From b91cd1c6bbbec4f120f936c54530ae7513d7bcf1 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 3 Apr 2019 21:14:58 +0500
Subject: [PATCH 1/8] Change required for Command

It was stated that Comma separated issuance of the argument but the examples show semi-colon separated issue of argument. See examples at https://docs.microsoft.com/en-us/windows/client-management/mdm/vpnv2-profile-xsd
---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 4142e8244f..de1463fa2b 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -401,7 +401,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
 
 <a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**  
-Required for plug-in profiles. Comma separated list of servers in URL, hostname, or IP format.
+Required for plug-in profiles. semi-colon separated list of servers in URL, hostname, or IP format.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 

From 431727eb8015f800b77389a5f8387ea778f1688e Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sun, 7 Apr 2019 20:49:22 +0200
Subject: [PATCH 2/8] Deployment/Update: netsh winsock reset command order
 correction

The correct order of the command `netsh winsock reset` is required.
The argument 'winsock' is the **context** and can not be rearranged.
In this context, 'reset' is the parameter to the context, not the context itself.
The correct command / context order is unchanged since Windows 2000.

Current order in the example is incorrect and needs to be amended:

-  `netsh reset winsock` does not work, it returns an error message.
-  `netsh winsock reset` is the correct order of context and parameter.

Closes #3157
Closes #3193 (if not closed already)
---
 windows/deployment/update/windows-update-resources.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md
index 66befc0f13..0066e48950 100644
--- a/windows/deployment/update/windows-update-resources.md
+++ b/windows/deployment/update/windows-update-resources.md
@@ -106,7 +106,7 @@ The following resources provide additional information about using Windows Updat
    - regsvr32.exe wuwebv.dll 
 7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:  
    ```
-   netsh reset winsock 
+   netsh winsock reset 
    ```
 8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:  
    ```

From da37fde3fa3283ae9340e4fbab2d2f8337f044f5 Mon Sep 17 00:00:00 2001
From: Malin De Silva <malindesilva@live.com>
Date: Sun, 14 Apr 2019 00:00:47 +0530
Subject: [PATCH 3/8] changed 1121 and 1122 to block and audit modes

Confirmed with following article. https://www.ghacks.net/2017/10/23/configure-attack-surface-reduction-in-windows-10/
---
 .../evaluate-attack-surface-reduction.md                      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
index 307b13fd20..93e5640492 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@@ -53,8 +53,8 @@ To review apps that would have been blocked, open Event Viewer and filter for Ev
 | Event ID | Description |
 |----------|-------------|
 |5007      | Event when settings are changed |
-| 1121     | Event when an attack surface reduction rule fires in audit mode |
-| 1122     | Event when an attack surface reduction rule fires in block mode |
+| 1121     | Event when an attack surface reduction rule fires in block mode |
+| 1122     | Event when an attack surface reduction rule fires in audit mode |
 
 ## Customize attack surface reduction rules
 

From 6550c128814761ed4965ffb1f3e6d863dd4b28d9 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Fri, 19 Apr 2019 11:18:41 +0300
Subject: [PATCH 4/8] added clarification about value 1

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3028
---
 windows/client-management/mdm/bitlocker-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7625ab46bb..17e70ad2c6 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -429,7 +429,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">The possible values for 'xx' are:</p>
 
 -  0 = Empty
--  1 = Use default recovery message and URL.
+-  1 = Use default recovery message and URL (in this case you don't need to specify a value for "RecoveryMessage_Input" or "RecoveryUrl_Input").
 -  2 = Custom recovery message is set.
 -  3 = Custom recovery URL is set.
 -  'yy' = string of max length 900.

From dc6c0063ab982be234f2fe9f4931158787ab33a0 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Fri, 19 Apr 2019 13:18:34 +0200
Subject: [PATCH 5/8] Auditing: Add an event example in event-5159.md

Description:

The page event-5159.md does not yet contain any example outputs from the
event being triggered on a running computer or server.

Changes proposed:

Add examples based on its predecessor page event-5158.md
and samples provided by audi5411 in issue ticket #3291
(windows event log 5159 xml example)

To do:

- [ ] Verify the validity of the added content
- [ ] Get precise sample images from the docs team

Closes #3291
---
 .../threat-protection/auditing/event-5159.md  | 129 ++++++++++++++----
 .../auditing/images/event-5159.png            | Bin 0 -> 24435 bytes
 2 files changed, 105 insertions(+), 24 deletions(-)
 create mode 100644 windows/security/threat-protection/auditing/images/event-5159.png

diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index 74fd606119..a1cf9746d1 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -17,37 +17,48 @@ ms.date: 04/19/2017
 -   Windows Server 2016
 
 
-This event is logged if the Windows Filtering Platform has blocked a bind to a local port.
-
-There is no example of this event in this document.
+<img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />
 
 ***Subcategory:***&nbsp;[Audit Filtering Platform Connection](audit-filtering-platform-connection.md)
 
-***Event Schema:***
+***Event Description:***
 
-*The Windows Filtering Platform has blocked a bind to a local port.*
+This event is logged if the Windows Filtering Platform has blocked a bind to a local port.
 
-*Application Information:*
+<br clear="all">
 
-> *Process ID:%1*
->
-> *Application Name:%2*
+***Event XML:***
+```
+- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+- <System>
+ <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
+ <EventID>5159</EventID>
+ <Version>0</Version>
+ <Level>0</Level>
+ <Task>12810</Task>
+ <Opcode>0</Opcode>
+ <Keywords>0x8010000000000000</Keywords>
+ <TimeCreated SystemTime="2019-04-19T07:36:55.955388300Z" />
+ <EventRecordID>44097</EventRecordID>
+ <Correlation />
+ <Execution ProcessID="4" ThreadID="6480" />
+ <Channel>Security</Channel>
+ <Computer>DC01.contoso.local</Computer>
+ <Security />
+ </System>
+- <EventData>
+ <Data Name="ProcessId">7924</Data>
+ <Data Name="Application">\device\harddiskvolume2\users\test\desktop\netcat\nc.exe</Data>
+ <Data Name="SourceAddress">0.0.0.0</Data>
+ <Data Name="SourcePort">5555</Data>
+ <Data Name="Protocol">6</Data>
+ <Data Name="FilterRTID">84614</Data>
+ <Data Name="LayerName">%%14608</Data>
+ <Data Name="LayerRTID">36</Data>
+ </EventData>
+ </Event>
 
-*Network Information:*
-
-> *Source Address:%3*
->
-> *Source Port:%4*
->
-> *Protocol:%5*
-
-*Filter Information:*
-
-> *Filter Run-Time ID:%6*
->
-> *Layer Name:%7*
->
-> *Layer Run-Time ID:%8*
+```
 
 ***Required Server Roles:*** None.
 
@@ -55,6 +66,76 @@ There is no example of this event in this document.
 
 ***Event Versions:*** 0.
 
+***Field Descriptions:***
+
+**Application Information**:
+
+-   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+
+    <img src="images/task-manager.png" alt="Task manager illustration" width="585" height="375" />
+
+    If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager.
+
+    You can also correlate this process ID with a process ID in other events, for example, “[4688](event-4688.md): A new process has been created” **Process Information\\New Process ID**.
+
+<!-- -->
+
+-   **Application Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the process.
+
+    Logical disk is displayed in format \\device\\harddiskvolume\#. You can get all local volume numbers by using **diskpart** utility. The command to get volume numbers using diskpart is “**list volume”**:
+
+<img src="images/diskpart.png" alt="DiskPart illustration" width="786" height="246" />
+
+**Network Information:**
+
+-   **Source Address** \[Type = UnicodeString\]**:** the local IP address of the computer running the application.
+
+    -   IPv4 Address
+
+    -   IPv6 Address
+
+    -   :: - all IP addresses in IPv6 format
+
+    -   0.0.0.0 - all IP addresses in IPv4 format
+
+    -   127.0.0.1 , ::1 - localhost
+
+-   **Source Port** \[Type = UnicodeString\]**:** the port number used by the application.
+
+-   **Protocol** \[Type = UInt32\]: the protocol number being used.
+
+| Service                                            | Protocol Number |
+|----------------------------------------------------|-----------------|
+| Internet Control Message Protocol (ICMP)           | 1               |
+| Transmission Control Protocol (TCP)                | 6               |
+| User Datagram Protocol (UDP)                       | 17              |
+| General Routing Encapsulation (PPTP data over GRE) | 47              |
+| Authentication Header (AH) IPSec                   | 51              |
+| Encapsulation Security Payload (ESP) IPSec         | 50              |
+| Exterior Gateway Protocol (EGP)                    | 8               |
+| Gateway-Gateway Protocol (GGP)                     | 3               |
+| Host Monitoring Protocol (HMP)                     | 20              |
+| Internet Group Management Protocol (IGMP)          | 88              |
+| MIT Remote Virtual Disk (RVD)                      | 66              |
+| OSPF Open Shortest Path First                      | 89              |
+| PARC Universal Packet Protocol (PUP)               | 12              |
+| Reliable Datagram Protocol (RDP)                   | 27              |
+| Reservation Protocol (RSVP) QoS                    | 46              |
+
+**Filter Information:**
+
+-   **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding by an application, and if this application doesn’t match any filters, you will get value 0 in this field.
+
+    To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As a result of this command, **filters.xml** file will be generated. You need to open this file and find the specific substring with the required filter ID (**&lt;filterId&gt;**)**,** for example:
+
+    <img src="images/filters-xml-file.png" alt="Filters.xml file illustration" width="840" height="176" />
+
+-   **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
+
+-   **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**&lt;layerId&gt;**)**,** for example:
+
+<img src="images/wfpstate-xml.png" alt="Wfpstate xml illustration" width="1563" height="780" />
+
 ## Security Monitoring Recommendations
 
 -   There is no recommendation for this event in this document.
diff --git a/windows/security/threat-protection/auditing/images/event-5159.png b/windows/security/threat-protection/auditing/images/event-5159.png
new file mode 100644
index 0000000000000000000000000000000000000000..a2f9134fe87579fbb507e6941f68aee995754664
GIT binary patch
literal 24435
zcmd42cT|(z_AVL~C5jX)NDEf<Lz+mD7GqbMhzLlDh=>BANC_>80>bBq5EW@6pduh5
z1d(160VOI;1PmmEfOJA=Aqk}3H@Mq5caL%Q_}#JZIDargR@S@TwdR^@&SySr&IcE*
z&q{An+ynxFq|cu_bqNGo+XVc%gEs&z7SDcW03U0DE}cCAD(O(30=`Ii!K`2)(0i;D
z-+evsePh5mryvkWrdj;AhUow11_%TPpFah=9OlNL!oQe0p=q3n1N%rd4@$OLs=-E^
z?%k_AdS2_!aDv?Hg!PYgu3i4rfjy|U=T}%-%F((f(%$`UxsPK4-X%VN{6y_*JK0Hn
z7e(W?!-v$P8a_Q5pZ;q1t~aRLvoBOxVb{ZGoy*ga!po@6!XRtGlsUE6b#9$D+SR_m
zI?LGJRS^D`&N0=dEl%LcYk{doF1GulKj_2KPrST%aQmkFC;BZO^LZ>BCQHro?=22M
zOC5n%C*cnKE^hpW|7(<nL$iwhx0a|ejsLZUCS=eKfbCWXetD5?zfUCm=`Yy%kGGZK
z_N;JP;ljl-H9kf_6IBavqM1(3zt82RZ{azipq<8VUx7KEn8ynGuoaj^8@#t@u@hA&
zScLL1>VgNNMO<ygA@SUSxjjW}|4Nu6h=hDK{x%WS=9vz^05k8^0$ZkwUJEKZ1@a8u
z96yplgJQD(vBH|G;o;%BjrtCjZy3{Unols85ks^`zsfK~I1DjB#?rX`I$+FHLk^-d
zhleE7xRIE5f)u3igO-A5WEX5Xi)~MGpDO1}t5i)M*gq(wGn^sSr#V`X`d++S1C*nR
z>2D|Xvf&|Sm&URja>M(%`6XE*?&ymeLC4HHYMc@;Q#t;@FAjrMMZRP>7`_7n?eBau
z_apW4)du(jgPc6yVMqFcCd+FZDi2s9W#`6P(GLP2x34+iwo?fpA{Jc43PHw-eu(%!
z47k8~Vvr_i!~8&xS<nWBL{V2&IXs+0A&Z9ng^BEL5hcw_Vwfz?{9(}Kc>rV;n;0>s
zx@Kf>gr=!--|!Hm+`mB!#<H*SQ;1DwSsk2bjn5<(Gr9D_h%(EytYYlxl0M;Po=YDT
zatEb5vQ>CZZDM&zc2nLFuc(}t13u6o3bnNw*z^lEuh;r}4?YL>*aFV|QESqK87{!&
z0sFR$X>+A<FcVc2%yJQ~LNqE`_FxpCm$Bs#G>e9y@tQIjX#}AS<PR{7(>$(9!E=_8
z7VwlxZF&nV%mpfgTv)2^GjEtCEB5NSUs}5?p46ui2L+pr_-V;wyW$=ELzvuv!_aFk
zweYc#71J>{UIt~>ttAW4k^BT1JeTzYm{kL3&>4Ald6_iGnA;$lfs62LQIv>w3p0@*
zy2&#Wtq{n<ZYF_>7Gk(nZDnJyzCr2Dv)uDW3y}F)Er;daYM%*B&W<}6dCPHLZB|$D
zr!Zaw8J}9(<FDQq`b&#y(!8j4Z3owv0wEu@Y__F6K~$R*_z7=u4p@{++xZ<6x{HXz
z_CGn4M^8$$@7ds#Y_JKmxyw8>9wINedcnI5krh61!5fv4^;Vl9!*rWF!B`68;-^tv
z#6!k6BOqsqojZCBDU$lC8G_Ao19U{l>7Tk%dLCVA$2?M?P+!3<$^(IFQYQR>NQO~g
zAJJN_v}8k2zx-IB`je^gl>0qpW_g^umoaTHK-VW?0pX~YFN5k0BrKeiWA{s7_#+TQ
zK&@tMWJJ4X=Lj4QSzCz3lnD43Q4B*H#U<RP3F<`lJdGR?Q*RDjBvmiEn1KJKVt$$R
z8GZm>BZc=N;`Y+jq4OhKwUR;lQPuqh@v_@ZsL0l+>g5nBJErta+89r{62~hn&_kRW
zDX;G{AModgobOEz$7fZ);Wn~;6%<?a?c+jXJ{};pE1#sw3yevXJsII8`>;+g(WR(E
z3&D=j9%CIup;kmGf|>;E*0MB8Z|?D}h8qM{Wi4q@;V(#zP%>rI@y!#L5}szVQ2DTm
zl07uNQXq@Xbld57mb2f;|4H8WpSPTDM@>|{=P%m=Hf|)9Gq)vHpyIx<DrZ@P@Etwv
zg(*hSyD@cwDJW}!Jz>6BK(;Z2AVfbXIfl%J5bT*RQ6al!*XGM2l4_cWjLE41gV$e<
zP_t!RyCQB<BElW^%FEUL(01<iI^=Ckipzuw=aKszwP)%yN6?f#On+UW`(s@x&S{Q^
zOE8MJMjKUzTrTst{?~N!j2%S5j;Qz6#7lV_>lbtPB)kwkz`kYthk0q?&;gIV6sCy$
zr2nj4Pq`w*`ITp$pa<rH*VOIa>d4}DPt1kA+d6UWm3HNJHe%rj4b3rD*k*4DW}!0Q
ztLR%-PS)0tF5T49sI&p>C)OznoQh%5^E`W1+(i%PIie~IaX=c)>EvJInLro!GDvt%
zBn1~W<G~P->!;_o!xtZxioUZ&wHXe}rQM#5WuGdU?w<#<rq?z8GPkhp?l<s#touaP
zEiH2A)3D5wHSNpso(eYb8&p0TOQ$@^gl?y*%eQe~?9_I^P0V5zT;A_Dy7`%FOUa#j
zbIzHHuJ5j(`P+<V;5b2y?Ulo1B?EcQRyIX)umtY}&#$Y^Wxvi?TrttVl0Q057e0Gc
zkaqZkK%qfBcq8}4TFh;e+=VZ!m*3Cac6yHjTts;NB6`nq{&@Q#dFmG7BvvrTP=^Xu
z*#2k=<~y1(0`V6SFiTi6ZDmxQoFgQO{>+#wmTqFN6~5)k^+NnEK|>@9=V2GgEw4O}
z6q~<`ku|G3tfG+Xi8^1Ali5+B`*bEg==~?k<*@@JxW9INsLp;@RE4`xhISZDa@k(q
zvVS_cF2Qidp+v-%d>+orF>#1HqWs~K;4&q`SgR5{Orli^_=c)^h`taM?RDpHRtF#b
zOh9jX0nyGtv%W#U$)y%D4ONQ*sRQrdGkNCEJj{>;R$0jxVFu^aQJOqzcKyV}Wypn*
z%m_`-uVu#=fF1tEZspzo=zKL*L%im0%z}SL9Ue0Q6>MXWYQy2jR4LjR5vK|xfbvJA
z=D<AMmg3=<Hq;AFj%rD|tU^VSlN(oUGT&{gw)Uwxcx!7k0$Wue8gVWybV4QZc4^vF
z46l8jvhm^PJ(P=xP(P^fq;u})o8iiXmsqSQd$?rsi&()2UhTepEvP@~!TXUVqe=ar
zYVs%@*aFQ1GpBfnpBtxb7#_8qW1_?I>~5_DdOpP}oA9CKZTDQ-Qe--`?FvJJu;q0<
ztuRm(o2xZzwwM0t-Z4sifD;$mnsL<@vsAW-ZbRe%_N&ru)cDG#+A>SPkBe7}hl&X0
zm~m|pgB_0-;mR=#nrMX4De|HH5RO6wm264Eoc6O7w_{+a#qc`MgwxR{4L)2vsPU~i
z$8J3S&rh-{0I(=)E}Kp&6%}ux@%Caos+pO3;b)hfHo?LoPbY1JEI-xQx$$u_mg-xV
zUiVEFFAF?zr?|`r%-b^@`d~sEfJ9^A37FC0Ewqv8K<OBW3;<R>r}h2=1)T^VJt3F>
z8-Bf<DU*x+JD90E{7*QgCH0T~Wv%}~cMG{#D1ZJW0P(KLg8}#o>f0Z!1AK%&P}>Xw
z-F4jqUI+Y?_V0eWx;>V_uE3d9^q2#EhK^~<G<9BG?Z`VJ7y6mD1HG@%Ljo8i9Nbi5
zdbM<)cqo@RwV6#Y1z=1#&?*<Z1_WZ~S<4BBirK8RH1_96K{0z>)g*f?i{0A_0Hkdy
zYU0OcT3Ior8ynr{qb7Qbw2}skR-e=f9aH1Oct7ddj3Qp%;HjE@;2iQ9TK}wa(!{BT
zlnx?${?09|S4Jvgh19(|v$PsNIRj*j`mAsR)@r#{>m8o;R`xlLK6=#=7?{KhpQ~RC
zF-9p8j)Lg{)6s!JmqIS3-oKh47Dj*tNw#S^d`Nci$)i6SdnCIKKE*S?t#`}7HTf7~
zwm;FMOWdo`j>x(tu*{H;H5u3P>&}jj&=rgG<4@{PQt75wjajb5Senth5~l)<1IKw0
z=>C+L`S=NTSlI2%<V=IcK7YHlW$#7`OlD^n3U_r%QAjw3L6iXPyehJxBP8jjuitmY
zlZ_5qJRmv0x4vkTZO?AKgi=fkff-#zdk^S+DrD8WEZgJiLi1G#tD<um{|0khoSbhf
z(KP<^8@*>_bD*Q^`=kMBHr6x!;yV%vQP5hZHZ#5+8Kbi8+BW+6Y6g9O6AsNFYYK>_
ztF!kkQH{0QsA_vqK&<NM$=!14X0Zpx<Gz!STg0|6HfiGS8lGV`bw$9;cDxRP^;HC!
ztF{T}ZvlJ%k=47gN!D?Ey?e&b#vW_z+`t+7SL#snd$U%bZGTOyci-)96ylY>D&Aeu
zr5Y=0?`BV_N5929e2Lp8nlREU7BVR>Z)X;oG&Oo`pQ2ra$pO(-^=4RK%2}yY33oud
zTIFJ0cdzP*6s&K@>U{D4zUeUv(4>!!f5@A!i`MxaqHNml3~sVkj<pK`bbem>wOp*q
z>Imp_yTK-_!wVh(%KTfaci&f=`K_@hH^KUTzcYS&bm>X)ocd%BNw~+07g7qj1a6X9
z)p6+m*8wM<sPWkpe_-C%Ugl-cp8?}#S;Wk9qB=R^Bb!g-HPD=&*OZ(GCRB4q&RSEv
zLIqg0*6J$GY>B0>9$???|Jqb*A!n|y&1h}y8xEUI%^{DEeOK+A3e7)9X+Pg-QI7N`
zr;YcZ!^|t=?J2eIu&rMzw~lOI5^NGUne99lNC=^5@HB{4WMgGYkoQV&uTe*yfi`u}
zjHLaJCpV{u`)M%uUK^CX23B2SLfc}EGICkIH+-@r#{kk~euEM|F|s?|Z8jC+9aNb|
zA1L$R?+(4u77wZm&fy31Pg*1NTgrOI^C)!_+$!ZFMarUgh3kjTSD`%6?0q#C5_7#f
zfZdZ`N|cWGwbPpyYRpu%1Rtx%;ya!rri`m*oX-zn^H7J2F&g@nPTtHP3~G?TImtc|
z5ne$q>G!g&LxDIa<Vt+%V9Ph=M%mc4%VV=LI6-a0Z5u&EwoI+CqI`<pf<w7-xRZFa
zwlC-Vdio0*EGMomb=X5O!r4z{TSp#tBt)_+;_HgAf^SmZOWS3Wl;K)%TgK1rRfE1q
zS2yEx_i)*e?XGSwr;-W%#$Z}nTQ!e;mY3ggsL*HjQr*;&p~MI)xFL|>DQp|b@a@)Q
zdZbdJkI6}Ha5rS@UlYfTpqRr!ytnOCZB7KMW{llxF$?z|DDLOI=PHa=ZmFOIF}+;p
zme`C4wlXAD>8oJv{2Opn2;wLhDIbJ!AeqWP+f)+jH2-q=i=-`Nvx`Z=?7HT6@}|Zw
zDM1ug>luoQd93f<O(Z(>MVq9<b>|->t*1O88|x(@I3Fmu#6?MQA4O!Pr=ru%`$FRv
z5-5&(JFix|+W9Yb{aGzrYwc~UH|ytA?N1d-Ogz1+I+K%nRokHx;XK`TEF0f$OK3)&
zo6C{D)+`K1qw4D6hPSG^S++Urx`~$($eYGHX*i#3=Y@#j%Aj8cmzWle@uYh@t5PU#
zw+HS}s#=?ZOnc4mo;@qxC1flw+?yOF7YtFn`bY4x&Z`p-WV3~EX9s_u>vh7IKPnDy
zI*XEXpl7IQAyIARQGZUeEFf<J3742bIFo+e1d3+)%K{6Ju1+SC70OaLO;6VurMFMU
zSf;h0ys2NO2Kcv(d*^l#_4?<22=}Ktg$hn8e|O1=!-tM4KU(>a<f$J1usnmO|F$6C
zi=+MwuBf5k=~xEI3*FWl@u9=Z-;_|ExRjoszs6K5I>1#{AyyA!{;Y>?e$mEtk^$Z9
z=@z8C_Dx|?mHvC`fMoDO^S6J&qkJl^CmuO~>){X3tzThASR+$SWj`F3m=~D2o-k35
zEI7~nOK{+T`p>NA9qkU?{b*+<w%}dnB=WXsYwKYrf>fg`JQ^Yw#PSqA_c-<*_p?o)
z*lX7v#M{<sGeZl|I%vVk?eV*w@tE4uhUyx*GJp$faN&VeRe+O8+|)E4GUb=)1+{E4
zF%PBkv%XF-xUxUzH7Eg2{9(`8<48yxzVit6=+s$bOKKOt8eX_kLqZ$t-z<#CGgvAc
zaJ&_$l;L@Y(-sfW3ym;|5cCB54NSaqe)fB=vWrAJ6|64-(Xb@!XVwK<?$?oS%|&cr
zc`3K<;u(|A1QM3G3uXEfSE}8r5uR-HYn~omq0KzUtS*sXJyr>+GSrtIvIQ(yM5)?<
zE@XqyhnR$C=B3Npitde`GXm4;mFkrmkO03-01p;W=39T&PKB!HK-)WH>FI)}Y(D+~
z@m)C~&oc{<=`Vvjt$bO{tdrda(^{_8kO%Ct5%Vq)pa4;3SyP<0kwQ_j9VGY{Bc(&b
zj-<^*?BmMEmc2w{{Mw9DS3HiU*TK8YTe?4R^+J*gNKR!C0sk{mttv5$U}gd}^ULa=
zSboTnx*LB=u7utJQ;_Y9x>&Fla`(2x6_BUIa4op0`p+7v9n^419eJ3-@m;Idc;_X!
zKyg5N!_U3obqDu?NvBuc$U#7lRvk~`p8tEBLO5zs-fn=KIQopxQHXGpVJr+Zm_sNr
zn5=hoAN46mUguavUeHQ-{)|1Ar<4o0`+`*3k6t2x_MXbc(rf+YQm=*FB98|Y2joQu
z+*xrUd8>Q*$)!eUBZ4ky*4-zM0N(8aV9}`h;2dl`JHV79n)aldddT6u<n{y3KEMW$
z>a0R+C!>qD(Eu68au8|V%^EFQmS^7jDEHLsuwJ94OkkOrGkm%3-FVk#!%p*8yXkr3
zg_Ui4*PhH8PAV=!24nStf2@H|uc$qDR-ZXb>-bceIsUypt<ts5`}yk<{&!vP4?!OS
zADuO;oKKeofn@Ij{zniUAcwX;Xwa<{yE1klU}em%^%4#NwvNA~UFGMUu?ba(U-8Or
zXEqd?5H8tB4i6Yd)SaaMsEkJiGq{0wIu#}F9i<pjZ`KO}A`^%(w`~9dP8T~iYIFeK
zD7MCKDyIA3-F}l)gWz`8e7DR;shdzL@^ZzWYV+M{ilb=1ZkrLdhYEtrXI>#}ENPy~
zAkguRVowYB#WUu?w`&4!%}wT?yyBM;ktNmC7=>~$9z0W195361R07s;5%7I<bC}Tz
zD@^%TFKHPz`Rr=yroc)BN|O9tpu>3mGqHfdMnFya83p+){xSON)M9F=J2!RYktrJl
zQWMYAHM(@*nDYG}9rIza($;J!y1(u-YUtVf!;oKbb)BIqN{`y>CrQ=kA?;DUIe5)&
z+=0a|gA3ge!e?p&P7RD7OVY%908aYoE8fDOvtgH%Uyo}6xFt+=^`rnhuXI|jWEFCk
z+5$}misC5Y_`f!-;<4Yo>i;q=n86?%`9;l@XSi=M_L;LtE~#%gv<<g;29x!is~?&*
zOj;W{O6tf<a`H0=4IKhBa1R)_RT$r()8=cX92;^A*;p;={#mVQC=}ELdD|poUfk&L
z0e$?SCO(30`(;#|Wp@9la*>;rxF=P$4|-gm=*Lfno+=zUKs?twC3+g-htJ#qGBp>U
z-C_F+us(bxX2p8_E)J^#+<al2K7UOGa@j6K3SOY}$Hhdh<_!0ynQ)rI__B~<vS6Fe
z`1*cwuBTP^$3&Vr<PviYs54s4C2f>8$M2Zi2iD%U;oE!{*eO4URNn3WkwquV8KW!p
zeBmb^7jBEqb$43n+Mx32Rj73IJfje#wB9{P>#MB(g04MOVLfzabbK8sdo5saz7lc-
zGhQ2;TKfX%b4@ZxU%`<b238k0&h@N^BMN4J6$W%Ok+O9pSb%lARNKa;1=F5=?p08?
zJN!GySi$?hrp17MMsjr|Q^og=e_Xton(?Cc09bw8L|F1t#;h>>=P9}DzMUmjNwB4p
zN#|nSG1(H007_VMhsnDQ`q&KExcw^}dGs(4X|^5)H)$;|t<eW(=bhbq0U5q+_@G{A
zWr|djEiLTmFZO8Eya(F25OS{P{a;B55;uaL2QjHfK|>3xkQTR9^4kN?1AJ~BW+B4h
zA=f0v{hI1{rU`0m6gOOJAb))QYm`bX%5@9tzFJhIG59Reg+}Ed`O+aILqiAv^a0bd
zMXXf@f2p|u78!ujxj@r-A&S{<xKSJiJD-#*u~?itYreQ;6-xgEl;#P)HFt|xJpn8K
zPxS;h$v>e{BO2h&d1%(N75l3-@UF`5fDIhLxhpZMrZGB@bpra#1uccvUZM%9N|9L6
zlYiBqMw>L_oG571Bgt@z=4R$Fsf^BJhTeq@f*J<SOhz9|YrtA{T;bjKS@i?>*r;=m
zXO%VNoP+qE_v^<cqe~eOnc=zGVghwyNOaxByMM^sBV*P%5&x9zQr6(ZX2f|6x|$>j
zjASWUNWY#S!3d<pnKRH?j65%rB$*hbvAx>Ue?4B6C;X#mf7KE^*m=ZQeuiF=JVJ(k
zm0in~4d@x1O@0J<ae#2Ty4&#p?@F$Ao<W-L+%r^NcX}p4XR6YKKJaF8nh3pGHC>bA
zJa>V}@+OY|5Wd@GXL@AyH1xib#a&i=`a&U!bu1{O=Hq913*JP!z@bnmb9X>`o;j1d
zsm#qg+uMR$G`$(Q&81;vo;3Yq4d#|jWzH<-t^eC3GNvCdl)Bw$5QDG9fgnQdp~9fE
zoesPRBULG)WlLkWY-837w9BiJtYgS09+@+g<@70!%f=m6dx^ajW<jDR&j|P>-pjOB
zpQ+~eItEnwH9|;3wPr7&r_7>b_-?tO2R|9*bjOzw(X4yESjiv$bJz3|(Xbyq;O0&3
z5#DE5<?xO`dy!^ZeiSRcT#@%cl+xEAvtFbF6xpuKGSfeB$*=+%gqzdgru4gA>p|98
z)2!KMW7sVvfVq^1g=vP5aNG~$<!Tb_10K(}7Nq96ot1y_dZ4z@bGj*QI+I}3dS5Ht
zwiRJP`1#A&ThwmwD#3@){-(h%qp(2xBlg>z1++6M0jgzi*|WtSdr}1Rh8|^bYtgd<
zU(0t9X6Y?N-;VH?RXznwo}mXVSD->p84HE-n6*X*ZwKFT;NJcBCrX`eo~K2J=NjL~
zpW<b_qg8qFRF;CuOG@S@c2wf%ol^-Vke-Y{KCAXK;`Bt*8`)v@I6TKB1J6M{Mq8=!
zs-bCaG?N5wMQ~)+i@6_3qN>XztC8!gCR^j{=c|PN_Rn<$owM?B*2b@&rWTUMug_>3
zZwb0b*9tpx-PH~^a0Tzb5PTEA)HoA)UHAn5xjP?+MtLm_bKcYndfeUE`e05_3vBw0
zY%W?5M*UP{r%ZX{U)#{L^nAp$0@Kep&8kH_gw8XV(<3Vn-k*O+9OZRZ>H0Vwbyc2d
zl06hegz6vYN1S2oBidQ|LP_YdhUz)LY(MzVR)qiO${!Oa21GTa;|*<^@G##qsGP2x
z!FN7yGOOOeGZ^9hcx0<f4p;Y3?`Qkp?qQF7%4DMd8`;63J+J33wz(RNH0@|h3*Ab8
z<~dfWCDSA@AFb5;0IbN5kaKE&jRx=P=5<qn^Uz24q3P|8$m_mmA;J$yw!=m?3^@Cw
z>0l+n<4tG3)^ac<5gL{3k=!@8v;y%*&X(OWHtC3X*K!j}D1tmZADTJBI%Sl7C6L$8
zE?!vJ<<C@{z$^G`glJiEpePwI24T^=BT#S*l{4EJhMrRNb{*8tyR5z|R-N2@dey3t
z9!bFhhIewK56P>9IP9suXsK!8I^#<@`8_ZgYH3m!GIG04uyp!ed3I{LKlw3a!vNnN
zl~6Fo`h<oa*_9?-N0}{xYO&X$uPeuvyQ7012-SXgq#r|GK>TG(J3_qG6{s}_M`!qX
zz473gA5K$~o3RP?9e*ye1w9e8u?vqPstgsqZsUSUhZRJZ;2Vb1N0U~<%yi$;$E{RF
zO*P%;RdQZ*yb&zcybpFBu94&H9vEC!zDVEDdRcI6F0s1Ut-d3Vg!Bp}Tp&p_B)X{V
zk`?(EYW?jf-S3ht@z5F?KXF6*ARC(3SNB<P8rf2|^tr>$w<%<1eS2F1Ix%yptIa_$
zML8mGUlmoJ_#-$Ry}TxsPU$gtHT43g(hm`=S@?eAVGsV<T@TI&J|u3yXbCZS`>|rT
zJ5>j?nb~X*OuIn5H5)kll&xK7S&=*ant%#KO?4*r^aYP+iy|V&p|1P6Pp@icTR;4O
z!o3O4nt%3+NJyqz+_5zN>fzi+Fq%0{k;SP~>o4;%*k|a9D}v0BS@o(sj<%`%H-Q7?
z4&pVgGkcb|=%LLddhDS~vr=7Y)XLN)jhco+JVg{c-DwvjBMEaQ^$MEuR`<2&Pi^C%
zG<RgJ>{9#S`TjdJ_R!!6Jd&4bO1SBkQ^g$|GUGk{-4o#bK8_4?A2N1}@k>cGfVQyl
zbiK;>e|2{M#{d0iP5+yh{HG_}Ct6(P{5Jf1+UeggQU6&}t(}~CMSH6S@5l3K<51yC
zvuswqb7r?>VRw1KXxW#-+wdE3St9%SRkX!~M`Sf`c`fK}4Il}sE*L^?9?nBp*A5QI
zUDa!I)dO2JghBiZ*^X;Kcb|#7=z}3PM6Jzqlf0mllY7?>M{ekf^oIaEHGsfKsF(ox
z@7C=Wkw)2PneF8(e~3PtU%eJxaG2AbHGbnKWVZUiPYxC?fk-6XeilQH^KV9IuYdup
zT_Wr<Tif-XH}X?@JcO0TK8bd`7}9yxNwuQ?ao{`?foW#QGVhFJDiFKOLs~~|v6`mi
zYd{}m#IaGNTsEh+dwuEdYjI58i$6kS;?2v?-%|c*3+t3P-jH=!0a``u%2mql>4No1
zw)>Gyw<+JhL340GqM@~+sL7*@Gxy4AN%>V7WOQ}ICHNEGKAafQ3`hV`g0#eNQf$$3
zl4o$$k1y2T;KrGrU?z{Kx$nz#Wz%<~f%8e^pzcNfqTB_KO9iW8hVN<UO`EzGzAG#D
zL$s!)0Pb}?;MOVNrUT^{z#5Vj{MsYb_PKQdRoR=qw4Q{^N7otfOkVB1M661?O0zlJ
z>b-vWg)3{_$C;4BVjM*gb8mZL)gIAKQHFXU4x#lW;Szfy_Px5z&)tqzfh-!szz-=(
z`TG^}=Qden?SS=JYR?fz%h4{4056w9enisXHi<#lz-C}M3}86|>@{yRBuNDse`W34
zY?)^G^@yHSw<}=OtToGM`Fxf>top-Sh+TI{&W~|`NERjqm|n3}^5LEUqV1uZVih<f
zCXcUe`d5bZKhsMfh}gm3ZzwA2sr<~JE}wy{U-$)2F+lFpdexCL1J|kdQ~`ZF@EfqY
zqeUf~2-Kx6k^5i8kIc^y?2HltXnLfihISH#H3r=+UWIvXCud6$eC&mELM0N2dGn_o
z^8!u<ygktY2`MlSf9U5V2`Y73^|?joj<-d%EAuN1Sn3bYzPw~ZAzAIkICat*>@b?v
zRolwv=q)!~NtHEv%J)NiTZY3n^HN+>Cq2rv3(@N1W*=p@RXl9Ewf%~}D=;JwwbTMh
zH~dbKDJ-mJ_rQI3Lz!atM>Fdt4ua{|5EPlUZMU+l<-J=%jA6_6FZ(RxQBPkS<%f?=
zc{a0;pw6!^9x#nAO;N~k{<#L^E58~e%r$USVPX16ho0E8OyhbB4Uv2MhSq~d8@jv7
zPMI|GhdbUr2I~hdKc2$7$vwGG4!!MEhJApqUV$xNXs5h)jvF`zkn$A3epxJPW6!v}
zk$rYxzE`H{!OEK38k^q4Iopt{ugZ0BK0iEP<%&TbGxSe;rDMFQsH$WgsPFJ9_SCl~
z?v~qt)$NlbOE#z-CPxU4Y&=-=$SLaR^<N!t%S|FikNca<<VqLRLh?LovE8Wi_e;=j
zWjQ8Wp36tL^wOt+31ES!AHZ-sHg2ExE2<s2850lRd0%E5T3~EtT)kY|WzZC0)+Sp?
zeQff*Fu?mnF|LTK%k8|=@A<$ypZki_C0RO9->|{`Wy@=5<${7k@j6hL#OenAzvA3~
z32Mc+2;$K9-!}Oa!q4}LE|gk<F%0sgL$&+1nYml4IZ)CwSx}hF>Qg=vnAabzA%;wz
zQ!{P1PxOzsG?J1)>#9rdyu2j6O%h}(`CCAve)Bg)3a6B>kv3e74zMaXU{?7r!xWu6
z*TxSYp2QVPBk32`^y2+$FX}}#AVh~3-(<ZI^f(OXF@g_py?8o@4f*hg6ec{n?(KY^
z%tTj(IO<$4K2r1EC&3$=Zzx}FF3pr}8o8?{V_>V~YLxYMo4KNURq|ZU;CPs`#IWM4
zKs+}J^l|Sh5r%(S*X-St7p^jxr;<JVFy^o9q}2W7UE{JykaUf+QcrSaaMrxjc!=Pn
z)t$|kkU=<oAgHSb4)foAQ<@Iab^oKmeL!$3xoJ(RTK)NE-8Xvw=p^`Z*8GH=+i39R
zHMY<ewPD-)kJZA&>cOOwj=-vyZ++@<C0x3z$<lVyem36qr*WI^Ic1zrJ0Q5DfZ(2B
z!jE3pRXUiARZl<uEA4dSr&u__Iyd^}AN6q*a5G&8D!6rOx11->(9LF6hfPrf!)?d=
z+z<fy;IxV^0fY0uUdjB&24|~~{I&~sp0asr;tDTLNa_xJ2m<X|-Snc^HQjvA8he6A
zRp`b2VE>fZYeMBCf3s}!e*}JXQ8L=t#OqO!7aDB@UE8p#0jp$%-?NjvU!thMCDPCg
z9F!c<TrbrAw4WZqw$a9>dXj7fzqFeX@yb%nwDnZok!ld=2q5Y$u?`z!0+w&ZN>?|N
z21AWE7rWn*Sr<}LBHcKG>-MU&ksFj@7F5QMba-q9-BtemHs9qXB#<CN0JsM~E1lj}
z#Qgil5E%7S+1HR??Dx{+Nu|6EYWmWkyFmDzpjLn3(6z0xx?;8{{lV%nOj!?j1l~3B
z#%TJJS_{?0bLHCZ31{~joPZ!BU3epspu2#B5kIJWO+7UuU>cGOPWwuA)`PC(jQv9N
zeWyddf}8!lRifu_PI<IYuYrzl_@CJQ|MC9)S0DTbPI?90f3usJ@6GC!$s_%w1so1W
z_95HdaT@LEL#re)j#cneqjdrLBT`HUCc(n~7??69fj<Yul=ej4&b0IH*L3lK1As(t
zl>k$%LCQ67*ueKIfcBCd<$f{+J}VApXS$yIx-!4q&6!(QBEJ9f&Q@=2iXi4jO1$z=
zZP#I<GSO}h(7sf>v$B6@MWo`i1(j)=dKM9C-TpnFiVNU1o9bWLhT1h}S7oWn>TB{)
z1^n<9Kv9sJn@*-Ht<91_)sP-cX-!V46*Z3^Pn}X5K#=0SnU(?DpTr;vKOT!nasmdX
zpDc*{X#{?qdsl18z>XqY<uGk=CudY2pmpxX1A0VXGYcl-OuAfc_l9tSdqNM*q*m^T
zbEru+k(t%VcfDB2=QkP4vw)0TQ$^tAvdXaqv+wd#5eLDNjBLtCBPp{kNzBa;g#)fU
zqD{>=-wu0xl+0?qBH^y50!`8>$a-*FP#t}{o1{^(8|Sce|Lk6X%{&JjO4WVfB9Y^G
z&OQCz-=SBACML)`%6zQ=8j<p?xGMPS?Akg5Su4sCGIj)&NOtU&7egdjK+{QC;{QPT
z{}W>||Hop{S3XYXL)+X@Eus04MPgOI$b4918WZAtqaH&#z$?HsxL)VwhNz}<i=vzH
zh44bsE*1EPB*<PfZQqF~(<SDHt_VPOtCVZ~x95+F=xv42{oZ?b{8cioh;lno>A*GX
zbWLXxPI8B*1XA#vCz!*Z*N^7gdfcEFP&S^|LDxd|fv%}%9|B{BrQmP=sAxX~@S=+^
zJ#@5Rx5-xpCK_0HS3!~)W6=TX;5b=p_G!Vr<l)X6J`tuzm{+O*AGy7AXDkgP68r&f
zGE4z`=Zf!Ii}0_kg`V{~AcMrHimXjA@61McLPBaDH_#Hb1HQFtS7#8;rWt(>+zoG)
zq@16{9bnuak@KSr?$C#6_i@hd<Gmv4>Z+Dub4`W<so{(OLj{m3;M-NB=dI39&cEy^
zL;ecB+uC4l$#MT&nJJ?c>O^Q)+m}K{(pR`!OP|1w?i9a+!9DIxwnxcUZmUSy>~%@q
zjuw`$Hed@?n5?T7$Zq{gJierGEF<)=%F{I<>|{pFydhzwJz=s^ypm1c3*y_p0A!DD
zqdKYNVrv`MSne}@N2QrJk+WNdxDc^Wf1++7I240&g=78z6Pc<{9};`^N{>rE2*a=x
zLh{Lv$G#qy77Iu<7P>qXV-IdZ{%zQ#jd6kV+iOCJtxY1(4xB?@XrR*7w}VeYdx7!v
z3xR~259F}TxuW_5FAcXi64y9kyMj&1qN36iK=bF=im{j>N%RZBCw243E(gS;ip4Iz
z@?(Kdl~8+*m=&ukJ@Ra%e)<uyzc3<V@N!)swa_a$&sqyiVZ{g{N6+qkCA1jQ_XsjB
zd;!7U%PBxBe5vrr4?nyXl-;NrQyM#z!!6A5#_)+4Q>D0#;&~rh;Fl)FJ{@`t3X0c5
zUsfZPC}`_-CUezpG~xU$(Ct@hA!CSJzu(psd`B!5xTL$i;Vdy%ayaQ&=z`-ZkE8g^
zBI1_|mC1!tpfJ-&sU~v?(Ii%Qi&toadMkL4v;5$O!T~YHH?1*S?+%IH50a|cdl=?8
z{@Hys@nn9Ky)~AVb#3EEbBRbOQxCc=)_s-pO{ScbWAE;x33}H!b|Zla14q)vPZriE
zDloE{6;6ZrU08IvddTVzCZ$!P!)a1Yfo8v--3#6pYj}{`d(ChRUE#P$!cvQD99vXQ
zj_nf8-(T5rFPC}e0JCVs2(w1*jNAdR|M!NN`Ilys&=)Vqx9wAf1;1;XyNjNut!Tj5
z-^<(WL|bGBJwSf`SeRq{wdnZ+R45R*ZZ%zkqzs+p27V$=FJQAoL7hU{<t!pGa`Q(9
zLlev!D*9SqtqNN%S%my4fIr$c?(=K16Cx!@>xw2E$QPB7Um_G&irg2nn%pVFIX%+6
zqqFgE_wFWZCZnea);nX<FVnJzaJ5u;u<(<|GgI}M@KLNC#(aGUD|{znZ+a!JndxKA
zTd0{Vgiai0#W45w`gyzcz$>WD3r5qtg@ed0!Q!M@z}J;51YDf?T!Fm{`gj6R+y<jb
z>)l|Q{nE><*VE^|+d`giy_5_Qx|#`IDn;GmEE(63uDTTP<T$X?+`KA}{M_Sm9II)$
zSnbiI82Q+@P1V?@G=%!*;u<E*hQf+twr=QNSV^6-xLB|)7QW*zPvA~}1|KV6@;qaF
ztKY%l<V_v@Qk`>O*}cY~fOU}@n|xM}qy6&nU<f`{IDZ9_FN`s+-aD2qJM=@+uiUaS
z?W#IOmg?tjOfiJZ(?5^QbV@_B6p)5c@T-N|tQlFS#^Cb9T^%~muCzC9z{TCh61-a_
zEpR@mW#6)U(RWUN>#M05yyk5PXgYFSEy_w_IP+VS+A~=P$iXHP5A(wkFL%GerI-hd
zc(VQ6f-W&X2>v8#T6*!~TJMjT&pj`-{4#SQb7S3uS|I1lZsKnFj`bJzx@b=#?_^IW
z`*IGzj4J#s$dY%t;3lSAtp6X(dk2y3F?9`ZlU4$-B8P@@y%CM6LeHDdTg?afzR+JG
z7Tt@+U4~SHD_3=AzsWsEP|aO740nj`j;3b#gO?1J*a+%UxZ|t^H|ozyhQvM0QGe47
zXp~ZV5DH6b)wJl%Vh$#dx>`Xm%%kT`fyI<TUU6m81;;Dad~CDe|8a;3>HCFC<;l_a
z5wd%Kv^JGKqMxmw{S^GxUt(B80dg{k9}RKaIx^U4hddHf>z>(YY=u-^YPFkq)W&3d
z8jeVZ<Ph#y7etr!=eQ7(d0ScMd(R8KYVdOrwdIF(&FBsC)|s3DIEl38ZbY^wnDmr9
zzCC(gS{m-WF1=miXOG8b&^#aTH~w2-%U4F5pPLkZygsgVcuoamvU-{5l7+E^VW^wb
zY|O|WfZ_j${y&mb^M5Sh9BcRYSEA8n9saK-F;<s9@!uY15|(`!gqa*+%GC!9?9cF{
z!+NC)3ra276W`WcoBIun0l;*HVnFb(7{?r_W#L<3j{eU1b$6HN3C*mY>}XoIi86F!
zW9JqCQ<47WWs93%rf!PY=iQ;BQpA37VhUa0TTb9V)A<LcHCNt%-JWie#`c*XqWjk*
zWb!qxyMufcS9}5kCle}*DT*u$n>x~2fqdQgK=?z-!-*PF0gzn<XTWPMeAR0R&&uVK
zPF5rIvm5cygZ+}2cuIXL0W{GPe{nOY4#>9=1Lr?pe7>xr5^B6P6`_+vo|^9eevlai
z>(yfJ){C-Kn@!6OrB8iN+5GB#b$eL04=LWDyJR}DH0w<<8bb|+PprfQh+?A6(Kp}4
z3C46cf<UV=;2(u|$E($DO_jcB%98bOq}mcCa!>Fg`X_bog_)VTI$o)_P{PS~YLqM4
zcyUN17ONmSz;y23)Vv06<eI4>1oSa`6$;^=Y`T@DmL7M{Y8Ld3Y9^Yi#;4wfzCV1+
zzdSozOH<=~uk(+RXB~j&XGy`rt|(#iL~(b4=;6=5Jq^BfBHALL%Axo16p#thNVUAJ
z&SD|+1*1pIRLro41ygA$KY>BInfc^Ix;2Wb9dZZOR|1)#?KM{nG%i$wV6hk#6${Wu
zt>3K9^>rD-zi4qLN^WiSwv!>E$6EMiueHqYNv^7r#}V~yrv8d%xjvL9qOg=rPK8s?
zFPoY9zop(Xt|8z{aJZP#w@RE5+n9i(8(@9Ct<_4vE^sVi%X&F0miC1Rv4#9TpED{3
zf@aQg!WKik?Rr=ky)Ac(Y#3)Nz=27xVwamM#Qm>uEC9|QFb$H!my1oC*i()7$IQ=(
zgmbt(r>j<TOTvx-&JpL<;7wpT6ZF-XzalOLJFn)NsDG$Zn~A}(89*gg?!UBh)c7Z%
zOD9+RnC$^P8t@VzGuU!9Qzg$#Vt7tCJ7=(_&tkp1&GgpQU$4o+9M{eg&DrnOKtAXU
zK9B5!TjiD6*8mphoI+|H!5Gv^g)gYk7F1y1RmVK@F*|$9Ph{MF5Qc<ArEQ77w)>w`
z=5^lL8n+*80kWoUWWWCV;%@rG9G6Ag)1(?t{N=YwLC@dFHUraN#gxPjyMTB8b7dqo
z)6@Ux!rmU6wv)P3eB(RxRV=LozrFQtaOY|kXV?*mVIW=kxA*`;WOWzBL0gaB`eDug
zG)n)kMtT3`Nz~q!ON{}}?cJ5sn<YL^faF)LjZJ^AnhV*VQtSs4=bEl2a}T}$za&le
zKhC@TxqjG=B94lWRm@!a!4_XBY-Rc&m|wG=u}`=3+#=h(?a<G{GVXb-2dLZgKoT%z
za}$t%1mtIThnWw1@7{L7ewmSvZLI#;61Wa@%|e`zTfAX-q);j#-Xk(;V%wY4$90X3
zMuUn(fW^>!49E{io^Dq;C(@4!c5u)%QO0H%#8uiP_LyMDTgwmA3A1yM+<=gMr|LY*
z1k8o+Bo#7U0u_R^np0KAS+(pV`)gN-T7WcHeiUZ&h(}2QgP#95Fg28aqz*yrun0QJ
z*f8;_JJArJN)G_}$u5Rq%22nY%C_=gN5$0sfM-5?H#?4q(Ug>nxnqr&2T$%+K58g|
zOi#^-u-VlXcg-aBdz-MXc4SByD+(Kk5BcRe9J<7$Ev~bYd$<O4+#X0~?yv`v@A2G@
zSDTE>4ujJ(49Xf0>B3Loh9`)Ko%u0!FFPiolV-cBIt2^o7?@uQSM%Px)>;a5ngD_Y
z<aYtkm;NZZP~^eP<Yy4yv#C7pLhb!2-=RpqaqFl<^EZikM=LE-`^~>lJw&)1SrBMC
zSu8fi*!C!vJyPy%lP6O(F~HK~4(Ufb39Fs%iAUG_-6pfWwtotybPfey=HVcbUuH1u
zF0g3bgG>YD=)}Xw`gePYGvCXtMC$-DwR#7Tob82@lObH0i?M@TwGUv?3yHhN`CiA&
zpqo1ko@P`=AGhCh<AL~ou*Qz-3o|mm!d<}j2-SaXY{uaziILFMvA|i8M=rTCqky*-
zSk?((Sx)k?xR0@=0<&kJ1kpZ8&_|T`KyZNE$|N<Bt#=M!s+A)_pxM<U<0^LrtEVs^
zJqW?bOcD<QiQ1ZC1>@B21!j1cB3|>V<>CF8^UR%8Vr{H=i;KUGG7i~GDg}5e9Xr#0
z=>1GHJIXYeI0xi{Q<qlyRQdE%)Xe#b-r>G%yVfi_pbAvo%!aKuU01%J*APM2iZD-@
zCPpN9aH5Fa^%%Rk9hh1A)Ut7L$#DEgcseev&R|rK`p((gqurpPr#5fJ?G-9AQHkrH
zNcl3Go2=sVxm>sQr&jd__0)CxVyP8Hm#)a!%RlksD#UK}jTg*Al`qL(Mcx~1JKe|j
z0$1N3+5-vW#(aLBJS>?W^>I7YSA9pN=(6|B#7^RDe^SAW4M(VQ|3gsZ3~g@l>Iuj0
zUTIu^v%aam*4xA(ZVCMx{j!oz)uAKwn-e}Y!q_LI`!nX#;f3$7+z`pQiq4R(QU*O-
zV&2P(_5H2d;oUcWseAa|ZvY!w{rctK^g624cWjR`2K2f6ua)n+I$$dSK1tMibLAr0
zJA{tw_ZiR>MPAM4_mL$d{W;8q3dcdEuXRsO-hJ3SbWr&KMQ$3kL!e_UlP*=Y3rxz&
zre(}v55A)*!A)Klk2-3gBS#qD3?O5Q4;#eg23OX*Gg~^MD)!4?WNs@-A=DKV#7lji
zPf4j;Cnvtyncmta#W!jtaMyi=&k%|3MrR5=9vNNf_b{JOm=28(kDonx)&@(s(gV2?
z0q2{y;Brx>p%az_%@EZhe82gdg)cK+%jt20sm{bDGrgS+$2@jG2-WCv#wWBav0XbE
z6CdjKEcdqIB<(H7VL*PrUeZF@kL5IMqGG{-F&5qaNbrPt0Vok}j;-uk*-!LPNHcnu
zmrq3e`7+CPC?R_C2O_R1<O8!e@cAq@i$waGy{^k(lZV+wQm(DpZJX53yw^DAX_pOt
z$A2H8&+{--7o9O_70jPJ!!Z6$Qg>*>@Sd9#RrtPK1O92vNLY;O2end`Jbl?{nUv@8
zVuCU?s%wLiOPQ9W*jUBK38toNMljRSgJG0fl{x`BqlXTCK68X-xN=PeU$!~Tlk*``
z6Mm1oFa>>{?D2A68XZkBuB2wnVXu+dP*cAMr)m{yn$BeB4$kRLZ52`Y2-IySn>Op^
zuF_A8Z@9S(>TQ^%5z!el%r;QJ4ROM*L^@JyIRZ%4N;^BzUWRDdITKG2O$pxwGF!Jz
z+#Mt?I%+hQ-7?AV42|F_ZXSpOszg4RgH6U`+8S!w>GQvK#HI|jmlWiBJ_wCl5td->
zHpx%EdC$<UuNm3e+m4n?!P?U*P23ve?S5Bq{(?^SNM?(4Hbb}T@f5V}Mv`5wkUP;X
zbzF6*3hK`mkC%C=b>X>8vo86fQvZas6?Pq|F}-a^)zm(2w&GbJi9xsGu%UHL2sa$7
zZd5gbni-Uu3bJIIDI;$alhOqFFW}n!Ek@PWlAY@*%DZsR+0b0*kt;CK^=&*O<D3l(
zmF;LY<<dl!_g)Nj-Ku>Ca$vHAR@(lH1Mvfse_P96OxqX4pX)!EzxmwSOP_JHffNm=
zJCE}x&H3EY57Wx$A63>0j6xV3N^<x(UEpGJA5qPI(pcE%4+*Q|-b7{0PA8EQT28dv
zXxaF7e`(idP+oafLKYimMJ(ooQq}FJErCbf-X<1$)&zbl&ZV0v)U+a+U;oHK)(DbO
zHd%T<mtB6g>M_p1f}%>=s5dY8QBP!U6Fi>cvoG-uQobd!9!8*`o;CgygnFd(20w8f
zkJFCWI>Uwe{1n4V(IK*%95=ygevK!c)jImBm#{J-b<eN6lgZl3%q#Btyz$D>%9{f$
zh3PSF$dtmQhbQ(tH(fSPHt%<3=1rc_^RrEr5L0!<ayxRID~V&pRnE>`5gg@_P#;$o
zjzDUyxU&N~JBOpRf7fO@EvhDPoVDrcav5C6e9(UK%tTs}sD8mlQwe+4J<F@+X8On|
z`=p!KT-Z0qhqSaf)r8ARWv0EelYO6wk>du*cj#xBBX}>~-nqm#m<Z~Cxp&07ic$O|
z=X#HPA>=tO5KwzDMghwH#}bRsi@ox4LAr~rTjjISDgvmdoqTkF(y-)&4$apje0TH?
zY_ZD=mgGY>Rg#rTOtrN-vW>Oy6XMn%bYq}$K>rBq2;|a%fm6i6ciVb$$i(2BR?%*a
znF80HB&#Z=xTObUjRqzH^m#)3ihy^r$}S3fzgt|3IkMGVbV}3+S0w&e?ld=0q0J2#
z9}(>;*;PjKgN`<Q&yn1F$MhGc0fKW!zm?{#i^b82KU6IA@gs;%%FV0wemBuk${z&h
z%L{&L&gK@hT<uKbd|i&$A>|*F^`vl3wOwQGQN)Jx=X!Tgr?vSIvvGQZWp%qm{*N-(
z>875~jY35PaPRuNF6-mD@mZ2)hRKf%^QWn6K;M4XXx+VsstjEE(qy%ah~y^u-`)kf
zw(-AF(e;0Ts`TjjLIjtv;;&zDx#8*!o>k;DJRWsSxzkpFGJ(i?NAatV72G_k?M&<O
ze5lLlS!Sx2&(uHWuz{=?yVmPKDd9zmxG<}1Q16Qi6R3dvjwL;L-wGzz#Z}X487Tr5
z>2)S#PSTiGf>vJGELIH`teUM<R4(n59}^G-V`y2nf3-S!;_I^H4&-isMg7z(W%!!(
z@fPJTHKQ&WH6_OkbAu`~k%xr=!Y>o^&+&9)=YCQtWL$FA{J0iX9g3o7>SWnZP&5%^
zVIHmG7feVsWvP`9_dHEXQMJ&phntr#QR~AL&()1y)%9}at)njL1fM6&BCKg4S;aFx
ze=p$j>8x_DB~}l0iO~T`s_B7LY!qS)^9u<*O~E~RB^UXSa3^gA@8=babVyB`wSJ4A
zG@p4=$5eWVb1NYpf#;|_3~8C`9D4si*r1Y)WE;OCrI2dzdL!|J3v3tX#`+S!Ma3N*
zP-X0}P=Y>5&tXJ%3oahQf|T!&TI@*$3+YJ{Jdy?5p5rvWpRD9s<muEmc<W(AZ9|x`
zivg-_H1nN%?Of}-k(X@7(Vn#0ajl9>Yd4xDZ;Xj}D?6ooSTljrL&4Gv7mQZkE475W
zispTP%R4M=FU#Mu<_%8@;kEpiS;XE@){IhH#R%y!i)R>KZhbs8WqM0&_a%=!;*tDm
zNn%Tqw)}ZZi>#mro?R7tT}lQ!8yAzJ-gKfdbo?j5U-`K{Pid9X7iy(@wYTXsc?u%;
zkqJU_^)&YeMYV*0myLkj!ENjA!pqFjs}p}z7#p4u7jxlgoB*eYtZHlTi1CGhZUMVp
zc#5bI;`-c_me0GW*zA;ZpL&GSIS^v>7Gg<Z9G-(@Cjx#fsKKNOjgMe*rQ*Urg!t>U
z*Z2PlT?+P7LOYG`asRS@Pt`2`t7JgfaF55ae7Y>sVkRqPVZFki`v-Hz*ZqV`4IDux
zD&%Cc{k+*OdUUHO$AU_Ejs`OE$qH=VmcG9-OE65cR4+*^`h+MLpKwFo;Td~ZeUHo5
zO0<P`c9JN)9`eO{6X~D36R^Z5x7FV#7LGBw7adbg-1_mB6&0Zm=Pkujrf+apN*z7f
zD)Je}g*We{#g?^IrM*d`s>UT`7ZC6Gx)4ku;M0J5G#nG&>lKyiN9iDUR~L2D@)QpZ
zXzuK1q;T`T@QWmd+bRN60x2WFO-R-NK8gIhpsc4;qaB;NUZA1;AuOV6!O@tZd5rch
z9Ch$;s|s#_e;?5f*=xEDupbj-SYLgYj1?s~&M>pbhT40mVc~-R38!(2O~p&C%Xhqn
zU)5>bd~%T((e3rvb^hm^PJX&(1ZFx&JqRrg3v_fafA?Xyi)yyH={%`&1<vnh<l&U2
ze0siDN>A5HSGabgXKP1OGktQO5vCiS-ika5<&bUQ5oSqgV=d<rC|?dc2e<v2sv&wz
zm0vQZUE#QUJ57i6U&Ql`N>qN&a5XG?yKC?vyZu;gjK^Srch*<jubFt-MG|R&wUp^l
zp+pFDKz%n&4v30QKoWrCnPc5cVuqkzoa#^#WCxQZk70uk1`qEsB`nqYH4H=^!{e7&
zM=12v#1ieVK9>#QtYUu7*b=&hhsZ!o)BE4j?P?hTXh*L>d<$coqGXlU@<zVuv9kdu
zeLp!9WtwVzwrs+=-gnmEKxK}p8-7rS2FE3glt=t+YeN9~CiF|}pDZZ&!tq@q9qtV+
z<-H)5IG6&Ms&wMOZD*czvc#tfy7{Ao7Vt-_zp)fwY~kHXKC{7GgKU=1xX;5acb&!j
z#{Vxt*FUR;KWG6(>iN^Ob{tih{l&3^PZ1U5qr$^)!)5-F!#JcIc5NYYc|cW`TGRXd
za#nHJ0KL7iCfKqU--+)0YD^7HX<m5#W<r8tKI^!y^ArGMc7vfNyIPOI`q0(-1wCcX
zL+Q}8`LGMuG~)8=BEARNtQBX!HSb4tG9qtVYVE>Fs`w0jT@}o*m%7I>Loh9<?bvvy
zr&0FAh<h$Fx`AlQx#2PvFD3GS+fhD%Piq-{vJlbse#37gz*6(YZ(zbR&VxR{A8bG>
zj%kF6SiCp*9$N;z))CfnM3J<b2LL_piHB~O?r;t8UD7RQ9JP`Uu%whwyD!40pMgg6
zS&|hi#-#SDHHQX-IyPAz;%tCqcoOd-aX(Aw8jxiaI?*~AMrSs~&-73DIC26^-x^T&
zD%U1jxy8KBDd{ZJhKXM3UPyGhLqnOZAQfU3WOW01F$<9<B{`8<ZmA|Wo4wZG)&Fe}
zhHs%cYp$Po5cTLyLZQoHM*QV`d^X{$?8~!zJf@&WM=Q8@pS+h&o$~Oev)!Abz$;__
zPchdX59QjfrxI2<tyGR<bU<q*BsnunDn)4_IfNl$MUI0Rlc9#9m8d?4#E^v?!blm1
zaaJagA<V=WGt=Zaj!lfyjPISX_S)ax`}_U&UwiF8pLgEp_dbWY@8^E5`?{~lAsIt=
z0^cw*a`2m{$+J;k|8?fFHTwL#>>Lp+haSQBOgkfpWk_r<r!Ytk#H%|wB8fG(`obBc
zR6{H4>VewZ%$n+eM>8<G#=hS_hU+!8hI`Simco^u1?EdPlr~oOTqZ2)fALv7?hr9%
zI+?M}S%8+*`O8SfTtjpx{664xrwi8dU`ck?`|fWu4<M%gnMV3v&%61c*Ws?1GqK&g
zE$#xBnH;y8u4=3jP$4_FR1zBaY-+M%as+<5+K*j2RuOzv+GUX?qu#r`&3u@S+zeaK
zL4%KKW<>{Q;O(5ple<>37unmL1&~HvjEodC$uyQJrNtOp%UphiNh;hW_rM(KEBZjK
z--57aOCABZoD1X<mS@{z;}{#9EHCO)^^h1N2z`T?P_H(T=s}XtJ)!O#>D5)yeDV|h
z$X>;mO%~6t{~emtnCz3jlc>ra)e6k7)C`T@R;Doqz|?-w^`Tp4ijV8Eu4%P=gJv(i
z({zGWH^0NFL4HpfOOk&7Rd=5VM*0tX6WRVX<THJAqrK8MR3Iz_!VJ}Et%`+ESuRbs
z@x)#cR!|Pi>P6PsShJ?@$_mrNy(Z><-TH;Ra`(6=yvK|wE)Zxug`D2tr!BjuIGFmn
z`VN(G@iAtDml`EANBLM3!|q(vvg*d@t$BcJ$fPCmxBF<__IKG_N^6{a*wkZ9c9Lr?
zM~j;&D|7+WQd#A!5tL04ElM@;>>aB)h8k(x4etnGTr8Gna<EM5#^Ovd8&i_eVEcB$
zGCbQa_YhdN{w9q9O)6RCfyocu<E}^B-|3Bag$ALZ^$>Xs53o-?TjqLSdBE3E?>a8N
z0#cqe>vv7*E?l%l*B*elonrL1gQg#W$aFOkkQ;VOf1pw!jFJ+38}$6=t(cX;-=IwQ
zQJA3HFaI`N>A$%+p{jrbCnPq^O;9PC`ZU+jqsaF%cc6eQHf~r$v_$aV8yyk&yt0JV
z^u{6<7niwAv;;z3+P9I2Xb&p6ieI=FX9Q5Xd(rcxpK9C-jY?MU@>7Y2-R35?rCj*a
z>D_XZa+iMv*~Q#gK%W2Y{&;6X58&yL<~r|orZXDY<KQ^Xf``f~s+wWu9=-XZL)Adb
zX4s>*In_S*qY)7PoxFHU7uSW(rR2VCU}R(Kq+2?KCkfMUBDw3lx!ZSI?f0FVGPILM
z5Q6k0R^6tP_Kt5eScVSrX6GRoZoIjuYo0zJ|Fy&CJe9Ma@gx{Ao&9Wby^Mch>3HaC
z5b_t`)?tfPRgM7<!)m)PabjXt9HRS`XG~Z9&1;>Ry6vHlaol^->5IoxrE?Z6&$@sA
z=&qQ&+gEo!VpD}AULj`8sD(RV9=NJc6yZ#aQygg<Msr1DbT0zWX<QnPR$P9$k&}bk
z>{x<xfMWVU(k#q6&mA6ZJuwhYFIqn_Xysxa>ajyw0JfCuiI*j1CX=V8Kkt6h?Ifpx
zSxB1-B{eSh_w6)aQMHHsS}*nJiG;^9G(7=&m<@luJ3j_pr~a0bs9IcFpC9=J9^F&b
z^8$CNj+eOX^^K=AI6tup5xoYd<_rM~N@&&P#XSy!ah-Ax!Pgz;yyXk-5Y+%w`tlEL
z<LyW4J!_-d&y;$%g{`*5*_>e=g?uduorkW_!ZrB*pQ0C%Vp_KC>0WOPnb3UYcIuvF
z$KuI6J+O8b)%MLyUd1K5T;2JpDQ>VoJ#3v&Fss1Z-EqrM`uACN(oc=$QD~CK4u^<a
zdp`Woic}F`c=f8;wS-5t=Q1BSBl1o_tUDh(eeaG80WYo$??%Btab$`8Wkshfv?C<$
zJcW|%yNvI%TO%-)qjQ)gmFcxq>I8E0#b|R0x@&g+37(~I&$DqE4l>oI#F#b@<PMku
zL>4)u+t!C}Lf?FMiuX0HrFu$2nO!^8mt-TtnU8bHj)dCFU)qAqzmM(c_?R)Z@>wk<
zPD-Ig#3-SjqiG1MhkxWtN8d7=%-Ct6XYOaykH_-s_q>tC;$A>ejkO=G>dfDv=ikmx
zxy;i~n{-C?ZFJ)OzH2*EGW+~)!PVr({l3#kUCSDFPHSl^H+QIH3ScIE@%7!8HysE~
zw>$5)lPGfK{4cD6rW|VziB}$L?X5A-Kd*j6t%SV!DwZ`sx$SFazE{U-BZo3S>zQe8
z#e(DY0%6q6ZeQxI9v}2E|7Xv^oOVLye9uGzFc_BC6!&`rH@FlVPDSy<sr|fuPU8?I
zo54AQJ4AIP;$Zj!D61atQR?2Pvf#XR+mR>b5f(UcVk%dRfn4S{;2{{JbDIdHBySh~
zn+AZ3|9$E!ZhN<|@J}Ynq$!jOaDA31#~KOl&mNsyb?w=%q9*3TV)hkQ-LxTq)LQ{n
z&@*LHZR&bcAb-o*8J%cADMc&%WKqbd-6hf~8Lcd(_(G3xQ(z+fg8UBvN+_YM@;c+G
zMtMhH^M4j$R;gJ$4HW?~h6Il0B_>3F!MbJ1>%-2M|7heWnHnG0&>@&~@L%0u=~?U@
zKQ0l{iV9K+<DzO{T(;^=a%U*A;GK$W<~&i;+_pV>ZvPI@!ir$22Q3U0G?%a*auv~L
zvZZdGA1mgEBGws&l!xiqlmxAUDW9MBBDQ^wH^x-%YNH*$VH=ql)u6VkGiK(GP^lCk
zwTrwg@KsADZ9f}g73IpR*d_p?Q*Tl1NIlM$MCeFD)*@{>fVz+q#Fya`1Hc5gw%E}E
zNj}jQI{Arxoy^tR)y70US`;1zHh{|kQY0p=l<8BLRDSu7ec{Sw-D`H0)6<{nie8l2
zjGgRzT^%WBC(R9kl44VF!mA4qAbGk_yfq!?S{?RX#O}aKf5jh4OUA&m754xcC`HZw
zZRPp+t9()zI7$zr+Hg=DVNC>5wx)*#7p^~4-BQJ`0L|K?TW8__P~^d)1o>ak)kDBO
z{w;bw!jOM_tPp*}_P!4UKf%gFM;W~#a*#t~*QtLBB~(D%q5oOLRIINK=W&8&hJ!AM
ze*DQ1w||J=Tx=p*1eI8x583dWLLDj%o`6m!4_2>bQYVbOL*o{=gJzPqU}m7`>A=1j
zw{uOmWbnM&z~25D`M{%ZM-Dot;q9W<)kWCLn=Vw|1^p8el<BJ#G$ZOuQx8Du>(5;8
z#s0fYmXVt}!Yivo6UW)sbXc5zB5_ZA#xX*wWMe)gx|>FWW`{Nn{MpwC=-c>bUm{%D
zn&d9O$Z-_cOWFC}{aS$dQGAZbv>e^`SA%`XC4E|C^4yP!$&%x`v7bF4WIt}ZkQeN}
z{@!Z9cVa*yaF}?e4XBM8Pw7PF*86<3>^PGWRe*6k_{#_EU_0dV>{Hb#$jOB}pQ_=?
zDwdT9cOU+ObDIr^l%T(aD)E%NsWF}68fnP4sDF5qk;daJ!FgA@!W%myj5`<m!q$~P
zYCn8EM?9bMZiHwK0?7;RKN)~|ZeQ;`$m|h030}K-L}L1M*S%j$DD3doOJY5F$x?0R
zzYVWhB9n*1A||-`0OiG&TNWyF?)3rp8iio!h)0QbC;ACRPRt8}zsz{TczG(IMuAdu
zq%2|y)54}4PdQxBc2%>c8*h-55N`$sCHPFRnkVsTzgdzOnP$)9_#-hyoZnmk)I6vj
z$0C}f4|{0HPZUF1rH}Z7K_Fk@(n_{jt_<cGx~kmmxNhd+J3UNz-q;uW{vQ$6UQS{k
zYG*Tf00e=l8k>+K*A;7LByM-of!!s1rFjxX+G@dOSn64?%%Nm@(_q4)T?>|eFRk{_
z2ri3_n2XTEf*~-2(%dX)KsIq!0$K?I>EsGvo=}<P6wCMCB0SoMv^;G)#0B!uuQF1@
zODXp>U5J2!2Oi-%rd6;>=_cLls>OzRcHt%t<6j$!lTc@oLCtVn{?yFMZ;Na9S6_D+
z1!=r)27xXJAX+WyHZa0UkCzzNuzUa~8{cwyvVXSVoS@XJ+N>FJqR5BNlLo!G2*VBB
zYw+lkYb<vR%PaHVJ^{gB^b@~s4_(sqAF=(Z@<yFcq)9vSEi=M79j$jtB;}YmVXk)*
zP*z3tum`G2{32LO4je!Wa=LpL69h^UxLPM546!Y4YF9XBV4)oou4)&2xdvWtb?EI(
zjAmv!8W9-j-CGR%Ndpm;fKCMX*ckx)vv73fK=hDFQa*0^BEz120jOG;AD4<igJGAd
z2Y-me=0bK_$%dc-9o=-Bfqm#&eQRD0$M`r_8CX?2s6lL4wjf~-5xI#Cp@TqAt+rg^
z9YA0M+w1mR6y&KO^imBF9__4Y+Q2JOkgDLF1LEG)kwZ%81u7f<YUD>zklX*U(%Aok
zOA9GL|G!#j|89g>!@p#sa|pt~;y<LPfi--52k`POO$A}h6V7`D<fPkvLisoWdkbh)
z+6X2En%N^f4G5<Nq^7_3CwJv|C?}KTd2iq|FrEwN$95$Zb_9KJ#4H#zElTb!GXug6
z(Dm{gB1}m@BM5Z6`n@Y4W2kgiFw%g>)h~XGH%J25Z6NZ&fQyI3gXIMiDLX@cc2;Io
zN5E@xeo%ID_I}&~VO9fn>jumtn_@oHlvP$E6d0-`^Qy?yStV^;b#AmlMY9=6A)d~=
zzV3?nWfW<W%{_0%0|}rp&+>JjW0-{klo*j8zDN0~n2<{rK+_KRF<!&b#Bf|A)nK^B
zq05x(kkp(8RX&GcjH;wJFLxpctM_;Cmz4$~H3A{R+tqU!)qkjFe{^T&@8fMe=bwH-
z=!J_iul<r1Co7GII!C%dLY8!YXbNti)o_-T>~tyw)IAWnKA61gwWBWL%#eRWMY(sd
z^|UdClWkG^z2EZMs*HbrE94l59f3Pam)tMd&`L6`D!s>{aKtBlHJDBdGa%8`^v`;&
zqH?swFPYU;9T86mY+Uc8bhm!nTw4kd1S-JL(yPZsy$p`kmB#8Fv}=B$A<+h|8=Mmx
zAhAUwS8|j5U33`0_`+Cm2l{c1eNBt5NJ{N~;Tp4>T)O-U?dKFF3>5M;uMELOy}U$S
zX;&yIx*}cS#nobS4-IB6spsz)d7OLAfAkN^UyBNkXQBL?cK2TiXT8d$Gy4*+-j{Ma
z6>ZWiB&9hAWVr+Y>V$Xht7<~?Mi|h}DB<+>TObuJ3?J=o<8w#S=J&&twsu`6=U;dI
zp=yKI*4r)tiWbOr;Wv*}k>3zRy)M{11kRO~)XNnu&i*qm+?0i;VfA1C|4(9}+&a>h
zodD9L|6(VHS2O&C<|EWc1kF78N{4N{g9!;?o-m+_^piGk%cRx;?d;vKmF+_N5;QVm
zS2KiU`Ok8l&9IFxa(^|N*IqXJ#|dg)Dm4HN@QmS2$eY9fvr~5sOMz#g^Ji>NSDf<1
F{1ZTYZh8O!

literal 0
HcmV?d00001


From 33cb1fc48603821b47e28278503420c57e3ea3df Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Fri, 19 Apr 2019 16:00:19 +0200
Subject: [PATCH 6/8] Windows/Privacy: change formatting code to text

Asterisks need to be escaped in Github source text pages to avoid being
treated as formatting code for italics. Here is an initial attempt to
resolve the unwanted formatting by escaping the asterisks by preceding
the asterisks with a backslash character.

Extra detail: typo correction, "micorosoft" => microsoft

Closes #3304
---
 ...-endpoints-1809-non-enterprise-editions.md | 88 +++++++++----------
 1 file changed, 44 insertions(+), 44 deletions(-)

diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
index 370860330f..b6be3b5acd 100644
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@@ -40,52 +40,52 @@ We used the following methodology to derive these network endpoints:
 
 | **Destination** | **Protocol** | **Description** |
 | --- | --- | --- |
-|*.aria.microsoft.com*	| HTTPS |	Office Telemetry
-|*.dl.delivery.mp.microsoft.com*	| HTTP |	Enables connections to Windows Update.
-|*.download.windowsupdate.com*	| HTTP |	Used to download operating system patches and updates.
-|*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
-|*.msn.com*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
-|*.Skype.com	| HTTP/HTTPS |	Skype related traffic
-|*.smartscreen.microsoft.com*	| HTTPS |	Windows Defender Smartscreen related traffic
-|*.telecommand.telemetry.microsoft.com*	| HTTPS |	Used by Windows Error Reporting.
-|*cdn.onenote.net*	| HTTP |	OneNote related traffic
-|*displaycatalog.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|*emdl.ws.microsoft.com*	| HTTP |	Windows Update related traffic
-|*geo-prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
-|*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
-|*maps.windows.com*	| HTTPS |	Related to Maps application.
-|*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
-|*nexusrules.officeapps.live.com*	| HTTPS |	Office Telemetry
-|*photos.microsoft.com*	| HTTPS |	Photos App related traffic
-|*prod.do.dsp.mp.microsoft.com*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
-|*wac.phicdn.net*	| HTTP |	Windows Update related traffic
-|*windowsupdate.com*	| HTTP |	Windows Update related traffic
-|*wns.windows.com*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
-|*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
+|\*.aria.microsoft.com\*	| HTTPS |	Office Telemetry
+|\*.dl.delivery.mp.microsoft.com\*	| HTTP |	Enables connections to Windows Update.
+|\*.download.windowsupdate.com\*	| HTTP |	Used to download operating system patches and updates.
+|\*.g.akamai.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use.
+|\*.msn.com\*	|TLSv1.2/HTTPS |	Windows Spotlight related traffic
+|\*.Skype.com	| HTTP/HTTPS |	Skype related traffic
+|\*.smartscreen.microsoft.com\*	| HTTPS |	Windows Defender Smartscreen related traffic
+|\*.telecommand.telemetry.microsoft.com\*	| HTTPS |	Used by Windows Error Reporting.
+|\*cdn.onenote.net*	| HTTP |	OneNote related traffic
+|\*displaycatalog.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
+|\*emdl.ws.microsoft.com\*	| HTTP |	Windows Update related traffic
+|\*geo-prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
+|\*hwcdn.net*	| HTTP |	Used by the Highwinds Content Delivery Network to perform Windows updates.
+|\*img-prod-cms-rt-microsoft-com.akamaized.net*	| HTTPS |	Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
+|\*maps.windows.com\*	| HTTPS |	Related to Maps application.
+|\*msedge.net*	| HTTPS |	Used by OfficeHub to get the metadata of Office apps.
+|\*nexusrules.officeapps.live.com\*	| HTTPS |	Office Telemetry
+|\*photos.microsoft.com\*	| HTTPS |	Photos App related traffic
+|\*prod.do.dsp.mp.microsoft.com\*	|TLSv1.2/HTTPS |	Used for Windows Update downloads of apps and OS updates.
+|\*wac.phicdn.net*	| HTTP |	Windows Update related traffic
+|\*windowsupdate.com\*	| HTTP |	Windows Update related traffic
+|\*wns.windows.com\*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
+|\*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
 |auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
 |evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
-|fe2.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
-|fe3.*.mp.microsoft.com.* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
+|fe2.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
+|fe3.\*.mp.microsoft.com.\* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
 |fs.microsoft.com	| |	Font Streaming (in ENT traffic)
-|g.live.com*	| HTTPS |	Used by OneDrive
+|g.live.com\*	| HTTPS |	Used by OneDrive
 |iriscoremetadataprod.blob.core.windows.net	| HTTPS |	Windows Telemetry
-|mscrl.micorosoft.com	| |	Certificate Revocation List related traffic.
-|ocsp.digicert.com*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
+|mscrl.microsoft.com	| |	Certificate Revocation List related traffic.
+|ocsp.digicert.com\*	| HTTP |	CRL and OCSP checks to the issuing certificate authorities.
 |officeclient.microsoft.com	| HTTPS |	Office related traffic.
 |oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates.
-|purchase.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|query.prod.cms.rt.microsoft.com*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
-|ris.api.iris.microsoft.com*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
+|purchase.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
+|query.prod.cms.rt.microsoft.com\*	| HTTPS |	Used to retrieve Windows Spotlight metadata.
+|ris.api.iris.microsoft.com\*	|TLSv1.2/HTTPS |	Used to retrieve Windows Spotlight metadata.
 |ris-prod-atm.trafficmanager.net	| HTTPS |	Azure traffic manager
-|settings.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|settings-win.data.microsoft.com*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
-|sls.update.microsoft.com*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
-|store*.dsx.mp.microsoft.com*	| HTTPS |	Used to communicate with Microsoft Store.
-|storecatalogrevocation.storequality.microsoft.com*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
-|store-images.s-microsoft.com*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
-|tile-service.weather.microsoft.com*	| HTTP |	Used to download updates to the Weather app Live Tile.
-|tsfe.trafficshaping.dsp.mp.microsoft.com*	|TLSv1.2 |	Used for content regulation.
+|settings.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
+|settings-win.data.microsoft.com\*	| HTTPS |	Used for Windows apps to dynamically update their configuration.
+|sls.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update.
+|store*.dsx.mp.microsoft.com\*	| HTTPS |	Used to communicate with Microsoft Store.
+|storecatalogrevocation.storequality.microsoft.com\*	| HTTPS |	Used to revoke licenses for malicious apps on the Microsoft Store.
+|store-images.s-microsoft.com\*	| HTTP |	Used to get images that are used for Microsoft Store suggestions.
+|tile-service.weather.microsoft.com\*	| HTTP |	Used to download updates to the Weather app Live Tile.
+|tsfe.trafficshaping.dsp.mp.microsoft.com\*	|TLSv1.2 |	Used for content regulation.
 |v10.events.data.microsoft.com	| HTTPS |	Diagnostic Data
 |wdcp.microsoft.*	|TLSv1.2 |	Used for Windows Defender when Cloud-based Protection is enabled.
 |wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com	| HTTPS |	Windows Defender related traffic.
@@ -111,7 +111,7 @@ We used the following methodology to derive these network endpoints:
 | ipv4.login.msa.akadns6.net	| HTTPS |	Used for Microsoft accounts to sign in. |
 | location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | ris.api.iris.microsoft.com.akadns.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | tile-service.weather.microsoft.com/* | HTTP |	Used to download updates to the Weather app Live Tile. |
 | tsfe.trafficshaping.dsp.mp.microsoft.com	| HTTPS |	Used for content regulation. |
@@ -127,10 +127,10 @@ We used the following methodology to derive these network endpoints:
 | *.g.akamaiedge.net	| HTTPS |	Used to check for updates to maps that have been downloaded for offline use. |
 | *.s-msedge.net	| HTTPS |	Used by OfficeHub to get the metadata of Office apps. |
 | *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
-| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
-| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
+| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
 | *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
-| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
+| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
 | client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
@@ -151,7 +151,7 @@ We used the following methodology to derive these network endpoints:
 | maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
 | ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
-| ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
+| ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
 | sls.update.microsoft.com/*	| HTTPS |	Enables connections to Windows Update. |

From 1159f22a0d8aba1cbb33044e1706728627b9a5b9 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 19 Apr 2019 22:08:32 +0500
Subject: [PATCH 7/8] Spelling update

There was hypen in semicolon which has been removed.
---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index de1463fa2b..3d8006f882 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -401,7 +401,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
 
 <a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**  
-Required for plug-in profiles. semi-colon separated list of servers in URL, hostname, or IP format.
+Required for plug-in profiles. semicolon separated list of servers in URL, hostname, or IP format.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 

From 4069f16ca288464e663b67b7cb81d2830482bbd6 Mon Sep 17 00:00:00 2001
From: Liza Poggemeyer <elizapo@microsoft.com>
Date: Fri, 19 Apr 2019 16:32:32 -0700
Subject: [PATCH 8/8] Corrected casing and punctuation

---
 windows/client-management/mdm/vpnv2-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 3d8006f882..2d985ec8b6 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -401,7 +401,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
 
 <a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**  
-Required for plug-in profiles. semicolon separated list of servers in URL, hostname, or IP format.
+Required for plug-in profiles. Semicolon-separated list of servers in URL, hostname, or IP format.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.