Af>tGI<+2>6 za1(BauAUtnZ^Zs=jBHo!9POAJiHz>>SBCQ?KDc8v>PTLg0;W^&_8*Pqv%sJ);<-gW zD&2jXwKv;NU&v)fMI60^mWs9h&cVUCWNixWxKU78{=Ml~({kN&el(p=lWnWPvy^q% zmbFhue|97@iQ>_nkig04M|bw2$*b}QwU#5W>6|{3UQzTyd5o6O2JOf0WHJ8hm5(cA z`UqcEb~kL0c1KD(aC~Q5?o9_Bp}pywJ|*)@lZ@&~?+q=#cD__wwMzc^1y>h)FX5aZ z2pN&ImYx6}`$yAZ>|<*?LCYmqPbB2UsB?ieUX`d_0PPdpPRi-f-4(iraX_`@JbT!? zRTa<*-!$>O6!Ll9&$G+5-SmFRha-SB&Fg~Ev^EdB)^k8@rON-eyu9BKnJO`Q1bXu4 z=SK4Ms!p1&LzNz9ILqlaE6K_MjM{&i%K6(p=b>s7OmI@JMWcN;nxBWa1`ztIx$2S< z8L3x{v4rV`@}X6~9N0*h&7omr{35z)=wQ&wKPpYy?V|AAf&D@4wZn_-?1njZPaqgf zom;|-?zeWVVRZEqgT?y%*R@-yX>?mhT`*H!RX18KR!+wIl%7vQ+^l4u(l2xSxiL+H z$u``vwFN|OMDy1_7QTEIDvOh#oOyU;P^Q@R*0U7E03l+KuI{XLP0|{ z+o&1M+G+?w9JCU1B(B|nU0fz`8_c{ABtbH(W3q1shV2& zzLJyI(k&0owShdYysM{QJbVTdvy-469V|k;3t34vnH6TIel1c`WHWlWZ#{aqMxyQ& z#WF0P-+SnXheh`M{r61kZpQQ9xmK>$4!ApNc5fKJ`x6S1{QO}$n}wd zj0!NM)qLU&=(Wi`oC0~*{B~>cm>P)G+nX$-X)2?x@GM=jDSRWqJ+qAwH^30BNr6H5x&ag{Z5npz^00&8xE9 zDcET?tMrF;$Wzc|;3V&sd8`>~np?}|k_balo4+L}zbOhpf^dsrx?(0?r)gC?j z2|KH!Q=ltl-79C5ES`MxxXKRv$bZc@fGEK*=X}CmjN3V%YGL8o!>QGzOuy?izb4qaZeR9el>Cf^HP>j((>UlD%cP)qQy& zPwS30kaD~N;p2$ke$J~S!7j;3!-}|{)Xr5AaMW0pc=z8NWiZa8ZDWXxZ2uL0?JP<( zpe{BpXUKPZa*I2CwrGUt^o{qx_4S5zkg+T&GcpT6Vm%KahYlN{!}({ssa5yv^w&q5 zoP^^lwI{WH!Sib>qUV$LQxc6bVP*W{?jvFX&=3lH5Edj!C9*A}}ttcBMjxdj?V`Oi&~Bq)uMb^j6M~RVl%2@2>b!~$^U;pZ&f*wZ zSv8(Re}YBDMaQI#x;se$yIzroQF&&q2{@M=^wtFOuwq=sZJ>6ibMC-};4)zCJfD94 zXt(bY9K|{6?}^Joy@s*j+zd)>BtZ+fUnjWLHQe{8CW=yVx!8>C;m{34kPZmYBQJid z@WvI_yy)Q{wfpygXY9s?D+Gd6Lx)q!+PO{4pPsJ)IH$6kub%Jp{tn(LNXtL4Rhn4O zG*V1-v;-Qc?32%r(uD8HAf1Iq4TqBla(*om=CrTapFczUlVdh1VAyA<&{MMk>5nv6 zR1CkC2t1iEQrjDMh$1`lr8~?Z3+(TLrHe(}*1e_LhHWe!@ZJ-T8UN~8G7A6|XBU?- zu%k^%Kk4m&fk*JG;Og9VQiJX(5BM_pF@t65K>C=oys>hoF4lm78o5ux+10dT`Drt4 z8Wsxo?CP_P09ifIBnQVFUt%nL1f*mi@!E7_C`0z*QVlWy?#?8?E?@H?Xlbt;H*(Mm zmdX}9hZR@PxwnT|v+7>UtZ?aK6L-XyFLD!41cSzdOH-{ukQp{^6XB;6`KwaZ4d9)0}HW-^9NNjpq-)v zmd5{Vfp7Hq!1{7it5>0!MgNpw9BYA|h{-#-+#8Fx8bNm-4P< zJI!~ptF^1AzO(w!()HrAQnSSn@egP3+@EAgbc*k~H_h|2hV6ExYpK0w>)wgdPAX7) zxMs_ZZ@g}`r$T9{_acPF_m`#&Y_#5fzmhDb@e*=RA<>5Q>WJ>mKj{gPbkz1DvNgtW z$%r`3fYI~U9+b@rn&?Bg<}=%AYxl@%?dgV9U!}=GuT(#5$P5QiU(AYZR?W8u4{Ro> za2aBI1gqTzWeyv2l*}?Mkaub3p0t zY*vr=8fN2g$UjlQ?5W=4U2ra_W0a!UbXRJJ5w-yzFae{Qb%h6T_8YJ>PpQ*|zI3?6 zt5%c68Xnw@At(`e=d3Kbuq<`{{!jaS!5CF%Wkj0^5qz~+J}0_cBT9r1v-dA%7uc;| zx6J%w$eCd%UM=p@rHhtJ7_MD?+0VDm;?BUjItfr|t&-80r7w?meTL+S+hYKoLO^1rZe~TcwE7 zo6=Dfk=~`F^iY*vLbYr~K2SW%Dsz~U)1PCE_2DkhB?zm^%JIo!kE2=FKfB0Hz%s!5fIt>r{V3Jo8j+#7hb||7N5z zwdjze4hs-iWBR(fYP1QX#MzzqicHW!|%m<8I3cTl93acPLSfZ((@mWx7 zmQ6vR*{TEIv%Ah0EMO1_=n}@>dn=H-d*D{pO%D2n*I3sbIh5zNjjjM>m~*%^H3wRd z{*=37BSyu0>E`=F5w!{i9qlHqnUr>d=#AfFpp#mbq!s*l>}0h~{xHF5<~e(fW$7t_ z*A8_92hd7NC&N?Y+bl3mN3Q6V+p1hxV#?CvPTawbEj!!1)d*90`54+N%XFwbbbl+B z7Lu#PWja@4Z1xa+m8{)6I(P+U_|7$HuiYc6=hsn)3#Y1_l~kiWPWSWg#n$2NTvOh? z6W3bxSWTd1pl*wPA&1aE^D>_A++UZfEDqvX&#QHF+b20By>$G(e_qU;=<=EdQ{Y{+ zm|SFP+N7->cJs;o&VgF{)VD8tK3Io9ZYW){E@kL^8(L5ID4)C5#I}eyKl_|Lj=C_c z*0JwUOWlv__*|J1>_$q+C^|E%`}v(5gJx#Ugn!Us8@gH2z|W-CUyr*ix` zgCUu?P9+Lu^((5C-8nbcgh5eL$uJubrlGAqJZrKjm6WS%Q9|3A2ucn2YR$epP%aefK{{B&&2_H!HuBYl* zNgFHn+bHto!O@A_s?=29aSXb#cf$xnH@r4G%b2&3^qATMe_CsmxT7-y|$NBuan z_Qb>c>SC`k>YE?*D&TB|%5Y+&GBu@{bI;x9idR{bI^(ER^PmOWJ2NJ>KS0gL>SUm9 zA%BSzy+og z%vB@QL7?bDQiqMSP8>oSV+Py1tk{D6J++;bG>?BEflY8| z3C3CoB4zs1>cEQEeY>5TZ@#Ttv#sKlX&o@E`sYYNJpXWV4QOhH;8W1ygFZ6 zxOa!O$e^6VNf$N@wn2dKlVSX8A+71zrgplN8ND9$yX&Y6^m-`0&J;=4G-#10hm^;| zkxA#u@^RxJ=hqVn)g2_DQwN;uI@hkm7tl{lrBqLgW=`Nq^F%=w&c zuz;Gq#+ccB=AIbyNGi$~G^?p@Dgbz)Z{4&Q_IONbrsvXVO*nlAfuOJ`?KHFucWLlz zPPA_yM{KZ>=CXF4!EMr;vZ&rqS$e<;#kZ=DQ&d1EbMEY#?#K4d$UM?-l)^9%7!2Q* zGH+F!&DloZ4q`KX`T$$Gyd=_j*LUcjD}N0|EQ0S=tcs`{N6G0>eJ3-}FYp_mC#^jE zN=?X$zAGlbOz^g=cYLh}^Zzq;>9^y;l_*|xKCz6b>v*K7 zXt*ej@}yTa6c~ZgHP-n4DT=Jo@_|Mu35W@Efj2f?f%yKfd+N(0^L1r?1oS{HM86K7 zACSOrV%z)GsUsZ-94igV$5-)2uy(myr$#C%kI@V()S47g<*p=lgEp*o>4tvj{oT!; zLPThfi*X^ML*Q2Z89xh9M}!%6euIx64JOY2S`4wM)bQ>LY0ZOAA-r^lh{uhiX<11D zn)A1{b>2w#61L`3-@nf=(Bk`gDDt0Kf>$7Ju)w@R&c|sGA?TY!x;$8D!oo3FWabE2 z(m^$vpUd&ePX0V`vAO)IViKjoUiznZX|jGpFKV4)ia}vw8y{HqMK4$9t6q`m9XY)` zz4kLd53ilWvmITo?`n;B_Ky4E;EQxOQ*TD#^IcCoauXu|nC}9)OU8Q@l4>*X{X?aA zaOo1{&(cE?YeB{WwT{P9^zFySsDrI9fbGoYf4iE1HwV)dkh`ysq~^ji5WlnAe{@#C z8sEMpfL;SQthxU`Ys3FtT6#x)<-%Oe%=Zvx`Wi$|YE&sr5}^fXT|_bH!Y z(G?Cp{XA=$XQU5*|DSg={?9hH^%SnXVyHT%l~!O}(LtsM%4~L_niIRDuqS#1kH&`l zm(!#BsVCDdOml@xSYb0)`cgPv`7m(l7l znH1Uu`cfV0BEb+j!&pvx;enk8fga;#pceX`0@=YUL4s?*kKpEXGVONx# zArQhj`lV)~BiMp421Di(SIs$YTLzP%3iX(*$ahYcnqX1WkevPLasgRCk0?Y+3U~de zkaK>@18nBrr)eaQjB8;GDcMB1y9!!Y>19&Uedx#-Xi>f6?BlNocUk*vEcs>x2EtI) zhY*p2H;iijlIFwGYN`v7>%I_@no_Ey#_s4Tpe=1_LDJCqAhRE- zJjM(`>??_=l6j8SDI2Brg#5n(%&TpVI`Bw^t`lcN5gO^y>Cv%opa zuWy;*I!mr#<}YtfBiFU#YJ1Tq^-=n2akSHWP^1DbCz9Nte+fHP8TL z|722Z8A7kNH*MQ{*yIEp&%FGo+dzBxiHV#W_A?wqLw`B(?418(2%(z{cVy51sK}oW zoads&vcsD`b|~9q;O!e2^1R^%eKoch3F6VhV)aj~{Ip6Y0Q)mHI|>_~5E-p37SvEglyw=sZ4y8HsOr}8DdZKw zx~1pRjiB-FwYU9r240GGyquu=Usu$LneUteEc;)Go~z&L&s^L6>ft)ca@)!Nt1WH-5Fl-Dd^XH_-JJ0wWszJG_7AKZ^`~!)L++ z8T$lwTsugPUo1gEwZxzCJbXNHtDvdK@lLU^oWU$9J7%T6{~3He(|2LW@M>g``TVX| z+dDWd3?}t@yEZ6oE})Na1!^9!Kb*Zj{cr)ey=};-JW%wm>PhOlHf9$iEqLJm7@PUm zSWWVZXp3e%BWYA)+gOB8*SRdF$aHL-rKR%?aCjC5AITCq}jYi$5o40Y0&u^*jL+FeVb++kHI+lD9y$+RfG+fW)*X>w7v{FSAk@7nU*g=izqh!E*}=zLiB_p}q3gRbInQ(L1wK1x zN$-`w!vYGBr?*<3~2>E>--JsO(3ACt*V0InSy>OG8Nq`Xa@u0&=7k)(~38b z@HcNw?7!QVrf&vYZz%H2mXZU!)TO2AxbxoFW4<6APe?Hp<=O|inbDk&K4qK#tv0_O z35;T}oax_gTvAY>%nMnq#sQZJKrDG^)G2O3_xBAUTr#Vn?ytb*1?wFU+CF|zB~M;1 z5;K=_mrS3&4E;ien+yMnXwfa;-nOj-Su_7dNNq(0RFVxhY#A zDw&Q!k_Q$Us*pFeAjxGhsON4Zo;cx4aNf+8C$<-bK}zyHgEi&%u4mX5Lv-yxomjo` z&_H#>HHlNL^M?qt=@t|J4;67u3m<>e2p68=fKdrD0l-pCEG`v7O=!Om_>_7htCZ|G z;2bG$0V!1Mt|h4doaGBRvskUuNgc^}vBeDHbUG^^w<+S>l{RvxWHT zk|e9V%hHgJ*)b*UVpDa;Uh>MTtE0PjRGEroQFwBz!}H%bspI?ZP5(5b;2n}AW$lsC zXxb2$hQnsiPI$v)LH8~8_=UD84i1@{8QXZr5(t*d$bFQ~FZY`hSUHv}-wyg8WJQ7H z&4s!=07>hapfII5Z7h8ea6rwJm1pMSGm`hFmT7yXA!AC|PtXE*J*wa9X7KHqIK!Xq z7kE#{*&xgfhbO&Yat%yC*JQBl9Yo4zl(Q>GDo0##;IQl93VhK!wYIm)coA@g;);8u z5=6`ym1eY3QFi}c*uRJ~GP_#NnUK+D-Rr-r&X2*cy`_AF` z;yzw7;*9jI#H*r#7N{wT++ON>J*E+~p7(TlW8j*(qL?_(iYw+0TaUzRjzAxw`?Q`( z>FM<;4-`k9w7$mfac5mF%X_oDzh!8FMPhfnD{o1AEm+S^;qZ%s$oPfJ3W`wbg{@lE zyIL$1BWI8dt01+W*PKZT;;*#0dJ1ezG}L_@i9f)wX+Htf7>Vz1TXgpFcFH>*w?$x; z{R%EGIA9c+}sN_yq1r7ZG<(Q%SkW2?q=~V;%FT111uMo6Dk&v7rCnUcE|E16&D6^X!`q zRrUJ1l^aTLI2XpJiyyq!#saI3e~uJcMoO)sWx!sloCw5lRPArX-`#F6R0<<=F}Y>L zn*pVrnHXSrR(iQy_b$iY0;@Un2a5mrpZ8O|Rs1ZTZy4v%$8ygCdi32-39j-`X6FAc z(Eni@ajIUY`emy-=KZ(=7X-&cnYzn;ElyaKVm_^~<6fOIPIRsu5xE#0~vuJubEby@n`;~({qsraamTEg^92=wV%pAM|KUyO0EZ^N+EJk(j zb0kn(l~&D!w52%LjgKU@ib}V;&|;q5;Fzsu83ZgH!Sv_q9X8)mh2LGBj2c6s#ry-Kacy`1_Ggzj9GH zp!&|Ap0ZW(jU3R60D|CoOEs@@4gkM613oG9JH`9iR=L|Zcv1jGT;^g-YCu%(hL0M= ztX#vmD!^uQ7}$+PTU z<#yXJ-pa(6)5Xt74r=Ne} zonjGO1Bxz)BJx`t78(^>Dhhd_jCN;QCbjn}g)#2#H)8IRxjUPqn}UhJ4(sN{u)7`j zGIv0tYrf{BQI4#bs33LfaJLx_-069yFX!YkAuja_&=C`1rRDv_JjDt|wnv$Tv z76r4Zn5#z0g?fMmQBZu1`ooxtP-=D%SI>7jK6=(gM>6k{8K%o;fDkR-y%;~!+X*x1 z><>7=v~~`EOnDC+n-Sfa_rukQ`!p$_-671x(-`Yvl36L8M;&6VekEUKyKzm<&9p{- zt%->H%wi#?9w{XxmtA)k1z-ngZkC*X>Gp!VWCEM~q( zQ*y{5kSOls+3I!ricnKms&t!}bVhEfKt27`c9b#f={Y0YjOTGV^YDiC2f3xsX6xjg z2ZW6bBEL8ufk1o{A!@Lc-nZ>0Ve?8VW&-u)%YLNUV z>B`Z?+(t(_XuT?TTfOuHG4n9^Ga#^79Tcs13Ob2Eq$IHF1!{|=o@v7U%SDS&ko2na zT!uhabWmL%x6|0jWNc8~nJ(apH6_D9yR*^(TjbnA*jWF=U+r-O-fdl=@@A^}C{VKP zjF=s#-|YVC-Ye$_!4x@@*_dQ%WuD>0a90{p5p;W9>R81g=O9YTuipnLFj(FdcZOaK%`$Sf;Mt#Z2@lh zL2`>E>k#dHsaZXL`k^A9_rYhAUZ=lR ziqBbi{9ON-$I2*IqfA9&Kk;>u`xNR7Y_d!e$hcGCPV%I*!;p#N~QN<5~NnJro1?&`g13BwLw*svV+q(=JKY^Fe@{jf0&SMTkSw!=WL z&VJt+*uCiX#=-SlWMeYONF)KU2v1bowM!6v^jP)Wrr z(!Or1CWSt(u=Wz*#7oR=a`7eB-Ep^pPxrE28!@1EVy^eZCaVuG5HaRh>8V8bwueU0 zD*M!dY~=Kg;ec=S{2lFw0#jV|L_Ui+_fo6c$Mzg^bzSn`GJCQ;Cc^gEO>Cak^Q0JT z_HNbPVRE@++-MSs%fBuFEm|nk+d?Y$rqQ-F!cl&^SbnJ$eJ_f)r~ar)Y`Uo7S&*VU zTgyDoahE!@fKTy_dUoT=LB++ND6wP-zFot#Bkm=_GCZs4ZIG44s2518y~2_+d|ro5 zP(v^D@0bFE3aSEu+nmW&#yOAc?VpWI22{2^lUCQt+d|Yz%VvOkkA!fN%h+ld3J=I#H2VsP*SG(e4-0}3_e8GdH9Ct6ma+PEo zJ1`$u&vI|7*gwaGzQZUNiRu?=X&z4X8flMYfZ3&p8rn`-eOcyVF$D~!G2zVQan{96 z1%hhJtcu*MQjrI{64zi(fPPPVq z_{=Wt@%Bg#enS-4-lJ|zB0kZ=q*o}KsKX z@u#S_0_fiH&f(&x7*b3`OKKI1j9aHz7pGVWKY6bEtm7T53oXfR}6Xdfcl}B z2EySotTyaq_+=I@tkrdxjkAD<+FmywAuQP{lI|D5G|BcF1Xf33%pJ`p%6MjD(NxF% zhl@N9q2N&!VrQDwZD+qYQwKsWCC9 zYioFVzsx&qUmsuRb~32a`mT5)Q4Xblt)?J%&%H{9YgsAP6>I`tp4ZR_=jl?qeu6ng zttVTpktWqNs<8C-xGr?X{-gP+UP0{Y1N1&-KNpT9q-OOhamm})4^B+5%L{j_CoGgP zDLnflGP1n3PKe*8*|u1e>|H=b7;jInQiaof%k3S#i_uYI9#9*!bN2nD5Cvhnd3JK* zq_^ab=P@(Iuni4DRy`N*`A%V-wAgIo63y&+1@xV)kqj4(#Z5;mt)%KtY%JwEpqHei z>uelhxJWTPxTNg&NM@5@g{MK*5Y=LCZJB*uy|rDlil0ey#-AS6;#l4vWvP;Zdd&}Y zJkV>Z)jF6qHNC4)?d9i-3&qbHfBh~#_i<&jn)JUMaPaQKZQyCmAH&baGI zAnKP5R}3-Z@{9Jtuhc51jE*4_BR_0hO_&z6Xpg*vypT_&{wPs<5_vWxOAi*b@_5^U zEjBp)crXbF)^Q*xq`X;M(wv_%$HH5MSxntC^4F%XQI}3!l3+@yr&$G=FQvjXPN&j5 zMO)JAx81)&^E{^g*GJw{D?VOh$9VtZ#B%@al#a{qnFi%$YRqbh{)IOGJO^=b-zA&Q z5w*>z{*KI6t5td^X(my~K`|urXMWcD=3!+axy$_Vdlfe_|NflI&st8CU0h+^)JIxL zvhDUG-(xlPy2E@q(YF$RR_cZ*A(swTsICA7L&}H2ZbA+`vy7I{meJ$8bx^hKXEV+( zpws8aKT6{+(Xwb1-}aE(M(16r>>-_E_r1F0wn%AL(?T;AANP>kJP=vY3}3$Vg&t{` z&b308|^*0YCUfPxTK3reS3ZIW_9)5g)hTBkj|#3WNVxZxhL)nvztti~&9Aef}&WqZ~)aM*Z>P`9DKbe6Cz>ThITP4;faF%tX&3 zL(SUf#MP&(Sr>~qo{XJ#0ehIcG5BO;JQK5JcqZUJ*M<~u+d-#h66|W*i<~tsc&t_F zN_Oab)n*jA96x}jFGCk{vz<6wyvg-{Q=u`No0zj6$DTGI5S;iyeYqknRoc6RFg(FA zf;gfd8!opAnAMHg5D3a`3S`W}v1YI_0vPm2JrLoKc^bRCZpbSo*8*ey2}!IyPC>ej z*`FE7_Ai|_S`-2u_w_~+G;bc^zTD1}_Ao~_|JNIiMpE;r?<`xTLMgFzu)$zHr%aw+^NHW(957OSFEF~;jOAwpWo*IqZ~#+8xn|w0WAhpsm!r{=`BRDTp52~U#j7F| zB`xkt2BHHBA)j(ro$>o*ep&Dx=AcI4D=&WR#Fqonn(Ze2GT_0owj}*H z81QIhq#G?2%c;cT&VKAuccKnlKuh!5xKEMACnMb>F5)3YDLXDH;;_H&y&AEM)(pWe zK1J=>d~$frz;RCPLvsAgDv$ibv$#kWbdP)Ik3h3ZCnK5NTw;-Dl$6|t!w=bEzxc1h z(dtR(vz#K4cl+#G-e*W+DN^Gfqa!7?U?D#O`FjX#|kDS zfka}qh*Y!m%3a#CloA@(KG`f8Yurm_Nwg(NH*O(aCjuq*l)z{kdXcS9vnjP?_zI00 zAkej;0t<@`Es}VFNtJ*c01gKShCaig4et#C>co5is30LJy=;07{7d0$DNroKfd@An z`tr$xJ;{;cG>r9J;vCfLFkf>rnDhOq;X#-p%`@Ur`a2-`0`} zBSi<7_`UIL%~c=L&&YitL%ih6ITPenEyGI-E$Q32*(a>D*q_xO8~WH!rmlm-DD(dB z-^qAm4iWeXy3khN*ZtzyOZfE*+lDK;L4*bW0QaTEKr5Yajz>FFrV{~f;O%-qGEF{y zLn8mb(k_2^cBaXoBx1H(1B*ZPZmXmkm_r zSa&_CBlZjoxpb0sw?L=PPqclLtMmD7u4&ElfE>NtXtpmz<*O^wN5l0#DPUFh{mJ(s zK!%(I96pkhOO{v1vy_D-+(G+VQuV2H9(XQ5wss}$H!3%rpow#G#9>Q7#YRwb;;)gx zv1XY7oQrJ=zdN#|mh9%HE;(-5c({L)P=DA=lM*gC?@~GL=SYw_@Ix_a2m$}y3Ay+h zcU+>03;Rd|La zumyLT)|1*3yN86;?i!%kQH+wTND{S+Pw`Z-u_~Iy>2UMb6TQbrJnVsKef-BzQUZI0 zuDJ?D_yqwV5ioV^S#gW3AvHhqsy;w0i>iNOttGcV{VWA~&#*+>s z_wGf=CxV!U9yvqxATD~fB$;7u%3G$@eFH^i*nx4VH^C1D@9qL&J&@T#%xq7RvxanG zA(X6+Q1C0yJo;z~4twT;hJOPl*fL;odH{0~X;kKY)lFQvL-S3Fj&P4cs`HuR-jE2PK)mSx(igF04O2xVGiKtC%-A_c2abwRQ>JEME;LC#Y0I)zu;3s z=eGOHhsSsS2l$b-9O+u!gf&B>7STX_#5#FRK50obr*jXEW z?f7b#W0SEvzj;$XpJK1_1gC}I-iX8u!k9D*!}gyU6KojrV&TlUYWu`U4M7*!z@#4? z&pA)fy&B9O1Tuft@oGsT!vn*194XeE?Z!tl#{0`Eznf`J?^ivagA?;v8MbrQ9S5yb z5zmDIVRZhg6KI-q`gk6r{zOKAI5hn?`9<9a{cXtXN-HWjn2ER|J_1@FHF^~C6E+z?9}e;<{AGOXJp#Fp zNCGiwJ0<&g%-ZbGGcUZE_lPY~G(&(=%45!ce|y=Ai8fx)!sW7<{aNW1l0zMBqS*Y5 zPjvGT%__q3H~)&HUZLht*dm3KCA zJ>noP$UGph$W+dU1jUBll}es)sqj{PY!2vp-N0PRweE>q1(Az3<-LZmg@ojzGoWuKtsQ-IibqOjl8)c? z$UTcf2KJQgMOF3%v2!Y&>+)_;>1AlXWQu#9uehP5{xi&!lPhY`%V|8$U^? z$~?~(R*-vOz4-G*0&|5Nqy7m1)528^QY_vuxtML3UEqW7bsD7DW+8^5|r5kzni*)xQlyd2MiM^KzvHrox0XLm2jkE4-!=~izR_j;bgIX(*PB3 z)=BTJ@pIQ+C26Ggl$o8FYk18*^1VlSKs}he43K$|!9PpHyi)&dJ55@=w{w4D-v44% zmYhTD<%Z{Y#7?>pq^?pE>HnKsl_E_VSNuE#bEE_bQ2a|)-blr$*1}`f&nGf+Opd#W z&v5um2BOyb?)|(6=tt$y!~AwA^(RT1JVlG~ci?&3nc-kh^FMs~{l#%k-6H+qyI`&% ztW?1Y*GYh#5i0ymZt!*k_rfd*qyk1r&Lb?5(KM#&L9p?B0m|6poRDVW<3do-k%tw}s42`?=K%87fgQ`UR+xfhTBx(Bmk5zDicV%O=uQbVY09y+-39$`#` zbdV0*rAHK_h{=a^3l^SeadJ{pB?74--k{FJFNVRA+A1ry~J(lfsMtWU@^sU&iWS)NLarP@{M&t!PI z?qnjFS3VBRy0CG5N9vj!>3i)tQLrjadu$@;-uPn{nxsP=2V!_~A7 zDn~OJRmji1!UwvEayLowgA0@`g~zJfPXFJIuOcr@DAzdZ9BnLiefjPWUk%Rx3xPY( zML&*$h&O?5c=LhZ_8AeE((thymLlQ)CQYGM$>)*{kFZx!? zqxsRrmw?~@{i0GOGG`hb=`vaWeCzku|Jxc3 z{lBuvj~Lks_sKR_|Bs?^*d5P(bZ$90bk8h8{z36dmB6rnraO!Q{>k9r^~znj_RBBo zzkfWn8*=E@Cx39%E)Ran4DN9G-Wj=L|6u0UZiK+5m`vWNB_xJUcNclQV?9i z_i7W^TQbUknTol&66?YW{$;s&|Ej{_f&bYRq;5IIyolqTm8qWU{f3XEfmj8fJ3h@t*f7jeS45K1l zuEYk?NVAh)9sG7Bo5OJA6NS96f=I(`@%^=tzhZfi?Lh;O@JNX`gbmdqzV2 zfoq)@S021_Joo#@v2K`-Kt=_LKadM+YTcVD7yDn&kK)IHb31dRdCyL5(m!Kbti2~G zJgV@|o#ixHbs}AHl%)0tGn06m!+K#V<#&0>xxM|I8`Jm4k3*erIO6wh%9j^_h*LTK z`vV;P{U84-30h{l+E7dL?N~0t>Ietw$~!nD#b5ThH*_j0rWAsQ%fJ&j`=;?o;%t4?P5FcbcMZeU{RP z!N(YcH05QR8@Uk;5@+5EaW68YAdaWe1>s|jyo(9 zP<*OU;{kT^(pz-fM3DpolGNZ#KN%@$c)mcN0zGKa7~s2hYh*z`zpM0fXQK#zFIN&c@v1t(9G+hmHTbbq|>7m(=88;&9)uMHYt{Gt^H<+3ZyQlw*l(UX0~Nr=n7rqHBmtJ5T(B?R*W3(2;ZpIAp3rCDvh1Ykq&V~Z5FBc zncarCp{_3)D?ktO5kW!wYWua`B2Z*qqUXJ8SU}adv2r0o-nsOYWduGOB@*BwHzo3e zkU0oo>`MC-F?Am{u6h@*eTyKnneZODSPB4?W4PneQzU9Mf|YiYD3or6Fm|7%U7O)nN^w))X86U8ZNLrI~2$vA6P#RT^6Tyl})$pHiich z_r3Z6k4A!rF4h1jhYkfDjUPyej{uIgHKv(Vnt?>g^=D*6s57)M#pno7(*OWb+6^M(}2fAcL?a6W!|r-C(lc{9hx z^<8g!z=xCXDXF862n+)`ACm4Y%1Q&8xdsYpVIk_h@`@rO3%-c>?H85`dX^x>EzF8$ z2$+P}c|5DJ@4t%5QuamxKa<@J0I@sNTKK8l)xuK$91}C{0VSU3k*!K(Cz3~9#P!>m zhmy;H<=)*ydF&C_G2Wq~@B!UHSRtV9v*{wn6-&Zb?l&hgo=D5WEdb(04ym#L$~CZIw~UG(9wixP-dtz2i5vpO=;j4w!VimSsB`DDWtsp z62hz?zU^8)&#@jzLidu8PupOy)9KtK<N~j4R9jOtjAz_y^T`ZuRNJE7 z0Ps)w*l~Mvfe=eDS7Gtwdt}JNBMjc$OusY@9>Kl>)0!W0UX4bzVuAM_B0xC+B4am! zxp3E8=9^uxg+X!Ym1--Y%H5+lX5d=G=NXhyP%mZkb`OJ0dxQC@X?J+AXWJY~jRS;l z$?0#h*6hB&wB12=M>5curQ{+STu6=+JXxP2Uw?}bClOZ-n-g0=I7MnVaQ?SBnhW|H zcYlUYYWvkPn3UP7rK=TLvTr3hBZo&eB#_L3qRHWg)ZA9IR4+=P*i zM@ba=uQp)3q~khN1skkEkn}~F{2|lggOBb#wBN3G;AGCA{7D-L$VBmtd7mNM}sP{YTGSu@Z09AxYE!|D%hP#h`t>gpXGadqzI&~$~+kcHl(kBHa@Ep zDnjvw!eK7dduvWxB7O9;BgV3z1Ukxa@gnhahGq4c(O2}WBeQgRH*XhyqBQ#i7j<1R zMU~Ck&=ThyhmBv)ra>hxS}h$g0|ozcGGI`5rZMhjkQke^CrAv{1y3ldRR5+ZSbKKw zH!z-J2c=w{*_4f=aW;TpByO|>A*hyNfjhb6R5#jbbav2Etk5>uB<}T%62&((M9`T@ zNC38n$z%saFiEyojh4*6G&$x*H_QiOLWwS80wTKHnw3O?vNk=btXI2}lBpZuf78>Z znN2f6$RG8)Et~N5DdnNT<6zlxUb%E<RQaNa zCFpU@53sz9Rc>vggGj9PPn{MiIeKn7j1bd@JQaYK%aWCopFGJly11l!HPEgy$8=Z@ z%=uqck?2~Fc}AI=&w%eUHvK0^9AyV)qf!q;nj4{n5&YkWi+j47vT+haCvVem1Qg$y z{}khtemn0~HSdXZ46|j?cT=h+FyA=F@I<$7$!Or--YhDfEiEG*60j7=(DlH{Ll7+@ z0{knofgPYT&=s^PUwNj~@_Zl^BTw4v-L?C=`V@14ZZ{uo&vofG6SrFN8&zY&Y?T;p z+sUSo8&Odk>2pk!=dT#JZxrSF1lfDtMSZ_alxwgE@uZGz6(2F{-W5VWW}s>G9&zB2 zmNN~PdyC8UC6qg%qYan$^(wFxSG1j}VN`g!N$F&ZZZk+SFkWd3+kprxPzG_)?v9p1 zmA{^Glb=$M)Bs#hfA=NfHtsIn!eeAe)W!dNgZV!;b`0N~(rv7-O+0UdSIDV2QfOot zQ}c>Z?{8DPFO{^BotqPJ-6n}3fO+K1_L)4_M)T;zSTaM=a+=V}acGHP@hp@fP18$y zoSzGF9aJNSTEd^SKG^ZBpqM-WxzM<*z0Ku{8A<}j*>@3U?rlYsN7mgsn@r0@>WZs5 zDVji4VcH09u)VL7aGVel8J@4Da5?Fo>u}$@d7Tb_Oh! ztT*R>6WCm?8ZX^6l;2Cnbs^K9q!BSl#`p|>+J!t#v$^>b)qu^C>8T@6SlJ&}pEW+A z_mZ+3wTkQIF9U|kJ4E9u6PL!}`0%VRLHw$#x>Vml7@t)(N@_e{Q!C}+vS#+o-|_h~ zFYBm0S{Cs?0Hu^$neCE=JZ9`kb;>>1#CH11srkeA0?VYX#+8m6radk}yNfHUs$&%B#=*vcbc1UiA03GL4~!!twfV8~ zhX=%;FoqEUbSZFeT1M4;n%}aRt`NKuHwD52-nqsA0}1;;jXdJUw?zaNZx*nApUf~g zJ+A#Tj6qHaDhm_9?HWnAsMnuGhkJ?ffl5_W3Hp&mlNNYLP)o2#%^58%m4&kBXg zebqXzCo>sLj~r9#6*os@Gnup zcNPoEmPo}O*u}YkA3j8vohp9Fh|^1a#;Y}9ke*o-zluP7%dHpP?z_h@EV2S7eOJIU4u6wo5|obG1$;;BHQ5j0G9$` z$1c|Is86w1f;KP#0CDW~$b3OR%t3vTgI#Z$^N#!^g?q=1>>;@sAkPUc&Rkps!PO(l zS06oR5!dybdO6lL1VU|FFH1_;!N&fQfUR~-2qL>=Kr$9>h-#9!JAB@AhIz+05E%KF zVzwp6eZqWyO}$oCXN5a1xJ!8mkvk`Qd@Z*h zZsC>=huqEmtN^acp$L++;_u#bhfSS0B=#qaYFcvgiZh~i$=~;MQuglJ`orSJ%X9qk88Hk%nKuJpHKi4ld4?81VQN24W4}-`N zw@^A}7S{I&8?Tx%*y+*-5oSvzo{RidAO)G#>V&DcS%K4`mDdE+JLOk~jb@Svm(T18 z;BPM$cH&GiwzgBCE)m2t4QwqEf_4Hfin+aSm@42lWFAEZ_9<*yAYMiSlMQhoLWK=G zSB>CYgBG36NaZxDKhzGrr-%A6Maj!4Y=MaT>PNSp49iTp5V;x;%6Qk zkn7xE>o{UPlSR0#CAm`@`i-tQ z66kU_XA&%uSzT+}O@oM*?qA~!lh0jyFciGO6eVxI!2O<)!KDtGxZE0eU=@{Q;#xP> zqpEVu0vcBzwD0;9Go065z^aKcbuZkTMfE0vZR@b2q9Z_ci!MpK6g1S__8PriN6uh! zO2~5b8neWB)@fq16c(5?AUNL>|q2{GhFkkUvMDRoInyfzT zgvnzPxlgweg}q1+c?)Q_xEGSNm}K|!&DG3hf|!?@EXZuzX?#~JrN(8p*J)R>7r{Zw z8UCv>@Y+f>O6G!ek)D^|N7_OZkkUFcoqQE_(FNaM(LngJgSp7+(;kQOzgxz%yuST# zNyg1gE3dQd#A~tQ=`CYS`iY?w5C}B;PIFTW|9)hLoFWmW8^J1STVCVRL?L~cG2}M% zB*NJjwC4!T(yFyJ0SmdbIGl-#FpI@=6({V2p~(+$f58E7*MY$Ph>__Oi3&o~>LR{v zXzy@k%i9_M*LEnK07dY?`Q5FQS%b4$Ax22s0**PaEjgCH?gXljk7U+nbD!-CU|h4@ z_$Sonh;#ur*YbmNvL-?LS^OcpK_7}CV8P#DW)gCx?(+Ak%dN(d7Om9WG0 zxo|x2yqPh<#1}5wbNd?Eu+&OrQ#a{tG6LUlu+fS8p(+?bGIzI$(Ts5Ccm4kUFYt(- zk=^QhvGIK1?vLE;w97C9K%tJKU_xJg@K?^qmf2?#TY=);i01}BBdQmLSw8i~7iGlW zN{=7Bzo{DkxcCm|InD^TZf{uWUL3udeIROI4!Kh=7tHfTAkbs|)2Z43hqSyJL~vlK z4MD6yBm?}J8~Bv$l32aoamJ7dAfC9UYy;Y8XTk10!z=T~pnU1)YXbBENRNC~78_{) zG7(zpzKgl0B~trzcHjGn8uectvz<(DhL0=0DSQnOxKiSipOB2daan@1r|P`GT4)MM zmT)v!IFdw3M3|9wm086Ooti^^m{u1yT=EO6Bxum`-?_&~xh`Y7i*!4Ao)i^~>6V}8 zzHOwqYKYRaii^;*N|aY5%tX~K+h%L)giHj~e*}>UVE%+IS*Zs-bgKRKn$6bnV7DT* z71x#ID3>NbK~6M4;mT2u(2<7xsldsvd+;e(fke9+!D0hyB{!39)4U5?*wuPAS4u?> z*u9ETGm&x=?{2&HXxF7`>vA=8he4)NevD>G2&BK34V2S6CCMZBFl6nAp*(c^`Zmz8 z$R{=6N3a299=UrfbwBXN5@hDckTD5__Vh1ZF1Ji4!Y`aUUkqcy%6VRzlE#m2s-;?T zWXGuN1#PsqNvQk;b5~_sQkliluB>q8odF@XvPYSZYqwZasxxfyp8;`V9SUgF9iG=r zXQoy+Wp{>JK`wb7TQ=sh7;kQQsr~xXvIWeS5l7{=af@sX6{8!pzusFKbJ^vz8-s^7 ztqA*w6d23M>P6@BE*#>Or%$0RTKNR5gr1HAbH$wJYz*ojjL%vGJi$S4_lh|@FQ;#z zpm@$ybSXdGDC5}QbYE(@d$wiMIX}bRzkeH={OD}osvtE(7Vl7AdOj|H9-8;8=ynNMkU!AAciT~}>-`LyvJH~yPST*9}L2G@GZFr8J^SP8Wkc8kc_nQc zu}ctHgzjNrmkezg%JyN$^{_8C4eRd3;GQ zd8@&r=9R5|D9La046WM!`cZs|;?^=E2L7e@5JzA$uoPgc9`yTCy9O=C z8dv($3NQ+5WEbi7P}G@kdVWMn&^8`E!K0N}BaF7blH&O{InTqAYq5Frx!7vGI)3b} zb~JD5J_%Rzf`!Y%+VEC%HI#@A__UBb+xfKjX7QRK{m>T7h{>v3#~l=E78{>>E%vbthBj4IcKKyZLd;Z zZdjomoQ_h4h%zaqy-{zk?NBmPuA`e!=r>NZ=CIgXkH(z?>o|_aipcP*PbSQP)Zq1| zVjK^aQNXz{kHIhGwf2zBEi6Y^*3!3II&9%DP8B(a&o#km*l0%#y&Hfmg&GH4L+hp0 zk6xk~eSH1SA_fL4<>6;~&dQ_Iq2}LTR(JR@RqH&FKcU0|6m1~P3|KaJoT=YmGhVly zstEXYH-tDr>R$CIIenT@w!n^a-aPNaanpRG>q(qo#4Quq>HlQPNTZ<*+T|Vs5-A0f ztKqG;+WhgHWjJ1huUUj%q%y}1@xzGoW<&b4D*Y1(-|5>`R$(=T^7Ud*3!6!%%+{Lr z2sZN*R@$_|aXL4Idn-ovMQ$v)t_!{Om{FNn9!9J&j?xK^=!*Av|6FF zcp@B#RnW4vsf*aNrRjo&e$%h78E9DZ;%T-gB^p-QRCERt z-`s0fs&3b&ad>mAT>2MOUZMq*f6=QFr>tmqsT6CCz;|$WM9(qK;7Y1vivOMBJN$%L zZcdmVjIyk(2ie5eTMFUxlH49f(d|&x-|*e^%ptkv)oKsab$QhSKSSBSEV3+Uz2jdQ z{B6x8d{mQjxhypCw)ek;X$%x-Gw&Cyj1~mkule0ce1ruUV|9=Zq)y#!UYF~b%Fm%E z8?EpaH4SUJM*MtwH9ZaDYXBsrhDgGBCeY++ddkgi;p*1#0SLW19y3M0 zA4c?&u&SFt7Q_MqWBV;sL2KoX^__?CH4br$`(9&8%MUfhuQ^_6o< zPw6{5ioMni-g6)Z_ooREV#6&7mhCcQX`oj;H_c;v$EZ{q9ca!+iBnOUwhHm^qOPQ8 z(F*rxzrK&HKy!w!lNqa(Sp^tG6g8}Y+u4ZmkS^psdu{IrMK5|saP82fyAC`dULQ=3 ziVUyZEOsf?xO+LL@PiDZRUaYONaUHBpBud_-eq*9i0&!Vy@C?ekK=5oZZfiGMBM2(f+h+-xa3{fp*p=L`O9^202-QqtfzO*t3Rh3r%H+oeB?@}X9;bB!D@hIxN#S#NZsen zYJbLG3Fq*di~X^Hx)kZeneN$)EQbMdQN54Of~f&@?! zrCuhSLR?@qPnLmXCUHSnp$*n`7t_6pv4C0&61*=#T*stXjw@dD7jJ1-0SKRbq&1w# z1Mwp);C-pGs8BqHGWp=<Ht_Kz#HPeE=t4C6Gj%bD`-tI&{Sw~i;$YA39Yr=)Qy6I z@pM7KrHrOwzR0eAP}P9_)2NCZtT4hhkT|8(FsEdM!$*JJXDK?XRh;&-yGN9RDWQ0$ ziEe@^_=(8fD>0|Snd$XSt~~B}@S`JUg9M`l^GbM4Y(`3^%e?iL!X&<6GrE5d(XrOzI=z=*&L{a<>+K9*(2(_h3-=Axit_7Scg2Q^ z(sqhB$^jk@c)VaP(V?L>KRtLfN)KPIkMswzi{B^!^^tPQ_RFuEn@QKLwCs`KI0(JFLuFKs-VWp2~$9@U9V}$`xw~>Afl8Pl64)^2aP{)$tbgJCBJ27 z@BdgQfE8J;6?dvNe zpYw<|ypXIPN=m0A6>IuW+LGBMM|C9XzIkFEbNI`GeAWJg?XAH!?jC*MZl?#97}ert z83Ai`{w>8HK?bv2_^2v7I!8sp|6?Kh7pf2V0fvGvpDVUl@8W?rW_Aj|ojEh@QF&PP z+3lTqgov?wltvIWOA#rd;;XXroacoSPGWT&A*gs?C;O1=Uz#ZLq?@sQ_EEfotLzBP zr#hduhw80GG^rS^hQj$WK6ewnKzbvR#aNkHs9+4u_q~`-mpa$fR{9^?#4_uKZ(b6x z)Ccq@Bx6WrBNfKB~FhCvmlFpBH6L>;`=Yw*}l*uT;8U&lBb9v5xS1{$`s7uz1FXZ%>#y6v^nB&F=wn zLy~n?EJUlt!_+2NZ)y|nrSN#YT;d#uTHJeKPOWU!vh*h=RwJE{jsl*g0MYg+;~EK> z;k2e2F2-Zwl{pw5l&p1;?!E>`XniZbj=USvp?3K*eCQW@LSyg4IkLnMXyP~B>Ie2A zhpv?#DomsSE#{Vm={MC!yCp$e8MIsPZnZJu(q+l}6JOIroVq$mq~~Ik2Lu&4eD(E2^WkIB+-IAnG8yXzzZc0*>mM|N zIMcp&PX(*(IInkoj6&h`vpxR?mOhjkPqdQ%CG<&HUoI&SfiOosiUwK`)T|Et2Y`y+ z)n^KORb_kDZv35|^Q-w{2Jt<{>o;c9b{aWMW#6i&yXS6c&(YG{_%L6C59#1LZDpS0 z2}}y)Bk~6gUYXx&1(0O&31JQ>Z*dG1_csWVxbb5zud}>8_CJYAdvYvw?KrxkgJ3Zr4}z zJdMh5{TnTLiY53XzjKA)xapQf%kWhAc(4ofal@k_ANsHO`t%yQA#_6kYrgOsy;K)# zQqaC;IAYtJW*jV6T!V>_ZCUFAcM;8Zpg8BGe-CeRjkjG{8`pFwI^1#JAxm7q$JtuW zOF&InTeH{Cw@*x@oyXRqd8e+^g9(|@Wt7l5!}pn-Gbp6xkW*pEOtYtzw7QTn5^x z*Wz%dT#MkF>u2Rd4~v6Ju_wdz-b#ZOM)A8waM|e;6RBGiW5kDnBsUQa+F9LrA)16t zp#K3>PKGh_CJeOcNn!KKZ^BhXXd&~HjX1S)UQf)!iCBd#Pz|I~BjPNJzfmH7lDIBF z1bB<&zjbXbqzmfB>KCGqf&jo6*J>V`o^yZ5Y#NFisD1qW7hoPDRO9MGT*HkOy;m&l z&+gBOJml_EwtVF~D|Gj&6hsD31$T`Mt+3nC2$V(9f@`;{b)V=lM#DHBbdo8V#-KK(rWD>R0?By7}z>@~`QSzbTZs zR8sh#rAL1lg4EiH=D(Yx_j{xNI~)GL5iN%A%_Rd{T$;io)u8`G{a-rlf0!&&CGw9( z?2}>-VfwS6!EbV-ozK<(lO*du#DBkc&*JwR`E{y}yiWHe@Kj^o6^H#YJ_h8@u0-{p zez^b4SM?l02kc_%F{>-TzN3k+rP*}UKPOpUkd5}?=dfSpDviurAWaniM~3wKc;p=U z!_xfq{Qr`2^ZyqouyfBXXPx$%hst4oD?1Ry{!>$mK7HZ}tmScT zh)KwI`2VJcZ_N4-)eSfQU%RJ6IVzLTg;Kqz3`?inPam{w7iKcWAO1vD6ee`PjdmJ7 zBW~pk_5nR}=V%iy)rsuFaQvM68q_;Oai;Z9->8AX5gW+-|4^m}mRL+hKoUchX1TD? z2p_t6yFSMVQn_-xD4nPtM8WpIY4GAw>5YpbG~mjgB0U?hQPMFcm6UEFK82?|{J|7&1YD0fRyQVqM9cD!;V8K` zSyDkL>zm41aK75k+7}F08R60ueH?#=0{yqTmi1ZZDbUP4Y0LV`M^3Wl81P5}zGn4i zv`mO|5otu|?)L}zVMN(Ju;k)-srTU;tsmD3)5;cVMe;sQtzzqqh_PV05^>dDjr8*r zv2j|H5lNx$%&$jl{;ltT*Hfro@EMu!(NIl|Xj-M_#EsevIt?7l7u5qU3{<}%OaRg$ znGxpbMHNzkD*-|^@mxUU_q+Hvve8jZjHn*AJnA5wX?54L+|T3|t)Xr_{FgXt%ooUK z&@Mo%cGhcBy-$G2%6CKH4TOkSYihB@sLfNwC`t6c)NAJdsMj2nZ9f02Ui-bP?kem` zCpF;9RHGfhK;&d?e34ZH0GUQb4-iu;2ZC&XTMpMt>G_WN{(j(A%dXNp0D278%cPsP zfUM+$p1k*L4N$rP4kJhUn_smPWxGjk^fS*b2X6&(U^s8itWF07tI{0_NvpX!)? zOUl4eTLqk#I2Abw8+%*$esagaU6MJL6p-I?O1Yp#re;dzqS`B7H>*M3N;NR zKnYMHgpPt}_`Li&z{l1twP;AY`x*BMMjVTZs6XtCAs^$~{XNoCcd93vDf0+_u{CZV z!^-;GX-y1mTjvZS;zO<%m3@sTE}9GG|%QBm@9KSnN|1u^VnQ4w~r0wLlaFKWo?&?B{cL zVxU?q5~!k(Nk{(O0wAtm5u&SY-VxFb6vf#!>~Fx#ar~%^7U6Edg=h?X6SfvgwOayr zP_$DKNXGe;>AyT?9xbi$rQ85t+E-fYmgM3_Q``-m)w}uwvj1NAHT1I{MM~ME^c=WA zawypTrZ8PqiqRd&#A3$m=FAMJCtVDlc zzBmuk=vcEjfq&^y40Zp5F8UB=i!$F4M3 zI(t>RB1E?Uw3^D?;8!`jZ95nSgcETsTG3g_0h9AJ)4`($c);-a{)$!B9A7^|<+`_( zq$h*!q+kLCsN7S*yr32c@tF%!_l)fVx}VnkYv+G|?LsN4yq6bxAnmgxkerg=#pe{Q z%|w$0QV3;(w}mU+krj3~bAAB7&rD8L*8~<`bujDhsB8dskAY*yv+wihfCALQK5Rjq zy!$?^xo&^C1O}#ajJq0f)p)CgLK@V~QbB^DY7)3!$fr;ztZ#rX{(Ixkvs~pc{wt;P zKh4DZ)jjLG$LVb99_EGV(P|((n~7x&eVhd~3a5nht00dfpWo{dgMGVpHj}yAWIA`( z^8%IF?p`;S)Ful)?LWNLo@cSqPD3fAgh+j(hpkjM0iY1)0_Knv)LMWG*5aAo#Rs&2 zQq`fiO7V3*3n^~^>X2SFn8z8oH@A@857rQ`y*)ERH$?#QXHK=sPo+i%0uDrF-EO>2 z|J|pMYS;>tu%_Av7O!5}PVZF`AAl=Kcd%DNmbh98(>vlk{xNkAg;7cem&svc>X%KI z{Kr5`<#yqWWDVrSq-hO3q~ z@|^~G{V8HW9~!~LLFgOSi>=Vx!-U{e0c@JY0K4yntihxK80=D@V;@zlIiR?}U3nEz z3>ff?yn#7&3)3MU4{&Sx&+(*C;YRozWpu4zdB32Hsv zBra+y1HO+;Tr9NjU~kZ)FIIWYIXVJ_M#?|septBV|NVMff&gf{Lo0CF7nl@CLx(hR>8*@@`hIHjW2VmG3J1;w^)O)ZN(8An#agwU1 zkZ2e?mc_XRq_C-g((_l~FR$*_`9CW)!|x<7tVN|iHf<(VT6y(T^d1QZRO!nU7^afmW@4?>KxW8H&24ZgOLA?{pbjnN`4&EB5N!Lt2 zeBm;&Be{Vc4)!ObFnu4iC56V+0>)ZMyIOn@0Q8ABdpuQ8>&pN)4~mftr8HcA*fdrZ z3Y?Hm5GRW75eN=g=GX%iDfz(6P4xgS*x*cy{*@Bap{ zjY-{%%fm@6)dr(3XgCy9aao_ZodDlqBgl2A0)Bk5xoyJMOW!p-mj^}x`lk}KK{F`O zQ4Z&&(k?)um2)EFk10#mh~L!@6l90X0H8IaZaZG*2k~~a zT6$I1_rVbpGO(6Jb9nNeTdP}Gdo-8nMD-yM+YfL)0k7PQn455Bxp1(xXb+v%YEQLJ1@0enBjK(pX9Tj<`G zOBS_K;O5X|UPh%uxJ4;1gE%!M-?8G7-S~ z8%4U=W10CJIG>BNUhwI-qZI<{*%#I{f+P+KeEaxr@QPFGw zFh=iF8P99x{aVqygvIb8PT64J`!ZML&s@4~2Uz^>!Clqnb1>|w(uSSE>i}FnRJM|B zRKn)fw3n|~aFtQ^Zo9E#(23m%%2VERfFDM-yrO7!@v+LhI&s@LL}f8d>5N&aO{R=p z_RX@cFcrx*$6Y6yt^iq2uAQ#y z3;XP%3tH1|gvX=64eOf|x~`h}Y*@a?_Z(|f^^WZIZrQa)1XLBOwo`8r4aOniGkW)dQ0#<{v7Z;ufsJV8Uuxb_KS^j1AJL?sRRHt1g(G z`b{QTNj**%p1)t6OMMuIpo^}?utx0r>K^#CKWaS1A+G=qK4PQ`h%S=6!{;s}&+0^O zf?F$J1!oiD;ky1&O6_3%s!wmff{<#p9C`lTRd*Uyu1N)^sTL)Nn^J;`nHQAI+q-E5 zH20kJC}h$|7BO{bPdfbI{n6ecW6(Sufm&nNm7ysxpv|2-rZ9Hp=11ioBx`TQ2UYR%+JN zz-&wxU!20A1Qu1JAgLFMq&n87?oY1#vJVyOWLOwe2@<_&wTObX1Z|bp^lt|^rGOGG z9q4E1VM&LNnD$P<>aw4^E|nB{KzZOVK^&$>zHShrtRQLY>-*V$G7-zCd$$h^{*G() zTLX{IHIl2F$enVdE5#-KNtR@2NC2JC^`Hgl0jE$z=OOw-DKrd*?`f~i-8jK+bkgvM zqv6E$Id58po_8_l@6kj?NStLKyHEckQfunfiD!k<&&{Kdrc%$>2L+_*jviuqmMin= zGG$NA*kH?7&o2P4JBZi{+A1~=Fg2gpGhwlA!ECA6GO0nT$E#YhghO<0t`ermr1hu9 z@xbnW9=g|?jU|GKb3_He`_`CeCof>-v}V)F?v8&%&d)@%R%`Rz{M&o(dM|03P*%R6 zx#fZ)0(!st+qvH40=?p)X6S6kss53?7P*p%Mwcv$jjE+dNZq9-W3#{2S?JKSopCiQ zcRqQ);RyikD|fTz-FTAw7eG7()NcCh5AuQQ*Zs*t$(Qt$D8Vq7ech{pAr*;O=>fk~ ziVqSF?B;sxJ}y^?*yfUqWS&CfhNZ{-3UF?U^}K%lKP~d{!rtWcg)HVynbBsIT%V;( zE+~)JM;rU_jh}3za|y;#2EA|Z`1bFj)fUqX+uuO3*$?JZcX;2;Evl?czYDqXR`6A{ z;w|HnbE2}bI~z~9gs37jM&p-3Bq&8eMC8Z87BQ8>tl4=Y&rgChC$ojlJ?}H5sUiWc z#=U3?l3M-HL@;R4mfDhB>o^ts-ET$c!*4*>qq+J{>ZLOn{}?75*e!>E>2hzia&R>S z@&LQCyLpA!sUe!c;_eGy3$~wb7KBh zr3`?Hou?gXi-_0f=xEu;v^X)a^17$Vx!iku_H+c7s-y0@OC6;qJZx340*(#$n3v=W zE=&zWdCdRNk^|X?53Oa{>G1;NH-lbgC2?DNw$tFoYP##D&8_N}IucD| zu`euc1uygknt-ROopEsZf5i$6lGXKKuoaWX3Xr-^*mQt^Gu)A#D;`;Z?Mp2PZjUFpzmFSh~^B7aD zR6;c3oNpi1&p9+L)4ex&#|cr4p|_vwzVKEM?G958v+W(mUk=@UW*0m4%wjM{GrBJ? znXDtFRR_u+0YA%l{roVa6HQ^rCO6Ouj@c4mYH#85<;!t17k|2|86+?`<&VNrPxP}j zp8BW4-2y!5tGt2hksm%p9i6bYHS?@zw4XZ|%O-|NKp$-!`q7A@pvLq;h7_rH38o*`>d2u;<@u+jQy(bjuG z#p?W?sFRlrV$N+E)n|+doSZo&aJtF^C4aW$93p2YI^R|C-9k-EqOTf={YjD=+`;nY z>smQu%EBJEzKBCuexKADvIa;)O}_`)b*_iniyw$}`7PSj6Ba!u5BHmjU9K*2Zyr=9_PI~i4(q?wcj$cp zpI7iw8?x50TA~YKl4`hk2xFwhV=CYDQ1h!db{__9vObUeD=|KvZEFxpmOU#rQSX;N zV_k9e3T-=yQiBOKvN-n=@$nUo@3O&zuqrq6RnIf8i88QpCH)}` zoqB2CEQodSuB!E9(uZt!cVv8Me>i+KJP0US58E?xo7{Fjeq1jAvWcjF%$CC~&>Y(D z)~?Pa*<3qvDQL6X?qef_9UjOA$Ak?i7F>$whh zV!udmTPm|8#3IXmoN`0x5J%LoRUoP=ZM$12`yxD+=I0Ag0tg{yycX5=e%hmMURS%k z(eaiIUHHsG%rIHfNZgw{Ye`E4a_qE&*DkTas4WvH)FNVCuhN{-pl2;U^4oy@mzU!3R)BP|W%tjE&Y$ zrjdCj13t|H_3gozMi5)u_%c9IgnsSPcMwjj5_^5nK60ezKKb&UH#$H|>0=WJ^QQRJ?lm}U$b8tV z(Z;611VXY-rpYu|%Q#|10wdSfd>SOCHKQ3vcnixvAccQM_~JYDkO~I4!p>DC*!9Ck zSR|%-AN3&|n6A2cH84M$edHB-K_q2ove?uSApUK)5gbdl9qD476_ zDu1|dQ`-=+{E6~{#GZE4YgDj~7^U8bPug4mJVoy%w(_FFqckooLyKqDDtT`*-ww`K z7!F$Bt4(bM52?H=LHflKQE|!QW!#!`H`9er7Q!-Pb%ZqGF z(56gIs8L+^DsEEDR)=RT9f7`~Ev1}LPW4d)7!9s1;kj=dc65Q;hk)Md%M3tg`i28; zq2taPn(HMvcw=6_4yd!te?Fl3B160L>5Ng>%>@vvWF=)6u@pR6^yYIbv*ahuE%!pR zQdg2PQ+%lfUYR%zTcRLf;r*ecZ}!*_L^~9;5LZJK^Lj)=Gk2xWa59jS97t88_0!BDs&7}-|B+Vza24R@%;T4QsV zJq3f^osE@6*9Wk6_P8O)>q*^?bsSU1{Xc=_Svn(MV5?`%&IYiBs?@Yyc)XCUz|3(; ziVrvG&=r82_E<1yvDVsJ38`~#`%4#+7zP8JW{=Xgg2Qa;$g3dpsJkWwSZOF55iK;W z@v6C$fhA#|j$A!(Km zbN3K_lGXY`T!J+;Tyc=TCMy6#DrsU|4j#eht@IgjDlJU;*w-8xs$QMSKo=N*x*=A1 zen1+?gBUH>;OdhwWTlf3+%pHa*pNFey`O;=5(#qt@|+#4Uis1p6mmerF%MWXW&JZN za?N;TxY{;oE^%klcMQ=J&3bT2q;6(di?@8@Lz$jO$)Z=3h4zNS=oJ9QX;^Fh=Fu@h22IH<0}0y{w5^r8L` zXoHi%=oSidyi-Ow*TvWeVM=jKQ&1mruiXjh++LdRlMP0C9PHEt1J{PX(*qQ^kL-uf zg2MCNRY`-xhuITC7T+=Ifl2{|+g4lA-5Sj%UwqU0Zm+Cv$AZ|j?EOPqNPu35UAJ-7 zRsxQC*em|lV1ep`h6Ln`D2wK1fe#oIz)v-$u*gn z#k2hx(&((wo{QyU3ICkV5j<5sFN7uR`>pgn`~G<~eDPe}Le`#k%+0!7{6TMCa+;^L zLFL5TGD)cFp?y{tU7t& zZPbcuJai^Uv+Z_WvTbnpY4)%QiK{473ue!e+!*9Q!1ckm{8X(Vo5dgOKmLru9Ly`k zoDmu`jVjZ&PMif|G}(a+n6&G6K3->UmCL{_igb~+OHxG#OW3&#qJW^XHa>t?_fCY z{Gh2G)x@D+AlWAE^zKL2AH1_xNqhAH!+X?;4!JmS*xw40Q@Qxu12SJjZLEE7wM$T~nAo;X<4s&wZU%LIL&6dYxS!H3Wo zRILc5Z;=DYaJS=RX-yh&jTmEXPdKsBTwHB~H!7>`%17&0GEWfNI`UfXs1q3QezT_OsI z3DfDB&rt6^gVh&1S4TO-_wPJTl3;2vaXwyrMWa4w>wW)6WMyAzjlRLyzPX}NkWu`X z(ov_B{5ygNmnYYV;hU!_?Y^H6u_h9ZHBHEc`Gd(uz~aWy(XbinDyxf+Qdf7dDYoi2 zySNKl)_ZVh`%$68#-qkpJ`eRu)@ZZG0;wZK9qLL&G*GH-4$0Pz05{&fwi#*T=l=Ig zZkL*?s98)lI4jEyQB49NJt!^F*|eJ@B@FoFpA2}P@mvQnB7pqBg9TY#`lZ^eCQ8}U z&~5;6{)7Boxh!QGjViF5My|-$(BrTrHc^J4xlk-GPJKr6^};{J zbxjEO{2MhxH0El;5S9(5cZ%a(~#Z^qh9GI8~vsBv>#;R;Qva5}&Bub4( zd1_e6a=-VJ`cnhjvvMuMTZ#)YC~)llO>Y`7oxbAg?|&;eY5woK__G1)OjXYFAaHB_ z#~0v16?ZKE=k!b)M=HC4x;+T_=Fly=k?q3Uzp^@2H|mZd-<4wcP_z4;vH$CL^E5w@ z4y&s;Gi%+@_fuQpdibx7!>`Zghk(O4R^P=JGR8n&sb9#ZysBFnP}bGf*8X*FfA2tH z$c@9ovuTw$Q1kfTKxAr+g}TzIPX#pZ&zRdDc&f2HAkN2KD272jp0=p56s0Y&dfASV zUBTEtxnQ!*6L9Pr%5UTK`AUc0GqR4`!VT`F3uVeU-MUL*LZiX2G0k{v*1VW_^SvZ- z%X7Na4$bd}Av=p2NP}Dzli+iG{^WEj#EaZ^{C(HUa#|1d*K6~@*xT}6bI4lLpl-U- zmyedoQ@(pXgQQ8IueuEW=INmuZY2c^%E`LE*i!^slX_a`H4 z_~X9spM-lc8uygi)(q&Tcw65B2)_^(^}Ha9DgUP#;JND-=x3hl8a2At3Xp)bw+3r$ zx|&xJ`5u;AnH6q=#vHUveZaZSp#NoRWnVO_`n{*~U^TKdn(ufpts`ch7PN(fV^Se2 z@}Ng5*0+Xkh*o?_3fD%$*OE&74qW$SxW>FjKE%|Ki3%z2%&lDX*G9e^EJR)Rw;EOO zm~x)1QJ2_g;+v8h_I#iJXZWC@fxpuPX|+d*HJISujOh|{sl2H+Mm~49?S|H-bXcMD zGg99|)KqGfC%TiNDPV1iQ@6-wa$wxUBK;Lki17lvbkfl_5b7gtdj1jHArP-}=5R#i zz;b5w3mW=m_P&<=WgN1Db|Lr0^VOBk(~$v$rgzD62xWES-2UJ0`di6) z%;ew>+jj!bijgWW%(T16G@EWrzK7y$pKP?W{bbTBzVL6~9nI4^eslMzXD>$yoVWY5ORfG>^487yKj+Q$+l>k zj(3xkWls%Ex>UG361c(qLPvgIMjHKYLoqbDlZ(p})A(c@E32eUhO?*b7VydIYaaXw zMkfz`8~7@^V$3Pr&j>?4B-z;7m#r}PF?2(qq1hBhn)dg4&EhBEJ!YguZ(o-;TQEr} z3!zCqal$i`h9w{$`8ghNmdMcIkcvb->9`tO3!hLP%T@G15ME z&vjko-;3LD>zwcT2q-yfI5K!Z+Y_0(7m;76my)1IBsChW0g0lU52C*yxQ* zlJ|GaUz5o6%xp2tMefs8$ZE3_`4Wdm;Aad?zppVSoER##ta*ug@ubV|`j9P_y~~EiD@B7Q-Oug8 zsWl%1As2krV(&hPh2NXO4M9=$tuH!+Qdcwi@#1@Di5?HnKOF zez>Ji1MJXlHNtOYT6?TBU_0BDe(`f};d3x8(&LVMqYr%ypJi!i9u2`WsnH(ywm$sP zwnd`ICESm82&|j>Nd(H6{1+Tmcq4d>8x$sO3HO4V;LU~&ceoW1tJV`C88 zFs561lW{#mYHk?6V}^=M5A&7z%I35vXIHrE*Z4_)6?4~@T~O3IQFaGRo=-}^9V@(8 zsSUaa%OMxW zO{~^#%)YI62L+PG+|RJ{5mDbcSVf9oOJnJ%VhFf;?&%u@btqu3yrn~=8T69|Q`A(Y z<1E-xWSz=9#9N2s-Yv;GPPVqB8>rXf(aSQyeP_8s1BgX@5ej-~_xD-Pp6GiJk>8&h z@|06y$3oeQx+-0IP|yDCYRu91f4|b_9`t_FU_l#*g-^IE(AK$z(cqKmw$J4XFT&Ia zpY`w!OP)9IB&q&|W?AA63!+5a#qrPiknNTY$?sO)a3Cai6S8 zAYa^Qk{wWyEf1yMDSmG)u*SLjum8HbilbPKB`~^1i~23rnbbczLw%XWxNSOKHLoqi z*usKr20OQd!(^Y`!J?cjs@xsayJ&lA%?z#EpaRVNs_@*LGe_6z2x>B4sdN9BC93*N zI3bhak8;_xw1jSCU;mmi z{C>5h*5O7mX}w0Pe~egq77*x|2gQoLr5t+3u2r;z6Nsn_-$@1nt|6a^Yl~-#E1vu+ zTVd|RgPX^{WBaR0zYl&%)h6*=*YyZY<2A@|e28gE_s@>-Agn zJ7NR=9jb&MJ*CP6o|qS)q8TqmUF7LCS?FJY+M>1h7t}%}4uU@S_UHFqPn1^h3Z!(1 zD_b?U&q*T6U!=jX%MBat8SCx`R1o++-PI^#l zi250I4E4-KOs@BcNutb2u>ok5$dS2GFEfyl6p=!wS7JkK@_5n&#+vFnSNb2P&sy#M z(DAQl?h$bgz^6#dgG6*s^L3p_F?v)e)2hf(jW!L1Y`VKOXnE9>-$ds8a2KzEuK8bZB8!t&MxG z%>Zf%$zD8IBIZWqT3DN`BgLtAi$-M-;)cWd= z7{AO^de2pjzKY~=N_{aawue-=u&pg>YcVmb+517XAb4QD8XR}MNk@-{jygwK?286i zjIGU?1Z;Zt*_rzxd_!Tna|(?fcOR79;i+6#Y+kEh!8%cIqmwZ-(o5>)-}%tzCZN-% zFZhiaBwr4HK0><8bJ^MOca0vA_P#Z#p3cxtuVt3qTU7MiJt(Zc^^U1ZMPRuLIvdT+~xc`g_+-t zVm+g`(zsgDyGnF-3A2EWC;8Bt~_7pB!rfE-=z- z16OPF*Mor7;scMT)m<1fJ#+J?%Q|5owZcEGgO(wE+F*U1}%GIOXKgD zES)d2$|lCClRNy4W@@+2)Sy_xD4kqFf*!r4qXj4rtCsMl%rgS%G7AHBbR*=wVM6m> zzZZi&<8Ie@OJ|jSqNYc-m{%|Y{t@d3A2Rkx2hm$^W5(5?(~Tb{DY>Bk=#sJ!s3kb;=h)b2@7==e^jP_k z$ZpIw^FLe>wEY;PnLe9;;#>-s=uG`Zu%$-a2PamU+{tgz{;_ zJuH%X90f&%T`9)wPU0)z3b7nPE0!4JEQ)dFHeK|rJs8ou1ow z^EnynQTc>{h|DoSU|NRCvJMhHjnrd70~Z%v&zni2d-K3evY^6eL7%JExHnS5aD~D2 z(h*}r9a?0uA-__hZlngbCMu-3sl>xX=UHOjY`$GnRErUOu>+Bk)-fE-e!z!-+=u)k#V3rev_?6k^N2QhBd*-T4lnKjn6Rjz``6Ni(0Qq5GLiH&Fista)2trN$1|9KIxS zv54x38k0kds>P3^OMXmWFj<@Of7I(O`hf5SJ@Mn~e8%pGb&39z+c^AL&Ld8=R(mN` zVirxZ=@EVEjdUJ{;xd5l$e?y0b6rt8Az z(ji`1{(L4$W4iSNmL@GLsbhIQ+4`nYOLvi%bTk)C#8nql9{0ZFI&eHF5jFl1rITjF zL01+BO>{}b*8W)2$*>Fad*RbB+CBIE%ZpPnGB=OZ0$joc1_5Jz=->ZP&c24g8aFFS zk;|?o#AxQ9_49dR7t$?ob!>16^JsSiakPVYFq6CU8K1g#e_zFNa)$?1!)RYrguhAuFgdAI0p&Aq zf}dKrVzR=nq@bi##AX4`QR+OtD6~Ht8mC&e%r*uy;tfztoqsXv4$Y7$9_Jrx?XwA??p9{?$`aCX7+_yCj9$yy) zQCJnd#Wy!Ks~6NJa?2VnTdUkRo*(Jwasb9;JKTkjnbbM?*B+j(ja@ELv&uK_Hu>A6 z*<|2!AOXfX5%zb2d)XbW-f=%pKiGqXujUA%hG=4wBV0lt=!OIpZKei?@_r$DBi&N%rr9vUm3eu_ZeO#3Jlw`sWF!Wl0Qup5MU1 zptT}(CYk^>kx5l}=KJ;i>nrA12kg~)hs&OK_G6(_qeZKAFbSnD^4{1^5qFVFkyRdu zQPffJ+U0&0OM0cCUlqAxS)iwr5Cbay$?;R|y~7Ji0iJxmm;5q!F$ky0!3(jMr(z4< z7Qb}PlvJTKqSXXwcNeTzhWFdM8H>u0mx;OfYt{y7U?OPH>(bAR5}7Lw=DQ&PhWm$D zn0Yr-Jz;4Yq`nQE_(Rg(OiLR&!_gY|Bg!GX-<%$PI`o$MXgJ@p#Ek;A?+`To9>iJ? zRk9OCEw%^c3cK;sO@q~2KjYJy&eZUF#N|IGiWtE8iXph>60E7+Fdm-yocWk2O%ZO7 zvW}V- zu&Mn&TNosegnwPzIqy)_@NaUiV_#37IV1QaDvD0|S;%#nEajh1TpNqKH)}PWXud)O zGIh_YPoHK1YpPJN6pxrH{LjcZO~-s1+F)XY34Ed}$G-q>1k)HkW`*2gRC3YP-`1LD zXjKiY&(PQZ83X}}Lx{|`58(nAIHL4RKgbU$pQ z^7gUF%C4!0z4v_v5BAzl|Hqa!ZrcC=#O`BjIo(&I(;a3~AyoV7gvtM-y)O@kdi~!Y zvZYX@PFYV$(LrGlF&w0_Z_TN()G3v*@5IblI>}MAP}WEq`^e5%1}!StVhjdj-x(3Z zjN$u?rSrKy-|hNczw7$_^?Ux9Yi8d2^WL7IZw=$cMJy{;CX62tI6Q6~0i+C;6&x+*z;tj@Fm? z8y-nW80n+1dciO3g4zHG4sQaiUE;9>6+SH)Q;u>bptUDP;c+I(8r+s%26Aj`BPVDH zPPoHPJ;g2}M#j|DamY`2?uUWPBbWj$Gm2-3?&BcKL1?s+=ynFTt>FVf&h`p~q zdd2qcoZ0-RZ>;MXwC^!?R}NI=psi8MtWqL4jgX1_8m3?r zbFYo{+eg;qA;mS3;RoUYE5#B%b+^2m{reJ z8B^_5JzN;OJVXQ!y0t%GqK?~$e1qJxy5_Rz2m|@7xp!x2SU?P5Ei;<2e$=AbbL!&o z=)*SvP`;YhIXxyMXRzo;xuR~p-q!uzeF04^HQrzi7t#|k%tli1wfwlECz+~&L@DR56vfCsjDNb zAo3}H@m?|R<3^GjnU3q!7+ZsA*mCBqprkP87|0aMxb^Ytm9e^Ti2~h4puGR#XsLvz zzKK26RJBU$0m?C-#DK9$;adPU25^Gy{+O6poidxeVL0GsQ)}>S<^Kh{LHq#xyBm(z z(85Hddt5race)BtJCAwx>6CP7fC^_1W1af&kNB#nT?Ox=+`8V@0m|;x+0_ww-*fVu zrNVnDE9f!FK_^gURz4%i;@6ctm&Iqhl~dT)L3~&Y5MCk>i(SjL$qx818%Z`WXncU= zloUQLc=DAt8=8}@A0dSNEQ!35L7R%b;OxFA^S$0Qb)Oiwn7~NJztJJbmnJc7`lF}< zXQTc8eiV_rtHLT-`akH^PB)-;F}97Hy?TKsgQm zc4_=50Gn|yI%WLl*3gu7yk^N4I3A>GqtyQB19sEt!By;2ydNc4HYhP2R(mK*UX+v5%B&W<%tUXs`&|H(V%FFeX%Lf%kpAlECuy!t~LN@ zX4VrYs`6VL@@sRlhRe`ByzD$pKMc?1-W$}NE3~RpGTrX8Ked+rDqIY?YgUVM-t^q$ z`xrKc6(uq)J>>H<*TN=7&ML-d*S>J%MouLg%B_B-0H_Kv08#$gpbGgyY#sU4^kqNe zW&_90stUdZ_<5`PU{mNYHz0jyf3IEoPNg?T8Uqd#T(b#y0az+8gkw3OUzs>{}VW;jh=bZ6juv2Uf_p@gpnZ^OhJgHh# z;V$%O?29m&&lXE{5(Zd@Q+LFOdkOS9;9q54U+1=zoZka<+4;av#L^;k`UYj3PNuy< zi~&lLEExpI$55H?j+obY4)++IwmgJtk@shdO53c7KeFEZ1@7MJ-wW#j*D7dxR1yP@ zpfew+e3c1!$b{Ei#n?IngG?Oq16(muh${*u$?W&?IVvONr@0k~4p zz0iW;0LuL(B3#y+FZCwKTtHpB6k6Dwo?C_NLzi*%h~xhu!nIuh3lD)pVE|_*D^$}b zX?;qV8kdjgj?A`;A@p(!IYh~jz5n{E-fUo=Zo3}aJP1v4_PvE44HXnz>tTE=xM4tk zR9l>7DcHDA&VWp1A7#>)$|$5l+sC#kP01P!K3BTH zzM$=jpW(;2Whr^2e_f|X1GT~SY8)})xEsE-~b zOAxqNv!u+hR{1uKE){V zdEU(U(j)dJPzV61kYs8>g{ThRixA$oIntOFCC;>lN7bE1fSAteW@I|#NCY*#zD5J4 zan8Xu2j)|hX#9(yIBkzqhzG#%Cx@QrONGprIwrCRB1XT*w0r%uVAJc%TvmH9cHN3= zkZN`+@0vzWDd6`NvQpNq7{AeL5IFn+ce1#C1h=bwZ06}#Gu8G*1n>qFE^UE{rvBMR|9dS4AZc~iF~D;bihED|){D4KsX<}&8!s<=Z7z4D&;=1`40uSR>({UUdGh4Rw_)XQ zshqrV{=nt+l=!t;uUkYqElj3+n)v+>B}O)SY~Z6kFE&+C9OL$^0=?98E!T5y%D3=v z56<{BmsN2fNqliW_eB$Tq93PaA*q_`F;@S?Htb9)9hBWWzqnduXf%03g2S?q_U2i$ z3b#E|`}F<$&eZ;DAc9YUYWU9ZU~lFFvDU3xFlP1`{s;m%ZQ~pev~R1(J_$xZVl5FZ zVp^xVZ=a`>bevlsLe#~~@M(@8D4M4qT^yBu6e^SXP@lTq_i&w=Sog>1Z!-Z2hkbfU zU?4_ z#*4aNjue7)lA@qh&qYx7jLWjn50qR73Qule5SGA7q=)8#`)6X?Ehm*92*QJug1Sz# z%n>*(%|yJ{e8hoP;h@pysODk0G9#71<(b{s)K`{Qj`$C9jsbf?u(^zEhiv)h7hNJt zFOn}?clTeke(XTjc0bZ`)2G}(dXQ4 zUN*U&Ol5m(G5U+k)&pJQl^0|!u`F6{{-~Dn;oJ= zb_Kvk0GE>3L5ZMxb&gQu99NFseXbU&*@taOU;R617SN{Y&QXQN6!>(T=NgDLvs#QV zxOEqPaPBGooD}4F$m?#t-53aEl0EIymNl|DL#&KNr~Rh_2fYT$hu1;Tq6B*wBX`p0 zZcFhZqc^})7t}cFUOzWDHqp24h$nYu1`Ipj#wtE-^cfYIB}6@ndZI8DH>FlS{L8_Y zFl78>d0-epYeV#szc}Au;USuhhIyk+(OsW;$FpTg?q^#U(n{M2(n_`|u5TB?%YJ?` zgc)}Rg}+iZC*}pB)R~|`6ptIGV|gU<(~X1bI6){So5IA^7kH2=VZit{YcD~RUQcWG zCS6SOO3V&gE#`C8oct2|JQf-F4fR~0_l&H(yovhQzA4wD7Q$E5VE`F13S!BYZ-H?9iNFsqB#qiM2A6AnRsv$`f-L9Bid6=>eJ zj}gE8iX~}BG}gSH{d7Y8mMjMUq8ufh48zzDiz3V`f>?~X=j@o5LppxFR4O#1j$SN~ zM=p-4G8wWH>b?ZW#Ux>;HIm%Nz7)?D#Lf<-X|*mXPa7x+HS{K@0Nurj*fZ6pG{4g( z-Cur`Ns~r_$zv%d(I>h+C<~v`x{PQu4peh2KJ(z z_K9ggR(C8ef{)C98v3xTQ^uYVB|bAXSe)?IRQSE+fT7L|0Mz-hF_?T=wswFym4xsc zOxpn|Wbzm{K^ezAzLa-`sdxIgzZx!liZ^#+uzcehWwwm{?s|avfVRNA)3Z|w0Khip z^?XSxb35vxEAU;IXTC9%>`O%NAx?P#%JuI&#=xybIRis)@&~Ib9e^a*DlO@%>{qrv z>?@tm>QPu3nfeV}CynH{ft0Tqd73_{;WwxJ#$lsl${@yy^kCVL*5^FYm7TaBs6xW# z6wK>->0iZ^Vqx&}#reElvi{S{(8L=#R0@k$R~-Lx!H4P6rjlifX#lPh(^7NLCx-Ha z$E!BfYt);wzIfNPo^7Ql5+3T?n#Qm5UoLUBHV80<=0BI9xp|4YYF;HEqMzqT$@js1 z6ojjzQcnMxHRGfO#JQ9-&-@$Ql7t;Ov{{qQHTCSVY$O+U&rpeLpY(VgcHZ|+Uk{f{ zr0L?F{>%Y;+vQC)2q!|6^YR)uV`!P2Z#-VEZR~OZZkLqFvHyg19+LA9TX*eZ=MuAm zfcCM6b*s*e7pyz2?I+?gJ2NQ7g(4k${jDCM?H#_PU{^=4dPlbw`p$IiH@YY{#mH*D z9@qKW=>nU-J=SaXiIc#T_wibKuM_TVlrb>S7$68fP&u-4V5^F9`_PHBbSVtU6rCswA^ zGGyCVk2Wuj%!y2{^Pm5W-Rv{f{7#{9H!tZPh2u{gHPP%k*$c0ikajMKceFUyVwDHI zM#Z(!J8JRN1Q~ZMBq70uk9#k%!&x2Yn>g0KHkfcT_Eqpp(~$j~eZA^yuWFz|Iou=J zP*L<-ar9dSdC3uWJ)ghWQ+SVtw>&d#;>p3@vNK1n_FJsdZ*d*?Wv&;kEP37jOGH!BJufd2WPD-g30TeUkFWr@X!Eoeh1`3;V z-qXi&aoiPksV4&8UsxgSDU+1+{6bvBg}q-?J#ZOn81CdR&-12EQYYs$60j}xjg8B0 zuaQhAhE+R-2{WMS9f#e)mr^Jaurp0fFXsAp|I1~iyH?}C)M1k7O-1w{sh626m9=T1 z9#cxHq>=;eoKVZ9D~Llft*?9D^Kz^R)c1v{p5nb1(ja=Jhmxh6YJ+1%v56FT8cyy-63W z=U%M-)^}#n!OPheE*Gt}?EmFnnT>_Jzhif`9jcfS(rYzjBSfr=y-m^#7Gy7UIa-5j z_aOS%9QIfrv)Xz-sODoQm6|LM)6u~FEN$UHhT%PM5(%^u|r^0s)X*aHOvUruTcq^c9Dz5o{Pxlvjz%vE*SU zlc;hBk)~%$;k$@u{H>69Lqyoj&jF`iE|uW^Y#|GmrAE@Tej^K?^UvRu($YKY^|2e| z@`HC}i|j#v+(eYtW1O;IS7jiuHTf;drVe@lxoh|69N&Vh+BY1$?dnOoK6Wo4NP(Zj z!fPONZJBMJ#jcC%<+NZpD=pe?Cp35nblSq|@BU(=oPILvbD*64bOi5P{Wj0ybDG+h zpB2^2)29_RZ<4e!c-2=JS=^)QzIRh`t{iJ#sZ86#n-P3^D|cyHWG+|YRPgJ7*Yr=( zX|ooGKOMN!;Tv@X+Vk@EM$kl+*7wB}GMtDO)x7o4whV)|;=&py{|U=+o+W3_=He6u zX>lX3og3|OnL+oc!b8Y7JO_l3|+k1@sfEz{{V7 zDz$nX<|?Unh{UUnCi+dca^jsa7=7~mcbsiq7pNsedW@)U)qD*E0>X2rWKT@V*K-CI zoh?;qAJJehlj1@Kd@ihlp=ei1R%wJ>hV0u^Ev`&2<>U3-uWK2Z$ z?Kcp0ZD1P_*h%#9)ML^Z%x_Mu@8E4=_E7trBaTynWRw=B|D4D*lLq^_54wMU1(|ct z#5r;V%@L^Et@-})Kn8%09257Dz)2*! zcA|53dutZ^F>*%%W<}z97R1}ze^n&~^H7<(wo2phO3(0F9sevKc&}n1ttY_MRy|)L zXkO>&O4cIIC0bU(+VPtv(f6{!;m>2NbMeJqe&Xfn+jC+n+8I7sMlAV?6f!P*CTp+E zJhk*9)U6~r_KicffE!`vB+nbBGsuY^E4_oTYX9T&KJ;w2RlB8m`#gH}Tk62zgC}rK zFVR#NtH;f@rfAReTIP!Jm~*`Y%kT!HrYQzZI95nZ6@Ff7u7Fs5q0X@EoSflB{e;V6 zy{M~fH}edqJD^KIqoXfPdS4-(eblnTBA8x6vTKa%vVc$iGWkb@M*k5jd2fk`c1>Mb zFq!}-$zp3@Z?oajx#8AvJQ!!YQ8RO&Rkb#_Ch9Xl^iMgD1A$|~=+{_{qFL2t6q+Pc6!zrYbxP?!1b zH>16roSeS%F4v&2zSaU*8qksYp2E{+QOl&7q=|4n=*fIp~Bd?A9GCZ%Vc4fMlDq_pXgo(yN{UQ9KX)+l&$bcD zUu%6OGL7Zwoo+lG*7xzJf7ujz`s^PS(?*?-+=N#kHzN*iG5U{GGv z@*e~uHC(2+`6aXQn>72p_9o01{9|Pn$Yem9N_Z&8u6C|#^GB*E;mIals%`r`hUf8= z4wr!1=7b9$-R^9DF@rle@7ESMtt{$oHuG^S%jc65{m~3sVe3Z+^hq0vcKX=4&DkMn z)vfK}cW7zM;e7T%-~SQ=3Uasb1)9B-)~UqCW`()R&1FCeiy0wxCdG*@_3gYQ zqvq|~R{pyZu42LWf;;NLMN`DZ_fto)x$@T5ZOk&ppX=4HiQ@u?h1itKZwAl1U$bLu zf~VSc9)zr=;T}%ryD-Lnaay>)?m_g}&dF}`e90p@C^05KA%P|W85L_UBq=K}9JIU^ zvtk{VD3G<Qii+~97uRLRI90IxXsUB8*k^MpRwl-uaYgrExz6pUq zApDYSl7ZV`$v#tSAvS(qJ0;IOONX{^+B)i=n=3K1fA6}3;>d18yutp+T>Z_d+aG4M z9a$C9xHny<*-#3}U92=X*_$gPBkaBT*A4;Oqw^qQPIYqs>eGuA@E-dW} zliHdfoBf4)XJ^Iaph@%*k4HaMkdibl$njRE)p-Maa%<>Zg+S z4uq}`!uec*@CdYpClbA+0rm~nKQ(GQI2-hfz)WQ@;l9;w$lPXHQgDzE|2$Y1sJ}Es zFb&t+Toz(BoEFM7rzX#D-F8d1YME4S<~u5r^m9!m^#XH@i;(qGn@jNN<7+W07a=?O zu9?umVA$@>Nx}E!MSrxY?AG4dhmxr6^YPSLnyvQiN&n5mf@DJPmJe=9pnwRrV$H>9 t`+>BzM5&x63?3dqP~e9?)Ph<{{ac Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. +![Image of all web protection cards](images/web-protection.png) + ### Web activity by category This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. Select a category name to view more information about that particular category. In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. +![Image of all web protection cards](images/web-activity-by-category.png) + ### Web content filtering summary card This card displays the distribution of blocked access attempts across the different parent web content categories. Select one of the colored bars to view more information about a specific parent web category. +![Image of all web protection cards](images/web-content-filtering-summary.png) + ### View card details You can access the **Report details** for each card by selecting a table row or colored bar from the chart in the card. The report details page for each card contains extensive statistical data about web content categories, website domains, and machine groups. +![Image of web protection report details](images/web-protection-report-details.png) + - **Web categories**: Lists the web content categories that have had access attempts in your organization. Select a specific category to open a summary flyout. - **Domains**: Lists the web domains that have been accessed or blocked in your organization. Select a specific domain to view detailed information about that domain. @@ -133,25 +147,17 @@ You can access the **Report details** for each card by selecting a table row or Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item. -## FAQ +## Errors and issues ### Why am I seeing the error "Need admin approval" when trying to connect to Cyren? You need to be logged in to an AAD account with either App administrator or Global Administrator privileges. Your IT admin would most likely either have these permissions and/or be able to grant them to you. -### What exactly are the permissions the app is asking for? +### Limitations and known issues in this preview -"Sign in and read user profile" allows Cyren to read your tenant info from your MDATP account, such as your tenant ID, which will be tied to your Cyren license. +- Unassigned machines will have incorrect data shown within the report. In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. -"Read and Write Integration settings" exists under the WindowsDefenderATP scope within permissions. This line allows Cyren to add/modify/revoke Cyren license status on the Microsoft Defender ATP portal. - -## Limitations and known issues in this preview - -- Unassigned machines will have incorrect data shown within the report -In the Report details > Machine groups pivot, you may see a row with a blank Machine Group field. This group contains your unassigned machines in the interim before they get put into your specified group. The report for this row may not contain an accurate count of machines or access counts. - -- The data in our reports may not be congruent with other data on the site -We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. +- The data in our reports may not be congruent with other data on the site. We currently do not support real-time data processing for this feature, so you may see inconsistencies between the data in our reports and the URL entity page. ## Related topics From b16afe7e9af0d3178b47fc1011541ea1c17f31b4 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 15:55:49 -0800 Subject: [PATCH 036/157] update files and toc --- windows/security/threat-protection/TOC.md | 9 +++-- .../overview-attack-surface-reduction.md | 3 +- .../web-content-filtering.md | 4 +- .../web-protection-overview.md | 40 ++++++++++--------- .../web-threat-protection.md | 37 +++++++++++++++++ 5 files changed, 66 insertions(+), 27 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7e2204a44a..47154f79e0 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -32,10 +32,11 @@ #### [Exploit protection](microsoft-defender-atp/exploit-protection.md) #### [Network protection](microsoft-defender-atp/network-protection.md) -#### [Web protection]() -##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md) -##### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) -##### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) +#### [Web protection](microsoft-defender-atp/web-protection-overview.md) +##### [Web threat protection](web-threat-protection.md) +###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) +###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) +##### [Web content filtering](web-content-filtering.md) #### [Controlled folder access](microsoft-defender-atp/controlled-folders.md) #### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index f67f450978..1247c43078 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -31,7 +31,8 @@ Reduce your attack surfaces by minimizing the places where your organization is |[Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites. | |[Application control](../windows-defender-application-control/windows-defender-application-control.md) | Use application control so that your applications must earn trust in order to run. | |[Exploit protection](./exploit-protection.md) |Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. | -|[Network protection](./network-protection.md) |Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus) | +|[Network protection](./network-protection.md) |Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus) | +|[Web protection](./web-protection-overview.md) |Secure your machines against web threats and help you regulate unwanted content. |[Controlled folder access](./controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Windows Defender Antivirus) | |[Attack surface reduction](./attack-surface-reduction.md) |Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Windows Defender Antivirus) | |[Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) |Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 23afa588ed..181eb6c2a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -24,7 +24,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. +Web content filtering is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. You can configure policies across your machine groups to block certain categories, effectively preventing users within specified machine groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption. However, web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. @@ -117,8 +117,6 @@ To add a new policy: Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. -![Image of all web protection cards](images/web-protection.png) - ### Web activity by category This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. Select a category name to view more information about that particular category. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index 37f62a101c..fa838cc1dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -1,5 +1,5 @@ --- -title: Overview of web protection in Microsoft Defender ATP +title: Web protection description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh @@ -8,43 +8,45 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: lomayor -author: lomayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/30/2019 --- -# Protect your organization against web threats +# Web protection >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web protection in Microsoft Defender ATP uses [network protection](network-protection.md) to secure your machines against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web protection stops web threats without a web proxy and can protect machines while they are away or on premises. Web protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md). +Web protection in Microsoft Defender ATP lets you secure your machines against web threats and help you regulate unwanted content. You can find it in the Microsoft Defender Security Center by going to **Reports > Web protection**. ->[!Note] ->It can take up to an hour for machines to receive new customer indicators. +![Image of all web protection cards](images/web-protection.png) -With web protection, you also get: +The cards are generally split into two categories: [web threat protection](web-threat-protection.md) and [web content filtering](web-content-filtering.md). + +## Web threat protection + +The cards that make up web threat protection are "Web threat detections over time," "Web threat summary," and Web activity summary." + +Web threat protection includes: - Comprehensive visibility into web threats affecting your organization - Investigation capabilities over web-related threat activity through alerts and comprehensive profiles of URLs and the machines that access these URLs - A full set of security features that track general access trends to malicious and unwanted websites -## Prerequisites -Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers. +## Web content filtering -To turn on network protection on your machines: -- Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline) -- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md) - ->[!Note] ->If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. +The cards that make up web content filtering are "Web activity by category" and "Web content filtering summary." +Web content filtering includes: +- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away +- You can conveniently deploy varied policies to various sets of users using the machine groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac) +- You can access web reports in the same central location, with visibility over actual blocks and web usage ## In this section Topic | Description :---|:--- -[Monitor web security](web-protection-monitoring.md) | Monitor attempts to access malicious and unwanted websites. -[Respond to web threats](web-protection-response.md) | Investigate and manage alerts related to malicious and unwanted websites. Understand how end users are notified whenever a web threat is blocked. +[Web threat protection](web-threat-protection.md) | Stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked. +[Web content filtering](web-content-filtering.md) | Track and regulate access to websites based on their content categories. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md new file mode 100644 index 0000000000..8bf7647688 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md @@ -0,0 +1,37 @@ +--- +title: Protect your organization against web threats +description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization +keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Protect your organization against web threats + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) + +Web threat protection is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It uses [network protection](network-protection.md) to secure your machines against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect machines while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md). + +>[!Note] +>It can take up to an hour for machines to receive new customer indicators. + +## Prerequisites +Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers. + +To turn on network protection on your machines: +- Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline) +- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md) + +>[!Note] +>If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. \ No newline at end of file From 24ec826bf44e0a7563f65c59f4d17f4be2cdb403 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:38:31 -0800 Subject: [PATCH 037/157] Added TVM API topics --- .../get-discovered-vulnerabilities.md | 89 +++++++++++++++++ .../get-installed-software.md | 85 ++++++++++++++++ .../get-security-recommendations.md | 97 +++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md new file mode 100644 index 0000000000..bc067f116f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -0,0 +1,89 @@ +--- +title: Get discovered vulnerabilities +description: Retrieves a collection of discovered vulnerabilities related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get discovered vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of discovered vulnerabilities related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/machines/{machineId}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the discovered vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-1348", + "name": "CVE-2019-1348", + "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 1, + "publishedOn": "2019-12-13T00:00:00Z", + "updatedOn": "2019-12-13T00:00:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + } +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md new file mode 100644 index 0000000000..171a32a275 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -0,0 +1,85 @@ +--- +title: Get installed software +description: Retrieves a collection of installed software related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get installed software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of installed software related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/machines/{machineId}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the installed software information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +``` + +**Response** + +Here is an example of the response. + + +``` +{ +"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", +"value": [ + { +"id": "microsoft-_-internet_explorer", +"name": "internet_explorer", +"vendor": "microsoft", +"weaknesses": 67, +"publicExploit": true, +"activeAlert": false, +"exposedMachines": 42115, +"impactScore": 46.2037163 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md new file mode 100644 index 0000000000..4256ba1c8c --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -0,0 +1,97 @@ +--- +title: Get security recommendations +description: Retrieves a collection of security recommendations related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get security recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of security recommendations related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/machines/{machineId}/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-git-scm-_-git", + "productName": "git", + "recommendationName": "Update Git to version 2.24.1.2", + "weaknesses": 3, + "vendor": "git-scm", + "recommendedVersion": "2.24.1.2", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 0, + "totalMachineCount": 0, + "exposedMachinesCount": 1, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Git" + }, +… +} +``` \ No newline at end of file From b3b2ea7db50fdc8f67b07ab2683a4545480bf6c0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:42:05 -0800 Subject: [PATCH 038/157] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a488cd488b..4bda3515a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 41e94fd838c2db6d70ea66e0b1b35149ae130c8f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:45:59 -0800 Subject: [PATCH 039/157] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 4bda3515a4..8592e1cfde 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a collection of installed software related to a given machine ID. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a collection of discovered vulnerabilities related to a given machine ID. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 9e04896db4c1ae623f234bd48ca59750455262e3 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 16:46:00 -0800 Subject: [PATCH 040/157] link updates and added pic --- windows/security/threat-protection/TOC.md | 4 ++-- .../images/web-activity-summary.png | Bin 0 -> 19413 bytes .../web-content-filtering.md | 14 +++++++++++--- .../web-protection-overview.md | 5 +++-- .../web-threat-protection.md | 10 +++++++++- 5 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-activity-summary.png diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 47154f79e0..21b8325782 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -33,10 +33,10 @@ #### [Network protection](microsoft-defender-atp/network-protection.md) #### [Web protection](microsoft-defender-atp/web-protection-overview.md) -##### [Web threat protection](web-threat-protection.md) +##### [Web threat protection](microsoft-defender-atp/web-threat-protection.md) ###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) ###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) -##### [Web content filtering](web-content-filtering.md) +##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md) #### [Controlled folder access](microsoft-defender-atp/controlled-folders.md) #### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-summary.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-summary.png new file mode 100644 index 0000000000000000000000000000000000000000..d9fc4ed73a5faa65fff0661bef17c8642fcb4aab GIT binary patch literal 19413 zcmc$lX*64XyzjMr)YGVHpHi){eL5hDRt+^*wG=fEA*N1BXsCIXR*SZZ7NIrILrAnr z5F~9CMa?3JNYyMPW|D~9?VNSroELYkyVgDDzOeR6cI>tD-~arE&-eR#ZDD3801^f9 z@bCy2-MMAO!*h_s!*f9R@58`5{_4=jz~O+umElbuOpo{i@Zv9bJySg%p3h1AyZ3p4 z*GHb-aq#EiIdyUW?|_ljg%uti6HlXCdNv_0%M`vQ;nvaiRlSFhPp#1xKOZlA7JW~z z(*DzZy;e|=a>2c%`HE-*)615hE7awtKJ4@T~vAcV4?#FD(;1jbS2Y@^HSsC+(033Og-sDN`zrG$F1su*!{mlYS zKYM$Ao^StT;(znWy|9(3BwgIqhi&zOy1RYdAFoMELNj`G*h2}TDxKXKDsqwsf%~v2 zHR9z6YH#GxKKX_R&;0(j`mSvuM#SZ5oWxjHw%?i&9l>S0YSq+#yylL3euxh@VJJ02 zZ<TM<7+kKS(t{>K-PPb@H6edLYeW6Xb4B-O!f~%P=f55rpUXu^3TB(=RUF)C z5!4(q&DGJCgif&;`1J#y@lvaQ;#d1h4CR>!!je)j<=wf}ccNZZ%~(hG?7(pYG5BpsPxo8KKXQ7Xx*|A%T0%UZ&RX6>^Ef_N zHC`VuQEUiW9&6a12v?L;;;OVM-~VRe+ec^<_1gIw^ykNG@5Q0=)jrWL?!7^bw~_6H z+~bkl)pjZ7_H4W&A>ibtyHCB)wP}uWpm&+5{zB^8V|aZID^_TO8rj=SU-IwSd>&DL z$|dA}Z~$Y1zB*}MZ>mO7mRyV|_MC^;88Gcxwug8;P(nf~UcrhjC*fR?Nmudj_Ob)W9fh^7x%Ud(CzR=vm74L{~7opK2%>b=@7; zC!HJdr?D|$EW*Ezf+gS5Y}Jia`|w~$dv@5-+m~;N+M;OaoXXlz@8N6{xC!kaOdv9Q zYw7EpT@|{SCjB=Z=k+1CJ-<1uVg2y2jVVgRy6IlHz+f`qcx-@sJ?SnZEcgp*8_aJ@+J+K%AC+_Qd);vENWi0)g@!_ibnL{Grd=dk5Tv z9Dlks>P}L9vQVW%4W>rkKE(gEEOW(7b9ws3&FrZGnJYuvpi3f;PAyf$#ej{OsW_=Q z|4!M`oygJ3x`{BI50KvyhZjgr{t0Xj1Hr%rGb9Cl_c*hbM^7raw+N_hT+Nn{OS6A) zL~0ztS}4WeyiX@^qokx{(Ix(KJ@lsa9yxoRo3@mn>^R-sZ)n^i3U5obvw2RVS^h4Y z)HM7ygrikXwIxZpid_fKXJ5JBn?M zLVO$LVUo8_FR*}fGLa46yw#(2CgVKBTqfnb zH26-nHN-14{hTA_$4SnTT-_MI_Bhs#MiZi(wA{Fy4;%hAZFY|EP1KsujTU2<0&|*G zUhm{gVDr*+<)o*84gbO$Im|qvEBK?16z^$`&v6Ec;tPjf>F%v20kNM|ImyC*c!VR$ zpFPU+mRCbH$A$Iez%%ga3{`k@GIge_g86NrpvFOCa9FXZCKg5t8TJ$ftMvA$&xuQE zd5U>uT~QpsnnT?%L(0MhcJmO|NTTUSrHhiuCg@$i-_QA21f$krk_Teosfu3=Elt(C zA(?DZ_2}b}yF8>zaIoTjC&NlWLStxd^=iBLNkLf!xUN~@*NAqB;J3Qn#W3L_xg6nQ z2sx@k=CQ?bpADCmjcoK_PB{JJwZ!?5qK7f9#hqLc*NA>Trk(l~XIy~n{?_H?$W_%O z3qB^6y2{C2d;IIE4}p^=HG#5~tNV6XYF|U#N@FnAx}2SdDy=5kD!w=G-fO=BPKL z$0xCbrFc8)MzOcV40$)qqdwqG1`c~t@y+Z%@rngs1D!M(Sk>mhDpY#nOOJ+}bO1KMyUAd&E;Mp!rR22Zcjbi-(~R1)f(*!@>N3v6~@^}6Ip4~ zn0ZOUBig4UFTMfWM^#cIePFEIx-?7S98}6ENa}=27|b~}C?Qjk(3QX7T|ar)HCA4r z^Q3Kk%kDp|$)!1ADA$}~TlU+nt_RNv2j>ub>$z@>mSn6HM4wp_XgQXme7W*$>i2=t zaDx;Zy?0i#5Zk`0vt@xaRhd6EJ-((V zZ^U=Mb}N41;={J4sVbKxESc`z+q`8Af36r;!f2YY!{2sw&WvI$NbBwbg~_%a{Zgj) zpS0I&C@0j{U3xGf9_--5e&!f3Smk|XLJKqjlqM3omyMX%p9S%(ZBbIt^zFj?8V78Q zXY`~6(N$^ra%WL*VIkX*TWIYAW5NY6%LCbx0TTZp4@n5AG|vu}51xvuANJp-G!lCp z<=2!{#vXr}+Mwl?42Ko^lHo%=1c>?o@>O4==F(~6NH9v?-wKv<(8C_&_uXVkV^Z#K ze#fTodBYwW{1d3+ho#^%lUgcwDTe~JjIk5Qn}c#cZQqstZkIXU%v!9NGWVDLdgO(; z?c-Fz;baf__>Qz2^3qS#D;Z6w)CVv573%X;6_LYwFAg&|EmsskPl(yZ!u400J4JZu zMy+d=$H_XLk%Dvi-eRb;TI{7Sd;SeD@DJ>LDCvrGtDVcneE)e#B?!K{h$(A++u7o# zxel{Pb8lxVGUwHdX}Np{tfnbm5kHcCzc5Gge$+=GQFjH>hS5PzrWG?4)tN!X6$&!B z$!uSBmzXt2_jwbH37X!^_|+KV&UZ3%cY{Y#r%808<{?=vsTZ!v?{`E zqdI&v)FfAA#tQFUOB}|p-P0@#dXwQTS|D~mCOHQMr917`RYzH$ zO~4pjt{oa!EzMZ2`3{m}O`>>2#W3(y;DT-XULLIC0^?}QJ(=vT%Y);Pe-Z?^Gjkr2 z{+`ekm8#b#FYPGYF1^iH&nbNITedW7iD2@@vN2(H6px&hea2KA{ZoAMkux7Z2v?aI zoyZ5e^S#sX9O$0S8H?f@b1ljmbeXRM5h_u4=PX)h!*n1V=?C05!AkoJ25hWO@ zVN*SMWO0wA61gjjI2+?<3NhIDM0cUSGR|h$(jZkJZoDY1hEK$*w0F zOB|L4RTA4F(zjI(&Obt>1bkKypRu6jne}Nnc;SbmM=ffcvh{~LpD^DIi@2h@K*x!! zif0gE9@B@&B-SsvV)Fw=pTo~|3M9)d-?a72nJH8%seU{dtJr$FL+)f?D@JrAp%G-$ zqHr+*$=e==vlyu&jC-4H$~H)e6m~v;a2x4B@ku_qv+1mU^~KD4@NuwX$1?&3tYgc^ zSp-)zXR~+N?m3}jeASDm3MboeJPYBxbCZP{wf^({xr=0--PLw4pH3l(4*?BVnNyHn zU2apA)+pkN zvArGK3xVDiaX8^WBfI9?=R zJ~8xR_yIiGS+cX^i*gLsyevx@X-sazjFg?QroA5yY!@=|a&}F)(!qpYocZXUBio=7 z5p{>&&KwaK)7UF3$V%gOhN~FAq=w>g8DYl#eIQdg=3Ajt-BVZn*Y&PC>lFMwRyV{H#mJ zBs1ifQ`q=4P^Zoxd*zuZy+xY~u53A`+jNiLq{0rd@_gxGlJ+9dliG0W+a4w@ET_c} zhz}%u3uDF4mb=sBOq;_t1Hu`#rD9ChxWEpZS~Wv5T&IQpJhykX;2NHJX)nkH=KxV# zUc6*!`#6C2VKLI~4WZj7MkX@sM;Qw#wO#tK&`n}#?ml)b%&X4E=4`B?@DYldMP;BP zMDehoCI(M{A9`-;GK*5Y)>(;VpUAdZZMSC3X=wHZ zGacq5?nd$XW4ga|-+cLJ21p>W55HBJMW4&Q*Fx7e8WzzSO{z~l8F^0QbsXg%p}Sr= zpe+5ZhQ1Dm^}eP7GkVA77iF@a=~&JEuVt~<0>8))-ON&~0_W$+P!q}uI^TnhCXsw8 zcA-`}i{hSSSHvLQ@ROWqzTev2$hFY35cWVdbvm$i=$!x;_j+9K$eIkSaQ=RQ>&d|aB1 z!vR5N&gajN_Ce53g{Jwcy#u`uGLcmly8ONDyC3ZnB~{9Q+qY1 z{#dP{M7IiWaafyON1z)n-%_H#uNc04dvI?0p*=EbQMBNO;RYmEMXSjL!RRCX`2Sc$ZjaYU!Suu`pW~u=)B-sLBBSTAyvw z3M2;39K){bS69ZzUfiBiMupHu9y+5zpFtVgZpJkdHVvN^x<-4SWUMS^4xl;e)JTc- z4=*k$qGY<&nbRq=Pa53j)Pee5Lh!cAPwRVoXRbbY$&xI=7u@JfS_it+p4SI|k4?6V z`~S*Pqecu04sIv~%=cx%HmeyoCqu$=&7nA4(6WX!2sCxoPZm8{59{iYZn%u54wYMT z*1juWY9CZmxy#Jc0!4B;+fh0&n1V`Gva)l&)*a*7*DkP7409BBX)sL{e_;;2I2riZ;1)9tCX-;P5 zg`xiHxoN|-YnQIbhZW1KB@DdFQjNHn?jGt+m0nk4My?_6LOzgSRFT2E z+}kG$UJuNMPrr|&@FJM;+?adL2g+%Cq5Pr%8aY)SV=GTs472QPK3;5LQi!Ra_mQRW z8@oYxh7LlFsNp>8s780I0=Ll&M%&4D7ZfpS`vcxrP1H8+xs)>ba+(|a! z2&k7G11{qwv_w06gYp%XX+lFe3O*}|(*eX5o*Qlb1A@Tuk+_~NaCqnY*MGiyV&f3- z@{D2M|D%)LcCk*to;uf z^7bJ!RJ_u{H~I~ob9LGq%rbrGb9IA>n)Up9Ya(jC-~Uo`@5u`J^(Tt63E5`M<*W~S z>42UJ&+qF$4mLh|-1+`O3csS36av+=&nE%cjq~qSCpWV?<>>8Fh?SO7)67|b%jyL8 z>G9$6>nO7T$q>=ilCnKoa`)q({lpvGDJ#uh*cZ4eE7J400L}>n0C^RgIhQ+i4w-q~ zw?LE4?O8*t_xoXRi^kg{50gr;JKT*ybMK*_@99I<=DzIZ#w4E^zEc;*_y9%et(f0( zEq$YGAahf}6Ohj!&3|z`6aGUpD(&R#OeN8`^7SckQcXVjw889Ehylp ztw>Fw{<=;8>Btb&+4+h%##xu*K5Y({T7JR7mA&FI?U?WP!O3g-Ofn1`w#E=RK>g6# z10=@FGK*UC+@&w(lms=3z4W)uX`_^Jpi@4M@B@egJ6jXeyGpMkaL|q+lQDpr;7tqL z7}4DuZU7qWAKL7tYi^qizG`~9YgBPHKhM{L7_%2qo8<(6o{onz@M41HJuhFM90$4~ zVT2zBPR4rg7aF?iQaiz81u6S5_@rQY=vX37WM&X&Dpm)yux+`(LwdGUF_`CiU^{Yq zf=2b3C{H0rZc{jHR~&g{s(i8QNyJYTsJkNL-n0p-jd} zEUJVs`aO2uY0c3b%g632&pk3kF zu3USo%v_g_QVn6YOK0d0uVPw$pan#=o1F8gn84aiLO5ABHp%e`Zc)p%Vu$JwYy~ot z5k!SU)I!&$cQP~J00lg;*Ws9En5G~Q&YVe~x_W@;hP9Qu9wB<1Rwef5@vje)juV1f zzi&ttk%|Ef{ve0PB8j@YNot^k;xlw8-C64A_iPHybEhaoi0c$~A}li$EI_n?dNpM2IM!mLfR;Vnwbd1}s!Z)lo*-EYW;$3R}~KiaOlyo4QlI^vY}O z#yV;gIas9MgrTw&O~_(M4MNdJEJamxDIx{T-n~gaf}~Y9tE`Je;BtI|SAd^nrgu|+ zk|MauTzj*KJ@~mDSDF*iDOlly#KaBjC7~&$;lWfj*Kdv59ma@F=I43#Lcfm1k>wWY z?0^CqdHXM_Y0ugnfM*BjYw_@Sge_i}hul*Fq=DMrNva#k*?GV9VN`s6EOaAoB67P~ zCa(kDntSDbG$HA01eX#_kCW>33B>&H;xf&9lI+T>{l|SH$2Dk`Cj~ovR$E1a;n2F* zxPe8AF;AIM|o*?)0>{axRVOO{S2!Fqt&)9xr4hkyW7Qn;As>g?#LoHf8!ovAdupuK`G=P>C?%8~i#3sd5HfEGS+$MjXPwFg} zNjFB$KT0o)IfXJxx%}mq(jLr#PyFdK?ol3|j5L6L@@6C0wA;1M>%7M)u+r=Z3wsge zTuC;Au{GvZ74oxbYusP44#3@i%vJQJ07)1~uu|OD2Y)uwadLY$gGt<RwtK>_;i zTe^i?C3nLC$-{QFPK8o{&&lEPWn!0_iUkw(D=Mpvg|7RYMxd@PS9Bs~?B$nHckGW> zrsoV7Nu{A4N7`H^x)0(xZT+h3$ldbTv|8rl%=X+x!&>rfrbO6UhxB+9n@+0|zngU> ze`_Mn*n_N4H|__Z)0v!zf!F<8^FUUkk4BsS0Lq92*H%3O?yi%1hy`3XiWeUz<@;## zxzE)MsslF|OE>}9J^~2EUi*44MIcdwH7|27vr!b}1g-Hnfk1^@mqg6_;E%resneco zVWqowfj47WjeZ<~f^}qT!K!_HBi9o$B5W@{{vvZ)z|n`;YB=>$Z56e4PuHg8_gZ0j zgBovofyLLHCc@1jq{ob{U81h7d1(ElfmmzqEGj6nB;rFjZ=qXPn)mCAX|HslAGtlOLP3*kbUDM z#uL=We?RWd5JmuTB_sI_klhbppScc=5zM!n{h^luNxo!_))|UcrQC5u^Za*> zP~($8$hWr*WPGF!6{!CyKB3+_Lw%HD8Y#8HDi~hQ0h|vBW8IO%1h8&cm}RwjfUM9; z+`84-Dlw?^kE8>(pQ`p)h@BRxUH3D(dy#5;oNcd0=DfkL+JZOF9h9M5VMt}@nv&kg9RZQm% z=O^hi5c_Z0VT&+&d1-D?x=YYU21pp&Lo=X;)A5Z3U!9P&o@~uV%{T#nz@Ct#Is4%u zrBiM$NOr(S>8+$T!@3ygBc@cTFQT-cyK^PAca!*?!xk>mGygSzcceTsJ}RrTEWWEv zY!3UK#J71(_s`0Czi4^w<~!zB!H~87Y|u1!eX*jJ5_fq7Vo~+mWoVn5{h4t~&(k!Q zyJDGLZLi$>i0ec72{kJI(X=~YqQDe8!a9Kld{;kmJ-y$dr!NgWKso0=A{D6>7-wK? zVuUWx49h#OE_cD`?PY%++8mL%HoLqt*tF=^SSGj^L=Nf&*Ar*{e8BW~2V9u7 zNpb~kaUm;&9vlrf(JnqkZ`gL>rk*WS&<&y<0iK=)_!vw0*`hB3CZDpUvGl2B>a*8; z|8r4{;gL7E86YDT<4xjmg5#m>5_BM~bS$J)8eZ4gUD2mkzy>`J32T2}nFy!*0%n5J zEh8Dw*KOV3U$b22(B|3Lk$>l4ilEpHp~96ooUyPD&RSPNH6p}x=G>ESr0xzhlxV|K zQ(2lD*2zTz%TeI1lU?@sKoC=XCOA|`H@^ZStCPSmcQrNx;YdgFNJlXPfUc^1YcULNaVR(u0F zBjOU09~4?JGoSv98b(8p!BI`jE%L|OnO{TgL~$M-3&O0I2_fh2cuXem@d>XZBLZ&$HmAz9Taq3#*;C%%#qM|v;A6n zr{dy$o(~3tuAwvc>TZ{Ib2bdceM8K64b@K2&a7?{r3o3EmLe$Upiz}Q8-2AhdNU~p z^Dr(UGPIidQRdNd?Ql;+u0E`O`VWDrH5!nTNZ%MV3)B^X)mA;$uBpmG?1g%h%Cfvd zMT6J7RRcM_*Uy)(6}#pf%dII=&>#qcwV|^>ZNAYp=x3W&BhL9lKM^N2iyiYc(e;^0 zNGqN+aI1!s$EA=!^PfPC5MZSw9Z3a@N@RKLNRyiEY@wK_xyHh@%-`BdrGa10RpMET zm|(_3Kd3hm8o}<%cMBZ7qk|i~;J8Ar$yTculp>z7T8aE)B;D{rQ0IblByu3(`&K~S z1p(cCdq9aPhxY}sGO4rmTb#JnN`DoqX`#Ixw2#s?|NK0^KKsI3Rrd?`<7#O@V6*eh zj9f4woY5TI^U!}V=a==7nSKX%4pob@3zYs-bt}*A?BaVCL~gZY?%|d{$03{w`UTQJ zYwZaVb9l~{Cim`Mj&}IWUpUW6mj@je#{nha4}Om&CUsXXq~97YbY0-|^*%VBIqSx| z3(!DJ_#Sg^%G~nzI0{Jy1aGSs{{}XO0EB1CT*aKxFU)K5u#0H7&S{|{7}{Kip~#zr z9h8)aTnx*iH$w&ReqHtarVD(D-L;#5@xeG%&_B17K=W>FK-W!ZNdLTs%XfJ0k*?qz zG2=1&>rCz7;yR1w^ShKWI2S^Ycp~X}Bx*8dj`H%z$z69#XksGxI*X2wLM&Cad2qHU zKDyfoAk}j7D{7R5tSp#l6A;1<0S4W7TO2VFN@=BYl=(?GRR8Ov#$h1*Dup^}u2yVI9sq z$w)dk>kIebela*FN|81X zYGhz50G}=UQu?J{ItP|U8%cMv1D+B;!B4l?tx)q!SCImijf@_JceMp^|%3VGm zBkGnc49dK;Jf5tY%d|al@L5U0pFDzo+%cWApGoR-Ikd4F7%eAst6}W^%wajHNM)6% zxHdZAbX!BHjXyol4c1eQWCZ}W-t^Vd#rJgyhWe5zoesl5$u}bzx#YUv+rEi=M7kd* zk>ihP*v7Ldf%>sKaz}Zd4eT?!zDH#Rg%$VC8z%mmwmrd9rYP{wMrj}~sPX2A+c;pP z3}7@}YlBnW8naC57ym87+??D%Zk?;e4?yv=Qa#u1rpRAItH_3)QEv*6=(#3txc+%^ z^5Rm_G;X%hDLYO2KC6{AmMEsy(<=?ny3m#T6pxkoFCMRt zwM-eG%e~*VK%=|K>wN(*7?BlAbMLCI5rPt|x`K2%mUEp-Yv5-}h$9*ifNfD7X6{%O z(SAYJjY9KuFk+bvj2G{e9|kMjd)52(u1i`yT*=e(2a14n^?k=}+^>(<{HA}Zi`Dtel^&VNjEjw%S`1Gp z4HXkh%W_X1$lnmB&edo6Zo0s%#vTngA6~FtW)YC3G%(ui0KQhIvV~>gkTPxsHQ!?;2VkDtTd04(kG* zn#2`<_H9{cT~meQReud@iW@RgXqBNzD0Xl}wXYg^_}ZUV5ieaw==aTTwd`W)%Sl-8 z4!_b(BQwPrOt?yyaf&!;_T%_0Z03BzfbV3C$n+EbOjW1c8fDMWjzFX84Pj$Ld?1L_ z?qRPak%6}eH6}lX);;C$ob6hyEq0Zc0knh^v5*O-dZc-v?lbxU3&JleC~F8|tN3N9 zx(i2V2UIPtd9R<6cOqdl+jFz_gE>e0h$3ObN~$KjCj9jiI`9W1x zdi4dhf6Y0Z8#^{8Ii`@2ZV9d7)JRmoPMDa)&2IlV*+O~t{E$~1&4(Jr@mrI2RUcr< z^~%{A>wpD}M?v;t>d|>w&GVBIDua0XL*vL$~c# zYRRlg$vGodx&YQ(Ee$syjO?rhoZ2%%rVLf1IvPbBzk+ zsx{D20YLQBSS=OJFdKB_HB@Xi@3F?tkB8>m_!pi78!&ri0AOt5_|S*6V@N?>&k79A zQ>!Sp%^I3|sRNRD*#~UtsWYZpd11w2J=km5;U1&|Uvv+jnkVDneaS3qKF#6rnYv9o zNA^AP79TuGW!S#OM=_xSrVN*Ha50s2(@aQ1KdbG-*+aj-`Pi?Vq1xbDT5Q-Z)Lk)h zwOnDic?ejNkLJcHi6)almyxE9-B&*=$b1!SoVv?=`i78SH-67K6hpTLQ-Q$*R9&8{ z^pWh#$~vxQj74j@U7EFNk^4A1t7UZ&TFxxvF-BLP3bA+Hvno4S ztc1ZcXSQ4gZE=c7sALM#!uCo{7jyvnA|mEq-GUF;C=IByzqsozVt=bJIRHr0xwNPe<6 z(W&9DXC-AuTFr*f(+=v_7L0yF0DP&Ps&HCpNVfhO6wwvGLL8EuN{~C%f(UKbIimUP0JWz{#-Nd5QRTCOvX4Vt0t1(EWxq(gawe^!$3V8n zT5&H0u5XVwLE-=zc=I$&+YSnG721tc(?4`$nCRG7b*S>73h!~4USe&{Db0@+w+-br zK|SBke#)OVK}7xxKBDs^MsXWtR6YRJPvDK1sX2Yhx-#O!gQ;TP6U70UWf!E(=gFkz zjWs!Z?NcCXU*zN8r!)CVm2zU>-kGwBNLi_FS7Fa?#6Xde_w28ac+EEg5PkxyI6lz2 zgLGRy7g+oZE3EbB8X-r6hEC`0lHbfZ?lSjSGbfQb>|s%P^Xyn`P*rMigVTLCr*)$V z#sMA&+bVgEr?AbtYe7pRAwQjlP|ZLz(#p&Xd57kM z`f3&V5_ziFNc!?7xmj1^KGBUI$%>iNd=EBdVK9ixC=2G_<<%#))Ya0|&e2rgAN@!E ziYjup5c~Y#7DtY7i;!vMp$T_E!?CQ+Wja0QZ9yPP>3<9T~a*V|~;N65$#)pBZu0GIdtAD5Bbn&t)vYK*jsZ~fFh@-TXvj!>XNFzo@-Z%wcK|6JW z_Av9Z6o_Z2xNF!{dT07#WLM^Fclv5>0`Fh<-<1(ER2^V47p0IGF`xQx1d)W&G#~kv zwU+3(M^~yAzHe4{rldJy{I-kz%D?BmX=&abPw@w~%Q7{Blh6p*IsFbQafk_DP_JZm zK(dVQN{@_X$*?8%bdad(lMhs^aXb`Z3p+CSpv&S)#j@?|nuk^wX)bSS+*E|%>z}M( zq3+wmLoqcR`whG+74HU@MjkJDD!uZ1p!5>fGeYK-GWpn7Q?sT=%o z)rXXJf}G|lk7d9e%ioTM%nU@N00osh#RTc&AfU&t10%6dX0o@caEpVAV~591fz7c# zi^bbG2Yl9Yk7=W@H zGJXvHhvsbaUq{5GXMWY8}(nlclZ9?105cZ(yO%pQ7!&|-gAK2w>;pVY&TtLa}Mi` zUoBmeulw~69W}N6l!kRWCmC%Vv9i34A^R&f_PTSA3(8WrDk`VxBc3TcC$CiHM(wmx zw0GRp_PV*P`kf?HqzS2zamxFB>#4*zo=vZw$}`@>wtNk)x{@Nmzuv5X|4zHUcZ~Gp z_3Y~L%RgPhmsQk&e6nNB1jLdPfYc>Is&?xN`Md853dHh>cu=IdR?YrnKEtMTcH!C; zuaBb%v&O5(Z65sj#c-ONhZj&Zl*Vmz4wPQUS-|>132F&3a2EO>dt1!*E(ta#b15myg@x6f@<#B z=;RnMWakiQr8%gGnu z;q%v>jn05emx_^!@{qYB*@{JDk>Xddx;COOY>e5q`N52Rz|&#VKIIrg5KlH*>ZeSNoWAg-IoC4AHvSyYAK< zDY(4-@3Q4P)a;p*Jy>cUJXjKW265BcZ+}cE&Cw^YOQG?JRuLU(g&)}R?X;ch8|qO3 zcYz1NWd471CSFuG19%#+N@P=X*h^DB9@QqFfZvu!meR=$npL_&)tFo;Q&5g}>9?)wL)9qs{jlxN zH5FILG4@{5^Fx&XJ?*HdPtH3{Hrp~zOQ@-#`Bz65*1&d3bE6jL-m7}cE?h2tJ4CFm zZey`8t;@-qyNX`@E@&cW-LWdSfG=UjcA1cSQ>HF-<)l`l^*h$GoOHViAE{fgl%tfg zMSBN?@q!KxU)((RPD-1-C7|;ImKx22w>zYB>-UG0+f5wf9_4c%+_YTJl)pr_JdLt@{2c;SSL;}FDXW}G8E;=lRzO@rFZzUCro;@4rN)G&j_0nS z{r#GrY6{6Y+8OX?doALcOv>FRI_dSmY{IT`&Md5}nhC|ntba*w`?7o7R4OVL>trP1 zGhDetX3Cw^BdF3j+Y|->TGZ7R6Vy1ayd_N4SN7kS8-T~eM3G>nN%4W8c8zYD>u#oI zu1yN*DmGp~9rVA;nD9mdgHH)sxgyw<|pw zX7YicAA8idMG7%4Se52nqB%G2@0_U$_o_qWdrM*|Eo%i3#&vYTi)Ussld6LnuZCr{ z{{FeIG6HknzYpJ@v6%A2OPO+hW&^A^DztUL!R$qk4j#E5r`CYEdg|y% zVqS#xo-8+oF9Kbc1$g$=nH9@LhctkC?7h0 z1o!bXqiO1x_Qt0%=0eq4nFW&{X>EXV9*!;;Un_004pz~WwI3Ze0=7-|CH3a{=~8&v z*$!+zUXYzU<~M+Kl_f*l37J0l4goF3ZkA3z*aYoROrLoK~*caYyMD@@!%I%*n@grNQ|MzY)TI`}wXE%09*CmWyz zgU4 z2OgDsVKC?cb(R2`+iT>3rEc!e{pOPP-CBZ15brbPj~z^3Lyf<86>cp8EqDRs4OkW- zDw*cx0Jz~eD^}h%CYdhAqrJ7_M&1M~Y;B?|44n=(0b8FdR@Bmi>0EQ~*??u8eNCL10;tVVX}sJKI1 zI!PR9cC5?tQwXcN4_oNSc)+%no%mh7D7Re9fBVfpxt|SJ%#M+=$8$qAtK|)}%MpT%%sn0jW z2&ob?&3_LSdelY#%kW?gC~eKGrGn|O7CSToKA#+;G%%u^wp@AkhndYHqdd~!iI^jG znw3_WNBgVTPE7z}k=JYY{tot3LD*Q^WTePs7yZDORb#Y8`C8f3XKZ?R7wbHUFVMBm zG-+|~USz#V`73GUm&6&X1_8&E<#D1t6lwyP-&Q^}g(cgVK66;wv4@YMlGa>uZOoD> zVK+rF)j3!l(}mSsQ;m7ZeNqQF)Tq>H>|W6C0RvK-8u6FrX!UUF!eN)%oRZ}q8ap(l zjM_>esLxEX=akXr=-NZ$QOTf{j`TDfro+Abt@0^kD!~&*z0)|2R^IQJ6XkHeW*lwW zp9_{tJL#vc$gK3UXyrGiq~BI8)AJ@lZ*6=@z;FakPiV{#+|XHlRwl^l>dZ9y;M2`+ zyR&v>z7-1Ete@xc!kn>l`kpVa5yqp^izXvTw0&@G3Ccd^Y_3(0Ix!8+l3}#YIxIJ+ zqaBls8sEGt=?h7i5vNW&vI477@pg~lkBA=2H{7I$Y6R>TdmhVsY4pblzb-MLRSkc8 zM3Q_+gUQQvYA#3IPnRk@^t76c40_zH)?l4_^2SJzTv6(Bet?Jepttg%GPKh=^7?0|e|3!MATsQ=rjhg+XOy{_kDH1SJ7ZwwXNw>k zqm9*-JL~!R3ID#c!THO)YyPue(XpS{FJ)^K5@w3jbcHl9FFQLN`J*nMR)P%<^A>BO zH9rm%DSarKY~6Z|duNBaOhAf+Eu40&Odj|k;}ei$6n-bx#{Yj!PwVNN;Jlk&^FVdY z_2)Y+*c0Py!-MqVs*;KFxHLBwNnBZKpPuGT(z+$Za%SMyexo1A(!nVEk!^k?r35i3>Vk=M;i-CFrM z_0RJOb1h1FxSP%YhN?PT7UiDsW$wJbWtA;YgI^cjul@crwIyff)NMX#ji18J6;?HB z=}cZ^v!y85?_QL{vTNmwGf!FCPj!C1z(|;F(b2xkz~IXg(F&h-e|>+=-Tfs!xmlOK z`I7HwJhheV3U4iubuiLm|Sv5)$E}p!8Ed0Ky?1e+8 z-`%=UQ6)3mbo^5hijeQ)n%zG28&yE-c0HalFM zBRXAnkKVo?LiLvuCS~2YmHF09(sp||dvnmdu!X6aRl74aY${YXJD&CzaOLTRvSMrM3L~-Tw{u)3(`6mCp@d>KgLx z%ZY%wTXL*lOO)KcaJ$$q?`c3JaO-bz(Kp$%(du_(%kCJ;W$X2>KefB1cFt$s^X}^A zvA_8Hd!xjkuGcbC1ggotEw;%R8g{m<0b&Oc|q zs-@k0!mGV|WNd%FB$1u$YB%ar{P{3!7`e6!_5;CUhMDieElf0-x#*#BvC-b~dyp~v4pyq3Gu z$%bX>j|aEk$8LWfS2q9rKSjBqeQ(1fPu|^lRqdmCLY)2I58b<~Kb+3{Gy8vc`;_&e zzo)Hpzpr~osascuKQrQ**RsiJ&R?64{V`3y#$*0^Rr8(o^8G-C`3tX_6?n_kw`Xs2 z`CQ>~IQT>1p^vpS2Fn~cTdzLfx9-5!S$apibvAXpzO=ME`{t%p8y3$g-+u*$0{1`o zcIusdb!qiFrYo-5$`=BzG_BH`a8f?R$?DVU%;eu!`+aOS2{SlZCEiF)TRcsf_0KL5 z-vj-}yzVw0syn>s{HuQp^!iyGj%LP(+rQc(|HApPQ)Pa{mM_dFWOkd(*>fN#)( literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 181eb6c2a8..7aefb5a1de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -123,13 +123,19 @@ This card lists the parent web content categories with the largest percentage ch In the first 30 days of using this feature, your organization might not have sufficient data to display in this card. -![Image of all web protection cards](images/web-activity-by-category.png) +![Image of web activity by category card](images/web-activity-by-category.png) ### Web content filtering summary card This card displays the distribution of blocked access attempts across the different parent web content categories. Select one of the colored bars to view more information about a specific parent web category. -![Image of all web protection cards](images/web-content-filtering-summary.png) +![Image of web content filtering summary card](images/web-content-filtering-summary.png) + +### Web activity summary card + +This card displays the total number of requests for web content in all URLs. + +![Image of web activity summary card](images/web-activity-summary.png) ### View card details @@ -160,4 +166,6 @@ You need to be logged in to an AAD account with either App administrator or Glob ## Related topics - [Web protection overview](web-protection-overview.md) -- [Respond to web threats](web-protection-response.md) +- [Web threat protection](web-threat-protection.md) +- [Monitor web security](web-protection-monitoring.md) +- [Respond to web threats](web-protection-response.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index fa838cc1dc..dd52925080 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -29,7 +29,7 @@ The cards are generally split into two categories: [web threat protection](web-t ## Web threat protection -The cards that make up web threat protection are "Web threat detections over time," "Web threat summary," and Web activity summary." +The cards that make up web threat protection are "Web threat detections over time" and "Web threat summary." Web threat protection includes: - Comprehensive visibility into web threats affecting your organization @@ -38,7 +38,7 @@ Web threat protection includes: ## Web content filtering -The cards that make up web content filtering are "Web activity by category" and "Web content filtering summary." +The cards that make up web content filtering are "Web activity by category," "Web content filtering summary," and "Web activity summary." Web content filtering includes: - Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away @@ -46,6 +46,7 @@ Web content filtering includes: - You can access web reports in the same central location, with visibility over actual blocks and web usage ## In this section + Topic | Description :---|:--- [Web threat protection](web-threat-protection.md) | Stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md index 8bf7647688..66e0e293ed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md @@ -34,4 +34,12 @@ To turn on network protection on your machines: - Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md) >[!Note] ->If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. \ No newline at end of file +>If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. + +## Related topics + +- [Web protection overview](web-protection-overview.md) +- [Web threat protection](web-threat-protection.md) +- [Monitor web security](web-protection-monitoring.md) +- [Respond to web threats](web-protection-response.md) +- [Network protection](network-protection.md) \ No newline at end of file From 9b63bbc0f8eb21f42278a8669a14ff5ffa0def12 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:49:49 -0800 Subject: [PATCH 041/157] Added TVM APIs --- windows/security/threat-protection/TOC.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1d0ce5d117..2af50f3e0e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -390,6 +390,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +####### [Get installed software](get-installed-software.md) +####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) +####### [Get security recommendation](get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From f527ab00a00e245469a5b50a1ad2ee8903080a98 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:59:05 -0800 Subject: [PATCH 042/157] Update get-recommendation-software.md --- .../microsoft-defender-atp/get-recommendation-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 4032adfef3..e8473ba5f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -1,5 +1,5 @@ --- -title: Get recommendation software +title: Get recommendation by software description: Retrieves a security recommendation related to a specific software. keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation software +# Get recommendation by software **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From a28e30170e2b4d0d2ed367ed8db168e197d33d91 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:00:09 -0800 Subject: [PATCH 043/157] Update get-recommendation-vulnerabilities.md --- .../get-recommendation-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 954479aad6..48f13ed4b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Get recommendation vulnerabilities +title: Get recommendation by vulnerabilities description: Retrieves a list of vulnerabilities associated with the security recommendation. keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation vulnerabilities +# Get recommendation by vulnerabilities **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 5f669542aa3ed186f109adcad4f5995375858c10 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:01:35 -0800 Subject: [PATCH 044/157] Update get-recommendation-machines.md --- .../microsoft-defender-atp/get-recommendation-machines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 772dc4e34b..0060478641 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -1,5 +1,5 @@ --- -title: Get recommendation machines +title: Get recommendation by machines description: Retrieves a list of machines associated with the security recommendation. keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation machines +# Get recommendation by machines **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 5ac23d076d488514138341c379146e9dbcda1764 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 17:16:55 -0800 Subject: [PATCH 045/157] toc --- windows/security/threat-protection/TOC.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 21b8325782..a6937a0472 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -32,8 +32,10 @@ #### [Exploit protection](microsoft-defender-atp/exploit-protection.md) #### [Network protection](microsoft-defender-atp/network-protection.md) -#### [Web protection](microsoft-defender-atp/web-protection-overview.md) -##### [Web threat protection](microsoft-defender-atp/web-threat-protection.md) +#### [Web protection]() +##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md) +##### [Web threat protection]() +###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md) ###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) ###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) ##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md) From c1462bc1225b6f1358a7e65428c5286577eb7c10 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 17:21:51 -0800 Subject: [PATCH 046/157] shrink images --- .../images/web-activity-by-category600.png | Bin 0 -> 41138 bytes .../web-content-filtering.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category600.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category600.png b/windows/security/threat-protection/microsoft-defender-atp/images/web-activity-by-category600.png new file mode 100644 index 0000000000000000000000000000000000000000..d01215dee9f5b141965225e5a5e0d76ce7caf2f3 GIT binary patch literal 41138 zcmb@ubx<5#^!_=x!(fBE!{APECqR%SxC|bG2MDf%1`kef2n2Uakijju1_%y8f(F;^ z_q)H^f3~)Ew|1$bnxUp|H}suz&v`!2xzXCMRPeAVu|XgZo|>wnE(nBd00JTTW1<7U zA#Uim01im*x+?OZ>T&9Q;03CkoTeNIRF{DBV1Wj_#&T6PbO(VTEdPBYsp&GGfes(EQ)%6Zf-W5t*QL|Ni~kblDQ^lLAhE*?ND>3li+`&12w;r(4*&mj3oQ z^DoYqM3^b&X--hk@?YtWz=@p9Yu9srOolM9Jf<7@cyrf(KQQ#kX~PJCW0)8@HuS$E z7(*dM>A&M9jJ@`M-c5~*2Kn!-D0l&a@qfvWBzB5?*G#u|9)XszVJF8 z%9Zll9!_R!=FW?VB%m7^`y#sI^vt}~U^lUSFjsN@aO=LDM(}4Om8(AJS^DfM@cr_C zH<4HqO#m_Ijl@f){r%&fSaC3cEHeF-lzFaqmdzg)dqDv zDZ_Lh?yqQ;_2e;c1$-WE>K-fx8XOj?e>MA4^NGHx(9x9yo~d9pVuFcmROvf zoi{f(3ztK2a8VT^ag#V+vpOhz{P;1ATHO8RMvoG+N$Y8I5i*-$y|r$!s!lW+Z|;+{ z=RwND)4j`w!+Gw&u(UV)=9e@&=SqpDG}V;SW9`BQ0WDfNqwP*r|Vopy_} zDThvB*qa(N(~rk1`(Dsv8P9_^w@>#cU*DAJPIm_QHGtZy?pM(V?gZ_|qgq;8oJI$c z7G(TyT=UIP9kr5K<9wO^ihJxOK0N%Jpv!Ki5_N9>IEFy1g!%=1i$t-(n^1wAOM;qrnotVAXTCn}5cpv7-9s%))TP>~ z&ZO;wfbGu=`VM1uy6gn2(G(7*pvTK}$$*1H8u<>bY%!hkH)V`0>S-zQG%rSe|M2pp z8)-LgaXvq4Sv%-l3%no83;FYK`)|5X3FnBHl=DrZu)}`%@s#st^%-M}_5ox*oE^p9%NlS%(F$Eylma#+G4s%~5II(uN^n zuzTEL5F9%&`1(jquI1*6YBH@<{#l1RmAx)aJKq_#r#xBfs)2}dY2L&*?MY4*DkUGt zJkaYDDo(vrpe3M__?!M}1?9GWf*`Pqo4^RNOR2Zj-E^|ru~k#V=rUBqVuTV}KM-g# z$mvy#ay=k&f8PC+%%=6OsBzjkL5B+Kwh0bkr!zrWJDP!Sx#ha}_}vOC7NcAS zpLhF+4U8nD>IFMkEJxyNhds!^10$lb89BbGRXsgkuW>qG9WC1}AJYAta$0Uq6?fkq3d156 zn#H6GR_Z(c{ljK^C~2u$ArhZ^YcS#Z3*BfMHy7|1ru}NLQ-8QQv-!JN*SXa57k9W^s;sJM!X4j^-z=w#}SrUs%q>@_ZqX{u;YS8#r_M37OB{oC<#AuZJ zYjxxqG0WDr{cUm21Clc1(q==sx5*JQkL=6MP7S70UWvh=_bWGc9IwBpJgj^xpceno z*L+PXhR^eYTEA$3K)1{iZU5IlEg7^}WiiJ^?XtUow;blxl@B*t37Z=m3^YH>|E{#T z3(N@38VNgOkoMZ#E|Ba^C_gfG1YPYhR2em05Yr63J~C>u{%XkZ_xBGKPXFsFqaYEN zC1yA}o^JPiv6>ad^@+i)!;Sg*Oak5mI`qM5y0xyX)$r~GJ$p>Q?WIwTGYyB$?7x$) z$8s+6?Uq8F(J!Jd%`_Y(DBMYORI>}D?`2V|A9wUSL{>1r-4mDK>O3X?9O=oz zL~D-cUE>`-3FmQ;={#JwHB&PJtb@Jupz7&Z}^cO?oYZTx)Hu1(eICznx+dB zFlfk-k*7#_OvGqffT&X0#gD)7-Bm{}xO)aH?eA?mr{HR6^0da3ZGu3amy>;41Vv6y{Y%&AB4zdRAR{sg7}B8 z{{DK+2CFbZnvNfa5FgxK9zGtS)TZE3i)jzOj-4AKJ4YpSJ>OQVBHl(>*3nW=gHAbE zd>Ax%7ZQL2fldYhQ}UlN2m=i@t)ilWTFe#E+)wsXMb&Dl(ca0}KZFI{31uNqCa9B= z8>+pKL6FqNWBUD_X~#qlx((_amNG>bsEu!>Tq7bmO<*C>zeienAq{+_W~DKvKDCkC2ixE*DBbQ(x+BniUKC6gWq8{dtV_9>`Z=h*%@W`R;wtvNn(Vqo=dQAE? zV}E~M@1$MpdIn_*`^C4Ju``)O+&0u3h`kV3n=tFpu*+Zy&|s0fkZmd~h^G{OIZxRi z^U1jGL#oH|tRY7H6AHTOW?%FUhG5dx9Xkw%eVI`yW`tC*+t^vlgH>==t$L+x%$)5v zIyMQE-D#CXI-@nLALUm)qexiawL6trCt+mS!Hi9!<)X7E5toLzpLHZ*+ID&wYEoBWRz=0*}Of z%h0@vOHx~cM=P}G5v(fU@`Oy`crZTmFV%r?pX&0O9a!`7AA~K7p~ju^BNTO_cX?AE zZYCL)bvk+GHv3~ni-%t`8=h}}7Ix4ZV_L$L=qb^pVgc6HrA*A*AdDW{V2T<(4uo+q z77ds8MT?p3N^f6|l;6iAeb>t(nJqDI@cMKVwRru}%Nn=?A~i~lTO)&S34`Cv>T^B9 z0PbL%Tq;Fw2V@;p#9))xV8g59DvsABL+FBmK;EP>6YI8^)%bTSbNxe4U4eY~bk~jb zNQ&B^pT=}Ndd#~hd5s6v7Xy^7@(f~$tSLS-C7PbP<2Jkej*+spvRU+)M9ixB5J)R6 zKSL3<4%w+Q35TvCHv{`?O#Y~h72Bs^P=vRlIDJqnFO(@`mfv0>qa6#=s&xdyYgT!Q z!MD&|9)7qSLr{#Rj5bR%9WD^Lr z4!_t~0*?)ki9H|IbR9G!s^df=E;=|oF#pIoS_NvPuqQb=Ow!}M)BlEoDc5M>-y++= zFc!j1U8^liC%YW{PWdh$2Q-bj5pi^)`wBt_txb%|R+f~-D*AB!_ZN4WZfV*ct4^8j z*XcDdwSKip>IKDgg{66?W80_D0)B>6(?p$CBAPodqg)n_ZSmlKtl$e>GZ^2&CbqYv5rbC zkIl(8v!Pq~Y0Da*FSt%Ev3IDx*6Ieg7QiMuSfC~O_-(S_f?D5QGev2WS&g}Qzcy`X zxy`DSS@ZL(`OXrt@cTEnyI)+I+&9Vlyl7;Osbr8Ckom*fVW*0b9M0&Pt^7wJpmy64 zj1v1OrENkUt>A&@znLx7%xPaHV#p?%{N=+i85qWbOYB8$f*ZH)z-hIt9|bEucRkaV z!4bo+*_xh!kj*R{%dXVX=i!x3DeQ13EIBKsQQP!0IHvozSL$hwVk~%S?LC*$r43X$iE4(DeAw5xXlDA1Vm>|kacsSq`6}ZIM9*R@sZ{4Od>DKAsM`{Ao*WYuGxlXF zr&@(xm7`xk2soHNY_b;>hd)xsc+-OKwBJ@=*y854o`oj2O{LfB&}k8E9JFB zA{BUhkJMc+flNkQNm?3`i6Z$4A9}YD(h2Ga1R|DFg*J^9W7+?Sw8@N~-lD0;ApW9o zycX|Rf{PYMPap-QI^3!DVS{&9$OOktK@~3S+!YOE1MgJhcf=9q{H9L-fi_3zl%mGV&1u29#>Sy`eiUaB}e^_-R z#=;=uMlvQeQCb0A^DqC*Mgp}o=(S~+5W1{1>NuNp@!VgZEDYT9Bui5|7KDadClFF;4}vpTUZ#0FP1b8C z*^Ue#TmHHIN0zk)Ro?T-eC4`=s{y3+>8Hw#i#0slJlS3J1!F#h$Qk-N(o&kY4^PW3 zcM?$<$NXa*{%AU|b-6GyUbB~1)W4d{&j0Yzk7cza7AnQqS5jAFR1~9~Tc>iPkNRC7 zmxqrc-^vFb|B}kYvam6ar_flACS;0eCiIy6QxahPGehk#C-K>fuiCO_5H${DrXiA% z%>b$e!G%%J^jy(84#gt-wSY|P4Y>t!$Pe5{vH*O#Sg9)*)v+Bx7$z%)K~`lawmKNn z2eJ}obuDf&{qa!(Nr6O`TpraDH#i;H3cHd%LyZ5p7X`!sy3QwExR*xF#)TvEFgr}e zT=bF$htr>Nac5Y5(%7wZvy4j&uNDE>{`~l8(Gn0rjlbzuZ`=t+bRoWkAN6myMD!u$|IN8pxOJe7^ld zN9yi6Q&_e2bc5P1I?`Wm^%t&0z=$6@OXMcTy6!VX9E;n!`{O(h6~f7?9Gg-9e(q&a zU|xpuXXTb&bKk?XQpd$sxlOjHn%(yr-wjN=H(!^(vF9-FY+qyhR2704Ip2=1$)iO1 zxi45cS7>dh4uxF?rb>!Qz>l0 z6p@$rLf@GbiWF^!{^?%%=P#LIEa$8_Z1kGE!1wIHgG;Wr8O@B}>4GLYI>4eVB*J52 zPT-hVm!YpHSl*LpCI>i@K+VYMkq#g<&nw~tk9d>6j#t{8(ChUpx`Oj_PcK*{{#2X3 zm`kNxEdP@DtO84oOx^$D(y5aUVfE1HBey%4Ei2N)hHAim_n=u}FuX_0Hw+CFR(*DIK0gljFUQVN|kq;?7B+!IJ0DS(fgLW=zLOi?md z6@D5nhKrp-cz~sK(>)eNu(``uvYCr?@{cE3WEwAqBurG19h!yN(~NORoS{ANc-rlC z_)prv9W5;OZ7KN4Rew2QImC2X;yNHi9c+1&ZXP&QYDU-qS!_yVjgo3aYMm=k2L*2Z z==ee4=k*a&2b+erERW(sl)m>Yp;7a0|fti8{BGv zZ@VoR-eucB#M>u`Uhze??DE#%WpIXh>hw)1h;zc-1xp z5~9+4qAmi&LZS0h{79_+tr&!|@t}`4Q*5s?^0`E^QO=tBvs;!N3HE$Z)jqQ(PqJ3M zX4U$PjE2*(OWTNWplPS|9d7q=7k)=2TgCP&TM@pR%&b=4!^Ez=|C}+m1jJmS9Cm`@ zWlpZvNj|UzDD3TUpmr^SQ{Z*UPfACzpeIT0iJj5(=!W6ahK3lz=w;9Ta15Nu4Q{@7 zjLq+-deA6waTaK$G2aZ{y2d>@oP%(TR$9+yFM|!lQuedO8*IYG2g(I2b4Svjl~Lx| zz6coCS+-pqF6g&d?Od_e{~0Q%dmojq@L;SB7h!mIkrlE)MB1QOamn*fM)LbuLS^&9 zzEs1yLn+^fJYg1uJ%(t?8-Rb|u&c9MRMv%&^}&V3nG})q;)AWo6^WV+3-PZ*ZTjx; zM44G@0A1;jIoxd=+hDLS3=JA+wUHqm;M*aC2;eX1*+jdhf|!NuFtPK!vK#)aq!j5% z+XtzXBxkFtL;Dv@x)$yyKg6I(PQ0-M_pVc25~&dkS8#Gj>sY^15MjHqWRdY2LhUB9-;NSKJnX^VJ+Qxd^AviEGy9uN)Xd~cA%OLxnGB8@R_ve^hPX2b;nUH2v=k8`Z&UagOPJ(Typm%30aEv z``8IQUiC@MRq69;x6pFl6%z`RTaTo1IfSiPk9qyu_+!rm$H;nkXXz|{Gye|)cTmlX=?N@nZrt%i9R`NeA8B9*d4E4F;a2s z=NHjDlOKVa{hSg()7HbxUdNIWe6q~FDjj_(qLh~7*=@6-H&uplg#{%dJ4dvmrg_w1 z>zXd;hiic@Ri0r2J;?>&;i&FfGM#S(lG(xSbJeD7llY253%INnsCX4`S7Uu{^37o% zf~n9S(X`gO%j4DXt*AGR=t=0`^C{0(8S8UvXN1*y_qUO|)Qur8s8F-?kn!yTQmU4z zQtbeYI)q%lRszbTO1!CaYDVwy&>(BxpAkH`Str}Sh!zqV7{5quLQG6s4do;v;V`AfPd+Xy?I=@*b8CJ^sOwIeh$# zbnLHFC|1fd(&=+yZ+klUx(gk3%%TQ+3P~7|*L0q0jq+EL=o}Sjwb_7yjWESxO*GC@j@OTwQ-43=x>esP#4;zV|Ek6PsD==CKg*kfa6^;7^TGUkuETKRF)F; z47|WaXrfT$1;Q>2i!dMbc?w5`cIpEH9{$#zN-qh%&hYe~|mg8y5P5 zzdZwLNtf+uFye5ntLxKSOjgO;PXxy?7mNvu1O;J2y&azpVNc35g;lUTPg+HiMwA20 z7_=0@14tSVIm2W;%9j{;&+wbSKX{3Uj6+B-lwhFG5ZV;UdgGA}j100&-u}F@6aCbBI_>o|` z5&fu^NLsNLg#(9Zlh-hvy48@dXskc7-WH6tChnkx!H)(a^nGC7nCQts9XKBdith%6 zmv^XDVDGlCK5n17`7|@dqyy>p(Zgy z1S8mj>zZvE|YJ$a!p-JPZWrq@50|dk244G_)d8d6cJ@f0rMK zk|wT51l1O!vk&pHztYd0EtG@9*YDo=n!!-r4# z&I*;7r^VVcwqw$&Bo>SaSUh<{xNWL{#~xoC8&jD7Z`oo*XmDv0J?m;@3sz-|1r}6e z1?(5*@Ayu@6`ahbnPP6#^!YQ3x>}uOzl^F0QYGT_e5zuhTJ6WjBX|Hk0vl8zE}0aS zp13(>DH(`Ecv}Ert9)f72r)`7P0)V5^fMZ6eco$YECxEV_9JQ@CP`9TI=ZWB`gmM^ zy(qc{6Q>gt6AN!-d@UFwYfNGS-v0rXZiD|XIMV+M7&WjDWC8wD?Ek~6P~5)z{A2xJ zXFI9kcJnUb9r53{at^0Kh5ci!pAQUR72Y z9@Ts^+dF(33HF(iS2HIRf;K5Ytsc|RV6{L`KqsBT|NOuN)V!ij^M--%7qtQT%Vk+z zTECrEGSPmfWEcQ5U+)NHRDrzE(Qg$Gw*lkoBpnThO!e-9qS*0QJ&}O5>hkKk-M?MU zdXHh<$J{R2Kn}zDlt8vHe=#~qzYCy%-5$!-lnL_q%f7n0+AP)SxYn$BzB9Jv^|RT@ z*vZeo&13&F3Ae7nbtI%+GvinkJ$(L0V-g^)*?;Nzv)&Dt;En(bHmvblJ z0J*qrdIZqMQZteK6AqwF>6W~#3gVxnmI>6LmGUj_LSik+`SI~UZtVe^y8T0UDhNfmFA<{bGav8DkSmWmEJCEoleVlI~G{D5098eTSb<6AF&dz$drR= zBwc0GpoZr<{kKQPE!G1U`v9o0Se6e(zFc>^s{FJG(9q@PK;PP^ML@veS^vu~g{aZ& zn9pA&tf<;wlU>@b&Us;Tw%Omz9hS(O1AtTxUFP)30)@kCpdP;^CL*V|Fs%O*oH+^Q zB17k_%&0_SbIKChJUA#{>++~J?_zCwKbPXt$x$<(7o66?8xCfWADW2!q8gXgRQxLE z`*gcf%*4poGuCWVlVYV&J>9P(*VDynuWt*K@nrPZs!e|sYwYXlwm8!?m3L+d(G0>d z2)0|+0#k`tK8+$mP=3m9hBy&m#m$H5E?q72PiNAIj@1qo0zn>suA`-vbfAh@x{9haZBVYdjiVG! zDY9jFiFqsWADiXUbBv~D`4kxW^*`C>j%KAb(3HodHQ!Aq&Goy-S)oxSNY8=oRjzi( z&h|F5VT0}cd&_URl0KYdnyWGceUD|)5bmr-$6vZx!Y|}mtRpAi=m}51!=oHJQ8wvtc_2lI zrSq8j?$5S0_}?FSJwdo~Tbzd<@2{P@Fd58ocuaAdPfpO#Fv_&1axLK zF%CJBZt_-0&Cb6I|3u&sD>Ev^S1zCf;UMvCh2Fj*L?+Om!>m0lTgp!_joX+LAoa7d zmR?@hUS>82Qd+qwK=wCW68FV=t+PX7lCcWVCf4q+j*++zD~5aRBu0`Uh5TblXxkY;n%{`>VmY+WZGk5~I?zp8-7{P-`YN z9nO!0JYsl+KW?8{8Pag%LXsI) zm(1a#y(y;8LiV~q04uB%xkYOI`1EkQGuaKVcf1w&)fJRC{3GK$;ns-8FhB0(_YZvt zx5+n%aSEHaeRG~zp!~9x;%kB!GTzU?qj)Et`n*epW#7yzdK55I5?7*8^T`kDg+;T} zr9`&SX+PrBWRF9oxjGpLc8KuxTi)EhIolGjyK<}=Ty8m04MoM;ZrpEC#aQwMaM4fC z6(Ms2%mP#A-}OpW(_mtxd%^<}C+o-WmnB_}DJU2Od!9*<(Q>DWxeEP@R?iZ=zrQ+E zws?Cpq~oN!yr&qQsJvbKi3|wnq-N__%vQXK=4XwyWmEpHb(t@d9*`~spWyjm{oM$A z;pOZ=;bPDwr$9dLpVyGXl9_*Yppzk z@w77+)duk*?W4tq_00|y)l)&~Up_|HZ2&QjNYvTHY0Cw9i+c%wgeq-?tE8%cZd0<4 zn$Z~oh>bb|cH@=<(=J?99J|GSDSoH@Gi{;HNOD;2YYbTM0R8)RNOrC7uaEOsw2AN_oxNTLD6D z`kR#;1O!AE^Z`HH>8_H65Wh)Z2|T1O%vWa3j+wa$hnBKfHs}a+yudg5TC$>~=vja- zWoV5_r92$h9>EVF#FTO67ljI4(Ew*034VHfqalmCkqcVblY!+EhWj)Ldi|X=Q-YxD zQ^S!Yt%tOA>nxS*SBj(4Fwlu`eIcq7jb*Prr`3`ezrJ$Jn8YBUw2n6|x>oQ_Qqd66 z%o2G^7Ah=eQGY!BwIPl4IA)7gD+>x(B&G#=+DN(HeqQl8-#e>i-V7vWd!;=U;tr~g zl&ds*^kwZx6_R2X?W4B<_ghC|SsrJ%9aImea3qs(zAt%XrWN_II+NCHhCifpzBK~g=g_xfL>dXQ#Df2;%oLmzc0x)D zA*g;^sHnEAXP%pRCF;D=RnpFO+mFidTl0%>I#3?AXNgV9FQNNqh2s zL_F6JyohoJk5uHlE%0|W$r7^vYX1Bb_=tQP{_g(%Bxy}TK4;t^Ct*biKk7p1!nI?Z^S-x#7Edy zG-OHNi+AUTE?pIT{cVdFI+k;BbF@h+tu7W6rq-zQs~t5xSYTXfiwEzVF!#(mC4XBO zwY0y1QOlF*F*)I0msZ5=oy)KC)Vy_B2_1~**jtt3FVe9d1=X(p&5pmm21MeQtZ7WC ztsvtd`EO?Rt4Duk@zl7tyLk6oze10@>AOO{T!wh&VSYT|4k@<@X@v4`daks(`6fif zQQF_<**gU7ski;x)^igKxbuixXbjHi#$ZI_@okhddGRW{wM6oR{R?yhM_ek2H_L$l z4lkAu$NnzGr#-QynK>>LdU9rU(W`$MTng9GyUK5mz^5rJT)}peee~M9i6jv`Lh=c1 zswtzW0WeQ8+7IlBC(UsVnN3XvIG|#S1CJwV}McWg( zQY;A+gZ`r@;lH|G`99s2eqYcrf2TzrG&#<|DYreO!|b%=aYtiG^@u`1NdKtkhgj6B z&~qw#`=j}aOkSFW?k^)MFr&|?7VC@<^q*eA-{MJN>jeTZc6JU6z46huDK;V@b(mX_ zuMnkJGyT;I33N5w6&yzzK(SfTEp;|kOXY0Be`PfouQRG68=sZB6V>%JJ#JMMI=Rt8 z=@zVV?6#JVn29=CZh5Uvz^YS>hw}Z0AM|Lp77SW>-sn}~#CMpj-7^bL$ouNN?*>2!y!UFDCT z9)Ju6w9#FV@BjSFEb)Ul?IPP_?n<~Z#-k^LVy6|EF zxAkbQ!YHwiVpb#1&w#qmgHoW8!;8$BI~p4sO;qqal9HIL@o1KC1x4b_Qgc*h<;qv> zjh@e=jZMM(AuJ?XT0I{=`6?PsD%Xy!(l`^$57n~n^4~VFdTleswDFFxAhN>#v zE*gvSclXHSB)VYE20q@Eiw$1#Tl`0{N6EP!l9WA+ZiA?54dhI^cftkaIX69*7nf2WRa+8rAUcRhf5wa#)*-WFCYHN z7EK0GnV9vT357Yru&JO3M*1Gl64LsrD39ukd-}+<&8RS#6pk#x8iuR4B3I{si`@m& z%UEO6$bN^~BVhPWZ_fSC*mZ*leZuQf&EzE8uXF7_IQCQZUoZA&^x2d=_Qq@x2w2G5 z=@Z+xasEhs-vICEYUQ}^z9J}wgw=VQ5UvYcd+ai6G_jz!5o)p1yB>jL_0;YYSW_L$ zC;J59F=0;ri3pbyqi1(N{0#$lz|jfPlw#5|+M#LAzkgJyBBXJ%=Mjz;cwq{Wc>(DUz?y+Bv(kbP7czLv}wL4)>zcrwxoemDZyzB}8cPB+(YmHbs8>Gv5m`?Z@ zB3b0m=Z3C9#d_saVpc&5^?}#aX1{>E^W-XQ4=Ofd41CL9nT5$=+r;* zHfs>52flcSe*U(b9Z&O|_+e+{S2e!6Inut>0bQC@V+BIh232V!rR?H9nt1Ti3?x5O zAMsTqQ=YpvB&5;O|7Lgj#L>79v!dO1?TSX?AVa&_Uz}UNn9e4lIV7-s3@V~S0FLfg zPdVl43Pwz0q*IQ=`!TG#%jX<~o=5d7-|$m`Q=&i{ zgc-O~XUWW(GX5<~7w6!Am2iUsNTW zSanU7X)8}Vg_A{(BMB^xph%(jXrz;saKx(AQh@@w+asx&N*(14sB${h7c^PNN5BW26-gK5NPj@Z7!~0I4(fWki*an| z_d)#_fD=X2%7KJ#6qWU_GAQ-W#nCoo%moo1G>qNIyGrr zd#Lu8pv=p(PUP`X-n86BQ{#ZSxWitdXLz zF6YI^J!FhOdR0c6+>1B(XHQ37Yh^F+WHA8`k!g^zP0RwVkkhmQgxly_K>yOQG0)Q| zU02nk91;VhAL?2Q-e0VPb0qs745+LjiAuQ~1b|;eUZ6y!m(P_u&?Y%U8DU4VUkEbr zD`?kJ@J-nK;{W>M4zL*PP4T?S?8k?M%VJFK+f8JBO-SmM3VqA0NEP2tkCywz%C)8i zNi@fkIDi zEL^*Lp`tGlv*Kq*`q8&O*B*5vwIsZcq1qx- zo&qVQZb#xHDkg2S>{69PFc-%4clYZ#MKp)BIo{K{5vm=cH!lcO-_1ZO{mV`peiHcV136{Ku6b73soBuylX95!axXbIa04|NL+DZr`itrnKLYb*=+N?v23{uL1B)-j+xsD+; zMnL!Si|AA}kpyoaP|;0XFmL(}FnqGa?CUkMB$e(ijw;-gLM*AW{a;^lI%Rz0Hfpi| zXY_O$a?k3xsE(@)F6?Q;D z#u1`R`$FK{%y0EP7yPjiDcf%y5g5mT?HKNm#Ax#}dHj?!>@0<8i4=!1_Z-=@1{n`-3m>Wgn8okW42|a8PyHKJ0i>!(ocC zy9dG*P3?rI&TSvyJtH!RRw~z(8!+F~#qo?WSu{Bc;NUK^`X^KLeAbW>#QsgNqN6D1 zS7ewhGn#F9Jv4!xOHvzbK$i(y!n6c3{*(u{5HuJ?-DWM{ukOv@2>dhaXjW9>UQZkFRQ9?Rwn zMT!Lrit3Bw%YyZ@4~NorZ-0xDp4;)s{G=KgmhjMLbvie0e zWbg+Z;_K=3waV6R*>e`l$lsj4C+&3*oZOuhaeZ#F=(6ney9>pZ=Q9>z2Iv}VC zx|xi|OJf|3i!>l^wMz=BXrD53?aH^@rAE8^pv<(%XJJ)n-s)Olqyh@;eQVv1D{seNUpMBK z_*2#P7!S%xqMLZrL%4&Ukh3sa?W-a&!GdJ2-4tNxo64t8V$4wI%I2HBDFvt3CpdRh zwB#Ugy6Z0{8qqO>$OYyHGHr~sep(*4!w~vn3P>4^Ewlk+3ny1m<<{z0HUqiZ;*!8$ zyE&;yF|hPIeP7apUC7rol;r~oIENzsX1MN>r5>n{uo7nvm0WU?@brSv@(ZY$=@lj; zE)CX+YMEJ8*2TfxYjoT_UT!0y^xd(ngD^_4fma}Z#WtmIU?M=mMurGGwcc3tbiY=Y z>z7&2-Ra_}2}N;SZB*;5(KQVGW;V9+qx{Xc(;UKBHjgeA5@1!SO2GHJ+alPXYtYX} z;j7e|FPb&jf1EB)ovks~;`Rbmx-%*;z|?q~9OhGIZVID&QC-J z-@^n(v$($mMykHo?h5fZxQN^>n4zQjn$^Z;S;WWA*xGttuvHi3iLE4EE60x5)Sf(5Kq5fxF7w9vI8@wgS zf9$bDg;iDSHI+YApuN@T>VECJ_e@Su?r;8fnGaQS?xbSxwd1!S$(``hIHZHs4}y$o zBL`&OcJm29TaS#$yY&`TOw3glTf;mu9us=0?_LY_2)2CK03$w+ND3X~h0}85RHx|= zJ#G%u@?u;{$)Q-oPGlTU+c+|EI3GmFWmN-BNqhY};6*ZJeCA5yT~NYf1t8+5M;87tQokuhgi^oQ2XB?S$k^g8$=Yz;putbBU8sYQO&7VBsl>&ed z=r(Imc%F3dTJ%Posq=0cOwn$XJ6Vj3d^ibU-@9f}ze7K=;-PSWbgl*5$HiMA{Q*_H zJ0sz%TmtPxx)JTm(E+uOx;@Yo6hQ>!JGT?aI4G)VKMf!B)IcZ^EGE$D6177zDzwim znkDc$H1ux(pxt|qheCpG)F;g#M!AX61Fh}Gu2Dw#6@b%&4X8E#k|&-jLTGJ*h`o`& zZPDdi1ej*rxDrTiM7^cyyl=lqnpJK!2+8+$B(JeSaFU+nU^&XG0U3O&X~i^hHqLxk??ku@!>+*$w|ZYq(MT zbm%G{$?Orfh7L!D2uTJ+3MkMZzFJ9z@3Bvg6J9vAbuna}9elobsa-@vJ722w!D#?- z6x$D=!b^L!S24*WN#`7&nCZ=kwB`(PIHB|~xrnAgFAGxBW%>i;e44`FoBTer&l&vB z?+n)^x>^D+l|2mh09RLyXS_S?S7`rvX4yYPuvp6yT{T8hIK6M*1DeNhLDd$P!UYa6 z`OFQ-0j*W_o^{$OBtHn#Gx!Qb#(Kv-eZdOr2XvKiv(XQJn<3%BRxoW?9SlqV!qWt$ zhQ6+g7Zr7Yz_FJNZdl9OA|-jj%2&M^tpU|b41!|on4c2mKe={Yqg|SG`ulVpZlscX z_fS1vY9d{qy!`cH=VD*Zgzk~HkZ8*Q0K-C1qNMK0^Yn@jt#z^SQ~}BJ?iPw9kXSoD%|o0Q=5eU*ma6B#<}jA?|{}#(=~HADFb@# zHpk~fbr8QCeSr5h*>p%Zl8<%c`bb?&R+BqJ@@b4|8WW{^Aql11BA7MICR|{(3gRjtVAm?AAETVt7o`t57t}J+y z5sgf>nBi0`OQqNg0`#D0{kPG(dvI>6o%Z_I#M)JQbJs6ch4RZP_mWnuABtI=SHzyC zL%sTbpSOSgV?C517mjfpGE53Ve^6eICg=Z5h^cmo1^|kt*Jt4Z=(X9hB(m=|Ns)#> zv!tJJ`mJi2hC&bf>mV5}ctV6Zd}H>%&J~qzs@R>fdkyPUH`- zxq@zJC!P{B02 zRkSh?GYUiERkpO#G`aG!P@muk&1LKvRmj#iyY`Poz-oU$+h0enuS3@=GNAUrMbIiT z-Xc#ze++(4*nN=@7ESd28Q~oh)DK!qQl=&zq)vDcc{eG$RuC?s+?K-m_T>p&0I{N7 z;%NBqMbhz%2yDq1=={D=D&PBaqN^7sM#MH#ur^^Q7fNaXJ#Brl`GrqzBZoIb6@dM` zwWv>v`JG1Y^cl*}f&&wm*U!iUlCA&FTu~IoR@E{2)rbCIqs`l4o0v1H#HTdwPaljB zq{ZOadPa${_H}^_bWc;vU|MKI@|}*bsj#M{!9QOsjoMy5w^10RoU%RxlKq~;hfd{F zSHh<_tP+k?Tc6vcHkTlP<%yBajm_V-tP85c>+OG($TMd3c?=DQuTfE}EE(p#c@v_nC3 zE`7;MYpH$s990;ZH0~nv_96PQtU*1}oph!6JPNA$i?rJ9MU_tL|6}6<)3E=$eG2|R z*|PqB-7(?+!JPmC;O))L5WtCd0DWcG-JDk1|JyRK#R6-G-{ohfNP^|~hx*ol`{s+i zRa1$N?|9A3%s!l~N>PZxf*T#D0_8{m8WpT}S^{>htqvCABwZ;byLskrp3hw?*E zF7MOPM{2b4RzF-Hn=YqaTLE^ndfPEdC*w$bnv~q2Ck|kdt2=rWxc!qiRqy;;;;|F3 z?~E~>laXAXtfk9He4M?y=4kakE4(GAiW3&u+2y}3WlRG^#sr|W(~B9pKtc# zET=7;U0uz0w%JWMFGGMG7zmIL0nAeG){Abx)|u1z^yp!V940cJE-@0d) zW!-&0oR&psE`S!EwS}k<@3SrSs--3t#VD|V)qn>UF>9=l!>R_rSC|27+h@QIusnYA zzcKfgQCYX$`=`v?A8 z&Hu&Bn)%II^GaOzEnL9$JB7xBAD)obz^tzq=2vqh^<%J*U9wv!xyvUAS3i98Xl&V5O_`YOyq5C$>3Z`%(ywH6!4IRsv6cGa>i%&l zzs*4I(-;JJTSxQ(V1X0pi) z^6?7r6V8PMFrlEG))YB)Or6t`JVZxbZ(PR*K75iEg8grAt$t<4(@3FQM%9D}VknB!E?<+TaAHgy zAER)7d5npt0M4%;^VG7K6yF(6@M0h&?Q;1Ik@NXagm#%x;M;fpvN6eZdy73ti{R=H?RqtpSegaf zFB^R+Ts>tUJC^_c`sBQNz~bq69mt@VtYo2-RYEiZ8S)i?j|f|33cD(VOh9IDL>M2u zBl@0qD1~M2q!Dj+;gGKUoDr$;{AY3bo+lf}J^}pTy{}xv^iUJn0(y%EhFa=Sr`+OG{6M&u`wyWnnT?8iQ)*TontjL<}B0d3#rTdV2c6C&%eq)1*>WaRvTY9rCTpqIOh0Yff zJo3q+Uz49mmQ6woJwz#kSN&*fj!Rzosy!4Z-!s#0AJ8BUvxJNaISIFGxcCoI+a7ri zF@UG4c+9xU>X)6SPuHg~JafoF>A1qiP&o$ooewva3JRij&3kaMor`O8Ct8&3@M)zCh$ulfW75o(OljB?RBz zCzZi%rbudsUe64V_lL1C3Q;)2C9k?tO+UNuKmu)m{owvnag;II=~tg*FFCeXsjN`T z=ILgvb{>36V$*o*U8LnlhegD`j%D65K5~E35q{yW)cf13Bpu-=%N4%og2StKY)|Ji zkN$l8xs>)VcKp}sEH)w2%MHTGnKw({m8st`e9QDS4}(9RgcYX#?O-Qls1pvjtQbo1^dpajye8*^9#z zU6v=ZP8K+3f zwU*P|7S63?#P!2SJx7i}yVkAvLd0#;)`T-XNQeclPBc_&80s|#TQ<7ZD#FT|XK z2~53nUKI{4nqGC};N#nEOjbwO{ch}9Zb(df`J(5=PX7MMo+-zlhviFhV4#0_aH29I zt`prC>G-(GqBpT8eEGppt!kF!Qc+`naI@*3JH?92=yYBc1nFRud%4jH7DlsAX`QWz z7eZUg+B4uN9?H9eZ;0d&&0s#WNL`K-(sSsZZ{zi!)nfrLidoM)}QVqtK4>+lSQX0HBIi5%{@aS9_7@*n6xK1dx?+9xIeVq zqS1OXl&hRS)!5(kOcr18;T@dRtIKn8f~5B4+z$j8F6PVOEiXl-K5S2v&tyfc*AbXL z5P2Wr70k_|{W<3rTirj@>~Zdu=#7PYov1%~4wnxH`>M))WX+V586!x)I6koI6>mIB zQ;QdJFd)A0R&MBOfAC^eDPHu6b3*=2KaCF4?=j?U%}VDvf0R}GhvAl1N>44IqcFiX z4>`i4;iY|Mj2?y06NJls8d~N}sih^=oy4K3aOFy~+SOLlf2d z-5|oOUiD@nI+1$LNSgK7{9##ssk=Ixf^%Y`qA$_5C%^VZ+K#{E2VH3btAa}R*Mg;CQNT3 zWxqyqyDZ+;mg%`tNp3${D$fg9iNKJ5{M{D=5{Iao_i`vT3X@pXhi*2yrq>AHlz#C0 zbq@;3m)!;WzpbI8;vV))Z{!H*3n?pgs@H|fTsOw_pWGda?Z6_|!%Kjxf6yj`ULZ(d?o1j!kjqW65sy~ATUF-*^p!BkU?Un{*SDGtr2V|w`?MhahO zj!_W2l}Ak`$4avMUHL^ss4PjG$uzt#+W&$Ux|)>5F2&TPMVm(#`x~XQMSjdsYQ(Y5 zX+Gx(5=M#XKWr)0QQuD$E;MXuzSYf^!nM&X6xf(6n4k@(o;sPj!1x3r7;7Je2mOnA zUve>nZH?Xji;hs%aFoX!QL?e_>m%CEao@WTV=I9)*zjGLQROCL9**Rj& zFzjZ0^GUk2PM&fGT~s>%sN1dMrQ}feqX-WPnDmmsYCHXhT_&^RcU$To|0+m zC2CL5DbctBl8Rl^1>^ZFRSI8zjeqz^q-o3o6~%TMjP<#Xzele&>P==2Zp#>G4-Z<5 z6&WyYiM-->)s>x6sofSEv2pHTH<(2u5zkl6iZ_uxFuwV`)?TbSwmIs%?DEGSgR%=X zCC@+Qy?q*vlfzZDCejn1CZ53XCVB1cO5e)(oZs*hY!WK;TO@;mYiy2<>IJtcL}kEC zzHO=g`Q_KQHFN8u{;?hwDM_D$Y+T+>5!RrMiwSlR#^|9;kZju@MzdU{C^m40ei!H z*2nYmjJLHewL6j$O4UUEyr}PQ06Bw+#u>~IP$%uPlK(cJJ{S!Tk_?hcd}PM>A^4Nc zhz1=)?h{m8IY&e7Ahg9l$pk87soZ-Vw*!*A!j87g4?nB>eNkurXXwoL%=AM=>j+9) zaN9kj`G0<^_Y0~SxTRC8jBbPkppelB*-g+q4#iCdq}Si|{j;czK$QXql;nrYq|%$p z405S*(jj*kXX@S5*@D$&ZzSW{($q42v0bf~GnJe_TRXMHqhDqH>?rKieHVd zbVTFps2X+eQG22%=?g0Q<^80-$s?5g!9K-eeCV|f*d(-8Xvk1d1JBA{-mEh*?TY5u zL!jVW-yvqLdQ0Z`y~>?k^z3NMRK|!oLu-x!H`ZQDEiPZE>qII?%>PQdIFF5aFyegx3OI2yy?E-cydQ>a8? zACbFM)566)+3DYZ2uwPhKQ2%i_g|Li|09m*<|=wlW+;65>sR;%>ME7P_W6Up;e3_8 zISZbB%NQzNtN9!B;tp1nB2E{<7`wXLlkPXIf4&n)*JhtlW7|+3CKc;<*Aku6@WYaj zv+87-{Bk^;UoneSd13LTM;D#@o1K-ONl;LO07NzPgZ}e*A_931B+cT9#OKjF8Y{JdC&G;eH^&N@l+$fQBq=2)%N}~`l4D}9 z&y^|MmvEB4Lr#n9?qg)C-fAc5u|!MmN>5>YG+j02UQU4&h{Uyw+M+C5C~7rov}jwf zl|;1!@>P;_@b5+iQrN?2-WrL*;O#^^l%WXYRaE)rA9^>6Q8s=4I(#id?b>(@rjex7A(V>IH9!lLt zjs4X6Kt-r2=X;4#djqtSMe(v*zINQ6?L(gyM{jI&L5TaHL9E+!f4OI*iF|O&ZEq3% zwptA7z_>8hIDT(0if4HVULUJphc6im>aLc zKfv9SF6@zGib}%L;I@r>Q25<(p&i2}3DwHwk@IqFllQUJk9*Cgx{~wlodxD|1KhL5 z)6zy_?e}(XVAC#dtiDDk!Eos`SXc=|#k>;>N_9al24|^IVB5n80{o?KQ3=Sj`3EV~ zIUBKde78y5*rjimY)k!~9z%HL3S=XwD4MA3x~AVE<8l>~0ltQbx(R*kK_N}uu&9_= zzohllDHTmYvq96@yUdnQyc9?m6?*r)Yvj0dPqaX4`QM-ZgmNs37^0`9{5P&la-;Gy zypFeXSKfZ#d(BGJnIe^=U+?j}50A)nrB|JQm(rdS?T$N4BgGMzns)gTSI;!@_0%0D zXt~Aba{?aT9n5pJO%rjC1_qXaq17Ar^Z7tjQKK7D$2BLkPh+_Z#lIS%5e`K)&WF4Y z$Hc*{v*g}e)VJ%V&Xnm88C1(tV*Dd2YIbqrbavxrXTplJ%S&UQ?PU=S{nN-nUMODPzFHgl&E9R`-@1sPnekx0U!*0+_3cI^ ztplp`eW#4;==+~k|87IZCWK$|JuUll4;XAe)f(BGzcq!=Ex0W5Vm}2s-_j zD?e-@8yTDe)7~C;iObxwVdEFo=H^_=WmLVdt}~{3lWzdxU;N$_ri9PtFip|D93}idy?2v4Cr$T zZL9FAQqU|UCNYap>oE5NFU)_wf5Pmp6}gK>+Dp9>h{+slk7m$;9=Q}}pM$=IvW3%r zV++MRa{qN`+a*9vi}3`|>0zz}@OC;>dFxS+_r%gR^*r^!Hr)@y zL|4mI$^DakWwg-dR6rVTAsTzrDcG9^1IPM_x0D_+Rb4W(1P zODtY#z~=Z4jFW=`<_xtqt6@ z?|%0pj>2ogngi?j??ucz>ye&5{va|GGZ&{UW+KsxHSZJkf_J>5>BcwWDuIh9{-Ir% zD@X9|w~<3Z*^a{yU9(K86|-W~t~4L5iMjOPzG?kL|I_wvg^pdA;uuG0`nQyYv%iM& z35@Cyf|*t_hTohtCZ7+GvEj#r1bD!(Gqg}7lEvzU91clbnck=7!K~-Zkd+wIY-x2x ztR&#?A1*Ev4H_P#-As|35w13GZIu!p^i^(c5^(>iw>JAJEGrd)?!HDh2b**?eQ)Dt zCNc#3T>8`*LRh?;Qc9H60D+>JlaNr^Oc;v4f8A!uRW>i)ogt$7VNb(Q*fA-0Aa-`3 zOBU<&Oj30D67%>l!#O!33BK&V-wjyU$e4IDzm+iZPb{bZ8%X2-8v_0RH5d8+*Pmp} ze;yJ`&WG#jdwYB32-<6|MxRqP(8g$xVQmihL3Ojek9>Htygm=t1TQdweplP(UqOK% zeQ`GBKnTpw%gbEHlU?KAz{o?Y*AGQreDN#x@br`~&GbhCi?2AgNrZoM| z)|j2#-N(1uy3+V8mjQ99R%7=FISrs~Q!Xn&v8qqc6v~BhFt5#lgj%Bv_L?Qr7YMOV zL_3N;jlP#mK!2sy*YW2E3|VslFNz#>Opy@keaN7a@YC};UT2gLvd>1i{w-UG7ewex z5oBRoWP`#^W+`=B7V^L=HhaW|4_avmujYX63DTiyS+|!Kl(vw zn0L-I-$wj;0J@2b8mY+nhkeSg5vu*Jj#M?K5;amU7ewzJgQ3YE^}*5a22aOk#`fKD zh1b6ID7U2EoBFr3wpJJYE4E#19uw3$bmSa5olf?%Lp_O@bCjPnobwYYG1n*68khAe zK3LTI;uEXkQ#*iDVmXr#KHcK43jHoChfYl*DER9&FwIb0AF);%K14JCEv3bGX1;V( zaI5yy^z+#<@$-t>lGj@WB4094?}crhXd#9(J@yvm1B1{HMb`0-+fEz91%pjrYUOh6#d-4?tHaGU!5qx-@=5BUyWF>1C!fOKVkSa&9)?~9;qN!2MMU7gHoLyMTt46Vq5z=KQJvvW-tN|OA73ML z{n1$uIk|oWtZrQ@y{onQ_*#EJ;yUq18lPf#ENw2}0+6#FFmc8}TJjri?CkpIwt$He zechfEu9oR$S4C4ZoAE+=;AaCmS^^Y&>z)jen3u&G%5*Z}AFTIwcVj(W{;d0QTf14! z8T2M{d>Wsqca5kI0r`X#Xtc3YwGJCbkj?ig)Tw@_BLw_uP5?)e45SMk`l&Zx8vtx< zRp=%v?jX^(n3O4Zd&S^g0tV}f9JPXH#%VwSn&w?YqND4&922Ph3TXeW_K$9Xq8JOa zp7l;~*WSB)yAny~$J-l6AiJzR0x#h&`L^FZ+MEWBG};vwNyzpdny;Q9bQ}gy_$;o8 zkeJd{@&pyAi()}i@2&hZ@NzIuIYDEe^udQUAOHvDC?zRWSPqo5T+cyfxJ5_&IoC}o zk-xJ|>0@~HgNL@`jHYt}uKgU1+|QpG9F~CK8F46H1_Nl?2CTL)6B;C<>zcPp+1xNP?cMCr%!LA@8Z7~11O z`SB-3qu3{sX7FD>+UoEZOI2!m7%GCk=^OcAkH@4de?e8^jI8|QRR4$Vf6$qW%MPA` zuc+JdWOqSaHh4`OhtK%rVDmIThP=@iFc_N<(6Y?}De&(jRE&dTU|}Z?06*9_PbK5? z8ec-f05kyb!bJYK{2iptg1o_5s=Q>W>(aN|Sta`Qe+9O*8$HSgpwK&zS6{R~!o$mg`GJ+!vv2o>tHxV8Q-CCJ zu9PL%f7B;om0zrTU4kHU4G>0};gYG>Q4#Y&)>Bp@K!_OfA``Poj3L0%d0K#TFXqU9 zrI$Dh4)}eZY~@l!aKrXvU9ASUV#B7zdf)SdJsxR;m`ZNxXQj6Rjj%8boX!@(&>A?j zjb|+JhFtoFUrg~#VwSuS{UG*AuAth63xnu)2I{A{ks zF-|_5e-3z2nc7c9^{yN1mG(0_Tclf)H4vjqw9J}qIy7*x7#M5bkjVJMpCK!{u_wp; z5SZr!NOt=Df~=nz!l#EF0c%Xbv9$ztoYH*rJx-M-bHEA6QOHn$N;r249w`#7nu9^$8SE0T6450cI`&3$cIC|_BgM9bJCTJSX~Xft$~L!y!>UonFws=fr3{j}3@tQ{F+2Yy=W8P*sxuaFiWo%P zwqrSTYyLL%cd}@58vYVRawkl_M;DKGxPmhIac*b&D?MN@;=7r4ZX7EBL4gV{R+g=a z2au5FcpH@aiF8jCB>Jcbs?S>A-MtIMjPZ&mUzfD13`f$^3cAAehAnE+YhJ0@d(Q6L zzAiiX&^)+}9Pb02o|tdJ7FQhz2ZyP0adhi`?<Ji`BRC&KC(4F?#T zG&cyEpGFa?7iS!iNqyA#1*ngnE7bFqch(zqd12qR<-xXhL>X`}UGJ*fo-SzoRnAF& z*=1l`f3;F~*jy${=b7Q z5jv~vX)6O%GoxxsShPEeW!UVvvjDXo%P)uPsRUJsi3uwg7$S0M73N(tf~hFD1!G1O zv_2jHrYNnloimtui;N{gFng`}7(GFMu~Xg**zC>#(Xao$`;wmN`>VC#FY~P*kR*Ra z@2N}h8_6;&+z2#L&LkVue;ju7r}<`T*?ed@KzsU;1N%Zyv=ce?Wtpb}=7k-*MoRRb z?o5?0QS%m)^bxo?+ylcq`=U!$0Bn_lr%=e9WA9-;mj zK~A4nk5*h0CV374-@i`Oy-z^!znk`D25cV2;Wz zkoxoY;JE~0NC0BP?X zkPsTPMa~_je14>E6LQ);fEug97Y%syHGyAmE1v#-wX>H`V1{S@UjDW3S16FDux4qFZ%Dq^;{liNGVD_@ zpBgK!5xaUrEK;*MQ>m+xDO!lit5Fv|>OoW{Xmt42788wV3{FYL`tR+MssaQbqS zIJNYfo_mXo6vu(*Z9$=uuWoz{e#lw0PH-G(Yt&lH49p^4w;yCt0v%|9WGqS#gzRSr zdx#gecRzM`u`{7>KK9#ff~SJQJ*e&ev25e*?T{*ENd0m!)p45Ga63sEA+wOHKQfEQ z8$6dn?}>Q*;KG`unx-UL1Q!LP(gZgJyRyMeCtVmbtifc|@I1&Ufb6zSMF^Rc65iqz z{xzTVP^Xa2dr8160OaIx-u;Z>IX2Crk$+O)P(_lO_S;7|)~ONwgyhr;59wB-qRk{mFFIyZP9+c$BN z+{EAg>o5`OEG0g7#7a_i8JWgwa~{&&R(zh|GCdh-b&yq2J|V?r%4^ z0cXMBc4Hn zn>uRkO^j=P3&yCM_g_m)(_0VaspI?tl8V_{d{_Kz_$@2~9Ng@IA2I<;`1p7c!%-VT z{2%U}Pfwf3nYmnrw}keA^MoHu2mtdI`yQ;@+vSlHQ}izVXu+)}XfmerHJJ9_w8~9; zc8xpCfCO`Pmm;_yNH=CjMZa19g3aRru>W2t5)Fm&N(w*2NF|evIn#v;ktL1SG9Km& zU%c@XZfJ~^T^Osidt%jn|MR!pl;Qy{DSpvSc(%shpb}xR-^O>iK~lf;Jz6nODUHE6 zTc$qh#6-Cjf5Jbl-mvCX8o@~VfxzuD8|fU$_n*YF?Pyc^EPj|xKBq|I@qK4ERijM3 zjDDUh+?|#6XKKgV;RT#vr{BA_{!}oD? z%;0g@eUqy_Y%v-7>nU9PEX=C+QZOX0{{G3Xk<1FgA+(li9+aRt_?CXv1V%Svc{x7z zw^(-H6EeC_rSVyGpSjwO?%(B6lX;O>cu+6b@#R(CuaHjgZ}4Y0 zUN6z!NW|+s4VGWpH}7KzDZ~>kC^Nc3As#(kA0Oul!Iz#*GV**Id*ROg(S)}hQ<`w+ zq&*mS;Yi#lyGxOO%KdKv5y9!f2b^qij$b%zjA)WeOv)G7Ec>?-Nzqsqg>deA%m^z& zV|*KZjI=kdBWzS>p5mLj=0w@PddW-e_lSgph8um9D1VKAnO>;x-Xx_fiu$OpuY5mT z$M%c*my%>=!iOMF#17oQRm63-^WFR!^GoVr0=?p7^kw}(TkJ8e_li!$J|FJTRutu{ zE_@EMeb-1{Wmx4|HwZGc3nYF(CZX+Y+x}+6yvh~7{--1?8q54G27?FR%9EX$P?37A^Ot4`tM}28#Ky6CYcc&cF7RSmG2CX zTi#6Lt1#;^L4xY)zCKBTVC|Yjw}}7jy{~?k^)eBw4agl3&YORqKl0p1wjc&bik~J^ zFg~FkT0?95R+hN04O8;7#mx(g*OS1|SoygnqE=4GM8P~Y)|$rc_r4S6xNk`~ET*Kx zmnOVd-Xv1F81{7LT8uW{q5-BjR zkvrX=QwRpLv(pr=m8=M?99vM3j`2$c8t?&NR3w03ny91l~S;bXw>n!2_YU zH;_IED4&vJn5eerTDX?JM-jo!u&HF#4v?+P!AWP4?K9K6*DR^mpDM0A^Mv8V>GlFc z%SsGWoSxy=r4NNR=FtpqvO_Bno+9HV265qWbm>QrH0oW~7;s402akffq(CdUD5@u* ze=@QKj3|MKcztIGy+3kVtlMtzzs{`d3a1rvn8n}8R|TOyICj1(H=^z6GQkBldQ}_w z9_yon%d5n!H}$#Z9}?9p(Ks+^^h|rYto-VDY7^Mb{9^To^Y-*3?FNgel1(0LsUl-% zXBU@*GUJY3Fz^2`yZglCTOqDpafVUuWJBD9>SNK06#PkC`%l4fl7GZLNKWSSu*r%4Z~BHY@-yD9dgi``7*#qfV8T^ZE!2xrkfj zw{PIzzR%HGwb24sYL329-oP>0sPKa~=SWx!&v-^dB!W;E1C;pWO&2 z(1dZo2pMIJ3)MRecXxMXRBZ9-_K?`VD%#*HKQ;>~;MQQ% zXW}Vj)F0+bwn+x8ed%coQWRXLhy+bTug+0QEmwi@{CF#Y-+HJQ zdYI+yCT}DWQa+BCaS4{yF{EN^;EV;LVlv1tGO)_2rN1$oI@KA-wv!b z&yCA%RupD1%XH?-UBa@?Z~MD%O%{%^dd~~8m@#qI{J%$hOlZw;-Qd7?rVFsHTeXb&G~DMzUR>x%mb-B`fBfB&&ve& z5G-$U{qvRlV;BY?Ichp z2yiu(u3rm}!(L+5Sp8P}H&QXm#ad)PUH5T3NVni+;Sf@+E7Wg@P7{3*5hjm{X4M{y zJ*t)r6m|OM?2SE!6L})~szfC!gGHHJEK$y~1S!Xx&pq%_RdK}qkCdk9&;*JSw#!Y@ z1&=xhntWFF&5^k%KTIn=q~D$2dN|EcTz2!(Ip@6}Vb8tbfWAOWZa8ky(z$cB~}1Shu!d zihPk0C#dsHLU%>3qS<*(@w&o~IKGrj)L+%EeHJVljlnuiyLT66o4n1!v>yaJV$=RY zY{lVA%k2`dqu^v)q^I$lq^X~Q(*~*4Iq%Nj^i}WprcCL|7$cAN#o7A;(<42pzCXi? zV5E1ZM0=MVU-i#mk*z{D{EvT@5)cTgnt&fJ7A8cC0(df zTyN+@_mf30r{IVhU&uhT+6!qFXI1~qPOB^d+bIbf(IQ%w2*CQaN)6EsYXB-megMo$CS4E*S0s&-gF3%l3~$>J-D@rEvls9*oF9A z-?dYHhlE8f2Okd)FRBm){}ujg+Q-2Ml{QV-8#4yU_`%hSfOll-j~Q`&6O(jROTZNQ zMW-9(tpeeNq-MzN(*=F(!?$5P^9D8SH8-Y=Mm4Yx_kN6X{By(?bNBnxmZA}*!yVb3z4%a8WFRhIv zo3;@gL7F87O-!JyzZ_>pR$$_WK`YAJSnEyK^MM4<$uBe(Zpa6k;{-hbB*!I)9Jp! zt_L|Wf^Ix^Babk3$TEze2cK{9EpAO7+Om?xk%UX2HSA2)YA!jj?_t=I&MroY(!}8B zfw6C>YJmzl0X!95Xn6wREac+TpsxRZv@h^KQc3&wkNTgbtF(a~WdD;3TK|_9g?r5*Eqz7*S4!3J zB-|E@c`Df*a|RY!dc%@dzRRu6O*-V#OMk6n_*Ja_dsZv*=#e6r;Tg@kW9x69!?BCJ zxW_L6XgP?0cjLGVOjyylpyjxDs^aCJJ1GYZy^;!-`71ZpswaYqP| z=J;SdhxZ*PCnsbb1WVvl8N6NzVH5BM=cs12VR2i+I3~KT;d?x=Efv1*&&h!-3$hBw z{?MzH>97C(@*uCS6eG$v4zrCcnVFeTRl>+Dbh_DBwL)7Qwncw;0xa2>IyKQky`@uG7J*|$}L~M$Owxrsz9nMIwFT7rYDY``9FsN6I!3u#gGy!a&kl5 zmoin;XaZQW3cnd)*NnP`2E|XZQ4Dqyjx|kEub1YY=xIy7_hDVSKXfR5{Fb0Y8MbIJ z8@Gp6BlhrmchdTEgEzpt{TPa+FD-2mf4G)I9)u`;3Z6oGd9^L{*+f8cnD6qHyeCq*d@#!;C*$1~PsG zW;S}79~Gq`cdUMOx~zXoF^%~ivO*XKJJ3+Xq%^qOpJO*c6tAzK6dU-~XsS zG*Z%hdtcW)Q}5L}%yELhD_%hMq%->dQ{-$7c`idy^X`=)ueH)=^D^K|BZc$+Eef#Q#&UQyj{hjx@pi^x0dJ zx?@GZ8J_-p50i1>GztF_2L3JV?N+m%gpDH@YlMdt4r3luTTv?8Ovc!fY0BGOZU3(9 zvr}ZTRBnibBJCSuLHODsf)EbQ>60Q3EypFK4=gLTeZ2{8C+C0PZd*^4WTg4T1MKz1 zOBpTL0Q^LQJWlPanmNmhnj!+pCUrYB4758k8Zgt&aZMj{-ZNLqF)tdXmK&UUK_C=fqDkf}V-u_^_|EvRmYhz$v;wzAkN_Az<=g~V(|1H0XwIIYO)IP84p9N*}@1rx!WcpG} zyd3LF3)Z&^i4UyNp0W5&_M*(u@()>de>hKIRJ8B>Wj!@}gUl&jMAaVBF|p!pqh-eQ zO_(U5w0bt9C7+Vfk5hRVy`$eRE;wm~kcN}d1|i4j!_Q0f9uafm%izmy2oUorNxtslgsb4Hh#JcytQxs7 zj48u9$Lg1f+UHj+$`S!9xFp5U!6?FR?vX`wlXtH)!HmxlC}1=4vTvf}Y0N9?)17NGK zv2fKFQ2`u$to@W#EsS~)ZFh-^=$!yyo9hkm5Z_xQ>{hU;xNet_Nr_>hz3G;RJ70FY zfsxcpnYZ_}TTJ7n;OS;pB>Ro(NhslmGDnS3H?Ye|$Hmtp^#HmYG%7bc1XkD-+T_$@8Yh1;tapv9hny>9nYeW zQB3#T&3xZzh86n=(gCebd#WD_dT9ihj+2mfM|JV}-h^pVdn_UDro7zpw;2mg;O_ z79MrrsWqsG5x+?8mKFJ|RalWV7^+(*+phyteG0WYx##{7caYYg4$>vXfDOCrD^%yM zqLZ64eV>!qBqmr<+mMEm7Ur6xow?FQPK}}o=fhs&>S%4L1&<200(X_)s2e)K0X7?$ z6+5FmmSi6pwQaV>z_OA6ZvA@+cNIgDH7d5`dg?tHEqE~Po;J}v*}se2!QOIgMN5KM zc}q<38l9%qXr^phX?YmGx1fld7WH~QYJ2Cb`8k%cmJXyH4kv9%XljbLZlb$L60CS{ zZhR+@#=@p*CJRi0;Tq6;62Ts-EqfuLmo@)dvRvbECn_y`d!{8{mEmY@SQnXafz{?C z`Ss3!dgx)%LjtH7Fynl^l6K73l8-Zo)~N!yBD3{GmLb^OL@sO=4kxSn;-rbq4U`!N z%C@`ovP!PhbbhQs1ac{yhRF|}8@OM#3E$MTX{bT)b6{z>$E=jBVWvLgGyh4~m%@?o zpOqga`omkuA{bjdXe+DttM_rq)on7DSAUKWPCQ?nw9JhJ>Or}LJ4{z|({YU!>wdY) z$?+uY8vnFiom{L__yorx;QI>?{QKP`(IGcF=y#40bhr2Q z!CU}IZk5Rz+fofCq{JON5W*#E)OOnq3oJ zy;GCS|NTR?5C5&#{~tLDe_*y)-F47_%{2ShH?NF6FX;D!W8IftqmMyLjhKTM<+CMe zwD1_qQ|Lr>1^Jx>KO~#<{*RaO9`66SP3Ql`EBIeO$we&|wx{Z#shhqRyAYLlEn-hq z&XT!@Kq6Ac&9xliDJ1GJ3-VT$94ytd)AiZg-;eK0;r!3l2DyCatx5HNUzvDd;I;YC z>3|F=i0Z=4(Akr=0Y7DI`{shU6UhDl2MNF>9fZvsS4>LPQ%l69@D-cX;QXR_vtHEq z%5Nk2&p;MfY!hI-El|VJ{Gq>8zfy-ug$x{fqH$pL>I3}@uHJCu9!z5OhZa$fRs+XT z69f|;B99D}GAwqoeh9tOGOK1*!HZ7j)TiqR!yCsAiJeCw%#(f>9?$OeVD7ft!}JVg z=O;;I3(^xcjg){iBr3%;fDr23y6g3o*jFGM1Y@mvH-Y3M7kWU>=(NZXFYb%+)%mnS zkN2Ef%!>hl;k;*Wk>e6^%phf>t%+uRIIpdz_U-SoY3Nb#ThaV{6&Py--oscmHkajb zTv_d<(74ZQ^i3(W*qp6kg^?>9${j_w`j}ie`h~%E%x-a=LblfU8mi7JJTdRp;^W`d z-ua-IJ=4>h9bl9P>3eDK2}=^vAXw+PVAleVv0h|ZVU|DzLk!7eO;^7TBtsxIX&12Z#~NZ~@jkv<00Gl^RNjtwQI=>$Hegs99SAJRn6u z#ALyDBnTclpzOIeP$+Wsr)u^O)?R#d-^r}9`K{)*JxvSK?*tyxZ`~1p21eso-CLwk zFSnm|r-u`W2lMyeSC?+(vI>}B%@S_+)-JtsZ=#f>2xP^=jbH7_{$wqzPtvdcgx-q(zCLsF9{g@mSbh-ANFvaW*7eT z(xf@lWH)3&P9Q%%#^?dAuGzr$46noXy)+Tan%{oXvR8*G7kplcI(ba#Zl?!5M6N`O zP{A_wq_M>Sf&XzlgEAc~MTrlOqwl%I#Itip-u8Mv8c40~_fT#9OjSd z8EBm7LlQ$DWy>W`l??(&}fWsVR00%KhTzvfZSg9-^hJeo)RDi;*LVH6?2Y#c8FV1+Rh}oA2rmSOyyAz&l0po z??7S!Nt{@qds59czt)D(t&wYKZep}ewj<=Qc_|i+)I0aIVSgG4vd4mTQhl(kh;7dI zIKvODKJ>=zC*n`c1C5Slqx_Nq0r#JtaygvfESjB^)Y5Z(fbnm!s-Ct{c132*ev_dG ztmf*{-FYhaOy>3y-CRy|fyqWotf;vH@$pR%_up384{NlC;gz=N>+9#*RImHt`2-93 z<}D0FK_XQpp7sS(vsEG-9;iXC46?Yl^qj^pmwzVdg8Pb7XivkoQmw`7aNTyNFUY8V zWsL;}aDzShl7T3Thl7gxk+AhC<-Ukpc*^fETYE@??huiMoA!j9bLcWkAk9OMdH%O6Y6V_9@E~c^=DJ&y^HcA*N(ud(P()QE!?u7;G>Da8K}i zbprTsYzBp=y-xT4q+lNJD8h^_eMZGW{B z`_Hyh4N)AAEx*VXr1sVAA8e>UBhn?=l>r2g2gTpC*s9g6B8Vl!|nwkVS>bOq#k>glB z>}UQ34ywcU|DDNReQ3g^cqj>buS}+p?+ryJE!Ya212))RK%^ja#W|65AlOaP0}_&* zuEEW=;aXJ(m|N#uW%60p*iBZ+w_u_(jU%;ZaLXgV`gzoSk+IFW;udh~vx7@{bO+x8 zuG)V@ua^53VX48ax6J}XgoAggh`U>C(7FCD&$!3YX4;nKyyQu#RJdmi z%m0`r(8h8jNLTiA6#=P(2hrYmuwPI3`I6B-4ow73q8#vV5V{5gVDn!4U73Pp@%Rs< zi#!DjY~ftbpO}QogdDjv1riP|8a$Npa6hHSEb*j&e+K##hy9V|)T~c3r!*FKo$fC7 zUxms!OW*H?IQJY{u6?mRR9er`JFonX8rQ&I|K59bQ`>X5RdL|^PU}9UBPF&0^q3Ej zQ6_laCTdRpz)yhJYh-SySkZEAt~6%4!F#;syF{7X;m)|G*Q*UySi8up>oe8$n2U>? z*XqOEseAuvnNKu1pAI;gXqvn)3#B*ee~;z6bGhg-r}26YQBK{1lTtN8krbByF{2W- z0rRQr_it^8DL726;{<<$il-kzbintAy;jM zb#ayCG1#){kra@=ysiupceC~rf7nwfkOTB{7+4bQ0eu6yq&^_uFuJU=t7X4rapKv! zVc)}^=L_PQf_?fwh~?8h|0FArz3~~mhc9mtbDB&J7`VEBhuy$#nDAh<^;im-(wAWG zJxz zw9t<3JbCZ>qbSTA|3kr-*0G;$q!WYz`wLc^3Z`5g6~F zFinA`Rhar243n?6#+04^{492Qn7nZ}IaXcvf|x@?32Y;;C{IPhjnMqt+C$6>3A9zS z#H$g+kc}AZlH6ZrIdDfRObUrs$WHhYvEXzRY1X^Uw*I^p^if`a-v(2VI1Y>>GX33B zy7F!tw)k;8+jv=|Rc`+M2r=}<67P}E-`HE6I_1b`aUQPhGJ|5BuWHC}uE|O%xYzRf z(_ihkCU{T^*~i9PR8xbM#L3lFo$bZ@hou^uU``vJ$b$&94L5h@30zm!Q|DJQZz$AZ zv1C33V&ea|+O9jC%D?|3B9+;pW$!%-4G~4g$;=)pD`X}5hHQ~!mK`c5lyQt?AFB>o zWu5H3XR;kU@4N5s_xi= zCQx}fnlyyw^4Z%3@f;n=FDmMEa54{-^!l;jRk?f-JCb_gv7*o3`XjraSp`9oi$d)8 z`YrL{(u-Vg9}?dcy%g3n_BPisrB`g6uCwLCB6?7MtQ4-VP#8RcB9%2Ph;2p0h41=q0gxl&JX-@ zb~3}rP;~hBqBNEIpyQcwxwI67ASDNohR&tRVtsKibQpZ$-X>msf)X%B!&@?{JF!y=KYk)8Kj!jO;KN$6-c;*Mt2iO>dgu7hJckOF9L)-m& zkA`$Ziw6PL%{$eAm?Bdzz%4*B=l-?t5#*;avCBse=I_MgJu}-<-rW}#1%3N?~;x|QsmJ&5HN~~Y# z^uXPQ?MbSTPXhglPpVbq<(X?tTBf?!TUC;U7@= zuvh1z_ZBuR6L9!%)lYW0i$8u0<2B4iU_1XA;FEgza!7djDj{@H97}S4pj0)lH;0;y zntV9;IrI6glVh#>RR+*b7zHQdy~>jtT!t*Jcj*F`4~^XuP4Z%&I=p=&-8&-X;(C>l z#uN@h&w3-c(+*+t;)D)f$TwT(4U}P=5B%rK4}q8cHjMcm+hnpc&TCN)*=<5Vy@4HQImh|-PJP;1XQMX+Qeph(hYhyP;V>6E z4#AvEV#eGOj!V$Rsip?0L74Sroa$#MGk3*$uHPh#y6bE{-}y>?4i;rz1p7-h_DYXh z1W?hclcekp}jzMUn1ir7*=&0P9X#v-KzDfk`Z?0 z)-VW3&-XO#_MUTnzQpT3*VAnv;C-Au75c=ucp$0I4kZ3^7=#m!5{nd5vlwlWx$xNhG%1`9J>kntq{2__@ArSxv= z5hpvh4)2c+-$p9%jPpn?$UlubmV z0*kUK$~a=IFfqZlC1KRLj*pEtvdGqYEemHo9l_$mlnHHT-=40|PXI-|vuo)J127~4 z#K_9*Az#MyO#p$=Xu30+hjMxf_JI5w+l%I@WGmtl=ZD~~d_sY9( zw%c?AfGC^efkdv{3!Cs%OnOgAyQB^r?fMYOu9hg)l*8G4svPW3;M57*V!0;AYLI8z zgKLV-jDku_b);fxv%1O)0Hue09$GSt_{dl(XkUGQ^9;8Wl!d}TfRm>9PT7`vQN(f| zm=$TKu1i&*kep~qZ0_1VglJeGPVNPqNE(o$$QgOFKS}&f3QSaLG>JPAY3y$Xq#bQq zX0!`^_Kb@b{W8?!+w#qTc06J(XX1~7uMVi(k{q+59<(D)d>;={ zZm5G3>(&U8MR-HG7*R(Jy0}fXXdkU7K6d-kM2tuH6G-s8e?In9P|~KZGa~2HP^k|& z9=o@@(Ijy0v50YLBRWX{W+;Ap>-ql7NJR0Tcc!4kvs*9`!XAc(5n)#U&gQZh1mcO; z&6l^NNSHYdRB`~cq{VUGWrPG}b>)Dl+m6)7LY;6&=$p4weVeTfr5dubvJ;RKw;Gwq zAI+L^kkzz|eRJ*BO76MIpkXkO>fM3z01cQ5BQ+W!0qIqh&0XKAJv1~%D*LY=@vB*t zB;&tbO%x1=`U>m54;5)O0i|i6$%pw(Rqd4kmw+xNE*Q$W1v_onu_E6^0YMO4pOc9S z2&Q&0spI6d%`+AJ2I!I~_>F!9*Sxt#34*;G!8xZyPv?Q+#Op6k>+NdqlTl#&woN6c zhh%2M*yQ~eX^^LKY`a_|OKrWBeb3AHHad2M>Z<#Lg?b`N2~o-sX9bS?5Vd`r2bIC} z%K>kxGx`b+wAtQ|@kFAV<#w4Xqfzl+(P1Bm6x1_<@?IMYo~))G&zVIeV|Bc%Hk@&L zqJRg(4Qcb?rwPPa8nb$CEMN%v(9>wlOtR4~iLV_b^xo@&kmGND{(&G6wR|wP<$C4t zFLP-7iv=)KB_x8yJ(;4xy2^7MqY%i}+K`Cu$ZSua4ODU(%XroSnelc#Ib~}zzcOXL z*R+~R1DrvJnv}1f>k|!trJCS5e=d=U&auy>C)v^9i<%YxaZ>0-x-Aw0?L1pM|!QVIt0ePOPNPEzfl_BfGbM-%V)F5>Ve z{>;i1Q5U9U3I(9PUt~E8NI8Hhy{@}t8nxL%2Jyj7HWJZB#`~)uq4Bk`Bm{X5Uxnu| zRp3d9fr(zXgW3g`$Feg0ia);?274TL+?~2CFnUsmMnG+XKfmnD(r^VIY;-ZfN2i`w z&|9Gd^}8%x%&)TdjC8<-WI5ZHTj8^_wkR|Ragpa0t(3w~{O~AV-pk!Jn!Vcc>Pqy@ zB#SaKI<%9M0%h^FjGM`ql&U{!X~Xc7)6dSTi%}EseK@xe|DK-fAP#gZSr~4`Evo(1 zvk5L-X@`qLDz{ggYY**qS5d-BA_OHKodi)5@6Ai;Aq#L zI(WK)=DQE4a(D(|xXdj?w$P|iYk7w4!V<>L>jKSNR!5ryx!c;B$STGDlUyI@kcpMi z`u!o6Aiw1^GR|s1i#eJE@PfE?F5<}6x4>p7j|TxxInlx_jPY^=E;CPD)yVt=6?^Fe zy84&=+MF+Z>u#fCz>^mZdHYGvR>PKS4^xRYc#)dodwZ2YIWayRS9|@45M$miX_o~! ze_FX`MId3m*b&vb3-~@yQkhIgATq0W=^ar&DQupgB?5?S7H72gX~p1U82<$(q;vei zWVNHaWk1l}gS-Yhsgf>aXZzr-13kr=*78Q0yw9=!F%@7QBHkNqcR9W#i`v^uZ z$tQDGv%{Yw8zk_Mwtur7DPxDeZas)aa}4S=dog(iP!QtfDK?0-O~gG!Xj1b4o<Y2zgu^!9jaTL3)i+cIA67PGCcvnaE&k#z?!X^{rBTnQOSzE4p6}y~s*H5?LkT+oMGs-h9b2ov-K`)1re0toN$|?jU ze5dX@Txm49*Ge0HPl~ZWUY*kAhy&%$71lK1lO41!_c;Qo_DRI1Jz6)-2Aw4QKmSp= z03{339HLut({w2PF_3yNfCWD~2BWrp1oj)qb+!I-R>2Qs9vx`@iw_yoIFDIMh)Jqn6rDj+nf3zoFxgmXj zfc?lAUWU=c{F92sgXf?!DeJj)(QP9f?4-t)6?EK@nN;+VufW}5RDACZ1RN_4!2Ofv zLsaEFT}yc!w8G83k5tH&;ZAlJwQsh5E+sFALZ>AQW^iRCm8Sef1 z_XVNgR_?H?-Y<`mZE+L=`jfvYpr2D(uI`o~S>XGG0vWyoXkm50DGgDlcG&-TTedbg zc!Po#c|pZOTyf_(JMRLF|8qV;!H!>BPQ`FoD!XgKSOJhCH1zvDmpzXHvFKKS2 Date: Tue, 14 Jan 2020 12:53:30 -0800 Subject: [PATCH 047/157] updating text --- .../microsoft-defender-atp/web-content-filtering.md | 2 +- .../microsoft-defender-atp/web-protection-monitoring.md | 7 ++++--- .../microsoft-defender-atp/web-protection-overview.md | 8 +++----- .../microsoft-defender-atp/web-protection-response.md | 9 +++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index c9ff0f3add..5a60f9e9ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -39,7 +39,7 @@ To summarize the benefits: ## User experience The standard blocking experience is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. -For a more user-friendly experience, consider user SmartScreen on Edge +For a more user-friendly experience, consider using SmartScreen on Edge. ## Prerequisites diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md index da6e550794..36d58deb28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md @@ -8,14 +8,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: lomayor -author: lomayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/30/2019 --- # Monitor web browsing security @@ -54,4 +53,6 @@ Select a domain to view the list of machines that have attempted to access URLs ## Related topics - [Web protection overview](web-protection-overview.md) +- [Web content filtering](web-content-filtering.md) +- [Web threat protection](web-threat-protection.md) - [Respond to web threats](web-protection-response.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index dd52925080..d3dd75a836 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -21,15 +21,13 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web protection in Microsoft Defender ATP lets you secure your machines against web threats and help you regulate unwanted content. You can find it in the Microsoft Defender Security Center by going to **Reports > Web protection**. +Web protection in Microsoft Defender ATP is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your machines against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft Defender Security Center by going to **Reports > Web protection**. ![Image of all web protection cards](images/web-protection.png) -The cards are generally split into two categories: [web threat protection](web-threat-protection.md) and [web content filtering](web-content-filtering.md). - ## Web threat protection -The cards that make up web threat protection are "Web threat detections over time" and "Web threat summary." +The cards that make up web threat protection are **Web threat detections over time** and **Web threat summary**. Web threat protection includes: - Comprehensive visibility into web threats affecting your organization @@ -38,7 +36,7 @@ Web threat protection includes: ## Web content filtering -The cards that make up web content filtering are "Web activity by category," "Web content filtering summary," and "Web activity summary." +The cards that make up web content filtering are **Web activity by category**, **Web content filtering summary**, and **Web activity summary**. Web content filtering includes: - Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md index e963f8f504..e9e6949f27 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md @@ -8,14 +8,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: lomayor -author: lomayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/30/2019 --- # Respond to web threats @@ -67,4 +66,6 @@ With web protection in Microsoft Defender ATP, your end users will be prevented ## Related topics - [Web protection overview](web-protection-overview.md) -- [Monitor web security](web-protection-monitoring.md) +- [Web content filtering](web-content-filtering.md) +- [Web threat protection](web-threat-protection.md) +- [Monitor web security](web-protection-monitoring.md) \ No newline at end of file From a702eca096f7bf5e027ccf369bf6281be55199a0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:50:44 -0800 Subject: [PATCH 048/157] Added property descriptions --- .../microsoft-defender-atp/software.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 48647a6c93..31c8ef62c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -37,11 +37,11 @@ Method |Return Type |Description Property | Type | Description :---|:---|:--- id | String | Software ID -Name | String | -Vendor | String | -Weaknesses | Long | -publicExploit | Boolean | -activeAlert | Boolean | -exposedMachines | Long | -impactScore | Double | +Name | String | Software name +Vendor | String | Software vendor name +Weaknesses | Long | Number of discovered vulnerabilities +publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +activeAlert | Boolean | Active alert is associated with this software +exposedMachines | Long | Number of exposed machines +impactScore | Double | Exposure score impact of this software From b9e4a040a95cf2e980cac30c67ee612925552bb7 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:53:45 -0800 Subject: [PATCH 049/157] Added property descriptions --- .../microsoft-defender-atp/vulnerability.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 1ab9f93f8a..7d023c0efc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -35,16 +35,16 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -Name | String | -Description | String | -Severity | String | -cvssV3 | Double | -exposedMachines | Long | -publishedOn | DateTime | -updatedOn | DateTime | -publicExploit | Boolean | -exploitVerified | Boolean | -exploitInKit | Boolean | -exploitTypes | String collection | -exploitUris | String collection | +id | String | Vulnerability ID +Name | String | Vulnerability title +Description | String | Vulnerability description +Severity | String | Vulnerability Severity. Possible values are: “Low”, “Medium”, “High”, “Critical” +cvssV3 | Double | CVSS v3 score +exposedMachines | Long | Number of exposed machines +publishedOn | DateTime | Date when vulnerability was published +updatedOn | DateTime | Date when vulnerability was updated +publicExploit | Boolean | Public exploit is available +exploitVerified | Boolean | Exploit is verified to work +exploitInKit | Boolean | Exploit is part of an exploit kit +exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitUris | String collection | Exploit source URLs From 7b30a81026b1a9daf1526c6096534868d6eab9d1 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 14:00:07 -0800 Subject: [PATCH 050/157] Update recommendation.md --- .../microsoft-defender-atp/recommendation.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index b5169fbe69..a2ad1dbf57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -37,23 +37,23 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -productName | String | -recommendationName | String | -Weaknesses | Long | -Vendor | String | -recommendedVersion | String | -recommendationCategory | String | -subCategory | String | -severityScore | Double | -publicExploit | Boolean | -activeAlert | Boolean | -associatedThreats | String collection | -remediationType | String | +id | String | Recommendation ID +productName | String | Related software name +recommendationName | String | Recommendation name +Weaknesses | Long | Number of discovered vulnerabilities +Vendor | String | Related vendor name +recommendedVersion | String | Recommended version +recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack +subCategory | String | Recommendation sub-category +severityScore | Double | Number of secure score points given +publicExploit | Boolean | Public exploit is available +activeAlert | Boolean | Active alert is associated with this recommendation +associatedThreats | String collection | Threat analytics report is associated with this recommendation +remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | -exposureImpacte | Double| -totalMachineCount | Long | +configScoreImpact | Double | Secure score impact +exposureImpacte | Double | Exposure score impact +totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | nonProductivityImpactedAssets | Long | relatedComponent | String | From 4f2f7963259174c15cf1ba2b8c1aa91d2af4927e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 17:35:32 -0800 Subject: [PATCH 051/157] Added property description --- .../microsoft-defender-atp/recommendation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index a2ad1dbf57..7117f61a03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -54,6 +54,6 @@ Status | Enum | Recommendation exception status. Possible values are: “Active configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines -exposedMachinesCount | Long | -nonProductivityImpactedAssets | Long | -relatedComponent | String | +exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities +nonProductivityImpactedAssets | Long | Number of machines which are not affected +relatedComponent | String | Related software component From 3a2901f1491df2936bb4bd8e4e6b1d3eb53014f4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:57:38 -0800 Subject: [PATCH 052/157] Update get-installed-software.md --- .../microsoft-defender-atp/get-installed-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 171a32a275..1b2a634eff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` **Response** @@ -82,4 +82,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From 13b94a5695695a5cf6dcab4b86337d03126446f9 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:58:48 -0800 Subject: [PATCH 053/157] Update get-discovered-vulnerabilities.md --- .../microsoft-defender-atp/get-discovered-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index bc067f116f..e20da5c5b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` **Response** @@ -86,4 +86,4 @@ Here is an example of the response. "exploitUris": [] } } -``` \ No newline at end of file +``` From bfb085cc3d7f9c5eb156f255f7053f9b5e79ee14 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:10:36 -0800 Subject: [PATCH 054/157] Update TOC.md --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 2af50f3e0e..addc5617ed 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -479,7 +479,6 @@ #### [Common Vulnerabilities and Exposures (CVE) to KB map]() ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) - #### [Pull detections to your SIEM tools]() ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md) ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) From 19108ca43ae510996853081740b2e61b90d1301a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:17:01 -0800 Subject: [PATCH 055/157] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 31c8ef62c0..49e8e4c12d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -40,7 +40,7 @@ id | String | Software ID Name | String | Software name Vendor | String | Software vendor name Weaknesses | Long | Number of discovered vulnerabilities -publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +publicExploit | Boolean | Public exploit exists for some of the vulnerabilities activeAlert | Boolean | Active alert is associated with this software exposedMachines | Long | Number of exposed machines impactScore | Double | Exposure score impact of this software From 4af7d0783ee4549601c0bc86a12145e79dfadfc4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:18:15 -0800 Subject: [PATCH 056/157] Update vulnerability.md --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 7d023c0efc..0ede996269 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -43,8 +43,8 @@ cvssV3 | Double | CVSS v3 score exposedMachines | Long | Number of exposed machines publishedOn | DateTime | Date when vulnerability was published updatedOn | DateTime | Date when vulnerability was updated -publicExploit | Boolean | Public exploit is available +publicExploit | Boolean | Public exploit exists exploitVerified | Boolean | Exploit is verified to work exploitInKit | Boolean | Exploit is part of an exploit kit -exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitTypes | String collection | Exploit impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” exploitUris | String collection | Exploit source URLs From de04d48b36c73054b6d966c073637b0eae99f266 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:19:49 -0800 Subject: [PATCH 057/157] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 7117f61a03..d41c53fd57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Number of secure score points given publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact From b78ff5d8922d3ba84e5be78dac62c206ba0534ee Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 22 Jan 2020 13:27:01 -0800 Subject: [PATCH 058/157] Updated article --- devices/surface/images/fig1-downloads-msi.png | Bin 0 -> 51026 bytes ...age-surface-driver-and-firmware-updates.md | 147 ++++++++++++++---- 2 files changed, 116 insertions(+), 31 deletions(-) create mode 100644 devices/surface/images/fig1-downloads-msi.png diff --git a/devices/surface/images/fig1-downloads-msi.png b/devices/surface/images/fig1-downloads-msi.png new file mode 100644 index 0000000000000000000000000000000000000000..4d8b1410ff4d83ed26dfc281972e309ccb721a72 GIT binary patch literal 51026 zcmb??WmJ@H+qJ-eL&*$C=M1GVw1jjFB`6{S0|L^hG)PGf3@}JHNQ!_c;ZV|@l8Q)6 zBhn=e@?AXdbH8`3@5i^+x7Pe3<~*-6_OXw>_Z4>ko+>#B1Id*uSIE`XkPoh0A;4U@ zf)@%V0)FySIlcbM6}BttNQH-_l0+Hy zWJcq`Q-!7I1ihXlY(;j0SVBTiBjc%T=laFqp=b1=P`_ZCbZ5%Uu}^;A-qfK%<8tO{ z`bX!!Tb9MZKTSE3=|yQuVFyo!`c4!iE4%^q{P9MUS|^j{h#ol-Q*xe z#h5@!OwH>L-&FqjTZxDO&}$a(KY!ev2jT#`KJ6+T|HnXZHiZHkc@XmNAD5eW#H~gX zJI_9Xu>pVks6kfg|NS6$e*5c3`$_BA*jO4`TAPlS)a5jMhNz8+%IKN{N=#S8 zJ@J?S7+v0pczwEI(!^_t`Vr0)oyeox^X%JuE9G#SO5-~B@ir$}cx{I4_6!j1F4@LQX1sH47dzu5r%CMRcz@0O6z7Z%T1yh)r{ z5IL*tlmSHK6$e=4&YjV)e>_ezF?@SKYHO@LjB4Y%$Bdgd;nzFF#Kbf-G(QknAt9lW zQVUhv>H3=e^>LB5$^^DPK_259|J=V8?ttpGk>a$kYbda=K1 z1%*O4MU0TV4+~7iXMFZv+jd4Vr`_az4Kmw4)#3cd!NJOh5cj2t53=~5IeVXOQ~_V& zvMHMrA$u@pq1WW+>;3DCY6jzq$BeJdp!8nEx8g^m#^t`J?rX#E;=lV}oR3sI{YsX| zt&jrKtX2ExdA&!5{?PP$LiXe*JEM>}#+7)VxFz(yQIlUo;!T~-FooZ&DKCEgG}AY7 z4ld`n=1_-NW8zAn|2S%BDx~R1k%8FLAr3~#=LM6jbSatMo3|Oo>{8q|r^bm}hu=BQ zG>(*6Y1FO0FBE?Gh`5!^Y)JW^7s|;T+?OiSW#YT9%Z}5WYYjGjjih82Gz};=tn9(z zM=^-@+(|+_)so)9NEKuvEgu-E)IDD@Pd0Wp2;t%Vzdaw`0Bil;fYin(?yQQ=NX9zF zu1H23DlSbYwB`GU@65k^`NH2!mef4y*!11F{K*%%_t9La{q}5&-W!!jGF`nuL8X-E zv46YC!2YC5;A_e3C)kgdb<~8$9f|8HvRZ}=VkKX3Yq8KiO&I?0SdNr}!XroMje4Nq zo80Fa|M~(pd|+#;_BX#zGT&@D4ph}x=!*8}x=Y4ztDE806Q_z^3SR+*6tjo5_y4tJ zOn3tRiQRd@Pf zipD35Xj`KdFtN+>JxHC@QhWZTSD;DyYb9{4ZV7+?JFWto#T|7yB3bh1R1q5n{1UZT z_(z*T77aBuoOS;zgF5$(B4ik4*FzX_t3_*m+CRZ-ww+S`3jCVRg9qt?i)ti+Jxp40 zY|<<*YW4s5fG&anhB8fgy|4Y}sxeUjzgc+w)?4}SsEcH~N+kgcbn1U4dH_7a7`gaV zOpvyf@3-ZFj5QzsL8-0!qQNsdS0eyL_#QV-O;kL!0N|x7r8lh39{8Js{n5vh-}E2b zd+q&@aVC7LGt}sNYB%2==KhH@naTahlaKnE)PDnS^er$`6`Q5fLKL%<-PUwNQhNG2 z*AlWi42zX`$VBBnFnF|D_+gkB4|I8LxxrapKT_jEdU0lLc0;-9Viuib!1<7Sx|(RB zoWyVZ%;URTvM+Ft^~x+i*?rgo&gn*3FMm0dT_ydYqTFOl!QbG8n-jf2i2=(L!6vI5 zJw`Y{uW5tR(awAQ;&mz(#Eh~&)eRTFPq{fU>+gqoKh)2I<{A#C(~NbG^lO-&9e2<^ z9{c&_jVp%DsPb8&41gjB6Sf~}$_>h-?5FF;CEeGb49Xm)i$3|xR#*6D_isx*iv>lg zLnt>B)Fm9Ut7+zUQKja}Hq=uUPviMexMu1Xy?j+_kXPeXGk$A|t(k5k2BB^tpt+q3 zw>uCPxwiBa0uy4_AAO}70u95vOTEcdY1xv0*0N@G1-7q&5FyXQ?;evt4O)*BpT-GW z^)OY!YQ8ICpZsX<_TH>f4cso!()hs-ltQKtI!mjpen%~vbz8EhzrJc|k?7Cq1Q$-g z{#dV=Q?R8W#QfXIdikK;`dF!6?ei5fXzxZKPAT--$a`Jhx|RGipbY$Kw>*Orw?>pp zCYGE5r(q+EI}_(I?bWqmphx)^xRVgWPo=~>`e-NA-p?K_ZO-@TW1myljQ>SL!|{)_ z17IE#6P331tHbY9wj=QgNveOw0QKyyh`^MVa}|e^nvqfZWqEvc>!~?8qnKvZdPg|z zmAFj_d&1|5JO3i~gIXTBy-ezqYeZIjh7|VUi`BYB9 zmA`&lF?l)mfw_6kWN4M&`HMH_R=r7;uS9JPQK*zj3%%Ehgi1!`hhvIh&%aN@`bmY>HcTPsVMs?s`zbMx*IPIt?OihYMn@r`H#9 zubufGwU@Wdv_1Aex00>{IER}*X|>%|qAT;YI}2TP-o1&uhab)ivgfv9nwEZ1etGbY z{mTQLJ;N%8jPu{8TbquYqKtv3!|!$1V!Utp>q}o$$L<~KV`*Yh*ew6to{%MA1@J4JnK$x@+*Z0KRXGZL+z9+qF!uuN=G3C!E4!g+T zrpO7&Plk{nwa$(fqB9_$o|r3kBV*NN(N+*v&20S-CL3Jg6w=!PX&gjcT)~%>Wirk4 zN2*P&I%}-va(|l5{^~ak5n*orqIhntk1CN2x7Rr1wJ~!!%Hc)chno&fZ?v!=1evzB zwgbL~AQM-fzKK_!+se?=XE#ur!s6Mo+(l_1A?ZY>jCcAIQ_A0q@ml%eSA>G76V(Od zPru%i>aQf21sI-d>rde9du*7;MKl*0*L_r0QJFY9-iw^&K%NyDR<4>^ZPPD}zSHU2 z(3q;UO)g}GQ=8DMub*?2-K6q836xb$fbsmK?O_qN?1shSsg|f#06d`P-mlNH7%Hmg zf%8T_I~^rI1)9!=HUyN<2vyEGC_v1k`&%;?xMy+V@K75}gIR{8TbaZ6+VO;&Iz}v5 zeB=PY2{N!bGd_2;AdTk-lbZ$$2J+WiGL*41ey9D!V(pHmtwTtE816>=GFq+h*J-vw z(6zdxaWJ8A1uvzj!$cBc%7r%DdK#9si5yjXh zgWoh>Q3MzHko^yhC-1%Qc}9719jCn>K;(bEDy>Q(dzAe}C98mHw7grs5x3x#>w89C z?iq+(%s__*%JmRwlaSK*IMnZSMo9mzRryOHWDAhb2f^a?5gGta^$A5zA0@4O2OT=;4?x z2$%yQfs%w&%bL}gl|`q3$l!RS)KCPJQ&zhPI1{yD!c<#tI47FhMJovj!f(dAb4_a= z5Ja#3oUHngw#}~Q%W&Hzmnv%b_Gg~ZL<(pxM;h^2EG5;`lPjbqK>4JoOIYB72xA#A zZ?%3&(ZE1<&%&va3NB8YE?n^`H3ZI5Qrd_V7O3>@Vpwt@2Yw28LN6uSNHA)xJQ%{n z;X?fnZHPcHA!rDw-Rp>s+zJpZFnAgL=AMuL=?mN;nb6*L8--MOrWT458i-2wQOq_~ zUK{-|V>bFgpvVKPOhfEr9*bTMTwVq0oNJCu1BPzFt9_y)P~Nn47p#>@4w8hwY&0*0 zS4u3TE{%~-aeazLvhIm1oVvlSAGCH!&#rSpCdrd4O&wop4+B}Ot|KN!vHOy(Q!-aZnlY2rfTQ% zR}y^i@2Y|Fb6RU+H^&v4VkUg zYz~>f0M-<=8cS*aIvVl=AsYi}0xKet-w_Iv;vw$fAP*XSygX#|RA{_VYLfI(jJGFT zbGQDaEVGuJF*g;uF;x0x&0&5j44sSQwj}0#b(MtE%f%sB5k!EdgELHHaOs+da*@4e zE;JS_f*=GJ{<@~q^)keb*enQQ=@ORG7MC!=7hh|p+m7G5nDyy4m1h>teb(e9VXzo8 zUxD(AKuDBkluq6K2iNc+;S7oxbuoL(-SBVRIDV`Yf&bCQOP=bp@|z7&-Vp>JD9I4X0b$J=-fB6}qnhvSetM~X((cW{ zWj=+JSn&^k=?u|tsJau_EVpQq%Gtw$DqfP2@x+fDq5~lwx4C8<8}>(_#w|{~?e-82 zR&x-{IroLomrhYAZxV%h8-}TnVMHCtsG#bj*e7^X?sUC8Lr|@uYPT6pa1RBvs&57! zxa1~evgPtWzoG|_>_epqFzEpeJmpB87fkG?B*A7^%9F=g`zec!3B?R8Lwh&j_vU{G zOR_!;sV!CIlfi3mxa_{D2&RHWsjAFD1cRhW^7x%>i`|TP=X-;4Qpswok*A#JV0OxQ z{~jck=pgh1J1OaU>|RMDufo7qs38c*brc+#m1_%D9tBftd6up#sj2OfW9g>2E zT}W%vi`lYn_*F$vY@j^MlUUEx$P&6({Td$ONd!><$=~tCU~S^*6}n|mZP0${E`;!X zfrBr`{^$Gr8c25Y^p5a1#ELZdkdo>cc!hJ#-ClcYp~!5>2^Pg3Zd2$W+sIR-2tMTS zE=DdKCawBQRL|iz4Sp6ChR;79@z8X9;dbk*YmaCk-Mw21NQk+WX0PEUA#BDg*_F8U zO@rHh!=KHmWyF7qwJ}$l=DY~i7Xgt#NH1MZM40~zD$^n}&D_%UQdaWUJ(>K!voa;x z6wz)3W{FARH@wGF5*A9ja+yX|5H6Y+0sh$$ji#g;M_&!E-GoqTgEIOgF%{b=VmE&NC zkZ9nxiGrG+)2_Gj*Y^VaiCAb+Bm#Ng1K~V;dtZp;ow0RIbha9}q~d`!A&f>eC(az& zPCowVfs865QF`GQBRXtI11pSV@cxZrLJPUw?e&dUCOla3;$4i*e2RFneyDV2cAIlZ z(9Kc^Bh!MIWg9q7o4b98PZ1kg$jjgJE}G2@)_j#^9z_}lnk%h0cpm-dnlZ_tHHj5p zwwbqDracKn1qjCpvx7fTXor}pGi!fI4)$!@ZEs{pXrSD2!ev_!+QEtkDn)QCZD63& z6kaRFf(Iun<~S|Q-miJcz}19>adn|@iqI%daX?#8zJ?V~ocs1$_OB(&O>us`gK~f@ zVR7JHu*EC$-Z6S63q0BqTgw`4&RSW8F<&5vZ{6cz|`kF?Xh7g;R zvPe&&iQRFnC&_w>KNsLHPj7BkRev-$%e{+Y)ZspY0R3CfaxBY@1I{5D5G)fjR2dXRBtx_2AmclT_6gNsvO#0-Z;R zmz$IIGXrGWa!1WHz8RC!yz9kLrC7qfeXS^^;O%rYRyRfxI!86PrB8a6>WzgTyd&f) zLK=}CHZLH3=@W`Lh)y~ z!b8FFB7^dLQuS!+E4`q2$%9(wTY+*zc*zn6@^dd!^vqo%zwtO-K<2N7Q+a2n1en7V z$l&eR#+0N=P&i(^PGEpj65IZ3elUcqY}&AugP}?v1H+H~bW2Y)(D}X=t9jNbv`N#X zlu{UG%}Q^xdmOa!^(7{?HnQ4#o&h__vC+IAjg8SvS_!DQ#%-e*Y1;B~=}j@^Ib};r zqwti~?Sm`fl$%jlsArzXEu?7%&J>n{y9LjLZdb&f`LIzVOn)08JzMaSGWibgQ}kGy zXP*27^|Tp=U|-J=6c>S6F|tYGMy>?keTcz9x=?g#lC8jq$ZAWuYAbb0Bj<^gX@!2f z-27GNM}YjZJl|d834Vz9INZy9AbMhbo@LRqr<_L82E+1axaxp_rQ;6DuJQq2v^g^=n~_9kP~+T- zoFEtSjkem*G&dE>a1QAp)E=Z39kxsr+cU##6GX%%@mZ_*QI)%IP|6RlxtbvEt*flJ z6Pt`N6^|o``$BC3mxH%{YGpyvtGjkR0t*GsU*xju3lHfTv;QFyvEkQ5HVcs|$_u?~ zf6buhRw1Fg0uO8q z?UAP1;>c^K#ZO4>->g>*^jhpj@w1IAo93!Jd(4L~ z8A^nw{E37B-2uf1fXoC}cpRbKSMUy|&FnkKb^m&G ztmwNS7;)0yzb6g&9vm^RKU7UQ;QaaeSB_cI7RND1I=a_7&41IhXOYktHfil#-6-%` z@|9S#+cR;^{Gg|?bi;4{SAGOE^cZ8nKr9ch@1g#SjCiRfqwToZ6jJ(`v*-WpSN=!V zW~&3ML9A)L5_$i!4F8ei$29@JFilFn<4@7_f6Oa+cVIGo{JT8=Qq#*)fd>-v2zW{R z&+*p*3p2%dQMcr83jnO8r3kQ6cAHnI1^zX@GBAE!ccIZgeYk!s9Xd3tax^ zY0AQZ@!ezfYyN5X#PnY-Obx-q`hSg23yi-G|KRekg-Ig@7RL2zf#<)*=f50Z*<|To z-lP~6urNQa-QW4w`2RmPCdQVSgM$O*;!<`ThAJU^9Rh3&C{iAYM21WYQDPL<@U8x0 zPd=r>hJ}^3x3`ns9cllMu@e<657;n>Tep4{Q~?q>bu9m%HUqkd6T-*{7+aNUiD_Ug zaB7ctm*Uxmb^da^xY>cFiZ9iF$PJaK1Y6dy`7CF6*qt71sC1^PS0fV;219_LpOQNH zy!g*mPA>yiUTeHWw+%U)3yaAM6y)UWAR=e56rc8dL(OkAW*<19MnX#J3U_J65Fa!X zP*^U~{1qywG>fS-EZ+YbRr-!=jhz}_2&ZPB`jN%^wAAm$# z?9%vFIpQ${xe%k7*uge~nf8E;Sf*Qq`qJ9gR%|z3=00g(H4X^T=|@Gng-LF!!=Frm zR)F1|S+5(W6oQIoktqVCw9Sd%=ckW+eClQPhjl_KAN&CkE~Mz{Y61{_#GKARfWlE2alo;Crx@NI6OV{n?^o5d3KmFA2d##&Zox43Zga7dotrRe=jVaeb zH-is=o$PnEquQG${(+aO<^3P1$t{J~KC?a7_PrWdJh8M}PviFL&3IKy%{!(%Yh9P` ziIQ`OF??rGm#Z~hmHxL-9hI@Zr20zJoY@^=i&EW-Tx}~eS6V(&A z0_erx@qdn$T5QB=@C$X?&^!X9*;OjzeIxBmkXgx3YtaXwvc$`$D?%M?OpY4hmxAFF zPBzDYDsH#f9XnEKtAFVV*#Woh0Pz278iKJM%bDH-W47JCxxiL;6hAv@Ar0Xm;s$xW;jhBhdL z7UO@m6M7CvdzXe6`+f4wj0`D{k3d9&nG%C-06b6n!kkO_Is-5%^#DPwDiptpzR1UG zcd-<3w!Uu&ARm5w@}<=PLXQ})JNo%1TGCnV;V{6tY6B#|526O;*`{53`7ZMvGLHX6 z*%)^4?6sZ|vXA$q&$ip#0Yh;N$aMVdlx}CW;33UIUG+X#e@f193&*4TzPe)^Kmmg) zhwm;(DOW>IPOz(C^t(oQ%pQ1=P60dH`YKcz;&GqSJaSO(_mKrH8`0>!cDm8+wwG3` zw@jO_cmsB!{mM|@ChwF+R|Ne6Q6q2=$IAz0*A8fYpY08bInBy1D+bxFE+s$SEDFri zNOmvGOX%-BRb}yN?@8ocZink>w&%tD7a$j}<8L(_W|o5~Qz8jRY%;w%YhLd9)7+t= zqWbPBVLx$8ytCM(VZy7~l+)5o?`AcCr9r*=H30CZNXcauyQpf=EvlV~2m7Q|@|?T7{*=pVVd&HHWq8Haw#B8J#Oi}dgI!k?vtGp$ZSGyCxrmo9UA|f2EC%O* z;7P_lM8mAf@7ySxK~H{MwWZQ7;q8~|cW@Htj24*$yzP^<4<6n$Y2uEXQ#L4V&imvJ zZ^0@U_@Oh+n?If-y$^)qSn9qJm0~(cXaTce&J_3TLKszlCX8?4C9*Y56SJQhA?Z}9 zcRY$39MdXD*uSjDneSY#<3T0TFYia{hD1*EZd;VycaL!2RI?u6;fQC z3x51LxYI5KV3J-ZilR`oPU7Y4C(55C|52~yqqu>(vru=R9D-_;Bz=U0R(Lm6O0lgQ+o$)>}#tV*iiHnPix;psUyIisf@h(9aie^$|>m{5U$dCfA znA&pTtN)!s3;X?g&z%JmHi{%R4q<6?QOD`}P-VfpYHCigcY_*mTE}OWy0;gV?=VLu zVh;hIF^O9%Q;C@wk>BDSmrxD{C11{KR_{O8;J@Od{3Z;7*a>ukgJ)k-^V+qAkZ%?U z`h9rZ)OZPr=H}*8HU_>^g!nO^mH|LFV-$C&c$?)nk?387NBoX8c0=xLTj><2Id-$n zXdsEUysO0VU<7ch)gt(ruPY84U@HQYj#K5b0NAzGs_=#j^nhlC+)Mb?2e6Z_%06pFKn95 zcEclCWG09ecXQJTu3j4x8I)cas4LNa6Vjh4GkF<4v;C42d>Z9)Bi^Mudgi>zx4}2< zX1Hy==Ybn(#q<2e3$+cfCF6~H-waQbjDF*xPq|_4abxf6?oS2|POz z{G5YLLH3z8EEKKWO%pQ!z>{3ua0vJZQ@~fN(tqsxZK-!3MfT|pkTuiGmdE41#}0=_ z99>5t!mr;nU+-OvLm7=i^y__uKq}jefnh`MS|* zJ236QRc47Af%;5rAP@un*#4t=>DyL(-z#p78f^0g&>gKl{R>ZyPmmWRoXhh6y@DAB zLQu=d6k2Vp0&*%`pz){ConsbWCj9q$#fAf|oinEQWX#pn7m95 z0IN{xywGU?80{N?_2H^l*Tv%9w>nb1w%Z9m2GCY&_tMPmy^0r1xBk7Z3J7S7TMwi^ z-DUpRCA#-D_w2g>@WgWvcPomJ_`=Nff$1HFgs5dTecO>QkbNH~=(Byp{OB_yY8MFfxHnl~3&a?>1k`EVWhx~Ak02eQ zxcJ@o@cTXNl+RxO2*5(PlOVxV-1nZ(FMphLD6iYB?F~!4B!~>6&n&5V^`7Gs&$;b% z(AJ$noUm*l+7U@4^X3~~{gUUKnH)%n0?D{d_q5zfa! zAp&TKLkZtyY5+)ieKo!SVlt9nh=ML_d*#k$hziKANST4F0Mre79Rz(24VNCM`9?&Y!}rRU1J8ykT%(3mo<@gj(_mGCw8lq-iUHbj(sjp39W%8#OS zM%w{A-*wUl@aWT*YlTs_P706vNXjH$49n>P zBm^vpWN=8r${}pO=HGSQ%sTT_z^1gG?|xBbb@PIOotGE={Hm`By|mg|`_S|e*pA6C zRU>YwVYMEmWw12V5*_$im2JPpezw11cqxR@0S8>5=_T}1)D5+r;X4z$rmjR?%C^7WM7GFfW03~KS<;%)na^zrsv?+-q!Wj!MGDlTFEUMM# zOTsuIv=2aJ^N?iCDM9Dt`d>pD8S-r>p-&bVjP8_1K&J>}M_(&lCS}cW0CHpZ z)PP9gNMe{R*98!#slc7ZLab4(PT%T*>`R7Pq0ZYVsyiA<2xq-pJ&1<|F;u#stp7w> zOr((M(JZUQk<}&e6Sc!B*Jvu+Vd$6O#GO~RC8d{9wxwWOZvJ!>LFo{bj>r~9qYPr% zUo@Gr2Kp?k%g)~dowp0bVBK<34rUoh7%35BkHb(M-;#V|P^xqCX<&&q8ClddtMX(B zURVm!bfM&BWd+dDy3mtvW*L?A83zjLyVo)NZ<0NR3JlVLPzn+zt53n5sg*t1(jgwG zFA$#f3=399{Loqmm{0-9p~;FQT%!%N8%V!BFdr-^y`1i9Bu_uZ+R%IR^az&?t2k1C zz&}D9z+62x{;X~aDR3+#4Cn*iOsZmgIa=e+lKCF}K)4%4bH=L`_=GkqLr&hX`P`>R zgstne%UtJ$QOyFAybV*EUPM2-F(Qvhz$zKZLVK#4;b7iFR4#RcZgoNo>F9pbwBg+Znn|#1N=z!w3AtX4w01IX(&6X)JkdD7oXAprRFI{MCJojE@b3GLC+sSQ^ zwRC|ZA^c4qpAy-_UseyV<+(Z83TSTvTYIl6vOU<=ji~F*6;Q!JxF*c2<@`>69U% z3*Ntyc#uBi<<=*q=0~K?8p^*)t03aWh?qNYh#kJcrJRMC1mX&hGFUyVDWUIW0am&! zQ2d9~a><|}(h5JnQyC=KY`v@;iI7iQo&~8^F{LwOsXc_nQg@q$fU?apg zp&$?0mOF59Jm^1_iUBk9oB#noV+idOFR{6jAPs({&+aE~2MTt4Y_l*}b$6hcSZ`YN zR+aGmIxT6m9W4fUZ^M-r4oFolBORtFu-Eub**kzrePsTzA`Ux^95ERGcGR(#^Mf$W zpw~`sM9Ira4v)xD(V)DxJ3Hrp7AdBj7+~STk4>jL&RSSMM-{@g1)TMNh4#5>g1Y1c z&5(5NYa{*kTXWvB3n$UCC*91|zXADTTubhJG0J_GtQAluC1OK=E=ViFoy#1fm3~0O zL0WTaB=Bc0A*`X5hd_qDM)Rau@OItdLvLs|J*Z31LF1#YLAzfSxMinnp@Rwf^*!^(wAo_H}+_tG01AV@5T8cKjxMV;ZBVf8RaE?exz+F$QCyS z)XF722=RE|l^8wAm>9eAR%<{Pt0J)_TS-J6WP^~|Ko*A)(&!)}Use_|=r;s2m}<7DfKnp{al>Ehyb zsiqT!(dEZ_9b;9!2L|J2iu7 z*n?*BMm=tRe?uWd7IDb`k6*D*v`Et`bb%I*+Xz4IzkPWx)R zAOYSo$&O=*m0)vIM!8!G2QCLyW~sg`90<1AZB9k% zpMLs5aIjj$CuVL~;XB;$>bs``@g$CSS~9}WN>oF6Jh1Y#cruu?s7slX;`_!Yd;`DzYNM$8X{{~%$IS%%YQ|rU+%R?3UoQ{y&@0E{AZv1b6Cr~Wb^=u&EPVxz zv#M1w*D@+QLVWAKJxh!#qi?XSK67Mj=pj)Fo=o=N_*j>gST@b4G2T2VKHfg#Zt%L` zzLK|}uj5^SA;j_)KYtD8HtCwt{>Gqt`v%GKS@|gci)W>gKMndftGE64H_vw@)0(WC z>hg`|oEZIWDkG#H{7*Wz40DCly?z;L8Q~F;45(l3dd$-+5jyn?P>RbSy7ybxB!<>a zpk2GrXQs>Ac{nS-+dQ0qm$B+bn8s_Zh-IKXaw2U-(7{=N808j?vjLe^i$vAdYm$7n zT!GXy!B9GBPuvF90xcpKik=se+xY}-D28fGrF7l=mt<{fR}|7pctl{m9~w1w=+-> z1%7zYJ%DsA8G7GR!2YcH@yhnnnh2e`PL~eRArn5zU&xmqzkDBv*O&uDE|3a{9uqao znQMBL5P1FB_T#Q(X0!HlFpbFzrVR9xmRhXoQgHW`PrXsJb4nC4i@*C#yUhxVa_}k9 zley|thb~OFp2RSs3~pM;TPTSMpr%A_P+a(|_B^}kzzE0`&+TC|&6p1IUan)<6rB$= zzupq6OEzDx=@onU^GjPX&Uu^1hDazIK2<;fzb0F>{=lXLEywHW6RmMIG&7$jsc5&X zD40(9&h(>nMcf_<({|i0ZrO;VF)#r%&qEo zJx{0KV^&)#|L;$?zWcqRvZ9r}h~BTQPNkhw97LFx;;47z))OXhFOj9W? z%NHe`NSJXqOe0b*S_|g1pN)8OYSD(r_%-ik@51iuUb~i8=LauBU%D^c?wGP^D*o>SWlub)!XnuI>ZKLw{!^=jQcVAjS(5fXs>G^FGEv$cre()>MXHGRnU#c_T z+g1^w>pYiSr1=YYJM%}g?KG?{l)_^{C^RwtjPBD>m|JKmBLxO{flZ*_j$V#F9)+{& z+jG6r$==C}O1xb|mJgU-^Nu9OQIIvcD=6ai=>&BgpMNqj1E z$Xp=dO((0JCxK3zQ#JSKU~Evjhv_Z&`ZPtBc7E31pe=xPG+MKEqwB*HVfh^w^Jr?` zN0)lVqcHPrMFh;j=^Zlr(mmSj2!1Tnx((!^?Y74Ay@z2QpN<$-~3l-KHSnW=hvYPZEDZvn48 zW#DpUu=uiX$%woums$z%(9H|M_cGLQvz#-4_~M^9c!znj#K{Ub8%)lQLBOeZS^^@i zVt#YNrl5Y+S!|k+f})c-l6fk(>;W?PN)2HpePb(d&@5%r5-U#SjBL{^C^s6U-cKz1 zZvWy;GEo~Obj$!44G#ej9rRLX@Iy;I{zn$vrx`j_G zR7IuU*d@66*ilw=R&AFSLfUFV-A+Op za#wEvjV)Q)=%VRtB3{cKd1UwAa3wlPQZ{R69~B%m>(u}l-}foBP?$6LP`lHollzBN zpYl-@D-Cl>Q!L%r6mIBgz;a}V6OC-DR*X35%sp*SnP2hC!B@h>FZV%Z6n3-