From cb04295981d407c3871a7c0bc621fd85a5e50a93 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:03:39 +0530 Subject: [PATCH 01/85] New_4490409 Created new topic "Schedule scans with Microsoft Defender ATP for Linux" --- images/linux-mdatp.png | Bin 0 -> 5634 bytes .../linux-schedule-scan-atp.md | 247 ++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 images/linux-mdatp.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md diff --git a/images/linux-mdatp.png b/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur [!NOTE] +> To get a list of all the time zones, run the following command: +> timedatectl list-timezones + +> Examples for timezones: +> America/Los_Angeles +> America/New_York +> America/Chicago +> America/Denver + +## To set the Cron job + +**To backup crontab entries:** + +sudo crontab -l > /var/tmp/cron_backup_200919.dat + +> [!NOTE] +> Where 200919 == YRMMDD + +> TIP: +> Do this before you edit or remove. +> To edit the crontab and add a new job as a root user: +> sudo crontab -e + +> [!NOTE] +> The default editor is VIM + +You might see: + +0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh + +Press “Insert” + +Add the following entries: + +CRON_TZ=America/Los_Angeles + +0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log + +> [!NOTE] +> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) + +Press “Esc” + +Type “:wq” w/o the double quotes. + +> [!NOTE] +> w == write, q == quit + +To view your cron jobs, type sudo crontab -l + +:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: + +**How to inspect cron job runs:** + +sudo grep mdatp /var/log/cron + +**How to inspect the mdatp_cron_job.log** +sudo nano mdatp_cron_job.log + +## For those of you that are using Ansible, Chef, or Puppet] +### How to set cron jobs in Ansible: + +cron – Manage cron.d and crontab entries + +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) + +### How to set crontabs in Chef: +cron resource + +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) + +### How to set cron jobs in Puppet: +Resource Type: cron + +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) + +Automating with Puppet: Cron jobs and scheduled tasks + +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) + +## Additional information: + +**To get help with crontab** +man crontab + +**To get a list of crontab file of the current user:** + +crontab -l + +**To get a list of crontab file of another user:** + +crontab -u username -l + +**To backup crontab entries:** + +crontab -l > /var/tmp/cron_backup.dat +> [!TIP] +> Do this before you edit or remove. + +**To restore crontab entries:** + +crontab /var/tmp/cron_backup.dat + +**To edit the crontab and add a new job as a root user:** + +Sudo crontab -e + +**To edit the crontab and add a new job:** + +crontab -e + +**To edit other user’s crontab entries:** + +crontab -u username -e + +**To remove all crontab entries:** + +crontab -r + +**To remove other user’s crontab entries:** + +crontab -u username -r + +**Explanation**: + ++—————- minute (values: 0 – 59) (special characters: , – * /) + +| +————- hour (values: 0 – 23) (special characters: , – * /) + +| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) + +| | | +——- month (values: 1 – 12) (special characters: ,- * / ) +| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) +| | | | | +* * * * * command to be executed + + + + + + + + + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + + +While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. + +## Schedule a scan with *launchd* + +You can create a scanning schedule using the *launchd* daemon on a macOS device. + +1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. + + For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. + + ```XML + + + + + Label + com.microsoft.wdav.schedquickscan + ProgramArguments + + sh + -c + /usr/local/bin/mdatp --scan --quick + + RunAtLoad + + StartCalendarInterval + + Day + 3 + Hour + 2 + Minute + 0 + Weekday + 5 + + StartInterval + 604800 + WorkingDirectory + /usr/local/bin/ + + + ``` + +2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. + + > [!TIP] + > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. + +3. Open **Terminal**. +4. Enter the following commands to load your file: + + ```bash + launchctl load /Library/LaunchDaemons/ + launchctl start + ``` + +5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. + + Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. + + > [!IMPORTANT] + > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. + > + > If the device is turned off, the scan will run at the next scheduled scan time. + +## Schedule a scan with Intune + +You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. + +See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From da50b63b45e3cfe776aa45fccfe215ca77d1c256 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 14:22:47 +0530 Subject: [PATCH 02/85] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 109 +++--------------- 1 file changed, 15 insertions(+), 94 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 8515254bac..0d706608ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,14 +26,16 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -> timedatectl list-timezones + +To get a list of all the time zones, run the following command: + +timedatectl list-timezones > Examples for timezones: -> America/Los_Angeles -> America/New_York -> America/Chicago -> America/Denver +America/Los_Angeles +America/New_York +America/Chicago +America/Denver ## To set the Cron job @@ -42,12 +44,13 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to sudo crontab -l > /var/tmp/cron_backup_200919.dat > [!NOTE] -> Where 200919 == YRMMDD + +Where 200919 == YRMMDD > TIP: -> Do this before you edit or remove. -> To edit the crontab and add a new job as a root user: -> sudo crontab -e +Do this before you edit or remove. +To edit the crontab and add a new job as a root user: +sudo crontab -e > [!NOTE] > The default editor is VIM @@ -65,14 +68,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) Press “Esc” Type “:wq” w/o the double quotes. > [!NOTE] -> w == write, q == quit + w == write, q == quit To view your cron jobs, type sudo crontab -l @@ -163,85 +166,3 @@ crontab -u username -r * * * * * command to be executed - - - - - - - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. - -## Schedule a scan with *launchd* - -You can create a scanning schedule using the *launchd* daemon on a macOS device. - -1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file. - - For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website. - - ```XML - - - - - Label - com.microsoft.wdav.schedquickscan - ProgramArguments - - sh - -c - /usr/local/bin/mdatp --scan --quick - - RunAtLoad - - StartCalendarInterval - - Day - 3 - Hour - 2 - Minute - 0 - Weekday - 5 - - StartInterval - 604800 - WorkingDirectory - /usr/local/bin/ - - - ``` - -2. Save the file as *com.microsoft.wdav.schedquickscan.plist*. - - > [!TIP] - > To run a full scan instead of a quick scan, change line 12, `/usr/local/bin/mdatp --scan --quick`, to use the `--full` option instead of `--quick` (i.e. `/usr/local/bin/mdatp --scan --full`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*. - -3. Open **Terminal**. -4. Enter the following commands to load your file: - - ```bash - launchctl load /Library/LaunchDaemons/ - launchctl start - ``` - -5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. - - Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday. - - > [!IMPORTANT] - > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode. - > - > If the device is turned off, the scan will run at the next scheduled scan time. - -## Schedule a scan with Intune - -You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. - -See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise. From 32e1b1490b117de100bbed41d6478cb7e035c398 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 12 Oct 2020 15:12:25 +0530 Subject: [PATCH 03/85] Update linux-schedule-scan-atp.md minor corrections during self review --- .../linux-schedule-scan-atp.md | 62 +++++++++---------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 0d706608ba..aee27d7e1f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,33 +27,31 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to > [!NOTE] -To get a list of all the time zones, run the following command: - -timedatectl list-timezones +> To get a list of all the time zones, run the following command: +`timedatectl list-timezones` > Examples for timezones: -America/Los_Angeles -America/New_York -America/Chicago -America/Denver +> - `America/Los_Angeles` +> - `America/New_York` +>- `America/Chicago` +>- `America/Denver` ## To set the Cron job **To backup crontab entries:** -sudo crontab -l > /var/tmp/cron_backup_200919.dat +`sudo crontab -l > /var/tmp/cron_backup_200919.dat` > [!NOTE] - -Where 200919 == YRMMDD +> Where 200919 == YRMMDD > TIP: Do this before you edit or remove. -To edit the crontab and add a new job as a root user: -sudo crontab -e +To edit the crontab, and add a new job as a root user: +`sudo crontab -e` > [!NOTE] -> The default editor is VIM +> The default editor is VIM. You might see: @@ -72,7 +70,7 @@ In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format Press “Esc” -Type “:wq” w/o the double quotes. +Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit @@ -83,22 +81,22 @@ To view your cron jobs, type sudo crontab -l **How to inspect cron job runs:** -sudo grep mdatp /var/log/cron +`sudo grep mdatp /var/log/cron` **How to inspect the mdatp_cron_job.log** -sudo nano mdatp_cron_job.log +`sudo nano mdatp_cron_job.log` -## For those of you that are using Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet] ### How to set cron jobs in Ansible: -cron – Manage cron.d and crontab entries +`cron – Manage cron.d and crontab entries` -See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) +See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. ### How to set crontabs in Chef: -cron resource +`cron resource` -See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) +See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. ### How to set cron jobs in Puppet: Resource Type: cron @@ -107,50 +105,50 @@ See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs Automating with Puppet: Cron jobs and scheduled tasks -See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) +See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. ## Additional information: **To get help with crontab** -man crontab +`man crontab` **To get a list of crontab file of the current user:** -crontab -l +`crontab -l` **To get a list of crontab file of another user:** -crontab -u username -l +`crontab -u username -l` **To backup crontab entries:** -crontab -l > /var/tmp/cron_backup.dat +`crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove. **To restore crontab entries:** -crontab /var/tmp/cron_backup.dat +`crontab /var/tmp/cron_backup.dat` **To edit the crontab and add a new job as a root user:** -Sudo crontab -e +`Sudo crontab -e` **To edit the crontab and add a new job:** -crontab -e +`crontab -e` **To edit other user’s crontab entries:** -crontab -u username -e +`crontab -u username -e` **To remove all crontab entries:** -crontab -r +`crontab -r` **To remove other user’s crontab entries:** -crontab -u username -r +`crontab -u username -r` **Explanation**: From 970adb587ffd9881b9a735f74d6b7e9bdbe370ab Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 15:27:59 +0530 Subject: [PATCH 04/85] Add files via upload Added new file --- .../threat-protection/images/linux-mdatp.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 17:25:02 +0530 Subject: [PATCH 05/85] Linux_MDATP_4490409 Minor edits --- .../threat-protection/images}/linux-mdatp.png | Bin .../linux-schedule-scan-atp.md | 34 ++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) rename {images => windows/security/threat-protection/images}/linux-mdatp.png (100%) diff --git a/images/linux-mdatp.png b/windows/security/threat-protection/images/linux-mdatp.png similarity index 100% rename from images/linux-mdatp.png rename to windows/security/threat-protection/images/linux-mdatp.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index aee27d7e1f..347e58511a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -19,16 +19,16 @@ ms.topic: conceptual # Schedule scans with Microsoft Defender ATP for Linux -For the command line to be able to run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite > [!NOTE] -> To get a list of all the time zones, run the following command: -`timedatectl list-timezones` +> To get a list of all the time zones, run the following command: +> `timedatectl list-timezones` > Examples for timezones: > - `America/Los_Angeles` @@ -37,6 +37,7 @@ Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to >- `America/Denver` ## To set the Cron job +Use the following commands: **To backup crontab entries:** @@ -66,7 +67,7 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8) +In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” @@ -75,33 +76,36 @@ Type “:wq” without the double quotes. > [!NOTE] w == write, q == quit -To view your cron jobs, type sudo crontab -l +To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: -**How to inspect cron job runs:** +**To inspect cron job runs:** `sudo grep mdatp /var/log/cron` -**How to inspect the mdatp_cron_job.log** +**To inspect the mdatp_cron_job.log** + `sudo nano mdatp_cron_job.log` ## For those who use Ansible, Chef, or Puppet] -### How to set cron jobs in Ansible: + +Use the following commands: +### To set cron jobs in Ansible: `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### How to set crontabs in Chef: +### To set crontabs in Chef: `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### How to set cron jobs in Puppet: +### To set cron jobs in Puppet: Resource Type: cron -See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) +See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. Automating with Puppet: Cron jobs and scheduled tasks @@ -110,6 +114,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h ## Additional information: **To get help with crontab** + `man crontab` **To get a list of crontab file of the current user:** @@ -161,6 +166,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h | | | +——- month (values: 1 – 12) (special characters: ,- * / ) | | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) | | | | | -* * * * * command to be executed + +*****command to be executed From a86c74982cd7697a858c64c1c468dfc8f1e9a854 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Mon, 12 Oct 2020 17:56:30 +0530 Subject: [PATCH 06/85] linux-mdatp-1.png New file --- .../threat-protection/images/linux-mdatp-1.png | Bin 0 -> 5634 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/images/linux-mdatp-1.png diff --git a/windows/security/threat-protection/images/linux-mdatp-1.png b/windows/security/threat-protection/images/linux-mdatp-1.png new file mode 100644 index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f GIT binary patch literal 5634 zcmV+d7X9goP)4_KtMo6D;h>!XGcdzOG`^k zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZfCf> zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar! z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE z+1uOO-QC?QUjxqgHpeUs%xPU|Dwm@VT8WkMH z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2 z&(%koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8 z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD&u61a97nfbG zl5I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj zPB8AhbnBT1Ge=N5`1F@6m6bidOUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd> zD!0Dy;8DC`Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx= zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`IevT|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG zLcFcP<@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{zU>U zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}~P2m*I4bebm@3`WyIYO ztxa+yC~XUdK-%%oGB?j_4rn`_pY zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sLWqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x% z3RystxGiCh4_I5q^K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8 zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg6h64^N(g_pghL|DQ7Ki=G2%ilGA^f z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7< z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m&I$AwDB_^2X7~qL8LV^CyGFt>`LhNP2Q`RvXa z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF== ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu zamP^7!KYBBw}qsm$m$rhrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}5ww^CqKF@ zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY; z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp zKuib6Xz+Z@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ ze*UA^PPmsU(uO8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2 z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t# z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`Li^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD zY3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4 z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8 zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9 zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK zM>SY}LnwtfgM`5ioKweqn ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}?<{`sm)U!oPHllcKo_Lvs0EEd%4EcvgJ2_I ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst- z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur Date: Mon, 12 Oct 2020 20:54:38 +0530 Subject: [PATCH 07/85] 4490409 minor image tag changes --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 347e58511a..6862347fd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -78,7 +78,7 @@ Type “:wq” without the double quotes. To view your cron jobs, type `sudo crontab -l` -:::image type="content" source="..\images\linux-mdatp.png" alt-text="linux mdatp"::: +:::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: **To inspect cron job runs:** From 2c781644824327ee8ca4f743cda8455830c6a314 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 19:55:32 +0530 Subject: [PATCH 08/85] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 6862347fd7..4881a157db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -88,7 +88,7 @@ To view your cron jobs, type `sudo crontab -l` `sudo nano mdatp_cron_job.log` -## For those who use Ansible, Chef, or Puppet] +## For those who use Ansible, Chef, or Puppet Use the following commands: ### To set cron jobs in Ansible: From cd76be762770237fe42059bdd96cd438e5eac045 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 20:57:59 +0530 Subject: [PATCH 09/85] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..491a44df0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From ac4ce3a6408ffcf5ac0c6d172c226ad27f2d887f Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 13 Oct 2020 21:00:28 +0530 Subject: [PATCH 10/85] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 4881a157db..09fcee81f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -26,10 +26,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## Pre-requisite > [!NOTE] - > To get a list of all the time zones, run the following command: > `timedatectl list-timezones` - > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` @@ -67,14 +65,14 @@ CRON_TZ=America/Los_Angeles 0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log > [!NOTE] -In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). +>In this example, we have set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8). Press “Esc” Type “:wq” without the double quotes. > [!NOTE] - w == write, q == quit +> w == write, q == quit To view your cron jobs, type `sudo crontab -l` From 47429eb530bedc9d4ecc942939d5ca9246d6c445 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Tue, 13 Oct 2020 21:46:01 +0530 Subject: [PATCH 11/85] Update linux-schedule-scan-atp.md --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 737bba28fe..2daf8f2576 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux (and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From b5c866a3520e0cb37d2df908b76b535a659ca054 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:32:58 +0530 Subject: [PATCH 12/85] Update linux-schedule-scan-atp.md Updated per comments from Yong Rhee --- .../linux-schedule-scan-atp.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 2daf8f2576..b04e20d3a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -155,16 +155,11 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **Explanation**: -+—————- minute (values: 0 – 59) (special characters: , – * /) - -| +————- hour (values: 0 – 23) (special characters: , – * /) - -| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C) - -| | | +——- month (values: 1 – 12) (special characters: ,- * / ) -| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) -| | | | | - -*****command to be executed ++—————- minute (values: 0 – 59) (special characters: , – * /)
+| +————- hour (values: 0 – 23) (special characters: , – * /)
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C)
+| | | | |*****command to be executed From 104c43ff75a1f4af29a932f8e2b49618176c5ca9 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:42:18 +0530 Subject: [PATCH 13/85] update-toc-per-4490409 Updated the new topic link in the TOC - "Schedule scans with Microsoft Defender ATP for Linux" --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f69cdfadb5..7325a5cf3e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -284,6 +284,7 @@ ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ##### [Set preferences](microsoft-defender-atp/linux-preferences.md) ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md) +##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md) #### [Troubleshoot]() ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md) From 4eebe0f6f82af97bfc6e9a94c9184cbaa34e3d0a Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Thu, 15 Oct 2020 14:54:54 +0530 Subject: [PATCH 14/85] Update linux-schedule-scan-atp.md minor edit --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index b04e20d3a6..22187f7d02 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -21,7 +21,7 @@ ms.topic: conceptual To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). -Linux(and Unix) have a tool called **crontab**(similar to Task Scheduler) to be able to run scheduled tasks. +Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. ## Pre-requisite From 272b272988926a83aac025515b09846e6b1e452e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 15 Oct 2020 11:08:06 -0700 Subject: [PATCH 15/85] Update linux-schedule-scan-atp.md using correct brand names from MDATP to Microsoft Defender for Endpoint (Linux) --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 22187f7d02..d5c088430a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -1,7 +1,7 @@ --- -title: How to schedule scans with MDATP for Linux -description: Learn how to schedule an automatic scanning time for Microsoft Defender ATP in Linux to better protect your organization's assets. -keywords: microsoft, defender, atp, linux, scans, antivirus +title: How to schedule scans with Microsoft Defender for Endpoint (Linux) +description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. +keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux) search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -17,9 +17,9 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Schedule scans with Microsoft Defender ATP for Linux +# Schedule scans with Microsoft Defender for Endpoint (Linux) -To run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). +To run a scan for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands). Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks. From 59eb12e1ebca06511ad3e3ff02e09363171e3921 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 22:49:48 +0530 Subject: [PATCH 16/85] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index d5c088430a..ff23ec7922 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -31,8 +31,8 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` ->- `America/Chicago` ->- `America/Denver` +> - `America/Chicago` +> - `America/Denver` ## To set the Cron job Use the following commands: @@ -44,9 +44,10 @@ Use the following commands: > [!NOTE] > Where 200919 == YRMMDD -> TIP: -Do this before you edit or remove. -To edit the crontab, and add a new job as a root user: +> [!TIP] +> Do this before you edit or remove.
+ +To edit the crontab, and add a new job as a root user:
`sudo crontab -e` > [!NOTE] @@ -109,7 +110,7 @@ Automating with Puppet: Cron jobs and scheduled tasks See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information. -## Additional information: +## Additional information **To get help with crontab** @@ -126,8 +127,9 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **To backup crontab entries:** `crontab -l > /var/tmp/cron_backup.dat` + > [!TIP] -> Do this before you edit or remove. +> Do this before you edit or remove.
**To restore crontab entries:** From c2b1ce54a71a141ca0ab9b953dce06198784fbed Mon Sep 17 00:00:00 2001 From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com> Date: Fri, 16 Oct 2020 23:08:33 +0530 Subject: [PATCH 17/85] Update linux-schedule-scan-atp.md --- .../linux-schedule-scan-atp.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index ff23ec7922..18d93d4b7d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -37,7 +37,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b ## To set the Cron job Use the following commands: -**To backup crontab entries:** +**To backup crontab entries** `sudo crontab -l > /var/tmp/cron_backup_200919.dat` @@ -79,7 +79,7 @@ To view your cron jobs, type `sudo crontab -l` :::image type="content" source="..\images\linux-mdatp-1.png" alt-text="linux mdatp"::: -**To inspect cron job runs:** +**To inspect cron job runs** `sudo grep mdatp /var/log/cron` @@ -90,18 +90,18 @@ To view your cron jobs, type `sudo crontab -l` ## For those who use Ansible, Chef, or Puppet Use the following commands: -### To set cron jobs in Ansible: +### To set cron jobs in Ansible `cron – Manage cron.d and crontab entries` See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information. -### To set crontabs in Chef: +### To set crontabs in Chef `cron resource` See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information. -### To set cron jobs in Puppet: +### To set cron jobs in Puppet Resource Type: cron See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information. @@ -116,46 +116,46 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h `man crontab` -**To get a list of crontab file of the current user:** +**To get a list of crontab file of the current user** `crontab -l` -**To get a list of crontab file of another user:** +**To get a list of crontab file of another user** `crontab -u username -l` -**To backup crontab entries:** +**To backup crontab entries** `crontab -l > /var/tmp/cron_backup.dat` > [!TIP] > Do this before you edit or remove.
-**To restore crontab entries:** +**To restore crontab entries** `crontab /var/tmp/cron_backup.dat` -**To edit the crontab and add a new job as a root user:** +**To edit the crontab and add a new job as a root user** `Sudo crontab -e` -**To edit the crontab and add a new job:** +**To edit the crontab and add a new job** `crontab -e` -**To edit other user’s crontab entries:** +**To edit other user’s crontab entries** `crontab -u username -e` -**To remove all crontab entries:** +**To remove all crontab entries** `crontab -r` -**To remove other user’s crontab entries:** +**To remove other user’s crontab entries** `crontab -u username -r` -**Explanation**: +**Explanation** +—————- minute (values: 0 – 59) (special characters: , – * /)
| +————- hour (values: 0 – 23) (special characters: , – * /)
From aae02c543a8b17fb9fb47edf4989936f2b929499 Mon Sep 17 00:00:00 2001 From: Thomas Garrity <31856350+poortom1004@users.noreply.github.com> Date: Mon, 19 Oct 2020 10:59:00 -0500 Subject: [PATCH 18/85] Update active-directory-security-groups.md --- .../access-control/active-directory-security-groups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 61198672fc..5e7db538d0 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3368,9 +3368,9 @@ This security group has not changed since Windows Server 2008. ### Server Operators -Members in the Server Operators group can administer domain servers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. +Members in the Server Operators group can administer domain controllers. This group exists only on domain controllers. By default, the group has no members. Members of the Server Operators group can sign in to a server interactively, create and delete network shared resources, start and stop services, back up and restore files, format the hard disk drive of the computer, and shut down the computer. This group cannot be renamed, deleted, or moved. -By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups, Administrators and Domain Admins, in the domain, and the Enterprise Admins group. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. +By default, this built-in group has no members, and it has access to server configuration options on domain controllers. Its membership is controlled by the service administrator groups Administrators and Domain Admins in the domain, and the Enterprise Admins group in the forest root domain. Members in this group cannot change any administrative group memberships. This is considered a service administrator account because its members have physical access to domain controllers, they can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. Note the default user rights in the following table. The Server Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). From b7f5d38e67c4fce459f4c94795fe7491df8cbf80 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 20 Oct 2020 23:38:41 +0530 Subject: [PATCH 19/85] Update linux-schedule-scan-atp.md minor correction in note --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 18d93d4b7d..3bd8a7cde1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -27,7 +27,7 @@ Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to b > [!NOTE] > To get a list of all the time zones, run the following command: -> `timedatectl list-timezones` +> `timedatectl list-timezones`
> Examples for timezones: > - `America/Los_Angeles` > - `America/New_York` From 3f52aca0f46c3c59738dc1183053f0b2f3dcbc1a Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 22 Oct 2020 21:33:58 +0500 Subject: [PATCH 20/85] Update hello-cert-trust-adfs.md --- .../hello-for-business/hello-cert-trust-adfs.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 4486823bc5..edd7419a58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -45,7 +45,8 @@ Prepare the Active Directory Federation Services deployment by installing and up > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch Powershell as Administrator. -> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier. +> 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": +```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. From 2e58aa16fc0869d7f63a8fff1082daa1388e4a1d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Oct 2020 21:21:12 +0500 Subject: [PATCH 21/85] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index edd7419a58..379208652b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -44,7 +44,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions". > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. -> 4. Launch Powershell as Administrator. +> 4. Launch PowerShell as an administrator. > 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": ```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. From dd8487ef9baf8469d3e493a424ffb2835ecb89b3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 24 Oct 2020 21:21:22 +0500 Subject: [PATCH 22/85] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 379208652b..1d233bb60e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -45,7 +45,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > 2. Right click "Scope Descriptions" and select "Add Scope Description". > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch PowerShell as an administrator. -> 5. Get the ObjectIdentifier of application permission with ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": +> 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": ```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. From 6a97dfb5454dda514bc3f8a6c03f57f3c055fbd9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 26 Oct 2020 07:28:55 +0500 Subject: [PATCH 23/85] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 1d233bb60e..14ba52e89e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -46,7 +46,9 @@ Prepare the Active Directory Federation Services deployment by installing and up > 3. Under name type "ugs" and Click Apply > OK. > 4. Launch PowerShell as an administrator. > 5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b": -```(Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier``` +> ```PowerShell +> (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier +> ``` > 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. From c3955bf1426e417b293c2d422c736e07235712b8 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 26 Oct 2020 07:29:21 +0500 Subject: [PATCH 24/85] Update windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 14ba52e89e..8e3e7d4f74 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -49,7 +49,7 @@ Prepare the Active Directory Federation Services deployment by installing and up > ```PowerShell > (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier > ``` -> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'. +> 6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier -AddScope 'ugs'`. > 7. Restart the ADFS service. > 8. On the client: Restart the client. User should be prompted to provision WHFB. > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot. From 928e222bf520c0d196b9ec112d268a7c64ff2a5d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 1 Nov 2020 09:25:10 +0500 Subject: [PATCH 25/85] Update linux-support-install.md --- .../microsoft-defender-atp/linux-support-install.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 15d0e69c78..2444acd2f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -97,7 +97,9 @@ Then rerun step 2. 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. -5. Ensure that the daemon has executable permission. +5. If ```/opt``` directory is a symbolic link, create a bind mount for ```/opt/microsoft```. + +6. Ensure that the daemon has executable permission. ```bash ls -l /opt/microsoft/mdatp/sbin/wdavdaemon ``` @@ -110,7 +112,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan ``` and retry running step 2. -6. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". +7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". ## If mdatp service is running, but EICAR text file detection doesn't work From 22ff0f75b8f8b1035e1f57bd5250038da0ce6826 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 3 Nov 2020 09:03:23 -0800 Subject: [PATCH 26/85] Update whats-new-in-microsoft-defender-atp.md --- .../whats-new-in-microsoft-defender-atp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 7e173b6a93..a24854407e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -67,6 +67,8 @@ For more information preview features, see [Preview features](https://docs.micro - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
Use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions. +- [Device health and compliance report](machine-reports.md)
The device health and compliance report provides high-level information about the devices in your organization. + ## October 2019 - [Indicators for IP addresses, URLs/Domains](manage-indicators.md)
You can now allow or block URLs/domains using your own threat intelligence. From 01d53bd1861df85fe97bd22a9ad4cdb31bf5f8da Mon Sep 17 00:00:00 2001 From: bb-froggy Date: Thu, 5 Nov 2020 10:23:17 +0100 Subject: [PATCH 27/85] OCSP as alternative to CDP --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index fa3b1d7a97..18959a0f1e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -67,7 +67,7 @@ Key trust deployments do not need client issued certificates for on-premises aut The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). -* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. +* The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL, or an Authority Information Access (AIA) extension that points to an Online Certificate Status Protocol (OCSP) responder. * The certificate Subject section should contain the directory path of the server object (the distinguished name). * The certificate Key Usage section must contain Digital Signature and Key Encipherment. * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. From 9b9e0c2568933b78376cec5bc5e86622cd93ba33 Mon Sep 17 00:00:00 2001 From: Alexey-Zheltov <71097129+Alexey-Zheltov@users.noreply.github.com> Date: Thu, 5 Nov 2020 21:45:35 +0400 Subject: [PATCH 28/85] Update hello-hybrid-cert-trust-devreg.md Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` command to enable Device Authentication will trigger certificate prompt on Azure AD Joined devices when they are connecting to ADFS. Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` not causing such issue. --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index e5ebf54b09..81afb0421e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -506,7 +506,7 @@ The following script helps you with the creation of the issuance transform rules #### Configure Device Authentication in AD FS Using an elevated PowerShell command window, configure AD FS policy by executing the following command -`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod All` +`PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` #### Check your configuration For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work From f11c8139d7340f866cf435bf471d6dc35133b96f Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Tue, 10 Nov 2020 09:24:57 +0100 Subject: [PATCH 29/85] Update vpn-conditional-access.md Updating the note describing prerequisites for using SSO with information relevant for AAD only joined devices. --- .../identity-protection/vpn/vpn-conditional-access.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index fc09e68a62..002d10e812 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -77,7 +77,9 @@ Two client-side configuration service providers are leveraged for VPN device com - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification > [!NOTE] -> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. +> +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow From 99dca4838c0fda5a1d603ba6124aae6a88b068d1 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Tue, 10 Nov 2020 15:03:00 +0100 Subject: [PATCH 30/85] Update vpn-profile-options.md Adding additional information for the scope / limitation of the VPN proxy settings configuration --- .../security/identity-protection/vpn/vpn-profile-options.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 29b5df1daf..ccb29a9823 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -34,7 +34,6 @@ The following table lists the VPN settings and whether the setting can be config | Routing: forced-tunnel | yes | | Authentication (EAP) | yes, if connection type is built-in | | Conditional access | yes | -| Proxy settings | yes, by PAC/WPAD file or server and port | | Name resolution: NRPT | yes | | Name resolution: DNS suffix | no | | Name resolution: persistent | no | @@ -45,6 +44,9 @@ The following table lists the VPN settings and whether the setting can be config | LockDown | no | | Windows Information Protection (WIP) | yes | | Traffic filters | yes | +| Proxy settings | yes, by PAC/WPAD file or server and port | +>[!NOTE] +>VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. From 074bc73f723625fc63563ed01df40586cef1d216 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 11 Nov 2020 11:37:35 +0100 Subject: [PATCH 31/85] Update windows/security/identity-protection/vpn/vpn-profile-options.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/identity-protection/vpn/vpn-profile-options.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index ccb29a9823..4c4e67842d 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -45,8 +45,9 @@ The following table lists the VPN settings and whether the setting can be config | Windows Information Protection (WIP) | yes | | Traffic filters | yes | | Proxy settings | yes, by PAC/WPAD file or server and port | ->[!NOTE] ->VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. + +> [!NOTE] +> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. From ea38b9d7d7c0644c7d50a5b031f9fdd2a195981a Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Wed, 11 Nov 2020 11:41:25 +0100 Subject: [PATCH 32/85] Update vpn-conditional-access.md --- .../security/identity-protection/vpn/vpn-conditional-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 002d10e812..fa1a76285a 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com > [!NOTE] > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. > -> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has in Subject and SAN (Subject Alternative Name) the user UPN from AzureAD, the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name) , the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow From 95398839f6374291a1f3fb9a746d24512c62eb7e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 12 Nov 2020 16:31:16 +0500 Subject: [PATCH 33/85] Update windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-support-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 2444acd2f4..eaa9224b1c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -97,7 +97,7 @@ Then rerun step 2. 4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. -5. If ```/opt``` directory is a symbolic link, create a bind mount for ```/opt/microsoft```. +5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`. 6. Ensure that the daemon has executable permission. ```bash From 02c827d6519422a73e2deff16618d5425aeaac76 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 13 Nov 2020 08:41:35 +0100 Subject: [PATCH 34/85] Update windows/security/identity-protection/vpn/vpn-conditional-access.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security/identity-protection/vpn/vpn-conditional-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index fa1a76285a..7368d59e07 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com > [!NOTE] > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. > -> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name) , the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero). +> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name), the VPN profile must be modified to ensure that the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing the entry **UseRasCredentials** from 1 (default) to 0 (zero). ## Client connection flow From 776ea6eefc2364f08d6d3c2cc8f325e0914b032e Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 13 Nov 2020 08:45:06 +0100 Subject: [PATCH 35/85] Update windows/security/identity-protection/vpn/vpn-conditional-access.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../security/identity-protection/vpn/vpn-conditional-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 7368d59e07..9aee353de2 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -74,7 +74,7 @@ Two client-side configuration service providers are leveraged for VPN device com - Collects TPM data used to verify health states - Forwards the data to the Health Attestation Service (HAS) - Provisions the Health Attestation Certificate received from the HAS - - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification + - Upon request, forward the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification > [!NOTE] > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. From 3daba7dd0096a341b433d3e002bd78ff5a259ede Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 13 Nov 2020 08:57:59 +0100 Subject: [PATCH 36/85] Update windows/security/identity-protection/vpn/vpn-profile-options.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/security/identity-protection/vpn/vpn-profile-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index 4c4e67842d..077c2d4c8f 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -47,7 +47,7 @@ The following table lists the VPN settings and whether the setting can be config | Proxy settings | yes, by PAC/WPAD file or server and port | > [!NOTE] -> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections the general proxy settings are used. +> VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections, the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This is particularly useful for deploying profiles with features that are not yet supported by MDMs. You can get additional examples in the [ProfileXML XSD](https://msdn.microsoft.com/library/windows/hardware/mt755930.aspx) topic. From 8e927d1b64c04bd1e46efd67f158ba9669fca1e4 Mon Sep 17 00:00:00 2001 From: Max Stein Date: Fri, 13 Nov 2020 17:43:08 -0800 Subject: [PATCH 37/85] Updating Intune screenshots Uploaded new VPN policy settings that are available today within the Microsoft Endpoint Manager admin center: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8637. --- .../security/identity-protection/vpn/vpn-connection-type.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 92c4d2b8c5..d825487b05 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, networking author: dulcemontemayor ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/13/2020 ms.reviewer: manager: dansimp ms.author: dansimp @@ -61,11 +61,11 @@ There are a number of Universal Windows Platform VPN applications, such as Pulse See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration. -The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune. +The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune: ![Available connection types](images/vpn-connection-intune.png) -In Intune, you can also include custom XML for third-party plug-in profiles. +In Intune, you can also include custom XML for third-party plug-in profiles: ![Custom XML](images/vpn-custom-xml-intune.png) From d6f042859bbb09b65dce51f76867c4477970c4d6 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 15 Nov 2020 14:16:41 +0530 Subject: [PATCH 38/85] removed invalid link and added correct link as per user report #8634 , so i removed invalid link and added the correct link. --- windows/client-management/troubleshoot-windows-freeze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index b50e43abae..50e3f04514 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag. -Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](https://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). +Learn [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). ### Use memory dump to collect data for the virtual machine that's running in a frozen state From 136d6de96b8401f511fb4c585d3b087cb8ff926b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 16 Nov 2020 21:12:46 +0530 Subject: [PATCH 39/85] Update windows/client-management/troubleshoot-windows-freeze.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/troubleshoot-windows-freeze.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index 50e3f04514..ee292cb2a6 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag. -Learn [How to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). +Learn [how to use Memory Pool Monitor to troubleshoot kernel mode memory leaks](https://support.microsoft.com/office/how-to-use-memory-pool-monitor-poolmon-exe-to-troubleshoot-kernel-mode-memory-leaks-4f4a05c2-ef8a-fca4-3ae0-670b940af398). ### Use memory dump to collect data for the virtual machine that's running in a frozen state From 044dd98a2779c6eb6fc0d8329cc6ff4267f62502 Mon Sep 17 00:00:00 2001 From: Rafal Sosnowski <51166236+rafals2@users.noreply.github.com> Date: Mon, 16 Nov 2020 09:54:28 -0800 Subject: [PATCH 40/85] Update bitlocker-overview.md added requirement for non-active partition --- .../information-protection/bitlocker/bitlocker-overview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 2b79e081bc..fe5a483d05 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -74,6 +74,8 @@ The hard disk must be partitioned with at least two drives: - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space. +Fixed data volume or removable data volume cannot be marked as an active. + When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker. When installing the BitLocker optional component on a server you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives. From c55202ed4def017c632d1e74b7494e60637d847e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 16 Nov 2020 12:54:49 -0800 Subject: [PATCH 41/85] fix redirect --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2842e1a326..2f50152758 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15658,7 +15658,7 @@ { "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md", From 1e28417ea7a49671c0cf1d6ed1cca69a0c4f91e6 Mon Sep 17 00:00:00 2001 From: Max Stein Date: Mon, 16 Nov 2020 14:28:11 -0800 Subject: [PATCH 42/85] Updating Intune images --- .../vpn/images/vpn-connection-intune.png | Bin 11428 -> 56241 bytes .../vpn/images/vpn-custom-xml-intune.png | Bin 2460 -> 11868 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/identity-protection/vpn/images/vpn-connection-intune.png b/windows/security/identity-protection/vpn/images/vpn-connection-intune.png index bf551eabb764e9f20275876a994e544316a9505c..8098b3445e40129245a4d95cb11707d7c4027925 100644 GIT binary patch literal 56241 zcmcG#byQnj_byt6LQ7~%@c^ZGDQ>|lxE6QP7I&ATZ7HO3UQ$NT8lSk@96cDHT;U{}Al+pTi+ zZ{3;_lN5QQ?5w+mJWa+QY1j=;M$OMA3nlNm3)t=oCcC2l@Dktq^Z)~gEeMOv$9W;- zYYH1l_)1KA+dT-V<<^UtY`tMT%xB`?Q}_!pUic~e`U>!4@)9Xm5D_sKt$a!ucZg{4 z(X24to>bb^sWaR45TYn<&oUj!Q!yJk@i@v;xqykI$ARMTk&CcF*<)jiNIn;xZblnE&Q;Vz^fe*>|sgNG~0L)Is>EF()}Epc(n#! z`qCKyM$YF*-w$UY^c|G|_?E$xFcA}EC{qCTXSOi-SyZ7qHDI-Cc?z*J*FekFHUcn0 zjYfKB-cR>d8&+HPA?rKZJZ7X*?ft41~GfYpRk!6g{;^AH?Bu;!0V6>}Sa=%V3$!O?%IQA5^K^4f~<@`1KyzR1Pea!4|%{Q1yMjsA; z0!c|=&b;-O0&ja379G;k)n2)+2u3XWGST_!Nxub1oIqM*0!fdu`V|^zr_RSdTT&AH zle>KU_yM7dB$@hy={knYre1$EHCo{20PU()R|Krre(ZH*cw6SQTI(&$CsKS7`p%== zdPc7914_%Rh%*=5`17a1u7}dfWrJ2U_;Ud@?Hu3K`HA0>n`8>O4X#~8Qti}hF)(Gh zYXSc3UDzWIXmFcQ)moeV>fOEIsA=SY>?Jjqo}1K+SsvY}z1-Wj#NFBfk2~aO%%8KB z4Mj=H4KXu#)>1j(!#zhaxYT zBeQ~2X7F9BicjUsAkC&*o({{)c@2Cs9}!R?n99LO-}L3lQRM@je4OC5p)93(dh`;! zW;FQ*)5u`zz4X}R>T?xYsbsEwi|L9ss#=l=D*wtNjmq+$1)k@%{OOOL?lVK*^M(hz zEoJaqWJO9pyzk3m;DYkmRQc(=%!h@Iumam1L=s+VHqX%iQhBp+xsB|`mX0o*%2l0d zSf~$9usv(!`blawbwa$VyS_4yz+Bk&@ zfrEiR17Cg)?gJ&XP7aPUX-?HRlz=bA2`nb+j`o^I2*J)rRJAUogd2Pj6Ghe&aocq~ z1@)(0MK%81Ib@a=+mvVO-8;dEVDpwOu?A_xu6C92j<*_%n!mYpZ@xW+IoPp;cOI)t zxnOd3lvI;ed|IZvF**TJJXNUm!N)HW1dL@AED(akn4f3D&y=Unew23u->?m;fk958 zMZOdGD=Cccm{%(WOE+pkxrZ$rMkljO-9?QjU82amppAe)vkLfG$KVwPz1HD`!DGe- z&Fyo@etgfss+#9bAmz?^y}OsU!^ctH+JO~Vn=$6Fr|o}uO;wDPw0BT z!wt0s)M!K!Bh-K{6?rh%%_3C}-x%GWS}##iapEtY1!3$^q)CrA>~GOS1EB_WV^;4y z!w`Bq+udoG5XN(wA2ZORvA96z!eANjab92UTWe^g3qSKpXO!j1Eiq=Pjc2TZ=y<6q{Fm-H>`$zC1<%YoN2d|gXYNf+6 zQS&MVJ`EO7=Yf1N4#~hCtdD>>Rf7yApj_9-BVH|v0=4vm-jv`EZjB~hRj#6H>Np&K zOb}8t>v##yXODvCwuc!v5-KbG!^f@xdRRsY7=)Dt;hA>(0bq6j7B3DcLiFDCFxuP7 zB)q}vIm?^?JU)sVUi4?aDAinp6k=Gp3p=WG+kK z0pbEr;E}t_P`Ot5qv8vZbd3(fpY9H5N0=A)4s^Bg6=*JZ4 zu3t-mpkbw(AYqDKmfE$?G0oxyw0n@dEWSPBaXnZ?bphxe&DVcWdD4TCN#;7+%UHGH z6x+Fl;W~IgzhrAa=FE)#W>+%^# z?T>UdJLP^bsFh429Ib&3_{et}$3M?9MwRF+p>tNsV+i?YgwM8aCQ@Y)3w}F>E2k)$ zq598!Bmt{b6g9f{hc<$Dj<*xp0qt%QwJoA2G+2C`uiT|&8{XS@P%?vke&l;6^E))bBaU7+@}>d$G*a5q)$|b z=P{R85?@b{9((6hUlidx?lQ>q=9?p2Sb~Wy3{-_B$2_ZCDf(Xx*0H%9b)RR%(~R&M zcc~U^%sTRC_yXF21%;isi4gJMPZG?1HC%hlPhCQteE0|Ruj2u(Ax_9aX#U|mCSf0K znheWg>T&+9I?Unj556ooEec2CSuD(_gTJ)Q4vlgNEFwj?#@*p@7J2!vTfZs9&PHP# zTj?a6)T=zRk9%P2y!(s&U~ZB6x5F_?IH9>Xl7*fEd$ZZ0N{o_Zo}3Hzid}CmGq$$7 z6R`TDv0~oc5<-I#&jVg_Fin?IQ!a7KSh_)WHFwc!QBd11R)!K#5 zhO1POTG+3ri6X4V3#Ywjx+H7q?S2mP;2*xQTf?pS==D<5{rd-abNs_@avrK9M&5*d zd=7kiXw{5@Wg5%|(=7gsRqQbHwxFNb)2ae(`-5gtX*J972IfqXP7NIow}r&)z=TN? zCuVJDqmRqKEZr$1@-eQQ_^{LgFvxdx8pW>B2Y-;QySp$1Z>UqttIGbCqX}AS&Lnl* zTys0|LZV$?og!{cXo!2S7T*T`@s6&ORy2~|rL+em_=t~Y^(~T&b-7iMOzw_OCU)u{ zN?|`KC9u41&X|15v^Ty&3u>b)2kTSkFrsw(IUd5o%o{vqEBB5~@a)0S4t^wAP;TLA zz}L8guH;7R*D7j`yT|z6nw72{_$!Nj3*0=fw0EqQ#~CR~dX*`hM*Y)J_l`q~rbf3% zr=A?|&NODJWk)-KmKjyut)|kaWgvLu1vpL{xR`FIT?TuQGQ{poDgD}uA!;KS-tIVK zv^Yg-)VI0GS_za%iaFPn8dA7PY(ejno{y99$MiF97Rz4Uyj2ba%83QgK+2pqXVu1X z5m@QbJ82(x64p*jBmDYM(hl;ESQk-WzR0VAk{lEkMj-orf`%d`ogVi6*nB~G}6TL$>P6Kax$Mv>uCp$$Di-k z^{bQ7{YQR|L!P-+0MXxv1b%_NVNzr|_7S?y07Y;CpOx*41|#R* zGw{WOX;BNzB zJ`P+K9WR**jRE-`$+nn(vr>8skD&xPxb*_ZxX1aq?qu;ZY+i=;CH`#INP6LfbC0vZ9yGlMZed9749gkIf$(z7V zdZg+*75~WrxV}t3HLt0|p%RCu*1274++3_a2ybz)lYQvq&&Xsf?Y5;~M~j@O({=uk zxgo?Z-Fr#=MlZke8G3n>X!$g6HveWDzS6=6Ks>6#Mm(K%^2!-fB)LdxoLA}OXRCX>u)n@hBIIP>_4=mi&5dW5@+J5Vc_M|;IAgrv zR16@X1q3gisx? zBtxMh2|a9T0!|y>1UW1x7g6K~-K+Wo?Tt{8())}rl>KjD^nEf+;dtec24&WkmR?L0 zkv%4IuLx`v7`ktmJi;hjOYenPnkXR?9>)PEQa5aHhp+W`c$d4)n8(k$o( z?am$-lFpv39KBoifR2_Grgfqnfc?$%ec$TNPY-rMod6tz7XCk|`6 z5jm%+jm%|!*}me5Zf*A;s^P|QFgJHks5tl1(h|S4k9{Mq{1VX#_`;TkV^XK}CHo?H5Ga??Ib=2YjBs%^!QSy> zJA`}Y?zN+0#U4gxew73#U5y z1YlP{;sgP!r}0@EVRZfL@@1gb<<+=t-Ji`#p?y_7?gi@8O4B7K7AQUMq%r`9FCJ~b zW^SF!MS>=tkr1msVawkNnAq1^vOXgyCvqG$ewsO(80kr)^)oFS+a2UPHX`C}QEQY% z010n7UQMY~9BPM~YkbgEjt3z+75x`=72+3XKiM^A8a2oc0N0YOz|Qd{`VdJ!TXLJ} zVPDf`4&f))&i;!+iY0_&Z+sWX<_Q_-MAa-#VuJ0$G^!-f2Ii8tWi2)dDJy(j=sl^@ zy8|O8pLIkq)GkS?72z<+9s0#Va{^$#-Lb5j@Ok&jBv)(>SzdUZ^?#mx5UbaCaLNci zy@;H`t=o^Jm_FN(!;R%y-*^4PMr8*&I#~vI^AJcX>reD{S(&CP;LD!x5A$v@!+h@%TKrWdZ4# zbv)}WR<}z(z3iQmJ<9-FhMPC}CB5VYDqJve89C(f13Ac^1b4pK&R9Xff3#|R+7=%y z7b(u6Nt8blO2|p44LyLZTE%5W%Wdz>WfL;~ElZ}qo&gv&56lUjloH}LUSxW)xULVA zf-6_V>^1_YWNI(uKpR?czXvKx=#`+aoD+OUD3m+KK{CK-+CKBAUUneD4x~jO!?C`~ zgbS7YU}ssgcTdo@+2O8&@ZZSo!?TOv_c+MP3X89=9>774a5n#1Ww0SdB*O~X*kbT+4i1R6 z0YQ4J*D5cUJe|WAtcTSy>v~aaeD5Ov!XMH7D;Vz52L?57mY-TzSAU9{ojz=x+WrJN zU|R9K;N%Orco0uH0(VB)$*I9B$o^W`YYX^nb zKC7n%?*g?ZNYuP5;9C|DEo%7bYfU)h+Mc!x8}#_07B z5G^C9v8dzye|<(;Bk&)ecl+ua6UTr3AQY!C^=%VFG*}&=U&7idi2Wd2?N*m z5{o6?KwXZpVhPas-Y<`EOSD0Aih5hXS}%8=mt;dh^@WeAxn zq&93M1||X=i!6D*EBrtU!=k#rvX7sH%?n@L9esYp3!GRJ#hv#+3rv~GEyitM%QI5# zjze12n;L>A&qp)OD7c3jVQkpg0~-V!3moHw`Z+Iva@l#Ei`MlaI-n2I410EMCaf5_{qO{+Va>&C`MUfr(Ag6Kp2gF%o0~t7uC!!b-)97f6X={C z>an{YmC1Klz5fvfNzu`p+YfxgIVKB^B5H^0kYmi- z>W3&pHfrVTxX0SgbFWU~x+lfEqV*!mrIeb2zN`B7WIg)CcAup8xo!54^1{}ka{j%( zQwt8b%GRJFldMlBf$SnQIUAB+!%~cHqo-~wMFtSx@>_#%vov1n?uBKO@93aTX78S( z&Z=-(Tx`8HsLx>CUGPJJva>=2s?_>mC=Bgr@j<}Q7+`!_fSd27BziS(t(iuPfUmLYV6Ke{sPn@eR7Eh} z)!jMpiTQqMn2UWzrImK^#qLgDeut*%u0 z4C1mPjCo@By)&LM%GwpTWggn_^28`!^~GKTa$)dS>iz_hC)2;GaWM z{@HQFPXFkuXp`_#x2fd03Do69w%WGfpG&6rQAsIu5R(hDnPHznP8H0(2Z+S`4fYXR z$eCmLn)i+OfVB=2<(EDxs|6%7KbmA8VYF)ltv}UnRd&%2-`FvDOQp)u4u3%F7Ck;w zLl|q#<__#S-+2+|vBJla5_|_K@=2elfG0#Ck4nPG`HXLoAcD)*lG57+7_?7BpyMel z&q-#Xrlk2JI;}pWm6xxss7gYq)E_;aTl>;vfYmvabMji;Q84&;31+CdK5&j)pTiY` z8llb)&QSD#)hrxj7}2w|$OY>bo$oA3HJ0JyQR?Lm&~Lt_k!se)qc@#Zue=2()OObX8H7`ZCt zoVLauINRl8xKz~fDSuu9BX?CLK?#GC3s+E=BAA0#c*DLE)NLP*Qm@Kel@E@*)IC1& z^K`BL^GiDZO3~BV~_0arTf!EfS!d^p$J+hCRv>w0QKPG7P5h1S+kp!{)*ixuzPd0|7xcJ?s+q z9?7F!mb!zI927Uw)Jz9YaoqOm}hk!S% zK}Jkq+mUcaH7idB6~fEC+nv7=%|1@YsAa-@iikOsn@eEEJ#S-l-{43w_L$P6U(z?% z8jwK%!Q+iZ&q26MMr|90g)L6Z;3WiP`8Jj_F377j3XgHXxs1j*^f$sVl6%Yl%;E)e z(^O9It~Ismp^Lh4$UPOiK=s^xK>KiuVZoow+iGmPcy^APwL(R--%JRv9oVE78jIHv zGrUGeUSq{t2k{R1(w;1z4-rO!)`-F0&GX7f)2G_d3#l{2+0Fy(0VzJ9fmOXnWQW8L zQ7l=}CB7~`pphZ9(Xc~$*Pf1&`Zwh^IXa5~5?2@~VKg6&Uss0pAwU5F<2^0f43zVw zmC81HRl_TRi#?#2)eQ6Wf2GS=-Fpl--u(1KRytM)ctFERIUt@P6V#+Zrl)B?IA2*V z1PrazC27nYeSr>7u4~GAe&}Im6a)E9HrS3XF|ND;@juB=i6|KWGqpgJ;=1q4`QR#9 z|K}~StHjgyKNX;^(0|gJs}d9M)0->>o!+tBI?6j`Wwcw{p4?d{9_Yu`67lUhQyHp zaWDRnK{d<+Fd9rvexyheTFM6V@_tUE2l3i}byJDkumeHlku65FOsA{eC?Wz9Sm})<(uRq3bpD-a4a`7NkwCCR{BaoorFle zF$+|Gu;nR=%LWW+^xc#V3%vsGygFW%pQy}V2-KTz^ z$kgOF+U6Yp0~n+ponj{z8+*?&vPDcG>qfK$T6BjeGFoZ%qS!?E49f2QC!22gg{Ol& zjczj!6S|`n>TV~qU)@KMZ7n*3zqon`l>4A5B^b<7HxOn&Ec0JWe%gnRI@y)JoGaTs zvjSi4mmHWbZk3^!=tVk7cRnebn!imCd#^7yoNt-BNw1;Mki%Wg)VDILsKgt-Xss+& z`YB0@>`9l%%?3l`v)gijC!bjp%C(CIg`Ag{2d%f@nGM*0V@aO9uqCHbT~a}3Vds@G zkBf^M2_7pLicTc#YF!kXg{SY$ezY?d4zE;*h`p%^=UM^#nvyL>J$=01``v6-c0Mr4 zYkHOcDk%S-Z9cJRr#Xt*z2iUrR`i`Mb>|j*uLFS~>lF1@I|CixdnWJyRvz!?{d$*; z8(zIi@wXa8Eb6#T=Ha&ahpHd9c=oJnL<^O7l-eVe_UcYfSEKv6f5@ znOP!9?#@S#e;V~C&D1$f#rjEbcbXfe$o)I%Ds*ZTLA6|no4vT*d+tf*VGa9}T)F$O zM<$OtUO!6Z7Lda2Pg6Gw^a2eOy?tsTrILmkt$pu$|07=fIu{!OCAe($zEABolTb_T zLs(59zvcYKrR1{(H!H>MD7Q0$1iMOwXHz~M3)@G~Ry_ZgF_e*4`rIo{QsCfsdvx$!ci zel4p810zl^FE7Ekx2b=|pgun8>}tr(6@QjSXSEgz)QNaJUnRp#KSo*A@>rkvaA`75 zDI}T&-011)o-7+t(YBJxAo%$Fcsm^8&AUp<``Gru(reCYwdF}R@q-4$Y#n0O)nJr4 z=eE+tbxymDJGGlj)xrlo9NY|PQH#uV z!#mz}JDR2XoqdV?+utUM_9%(?ufRScStx?4)wl%Av8d4DFh8nsbl5yKJc7@_b1dTyCte@!Kx7?JgzJ!E?^R$E&Zm+ypx` zOD&gw@K(6x{@g;5#1or~GFNrs7iFq4r5sk18fm$#6I0ubkiD>oCJl;>^35|WKKO%p zO>mWO4}Y@(xpF$v2A+ZC4#@icya$hcpQV@T<6-0mV3N}+qN~H5FC$N^t@jRX@Uk2b zJn5_NwmbK9ymcJ8U6qX{jmhhDyki#yU4cC-VbNfZ2|1e3pS$P{6b0trRj|Z=H`-s{ zwKNLP*x~do(x=PjlT6+B;FfU3IW>0(l%StrhbYymG4cabqwZ36P=AtAA5Ch7M=&4B;YQA27_xyw|{uQQZ z4na5!x*}{A+afu5kETeQoIp=$+TYX!4OnbGCFr1a+%)F<7~(VLgqi>7aB|{o&NKfl zFQhDo2g$^xfDb8abR9hLwM&-SH744CZhun>j-kehb!!Qj@P32$GzN5;^p&e&C_8|H zXMMbAiYIquQPsc2fw~!a*UR0`5XkHgh-W*8H@n6Dc4arg67b3>?7nF30w)MaW&_8M zt^0Y0^zHE44ZIIYm7ToYuG2`CIN~v2PM|s#4p9Fnh;5 z6AtdC^`#A#_&aAdzR6UFt2!2J>4r~i@u+2eD2-LgkU2dXk~J(_AKXWV(HL|` zG0}QyD6roXZz?o4oT;HZq4Zey(XO3{@~o^@YM!&VV-WnYV7-(=il#o`<&itt>Gzh; zxy5p;K|ZioH>4g+PN4VP*c`{smpHN=$AVYv_u~?pE+2(dlxYfrK~ZPewqz6DH)>UE63)8*hoi{dw*7adfn9cBJS(~q7}i)^Z7@KL z*Opx3EL}px`?$=?pV81aIL>Bfqe+J!BTC!l+vGMEC}D5NC9Nnkb$NzIkQ-EKr{$NssdE+ae27r8 zRzd!=;!R!VqY0kh9I|nqh$x+`J9sSW3d;E7wusop_QaaC&njQ zNL$Zr&SL8fp%b&yp)7%=>9V=!zTaY_p39IYgf$7iL5f#@mZ|Nr6crAZIfqBQ>#}F; z;yB68PGZM(m5g33kvaE{ft2TZQOIviR&>j7h7Jo;3Sazz;p;}`)+Xz4>XCdRq3IxJ z zh1diRgGbr%9ZwkJOu{ME*&N>OZ}!ngH_1w*B_tT8t)o3&7H+%j`28nn)Pvd$@A=E! zGD$Zno}#<#v*B++8|d>m6NWDEOX!YyXd3m*7EDne4^7-C$`ah{aUXwX$xR(GDnhGY zdFU2yqVckfol*iT6Lahp3ENdLQeh61%j+c0ZFurDk@e+MCifvp?`CFfT!AlIf)lZN ze+1>rBuOC$?Y0d(X?cs*UHl2D%SOTRtjL|5;*ZtU7t>ga^1AiCao-m$oo6$4tHreg znJ5)Bw|Ks#0SaQ7=;Uz#Mx!tjcf!d;ORv9v_8Xm0DmlM=?U+Synp9+^Z|k3N!E z7Vu|?9jJ>7ivoZv_#B_#sYdXq9QmgwDc_TolrP~RdSc};f0o=~Qouy3A7bj=EL&_3|JxOhqODw&Mx? zh1taU-WrFeY*2Sdf6S4A8>DObw)lxFQB~1}UlZ%7XlZQvqMp=G6<^lPvufF?&w*gL zEf-rE2J|uNOBT5{2mhz5(A2aE1bp|wmgFbT+j$x4TY&HwZXrOwx)Vc zq=k)&j#oJDU1%72Z0aBEtK&mB%6nK;e@HWfPl*ts)t%x!+MxI44Q!IFNY`1Pu(DK` z%~8N{2DjYoC~^c@HI`(yAZ^N!Ocb`-fK{i2D$+R5&b;?oF>buo^9Knv+k+(Sq~~R> zU0sVqLbX&<$%kR>@)2p~qiccw&%IFPQ6|3Q)Y%0FQQV<}NORV&4ki?GBgj_{Q3SDB z#23~|lk^OimX8#tJ?PPk7q9PFm!@4?z#L=ZG=DLJuG?N#Uf5owe=yYg{9J#P$GN!< zn_s(QhesnMfmx30yd^{0Fg6k#%^ZVVq?M6_WQ+%j#xwTj;s)V_%5q6{M~i5TL5XJI zA(v%^l8llsbqNf8HX;hrtKA3ULPa|Zx+=R+5h^;)UM+gG|`~w ziTV+r#oHrf57A|hshCa*#aAje(4Z#P&y9F~#Fq3Xt5;6C)uOeJj_p2%G_nP~pcCd{ zPA+wVA0|H$iYwXW3^u9@?>8B`)zONN_G!eVCuHxegA(IfLR_X{F5I?rj$-6MW?*8a-@m(zoQ8^9$ zbirbA8WSvgn&9{bb8EGdYAeXrLFge|W`|s&v6D7~9|(iAGWplaQ21BAD2sxszS{9s z9yXwperTA_2b_uJU=#A>o^eh9$NgMAZM}l>&vH;RNtpiGoJfb#?|XvZD4MZ%)-6|$ z@P@zNxx`bm-mHCuAJSgfy%@cS9s0-v9@Z{ch{Mjr5N5d=FEWI%`x$+Y&;srjzY7%x{(Si;WQ$#O&z`P(|+gC?u!c^)S9rR&XjDQP)) zUrk~?^hk}x$@pGXTE3X+X=zc!^W_|e`m^qr9wr!`q8t|7Po9O6F(afS##{L^uOhVrC!nRK%2P7Rv$(otaEeYm7NE?P=| zG|17RXqPwsIgnqGU8jiFgB<$UBo~VL5;z??a1U~D3IpKZ_k9rfx{w&Ms3#+*cPu6W z!o&C7SW{}PQy|LI1Dm;~B`~zn_R+4{fZn;!D73t?v4~x(xvk98_mBd^kX9wEFbeg^ zXzht0>&hRF6=sdm;zk1Z-uq=EjOqjP#Daj;PEsR3Bi7=;NFFRK*u241iGJ;w-{H3k zFEs0&Fo9oGAacf}e~wcHM})zgWU@rp;>8Tyn96>73*xjzOrl-X1_wdXT_ClV!0}4Q z4`!eI(S6SN$APek!E9CDk6%4F3f-2;-gR5myCVT5Z2aW0cGJ#Cg4i>_Q8gZOjq8WH z@p!Vk?lb<$92&B%Q8<>G`C{5MM)~|eJ(lcV2J^`hJ*AI3op^K;wKz;rICoiLWLaxG z*AV=HYup*wy_;iP@XhkqRY>ll4-^P!EG4EJQm7OP zV;g2>K?(E&Vr^Jn8R`1rZ`!-~Jh*H>$8`@)<;4RdKgRchBNw6!2BN##WciMl4hSB_ zAkuu2>Pxm(I|gOYNe&(q;egH%+`Y`G50l*jeG$0kwH8@t$zpWmT$?*wPSqpfQ6Elz zMR^}rlst?oXcR;f2WCqa29@m3WIypf)q3Su5}S&`9g=MC5=&-L&96^CS>l@Y^J>!u zj%&u42{H0q{>1BB*VR)C^-D|@{>g2Y`I4PYYX%G7LQW>* zMw8-lx#JjP<@s9+C(>Q+nvO z!}EJ4-=^{bPG2&xYIb45{@yABu~~qV;-JdN3>doGQ+F`u;@bC39F;y!+0v z*F44j@SRDbEn+(?qKkv3Ev?uh>-VPZ=ELT#+nyXB?J`DM%qKHW5Q;-D#@YtG^8L)d z(1H?-l0L7jXD0)mJ|T(KM5pL({}#VwJRDw2KQ#!|?_i(+%w856X9zh1owpQAILG2< zQ_;JgBrIE*b#~_YRe5auG=RZ=sMIq? z{-!>s$Gp&6P1y>NgJl*nt>F%lpE+SG#ewa$1Y>bfJHkWo5C4_A*Bj|YtsX~n+CL6a zdW4NPeR138EAFCWKrk4!4WlPGi>j$qei zKc3h~5se6zq`K{Wn*1tr7J!9T-AS0q)AoLqIWDi%+>Yn-zGIhdBjqQV0RxL052>D)eLY8@m&JL^7|wd%j^eIUnO>?|v=v1DiE z5(bSW_Cuo233-t1{4p`=V>S=1)9O}0h0B*zi&NpTn-P}#$#@B)93FmrmVT-**Y9(& z6*BN*=Q_b_M4;`wX%-R`w#Gmd|{{i(LwI$0?5*jtQY=yh}C=Cu(2+LefQ>x&9PZg`0b}KvLBo8Cf zmyX`U$5<9jz+%X$`u(YHfi!;nAm;6%mc@dReQgs{;fnREJs(aJA-ZvVdNbLxt(Jb^ z#k#yak+8=_wY>X2-tq6NZo{o%v3HBscfytO8=ho3X0)t%5N$j9Azl3gp`?2u$x(OvXko5=V$a<&v2QldP+a9#v-NJLT)y{~W`=jXcF*SS*NFhFEwfhbs7iVnSOm1x3bl zWsMt64sTftouA5I*uz5Ys(@Th{^v;3{)bfpwFgObV5t5&qetyUlJ(K3e3GM?`h&M4 z!!3V1RA{0_I!B`=hXrX{4AtQ2I{UWnACvvu6G>aaQ%Z=?yxC4y3r!X(; zSBrC@{q>D=@*0Pn0L&4lf4g$4*4)sevEFx{vd9M8Q&(XP?S%8!dr2OdU_teZ9V^E~ zm!pSoC?BZ&%N0H1O~9!`)$aA;DtfLmPdT+Qx%O*Ut9ghDHx9|687k7~rW|Yv`^}4u zTQ^!y1wc4<7MSi@xv~Cf10NMD2q3#LX9bZf4cT)Sa@71}&(cO_z~%8gkB;vX|Nak2 z6D`U}7xe*Igq!pkS$xLBhV;jrQ^cnVS4O5Qbm=%x6CPyg{h z{MV1@R^O(h$IqP#^e9;xib2S%s_eOwW2d9yc=UI$fk6^7LDB<0;vbc;r}Xotx_Q+l zXpgIzQ_=ml#I)Iu99Ws3e=714+%#g*BdI9%_zhk38lLk%_nWJQ7h27oR9?Dw%VMIN z<$SP{&ghy+0Oe_=S3Cce6fZ#D*wP6%RYiB^o3~?2pCencDoPl(*zp!!&Zy&KM>6=(Z6^xk z_?_%srWq4Lw9s4Sj1K60?c}iOqhB_a=YCx-)Wv;cq&Oc;B}k?}By~kEFb4;&fA!6B zXP9HJX3}M}1)07ef}|^UxyyYS8?h}O4TjkqxAg@5T5{&5+R;(?G37gnfBtxx)BIC} zQlWue)-fu__LJR$t^!^dz$m3%lSB(Aa%iHk)GD_Sib^+{J!%MMiiuyNyE@`-th8YR z!awr1+Yzi?tx&u_QQiU{?==gHdPhp`KQ_0(Pt382SXHmbeI#P6^bC4IV1JV0mV4w5 z`r5!YY-X!W;cw<`q=4Z$xLVU{7EE(k}SvJ{>I+7CF2fW?2<0Y+=?~ed`}P@Q-%DKuPb;tR_x&km*YTse=f#A)45X!f?<*s zJU+EDa>ViQ@HL%17ageph;wSWCD0&E#$}(W`g@JvkYM&w7t7Q&FXFcXXD=MMZv_=R zjArrksMK#yG@CuSFz0e#+amNbf1vW-|J*uDCN|8}>d{p|73+5b5U=w$KJ;hDFLJPy z2q>j^*~%LQ3Rd-dA)q15fkKipWZB!$J--(8vMk)Ej2DEr6$ghtiyfOx%!nIb_6 zS@Tl?Crn%@2lf#Ky@bx!@`q0~51Vc+iw$Z^{pezGWiWx5+JTC)A6!o?5%-F2!9%@$;*Yd{!h@mC+TKAA2u@-($$|>0uh}hp*InDm^1qb) zee_v=^uZ0_UkXX$HEr_7FI-nGvi@SkbK(E#`~I&JNQPIf<)9v`xC8`fR7YS|5kNn; z>a`~xF>(}o5E2BRHx)OYcB`Okw@^=5-v@{9d44wsrO+6;JGUP+s(UJU>et@5?*)!E zp^A-cF;>mQ%%}P<$A^}n^>fvg2dd{GUw<)>Yjk|Z02V4kw15RRvhQ7e^v1!XDTQu` ztSYGM;?xS_d-tXD7BLE*?Y16(3K0>eQ7237`Zp#Lf*e#xlb6&UhO!{nd|>jYxv|{7 z?B|(9q!t*7 z&uRGIK6H}H$_+U=vx1N&6uM~LbvS1L3lyGr6AEsj2TZ3z1SAJea|?_UW~7%e{+DYF zs&k1R8Xy!n^j2CuXFwl$@R0iH^48r8?H`YMq?8-@rm(#&Ds4kgpRg!z?P_Up=Azky z3LepAS6MqOZ)OKj;S3UXsZN%M| zcK}1IF8Y*P0a`^s9Dn-Bq~}E^9x3UvX*mPCV@JUcKCyq<5oo&T1)0=Lap!Kt0gCnW znE;0c=V_gqWLo0LdecTpglh?vbxTP#dCaeJ5&x&m^tx5@VT+f*;oJYEaJvqtB7r6T zgPvU@c@To5-J@Opw1;gj^lE8l7~uLXB_d)p)*$wHG&8!uLHs53OaJ<_n^nk=gBME4xfa3uQbB&|@Ph-B=X{{b zp~7tohtZeu>DEZ@THI{#1WCK25pZ@RS{0kw556 zE<&|1Mux(b67mZ<=cx6Gv?5)UJhRs#w*ZO0VS|8qeIzAvd`b4jds~+ z=lVgbFhDdzQYH989eYUho|1=9C{I+B)3Un(rRta^S_e2R3T>F9zKDByzj#pVF>tJX! zACTTk0ZvnDU7vPJ6hiw&I!kk>d|_W`V_k!GAiS`*zk8PhS}V3>$av7j$kHF{E()J@ zO~?$zip9^T@|VHZ7su(}m4zlra0dZ#vyaD`M3M zxbTs=VOKWxF=Wv^#+JW!-*o+cG)>-D*zGTQXbSMvY^BNg(6cpiQ~Ma5D7oOUbts19 ztHb7KcfvJRqK-3Z2w~Q5cqL`XZI!4ZvGvm2VQA7ISJc;HLUh2#2h+vCCFQrlpi*so zmqCcVQiPonpHWk#f(56kRmB; z{Wq_rm1#%vP`_SQKqvK52#Q)c zgn0Z(&-P$*ov3Ow3-7W+o6X6h#q97nF|u|tVM1-3xWh-Pe|Mbw9{t?H)|+Y3bZv2c zh2ioFJT$Rx+4BYFg0|GUk760kdk5=8=~-IzP+NS^tn~NzK)EZ!1?K9t!zCVrKRtc+ z_23DIo}ny7kYqq0r21Pm75)Fi+U-2A~mNfs;bddu_7XU_S& zz$;->9wU%3l!;SLK*~5R-clAOQKZfJk!5+4X`CM%$7Lf>f#bwKe5jc$D(53%=rBLZ z&M3A`tqsh|b9O3UvfA*6^b3MsP-g$c%%2z7@paMid}Zh~JSh*fH09`Ho&A_na=@QNAhlhME;Oi&UdDf} zAmC{wxk{GDlb!;75uK0iV|1&ufs50;7YDqEm+*%`Sds_W;#{s`j?hATi0_`g2Cx;X zYCB9Uc0!Uqw*-MT`SIqYdw$0~ROc8TJ|4_Hpy6-SvGheoNbF;b6MjmY$uo9jEOxMPupj_QXucp5*9=llQ=ySdo%$~$`b_Yk96x;Y`@0A2- zoBNb5irC>WBi!7ulELXmH%eN2h@@zp%@*MnD{dQAZ#GlS0;r@YfH3GK9QmK$OysLu z2?-t4x_cxLWt7#jbRCdoW(atJLBAe-_;Z4UNK&DW?0lB?6VW>`81!uBoy2F$2S7T# z0s8m+092=2GslM^lxW;0fnBbFFczzWzO7-MaC+0finOUYF9A^r(Opk9h!pWyU5TS8 zbT;UF-2h-beIu7A=bE7F1b`p~eEsX_yk{(*0b0^Qke8nJ^7S+yJ>0yl!Kz#(e#}|X zb_&Su)ahHo63}nphCex^!EhjoNt<@JefN?Y1DuYMx1P+)ZH7AdmmkTte*^BEugHC_ z*~&FF2iCJ6l86Rrutt17pj}mK#5mRd;eG=6PR-#0t!E|8c)jq>WIZ-#Q`5_P?KBUq zB4-a-Z7H*_pA%Tu{)h^niSS&TIltHg9l>v6hr2U%z8t%k6wTm&NhZ2`gL(9_~>uX?RfivM8D@-M{YHw^4e zXyS~r&#ALvCIZU?fIURMNAXF|k6y)lBMNzdR8iX)0C!jh06!s zz*ghQq^K}SJa7h;75)-OTs#}Y1+ziOM>|6*chlQ3-|krq2h>eHdhjn=0fn@Ad5)A@ z>5DGrX@=KW`s36cW)?qg3ZlME9t9gryY%pkCS63OCSmO^Tn1zqZqkdZyst+(>AJl_ zEXiEkB5J_~cGsdM$%x$|+x6(cib+qj^Nm?F8fsKzZPkK;EFZm%C??dR9+j#Z3ej@V|p0sYhYa- z6Cntug=-|CRo{?g-UNqfYYyNU@WuW|U?}C(U1g>KEH^QBn8knzM@O+eq_$U*b79Y4 zhWeypZ&Y`#m@?PYKjT@_)i;CB!aLXReLD8dX%j0@Tvt!BvlzmNKNF83(a>R#|%V_cT==wKk$KBLg z^RCh2N&1wwy7)y}rbg`^m8K_7u|jB`hk!=$@+;WX}CFjvr3D&-Q8PB0G+iZZ@%JQSugnG_MjmbkP={|#d!Y|u8%ZL8?%sBjCTzy1a%H}`vm&)UEWu?*Hp2d~WPT~R{pVHj@_pM9Zu`lAf{l!>>4NUw# zHvGnTte6#m?EdXb(&zqv^VZ)`__FlJYS?;vrRdWDT-!(MuJ09phxbX~Qq!IUIi96d zSi`xEhSf35I;tg%Z@ z-L3vHb(>GW)ohoknIfyW|`iQ6K=;V=)u_-TL2YKg=Bz(DVYB%L~c z_~nquQla2mb;o__H>zeXviZ;+hqy^HR{aCnXq!eo!UF7GQ8H}vVw$Rob=lKHdH|og zc4I_m%g20=rFfIVYt|=T!=)XPq_b6RH_fj1d(y6M;zDpCp>o~Jd9+UuSGgKz!(SdN z01ivaLf2zrYU%R-lH5`Wf~3HTntA!;%Oy79=i$4rr~Mk(W!AL@gd26N(p+_WJ$N{O z#4$^FzbZ91HF!muxz|A%@Vo%`N8U^JwL zlsKo=9P=;RVoomV>G1Vj%wNgZCmu}q)RU({adp#Fr3BHX ze&FM-176_^yIct>*8X7QEo&T-s%mQ7^paE63GU7&oc&@cb}0xfRpA@^nVU$`OF-T{06Q)GtNJX(%dxE&$Z`=2xJn z7&HtC)h;kF4NeL?rWxI%9TY&GjvbmCWjw3M?3W9@V7hoXg~~Kzw#yK3M0xEyCw`L! zGM3afSj$26AYlR@{ct^`l=m599y(#=+gDgGT z)gNG9)a_&)JTDfhRdY{iII!~^*VXK08Nt-;E*r+Q(FN^yS>*M$DToI{AvUO6R45#R zP_%A?g9Cxp6il7R9DTt*%)hNg&v^ZN=jD z@s7kOKSTO~phF%&TkI7@D_*_wlIQY1hqs`*G^m5g3;iNOvx~#;Y4nYLm z34F_0vwT;f1}O!ZFPC!g9Kfo>FuIo$Bwiq0deT`-M-^sfEpHaKd3Sd-NMCNxK)S5B zglEz5W7W_#f7;+nST2W(WRvg5DZu&ngw?Dyj25}QCdeB{>=kAJ%)cKGa?0nY`AlM{ z>{4NCyooPV;ui%!F2kq4SJ5G%o*S2-UAT)>JS+l$17pWnXbZ=|mnC2pme zG%Rx;AU!UO4(F9-O#mF9g17I@fHQ&O*_53$?K0Bc0-bm&c>N6RbHptCW@)ZWzkVST zF=3ZWb-bpUzwbW^to;Jbt?>ibD4Cd%4^B@wFHZ~dHR83SUR&H;az8#^i0{cX3EYMT zMH_x`2s&V^5IjqvD5tsSwlwSv>kF)6t)8nw7#!s>RW@VlxQ>_W@2a05^m?j>CL#bU z5SkgPlnrmA!ylCT-|Wvc;;W63f{FS*o;@s{u;)LkmQs8f`0^R$HEsiX_06gjX;ocH zf=b)cJCk36v6$2j<&@zPZ^#;aPO~f8pOam}+w`#_-)E2%B4=cB<6g)v8+|fYE+~6v zbeO$pXrvh^>! z*h0pwQ*TmJ=pSxwug9S;5Td%Lt#EugEX?c7We(acz5z0OjsCq|`7wUeK3PyX$c4#| zaa_j=r#(tIZyloTJ*l01QaEk9v;FQB8{54Jt>XL9T%msUkPW}L34p~|K<3Gc5{wzK zx7f3XR>!;Yfx?~$7W^66hzYTg+|Bfzrn!gSL2cJPIXIgY?3}sPIvmj5oNw0vnD_u1 z^4Klt5T(^8Zx8JP#r@WVHJ^yUu_)=Ay+vacb;RYbf(SxJ{pW0MEW9-`y7XZS;Rjar zi18#1k@$tttICBwZ6J2El)8L~Dn7JNdsYL|!;dG2$`lc-1zsbIOl))_bQeY2ZSGl&yo z0Rgzj)6T%Z5>2X(`nAIlo+#Rln9KOGPRFb5=!((HtuY`R1hRtjUb`7%FiJGV&E{uL z-N#J|6Xg)DexFuD`Cwi;tBl?>t^AC6Z@Hd>j?dnLyx|3zeDAlp(vtqwqkaLS7zl+? zW0bV<1TVPRYjs-_{%|OszXpo-WvLh07G>U^Mt~}iv3)843Ne!XgTMn+5U<_7ITb(T zE80Ib?N=03Kv|9CPwC|U-;!s67yv27o&#xJ!}3SR-jfpf0=I3#zvJSxacE0p4pQb; zhO`)HsZX`{bagsB`FMTCP6&QfO`lIFSjf`;;f-E8VfG35k#5a)B~S5q&FWAh;-p1@m3xNU8*|q!P&fdGJBsmOW@CxN3zz6s4uf3P}j5 zMPh=i*bdOG{;@p|ic5`uzU5x>3UvczUrP1{ZMBP|9B(r`2@#-mf{=tmB(*3uEET7= z<4E|{1$X%SJ<*Tcw#uYn{OuucLMc4GA*cOr3#+p!vtbHWaU4m`otJ7H_I2~3j$Fz3 z4+Z={`5+IvCF~;E8?@fN{gZXq>^q(oTG--zDA6!jRo4eseY=eMAz`6+R}znBP|F5h zFh@M^``v;VPdc#&9Eu3f=e73%+c+fYsKY8Ebc;Cvxsp4X>IO3VOkaLW@pU^MaGUE7 zb11?JVqF)o+^xPH75>c~5S(G_gnq7U-p!(UCTKZOGDv2p&V&@RvJ)_ycrfk>d?x=? ze_!?IQDv7>N=_5&)~g)6;>nSHJ!Zn+xBZn;;fDSSAubIbE~kX3*tXfM*4tU0#&$5>7wu{GEW^>By;46`181R_WqPJCLF`oTsM<~Z81QS9V8~b0?9kY- zEFG5n6m@_17Z8X>l-V6mkiZd#$CT-Fqw6Z#*xKd%d>3lYv)0F4uX!v(4l#7I*^Mn| z3ceMAm{OBQKykWQ;J)$8SC6naS-`e6k_t%!+Lx#1oBQJX-5dYQ2)g>1-(BP0zC0!0 z$~q-}C0X#KCWntWwZQ5V?)TcRh}$2p`E#B8+m(4N5PXAz3m*2LD z+|_P81N{wpLjPQy9$jw|$LwAtzlMM(-h1ZVM(Y?BoIdPuorCTHP`kO9O!-B5m#R0G zGOLzsc!^%+J7RFJYJm^9;yhn;SdInKmu;P%fbRj4%|5A((cS?jsLlTJ=U zVsdQTeDTCqyN9w}q5RDvowmx!^`6uX?{=HxgHt%D8EtDax-@!ImNH?1G^?<82fvH( z@DB;tV?7dF+{wE7vfyU2+!nK<>ZL^kz#?s1OnS@{NQDw#LIclmm^sRf4P8_T_rf4! zKFJAYVuHGWRA|m2W!gI{$upevK-d+!5a~-L!EdD*oXP{@Th|h0_6^9h$D| z2lrLN8O44>QH*0btH_GO_Z9=wgF_3j%>gLYh=6}m6+QcRAyw+b~`$#~f_19l0)Xop3DnZkxz< zQ_0bVmQ%O4&NCl(?XNZBfayiL$Ia^K6RTheQo9x=bNL_<@ZJ*l!L5G6pUt>_LZPip zvICE?U(O^(gN8dPA3q*FmKWlww+`HALR`;V@qj?%GaN+FtTbUvF z*l6a_<5T2M0r%OX_xt=0lV_roHnogUueQ?1sysI51G&yz)}`$sfn>) zg)~+ac!M3ZZ@_Oq5M$NyDrZl$CS9POWXb*GcZRJLPgF;CQh~wO!HNOJXAN(sZp73H z&AGIUNcU07sy*J2rNKelI>%RI`kV9ZEiSi`TD!TxGP!l^t`$3EZC*7iH;#BCehwYA zW)H!*t7Kj4Fl*f2u7oS~Khz`tvEtfAt}{2R2KwhbNEhp^nO$zm%Gext8>*)a*R93m zWKxEmZ#ep=sLJ63zG*STZ)yC?OvAk07nq(%LwXg(2i_^tsXN4iAW}j%$xH)Y?=SA(6?-JSA%dIyNJo)ZG+|bX3YxXaqK|jhhHgg{ z%S@BrEUJ!Gy|9@Qgb!tMI-@!_R*3`ZOI(Xbj%E_5!k&mI4Y1q?^hvY=Wp*zq47-YV zESd2bp3M6Kl->@s(1wAX=khWNHCG6Sbqe!X8#VXL3QBAqSyKHZBr521Wn}Ho`vLl(06HOdG!zH@6o)imS5rs?EtjI_Ji3p zOS+)~nGC3E+YQi;HvDEBx=ee4o#fT(WbJ)w=3)8+#iC3^^u-U^Y2ND%+$tmt$=Q?Y)y%Zy#DSj0mTVw_U{VPXX)0gn zw9C3Tk&fzn=K1iM?hPfnZ0D4o-}OOv2S4s7 zIoWi5OOn=PTu&(bSMstR=y~)v`6FbA;O3X*JzIzO!mg9>C6XdI}4_={_rG+xlm$_jvbu&5gT;ZlbZ8oc!tZa8Px#QLz@dAV$sIpOz%TxnCu9 z{n2``Y0HK=*IYrE!aaE+OP$bqk)+tjT{SDxU29KZS6CQ#nc)}3ok)uKEWc;;)uKYV|!~oVwo%cJ?HK}YXPHJ`#8DxP>6+_c>kJZN0LS^$bWQL;3bf| z{LST$KLw+dU4_2m))Id-9BijCNc z0ly;iKN)fEy_U<)Q5pny1*s{NG9J z2N?N=*-ECnsi)^`N+Y{xHNnM%8d5o>|5kTXk*^q4{}fv&=kr?)r+e$?v7@(Lk*FRZ&AjcigCYW!Y1@$dbibPe9j6P zQr*0E(&0t*i>vuXNhA*f66nXPO8relyJlj&ZI47g+`M$hEa3%7Q708|O<9;-nIPf! zUy!flqK8I`!BtQ05q^c7;m%HraKkX6^S&T5gQ-*7lH()9#WedTQ`$3)!=LMBz61*I@B z5kGsD#B<(%^c+6{Zr6=Lgs{>Y%&aO5O!b2*3|2N&e@TS8JvI`enJHrM8$Vj<+R~ zs7Ji4Lkq$019%yOU;f7+!Fu91vRK`Ilk z0+kk{xw20vP}jS~#b~kx6<^fj;b-@9c*lC_FblZMX>Csg$&p0Ne({qD@4qtA+bk`gb@zzi zlY=1d8`Tqz`o}~bvCa^Md}9URZVa12QmILIx1!Kvm>iN;YHyRkPlIBLk34@2)qdA2 zu69C-9o}al8@lOF3A77fPHGJ%n?9Hg*4dE%^hceLf$V*_b#LnR1|Zt-S_ys3sU`;w zD}O!lv`r!`%z`ZBmETWks8A%ChG%)A#YCgWPmvkdNuVIUjt^bJtbNMJit{nobXV zlRq*@Cs8dtSDDV$rT@aOIWgaaMm7b~8J!@W81*8o|tBr;jsa4D*OM`*T$k ziEZ0&6urdmJ_$2NXzn}nD4p_{ehHfZl$fTlW0Mq_^u+s6rA71H2PUez>I!=qgGjY* z_?>jFkz~=_C1^T#B3nhM{f%_f*!%&pN>EA!oag<_>jah6p_8ipX57Z z5AbvH?4(p&NKIQ&W;uPsK(Wt^F45fswQki-E)gT@F%#^olcUE3k~$&pl3UXa0&MqF zdpCuj!7Mu4=?cHTn6GZ{=UixfWc(SlG?u?5U@>?mX>c(Y9ECWje~kB+(>t~P50h(5 z!WI!}%y)R4UaGR|mNiBt%cM0WFg6EPWoG06DhxRLva-9Z5rnFFQru1_ay&mWSa9R> zD7Sj3@gTQK0gaD(ZgzN;neMccsSXX#2D2(sBwE5gKjSyht>@Wfib}_Tx zdJfm_`gnM)dMy2vP$3?*gNC|k4ki*#XFp?B>)@6$+0NEmiLhWW)gb$$Pa(}1u=`0d;9XU%Jf29xhgt{m_%{pll)FtxrI zgB2AHLS#1Mhq^0CO^&`BA6}#+kNFmrV2ZwKH2eQ5jI5kS0X=^hAhUs31BWS-5y1fU z*o46h4=M54XkLFFd#|}NK9Nwr-yyqQfwxe;jAH2>`tkaXk)%*kIklI!*6wfmE(ZnV zewQT;Lyf&x11nCkMQuWFdbGAB^Uu0aY_#@sFGH=Ff_|%)3v=86F?i{1gl5l#pSp_! z?=H7CVm>@428i=994XuTg0gFeN!!`N23xR86wDhZRo1GMu-h?ci*2rfoz5STg^TWY zHEQ2dC-sJK61#tc2u70SR{!d{-~Eh{EJC`L=5B5KGa}lXJF3wPG7r?~WAmD$6FjeK zsFkdOvOR>2h$q!$ZK7ohoN1mh|E^FT7G*Z5dRn75-JKTMp)L^gOd#p;9gb=L8EdCa z31HUHwsG3Ox*^UWrW^I^oj5}wGlPidw2YMuuQ*ZGm;-UoQPHj94g2&bGqKURiu`5V zLZMNDbV=$%Z!#SQje_oE+sE4FsyjnE%yKq*$%)A8GqXZMGn&V8!jc*F1e316B2*Hd zW#hTO>Ixxgr9qgEj*hGg_#CXI7mHM?I!$E=Hb8MxN$_Ys}O4nM&hgl|r24ugmt=>vlht4L0!CCLN{Ge-l8kH(c$`~!`{QW9=esmF5#{HZ zmw16A`lPX~7d9e_Y=td;eb@5i&ZkOHf{kC~J@am$R6rPL5qUN0z8@_!DqxnF$0j57 zc>||(bkw6#!-mYPk6dy5`u%tFtf@I#Wtnupm+E=EdOFV>`0JhuOjKxKAsdt(NL!}8 zx`Npvmm15FJ^T3?a$QY_@NRf)Ua~InNv7tD04BkYz^-w@?Q$lYd~;DK&3KT~0IC0&X=f$Ex?#S=|@nHLG<-e9*E$krvBq z!F^n@{26&0ZUr!3871oHM_wXAIT{`kGy!VoCB-wK5#6N2{uXa=7_+rN?a!6F2o>CX zlqh5M;2O!rVE{rl2f$MR-H11PCLA_7F|gH`!N~|rmSt#j!-4TN3XW1`qHz6rZ~X4N z1X0V?49uN381+wV*+g?*_(q&Y7NbbA{iDC&B2_*iZ(n;sm@7H;HSa)v_AsQ2hBt3O zgjJ$S(PYqIaA3{jY*2m1WRTxk8Rs&nu>ww5g`U$=Z?JeXPgw8=19PYIga~$$iBtcb zD!mi`FeBVlm%ij`+)UL|W`6q{EmDIIW2Dt^Pik5q^!B!Nl?zn>+gHoAHjA5AVBvE# zS5I*y+n_h^}Iq>yeURfcgG-@0ueLUZd3 zy3S(xddk@`+*LKaZGMOe*QWIRa!(aH`Dx_2C9=8+zy)h795V;|Lps#)PUn1d-c$YA z-n&U{3;U<@?%263)V`)n-t$YkCk-9N3ebDdHG2%r#w3j0l>1~$+QIcUK!eG;Oi^ZG zO5>~6r!pn`+fF14`umuWTO4$j>>XD?X{Xe|ycTmVB zYtkd3iZgoW%H*T{<6bJ#=rp<_+D*m&SV_!O@LK-L!`|8Yj>T^IOc8LD`G7jdoAux~ zlmQ}16g&FjxAh6Fm?7YtP#0%N#YZIhnwoGZeu^IAcNXQk)Ud#{zy-I~&`Ab||4UUdBnKSjVAu_)a=*{@F#snv|U zr>T&=nY8<~3zEdo7=|(5tRvzB(R_PJ;hU*}RAD-rnQiRSK(CUCS4K8q6p!XnLxZY! zB~6-l#AV7SsCtcozg!T=_&!vjeb)Xjxmv(v2k5_YK6cNP629L#ZJ4Q&!*&3R)IHVx zvA+^%AV~j~Q?JvZSscp-^n4mVD>E+NvuvQ)3xotEIu+QWqW;#vpAH;*l2jnSRdu~=45 zN;|x(02z&GRQT9$@{ACHRa!j)VH0_UcPP0&lIqZIKxeCl-XvPe|I^7KOVuBFvj0O2 zgzMzXV}6@&(u8sP(5n59WpuItSP|uiT)7fj@sC{4NuUjr2KrZ3ewhpY;jsR%ovxE7 z{P%3_IsRLM{fFB5mx})%joaVu0RQ~A|BXgTm)ZOu2Jio49s6q*|0Q4VVu;U&6Xz&( zW98N``yc%uP`m|uA1WaPjuMP;SToZ@)xqM6ymI&ZYG-$b% z%Xuc!)MxD@H7`UCVtq{PA}L&(`91*w%YQjv107@d_xrf?r(mrkSTqd7k-lZ)uH-ba z=*r-QZ7bbRGg7)}4%ZB>KLP%pSXIQ_`2@%ypL425I=TUj`H^dn2wX)TgLgJ_I&<8odgeE0dx&dJ%FlrJO~$ zlx9)(O#VDcr(dQC_rVb6`Zb$;HI_jAC(VL79BJ{=`_sX_-*)YdE z*YbN2V$xl?Gc;wMf>}=@L~D22X>jna=RTb~tuyVP<>Vu_pmiVuvWB%W;X^{@ANr5VN%C|u3{ehP zY9{*Vw?w_q;+^JfW-WTJ)ojELHIlBy*)1Gl%;o0f<&-YcnA#@aq_e5`=-OyX>!uY| z@+DW2IQ+rMJ^>oa=9%ud^_g<8*EVau7)@NBkBPR5VqJyZ6cJj;e1dgve0kM?B7jP9 zAV~U0QO}3qIh*vm3$!v`TVO?Plmm!CL+!P-TDdVV_j8l1x#l5(=GLrooKKM5A+ZCG zj5EY1Mn2`IhQ6s_qT?SdO(hjD;CBs&!Pd@JSuAzX2D^&}1~V5`XEUcSvy?`e{Ljx{ z4SE_m_1T-@=QBh*L2f%Or{3zJcbvzMwh4Gn-Z{^@29=eCN;b9koN7FA7EqKg6kCT* zNhas#&O?8^l>$0u6lV@NQzP;$;r1;Pum0H&BmqZouuJE?gWEjx01XW`S#37iK!`%u z0YcoB)bkyrp*85Vl{EEuXEgz>;+RZ$dw7;y{!1o!sq?8;+l0P!SsK~Si z{Yaqh0%6bYAQ_RJKUC5A&wes-a64g(p0Fqyz*3_~86j6iHeD`r(Zs*^v7)o{?wb14 zRufh_H>FWd?G+-vs0$O#(x^qmlN^r>3{?OEQzf|+SwO%vOiD~Pb_nwSdyPFe1UfgU zl8FdyG#17jWL~V_9bsk>jjn2FGJJia)|-ZO6|;xxEQo;T?h6sVi&6Pla{tS=j%5!N zV%apCU|p3%kvK(azi9Jm$J1P2=iH{{jLkO7V7Sr=@;963S3oXs%)l{SM3HhG-Ky)kG#%t`S+3f17NAupJn%dz+>f4f4l#= z`6mA#5caaE=VgDpG+MxzNxQ;wxUgzQ0ERp7Vu!C20~9eaTU&?VD9Yri&G{@dJJ@sC zzo9tr2gTRadvbB?$%3w%r6ygt^CeNT;1Zf>V> zlQ_S6zAG8cw2A1a1D7UTLdRR+a-Q{*-uH}L#ABZuEx#z&kBMwZ8K^8 zkx8Ce3{tj%4o2Kdbmd=&1d@u`y=U_gdV79l9QOv2MZ9+j2~&J*zXrT9;RI!~{v}!^ zbs4V#zZe?jDJ$M5RKpXVgX6C|r7)I>;(N4ZRx~~7As;Q9L6t{Zl3Lxc8Y!qzbHtr2 zb!~|e3YP=o0C=~Nxw$!DQSYUlCezLo=Yq*6fy8NQ;C?TZGkd%V_)pfs8iH}JyX zV89;$gf<+TaSQEC#W$;ta);<+i zFAe%rQ?tL$Nf)Rh1VFWgit_xv?!>8fqvSE40MWpFzVv~KZcKBI7_e1lNIosA<|;Jo zh+?*=-@mFL*{Z_lI$OBqVl_N4voTrKo5)vOT->Wg5&u=IM4+_&2SlS#y8M}Rl4m_WO!_tRA zZQ${gVot^A5LVg^j z>1lgc5w7(YoB>pKR->xuOx`>OJ`c_$35$Q2{aCF`pq8-hu4-L?)J35lA3E5VE{P{l zc#YQo_YLkqbrsyBVp_dS^I(tZkNPYpM{{F7bXb|B%>cet4i);f=Axz#ny+QC3TY$R zmR6;i+*2_RZJJ^L>8b8yWCd%ZVwj=#qzYVgx}lWHYC`&+xHoNPM5e8uqWt1eV$sFh z9}m*)dz^+x_%ojA0DSD`VXhwe0{TQ3P@CX*-lfb1(47conB5TM5@HQL*LsgTKLOCz zx@=SFam=Z7VYuS7n}yeFkL<5;Tmm%dBx4GR6_Ihj-aZpJ3QIXMyl)kzOivZYcu2R( zR)Kf4-0bNxiPZq$YV(MNOlMPx4d{r(in76*CQP%{xM4(+f2rX7T!v)~n3pc9Zk z{@quG?wMo*AAbD8*!VprQdeIJL+*T1E*^aOIyLgXhToiWa|W#*RYmoOR-KmFHUS?D zyB_{a`kj);jZu32t=L$IuwhOgZ{nHJ{`_w<9TOsiw1 zrh)t95%SsZX2acAwcwoPlZ%IaX1tH(1An3%do!HzOpNQL|p!_2_fd<7o^8o}M*L&?xx6+jq|~ zE5%~w341+%i2HHt2lc?q!;M>cg3xhT4&T}})T5(kjMN@dQlcCtT|8U3=DgdkO$(zc z%Ai~NzRp|2*}0*d`mOH{Ab+qt?lCI%!7ACo>Mv}L&SE@IhgCRv<8T_-XPQjvunySQ zz5sZ8C~_s%h2Zc;U~*mog&=P$raFh4NJr}ZSF&P8;}MD0j@$mJk+eO*!+TpQo~6FgG)Y|VR$QI6l;6lYn!<3XY{E%MlJg`Q?{Zj#IJEy`+%>`i%Cpy zbO+cu5(1wB*i5U+RrC89;$^Rv3wEW-n1T&+$EJI~KAwpUiki|+u?yUh8zG;4q)pNj zn~O+*`f6JuZ**jsCZm5=$g+o;tdSQj{8ZOQZ(K}N%zCFY1AsD}lJ)I-_AGx-5gU{! z_?cMCV~AvFeC4rJTT$Ww*!!^xVU?7+|K%P($pnab{i@5@TM^*%PYVVV&%~Z)rwlJC zIXyke4yqdY<`1YSG7mA2MCZU^I}ESa9h=i3Kp)ci_rxFu-&FVYpsFEBKO!HCmtJAZ za;~EG=c{^c#XfpI;nj;XkCjMIo{1|Rt)Zw$`0}gjSoKpNBXPIjK+~K>)3zSAt`T=ZhvpQ*!t2GMJBI+`FX`N_VKU)^@lR;Vbq8Ng>Bh45p#Xj!% zQ14{xp^fhH5t&6pn1L=q6{)(JoMAZW*=Sx5sVlCp2u`>XaZ zUT8>z z$+E7^KH;&s)@N*70A&i4ASP_tsm*lKlLJp{ghi z!Le6>(hms3k6)wdg^?hs&{TUW9(qt)L(yWkoa{PueJnA&*JCdCs8GQHBo%k~1k3At zti7M}T*aTuet-dv+aoEvgO5FLpxqijUcko>1zjvCyhl0grY|*@(_mR-o)?S_e=jMJLS!CL!)@!4k4ZlX>Cth(!Hg;UaKVz4UsVB-B zo>PF_DXsB%MrpVfYwnk${X}78Y#B+U_QNp!VW6(wUdFZ>M+Flxx*8&>^zDs06MNr- zSw9gM=e4I(wNI2W_95z^V%d8A>P6?r4vTn)=)0v%MZ5MLGlD|A z^c6Tu7G)cf%1$(c{(kCn;>fmzs^&t*xUwQ6<*fUoIYlY@a7_|^Hr&kpmX523XFJ|tVj*K-k!3lv7RX<2JSXXr&DvqlZ(%~^}xj5$64r#}DnGP_Z zYBvph9D3V&5t=>>UMJDCwz~G~cpPBIi_`_z&V^C`6V(Mc1x$cEE7*0^mZOYG z{6L!SxqZz6p|Wq_>vRIYR%BLOu09(e5a(m$pL+8;2Cbq>slM?ue{>eA>oI^CbDpEJ znqQ4&rDO4@UG1}n(6-!7zAAZl&iGUo*VgNRGFutQJkKR|Xv(76+N;0HtsUv8^lxbD zsQB6{2Yq?B2(OEYaO{~%zi8JMVwx!sAkO8`Zmx>1&V))$mnr**UhJ(A=l|$*<-s{U za+l(CH5MWcWQuT&9)DmisNX&C2IWI{Cy+Oqo1q8Lnt-L>IF#P@wLBU4Fj>xq{vlUl z0R)JU@%xjj;w<6|cV&#NVlQJ|;~dd}xbp?-cMtB%l>w6+P*h`AloniP>fCW~%d28y zVwZ`GRdK!P(pAYA0DBJZcvTpe6MqUUy2A<>g z2)7=&E_0gpn}waMlG$qQwZK#O&x^7bj{3AT;S~dy6pZ(1UGfl9RA4AhoJ7)RyRIRQXMd*M=8f$a2RZKSr{y64!3c4_CUJ3A0KYiW3KsPknZ8&GnM|tZJnil`;9utp z_rfhQh{EA2$$Dq(2ayVoR<&;rG~WS^1@X?fAhb&UV-qe`Tau!;*sFX?m)l^TdcjcxLih=C!e&E2%7z`EO_u8Qj9{mV_M5MZER#cV z4m#7e6TGqgR97L$JTwjv{LC(ns(cO*iiow0Y&IeD-Tp?E{zfT9tnSus$HmF=QqkF* znbL*U&j*>ES`i@+5=dA!pi?@QHADbrDDcI3Z3KAqCc92cNWA|_Vx_lw%$1KIU`~D- z;rE-bQsqkcBvVCZyGV-9r_GAjqXOR%$wsW+3xvy-zMddJK3?p~R^7 z@-+%;4@PvBdQ)LQ;;MJ;N}qjukAkheLq^mj)r{%TKe_iM#%O-o8s`5Kd)NOZ^e_=o zC9Mc>kllw~VW@ecFYWf+9#GA}w7~Qj12qJ46H&5Cn-uHyFSYDd}3G zbc1w@x@Zuj8(f4S-7V~EaSI0C&->r+-oIymdHmo9xVWw}=A4;hX3k?yf)M2B34=hr zmqlm|RQ%#eq@k3?#gxVeH%n@Z0)zO3kakgar43*k(F|A+zH;-pzcG@bi{=9tDV2{Z zYvHzP6X=9`OXjKBR)urT)~ap?@R~KpC4IrCRjGe|L1od4$t4eXAk5tuQda!O3rdBW z7J+N`07VM&mzS>}j~E#(5X2WMLPnNS0dgL6fXV<#Q*b;CfRRuY13NwP*I6K=&GNua zM*M$<_5|;(TW{8DLk9$Kp9r$VFB;`f2r%@Fzw>k=F828ni%bYGUVwJXBbUdBO!?8Z zx%oIGIjQ~bgs=M&;b5#q^;%1-y{VyE`8LHb`~a-iT}=5tAQqV0$i{{5nF+iGDq{%T z8kOzOH86r<+DOg>_4I87=0;tRmFq_7yQ5#ooTKk3#t99t@O_fy-uG<}IrtXQBz&_6>x<{L0V zZ*a#O$P-ryfQOCZJh=dKa<Zk@D*{@Q{NE)VQziZNMvKiOmQ||f zTSvK5!oKytqi55N{JLD3@%5J0cl@p_3=j`h!`Irw{v)?$y6A(Bqg~NQoct$S)ffzC z8lFrPCm_0ArxxsApm-%IP3cXt1gBnbTjpVEIMkghUZs{i#vD2>y%}ywuGy@4)m$IE496}YFbjX2tgJf2jcatE9w>djqD)c zTx5(hC3q1Ynn4#h$8AuT|B{h57&c;fUw?`!REaD}>YUO|wgS=@A4w=}^w@G%CrFhv zJAA%hVm4nP&@Y)>q|YMZVJOKu!zuxdHC(M}Fg4HFd4quAwgZM#wAk8} z$aQ%`B07c;g95w9249n8qcoO)$b406k>9+gwq~@tM^N34j_%%cPPam<;@t#1ucXn8 zFQxGrS;I5tS{ELZa73l4G7juArWQ8;IMLAp_GHS`e(RS|au^>g_|aslDPIZBc*$6R zWA$Z1itA!NHrw6H#&L`k@;<8OA9M?))E2JIC~ERp=vZjUD6d4_`2sP)^8~X3>Q2WA ze38F#0sZ<+n74Ke_KR73)fo$;Oo99^qt(x(k~?Ovyp@^dTbZ1tGA!z%EqdpBtke{= zG4maKy(6W%J5#UV^)lGrO63v#9v5U!pH1>WHk%ownGB1~v^ZUKPCje~1i?gkipP{D z$+QnuD7}^a17HGa{u6I|9x~lhUEdrH8^2r~M);O4McZ*o^Ly8OfDFsp?7Hz&Gbh01 z6LIWL@^(gdVbD@^8DowJXR-x*8MS=VxuaacLLJMN?hND)T+t;UH4hK6Z^U8isjUvF zyev2E&6(PcgXLKCFc#KZNnBVJ#j;Tj8W6EuvvaWeeLr+`N zXBNf|N?HKfKJQdZVCyzX(t2IAndC$qVV`ry0-;pz=S4e0h@enz7D&~9GDP&9ID61_ z1-g(|a=&P$VClP09$AvjWYvcfL5z=x!}gT#SJI@f zkE%;04oeKnvoK7>;oF@LzBXy%rBmJ?ON=b)Z%4aH?P40e3@=Czikji84*zUGa!B{Z z5X>}Vr5W6O6_#zSKm8sk{8YUYtV8VlqHh|~!p-%r%Zj&(O6#e2y?MB?UFFACgMCf| zbCQyZ9sF)BR!KVd>}Y;!(93iGXqR1evtT$eiVNb^%S%l+|Ap_Yk3gshsL6Op9E!z7 z`{^1e5aUEOLAMbO9QdMihfZSxP!w0d?o2|YU%h>e21R)Z*vNl&6&v9At%xbRdtUSz zoLCRF!*T|4h@CsL>E1hUp}+mke1?bF_OJ+`ow*ZKK{xTc9o?TS;vG&G0D&Z%YBV04qFL|_96a+XEfo(y*{2`L^ z{-NOE;dU)r$AUM%_ZLI2wVYXFQQZ(+@um^{>9K1gtkZ|)%PF5NPn?pPmyPzBaM$@y ze7NG5QW;&#xXV=CMSaswYT1V_t-D|+3?c}~fl76?HEVP0#4Rrjr5|KIAmG=QSAi3= zBPnx<$|Ry1IR|=%QwM_dK1G}N{_yy(PsG{epl{`2d_pqrA@dBtEABNQuKTFw%8#+y zf(L<$^W!S|q4VpSQH|?RO0R1|MQ{cIAeEmyHLAY!ItCVaTHO6X2)N4wcuLSPX9Y54 zCuBDMn4|PBKL;|!VpaDjn!#j%yCu3N0;{%&Dk0qUnb{klpk)3>e&$j zREX1h?d8Truk<}QGvPB6-;8 z47M1$u_+v)Cl#n9BusTf)IhTVv@<;$;bOna%s%GY;KLu1<=m|4Ru~p?NZoYfh25Ti z%QGqeNB`LNp3(*CnTx4mW+ST)H4EM@v;1!1U*NW=pAHwvpmn^^z;Foy(l5*=RDJGr zB}<$CGKRW`|3(ib+0tKc8k+~13u2Oa z=hd5CBnp$(@WZ$k?#erY@3YX>6f1g5F^G0rYo?7l5okH?1KN=dN1Txc*jX@a;gs(7 z3Gl&rNFXhBS%Y-a;uN`9{f3%kUXGMe=8Goaf+P?FO5LB|Q&4C{*Pw>J$-)zS-Sm*o z>e-C+$kh^)`YQ@iE3};s58+9Bnq|~p=3XUMMqeP7e#KdpLYEQ)fnzlRDLg$d7uIDd zfHZLOZt?86)Kq4tN0-gDQ~@$kPHvo}F1wEr0JF^;z~hcDUD`n#db;zQNoRBC1B0K?tSJ!gY&B=nzFfDF0s;su; zG$JzmeU#MItpdqp0b^q!k=Iu4kxx~^Pd3;q8bk9UD{*+5`HPdw9W6X@ViwmjK>kmt z%ZrinuRU$1ayCF z(;Sd5Y2nt`eIZ%kB$0(W{`%pu?gtuS)pEbWAC7tWjeY64{FXMmy(F&qAk*m=kM-zf z;4Dx;pWR7o@*}4EbWQvrcjTGnY(Pw@-WLTZ+Y=7}4R|tMq%s9g5-~KKJ+{C1Y1t+O zd}&(d=dvLa%YRW2$O5G|tbb7)$c!ypjLc1JG%BAt)t@I8xJ>ldp97be{`vkhTye*r z<2soYG4%JJ%YIsf4`PC13*?G`-n>|(ya29Q@ec+xKk&B^`{^T6pB8(@^uh-oUz|fj z>Ru$Ky!2hqEPnmwsj@&~R||&nlVg^$MFB0!=CD5~PuO%~v%%a5 zjvwSRF~h9<_<`!udIUUgSZg5lYYL>qZTWHBEcs{tta~~Ih0~h%GV-$>Vd(pykOKkm1XC3`n@a@pjI^`5|lsD70f4nh9>yUR6b&=vP>--K?7~RB;>&fQEi1$dAUc<&g9^|AC_x`D)4bGlATST>)Yg0=Oc&Xs7b2lmlE`SWk@o!n zj^Y_f7K}lhjDO(ZEn(1XFsy%({W^t#=skw(3T-s}kD!yU_5Hq(1@xC>bkhj+)^Lry zx|c;3ozc;;#^ZlEr_>SjSpHN3gM0RD!I|{w2JYdP@(DVB41;f#a0@I=&lB5Z+-(laTg#UCBGvIy_-m*T z5b*bS&c9?=H%TCdoyXs@6o;XbvNEC|nBCjVKBHC4=*l{vv=dpNndzStl?xEG)13(T zTB;WMX|D+_2cE7`KTkrj>rFkpm{T>7LZ9Ycg zUHr7G3YSn?GDM_H+wa3>h9=VB7o%|dWlFEfyu2kmiA5*xw7L2ym0FEwei_n)y)K*A zji{6PL{85?5$WkGJh4?Ap+U_inYmz|#+M#NUz(lrBFt{0s9m*$e$$d1blvyo*}gLl zHHOfep>8$QsrY9IVEccRV)MYk67$bjB@Sb{WsVO0G9B3UOetHp134;Lb|pk_MJ1fc zO6{>>p<>nXhWUpjx0z>LW04p^)jcxr=hcSuZdVOp}qlxmU^#mDj zk7{^jDK-cf|3nw@s|Nu01+Il_)YizM*E`UfiPQ0fa^R>b6Xw;Qi@Mwb#i;qFEHT+= zVnH~M8pi)hLba5tzKxjM8Zyg+9mbCJ#20h|L6JH=6L0s?$jlswx3jgAKmM zxcGz_nl<6B%UX{hP-Xg*qYbn>V>8=d%zCgq$jBEQ^AT9oqB@kDUSY?z_v%v*Z_z^o zWhkDWdfDV&fTr3;qpXIBU{w+?GPrb~R{SQ=C*amC*NZibPUo4^_%QB=gCnNq(U1$5hAk!ukkBcO>BuXJln*?emR4UP?xH)9_*9Z^!Daj9aFjw<4FD>U>hRH=NVZQZ# z661rx;l^40FOUbAUt>Xi_wDC^eodz~;=~i15+GOhhvGqvbCl_TOK;BG8^QCs zHZ$iyLlHl9&QK+e*_-}H3N~DaBRPlFR)^NCcm{4R>AXV`R=Oq<4~~MZ4@Z>0?Z$&X3LwVqLh+8(5+Q- zJsl(T6J1qcwGaptd+IO&N@^dnwJ>O$-lEF$O!|UK?7=3VAy5V&_u%HJKrsPu)Y9Rr zdE4)GGKz#3d)D&K7YKCvYFk9fYlzFF^s&~Y$qV6t#GFn~;=7&}+du6;M#?@e)JHeZ zku5&BrmywItxDXPnKDy*n<9kje4uW>yeP$$WrV2VB;S~(cP&h0iIHA9wn@1;zpt-FOc zrw3Y7ro`XRfPk?4iSq`SP7&BMYyrmJDcPhOS(!NLUE`0n0;iwy63W)E#s*|K%-R@( zBPpb|8t`MlH|)R|&EY$(#YANl4w0fm))iJ*gl<+P;e-kyx03mMKW;I*6I^&B;dy~4 z_3jH6lQ(a&5dDoMbe$PbHm)?We+?axglbqMd}6{Iq1zx;UE z`HQ!-ISEl$QYPP$&iDcW4AdnBX=66Mmxj8&cgU5mkvB+14o0a|Cz_bbz;3Oq(RQ&i z*;>3*ntL;sLlW7h8+U#e(08N`;MM0mj$since?a!?~hedraek-^8DTEZgXh{Bp{H| zsm-=axw?(G1~h?uU4z$^5`1u6Zm?kM;!Y zPFe!ft^0CHK6QS@3wM}{;)3+_2}SLB zi%RYbYXN5zQVP&_Z57Xk3*X&X&9s51F5qj;MmZ(Ts3T)>bLZ|Sw9oS7!JM?E#Xbb8 zeIKn^bf5HC)f2`K4(li4Fq8;NS@lOHD+M#PlzhzgH)~6>0g9y+Vg{{@dBv#y`7o?RRZAdzJXY6?_}3nJyS9(YUTVmi!%3j&1!$GgJ2MZaf6 zd9jAaUmxpFO!^N9Ou;!0()|mR{HN6r5PSL0Y|;PE<;ryg19i)dn>l4%N=SCbws%yq z$H_{;d-$a3isrW8N1e{yQ^Y&<9s$aPV++|o0|D;pSI*bCI*DJxe0KAizORdyr?XLC zav@yJe-dD=TgZ{P1OUN^Pwyp z*tbXtLj#uS(&H(Z9R^Dr4uDSdGzy7n?rx*|mdxqyd~Mc@S#plhZk-i*?IvbnPXoPb z?5i`VVVll8{`1SFj{rUuV@-sAZlmV7b#cBTmC<>4Zn^L>e@0#K=v*2@MD|5ckHk+s zf()o2!!g)UWAT~KQW=t>eSF=_>LGzo;!2%9@}qj^K6x7V+$wOcBQ!V0kct-_Mc8S6 zbW@-0-|6#MF=sO4F7B4!9Q&%6 z+@o1-W&$LI>D#V>xPNN06WK)~>w%>UL?vi6Ce$-8pD#@A2-;mzgSh^VKtW4*JeK)tPA_JD~Jmsp*?|qb}77z zaCB-=?B>`bo%?-?%fe*7M39U&TUk!c*~{?DgoQD;RW%-XINgk3BBD6Q9qdXQ(uRnc z|L8`zype~WDG0^QdC>VFuZ%9k^#RI7YIr!K2D^I2NPWCpLAhm`5lXXeEJpteGVzye zdj6Q|nQ(vhfh%D;#mS|M+V)^CbiZQqc_%y&_s;;&Z$S*qRJ_MTX0ko0jdYC(jX2;9 zb;7-f)ORb?#4SGeamCg-LZ$$Y_ai(G$D}wG@uZaGH-l6R@q~mlNzmm;|SHkiRre)4nG~oC4aMelc6^lVirP`{Lm9w$$ zV$>2}BtP3NjGowDkwAG!%EE0OEzm>QPyg`F2$btVO9V2z+a7T}fcDv|Oj&tUT<8_v z9o10i{$vIbL^H?+pM{=-Dmsek)&+Ij7ubP0Nsk+(b?7neh^t!~A8h4>tj9x`<@=d9 zzH)|4x$Qx!0TPfq7=&8!4$jPJGIL}63xE+0pTobTu%&EMCaP7RklUdCT;gcTP@9$5N5+z3%<;dC*7?`ipe^gDQ z9Vu81M~_)xwpE>tHs>YbzD0)94cVfyDj=sM@H^Be&dq36l$j0Xil%VQDEsCUb z;PVoI5D?>mP?w=>fa-TvHz}Ub5l7Q{X|mvm*a0`#_>`KSfB(}0Ku-TK0x5lfzXWS0 zeo})6So-KN2zZD$1_vhv46|!*q_HCpB3vNR%K1RZ**T3wz5O!l@ z3=D68lFUzH@2};H0 zB`gz~-fKF68?INJ*Y}G2K%3Tw+dzK?2S?u##YXFrb3!|Z`j_vGijb{*{?1$d^5XQF zsBt@>ov^r!+jkJ>XRhy85{|>iqlJzc>)fkh+d?1pwHlnM^}~28tt# zbVDPu0LgJ;wyLQ@YLJCU2|p}RydN2-Zg}G)p06p-`eNHp-aqQ%zG0ieVAOdriJv&? zBr^(l0Y>-@?yK8*;vpD=MUG(WOpIw#^pRG6*oHLEYm$8kwdf?Sv9VKrJV$pacS%5H znEOQ_=S_TytdDP>0l5r2VeE8Rc;~nI%Uqv4-v{J6Za-Dt5Z?l;%>+&!zBhlUxkFKP ze(>cyPvJJK++;H<&cK4+!JOI*#qtnBFufSd%upd;Xp*m%Cz8gfqvFf`IcG@_)+20e zi^W;j(B=#l(9eJ5r1nun4jqW!|HNLWQrM4xOsEQqHEuhF#+7=#Z(W|SAsno#6XCf} zl=)Vq-aLgLR=zJzSJ5;^jKYJ*k5)U-vlnd@VOc3?P*6NoPGXT%$D`!{Hg|8JQF{}e z7zXbo4T_Q%Zso@K)nuM{-+3K~2q!RO^?*QdQ@CxdJ|A)NBZourg@7=iE3sXcxRCoB zNN05+Wjhr7453AHyHmAPO(fJWdS zX^;!Qv>>!Yj+?6&Az5#cs(F1V)xUvW+kt|K-K`aTsST2dL|bU(1JJ*@N`v6C$KIFcZ*&`6bp* z@h|xXCKFxzd>@M*O@I=JbPpo}AB2segBq^?@=Q67Sx17fQx>Kc*EJ8Q#u82{h};ip zrshCU6ppW_#?vD+auV6(+OCzgY#+1%!fdxq{D8C6gtPHo(U7@y zTXvre9gRv1mhk-jY{?|*CP1?U!ZT5Trg|~Iq^|(WN9OSPRwlg+{)5g-dk~>U{A#p( z)9%8G-ro70y-2s2&?|ELs4xEl9ZS5(l(U*MTgNULiBD+Pjk2RBCsi69BoKRNl6sR3 zQcZhLSW}L<%XY-x^hOhr_cYY~?`AjEKNKfnE~F za|1|!mU#e~ug>Vbf?Y<0M_H?}5Yh1g5lQY?DZ^<(<)-Z#Mp6%+kb0YCEMcEFhU z!_`{^Vc^hfxD}u4-vS}xs%_qgrqRCgK zfX+3x;KP0MY5=k?N}m~5g*9-PIQ&jm;@@)k>h8htg8aURTI8f(#+pO@nU4}1#qwGD znD+baMs8m^^439>{fpud-iL%qKhQ~3o%W{MkRb=F6OiYA@4%|*90N_C(HFrz6SiRY zt%U-O2N`j<5(Nb2=5zqYPKM(WuHOP%f5~Ud)9ypa8W=J_xA{EOQJ^)=wKMe~{9O+>5!dR5 zd#r4(WKqI-sDhVER2U^GDc2WnWx+eIiWdUiAEag>iZ7Td%sd^DQ~7+6Nw?XJEI8IF zdp&As;4iPt2!uDk7+?q_#~(u%AU(U{K*YA&q#*&`IjY*MVk$9nMpiw{iyIK!uL}^6 zg;q!Hfp|`zKV<rTA;|ER=e?L_6neBo+G&FVJEMN@&1qI} z6JXO6k9Mw!#>toY0;#)(di25Cl5lRn*4dFRd^c4j@~(^q*8Asxq750&wr(^9dN&C_ zWeU8viQOJp*$ViLlOB4%pYWjRuA3-`nNz%^{}gbJV1nb4`?TVbNdD7K6^B5x_7 z93q8+o&LzQ(7M72Y%!0#p~0_pWH35lQ9_al&-`{NjpJ!ePY?O!mjwSMpfd&{DhcR# zlZiBzz2A+NK%qFR&un;re#Yo1lg4DSUnByxR5NI4N z99HICEo}ON*&Wqvi?D~j4e!P%+`lG8V?rna>R;rD6OniRGai5d_KpkuPPb*`Ega}r z$mu-7aPO&2WZK6OAA;w}h?tB46F(oV=lc+k$wZ*;Vk;_x+XiSi<>GIZYdWb95_ZmsGzsz_Vf`Zk!LwI(%8@ zm$V0^oy&L1d>1;`b+_QdTo^@fi;a7Al~Kxj6Sc8+&UmiKjegcDXpJfT`arHMm2Egy zvoOGU@)Iugi~zEZ1lK^K)1Tdms6EStPu?L|T;{!(Q0~i(Fh(KbICng6*plzgeRQ?* zWjxeX3xPW~Rb>3K6aT2iaf2H&A%^3yKrk`x}044Pjg z2>OJ(XcACnM*HlMabd<31w`hvDC&dlxBZI4u-k>+BL-`-OT>@cub+ljPb@5jIc0Et zNRd8-j4sP%=&0&l2`c&lWTeR&2sX+2?BCyDr)A0PCkHr_RjL=A zwU;fE8kr-4?5vQmf*$vF?Zq3#4%uq9TVt-$ha3m8kY zMpxy^Z59Bfzu`KI!T4q&)n9JcmzxerHCueFFE?MczNX@Sp@D9n>K${PRF}D$qa0l- zSp|DN;ri%PDqT*(ckVQh33H7Iz0qFg3O7wFTOzgZM=&(F@rxIOKlW}O-IwPx_;52 z(6V*jK;yhPStW27smc(Xvye$NdPtHHp;0@Q<#!N$*Ea8V7!TQFyOZ(dI=GX!XBysh ze|NB*C$jj#&%U7bP_wBUYvw@5TU`#WOZbsdXt)+)w-CF`<<4qA|NE#JU%TMUeBa;h z&P5Y)eJ}5hHDg*knl_t=z|5*q!J5&k|9wK!1cuP{UL8Zv@0tUFW*dRP^{@ zt6QJS$vF?cRW35^&*6mI97T<`dEGLdhF!DNpB_E-+b$GiDqA=}e7#_Mgv zI!8|W7rRi(42K-t%a2xGE@qDes)$(D=NLG6)K{Y>Sdh=3x8In-e!Z?w@($6;x!TZY z*tDmmJ<23(QdX;X2r}B@9k2X-ITAhggkc>b`wJ$`a?WWg!p=BmLS+d@rn|N!&sB0& zmTZp8&GYXW5JYlMCUuY2GXGZ$^{$_FOtLDM+)cDo*Pmfp)zudO@x)0s1J^Yx? zKul4^O&#|8$Z|a<<{`>au=RPR!YtJI;bz1Q(Ka&#T+ZIBt5(E$9M*`_!A}9xdAb-* znL{B+`IgLeFScwuef_Zfl{MzR+G;{~d`Mh@gFj?KOL`Jo#_+DI*%)hPXBbSryWz~_ z?Vj9?#o!*P6*(l*yyg2D0&0&^Qou^5z>*>o&V;*U0rTv^1uF&0gQ%bX_m! zdiic;_e-z&#tQAcO}oRuvtA>bdFDxpuQZe{Ul(Y-+!7ri78kyGLmSgjCYn+&Dt=|> zcNhHzpWamg_d>93jNKNPySYSn^#$CJU!R#J1$#qzU^0IZ8m@SScKdmyo3A;|%EA}< z9SqdM5Sk*vhOebN9F1tQQQ^>Gf{o5C2M-s~c@`&SQTxM;RjctO_J*vN0`U4zqt(Oq z8(JyR&s84yB35W|B4Lw$MI&6IW=r3eyZmj|B(NCvLwH2`D3qW4zUqkwH11$3dE~bX zMbz4r>(lJFzIxzg@pxg4k0*jvv74DLJx2LKG)RU0TZ>@ft1CM znYj6lTJPzWeE4cbR_Y(7fyLkne)ptzd+J`dz(f!$G&jL%a$&ivC?DPlp}4A0=!c@p z26Syy7A6TUj#Tj=Z@)9g+mXxHOoL^{c8w|8dEIs0Zf35>wbGs$eX@Dmp>5969eg=N zFyFdJnv-9Iobt5=|JnwZjiIL=1@Ei-#nnNJ?s~Pafm%TKW^WhEO{D>m4q8vDRt zzSiJ^s?v%2WZZ(hAu6C1O-2NI8#*2;6o!EJS}XD&>;x3h*?_)8p3Z1OfNWOkM)M3G ztSXzGEk92oE5HxsVA$kj#zr{D`g#y+W^1i=zUrGd&XSE25#M$qh}8*$+5S|C?XBq_Ey$crMfS_64+Tu0_8KFY$#zr zLX5~rPNWQx5_QwMb*g3}13?=v3`=xx%cUuaC>Q32F*0lL>soiH*a-_;Fv_ZB^SXmu z1$ArdMn54+Kn5zO)6K7fu6v8|91(l&11&2&)|E<4RgTVw1NEA8-~80UEoBT-E^>V2c5SBn#6}&dG!|_^{FK6Wq1{pR z8UqmCpa(;j-7Z*P_1925gh?vAz0Xh&+_x#3Tw^Dk2z)^}?{-nZb!I z0<1;~Y*n3;q5d#z9@22#=%CKR)FKZH%UcX2?Jk6$Dzobr(@EOh`e&QxA${x!0kSuK zmUk?`n-9TVstX7)b|X198}R&P8+wWE=T4k9%L`j&tt$CgO7x@rWx>17nV-;vdLh~! z2fMwSYnMkRG8?vw1}k-e7RR*jSz1nwt>dx4bqv7IxvUqOXCiu%5wa2mP?VbIzsdE` zi+RYK%LTNLz@X{>;xQ8BV}Pjre?0a-Z~J3;|IgQL7v^VQJHEKJ+z?+DZD=qaR2Ej1 zz0u*l!$JO*=bh~s|GY`?e zy5KO3uJ86PdI*jq_&Z%eB&U}1h48Vm>97IAMRy-~n{sc&x{^pb>I$?~eU~cL=Ms|J z!UQS(^!NUeRKr4O_)zPXS)1}gS6ltpCAYCQ;_~xovuYW8wcO+lm_30{dzoq}0_ zyI(o$WG}|$EP^(u|IjyH_u+EdRh$f@?K{sb`lE@~gFnp`fIOQ|56H1MIu#ALVTS|F z#5Olj5O2-74x~#SberxBmQKe+5Tssuqjcgj{&%>v|92ha|9RUVh~b|FnX)Ho|L#>b zTpKTPX`8PKE_&2jb&w$8w7-ui$ac@0y#2WS)GYomo9vIk&N|S%n^)o!o7?>4?HvU@ z-+C^rWCq0d7Jyzg{UK3AONbj|i|p9L;A9z+_QsI1=u+Fq6ep&*6!}i^8_oHBkhQKP z1n5ZoRKou8B@P6z%m&^!i)_lmE2{R4zB4_xJ~JL0u#CXZWjF&Z>n9riY z3g&1dm-^MBgnwNY-W-fND}Exc|Bn8rW_V#eDk8O&f7mK@uG>W^r_KTi6uk4XTJ{TT}R_qR-^XV2VON8tS!$hrfEB zeGo~>1oD3nFw%{nDPT^Y=GQBdl1!nUQv&eWv6cwE9b-&7(;<3vu!4Zw)PCP;Wv@Nh znG9JTuRTIQDc>C(?gRgpu@5h=@G5F7S1os8Du#1>f^!pgTPhOV{M5|N+TB+CL?hCV z=6DAJZpS1e4mSG@%|9Fh>>6DY-{LSa)Sv7J>JAyh?C2%w}_=EIytef1RE-y?0&P7G&D( iArzCwz~gbSb7XLPm8R1&M-$1#B`2jUnJ0el>Hh)@bJt4% literal 11428 zcmd6NcT`i~wr&vp(G(OARGJN>2vKR$6-1B{BE5y8B7zWVKtK|erlO!!DFH)~CPh&K zfe-`~0SO{ON(dm*5+Kx20)e;V`JMC58{^$^@3?QgH{Kr^N%r1rt-02m>zm*F_Id(^ z7#-j}#tQ<04qP+7VhIB6$p(Qqg1GkpSHycE7lAL1AWI{CPz6z(3jEpYdD;9j2=p$I zZ`*wz@Sn%u*dYi6;%{MpINJP*Z-GE(HLhK`Y<QwH!yjn6&*kc6qPXQ+&Y5$7-MW`vZ=D;eLs5Gk$dQ#N26aq0?z1y4)&x z$>J)qmv}_pA6~lQ>9=P!>QMHEQirbTrCoro54ED<3VdY zAdvk&eF@Nm)Z-)$kUh_T@8=UI3ED!#l9*pZb-x4%^w+u>rg6QbSnDdUsoke4o@4y; zqq{HZWm4C?tcsDVJG!evW;R-q7=Dm_vL`R&#d~ulLN2d#ow+xz2~vN4VN}-1B9^(e z73$-0lsODt?^R%?pC270RBC}hZ#$JokfBGNKNpye*4_sj;Ef0Uiyag!VsWH~nIG9u zF3_-iH&Y8C_UqvRqC80}{+{cNAK^-*&JFO_9$A#v_dV0kTYkOHa(RV8dk+xHJCZNp z@k_`h*eCOg@{N~3ApaZP+i`(1Md&~*FC(N-No+Eb(GC^Rv2zd`@TtM0>n*YMCqDlE z{#k-Mea36}-1C9*dG}qS7Cwv<aYJ&?nX0AHzm9+Ez6 z_+wg9=@>0!YLov8qr7ltEqibe$lt{7AWdWUzRJ*xpu5ibn%0wey>M%@SQi6Df=Xo! zyTKY%vt-KDpr<^+#TEn_yXt(oIL>(O$yqVO$0F^pQvS{0l$y4RNUI>Pi>j?W`Z_P< z4$gxfh=m@;(5=h`-*xp1;qQi}UX5a7mtPd0YB!r$QnPn#H~;)S3VDZtDt#jXS2=D9#1_(2R(muKmNk^tfO7(@%?_K=&g^4ay9f}jMb z$}CzF1X8#R3|S@k|JhHwqqO?@sc!>5q2XhHNvvH+W?f#7{uXdZh!Zqc3bQGea?bIq z!A)PgPxr|lc`U=;XJutP2<%m`5Pss6-nqVl)U%oE_2rV9p8KIO~=# zwbX9?X-cZuN5V*rmv6q^t4yV_c_{_2h@#NJv~N&B)}8Ls@r;z*OCKMRArSZkW&Jei+yanu(! zGnRqZ>?$VNSUW4fv7K10xDAf^JXFz-brQ`)&lDe2^ ztFqlCEd9Luix6p&mBQdEnV#8r_?TfdQ~6c4G6tCvKyL%t*Y!r@>UVhS7GqS`;md;d z&LzFeJ+a|tOsLh)(I0ncf|Uk*&r!RK=H4TG5*-K)ZgenTjM?dwiAtF|gHV@}YsRWU zb=}H6f>MQE&(?IP-JkZSPaQ`zi^`lR%8<#}QYp_2c#2gwj(Q4pHEF)O!4tlTP6yjz zWC`uZXq#_8w&o%-9|eoaP$9O5jgq~GsNz;E>+hScb~%YsvhX4q>gvj1hUU`T@FicN z6XoOSrlSTve4sNSPoa8q>w@Nndr}YG*t}mNI;w`a)$2Fgb5Ex$RWZ~s0e=k-RV;c; z*oeJY@)u3Sws(;=!C&}Xtc<7J|6KQJ8-Fpzt+#aXvs7gjuvWi*Z)<~w%t+EbC6f?x zZ1~Bkxm)2oFUoEj^?T#5>wnaCF0~C2ySe~rk>%|!@tH~S1&OT{9XD$6nQXQC zSaa>g)Y$?EZ7&EiXN?_A6s;sMVlF(5p$;jEC2?8xv$888ht!5zT{?PSQ}pW!W>0H} z_JB24&2)LXngeAlXDqvZ`fO#qimK}6rWQ-^_IkqUyyeR}OA_8eV4}lBXkYf@o2Ap5 zCvzRM>sW&^ugrv24jnZ;i~68-AYW45w+ODRoU4N4Kh_z8F6H*C&3W0c##5lp3I>h+ zr3fbd-Zv!k9CpHRGgHY3TTf|45cXG{)cP0~oEmC49m6zpludtah}?2GtlX1brAkI_ z*UpPOFSa(PsB7Fa%dHF3C`^kiGt933>i1qQ_?F#3m-)hC6UZWK=Uq2nux$s1% zx8NV9bnm{Ry&KN@{m9XAeaBOz`|AbsN2|RY53)YCLK9D*!I>)<$r{5TN~qn$y~tcV z3tq9|{u++qBdI9JA=pl8eQqOjhc`<*+4|GZ6yGeB5t8`0)5|#Gr<+WbE?8Ge&{|^v z6pz;shWUlg}iTA2dM z3A7h*-R;LsW;093(VFnOWlnB4ZD17ePBp5~337%MO70rG?c}=<>ICbY?rXSPKR9FQ z%3BCOm|%)DCD)vb38yRbbG>!hqJC8rbI>0D$38wj28y|boBS3Ru6w#3_e#l*)-6ces{zOS)BJfq0${x! ziA-J)q)kD#Vhms%mhQTlak_K0tOPRVpMx&!{v>=?Y};2Y-LA;t({j-#ZokM5_;&(7 zqCUE@XAlJbrRR`PRU7B8)6}I9ihW`U(jbpFB zIp71-f)oMsZ$7+B*o?sK8=Kew?a6lnnovf!VgKfGSJv}>1YcA8635=F*bk#6yCX(Y zk#Ds?5M$l&-7yXni~pG~;3(I|6^bisSqwET6&WK6b~%IeMQwHIZPC|P^SRy3I(ZQQ zwf6dd%-q7e-BC4zG&K+?%KipBSyxY3|B{b_*Jx3~)EbNMbigM0cs@k#OjZ=VjzZC$ zhn)f_!#P}G4AVU*D6Xhn08`s3|~1gr+n=dnK$Z z_ffk%%Hz~Nmkx-l$c+mqy>spIF^y8WuQ6tt>G_{cbYgHNY4WwNePwPA>QmJb3cbcF zPh#LnNca@l>=+uLIL@s{FiL~BZ(f+l?t%iRD2!DcV%2dT4c>cqg>7UH+)nOf)R14rO;H zm#DPvC$(@;BpM!xP-Dq8}1wm1A(_BBsOxjDvkA zy9%C$W!NXt3T*Q(-UU|OKU+GMN&DI#GyW6DngYnF%?VN^EJ!_vJzKv2jLAI#cJ~5j z?RDn$z31M1j=}vCbhr_qrvO-K>PtKr2QVoC%JrHZ=%+{=vTRKH4{kdli>1^&dv2F` zJg0<2e40+4hL^>mIk6%b{%7!LXre>osINL1Hc;WLLMkkx>^ySie83UOD05|5Q}OE~ zy*Cf&OB|sXV|Loz7YtZc&wG$Bve#$lglSH&2Y$^J(V+vCg3eE80WM?EwTi#2sVSl1!hhts8D~$mQhR`%Cez+k@T6 zH(Ns72)AGZ3ev6@L*I0wE5Rp6rzn)AjM)7QbLWsEu`xAL z%ml8rZhK|>EdxW}abS($>sTZFnfmx%@gqP1@C@Dx?I%y&z$)0%O0+$~aGb7%5%QuZ zp3N(+LM<6T`7;gh{o+UX*-vg__{XmN7hLyG&x(lB#(%ZM`2opibB1bksOgo6Fii@z z4b(|Mlz0JAQW%Xp%>=-#RdrwOWs1NUK4P7IY<*!AwK(>vexY$|m14Gh`blMUb$-<2-6K0#oLJ3&f_@UI7AN7 zevL%%A{;cWMI~Gs?!jhFb%U3C>hBbr<_Xc7^3Hk`LW)<$5m8`$341PETEo4ilca~K zZiU2nQT8RCe_gU)HDN{QZN|H5#Ot!WaUh$@t#ubxa;|ncucu25xm$N59FZbg>9hf~ zM*t5~3jMw{l^wg6`8_ngZ7aVcl?a~9EbS<^PD52vrsS#1ZIVQL$tQRy_o$F4j+YR+r~#oW$we_7^H~W z(3E?YXyrqfXw54AmTid6Eq`@agW|YiNX9X{`OA=*)g(|F=X)X~e)$sfZKIS~G;VEB zO+XbGXXfv5bW+V?!ev*n!?0nKV!KcZIeklVk!n|%ORL#5G(gwW8?K@b(V8^(uV^ux z1=A_izwR;O0+VJ1r_we>!D40wXa zC20o5jFRd!N`!J<#kQtuJ`e*$lYFOf6N#qh$4L)+-dS?JX7A*;00IIaC7}QSB=BgP ziNpiIsDIt&b1jilV=gMc)40Ffj>PuitE=&IVop{cHBXm^*!1+6Vc~n~=YJxC2jVFC z;%iy+5bVQ!r+^L=?-wEgp$td8rfpHU5~7^(KK%eg-eyyCIEVZUplENR;1QDYa`xH!6G>RBcUYJD7lOkuK*9a)%;@RQT z#FoAGB{vU7Gas=Qf5m%xf_1ksbeGh-w2%z==XU-YON-%0wa z`d9dexm)i?!_s|1a{k%*niiwAqAJQXE}SuWoGR&UfG^cAzUgcb8(tI(7W60;r7nb+ z<-cgeSN`R@SNL-^t2Hb|$09f)$5gGpuQZpas?jBDB!(zd@^X}hAEpUT$eG;q2vyco zF~N=&W?o|^?IP|a4;mJC9=CB5q8;gfff*?g%=;+6+Gkm-CVFFZ>XkK^&vT2%#xjr$2D}PN-S%gWVbk{;*jT0`^; zn!~@&ZIoO^U%wv}7+7KKlsoDhdGd)w*&HDl2NifY1gp;3A;_Ldc4zFj{_6n4U&5?k z0}l_Oy+W2!aES#<71PROi&EzgrS)I84;>O!?qS zgKwY$rfc3Mk(to$vdt1FdXu7>cQLkK9}9Elnvdy|TaWAuInowF$sqdZy{VzTp`POD z>UC=lc2!aEl%CV>(CDjA%_HCTw(^ZM)M})qkd>yka&;Wneb%(1O2e5U(U7v=MUFEG zNfAo?TQ@&fP5J9cSL^A7|7IGn{JGT|C(RzM5jUxJG>~IUERHah(djyHq5lfjVRc;W zNUx|_FTzu;nl(T}lGl4f1UFAf5I)@{=DZ4%^o?jwCEu(o*RwsK{0q=EB8&ah+5>veX>Ih|j{k=~vemmM;{?^dYLq^LtU}Q>W1IsjVl;KVb7S z?lzepIbS8^RbMP@CARc`lPQ`$Oi>fM!}}=jWsd^ZV};c%;hW&G1KmA6o10KFbl0OZ zlOyXhgn4S|s z*Vvqn;u3H{u@DZGXDo8Gd&0XvLzso5vraLPBVs4+5*9YmTdS1run_)ch%9^L*B zZ}#zfR%U`V%k^Bx(Y@nba7$U|hyRk#g^V71li4S9?aG?L;SW&V_Q;LfvZ$Elgper&zP9{5Rj6x^QDA zUw&a8vW9BC9(3`*pm>MT_QTa0>n)qI5x8Wz)eB*~%u*awk~@FG()F%4|EAfucF6Pe zvnNUWF#N-{@ko%xVqBoS%ZVs@p{fhGGs!z zeEb#1EV0884wig7ZH+xE%*9I3X@AqS*mlyXXv6*RZ{j*?XQpO)Ir@!EawiNkT73Yl z)n}sdlsD2&@k9FXYii)QxOqHtSOLg+#gnnj`E%)FMzg_z(yZ}E_ci+$m^?_~Kk1Nl z8`gE0z%Mkakb(53m=RPlL=y@7J^H})!Na2?&4;T)?*>S0C%#{498H6YvR(Xdsg%-e zM`OB{^9=1a`uxz<(tHF4|hqisGv3YSsu9H*?7{1@607m=@vX zQuCRNoEdqB!8Da4U}YJ#e>YR=q#d5eUWQ#m0DXSWx2xan%XE_`RjzsY2)4;3N*4wm zG?8oz!yQtG=egU7OVNH*X-@#WhlpA`KW`Kr&YJw~c!*}e&i6pNbU9nOvS-M%R48-{ zqr@>J6Q$s&>3frfPIGT zSpGnV$nQ5WPOf@61(wF>r;dgYZRac&;x`8A;}Jr)$C0vB)>AZ2>N$9(!Ots+CDeA~ zPp#ot5`XZ8(jAq&56#xad{VN8mS6k>0?BI_lXqz#vC;40Jt)A6t&&-zv z^}5s$6{pk|oES208EkLdEGMao-G`h}(!Q-vS=to+eJ0Mqsa?oNlc+2yHSk~3hAul*UeWKs} zNKcZ7D-#-OgoGNi&Z)1%w=O4eBU~LuqhE)Oma21fUSU(gZ4;fhVLD=BUgqM>KJp}3 zsi9o9rITU?5281!i$qGb06)K4lF=yv+c3$Ak&F&jGMGuA_MY$kdgu;sL~nw}lS{50wN8A9&CzTx$_9dLq zXw7q)wlt71P}C))YJvcMo`18D{}P+d{`YQ+xfSN*tV=gr5tW!#l^HT?hrF3?A7Ue# z2S}V|^QSs_r#1tVeZgmSpTU!|pX=~x_-QOHMt?ZoAkf&VdkjH4>tD~dEv?Zq{kvk0 z1&x#HZ2+^X3fsF85FT(Rr!D*=AXvN@$Nj!Af_|wJc`cH4<3pFgorT&DZtbOiJRo1o| zHo@+-%)PK_eWbKVqkf8debU|8^;ArFL}N$e%_WC9>Z;+4d`k3#_0Q3oe*!JfjwYys zxZ{;Gxr!(e?lp~m5rQx?iP@iw%KTVjg2~A=z9vrc2$|7KF;;))q#-=@{foOMsmN7g z+gtZmDL*VSDuahHbzd>kVjDw3A+9=(Pn|=E)IMi#ns}EI)71huQ?n~|yn@%4yQ_Q- zoNl+w+4tjC^~>V=`GB1o(o>Y71ts?y8zC_oddC$0nb7Wf_k%&cYyjsI z=2?F}cBF~mEd@^J3G&E`8NWZ8WUBVzs+kr~N7X{$MYW{>`?L9EXu6}DjIv_U=cI*Qp1f@Qd zv7oNa6DarcO1kszVvE2>!3Q30zy@Ipu(-$K6=MGt-gqSw$X3Iv`1GPUogSJ2Ujq&>iRtw#s?rA9@3OSb!AZcGER6 z{AYRogKF^9TN3McXKCAOn{WZA`qL|Wt2bU*kA<-F%YiD(^cRfot(=JMb_S3U|Lmo| z>`P1wq=xe}bdPK6Qk*xoby}wr>WzxFep4N$Ha|_&qrt%z2m0Fz+s@=q7ZsUahR^1L z8!0raFBG9Ron=V{;B3Jkpwi7F?F)MR3lIoSRgx(9@UB2?Yoc#UZ1-)Hb?N2+ar{z9 zp`<=VI@0E-Js{m4q5QC;$<;_ZF!;B9icPO+%G*ePn{=h#5gX9&XqMML9qMG1+2)~B zbsIn-Tudct1s`A`I%s!|+Ib~MskYyEyo&(~0?VVE4&KTNbiL6(d0Nw- zgKs|~7ZlS!(rYkX_Yj)vb6cQcJu~N;waWK=k2C4n#0%xLTOxM~MoYF(3qQ;^)JVV? z3U2jZ*Mi6L(vHzIIJW6abvY@N+OdWl>kRI@;*Ew@l6U7+RPI2p(E_+9Q3@|@#4dQ>BS%f5fVz@H*|GRYIa zKbq+UXdV1x!LfV@vA7)k2Xd(w+0UM3gF63=96&~@fF-HioWgh!G-A9>GLbx)VWVRo zW;t2xE_pq&mC>h%-pnWdr=>6IyvU9gkVmVxp_NKMyFQYg>*C*dsMpxKUe|N^ig;b6 z6=_&`#wLMsl%i&wNM=nwf;WC4^dYlQhL1u z8LcB(|9ne1NLFSx)UwF3TrXAZ3ji&S-o@$PQdhT4v2@}7sXSZP2t_QT+slVEDkR0N0&y+p#3=2cNb%h1bD#hE@yggbaXPlYq)e{=_VP4t}o;X>vW3T#cxe5@q zfMRQVEJ}brT({DpP}#s*BLg6t2Gj9JJT)UYejHJIveYc8@& zAdJxW^*PM06ope~a~Q-EfwA5q3n`uO)n-2MOboF$V!gsP{I97F@y$-}+Si#~O)hxf z-uGFwW24te>slcxZ(bid^RrAtD_o;zpr@sjR91EsAL#V+TZ!x|ts(KwZT6fa8{c?W zrYhe3%ZE3KSf3eABfg%IPB%-0F7_pq+zV$HGe8+7-QyZgEu7AYfb49JeTwRLMZtc~ zwkMyl_%NbuEIQSiMzR~r3$Z$nP!=n5A-}}mSKp^7^ab&Gu&49MQ|RIi8(PfyA+O*! zo^9EB=)rtttK3X8^4HMfeO-4%GrTeCsuEQ9$gjlX=gK1_5E8JZ*1t2xKg&p?NETyj z^F3T3&Y&(N=q$pD&Jb4JCI<8*)tNT-ld=v(5lJ^Je8pTf1dbmzK$kXP?|Rw@iwBUz zAqHx3%ZE@+W{m@tj*O6%JLpFRGpbZVsC$Yt?XG#(iQFd|gC$F857;Z*BQRF71Fe9< zjLrAe@z>++Ke>d=n)<{0%pbo80*R6NNU|%rCQ}QFzG7=Z>S+%l&%A3&C~V;}?A`3m z(4!6HbZVHJ%cR%q6FkLSLP}Eug%2|;9PfbZF85BhYGjHq>cCv=Kz)ee*XGM5B5rj@ zsveR0lMmZ)!OCc;9&jwEHXvH_XKP&Ow2}q}IS;IaDLcsn{FYVqM8NUDkLvzr1M*zd z(3N{RS@c#-P{JR=y~3L>FShQ!JPDgs?aV)>&CVMq0J8a0?QI#ff3!Hx^&RKMW9+=r zkQ$ykbHf`zBYie-N0pPvSJ>sL^q)-SS~6Q6{BCnOo$xlxr6T~C25^M#Px|A?{$H8; z{}~bg4_d>4LSQAOW@G=)ayd;vO(xFq?LMx7D1fH_B-{IiIk`oR>8oqq))csNT6_yK z{en{swmx!zUbDwviJjEP?Py*l5>hES`V>htFG8}CUz{y(tA8`0fa_pBMNn+nVhPlu z9F!gZ=kfx{3OPNBDVn?|Msqxc{kxZQ3XIlaWVehT;qO(;9xX8f7Rj8wNPo-W?0Opn zVY4+LJ8C}YWxM9z6!YSnx(@*DCTx3SDc>lO4v@8JqQu}&PLK#YNZE`GA7Qs!Es(Rf zF2y*{v;wv9E6$Op=>i*{*zc~`EA;0@dM#U+FOV_@-E=eojvHi@h a)XNZ#6XFq{KLRIWQ-#yqsS1D1P~BpOqgW~T2w$mKvZS{6#+>g zfCvc$2m}S0OCZb;BM@X(!kCcoV%@&?^?mF1?e5pT-h1n<`s1wR+vl8bTHpTd-~R3M z;F_fgKS&$|0095hE0?YVz!T4cDCv}6;nLI(?lWLx$M%w=XY~tf ze!4=uWa=g>@vEbtWPI?EvTaw#YMytC$GuLjZ02JkF$<;n`PnO@D^pW_4O5Z6ws1H# zG7Gb1Kr!sn+FMiGTkG4~?aKs!`|q{H)SRPN8@JX@0>DdTk6P?b7oV8wj0pf-qUD^q z8?`kV&iKnM2zvn1$mrGI`56GL33M^i_WN-JDNkk}a2V~Y3L{ijRi*uIz~KxG(yK4OC)JbueihY(=xAw2 z<#<`Oy#x(Mw&qziaZt{Ofx{0*#a75RBp11v-={0)_tv%OJ70sEScpbyu#+IFbZ8taY8NEFN_LOccTO$;VWLwz65gtu%iris`voBXIp>4vozzla_ z#QmYl=>D~gEPtBw&O-8rol)#>ZyMbr*mL?m{3TYxfTa|B%vuHKB zLkp_vT!g0V(foVXS3q0Lj`aG>)^HH@4s$AZ41TC#b6T)`PV5_srMVhek8tz}M(GY` zv@<4ThQQFFHSVBM57+%PBFwtqBGq)_a(y9tjT66y{V>qi(ZE_yn~2L@iHT-!Ebtt! zsDPmQdMMAvULq@uf^5KydTQj?>;ga7oh@>kRTHa->a%zJCetd%Z`XreS}`$n=p&9e zOVfsBsy5 zUDR?XPy)Db46O+`0nxDXbR8*JjPfzN@_@usQ+%f0|da)Kc z&{~lpvlzQq(=IT?kXM_yKfE_at1uv1`&H{>TICbYN3Ifgjs`?;QzDJ^dLug|NMi;~ zA@eneiO2K_7VnlVgBTaK^5}`PPyXhbpgY-dLPEaOemzp@u3_91znOlD6zAx zlOvcIP*(mbp&*J514Bq6nF*EtV*6axfGq^}D) zYx+o?ip_8ZydkECRsU5ioWiH$J|K68vhJH|7ke^|n&^A5W;huYF9d8#T1@p1|7ExA z2%8sAjoh? zqg3`{PKIoW8jM0v(~>z|$H9?4;H_L-h~@dZ}K_ez(sQv;kdq!$Zm?@Nyf;008FCNh2XPQ!Dr$4F{ zc@cHS*9t}_H%6vIa}#8$_T4pnuYJnt+>GaS!Z4#|P#V7Ht)<{+)Dkv<|(<5iXND zucyMJa8h5FYmt<^HiL5w^DT6+ zyx896#~v1@aem4sms4C`_lu+M(S|U@nA8aA4Lw$s4}ji3CX8dtva|4=kz+?;TWBvL zTDxgW-UNkZB@j|5dzwR{GFybNoi2I+H=|3uDZYYoW1Noi$IV%-wko#T#f=&i*KG0RRq~!UDiyq3`kK5)A+} ztj_}H%>S9m!xOE~$|FK1gSNtZ>2;aCM&GinVwqi#52-g$UuV;@A$PtE6rjGKcU{5W zJ8PqFD;ko-`Xf~eB3@4Vj*VR`B$kDLtn5jtJzgHQC4``JgBJGJQDI!ClT4PTYbi3E z%Fe!tn2P?qa;92&f=_UgJ)5wiTB}YDL;K>NWO#Sg*CFk0kE=Y3`K;e6&(|rHyd(@D zLp74fMQ+K8rr2YjFt+UaSCrx5s3Wu7~rEk+qVyJo^{;H*6@H`~?x8=iQio zq?XN3zV#PP+XuSqSo&7NX7q>v#QtWHn+MSnPQ_uK(%Bn35wsURDC=U>#=^>M@sAWg zC?Uh`o(9@%Mj-T-RQRFUl*IWr$Ys&~g`SW0?T^Btt1oj_QV#=2bk^`uRru#cgST7K z49$~*NeAKwCXqhDcaFqB#+Gfp=TmP+)5I|<;n=5xV0i@?e%8S7p(F8JdSi$@)f?&XlCfmRB8I)XzwJyopct{8hr>~(%n<`DoVT&(~LR$N7> z7mpk=G8=_`&egC!?2GxuTAy^IxX0Lq5UD5AdK|0;x%1koZ2WRvPX=5V zH-cb@^Nvf7TLaDevn*&wESkj=eVNGH6g&0I(&*Y37^zZUXAms9|~~Ie-*5f7r4`cyLQ$U)W4b@0czf@>jqoW?kaLEX$q2+XN3hE zWI?>j0%#sl?t+po((Yb<6VA6ajbJ-!LI6>+oh@O`Y9jK>r}6~L2AIXOJGy;&5{PH@ zb013aYdo&T$`@(cL-w0e4vym=1eLTcags)ky;-LadtcJmH_(ts^-;qgM4M~p#+|4} zk&7=1OS%TU=N36;^2YYr{Bu?^x_3VB?7IG}AW3g|EF3WVwX;dnJ6L66tYWWiSP;e< z;g`8u{9s)jvadTk4;0>)R*26KV=6fkBK*R9g#{R{jv#zk0DGIWUXy1h91s&qy~nOu zKC9NF8y&QK2OJz~*rQMk_U4Nyck^r?U4^hd@Is!N3q^>k$A&3S;QL6s@8jlu^R);o z&}j^_m(~JnS@&b8@4U~O!MgwD#2QNPeI45t9v+L^MR9g@1oJt|)E$o3YSfxgL3j1t9q@VD!PYk~ zk#@g~J+j>bGuB1j38&TJBbIhTv(Mbh^$gyJO!;ZVFY@UaRO0NML~*H(fz51opB}Df zf9Qg+0N5)V1RcD+1n&&+JXRh!V8<7{aHKS>_2$I;0+;PY{Z&(!CyGJyzNr0KU?CCQ zeN!mm^wHUN!?8zx)&!J|%4N&b^#=|zSXs%6FzeF9mX9fFu<+)%xNfDChL{p&3ySW^pON|X!5`ulS|4?+D7JBZ7v!YrX%D}%?6 zKG2qR62p~QyLnjRD@sAo6dF@R{xmG&tJcYi*OPqeW*HU8(ARDJ!ii-oM8m33CMiSj3ESBRt?RdvAKi2WyRwnN%lqMv#HoaJoY_m3l27o zFT;j6ur_DApWRZ1nNq&hB6~t&ssm@Y7k+am7)(wUEm5EF;1p~`a6es)ovZ-=J~``K z>Z9}QiT8fT(Tw7PfuevMverP4XlLJbdZk_d9n{iMRcp!J<8PNG3yR(uIK-3pMWMS4 zs2LAzYtrz{yG2~Ld;fDWlH!V!e7Vo;yCY6xRAKC?@nZet<|Bp3=FdNZ<9To(uD42Z zz4Zv!TifFV%bNayn>)i?tV&?a#>amL3je79`)`L~SJ3Vr?E`v#PmovnX-MZzY&1_& z%igqvgTnk)r@;YN4vc=R1lcUiMV2f7YOV>~1zqAU@ddK^#3&!y3DOix{RZA?NhzyX z(XWhjlu_V@ z^BRo7FZJ%CSB0a}{QL0urkM4iizZf?B?G;~>`cptWttMb1x7(%-!XPtPFy?N9d}A` zqI0Zn_xZ6Pl`!EVq{Cr-k(KrSD`2IOr{naH#w7C# zmibaL(2MT&lE~P->J;DVb9s8`)^5jsa#6i)_OW+m@G>*FnNR-}&jk$_{)!{P&4eA+ zCK^CM#y*PMfeYNbn)Moa*|wf+*P;Mf`55n!MBd2tQ4G5NQAItA+U{pgOEk4RloA$A ztLKrH^l%QG5ecmj&ibWGKOXydfEv|J7nt3F7Z^heULz^3%X~Vug>lIAWuBwZySTpxR>x1f4BkwCL=(-55D`*xt~$-HFXYPV?#9SuIZ<7$MsUIW-8D zAV*Hw2;-W*l+Y{-o_S9tV275E*pURGy^2FQ4am?ZW7(7tqT5Hz+nU|L^qb9?oy$_b z80g?iJt`EGkX9W#Fo=3n1Ol?%FLuvLymbKW-!dB1Rje0okh}}$L zk2XVCfar-KYu)@(!3sTCPmETvTaFLbv^cIb-oGAPKWJe?@T?!bu;bV%S=%YpmnzkI zDltyxx7xhv>Ze(}UDpU`jr&5CcT^eCPIA{N##0MC8Q%$kNfy~It}f{QLFH3i&`H78 zBR8TDxhrS(n|0@(mPDd|`u_!!tO@Y7e_=dw)Bi3G6(i?{1is5(#5ZB8eN7?W>^nKt z_45evh1t}Cj#MAaDZzq?522HbgvYIN=bP^SMdPd{o(RtqzDj(QE6$~HN~ z8%3{`C)zsFTe0n9ZppV;Brt;TfA#of`f1V#k>@uYE$5 z?zE;D&a9fWxeKGLC6pu%rGyIz(m};uxd|O=O@qpV1Ca6B)6_d>9zy^AtQer|ppGz{9Hk;U=U%w*N{%w@Od*N<8F#Bqc;$1S+U`bPcu_@%aNW8V zWZ%-eOK7E+{USJ!@lIeWm#+xpsJ3QlPZ9&}wd@*sx`Uv$7&qkGX})2pub+-H61l`B zs;K#pBV7abBqQwQ(IPDkC6LaQVOKvLR~C7;q<`UZV7suuh}M6WN}W=epnsK(Uv1S& zE*;QXtIRj$o1;M&vpnQF$5XY~U#rw6zTOcQsP_0z;NCG1loVlaj5|FXFW_w$Q&$XN-5N~?Y{52j>H zN~EAqQWS^tY&?K&RnEpBEsio5QF-@PR9(#Mh_q+sLLWM7&#<4Vh7JhhvIA&Ie5u|B>8HjEjJH&Cl!2_BO4D z{cq=dFOkHVb}F;l0|l739pb|W2F*5e84l|0+cFs{X|fh&6SHERkhdic=F~wMlyVM@-n=2gZ=2xd-&LOQznxvW0rPm}GBW(c zpvLPtNo)!IqTc!b&D@Fzd!vU;VJvG<^6FL6xkhvk-&@;bQ|n7%XbIgTpVk~6lgrEU zx&&(tN+WSd+7ODZ(}emo)*i5ZMbqL{!p={w^0oR@jNiIEnc2ad3u{6zS~UjTrI_On zn95Ig(pu&ntyK&HY1-|6ERBf~yGpN}k#?gndUseRYu)dL9AxAjm-1QXL3^Gpgg5Ux z`3L9E%8anov3leG8;E%R*=RSV;>``jsovVLln_XczZ|o)QByrU; z=9w>6UkqpXiU}+v^n`ViH{`wXY0&}uMHF4R1qI&P#EH#5xr}P$q;6$ZZH`s#f?vm6 z^K&~1`PA7^Y*$OMP~llPQRxC0jvzJt@Rm=Qc)M@&-KXFBc6Sic2JCSXgWWf^H6w47 z{T-^8ckJ1&sY7nax{6p>QUT4g{=ubSW7~n9_8J3=gIr~%sPr{zFjY#X@x|lKspy_F zzC{)KqN*SBZ;MQ>FxjH=&_H!})gMQ?{L-tW7#R-z`#?(xP>B>Ijz$F7_3Kkag%nuCI{uPkqIX7Qc2w z=HvAjY;*`7gMwHU+suck+>Vc}JYns>%{ei5`XKlLQ5^f2G=E=~K=Lz_p0JdnYVSKi z6enM+Y@9dMwltzqP20P z#|o~@W;^CHmPZ|~2mBI9chIXztPVhSj6{p`RNwl{DBt$?8%8Uk))Klr4*qg1s$XQz zw(;wS)<_IQqy1XGssBj*0}FXn*Qe&Y8FE2e6TyAIal3Y*VZbVT(U~Q;m@g0|TxD!7 zR&StwJ|&G@1g?!NdEum-R~6SoudW(f+71>ZNOI45ucX8#eGLTN^TSIh$M#0m&m2N+ z^D>C#T60iRn$ZQK8jO232dZy&t?he~IwhX*3OU=8_~ts>rX89jRH{2V_RZe8s=nnq zZu}AccesB4s8)mIj9>}HNnt1;tSZ6?dCV`WDP8_T?1KuFTUXz8%NvBfqKLa~ zW1U$CZuIWWmaOd2a;dumRxykOY6IJf6k*hN5Kuk^J`J-=<03h?P}y59RZ#3utpbz6 z1jJE7g1NeP0@PlhOkg^S3)QA;vS>4Z)~5vN`Q1UCK03GH+4aF3lxd7`Z+%4HimQ8C zrG0PmwpzKJ$Zd}qC_g4Xcum#PUdqCLyfinbM8_r+djl_yuepi^g$I=zyt))>D?cn? zbtc~I*-kGnVvjqsFKKYd}9{Uvo|rBU7#u(wt(mtI!e*3uXE%yUwXAj0)VIKM%1opxHabLFiy$-52-OMx+t^jGnYs#K&+TGMO}TB$T+bHTsqwf zO7O|Wws+nO(}`57bzC*00WigdpD)zwiA?|2a!VavkrVDQ#i1WkkI<_&0t^ORw1p8_&RjH33-xtsMe>8ETXX}NFaU49G=k& zg`TJ7tU^D=?>csVc6#FMvzOc(QcW9PK*idj$zRdz}x`k2)qVns{rV3-=En{!u0 zpgH}781A8I{jZ@yvm&L$b0V2Tj{|H}Zdsll`>r3d?K7zjqXC|=KjRcrYYV7S4iU|* ze^n8Clep!V6ODI0&*UfzQMyY_-fdvZox^mh9Wk7MVqJE)uG;Uhyj`nZ_5=JIn?x0P zjQi^hMG$m1+;n}fG|^otg%_Y-4pi}J9e{6{@LY4gtRohHe1JWcH{iU;jZ~YO+;wIS z&}klMCDoFijp!MXc=uuHVxfMoovn$BJ~wEE7jOy8OD2I{sj-wp=-J;=(t_&gf^9 z-B$VG_GH>=W}HlXZQj6Yq$RiN;CkYZ)Z8hETRT$UM{x~MzvP7C{;w2Sq(mVK!^JDa z|5?@SpCXj!H3BaH-1&45hR%o$9#+akOby||Y~xR|P;UbHI}BUHG!y`39?23r2A2XVPw9)|qO;6-2*P!(E_;xZ?!+FY zm7EA_QCXp8Wbm5+Gw`DYO>nJ_TIdrye7#*hPA)O|X~TMrTUX(R*}6L+Flu*no;6-L z>Ba)?2AVq&W@0(aMVCnC?)_ZogjUk_tE7+b5t$T}h(01`*Qja|vOUEz0 zL|!zm1_4L=@>OAZPxWNo4|>EP+ESjy^AO{!&`MslM2R;xv>aXF?)*p;dT~m`%=Yqp zf@xvkLgav&{k5K@uD2U3Bph2i(kp<*^5(Sp1L}rR$V1Q)MVoa`#!{0`>v$F%!L%D& zK9iJeTjsRIsfh9CDtvB9JO=^4E@@@%d9>o{0QoG|mRuksk!Z|~uV8M&yn13 zom`D(`j-+%g;)BE_QLI00)VTv0izpSVG&R6Y2JnN0^J2NoUaKHKJvl=2eql4Y1y(J z5!>OhTlkZ~+T*Yck^gCZjpVD@u}|riz1n*bEwS-MtckH|6ur8~8P_qP_r0S#>1sZa z)fE)Mg-_?X?6UR!q`)mo;A}O-&uaSkPC9k$! zqZ!+sef;nRIT?eLJ;v?aj&?;e9yH8?NbgONn8SNT!P2oJ!_i76o{wecUXWD=|29~_ zi@#3#@22PUx(9y*s06qgy{Hezc|Sl;C8x={>vh08jnOBsI$Lmu)hy=DLJl>yIz*BiBeS6=lu;?>mWR$| zIhHfZQ^e|^opNx_hIwebH0=C5jM(hhY`Z^O$L+pew?BTr-}mYB{k%W#_viEbezX02 zJPq~D^dS(4p%>cS9|F+`0NeL;H-hiozrXzz{AgVA_dEjmsmB}uJ6e&h-mVZxZJxnu zgf`gMyNC|C1c4Z}uRR*9xXLr&7{bfl^+fXNIbJAZo2SOh52>Z8xl681_kSLjzO?j? z%Ak3>&73~>$jj^auGZ^p&XMP6?a2yXrytN3+rL4gafI2SOWzBgNX|R83>;jMmv6=s zTT4z6mFImdW$)%j8Vk4F>cm-v1|hV=i8y^b4TLr|ovMj(!D#HXpg~MF1*Gd`S-sTi zFb&uIf76_swnoMU0wW`Sb$9NT%&x2L9xwVgLl1|UcZNnbU8-|R5{6%fkEZ%v<2N02 z#500q3**kGkGkXYFFwsNdR-8-)ICKV!8IF!R)!La^rd9b19P=! z=FE7A_FNg!a%i;C8)Iy|XvYxG(Wyq;zUI7^KQVA4Y~qaPTWP@!-5gA31hn9@D}kZJ ze_RvPODaYT;9b@!Z}32K`?tsZl-d)Md1zh?Lun!c6=M&Y1}%ELckXi+7)ow;X37G=nS;Qj?uq4B8;7! zC?Go0fER4tDK<&(0FyB@Lels;rRUg|fWd)P#N44G|I26}9gC7p=s<&i zc;hQgC;^ZYlDtFTF5z!a8@P~j*z#T$Z?0sv_iX{faKu|;!?d35X`GkmEgjr(258fI zFvbR1wZtB$>dx;<%|sA z^Aew#5O?jQ^mr9j6CF>)0CGIu(LOH~dv&$GeU4C^`mh&ah$X*sOj&N^6$%Mlmc3y} zQX2_D8983Uja-!tlNjvyno%F+7^@u*Ak3V0+J(arhQs-fPqB?J9(*+-Yfn271?wuk zlzQcfk4Q)Ynt_HEIPXvD4Z-C0u-2n-em>=rMtFSW&?c_^KYw&Gb5#tF6Iy(b$o;H| z!D?muJ3kEP`Qw@DJUmh9x>w@8F)>!E9}C z%w~mk3g7-R7;8gOyj!IA;v--&j#IPy5!L9XV^vcVCHrXmGMi)C1A%BGc`&`k@H6%O zeI9^P%Eu-T!_pdFtc+uAx7@0DJK5^1XjtW@DZZlD7Z2g3%bsbcMq85hjA~Z;M)kFH zdtkG{(Sd3d>kF6GW1;(rn6Ve)#|JelgU`{y4MAVaF6Zb|d4LX1zmHKD_>3i@NKlj= z=_&UcrZaK@>9zqrC5q3j)iAD~#;3?zQLld&iaYD(k?HK9ZYU>ae`jBz#)fV88lsn} zZ3-dmeblo}tqUHlKyPe07W#11h%ZW7a5LwW>Ub&jN?GQ2SGJWE`n63Ar?{)7WXO3u_vUWh&4j|S_o zm}6otTQaAMpAJGj59q&g(hHZst=ZIExv_7cJVCc+AE~+-21fH0Q~piv-pH_`jjSx*YUBoTYc;kL$N9(t6FMkqSAh?m1Hs%^AaF3{Zm%i=1hU zHhH``rBT`vrAT5Y6CZ$?GCLi4JwsmSP4^Fcoe&KVu7t>|@&FrVyoc@@i8%e=Dv`83 zW2OORrUQqoK!5KUou-vo75xTra-?e98lfF^0>%;i*W{K1Do3RP z$SX3*4U-|gzeX{V$WMyb@?(JH!#LP%D?g@62727Po2u2vFdAn4EK$+Sx}0yt#_x5@ zPOEVEVom;n&UQbSt7OPi^hVw>3hSwyQX?Im=Vs#VkUg(pO8z1EfsC%Ni9hFvjO zb#j1M$O12f_H^*@8u(dPOd3?R{ytUH9wehN&6?&SKNf09gHW8a02?*vY%7<4OR3}; zxEkK!ETHRuCIT=S&VIvHAS8aF+T)i2={LZ`t_-vSN%%O~ackYm4Lk+?NEqYN zG^xT_1F~#E>s`-$=5BRxs|fiWb-+fr=B!U?i^1v7X0U_SP%5aWQ+9u Date: Tue, 17 Nov 2020 10:57:41 +0800 Subject: [PATCH 43/85] CI_125045_update credential-guard-manage.md update image credguard-msinfo32 --- .../images/credguard-msinfo32.png | Bin 11424 -> 10553 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png b/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png index d9af0e8fc4b9547e6fc13add49a43b2e9cad47c2..ab3994789e2193b21c644468ee7b1a5720b9e13b 100644 GIT binary patch literal 10553 zcmcI~2T)VryKNK^6#*%Npn!tXi&P~v>C#ntm)=2vP!ozMMUdWmuL9D06X`XCA|>=1 zdMGKh7ySMH<=yx0ojZ5t?wKUt$;q6(znydTT6?W8_>GDj(H)vQ004kU{B|2qSfb8?EG-ghyV1H`#Nq| zxK`zV$$UxhcYN!{Rj#;Jb?={1MACH(ttfnU1g7F`cb98DEUtT{NhMJ^PGbDDvF;|V z9ly03;1wjJ?8GgD>;}w0puwFp#M<9?`*+XsaRPoYTjOx-}_Y=F#r&suNtx;%}l8uVmgy; zjSBvP#trR);%CjoT{^3#=?8ef!UT(XIzKiwM6nIKDK;o-eGRC}5`Ad)yI#Bfg_hyB zVQ{XIj&+52-{7tg*Iv~Y=3~5>MgLY0hF$fgoBJ)V#bvp~S}PT2`otFUVcuxwc1fS(H!A}MnemkSX= z3f+!Z+RysEXe!whcLNSi-Dj3K9e!=tX5b)m4u!aq03NT_rNC@N7@^1am$q6ZPX$q+ zRV+O&2aVg_QyMokwon}VDfCt@do(=S&rkAhSm$nxtZ3A0>6x>ABFG_-aUE}RJ>q>< za@Svr(#%HnSq$%*=Ff`Q0*;eO`_aS!t0p5@V_p7h)#RbG;9LENIsvn(UM9vh1Kee; z5zNCoDeT!&{t~*^NuGiIXP#7JB3p<}lfKBX0?w}ec$FmH90eIXkFT#Mt*pI8NT4Tfxe{d{Uv6JrQ^H1 z&dq^G^49>q_@hqY;HnLFLe9xoFbJ+=fQtKLRoVu6(h{AgK42qqf$C0Ulr;R9WyXS` zM(;-3?sB-(GN(XPk;iR239nRtHR*J(M5D~K-j(-?{OYJg3p@`nm?b(PLO!tXnOO|8 z2Q=wapM+Zz@BJ4??g7WkQhq!KH?yO*j?$GtNj)Vj)4+mReY>o_-?z}W{%zxRx ztl0m&cI@}<{*Vr>Pbhwk6aT~Ui*a>v+0`ZzCf4fQRD+P-=~2tMdaGkfmIn1 z5zyRk39=rDntOVwKQc19A;dE_fc@wy`is#`p`Cqj-?2DuPKulkPf>d?@yiRj%GS#$ zqiY`w_Qg$WJ=#d1fDv7E`q_^6s1hbb8~4+p{MoM}fcOA>z~K=Jx1jGVzwYm5-5H)v zx&;8V-MsGcp*n~@X0z0q!uURkuVCiIgBY}})>$pf{%axtz=lB27IzU`vwET(`PT}W z@#S&E|2!JQEsh(TYXNDlNK?}fLT*(eOzWUNyNbI-bMu`78}GB_8(%1si@ART{jzoz z)mT;KaHiGobFlF$)MG->`ECL1%Y!mrrClndj|Vj}H;~@O^At_(Iq!hj1nN=A@P<4G z0bhu}AsXM+IDhJ}F~u#9Tqe7A@CC9~mm^#qO0_eURFJPY_Lh2jj2WEH$wQaYTU)ct z8}mJ1Ggc8=scFPv%BMz>%!Q;$=k#c-?4f8a)z>Bf&15NI3=%x_oyEblH}H}EfjlLG z9)Z8F7HMBlyTC}kj7t`|?f%m56RT;6iNQ}2Kawc8z_%D)*;*q`4kJxf=qD>|T}~zT zOq`~3y}s3`C+-2s&_Z{WssBXmme;fj-AtXiO3dk)_yBGDL1f$^-tj5Y^m=hP##m{& zgDHb}gt<2LM~Q$x0Zo}w;BTmfKwjOvrsW$XIDcp;uqvzh!-#u;)lgmNut`AT?3QOv z6x>;V&U*52nX7joE?!%RPkz*FwP_!vB_Q;mp9ic2GY{eBnY!Nu^IZ8rTkW~u28km+iZ#^Fd(_`Fw0RtdELhi_dMPmR z)<+se>oK&U#1!*Id8ask$V_(mJZUbK*Hj&T4F2Zz%UESj-?bdBH^%I4w{0g*mF3kR zV2ZDt?um`22qpO9Z8iCJ$*x;Wc*T4Jq!mM_R?3+u$hx3+%B+%cnUr83xLBhWDgZ~w zJ)>@_c%P;mv)(XZ7>@s&8*>)cFQ*$WJ2unL{j?h;0NqGTlOsqXc(^nmHl=ex2D&^l z>+Lwg4+Q&V@(CBIOU>MxWfac{JWy~8f(HHN~B{AXDDa{dv^8HMxwu z1zCF;x`IEus%iJVZg}_LgZ_}UKw9JnJXuH$GLl=*-bon6&#>mNn;#3E@Eq;!=eJ+6 z58NJ^iJj+KYnC~W5$1L~t*1C>Oa0w+aUo5xEU|i!kwJTUaO(NibE-zYD6KTZ=MKt< zwt0tQrZn*oj7|dseIx;ALLgx3^*5r}2WwHK*=1ttKa9*0EOv?e@x!e$81f z;$jiwWPd+0^4j28 zBqLa*lxnIpnwrj)9(v3?k#f`$Yy6-PQ~tax!aLW2H+`>Ej#qni44%Hy?tTwQmw=xB zNZLRPGFnHE_Sfb*f!!|EhkW4n`8_I6T2-g z9fVMuob(c-a+(xt`wm5F(?nXSA$=-x$?i7o?8(PA;gfdQ#=6g;Y`@rjOoX{m^>cWq zUHDfy58KgkVih7H_YGDHv>Ym?ACM#<6r}VJtguSq9jK~EKqwj&4 zR*g0j^GSl(T)gq|G4Va{eJlFvL+vteLW_e*-lX2mhx0SyvDRC=HEMSGYdcoaPnaw= zi<<6QMFVsse148(y1$*v*SDy(z^*iGU67qPQZ4#5E!|toF3_D44W@QN{(kD+L>VYgMUF~cA%VB77U3$J+)RnjM{wJhV?ntxu!j%P`iayZPL)|+Kh z%XF1Ti_U3nB$=OxZA#X9P zgF)SMb&|#y*6>a+rv5l|htg3l4ybGBTb}zLS;Jf}o#4Q_CsL;2`BJxiFQQYZ2AD6h z-Xri{BIrc2@IlV0%gpM!`HH@lC?>MOYbLWZz`9|W%l!7BqP;kkS*`K0CH=tAp6WI( z&F6IPGan;q!7W1vxs%$sJmJb1S%Yo`VP?Zv`i8Pa^G(as?qx=x zX@%9hnzI&99#~WZ3i|zAuYYg8RrT_;^;z-Wy)0OkDl?7a>iXv$Yo&AYWDxZ_H8jh| zWU0cdb{Wklj1BqX6dq%&T-iSrR=EX}>N!|7N5o9(_1Ct(uYZ;>Io+S~1V*KkczpJ? z?|WXMPkpA7iyZYd z*y@90Uimk&VP{wc1Z!8S=5ONEov$5b<#5ON^*wU1hxz>0PCn~h1AftCY-zrD`IFTZ zM9O-0AA1GgayT`K3oSY`v8+HD2x(>!Woo+1lcb#0S-5u;{K+Z!EY^jS{(SDJ<=r`X zH?ve{-B48gj0#W7(TC(j&y~ZkWzb`C%$7>DVaIXBu{g$y42iL==)KK8KfD+~fV@0Ar60Vw2${O!yXAjbSUA}6%;(;x)*mAIGc5a1j(Ztt0IRPI zMy;>(7K(R`hL8NZD2eTEa=j`n5di2vy6B+XoX@|hMTofVOF!taeA+MFb`y8{+FyJM za<7%r9n;!R^ix9g+WsMR(^9XN&U?NOw|`V$?VxewlJe7ik3SJW_ty3QdGuP@Pvp{L z;aDMv!euHWP-tU!N+z zB6T_q5f_XlSOC7#<6vNkSZ|%R5?K1zo)vWQJ$rg_LMC#6K`C`;kVIXo`V`~M;B8(N zN9kjJ@j-u-c5A>PYB{S}mlj0f)>U{>jUredt+`k@-3~rjP->~>jL$R^tuE64npTZ9 zp~n45zg;3H(RRHvsWKM7wY6(G`(oz5Bz8Z;n#9i`PFbvl!RK2zmMVNa zm$h~H54MH*?v{N28-1y34xSH<-Qz_1E`BjPg%_WT14trpOe>2#RXeaNeB-3}i}^N8 zGVY1)J!Sg%?}T{cz1tqsCtMb)p#+xurqdM?TYbl(_RQf~a#@O#DJ-Z$p9JAgrj$2^ zNXGX1!*AzyNgnktJ~#$pGvwu%sIBRBJ`vDuxLJ#Stq{r9!?I0%_IfA4Z4NJIoD&f2x+iAI~vJAyt9%cWv(Vi~*qC5@`K zSU%R6r_&;Nj~dt&!dWNNl#(g-OCS`?BRMTKo|jMZWLt4I0Ie``SE@fW3$(Uv zg&cc@U|HM@cWa#Gm;8jwz0S{riM#y!mL(+gPL@%qtfPvZLUmCC3HtlHtw7Hi)|zNO z(YEkU3*@W(31RgRi)$x+`myuS{+MD1ngLPDIA+K7idAk66v=SBZOFVz6PoAn`)nZA zWWT@Eq)mnP6Da7={{w~ace1${Kn4YEQWG1>DL)Sng73jVpF{k0yU3%HNSd=_Ayz29 z=1y+R+y3~?h=H`KsSJncFu_C4QCJ?I+x58hN*5Psqy?X~n$Hu}v>72S*}$9rRX6Aq z&^K$PYz`SAv?3}#V9TW5`%jcr1LDG`-HXt2P|+4o&4a0l&%I~w@eZw&;j`bHWI#Dr zOg6V=y`<#97NAx z1g%&1A(dQvageD(cEoS*V7!d(5}dD)q#wxb#Gib>^nBUVLR4y_R814UGTK zBs7&JLTtp|{u^^!s0LWq%!8;U>$fKolgej-d0z5k@2mpyp=q2 z=LWda`}~R+{7$WLNcQ_t_E%Va(1tVjA^R9#;v>7@0E8hAtZ=3P(Q~4#jnbySiahx2pT_BoopgZ9r5_K| zcByh~X<$Td$0f3x#>wR5pJ)Q+-ndv&Q;_@wLpoqkmhjb zl6-{SJGp+s=QaGe`~0+!ZTWR0ZLOv|{ARoGR7U_tU$y16rC(VEsuE&$K)Q){d)QJS zUrtp_!)0)uTz6P(hUN!A+ACB2?g*q|2YDDb_SQOQcTRAl5_J2Nk}N5H+Li0BBVO3G z^|Om#xX1p^vR^GH)l~cX-XkN=Z{|M^b|C5=m&(v-m8+B)eN4tc->aOLG%%T`NfG7y z9DQ-~THF@8?@(e%72-w-8|x>qJ;S`Jvf^(m8zW|2sQrhkvf+xlUx#JPHMUV#YS86{ zV=qGZ^G4MMEVxS#BV_DFqjver!l27TwrV3iVP$)6=jFvf*o8^vETg$LY}=`3c^i9l z&k2l^t5%OEkUQMk4!75;Pk1eRj$||~L|e0Xi>-_9i4MlEyKlkDxu}u0mhfqpk=B09 zZK*MTlu?lXiOEz^LSBc)yha;I+8+C@}>|d5A5xY(iFMtvwNX4a3M1YM%l3jIB13L9onD zMS3kZVFZ3EflPV;`6M2S1hoT4s9p(tF_Ixb67eA-~Jf6tH}rh-BpwgAz|VKc{LWz9Nbqxr0(L@mtr17LlM| zMr`RYdkQrAk*}uO${v*!33&W`OXpGzr^DH~ik>YruvAyy^bK*=9~C)29a~_NpuM)g zJY^5|Nxb#jcd#@tU7zaKO8Yp2_brJt-38Q{y~CTkh+Dqm{_X5(-m&*(YhsqZc1@R#V@lB{N&3IvaZo zY4OjcZ5;7r5`!-YMn0#H$yc6#N1HEJZEvGbUJd^m&llif(p;TBy;eEj;98og>~wi2 za;A!Yg1-fi`ybB9+%wmQ6Loa=@O>Qv2o7+>kYNH^sp3x$-I;vhk_KuQZsIDDd#jtK z=Avk1NyU;i3`uurL^4_lDP!axE||AwVoKh*y4rcA5A?SWXDOdgq|Y+7yOGvZTkOAD z9`Cvp>RP4qjWuj}JTXpWzK}gfN*9`zXW+`EsW84J)V03ClO(boQv46vw;MHJ=Mg+U z!;p$DnSx*yR9iwN2-~h~mYVH9+FSn683-;^bm7*|jVbZhHQSdqg44Jv*1A3Y7wK~; zsXLZ)DdQM-VIuF#ODN@CIo1K1C#^2Y%cmhk>AZyOzgK$Ej2e?dyQSIhDaQyod(5xQ z#~)%ESKrCMDAN#s$g2jiIZ}=2*ke{6lYcL468Hfpk7(MG%eJn!>$-L=9Bb5gNvZtM zkB6fCZTQEgzfeMe{bw$nZZ>xPX(V z8-Mh*(ED`{ELy|KWwHf8uvp(4M$|6@#F7Tkg=&U*#oIC!*TH+}&Qj#ZFh^{`5+9pI z^Tba2tLzcgm!JvxU{{K5=liFYZ%^pX6&yJl6?C4yaI8H%(Tb4YF(aky*vJlVT zVpz#rmJJ3jS~;PcOE1PW37(zOvV$;h?i&nvNn*F7j=f#y4W5?uc#HkC_ev90YV_L2 zin2(djY_CRU<`#L%fiC2THdkX77f|W{X0SQw#|_ULXATP`;6DO9+<84)7nKnB}NfS z8#L_ns|EZ;*;Zd=i0GIV;7P~ld10#C@>)X_dkTK~(si+um05mB-xBTVUULOTlNcYq z%+R90ecJavt7q2UO2D<(B^Lgy-_rEU5O>!xE}+ z?p(TkAbsItA`y9(7ld>gKG33^W!c;N6?nUd++Rj3||(&=D3P*=|`h zmTX*ZOV^@yS>sUJSRZuEUu zY0e57Py4w|D?p@hpv-^W+(By!QlT%XxrkR?)c7qAT)B%qGn~gveMSd=b4KLo3$x`o zT|SD37&aX_@I_cK&=EjXev8_ zZCSWSjUmGFT2#;qj&%JxSa&CJLpLW-dW_5J8AMBZXU zCzZ%=6%|$e!N}V|)U*-uRlNW4f8xoZcmDR|^xorDo{WZ`Xc2?WKRl+x3~oYMVHziI zbc((y1NjrnhwQDs2hhe>QKaXF>O!KUCk;@E6~~B5nMjT|N|EWmU*@ZTQ4><`M(uqU zHII{A;i@$XXxsZnrEsIv^As6}=?V5RdE@y!6KcXCgc|~x$<~liA%)!rC$-KE?=*(2 zU|dQ-AqEwOt`i(_VBrrj7B1WSUK6B;-7ms9CS7Et?G_We zyiy1G3Cj6+2o&iF1g)8RWdsrxYdOLxO^V4UJdWyyJ%H90tx#Yb6}?oJea+Ve zcK_76j%hEm>Hgj5)tZlC?d+*p__V)$Bi0UIyQELZ!&|7AQHjW7-E^Pp?D*a$%PBzC z`LLI1-Zhd&>7$7wf!aKA4M9?HU7fuL%hg1eTl5k&`-_Nmk>#7&7cGM?C{yP5)DJU7 zG+bEcEt63o%75 z0lBC0m1;=la{xdHP2OH+d9F&V`FMW#Aj4Co_AU7gGoZka28XA6>uL@%biRrmz^@)y zFZ>0kN7k5^x#v@Qt^oAZwqQ%^0_82N&TmKIc*(^Dpii6B#twEidM9 zHOB`29sAAC=461TyN1JhJaXa$(~_yCH_lqb{#WES*3JJ)ZZl-IhgRMZueZZ7wzlDC zSGro8Iqiy@stY68%_C1>8@@GvBSwe4+GUK9L|Q@ndinIpJ#zDcrj} zqORn~Ix}XqY6n_%I=1wODrVgNXPJoK|5YY}xU(6dS!LONOPGp1cdf7ZAhGO-ojvNL zb9_5(8L85kM(-wXQPcDbVIQe-HnH83-1y8~9>aT+6ChWl9NIRZWx=W3y!X1lamCBP zEv)Dgj#TvC%AlkcfojzTz&|UG?;QabJ@Sux7J)X$86)&ih+G;UF#5K+nvxbZ63daw zJLq(f^HlYiF1$HKkjuAL95@o+(?2G4ZWj|sn@ErUr-~%rt8kVOm%pzf*+0ri#-X0I znH@_yx8u~cp9?a3Dr!=w>QM&uXmtHtM{(Sno_!ZnDjQ}ka6}-Q+8bEmDP$o5|1`%W zQslfco;Y$P6FEH>;TZL*ZDs{k2g$OU`iAAo*8?KEm$-(lbwYj*_OqsIgpY z$A>=j->l9P@ayv~9IGrODnfu}()_2-$eUPP(Ft#8yxa~!KhtmQh%D`o|`mj0?PSseX>KI0v;gippEvg1+%@XO=m8-@bi z*8Yso_-TiD-^QN3A)*XzW|h!o1@e1n?2c|LqkU;cR@e3&Z8bP&Bc*-?OMMM z>`bn4(h=a!qC4-4<$iiE#OP6|mH~wOp6kC?pZKM=3`!888~(r5Cj@(Ju1GT`;*D>y zR+iLC6p4*QC0$&Jr4@~47(2V4*RAX2#B`5hZyyPaxTIc{r96(o;VaNZoI$tp^#x8W zt+4-C;14GUO=jCA2mf{;y)v?p;k9G0i`Jg~z~2GgXk#+6z#GSI4$LNW$zqAQ$dq3sRRaEMo zPYYFR4ZL^R{qf41EmXo)a8nc5_s(8lsj0-43-2;%NAD{b^Yi?wmJa|@V~Yq!ot0XR z6G9HSj9(2Ceyx2J6x&IxY+*XB+Gvv8&e$(t;76(Fo_Anq$u}tRNa+WF5kC5O)%}nc zG)mpnN2R~oyoBGn0O=FNR@K3Cu+|ulV|CQ*l|nwc1N`XwLg`Q)6+mLhsQaj*YS4er zTAG%(p^6m7qWTBQC`C?iP{#Cjz&jhn!7YZ?%bilFE4%BuW7`SPbG<@n8CXmY*t z51KT*97TRqIIXNnxrR$WgYB>Fw)^Wd6Lw9nGW_H23^e7FgBOPf1vhZ#(UkvPz#xEL Z5>$=gz4!k#MRql@@-iyYrIPPI{U5^595Da@ literal 11424 zcma)?1z1~6y2nHL3N6}}0>w*daVxPj8fTG1qaS84OE7s!fQk>#WaCevDZh=rV zxZcojzq@yL@7}xfJW0-Za&pehWMLB(n|0!;6g)_7yo|5p^=)O;km}C7@;+`gR%ei_vvyyw>OI` z$fnzCOX&XXyt%NXSn5+M8i!ZZagNdK?smd(H2me$ttQ;!AIk_gL<23tjnNQluz~^b zH2X5kGgej0?om9``*q270bInTH#uN8a0y*umvR?S;HaeNx%ECbQpGK~q67enl5elz z!ddvc_*ODh%N}v11#e>GmN)Po2*iv>s+yd>+c^%41IOxWeD+gYenTbcobZj5O?bh0 zEo}&78RLPF=ikH=}A_A`KUzyWmJF2%sc{#X$Vf_2fbS$KD(@QW9 z(a^ka0<6Z=H;W^y!9wgI7-J7fs+>7L#Q+Dkc50bI?55wsL@RSn-`vcS4R4mD!R`Gy z7pXhX1OWigrvtqB4Ri@(J~KQ#c5NY;q^3Zn27@<9Q5~NHJ>alWiHr2fE#t$c8Vz|Z z0ugX0E&yPZRh>EXNfvYCO*{9l*QSu|_x`1-3wA|}d98#+ixt;Pf4=+D&dB>y_D#Gn z8tOL7nF>mbr-WV|Z@dQsR49H@+gzhM*0X1TPUq5~|K=*t{qmUDIvjZ_d^>s+y14Fv zYpXe|b(x%vn4m*-La?po+-u1t--S*zGO?je?pzZlxbMvIJdLBd(DHKtz#Xg6=X}7hY12TvTolPGMJW_ou}dO2n{8qizl5 z4Ma8@xvv<&6S=|s8W-)Hj{tzAl!>^7g-#{=(&f>e+HM_Ja2tSW4giq%Ek|`#)@!)EON?Ly;W=c$p^0bIe|wWi>fv6>9uGmz=L3AY*s*CKr7$zhmyqzxuu9CL;d z0Jt)ba-ck$Cfx$(4D~<$m)r(@t=XbIv2BqW5P!mA1D6z&KmIpoh^$ z?ws=upJ>nkOGX(L$YHV|<4P%4{JMbv3G}0v0DzTCEhm0dG00MY(?pn~`W~vHx&DW< zF)rw&h1?Q36&VAjVrhHd2cPvJ=fCW(kdz7)8V~VvJFu!S_LCT{dNih|_2(L}Mbe#; z6FbiAom&%&#}H12!&%tmt|rzR6YK8364~M~gpWLzH~4IKSj1tbi*S=vpA(-vuD2b( zT4WJgQ^u~$Y(dwuH|qv>D>YRQN0`cqUzVML4|YJ~A3x+2!J=R#_mu(+E7oT)Y-Npb$exe4} z%5=r!!i(MMiitCDyc^kLd-xHDMd>4H&BE6W>ucWxUS79>8XafjB915W((N1N#+Q3@N`Yin~UQAFCfq zE}ztK)+UO3J~=vkUv4Oj{fypBZ1CyhSEAt9-i8@-bxP*-dg$!SBtjrAWGtrt0BPk@Gw5wsPV9E1sc(IH6d7<))2&&>=B*<8p<{$ zWkDRTJmIDPPNs=h+8=sk{cL31QvZ);IRIHbQkmbxjB@Icpoa}@t6>vw5j)}RUhfnY zYBa>Ydjd=-2U- zp&#(9$RB&wZZGC%=>Nm_8dDcG;oj>Qj>_YR!Wup|e)W+c+zP zj{&Gk^chipaaN6=tNA0L3bphAWJS2(Ug~zjFV%s2%V)K;rlyzOyWun2x@EqS<^~6z z^Ifq$Z9DHH%B&xjk^Axsw0ka`ax~6CCGdJ;a*KD#WHIoU53+e>g+fAl8Aj=4k4l6l zYw#!sF`pAO+5;OZ50f}8$xzSXloN-0?Wr#>v;hUN7t?y_6NYN{d}&%AyV`fCk*a?D zQlrH{)&%2)cDl+D7r9L3u#+WVc!OF_P4bzm-D?JqyPtXYDbMKI2TcF|-+Kq>79CsTuFr|DPqx`sUcmP} zZnCzhn)+@5Fy=ERDjsxb5|(GaZxdzRwXEVg7#05ji1o|Uy~6@tohJ7zHl4;ys1Je( zACN@Ky&2cBNPq^=r24&7>zK@$CVvbg&P0EW?8l}~O(j_Ni>um5yy{eKo=QaehABPUzYP=Rwxy?wh~ zW9y*7ZJF{Oj@)x0;@B{M=7cEMG0rsa*pHG)W<@z=S3w3v-ike72%CM*w_404jyD=0 zo~&fdo66z-fLX!O;0K!{hselZi)aeLP_4DBc>nmEyaO+rTpPB0x-@I4M&rIvMVwZ- z0$|tu`5y+LA6$_16xk1w;xO7oDX>`R7&u^ZF*1J7sg|tFjv5!t($N-^9YsFlD|n8hN@~2 zvLcyN?K);F$?=D4oEpZOqJQ`98Zc2MVBF=SUKknaf+Q?F{FmE1`dObxetZb(U%p#+Hs_`Q_c!| z+;|*Kz2C>a76`@gVkFS}w9Qyfl)cb})1_snH6$Q8a67*us$D5BO$r)TuJ)Vrk@;!n zlDrRFby?d7nI12BZZlJC(%e{w+c1whhj^rZpgh)OBFpLIN8oKWz8WGaJcx@(n>qfe zXa>p}aR(PqaEgxCZy%7Jer>aR2C?a>>yBih71=V z8EXi1WX!I<^&U1mtb3FB43kjh02RNw6L03qypoPAY$sFV(jgWMUj?lv!Y+0PVO;K! zTRu%WyGh!ea{+2Arome*baM6R2&#>PhS@=%nFJz6gQM;YhR9Fu-`xw2ia5$Uhv{Y{ zbW{62Zq#+5z-M;fg*~&9L+{hZt?xvE$V@IxuxIw7z9)e=o~2&EWx`$T!h!!Sc747c zbF&HcUi~bQKN96b%8rPP4z!y#m9Dmz6aCDeOVaCOR!Em@myjKlv=c_*QfJfGQO`3Z zJH1*~ovQd4kLX4Gq@|qQFjdqpzRgT2S#=TImlz`Li`csNE3)YZu?eBmk)5!@7d-qT z06zc-t(|jM-R*uLGHepxL1v=P$`(*%x|(yyE|TsN_7vP+<3NF=EV|qneTjy$0F$ z_4=t*@sAnsA9iB=(Z*HjOj0R(k$_+j;dPoZH&A!~-6?6+OtG50_j}{WVnellB#Oaj zx6{a<+ajvyOopk>PB3YU9FqK5CAB8`iuP9^Kc2y>uYEfqDUN_b=!PnM&}CMTu_89Q)KTcftW zw<%aL^Mjw2pQ3s32LB{U2@`i*%My@KW}~G(AIJQ~pmK=ISg@gTo2+{Bhng6d_lMId zcEi;DdJDLK^d6hMLtCZONV6z89berc(dn9qGKUM#2?ivn`1yn&8s zugD>{g2_voRouG6z)YC#ZL+RedrI7Q;oJ=2ch##e;%Y5E`|&9HF%RmczOOnS|7Dkw zln|{4OAq5hi!2cOs7m3ZSek>1-k95S)JwO*0^~}{7T~G1+U-WQb8k+m&tv3bUYk;gAQ@jZM<`@V$;t$v#L@F%4SP0`gY&s&qkV~=ISPX z(hjd29;+4{)@sHqN@P?m*Ky1vVJ6^gW2zDYH7J0neOU6z$9KE5bW*GBK?0T^D_O~d z17a4H*$h7_ow6oG3wLLiAs_9kYK-JXt{>EfQ37>ppOm+twy=_=j#tf}gN;1fZO(k! z8>N8#U*stvCNkNpL4Ey^vX%@~?ct{Zn0CEFfLEUuPIqVrQ;AZ6sR-axh&sNv6O$6} zo82z!yh|BZX+w5AsVT#y1cQ8Q3&gW*NeVBoJ@1CcTq7fJrlil`Wrf{YOL* z+F1B9e>`|agVi{(e@W9)u%^e-Kg6NKs^=9r1zgf$U@1J1J_Qo`h__ati+=Kw;0TkW z0x;;1G)X&Oo3cn05YrO&&?7MfOvl{ zh-N!sqyZr`x+L-3Wu4x>de!lq z3J`nWgJssxsyDQKA8jJY0zLLICT%VqAmN4Fq}(vk8KSj|pdqdF96jEP0C|1s=&X`d ztkX0a%ci3s^!7L!6CgWaEmD4VeX#UdL=bIXw0st}kbA$(v%fhMkc4Ta{1w0DYjMm4 zsQv!neZ)ggs?>!iOi*#JzrNmY2wt%4&n3L!CVl3nBQFQw1g8{bumAuFX#e-N_5VSu zzi)(5``e||&Ze}k}h?HacF9wbhjuGxVHhzv=M3$ds-)5=nZ16 z3`tlsVz$*vdhcNBnkN7r7Y4+l&8*Zg?11*!x(!w4cEc^i0Jm=j=vWF!^^AIUpy_y$!Cm> z7*e+{{o3CT)n6CC>3k)e_Ve9lqHI?ee zPSybfk}rHCYq~A{wDfW>hK3+;{ktl8QDw7`X=>FBjya6dpMO0ZI2BDksAQ&vIZ-AhQt7dOQ79#)O8+WJJKR51qU3u{2jE!51 z1L|V++*i1in|T_d7H_i=Tn(~LbJl`3PL!1{!+&QVnVKPzP~}}izNZDJ?=+7KmSYMf z9N(P=u$TsSMd6GU<%GOYUu6hBF>|TRCQ0AW3Y~;Wl4lqEiD#6&`UP9w`Hf_mZhf_^ z_hUoUk=s8)QG{lXV#X(C8vm2fB7YNF#(zR+pU{V>?N1KBv`-LkeCT1-=+pVWOGO1- zVYhFIXl(8V3iK+q{g@Iw*<#0kXUnOsM@om=^S3Seu%Y@l`;nd|de)jf{z;TR=O;N1iP}jNU@P*#ARmQ29eO zUQKV40FqHMWWbD^*Gr^LhByg68&!{g&5pc%Yc}y5G9E7RX3UbK`P&Qs>en6M?BpT> zp|%zBH0YI{Fxsh$+-tU_m28H&tyYgb?hwXRnh!4rbG-?ntV zIkD!4Xl9Nvk7G>h_Rg^ATrYsg3_|-B9Au?$;SO7+I$iN;ns%K7E2^b5AlAdN-!?E8K~%qlSzFoY++& zeyrP|b0T^@3r%PKv8M%*Yvr~wbTj|VZdE9D>#BfQ`x0Bqb?{aPGiEoPR7KL!QSot$ zgr=Ouyf8QxnHnBZn&zglKKA7s*Nas~6uG7zMT3aTh=pFd5K!jnrTd%Q$Pjhm#{h{t z>`NIK`S8bG)18&J@@%*Pr`Zv`%hDg+eWc&8sp~P45r6P+%<6?__$;>xw)PqNyB(&1 zt9#Xd2&RG>85*Rs#t9XaRW|0$q+`|2tE~e#dmjy21?>FPg!7|2ydrZu$rWGrkycWB z530ij!lXb3M;TLsE`r-I{Y2V?54Zxxi6gah{0hjwpiZFzH=&G`R)?nwrU}V0`AFAe z1cw#IH=6N(XcBz=#-o{Dn7*`n{RPY%y9=kd8b>W@Qi9NA57h;1IUDP7(SBAKt3NUM ztb#Dsv348T1H~)`rq*k>Z=N1jr)>uFjz=2`GCMB+I1Y|}8CqW!6Ru;O$A=&AB%u#l zS?2l_h&I9@1G7V*)rGPxz63r9y3={0N(Te5Hr?1(`v#2G!py&2AQprb!+-ia25@Ji z(3M=Mt%quGjeoKfg?YGJDJPLtobq!I4sTOe@u)-Kt6`vVH3?y?#f))VtXT7%icU7p zy($N4x<-UdjNAcVb66E`Dr+*u9^- z1RA--TyFIes3@)B2Kqf89EG($>0jS6zgk(@pH|vnVRA*DF{?OupZIpU|a{Bz4%#as^Oz|))|6|>eR=aYrRb0t*VGI0Jw-F}=i)3-d+r^J+A3(f~lDnJ*j zc17CaEm!FF^eYW??#&U(_e9=bSm&$G&!fjb=;|*dLxx{%-#Z-W;9;%YNqV+`!JMpV z?;3%7;r-;=tDFVi(~`AEuIdzQ(7p1DI}di#X$+y0lO5;{FAl0?VZutXI!?2^4VKgS z_$__i@n;|j(a(m!?6n~}(b^wy8iyf*naQ6L3Khnn^&$OdOwC>QS=w)%4eWcWv>65P zm)$D~3;ES3i?O#}BeR&Ov*eA#|Ah}9(eor7jK;}yk;KN+B`+ulCB4`q#LtRy1H5mp z-ypZ&h{asQz|siBi1mQ%x*;a5||U&f;j6o7-oOWCw5NQP?L+t0b3T zj4tyVSvF7OZ@t$GbHYzg+xhAAepCHMFvNx1sz=2;i%*jdCMqBug8hQzI6qD7!tC=(;xcbe(f@Mu#*e6ZItDpokOJv3!x!)S)a}y*hJS%5 zy}qujppZyOnp?iFPdj|fsYzm67`J~`Cl;TN*XX9pg%zEu!=QPJTiKCRyQHyOl|gu% z0X>A7n1L!FQ-lus`Xf{~4uyXvU#x{5&G)@T+JB&eb9LY%-*&7{{X3Q`9azqpHdOud+&m-nIBf1u>WU&?z#CHz>2<=FWvb`tvd zV}LMb!z-2ZfP1K0<^~=%I|EejFYdvwJ8`Ut22~}mf<=aL_sdbwH%1BihW{}({y!I@ zq`R}61ItZox?2cN${+>q?&VgfM$!CbU ztnIeY%;H9S8wt)jds$hny~!dY)$bb5V@C(kZv)H?*O3@3_s%d)g-lGY+sz4ZpR)~s z`a#OU_)((KuJ;A`ST{o)Sw}w9Rq|K5lbcxQM8P-0rE(aV2d4uhX5}uRWQy4Qx9Gz@ zDdSS*4l2-P5UYT|pb(6+bh?7}qPEG0~2`M1_+8L0lt;utK{F&dQ`Xl}FhUL%OV9wR6@!Ztsz8Z1~ zxdcNF?RaV0LJlfs1b*|jVQLN%mNij33-7uFv=ZmeSbFxh$5knd$2RC~z_Y;^=80{x zKRDzKBBN6xBHoHnJedSjU@=4zH{fODA5Z@^6K7Z{?o0ny?G=(Vmf&1zTOnXl9e3|jM_XwTyFCZ7 z{6@F$9VWqxPuNngQ)+Ep9tTf8AvWu`qL0dbenGgjlnY7Rj%r zCe7R~9*(YUOU>J_%!kzPm|JU5we~G!rSWUXf33G0voTZ9nRk%w!4^1j&v=vUG|OF= z%&6~}IVXd)9oAtH-4o~@8alwLzV{R2sO@5LUeg^`nB}Gt=`W6%ceJn@|EbabK2 z_!!t&?%n1Dyzkt@O?h5nT(7jdo=<7_9lw~U6?aiYs?J;!#f@PqehU!{ja3)vQ6BkH#oI9TZ6dkdHO(^}tNRca;=-9>jA^Fo` zTu8_EJ1WdXUBg3HJ&J8B@Qza_O{+3SNH`S>Si|TOldHBmWv%1YrzV>Z;yhYWBP4|7 z+S?Oy-^26ilK8hX-v}H|)I^-9MKy>nu8^sDC>e8ev&~n` z@OmdHg*e<|&hlw4K}ZZ<)1;wXIpX{G`JPNx3dTrcBqdd%R>=a>>~8(h;TpVEr|RdL zZtuL8;$F+E4?WJ`7YGJuUhy}U0o@YcC0p%rk9BW6VkKz|%kw~~bcMD7`K{`EJ z5j`IhBi)HrXvw?*>O~k*+E2py?BSSQ(sE_F3UuN#;Z#|_Z1a9CuZh4~cO(z&@;Co# z?J!ckeQ@hq;<{?UAO}$*V810FUq6K?p%qXL+!>TEzTu9`rgdIZDDc39XCxq-agMIT zj0fudSGN;#f2?QC(^O8jIjQy6iGDggSg)|Ei^w$B{K71%WYo5d@6~f=gCya5sgd5u zUvB8|-ZEfS2{o&K3v}DIcLH6~B5BibJyUQ*v$7wjbpjP;7dD!?fn%0IWGNOEd9L$N zI>UTHozPIefH1d^ON4kdKf^?b4Fe>#t;}rJI8dH(-thS6;vmDd-}i^JhUJR(Q^~b< zxiZ@3_8()D^V%HXS*o^V{h6%JYl_((m^nG=$Yu_EEptUt!8)4cyN`i;8q?cds$9RyhlNVcQV8-_0)|qC$k zq5Mr{%U3v4pWe9czjqbz&&MHZw?PC^7MRTR?k2`C>O~R-=k$L+307-b{X(?j5ie0# z+am?nnv73BMns5ft3OW#3HGGFPloLlVtQz_^xkmLB~2awdh+@wsHskc4t?jRHGk4(c*V24yXpQw_QJq%u32sdR`I?!0&~&QDh-K5w z3s#$(8@Nuw%|YE2zGvT;rcns6xvO6mkLqdVqKT;+@F~EPgueFDX;f!O?Mp@SD*8Fe zJOioe^RZ0LaS3mE7%E+l$^A_*uitgLX z-q|$3S?M%H(~|P&4+lI=3a+Ea!c^ zg-Xt%%F_KLlt<>ScoJKoTr9tfHj3E(EKX?u_l2CBp#7oE#o<-io7rceWC3;Z3?%=U zc^Qsr<50(|HR?dxb#1!Ih#`)vZi73^%NsS6Fm@&F8IKmKmHi+X$ z-fpxT$)7HhpS5;XHo)Y=Nubrkx47t*W9p#OJ z*3V^=AMTC?oR|aJ?}&%5&HQRel`|@S^4}uQ{2UAY!}qZxX6XVb7Yh!Cmcc~p_+>~1 zEU;+X8J>IIqyg>DCo+}t#;iq5ge8XkZ~+$+P&#UclBY-(Qa-H}tyLAWT_g=GzQX#UxwmBNx{~RVl)5$6KAY>>zkM!%CCT(w zAif}JkP4@woLpw%MwyH=`Ag3bUtzm*{hLAiHKqLw`vRWpb{h0gJQD-K}d8Ck8&--JZM)3x7uy>)+7 zUeEvgzX1kT|BoAz7ra5n34CAfpaE~%3JhU&9QbAx?WMOSDGk)rlFl)?;|8JHE?sZO z#)}vBn_jph$mHDzSs(^M8{Z#O?y3^SclEa_RI;JWJrzS5KevM#7+r9O^Dmbtjx;mO z9j^W5krCDS%Ohj7Pb>r_9b~PedkpG}Kv15=&a@pc^PVBw^0=6XV*! zyUA|Fpkzy#D}E}P&V{55DK<+l*rBm6am_q&i8Eh*tf2-%h31{7%MP!kreS}mg}hBh z&-q9D44WKA{J+{~Lf~!ZzmsO8XpdmMVYITy)g>ot&%$3t73LgOZ4~K8F*UZM(B!-M zx5SaV2`cdl+NVs}Qai&78Bt}0PPnm=KMt81WBF6=*m*yF*3q$CKIED}@49-P=jTQ= zgGsb#%K@7tQ$1xND@vta&p8IHQ7>-Wosx|t)iyhMW^Dl!aIZ(C=&M~RmL#Y;m zHb=&iT6f4lV^oT-Zhb|GMpLZ^cUh{Lj+0y|nBzQ7`6IkfQ{QP9SYM1;cN%O+IoUimHsIb{)_Ww0_D8%U+rAu(e&T) z#q{9di$8FTrcSg9t9Q(d*K$x*cOZci^!QqKVB+eZ3R7&e3df z)7QYHrrYz_Y>z9}TlA%}rDBYEoc+h;fnrd-)#U8^3zT=RUC)d2o9j9d)8J&W&Q@P6 z8v|9^MK3xa#}8N5=l~Ut46HLd+I&u;tB`jCXGsBNt|`Jgc+GLJZrpFGgN49cIXhuG z0An*hy!&4G<=;#>J+8nfyezuO^qAy#YxI);{r@yy Date: Tue, 17 Nov 2020 11:14:50 +0800 Subject: [PATCH 44/85] CI_125045_credential-guard-manage update image credguard-msinfo32 --- .../images/credguard-msinfo32.png | Bin 10553 -> 144583 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png b/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png index ab3994789e2193b21c644468ee7b1a5720b9e13b..46f838c8d2f1e6c3db9e51fd95c1bc4d97fbcdee 100644 GIT binary patch literal 144583 zcmZs?WmH>Hw*`t@A-EQYVl5EdCAbwRQi{8~ySuwP!CDFw*PzASrMLzuQi9v#yWhRz zy&o@QoFr$QF_OL4UVE*%=9)WNRaq7bgA4->4h~CRPD%|94srkOdpH`x+j~7^lI-mR z-c?Oj0;qC03?@JxLzlw(_LyZbViyXDk{L?VA$=2{!-V;8a#r} z@^R%1ac@?Q0EEgPRLi{)I~aw%owUc0b&=Y$%`p;oj?7hp-I#anmdadZS6s3&xc;Mlv!e=X;Ki`n z;I(h+mj6=&?tiBZ+%_Z*{QdAi6@mEYhOR%5+YkJJv(e9212S@Q3WB3RReGSF?%aES z87SP9ef%eT?jG@__388fnC!oHlf0-MTI!B%=ZHJQ#&~tOsAZ@s*l&Nq3X;q}IeyWD!E z(YcT8$vP}{LfdRb*iPCPMmxWVAI9k-B<;IJ*g0Vm3A<%_+&-o5j2)T3rT!Co(GT~- zevLvo(}iE_;9VM;lD^_mrImtyLq30-~v z0)8sC3W}I7nRTa+sM=bkaZx(v;s5+ip3U;SCrQFASxV_RXj6?-iSu z^#^B$KnkE;JK6&rybi)Mmnw@AVxeHQ0rrXsHFmqE#&@+MK?w&zda;<=VBX*zxpgBxG!gGocdHJaVN=l53tp8Igm+{0wLkY_gh0 z$AHX6B)oAFHy;taAkhf2x%J*WKFVoO{M_?rJ~CH0TEuyq`R?g4weJM}vdCSGap(+B zDnrG=J|rlJm=4@RTS3{?I55HL;OSz^l0E@dH~#8aBQ;y2RaF;cD5)S-)R^!(!Dk0V zu248&Zq~?v)r{vuSl91L(ViDKAWJ`D5CBON9rYr5w@4Dl=z$z6&yTHuS8vjl^Ix~3 zLKXYH)EfXqjl)H_>d#`~kw^dVV@Pv~a?N*m!}xot8brq)?jwT0^bMw{nL@Qf=qECT zw!(gRfI{+!nF+@)O*%L6Id>G?NGO*<D&o>-r#espTnfS;j8Hj4?pmYr!76e<2) zit3ktfJCsYldTlY^w{OZkD{SlH87AyDKDKu#*bx2Ve&4_gq#sgFa8O+s7+AfPFW2HG;tU#uHr@f-^84V3)uo>kSbM6y@=P%=QWGkHoLH5J zn>#o+x_^-HU&4wQS352M!@g2}>-?5R^;R%Jk{f8Qa?cLS_wrsOD0jq4T4KaLqz z+f!j|0pI_ELKm3|oY|t+iRMSjN`ycl;o;%_{{9!&K{Pr|?$(5rIP(B1_jDVPcfo?`WYbfQaXOPZPl^J?a<&!b;^-NVynByhb7#5&I zNY#3{$GcQSIJCsfSyt0FoIE-rU*W^GLg9v=ByE(!iOz$g-V={N?RdiAwUSxlv@=k) z)9C>-;*=1;6TBcFnp1LuI7TxcvsyLb8FH)d?+*l@YgvjBYEK zRWrDq^biS1*{I%pVDpdc$4LC3>KjMwxuY4#MNu(m;D&JBn zYXjUxPHZgv9-7u{1&-Q~@0U;_WqS3cS5eCmm;_j*htVG(W>$l^qn_&M5rQJCoBh3| zh~(oPBO@dA_4Rdi9Q-J>fGsC}C(PqpBT-H=#5KFt(Y$+)ga77>C)D2Cf9^%YWo2b8 zj+-a|)J&4yx+aL{^9>lbHrrNazvaS@@`-d7&YD5KElyNi=F;6B9H|1G%dBRapfMd$ zb@fR^Ed@H1Y&o}HL}v-&f0lKh=UXwTuk7?S{E#kLpwJeQ5!Du@^bu*8G=vwB(%8hrMZxA_dHxfApcWHIzK8#$#|+OU91ZisclE0~R9!2aFa&1WoJRUq z1?+zzSVNc!@s}b}ZZCq6ydf2|_#5XNBgguEwZ_kK<+EEo&@Y0Og(1^S(k5)2i?%X}dSG+;~xiAhHEvWT8A6WsnJkVThx7;{>sRD90tw#{Vu-vLFMN94V5`6@kj^2IALw2I&w9zZ~4=M^&b?8EC@Cr@;Q#nEz*HYt_ zMiJtF5ZsPY2}PLy>6JUlCeRWM0?(J^<)g9lJuz`PucfiuF7RPFd#+;g@d5c7E1t;- z_J`O-mIf#ot{jr39zv zgt#~a=9jwLTcwOx6siiz$ef$&{hd1W7;r9E@~#(nfWZ>QzaS0ZgX^lvmyO_=?dSo4 zW~r!Do9wIxpaA#s0_Xgnjm?EYV|$S1;Gj%io*tV4XSbnt(-?j*kAdlBnvR0}F<})jO|Crok{P1Mwro(4o0UyjSdb5I0mp{uhM1OM`Xl{5d!w8WUxc-P zf*p*2fIoL`7sF(?BJpWQ6oDRlb*y%n_!L?R%E*ZvNJy%VJv%iHRAT0fIu1wxN`N{0fczg=gk^WfW9} z1ZX|%2$?~~$MpVh4iP9Z4Zeh20DM-_E#DBJPc;jp=)^sg)9wZ;D`+}x_?;Opya zXh_9%9b`Xd#@Sk`$|T;v%E}7LTUc0FU0t1=oD7Y(fs5*HXh2MDX>0Q~Ha7P5CRHP? z{cr7bL503Kwj`f&dUWLM=4NMaA6`5D@G#bn(w!96HS-~^s7Ajdo20OB(_94`%V%|^ zbVw@v-Yf9mA8ciEq35f@*E9APs@I{J23`;@vtq2Rr^DK~f?{EA4$3GSezZCs-c^15 zfM4&%&1C$^hl<3)yM?L1%cDrDaAahaPKue~w7$P0W3I%puI~tFCFiML-PBFD*U0Bn@q9SyAyT?5uYII%k=vZYLyDZr@w{)mov5c6n1ADZ25%+7+6>@ zDz8UkuidXxuT%Gm8B2~CxA98IVMFEn#0^NaTXTq#e*<35WD^2zwq?6TU2nX+@BilK zvnI=N3JFnBW#W*&SlXp61Y;NM7As8;H+3cQgqOe}L$1z61&^_vZ#iPXu zd!L@lQu%uycS^hK$HJ*6`%c#BOF$iu?f*0m5M8$2~Pzg&=%G(Q*W0VTr}Y$DUc)L@l?`%k=uM-yaf?tiPUamNqb zr50(Rm~WB6d__x`HLt~DX-0KHJ@%b#0$V|}wf3i)Ux8Mi_?b%XKYwIUwUP4j9~k5B zj(VvPrCtN(nwXgA>FG`83t5_*yPqtwZte6mUtL}4>+ART_fJeruzvbPOG}%zpLl$1 zBPJ%6mDn>6E-9h5x3fFFzdEE@jepM<1ePRk(!o-qPy-bZv*`uh0RR9TS5s3&m-2nS z|EZa_#W1=uYw?ll>gy3u7`V7n$M*ZO-+uftUGw|O(ybKP_ZSz~cTUbOhmPkSJoACD zt3vGpf$OL3(3j@Px9AFm&IjJ@TWV{a#ZA~bEr&Fgnh~Q8U2fz4N~5LR9GMiQrB8$O zBXqs|Te+HCYz{8iAYPcFPH3s>$Yb2AaWoY4KJfU0&Zb_|`6x8vxvDKx;pUvwGJr?SK zrFppeZl6Kw4>DGZTOe5Rwd?Ep_V(3fYWGi1CT3D=O;u%*q4@a}h`yidQ0VASCypPN zQo)E08GC%Z^9CQ;6s9I~^K?TTpwLq+70hYAR4 zPOaj#jq&w!$4Ie!6Cta*$oqHwpJocws=i>yH%c+ynH`pj1in1IW!sgNm8Pa9o$8FC z-Smu%hsQT^#{cnXuHyRox}l)~3k$0U#Q^dXe$-^Ta?~*`tFQyOyx!gQE8udzZ1eSO zEHCY8k7mTRCuBaxK+{r!(F$j#(nKe6xq}jB73b0kwQu0$c`s(dRa#wL{T5y0xZwQOnY#W%p1tuY#uvo+yIkWlqK2p^$f#D%=tFfv zo(^qoZP&NA{bdISi+vxLP&brqu?SS6kWr;ee={mBcTPT_j5S!+n47bB`K4*7i1_Oq zZtZO@i_&U+@tI9ZO+K@8kaESorieS*AEMe>MtxfJbUR*r(G`)BSq=ATtXy@c)V*BFZ5w*IS zoaJKyf~h!P?ku14S@rk_BwuNiR`$s_kR&%ZFDjBO3=seB!;g?Y6GO-DnhYWZaEa5A zou^_@uCLsDlR4YYkt+Kdbp=yf#+GHpZ)9JjPk`DYPG^N$ZdLk~wQv5%FiY%@RN@`D zWd5M-h10ywbrC=-R!z-W4`onmC_Pe5#Ps@t^UGRxMIvR4_oq>D4UtYukDI5by`K`5 zZcW!t%^td0-@-w~Ls%!VRh9|)t-cK!q4F%}nYuZDuy3Zs^;_+v^^`0u9tgwr8tNuT z<)-ZItUjQTC=XIu1~uj0^k-dEpv1kLAD*~*CDsl-AQwJBPo`cj5y!X=3fK%Tokwa< za=+=p|2{dR5)3$nog6kXB}?31tlCG$@|x1^j#YiMR4Mp(b(x=6h|JefUO)N-Ys++R zQs5~d!Sz2)oe~lfDju(E=|5B{WM*SqSzG7=ZnnA8 z0Vw2LQ?ipR_o>?Z-`e_0+0BBj#lt7o>Yhe-*DIsC8>hU0`XB!v7dMTK!vY_*8&t@a zzxx7Gh_5PZa7{HZpfnPr?t^qB_DhzueC2cRd6~~qeeF@D3KURTUYWLYo#|{SPM=j} zK?gitAA#G|89%iP${hKRwWr<5SqfE^t;j3Xn%n;rTv?_c8jR%^Rx7jiSx-yPBiy4n zwcB;so7*+05lwo9?aha~9u|HT>E+PWQTUOXItPO_Dpw#TmOvWlxP^aiDbPd?Nvpko zgO<9|TCwY)i24x7^QU~#$CdMf<`y<|FKy#!Yxp|Xjt-NUoxc~XD%pqohU(UCtn4=S zDuucfxus4`fT7;-;n88(&5eP9!N$6=z>44o6ANL3m(lOXV;y_;ZwsB)#`2n<*AbDW z%b1z1_xT*1T6n{Bb&CrMMz)h(63~u6rdlD<(tcuL{dnH4I-dH`+y3vh_0grlMvZ9K znPK2_S!n3`>gwRZfrq5Ot&wwr$#rV5{*QHc}%_YV*7w*ERg9=bfu z4=i0%AVdo?aWn9Ic$dmDW6CTi(bR%_dPGQ;+TADVryqrnRQ7?nOm84N=U7EPE*cYU zQgQOE(jNR)epLCY>cCbU1I?|?&xy%w&rh!wE*sECw7IT6PO#=@WZFkYMC_}P`l|;Q zXnc?G>G;WBP+R+*VF3?K6Z_nt%gMMgFby)|Tz5GxH%$0z4-=xDrRUV#1j#6zu&mV* zZ8bGD-&~s?z$~6m%S+mV=G!a#>SAA9M_+0mJazmBw43x)J|f<=)3S>m4cCgvVV@*YZG&*et`*SDN(3@kbv4_U_DuB%})Aa5oSkvx8%&iP*q zGey?3lu5dfXa~1*Vzo{r;u6+}R_*3%S^W$6>TusblbpR{>sdpThA>e!&!W_m_zqne zEfJ^QL)U?&X?HN@%;ae{k~ zd%`zxZ*Fe>mcPJYu-sQjfQ1b&m+1P$!XHuK^vs{7{k#3m=lvykP*^Z=sUZ**K25pJ8VUcuw!G z%I!#vtdJGguv@)@t=<%H^M4ZMWsr{2Lx43B9o^`()*9L@R-5w{164Wk^giN&OKn1> zY?G8fV=)ZK-gmSOAw^6=D2f|bcN$@aPq(j^*L4lb8#HVi#R-(~gqpQTYMLtNNdxA& zT?L>A=lDi&`4<%c*0+2ib^R|11sdQC;p$FDM{5Bg-my(wZ-M*63gUO3gwrO1n3wMC z#F-s@ic+1`y5?H!c^$35Zj6aa4ID6?x_O!B*`_ZHHWKUW`EhB3UA|v`+)`cSi ziOc5HQg;)TO!E6osP~F;`$V}$&P;I&2n1p#J-VtI!$6>-r0Q@xnoS**g*|_2|1m2> z*_@z{=wFrlo{gB*(SX$;&3Pd0=I}eJ{}gC?|nwDWHiox$kBo;uWv4s@I81`3>?m#-|cYWL;CqLm)r$I zm14dFKYz6-E_8&B;=NmlLf`zt{NK*p3#M~aZU5n;pT3GQi{9ewY+6bR5gvJVM#|>Q zYGf-o1INx$`tE)(G91y+(b3Mm-np{I3+1ayEGhN8#*%K1&|;TWXx??$u@0y`7P1dD z;=8!czBImaJ>*PDLFsrrPuqw=i(C6+gowLm_b;@w4-q2i>3NfpnfZpM95=h(ib#jG zR(J+i2M1;FOj<@pL`1~m!oo}W!O&uM%n|ZhqtuRURJNHIr;* zTCrw!q9m8w54;^$Up09q)Mkg5W+VYKt~>G)w4*VJP2FD3zpCG5`%)|{FP~6lT|Al3 z&5rI&{L!KVhw$RAPkK{eMarNK!KaZsY`!OpdKbYlNCqA_Em3t=g($eAKO$+OzkqYq-f0rxYsF64NfdKU5Zl`m3PjN^kQAMTN z(eeJ95Q5>RYJXIP#j%ixN{%Ma0*1R+xu;cz;?}`2nLO#Bw-w*Zuu{asVS2*WBQsg_G08 zL@wVO{j{;MvA(|kiOAO3+1bU##cHb>9PY1U<8k$;#U4@ee*3#@;JvoNeyBZp)p$3d z@rnA&zx|YNtu5m&qK>%*8KG4pf7=$AR00iUml7Vz)58aLY^4h}3|h`ILXq=yvs&uv zClwSA9nQq{R|}U4o{#5aS8qhJ0e-|G0ki@>JEbzLyQgj6bo?Hw3^!QYICzA49y|nD zSSI>E)>nCIQ15KEx(_T)K6y`o3pQ>ZB9p|E2VS*C?i&G`o6_+(sXzS>Qav$O2ebJhuk=c?Do zZX_gz+B%J%?jvz%l5UyaH!^+Q!ou8qsGU9fzsnByzk;ey(Jx(- zzO%IpRsw@94l`;EK05z$_50UqbNY9>Z+`w1dhzFM@@{(TG_7@&IMG0)*2%M8=;8iw zR}$QD;@edN;-DF^^3T6f3aZuBZ`a65?X|3JX_^1?M{v)K7(qRf1}U!d_|nz(V~aXs!jvz6BWf>`Km{9=`pjm@@1Wkz*hx}#f{YmaV?c!jz)_9RT4kx({%K{ z=V$B1#4C6-USVRzA_Z!m@n|M zFcP)Jgw05GXJ&tnAcT#9@uR8=u?z5%LWw?)`K_+riDiFzsC|9t#}<29cxw&)+xt(K zr!D(_yj1C(>xqhTp`fERh1u@5<;hEHwYJ2U-Ov6nL~NNNYYpdX$ButLqbERIA4M}G zn{%fC@eE-y1y2u9St>uTo!`+Vvv|!(*j|fPNPRu8P~i4_-L4@r z%Ds-R?i-hXepdhZh?<%@3z{{RRS^>M))4;rRRO3_wO`F9jeO^S(~COPE$DGGUKSFP zqMtwzvwO8Ky)-&mz<)L37#xJDZbEupmFvNfDcPU_hy}lrwY7TU^L8sc(_C6JMYnQXJtWvRN7d3i!jsNuVptF z`aQ_M@hHRM?B>*lV*Y-xhD7!}(c{CvCbs4W$55aUM?+m_I!<~@x*GKk)AaPT`X5`} znQdbg%JodNTOtcayxmmgeBsRe^zOD^wc*RvC9E2@f@It}iQu&2qwyU?_@>k-0SE zI&&a3&L|mWcLE@eTt~m)n_(MXvR<}sJu4x|uNS5e0=D#Z#aFH*=*T-;a{S4b9h&gg zAq-{qIDiejRU7LR$;m(Gu1@}6=#IDP-OXHY&pFtESfvP)a6_U;L1=ZHH^ zxudD^7pDk#0En&vi1U;r;3<^ylHxH`0t&)NEk=kB{b6X;rniskyVeGpNVd zl(X$?S$3fg)auOchpl#wzP91o#)?^$CX###9UYzcVlYXpR7qQ#K(T6Td;1%MIJ2<8 zBP_i3_F7zQZfcUYX;dp{1VawL=&$$O(Koa1eR5#O@akDAMp1lD{fvkx;>x8%+H1Iy zKBgf~?A}UL*`mjEc5?iN$Ny51Zz&F_%A>U^3-NG4+S;OTo}kPUKeF<({_Ku$h?FgU z!AK`!B>`9O(U&nU9a{1o5NB8%tmdw^3q24M@j4+m`&dx~J9%1obb=e&y0))JkNak4 z`_9e)ARL5XD`(@Ty5gqe%d5H>YgUL{x%zN1hn8i0gB6R^cAVhVM~ju! zzI)lZ)HGQ__j5B25(-#}h+QJW6fh0-^z7^%j{cs0)79Dg>j3u5Id0l@d^|A_$;~F$ zE_fq^3r*WytSvsXX(Y4w$WtMGO$~*JAWX9T+Yi%Y%UxQT5#k4iFwby(EMhOA-Cfn` z2o~w<)G|BdxmtyLcAeM7W;$WW>>)L|>OgR}- z#6tUQZ%?uK6;Q_^ua^*(owcdX{(qqR@{KjTiW>|ptOXa%m|z;p;vVtCy5vRB^>85d zlq8fuPAU7D5AgUS2TvNP zY`gFjOR@JXS$}aJryB=sEJ0qydpteR6M`pBvdA$9pZB4OrBZ@;d*yEqBXL+pO*0Ip z4(1;Pre{z)XCr7a(Xg7K63&)%m|?LX`Y5(4NLmGH^&#VlIO2x&$}?!W0pO3zRHwx_ zi`pf>LJ`o4WH58f%YD=$=a{KUsw!rvg(f>A$%B;<;MFUcSyyub(a?B0XsJ}pcPF*t z>Ekc&OImtn%|S@4Ws4WoTKMMMT1F4;RN9WNd^p6~wicFptQNBvU>I?f~}o74aCa@`Ere=#b#} zMWqs@Md16XmMS8F5Kb#MEsO&8he<(%n*F| zvZKQRxF62eWQ&sCv}B$;!dVJ?I?@%GA=J@<^RvS8X`-}84Tt+e;(#vRAyY)_hBr@c z6z81d7&1KEd>q^)sh<^77k$Un$4W7PFgLBy8RrATGoL1>CHC~dIp0p5(4+KNo ze4bN{!-r5H&lCa2b~iKwD@}o=j9JL*og0VSJA9k)ukYluCKLyodY+54D(S^pNbb?o z2=XI^X?oyyg)4hZi+u5!I@DN9zO^c_&FoAw51VqJxRFsn(c87572+j#P=rw}rle+W zPcw@>AMc0t4&7jkB1AF@9P`)ZH^tHXGF1!{If9O!<(;5TSWt2FTW44Y_V^yt-6sj0 zg{i$n3WEtE&0>-fKI_sdRG{8c?pK#w!&%WxyA&xjLQS=P%f5;;A18&z^`A!26O`P+ z?B-*e6mYH3nWCua!<4XW;;5Mfn1Bcjx5sNz0~7VsV&|2WXnaVC!%@p+1MW;{+(~sZ zO2Clps{gA!LIMo&sxLPWPf)j$uz)$JK=a3sCz!7haLyYIiFHk#ae&Lj&8t~!!V=)UYjAf9{eJRQ-zNA&VZ`Fco83}u0H2b z5DO6TCvE8vf-dGyj`{NJ>v8i2WUAVOV8RfP86>Q@ou?>0xj63FX-& z8=LYQ)4}JkhM-?P*xghQ=tVPy|6jY@Z%1x8K2V^*Wur#$)B2iXDm8jq?B-Lfhyue7X(SCt54*3`n2>YQ-CM0XO4^B0s*I38rSC zxE@jai2)8#hENZ0LUEyE0p#T*!-QS5LrBAdezdcgT3Fm%MkPQ$iedQF1<>+Puoo(P zPB1!b$&vn1#w&9ajRaSr3hs}l}D-wZ?A{JGdmtmS+F#9f~K#jgnUO$cZ)f@xS``x%w`B<>a& zzK8rN>jE{18qK0=%DBkB>kYr1<36Sy7WVR$%nZem87IUO$G>g}$%vy`^^@w@@)beC zdv1adoek z+lfdCyCe~ij*7)MQ-=l@xS`HnO)s6p`-f+{MWxNXgO!3*tQtvtNIKyo5qXNItu*Ps z&m1)h=EE~vGXyephH|6^ju7zvm!4&Ow{>C~7xRkiM?veyu5NjXg%ABho(*>xhzU5n z8tS*|yP3$k^m;w<3~Gb<7sBz2ZyPnd6e~UwTjw~qDF<*H2G-UqiAHjYwmwXtF#$dg zS;G;(Nky~AlxR)k5W8OTw~L}~J3le(KY9_*dF|kIy`_@3P4eMs8v3jZHt%0>HCSe?&5&Oj*g-k*q_7LEHJ223gw#$J*b?njST)z$P^)#S1WmUmVSMH zaB{wqc0REE^Mz@8faEjD^Z5nG)vE~bFpwWOQ>2~c6jjUhN;7Tt3^aUA{?}b~4*H67 zb9u&c_3V`Q42RyE6ewmGX%yG9{OA}NN{jPZ3{5Hed{-!AirCj8m_`3|CCgqZMs!nv`h5tQ+86=Q9e3gvZF(#zR@uPCvc7&-~e%<^(0-}OG||AwLe z?C(4B`<~&(_0A#}crC%0eW4F5FL@_XDAw2oc-tgVPUxc9L1eCCU&Y*Za+k%>(c||^xZDg+ z8I2#zUrCTr+$iFcv-Sq%Hqk35100wRI-=Yv`n62`P~t6+v>g? zzPn!6=7;0xc{UvlH*H_CTET%<;Vdx`vLNeASZ-5|A_*pp;FARhjElJz2;6<~s`Yqm zBXu=G5)$U!&=(;HMp*|9T1dg?gTXUY7lcy0H|3Wf{gFnt5y)r77d8{GCN8Gn3H_O# z;5MW~?QZuikNf5kcz~?*qlc;#n?ezCP!jYZGwC5Q=zc%Y0CZ_g8H{4#R(^>0&dIsxr&FhXr2H=^K?nCS3dg*zfZ zMw-{>Dz_ic?6ANCOpL)f*ax|KLp-S<$#&zT0L#hQI;$eOgU-72tx)tqE-0El4<+a8 z^o+0jD+8c}qTTH-?~?lgHG2-PFYw_Mg!J%7s5gL|`o%M3@(}VLrQ_4dTcq7S><6Cn znKxE{b)2R~Dd#=2H`?HhF{lk450z6<;CR>9dwb(!uGEDh=% z#-T4;AcJjT0Bs_A7MOIEq>~k38EUHh7wO(%!g5uMBS)EmB^6{Rjj97k4F9hcZ7qy zjY*aJa}mh=1WQ36VVqXqP{$Rd+32GXyUikp#Y4>vrGMg^o|rWIu4?O?lJdPsM3o#V zwBR@4F!QWLZyII}s(uh{(F6Z;Gz(k~WeSNp2d-*>Pqi|5aZ8nLS7BxO9RZy&?hx#{GhN$w(i!-XJ z@>DCtzDdhWw^P2p8QU6JqJ+=>`~3JA^}fq6UNo($I14OARuF(mO@|%kchnBO7ED5s z0UUb}!cf<9k^a6fKHLOZL)V+&+C4GTR6m6nheo`2!%9g|-4Y&tFG!}@eUuqR6@EF?qw1(>LgPiru7E+YsCa{%a2cWbY$;bwtot7y2$&-=i+95C zKEEA~k#a;Xhp9!Q5h9(UP8iQGLxV&SB@q@T#lIgd!SxE@CZJG;&rA`@mRZsJB!z0c z)xlIn9xR~|Nu$%6?Ti|gT}e3fGpZ!RiA-q{ku$j>&|9n%CS*`0)^r0WL;)UxK>Qnn zMx=*H#5ic1P39cEOcxP?_!)teD;_`x7(`Pikdu$agaje1`#l!1Pg_!-J!V=36}Fw* zl<3WjBYV5)gntu1j7#Y^pZHlfjI#{1>RX> z6-l$RBCl7bfoo*@REy+`n9bCR4MNq69E@6_TbQfp;Q5~4zzkniNu|(o^v0M72Ysj= z4EX>zCrT+4hrYK=j%K8E##AR=ud+Dl2eLEFMNOrvQqq{ zG_rJM^z0IOR7C9K5c=R@*zd^Ni*UHl?`Bh-GE}!Y!^sC}+JhXDq$RP_Lv)Y`*@l3y zv%_Z&bIc;aI7Nvh>~a0+AYlGBLVgk(z5-(1mkFq67n%AfQ@(1IOzmE13K~hg4_0uh z6|{J~Xvb~+$d9QkL#=3hnraja?9MD+EKVd#omz|nTHy7Fk-)k^k0W9sEQOz$4#de1 zm`VS}9Bv^yieFM`ELUQsq&=;wYCrtB>MQhG!N-CrX&xxy=0lhe2hc}&3azJRejZjH zPG^%$uss5l{Y63g#YK<@LVW*hTq=V?SD2C_r=CjY6C{~ROA%3Ctuw&HFX98qhwl`j z;3@*~N!SP)Dg-y8K^Vd})=*7JO-Cgp0a*G9_I|86L3D8msOkww?&GO3d|GWf0#K&lFg5x8Rta%yXSonNAiNCW zY20|_U+boX6fo@;LCJtoG$uk3KX44RfPf1(7-67~VPZ7``5+K%6`>kqucTCcC7twc z8dt!|OQ(%`AjANK(Z(S_mlG~26SqACvbMo#!69LSXUSO0&d> zO|r;oyhH2*33kG^c)5{*R}=}M8S-pDU0FL>xy-3_w-$L-7J0Mj6Qwdpm{_wK#wpJS{4ij*%JaP=+kTL;%qsL@QH{r+Hu0 zzwgHu%Z_@6W<8TTzb%}FgN5=HNg){Fiz7(K%D5WvsqQP7ND+4iWFD*(hIeERW#Gwz zr*=@~UJp{G(GZv)tGqrE4Z$W%vQI*GK|-tq+w)fXiZu7{OxD^>%aB8$xRu{EFrG*r z5VM%P9GFmt#jzNItl{^x#g%(@rhCNQL&uUx(1i12@hY(|sGAHB$x|IT+%&7c*aRu{ zd;Tho0&>_(Y;!_1kcMznBYbjn`#CgF$1&uB;H8OT_kWH!6Io)DVf&ORX~FDj0uE(LHsP*EMo4x}6wy1A7Jp?T#48$eqZ|}h zAvlPoj1sj+kiRe}b=&Wi4jMrsCf%NCaI^Y@p1w0`zNJ}2SN^b72;DbHDK(5uJRm7E ziESoY=^#(*mI;paph2bQDg}wYN2`ofmOh|JSMK|;hhPk39vBqfP8E1Njv2CH8{0_- z?2YS35jJ?28k_(pI}VR@x5ZMdYn)PakCk*pQ%Bi})GpaWGflmL^n@~u`HL(+*n$m6 z`qn@$7ng-AE=H@9iIF38L;OX@9a)6CRpnaP zC;y#tGrX@@9vB~^7Hu?5`--B8b%%ZuM-@p?!&S9HEZbSVb-?4pfvBcpFCK`$n?) zE}WkA)KMVMFLA-T%hQ0M`|>Zg@>~C+(D6A}D67wk4vk4p2K0(Sp@V$?#EYb|#ucpa zlQL?ss{@VPKqs_+!UeT!B;gxtBIw02F;SWjbn@BWmqv1KsbY1pU6J^<+ZR1Fs>cJ0 zgwV+>IpgV7M2$eFmDI!D6%VI7#myeeo*-a;^`|_?5pUN?VS0iWU{Z z$sk}|Hc*w&8>y;~o(VNT)|c;z0?jQ1DJwR$BI!{KC!U$WHHx7{{E&$Scp$LaOn;8F zz-MA`dJw0N0xjV!=!a&w6WCbLNMfIT@L^_a?FmDBz&l_Bu|M}T_9m@_X&}|41r-}F z8pdr46%9F)z<}D+JV<-+B?jemh~cUxYCa>_)flAr4??5LRhxly(|xaDMg%8}*x*)% zC+-V~pFYZ3Qp;yJVksh}G2seq?;8|_GMuyO?rJY5k>}&xBT^2XNmZI>rV>mR3tSzx zB@FYPB^nMjSMI90kS`yAjX4NwXxupA*32{w4+x^2DXP>}AqZ{!qPW}nt6w+S)$Qiz zH{K4=k>)RF7;yr3hWBRJ;ZP|iKH*E?xdp{C$CFnQ^e-*wl!2H~{`4=Y3&*VL8U(1i zm7Okz4v4UQo|7k+BL}dM%Y|UrM8ME=Y=^etmK)XLLxtm-(`|98$`lbq-UUPud65ie zGDI?Jt$ERIs0T*}Yh=lw?#FQ8{`mBRU2U`oZH5fDnv(`Gp6FD>EK!Lwk1GcUD36rI zH|<;rza_i}Mj%D|O?HG5{7}ghuh7|+lAEJvaBrfEgn|YW%VMqs>e$ItWpNwB$BcKv zC9~m>!kHFuqn3fE_rxnus$;5(v4Ye~+Bx9wkj#F-|3O5C_9$BsqJ$eL_u&qsf>@1f zm9Pj2H(MXKI0_re)W@6!=99jzRF>#`S3pz7>|Zk9Dib${<|U7T5N3L>O-OAW(wpkh z|D8MC+1dfP+4nFn>>=YjLG zxy{?#U0YdIDGBiRfRw8+8H$G{5wtw2Arb<8r7(pOngWRg6N46w0@4n%5Jo$t;cFFA zoyq`Cvra2D0KtTqdNijslnT>G3?vAH2s8{R7^npLIYg?3IR#@{C2}%W? z8t_`=xx$oy+|)X>aYc*tsuol%4jj%v!hFQExPru)v_if>Et0i7eSI}Odwy+BtdygM z07rq;%b7)7HHPiURU$q5!4Sz0vp}XoBo1Z*`gs$EjS$HOl|uXpNGFU|5+k8M!39^X zFWkRa%13!VuW+3k3KIGhL}vs?|{5fqF#qi?%X^ z7C5Dz5b^g`xtrh_a(CEJDAWjY)F{!g#0?<*AKTiaX4Js4^#f7ATsexP&uuMvW7NejGU@$Pf3PTrp<1ja2c%wBS3{!Er zxDLiKninuvz$tA)vm2Ne$B< zjvyaMjdIhVr6TkTC(2cf^ET9C0+Z;L7U!9&3BfBt@2CRO1uP?#i;3qjD!K;P!;2dnJ=HbBDtlwcI=Cl8~zCj2z;y?lLT zb+)nTRbPLXno#QX#@EhErSjJ1w$`TCn~VJuW8JUY=QvzYB0$i^Fz3ZcM}VHwjx@F0 zDJbe6Tcm9^OmF1E<8m-n$iOoOO{bG-bfD;&X^wseM0^M-Uvg%6jdUoZAP9P0nbd%$qu19-N-9Sl1L%lX<@X-ly1y)VhI%~_cYfa>8O5sugn;_Ha_GAvq;)?cAgkQ<};AQfsE`!ABw?fib`8eOfGGt#SCiA+EbJ`KTr@MYIDNs)+1Ib~ z)hhvpHa=kBqd>*b7(i8k+MFqj(QGVfZ>Fg4Ft5NPV;qi9tn+X9-Uk|H8arH zIWG}F?_dNeK=LuwgoMm5x!`%CZCWrE5IaPCT`foJ>j%xKH^^CQ4(6A)zxe9tu@jL|F|%_EC=WG=L=Ru6%3AG09~ zBs>6mTBTMH7~;DS8HAvHJi71DLw2B(bl^=G#FU&p($O?MF%M&5q^%h^?!^2m>JemR z(a%0mCd7vTO#vmUa4@WBKM%B(Rwli5z0}d#{_-U=8*7W8fWX$KUb-p3mLtBdl&PW5 z>2|}>em1zoG$V`_x*k&SY0yP*%F&Di;h`WTGYnr1s<2$EB195YF*+ZpFKSW^y#lJy z>*e6j>m_JE32OHC7xj;BJzQGfmc#tjDF>SyItS+WK!rfR0Ar@71=IrOhe%70I-QtO zvmqtZZg2?#XaVR~#`T44|K)rgwI8XtUvS0W&c)Kg=Jc719uD4(4IMiwr3i{eKQ+Nj zfPn|~Mw{al8YB$bm4SY?Lb-r=&_bXNkx1aMfxPJV9~fhZ1F678GK#9z5K7>qosISF zP4zMns6jNtL3u*``-TP|S3X*so}cX<8Sd!W*jtBGbV-On14V_VT^%30TTnhTye7nG z|J0z=DFsSkN^q=}!2kkk%L28n1=fw$xluEK=u#YxR7!(jZp`uY7ct415`x-Z-0W{{ zTUc2J5{&Yu*_w<*W&o87e`+l#RyET~NYkQqYdt0J>TbT8U$Hz7>P{~7^|q+GByGk3JM zzF-mRA3VRijm9NPgksSH2{aArb7(t63gH4|i<&@=w!^_OWNW}Qqy%|N#sW}6h=PN| z1vP{m3D_V=3sVVMU<77IhqE)YE?L-oe&mFgcR)!=877f1d|ij3wF9O^DM87R9|yUCrvP&Z z`71PEr?ooM=?ZZ5k@t@hXee9>HKnD2zJMd7XY?eHe-+)V^fUm`ATG1Ifg+=Jfnlf` zYkBT`{^*6Xm(QHBa<{WDyG9!7CZ_-WvK`TFw8OljGb{DSPQ?KLI> zV0CppJ2U6{wS4|Iq(X`pnFzG%CQ)g094*@S3QF+B?RyUAFW-9jQikTdR82H9Ye5X%!o0 zXhGML1j*YA_4Wyg%bMq4G_OO773~OzR)dnj+rSAWX58k1e%Vx_RBA-QjTsUe(zw%` zt}p;C#HtZH$K?dH9?B5)KB|nI548uAMS%5YjDodKw zEM@i~(R~3{5^{qQuUoR=UedlgmeB!|1TlAv`07V1Ff@v{KqeSi*%#2oE-l-g1mu3`{Z%0E0>k)DA`jFgmSD3LOG9k;!#Q!#8H;?QYN#4X3Skr$$;a4U})19T!20xm0Gki%|rmp z4FVZ?fC?xE)Dej%)~GakokA=xPAl-X_w4E)fs^RR0R^fl1hn@B@_}P5G#(lR#(q)r zDS`*>1pEf72CWDL3F1Ih>j2s!L9;=?frx_JoE{W@=EE0V^bp26XUbq zuB}2ZpqA9Aq-v1@?PW)qF^xfYv=YV;@`^QxtV3Z)Du%Bc2!mR#*MKvCB*&1ujQBdV z+3xmQ#qFCp=_yNd(;y+72fof%NaK4oDYn%zIj%N-em?QP8!g z88903aX;p$O1VWh#8{} zAxVu;D5Sdp>3qlwsWPpY-lD@~4GpeBS7?ogX;d)Kpfe<5o`}76_i90Oa6n34TK2X4 z%Cfr;O7Fa#n?bD&QK6wBG1^}St)oLX=0MRTPG~SVfjBn0@d3?u9jX_!JO+ZH)fAc~ zgSkLIKGA(nVj@ZlG@9;BlETmw2gRj?OFGaWO3>^Ca8wDQm6K?j$im=|^CgRnygaU4 zsgfeOVSGY>CPf2~9!21AvX*9YQDI7rcf1EGZ0LY+W+vvMhDOH^^BT0ukzAfXOi zbYRk`kw7BI1?|^DpnrHFiN5FeFMj;1z>w(NYqw(pf?RFv@4oB=fxhlYxa$ z$Z_KXh(Jg}3x*OMq0t2Zd6@}CN~D6Zv5DhHFFm;XQYuFGJ>V+jd;p+GM9@uq{rh1Q z>n9JRxF-BG@V$IpBIQ1;xE&TA)IZS8M9^w=Jw1I%38}4(ZzSybzV4RijWbfvYn%MR zii+W}>033gZL3JU`5oPPaR|LEiueyi#wdv9y7tEs1{OS}sziPR{SFCMjw_0Ljz z1!WLTj!fj|UI_~g%*;q>eA6l5%78dbkB(ZLb+0V15r~$C#~XXPC+6mPBa@?7N^+tT zqB3%_GcxmvipxeuMnGWJ4);xMU0kS7QgrbBTaTAkI1)8>`)=9Uk3T*7@fSV`*%d8a z7?0OhQ{CP*D2JL+dbLv4)82a}FFzqJsIV}7WM~GdAaFl0K}%y#Z~I7deM545%){Fc z*OqtC&&;%b(xRXFXx>Q@axO2x)i=yLvhG<+QQ@7Wq@0plci&D=;q+~S5GF>33UYFz z!s9YhbLwiFBofeyP=hYzZ<^R8dJUOqTHr9r=8png=TR09J8MMXu?kui7gJm9kUo6D^F zm#rIX+vx5z0$-onse972y0<1*i#wh-^}OtDZ0;{8DtU6VNVGQpvikKv|43W?O9%5y zzxvt7p+Tw7o;Gy%47PQ3&MnV^#gwY#3oEO2jV;qt^GNTbl`ybCA_-^B?(Bu!giM1P znJj44=H8x;96(jAas{X3++izxOn_+Z(&J!QhM%_ z+a+(?8ty-?-Q1HAQo%@fQ)^p?P!4ueE8_08)OOB{&yfUwW^(Z5qpqE0rChw%*Hbsr zH~ReXo05VXZH=w;G7>r1-CtBt92FM&wEFq%won26gI4b4OACwT_a8;YCKcuvyu5$Y z>9Tod;q5*8E(JttG{Al^E^9p^JjmP2ZIS+28B?i+A_)ZMRxsA)R?X8V*K)G*GBUcF zyW|)NvLd(fe8>A>CR?^mwRSPhEl20>9EFzH@27kEAPMFV=s)1H8wZ4OpGkw zxL)z#-ouS8m{U@z!0@D^B|R-AJtg{a`Q44BH70Y>!dCyYhW@thM^CF$@^T&BU0+o{ zhmoq#VL-`&D{TyomtVb=m2owz^yb^8CDayLYI$Iyx3RTnp#MhY!^G6I^rVdQpP%~G z|M*pE=9R|QHu=V4@9UR6lWPLh&p=ps^$kt&=~+36ncdBOe0uXVMTq3{Lr<%oL?mW~ zM5jJ`*~I1}dJ5cNKOnOHNAPt$x?LD?H}KohE)GI*B|0(8&RZcsZv4vlhP}0CN!3#p zOj0#5J3N$Kl;auVlb)K<*4oRJqm8TjBS5ZM$ zR(e9!lL{7x%kX=`0L%|GidHETHomNh2@mOPZ2}1u1SZ$2R(H39!^7%c*Q!Obg@N(5 zSG6LH&k^zJ9=CMYkJPt!#%Cp^Cr3qkd;jde{F9?aK=JLz3tKx&6Jy#3eMmZe$A)Ef=rN_&HomFDjYY5={0@4mNf#EwA_X z3_U8ocO@YwG$=CvdRbatL05M#B~uY1(W|DKsMPSJ=)fC=1#{z@5|O5>_tnwkpZ?AN z?|6V$UhSL50?ATy!(d0t6qn0KT~1Ns>IMSk(@zKuqrty}> z(S)RsqSCCs{v{yK&^>ZeDa8@fhl#l{KNjd@Uy_$2kPGDCY{-edrA?Mdh#B;w-Gj~5 zF9ke4dfTf)-d@`<*f#=Nl)bar^yc-O#;&UBmuVSMv2lLwO`TE+c#60T=fQDD6Zkmo z>6vN4Vg4m0W!p;_>IC#W0x>SdTN?**vP&c4;&O_j#%J1*v}#JWzA@I-GSEN#x}`I_ z=z3auW;{~Js>$Ry zhr?5WrKH!_m!`(=-M$kZ5mQupZ-XlX%|LG=hJ7C##@ay)YqjZr)6a3zN%{y z%8YxfU|P^Ww1F3`?5`?!Jn~s>YnKqHzf_qL8WoaWyaXN!%nV$)xwd%wPFYM$Tz=lw z)|O7W49z@n1iH^ekc5c$g$L}Bi{u4XvfXWANb~d4c zXvU%aPNbeDdo)cq@%8V5QLLXljN+Q`)4&hiZ#p>C6%iRyQF%`!LObvj3he2Vn&^ml z4r@mv+lh?|^$0FpT{SGc?lAwSU-|flxkbhwKY!8M;_|5vKKrl#um9`VS^Mym+{K0I z>v`$X0TBzMvs#%{w7VDJ5|x)$B;>AdZ;ao+b=T9y%i7}7sbgO|+j>?#cm`T;xUcWb z5xeJ)>ScO-UPXacl5U}ug!)#`#YU-^!1Gl3X6PFc6GY5+1buDJtey&KkKt!{nLN` z-~Zd$Q;r#FSMv*sLL$Peo<9LcL#@}`xKo~zk=fSPL6a9PMS{m7mh;zx+&qdiuPQ}o z-@Jk#YFk^ZoE;uKsstB;!`i)j3rYR1^y0vHp$UNt$`5f>SJ9JM21LoBOsVDj8Ka6^D@K3f@Wu@we&5dq|P9fp>Fw@jXMXAY$IgKs7^zS&-^5jxpa<+}F{RLY~M=$r<+E-J(y|x$5WnazM5^liI zs;PWrZQ<6|G$>r(ijN9EVd3BvodjM%dTj7~Z+k*eP>^5Dts9RV&tLja|Lgzr%j0Ho z=>?DO-pGiLcv$reJRlvRe(T^&OMLRMDRK=`rIp$jLy zD(=3K%Gb+oC4BwmF&Fz_KhM~dq}1`L1`cobPT30=yC_>5t4kNYcCoT7%+6om-q8}| zU`>nJ2S;r$T1Uqx*toeKId#I{&9koh*`9C@+D5ptaw{dv;T(+NzzdFUQJFa$u1K%Y zJ}fLd`^9lrPcN4Mzw>67FJH9!)nESN|N7tli=(Swc1{6jY9ztWCn}?8c2h)g1l^VQ z?Oa?=nqT&`bdCv#dD=cC(Sw^iSDhX2WM^;V>UYW7wfsRfSBUl;1It#baW$#^SK;fV zUSUwni(^uw?ESdw0*#6qXdVgji+wXN4AXvbdbZ-`4YvS~(^eNxo;Yi3>t6n}QKqE? zJFK#tOdn?#I~#jTEBjmJm3)z0uE0iyha$rQ%`TjDu($H{_qqS{$(C3qGXM`HHRwrN zsL=KKS?J}5cW>{pw_(;ONW7)DD=;+V?ck6`qR5X+3wHNh+g%=+9&xznYIDvdA|ct_ z(bCHN^pW5F?(hEdKmPtVXJeADj?J&!FD>z~vu|v9i|%n{v6B6K{X$bGS2+^)=Bvum zzyP1~=g%Mi@@pFl+q|NOn401(P53!o%D#1HPenbt`6%2q@LBb%=BBRfu+%^s@2@^R z_OoC9_UFI;-JLsk6fE{ke_u>W_&Mv7=I6e;eCkweXjV_xSXFh|Km6lg{-^)_V;i&h zk{ekw3mw7!Y4K4dTU%RTI6B&U;$l;6Z5%J0KYQWi=Mny1qg~_B32Q4oVWH0FPPhd6 zrrA54J!kfLSXkc3C=anobgwPyC(!>p%Tw{b-WjpcE1S#c=L*^!K^(q9o|l*r+QsqF%)~f*YnwA?FFLsR=9k{v6sZVM*6Nko=cP`L!ADNH zSbExrCVJ10cGcV{53x&{?%$FTySx0UjIgAPpv;xIjfTcnTWdQ9JNwAcFdq;1=Z_yt z`TW`!H39yy|+ zZ&$0+w6%86OiimqyA-Lsnp=AMtW8~8vs58W^a}`b_idY8;pi#W;-ZhORsNOIU6FiZ zWH>u9Auc$2a&TCq5;VPe78{Me7@sLf-N8@#nw&oqtr$EEo9=V89SxH|R-)GB+bNA|!Nd zWEA>Q2mFyxQ9AW#N4>9;U1{+hfr#AWD6?}*i;C{Z6>1(=oDiSl=NHh@(xxT!6Jyh? zjlHgxK8y3Vk1C!(@2i!H``0RM&N~i`4G6@0o@S0;{p`ypPu^^9K_g?lg{k9ToVb1C z9&cmieo3*txqI!)J{+SaCg)-j5-XlmDmAK^rMcA1tek>Ea14+NM+-9|Y`>%NEQotQM5qxKehLq;zw0V^=a0 zf_&Xy)VISJ<*dx5MF#)s!y_$SqkC(MiQ#@;-o6WKz(lo^BSZF=oT|#72-!;|g_(Be z{pa7Zp}(vy9Xa~Rk-8^MxCm`L*;!dE$ViO~jTjpofpLGmq%1Q1%KR2vuMj;eFA5F} z$}2493Zy&^_syfbXTSb3G&XB?O9r}&ex4m+&`QB2se1gt#o0bKHoE-o{f*6S9rPxx z-1__b1AYCn(o(mU7Bos#e)^Rgw;peb6@0ZeKefQk+WC3SYcYYX?d@#utS=4^yI7i4 zK7X*nUIHdv`?UJZ3G4CU6*W(6V{ZQUAAE8BQO(lgJf+7(D|7yijwuQGoIS@WNh5b#u~0M@OA}dnWdh#-krVU&|u2-#SjPkz{I=_zFIUsQ|Rv- zo)Evr7bv#`cMET4-+j6vl?x~OulPCTXJ&(Lk^m(I3PSIh(a>8dAYdBRzl5*T8`X?_ zJu4v6_kv^fy_(n0ns4Uce|Y=ZJV(ISXqIQ^2iiMUcGrM*4GxVtIr#-A=Isbo108MA zKJE{1lz|+mIyl-9AP|b)DtPqbS>BaGu@JhCiuDNr=XQ2=YHD%n+?Qr2Kf74h+QF9bG?-+#wZrCw z!^0bOY>^IXUYMTYY3DRK!@|&SKdJ<8uYj<$m0c-+d!@Jj$=vKD*j))v5E~J9(aMX( zk&4!4+-%Q8WaVth$!GU!oX*+w_6&pcvK2lhF)U22#3rPMMaQiyEmOE=vZuSPr$Ipq z)N*#y^XFfEeE#*zcCKI{zc9_!Hm{>`2iI^!vZaWSTtAPj&CN}@k{1>l?d=&d&_Arg zWZ-E>`gvu?=i(xa&mMJkIrsI)me;R7gB-H2#yC1g-+j;{#+AU=F_>S_8Q^oMC9m(5 zJ6^mHlNjCB-Oiq0r&Kyjpaz7w=Q4}FSsF+IKvBzk(4LX;R8Zg%m~m7=na-a&(J1UtE+2HPR{D;s#Z(fzkk=!$@bavDuIv#U2J9HbGxi|cZ*=AqL!d@4kWFS*%yCx)d7xA!QL zY<qu&2cG}JI zVqQY*SZ~kX=Jv~)S`SwrFrS3V5aJ&e;2E$vw?rv1N{x$_=G|;;lXCA2t)X90p@%f+ z`N4WZDyw>UFD4@LWzCD7on6ElbQ+yfa_?HU)!CCz9=%%I5G}26Lc^1@vx~rZ^!5y$ zKWFyjNwrieXP(}rlBuUgXROWapFDo1REQN4arNyNwilcRNBem~R)CF1l2795DhJJ7 zT*_aZ_H^>PR#>8y3h!Mna6`^yrO{F;8JWo$DZtk!=cl9N6W)%E)BCyg1`?;x z?FwQZYyR@-^S}7-|Md0mkDfVu@vr~>??Ymvz=%S(!q|9x|Nhw{$DdYIZEfz(FRe!; zrX^(M@I*pzll}{>b#>UnSt*~(*5FjxR1O}0TuP69>__}*{bas!9 zc11;o`g>%)?OVa{?YzRE%jVXDJ&RHSGVMBQJ1)T^&^vWyR!Q%BmMeH1FBg~e%nZ1? z+%anV`PnCT9)mLjo;kE-a!FOi~$t8n-diBxWO=|W~&;_|}e#`;qAiyH6Hu!pZ3Xg6E0MZ4yJ)M$XOgNNzm z=6vt|ZCpn*bhh|~hYXF5DCG*3KyoYRny;htCTH#Kq|L;negD8AfLRwy}jnvSJqYzPpfLBz&xRC z)shz#_rN`yc{?Q+&w99D^mj|%Tve%v-Gz;z)2H2Um3M##f!5b`6o&3V!O_hsQgP3l zx}fmDPrv*u*vV_AZ$xF#%e9)~^t=dH@A>H&=uJ{8b+NQfNy$+v$$^IEGhZBe@T^{p z?gv3Pd)zC2U~BExKR2|-Uk`K+O7KrwU)u%M1f4lMJ>zYkdiTl;Ot{)ochk|_uKroC zOpL0lrM5D10(~7LC2OQ~ZQae{TvB4@{5smp1kJ-+Ub8)O{%++%J}6{*{4wk6=*Dmu z+-O|_Hz>svsS@q6s-HY{aQ67(=*g7StgWpbu&)x%ZittMyS+_UTRWR0=oy%>aq};# zs1a*aWn~fm-WLY?mLwPqHd0AJ--(`Hzv*icH`KZ$*RW*xYJPNjyhjpeli%FZVPj=m ze*2DGEJ5ovDpkvyH)iM0<>q9~&CKty`B}MFf+ON)S9a+=F?tQUBOGRkX6(uRV}J9P zfAhPK{^8TFT~40An{{PDq~%c5%W2CjAMb$1#%3HRii?YF zZEfe~=ICcm=y!Iu!Xtu{Q{o8?HaIY1cESD8gEk!97mx0*0bR8}?-(%i?r<={1QY&9 zd@oEp00V- zC`Ei7n3=w%s>bPpZDYqcn#ClZlN=M~9lSoXg1(3)p0>fs(OJy;dO=p6`FV>^Km6_K z<41n>KYnFzvCn>U;pCSe{_6LC`}ZF_e))W5ec@hyp|^wEo1q!Dj*_rg?w8GqO6~|1 zL`8Xdu&e9R=p5qfI)#B$6y}w>IQb&JzPsXNkqf|S)a3eR8^-oP}^)? z-$3u+VEgQ3KZ%L7a#2)3U{XW^ZyVi22zm?%L||l0S@~_5oWH&@T~wHN@$9){U!Q{T zi=Y3-!NIAouLs(;Z?MbL$JNr-CO$c>qZ_Sh?JO;v{PcI9{L|0OPM-MU<4=G7vtJ%N zdb+ixXJvUiEI6tlvj8Xw2tz65vbE*(*toc?vI!P?767PXq!#J@Fe~#j56bUaT3oib zcf3(rrVtA#JyDnv^TE&l{=?sX@zoKtk3Ko|H-Gor$jIcC)ve~Hc57?fuC5-`>x^zC zsgCB(BcC6ud;JDIn%$tUt!MzgJ}}n5y}Js0{d!{Y-X7WzODRQL<3lzUc2^6oQ))%^ zy>gq2E(5)bpoe90{C;IcdQL`LPe)TnOWu{Mvx`e;VF~g_PjP{<0DOHhz|}j#H@d2_ z=6TKQ!0_;Zu%NE~PLKdRoTA+9fB4J4I(_uyhaY_Us}DZ=yWe~q9GAe8h$<`Z*j_q0 z)Y}eKhA|4Hs^j&uvu2JBZA0R{t=M3%$f%f^r6urOw%3;J%w3;8cmbZ+^(%Q+r+n9@ zCG5>*2ir4uuixQriI7><=~m|^zW)7(zyAAwusDD5>(77x)z?RlnL7?nFDke@Ng2~4XnyI& z{Spj4GZ1_Bu)^lDXKTZ-Mj(xkjCKo(TNeWt(1VL2T%PxLa88WPj)-aP8R~9t14#y#`2r9PZKV~X9l-`l&D-_0w)pG+_E%yl04i8heZ3xJptEl0?QOB`(Y@wmp0qaLKu| zzH5&wL0*eS*VEh)8xq>o*|f8_7U$z}^k=`g^wrr@C(M3(miSN-k0sr(N}T4qRH>)9ESc@@$BcLr_94TTb;=Jv;kPKl|wO&p$tP=F(SZ ze)spkvkQtHU)!VvTLYChd^|jlp0o50is|kjC(wR*3X}kI>$XaZ|8absUO7JvJAay zi5@c#C88(8?yRrmW~SY~Q?|OjURm=bDLZ46wF6@76?jofj-Qju+}iZO*nsUhryKeA z#VQy%q(&v08yvJh?OapQrl4=}y;pMG^6a@cjROX#qC^6G-9IdCX;-S?v!0e;adUP2 zwgw@#O($?gFr|sFKYsKqgb=B=E=kvC8wM_&FrKY-{w?+oXKCF7S zNk8ddFP3$_eianud&=VI>7yV0`fvW`mw)&B-0TveWbMYSE7q41dRlj(OLY|2)iEM6 z}}_uQofv&=${x}w6%sQ@!hHUo>Qk>?v%H3 zWn$p#$j3xof+#-XeJbVF-eyZ@YiU-YzmsQkPq!FX-72{5YvVLLFsM|>BzwEDA>na} z8GC!8wx=~0zdHW7t_?k10Nf5e_O^A{$0Mw3c4$?w;cMfQ6_N?G9?@3{7xD!OAtiUN zJQK3!UOl+H>1mBIz+IJIFbw=g2WJ!W@K#$QKg7VMpeHiHr~s#HeQWRe>-wnZ1knGpeoltMjU;o43 zo;h*yx4--NAAkArZ+?ILc}p)#%+1U7kB@ZTSeFoJ;~dBdE{C{0yTIXu-$c(kx`kf3 z673lp?HaSay4Td)Zee!$QAH)L00#^4_2#;|pa1>e{rnnwkIS9D{w$~LR@=z*z{~n*H{bBw8{1$Xc_OECXYSo8LwjdvjosDR zXJhS9UHzQT7oyvoqNC}ZPADs}SQrx<5gg*bySMdrXw2CmxaMh(fTPEiNN&^!25|8} zYoW;B6-+R}gg+8Lw7#y>t9bmqipqN>B_-9>)mN_;m6qPXF%7B4FyU&DzlUc?0h>*Y zRn-QZI#t)u%2LsHk{k356;<|UEnhYDv!p1ugvdZ=OUJ3f37F8V^>r`Du&3o-AyKhu9JY|VvF2=k&cWisllymT zU%Y%?{j#_3twe&$<(k--q_Dv7&4p#e*GXb`dfdm!IV`DQdKW#J8%MXQ;`F1Sfk%>j zHmCC8qia`7fQvtUR7vSH56i9{{p6#xl>Exa^-rpsU)Oc6tn4V1L{ImCBaq9Q8t86J zp#-}E8g~5c*oD&W3v&mS^myR;F3JO|Q!?SK_a3?V#rt1FsgW%sSb+ z6kRLRC`1p+O3cpM_I0E6brnvIPfuMfxe}Ke_wY&O)0!7MY#t&IU@*|*Yd~ZvcYD$H zqV<)m>r#;lP7jTaMZ`sggavM_FHr_<#myUMzdn+knpyF%s;RxVsIE+k~?B9dh!Ddq=o5GvkNCLU%2q_?!Bsthp%hjR5$gC)Oyj*T57mY zL0&#Hz(8`r+Ptf^Wo+sd;Ooru9MOAo==F6dPOl?KQX>$G=jInLTUy7&#*4*L;Oig$ z=C`4N0o4!hKe~7C;q8Yb<8$Dw^iEAXnA-zi-(l@RVu4ZyX<760_LnZiro?a*=$Yuizn_FS-O|^<@dHNFg`inO`Y~VQt?ZWtA zLE+Vm+`?#SW(#S1w` zGP{kRRXz*w@>$(m7s|OlwwEt|@l|O~@xAgVm30jjb#-ixfDkJm6qH8#298XO3vjgj z49Tu0=lMJP&oA%rL}D#xE8f>TBq@K5t7@-$YWvk^KED3l$Tod}^4T_ue{}P*JP}&V@5J z5m`B7o9oXjDx(7Y3d#y^Ju1Ife*ehVr!PDC?Fi(ko#ldoww71Vp9KYnC#Gad6sn2I zX)8+$M_a4gH;P}>Jgs?MTi@9&q~E3lR1TB?dh;3-3am~dtbhF?H!riY`f+MrW?|WN z7KaUD6JmK*WMZ(p=koT#`0S+ZIhTsE8YPJy#beOQhuhjLkJ{Ef?E!C&BU4<<%J6e> z?irXy`d7%y3=MJfjeR?})zSDe+}k!MJH5QT{O*lg-flkU%-u%D7ua(n;hr{GB{x_y z@>S(4kIPOCjjbBOAl=~S#biWB#B-$zP~6Zoid|lDR#rfS@13ffub$p3E66{6&rP=MSMBhjiZ3^KQ?K9{#?QJ0D3@9j0ibfIg1JG~;X9N5W#N~13F;iQ6 zyj!>LySTWuH8hCXtoYF2^T&^X+Id?2;_ky|Z37d-OY2fXSy~hm8DKv&Fe}CoUneQ_ z-lfOaO6^X1_O(otl#(Z2iuMizJB|bePna$bh?;kvU!ur{h zb|C9I&AY{QMEdE-bok!cXMzbP{6Y9<_`2Sp>FRC^4-bbKo1UIIGBSoHBp7$3Go2J%n482bqbk>X8_naX-TjBUhjePJzq{-F zG24{5oZjyG)U*(HSC7?|O_RZz-WS%*C4=0<{pW258J#Y!$;v}1kQxhVe@E|%$)im~>= z3r8-!uImDt2*uG)E~oc(=#_Hbj;FnygN4m-&lqTG9H$yv2R!`4E1y1J-&iWXnib&V z$?RX32o)~Qo;Egi>+7p(0zEzrS!;^AS$^NsC$zPtYk7JiIU*=B$Y*|P9NJb-FY`bE z>yeXt#mC*Zqp1bG(VZk_yW2ne^>2b>GgpM@{vq^GWeCt~hz-+AzhFFMn14VBdLG=) zW_MGa!)5b|2hU{+#1SBXT>%?1JUn{&^5xXjWPuQIGMQ8?6$-|ONBq5gt`z3WF`-JO z%!tkV@}m=P=SDU;YXJ`4MJd-eSz`21IvvJcp0TxZ%+4tk?rlD}b=}V+q^)@vY6=%6 zO6kqJH%?zV4fJksWK@PB)lUlvwE`O<=WZ{%*|_AVUlR+^Bda+A;e*EyJ-l3>RX@T+ z{8x`F-EHme-?}T4qPq#jYD%g#sP*L7Sbw00eSTKT#vXdf4sUHCIV|A!M=rc>?B#E- z_0s@26GqTp#H{06Ud_BD$-YwTEV5k7)MZJkpRQJS0q*aP`A9)tW(D<+nU}g_xQ2l;lS4yIAS!|bxOTp zFWA*JAtsy4R=%mM^00BJYaT@W7wDUSRr9>s(bdB*IJ|RU9NGb+S%A|tfE)a=(Ktj&be_T-`c{p{ARU)&xHZs*WT#m z?vzth0QoI+kA40(A0$Pk?{a0(TtX$Dlb-A1;JC84j_KqD$+3yPK7%d2n39D0O6UjM z>lJu;?p3QZ=SC+d#2O@*LM+dV%W$)D8J}5#uLO51*u~K&B5j?APjz>PyVw>Nm#7f+ zLBkcqMFT~?OA$O6-ZBkUe5=ySFTA#)6HQ5=9eSNeCjD38>&){UbHZc%tzCrB>;`Ij zaPGvhi*Z*9r+2r~;$or$e0VZ8_>8O{?_e#m#rO!$EUWo zSw7yL@zD`$%X5%FsWWiIN>GME0^&iDS~YqDDe4{Yx96tDW8)%Syxan#LhCzPG4vov z%AizdM|?DiK~safzA!u$;^}|o_RRppKs>({ z_U@hH8$J#$&CSg?p_&^Tu{eJ*G$utR(@r;aANl16QQ22#_(B{P$@eys{F71=@@7OE z8`z%LMb`+M(6O-vp<1QZYbqaAc{)b4yzT>&(fIn2jfHJ;VxCN?lWWxzi@g!?{)y4) zIG9akwm=ocG%z1uJmp(hI#=FDB$bRksvmS>2SFUlnE|m?<`JF z4h^t(_aF+4ttU@k*x5PM)zs{+Eoa2V*jrp09vEbX9SjKwpuz8#Wx86Pe(|gULr$H3 zo3|q8Y&Si67U`8(_qHl3N`cM6g{pb^%}gV`mV$A&pWz@z)a%;Q9^jsImf^So_b+!G0?*~$lq&f z65RnM7Rj$&Epc>k1xo={yLt1bwY7C+C3++PWYyo_>*MQ@m!Bn-3Fqb(Y^^=2D(jh- zc|dpLDku=j2Qc%F3Ew^YOfbQOKM3E;*GU~lXh0W{>l@2HK0d$s&2JJCk}wRXAJPn0 zHp4W*y{~-)gF!>wwLYl zvoj*XL;vY-KZ^=W;qy1j?-y8E*(4;Ug0r5K693g#XWZTWmsaMxd%Ntc0&kX7ZmbXA zC`j|sWmmI3o&A6N z!I7H}@98N`{liL|^A^tGNl&{57Dh&VY^_q#^F&IGh{Gw(&GoW(_xJRUjSckmck%EJ zsd?Q(QuyZH@|jZ>S!vf4A_=7<$2*2je{t@0T@Q;CyW5dZz6kaX zOHRm+h)D7936Dw6URvM6)$#{-OU|D@5gQqmoRFRrpZ4)bpWE9zE-fu^xH}~`t|cVL zB&Vl2yL%N}y*WR(LaDKV_6C117jJi$#Kgq-gp`+WnpEhq2vloFZ$eyhXkbvJzh7Zm zQek}b2mkmpzp%t5wgMC`O+^sNQu4WA9&)m>Q&Td7!=ilyLc6+pBm(~S@g5uJ9lT+y7gTPT9KD_VfWE&FdpO_GH@9wS9q5jR)mHh0ivu95D276}ZWL`RH z^Yv$^`=$nG)~5ZPd=i6F`7-o_HKh_Qj`Uht+Gpin5wN$0x?62690UBK>)*8OviD>v z>GRjs7c4IXh6k^2?`U8wfa*pDM30u8^h%)kj#f_bk?E{$^fpjJN3LuxC#S@DxjRe^ z^=>cBUCYY0x3u>435re0$}GM;yTyh9M-Z|n_e$NJY&-)Z(y|M0=4U!yI`h%zr|Vk> zDMH!&^6{zDXU%PFQj+7sg9HBIZ+>_G?lYlqC%+)e);x52jK8(Ha^cdEtA)i}HV|m2 z1Bv63C)M{H?5(XVEt2A*OGbN1l()9t3EC!*3rc?DK#rLIwsc7{j*>H68QQ8 zONqz?xI2iMVe3mXMc49!0)6A-V}Yhe$HalpQ1_-mCR4~{vXW~>7tWjx@$rg}j4Zuc zRM*%9{B=($YkK*{%ih`9)g?JEEBjjE;NT#Cb?a`?bvqXaCtr8yEbH@@Uw(G3{&g2; zX*DK1#4R{_c2|H5o>nGWne}&ch>OY)3yJ>v25)=E(CG9V_n-0EED{s-v^QV2wDt&! zo><+5*^9UY>S;J4D2DNL_cVlVGkS)MTu zjf$&pZC;-o^tHDMj>_W6p_Y>3%!Es4FFLz;M#U%P6qOCl@4!%3u@~P|TuaZ)NXWcm z?-mddle)alh6w@=A=H!(e+*xTiE!|I7>2J?q#`{e?Bl=tMWBC3N@|w7y_dV2U+qBO zrd)WpwD{8TFQXGfL*jx{zXn2a2O;Clt`$7;2^%PCsblSCnq=Kcb|S379X{|vx&$K z#E>fUVpF~BoMx7%y9WAf&N|<}UcJo|(0(O)UsAMJl&g(@PSMRB5pQ9l&(GE7)cH#x z5z!gp0q4H>%+ft%e1qHEP-AO;Bsj!BGCHa-Bm3y@kA8W?Vq$EOH#6dAbv7t6eosO? zx%>FiiIXpCU%#xY{qi@TeDd=TQq!^nW8zW^3me-yXWvc$tGj4-Ii)ZoBQ+u1&;M`# z`#;?%D;J8ls-IO{I_DnjpVrh|x4t>;;o;@)7dAJ$ESD=QAC>#~y1Kc!<>uytat;az ztf_ttmEv-C0s?(Pf?`*eSZYGq(%Rtc=yUsa6^F|=_LTv=OXUr$M@u2Wv(5)Z*`ZwVT>D$|a(HBiee(~XXXWsyDKx2a= zyqYe+4Bbtyi`$JN&%t2k?6W_oyNtZQ~| zRU*}a>#NeChesK}J(do4HfJWr2L}cvrer3hW`>2wL_|cf*4HV$c6w+aD#+i_)-E(G zs<7yG+5M_DE*D1c%J@KHkgtccXION6W^sPm-O|04rSaD8Xx})COZGvrq2Y-U$3H#d zYT>fFwAtL!VRq5H=Gk+VT){klU9h)z=SG>0wPjF1aAHzgZb8x5^dcAudawb|18Oj- z=*@%T&;RkSd_05V;kS$uCatZl&B(}TY;1;T3YpwMVjB5+#e?g`_v$%Zia#*+ zI4!AfXi!MM@&hH8N^9;`IC=#K#3ya;EXyVA+ogAoe0AK%+r1z^H!d=_?sW%-^M@x| zvvcws99=D~&Et||Xbc4`CB zjgsn`H+&gdjo4XOC@;F@>FjD{btWL#1IW7CKq>T6o@}?Epsem?yBO>Trd*#|F3Z0) zG`w`c*U_6MNht)aocFrwQC@0BW@3(=wVRolV`OYb_s}FngX%BMkL6~j`FMER+c@WD z6(%QTl$YP*a@is=H#sfd(#Fir$<2BLhsZOilao%=!y1BSIyLedI zIG5gjz~hV2vWi|mH8$?x;NjrpXKv{f8WG>v)Gmiqlzw|>{q~(wbBnVlPkdcmRIs_W z2x5;6_W1{ReRb;du;}o#`26cv?{0`$n}W@I#pPAEo(nPhY10~+cz3n<`px>Lb`35S zad!%`uYdu*ee2%J+Oo!=?jCFpi4M-YRv-W~21E*~0sr7rtELRNQpmfKRrKWHE1Z7k z49&F2=9V|n5rNIGo)KcC5(Jd?_wBmX}erodb zH{DwzJ>u)oU;F!E8XI2w`FdWsaL(Mq(#F=l@==vYEM=a6Haj`x@9pK|;^gjRA08N3 z`J@UO9sB`8s<=^b%`d?J*u}GfQQ@PbqZFZE9-j`4jy!tdOj1nToub=mNmmzVw+VsZ z(f#skcOS2b>4jLe7~frgc)j>VbrZ}m+4j!8;^Kg?q==*(kr2HpY_z`}oa*$Vd#eI9 zI7c8ST0#Rht5s5@Tq{@HzIpfIo%>S0kbaL3ZN`B<;#fod>!PdI7UmW)g-WFaF`;qD ziLvSY+$)~$9v3g1iH`~I>}tW#?>*E+$B>VOTabU0M_|?$js$mMbsdMpI4 zk#g!Dl-pe}zi{6Cl#OL%R?5iOu!yxYP*-1=mNLIGr$+7$Ng4FgZT7XyeD8qZ?802$ z=Ipckcb>iO=14&%?ZQ-lYD}WFmBU$U>x-`RGZU5Cz2)J;v>r|f+B()p6b@e`+DCb~I#^z;r%DT=34t}jd_1be&t+BgiK%I$^nLJ9EQh_Dm6q&iV`*{mf}d|tVe!qC z9f=%0oDjwly&neV6Pmy1RRE1mbx{d1uUqPsIt@6nY89@LC|av)?_a;clX90g*GsbR z475ygBtRTNR1D{_J6^Pgc*l4Ih4hXOXcVl57Y|&$Jnqc_ zX<_~W-WSa-UCGQzj!C|9_2KTeP`$ZSQ!)5T)lB?b$YqEuF)mH=Zo_voE&Y-3a?$sFX`zX0PVf8xmb{U+s8AetgK{a zZW#2*)2C16Qm7xbv%6gN^tO+W*ToAK_V$iXpVXii!x^Z#xw+EP((0!##UgN5C}4ZH zZ{6?g=mRg8=@A{;b4K78ujyrVkiXX%>kD6=)ZWy#hoLudDnzmukDkCt@Cov} zR*(yxz@wK=k4wuXzS~H z;?l+Fgyhu~^y4S$C%ul(72LQ}e$mGIgxPtQ0JpmKH%cY?A&$ScR+5v~)YP*l#$ocJ z(M94dHI)$wflhu7{oNfm%WhnMQZ=@Jbwy&{n+u-ZeGC=iD~^4<7j+pwaY_8paG7ZIb-YPeCOd^QYy#U z!s@$EKp8stc%)y+%S+Fzef&xyk}oc;73NcQFIo|SL9A9U&CUAxdIOKQcW`lW z_o;eb%assvT!#~CjYdrme{yl8HQ3e4!_M>kNy|$Y&sRQvw8ld3Zc`ygo#<$7aC5RZ zzhq%;Wq;@PeGXf|bP7Qbi;IgnIXS+*zNb!|0LtFi-^D13ot>RWmDORPv2n4^ZN{OBlDR?Npf!f+&NhP2H^l}M$51)a;bd(sl#q#==KnnDf z)aWUp4802xG~@0Tj-Ek<9+o8(?I=JTxlo8J1v06SC*X^u7)u~xiTU6jfW6(>+Lm!Q zm7+aRnjj;+_6!t9qm!$*l!iG0x_MM57DyFnd#4V(e-fEZOeSaTEp4$^P*u^gxm-ix zVwnbHNBaVyH84FXL)#r76*LV*d$^i}2E;U!97B&$0f}{5 z66(z1VLTxStAuKy^GHlBur)4!Qz+bJ`kKX^{dC>abZmzEpipwJ&D%W8C{M12XuoS zk{)WT2el4%0%#TpLnvijIS=SEh(Qtx3{z@2V$~{Nwx=WrgHEXw8dM^=h@;R@BDosl z?!2jbaL(N6d2NS~wE^-dF?@^7775W!4pJc2XmbvXRuv{kFB8;L8eA(BiqHcYq54oF zupt58u28CYd?BtzZLU z9q36Ndf6?AuhT2!Qkg^w&VU-1!)yYoEmbM|YCF8lT<+X@w7Mr=7h~vYt(ZooQeo(o ztT29*lomHAFo8g{%wtQ?LlX5!7?sMP1m_Jh(c+{Etq7`h3NCOqdIiuR$HhG0V(3+A z^h8t(3Y)7SY>BKo3ayb35!ku1v$1X;m8Z&QDZPm^oVX?#4gv`7pq9zRlM) zLII3s1+J1}YM8%}xeQtoa?qIv{d7gx2z%g8`P%8Cmw1)$ia8`D=S40v%xNA~i zNAxg*>{T)`E)j`19GOJP=1CbngKnUppAVzgqBnFJ&^uyDnEM#WFP#Nr7nTGg zDI)8TIUGpDLN1$!sWcoI2U4^*6?z2*u#vCBOf-mPd&`7Ct>CIPBq5MVBrudf6{9>s z_o{VZyoC}0UxKTU9)Ko7t3ou;?mfAj$Kzm_LIW))7m>&yps^|v%J%j+w66s!1iBl> z1~aE1K=U%Q&jb@p_?O}^Ux!Hre4Vx_lvagGBGGSI8s7>ltwBwzPAM#ezh9u7IciOG-y+VQmqA!t^!kz9w$dB z)W8qWzD0VDg9`wh3kd>L4D=7ME84^&$>2M%Q}hJ_V8Vgz=s|8of`JgA^K`v5=*}mQkG6lniJ&;B4r)vEO9-5V10{|c zNuxCo8v48f^{g6rC$dBYj!V#LA96QPzXN}ig4ID|fs*RbbCIF)1{`e{fY=%gj4J^J zff#grLaju%t7^4`5|eE1tVYI!`UHB5_?#vn;R zI`HIZtBxrNC4nBI0Ra_cfbReQv-jW8RVK;4C^&1@n!Dz&x%bV?T65pL`|i7M-ZA%_ z)2F(+y1TlnD2w+-1_@aZLLMU!!U_q55JDc|y>~)@5JCb;2nit%^4@#9y?5I4i_C9- z+7eV1RCo31bJvR%+R868GBPqUGBWbB+9{J3Yb$IG@%FQa8Q;%eQBq!~o*c7Uv>K)s z>XcSZT7@d6bS4XZupUE>CZI611LaP>1--i&M6H^LXV_j<;KvA zBCMr8s*TgH6Q`S1v~({l*MO4V5T~?irL@>{88j5?(aAIHhp`tN8%T;d5Vmb=NqrBk zu4H@IbDFoueHNZi6Qfp#Se*LBM}=j=PR!UWGv-EY!AQk4U^oOZq9Ul1Hic8> zlAM=rD_kyLx`q0f33O*U5N2<{bfRqo;&N`&TyoM6j13b2v(JQ$B+YbU4$r|%NT!w1 zj>2q!?sU|9>bZ%CbBu=2gh@XJTF_%4VfaYMRrFPQpbC~mB&1{@liUV^cs$cC zp8-abh3gjP-yjv5X1i7$=@wboPJj%FUd03=H5zma+ET-o=zIhU5MR=Xa?B<*{=wdm z2P?v_kxpZ<(YMftCqW58&<1=BO0^Wwm<-s9!KRhyB@r`IwMf-UY!!$aqX3Bzox%bk z2b-Ok)^IZht%R(JDH7RoJt9*uk?G9r!Falv-Uu@oLv_-h$~;9oNrMWz5wc2pY#t8B zNTUaRG8MtMnnn@pqa~Vu#8zctexF$iYEJ6WahNpg33X6KXLf|@IMiUbV<8ps9JH@6 zn}w~1-oUMo5Sqmj016!@GtWXD{0bFKU_#Rqvkco}6Jk;-#Xgx^lu8Q6OJb6)q;$82 z0%kj9eRlcIx&`GaqUM&(HzXOc@sJ%D@~sPze3kDZtM}j}s|c8fz|Jx=>JEfv(cc;gFO>HCeT= zTzE5+UQ1WHAS!hWG#FM)Y&a!@mVL&7*a9&(C|*Z*l{%9SO2+sw&7+LuvcSEd;}Dz9 z#8|Mq#>`_tN+S=emdo%w_*Wd6IpLlSxGo_(SJHR0b zSj=h_mP}@36bi$q&>^NMye$PCG<9t=mIF%&cFBwQ5oW%SZJ!qA{PZ!ChZO*XJOOM) zf|Eg-4uv-8kis%5;{QO-==c#s5D*OmR6@J96@{Y!sL8q7`Z61sB)oJsOc%|lH;W1D z!n-&F=$Q49etDKah9Tey5$w}85G9$7T>qQ}mJ1+HX!|QTnJz`eC>r*QjS%$1px5APH^45Q@?Q5gM}KhxsCod@QJKu?iCJie&371G`eOIgSKk zDI=IZ5ONrykfxMyz$Ao7aLCw8Kt;?>m^TKpYJzM+WmccciHy{X3_i`N1b?9AWIW9d z#j&sr2Y{D}fHZ4}xB!rbRKEn64T!yC{OC`x5L*`ip2(M% zNk0}$1bSSxy|;7U&OL|s9_s4q;a%W$?SXUUMXYpM2CM>0B>zV#JI%Ah86c9`71`$r*+L5ABFrz=kkA$# z0mOrM(XN~eBci}_HVQrEGsqqprw@g9o3j(gb}$q1!^uA67ibgJ20T|p0YG4z`yU0w zgq^stnFKP>G}jTAfdM1nWYdlQ)qu+egiySX2<12;O=5oxFjmxY;g~1wGQ-2Eqa4u%TTsPjXXiZEbz}^y$FB z0Oiw#FaqI3zD`$CQc_)A&EAyq7X!2_o?7O>ABPYQ{-(iBpR<7L)ZRT3P8V{!5RHLU zPgchRJ8pi!Y0mbMx@|Un1n?F)Qy_1e%P9QgDE7t{uYWM|YFuUp_G~#4fI#e~jq*bP z)k%%h>opn$ubJ@@fa{rEe->K&YXX-I;)vY@(kTFz_?Z3@FmBVT6Owir;sI~>*M<*o zg^`J}iZ~4*;9BB};s*a$=)yF7e7r7)BZlYPA33ZdhM4+Fju{obs9bC?b+J|I%(_$z~`I}xXWPc2cB zk6u5(Oq?&mF_3fRXlqd)RL63ITUKcbd^KMEg2WDk&m zESbsH9cd1 z=0)jdAxVaRzZ_tqSd2vzMH&k*JEXgi32oMhUz;`BDMUObxA;Fuy#8L<*ux{!@II0c zg;}gPh#}E?;GJf~re|iqH|yUXJ~Ceav+VhUK-ArP)Wzo&@E3{%e)cm(_y^=%gr5UXm-&4>1>iL3=10ae0w3NARm2h6 zP_8IV+&3E8qt*|I5HHi`O}ltmqLpeU7Y;ygwq@ zU$s9!58_Aw-vf}Aqc|SFGW@6{|1JP7#vtzBbXqk%%gB4gwaC-<`0;>sQCyOdz>>^Y zN?5FDu1Fvs(%9MI`x>+_;P~$!pcCv{?4yTYFOq zA^NM25D6^p=Zo-f7Bawpk@9a1_{s$kEz^D#<9kc)H+arp1i%o0hS2)I+ra%D;3NJn z+Ca?U#=x}9ZI2tFJ&M*i3qJzHhQxM(Gr+!p<2xBYiCmUN0Pr&dF-uo}ZT9$=GL z8ij-R0Zf;Ib!Nb5LG**~Y0$nv#DC`i{fH3*4Lxp=+yai@A#cCuvwD{!TPk(vIb`j z**jn_+q-B7vr2$}Yhbd_T|gYoQ}jwuF@hlw%S8NmP$(2&C7}-48^v8TJoba-*3- zXZuo)e+HOLSYoM1Mx$P*)3ETJ*2woRy#@nye|n?@{1KQXq=Q#TlY={768=Bl-mXxZY1ZvO z2JfNyV6d zh3^3VrEw@srKGQ`pdGGl`rhgx6= zYlil441LmErV(Ss%wz$W%OJxnwr>fX0m1;t+f+Kx{6#0BFI6 zunGu|gdhN#HW@{G5RndTGD9t*Bw#B_4(*9F_PyXXZ|@a(Dd;%?*E79PoB=Yy$6jFG z95T5!_#u8#5t#rYvIEXvDy7c~*((j4aVT=8ZrW@B3Huf?*1Slx0a1RQ17aon)D#lj zuz4E4=r2U#WTI?**6=h4;l9jzdgZ@XtL7e9ttT!(_60UlII|+61S;h06G^t|1K@2z zNKrzxW!HoNy!#;ILW+GvLL}xw+FP2a7SsZWwUBRLgkN-4)QqTVa2C1Q*X0S2VN#0( z04@O6r#*;W6Bb`a$=d~hA!iQN@^2Ukug_xbDCF!dUJTJ8UW?`sxlI_Y?RyiNcpsVN zl3D~{+5pmbd8rS2_EjsBNrym1!R^qfvPlW06QEcnPL6h>-vv05Tzxz44M=BLMy^b$zk3xjzw7i+M{B8Fpm0TmAWZy6pMnMGoapd}kD(vM1P~Vx(>2rO&bvEb42~VTL z^BI}RV3tYM6vpyQhW7C~W&-`Q`6Id}hX1ykDgRm~G<9Ujo068X?Ja=?U}9BPTS2T?h50GC`e zAslii1poy?UQ88q9@`0{*@Q@ozLJYImsO{A4r9mr#rr656#y-Qp>V(ehp^B0`W+C9 z{enn*u=pWFf=Q!Y85SX?F=~f5$3_5C7r$6qjC%SiCW>*V+Z zeUX>ZXxR5+nVUnwH!`goZd7egP1`erUL1pj{dub_jYLLV*Az z?58JW5JNh!;#F*b-8$GB*=NhyeS_pA>ASO1iHg1$E{Knwn)C)0B3EPp`NGRf;ln2; z5Mz-A%48B9`#LWT6I-)1>`S{CCZLhNf5FdfQ7QY%DU67Pt6*iEB4^8Z0(f7HfYdaTn8y^*1R_#KKoY*! z1HTItor}wsovskL^MqEZ;skoNhAWdR)*jFtelcGWm|%VgM$Lc0)nvlZh^CH1aIj~> zt0P~oP+{P?Juqq(tQ)mv9kgMDf}s-&_DGCCW1Ny}^r%9FGl5S@&UO}X^X9+e5Q{dC z9DDnR!6W1|=$U>9EC>`~=cs`~%and}Y*08G0s@AtcVyTM1)y&szYj2=phtpFSP?`| z_!oztI={}R1VA($kZ@gNM^{)_^x(k*xs*PJ46VStsfSE2SU~A>^wT3g8|>X2R4kE5 z1T7=mV$~^BSs4%8n_CbyzNxBCzk9E{yPG)z!7l)zB&A-f)T<|Dqn0UhNepS<5AQ1K znol!0ro87b^YdOI%{qwM2neJ~rCdCB1%MdbLilc&mMkb?3KL6hm_ne&Oc9e1R-jTh zRoArEH|tfHEfo17q9^CXdcfT)_&{%1nRsW>L5$+8NvOqE+XCSc92=A>sYE7K>GbF) zL_I~<)Hsa=yiIfN-brvJB=L>;lhuX(uv@q+rAqi}H_2q2>S$^y&VSL<(J4rYB~3FO zoMFgSI;{qgFl!tA;&VilnMY1YAjBLQ8R2Q@840dx(AyKsWHP=oy*m&XBUI#SL8+)8 zhd(2;_`qLksl&ml}t|IFSlvPz=Xq(&SV@@%Esl=SFcN2TU*6| z<6VF}Ja&hWXbWPXYsln!2H=n_2_EU9Q$>F~4m( z=ar#13@aCsGen3Z4j%y8MlX=CZ%*_EVqZ{&*8;0ouU@66rwbu8rs~ zGbE|jptg`val4`l7#IqM$k$iU1tKz#tD)!3`c& z?1v0R05Jy%`%d6&%1_NXbwf((*nSsH(?KG*QSaYhCQnx0Jwn|nc$4WS%ZQ@ zwyJ8)7MPRXWG3UGvnSwThgel6C#6^lnT^2+X^}Nrta>bXdfHXv&<1=yFsnD|b!r(9 zHi-(571Kkhv#4}NgT<^f(4vey?uY4g5;}sa%%p|~hrkQ^u~!iXt_}2^PY2#Fduat^ zeW!oyNZd%v)hbqK#pY9Z^MM5sG!fMtL#FSF3xs8#7yazyG=MhZhU3MnFWm28riQk*(v!Uh9_CRbwXX;rHX z&vFZ1y=+gpcn}xJOYuLc4ffMDbi3zh?pAvPMG- z7OV^Qg9KWGd4dyrzsgg+F}NxNkbl<_>04j#_MPsMdRb+NJA0$1%XPf?d%zBZtHGq z@40gIW?byChPrx;szCz}3+uONRBDX<;J|2QRc%lI2zaSA!kG-NSqv>74CtMEC4e|Q zsE&zU@$%Is4{wC*($Vop_cIdX6KZQ~F>DwL-8vaPD*2tKm zN!P%EfuZ{PMufbOtF@&o_DI6nGgn%gJ24C*4M*NPdr)DM$f~gj5{24CXTA}ta$~Xwt^pCCWT=-}KP17g+G>W=5%!(P!mOcT zz%lB<;3N{OL96U)kKP@AEa`M(zeHiOYMDnO3Ny_Iiu(;pqhiv4iNSmUXYejS+oHmu zRmdia2mivSH+JnjWXB}u^IW{jhPXC4KH=W2+Y=+BljE{CRn6!JtcK36GF5QocMc$S zhs_{?aRNVhNSFu49e{A5xw)CQ3u6$MQV0X_xU0epg}gewoS!9Px-qc}BbJ7Srug{8 zjQg2GgJWsO&urVev#z$48YV}n(zwudCwoy%26?jC8^&Sx?9}Xal4XCr2bOy2(3~^muU14EiZfRE`~VqIj|w3=uj;q75Nu3fu^ z4LPx9z|{ruUv`kMs`+=C<08VrltlXi?rAU^u3EgUtizj$B$!UV;Y-k z6-tTGi2hb`yZQd3hgqs4ZSfJ*st z%X0t_18XzJ4$Ct%BNmbJNog2(C0!@fD(h^>yy?y&Ob~3Y=qY8I%NHY-x835wifl=c^A_ocla((hr0B0f`*Z{UCa$o>2&f^lY zoYB$oveN3Jm*oZdB@gcBG}O0KWJb!T>%}00dlv3eV4fWAQLBT-Xz$0`!jfau32`lW z>IeFJ%c`1thBO*1lWa>)bt!CwxkAYZj3{h1X*3nD%F17q7CkR2e)+1hvhwZQw`}<% z0CTuC>`wV|fQGo=qbLwUOj(Ee`b%CGb+)z%Q8?X~qQk_2hE*ChUEpHv%2Y~9z#TEa zhu@bk3Ui<4rNQD*vW4EFzG?l*3#P9IV@K~VC(pV{L+Q1X{pC6OJB1+3`NI?TDT-o zILOcw9Eo6WTJHx|S28wURaQPZIwq{q7VOLnIIJu!la3=|wsyC7K!JHVxi9kzN?*UK zs3;p897JvC5bIZQaYDZi}1Hx6S%$PJroe}PXRL{_8 znKB?E$4m@+Qc+JUYf+1Lcg z?%ue!apTsaSM{g?G+L~3wN9#3iBA{c7a|Jz$i-`RC_3IZdTtFsrL`@=0PfSe2mJHgSn82rOv3SUO7N2^71;Y> z9|+^;cZJ!9ID9t?GdOYLM0j{O;#VA^F1jEN1gr(W=%Z-WD1`=idKPeXaiAMr$bD%` z3iEbs-?ntwickOe<(G4pcm`~#Z0sTxFeyk0M&|UU^jZxWBm{s+_N)LH0&FU{RInfW zQgIacAr!?E0LaOW4Zk1*AQQy+#aemj(4jkb?x2YGkr#CYSJ_} zH3V+n^B}tn%M@Bt>CG~gT5r^_%OPkNT`-z;>f&e5zy0G^pZ()+zxn_SLG!-!i%&oK z-JCgdJUl!eK77dgh}bbLE$!QHzeUg^UKIhLrwGuoMZ9(8nva+F#k1!Sm}2!tCJgxK z(WAkeLkf#tLMHxX5t%EhF^Nq&eE}N%YR;TLeewO*-~9K#`}@F6ex=2)Xe(hd>r`s- ztTS!m%rI)<54<9}L z^4q!hv-8PBZ1Evf4L)#&V&D0sL(@Y;LxF*TpM3JkpZ@fx1q&AZ{`bF!3GLal2Xl&3 z0>o*8>QEOK7@G|_+%)*nK!Zld?HnaK!=wc(6${Oqnp)PZUb|~&)Yzz$`B)=@!%4{~ z$!~=>pvlGi2nS21#zqY|G7NuC!Cq)+Xh1*!|Y6fG+yuO>NiX0(YJR zMbtMmMMTA3yn1hVOpY}S-6y#%7Ww!%mR5x9V?)FJy#p!9C%&7zBsuMZN{fJjPQTfo zlfYyHD|_b-_k`7JczBq&=}m2K>({%uol8AIK_Sx%cSha)eVx5M6AIb5NPhI1eq`i2xGtM zz$(;grA{x`8)Z`2$ly?yIKFVQAfT;3yB+h;!MMPHZMARN85E0AHqk#Z+NY3?D5PWb zcmSJnK0dzDhmQ;njra7Aj7}(rMrB~3R2re-%v<+dS2?`Qc~1Ki_CRe*OG`&b$I#d) zdsu>^VL5^yrq&6`Bw`f!EKE^^R#jD1#l^+g_d|HT>O(j_zI@RI@D6f->j6OFJhQvI zTb$nLySO(NqrJAaHt<1$lYuk#@heuWz-k8$5}6be0V;!FK$%80iVSuOvR;c$Yp3+a zzK*U<9^MCc?|c3*tL#OQpYNuvTem_6aN{yS7?=kH7OfN;23Q3^*u*jb83^DOArG8G zdwV;&hJ1+4odzWA=;?0j?@^dB)HD?MgOSjgb*)h|CXo$}zA38+^bgqN?^jY;F43#W zhK+Ow0_x%y4AC_D2#1S?xRnB+QZx!cTRlBJyj`vk6wL}~J{-V-GvR>d3_5-Eo`a5y zS6@DPF)#Dk)pJ+325rlGnvaekCe|7)n4UdQl}v#qNqE*x*fTT<$zcOrrCl77jE`Da;lY$YLDP9M6PoFmFdkN4R(Cq=dSL zWuBdPgbj>ICVPekpm(4`r-AQ*V6df$kx|LWm_egeE2)F<-VqTIPEJnu@81^(3*AJ% z71E>`^;HM=@7^A|73+FQ#hcus@`ulg z>pO?QbZA`K*FOktksr2bCk8w9YGHD54iE-Y1|ARA!t(*VizrogAY2w>jK0C+0)b%+=9EiJILT1_*FRg2Qj9B zdBY^&Y>~q)-`;>B9=8@Q2DB&2gIcJ|(`XSDArhvcSRGve0srM41R*%7G~?{_xdj_M zXD7E4$1j$bHk>(iJ#_2dA4|i zj;7R?*Y@@FV>1&L7Ut^eiU6IfHzg(IKmDiw26ClRTSjP~~Rx3h~9w9vqi!glQT^zhBfd@(vir~I%w zAT&peu9A)`C1X4^*D0ku1ec8uOGXE!V?%nCti7pj*Us>jt38TJ8u|ugXm@;6LZ`qj zM#Us)MkAL%lF4!SJ1v4+2%*uD&S9>wRoFA)Kklf16fob-mK&F@EMK@d|7k8=A7)E4 zeseOjzW)4+yVq}Gb|aei@$h>2JpXNFRYQGkP0gFZ!F~j<*m5KMg&S#a@2sw>mCMuy z{nY*ROm8ng#Oqi_*!fKYZsC|9*yMYAd!IRT28LZ$R+gWi|N8Z7aoHLi9UGJD`zMqW zay7fa3cFG9c%9Iwf_~I0#l7^5rK=pD7M9B3RCRPx20jYrEzVgOFsz!drvUKZv}qIe z23c8I<>lpQ@xp}**z#Sxco9`#>X=F}d(7+J-d?em02b@Sn0j~!vy}oDgHf$ejcWA} zSUn->mqa! zY{)}GLS|ig`!(Q4<8|n(pr8N|6{Zjl`Eru|G&dx4SH+v=!4YXFP;LObj{$<`|XK)YRLzZ$rOu zOjoa7b#rrDx^yW*5YUVa4P)lD*EFnIyzJ_k^9U0&?%q3l@>Fwk^WD35H*E4v-UPjfQgys0{U`s8nZ^T~hs5C8X7E1hoL zOmA=NONdW<{3ws<*V54VHZkewIya{!OBZ;0t-F2uCfigYHtL8wnwXS${CMhVhczxf z8~igeACIdiG**QCdiWq3NDIa5x(UgikR873yi;RSRxWc`xpJ+$Pe8`g0#Kj@Sli{x zm*J0=En5cve)Q;3^b~FgDlIB1+PQNl`a6IAeB`s6t<{pTuAA4+IytU{1B#A4R@dB) z$${7xtSVnu#qN)CoHx&X;k@|mn?05<-+k~{^Qac?gj^=1hU8QFq0XjzS5EH;Tt9!# zA2zr-y?B<5Zeqf}Dk4{i$zxqAL0w(Lg_9gaO1jr{ND{O~{hr~mrH zT&Dw3$q7l=VO^}LZ-Gz~GU*L$$E9NgM%FVOr=q{kVoLtC;vD>jLJg@MD&O#@t)E1-Mge?h; zFG6_)>jw`WebcN z-~%QlB_%KzI7BRCiHV5_1rRnNmV$BsaE?hyNiSZ!fTKKq{5Wi8&YU^_<-hzF#9OF) z_WZeX*RQ;7Yr;NqP%{4D$>VcZE|r#-VSOb*S?_w=JKfeeolQxb=p8gEHMeixTE2Wa zrX*HMXgD@D7Cd1jM~)ofrz*p3&N_Fw=$zL$}PT)fAl2B%V*OU-+aG# zwZp-<_=<)`*aMcO^z?LWfmW_uxp3h^s7PFOpex9{Zr!@5s3;6KZ-N&AFyh$h1q1|O z-1!;J_&$(lrJ>MjI=Hzvrr$$Q zRa#mKONLkB#tG|%1`vF6VUQ0*fjwgz25s;h1QX~ZkHSF) zkGFB-Ms$Do?%fz-WTHA~YHDiG9GbwAap=$?I0vl1=oEB|sR7%7B+x20a_({@}7KoJ-D83HDFt4 zfo;R9pli@JdIve73b-|Ye}821^Mib*jE#)mxp5QW=J#KHjrB;l9ZRl&Rbx+kASyEH zcxqM6TO+$E3J7x*{GQ2NTKsC+qQ!S_-ohpmfj$EFO&fgb-n?yZZb^(gmYSFp9T^o8 z6nyo{C7FCeDjUCW@$^PtkJW3Ic&&Fn923#q)7IQlkInNx|I;V`-~ar7EM4q;?(`jn zgih$(xqjKrdCjV&3wLY@sxEtlNZo`5dCFK;{Nli#oqiiUH+Z;)Z4Czg%Rl||fBc{R z*HsQ14j)PDY#%yz<|5)5gz1PPw9<*w$CEu=*DYDJeECx6l;f9&Ms?`I$mryyOP4Ud z01PFZFbqbtwAsKqo0*=ma`DpQ{1rv*RS1M>*U?lF-#=PJMv&1K{F-->c&Jf9xVo6=j&8r4|u+2kXeJe*f7{607+AY}7a zXAhr((l?z$<7fd4;R-Nk(cjF>OwlLvIi*&s5r|_Q#EA2q3^Fk{F-@Q%?rh<9usEVG za7Pf5yA&)OWn~o}Zkv`ac3d!j`Iar)o;}N9J26ZOb!mCt=B>UNRcnq$9y$^mmvZ9t`gI%r`TzH?!CQ7+ym7C&wIw;}*wQ77 z_zh$|UESWE>%+G1Kxp3G)p6;<#mI;QX{pDUb}!8?!?*SF|mhS99HcP+j0N# zqic6=E%fua~P&*!BpOlCJHZJC)|;<`S`gHw4?XX=6}O!2Jgq zu#v{57H4Od@4lHE8F6S|`2K*6f&Tu19mBm6qe4&T+?h|9GSOAr@yP&>_1}H=Wo$%D z^nsXDCoj5t2Lx~5U;3s2>vvC2*NGFyBO@cQZP>CU1fdlIFPJ!dQ&JKvJ|re4_RN`c zIXTa;*R-0|_pY4|4f2iH6Ap*FEo|4R^H;kE#?aWnz{G()k-qCZV|IpLOOC%B8~w#U z|8sa`(wkm|)XaAerl~14jPL2A8=HMS5AO>ejglo;BjW*jT`sF zcJI5JabKlZ%QcFGl+^XU{yEPJ$?4Pm89?ZU&aq)LgPE3>mj}lLhX}R6>JY1ig@s|& z$7CZ*yLl5E)*CmjRh1W=Ig@lSHX<=4cHfR|?rR+qjwi{~@>kCbotCXWb@q}{V?2D| zsK0kmTXWw)|LCLp>G4OSlat~i5A1bZxh!h$-nNc*nM%3d-Fxo$3wG{35ET=5=FAmm zXV36Ghsw&|OzDjo*Ke#^xTvPIY+`7rs33p;?mbx7cqt>a0_E0?b*E3a&6ZC|o<`IleLiHtmWGVN4#<(u-- z3WpVIk`j{7ojJc^#j3Bq`g&*h?vtm^T)uwIH*n+g!e_9S-r?b6$!Q^>JD+4f<5QSy z)ne>vX>?plyI(!5*kpZGRQkhrbD!ttsg)YYIp@o-F&R^nQyxFc92yvGX>L4pFw)!0 z1JP3Sp(q#UwUPUyC&u9ZOeaqq|N6`M&JLbO4#y@X#(8?U`mEn@?eZOi7JkE+nR$2H zmaTq%0ZA!|zMF%hQ%?*@+`~1tGO~EPgsmJ3IPR1Vo{)<2U?#r)ZPo8@8 z>`7Zk^WuezE}lI%HaH5;aO%WKxNNNAnCUxqhE-NqVb)ZZSHwgg#=OQVd+yZf{O5V% zsY?53`yC)}_7i}*3}Bw1q^s;kqu!uVV;>&oyJezhOfjh{$S>X>ap-kv6`H{)K=~Nl z#Kh#SJHl7Gx*a)jdP1wOt*?teb~IxD-Xk&5F^3PmDt-y(e2;;t7Z4a6cPwGo?!6eS zfx%($QR{U^Gkc(F$~w^1gQfK9#Y?@ty%ZRkjZdEE!s_5EvGhiS?(|vbHaOD#;#K|+ zU(KC6XI^}2aza}C(U=3fw{7|2lP`Tdf=*w!HZD_Q;a@s`eo5I|x-Mrl`TO~Xglric z92_0!x^nSM%+bWSgw*|e!q%-_vp3?GWGrIcN`b5%zgM|xNqpp zsj~@*$$KIrmpVH9@!L7~9zBrCWkp4WiE&5c5g;Cl3h@i@_S%^B9zQ|=?X!N<{=JdSO$~az_G$KWzfHmJ9_z6s2n_J^T<7}W?n8slI5N`X?&kd6 z*Ymc9?7;TJ#nr*v%lG-SA{q`l^~LT6Flt7-oA!o=gam9Vc=2**T#Bhj=Oz%1nXO@a zB78P(dQ(wqozf1p)du@|L_|ak4i0DE&-~_3bC$1hj!8^DcrY@2`&RgRYJjmrM9 zeqS%2uRi^9d+4s?X(tax?ceC_6%!R(RbHb~O4J%zW@gs1rK_VNW8>oDw`>mZ-RSi^ zJ0F2+3u1!hOMd_RKgJw6mXvrL9vchZKmPqcz)zk%d%m%;S)rs0SwMJHwr-Lk0V^xY zJlxl9+q$`_vEGc>h@BF~uUe@pEO;4x@bKo~EumYtN9;Rr>{vouTL-#7F*%Zye9Xgr z{l2}C=g*%%c_IaMPo|w%v21nyn+B^%FBuyS+~gPF7d$a3zn_u$hd=(w)6<)_C`aSE zI@<^Odruut4fGEP58HY0VD$FwVfWG>YISr$%&3!FOo*Q0y^Ig8-(I)MSS(A+kvV{0UPX`4~2h0~zR(H6a?tmxIM zB`Y4@d8AVsG%AcF!1Va>qqUB1w{G6kYUIf&$B_2-3t8{&Uik7k8r5k{7L)mPNil-; zZ9yTcm##d2^0ahxQm@u@v~^;kym8}J{)>Vb_=GE$Br19*6>A!up|`gg zW@ThxOf(ARnG+}1tXSFJ)YjbCvU2&V70Xs`-MsDe$usaLN`<7XtZ>T~KZKHTM-T7b z9pdTfc>dg({@#Jxw{H9Z_;yLezPOh!swc;k`A>5L)_aBc`lKbrNAB5kJSnlSs}rsE zc6OvCCwaS5q#hHs_f&FRTEgKqE0%us)%>tsM{=IMmP#~hoz`s)4jJj|Q%c4k-@D`E z;Ssud%b8Q>gM+sF_-@O3`dXo)$A6uj9DeuP&!P?-j6AS^&8pQq!}h)?c*T@P#%4n( znT*Y-)uE3L%U2>^S4?0hKpQ6DqkH$)u6D?M{A6-?6gu3qV`qP7FLoC63;+WxvT$V^ zHf((Rw$`AxOd*@`&3=;a;l8o0wO5bb78J^Fft#{6);EN1-FEKGS$G)!AOQx58#WF* z+S*~RuIt=WPo3KuzTeGzBSH>L1Waqi_+W8fR)DwL_TWt?lH*ULr8+n||MPEue?NGJy>)hAw+_fEnVz9rTkMD-e>?bOnwzI3p zX_ezQUwpe~?}4zLd$t9KZuHpL+T13Q$U;MRfJtv}KfM={b~u8P|Kjj}c~f1-Q?_`W z<}X^r>NPeta`I#v_6_{xP)SMY`3qNWKg^_Q(JPDg-x;udN7KMS)ywj4{{FN5zM;L% zJ=na+EK@IT=XlR|$;~Y$KWk7V96PYy)3xqRH7aTq8mCpxsR=3a$%&!9?%L`qg=7*9 z4s;J~4cz6oK4fx4@}{bK`O;+=euYeq$i~IR1;IM4aLl68Gw%Bb2H+RV9`;pl$|{D2 zhNKof^ptb`{?a*fZ{$9mm@=P;N;nX(v$U}VB6TblPhJteQiz6wPWLhP-91D%eHM> zuyT)#jFgs^FPOgsdoqK5YI1^36+j!4eO-~;gQ9nbH&#_c57|%iHgDTgR@I2Tc6`!l zzl}i%k*Bb4)~YIUvX;+VxPAZ0+CeKnzizN1aG6wVdymEK3JUb?>gcASFmjOz&Y1KcK71GxY;0@{vksf)?Cfle zEVl2-$;rER?ZVDbp-_Z}ho_~b_4ahN*Huf#`(!2=b|_OrqdPbFY}g*uJk;I#qQZOL zs+$ipM>N{x$b_9hOA~|K|z7Y;^M3 z5z(fAlQGtny;!$&#g(*kP!~cjS4WqJ4>Of&74}!ymLED2qtj`MUlc5#H@~Xrr4>#P z>jW%T$DS~;1G^LL$mfUwU^KS%Z5pS60t-foU%GYGYS11H-LvqMIlDu4@7{fAL&)|^ z>6tKGrOw#!re?gm*DRGn424YX?i=W}eNT^4TV7e_xO`#OgL_aofAVZ{VhqOY@9&Q= zy{WAel0C@E3EZ;1uC*IOrkX(q85))K*ECe-AdbAU$(opO z!f~ZmO#m;5G$+=)7vp^@~?w0N5(RZa4}y#qUeD>c>ZV)9+m0 zxqWkx-^SSJsFIh3-0<`&-QJ!1wghgif758uTbpa!HwW#=$tgtPy$6>!_^!KlC4Fo} zgO-K|+EvogtLM)B;8MtuzeAw0<#RWxXt?|i&M*%**7fzkA=nQ79_SN&e z(15@b@d;LwxvsL#b+v!`%_4=2qD0-4RbepcECx2MbaZZ&p1d@_t#~tk?xMT*9wM%$ z$BQV`lfHVD=e)w__VveOqm4<)5nKHB-MX3+6yP3paI0iQ0rx%JKXCo>g^g~Wcdy(G z-Vk{C>_x@60;?6gVo*@X>ynDmv5DlgQ-_Wo9UPkkSEbQRFRHY_zsnK7yndd$Zq>>M zH?EtMD#^%L`1T!J0ynodcl7rSyR7waSmOeRsiW8Dmsp-H#$YnZbN7u-`2hjajg)g@T2FJ%9?P~2b8K%0s zhW73~?CR#HR+}eBhkV>zS1n#uT39+|)Meg(wBY--H?BUFO4!r1Q&yD*3nAto0v@^< zAJ%gB##OAy<;BJDgJciPR`_hog_y)i#-o z*5j$CzWa8byPNl3?9mS#&Uu=T$mH^+8}4rFTU)wl5dkY&O6a|C&!6VFI66Ik@KAWC zv+X1tf5OfcD+k#gC>pbF;j&=5RVNDoq>)yI! z`;N$cBPvi^MJ+cjEh~oE;u5IbSx()J2*HnBjce)qq~0X_RjFVb?t35iapB2;C+F+ zcGV2^R}_@3pYQncdNyXL1Obg@s^oTF$P(|TPYP8Qvs6BG_~7 zVco%fkwZN_n9Pke)pxI7Kbds$!imeSt9-m%{KrQn(5b7d>!nMV#>dA~Q&TY*H8nNR zKE$i9uaAw5jgF4y&pAPI<(TyO^ZbJ+j-S1LBVl{wqThde?n!2obRs%n&wlUFx`82V z^9NgpJr=pf$DNpvYVKXU5$v|Uy{eWwT8wwp;b<>kpW(^zp|MeSclU!42Q=eSIGob# zJjW$#uHApyI4nPLE!|^Nh`YDX-rakuUKNe^cKf(EZ{4_YxTA+_ODVN%Tpt<}lib(W zqc_SL8mli}I(6>+$&;s2TwT|?xH#9uGSIt}Jg+I70 zUv@4f_0rkP+qUlV_6g3+e%Ui1-4PxczB8h&v7Jp!&ikm+h(zghPE!YAqXRg=Sd^~9~K7hTq@sVJ@(>>TlN^FO%fXn*?{ zon+QqyIZ^ESDuaft&}?eZgKh{!jwi+~p7$L#HW{~X zkM<9vBsS{k(s|2bB97j=boXQ;;&1nWz+lYtCr`5-oE*_L>_#*SdQ8@+P*)a}c&>5I zzMEl{YphEB?Nb-lu5hSrY-#T8U+3j>@KEeX{}{Dqw2pQRVY6{Q`K)qOapCkOH}~~< zFH00Ai&C#XurDYrVZUr*yrj5h&z{uE>Y*t!z0zpPpt9 zdgOwSdvI)If_zjZ8&U4x8L`Q0Q{x*pd?w3aPiJUI;IWv4ipgPGYpvR$o&gVs&8bH( zO2@k&+`H=U9$ogF?pU*$6-Mp&wF{SgUH4ZMwzjtxZSq~o+1Nn-S&w3rxp_O{A52DNa>8>aEz_wF!cbCQs?$}DgO z3PAU*!ZyjQ>E#$|t5Kb{`{0-V>%T1fZrR#(KK{F-qE4Qx?HNQUfc2@RtUUYj)f=g4 zCsR&+Id{qGz-@J7l8&zS_(S`4hX!9fl~VqykVb3DQd(N#?Ci46)9YB`@#Ck@2W|^r z>Fj-mrzp@bQYkqnrmYIEK5;&A_vTQ_bF$R-|^6oeey`?UCl#bC5fYEA|1+3o7t zG1^$tP#v^%-}%VLO{3T@sIAuF_JU^{=J;k^c{`36!fL&evd7)Y>2fgY4qM5 zetz5NT$E+7zAWp~t-OTO={L^C1o^C3u-do0Rngqq&z`JV>3!>VzJ}Iut3f%Q_vpT#Yhe4^){(xltwC$|Y)KgD z#?VYuym`7}iSLyQg`<-b3Y`R53-AaEbQEK&OE0zNf zSLgP+N~>nlEFB2+aofKCKu^zDUFOT6RqHQi6|uX0^%%#@3pYL7+_RdVH!C~#ZwNcH z^VH1Btr?sZh-NE_R#cMJIPt0yOVnPs5ysjs0z(1HYm9Gn<_U&?9xioy+w!&x6 z3@Y8k&{)8Rz{Ni-IezTqy=xgsN77ab3R zz`AX%6`fY~gjG3oVDrvUzwo{RdCtp<6>HqioV|n)hr%YasW>Nl(VRKqA)C*poJ>nP z>F)0DAGD|JZ7)6Ut5QLqh(eKied+4g|MkCpvHXW+-fKgaue%(XRMOmviCACO;<3c@ z>h;G8m?p-|Y<-cP>%Dee&Vx*oQj-#UY?FugU`IDi7pxaD<-YAZcWnukkBnCpRjys? zbK`6db~^|q`9wmzt~F`Q26_t9YS8PXvZDN#OP8#C_#~Ge2!n~zBM_3-rfTQq{ts^D zO-&8P#f5sW4K2xQy>UG?B*f`iRv~zmm%I-2U4P~Dx$=V79u97Y_Z}MQ9g&U8bF-cu zh&Y7U$Y8NPc$^)Vlv>x;!JDRmFzBpCjn$+tev;|1Xu+<{!6)Mr;-aGieEhCmxvo(f z8tPluuJzitFM4F0z2d`Ytt%__^K!g)_BhQg@)?TPg;|bE-CyQZsukmr`*-+y1+~`o z>9r>L_;`@J*U~S)I}?|3{q)tnVFy;NaDDXnMgOoOd~dX0;I`J*c6L=0JAaAQFm`a) zW?vuw>Y7%#sfkI2-^QSQdk%~aj1=VNyE?jvCrW@$ro^n&BWl;HZ(qCYv}$=lZno8EoYL#*ei);< zwz3)yIs0MO*ucmJw+;XL5C7`s=;pP~d;SlL{Wb-cm%Txw$5T)L>u)|=v~anjgR7^9 zPeOcZch|tJo9RJ;TRYl&HEJVW3?T<;(#RAw6;)uEar>@OO^-#1&$i+a>6pla`*!Xc z8)AoWH++Wo0FbMn*>N-+yrV^3{}-<4#U%7cX8~P*B+0+aD6L zB`GOoU_f{_psA?^rEzibQySxwi#LN^y~?Yr42ZbNs-_ShI&Adpl8z3Jj`%yd9orQ# zE|tL2DxT(hE?oWc>5GYR`N60oP#QKl;(!9>GL7(w1MJmx7W@0%e=+=2ye?Nv4i5Go zJQ#`IwzYMfI(cs2{-_Cs0()+2>uB`GZ9dz!RrGY`q-O`L@OXXinMq;9(O81q@-b>jHNu}Rg#Yj-!SUfce* z-XK>=$LY-siK!_*0e-d3jU7GR&d$yWN8@x-1tv$?)BF|lmStqWL~txITKmRjBNNi` z(J^|9jZAVdJS-t9N`fd&J7rQ$DW&E^ktt`-ULP77XlSZDcxdm6l?%W5_6tX+mH+ZD z|Fn4V!rIz;vw5njvUcm1u*Hj3?F`$0`QjZYWVp3u$ya~;=Ce;XxUTzt&Ub(M{A*wT zZHU(=WX6!KyQ2>s#hzX(ky>>c^-!;ut4CPWxfXbDa!(eMRjSr^AtsY5y3_C9c63^| zaK6Ky?T041N3Ck@g_wvh{_%hN!yi6hu+sU5#jC$txH2y3M0?Lr?z0zb99$~P-qL)- zu1`l^xW3}8!=e>g_tJIrOsDqV&8zDi9h++#hq{M1tn*7bdRjfnURSBNVh`%+;*y$h z)S#Kfe#G4|AUmT(B}bX@*4;DPcWumimY(tWLCWz<5o; z=Kk(K|1a~`t*#kpZ+`kJc!|r6hnZb6*@;6b+noJs%bP|+EP8kP#Ixd|#v*5e$9^AQa zRO^$ErhN7+Bl_C=;D2EZh}ZpnyiX*@t7T(At3}=2+8N-r=S=dA zp}wZu*UxQm-dFUb$D*B@9PP4N6j>P$LpDTrHB9#RRxDZkPk;RF?-1s$nfu+6MT-}B zhi8?xST!T5;Tt#l22`{SV`phJS*8Zw?hAC@7=E~@Q)1AodTU;LELm~=_yyg#>SEgY zfBo;jS+r=$YA46veD>*A-+y~7DN!Ps(5qDqRTbeuLCe4X=D^nNh0kBmSFy+gnvL`} z3&C;O0BNA$!6*aH4H?X7PNM+tiP!i01V?PxI?ysOHmON}R{X`XHT#YwYNxD?Rn@!v z13Z^3T{h?I6^mE?{U?81<{MlyI5st99%yd}+wAYOVo`|y#s}%Qri_N>=EhGy{p??V z_u2AQPGA49VE(c-9vcH6uCz`n;s8rEtd<_o(pH!44SjL{salwGP4OPv=g^q&l;P1`Mh(>y?9TX5|>0U-TB8 zvlp*?H-GW%`;YpDMo*nO<+*NcebsBLL9Q9;4A`(PGVWM+_h?o6^B@PG8#$$2^ai>~ z^Tc3HUP(|uU}i&ZyQ*uei+{@I#IX@e-?+l48dLQ5MDIv>cs)-c@4R&{b=4}D#>Pq6 zB%R&Id`XDe5#km$(V*(7tk@N}J~94O|Bx0N37yi=R9&}f;ga*mPfv_VjYcvWZaOd{ z0v4}Rux{1zw^G7CG`y{h*tKin_up5SR`zxDgl*ml|FG!0rSrdDH2>=*^S)V9TwIMf zEFmRwbLhsto=J<*s*+(9)xt@gOh|NJzMr8S6s4zB6cVXZOVOSJkVXJTo3- z(dVUM{2KMM2lxN(KmX_DbLXvGy!^Yb=Y9YE@*UwZHO<3xeqD{=Rc*8?wW{&rOV@lB zEV=vqQI~YM<=N|f9>H!wL9KFm?dygOD>ppNEtyan$3|##^185S#iAt$&U6Y@#I8NN zLU&9KkB;;Wpva`r?by6^=hjfQRQ@Wz#AVsWjO#B{*s@L04NIgAI1c(G4eZHCufEgj zUOdlRv3$*qyBR~{a6NZeID-XpXCAW=S-gStq7*U!H<1d~+ST@)3MRvJ#VlZNFXrNzce>XYp!S3#LOIQ5vzx{*z zN@v%VE(^b3x@f`btn8w`A^HBOxbQtuLqj7l1D$--YJ^5)rxOo*d3e_~(ut(uk;%~sDHtG?^Y2dCeUc9-^V^eKSV^4eY)=e9aMIEJh-C{(%zGA-j zrE}R@jZvYY*FVD85U=a32;DJdOd7TPdG_N#-wls5?$JB?Ocbo6n;5$#^A_B{bx$o- z9*#J?EpS`)>uSlU6gw7riWD86vL+>_tyu2xG&^r}M55E05nm!R^U>1{>;3BMS~v|k zPxx)U@ojmfo739thndI`z9?ryMDyX>wr>p#R?8LANr_fVFR|Ucc{4)xiHV8y^mGpo zkE*IF4SPt*Xfz^%cX4q+1mE4-x@VK$oWK9aRo^dIGJQg1xkFX&lBLkZOetsPh{JeSd)~s1GckbLdbLJq5 z=;`UfYMYjpwqyxCd$MZPn&18I_X`&;E-fwZ?;rH{4@68mK0b+YK~y$8Jc^vi$b<56 zY0kB~>sL8fzkMTBD)b}RbXgG}t_#>$)?C-x+2OUq@%X`5i9)V384<5LeYg1GorgW$ zgZuX#gwkqj$aQl>@O{?rx?0*~47l_&&83JD@~&iUTjl%YF+G0?*AsJar^AXx zHI-!;S_B7<%N?U54mQ4hdom@_*W07EvT~qvptiih-C<++*2tc&{zi}_ujmDlRp44Ha7MmzhINchAUUD)%W+b_V-fEM<>lP$ zR_SEKrX7d;!|Ml!d(@htwh^Dz>r<1@_4bZFxPI4t>FV73kEj>)R!%MUPn&`R`$mSa ze_FS0U0QOAYFuKLtLt8tx~+CSeKXWeG&)@rX>5K7+q3So~Zf>rDf&T67?A=3bESnlT(~h6>^WEB5)7018 zxW(IT-?lB~g)h5WJ9~SE;77m`aYR6H7&dL=Lu2eDigCE5ex0Ms=3Oc66LcZ~QW2UT|MW>jK~ye3S_ZMkSm`XAsjq*eytFacKm6v|>yobS%!{Yi%$;-d=Iy$6tW$=* zQMpn_S81N-y+puw`NDODj6I$Lzp617^7=YRg^zx%tt``zz;cm4WxC3~61$&)7o z0|PN3Gcz+0#E%aTor;eQ+~o1H`sKKMxGC?&HaE|;K^qzdJF(sbEM0r&$&)ULBr)RH zUZ3r6Ue~9mXRY_zc>DI&CQE<#``6TG3{voX}9nL48 zog9+v36H?=b@tKgGGrP>e|LTC!JT_{hG9FJlUqGDK^ID)bNR%Oe5}oC8XfAa3ikEb zzc-?!w4tk8-qtk0Emkejgm2vy8Wh^q(!pOTFg`fAbKBkO|6X+zgxs zx*vwc>tLnl_rs*^KOE-f-&)e?&ZZ??K06?zmtvWQC0BPJ+3mi*W4Nibq1t=?=7%SX z$4v09G>>X?9=m_(@#I?dqy>6bpHJAceZ9kz7v+f8jXLEfFV`)bcQ!RNUp*PIJ;)`u zu)bqZ(@|fvf2Yra73&Ks`Z~JWH*fKaNjNT%nV)CmtY7Z(Ca=saGrY`w6|pxu?Znwh z8Mz>pPXDsFFeKP7@#rCqbXYdjnVoTO-VZA;UC9`qkR6Rn^6}i!(J~BU(5c4vghn0M zeWazOCNKX03PJV0iL;~Eo!dEjTCJdP?fKMX_m$qA^&Lh{&#thId$+|SUN>7N-qz)> zTCwT$i7fVcCTN7tKnUm8Eo!}Df^IFaTB~a6-PilZr<`bR@4^i7^YLzPcmo2(KhB*fzVT@3@8_jnd(2)`f!(j{d~C|LEuk;_O2@5|Eo=RDyM*`mYS?PGCKDD^Xq1ilU+>4OJ_LfLA?uUC!80%)fCl&t#+(;hi~w~@Wbt$qgnZ{ z=Ph2Dem~P_}E*{=(eFJod?`Jed%dH4BwRAtQ=JiwnT+*_V!#~QQZV<>Fpa{=i+fN^3YK4;FE`0u8uCZ zuietKdnZgr>#<|Uy*31OwD(|53G(rdKNvUK2l0$=Dk_&RTz~WGbK!m%?3b|W)1yd; z0WoDDuIWwr>tMf)N28-g`}=ACX0ph~Coh~jS=Jq&~!Nx`o z8v`_i*j+g(jgN`l5)f4P<}I;e4|!u9kByB*`o)VE3l}a#@WyXxR;$$)E?jVMaLCWk zpBNg7-MQ1>(JA|GhGJ4VDbqG~^uca{ChT1CpPgUVO-$_D7PfcW9;{j5KQJ&57ZQDYHRD)ulG4}ai(;l97-~RFe}5g+Dk&)mFwjPo0^&`D=W8c+lEbBQBe`% zcm;cXPeoa|m#fF+%U4JB8tln#rJh^*!FVznZrtFPH$X-xg)2r6VhU9@Rn^KZb zYqX}4XN3`4cI*fUDScTyIyeN=2@DQ8nh=k9GcYvh=;#<9dvs!G#H`R%7ZhV_ap&Q) z&T$oAWl2x;n1{unkOg>oE}uK^-sS5PgA?sdoyiHOw{6*9SXd#GN#c$ja&vcXY^s3* zTUr~OoE)5;9h;k5l}a^#AN<6){N#yqfdSi!3to+OcAktqyn9PXRz`*i^M1-oH~BHw zlazF7t+V^ZGZ#9Vn)+IrZl68%$$$Ti@7Cz15epV(ExVa*ih}jYvB{3{iQ$n^NoVJ% z|HjbcM^hF3Lv{H%JN-6XyLJO}0I`i+Bd~q*wqa-ZzCFA4mlT%`^$rho_hU-eSJ#FG zZ%aHJ`=-34zNS3TZ^IAYeBDytJUTGGHE>5-7gA?rwrOVSI;k>|3mhp`-;i2OXp5+4heer zFhi>qzJZEqfOuWYmS?rWtX9dOpZj-j6z1pfuVy^UeiG!j3C-M-CI@sdaG|hWZ3Si!dD2|0zEg(`|3MH zcby5BmlSsWX4RHY${A%+MPRTiy6AMCezqnB@gS0AId zDy0&1-`&+QEhT=iuf4jW_;^xs!1`S|kBZGkX~wR^*42gmL2*IRN@w?#KEc&pgBp!$q_^EdUq~E3k(_}2UVh%Q;o-sf_{2?q z0i~61U^5!yl*%-PW}pOk63vu}p3~B>Eug{L)7W|_>fpCa76k7PFL+xnr>}NfjU$re z;9WthoVrF^3oA=pzw^76kkuzg45-3?UxVm-ptE}CHqW_B+;fVX>l$h|__*yla9Aog-#&N4 zW#P(-XRq38S`J6V>-*z@N>C@l->Gau~ zqhk|kC(d}T3wn_L6viN(=nwJR78<;>udl79t~5Ak+xqoE53`8o;@6KCEpSgup|{XrcGIU;5Ns%9?QcpR-@R5`@Ql73iPa?M znP1T6dk-=P28S`!=B(_UX+ z`8xN}hShGV$;VsO9YdCpU?*Sixn9?N~L{cz~eF{x5`|44gXqnGpAgy zl^LL0!T7MfHfbz+Wn*3Cql`P{uU}ft2AxWN?b1aTM~7E0iU)fJuAILb8nXRy#uLS) zip&#gK*(sdK7M*9c+1A5gwyS|V)>L38W7T5g$zFjjkszppU`DxWQXv`7 zyKv3<>$x|dWJt`qx}29=o!4(acwj)M8S5E|+`89wo!7N{_eVy@UlkQ^-xj)aM_6-X z6E>Dl9%s3(bvYOrRr|K4y|wN1$y4jSyl>sOX`vg_YuCGk96x%cr&9*sLiewm=xY`1 zzG~a~b+e@~FCX#x@zdwAcWr6zuBxbvjN0bz?s)gcbC4?4-7&G-JzO?7)(q?Pqir3f z+qdri|NOuHZsP`@+BfAO80#I{=;obtG@-q*H6=cIt&_{+$4{!N-jtPBzA7uXoJq&(%i9Z`I=+#DT9Nw79+p6 zwK;l!n2(#wjdRxr+WN~&o<;57v1dnQN7H~#ElW;{^Y++y@Al)-;R(d1r;a7;-@N_t z?F{9F60&JE7R2HhhkF@MgF`|uUAofU-ZtFVG1}8S)>U`@czoE7-M8;$VNI9GHQt^+ zhY!UV)cVfWw)GyKJ43hUJ$90`be^#HaZeW60u{SWEkGtSoW%9#bWPk zm$I=Q$(0Jdku<9^B3M^rXmu8YL9ecVTeV|r$a;@;g?Z0SI;~o+sDE3tB`7#z&t5D^ zI;D1B`2L_x!8Mh&a`x05kbmyy;)SbAm#i$vFG59bv3h&G!J9XkB4|N7gg zs6z;ZDp`CO6cYThxJcSReB_ka&AY-|h6i3e$q!n)p(49TKBkz&z#}5e zEjt{t-*;p1uBga2H6;~gc|ra@-+w*FYn^w9|CX=+^v%KjQL>5g2lsBTbzJG;>b!i> zvaLa(^S)W;w$`_~u?+*@?M+YjW2=;$ob2Z2R#H-O^ytw~KmGKRPd>q(Y3A2E)#d4>Vr1RtBN-V|c_is2ju2`~k{<7tZ z0s?&(En48_=87#xU*AAfFh*^=@uEf&;hu`h54*x4WZHwu~ATY-f!C(rlTK$-4_*J`M=l zv}(1}x^)}Zdj-CHMi1vrv^L&2mG+z8eDclwr7IoR1#St;dRkyGTUBa9Uj9p%mxr4- zcKP9x`?H)0XX_1HD(xDl!(^{2i{^i zjEdaLU#4aXYq4+k^Yh~`r8elbkMG@Hy<*{Nw>92A?m-DGN(spjxTwmQ>SKI6g^{!m)>gDC)?y+pak|pyN zJpz~Plp%qIPtX{rk*`oOlD_2DA-`7-EkL{Lp zOm;Hm)DK_J`{MUsxjK0GZ44?YDK%Nl*a|+&dyaj`^5x5yE?#ozKx9i@148x_@kz^n zSm3e7c~{6bpS5mlS36Wz)zme&1#jJcG%m5Nr4tIDQk&aqT3lB+pE!0L`>UMn=k6Zs zS39{Jj!WnrLa43EesIIt$ssIk|G0#n=CXZ})2NpATP>1~hEh*ghvUajDAn|SUog}u zv8q}1Dg*rZp0M4MBNG(3(rF>f#Xer%pZ?SD92PI~_FTU=@lxxs%BmVq z-oGVm=bqOHfBD5gMeofsN1Zo@IQnl-zjw2#syN8q>-wq7I*CTF(4R^@Id9&AufCqM zc=<9nFVDP!e2ClG(H4DR->O9mg1o#!d^V=vx;HY+&OpOaF@Pc2-4cTYkPjD-&Ir!H zX&_1#uXB%Qv`py{ug8Y%{p`Q~)7&q9Si02V`=yQ{dm`&Q=;bZxw{NVRKi6f+!u8IM zULM}xFIo|}_fSpu(8R>p!TsTZzU#d`To6iLzI1M&zt>>U6&Af*w0Pe7L@0|CKpgN=yS zLp>sHr#)>Q#x788HI7PJ8x9A>xGo6_+8tfmRNGpeA0FWO`>*G%bobq{eT&noWnnw^ zwY9X@Ry_6bSoy`ArOQ`&`TIJ5|IH_k>-@`V`s*9(f`T_j96BPC86I3u-{$RKoc-d) z*{h%b_D}!#cmLw(v~K>Q<;zw%96xosvbrkf$iYSPzjI!_)YsEFVt3d#U(Y>t_KH-d z$j^V_>$7>|`oQyNQrntqwghh7wq?iga5rXpX=!;-@HW?V?#^r1IILK-KWuviJv3?U z>8uF!cRLz&x~~(9uBz%y;YOdZYgg!g7`;Wu<8{Pall^VUM-Q!DwrI_Y zU*w^xntJFAZXqPt-*M&AjUH>a2Y4@E^uxg;aie3>H&0)zn6t=f!}fKXcRM?;Shs3n z)V96NjV&^(ym_p_*TKtkp4WQsP-hRHHEWgxY+Qf$YOaQ!B2g$z1NR<2_Vx)~vfSOp z-D}~JKOBkO)mYVSRa!M;Vi=`p!c}eF0 zoggRR_rpx-U*tX66708T+E&TgAbAc{v+;?u@)898T zDV6l}x1GO4FA-k0)L~1=<^%h}J6jri+dHGe4=(#|iNB}&{vBJEeDlNZ&^=fbvY)@) z;2W6n;IWe4Z%9|4)RW_PFJD^t&A0Qvo9F86;q2^v<=O*$R&LxKemFbl)uWt(>lqK;G}O^4 zJ(J#|*U-g2o&Mpy2VZ>g)hECI+|kt|IB5HdWy`mPZp_TQ+u1UqQCQX5zNF-cP3yy& z>xT4(36pvJ%EepX%~^Wlcp806)naX_YYOo3i#~AZ!QG75n4>_Q&cM#~(;Ujl%ipzc z|AlMUI{Nz9du)wnl@x*b>%3<^t}c05nY03tb7Plzr>s5Q1MA$pQ;(mP$=Gv~P>fz% zS6Q+@EY!on&DYb{#bNonwX0qiR;VO8lTn-fWEC|q6qYG+{Z!f)m- znY+Ym-TIir2{kosMg;u><45C?oSfFqpZ9~C^P0~Ze=m73Z{ zUmySQuw8v!-O}-i+$Y(H*PR@k9UT!oIE3xoTUt>IafbT4wg&kf+=N=A?45w$@d;FwGDyJ*fMym=T06TRGt24dKf9CD(x_bGtl?cF>F8kq|Z{eJu zKg~h3Egh3=4chkmPyVoWjmwH31gvu7@LwD(-SauZ=dZcaXbED|V{D3KW) zw6&uA4cai9r}*+1{7Fxr-;LXdIuXJ#5diIRoB+=X3pO~1u zdbNX(kMEv6`+R-<5Z_{noERRrs`Q8tot&JOuUxUo!+XX2MNx;N>pENEoSNENk#jO3 zd2pES!$ExLwaO{yac+BC_u=TH+e5>l(kEHD2;tI>pGFWLdnA7KDkqe-wRWvs;czrI zVPZmf)$cEcpNiM9k{OM9gzVMTZ*SeYQ&-yrLh?-@RGMm@7v&bcoYZT_21be=<&HG> zqMn+aK(b8e8VakXjTGOOy?XTun>OsC0Nb~3KX~vU!ag{x z+UhqLxqY$G7j9mA^(60UdS>V37+vo(SPSkyJ(QT7{_Oc=|3r0RMR{2bbriy@_4!#( zVP5fZ$4;C$QT_G}|9HMsF3Zf!d{b48%^mtV(Ao({GdLz2*U){HI7cw*My()ZR z)ELwkmcd@TS?_U%>-5n8r z;mT#H!e}3_o6SnOtgGa8*2}`@{3XpCVE2g8vDI#EZ8fk@Bw%hA6ckJdpJ1?z4fdtq zxt?$;DLFOa`R(+_*Kd{7RZi#?n*Pxzmv7a!wMq=S`m&mw+nJJ4nL%%Po|}g~USev> z?Yno1@?U0UKI!c3lPXnZ#pMs~K75q9T!Y5ys%vjuy`7c>yG}cI=3--GGfDvPTzPqU$B!S6j5v_@>^VJjWwEw5HYdd# zjf;xDbNO2Ky$3~k1!LpVkx5x@e&L(9_0mc9$_|57Bh?gS<#o4o<4~_PWj}p>G$Hxn zlN=>|EJmC2=+2Jq+b&vKa`ScQo<>V|&9aakdbo1o?BRp^kL6HjVEBdPXFCTx9crUzc@C)>2t?I6gHZHYNLMCYyk&6BKW zr%s;Be3U*i+*emqU-r6GCL4hhz_L+RUU}kF+JVTusEEl$y)s)3+L4^>yKl?dCP!hX z>Iq5j{q($sx?veTZ$bCWq2oH4#A;ME*HoN6m5R_TF){JZ-Sn2$cDaJS)(j|p{VM)Q zbmEby%sW?~JWS6iD3B{OFEg^dR=OTax^(RP&DbLc&!)sx7L-~{Q%b9>TizbJA>_!m z*h?2P;!;i>i;uZ;`+8qDe1%n^A2nGOTGLe7o3=wojvqc6pL+6eXE%El0Rp0lv4{6= zl~>hE6l{M*LuTq|sJnLd-0_suC)v*v($1eaf3u;T&aDt&YE98e<;k(ZqJrm`M8}TA zL`NRDckAZZ&>-iak}C6a^3I+(cPjPt*%RllT)Z(fIL2(0KB;);_Wg+chtg7ymz5Tq z^<)?|<+VwN6JjFvJ-&DQ;f*_Q%ic<)s+P{)^oNg|TiWQ`RhY9z#GUlMkUQ6IoJdZK zJscksllba&9qrq}*ksjB%9-ru$)>Kmr!FL(Igxbs~k!#ap~>bcViQhkHjZM9EjetXHP}d3)l(T)zGLa z-qyXmcjxKIpvF7}Z=&ky9)9|ysJ*?N#Ijh_Qu*^IPpiu-n(FGyOUtS&t01z@K-WKk zqmvVPg)a(UztWnqh(nhq*qK$Q9q4Gwx|iPD-ma2Jj9OZ_`Kt`&a^=0d4_=p4Xmw_+ z7hq0HFgU;zWGP;mDYy zF$tNEo{o&dPiVKD~} zr6wk2J$!_Nnz>8AVmfIYHCjp zw0#?4p{^jN6ppnbv#l^)52}$wsiPx{+%*x6}u-?Z1}a$NlBv=db|Z|RCCRyc(`JM(dE zWi@>%V#?az(((9q`e4rxHaV3QZ;M{O)~F4b&QG(SBUILEjLl8$S&wtnD!o#n&3u&I zihanR{hr64xgQ4E2tfJSD}FK`wDdwBEG*bLTP&FHq*#^FszzvLmFVfVIjfRx%`~!W zHx4`UBh z#0*8H!lDP>@LXU<4ro-Zw8-gFpx}?tD1sP`g*s|L$Rk`Gqw^E2M|z`yzU56^>6m?l z48umhw92xMkl+-7g1|x#c0eiUA)T$%YE*ji9$-i>m$m2(=#ocGe@QhMXxBW1{!2U^cNT8l6R>c%>2kr~xA)&>%4622J!aEOl3wu?UXWuCGa&14=> zIO`()(M4@GMp~7TPDD@9=WKaL_?!4lWW1OMCiDfl3KiWl2-KTt^aTT8BGGCDp9vc_ z=n?T-%_ee=ybuP)bfQzznF;C$gt7k)IV?k`*VCgz{QQVOZ&A|_pawbt$4yo7N3Vf{ z=SKf&^bNMxLcvH#q$!I@t2~t&zi;23+Qt_22~@0?uwisfZ&XdNs2zE9LlpgkPGt0G zzc8#o#*pd3qEWypQwRC2KCmJ)4AzX0Kz{rB6{qDJ$_kt5qAJ?gll9Wcb;yBc4eaB% z;D)(_gG+eTJYd+}5*)UB6hLF!})M&6%v0y93+r)H30}=&&g;Ak3fQV#8rk3{H zdKo>rh3SBNw52i|=)DA}h8-6*VA5EWH1N?i^=UV=@?Yyixc^wPg|#%d|9jS~EHg$<^eda7@OADN0FH zqj&}Wfo`{;)w-#<&H3id+QdEPO0CPb?@} zh{*<;$q$j>a~K<|WP(0mgaP2Mhy`lph$)%GWd8JDtK+K`6|3bEY7uKOTnfgMk02Z} z3>l)EtXg*KGo4*#0|;-WfCAA+qjg**g-r6v3Aj$M(phNNgh-9`dWt95-Ab%cBN-=8 z^RJ4M42%y1scY;we(u79+#H1t`&;TYq_U{gv=IX-QzQ3Y473U*J=jVwq`1WMO3KB`62eJoz(O(eI*1*K<2_+h=@Z2%eGR!`z zNVg+`6$ww`$u%ft6!6SC`Y12;i=?7SG({ZP*?$1?*~wCiRVu~ipQbB@>vdW2`Aer? zzN|(Q$k3YQ>;ZnL-oy=nIefP0GfU&IS=6)B0YJgqGXX#XM1pQs!l*zq8Y9o)eiaTD zzX&vW-?{QRavKxV{BUwqcs79Vi1;FoUmmmBujwN2&xbKpQ)EV44@@yVoz_7eiUUjr zm7G0vj)jH-Bo>W8LNZCR0WlzCK0yFF!EE<^Tm(k=MexX%2{8dMkS8X<{*5QdHc*Oj z=Oe)%Gh^e6y(^5LsxnW6cm}^_6`jdKf;<=7>hJ^*-NGRfT&v=t*!nMqpO4pVHp@ie zK<#6yk$9vtlyh42gy$elW<&p(muDUy$DA3ESm7VqLMeW!Gj>HE3?POuw8}sj!J~mA zjTjRNKZ1lzl|r*(L#!?S-*#k6*~n0japDX(Kw1%P^dfSC8TjJ>dbTQX&%&#VoY;{q z#mSh4vA{6J0-$ByUBovu99&KU&|{u32Pbml$o_0FohwSqyUWsI>ANUUk{3XPYBrks z`+HBFKJK;NGv!2@TurAWNn>2+^oLQ#8)qn*ZCfB1GY?ukNasvpHl9C*LSr^W4sX|LJdu{XbfNQ;NAxmj z>~DzKbSW&5?frN?cFe{FOBXp)q|r2E4>Ih7Su{@^*mWX~s7Ms_Bci~OET19Gf*Hl{ z0GELG709IdDd6;WNH#{y*}6z9*b#s`D|Clk8*+H37|dca4WgtRc}I~DjyX9U3vB^~ zQXHc}?3ZY3#?lD2Ndly>POt+O(&InnOd*m6Z#Y-n>^ppT$QLCVFrXi>2Nw>mG0Pab3S}OH^Zh4>&SULg5xFLVqT@ z4_FvVAfgmf8k!ZP5u7Rk1S5L}Qjf|j-oCD`Z|)jVFcXGh+Rm?YvF(tH{$n@;-lfMO zi?le-@(%(%M_VpKZoL#A;2#eJ@yAAk_muyGq0mVw(kC55IlS}(k=U{nqW7w|4F#{u zTKoHS7UILiW_v!;4#_%Qg}`PQbPOwHIwvw_IYK@FHD-6s9%hvQZ5m_00@@eP1j+;f zb1YPa=|P~ht2q6i{o|qnSuQW)$bj<^>=T*O68xKFpt;mkdaaoKaL*@v#S3reiT3haAmZ^p}Ob*cW6kkj=&P&zJS7@ zd@TEq2HpjxMcx?CutymsO0F@kG@>O+KGw_HDQ{Jf^gJT*8p zQc+Ri<+d(5a({DkGkOH&!okA^6dL@8VDS44r)a7oABcp&@VzK@iX-GfP(x34nx5r8 zjXj)LRo;N?>3E$J^1-#^!|jj>fFeqh!YPMbFb+Y$vTe~DkXk3OV*}u2%*Y96YWqE4 zqZbhAp9W5EhjvX+G|5JU0Xo703ueQ}q?k`Ao5f@rY@BAG05h{@9N`aapfWmT!vbq` z1u6QEAGUx^=K!EpeohosnGE=$hz&8ipkc)QKuQayZ2{K1Y+CSq(H`i zTI2x)bxNxtTL5$NGeg7XnRTgp$GC)>;Ns;R}qeE zGIKi-(#U64B+$+58b>>LUkR^b|2vyv8Yq+X9fU+YOA-`OnrBcR{)kdMCJ>Ko82~iO zRmvQNSW16Ps%d28tb~&Z?ebP=_bBYQ^#+B}tS}?2B6%oYr!%G$vjJHZLUxFXKY!TqL7Sp z$22@V+}PMWIwpZHG1%f`TbrCYH?5E2FR%~j+T5b6w@107+e-%+h!Td zp|}}oB1Qp95f0NOHZig{(TzT=0)Cj@Ia~CF&zI>&MYR2g3_Kj?Xp8SDZlIW(amBFG zEyXM!Dq^7qwaqdFR@4_eoOMXZ{#f6B1~?7*J} zVz$a!8(K#CBqjs~OhtBx2o+)rO9qn%y|c|7CIa%Q4+MxR=sE_E*FnN36c98l&ZSWh zs(l17_Cn{unL1!Q1mI9O`^a)Q|5?aDpl85|?U4f`7c$sCbeUO{fb5WK=7W%Ua9_`C z0IJ|aF5J@vmN?*aEGZr_Rg(@GvYp#>zL=&%QMM082B<9l{uF>7!)o(Fe0B?Ln5nZl z&Lt80!46pJr-5-{b!}bdf5>Drjw5S{m(0);O9@w`1$iJFUBjdh*P>(Z_26~!%T>#{ z@ywY3ZX*6|0XzxJoAiwCbNk^Fii+&xb(V>LzjhA<{%DDv4S_HOHr3&9T9khab^g+L zoy9{!Denv`MMr@A$d(2Z@U-P}BtTt^4oA?~7kxNz8ALfbGB!3=LYm{hb3hNEdSR`_ z0k<2bWjGWAyL5zKWDtOg6;0!NKvWu#tMQ`%^vti>Mvx07B5T&hpBv2k#rQC=ugh5T z|8{9|_aqFqF;jvzxQe(hAemUuLi5m8>)!>4cLCZxTgl{yQcY$9oz}9b>EnLXYZd+j zY>EdN?=rOU3wq32Cz7d5OcIkvLgmFv+R;W%67;aW~u2M+aU&; zfC=`F{R>-F_QQbc^U#6j3p<>Fc1a#c@gQbKyw0yP2=O|r!ls%^bnJFaejYy(_!yuS zn%oeAd<;JnI;5Dg(qrXZVEjkl?T~khkk#U7(*vtw(-jVQypEWO`h{|}iEcl`0nv~P zrWJ<;Nnv1HAe)6C1EYAzS#zt$msg^6d2UGf04X z2D;rChp;ios-I$K3&03P5Ecd0kf2_YtI6xJ#%j^#p!e<;qYK&y&WQ>yOi6{Zn^5~5cgNgQ>Y;}hjFfT-aU#{9|ZnJ?m zFYx@E0%!yJrzwDLu@#ECL6Xw!#Vi)$b>#3K{;HketxyyA#~$}!>nKwyshtjyNoh7j zzqUN@!Y_^2c`12E5viOby2Fvx03~xtVlm5QRnT{ib_5>>ylFumHr06!kTJ98X-n`t zG5cM3hhUng2qFz5dk?`+!VG#lJ{-i-*#tlnISzD|Etx{UsQ^VRUZf>{J+vl*)+%~l+v zXF7{Ut~S$SycV6+Brz(K7U9(f^n6x#Z!3e(JO$a6UU41gs&+lm&216w`h=*?C&LqzRN z`6vYn%Q@kXgD8M)7TDM`1`K$<4e`TE?SSOqfKof2GeBU-{t2rKbYO4)>@i-O{X-sP zai4FK%?|m0CJAcsA)u3C)GU4}UbkRt%nEGrI_0A^7O%4#u~_xli2R?$9|L;=y+O@R zH`1wnt%CIfKG38Vo~5(O%~rblL{gEgRLj0~))RDJM4J-0YNz9M{GdAs)~Dlj9$o-J z!*t5tvA~%A9B}SH#uf>FL_rwzW)pz^t7wY|t&&{G0x=&fj#Q1y%W(!wA2VJ*Ml&;u zXM7+Mz%9^|h4e-$sDf0(6v9Na9WYWZF^=qz=Gx3dF)bi^Z8!aY7OAK960(-x1uh(y zkHzZ(DU>g~Wr2cqo94Ok+vJ%>J3drF1bZ6$TI^4pajaciT{}wjR2Wl19^n9K;qB?H zx^~K9q9+BYI`8{5x7omJQN_PCfHwHNBkB2ULV_f?4Mv!j0t{lNI+?{LgL|XcIqgkpi4Ae)0kC9SJrax#P=hOwnx=T&B*g2?TXXiTn;d@}Yy!Yr;y)t=W6nTO5of_m8Be}+ z@gm-R#(|2M8c8i;4v_uXG|c`9tIG`gr|1fWV9x4-gXl!qB%O);Kj={mwJ_rmZi1&@ zb~6dF1d`j)(+&NU51Uc36Jw-F(7ubDGsD?tAmWdKJ&nIz5EC1s;V0LDs{(4) zz|Vt?JMpIZMJ#Yc=Tqr@NIQlkqca|5==&4UX>vE*zJS z#mz_(DU>h7>+DLJeY`HNXwzuN2RIG(H1@R^8EbJGNoHQfMv0yZy_gxVLpEEyPCFx* zJ+oDTC&$^62q4rFj{cSa(vlt^8l>m52?>&vEPh73&P#vQPC)-?48MG2;4|rJ7Z;9+ zg+nolm?r)!!Y_>1h52JQS0Oiv&RB8H;*izg#4HW#=SYVzN`8qMNatxd%|`-ikvtrQ zGe9)bcJeT*7C9qf6U+wuz%Gj?IT@?Zc-r*9OJ|}ehCuVhMVuNdidk~H^FD8}o&w!m*1 zX9Dq`iL>cvq96uGPCs322Vx%3rY=q*HY6ZtWu7tt*~hOP`5?oIrjLY0G8}31a+1UxNuYhP4jqNW%}`W zo#RZfZ8Qj2$j|CFMd=~Qmpl71;$@QLi-2fEhbrg~8h%G2YMh2@pjVKrK zT?@436WW0KWkUjyl4$7soL)brgd|3|B5D&-QFKM`P$MzuOS@YBHa6&tiNwIxU+O;M zV1(nWYlLi=Q0>R#b<7C*%0KyHq9Hz1izMV+e*}4d1!TOzjkY_C3*s{wwFc1y<;$k5 zD!Sc>MUA$29cUXe$`qN;1a^#C+$F+j`CgQhqBUxe7|4}Mh z2n!=XS6Vq|-Y-UvB#R2BXFaOe9TEpy8ks^qQxpj=BIER9NZPP5p=L$20T)X|RDm+> z<8}Hh29RCZV45dgK^WnsmNw3O_})bV-r`JpLPmfVp)L_gW?scci9U*BN>^8SipeH} z`=|T8>06eV&1@)V=!c}T)qOuQ5T*TjoK^j2@go6EkRDJGir{f062ym=jDNd$oyh?e z)4LwIa7-*5GA~L5HsTrT`T+d1;1}HwLn_9iWqZ1a?mZy?2xLG7any{KxXx>sWe!!N1#+L>f-Q>r%IZuKK^M{O?R6*z0*$F^M2_$)K_rp+&^vA^# z_=}PgPzr6qx)=@1olV1lAF?705Gm8fmN*N=0xQOiRko`oAZ4>$-WQ(cJgI^OHL-jM zJS`Rz%~pY)dIkefO=)EYsc;1bxi-Fx0272JnjjTr(==fWegdgGD&aNuCXJpx3Z~PO zhvhj8d0Ifmnp#I1jWfU@X@iSn3loJYHlre7Mi$j#GH_7^$?d3T0nsz$-Fz?p6il}= zQw-*>ux69XBId~ConhT%1R^mVG65Lb|DV18j?U}Y@5e!C9v38JLi z-EQ@`-Hp8pAL`Vpuxr<@UB9YR=hRw19IjR+!$RR} zKMXTPxJyQ!!tsZJma)eq!;*jRaLMJ&2$7jv6$^Klh>NrukMq8t7E^MgN~#r6A0abf zF&*er$E548_LyZVS|Aow{o+Npej>Z0g z4y^oVepV<&z%SZ;#b&PZ#_n(dKO!#1O1vKgthr$FXRWL=Xcan0f~o|Spu1e=t3`l4 zx<#yVT&+lfBhJrd&c)^=*eo}hKjVvA)jmeWER^s=$t@ycs_Z%aR2QKEShvl{==8ABbgSEjdky7dm zB7%$XQ*`jGq7NgXJ5%Hp+xWw@KkWdIKybepA&bASdoTIl>HdKP$&(O}kZW|f@7wFA zy4ydzh<^Yfb94|ez!e6gKE>hJCTQS`HTU8#bx({fM45w1|E zNd3Vsop6A_Wrb=H+>@l08lz|l-2>W$U(#&_ozKCY&#+>iI93svRUWyr=S^bt1vO!P z1vh^sB9x^y$c;iCQj@;Qm1M2tIyv_+8mToHA6Qmew(Ljw>!fgEt&XG#4WR!T-trPR z=1E0M;91QMKVsdOxYp`*8Xc@5Av!p<8h*0o5|Ngj!k|^K56rXt=@SHO>_fI-9e!ef zZo{Cnh6G7uLKI3zJRnqK(7=$hoY`YpLRYwJnw)?|Rs*oHB5*{ZEa@DQl@EY`Xpb6U zGQD1{kO)uBL|Z$ClOL6e_t)LC3`WpqEo~ zGf}{}tLYmRbOI+@ki?;v=`{+YPND?>)DvT?si2McPpm_pXbuA%1gTPi8Lg2H*`d>F zFxeGxhnO3rMg?ETeYk`r1Hq3txQ!roq#Wd=p<`&6@~{;-2NE2xx z1!yBHl&u&c4ku)Yn=*vfN|jnVYJ>@dqEbA{7EYtoE0x@tQ0yQ#Xqwch5>n%<5kMzs z5R)_>;8!bGVzh>=a77`|6{U!j6Sa^dBBII(jiD6cgHD`5?|>#NN#$4ww|f=}rqzq| zdgwFb8I?fBxIsC|j0UA#C`33y3`RBOfcmZoM1$<$5P+tlT`!bsEg=~-+#33E2&2`6 z-)F#l_+kH7Qhk5-@1~zB<2^w+Sv#B8Nk_VDv8cPJ( zYSA{V_alfztyHo%9bx9gbm}KKQep620bIzDGcRQ9v^um4^*n}t*q#dN0+f?bunhH6 zEG~l^1k)iQXk{sNBsq=c$W|lM&}UItA`}C?k{P8E=qTa}XaY^bkfD3yA5_`^6;z5i zn1bpNw|b3ML62@$%GD|qw5lf(vL{knHD@2_%ZYjwJHv(b5E3w|qK2_ot4uq$8Hiwc zBdJa;g7r11>0lA`SnvaO$Uq zsDwgxs4%i)O@ZP`ZXAIRuGhnoP&n!V39xDN>Ronh4YM|^Y+@dPs4~fr3Z;6$RO>LR zu`!<`u9{RH?3;`Cl2Azj;N&9c2~DlR7E>fn zFs%7l1Tx=b?@6X~#2c&)Zh%|X*IDso#Na0eAU4{UPGbc4Mr}CxBbpRr5cHS!{~#;Y zY$$YfC|OC)9By)tH9&|er!%^!G37EL_(5)JnE*N|)fpuSCedj$^tgu7(!c>9g+m`! zhcJe!p`pYc_pK^;s0Hu`bB$C`b=tZnQq#xvDK*rTj@^M^*=h|~qW|DTAy?1>1mY-k zIt85p$4a4j5}JXXDy1g5p)~o*`8X(rbe+E>P-}sqH8Lcko&;&Gyr0S>v2s|_kBGJO z58R(2@CC=wTK{_q|9mF@%xR@A5S7WT5_fB*c0auJPem)GuzyTb)`qTztX{I8|G(1D z;&twfI@oURd{eF$;s@-ibz+Tb94ZY&AcaE9fb8g8Ip{Q5NDLu#rX`I=zzI4!O^3!R z^bmtiFBJo!Q4{Em66iejWh5|26gm;`F&$o|5gE}Jku6NIR)~%VW2dCg+`^voHPoq< zGC4bqnArj*KG+=rkPwO^OsQ2Fq!#;5a(p6a0%-sR!Y?03IXu!o}uQVYwN`OOd2&12s24s>EO9i;4QDdkhoWwbJAZgH~a{v=A7Ld@2R9(nySQm6$*_ zvV~Jhd3xCrml;VF5Lj&#O0;s;+z=Y<7nKQ88-XVQcUMZ|un1V8*`0#M3DOp-3!+Ha zxq2Y5hfxFumn|I-`vfht8Vn$)I0ax7#oP=9(jZUCDR;$^k>Dwy6)i!7kh4;+m+5sF z-Y6d=L;*nAu(<#ZU{I$9f`+yk4Fdpk@5<)oxixcOVX#go93MOFG(3rUhWK=G=;|^p+ zh7ctxO9Ekik*OW4KOK@oXS-@JOJPH#lFk>UX3?>wGxRf(F*{0Dtyv@wq9GIHMPgBD z)c}8Bg8?;!v#Fy9@C|s2*izF%DfLZM4|7-aP7>z7BBFtp&3mAJdW}FPlj`XtTu2Mz zHjoX_(Xq$SVJ#+@xB~-e&;s~rM0Bhs;=!R|$V!N5$^<`}jt(Jan3c6PlA%Yb(Epeo zvQ-{(E-~`yizw*5z-3?p z8K6(ngcn4XPAy+vHY(VOrkFsOnix|{rC20qhgh>}z&J{%_tI&+^g&NZg{dPIPaIP2 z1Pd`;WMwnthKYwtEvBy&(OqPXJ_;K}P#wq$xuAn^1>mk$E+-|F;|At4LZB)1A23R+ z;tzQP+9O*n?PftL$Y@!slIThL4DzBMk)6_Na38VJa0I#0WOV2vV+k^lLc)+5O{!5W z>$bSXDgxz4{Sk-yEHW|xG?E>VOATZ*2?e4GhzUea$4`^V03S@0GMR*CS@aof84Ng= zGdmO$;~Zf=^hC^)sSn`}s}wVjm>~c)GHXC4kwPgyy3Mr&N<|M<&><>U zRvl0|aHf%KmC#IzKviGi5UEhENJq;&xJQThqGHUBQ3M@>vs4T2$0(DteOD+Pl|a2I zj$WZqDCy{8WJ*FngCbix+=|Y2ru?bydKFn8E-T!ILv*eqz>n0VRL~Wsa=5}h+$G^b zRuC*D)EWg^qZoN1PdS^CFuldVLHz=nhNgk)=pYi34P^{Rnc)wDHo#H?4X_nLu}Wmr zVctnO!#Jp=8abQMQEVjFK!iwv9;w6>o#{CfzgVwRQjcDzb^7J#@7@ms^hB#2Al4P3 zjY=r6aS_@-AvP|fvm5t`Lgns2^e!(*U@rQ~-Y~QZQiF@dLb$AwsMa zFA*N1Bup}d(qIB%F=>cpDOqkXSd4Ii2=qK1FcBt{k`fb;1u`eGGigv5IfH>9E8WG2 z2`0g~MzFZRm&1^+)>;kx2ds%&AZM}-xP=Q?5n6iXs)!%PA$P@yj$y|yT2?Mc3c5oJ z(5x1;#()HDQ5M6g9J2%g**5wv8fggZtV}9V@dZ-70!W&Tj8tuaVPpX2iDyDPtcKjM z2d7u7lrkY*W1vAGtAI!$6KOF`AX7@8?B!TlWtCWj`4%r5HEP&F40MzgIMPY=D#?OG z4b>x2(6B8wD)?ftQ~@oarlhpsgERHCa!J;2+i2!lP3SQiTqt?V=xPsRee4}&`qobA`bSx6fg;FX` zAXN$^5If5XW0gWH*02c->Y~9QLr8{7Wdj!VAIO1NM9y4;tDtej0pnLL2RZ~!g9GO) z;p73>Q!LPG78)DvAVV6AE1CtKhK)Dtc%2l(s8s947>`LquQc)(^*naoEy7U@T9?cai>Q+= z8KDHY$?!Tj;Oq=lpMK!SOrEaj65%xGBp-EuI2Eji0uv8p08P@#=rIqg54s+Mu%vY` zM$E{de4zmofq4L2>N_0bC3#XLQah~xRbD1o&*VZYwp2DNiZc|DI*lh>a-&Ggj=Lv? zMP1N6Ip&!|O#!XhVfEZ_Mp+SkAA#n&P;yMMXkkLDM90>v*~44SykHKOl$K^zdg`wL zU@E|Isw(A0pwpBoG6Yi!J#A-S)dX@dM;IWe7jevk5y+3SMI-1@C~!3r(xe?hOlZV5 z=>jE3kb=%&N4;ns0d6&z*l~ID#j-h(L_#)>MiBIH!su*N66v|Uwh+EdOB%#DM03-q zLTM3#YM@~J($Ih)C@1V8F-gJ!BTzb&$~1H}4Wh`k5~)(cY>imYdIapU5_XvI`pQ}K z$P64opc*40BY<=GqmIHNaM4&eT8;EX##Yb4u!29sR~khmMPP1P$y&(*d?Ao)Vbp2m zCMwGCI-3d5^Jiio5xD6Fg)6no!0YT95QQ3zRUM|3`XI%jehdYYLQB;eoeV-|1yU<$ zkf|0X08<}QICM8=OmSO>KBv=4h zbt!G|;JN~f0A=LtjzJ+8jbvmcp1u9Ht50f_0nPDolkgMZ3c4I{j93LFhPFeK^}twq zqfAW7OzCMZj{Kx5{Q|Dw*xN$X5m^z^<(bJ_7ZYkqIwg|1?EE*^ZzQ&N&Y?4y@H+Yw zB}30r(?$@=R!NT<8J6DrZ(?{lb%r4TNOZsHBUPRV& zrHTrbhV2s|vr3SQD+GdI^+vBmPGlL4I=NaddzYM+lUA@eFM;90ZN!AVBTK|=u~w;) zi0&x;jG>TMOF+G-NJR5WXy2KgsfcV%T$w)7klbu3abKmBJnUTt9 zHw@c0!mJF0hh`+qpwdamP@{RDodvf?{6) zWU~}jG_B`QEj3z|n1&Nn8?YK9Fhr@-NZArRnNp>KG!RKR$5nyQFJO>X&7dlUVlW$1%=14|gUAPRVh8T@0?f*)5%B{!(i1*mWuUDPTe6pSqi zAvt;$rWo|NKqZ=+O?>{!!O`vBqu0${BRB6odHg&!laJfMy!~^3NO-qtTh1Eup znl%_QlXBm>hGgie4uniAZ%}SjREci8iq|oQVsHeL#4(hCH35_gQwgO(trnM*6+XD1 zGCiYM$LmCdmQZ_*UWw@;sW6keQ3BW)7Zq(KKy0{U~19FD#stJcbCdQa7X1G}gY6-(k`g9v^ZUWeS+ zE<_@hTqBoIrD)i|*rw1?dr{FHoxK+?U32m9PAe#y7tzK`$YY6_Wn`#P@ZnidpfCV* znN-Q@jsjtYSiM0I5F96bxmrc*;#6a%%$S`TFjLXMt(Zuzl1iOgBrh+jNP7Ktd}f~G zn*@z&vE_fgbVb7v7Y^+P9U#2V+L7vo8mSH7l_bXMi6503s23x%N!_^W0sT|yrCN-jANMEg`Qo|LJqC3tEd}ucztPn`uW{EZxWsfc#F7{Nog+)+D{~f z=)fP9j9=Pkg@#}yGtSm&oqiemS-d_yGhSI$+TGpBHaf%N=w(usLayoR?yspWAL^~j z$w|5Syr^#w>Z}C-ho+(%p_idwE%gi)CZ=`vOv55FGYi{flnc3@PT2!d>y2WKev$1w zL6`~-Ly=UX(kPbt+glE9x4U-k5sx=g+gSYMX;%LL<^wPSfc#RWUMi8&CKn`w*%8as zH1N>#D>D3I!Ygu^t?I)3wA6P?YU+{m<0BbK&-02(M`wBHOB$_$Yypu>XOPnT9HziP zD3CfAnH~&FKyviC4Rm$HWflqiBQu3gEs^s1u6C{`!eT}SXUOam(gjS@NC8PXTMPrp zstc!7(4KVo0K-&T2^@xB*2j*Y zxzaK^i~6$~XbiMR7V{I8UQZ7i(Ri%=FnmxpWaCgW6ERs*VgrPXx#5btq=UQVm~=7Q zic}c-i6eSHS}6r`M~;B)j7tc4Zm=`q@yn9J3h~_3Xjezl%gl*MdXHYNqP_MsG}3Y% z8@#CwPz{w%1zF%4W?H7@^V43u4i5|t4Gq0;?aJG{tg(ez+~&4alGExi(9@bUvBv7I z(IbDvp}TAFI%ExVO!}#n^wgK%zxTMVsT*-H7%Nmtsagqxi%gJ+{vZ!rz^UmOE^S|- zE9jz#rglGCUpMWC(b9r6ltDi_JofNuLPX4IuaMB_({V)wr78)TbnvKFs@T{_`VSDq zlm{vWM_;E_&|pJZ(T*mXeyBR@>s%e&t*u;MyiRZJ8A*7Z`ZhIVagnD{%V}pmt1Qi5 zks~yo*?!_osg-JJkV1(Xu>zwYVE~%85JHlR$*}qsi zZb_v}apzB49Cj-!?_9_0L}(_4-$wiUpFV$b`oaYlKi}Y}lZ9oKN;w%ZnrcE*=q(ip zlWiAN049^ZkcQ(wx)GwW^>u0*XcfUVVR3Qh!M(@s+Y&>+IaDfC8uVk=a%73cpdgbr&r>V!|UWIB0*RhLr8P*hpsAo`|7E+nQul$(-M&6 zDqg3lDKrijaE9g9`usO9vgoX2+|p~h#zwrXnars;6!KD|j6Nn0H{B ztyR(L1}0Q&mP@?@c2Gs54j3h_lv=qK%o20-!{9jDh)qAJE!k3$M!}ZtaUX*VA`A_T z0->LG)u*N6zdiAvRp8RSL0yawqFS!;(@efi;6Po;^!AaPY8;r*BD39bZbL401yY zp_*(js0f}#8L~jD(35J?2TYDAA8H3wR;pA;b+isd!Y2{1_Q8dQ>>+2hVJ8$SDXo&A zX}})ZhcCSld%?!ap`&{MgC(*>G-@3}B7oe*_r_0sm>4g{`k+oPrvGeKx6t z!qafb${|i+tJ#))Zl%wNd5|1)3*91G8M-2nynOI5CpBehZn~$VJvAkLa%vtm63OIT z4wx<~p)fRFfwWpuL$J6`>-5Xe&*JsYuGUA7@7=$DcYb~r;VKoqeYwEnU%7hY%H{J@ z!;J_dfR3&)CpL;iFqpWM>R{Xyg)fr5k2<|b%z?HtBgJ|eVv@mQ*`v4U(PQatMHM~l zgY}`eOc*D!-i{Wt-Hy-hrHVutLS%%-X-!tHqW$i)z7B9q5$S;xnFTWaY!4hVqJ9pa zcrnu7*W1mjV{(aB{!uBJ2>;2N6Dy1jBEsve&jSEryj0LrJ_rDPRUx65UBDS(I?m{+ z4fGUGp;L;5i}NmaPA5ZSmS$-y8<>zNFb+_)bo4|Rg9q7S&JkwBe{S`M%}ij_VV_Z7 za6#+KgvU6sQ@w~^P7;)i%@jxk8o~6qgN?QSiMZZ*DYtBZANDp9ObK%MJ}s36OM$Tj z=8wu)bx6Pl-8Bv^%cMfD-Y_!`i-r;zM?mTHvJF^c@7(Z2BxDQ|3fdV6;fWtzzvku? zSWwuCL675^6~c@)n`lrp)PRNwIO#HP^u^t~k$ypr*0vxkd)v^M6BW(%;E59AkCM<> z0xvO&ieTiB$T_@Dy9;zmy=We-00|7t(Hl#Y03o!eg{`cyypSCH!25m9rfbG1evp>h zc6EK7D-nSx2-u9hp^HX@099(Su%)5?+Ld@4TgPKgE(eZUIXb!Bzx!ykf0#02bp!}w zC7^uT^7}nrXW2rX^l}N!|1=u)^4#;gx5NC7H#PLG;fSd*r9yT_iAFENgaO!Dty@-b z4?(~jK_l9oiUd$K*0u~OuHbS&1wupg07}5EuXCV*9Oa68n3<@Q0->BwEvVH>FJ3-p zXY1eDHM5S_i41z3NHX2ufBV`sM`s5cC#S9Z_U=DodFSC1-rN$zXy8!04ii~eJ9H*A zG?GC~Xa$DX;h=s7nO3)KFi4azTGWHZ&CQiZ%p8(l=7@yUfSjYxgj4S#0>lISUAck$ zxXCxIzsg%1YMjh1AI9I~8j}=MV_c%w_0Whay-WyQKo}(?RY0GWUWtfwIcQbY*bZZa z&WM&&5~u-(D$&B^tHKnom=Jqw8^^=ewpPau9z5vh7tqkqz_{1a7IuJ2cK8s1b;=eD zVSHe}givV@03-_kgy#wD~CS*bJ+Z`^gWcdMjbYON90~8p60J&;YDL}EfB@~e~VLZr6kio=V z0D71pgF>#E7#TfxHtxj9)6=|V2|ay4UdV?&03Zeqmhg-Q+W$@UrTN|OTnKY09jR99DznoWwnC-|A8GASH)p_nWCVGOdR%druMZQUxH zy2;+s{FA~dHpeUDpJoxvqma!H54PG{dL=%|!d)<p`XR;yoH$;FP{bl1+=%fBAnZu*3{S* zclOeoD@0?1 z-K}+Ptg~rVGI>Yy_+am}La_)lH8L`inUR~Fmkw87-;N^G%BB9UmV-O(Uq8)WTpXL7 zAL{Go3HiqE-j2f3)SQAhCFOZJx%oxK6~iMF!0SqtzNWe||J}>{w8X;vs@VmZL@BMT zEVMna-+bSpJ4u-}{bLyP2Adm3r{Y1 z7{aAGwPbR1qzvr7$;eF0Z)@$A%as_~F&+!Vyw;A!)XaBp(=%Gy`@|w3ETvA)pBU{c zD=o~)$!czCn_m*p#tjr{FpiH-G}qSVq`axf&1|hGa&vMFj=eG_rrqRZP0(m6T5^($ zmiu};OG-*oQs0)8mCnshl3`K_MDr8%wM{uWC51)hBcqetJcl^ZX$A)Rva>VubMp%G z3nU^bM)dNM>g7egnpUm!vpw@|m0cpGP-&D+b&U?Uj1NvMzRAq)Ypj&djP|tl&Q0>h zJKG|CyubYPyO`L!bq)PpySTECQmWKPA9W5*# z#owA8pVaAeLla|-UF{PKb7U@6s=2A@x{9jY^vv4o8s6dpjV@Z1bb7k0x?yZWSYF#* zRZ%@P*wfckrj{>b#3MjzH1_rN47b$E<|hXSCYJbWS~*iGG0CiNX-Ln_%q`068|YWa zpT3$XhKD$iofJTE>XIuaH@N!jI zdu>%SpFgYCEG{e#)zy`yzR4;nXq*}o5^yJJficxUdq?iOf{NlQbd&JoA<(Jjma%ob zP6SZE7e2Up)y2;4$+O1-nG7PESr)YS^h1*urx#nQ8zu*a`&v8lvNETq#*|7qI#W+~ zXL@>KMtVwj+Z4T}Pv(@M6wFs?aaloLenCNMYU+z!+su<+<%)$8jfOr#($v(HmifA{ zBztIhTuSAr=6Mrc?R|rN;~mZIMLBsLb?thEUZ+()xO?N9k3My?amg*Jn4DQsFDQnZ zyJiIo=;12iVtq+LPF^N@a%EZVoH-j$)A0aA3mzQ4CG{asdfXAi(;e_v;9RU>P6jlrO3sB7-;8Ac=sX0U$%wxXag zyQruDMp6a*W7J4x%e_4#{XMglW$mRUHT?q}CyUG`BBbx3f4_m{T-1I@LciF41Wv zdipR<|4?^pQ?*eoZLO~C>Fw|88>}g>O-*^1Ra!XCn4yPEF1uBA6747CSl{A&`uWwDR)Gndv2x8!)42xwXD=d}O+}b38M> zba;4PBvNU0291thSmyA$h|lY6Xv|5&;8(y~5J(ja$Ep;4EltBiJ=3u-XYU&B~4hixJ>+Kz-)e_t$@zOx2o8wibXC6Lae((O1sp)yG#>nF>_Vx6S zkB-UNKAG9+ncC{QtgM`z?1ILowq-sY-Jk}LFlxoT@t*d^#MCSpI*ci&Bm8aM{2Mxl zFh$Xdmizn13ricaGxM73T4p9C^dJOjAUzl{D34;HudCkL%=PVyeDFIvInmzOy*Rtv z)L2tlRyf)esJWyC%1oiG|?ilYH>}u`oo|}O{#v8h(+j@Iv#*@l&nwuIVbG+V$_L0us;hwfr zk>Oi5?1?*by}7NnYoM*OXL@Fyx}MgknB@su+6Sg)rWy7pU0|U(5)Y#~y)AvqCU*YjaMB?#h&k}a+-1qf2 zpMUlB=Z=ovWu?_p@$BOK#P*FA&+eu2`IAqc+;DLWYp5B1o0{a{V*aPke)Yjezy96t zKiIxw@3ZHx6iRJ%O{1r~$EMGJ|JBF8Ik5NW^B3tw)fLAhgZ}D2{D;5z_y3=dwjDfu z_sL*u>v2!dhtCqHmx1y0oh^;$W6p2ivh{br`^!E1w%ot}Vq|1aqn8YhbcTn<_;`dx zgoJ+c#i#ps?0^2`HFay6i(?ePn2PRAn>wURydZaP^Ic{qLr?G6dg!yyzTL88-`nim z$@ys*-6h`m>le>p$bS8|zyI`48^S`P%E~HG?&8vHT4u7XgVo>u_P>9%ar5B0Umg}2 z7nJnnK@cs^s}*B|y{Dt2c5MIdumAe5j~=zCE-Rv^4Z`Wx>LO=Hw=cik`pq}nu3Wu2 zJ;Os&%jNRv>B+dbGn+Pjvw73EM=g%z=N7=QdVBh1yiEu8$7q*$JL$O3$m36dV^7eg53}E46hE z8jVIOm8ZN(i;9ea%_Z%kPiQP_R0|`6O-`0a6CXYmU=#sd)@#|4vQef|iiM)=cjw6A49@u9VcOpDG$gMCpMW~{e4|2<@LqdXb z5}zhLxa(l&Sz8axVO*S>ef|2?QL7`r`|$TW_U?TA^vV3}oNP&uk@&`PpZSNs{owH7 zBQKJZC;3YlpGJCH??U(+H~i+ezqhh=OUfwZ36)?8`RJ9jfnOzF%1KQL4GehxGyzqS zXlTm`JVL&Nb~9^@1MOYsPM_JibLS^te7@n^ucObLnwcI)wT9Z-&Yg_$_6zq8irBJs z%uB82Sa<;LRKItgeG*mW3_=iLWhPc}~9^AVp zJuL-zy`ro#@_6_cUwrV**PqA5-0o?grZo(sVq&rrw(H>jL*H)PWM;NKG}QaEKYg40 zDjR@gX>l$yJ?Gdlo8Nx$-}W8c_VVT1*;&3?D@u5I-^Vj3$S2a_n9ZioKKHb9E6**> z&B@rkW6NLvr@#2)-~Peg#jB*et}?UC!^)wozG_*qG|=7@9qj-0#xH;U!S4_3HNSb| z?l5l>0OUd3H5W6x%BD`>bpk8sYxEwuYO=lg^69AXi&0g5&D6N4BHOD$k7W!-iG+9Y zVr)p@iSZG7gw@yA5*`wDGycASzrdTHdi?OwzCC+C{OEU|eDWu6&#;!JUYT52P?#AW z7VYPK!rIc)&erwulRH4S3-hu|7w&A`y7`-pA9^~Ox!GHNx8X=x*}(Mj67V|Y3Bf8A zGQ#V?uCQae#hX`7*jTs@_OR(a?(20%rRL@Rr+%(p$uHkLe*850?Ah*-L4jH-QA_UK zzj-1&u(7NlIwUA4IMmZGXwTk5AN=v-0~Qu3sc)rxT36QUHI;Q$fxdnpfAqrRdiw?kgge{&?%HAT`gIoYI*Mkq69`(NRtT#rio^Zf{W)hemTw{4*H&3ur_=Z)W!0n-m8-`;R{Q z_|s3m^z`yCD6UY##4xjz$+8SK4w?e5p# z?)mtm&pezx>uP%iB6{SZQp>n~FGj6!WT4fPTKP9E65>zl7W zJrx|=SlawHIbqY*Pye_7@bCZIum0c@aH77URjUu=X6}I)*!P94=J8SDB zyhF}}oji9k;>%Ay`hWhLfB)4N+k?V9PQ@KRd;We&d56*{6RDPx-)2Qbo=<(3&L+w0 zv`)Vm{VZPBXcfaF{lUS3*RNk29v%e(lSx(g?>&C{=#`i+Fe>Il0(~5PF3rpkUf=Q8 zzuJ4?$iuf;Ej|4s{lixyPVN1A$HRooo~fnjnUO1TCp{cJI-9!mD!E)NIzAJi1XI_qpEcj_(%Lw|TbSt| zYHV(=c$blM$l{2%U+~-_e|ml~^<7qdZCy)UQF}wh^$Yj*?6%A)FCLj33U_vOFhBM< ztF(JjGTz$!O&3K#mh0SuKv%Sy-{j}Q?odaM7oyMY{_bF9Z3nD`NTC>?9GRURUgnKz#EWVn-_gQq>*t#<#KiY>jFpu& z-MstE!rn14?X6rPn4ai=`Rp-fHH~$xC52VyW|pT;#m>%7Pfd?{cso6QcE7v7ucf1V zmM7*fOT-Iv58}^xI9k7Y_Gox;=+52yp%Eu%7KBoTzP7G8Bq;o3`0?h7vZ?O2#M@WD z{rn5y_4XP1{v-@Pd+4Dxs^s@>Ui0yAt*j{P@9UYI7?~OE2VU=~D-Q8;j0lUWYwT)h z?uk8n`QH7XuQDX%`Td;imik7y%}PXFlAlY?6i zH+41+jP>l_xNF-dJI-Fd(>XXS7$4}bDYHFdcPZ`)Z?G>mIOw}?550U<*wQ*)-_#uv z8X156CbVd3Y9{*R>5CVx_4N!wyD(3qd5%#$KhqnG37@;yi>J?qM@OXe-4_gEw0$No zD?1`6&_{%XOH9hQz zxp>Xj*SEPOKlSOOT{{jpH1#XQ^6a#?9`4T3F;R8R^-b-~<&|Z#GgE~b+1?H=53b$r zY;MoZDRlDksqgI-sO8Te+;Fxu>uPQ4=qsHCcGX>7px$ibM?@iU7Wqe|aUQg(R1<*S!(B$CCLn25jn%U_2D zohi<57#^5}YNWn<;^Aq9@ZPTB)a1gDfY|1SPK3|T4q%w{cXO{UuIp^+e)leM-+|qG z_tb^s6KL4!(T&gf|25Ip5pcec{|iKVR>Hg0!~QhEtK(9^6hA3nfY=Kl#lA zE319+SFg9Xw$;=WT(}VZrw_h5C_?zWI7fQeLLQsCjzzo~M;tRZB0ozD}zxn22elxi6nNA2WZJnK&g~ zqFMo8EG_qU_t3Y`^+u_9Hpt)2$1SA4b6hE35DBJ^96WYDHlDvY+gMkc{3@}rzNxLf zv7jJt_fCtjkW-LZdq=}x{olVaJK&J`B71Cfc4V|yDqD`f`q0kCGc7H(y`!qKC?(9_ z^W)!cD=#0E>a@V?OY|8h5Zjl6Nrc9zSIpeF9OZb-t0=d5er}03KaE?w@rf(3aTdGx zm*f={6cqUe2j`X*3sutgzV_2+PF}rmdbF#>&F0u2e*aP2m79&-y%n_$kT!Z^X?cl4 zCGYR-j0z1s5p(KYc6MV^+sWuN@pm7i-1heR&p!HK&ldB9hbiM@Bki5l51(BK3Ui(3 z@l`70^Jhuko?bawuS@bXZ4NmmJxw?0)p6%fxVbxZb#=A3^>noN3k5O^mEGN)$0I|$ zeO#)lOM82JV@{oQcMW)(oQbK=U{A-kO`A7-vFXW!q@jViv9U#{7$7dXl}0Po8)fY+ zwZQ@2G2s!N&8?*cWti~1PA!ngb+BU_Kl;K^ToyO|=(vnJNcdxRBM#yJk zxIa43`%G|fO=fOSb#rxgndLs~eLKuMJ4Y27(j}D&|MW(YsO;5CU#nw1?Y#)p!&ssl zaSn4Wjj}X9-_zCQ(uIqyt?gx{RTvsPeS*7shk)0o#)hw+iS%`I$SuNbw=OI3iS5Ci zI}cdZwe}lTiaY1e1_wpHdY#qT()IY>lM~TbyZfi82&0DH86l7&9q6ogIP8&`SS(!> zKDu+~55M}z!`Z8(IPY!p%OksvU5L7}FgN}z;r6%Nzl*(at*vWJt25Tr6b1U(UpjNL zIH$O?ZQ9TO%;VQdN~4-LGx_TA!y^{vDQ}XxTRVFi+dVCvzWHopT3Oi`Zz0mzcf)`G zgMak#rpf-vsnNNi5$7Wg@ux43bhllKJ-y>wv*%A!o7*ePYxARHuV1~MAk|Bj6ueVs zt{gvkv9h+|U$psLr~e7`vv}QL)X3zbr%xY;h6YzwR?Fqen(Br#r_UGVm(fa`f*0WJ zZs&e(e%?4yRB!v`hD%p(_bssf#0F!@n{=0>j;Xmdqsz3Yb1K5m+QMq2cSI=>%uP%< z9QC?)~CA)y7Ktfc&HTg+c%rp+$TM7p@23q94nBwscf z=LZMf%*@YUxj8M673Jl+*;v20|9o){No3QrL$R@!-P{61Qr`Gf|6wy*XM5kijxLPP zd2h21?K)Cf+c`M3^z`Lxa|^R=+rA0#ajY!Jlr7Ak2ncaL>R6gv0~@AP8q2HOteo60 z-@YYNEa^0Yf!+@K(3KuoS{E8}{NO>exw)C*l6*_+!!Ht_E{lZVoE8lX#-YxZ2yf@u zh``o{8l6U4P+02a8&XnPFH;&%ojPx4<5*KxK^qxW(!T0aA16n*pqQ?C4WKHW?8D9v zf{ng=?Q&>| z^L_1hN9`}4yQ<|craXSMYun-Oo(0sUe`q=+^!SBK7u9NYU0nn4dS*u6!u&Eb;sD-2 z1R}kfKR-VD=;j@>gNJtQ*?sNy&5@}Ih(aor#-5CJv9<%M)+tm|Q&S#(K97@MEeiNq zFOxB0cT@|6!;6(q_Trpr_5@lc%mtOw;#Lo6F0s%*`;Pv>cOG}e#mGtU`$7fI7nwv3_l zxO6FcdUA%OsTF2rC4ceBmc*xNeBSKS2Y1Z&9nQ-sRB9Hc=Lb*4+`M%8iC8|LnwGF{ zm*u@{FBO7i(d^`@fN*aIkD2N5#)j%6dk(yM@=74r$~DF}4_*nDO`Yh{$xcqIN zx3lAcJ$s#Py(@~VmKH{0qJsiFqegmX(J9AA+xBiheEIBcxrEPO8lN7Yph>JzGc`2< zTMfKEGTL8UlC$~SohOc8nwzFA5DKNRp|R4TAe^6oqlrn`Zu2($jE3C zs$eN;DW7&IlXkHcXQe^LACA9x{BQs32cLepefzfE8^8H-$L7se2M=xie8cWdTU+a! zTbf#3JlvBq-l~n-ywY4uMC;1)sYlq`dV2*lb`8=8hGp`W>IM&cr}+D~W|!s*-lRHO z9KHGI{=8Hyld3PAj}MPIKfbWo)>db}XII>b8v`A)V3;o$OU=0B=6$riy z%;^~3Y+reChSh%iw=Z%Rcr$0u9rq9L8WK7&+osYJ4^Z`Vl86NR+u#b(s$QRSz=+>474?ByS zm*W=2^dwL^H+KEpNh>GsrtT4yh#%qab@Z4c%(X(U(JR$59`F2#$Y4M3+PX@56_Va~ zQ1ce&LxV${?Ch&cD~%e%(BPPdZ$M&37Edh7OnK#QX`cG0*Uwd1A_TpXIGH*E9mbiw6%ewQg@6LhXg} z1^?hvXU^Z^D+NO{gJF?p5)w1HLjh3Vby}xiihdTavlFbf4Gnef?yhg%ycLNg_wPLh z^qd^W2&7dlj|BO;J9?cT9@6!s6}oNN@-8D+U^EKY6gd0&E33U0MKv7~+OH;w4)+ak z_gS3a85B|}pYQ7u9_W31da_q4o+>LTKN%V8=j-Y2<^n5iW92eAJy2U$VQ1z4@@dx0 zRNt)|aXv0lEj1%rrA#cDYHTizJQ;HL;iDyilrNFXl)8@g{wMbzdwJOSc{(57VfnjX zeeo(MQ>2mHiHtq%6Hzz02vjbgTX5X7FYeOyMY;CH( z$DxUyk?|g@qfT+L@k+52c)hN$YWJ1{FO#xI=fw>j-S-~czkK;j((}80&9#DwaX)*P zD8C5)6dlnAJ1*B5kDt919vj1392X0xE6WPwVq?5Ke4XswHh#0k#>TFZq zqi7WJ$srFLoA5I?#wD~b2aQAx$JW1{C=03juZ{FoCNVEbvMwA8yI%Y+$5iiboIM| Sg7`kPrb^3_X8oUm_ zS}r>g5EL64Dp_8J+CWH<0@PjvJfb(&men5EzUTFm=k%7nL9bFuGc(iw@VgIOoE-xK z+&n#;zxa5Ei+%9K*d)DOdUQulPO?I#l+l;?dv_kmd|Qawb!4#b@BaFO(15U@ zP$wG)vu)e0L&GkQ&-TB|d~wXevnZp1y=W*q7kbjo%4u|LaCB_I;pnla51#QATE0w^ z_VlguVe69G3YkH=JURN{@&!MCFK=I;13M4?_E#UoKYKPK6kk1Y#l_sUv3rznG>U0o z586}>T`o*cFx$DQZLE7%#@7i|+Ih*FglFNwAzy#GEh8ld2KnsiP*2CO>0$a9!1B_d zo4xbCI zJ80X}HO{_3MemyyW~JI$1QZqZ@ae2-+7E*Edc=^SzfA`&iJzkOFo*sT*Z`f+>>Nm<;tg0$FW_BRyNv;CJ z6)`MqYEKUdcS=gk7#S3V2glyJc^z~1iqbUT^*2wl)hby{U199$6ONAdQIV%|vJ2HJ zy+k6rb?b(wm+RR0pi(8JdA-hf_H=wiXw1UQ%>gnX^?-gKWY4_#EEjJ!NpI%Gb-gg{-@`ocHhRXzf8PvR4R);h>LlsnueE)3Kw; zFP~!qESC}|9o<7V&fc%yqzgroYnRTu+aBi6O@MzSG|C0H&P8K{YHlCuX{@)}vl9Yw zb`1>k4>Q|mzGJu5+uSm-hPEC;$gCvESZ|Aqh1a{Mxdy5F-nDqkgVtTGJ*c2YE{X7r z4swprDx_7_#Yc`=r)3u|3+Q}_n>WvW^x=QCvoa6%3vsp&`{?7H!O^FOXT}RM-tF4> z)ifr(7%RY#+E|v7XR+rNr(4Z z73P%-gbO;O=IYJ+G3Vpk`nzh|>!VIzDy?aw){)absC8PWUy6Pfuj>tJxasN13m4Aa zzyGkVt|9)~t!r0q=;*`5YW_sWiBR9bsJlah>XxK*k8NAuyvu;m6wrJ5+MHKOyEko1 z&Z&S&l*kq?o(cDKaPCDxDv6l4;Nu(?;uFQ28_G<7?&j#~WbfhU>+Ry?{OL#EdbtOU zP4rgRl$q^wethrk(!%J~%cpEDeA?@2L-5>8Z%l0Psnf@s+dEj#GWL&5goi~3c>BA# z+4y=n+w8ah?wbQIax=Tf`mXqeh1vNO^-T_IjIx<|=iU3yUbr#2EJ;d8a5OjXZs<@; z<$~o2nPMqE{(+}YX!l_2=I#~Y9kMtsl!=T2z83Z|D(>2qyZ4l8K~7epyNj)di?fHDx1F`qr=NW3?(PY^ z4#@~5O9?NZx_Nm=M4i6>Fo`!SnC$B^`)_we*R9d~VXa(P*#4GE7q zaXe;nU|7MM2VU3DO?cbdoH%#0XI8!_WAAJkj0(XLeIih=nVTHL48h*k&dO|;r+SzkZS$K($Q)w0pf>g!ix z&fmECAUXY9{O$VsM$A}V-oEEx8&F--$D5k*aI`*sDpDflD^yb6;w+LW6*6}_=WSmT zUO#4G?dI-t;@pM2+6IiDK;?sN4QEfC0ABYCimGYtQ?hk1;#mX9(Dxi;kE11`#z!X* zCfDfY46kbegS5u{luVmL7A@6va;Z!#7E5H}C(j<+SX$JT6f5U>0j|C$V{Qyi^Ti5b zb5otgF8e3(&yAY-^DzO(4h0N!$+UXavT(-U+AGvAMkNxYzIxzdbEvwkNF*_k^ptZM zuOFIQc;yweil+L5T`dEH&X10(P;Omu;jzO`@80Ik&5dCi8R!?@Tt6UMrUfgspnrhF z7hnFy!^6SN*~iZ-DkLDbw5S?b;ohAK?oKxCb@ghoPDL+3D9@gYb#V@@s~`N=iPvHD zOn9A^+f~X-(J{d5BYk}em0YgX@+4yPedvQirmnB3-@k2lMp6pogqTW&q_8mm%g?{E zv$gj0wD)j#a(4=Q^(>peB>24Y1qd_-nY5~`eE$xslDrC~Vk-KCugzhf(cWd5bbM;E z#lgxuCL+GCyQRD|EhHe&{+NTaldZS6=SP41+TAr^Zho?*wbtUW&D~qC7Uxwo!!)YW z(v!a3xTmJ7eQ9ZdPHs~1QWKw99`MS_YFU&@Bu0f?|NZ->26Sq$pI{T^HA>+ zJ5rP$62byMzJ3#(tG%vKxU`&;mm3is`7-6@jeA#fa#DEcLtu!q})3)ctdgd;*J zpzQqU?CJ2R^Ea>XmBNhY37bFqWS7~2V;&xupNEIX-cCpnY4r^aB~}OaB|plS@(6cg zs=!-re){5a?5QhhDb<(G-N{OOXVA?yR%bgNc1wPo!;S%z_Vu?%MICprcM0$h?dcu> z_ZKgox3RSx8SMx6&>;S@EHdJpw@2{u{LDyyxB0#U5AHsZ3iToZt*di*U2ml0rJza= z?#2VJyI9-!IJ>zyxL^o-`leW_G?+{B7wBol!fJ`!Ig{KHJi!(b4W6r^DtL zrv@izYfVXhrt^_~RfSn1xq5th&Zv{-r@Yu}Zd={lH#0I6=f#*O(KjX5FaQtO54p)Cv5mXb|pR^56V}ygXCA?0WBb^@X@Usa@xu0Q_>z>@Y?ReCwy{S_w z;Y;|7$GuK@Sq7+tqO7cxufN%pn34g!E|sZn+&uf)r+@8WZQ<(d;bdpsURF}6qsLwx&DsRNc__+JdPcETwAzuL0 zVsGsUyx!bazh|fI-5ZH|t?=&c3swi*C;LU><%L%-ZUqIqR@M}w+k!udMweSucFf8# zDKQyc14G5T$LWW5THi}c9uv%*cJ{s&e7Z-X16~u2&jwrC-n{#4R;WsP`pnbn*t46D zv=Xo?o0%I9k38e-9>5b#kIf8NnA=^ybYC>T2-MS4-FkGdO+r%sG99OFl&c{b3?vGp zP9~q5jtL01+GXC?OkecFK$V_bX=d-9@HTa7X7EP*X*Xw^*~u{oRw9ynxcfLeyVlp& zsx|Z}Gg$9sk@Ugimlj7|fTBj*TVey;P6l|)VT#X88>)ulWGdsyn2Ros9&NP^H1*fW zMygA!_w4ZrIn_5OX9smtn;B&63<$KEK?|JS)798?DqpK?G zmlo;kymSKv8?;)LczR-xH#H?%rfJG&s>kY=wfNpQd!F^vQbIL z%h4e;*)QK&?y#z;7+ApM54Y4Z`NDAe+h_YNt=vK*vr8)H=NF6$#p`>IEzI2O>W62? zCr^g>h6ni!4`YHvOY9PfXqh)3;uqv%?J&^RhfKf`>H_7I(r`_0d4j#E=~+7`?||c{ zJNhvR)6iRkH1?=*_r=5eo~|ypZ{As2rmup+fqVWOU%f0X%PfFy-;ck!Fgu4}ok4r< z+*u!Ym${K)&Ek@;lUG#Ct;r>&TqA91u6Ho^O?i}IG%jC08{%vkIoPStXchBIqfU1I zCxR~kpp<4O9p1a?`J;Pe<_$&-f9PDK&(>`=<&^`o{Y@u)Y(s)B4Uf<|P-%La*>0=X zFEW-EXV098^79VqY#pO>k@QBPa6ax_n75A&w;u-VD%ey9E&DRzw!fE4!u+e*4GyVVj*8rQ(9xTYkz)P zCPWInu2M?N%1SKEkKDWw&+O02_Z;O?#q8{`wawl$XTql@(8Z9q?D6B98^79_`0Sl% zek$qlT^B3&)Wmnt1Rz>qSS@`yP@IzfXy?{rm3cizwcMx^oezl!aP$}(AF6AtI&#qL z>4Rrr29vDp#4N|d)~UG}Ntv(x9qm$|JY*frSY24PWz){<&t5Dm^|#O5wLj=u+c^rG zOiiuVi^MRqviY92Q$b!1zRu-s^#qjB4Ro6J#^wXtt=_)O;LUYjhzs#?I@#Mi1Kzqi z3io|yb@9~w{_dtL7bE>Wy~T8#wPs;q-pLH-1naQZwlQzyaahGGeyBm!fk$8H@)6T}p&A)SW0Vo*4$;!y} zc6CoodZE)RQ=UKdb8${ieJi9dtWYEJ=sZ|scXvIYv$JJ-&w_ z5*6?68j3q}BQpH7Ot?JI-F|4#zGshLq8aI{m*`6?uVQK?(j}!@kn!%do%NCQ*GXhb z*aAF+2M$|uQfzl^d7Ixlhh|gpb01vYe!!t=P{11-x7oM*^5r{=WPXgbWd&}Q`)*x~ z5zFagI?9EK$MNT_oqT#ndD5kYFdy&G<7da`WoqOITs=2?!rwF0&tr777Zycl)GD;f znYn2{AAfH*uYvACjse7laG(xv5+7Uc*^-m^g1&U3F)mIl+1q;CI{3Hu)Av#!1@X%H z`>Oup{I~%Bkl^FRHLZ{%sky-@6)ee@7RGuzqJ#aze7t(v+7PHx8&cA9ZCw4{<&?a2GuR(roINKfIOQ%a|XJ&&0mvTzt0TNrL_@w2xH3qCP7M-Q&S8>Y(~V-mGw1+N>V z{jD`#mVSA!O2FaWD_3pJ?K+yffY+tMWc9NDp+4uXtjIWgB#bl`YsL5#z$U0xXnDhq-H^)4z~7;k32IaT@p}l zQShfGT+Hk)hM$*C$!?v$b$HLgo(_Ufa_2#dRtRa3XbpU6u~ICjANxL;7tyQC{;PygX>K92}ERa=?&;O==x z8>h77td!(8@7|_v-E`3GpzY9TS7%Qvu-C0?FGPZ=_^YwzyBu4ph6}PYzT5J#o&BMN zSC4WE3d`ym^DC>W8(Lgle1ZeRUcY&olbI6c9RAVYZaDw^vBaoOIv4L}<{0%jv0!+z zzplk|zj@5r_+^E$r@7@$+&MQZr+e3KS{P41km04aDooIm++V?je{eSeef z5j)`Zfmu324_3Xap?uHogXb??of{u4FUYbuY!i9nLQ!cI>^P<(X&G;=t*v}~d=_{D z{<4hBE0Cg8jX8}@E$e7)xOU;f!@Kv=)6-K@-`==$+u7Z%qM||~5O&rz`8v8r_y%UB zrWF?#7gUz@%>qOk6K*`R`0hwKt*F4eJ@$9ej0y! z$9Gm`C7l|vEbGk+pwg(Q;H2aisp-i@h55Xh>8g?nJBwo{!=j4|%5(C|${Jf|6dIvc zD;F)+7Ukq;rKhE5x_AU$xbcwNzfSVi>s2B;l4g2%F#hr-AhW0wF^`|WMDx9Sn^Blm zD4Q27jZ9xYb;kDa(K|P8CMPGy$6v*C<<+ytz#~&#-FD{IK7nUv`1G;jlH&ZMyWNr> zWJs6#;-Y;H@APS@0ff@b&JWpJ`viNPS{NT&oal)^9~l931R@^ssG9!yq@pNu^6w)!A+}GVTIuv;PgtP0!%@qe)cl{q%9be}#Dc zeKP0;Q!_W>;vB85qhn5{<>X`*7ro2PPtD9(W?y~wUBaU`vW4mHhN=jk zNN*RPcj@;^D>E`P+NY)g2lx-4UEH?Gswlmk@Vab1E-1`)zs1mSU;j{dSU`}Yy~~@d z{NX8HUUKffZ+B!C<<_)S2Rb{P^z+V2dkeaLF8)9MhrhU)@Oqdhx^nU+@Oo}#tB@IS zOhq)bk|Hyz#Dgt07EYGd?#>A}9@k}*WWIhCfAO-7xkq7UnMyI9^y-$gWmvH1*|gL< z@mE8>_~Un%V;_$VbzZp`vHQF2Z(pZoq`yr}eEG#^TMwJrj*SljukYSdEn&{dj0yfx2aDP9$vCLdT7&UhcYvp1xiK7XwTFlA1u*<_Ap;;4aBIL zyLI)Xy`@J}Exn#juu!kT^fl@JBeU&0s|rgHD3Sr*n<&GGd$3JDmv23!}H107s;7`KWeUoy7v7#)~ zV(*TZck)EDG`+^OL}TplA1XK7Z~uq?zU}R+Jl3+al_kmhzCHZnPCB*nXiHA+yQ1Q} z}B4e{N@=MC=N@|-1W|z?C zJ6mhQy&NOGJ>ETgmig-4{p*i5e7WPh-In#8qbMA>d07mr4r`*&PK{Qjz1zNHZ^+4W zFOxDbCMUjpg#l%5WJn`idU^l0y@mO?*yw`1{FkrZ1c%22MV+l_?v_ZEL%m%WqJm>1 zf*(A7nVFUU@Z#ysAO2?3=6&tmW6A~I%iA~HU3}x?AEhOwm6cRhHuo=Usa&96;B`9B zT)8~f(|l})ZDC@WW=Rqo9$~TP2)7?bw7lSN8xFiKnqBDbXtuGn_X~{3$}L;w3wwI& zgM%DA-Rx76(n?EvGxFMcCSml9GsAuNE}U^Va`^eZ`=uHANp}*wEZn~Pa#u!aZU4l) z|54X7e&KE7{lM!6qheuf#Kqk9`pN5tWn+6)x1X!q*_e~Xg*9kesaBL$@NV<&1GaAd z{o|7upvCkYl&SMNt0(Z@~Z)%m##gS6$0Jrhnkwh+yb_JwQ=LuA8z0I&5hen zU9wtTZ`zoTbZMrj?)3VL;Ad4?6Lx^2sbFTV~63O{CL=jRtNFwoc3T<7iUvEiGq zHg4G#9Cq?$V$Q;x5QcB6qbAhN{_8(|`1KcG?%cH>d=5=4!!AM6uM(2YcJ1Bu<(EOW zmN&!wf*oxyUAs5Qr=v`jO0`xhHmYPssi@%Ho5TC}fBE?ryLRjj4GxDg$HVvR-u~G~AGkT%4Ro{_wd$1T3EMYs{P5%7 z9<#CXbO;OzIN3hgJHQ)0ck2A@t51d(#Uj!Y$!JgW@yJt&uix^fM~8dbqEDVVXl`@- zL~PGMKL(_%+%!w8!)MN%Q7Uvw0`N3uXyo(=)u2(%O^?MyM%q|fef#aVUvBuy-r4E- zi-g6+MS3AfYrK2u+J+B5`TV1gH*MPF9^hNn-UxXXzR5llbhf^JatXy#ZYraCX?&zL z_++$CR7~g4IN^1TCi~T!sEDi0jbp&9lKIJN7td_k^!Ya%zp!<%N_zc@#$dhiVocnp zAAGjqi%lCh@AL_esvD%$$Beg$dpB?R@OQu7xBuYz%eR}lM__6fh1~HadbL;pybfW` zPEN#~Id{z3e%r3Sdk>o1T06XXmZV;$w>Bqx2QSB*J!*dVtFONL_S=oIv8P4{dW||Q zZ(#8D#T(b}yqR9sDh-PIx~fw_*UQrD7N=U@ynt5U>28)`j9C^;TsV8@@y(Q_$#J7W zI5F7h>*4gf-+jLI+a2eloI^a1nw$HUmi8NU%dMsFTpUkq-Qr@k-^|zE#_5=6d2yp$ zCVcehR?NwBovl=NdLE#YsniRP9$(qMedC5NHh=!{cV2Gc-5rA>5l^oblon)p*gG8B zb@=dsBPUOW28H;?#@sBg==#@;*8yi~ah-hhJm?H@m|b#+fk z&ytAb%{9%(1446C(}i;j9A4LGRJGN0M=Z=g`Q*2M`snvZ&D^rnsup>ehAF0Jdd{7T z+`V&;*}+4$wub@&+3?MPtD0fnJd#{YxUug`j&HrEGB_KlyEtn@4v; zi$*(?y{NYbq zx9ooXl0DAS>nBGBP92YWo1D&@kjpVzr9qYFmk(nQ7cTYkr{R&*>(_V!)dpdtd=%ms-(tcURrvNd%*GEeE7vjfBM|~klFp~*LdSY&~T$p@%F_Nt3wAc zD*fr>FDz_aimF?0tf&SDW|lGm8uHy%H4?5ERYcG1V-O4h8y!fAYz< zAN=YA%OlnoZ#`=sp@Y&fM5E6s#B!rrAetLJA9AU!s9QR-^y>b@3(*%x2gcEy!X@7I z==--~A5HWQ3YO;1U%0eo+uoqi=&tTw4B*L0cfR@R%bs+*B529&w} zt}tJZEnj@OfAh}M0nt$|VTZo6D6Q`p7@xl%bN%JDd-Vey%SMIHC=<`mp7M)$aPGle zk6^BU@$8A?+qZ5E2|Cp~FsU`ls@uu{)+1uBPAt+)0D~TI1v4w_v`)VaF}%)b4PK{S z&Ux^wR4SL3mwS8r$Hpc|`wYOV%SHo#cCxR3OrXO6KR&(K*&>h%fj%U9xk4#6>NLFZ ziPDCq!TI?)-l)+a6U_2D>YG~XtEWbXhPuYZ3o@NrqE_&yMyDHUTWTw-W~Qe5yC>&n z`Er#|XHYlP_sb+;N3l3RHZv^Hh>bH7qdi@9rKQ;egWWBy?FFS3a{`e}trH9A;FyNy znt}fAg#liF+c=*Nf1@w^&UK7tGL4a^iqvpCKk_5jSqFSx7JkE&P>e?4~@^yFX;7JrApe}+toMFTTocs z*4YO}n530P9Y)fznv$Z<_Kud;&eEy|*mZPu9p>mF`EdV0OI2l8b(wgqe|d6rhDWO) z+!ku$2hF6@jQ968*49;5)^v6C%+K-wCR9=pOsZ&!H$FaJ+0a!`Qs3G&z*`c@FrHF7 z8%IWlT3Z^r+uH_vyTnUNGdzw6nv3Rs+i~>>hJC;D=VvQZj>6eGL6P4({LZxzW;& zL5j)V$m~qd_%w--WT=IK?(LeEh>hYUS`jyB6`dW;4UIJ&oh_4ugVAVmrC8qC($&${ zUE9#w(A9$)AvvZHoekBag99}+b>lNUk&@mr1f%R*nHbg3;u@)734V!4T3S|7R#jV7 zUE5ICY*4Z9KFSCXO%0Cpc6Nd7j*d1ye~DhYV*4!z+xw^Ilx*{oR-;ySH%=-5Ym9uE zU}9!ir2;a63^l@@jxp)7&Y*zSi43Y`-t1Uk-&kvNM^8)P`BNcg<{s^>(?(zvjkvF8 z5!ijGvq!ox-(1_Skm|G=`QpON)c73jv(=G!xG#oFBy$zzMXgPp$Q(UOB2=j8EFXnN zDOsGEsjaB5E~^m<7khiVrzVA{tJ(lr(;6Vb3u-N92bik-i>Ebs9k_r#SGUZY@9ZRH zsc3AdZEl{WPfBBC*Y&h@siktJ%zB+xjZO`vZf|Yt=x7)n8K|vn@9ktpk~B*u5X=G1 zmll@{4791$;=b+?xlnC@dDN>^0(DnwcUwnsRb75_^Rz&Krjv?fvwfZO62NA(qF%Z* zJT^Bx3FVf^gbInYy|tshy$d~9#*-{e%nIdVEhc+Y6TM9hJ>8vMU0qPN*{Ow*d9n|~ z9TS6X<1k!OrpzEZJQX$(FiRnk8UE0-dU~GsFd+B(;FQeDle+Qv~zlTa&&lZdTLRw5Fy*njy|#uBomaQQL5;K z&hb%ROG{HzQw4uvbbe~AziV!J(OA>e6npthX;m#_i6A4iOfRFgNTrn5+diyBSxWG! z(bG9)TAftZ+tP}NYPrH-(7jGh42=vaD$OJDszgg;eSU7v-XX_Jo4RTnItNFl8+&^f zMFR9Y7zDnI4}{m-(mpXbQCioW*U&ODC!{yUjk3ndG9{nP8N=)7gfkl5{M?jidCs^v zCsRm-n73enYbdD|Kqx?0*=>Y8e6T6i#ah_g67 z-cq+j-(^7*p>c7drF(js5@{Dl25FoENQNn-Lpo)`x$&mv_Oh~y(e5TGZwkqA7ZqQe znwaI$OBdY!bs%^;DpjxU>+Ptnt!VCOn&Zt9KRP{cZlS%YW1w%iqOz{Fs}F^WHENZd zzAe_%T-RD%GuAW0pBHy`kM|GH3Dv|EREydUh7smQAw*3TN^N`JSXp&rS9gC~OY1;) z2Q$$s11hVM_q4Uu*Vc7*^$m^B%CttQibNq=UO*R^9PBHrtgCNmSsELd>FXXIo~Ab! zXy>PDpm$_oV4|VAv96}EYj{QgEKE1pkVk4JlPt`Pbxf)j=z}%V#ig-S%Oz9&qnc$c2|{IDm>lcvYMmTg5G*To zMnzd&VQ_d%LQ?j!Tn2{G1k|Ra>g%*lzYP5w*dWfgiq|>wPX3=JQb63raIQsEx&i=X zANpcI2e)8|$rj@-%L~B(J*I@rOt1J^IB3l;TZw?WO-@f;)QcTf&LvG9k|V93HQUg{1lm@a*qA1#Q(k!j&MO0 z|2_ifz2@N3eD4^2f0uqtEKvk5`I;!~iu<>k$x4vv|C*>KXCm^iu!JARCu0LYbPJ6F zoI+DAI?$dPaV3e4eL+G=N5KCgZYVIfGc76|H8s;X$S>7=&oZpDe~oL$i!mGUpuQXEmH@ zDFV4T9B&kdu9*k45_RE#;M8qjI7Le>8V4*qpbMVRODynGQV02`$in< zfY(2&CkscCN^m2#zs7youg01PR`OXaB!@n0e#W#J66Y)s&R7Q z?ym5|u}Rk`nxGyRlZD_0vz+j=s;ngW3Ho6mrCrT|^Ml|q`6>Py$K7IgS9rrDAGPLM zkmhU<1(nUBQCTc52x(bUa>V>AIk8+;{M_Y=hO9V}$y!>8NB>vl!{U?Ul7D}fa}+?~ zkRg||DHcboWpRbB-r(Y_Uaj0+xnw#?|LJcfPa<~v2jzn3AB)ejr%RLLiZg}NKlXox zAgRAGLBHQ~KcM&S z!Tm2z@6`s5Gf$l3Y>dglLKtXtk*$m|6t*Up72+%w8*a%l3-wP#;6@@Q)ln+zDk@GM zkMMSPOG$pC(V*NP)Mb_bHEjN?CjnG4vz?Oadq(U@Njqc3=55< z^Ax%E<=hHEod5LgyH4x$k0aBGR1%4#n~_+&G9CRfAs%NdfOr%-LaT6N6XS)&ML_|9 zem=hC#U)1c7$qH?KRZ6@>FO4HDrR7SKGfB!&B%VYk2!OczWGO0?PJq`HWt$=EW>K6cpZc^ zE5sRA4$S=%<2e+n*U=Uut){WI=4?!C@~cFtn07L8H`i8V9k2hG(A_}jdVn=DnM@#9 zzW?C%shCJtH%C`j*YoEu78jNC=GoavCbvQyUdQi0W&5tvI{o7aQ+ICm4pJx-D%u73 zvjpviiO?7gO07oAunyeR%ye;S$=TCqvNN;T+PRUwd0;TArSdn4uM6_>`F#4`l!@4m znsxdGi5pNj_b-g}Q&STuZ(sZS`#L*21_lP7I1!zmmQCLWP#frYCPtWW(#|(#Z@;&} zoX=nsEiU(UbX~u6CFOO}{OlaUR5~rUzOG>Va@J{`ekoeV>;IE!ZB^Df4&%P(*wai{ z4K{Uu4~rws3UP*&!*f53^NSPls%IbBrRSInvvV3YpvvX)m7C1{unOz6LTniLzIAY^ z)vC2Rpbf3Tpp(n#92R!NNFxU)%I}G5;&r^fPXF8qbI}#wDy>!fwFCv1t5t|?vK4ST zgC0{^kY3BZv}4rJ9&S>6c-ZIdiMTxRyS~2uOA`cZa{t1Js}xyLwHgyWra7G2F~|0* zk(FMH*D=&VrFAr;WYP3Stz4-PNocv9?X(feq?mIeFOiy^TD4B=^b65HJG}m{jkqrV z_jYI_4uzBLV7BJRWU@hjCeANJ;0c4Meq}rD_imL;0o(x0jlt^#!Z5(m%JmBAW%N=S z*J^sLR$7|J^?{SjJu{|(ATj))uves#x{vM>qgpVze=-Cnpdop97&pdFd1@jDz0-5&1 zuvD}eMy*uQ)1DuVee~T01AVjrcwMSiB5a-3>6fB)y#7C#e%RUnoMVJG;!qmg&y7r` zIREr`-Ds4E#2kO*Va7|LSXuD`t>u3mtpEK8gM(U2-yT^#debDq9}t?AbL+HD|E!4{ zSwJe4>hBz1pyr4Hu&&W*@k@{G*lscIksWTE@H(A##9mp%-S;K{Kbi)w(>nbmkqK3) zWvidX<30<UZFmzLO96qt*k)6;Sl9NWu|$t32DP+C&p)iD^c)@hx7Df;J! z*H^pB_ihcncL(l&bwU*&@wGML+)vO-D47_}xcm%}Wm)6?Ow3<^=s6+dSSe>O&NCHS zvxSsch21l`mEd(+C2mm=Lc=e^86+`Wa+m{wYPELdLG2HSqA|Bl>-5i>Okn!&Gq?bt z1F6HUSUX1O1wTOK%;3-qe`_PHp+CP%ex3d-{fuFGU(`Pn?SC<%D$u#(v>;A((Q5T_ znVQ>wNFSkrimlB3aF_799MJ(rpPE+IBp4|aDo&ABiQ|Vu>YQ7r_X$J7>Zm~P=W(8OTBm;*^y3ZX zf991?;BpfThb39NB(Gq^`O#l!p`8s_9F#}M`kSWzXo7t<4IHbsnj3dG_dTtR`M)kf z!Jtu83%OiMNAH1FE34N*yG(Va`sxjAU!vZiQK{GLU#HJ}$z(DX$v}G;S0TGvzy7}I zI{lLLvv{2|f>J4zm_kf8ms{%K0?BBuxx4bnl7({~E*zJpBph+d4MHHu6rcM>68HK) z+)9_=Zc%s9!NG%!&=cU`;SSs}MT>cm# zxHzaF$~A$l_v#DcGX6^iWDSBtNbTh-=N2i#7FyG}dlw0deZF)&r8umGq)1 z0(JC4y{QpUJ7m22kP!~zQ0jH45O=T&74%;INMb4-9!@?WWXchD34))C`QGr%wIC{M zii`*-Wi7)TAvq$i)ew##3IyU8Ip7yUN6#vJ!))LpnAV5>mAXAk&LUL1QhaVYI1Q>sv4x^8$ptW)X!R)UU z4hTgcgo|$~j>{02Anw+WYic6IG3AC-_{F6uK9>pSUrUGs-njUn_iD!xDzf5ZIYTUn z#-%dl4-Xe^;sJy}Q=z6J5Qz5u^CfbnAR0a5fP)l@3zELEzw*7W+aUa4X+k(Aqu#XL&+ zO8#7_aNMII&b{~c#X7CiKazeHuXC4cG@EX5cM-_lMQ7lK8LkI%e$acFtR++DK{r^N zIS4(IUiL>AYy@Daer2NtP&@T8WNXk9WM}6qXy|ukWf}yV^_~^rh%sBj;x5+`nB=O1UsJQLtr5pF z=jaT&)ddA`0tNs`fYjM(6krSvg_2;Am8m#ng+>8a?=i5p6vRga&|2AYZG>NrF_Zee zN6;(a6{JOOYm;++6paX6h>5riP4(r3gZRjV3xNlCj$_~_329CFuZ@QAwbe8g!I6m* zjOMFlAv%)NGz=aDu7(q#1TI4mJSI`B(?5pD5dF}Yn6SHv5XaQ4XlQ82ds>9MYg>vV zP9?Zs6CvhWJcmoML~HNbMM*+a|(!p%1jpNna_ z$?g*&4p-%sYnJWW;y?)DI5GK6<(h~~f^cLA58}KxR|nw|cM)#NjUz66tsnWA(xQoB zpw@C|qWAI#A#+YXrugu1O7h+yi&D5kx#}SB$GL%!+uEYJimwd;ArR);U{rGl10fLt zxrLz>u+G+r(D)EGd-+nsVt%g);LRixPE|NRN8rJ97fd2DR~PtkOC%DR)<^yfnQDi~ zNd8_C96?(U4Q1h%6B=rYn5MKGAyBDA?*RW)SxiyTiAk?nO;gP<@cD0eN~tGgGQ&4$+@rX!qEW3IsiD}95@4pm8zBK8!WRGLY^jWO$>A4 z_~q)zdB7pcHSviECO)~#ANO#M5Xj}s5o{~iTU%ccA|MdA)`lY?L@ zYL!eOH_gZaci9V7;1vSZa@E!==rlEi(9!-dp=^U42yBZ)0+kx50-1qr!gegB9>tls zg~ucTFk|wA5RDt!!LX@;-~pNH3;Srw$|NYY#;9I1ywdj@G+ZgCT@%l1{fLff*eWM9kZ{ck$EH9ll853;BtO8BNP@dRmdrZ+ zgUHmx@GLDYaelP#TKzXQG1_#kh9JUPO#lIiK(*j8rA0#{WUVCxA#kn1LAE9pU7Mk) z^*KU(Q#9lWo#$dAH!dsg7ndA1g2%)LvYMZt=lqCcRwQ;yhlRZS9rp>_|YUkeJ(A9zfS@?JC( zx5ycVz9&YGOm##iuqvD%grbogcR4}`$C9az$c8t#sAQY`qYfvdU%nP^7 zY;ttTq5-eNN+GgBA>(QRLMCf#0Yc8ubEu`MM(~*YYlX&nxTXP_YQcqrxbT&WpCY6M z!NW!4{O=L6g-F5hYRVG3}{ z9{4M@8ktH7><-NY18ezTr*-=ln>p~o^*57(nmpVu z`p?>IL9EZNnkY*czA4Vj0@oik-^E&*_0pG7csd} z2W6vPa7alG`72fQ);T8)I1aCCjicSeLwz$O1umRRKuOr`RfnOUR!Ualtw->EXm0jf=(K%jBWw6LpKNvA&fI4WDA|v~978e2haHgEQ{Aqpo zd0N{v@B?{38)s%_F#Np7{GXwpj7joewX@JVPHqT+XKkUVKKNfdgd^m=3{854a8z(@ z6QJUVzqZ!P%gcRz19P*B-wTnd#yxbVht#ZbnN&Gq;${DT-=E%V0yIiPLj$xFS*_I~6a8c$=*LYd5D2QOs^;eAV0%p#&qSOyj*gC^hnh4K zaZLGecm>2=ng|Slz$fxVoS)<8??cE0v~s~1?(FPD#W_U?bm3MX&hQ5Z7fm4;KPiEiNvC=f1wa9}5a(iuoRy zH0M298y{u;oNU3K>6VFqE>GOT5LQxBVrtf(tl*F7y=W#*P|#1Y0Tc>VNB+-0*ER;o8ZIJ6xIgq*?Z-^rCp4c5}s)D$$@gq+z2DovonP zVUEu2&PV=osf;S7H)%cL^l z>K^eGeyEhywH){Nd=LUMWxf`o zp$JqKcp7*M^R&UiK_pqZw}y}jmz>K7goKbYE)j@=xVs=zWkFmxGEYrS_4M>^Y-p89 zSH@$;n;OlkQlnc@6LT$#{D9NcDqwla0n8vnl*JXaPX8F`upr7z_&BUoLq9K(jfB2EP30rUqkC^B$ z91wx3*VNR6hlfMqxz%yxhByc}r2;?Co;`~I`#=Q0i;HV%X?ai6Oqa+FrW@d|t*s3n z6v~CaN1R@*T(C>PApEY?G>8Hr4AT(7!_^VtoIfioD>yh9Y{SpR;Ry8tasH*HC75f1 z=5TtWk~4q?<05YX#t=LpCJVq#vX*2v4SHJafS*k;P!?(dIdH2&oVssko|ffr!9zB0{0~<-!rUxVShVAYkv_z3<+=!&D7{NDe;1KQiZPgb;X4 zOmaoA3`o?Re2^`|5rSVXGHxLnE~!+VMyH1sDKuoOk*8KFQ9XL_>U7NI$?;{8K+UbM zlfr6bIs=RnDyWBuFv3Dbp^zK^K(<_lToD{I;1JwWdS+1(2xh<)Odr%WC@846x0kz% zaKr>xTwOTg7={OdT&lHqe@rM2ofoaZT_Qs+Ir8Ch24P?X|2jRoA;d`gVW`V0b=)o> zcn}}aAU8Cth8L^?e=B@~O~Y86IfsagrKA_1IAL))lUwso!3 zI{k9=vv|Fyrzbx@A7+BncrF|$93e0n-QC@YfL{z$Tqj(6C^X{4#>Q4vRdI%Z3xvmH zEPj@t-#TMgeY4rFy)Pd=kqJag^SqXZMs#l^iDz=L0m3Jwkqfq{WAQYMSQ5$Dr)^9~la(c$Mu2A3%ie6g660uz{( z^;gc}-U{1m33V|IA#2H0N03PlYpoj>!Vz?!y1IIFbQET~wyxpwwL491{a^>qV3-69bAK&8XA}QMI0z6z*a&+0`77e_@0u#mk&n> z$1lw6?c29uPLTw*4hmUTR)*;Wch^KNI?G%nW)(8L%BskmBT zz=gHHc<~~71ZPD}U5RT!z;xt^5h^Mws-U0%A#006d{c7(uLGttRYF0lWuXwZD~4MQ zStZ=nD&*p}+J>R_Zlgk7UR-h`{(9d4jeSfNjVgnVozA-|YrR3M{)u*3r*--trk};@ z2!HV4!O4>+$H&KU$)QqUbcDpk#jV{6g7IUmMS$n|^XKN~=BcTvTnKuR2~y)OdKcoO z3z>Q&x)8Ti02Np8MH9V)=DYXZx^xwI9X&_5v;xA=69C!KG0;1K*OlzZUzBRHKBiLO zaddPIY`Yt31fi?-Iytv#4p_~!b6o?oVblmDM!8x%HSb~Lb~5b3 z%%lPdxb<~%BvsC6Xy~XNof3$bR!UY!Q!rqX3_?&Y7=Rxh08P%uAso?6l|`Tl`u5+&{G0khvTWiayQr!@*%7}hG#jx-ERj`g34KH=lz0|O21 zx_%IcQ{36}Je)=L^?z zj#9XS*6DwYAl{su9AG0aFR%0G&)>a!7uF1D63P#S=h_Q#(BHY%M^hpY1P^Gf@DXV0 zJMHc50LRD*U;@dxK;(cVP-ZSGlX4;xBs4W^Mn(o^4zOl0#mJKjL}dITtF7%p2|+jHm6UA=l06$}mzj*X3dZy*36$=d!7R$;Xeg1VbZ zL?Fir2!UXRyEGMwB*5$7ACm{JYcpxB*is}xhKK`ZfY>U_D^xP}{*vCP6iZJ>pE|gA zUrA9hdJqai0&oL|QGnYO3F9f1(;5)ULU-e&2SOE0e%vzoQ5GWOmm~N&{z2Sb{F<5! zGa~#V4tEKHU_l)7Tx5=rKNrqjayfGzSdX<}acwFPF4wjlh%18A3K$KJ^M;0ou&^*p z8rQB1aE6idn}{nKWGcwyK_JA4wu6VeMCQnZt2;*ur9`C$w+f9Gb{jySmR%wv&N$lp z4EE0uvc)_KMxGw$s+4NM&`76`j~6-%dJ610bm`TrS8Z)=7$1p=HB0O(1*{Us75L$V zf9cXCUteET6D*l3#W4nHaF-@R6@bMti-ult(nCSqElyl04xXZ-BFqxO6=}}ubO_}l ziAlrR$6??{a=lcFhLYkAkUBl#1k0?lhz!ErmG8rVaYWY{Z(O~0VBh|5Py<^G|;MJ2^X zrMBQ*=F{XPsb04*GM)V*rLLy_?!!lJZXVImF-I*d|I1(eS9@oddygK@%}*5<<>h4M z&P>h1ywA@~)mAkZ7nH-lv@~5>TyY`pil>KLRAfX}M()(atX8fZ=;}GJ^FVS!vT$*} zrJ?rav*)wZb47(^@i(sf2Ko2|dWS_tU%Gj_sJcQR6D=(*JbwJx+utuJB>3U&yM0~V zy~BeKpFiL7^|!zI>tA{L`lY02E%NvoZ!;SkTG1iVnHFYe3UYGe&YTSj2*ilh*w_f% zj6R0Ba$#X%L0*2sv*&TKryt*Y)X~<-J=B5&o+Psa3#QZamlsb&gxgqKy-7+wemp8X z{CNEJ+kO4RTt|f!sH?5MdiAoeuXl9xiQL@W*;&+`#bIdU^Q-hlFKka|=#% z1bt0y#pTNvj~@@mh(0<>6C@qLufaIn+nsR8UgRxIj!$K#XXR$+y-aw0^ZKo< zjO?a{#=`u9qQd-y=T9vxj{f@BfAaP{p782j^4qMu!m{z{IgM7YP^$a-27r482l|W# zEunUX*PH4qTwR=Q-MU31HyUD|*WTJDTIO>i9vT=#Qvw`cyB=TH)F@Tb{`iijw%X$A zx5?>u?>qtnubw}vC@JjjY3JrSwcYI<1^K0Yy+g=HqmXxZbv$@*FEG$Q zI_6|qSsBbX6uYCNQyk&!3v+_~4<)}f@QHAa<4P+MAj{>)i_|G=Ll~$%!Noz`L^V0Jd z7kQJ@W4ReQMY)A9UM8MC6L&lQ)dUHgQ!`W2(qqoXT{v~NxuOo^qC_fh zZD`3!&z_xGKrQO4>Pibro+T#6#+`j~`%Z6bvr?zhfhE0uZgk>h;;V=gCr_U~`|Qb! zgy*j-tLhgPg^V?FKce+9;~zky!y_l7PQWtMR@ZRfla)(l!-GRIiL|r5qo|-TJ2UIa zqsQ@AuN4;->9vG4q35swumgFyMchf|FceTZz~#%AFNcPPo;`c^#*JGWzu8hyP^41I z(Z9w<#-BcZ5)|xx;o_O5#&*_hn$E74oXmoZcXePv?M20Tr6u|GbydYh<;ia|;x1kZ z2njE(z?3&`-011)vrjj~#GdQ!?u81e z6~d~@(hKLW`1=K4Iv{``*$BiMV*8_Y;I|jsnjGlqe`$i`R4VrQ_&~FLL*-%zO%5f_wkA7 z=olevjAF>49aQ7PT}iK=`1<=je3~%NTShRd2_y}xZqRED8g*Y+=i`Tu!a~9$A|g@Q zvGHld!5D-b=BLI=3-f}*qC$_KNJ~oabhNW|aBXPqhRM}RMHS^WCr+IW^bbHsTUr*$ z)tEPsV7by&a>3--pr!e-{LEsRh(FZdmGv$&DKYu(of~1Hftjfp3bC@fvd+fF?!Ww( zzqGPG_VD4uk&z)JA0Ho0eEACXy>Q`DS$VZkN?6~ZQc3uWmDOdJu3S75apLK%2k*!@ zXHLw_kB&?>RW#&fIFl)i$=aWo74Lh`~6^G-aLE>6f8@11rP%R`EKFJ3KVwtg5PTb#+cnO~sg` zR%>xT@$Fle;~_mmL&h0djFaC1KaVcqVqa#J#ov7CVdw7ZA82*V-s*_$mM^ycxBvV% z+YcO$zI1MAr0wkKFx#V!<3p21qi}Y*-|~Rhx#&BK3%&F6?YFNz_H~Usd}yz=<)Lkx z_9Z?|0|QM>4TlccrX*#}&JLfB33hjKtFLU%Oe>6uj!8_=zxu1+fAZPZto-bS z<>`#nHxUtG2kegSIefrw&!JNRp#`lCF}H4f_<#NS>HISsdKw@~yC(9+(6Y9d`jeXE%aWq$RYQO=kHv-d^aroM9SNDz`+8E{Q8Z%{sE!IMHOll z#!iS%t5)!*riMa8gI!%+XQyZA#WFQpu2AcZDxGXeaO3jTt(&*l*xA~9xSqIhwtH$+ zq0yEkXYcxOtIa`=K%bbH<1yFIo%M7)^6p)N9Li)crWF*qy1FMmc#!zuiS<#Bl7f1z zNG9dYoCpuzz3V$?R|iKohr9RhOwCLKhsB;cy?fi9!)8aleF9_8U78ciA&QyyrW4L~ z?$);U_U`8PzKz2R0ye19!yCQSs983OX5+$wBm6^#2Ihdnv~u~>j9OUIC{#uaK!7T2P~#jMTlm20+C0cf85D$&N$s<*RC%omUlwL1DtlTN=lH{aRXwrksV-1YVJ@^<$q%F9Zn~n1gS2=cW|Z)HZs1di}@$ z$N&5D-+vf&V;!`mAVea&ss%L>u+>oW>Yx%eJEdi03Rv4cByhX#Z+43CS{#)PQb zQI-LP4Xv}R`PB-x(N1gZ&#ww~@;LqKZmW2j@VW>FgnfgHo?Rk_@O)f^vvts5=N$YC zydI1FcBjIx=+u&#sotpY2$4|VAu7`YgC*4^gFP*bVDgSFX#W0v;* zR&M?d?*99}-F55y<$>{j9eS`v_2%B4J!X3xeLM~xum}o>$}ew%32$jAKeTO|%|0)G zrE*Be(u$_rjw?zT#Pl&+8n^9tU^#70?LTRAv5 zVOHPL+#wK%Fw;nVm%M-f-Xlj2J2|=R*uFO=`f^YAAdJVzNY_3HX}6`jQ-qi6i8qOP zN*NeOO+~1z!MHR(Km6?Jy9<~S#4=Zi%!6?&O{BHXff7og1?iPH;_0Y~^ zTQ{7$me4*XKYudr|NFoF`%gaJ>g{)`sIXiuS?+Ai^Km=2f1kCZqpydb9kM=h%-hv7IkjMHUZgQ9NmWn=vA8hSTjO-lEBkqwQL^~t zcHFn0Y;?Ex^7nPzzk8F_{v%nha%)N&5A8qtzyJIHW7F0xSFT;|AM6ncm+sxYxnt{h z-kyF(kJ<-?ovLZ;rv*5bzP+^6!OL;q;eFowj$ZbTurRmWuwzF>TRU%o@4D~U{%^Kf zdb`_)`6WDg++Ee+b<8!~GwgBvgJb(G|I@$wkB9aiynOM>xpNo%1A`250) zly}yy?s?@k5DWFYby}xih!|dHI<*F`Q?~#p9UAVtc=7znlTlq=J-F4^J9PKy^E(-D z79?WhobIM)l-Y@(dg0vQn{xMGZ?!kKFR3Tg3wxaYGSlLK^|O==APl)`_H1m>;k{O) zePggzOY_5yM5B_D9QK)~)K;|2 zPM+~N9_JC6Royg;QE6HpWD|Vj+B1<1o39Jb!6P{^E6(g{{}Qt9Qg=;lyZ9Wm*2%aF0eU8|d!}3JM4d3z5kbm6g>twoY$S z(gk9bP@=|ZIc=}@2QqHLLnpP!!}86Df!-7i(?-n`3jb8~xq|IW;Ck7{YE zzA)|U4PUy)-0l_|Wn6nHmWg?Go5uqolE9%9I;=!)LrOAcL{Bm0}%bd5VM!nLY5kI(n z{pg`Xt#z%lqddDK&RaL^&Pyv@oDyOj93L3>b$5Sq|Mv8F->s`xEe|6#mR zjz^q)`Yb`E)AtUJoWFGA^0j+ILo=|6^sE55Kp_-~=I-CWYiVhD_41Xh)U=u5u@w`n zH9m~L72@re{5lDEySl9@AT}x?FI^~?zqoK```>(hKH^?;?YM*|7EF)dJQs2CeB_c= z(>1>s9DVxi*>nB%^^Y&#ur~LqDendPPkC}L*vmC5J$YHko90bU%uX&W@nBVfX7aNN z#R7S4LwitE%$vLtflz$G*X^9E-9SS#_~aXm;|k-9l4MArUC%elri=?ir+nO;ENtGq zE-Wl)D9+BjdE;tu?3J4KZli%$lJa=l*H(#1Wjf=cPBZy1>QS&oRBK25z+~H@&3i0& zSQVGmHnnyo#6Pkzv(9R67!e5k_SxoO~X>dNd-Q5Q?YsvePzyd(ho8 zW_p%h`PH!}E^wGKp-(fszA9gG>v;VK^xm!pV0W2B3RHSLICS+02uRbQk+B`sdSgLW z&R_h;|K#K5G1SvXfog3>ORKw^%eiys=4O|M2Bz=cesTTU*ez#je`IGYwtbWs?4%{;qR~bp67n|&iBln`_1(9%=C13byb%Y zEv+(QCMU^~Bng6&K~PY{1V&IXpqNlV5CjQ|f}jK?=bTT@>HU6d?{g5VtnR9w>bZUA zVLgk(es@@V?X}ll`?ufoo^x(r%kgs$x_0TRNZQ`gR(|L}&b7>S(kUm^{e%Tb(KSkg^3q!b1&XVBod`b zpMT-f`foSnRXiCN>25@1Cu|R{Xn8vhu#T~@Ta$W;>gm}6*R@-&x7BnDINRxE?Ook3 zUtnA{WzF;B(uKLVKAzkCcg8M^nGCwIx9#O#P9bMA3noWbHI=S|D(!kh}D7@z8li98+bms$PfsRng>i_+qJSO3B0;f-F6 zT#zXZQr(PNkkL&LAa?@}u-E`PFJ#A9t#C-&d!@GYdC}clWrcU|=U)qO-)U{N;aOe% z!_vpT!Tat!d;%waR{t_BG5&T=_CjaFZinq3|8C{=yLEjF+MyZQwX93wUc1g-IVaJ~ z)!oWZ4D>s2_(1>MWMA*->8!kr>}!Kl^Bu3Bt^Vi_ZX3gjuQaP=8kKhZUimRQk8eAB zrlk_$-02(Pp@EIhuGN(0+I?$Zm|G^EpNdNi@$>iS=xozybTiZJ%|Jo8c{4vGG%zJK zv9GU3rPSRjcn}&Ce>5Y@WRg9rFZ;KD`Hi#vuKMae$&7jBX*3eOaheTwy6VaOpxptP zhtJJVs~2WwGf$pKJbAHWcoGqN{U^V22~NIQ{z~4}bS!L_)2{gEUCM^4dOv&DBN>-l zJLl26bb93E!Qg~Q-|~v);ZbpCb8&LCS7dzl&L9UwXJtd zX&}6A)F8?j4fFF4FX#F?IySZUV$;D^Cf5l{g_eE%Ko7ir`bfIJt7}QYUHQCxWN_wi z`kCFqaV3wQAxxE*JUFm>=ZVC9wQVD#^O}JtcY?RC`qIk1Wk@CKX+IY3>mRu9b?1y? zL2>`ao#=#LlW zcl16UpQW7ERhHH{I_=E4d}&@fhx1#`h10S7_MSd@N+OcCy&Xt6bn--Q!Gc&nT;H6s zdv|b5*z?u~VOFVZ?hOgr^Q%w)c&4CWYE~R!>uvY7)sbr#+htR*ytsF4k9+W$^s{3f zqvtcvI&E_-FDh3_m6Max!NH-Y&YT5!!e*0l^kh=T@mJl0I0C6E=5&OMfCXkg0*Pe&R8~rm-|n`iE^>UMpj1sBKbg8WJhACzuUH{5npC2h ziRUlsUi7thjrQjxAKCo*H)o6Qb&BVX?>z{-{(5LqBnX3TW8Pc5;-Zg?Pf02ZOT#=o z9~TxPrU)kE!ou94BZtGH_ICF7E=VOlKEAP0F|)(dILyB+e`>qIw)9bbThCKY1=sB%0T2#G^yq-5swxJ6fxs zl)Jh*TUl-B>gws}=!)1IeeV3F%IfEnGZG9)CXvq#_j=n|MFn}6-M=;5-vfBP&T30d zedB^m6&@As<>l4W(N6cij0)*k_x8;jedCY65esreEsaJn$br}OGktfjo(~NRFDR*~ ze>13{aEe(_7GFGSz3LCgj~}mn+4ijIjgyD}o~XDPk)o#dxs9#Uxzo9NHd!XMNzfP@ zs-IbXv-aNge4QK{k}~JaDd6?DuiIzG<^nuJ0=@PObc~Z<7=)fTU0c?#&pw`^QOsSx zbjiuur>$`W`LomV#DtXe!x^(8apSAjxWq#xWi{|A7>BT=NoUd{u&azleNjmTRc^H}BZ@aA*E9i)IJ zFZ+<2>$bu9`R1W9TX*j}ckT%a#ih(FAJ>TH7X!0{qn@@~_wM$c80|yPdO<5w%f}{0 zLxMtWwpth7dN49Lar@pw*Ij|9F6XOs`l@S}a^m*g$-Ug%+zsr2?R9~kL2{=IuJwJ<$@b&Flw=Zq-A6E2>BqyR$!foB^nxD!@M@4Vv z8y9E)kg$V8qe`{TjMs5E`T<^Nc+v4VqvMN^om&oo zb=$^G*DvKM#Zt=A>K~On#1Z<`sZ(#-yK!DUlzM7+z`mZYiJtCZ2YZ(zN74b-(Gshm z@^S6DH9K<8=jqj=r06|6Hrn60aeHv2uBPseoAaL2Ckw_VS_&Ur@N@_(z1ak}HOUta zMIH=t-_zYQ@T~4>fUV2rth1APgr!&_fPwP&W$)kQ|D>%8@Q^(NM=@S2QP!TlX}5CS7_EEZwtdU*{^j4k z`E=8>%0`W9D0aVJY}m2R<|!cWiLsY~o>51Vaz+N;B8*Gt7Fu4mKCP>I_OxNURhWlM zv{W(H(Nnj{%KG%l+harQkzZlHwEX7g^}DX*)X8OV-g!aj&%cvFqHa{lEX8U)!wSz2@`v->v*|%i8aDtY7=vfBavoKVQ-Drn7%wG$1VI z#QCdAtx#H4nHm=}*WaNV>)7qM!^b0ZVnM*lMQ3B3!$CVe4rLw`DW;1rUhvwoIq^_p zWA~eu*PVMp<9x&7MrOsYUsSnn-jbhHp_?PKh-CvsRoR|FTc5q?luCttktr!ju|{3r z%evbhTRe&`Khh{Am#&-$3H5tYUGe5k2fbTp5~inT^YShQhXhnsJ)%c?Ov2QpC^0TG zHs-+G+{oLv4bF}(>8V*0L-ck5#z|jiMsM0JsI-G>?MP1Uv2Ry@b1?b%P~XhU=k)iQ!A|-tY@@ZwMz11gI z&mW=N++_2~qFdQtt#PV)F)WjeMeg--_utn(NEXHj6*Cjw_S>U^{U^uz>1(A-YPCT# zJ~{TmcqrE!ub)2~w$tf(X({a@MnNi52Svo%yZg8IjVtKsFdl@B@`>?+( z3uibOpSnXac0-k7tfwm`G&nsjPCP!1DaY{Z>R!8hhTSizL6}0s4X|0;Q1O7znlRs= zn-sp@KHz!R+qQe)-ErfzQh34YHea-a@gKTsY=^BI=*{vbV>EoIhBEJ zu*fgR?4+{&qaiahy$de~d?}?7>k<6l4=$uY*4|a%&XkM7?xmOqd zg-yeg7g&1$W?1C6FW=tj@-4=AMjPH8XF((2yjb?4m~1X=o}rX zKX&M}mt)w<&;Mw(_M3nDyMK4F_3i5EZfb4bu-+~^`;u5ZaU>(&)77J+r3XrB6`Gp` z7hHC3zj3|DWCY060R*1BTUyj76&;I8-RBzIF*PT_ zk@xLnxO+s#;j?PBa3-R`&TfAI{2zS&{bDtBzMqtpi;>lF5m=;lZ8O+f!qrv9H5=DwRnjGx~?cC#4++ zULWjh&pL6~dfSE-pMJD)!a8=M+=a>AUrIs@bwG&!ymu$4G4SrsuOs9yywlg zpZv=oe*O1fe)8MTKKbaAPd@ql>s8gy8s;R5z58S1<1c+XhJ#FAGbd;H1%}z zlwlHBk7i3QXy*j=taN(l^y#x3b~t{u(fauLt0KY^suS@cpZw$h{rTsgf3|wVr(duA z&BtFJNXx`Iq2yu3)@`=0n{W&e6k;X+4W>6QTQ;v=U-6)5VR{sJ6?lESl~wcemxEnH z!0YKr$Hh}B`V5jm=x*=av1wD*u_J2v?4@((wr_N5tnF4x1&LUlfBjZWY<$I&>L+#e zNhwDvaCK#yXmoO~pXb$_(;AILXH*&Ju^XdCr}l93{Gb2h@4s8Q=8F|8fBoy< zuUNSz^FrQ&R3^-f6`strUvIT$&DON+>#xUUQtTjVy-p_+3?e~0E664e?F|cX^C^B% zU0>g}H#Er4*Q>C+Zc-u>6vNL-uCH2QegDDp1zDd~J$!OscChW0E4 zedBBI1cOX!>BCmFmmj)(vF%n_)r3NQd|&FxsKn9vv1#3`-YC&3Wg)?_`=XBxjmi~j z_FORbWNeV;trIqhsT5{`NO3{`m1~_no`@d#Bpldc3`N-M(F*H>gb} zgF>Ndc=5`~!Kd&}v0OZv92fNu|Kp#&`C{cC{`lX%`07{x`m3)GAIce#o9^o9^s{vaUZ2p(N2T+%SMLUIb1JNN~(^B#;jbq za>c5zzx(W~U;V>Br{`Ul>V-QAIpJ15HE(*b*yJptW1L2Xwmz@WXPbRNOU)n_qh7D< z>=Ta+=A1see&vpvm+wwbw#Dr8jS0(WsUK7+hWdKyyq!Z2#%52A^-4uUr;Z-``m>dv zfA+D}#;yPQkLv<Uh(9Hvy2&7My|%{A_SdgEUpGImtccwc>SD9w zP21a{;feI)=aY|QHMjN@6+b$8I8Bhw8mD?9Je*G)y)ZUs>Yi3kOLd~r`A~1a6K9VP zjCGad<^J~X{`+q}{>?{UfBxBuum9zrKk*2R>K~hFZ+hyme#5m>WojJF4T3^F+S>c@ z(22 zOw9g(z+ID5qiVI1e%jI`#KolB*}9I5^fWiu0k3BrzbFC9qc7_fRC0r!qNms>U_$0| zb5H!suYdLBXWy;*dc#+rt@!O9J_=3F7@m=I))cvKS$*nSDFNA`HznsXH#_XEZJXv7z;HTl4qw|ydPe9x=PeH_+wHrD{GkBo^0{X}*7Ra@taFFpV%VE1|FI0dBydp{L8vYQyP_BZMPxW>E|C^O_wt zUP-AZMknU;a?gjjY#Hr%HLnxq(0ID{&dF5Iki@d*J!35mZtK4K^s_Zzerx;1$6tK+ z#W&V=z7HPPOLXFQc-=7C(_HScDe%#i=Wv6(?9@Ov|E^cv@bvk~-UH$B=}|{jbNUgJ6*tF~{ediCmUSO4y9J1?Z37* zQl}7OW`%-++k5v%*VH#uzi5n1Ozs+flZz`m8Vf8l^fh+BMQmvUjCv?1&(>nmsTM1VzT4ZNOrXS^w9A5ox+lY zleEmx9#2S^QgG6qO`cItgNNAU8>X!jZN+e-|Ob)Hr(GMm~?_c+0*>g z*~uX+<{0oX?K|wt9#%kv9)K1gPob$St*~0X?(Vf40^JnQB_$YXFSP|D@(rWX6?n?fS3Dk*c?Zgb_#1@ZWFdVKPZOX)9@C0b zpni0qt^P$`-fgE{5$Eqzz+t5HxiP>ssi2+YmydwM(C(+(Z*4vMU4 zXu{T8Q$^yvaCLO5sjT7_ilR zYO9+&-i#oE_Vtc#+qQ%5ug^^~`wNfCs#bor@%oj5h1s!N*Dr1SZp*36llP0x*EbYb zRkRHDi4b7&Z=Tw|!M*%W1K}Z!;%MCA0Jo6tuKpMG&s{cb%{zTwDwt+fvhs^JTvl7% zDld7_-JTKy4`qa(aN|SIS;au=~kD9h_fKvLMbasDTQ0bcr z%Hje-_nb~^*UV5aD!pDJs(e&#yT$$ftrEFxFfL|y@UHlwF6gr`G}!23>zkEvwY%f> z@yrCzoo@GUKd66Jec?jx>aScw0#o`2TdV5|9Ua`STq>ELW`@#CK;AXuBM;sG0?;7f?jj; zVvdKSee3HMjn-K8ta)G3;kcy3*Yj_c6y7mOXN7WQA`f&9i1}H5c6esDhtIWw zD`S%bm3MEh`|OWNX^HpBA68b?RaZB549%#FLT5{(?b;2wnS~0NhE{`kPS$$)=J7od zi3gI-UA}m`rKv%!>~C!>_1x}pHLGBLW*p&4pvbO)`>`Lfl=a2l~i8*c+6|hmP91csI6oqdRz!TB)HTgYJ1*$u1Y? z+xN=mRb+gM@hCPJbqa-Oay-Px`*g-p$<(YtZPckvLqju8F8){YA7BHzb~)G2ZsTBE zBW4ZzhM<@{ve(bqH>$2>c($u`=lZYg9K6q7Dl9E5Eqn0r*^BNOsX=CtDs^%l@GlzZ z$40yA_w0-6Y~>-(g+}4c&~W%j_voJJQH^k?w8OeSe-YuUX!c;(7fnMY6J_&B4bZ|xBJW)nPuT%tl>PmMI+s_^=F zePz*OELyo-uaxN@6qL9+c@-3uEoiZK$d4UOvfJ+P;7+k77Yt(&8-t7E|M$XHX$>#bYuFI~RAFh7-=8t3Ka-qG4QIWnCX8y6K7 zGBn&PT95;IBR~{BxC2;u@7^7yVAKl6TW4~&to-iejVo>Aqeu6r#`uOeboOASjdo4! zb`DHCcxqum*-%}#W%cT#sR!huIl*Ln`n1-2m(Sk)`{u-=v59dnFQ21FGH1tTvDE4x z)oxw0<>JMg5``H6(H~f?5l>CH?AX5Hn^oAnk)u%RaxUfDI(pwJES;I2Op1>R4%{_4 zhVzNOr~9pwlf$M>8`+PNC|C@nXYmT|Jg|52c=DvC@9pcPsNl#D|DoPa=p&QKP(j4L zq9p%D0r2|WJ2wTrS}U6`yL)ZLr=NI)Ct)*HV!lvMD-(3|c~ki;ef8M9R5>&`zs{ZW8veHvS1AXs5xUJMFOKA?LK-UYkunOvx<8jE}>WQibuxV-nP~F+W9+e^zQ6x@9A$tG*6Gu7#W|z zp7-$PgB?~o3MwlGW@eK7Bhy0Ty2i$^`*hd5@>pYi?C8nqnT71M6LuT6H8wT0y?Gt# z;e8_QX#ec2TyLtsS>dzZ>CVFnME^TyuLe1|-7dNEnvhm8&*;`b3V5lhI%v z>_8U04hO-Crd3SS_Kuf{$nYcIG}qkF2w<8N7vILdxk$%;157kKC!U)JUU#;4xOeL| z^0i78@@s3J`1yLJrXEl#=%bWcHP8&sqNcZR`u6XS*|#sU?&%YQQ8Pb3fBab1uYdK? z{ktXoJ#TN_xUyrDUE$sPdI6zNs+0*DC8kVt^;(v*&93^#Z{dwv$=t#H2mD+Ehesw} zym;Yl?RfU+iAgnqfair}?i;pWExcV`U%P9&!^M=NP#bexaQUj$+Kri)uZ+#h&+a|y zyUwMe@%18J*R#bddpmgZOzyW{cFEUHk92hlGYbG-Rpk{9+dYc!mWdYzQx8Ns?eMKF zf34R|*HqtL@%vQ?`wqW)`7|LeG{`?dMGsl%hK5GAZ}#(Y->Xo~yl$&mzi#uDOGRP; zQL?49;boPt_x_Wa1+QPX;__{4aZH5wSAVd2QbNx(DzyfcK?J-Gg>k|(&{y&5-l`fo)I6x$g=ly-6j%bSBH{+f@~h$`wlOoJ18Fm-_V@s}mRgatNcnIZqX``VD>pp4?Y4dG`TU|$AZMNU#;LKm=L*{$Dd z`?_NQePL#hNqAka?`vv0dLU)%4#%A9_eQ4{FmDpEVxXrN4X1|(_XY*}xw#kLErgNP z3jO)>SFCM49#z&u!lRN0{tjENo;}$_9Czg@9vqvP}TQPsp?a2 z#KM(aMV8U?=V8zX1+%HK-bRnD{zaFn6f+Yi4<|Tob$C`)k7?2>XCizlPRv6!o&V3v-B8Bdwk8)~+WHp47~%u3xz7?&$ucyh@7GJNwf2 z+lBYOTfYI2{rT&*Nr?<fvr8V}Vroq|4&C@?5C;$5F{LuY-SG?VJxjTCv zJ)D%B5dFu0U%NLbxwq#<)~R^=9gYX$($fzn9Xt@f>Wg*u)}F0xZ(cOLba336d-2N9 zVDFK`sn{o~E1q0BfBEx2e!6^`9MNPBzR z;Lwm4jSbNJRmhmW4Dt$TqHNTjN~EBQ9o4naX732}+%&YXW<_q3;@Gvi>|rnPIK z_K~y$u8ww_H>`hI-`MlEH^682{)m|A(Rm&~`#O8Q+;*Nmc}yXluYO#)(_vRk#KDpW zl{3=|DwXQ`jcc|}cKc#u21h1gG_95xb~73Q7A@)0bVi*Vcs(&OJ|rwOHaaFGa5n&Y zVsz|qSFc7an;INRj!&?&u?-3dj!#KGdEso|)EG`T1*dbox4AqjX&N0T25*GYi!vMX*?C*zSas#FWDai^_^;=V!V*yCV05 z+ikN6_76%=J9;+v^0-(E4SSjzPA0^pCnUy1C+-T_mv^tMcVZ4IlmDAkf^uFyIT#fb zxMz20cjpNEa$UVrAxTcnuy=4N$j=@hY~Q~(s52Zo43s_ zwk}6gk5A8tFjG&8A3JP!xODgKn}NYtzwk)Upn<7r;PsB$W}nSYxfd?0)cV|$=Uukj zclC5Ozi!&O!|qW0fw2W38{yfV%1s}Cccq|Eq|v^qdl?rH?BwPc937l?IAKp%(AVE= z@(YZeoS`StpdDv5eLpE2c5xxInd1(;OpJbr)H#`S`fHc-e7(HA-97g2jXaoqAT1^J z;`s|>L&N0{ORd(eFSwp>wxmgz7#}^IePYLsZF|BZqax!ErktpG(nQ8K3HR?8`T6bg z^Y@O9iHwVj^YQlo=YRVBl}q`+ZG(NC5h0OwHuhl=9tla|S*P+kJI2)7xl5N%+HZ5O zc<|h$R0%3+X3`N?>z!lclil6j3E@%x?p~=`$Ld}+-adQLX4SfT+s?$H~yg1&85qmWDIr*B=k zJs>-2d!Jk-e4U{p$}G=BHjXR;C_I3=Iv92;UzP9P!}(L#wP_n(l zj)=V>iHV8sZa#ZL;~HMHU|6qTHLP2+{^;Rs6G3KTxfE+%uh)w)Sn$|bPijiCgRP6N zcVJXhRANf%qxx4knKx7vy6xC-@n(?-@m(~2o{ld2W6}o4C3JL| z9xE=$^>W$a=pL{y?m#fMJ?ph4m5so@vlB!9o(^6C5q%RB+_36(5^;USqrIU)0fD;^ z50leU?iSsf7tMVz9wP3|jt-|rMY>w=NQp-nPE9y)@XJ+e96h|dhbCY>iY;n5k`YG% z+4xw?^B4XBAzlG{Xp2cni;j*xmwkF{U_idG@U*Hbe&0SXSGV}sgs8~aEnDnPW?#gi z3nuSuZ^=$e2=>_-5D^!9;K-TO{f_Iu-tO$%&^D}`9({Dpf#QdC z!&73VK|v4b!hvzdQ;&7FRC`zl6y`nFh~}^6WCeNcZmxeNm}Cmc#J<3YeF6K2x<+3% zzINK_=H>5ut>Ah`*W2l-3HZkP)!&5#1SiC&oXNS;+BbsXm_*`B$B+63?+S?sP7d0W zz9-t=&Uu}+_5H_HojrrQoqbLwXAI2Gz~K-XG&3T1o1G^Pot)?!FTGO|;1#exVqe~+ z%R@s08jY&Fs&eC&t-%oy!_#vj743WMIjLn@reBQy)bs1KLImUV^yIBuchb|3RFpq~ zf3tVl1YuHqJ@fSO%ehl(#Y9u*rG$*u##S^_spz$ol{R4KVAI*>}WjC%~@%Q(&vfGi6df@7r z3-NpRRW&zCje7Cu+^K`d9NfK*ozIyZn!0f8+~bNm+O%{!L9M)a?zD@8t&^jDM8uw| z>L)6VTA@Fn%0ly=x> zm*1vs*0G5Pnp)anNb&5XVAAB}oVDG)#oNon#l zoR!RpPi1C3xKpfC8ngXGkm zzr&eFr)I_Q7W$fXW;7igF?0(H6Z!eqyn%(>-96mg6Jz5lOCP~u^h(0wWyK}CynWm} z+_&u5zGq)#YhRaGDtYtt`RUYSqr>!hO32Yl=785n2j85|yM7=mM?!~3c&n=P=JnHA zc^zHs{+vNyR(v0LeZy8O&%j;JUOtz~=>djw+2pUJ#5H#omm!3sCe-*Z&j&yD#2r zr=K`62^FPffxdnYHnw&}`{mx=p<&pHPmyIn7$%3HQylQIo^z^j0UFYJy zBQP+kq2aAbkiTrMK6Na&r+rkXP+)PD-6^@0eX)OFNTbozmR3ZCg$G83zkJi$+tiwy zd8)aiT_qR_&R;qZ8fmk`I$(F;wTqVlu!?Kz5Ta{uRb0+E+c`2OVgA4;pCY;f$Xzq3 zS0rX<+E{IJ*|6EgW=D{J!2MgL2DM3}npGbBA!m5;yb%uI5d${{0q@J>M^xnF|F*Wtj_}GYA zgCMM-2M9Y`0)zav+wIt4XCE0IckT8AsZujC(3^4KU}H^(K|#v_3QJYPBH768I}b84 z&ay9Lglf{+$-YBzX-!XCRZ2v$Bu6xjQ*H zI0OgnsjF#%K$%pmQc6#q$SNuGvTlus}MZi>EeJ?-b_=V1ag{jfWOXn`!yI(2S(E}>S8V6eUYa8h!hkB^JX&db-Xr)Qoxf93kn)GYsMe_AF`56gtU@WA-Cqc<`2$fm7W zDo$>09=R8CaGKI1?i&oRUpB_=k9M$g-0A8W89Tvf_`SG^GHg(qo=>Ui~ISE z1J}+RJ9zBuqzHSKPLMAgJ9fs#!OPjs#lyuj>-3euQJe({jgTb?q=@Gxda}~bzpCwm z0%b*a4j(u&J~V-7Diuv+A3px1=!srsR4H{2%E|)5LnERid;5DdYGr3@E6%iTj;@Xl zt^q-NZayfbr2*d(&7R50wso>`+qxtF)VbK0#P7Cjt$f~~(FXs{5l(^E z=Ot$|&lDFF8RZ6}%6Q{SzUNN2__!GUvGS+&b$+`8qvGP`rS#ozP*$O(yL`*EOurQU z8N6;X0X7nHBnA*i7HXU5i?|ScRCEW@L{Dka^BEL>QGp&-Mm*8c9TBzBsMSk!I*CqW zB-W~R8m&%6&mib@BAtGYE;V``kf2tnQ_~yDhyyy4(O?2z)k73XLzY30{Sr(9G+>ol zt5Rw;YAr6X;IvA;R;AMlDy>nimEq`b(36HLgGz5w7)(Zu$)q-+T&sgbz(b8et zDy1Bv^ym$pP^V-Au0I`Bm?fx)#al8G{|5;sBg7fC&_|Lf{8O z4vfv;JcU+dbQ2~7QBb2*DpV>JwszE^w?Prx=cPzZ zjG3xnJ(MBFtZ4Kk32XvWpfoePbxU)jLqa2?r%)GW=?z2JEALuvU}(Uzh8Hw%FctG0 zW;?WmL18W>#t1!mztD-)g5iuNgN}aVQ?67<5g)Z`wNXz`zT$txV9;w-(XQQ-HM)q*AElQng&BS83qD)IY|oH!8Fm8KzyO&}bDVnBJsQ z%8YWUL8Z}R1`Ygcel4~oXU7JHSLO$d=@&*}Sa^s5^CvTz6evVRqfV~Z%XRd<&oDe} zt%A|ua#%(1U$&%Zp^zW2H%gH(r!jkmcXhZQa^EwzMKhco4D`M^t7FvYlqi(QXCFN( z{py-t;0QM0MF)6~$*bt+Zx96FvI?0| ztz=(lPT$0#)#|Xy6~q(-^Z-s;1R{zXWEE8C2|*i-u&JgqDurk=h#q!YX@DK=8rgoW5c*|bD;29q4of_`rpHoz2-6p+zi#D*kQ zsw7J6BWkvDLLiTgY%K4XM#Otnn@lQfNc4Uq_BYI`Ru5n;LvX-)r8uVG9}5+9GBA&O zd`m(amO+vNuU>&&1Mr;?p?txppr_R_-F!QMg1Dr?;SU4*8SxPDRV}ELbmI-XE9r(g zHi97&Oua9Pg&`0F5v#D-stqtPg~A{} zvY-|TDhVtNooVrCu!|A0Cs3dO0^uekKtlbJ>hKl}pUn=20iA{C0k@MC}|LKs+23~rD=gDv5d);-%z80KSQXf<=-LUMDkC%i zfU@WST!&z2f@}>{V=_U&Q=}NJUi#e+jDdQ=w!yUH@eU2CJ}Mdk5P?mV*hjHBvthl% z>+c{tgdzd$c$DBoDK;3$!7Jhw5gUZLklBYb4FJ|7qNdoa0k&8W)EH<45oQ4%sx^mD9y9n{FalK3A&xPhVPFhLLFRvGiWN&f#(V?0Ob3KfdZ>kc4G{NB zbDU-|@V)5A+VWUIi#kv;_ugc0Fbq^poV0h+*hWhN> zO}AcY5GJ8@e82$P+w;^7cq0GJTj==b%K#juy9rzhuH-NAsVB&%8C>j9B8t7CGrr*K? z)MUQFV=WT!CuSV@1KlCOQG>qxK`mz=0;RboqZu)9OTZwRFv!n{hcuU%96Gy@Q*j$G zZz3j{=C&+O;T35pj7A7}I@&eNj!tZ#4NIrRmPdP#*%+8)C=b`7-&1AxAe3~s#oRj$ z4O_jAR+ITY5v?84mCD&GyJ3a@W{DPS!vJt?G82uEjfgK9TAHK}gj1=0alB*)oklb@ z@~XA5ySHPsr}y%i^M3w8(a9-OVwsBdj!ICH)*2ae38RS2VbrLVlau2$HBSzvrKTND zZ*FZteHt2@EVIRyX_Pk%u%DgZjlx`I-ZEKp*E(6R(!$_=hVB-^@gemkQ)vF7gM6R|db| z@O@&I`94uy=%K@AEGsT4boX!$4ECw1f5L92Fb$bKEnQ=-!5^0YJ+dgv@Vdc(tq4Jy zwlPFty$pB*Idbk;a7g6nl_;e>kB@-40U|Qrgpek2Tw79$u8wxN%#q7p56`C8$W@#iA(;!QlXPEWms*%kg)F`NA^2*}U zAYb3_)_n8Lnw9G}uGzeGQ*mk4zzBWCDj0`A*3PJ<0}d@=%P1k`-4K@Pmm@wsV2gQ? zVYV|b;?WONV97TZ@eCj%LauC*040DgS>YmHM;ULy2-PTq33(?8%r97i5I6pz9{C$x z!nK%_vpNjZqZ{f8F&xX3l~{F}U5|O66uney+Opg~mxNGa^kdShyqOP9xhjpT! z=xYo0b>nl&}E~9dxQ@YYt6N#B6ElmDOj2LYgDC&2fT_&=3RQ zV?_nbgvBhJiBR^T`9<~zm`@nP-DG}(?Cj2kdDLK%O4?d{iEd2b1N{ zmS{s?`aQ1WNTi{$7)&zX}MYu0}A>1Q8r zSo7U?tH0eBn=mv!MZe<8TR{{@GDyQUAdz)pG~YZoN+qJ^R}GF%w!Z$}x9{Fk>&2v+kY!q?Uxk49W!bu2Z(2sF&cArNeK{dY{g@LB=P^ilv&<8U)q1B@HTmlV&2YU0v8x;PKOTribnJ<1w+yb1rK|V~(I6ow6 zp;ysl50CWUe^AiSRHGG?I`)n(smJVT>79GRhr3|1en8}12*KF5-^c3)x}U_K3!*xN z*X1aEhu2x}2(75V4aMDYsnw8#r7Tw<-qO;Z<#RR@rRWw785!f#VX5fo2?j{Ua-lxx zxiH!_A%Jc76x+!HX2Lvym?rOCE+JlM(Spe#MIj$-6ci#+_2Y^gH?Lm3e)-P5f@cjc zCTBz(;()dEb_mv_USm}A^~)QRW}x>5vrNATVXiRA-;Zz1moa%fzHuL1Qh^cvv&kYf z$ry{4A}yPD7E#Hms5W;|R)4Xzg?PadW^&A~#p41`gUr6gZ^m2F)ao5^pIfA*=|%cp zruh;gStm>O3w{Z;>5VJYGim6)J^3-=pZBx|Qyso!RIsVhpr?l>6@p2nmd(F@)mZ$n zq<46DUO`_h1F>{8HY&PW8`|G=sL+5Zj-{u>T&Oh|w~8LFWRcJWJWJ4)dRfw+g&>dO z();@zh#PLP!jgvOw&?Oh^NTSsWh`v5^CCleVhYqeVxfg)X4#DKS9&Xj;uBMbEXegh zO(NC+9m8Byzz#+hybh;g`5-8O3%s)b$mF_`5K_i+!TLrL#-cQ5M);3%R%EV7CHx;} z8qxbXZ0eWRLc>L7+HiT~2}}vjRP$Y%?=caYzyKD5!$@cZL$U|Fz@m7nBGHw{Kr5?QvN}nb`+@{CbQNk+l1{U?Xc_AOfwBeJB{>dhc-|N>x z)YwvaDUp5XZF9H`>5mk4PQ)qApTg@)gz)*IccQ^dzh94ZW_szdE7RRFKy&)$9m@Y8 zUY8&f<3$J5D;oqZdA#PEHalUmnMWygWYFTEK~uo=q!!SHCd9l=S|nLYSp_D7Dqx88 z5HH;TWC}2N&QtkLS7DU9# zL6l$_sJfW>-l}J%Anu@xWKm^_1ole3v8S%dE%gL;Fe;;leqqSmKiD!rGqC1Q*fGE5 zpOB&_&Cm+haB{GL7Ac|}R-1~C1`S{~diaLKP;iwA8X4-+K1Giy;ap7-n>LJh{aQvr zwr86Wm}bgiOJ)I2-WC}U#@li^7M+$dBkr7RcIfYiOf^-Ep)~m? zO%UW_L6JR>fst{%PS$}1_;}Hb4Dg}xYG7xY1^UFP)U~>hOSQZI=2FP-OHf*6HflKN_feMzIjMzWC(0}$1>xq^WiC^3+SlD4mVsUD2m+?;hvZt-+$l8jF4n* zgDs36grUzF5jsZ>{0o{Ip`=L;QDl1BD&Vy=DmHyYY*1V>&qBf?oEN@h`h%J%rUb^w z7#oX9VI;@F#zKc8t|7N9lSaUZJ-<%t*HX^NEO(jy6usw%f1cn~@B-M`VqV5f2F%V~ zfMW(r5p#cDkw; zH?M3)ykqkPmrJK*co}L?EAl)}v{KATMyxVw@vVW^2T@;?Z6-9KA>$f8s-`avfLrP` zdIbx-Mzt3Bo9j!=)q&pvLSa#hv}6q?L1k3UGaKq;3aQ$NgDB-vbQg3g@q}77Pt9=! z8`E#y@Y6Cn(a7l|jclnJI9_L?z>CFlOvoZbDkjl9QdBWFaeN= z8Z-@r8|cw)`uLd%*cqmTMzm8?90;lPah(n2r$1e zB@)l*3~&k5GgqV^8egVm`sL_n;&t+P!t1=0eJX@*%F@$hv}kDEfVi_-2)VSth`Ag~ z1(uKHXI_Dv`BE_nVv`_e-Qfa48LUSFm(&IQwu7Z6Bi7h_$(I4-Xjm=WZTUdyfvgkx*7UoqMv0V)VpishfW6ZKboeDz z#7t5nK_ZywTb)sHDPAXas7G!#@<@J3+XFFAvwW)0nf^#&er*)wNNM3iUg~UOe|5$3Z-l?BeUFP`ct&%ia(7pahPZ3L7>F~BAA`K0KrYlU`3coOOob` zO%HnjnWcG{V*Y}qMU#ou4~K(u;gu6lo24;1=6_~}f75rmfLU;(5C^Ac^{7W8?i8#! zb4^-8#H?F$Y&6RwJuGR)oVbIr;ZPJcdm1j5c0gC?QK^F-7>q`vmjSXZOo?MtXh>VCpdi z(H9>V>WyLe0tVi@t z-SO(2s0En=I2=P^4d{LXoo!H?*F=I^BgODKJ&y;K39lm@F_ezp*s!UFMIRc*Pl$(1 z%S8>%|9L)VO9>->fwmOG*x)V2l+EnRVkMYwc5LS*u&zZW`6N@F4~hiTi4B@~e2$w9NQ%kccm`;}Q(z;`YK^44`pUCux>{Jn5 zKnnIV(hb#75j`Q-!bZJ8r_-EtZld;)+=C;%?nAbxs6d=WIM0dDQZq|x62i}nP$e9xos06jR1gcLr zhB@4%fQ(EYnwVH(NU~@_WSLx=$9J!kc-NPONmZ^k#JpoJ5Hlg=yNgaDozWQ)Pj&2h z40ChyKT2_pP?N5>5ZDmRzfzNO7{O)8Yp4T+W%}eX#c9@<_CGq7(AO8jAuxP4cKXpM zNMIF+c^VafwvoUk{n04du3@0F5Qf9+z~iX`D$>r%nEEzb7;G^zU9s7P!*U!z`yb`= z{gK`h;)sFrxNz2x49LgF(~F*o#3Ej2`K&(EpS5F57i4?2cmXh-Y694>`Wp7xvZahQ z$@VSUUYO5=A%YR)nB^|hj}l+kVD6vXWe;LfFElQd&xwCd`)-PD__e zB7BZ&n(sdHS;M>oI`F9?A7yikpukF49bS_YYr^NBi)57-nc?;K@2|52Bc`)O1Y2R$ zg7SHir^$u*H6N2D&H6GE*OwEFz;q|(M5TybXoY^%daNjbY>m#S(&&J0c`r+tRpa;x z)&x^~z1Dzr&j71NEkpmPgM5{a-dUogkskje{g8_?ldxb=(|fW^Wu;)0(`tZ7EpV8M z^r1tGrBkTJb!OL;z^dmxFV>-IEQhLbTbm1r%uV?7PVYpqk40Hqbm0T)|L~$pmP3541GBaMQ@9dxvB)iE&Ck{N^}}TCW_eT%n^)_m$xEDlzac)6nntl0Fc} z8p3Ny9};QK)oIASU|MICOAU4Om2WCNeJuhhrPgZrjz;}1(=z>X^nbm2)xuL)X?V3f zIZf#g587!$!%Ygoyb6Dw*k);dEe@?uMrLRAQ zP!lH-wb?AtRZCx@yjaBJsaYAbZj9dVo0CR^fN3U_;0>D`t$3>()TMc($U6%d^Oz|H5zfsWtE@=jh3~+i+SXW zWD!K=oLG9%F)ZaoTEGlejD<N?4Q|CESJ5o@v;kK_#BC^wlyPnvumzq%D_3OVjTYDq}%WoaaO}zt90k=>#um~eZ2mov{(UPgEv`BFD0J;Cy0Jd1W@kJb@#uUjEmoB z{BF^j*Dc0~BF-#`yes-JVZ3-%GlIqVs0v zKVcq!jFd{c(G2>VpW>fKd^p@Pc;&z5MsznA!wElwPV*MHeOV%7ZFN-CA|9#Ip`|Mnmq^wAlNYPx-ep)9hw=x5+{hRtZCDwRsDrpKOf`PaT5#x+8( zoWG|aoga7>RWd3hQV!qwY;tWeFFf%VkX$ZTC=@&mIiUXmUqMB9SyTHNocCW&aa!7}p5%!TEa%(o6xL8;mBMer{^IvHtl$U%yl=X>V_D zY-}7KA2-+gi)e0c4niD8jC;jY%Ad$+IT-)Ly*nvol1^x;3g(Ef^e{jcGN%d||( hv`owNH%fx={{z47Of4Y~K!*ST002ovPDHLkV1kT&yLSKp literal 10553 zcmcI~2T)VryKNK^6#*%Npn!tXi&P~v>C#ntm)=2vP!ozMMUdWmuL9D06X`XCA|>=1 zdMGKh7ySMH<=yx0ojZ5t?wKUt$;q6(znydTT6?W8_>GDj(H)vQ004kU{B|2qSfb8?EG-ghyV1H`#Nq| zxK`zV$$UxhcYN!{Rj#;Jb?={1MACH(ttfnU1g7F`cb98DEUtT{NhMJ^PGbDDvF;|V z9ly03;1wjJ?8GgD>;}w0puwFp#M<9?`*+XsaRPoYTjOx-}_Y=F#r&suNtx;%}l8uVmgy; zjSBvP#trR);%CjoT{^3#=?8ef!UT(XIzKiwM6nIKDK;o-eGRC}5`Ad)yI#Bfg_hyB zVQ{XIj&+52-{7tg*Iv~Y=3~5>MgLY0hF$fgoBJ)V#bvp~S}PT2`otFUVcuxwc1fS(H!A}MnemkSX= z3f+!Z+RysEXe!whcLNSi-Dj3K9e!=tX5b)m4u!aq03NT_rNC@N7@^1am$q6ZPX$q+ zRV+O&2aVg_QyMokwon}VDfCt@do(=S&rkAhSm$nxtZ3A0>6x>ABFG_-aUE}RJ>q>< za@Svr(#%HnSq$%*=Ff`Q0*;eO`_aS!t0p5@V_p7h)#RbG;9LENIsvn(UM9vh1Kee; z5zNCoDeT!&{t~*^NuGiIXP#7JB3p<}lfKBX0?w}ec$FmH90eIXkFT#Mt*pI8NT4Tfxe{d{Uv6JrQ^H1 z&dq^G^49>q_@hqY;HnLFLe9xoFbJ+=fQtKLRoVu6(h{AgK42qqf$C0Ulr;R9WyXS` zM(;-3?sB-(GN(XPk;iR239nRtHR*J(M5D~K-j(-?{OYJg3p@`nm?b(PLO!tXnOO|8 z2Q=wapM+Zz@BJ4??g7WkQhq!KH?yO*j?$GtNj)Vj)4+mReY>o_-?z}W{%zxRx ztl0m&cI@}<{*Vr>Pbhwk6aT~Ui*a>v+0`ZzCf4fQRD+P-=~2tMdaGkfmIn1 z5zyRk39=rDntOVwKQc19A;dE_fc@wy`is#`p`Cqj-?2DuPKulkPf>d?@yiRj%GS#$ zqiY`w_Qg$WJ=#d1fDv7E`q_^6s1hbb8~4+p{MoM}fcOA>z~K=Jx1jGVzwYm5-5H)v zx&;8V-MsGcp*n~@X0z0q!uURkuVCiIgBY}})>$pf{%axtz=lB27IzU`vwET(`PT}W z@#S&E|2!JQEsh(TYXNDlNK?}fLT*(eOzWUNyNbI-bMu`78}GB_8(%1si@ART{jzoz z)mT;KaHiGobFlF$)MG->`ECL1%Y!mrrClndj|Vj}H;~@O^At_(Iq!hj1nN=A@P<4G z0bhu}AsXM+IDhJ}F~u#9Tqe7A@CC9~mm^#qO0_eURFJPY_Lh2jj2WEH$wQaYTU)ct z8}mJ1Ggc8=scFPv%BMz>%!Q;$=k#c-?4f8a)z>Bf&15NI3=%x_oyEblH}H}EfjlLG z9)Z8F7HMBlyTC}kj7t`|?f%m56RT;6iNQ}2Kawc8z_%D)*;*q`4kJxf=qD>|T}~zT zOq`~3y}s3`C+-2s&_Z{WssBXmme;fj-AtXiO3dk)_yBGDL1f$^-tj5Y^m=hP##m{& zgDHb}gt<2LM~Q$x0Zo}w;BTmfKwjOvrsW$XIDcp;uqvzh!-#u;)lgmNut`AT?3QOv z6x>;V&U*52nX7joE?!%RPkz*FwP_!vB_Q;mp9ic2GY{eBnY!Nu^IZ8rTkW~u28km+iZ#^Fd(_`Fw0RtdELhi_dMPmR z)<+se>oK&U#1!*Id8ask$V_(mJZUbK*Hj&T4F2Zz%UESj-?bdBH^%I4w{0g*mF3kR zV2ZDt?um`22qpO9Z8iCJ$*x;Wc*T4Jq!mM_R?3+u$hx3+%B+%cnUr83xLBhWDgZ~w zJ)>@_c%P;mv)(XZ7>@s&8*>)cFQ*$WJ2unL{j?h;0NqGTlOsqXc(^nmHl=ex2D&^l z>+Lwg4+Q&V@(CBIOU>MxWfac{JWy~8f(HHN~B{AXDDa{dv^8HMxwu z1zCF;x`IEus%iJVZg}_LgZ_}UKw9JnJXuH$GLl=*-bon6&#>mNn;#3E@Eq;!=eJ+6 z58NJ^iJj+KYnC~W5$1L~t*1C>Oa0w+aUo5xEU|i!kwJTUaO(NibE-zYD6KTZ=MKt< zwt0tQrZn*oj7|dseIx;ALLgx3^*5r}2WwHK*=1ttKa9*0EOv?e@x!e$81f z;$jiwWPd+0^4j28 zBqLa*lxnIpnwrj)9(v3?k#f`$Yy6-PQ~tax!aLW2H+`>Ej#qni44%Hy?tTwQmw=xB zNZLRPGFnHE_Sfb*f!!|EhkW4n`8_I6T2-g z9fVMuob(c-a+(xt`wm5F(?nXSA$=-x$?i7o?8(PA;gfdQ#=6g;Y`@rjOoX{m^>cWq zUHDfy58KgkVih7H_YGDHv>Ym?ACM#<6r}VJtguSq9jK~EKqwj&4 zR*g0j^GSl(T)gq|G4Va{eJlFvL+vteLW_e*-lX2mhx0SyvDRC=HEMSGYdcoaPnaw= zi<<6QMFVsse148(y1$*v*SDy(z^*iGU67qPQZ4#5E!|toF3_D44W@QN{(kD+L>VYgMUF~cA%VB77U3$J+)RnjM{wJhV?ntxu!j%P`iayZPL)|+Kh z%XF1Ti_U3nB$=OxZA#X9P zgF)SMb&|#y*6>a+rv5l|htg3l4ybGBTb}zLS;Jf}o#4Q_CsL;2`BJxiFQQYZ2AD6h z-Xri{BIrc2@IlV0%gpM!`HH@lC?>MOYbLWZz`9|W%l!7BqP;kkS*`K0CH=tAp6WI( z&F6IPGan;q!7W1vxs%$sJmJb1S%Yo`VP?Zv`i8Pa^G(as?qx=x zX@%9hnzI&99#~WZ3i|zAuYYg8RrT_;^;z-Wy)0OkDl?7a>iXv$Yo&AYWDxZ_H8jh| zWU0cdb{Wklj1BqX6dq%&T-iSrR=EX}>N!|7N5o9(_1Ct(uYZ;>Io+S~1V*KkczpJ? z?|WXMPkpA7iyZYd z*y@90Uimk&VP{wc1Z!8S=5ONEov$5b<#5ON^*wU1hxz>0PCn~h1AftCY-zrD`IFTZ zM9O-0AA1GgayT`K3oSY`v8+HD2x(>!Woo+1lcb#0S-5u;{K+Z!EY^jS{(SDJ<=r`X zH?ve{-B48gj0#W7(TC(j&y~ZkWzb`C%$7>DVaIXBu{g$y42iL==)KK8KfD+~fV@0Ar60Vw2${O!yXAjbSUA}6%;(;x)*mAIGc5a1j(Ztt0IRPI zMy;>(7K(R`hL8NZD2eTEa=j`n5di2vy6B+XoX@|hMTofVOF!taeA+MFb`y8{+FyJM za<7%r9n;!R^ix9g+WsMR(^9XN&U?NOw|`V$?VxewlJe7ik3SJW_ty3QdGuP@Pvp{L z;aDMv!euHWP-tU!N+z zB6T_q5f_XlSOC7#<6vNkSZ|%R5?K1zo)vWQJ$rg_LMC#6K`C`;kVIXo`V`~M;B8(N zN9kjJ@j-u-c5A>PYB{S}mlj0f)>U{>jUredt+`k@-3~rjP->~>jL$R^tuE64npTZ9 zp~n45zg;3H(RRHvsWKM7wY6(G`(oz5Bz8Z;n#9i`PFbvl!RK2zmMVNa zm$h~H54MH*?v{N28-1y34xSH<-Qz_1E`BjPg%_WT14trpOe>2#RXeaNeB-3}i}^N8 zGVY1)J!Sg%?}T{cz1tqsCtMb)p#+xurqdM?TYbl(_RQf~a#@O#DJ-Z$p9JAgrj$2^ zNXGX1!*AzyNgnktJ~#$pGvwu%sIBRBJ`vDuxLJ#Stq{r9!?I0%_IfA4Z4NJIoD&f2x+iAI~vJAyt9%cWv(Vi~*qC5@`K zSU%R6r_&;Nj~dt&!dWNNl#(g-OCS`?BRMTKo|jMZWLt4I0Ie``SE@fW3$(Uv zg&cc@U|HM@cWa#Gm;8jwz0S{riM#y!mL(+gPL@%qtfPvZLUmCC3HtlHtw7Hi)|zNO z(YEkU3*@W(31RgRi)$x+`myuS{+MD1ngLPDIA+K7idAk66v=SBZOFVz6PoAn`)nZA zWWT@Eq)mnP6Da7={{w~ace1${Kn4YEQWG1>DL)Sng73jVpF{k0yU3%HNSd=_Ayz29 z=1y+R+y3~?h=H`KsSJncFu_C4QCJ?I+x58hN*5Psqy?X~n$Hu}v>72S*}$9rRX6Aq z&^K$PYz`SAv?3}#V9TW5`%jcr1LDG`-HXt2P|+4o&4a0l&%I~w@eZw&;j`bHWI#Dr zOg6V=y`<#97NAx z1g%&1A(dQvageD(cEoS*V7!d(5}dD)q#wxb#Gib>^nBUVLR4y_R814UGTK zBs7&JLTtp|{u^^!s0LWq%!8;U>$fKolgej-d0z5k@2mpyp=q2 z=LWda`}~R+{7$WLNcQ_t_E%Va(1tVjA^R9#;v>7@0E8hAtZ=3P(Q~4#jnbySiahx2pT_BoopgZ9r5_K| zcByh~X<$Td$0f3x#>wR5pJ)Q+-ndv&Q;_@wLpoqkmhjb zl6-{SJGp+s=QaGe`~0+!ZTWR0ZLOv|{ARoGR7U_tU$y16rC(VEsuE&$K)Q){d)QJS zUrtp_!)0)uTz6P(hUN!A+ACB2?g*q|2YDDb_SQOQcTRAl5_J2Nk}N5H+Li0BBVO3G z^|Om#xX1p^vR^GH)l~cX-XkN=Z{|M^b|C5=m&(v-m8+B)eN4tc->aOLG%%T`NfG7y z9DQ-~THF@8?@(e%72-w-8|x>qJ;S`Jvf^(m8zW|2sQrhkvf+xlUx#JPHMUV#YS86{ zV=qGZ^G4MMEVxS#BV_DFqjver!l27TwrV3iVP$)6=jFvf*o8^vETg$LY}=`3c^i9l z&k2l^t5%OEkUQMk4!75;Pk1eRj$||~L|e0Xi>-_9i4MlEyKlkDxu}u0mhfqpk=B09 zZK*MTlu?lXiOEz^LSBc)yha;I+8+C@}>|d5A5xY(iFMtvwNX4a3M1YM%l3jIB13L9onD zMS3kZVFZ3EflPV;`6M2S1hoT4s9p(tF_Ixb67eA-~Jf6tH}rh-BpwgAz|VKc{LWz9Nbqxr0(L@mtr17LlM| zMr`RYdkQrAk*}uO${v*!33&W`OXpGzr^DH~ik>YruvAyy^bK*=9~C)29a~_NpuM)g zJY^5|Nxb#jcd#@tU7zaKO8Yp2_brJt-38Q{y~CTkh+Dqm{_X5(-m&*(YhsqZc1@R#V@lB{N&3IvaZo zY4OjcZ5;7r5`!-YMn0#H$yc6#N1HEJZEvGbUJd^m&llif(p;TBy;eEj;98og>~wi2 za;A!Yg1-fi`ybB9+%wmQ6Loa=@O>Qv2o7+>kYNH^sp3x$-I;vhk_KuQZsIDDd#jtK z=Avk1NyU;i3`uurL^4_lDP!axE||AwVoKh*y4rcA5A?SWXDOdgq|Y+7yOGvZTkOAD z9`Cvp>RP4qjWuj}JTXpWzK}gfN*9`zXW+`EsW84J)V03ClO(boQv46vw;MHJ=Mg+U z!;p$DnSx*yR9iwN2-~h~mYVH9+FSn683-;^bm7*|jVbZhHQSdqg44Jv*1A3Y7wK~; zsXLZ)DdQM-VIuF#ODN@CIo1K1C#^2Y%cmhk>AZyOzgK$Ej2e?dyQSIhDaQyod(5xQ z#~)%ESKrCMDAN#s$g2jiIZ}=2*ke{6lYcL468Hfpk7(MG%eJn!>$-L=9Bb5gNvZtM zkB6fCZTQEgzfeMe{bw$nZZ>xPX(V z8-Mh*(ED`{ELy|KWwHf8uvp(4M$|6@#F7Tkg=&U*#oIC!*TH+}&Qj#ZFh^{`5+9pI z^Tba2tLzcgm!JvxU{{K5=liFYZ%^pX6&yJl6?C4yaI8H%(Tb4YF(aky*vJlVT zVpz#rmJJ3jS~;PcOE1PW37(zOvV$;h?i&nvNn*F7j=f#y4W5?uc#HkC_ev90YV_L2 zin2(djY_CRU<`#L%fiC2THdkX77f|W{X0SQw#|_ULXATP`;6DO9+<84)7nKnB}NfS z8#L_ns|EZ;*;Zd=i0GIV;7P~ld10#C@>)X_dkTK~(si+um05mB-xBTVUULOTlNcYq z%+R90ecJavt7q2UO2D<(B^Lgy-_rEU5O>!xE}+ z?p(TkAbsItA`y9(7ld>gKG33^W!c;N6?nUd++Rj3||(&=D3P*=|`h zmTX*ZOV^@yS>sUJSRZuEUu zY0e57Py4w|D?p@hpv-^W+(By!QlT%XxrkR?)c7qAT)B%qGn~gveMSd=b4KLo3$x`o zT|SD37&aX_@I_cK&=EjXev8_ zZCSWSjUmGFT2#;qj&%JxSa&CJLpLW-dW_5J8AMBZXU zCzZ%=6%|$e!N}V|)U*-uRlNW4f8xoZcmDR|^xorDo{WZ`Xc2?WKRl+x3~oYMVHziI zbc((y1NjrnhwQDs2hhe>QKaXF>O!KUCk;@E6~~B5nMjT|N|EWmU*@ZTQ4><`M(uqU zHII{A;i@$XXxsZnrEsIv^As6}=?V5RdE@y!6KcXCgc|~x$<~liA%)!rC$-KE?=*(2 zU|dQ-AqEwOt`i(_VBrrj7B1WSUK6B;-7ms9CS7Et?G_We zyiy1G3Cj6+2o&iF1g)8RWdsrxYdOLxO^V4UJdWyyJ%H90tx#Yb6}?oJea+Ve zcK_76j%hEm>Hgj5)tZlC?d+*p__V)$Bi0UIyQELZ!&|7AQHjW7-E^Pp?D*a$%PBzC z`LLI1-Zhd&>7$7wf!aKA4M9?HU7fuL%hg1eTl5k&`-_Nmk>#7&7cGM?C{yP5)DJU7 zG+bEcEt63o%75 z0lBC0m1;=la{xdHP2OH+d9F&V`FMW#Aj4Co_AU7gGoZka28XA6>uL@%biRrmz^@)y zFZ>0kN7k5^x#v@Qt^oAZwqQ%^0_82N&TmKIc*(^Dpii6B#twEidM9 zHOB`29sAAC=461TyN1JhJaXa$(~_yCH_lqb{#WES*3JJ)ZZl-IhgRMZueZZ7wzlDC zSGro8Iqiy@stY68%_C1>8@@GvBSwe4+GUK9L|Q@ndinIpJ#zDcrj} zqORn~Ix}XqY6n_%I=1wODrVgNXPJoK|5YY}xU(6dS!LONOPGp1cdf7ZAhGO-ojvNL zb9_5(8L85kM(-wXQPcDbVIQe-HnH83-1y8~9>aT+6ChWl9NIRZWx=W3y!X1lamCBP zEv)Dgj#TvC%AlkcfojzTz&|UG?;QabJ@Sux7J)X$86)&ih+G;UF#5K+nvxbZ63daw zJLq(f^HlYiF1$HKkjuAL95@o+(?2G4ZWj|sn@ErUr-~%rt8kVOm%pzf*+0ri#-X0I znH@_yx8u~cp9?a3Dr!=w>QM&uXmtHtM{(Sno_!ZnDjQ}ka6}-Q+8bEmDP$o5|1`%W zQslfco;Y$P6FEH>;TZL*ZDs{k2g$OU`iAAo*8?KEm$-(lbwYj*_OqsIgpY z$A>=j->l9P@ayv~9IGrODnfu}()_2-$eUPP(Ft#8yxa~!KhtmQh%D`o|`mj0?PSseX>KI0v;gippEvg1+%@XO=m8-@bi z*8Yso_-TiD-^QN3A)*XzW|h!o1@e1n?2c|LqkU;cR@e3&Z8bP&Bc*-?OMMM z>`bn4(h=a!qC4-4<$iiE#OP6|mH~wOp6kC?pZKM=3`!888~(r5Cj@(Ju1GT`;*D>y zR+iLC6p4*QC0$&Jr4@~47(2V4*RAX2#B`5hZyyPaxTIc{r96(o;VaNZoI$tp^#x8W zt+4-C;14GUO=jCA2mf{;y)v?p;k9G0i`Jg~z~2GgXk#+6z#GSI4$LNW$zqAQ$dq3sRRaEMo zPYYFR4ZL^R{qf41EmXo)a8nc5_s(8lsj0-43-2;%NAD{b^Yi?wmJa|@V~Yq!ot0XR z6G9HSj9(2Ceyx2J6x&IxY+*XB+Gvv8&e$(t;76(Fo_Anq$u}tRNa+WF5kC5O)%}nc zG)mpnN2R~oyoBGn0O=FNR@K3Cu+|ulV|CQ*l|nwc1N`XwLg`Q)6+mLhsQaj*YS4er zTAG%(p^6m7qWTBQC`C?iP{#Cjz&jhn!7YZ?%bilFE4%BuW7`SPbG<@n8CXmY*t z51KT*97TRqIIXNnxrR$WgYB>Fw)^Wd6Lw9nGW_H23^e7FgBOPf1vhZ#(UkvPz#xEL Z5>$=gz4!k#MRql@@-iyYrIPPI{U5^595Da@ From c68ad1afa3e654f62e319341cea29ff7afc2d667 Mon Sep 17 00:00:00 2001 From: rogersoMS <44718379+rogersoMS@users.noreply.github.com> Date: Tue, 17 Nov 2020 15:23:04 +1100 Subject: [PATCH 45/85] Adding more examples and Intune reporting bug Adding changes. Awaiting peer review from Lindakup and ddsilva --- .../mdm/policy-csp-userrights.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index df12efd32b..b6f2c4f536 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -75,6 +75,9 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. +> [!NOTE] +> There is currently a reporting issue in the Microsoft Endpoint Manager (MEM) console which results in the setting reporting back a 'Remediation failed' (0x87d1fde8) error, even when the setting is successfully applied. To verify whether the setting has applied successfully, check the local Windows 10 device: Event Viewer>Applications and Services LogsWindows>DeviceManagement-Enterprise-Diagnostics-Provider>Admin>Event ID 814. This issue is the result of the use of the CDATA tags, which are neccesary when more than a single entry is required. If there is only a single entry, the CDATA tags can be omitted - which will resolve the reporting false positive. + > [!NOTE] > `` is the entity encoding of 0xF000. @@ -84,6 +87,18 @@ For example, the following syntax grants user rights to Authenticated Users and ``` +For example, the following syntax grants user rights to two specific users from Contoso, user1 and user2: + +```xml + +``` + +For example, the following syntax grants user rights to a specific user or group, by using the Security Identifier (SID) of the account or group: + +```xml + +``` +
From 207c534880c3d78a90f98d3575088d295899e1b6 Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Tue, 17 Nov 2020 14:10:32 +0200 Subject: [PATCH 46/85] Update configure-server-endpoints.md Clarifications to avoid customer confusion about requirements when onboarding via Azure Defender for Servers. We've had support cases where this was not clear enough and customer did not add the workspace configuration so onboarding never happened. --- .../microsoft-defender-atp/configure-server-endpoints.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 0af0c2d391..90716095ee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -128,6 +128,10 @@ Once completed, you should see onboarded Windows servers in the portal within an After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). +> [!NOTE] +> For onboarding via Azure Defender for Servers (previously Azure Security Center Standard Edition) to work as expected, the server must have an appropriate workspace and key configured within the Microsoft Monitoring Agent (MMA) settings. Once configured, the appropriate cloud management pack is deployed on the machine and the sensor process (MsSenseS.exe) will be deployed and started. +> This is also required if the server is configured to use an OMS Gateway server as proxy. + ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender for Endpoint in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection). From ea1ec0d6d398d8c3a0b4c502ecf7d1f36a61f486 Mon Sep 17 00:00:00 2001 From: amirsc3 <42802974+amirsc3@users.noreply.github.com> Date: Tue, 17 Nov 2020 14:22:01 +0200 Subject: [PATCH 47/85] Update configure-server-endpoints.md minor edit for better readability --- .../microsoft-defender-atp/configure-server-endpoints.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 90716095ee..3e1ede3c5e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -128,9 +128,10 @@ Once completed, you should see onboarded Windows servers in the portal within an After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients). -> [!NOTE] -> For onboarding via Azure Defender for Servers (previously Azure Security Center Standard Edition) to work as expected, the server must have an appropriate workspace and key configured within the Microsoft Monitoring Agent (MMA) settings. Once configured, the appropriate cloud management pack is deployed on the machine and the sensor process (MsSenseS.exe) will be deployed and started. -> This is also required if the server is configured to use an OMS Gateway server as proxy. +> [!NOTE] +> - For onboarding via Azure Defender for Servers (previously Azure Security Center Standard Edition) to work as expected, the server must have an appropriate workspace and key configured within the Microsoft Monitoring Agent (MMA) settings. +> - Once configured, the appropriate cloud management pack is deployed on the machine and the sensor process (MsSenseS.exe) will be deployed and started. +> - This is also required if the server is configured to use an OMS Gateway server as proxy. ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender for Endpoint From 991070cce473892719b8a7ef3755a2fce5523ac8 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 17 Nov 2020 08:21:35 -0800 Subject: [PATCH 48/85] Add missing policy and 20H2 identifiers Adding in a missing policy as well as super script 9s for features added in 20h2 and linking out to the HoloLens release notes for 20h2 --- ...es-in-policy-csp-supported-by-hololens2.md | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 739826c640..e07209369f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -50,17 +50,17 @@ ms.date: 10/08/2020 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) -- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) -- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) -- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) -- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) -- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) -- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) -- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) -- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) -- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) -- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) -- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) +- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 +- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 +- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9 +- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9 +- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9 +- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9 +- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) 9 +- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) 9 +- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) 9 +- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) 9 +- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) 9 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo) - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps) @@ -83,9 +83,10 @@ ms.date: 10/08/2020 - [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps) 8 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) 8 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) 8 +- [RemoteLock/Lock](https://docs.microsoft.com/windows/client-management/mdm/remotelock-csp) 9 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation) -- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage) -- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) +- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage) 9 +- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) 9 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime) - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate) @@ -93,8 +94,8 @@ ms.date: 10/08/2020 - [System/AllowLocation](policy-csp-system.md#system-allowlocation) - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry) -- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) -- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) +- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) 9 +- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) - [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) @@ -122,6 +123,7 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. +- 9 - Available in [Windows Holographic, version 20H2](https://docs.microsoft.com/hololens/hololens-release-notes#windows-holographic-version-20h2) ## Related topics From a9a7b85b6836362b122250851eab8319c16d1baf Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 17 Nov 2020 08:35:05 -0800 Subject: [PATCH 49/85] page visibility --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index e07209369f..8ddb479a92 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -89,6 +89,7 @@ ms.date: 10/08/2020 - [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) 9 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime) - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) +- [Settings/PageVisibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) 9 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate) - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline) - [System/AllowLocation](policy-csp-system.md#system-allowlocation) From b83eb4e191a0564d1c70991c25d80728ef11ec6b Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Tue, 17 Nov 2020 08:39:57 -0800 Subject: [PATCH 50/85] super9s --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 8ddb479a92..bd4bcafd21 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -96,9 +96,9 @@ ms.date: 10/08/2020 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry) - [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) 9 -- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) -- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) -- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) +- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) 9 +- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) 9 +- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice) - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel) From 69f1e8d666aa1c59bcf8252f0bda97fd8d9bdefe Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 17 Nov 2020 08:46:53 -0800 Subject: [PATCH 51/85] Update windows/security/information-protection/bitlocker/bitlocker-overview.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../information-protection/bitlocker/bitlocker-overview.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index fe5a483d05..551b239d72 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -74,7 +74,7 @@ The hard disk must be partitioned with at least two drives: - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space. -Fixed data volume or removable data volume cannot be marked as an active. +A fixed data volume or removable data volume cannot be marked as an active partition. When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker. @@ -100,4 +100,3 @@ When installing the BitLocker optional component on a server you will also need | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| | [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core | - From a7d1facfd2bd7bc13686a8bc295b045a1c177640 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 18 Nov 2020 09:46:54 -0800 Subject: [PATCH 52/85] Sentence correction FAQ : has typo and sentence correction. ## Can I disable the PIN while using Windows Hello for Business? --- .../identity-protection/hello-for-business/hello-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index b96b25c8f4..be2ed0eda2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -144,7 +144,7 @@ Beginning with Windows 10, version 1709, Windows Hello for Business used as a sm The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process does not receive the PIN, but rather the ticket that grants them private key operations. Windows 10 does not provide any Group Policy settings to adjust this caching. ## Can I disable the PIN while using Windows Hello for Business? -No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password. The PIN is the fall back mechanism. Disabling or hiding the PIN credential provider disabled the use of biometrics. +No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password. The PIN is the fall back mechanism. Disabling or hiding the PIN credential provider will disable the use of biometrics. ## How are keys protected? Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software. From 2194df3ce15d330712bd359d3193ebdfcfec4159 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 18 Nov 2020 10:19:19 -0800 Subject: [PATCH 53/85] Update note on Big Sur --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index b40f3ea88c..336b9f1519 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -27,7 +27,7 @@ ms.topic: conceptual > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > [!IMPORTANT] -> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. +> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. ## 101.13.75 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 1e18c177a2..e09cef38f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -69,7 +69,7 @@ The three most recent major releases of macOS are supported. > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). > [!IMPORTANT] -> Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. +> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic. - 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra) - Disk space: 1GB From 0c504753cf1933894ae186980a076449c70faaae Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 18 Nov 2020 14:21:23 -0800 Subject: [PATCH 54/85] Added a note for value 100 in DODownloadMode --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 4061074c76..6926ea12dc 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -754,8 +754,7 @@ The following list shows the supported values: - 2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2. - 3 – HTTP blended with Internet peering. - 99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607. -- 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. - +- 100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. Note that this value is deprecated and will be removed in a future release. From 1e8a6ff66c813e2b5083bc75b7f6e6e499c0b6b7 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 18 Nov 2020 14:26:32 -0800 Subject: [PATCH 55/85] Update windows/security/identity-protection/hello-for-business/hello-faq.md Looks good Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index be2ed0eda2..b3026e84d7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -144,7 +144,7 @@ Beginning with Windows 10, version 1709, Windows Hello for Business used as a sm The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process does not receive the PIN, but rather the ticket that grants them private key operations. Windows 10 does not provide any Group Policy settings to adjust this caching. ## Can I disable the PIN while using Windows Hello for Business? -No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password. The PIN is the fall back mechanism. Disabling or hiding the PIN credential provider will disable the use of biometrics. +No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fallback mechanism that is not a password. The PIN is the fallback mechanism. Disabling or hiding the PIN credential provider will disable the use of biometrics. ## How are keys protected? Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software. From 48222272f3aee94e1b702f1174a64c1e52b5cc1a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 18 Nov 2020 14:34:11 -0800 Subject: [PATCH 56/85] Removed extra to --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 6926ea12dc..72f081a47d 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -371,7 +371,7 @@ ADMX Info: -This policy allows you to to configure one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas. +This policy allows you to configure one or more Delivery Optimization in Network Cache servers through a custom DHCP Option. One or more values can be added as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address by commas. From d779a78fd1cebeb81a10b6090c753a62ce2e548f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 18 Nov 2020 15:01:30 -0800 Subject: [PATCH 57/85] Corrected one instance of "AAD" to "Azure AD" --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 72f081a47d..1031aada9c 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -881,7 +881,7 @@ The options set in this policy only apply to Group (2) download mode. If Group ( For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. -Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5. +Starting with Windows 10, version 1903, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this, set the value of DOGroupIdSource to 5. From bdd52aab30e1ff2822a438468344637389a6c5fb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:01:32 -0800 Subject: [PATCH 58/85] Update configure-microsoft-defender-antivirus-features.md --- .../configure-microsoft-defender-antivirus-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index a3d582510d..383dce56d6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 +ms.date: 11/18/2020 ms.reviewer: manager: dansimp --- From 5f8681b6f29617b0270343fe18e2773d0bf65d93 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:05:50 -0800 Subject: [PATCH 59/85] Update configure-microsoft-defender-antivirus-features.md --- ...e-microsoft-defender-antivirus-features.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index 383dce56d6..91b4bdb5bd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -37,15 +37,17 @@ The following broad categories of features can be configured: - Cloud-delivered protection - Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection -- How end-users interact with the client on individual endpoints +- How end users interact with the client on individual endpoints -The topics in this section describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). +The following articles describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). -You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. -## In this section -Topic | Description -:---|:--- -[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Cloud-delivered protection provides an advanced level of fast, robust antivirus detection -[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)|Enable behavior-based, heuristic, and real-time antivirus protection -[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md)|Configure how end-users interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings +|Article |Description | +|---------|---------| +|[Utilize Microsoft cloud-provided Microsoft Defender Antivirus protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) | Use cloud-delivered protection for advanced, fast, robust antivirus detection. | +|[Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md) |Enable behavior-based, heuristic, and real-time antivirus protection. | +|[Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) | Configure how end users in your organization interact with Microsoft Defender Antivirus, what notifications they see, and whether they can override settings. | + +> [!TIP] +> You can also review the [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md) topic for an overview of each tool and links to further help. + From f4f111298f872493993a18d5a55a6b9fb44da77a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:07:09 -0800 Subject: [PATCH 60/85] Update configure-microsoft-defender-antivirus-features.md --- .../configure-microsoft-defender-antivirus-features.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md index 91b4bdb5bd..fd9d16d4b6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md @@ -39,8 +39,7 @@ The following broad categories of features can be configured: - Always-on real-time protection, including behavioral, heuristic, and machine-learning-based protection - How end users interact with the client on individual endpoints -The following articles describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each topic includes instructions for the applicable configuration tool (or tools). - +The following articles describe how to perform key tasks when configuring Microsoft Defender Antivirus. Each article includes instructions for the applicable configuration tool (or tools). |Article |Description | |---------|---------| From c99aaeaef18a6d9a1fafc0926d4f4337d1a7dfea Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:10:46 -0800 Subject: [PATCH 61/85] Update configure-network-connections-microsoft-defender-antivirus.md --- ...etwork-connections-microsoft-defender-antivirus.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 8ee17ca054..1be93dc8a6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 07/08/2020 +ms.date: 11/18/2020 ms.reviewer: manager: dansimp --- @@ -62,7 +62,7 @@ The table below lists the services and their associated URLs. Make sure that the | Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net`
`ussus1westprod.blob.core.windows.net`
`usseu1northprod.blob.core.windows.net`
`usseu1westprod.blob.core.windows.net`
`ussuk1southprod.blob.core.windows.net`
`ussuk1westprod.blob.core.windows.net`
`ussas1eastprod.blob.core.windows.net`
`ussas1southeastprod.blob.core.windows.net`
`ussau1eastprod.blob.core.windows.net`
`ussau1southeastprod.blob.core.windows.net` | | Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `http://www.microsoft.com/pkiops/crl/`
`http://www.microsoft.com/pkiops/certs`
`http://crl.microsoft.com/pki/crl/products`
`http://www.microsoft.com/pki/certs` | | Symbol Store|Used by Microsoft Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | -| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
`settings-win.data.microsoft.com`| +| Universal Telemetry Client| Used by Windows to send client diagnostic data; Microsoft Defender Antivirus uses telemetry for product quality monitoring purposes | The update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com`
`settings-win.data.microsoft.com`| ## Validate connections between your network and the cloud @@ -85,8 +85,7 @@ For more information, see [Manage Microsoft Defender Antivirus with the mpcmdrun You can download a sample file that Microsoft Defender Antivirus will detect and block if you are properly connected to the cloud. -Download the file by visiting the following link: -- https://aka.ms/ioavtest +Download the file by visiting [https://aka.ms/ioavtest](https://aka.ms/ioavtest). >[!NOTE] >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud. @@ -105,11 +104,11 @@ You will also see a detection under **Quarantined threats** in the **Scan histor 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label: +2. Select the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label: ![Screenshot of the Scan history label in the Windows Security app](images/defender/wdav-history-wdsc.png) -3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware. +3. Under the **Quarantined threats** section, select **See full history** to see the detected fake malware. > [!NOTE] > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). From a6e114417672f424ef360524007248e97541b7d4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:27:06 -0800 Subject: [PATCH 62/85] Update configure-process-opened-file-exclusions-microsoft-defender-antivirus.md --- ...exclusions-microsoft-defender-antivirus.md | 54 ++++++++----------- 1 file changed, 21 insertions(+), 33 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 95de8ec073..8b00cfd083 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -26,15 +26,16 @@ manager: dansimp You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists. -This topic describes how to configure exclusion lists for the following: +This article describes how to configure exclusion lists. - +## Examples of exclusions + +|Exclusion | Example | +|---|---| +|Any file on the machine that is opened by any process with a specific file name | Specifying `test.exe` would exclude files opened by:
`c:\sample\test.exe`
`d:\internal\files\test.exe` | +|Any file on the machine that is opened by any process under a specific folder | Specifying `c:\test\sample\*` would exclude files opened by:
`c:\test\sample\test.exe`
`c:\test\sample\test2.exe`
`c:\test\sample\utility.exe` | +|Any file on the machine that is opened by a specific process in a specific folder | Specifying `c:\test\process.exe` would exclude files only opened by `c:\test\process.exe` | -Exclusion | Example ----|--- -Any file on the machine that is opened by any process with a specific file name | Specifying "test.exe" would exclude files opened by:
  • c:\sample\test.exe
  • d:\internal\files\test.exe
-Any file on the machine that is opened by any process under a specific folder | Specifying "c:\test\sample\\*" would exclude files opened by:
  • c:\test\sample\test.exe
  • c:\test\sample\test2.exe
  • c:\test\sample\utility.exe
-Any file on the machine that is opened by a specific process in a specific folder | Specifying "c:\test\process.exe" would exclude files only opened by c:\test\process.exe When you add a process to the process exclusion list, Microsoft Defender Antivirus won't scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md). @@ -46,14 +47,12 @@ You can add, remove, and review the lists for exclusions in [Group Policy](#gp), You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) your lists. -By default, local changes made to the lists (by users with administrator privileges; this includes changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. +By default, local changes made to the lists (by users with administrator privileges; changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-microsoft-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. ## Configure the list of exclusions for files opened by specified processes - - ### Use Microsoft Intune to exclude files that have been opened by specified processes from scans See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details. @@ -80,8 +79,6 @@ See [How to create and deploy antimalware policies: Exclusion settings](https:// ![The Group Policy setting for specifying process exclusions](images/defender/wdav-process-exclusions.png) - - ### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender). @@ -94,11 +91,11 @@ The format for the cmdlets is: The following are allowed as the \: -Configuration action | PowerShell cmdlet ----|--- -Create or overwrite the list | `Set-MpPreference` -Add to the list | `Add-MpPreference` -Remove items from the list | `Remove-MpPreference` +|Configuration action | PowerShell cmdlet | +|---|---| +|Create or overwrite the list | `Set-MpPreference` | +|Add to the list | `Add-MpPreference` | +|Remove items from the list | `Remove-MpPreference` | >[!IMPORTANT] >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. @@ -109,7 +106,7 @@ For example, the following code snippet would cause Microsoft Defender AV scans Add-MpPreference -ExclusionProcess "c:\internal\test.exe" ``` -See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Microsoft Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. +For more information on how to use PowerShell with Microsoft Defender Antivirus, see [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Microsoft Defender Antivirus.md) and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true). ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans @@ -121,33 +118,24 @@ ExclusionProcess The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`. -See the following for more information and allowed parameters: - -- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) - - +For more information and allowed parameters, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx). ### Use the Windows Security app to exclude files that have been opened by specified processes from scans See [Add exclusions in the Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions) for instructions. - - ## Use wildcards in the process exclusion list The use of wildcards in the process exclusion list is different from their use in other exclusion lists. -In particular, you cannot use the question mark ? wildcard, and the asterisk \* wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list. +In particular, you cannot use the question mark (`?`) wildcard, and the asterisk (`*`) wildcard can only be used at the end of a complete path. You can still use environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the process exclusion list. The following table describes how the wildcards can be used in the process exclusion list: -Wildcard | Use | Example use | Example matches ----|---|---|--- -\* (asterisk) | Replaces any number of characters |
  • C:\MyData\\*
|
  • Any file opened by C:\MyData\file.exe
-? (question mark) | Not available | \- | \- -Environment variables | The defined variable will be populated as a path when the exclusion is evaluated |
  • %ALLUSERSPROFILE%\CustomLogFiles\file.exe
|
  • Any file opened by C:\ProgramData\CustomLogFiles\file.exe
- - +|Wildcard | Example use | Example matches | +|:---|:---|:---| +|`*` (asterisk)

Replaces any number of characters | `C:\MyData\*` | Any file opened by `C:\MyData\file.exe` | +|Environment variables

The defined variable is populated as a path when the exclusion is evaluated | `%ALLUSERSPROFILE%\CustomLogFiles\file.exe` | Any file opened by `C:\ProgramData\CustomLogFiles\file.exe` | ## Review the list of exclusions From ebb7a832fc41c69474297942f5d4254dafceea38 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:28:33 -0800 Subject: [PATCH 63/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 8139e27e9a..d799ae7d2e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -10,7 +10,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 01/31/2020 +ms.date: 11/18/2020 ms.reviewer: manager: dansimp --- From 07b2b44a207c34ac121cf02039e697685b05a083 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:29:36 -0800 Subject: [PATCH 64/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index d799ae7d2e..81e984fa4a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -28,7 +28,7 @@ In addition to standard on-premises or hardware configurations, you can also use See [Windows Virtual Desktop Documentation](https://docs.microsoft.com/azure/virtual-desktop) for more details on Microsoft Remote Desktop Services and VDI support. -For Azure-based virtual machines, you can also review the [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection) topic. +For Azure-based virtual machines, see [Install Endpoint Protection in Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection). With the ability to easily deploy updates to VMs running in VDIs, we've shortened this guide to focus on how you can get updates on your machines quickly and easily. You no longer need to create and seal golden images on a periodic basis, as updates are expanded into their component bits on the host server and then downloaded directly to the VM when it's turned on. @@ -49,7 +49,7 @@ You can also download the whitepaper [Microsoft Defender Antivirus on Virtual De ## Set up a dedicated VDI file share -In Windows 10, version 1903, we introduced the shared security intelligence feature. This offloads the unpackaging of downloaded security intelligence updates onto a host machine — thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell. +In Windows 10, version 1903, we introduced the shared security intelligence feature, which offloads the unpackaging of downloaded security intelligence updates onto a host machine—thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell. ### Use Group Policy to enable the shared security intelligence feature: From 97e4d4c368a1b39c197fd002f5f73f093b5e4950 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:32:16 -0800 Subject: [PATCH 65/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 81e984fa4a..e135754b51 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -63,7 +63,7 @@ In Windows 10, version 1903, we introduced the shared security intelligence feat 5. Double-click **Define security intelligence location for VDI clients**, and then set the option to **Enabled**. A field automatically appears. -6. Enter `\\\wdav-update` (for what this will be, see [Download and unpackage](#download-and-unpackage-the-latest-updates)). +6. Enter `\\\wdav-update` (for help with this value, see [Download and unpackage](#download-and-unpackage-the-latest-updates)). 7. Click **OK**. @@ -81,7 +81,7 @@ See the [Download and unpackage](#download-and-unpackage-the-latest-updates) sec ## Download and unpackage the latest updates -Now you can get started on downloading and installing new updates. We’ve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if you’re familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those). +Now you can get started on downloading and installing new updates. We’ve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if you’re familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those scripts). ```PowerShell $vdmpathbase = 'c:\wdav-update\{00000000-0000-0000-0000-' @@ -98,7 +98,7 @@ cmd /c "cd $vdmpath & c: & mpam-fe.exe /x" ``` You can set a scheduled task to run once a day so that whenever the package is downloaded and unpacked then the VMs will receive the new update. -We suggest starting with once a day — but you should experiment with increasing or decreasing the frequency to understand the impact. +We suggest starting with once a day—but you should experiment with increasing or decreasing the frequency to understand the impact. Security intelligence packages are typically published once every three to four hours. Setting a frequency shorter than four hours isn’t advised because it will increase the network overhead on your management machine for no benefit. @@ -106,13 +106,13 @@ Security intelligence packages are typically published once every three to four 1. On the management machine, open the Start menu and type **Task Scheduler**. Open it and select **Create task…** on the side panel. -2. Enter the name as **Security intelligence unpacker**. Go to the **Trigger** tab. Click **New…** Select **Daily** and click **OK**. +2. Enter the name as **Security intelligence unpacker**. Go to the **Trigger** tab. Select **New…** > **Daily**, and select **OK**. -3. Go to the **Actions** tab. Click **New…** Enter **PowerShell** in the **Program/Script** field. Enter `-ExecutionPolicy Bypass c:\wdav-update\vdmdlunpack.ps1` in the **Add arguments** field. Click **OK**. +3. Go to the **Actions** tab. Select **New…** Enter **PowerShell** in the **Program/Script** field. Enter `-ExecutionPolicy Bypass c:\wdav-update\vdmdlunpack.ps1` in the **Add arguments** field. Select **OK**. 4. You can choose to configure additional settings if you wish. -5. Click **OK** to save the scheduled task. +5. Select **OK** to save the scheduled task. You can initiate the update manually by right-clicking on the task and clicking **Run**. From 1f325f118d6783836b7e625ad53d9a5ac66bfe13 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:32:49 -0800 Subject: [PATCH 66/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index e135754b51..76394d2a43 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -118,7 +118,7 @@ You can initiate the update manually by right-clicking on the task and clicking ### Download and unpackage manually -If you would prefer to do everything manually, this what you would need to do to replicate the script’s behavior: +If you would prefer to do everything manually, here's what to do to replicate the script’s behavior: 1. Create a new folder on the system root called `wdav_update` to store intelligence updates, for example, create the folder `c:\wdav_update`. From 7f685696729678e465c85c3f3c1151083d4730b6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 18 Nov 2020 15:33:09 -0800 Subject: [PATCH 67/85] update intune step 2 --- .../microsoft-defender-atp/onboarding-endpoint-manager.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 0027824386..1c87de1aa1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -104,12 +104,13 @@ needs.
In the following section, you'll create a number of configuration policies. First is a configuration policy to select which groups of users or devices will -be onboarded to Defender for Endpoint. +be onboarded to Defender for Endpoint: + +- [Endpoint detection and response](#endpoint-detection-and-response) Then you will continue by creating several -different types of endpoint security policies. +different types of endpoint security policies: -- [Endpoint detection and response](#endpoint-detection-and-response) - [Next-generation protection](#next-generation-protection) - [Attack surface reduction](#attack-surface-reduction--attack-surface-reduction-rules) From bab2ae97aa1932804ac19bbbbb522b643460192e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:52:54 -0800 Subject: [PATCH 68/85] Update deployment-vdi-microsoft-defender-antivirus.md --- ...oyment-vdi-microsoft-defender-antivirus.md | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 76394d2a43..53d4a57daf 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ author: denisebmsft ms.author: deniseb ms.custom: nextgen ms.date: 11/18/2020 -ms.reviewer: +ms.reviewer: jesquive manager: dansimp --- @@ -122,7 +122,9 @@ If you would prefer to do everything manually, here's what to do to replicate th 1. Create a new folder on the system root called `wdav_update` to store intelligence updates, for example, create the folder `c:\wdav_update`. -2. Create a subfolder under *wdav_update* with a GUID name, such as `{00000000-0000-0000-0000-000000000000}`; for example `c:\wdav_update\{00000000-0000-0000-0000-000000000000}`. +2. Create a subfolder under *wdav_update* with a GUID name, such as `{00000000-0000-0000-0000-000000000000}` + +Here's an example: `c:\wdav_update\{00000000-0000-0000-0000-000000000000}` > [!NOTE] > In the script we set it so the last 12 digits of the GUID are the year, month, day, and time when the file was downloaded so that a new folder is created each time. You can change this so that the file is downloaded to the same folder each time. @@ -138,32 +140,43 @@ If you would prefer to do everything manually, here's what to do to replicate th Scheduled scans run in addition to [real-time protection and scanning](configure-real-time-protection-microsoft-defender-antivirus.md). -The start time of the scan itself is still based on the scheduled scan policy — ScheduleDay, ScheduleTime, ScheduleQuickScanTime. Randomization will cause Microsoft Defender AV to start a scan on each machine within a 4 hour window from the time set for the scheduled scan. +The start time of the scan itself is still based on the scheduled scan policy (**ScheduleDay**, **ScheduleTime**, and **ScheduleQuickScanTime**). Randomization will cause Microsoft Defender Antivirus to start a scan on each machine within a 4-hour window from the time set for the scheduled scan. See [Schedule scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md) for other configuration options available for scheduled scans. ## Use quick scans -You can specify the type of scan that should be performed during a scheduled scan. -Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active. +You can specify the type of scan that should be performed during a scheduled scan. Quick scans are the preferred approach as they are designed to look in all places where malware needs to reside to be active. The following procedure describes how to set up quick scans using Group Policy. -1. Expand the tree to **Windows components > Windows Defender > Scan**. +1. In your Group Policy Editor, go to **Administrative templates** > **Windows components** > **Microsoft Defender Antivirus** > **Scan**. -2. Double-click **Specify the scan type to use for a scheduled scan** and set the option to **Enabled** and **Quick scan**. +2. Select **Specify the scan type to use for a scheduled scan** and then edit the policy setting. -3. Click **OK**. +3. Set the policy to **Enabled**, and then under **Options**, select **Quick scan**. + +4. Select **OK**. + +5. Deploy your Group Policy object as you usually do. ## Prevent notifications -Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can use the lock down the Microsoft Defender Antivirus user interface. +Sometimes, Microsoft Defender Antivirus notifications may be sent to or persist across multiple sessions. In order to minimize this problem, you can lock down the Microsoft Defender Antivirus user interface. The following procedure describes how to suppress notifications with Group Policy. -1. Expand the tree to **Windows components > Windows Defender > Client Interface**. +1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Client Interface**. -2. Double-click **Suppress all notifications** and set the option to **Enabled**. +2. Select **Suppress all notifications** and then edit the policy settings. -3. Click **OK**. +3. Set the policy to **Enabled**, and then select **OK**. -This prevents notifications from Microsoft Defender AV appearing in the action center on Windows 10 when scans or remediation is performed. +4. Deploy your Group Policy object as you usually do. + +Suppressing notifications prevents notifications from Microsoft Defender Antivirus from showing up in the Action Center on Windows 10 when scans are done or remediation actions are taken. However, your security operations team will see the results of the scan in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). + +> [!TIP] +> To open the Action Center on Windows 10, take one of the following steps: +> - On the right end of the taskbar, select the Action Center icon. +> - Press the Windows logo key button + A. +> - On a touchscreen device, swipe in from the right edge of the screen. ## Disable scans after an update From 74736769a503f0d018b6cd48203c09a5b680f204 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 15:53:57 -0800 Subject: [PATCH 69/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 53d4a57daf..4233121080 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -185,7 +185,7 @@ This setting will prevent a scan from occurring after receiving an update. You c > [!IMPORTANT] > Running scans after an update will help ensure your VMs are protected with the latest Security intelligence updates. Disabling this option will reduce the protection level of your VMs and should only be used when first creating or deploying the base image. -1. Expand the tree to **Windows components > Windows Defender > Signature Updates**. +1. Expand the tree to **Windows components** > **Windows Defender** > **Signature Updates**. 2. Double-click **Turn on scan after signature update** and set the option to **Disabled**. From 0b93827584f1975210e8f1f608c5342fe162cc30 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 16:07:09 -0800 Subject: [PATCH 70/85] Update configure-process-opened-file-exclusions-microsoft-defender-antivirus.md --- ...ess-opened-file-exclusions-microsoft-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 8b00cfd083..c9663557f9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -43,9 +43,9 @@ The exclusions only apply to [always-on real-time protection and monitoring](con Changes made with Group Policy to the exclusion lists **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Security app **will not show** in the Group Policy lists. -You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists. +You can add, remove, and review the lists for exclusions in Group Policy, Microsoft Endpoint Configuration Manager, Microsoft Intune, and with the Windows Security app, and you can use wildcards to further customize the lists. -You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) your lists. +You can also use PowerShell cmdlets and WMI to configure the exclusion lists, including reviewing your lists. By default, local changes made to the lists (by users with administrator privileges; changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. From d189183c96745e9b124274024cda72f175b9ae37 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 16:08:36 -0800 Subject: [PATCH 71/85] Update deployment-vdi-microsoft-defender-antivirus.md --- .../deployment-vdi-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 4233121080..4bad0e3733 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -180,7 +180,7 @@ Suppressing notifications prevents notifications from Microsoft Defender Antivir ## Disable scans after an update -This setting will prevent a scan from occurring after receiving an update. You can apply this when creating the base image if you have also run a quick scan. This prevents the newly updated VM from performing a scan again (as you've already scanned it when you created the base image). +Disabling a scan after an update will prevent a scan from occurring after receiving an update. You can apply this setting when creating the base image if you have also run a quick scan. This way, you can prevent the newly updated VM from performing a scan again (as you've already scanned it when you created the base image). > [!IMPORTANT] > Running scans after an update will help ensure your VMs are protected with the latest Security intelligence updates. Disabling this option will reduce the protection level of your VMs and should only be used when first creating or deploying the base image. From 4660b238059867db435d359bac4cd0ddea310288 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 16:30:47 -0800 Subject: [PATCH 72/85] fixes --- ...exclusions-microsoft-defender-antivirus.md | 2 +- ...oyment-vdi-microsoft-defender-antivirus.md | 24 ++++++++++++------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index c9663557f9..81cb5deeec 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -73,7 +73,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https:// 1. Set the option to **Enabled**. 2. Under the **Options** section, click **Show...**. - 3. Enter each process on its own line under the **Value name** column. See the [example table](#examples) for the different types of process exclusions. Enter **0** in the **Value** column for all processes. + 3. Enter each process on its own line under the **Value name** column. See the example table for the different types of process exclusions. Enter **0** in the **Value** column for all processes. 5. Click **OK**. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index 4bad0e3733..bbb87abdc3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -185,23 +185,31 @@ Disabling a scan after an update will prevent a scan from occurring after receiv > [!IMPORTANT] > Running scans after an update will help ensure your VMs are protected with the latest Security intelligence updates. Disabling this option will reduce the protection level of your VMs and should only be used when first creating or deploying the base image. -1. Expand the tree to **Windows components** > **Windows Defender** > **Signature Updates**. +1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**. -2. Double-click **Turn on scan after signature update** and set the option to **Disabled**. +2. Select **Turn on scan after security intelligence update** and then edit the policy setting. -3. Click **OK**. +3. Set the policy to **Disabled**. -This prevents a scan from running immediately after an update. +4. Select **OK**. + +5. Deploy your Group Policy object as you usually do. + +This policy prevents a scan from running immediately after an update. ## Scan VMs that have been offline -1. Expand the tree to **Windows components > Windows Defender > Scan**. +1. In your Group Policy Editor, go to to **Windows components** > **Microsoft Defender Antivirus** > **Scan**. -2. Double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. +2. Select **Turn on catch-up quick scan** and then edit the policy setting. -3. Click **OK**. +3. Set the policy to **Enabled**. -This forces a scan if the VM has missed two or more consecutive scheduled scans. +4. Select **OK**. + +5. Deploy your Group Policy Object as you usually do. + +This policy forces a scan if the VM has missed two or more consecutive scheduled scans. ## Enable headless UI mode From 807b8fc534933e132b84925cbb0c10491e990f18 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 17:00:36 -0800 Subject: [PATCH 73/85] Update deployment-vdi-microsoft-defender-antivirus.md --- ...eployment-vdi-microsoft-defender-antivirus.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index bbb87abdc3..a7990f4bca 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -213,20 +213,26 @@ This policy forces a scan if the VM has missed two or more consecutive scheduled ## Enable headless UI mode -1. Double-click **Enable headless UI mode** and set the option to **Enabled**. +1. In your Group Policy Editor, go to **Windows components** > **Microsoft Defender Antivirus** > **Client Interface**. -2. Click **OK**. +2. Select **Enable headless UI mode** and edit the policy. -This hides the entire Microsoft Defender AV user interface from users. +3. Set the policy to **Enabled**. + +4. Click **OK**. + +5. Deploy your Group Policy Object as you usually do. + +This policy hides the entire Microsoft Defender Antivirus user interface from end users in your organization. ## Exclusions Exclusions can be added, removed, or customized to suit your needs. -For more details, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md). +For more information, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-exclusions-microsoft-defender-antivirus.md). ## Additional resources -- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( https://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s) +- [Tech Community Blog: Configuring Microsoft Defender Antivirus for non-persistent VDI machines](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/configuring-microsoft-defender-antivirus-for-non-persistent-vdi/ba-p/1489633) - [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS) - [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4) From a446f2ccf637ae28b1d6863aa577a0eb441a2c72 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 18 Nov 2020 17:01:52 -0800 Subject: [PATCH 74/85] Update configure-process-opened-file-exclusions-microsoft-defender-antivirus.md --- ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 81cb5deeec..725634e323 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -106,7 +106,7 @@ For example, the following code snippet would cause Microsoft Defender AV scans Add-MpPreference -ExclusionProcess "c:\internal\test.exe" ``` -For more information on how to use PowerShell with Microsoft Defender Antivirus, see [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Microsoft Defender Antivirus.md) and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true). +For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true). ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans From e11250a1fc13d616ebd6bceb320329264791f5ba Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 18 Nov 2020 18:13:05 -0800 Subject: [PATCH 75/85] Fix typo in system extension instrucitons --- .../microsoft-defender-atp/mac-sysext-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 9b20ff2260..73bb94faf9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -150,13 +150,13 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: ```bash - $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "" -i /com.microsoft.network-extension.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig ``` For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: ```bash - $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.microsoft.network-extension.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig ``` 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. From 8765322a40d7750701fd888530837ad94f177265 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Thu, 19 Nov 2020 15:14:07 +0530 Subject: [PATCH 76/85] Update TOC.md To fix build error --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 29bbd110d3..2e9b5977ec 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -8,7 +8,6 @@ ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md) ### [Portal overview](microsoft-defender-atp/portal-overview.md) -### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md) ### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md) ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md) From 28c6d8b6ffabca4d3f5990e54c94e8984f78d249 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Thu, 19 Nov 2020 15:15:33 +0530 Subject: [PATCH 77/85] Update linux-schedule-scan-atp.md minor spelling error --- .../microsoft-defender-atp/linux-schedule-scan-atp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md index 3bd8a7cde1..fe7f0dbd32 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md @@ -137,7 +137,7 @@ See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](h **To edit the crontab and add a new job as a root user** -`Sudo crontab -e` +`sudo crontab -e` **To edit the crontab and add a new job** From 4c77803457e67a91c8b7586dd8409bf6b7784c14 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Nov 2020 09:51:10 -0800 Subject: [PATCH 78/85] update toc --- .openpublishing.redirection.json | 5 + windows/security/threat-protection/TOC.md | 2 +- .../microsoft-defender-atp/ios-privacy.md | 100 ++++++++++-------- 3 files changed, 63 insertions(+), 44 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2f50152758..4b75b026fc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -84,6 +84,11 @@ "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy", + "redirect_document_id": false }, { "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md", diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 144ddb363c..ed7e7849ea 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -277,7 +277,7 @@ #### [Configure]() ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md) -#### [Privacy](microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md) +#### [Privacy](microsoft-defender-atp/ios-privacy.md) ### [Microsoft Defender Advanced Threat Protection for Linux]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 31ee7b41b6..3b519f301b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -1,78 +1,92 @@ --- -title: Microsoft Defender ATP for iOS note on Privacy +title: Privacy information - Microsoft Defender for Endpoint for iOS ms.reviewer: -description: Describes the Microsoft Defender ATP for iOS Privacy -keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, +description: Describes privacy information for Microsoft Defender for Endpoint for iOS +keywords: microsoft, defender, atp, ios, policy, overview search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: sunasing -author: sunasing +ms.author: macapara +author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual -hideEdit: true --- -# Microsoft Defender ATP for iOS - Privacy information +# Privacy information - Microsoft Defender for Endpoint for iOS -**Applies to:** +> [!NOTE] +> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.** -- [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md) +Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service. ->[!NOTE] -> Defender for Endpoint for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**. +For more details about data storage, see [Microsoft Defender for Endpoint data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). -Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. +## Required data -Information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected and to support the service. +Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. -## Required data +Here is a list of the types of data being collected: -Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected: +### Web page or Network information -### Web page / Network information +- Connection information only when a malicious connection or web page is detected. -- Connection information -- Protocol type (such as HTTP, HTTPS, etc.) +- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. -### Device and account information +### Device and account information -- Device information such as date & time, iOS version, CPU info, and Device identifier -- Device identifier is one of the below: - - Wi-Fi adapter MAC address - - Randomly generated globally unique identifier (GUID) +- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: -- Tenant, Device, and User information - - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. - - Azure tenant ID - GUID that identifies your organization within Azure Active Directory - - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted - - User Principal Name - Email ID of the user + - Wi-Fi adapter MAC address -### Product and service usage data + - Randomly generated globally unique identifier (GUID) -- App package info, including name, version, and app upgrade status -- Actions performed in the app -- Crash report logs generated by iOS -- Memory usage data +- Tenant, Device and User information -## Optional data + - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. -Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. + - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. -Optional diagnostic data includes: + - Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. -- App, CPU, and network usage -- Features configured by the admin + - User Principal Name Email ID of the user. -**Feedback Data** is collected through in-app feedback provided by the user. +### Product and service usage data + +The following information is collected only for Microsoft Defender for Endpoint app installed on the device. + +- App package info, including name, version, and app upgrade status. + +- Actions performed in the app. + +- Crash report logs generated by iOS. + +- Memory usage data. + +## Optional Data + +Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. + +Optional diagnostic data includes: + +- App, CPU, and network usage for Defender for Endpoint. + +- Features configured by the admin for Defender for Endpoint. + +Feedback Data is collected through in-app feedback provided by the user. + +- The users email address, if they choose to provide it. + +- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. + +For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement). -- The user's email address, if they choose to provide it -- Feedback type (smile, frown, idea) and any feedback comments submitted by the user -[More on Privacy](https://aka.ms/mdatpiosprivacystatement) \ No newline at end of file From 32b25a4398371cf389df31b9fc13c0e46bdf709a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Nov 2020 10:00:35 -0800 Subject: [PATCH 79/85] chars --- .../microsoft-defender-atp/ios-privacy.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 3b519f301b..361ee24da1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -22,12 +22,16 @@ ms.topic: conceptual # Privacy information - Microsoft Defender for Endpoint for iOS +**Applies to:** + +- [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md) + > [!NOTE] > Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.** Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service. -For more details about data storage, see [Microsoft Defender for Endpoint data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). +For more information about data storage, see [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md). ## Required data @@ -49,15 +53,15 @@ Here is a list of the types of data being collected: - Randomly generated globally unique identifier (GUID) -- Tenant, Device and User information +- Tenant, Device, and User information - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. - - Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. + - Microsoft Defender for Endpoint org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify if there are issues affecting a select set of enterprises and the number of enterprises impacted. - - User Principal Name Email ID of the user. + - User Principal Name - Email ID of the user. ### Product and service usage data @@ -65,7 +69,7 @@ The following information is collected only for Microsoft Defender for Endpoint - App package info, including name, version, and app upgrade status. -- Actions performed in the app. +- Actions done in the app. - Crash report logs generated by iOS. @@ -83,7 +87,7 @@ Optional diagnostic data includes: Feedback Data is collected through in-app feedback provided by the user. -- The users email address, if they choose to provide it. +- The user's email address, if they choose to provide it. - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. From ed85432e02942ac375c5e50777df87cc6957b214 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:18:09 -0800 Subject: [PATCH 80/85] Update prevent-changes-to-security-settings-with-tamper-protection.md removed a snippet per PM --- ...s-to-security-settings-with-tamper-protection.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 964923be28..25da1aa38d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 11/12/2020 +ms.date: 11/19/2020 --- # Protect security settings with tamper protection @@ -207,17 +207,6 @@ If you are an organization using [Microsoft Defender for Endpoint](https://www.m Your regular group policy doesn’t apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on. -> [!NOTE] -> A small delay in Group Policy (GPO) processing may occur if Group Policy settings include values that control Microsoft Defender Antivirus features protected by tamper protection. - -To avoid any potential delays, we recommend that you remove settings that control Microsoft Defender Antivirus related behavior using GPO and allow tamper protection to protect your Microsoft Defender Antivirus settings. - -Some sample Microsoft Defender Antivirus settings: - -- *Turn off real-time protection*
- Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
- Value `DisableRealtimeMonitoring` = 0 - ### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only? Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups. From ccddf150e43fc9b7e8ab5760b7127cfdf3d9849f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:22:09 -0800 Subject: [PATCH 81/85] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 25da1aa38d..0cbd3e28f1 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -48,7 +48,7 @@ Tamper protection essentially locks Microsoft Defender Antivirus and prevents yo - Changing settings through PowerShell cmdlets - Editing or removing security settings through group policies -Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; this is managed by your security team. +Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; tamper protection is managed by your security team. ### What do you want to do? @@ -72,7 +72,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And, > > Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. -If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do this. +If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do change security settings, such as tamper protection. 1. Click **Start**, and start typing *Defender*. In the search results, select **Windows Security**. From 75b5e382cea904df754549b3fa60a1e9b26a1929 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:22:54 -0800 Subject: [PATCH 82/85] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 0cbd3e28f1..432e22474e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -132,7 +132,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release > [!IMPORTANT] > The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. -If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. +If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. 1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). From cd6713a92b1264be1c7d60b117dfbcb927223817 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 19 Nov 2020 11:24:25 -0800 Subject: [PATCH 83/85] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 432e22474e..567fc845b6 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -93,7 +93,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 1. Make sure your organization meets all of the following requirements to manage tamper protection using Intune: - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) - - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) for more details about releases.) + - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).) - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) From 7ef4f60afe1198e3510a178c3dbc019c94520985 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Nov 2020 13:09:31 -0800 Subject: [PATCH 84/85] add gov back in --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ed7e7849ea..c2d26e8f57 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -8,6 +8,7 @@ ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md) ### [Portal overview](microsoft-defender-atp/portal-overview.md) +### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/gov.md) ### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md) ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md) From 0dcd93ee5b66417227e3d54aef0936e416988a72 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 19 Nov 2020 15:53:26 -0800 Subject: [PATCH 85/85] Delete microsoft-defender-atp-ios-privacy-information.md --- ...ft-defender-atp-ios-privacy-information.md | 92 ------------------- 1 file changed, 92 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md deleted file mode 100644 index b5143827c8..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Microsoft Defender ATP for iOS - Privacy information -ms.reviewer: -description: Describes privacy information for Microsoft Defender ATP for iOS -keywords: microsoft, defender, atp, ios, policy, overview -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint -ms.topic: conceptual ---- - -# Privacy information - Microsoft Defender for Endpoint for iOS - -> [!NOTE] -> Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.** - -Defender for Endpoint for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for iOS secure, up-to-date, performing as expected, and to support the service. - -For more details about data storage, see [Microsoft Defender for Endpoint data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). - -## Required data - -Required data consists of data that is necessary to make Defender for Endpoint for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. - -Here is a list of the types of data being collected: - -### Web page or Network information - -- Connection information only when a malicious connection or web page is detected. - -- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. - -### Device and account information - -- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: - - - Wi-Fi adapter MAC address - - - Randomly generated globally unique identifier (GUID) - -- Tenant, Device and User information - - - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. - - - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. - - - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. - - - User Principal Name – Email ID of the user. - -### Product and service usage data - -The following information is collected only for Microsoft Defender for Endpoint app installed on the device. - -- App package info, including name, version, and app upgrade status. - -- Actions performed in the app. - -- Crash report logs generated by iOS. - -- Memory usage data. - -## Optional Data - -Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. - -Optional diagnostic data includes: - -- App, CPU, and network usage for Defender for Endpoint. - -- Features configured by the admin for Defender for Endpoint. - -Feedback Data is collected through in-app feedback provided by the user. - -- The user’s email address, if they choose to provide it. - -- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. - -For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement). - -