From 2bcaae20fa1e081c7632a163c36c6c906287616b Mon Sep 17 00:00:00 2001
From: "v-visodadasi@microsoft.com" <v-visodadasi@microsoft.com>
Date: Mon, 18 Nov 2024 14:20:09 +0530
Subject: [PATCH] Removed the broken URL in Endpoint Threat Protection
 Essentials

---
 ...oInvokingShellBrowserWindowCOMObjects.yaml |   5 +-
 .../Package/3.0.5.zip                         | Bin 0 -> 27624 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Package/mainTemplate.json                 | 483 +++++++++---------
 .../ReleaseNotes.md                           |   1 +
 5 files changed, 247 insertions(+), 244 deletions(-)
 create mode 100644 Solutions/Endpoint Threat Protection Essentials/Package/3.0.5.zip

diff --git a/Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml b/Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml
index 097c07ebbdc..dfd7fef89c7 100644
--- a/Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml	
+++ b/Solutions/Endpoint Threat Protection Essentials/Analytic Rules/MacroInvokingShellBrowserWindowCOMObjects.yaml	
@@ -1,8 +1,7 @@
 id: e7470b35-0128-4508-bfc9-e01cfb3c2eb7
 name: Detecting Macro Invoking ShellBrowserWindow COM Objects
 description: |
-  'This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.
-  Ref: https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking.html'
+  'This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.'
 severity: Medium
 status: Available
 requiredDataConnectors:
@@ -45,5 +44,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: User
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
diff --git a/Solutions/Endpoint Threat Protection Essentials/Package/3.0.5.zip b/Solutions/Endpoint Threat Protection Essentials/Package/3.0.5.zip
new file mode 100644
index 0000000000000000000000000000000000000000..ee29b66421df1e0c9ca63cf4e61fa909cac1c95c
GIT binary patch
literal 27624
zcmY(qL$oM8+qJuF+qP}n)?T)4+qP}nwrv}G+1A<5JHEehI%#C&uA0eg)XY_hf;2D)
z3IG5A1OSzV<Dd4tjo)Kb0D!+1008L!dW{@S44h3=EksOAEo?2EE$nRRES>CZPjoJA
zw<J=3`ucl?2b!WJ0&H84ijl471Z=v>Vp@^yuA1EtK><ZmNn$C{!bCL{Us>ws8spgH
znf5qUN1{l^<U)I|z|5Vsj2r06dY$-Hzqk5+q7bxxOTRO+y|n6vS81k@zAN|G<vpF~
zUrHV6j;hbTGs_y!syckiK7)2$?aH!>AE=U}etfBVWO})|;*%KQniNKQl6WQu^-g>G
z%u#<0s)meax;es)rHpcdeJh(Yje7`Rb<PLadJ`+e#FyLI(tUE=E7;R8u?j})o*>|T
zP~`_L-T~r-d=P&wN&xZXx+SLM?oF@G=j*&@;DIZ?S!9^FAN+zJE9NVHzsvLGE@(ZM
z7_v@|w5L#rO+^R`Ve5v!y1YWe3}}k@!b2oq;#O2F9&d`g)|S+l7E(2W1=)rG=wA}$
z-#C*FoKsQzemNq=@0ZHzRLS&seW>J!&n+mGI1?(ylgCY!WK>WpL^0$?G~`sML@_R>
zqli3(Zd)Q9HRq`XeZIf_e$=~7q*iq!U+qfHvqBf~HEnxLYu4x)q)VKuc$#v~e++O)
zsG^(v_As;O%<b;SEFyD#Jmc`gG?n4k6MJ#f$F66B*k+XGS?0`;sxrK!X=J+lqF0E}
z3RXQ_Ja<XsD?c~o#%RTztd`nokups2;w3={Geb1nD_lhy<rd$$NWEC7Wh8ifE>_8=
zCq+8w6l<ZpRO8tsS5zU4A*0Z+OltcnsIJ2S2ws>0SNqM?mCO!Mvi<)k>|rfM-ZAIP
z*N+5fnj;M78Ps%&gHVY_BzG<Y0HX!0Dbp6-A=NqkGpyVZ%LgtOt{$s``%s0}*pn?u
zk)$6IV_=GDu5UQ&h<%J-{{T0d7uF?}j?oZ@jFW5-gcuXy7*Td|2}8-$SDwbSfFBvp
zymUnyiq*h*CS}%L8&zByFm!-@F>mBRuYumMyE!N@Y9Szc!GJ4eeY_$*bzGwaqXYot
z_wsy6S)V?|Z$=mwh;A6^WXow&<LfBmH6YVy2>LMDeZaKL!A>_Ef3PLGtK+6Ap4wmK
zYk`(v<(b!CQ1(}!i(aqU;}s}`bcAY%?L!eyf=4?NAaA~PY~3hjlh%o$9|SXM1nq)H
zQYBJ{d^1JQfP6p~PymweHi8&fs=#ob6EtQiaJSWfu?g;gEROg@@8Of0ezIhUm`i(=
ze7*|7sf(PBW`DLgugstoB}_fN)s&IQ)w2-c5XcZ48|>%3E~xGF+4lWCj!H)W$f*0`
zRX*>BCJj0TtUChqR7%5@pcLi@K=Rt6dz&7y8*C_+<DMv*xB&t!V`x1p_0Qj^HuK>i
zYyM09^*qPT^@_JS?a~6D2JyUZellwePfw#1vlLJ+hc+^I3|2U5n|t<#U1>s8{$Ga%
zi-3nMv8g{L#g7iE)T&RYx`n_gWxYJCS(6`kJ}n{TmRsxyA=9HD#R|9IhQ}A>Yd(KP
z`|&F%cE)aWE`}dVZnPvyG>}=mM@fEV>{{qXN!t0AFglr^I!-{|*0fea@h9>7)Fr`&
zy|5=hvj&JuwS5FnB{4t}SAOIT1Rxx8oQH*=#z_%P4HGLn3|Lt~!?42zJvo(@P1SRd
zGFT8ak0iL1k25Q}V85LzAB=5&^u1d+zCe2WVeZ+aA1%di<UhkM+gV(p%vEY~F-lQt
zu&sFTbWx-$W~sEuwu`q@fmVAAxbVpi_=+_v3qRDQM9&Co45LCGNutM%i3gMe!H<K{
zQkuz#kw`iA<^>oKgF{31h3i*7LcL+uSBrP|<Tw0fv=XArHmX&L4XbvFP+Pf!Ucxld
zizV_M*aM79$Bnl?9uGWlGZ=W9Fyq4S0prwCI2jc%oO4y$4_aZK$mt=wR*%1Z&FY!|
z!u4LlwdUy$X1TUKcIaqtI|55)3Z3E?Q*rt?s9528D6lPiGh-z}$eU6PVpS|)-oiiK
zunO1Z6ZD7A!!Xidl`}5>3A_$Eyo4fpLKg!10P5si%EA-}>x%~~ZqvFw(_Lipx5j)i
z=dEDwPjZbzH5FfXwYmSs|Knu@u`{{MNJ;$($Gu19VwGz%tcMM&$)I(*4bOu?tA!>i
z?~9F@8P}>C)0*o{V0oO~cM(orR5NQHW!Ct9eJelj0=t2>WdH?KGZ9WTB9)+GV;t}@
zAPJ9wIuSEigb<n)z_R^@we4iBwcG~1i`PmOT;7V)JJ*Z*L|SBUr2m8oGyCBN&X82e
zqk`*$;}O6E&rH_O$_z3qAz53oqI%sR7HUhzZ(?P6t;xnCeu+P>p!F%zVEsq9`8;;i
z-dlA&Vbx}V`lcW&Q=%Z(Abf6M^w=rl00f|S*5(Q#&x9JggXskz%~O85a5S5uOaRWb
zt`vs)!ODf$R#<lW@}ah3!pPcPam2x5x5jnmTAxDQh_e3VDYC8M(9D=q#@jtw=Lo{J
z=4kENDW~E+k8ak>>DLIu+Yf3Cpe8cKmt`Q>a^Kj6tB+mm=Xy&SZx*O&_W~Rg(9gf^
z{R=bxnEC-SI}IQQl2^mMqInNnX8f|<VTg#0-k4b3mo(LOP&r08PG8IP00b}0pgEle
zzug9}Yi};k1y@iGenKV@0z{CbM8Wwkss>KG08xcpyPpWDb<!4_p#EilXwAs5Oi%{r
z_%Zl+_I~5;DjJBYd%6f?w~E{sgcS>Xa5f0g03$x<Ea7&dfi_rxAcB+P_}$d2pj8$F
z61KkK2|O4uw-(5NjxaoR_LD!f4=H8$gCPuc$}eX?Oh+hU?w+X!%0Q$gebGjwCHm@>
zf+HzW8CXH+xCw|MPsT(hmD*G~{>Vci{3KE>{(c?%bc$=>%G9S81CbD6c#F;V*o$%G
z!&Fx)fdRRopO`+K*i*bz2TfO!SyhDZ3dBN_thsoc1KKgYuy|eRLQ{uPZr-1j;EyFE
zH8Vn3C_A1mCukwWHYZe+M{{^BsRL#!)9^+!8~Zna`KU9L`hrNyaCD#n%b(HxI`e=4
z-WMj~F0|+$H96e~BDwwpMhXOxKVDQhFH;szb8X;3J3spMJAHb+dp7a6xMfrF05+%Q
zY;Z>K%Pc<}fEJ=AGB-j5SA6LL9K|MxTxSg0vgN5@1sbUlrf6BZ{n|0)9bnF+OG4O<
zn81U<_Z%v`kjezJU^B6j>H-cV^<k7R;pIe!bSyL>(ei2WsEnQU%8XnSF2(m4?LDgU
z>s5dB<}SD<oz<P~f&oVGlnsG8HpjMby!*J)K1JV~z!ZJ0Llz>C#ncPP;a>K#S>O)M
z;K2-C1ppN9Y6b`a-3~)2N4^2=u_nbnt=wIALz#i$C8ooS(7--HM|Y!tg#bg5>-|VH
zMLOBY6?u#~c#bJg$NM!1g%)vuSPgw5?Rgv}VAP&8mN1kj;j1ekHTJ0TW+|+tn<7ob
z1S2XnLRH9S2+OLYJo^j-eMG(xZw{={lZj8OP5jL2zYF=-&*5{Q<>g-7z<LZ4Mbvhj
zX^A@F5OrR7UCO<htnqf}7hf}*kD?(4b93F_(9pJ14lHB;{>B@InOL@J>LXwGve}*9
z^3w68GcyiuAqtOEWBd@kj4uZ`$Rm1^d=(0GXUL4ZQXhBU_ul?t;Il)ZV>3Fc-c<RJ
z#?OU+@;eH5|M3t1_eHjEjJ?Kj1m@Vbh!I!2F9xaMV0HyeiWpv<2BsQ4Mov9lfV!@B
zWpz+}fzh``H*&}h7fM=Pr$Q>C3M>>&2_Zt+L<-X_|DgGd4<`?6G0bq>5aVrR4E>zX
zs}N1ob8T@E>EvURE7i&8Taeh*m6YJCyQCjGR*x6^yT=@=$6_%k^o+rNTB9fouB2y5
zg?PsK(1s#wg)>Eum*m_u$zETjdtX)U1RV$E?l=p_EyR|23ks-0mQAHBARq&9lRqcf
zWF{jlfI4odzt&weVkoF8CHQv(3J2X~?fafda1>+sRudI&JHcQeD`LJ{@o|SmqVrFK
z{A=XEE!J?pbaIsPB*DNiU|nMZWR?;BxrT$ix6CN=pgbGxCJRZQ7s~;PHM7t%Ay0g<
z5KMltJQHi6BWPnHOLyQA3#%vvtE3jn)Vfj*OST;0HwTI$Avq_F!V*eCK!L>(0E#sJ
z2)MKY`4guhEG3WJ%(3Q^>ejetZIWcM{Cz)Bxslh|Y!q%!vN69h!ChG%{O{+{eb)EE
z{aDh$kGyytym%3FtC@JwHxDWIK&k$maj5vIUGu<jII3(gA8w5M)5R5G0%Ky7iH6DX
zBKSK-DwkA><299g_hNiWTqy)U5f5`ouQ6A_la7_U=Q0}d`geEOAV@_`Qyf$5#aw|e
zIJ5c50cbI3$@ftdEdA_CNiq7my!oQA^=?{->`N}M`1<h)Z<ws^E^;4!LG3ialN{#H
zN!#EZDerCILB(s_b{FLgRpJim=jBYc9kED}qTuPmIA&_y9CX56R0So)UI0bj?X3`P
zF8|h!2dv&_6nC8jnnK)Ra~F3H!0elgV<^_8lyIf3Ff=?&zX?ETKE2p1>|)tlt_U1d
z|Gw+gCIL=bDI43a{)^!|>Y;&`{oKE1KHs|>{mP*N$s5>OZr)qS=1xCQ-;YeO&eEGy
z*9;^4`g$Oil{5#_VmaMO%vzaf0tnDo8javM+!4gwTEf+|dTC9g1|tRfuV%hm2P&7~
z0NY4LEy`$X1QMK~l24idBM?+_`~*X8YJ}(?=oX_%r!ertF=iRK_t<5c5mNBm4bn|p
zrV%d(1ffM!iU^(IebveklT<4_ANaJno_$Y~NbSuLxXWDlVU<$v5v2(gSr8Q~IYsdc
zpak5Sj<1!!p_-nzQ^+0)7Qt-DGC5mJt~49VB32oUG#$H<vx*4AJKdOBEPO2#O^(?E
z)Q+xJzUV6z$}!-Jv)*(d{GY7?-$&3;zI?Z~x6W;PFXY2v_szf3uOqWjJv&}vE=iJ>
zWycET)+k>Fv{uhp4mv6Z?j9gsfGO%Kojulg_uO$D@hcUgjTe%<^1}oQ`j99bKoO}|
zvR;P2ss<v_V)gG;{4q&QT|?loo5uDl^X@kL7r6zkUTF&4qeKOm`WTDtZuz5b_{uU7
z#`+mEf-uaiQ@U~4tuzJzQ4ddHEkA0Dr7BVi4!G-hq$?`YS*!6QBU%yQ*sPPuF~k;V
zZhVmq$K;=RH)RAhUmLVmtL<ob3FO#(Jvv2(2Rf|hn;~wH#}NKIey-+S6C!{Acwj`#
zd6@J09?QApiwsIGpWc7>XDoQ0mke>{c|25_HB*%}ZadI&xhYh{?`I-L=D%#eGtc25
z4Gu40=j&bvE7<lre{V41(fu)_%ik`O4i=k&`?A2mcggE8vgGGiEMZOox^F1;+ZCYo
z^KREM`JBetAv6F)+toJfcI-C0{P5hHYx!EN-20fu(>t%r$*V{1Za8M2*+2qKSL-Di
zo+tL2pT|+^uKiK}dIasK4*vet1hr1{04ME61)|HMJ$j~p1lgd2C?^AsZh7Y;D=L;S
z2>@0I4J<2{A;L<YpiUu{hM!`8Hmo@%GlOQ*O}HEt6h88B@Sr~_O6Ei~j*ScDno$Jf
zD$T@*jI%g8xX)0ODV+>ssSrt|DQoX7^5+hY0H6d#04l<xDoct=wX&<$IpLA>l3U`V
zoweH>duFaFJn6+sBqY`(2OoM|V)GYlYBTWqG^z1h>v?yODl=%We9ZPfdHL4hRIO*#
zoU?{=QRV_aL?D%Z@ut3I`Qc-}XrtY=keJ~<$O(HyKB&Wd%u-8G<tQfzGl6=+NH|sv
zPmJffUouHlv}Xt8hE&B-HK}}mTQ6q*E9HM^3FQ#5h_Ox&k#0t)dcSy3PX0!+SXuvR
z12`g^-HiD|Eng?x7lXa(%ga-q<tznXg@=iHl2!bJy=-?=WQd(Li3X~Lgu>B-tieyk
z-*Q@%DWy#YnbQ1GMN+V0-wd37doUI2z99YNDlX%tZlnXou3LrTF4{TdtWg{X1@ABI
z|K{z%7+MP}bTwF!lwujlv>~eF7qmTJOmC%JC&D$^jrZ;TRw}dgO_LS%wSsn+KF@z}
zw6w0lhp(~DxJp2hs$W>#qHQ`3M?bhR-W=-eyV6A{CmcC2+D-kwBi8>J@-hP^gYLtF
z7JR!SX`=Ov2a}al{|+9LGTT5eo7%Cm`iKF5pDO;E7)X|(<@Owzo2Ve#yU-)*ohe7Q
zaW_S4^NCu&(*S5E;9Yd^^H*TcShA7!@c59JsxIKIpr5(wIV!1$8}NN-g^c)Ir@d_r
z#g@#9Mc~f-8G?8xM69mze$>)Jmh>UrU7GHr{m5|EZm!*9fd@SsRh=fs>tj*nu)$J(
zqzh!(0o*<G%&hOKX$C)h2_a|~G>xaS(#-DUgVIe>Xnrn(A)qFz)Zf!%d}2Pr<_W}@
z$jXm2Tt2kdqR(>*E3KnliQTeZ=~~ReySI5<^kL^u>84<*T^wy@byIH!KF5kIXw4yz
z$bJ`7W*ulb?Jc8yNKFO}vL@@5(#NDDxZ)%u#Gd<jM@>Z|JG0X2K<ev8W<^L5QQmuL
zSK2BHcn;TjKrEh2EuOvH2s!;{&`$4!oHK1pC%4y*p{~wp1)Y1Oa^)VLI*VpZ^v4s0
zkk6=#;w(4d&k!m>7I$@|u)8*EJKCeOMPrja7Vwq!c!1}%ijR<LDKvHu66p10{9ks8
zB5Yb;AM`M1S$}t<x$&&(@+u|-XU}ijMAaa1g$z|)AT6Cb?qvg8x*{POMxHHxu0}wS
zMht+iA`Axm0_>!(8W4=A<J7Jo{Swd6V@E~`y<K4gyflO(=&%{LCsD34Ex>%*c9K+j
znHAUlm5KX(mCC4orEzkw_f_Ri^A<q9j@_ak8t@vA;jHXa@qYEKSG{g0vyOf71en$F
z&!O;ogNdvQ*T^q`2W?RgIB|}e6@C`AUz;lXHx>IHh_lv-1MGVngfI8}En}{iQXXsZ
z^kQj=w1;+X3mD3qQFo7ds$G}Mlg$-$)9KLVYfYCqpZr6*NNZW229B%~Ok9n>eJMtu
z*NdHYGFLx)1HnDbKU|YJI5~a1C}(tak5buox7Xd){1Aqj)9(wc9Vp!-+$SyC=_GI5
zaBEj*7S8PT?&H~dtSq7dx=@cw9bnd7*|nc*-L_)E#4+gUS{VsM2Ow-jM(N6MMcK}1
zWAU$U`VX>7@Qm8VA`0NIm@}=GtD^*6lF@Ob3p+8;>6z`AvVSjI4q<JR6%*@Z8El$J
z-yl@Xk|g`vP!ectAH*rF1l_0?zHiv#h0E9@#t9;GcVNM<c)6zNNh@V=Sldgnccpk}
z%L6!)b0HVglYxT=#MKo%$aExXEOOZJ4G(o*Bpu8Me)nw08)3RljQ$ML%YU)Pp31WB
zQMbuf@kl>>!0w*pobF7{{Ak_2hjy*1>mI{iEIn`Od1bhPufUfxIqBWmY}>vWb~-b=
zU9Z~pc5KxYxLUbA|Ng0e-u*UT$xME&QqF=c>bN}2D1Af!c?Vbc|AAq&1=33}RRDnM
zU|;~me_+_gz`|C=#KzwGA0GZ662A7ibUhMFJpJW0+XGZ{i=$u{3~*~4b<|3&w8pKf
zWGQLv=^4?4g&>i14gdfLC{gO#G21oxz4_S?&m!Llp9YC<PXLfar4KaKmId&L8Xw<!
zH4*!H+562R!TnxXAv3PT>xqvg%Vl@c%g$|NZ>g}XFk&K2RagGybCZy5D*MXv+Elpk
z`C~C5^{qnAyyQD<e>>r9T8UTjJ=0RdkE3b<mTBX0ca4779%^I2_naB{JJu&3QFc)o
zM*0S;*H7(oBWn#F)XT;)=6an#K9R_sH)B2aX?xK(1k@m6&ZbNg7}a2F<8&ivnm7hc
z5@RjyX>rcHRnK$&Jxo|hzQfTf&VqGQaw()O%(_D?bK|Dgm~m0Az(vunz_zri5{=v&
zn6`Tqtv_0OhOxR%j|^p|u{Mn5h5V)ouXkx&JS%&PzLLG<j*oM==_F3f&++1|##!;+
z;f=B+MG;wcVj0VLWWwcX<h8g>>Zyt~%R50NLf(12u_)uBBk5Awc;*At)1LcuyT*h3
z?rJzEs}oxO@GA17=;AyRYW}O6RIC?atWhhjf~%a;4Vm!sJ>bgM!K_N$s5kAGhDR34
zmH?x^7-6(6oJu^FySTr0ri2h+iT>+r#-Cm&7;c>S{)DY=Y~bPp@E8n3J$5^ut{F|s
z=#{Fy7yi}hK#Cb1pRbxPTHx(#aL_U#bKZ`nDSNX1>+9|K;Lve}n1C*kYGczO^0P80
z-<Y4@Y@xknbiS=LBR)5;T`qlyKxysSw$4UlX!zVYoHd732oZCt>jL9qj?^$C5ND9y
zJPe(6r-N`K94~c}-pd2_4Lb0Z=>a@4Hvf+0O4K<|%v!*22~PM0pw8u6<dZk0+V3f}
z;g|fK&vamNXO5Vd(a<c?F-Tu%pTt?p^V7!ZfVT(t3ud@XY)a^R2DJPq52~k9AIi;8
zU>8*HoW;CLIF#yq`9xO_d!i<EH|_IVQQG#RNYSpGEvrX2KT0Fk7u=7V7|XJcj*W2P
z4mgXCuL3U*tW>3obaR`rdyIODbrgAym$#NKidOzdn6Gx0_K5#9_>cDqM;yfbX`tAv
zSF0!X)biF{SoNsV^I|@f1?xwRnz*g=CvV3JIc>+D`FZ2&l~9LR44MUtQ)OEN>GLTf
zVVP&vznbYfU99GX+qO>F8q(Lyp3v>ZP2rBP=e?R&7M+^ctQlY3XSTNDT^^!i6+5d8
zPpw|hOX(Hqpjc1Xnl=22#?{-WlT=+h0ZMG*^o#TBR$aRmY*^YdPc1DaJ3K_k%C;Vv
zp6joR5<y8FLKj@9rN7NC6k2)-pHfZKZsM{n!cV!IbxGM5Hg=Ld9wOrvyR%HshW<rj
zbpK}2qgb}1>;;7)7E)=)uGzR5c3SefVjzBwh=G=zeQ|C5e-$@O&#vDYLyrF{bW~To
zc4Dcjau5SztKfj`+vJaT>lfCtt{2L;uFh2K+@vpNh=t^yUs5aD()`Se1XB#^7F4wq
zE@SADYqrX#giB<P4SICcy)GcE3GL42w^pYK!yq_Uw)9GOeSQDEKvVd<Rjhs(r!|a9
zrKfO`VVTWX=N#6HxMpQ})58qzo3?^I?%#MV_0(GG<S!^wgMuQ<*i3(@6>J6*>t_`T
ziUrm`cCTVX9|{XxmgKjSLK}&ZkK^&`BU5R%-q&dP22m<9LoZ@AV$wDi3|Z$c2JQ-3
z46OJs#-fT{mUUZ}@Z26<`l<VBq3tJ3$N#e82{vqk`UndRCRL1B9dL*eq|Dr<r!<~x
zrfdh`C4r7bbLh@2MO|cDOW+i-ur4aS&fo%qhpNm_>$8E+GUh;~4mpDwi$N*#m1X9(
zwVPJYZ2by`MF)4JP0iuMf3l?099TqjQJ3m>Iv1DnaT+&CP>2-u=M_R7lUO!g{!WPX
zsO^T}NZVs4wcz|uPzla|f~*<WNO)`X>?Vt2(B^C1P7JJ;Q(SuFSU}YtdvtGN4Xvs=
zaF~iKHBRjByE-Hn{iW``aLTPCpwNKD0;FWGom+I1`jyN<R`l$g7Z5TXb#Ps{JjLxS
zD(Q+z$cB|6+*7D~9J>YF&d3~iqR-Z%ytGqdACKwv+Zu?hL8(=9j<XrlP&9_3s6iE6
zd}`laj-U@K@+3qBT0r};p_bL^6~<PKRya%fNz_`k)Yx*xOr5b<_etw%Xi~hH8erlo
z22NNGMwyV|$dG4B$Yg>lcMSCK2Vi=3uliNQE&e{#Z&*$70(|9H7gw+(%OKlU+YNd=
z%-Idb&}P{4Q9`BL8-0>xOPBTs59~W;+B;=HK2B)zhCwdndzS60JL3{0Ccr6Auo;p=
z{GqmNT2M+ZSiERvl5Owkg*=<!?}KD-Gah^|rqCapxz4hu%LvxxsDo@v&9G;{)U_RC
zG1poMEi#2hM8+k!Y=uk8K84uatlv?&>;zIiRV;;UTV+4sc|T)6SWT7T$U^~@X>ajC
zo+Vv^>aq9AfCP_<IdL**UH#kIIa$9E3abvAZ@eWXj~CnAE0f&GhQ-zbhUv;I+urkk
zQriBXl<WUV0YRSSM!%t9Hkgbz=-bt`{HLak7w7p?N?5IvSHse^rL(&AIhV)M&7fFe
z#a4LkCWQMk%Rcw(G0Waenk-vB5{PVj<KLqbCDSFEoigp+G9cX^Uk6#rcL^BQET|pj
zZ=H|11V|q0>-xpk#i|M{pF;~NVq}nSZ1w4~iGRPyws%&wInw@{RTr?+0S{BnJoM|o
zm7)LDP6u1za#2-RkyU$!gF!du0O_x*ozz)>SXsytQPkX+>evMnXu<h!VRl;uTC|l=
z7!G#f{4G6<H4W&t^-Kr9zy2Bh0>~H;lUsia5l-6y+Jy+ndfsYcvwkrUUf`n2i;aF$
z_kTuz|39Ps{%16*3`gr9qL?j(hq=%{>$!zhk(<~Po8ik2-xcGQb#c=2HM`fV28%`U
z)~>>T_M#tA@&S4ZtS4e0BNT)86k6@ZJAyS0#BjC}6HUjTzj_#<p|R0Y#JW~eRTn`B
zN&wSaH?ar7M)|IqiEV23f*>_Z3GMvLrj-4GLc3`T>GCi{VLZUoJGF&s7K!OgE(T-x
zIsclXwbnF$Kr!rJi=k_X_CO*NfU<?dp)TGg$;Cx$URw+A0%)a`0f54IXgTZfF-BrM
zz}>n0CnErTOE<-Id<KY@2^KotReVJYAivy3))v-)f2_Ws`9w?}zw)DA&#oCA;{lAL
ziwBfKe|(GR`XNGbINr^_Wr}o}iuXZjlWu!hP0x0m<*HsMY^QyQj7IXFAvhF#;bMj>
z8V_qaa2&!lh;|*Y8Ss=&9uNxSp|!lr+Yp8E7<d215t0<ck#{9NX!?+-mLT7%mL~tU
z(Vw)Qp*r~`g`E*4VQPHN2)t}fFc)6t^tj_=et&m1TsW?}%2eMez@wv#d90V+dHgcD
zirSpk5IG%laN{C$(VR&h@nM?q70d%6@DS3u(p<1Kc_wR&yd|WIT(k=n2Li`O!iF>;
zF2H<hWg=Rm^K%u7RdmmfAWu*U<xFQirTCR9ss&s%ZNXB$Uj&`SbB{&!I*F_F+!!-_
z-*n%I0&^J)Wtw?d_}wBGus00mv`N|!$=m7GsN6A}>RvoTE#OJtJ!!sgl())`(lI{Q
zlu;FSs;<ubMz8-}A|7!qUq5w(W)^<{#LFNvrXAv)_k-~eitvTD<j;p6A}XqRX|1RH
zlU5;DK4}3bSOrNY=@qZCKp3T9O}beK_vxPlx~FP;bWgRr>*H9<3p&~!)h*-lGZ<(%
zp!nAd4CP-gOw8+T`vEpQpD@JfS<=0E<st!#@pV@`#%}X>jo{|H`Msuo)T{3TN{k!x
zpVvPAT#wmonCi&Aa=qQ4O|Vt|_B7ZJcNY)W)r%+3w@g>I&ZkKRNHldWVK+2=a@&<(
z2Lt&6m%nSFA$lQY3@Z#T{3QbmJ(raq%k`GW%$PWm2wb!k5f?%lxGq8@ZiN>wLEIcz
z8j07&AayXYp_y{dL)bVuG!kg0NO1_O0e?WAkmH62#R{ZTc{wVDQiZo(wB?^qZ>HH`
zuN9d_Q(;d{Gl^Fi7T&=~<|Y*<XkLew=Tj#}gBPzhiiU?_7H8yKC0Ntst)PV+NMS0@
z83zW2RhICYz+V?ac2S-Mz8J^@dEG}*Or0*A!Bl_ne18RKt^nuf<~m9@^z+f3)|$%b
z2b6lmA%^$VO7Lyie_$iovV?(QWT`&BVLkTo=flBPB~fAC)Q5zUB--@OuVjRvQ-g`h
zGONH#3Yv(p?vYp&kb$y;A*BTYYL6BpUza0Av-Z^>Ljg?vn-1q;cB^L7-P73QFy^l+
z=im47i?QLKnxt`H5}N{OtO2Dp<voEV8xGC0I1ge@k;uBS4)D$O+pbFB+tTFH+5HBp
zHS5iPdi@d6Z%;C=7fO>2M%7aRnK`mI?{0s(1GMTGpN|f%;%4b5&m}o|H>RJ4n{cnj
z94ZoQdtWtEcOKgGOP+p%l)63Uurk+$hlckcHVe|>XgV4g2Mskj-}AkLN!$6WQKEIr
z7D5d38P3m#M}kExg#hVj*+l_1leQ~ji}=+3_PNo?Bux~O5Y~9ACSH<XQI<q?D&M#x
z`cy0p1!Fz?je>*-1a|+-851bB?z=g*LJ+>!QS(+?DE13}c*YPT)B{-+`@AeWOe$r4
zmsFDzSLq{?N=jy#+<sbk^D}Bk(197e4URNYSKu9z+y!x^6<<=XhU&|XeVGP!%IaVt
zO(@c?<?@v?0IC_}_{6=${sSExK^;LXfj^kvib7ikzT^%hK_fNHc^-@QH-i+Xg>how
zUcPN;`htggDB<H(!0=H;9aATLnS+kITgI~@Squ!^VGo!63ngbc-tUY*RA^+n+o}#3
zDsL?ID;dybfLAQAe6oKnnU@C}0KRyM_N^;x$GWn<+RZ>>BZX4W-L*y)y=Yj&TGabP
z3?a<u)C(AknL+0b$MI?RfMU-jTM`Rn5YA*gv1yatJvZ|J01)OGu*@XYyD^hf$fs1Y
zb?1ccy~#*>+9U+BI<iMgQ%Ne0AyDv%?xVc==eM5iprLWrRmBRFa?Y62Izgd^c%M$`
zVQETm!w2?vNJ+K+{;;D#ZaOamyNhuw)$@tI0jG-7W{O8XO?mp=D`HTI)CiIbU}of@
zrRU<41$jy!x#KSxevZ3Xs(hs*+Ev6vI=F+|OaDntcQYQ49$0c__RZv{JvV{Ue;3Ej
zcP9UBU@D=OiqCg}rj%O$i}~sVpo9fZmBtXwaJz~LxBMDAYfDqmgiV^$gUIy>1Qc+c
z`S84Tc?&z`GaKx>ed_JUMq1F5JdY;ld_z^>Bbfj;!R}r$NSk{IeD|5k2K@@skH;`L
z^RSbRz{86gAJ+jr16}_>*-W5)!jv6&Q#aszp9|Zp;tB}bRWm%auKb*!`zJ6RJfH9p
zQ-sWOJbimHg59VkNKW^3y4YKqS!9+gB&Ql$V~P6>obNKtz%OC=LJ5cv_zuW_4r3Rc
zDaEXPV2so)ugp{eHfQ;6kNU5sC8196uRhX}SB7_PfoG@!^BeR(A~f<o7;Ir0?x?>8
z0(g6hCU+Oi6MXn3LWGh62K=_%$t-r<bl|C9xVP|5GznA)AS6+T5r7fl?{`Na%CBDx
z!F;s)LKUxwYWdP2r0kz;I8I+hE4Qb!byO+P)!^oDnQ>?*rgo<Z4Y*;c8KYXV#^3KJ
z*d|psYf!K^#FJ086SCDJ^1Kfx6stB$iih)#kGTbGC~V00BLX;KjB?P0KpmZ$p-v)#
zfGRB&LqS7<o6(yZ3run~J3kjo3>xI2!2;4s!zcrj+>;r&sw6GiCn7bJi4-*u&Jy#=
zY%L7g>T_-urPnWV`_({z4XI}8ZzyD1St}i<fE=$S(fZBB$YUr}D#CAq&8L6oQfhmR
z%HVU%tN=OB4-<PDTT#Iv^<e$A7~Z_2&Ve?Ve<g*==pF1fYYHZW9km2_j^NAW4fw_1
z{M+L2E1@KM_j7IV%^kDVGyrTpAG|w^JpZY$aN^Gc6Fz?_$h$$-!!7BAXO_$Bx{N9C
zjud<0yl!Sh--=>nyuVKc$t=+9%V3ujP1r-}T`d*r2BRpmR(e#x;vIZPh6Jc3c<=Ga
z)%FB!t{rP*3p-y&eT_7~$1i}thK-p<VuL$xXAL{ASDexU_zfE2M=8L6MwLXa1@u9h
zpLg{sE#TJ%_}#rTUFrXGp)u-v@D2S$fum`4g}d9=sEyc-PoKky(%shqa%-3B{wsFp
zyWR8gz&sszKT-#f+1)Ze0%AIgC6irO{fZnJ$YX{^U>ngZeU}KTF$o0Gi|(2N3Sq6+
zDE<V2(PU~4sx%Kn0$_qrP~?ys2p%qQ>t6RHRR5#$xBh+fYhOg0H&{qGcxOy##K=y3
z4^JFmU|@kges#^@&v2Z7>%J7Mt0K@gosYO+H+<#StJAw5mE-S`z5;Ttua(MHpC1N}
z&sWXQ=Y8SfolhnIG;9u<xcf^KF|Lz2Djzcg>l;D-=2O$SG)TZM*XTL`E2!5Kqw$vs
z22WTZ!Tk1s=xxb?|GRKWQ+z|3f&DO_1;Q6%Z>VN#jlk2sBm$0S1)~r$%CQ+%csEqg
zPkE;THw(lkrf+8f^iy!@k=+rZP!06ly?}!a>Fy{oNF@ZmXqVF&!V=>TTyjbo7akI^
ze~27x71DtOKpiN+&~K%0tdA%P1A(wmKRR<&<f2NFW;vPYonFIVUlB$r68m7wh^;@Y
z2BfOGdL4qVM4z`s2d^;pdkL^F8ZHI}8dd9EHBTZqhxY8<Q=R(Qn&oKtM-*M!gscR3
zs>PL+N^NXT1-qjypM=FH7A;9w^&)oG;PtML3FLoe0mO%K-)NWtj>!G*C6$ZI19`S3
z$T(~jfwYuq-}0IJ^+X}|=3%^U7K_^gkHM1yYY5+@y7Y+NKEw9enb+=TYKY%v{`EyQ
zH?jrx5!};<?4M~9J{U`b^oiUh`S?Zb-?9bfwPpQ59nb?0Tc?Nd3m|*N8q)hy8#HpK
zCC%`q7I9z)GSoMq>C~eK^L()~)pn~NghDfgZ%}sb6ncF$dZrhoG58{F;5G32T08i%
zeY}u<3#%&BmF7J(HnWZGDxY?dW2;a5B0u)!)zWnUZkmB2Tj=W~qkoa%m*qz9*WT&#
zdsFxJ`TRZ-r*5a)_&p5cQGy(3A9<I`=5u;TOL|>5PfBjHGj%9#um(N6HcK(7R={C7
zc%-a44tC`EB2!6CL-BDp5KB4YvI1qh+RmO6kTMja*@c}*(EHdVOPK~uWX`^lr26)4
zJXXbh;4<OXl}xm9oqdY*fzFM%&1ez^uN{+f72q=hW3{rx#K2m&jO}mFKBY|O<u)0j
zO8S^I2BTnI&;R56&E<AEZE|gJ9wbI$>YHftAx+CK!x49mt?V}rlR_|!SH$K1zSecw
zhJLo@Ci+<gidAq^DHNtAv}<LdpWsz3``PE|+gmr;#NZLpmLR+js!<zC;Ir=;>7^r(
zA2zFn>$m$6!J`x@ld>Ig?Y=CC!^?K0EIz=9t~z#-DTVIho*UYsk!)(MCPQPx-Mt~3
z{=1sq<XWYyd=c~Xl|(Ncrq(r-+ros{yt=y4w7R<9B&zu*i&rcDEzNMw5r~y%BaxSS
zqiI-gBKMlZEA^l0DZJD`;5X=6tpZLHR+%s1v|4{^F|^e9F<Ps8f@!VNtT#;8nbNNo
zD0TJW`J(-%d;t2?%i@t92<OuIqq2zOC^QN2jV8CU4Zr>rf4C*{KVk=<aFIS|1st~l
zQ<_6$l`H}L0;CHwpK<k^05gz&BYsE-S9xRLbYMNk1Iq-7c6Yw@`vG75t+*+Z51q(4
zpT{OI^?YM!!WU>mJ_LVrf2ae7b`m8B`lvx-2FXr11)v&S?N7YB?SUwC1V3<Ld|;$O
z({YA&`2s*jV*=`i!7r^3UluEM!-?CbK*IEu54ZG0#^aQU$&ACMoY<G>H6HN`a{%D*
zw9yJRGdf`m_`2OgUeB;ukA2gr4Be~S&HY893kL<Q*T!Z%iTNj|fgh24nNJEJaYO~4
zLS3pO?tt~#W!S*=t;^^0;=AtbR`>80yL%hzD&oPox8M+%+_+e}lAT8_@I#Zi!RcEU
z^skisAyB-xQoOlMZ==EaE&7?5i_Q_=g+LkVw5k`J&9UoCIGm+Yq7@x;tZ}j$NhBOG
za1){JgoWbfRP*oJ)+_xvy{|^dXJZGcifV6`_t!UZi`?!XW3~Rnr?1-3Z?FXRcsLdE
zsxa8%=gkn^`;>DVf(mJ2+`h0F?>x2wDs$JpCDXK2je+3Vv2p)ez4FJ$S9XoC)<@=N
z!Elo#wzR)sQXDxQbP56%F&)Sj=w+SDfub;9bNl5Xm`Cy_O@lw0l=oftZ!Y}4yoi0X
zhjmR=B#yTQ_F-y?LXo=-Crt|E_{UsF`5K3YNTJX26-3c<LiJLUEAmPqF_l+rL(2d^
z>mGqWCwEeV%L?A^60+i4p%=+|bGA6<8wwK)IHlm9#Fh7N#ujWbPu5`KW$FSibTnq`
zX{M;CarC9B^r-^i8LcPp#Z@F|6gv4D`L=4X`>Z+|mcF?h@2IKp#K2`xQ_L2pl#)>i
z(F|23&R*7j0+XZhe{1v$2gLAnXJjA6LPGw0iHR9J_H*`;lDWDk`I>Pf56%FIz7Rfp
zT71Uqql<_cK>?Sxm52yY(o&Mj44W6S3z;?-YUE2`Pfq(|Yky5nNPJ30;Mnor1BKd{
zDIVva&_E@Z20p1ZQAn(t9u`K@lKs#w>Y|a(X-yRpbl1FLqY;_rJQ|MBbE(}`L+Kbw
zxw)hS$#9PI3=lkywDE{B%h)bJ7KsOn95pgtz>wv0)Q>NA7$<<^Ff`mR=$cA|kG!NJ
z^q_6*U}8_s+Hw^3=n304)MU`_Z4Z_<FBf!-u|e#;)o=Z#XF3m^?*GO9xY<G&eLGF=
zF;D>e#i^zkstYltPss6r%;{fSmW^gS5n%A!G8U1BuA7?au5mt~;YXyt9#wZJO(Yj$
z@USo*HppcQ1oCwu!?lvZg&=)@Oz{3AN(L}hXe=9*I(EcNTH(IXm|Slxn5evTFR6xy
z8jM_5m;sX15P0vXCjXIKqhD>0mNwNMG@)~287cDyg%%5M3Tk8$V>@cD!l*q}if+zF
zc5*`Kmn#TQMEjQcoe&cx$dBH^?x8F^U09Xc6q={rDmkEThjgxUUuM%#v$r65P89Q*
zHInwE905C$vG#$s;oLna+Er4Q7qqJav&5bcFD4;82lO!e2+0LNl<;1X)*l?5d&%ti
zvxd3#IQTVa`#h<|mFGAy<&{F^Y1I|N9fJkXcw&3-{n)ZJyDhl9`(b<Vvg!&=zc{(s
z6@pIkQ{oDJww*edMC%5f))kWU?RRcv*5(F%c5SM*OWXZ%TK2uk(=CwT)#KrA(gElC
zXm2)gdLY-~;ZB?twwFNZjJNi(UT+)D+?YeT;DCQuS67$&XnN58eji@Aa!**gO@p&V
zv%T>>GdTTsL6Xy-JYa)432bQZ>U4kohWst{)Us&BqPg-8eymM&d;T@lv5b)B^K!Y}
z;l@tyW6gH)DR+5^<M9~bf%huI)4dM}A^AtZIKihUGv|`48gvJubYiMQxVCfT!B{xK
zVI!^&8F4y`z3p*f{4JX~_m-TnHj?ISm-2v#fuHdhXzl2HK!h=HZ=qkE9U*p&x^UVT
z_m*SR{RFfYdbxvrfRpLcm}I5M7)T&4VpVU*W+{Lfs5@E{cUC7b4<Y*arysO#_e)4C
zRB(1#d`Zovjjet+VF7vqe-#f8&t7H;7FCP|XUe;Mm=~9C*50j!HI??zAdF&&oq-H$
zqP>yb;p*L;i2Fn4<up}PzlGhmRBl*n2WfqqU%x4-qx0Mvcm2v5c3t~l0uGq@F9GW_
zpP^*_OTbyA^%?&Xu)b4Uz|4OMxZgA&WYZTg0~%!vuy0fsD1&;66oxt`2#Bdm+JD*>
z(%2SZeE3E-FH6L)t}~CWJ&nuN^VUq;FsHBY`vhpEb`PV;%m><ho6bXI0q0#qnJAkv
zxT%XB!fYM~pxKFE(l;nxe~ZEjWf4a!L?jE;B^Yv^m?fHAOhDPSx$Uxs4OGFFy#A%o
z>uc_f6ZGv9>$jt`<BfPP_5-fX5A!v6z#8U^3)o)e`LBaU>R3`>VS^FUO8xdq@*-qC
z1@)F3U;(H7d~mx*!2DA<AyOuMD@~y0X|S3Tan&bWVCkEKDk=M4jQK~26@F(YuCks$
zxKHYaUk3cD?x21xPYrUxI<9O%{D3sF4+&_2@K)e+p)AvbqI2fF+V%){bF3Q>V2E5D
zi>TbeZ5Z97yVH3q49=^GT6N?0zfCTHRm}#g1<7>!uLz%4rgY(*T4Q`&T0?y37A7`V
zPXCAl)aNv3$LU1sx><w|+2=3P=eErivmJXA*-J+R>9(&y5i|<6b!hc1AzNpoc7kl~
zGw`68mvsGtZbXbN2)2%YWUu2DWo@%x2qyFDQVH-g5W$>NsMwL|1aai*cvvA4R*Ya#
z&rX<F8hkmiIWmfG;+Gns4pz60H5w)_FX$B_e0G)6ex)E#_;8W`L{J{LHNTU-Sq8g9
zMiO72hK3jq&P{0V2Z^&`<g5;zE`ezzVR@Or1p=ElJaYh}3P`85fnEi0A8G8zI^T+K
z-R1?=hHoiSh*7Sn3i!)>$bbd>LyPnDT-oo``sbR_FAX<9$8R7WRY@KC2#?#Sll2E(
z6gH2T5i{ghFggm-CBKZ3sD+{V+5X?HBMzl#IgNUI!TovWI1C<dY%u{Z*ui)BpR>O+
z#+O99h_7rJ@owGaEBPt`dV!YZ%QEts+a8MkYEABeb#(6Wu_4J1JFG7!1W(oo+_nf6
zg2H={l1cTB0~?$JSM5tI5STTP2Nr$`Hsu5N7?B}1IlHWA1G%ISV+%IchkX4pJpl&?
zV-2!^wpxy-XdlS^z6&Ns0#e{Odu!Y**AB4JN-hy<z}cB{@^UGsl>2M(71L*kjzzTK
zCyA6~bi(L*S?<b@88;^->8@Sdb6tMvuJlfXTU%VEJ6l+#JrdMbMw`$`ze?$@v#N;l
zt;5aIGTa-#Y3VPvMw=d88LEueGc`T0(2KhH>IdF_Mz;jlDJPNdwB|T4#XEXH7O&D0
zUd-{WjIH56Jq8uC#7}^E_(7;MT^%J^rcL+Rh*#~X58;LP_W@-h^+ph`ey@nudxIsD
z&s$dJKv&0%U%e%?!@L_b5;F_?OUi&wfC9rK(wk-T=K9-e237|!{-iR<yY&uPHz>vE
z-Ch`o@=97DxfCG4GnUy~$ZRv@L#VDg{w+$~a^waBDr?I@Md(4qy_BpM&e?}uW-#|X
zpFFI>dS~RUU$0PH37UU@vxzR^ho5xG^2{{oh5tg_p|kZfL(zspE=?n#49GzM?at6<
zLqmB$jJ!wiL@t^$xXagY8;S4%8vu;H;pS)-(hxxTC-o7m12G~2{_YD#`u0m8nvV8d
zs}dAZr7s(WlmbwWZ0~;Pc3Du?T{l1=HMt$<rXSv>7u_KU$<;*vkDh>k0AB&;gv>5i
zE$(#b1JYNX;Z9R?GGL{-1IUJQxA7kS$4|6fO3K6#d!ZW!%`-eig+LUAHwh@p=deKf
zH*yN{aK)j(oa)UXtW^xtF@C&QL2F7<BYh*1L%CJT7}KZB!rW+j?GW?Jd|T&x09AnZ
z!ap~FeWB_No2|QBFAyyUU;PCHkM+pGtZ_zhn?5L`7ubveLm6GH>g=KK%uvNRk7?TT
zg0YUroFW}qSsLo>_k(H&Mb};uD6V{CN_N9Se9jnOht9JFnY#N_edHm+cxZxtotlmZ
zZ<au<Ke^$coZk$Gpft)LzyD!mSR4SkOcJ)X<n?1D#j&}0lh36obR~wb%4ibi+_td;
zu^x5hi;}SeUXX{+jH%b3)qt;`RsXMl`xxwTy?^@{pa&;9IFClscs-!^iJv}@2RH2T
zxviP%Zq6PEkOn=CZ=jWHR<(a11UzbGErnFyM~8CZBPRcuUn|t~^7z`G#SK%=(**MJ
z>kMXvJUV_XdL0j6TdJN9Y;}zo_}I4adHaQQ;LU-&rH>Tz+ONr-_XdI8#won0(LU^R
zUn1)QW<wak-jv^8iENl<$c;E1G+3S;;}A`FTj%{J^!^)|gq#O6^+*iAjCDMMU(R}5
z=S}8@7h^P-=T=93#UQHj&Xj^APKy*#7G=+y=p_gh_F)3y1i%pJ19}K+W02cMs7)u*
zZg9_^QP>L&FRayc4o_GRhsia^3m>ZlDi{hfk7lj;TK+NPF4VoY%yR)fY24_I!3EZt
zhPpdlaMgb-)b58YbuGQ&@;#UxtGXbhvN<OKP$%|o^r=*{xfU=OMh}3Fuv`JzX{of9
zTmp>rQv@%>%$!D}LdZ0;G9pfRC~B>-9CPKMVo4bSH66+T+d=%X@Avy2#;!Ox4bu$y
zP0rNylf2Cna0jgx7KPqyws(00un_F?W%Azd`|S6p?)R(j_c`wuyiAO#@br$DIN@<C
zs*1Y1VqR5eh5^Z=Ven4DY!RXo>h_?83i_5y$NB6)toYv<IjX~w-D3*vwseOrqLoO-
z=P6-!+cHZKc?xSaY!9XFd@_A;<VILEA@o-)pzF6>!S90#IR0cWwh+0ySyCcJ1$7h+
z6$M+_H@xkVasIvx`LJORZXv0;5LKL51QwCQ@Nw!PhaN4V>ZWF3lC{cT#^*1HHN)b8
z@L*VaQ33>%pacT4hS6OTgelZW8PX{5V)~J;D3h>tI2zKyhp><somCtZCdKUH+(D|q
zxGNRa57-RBR&dwtK>JhtFwWCC@$7+i0eGPLsdKK0z@IEuAR8cLhV03H62K2^1)Qxr
zb|F5*afO$hOn~$PNav0|vwks6tW#M)s~|J_K$(Q#U|a}femE_lMt6)Mz#`C47a;;{
z@xnEsE}kRz1M^dO0so7BEuoSlD&XOu+*8aZE~z5tmfo;vI33y2A|4l$%WSz#$7|>W
zt|-(dwwfk}cY4vQ<4`2`LDCjwCGH8q{9;$vtj&qNm1?OQ6p`wesNFy1y**^^tMOO%
zl(`>Fk!89{JXxIajBaLELe&WDr@UhIZa04(d7h&uGR*zGizz*FIp&o2d~(UH0TyNZ
zYu<v$9GME{LS#P?xYmBz+&18BE_fgW;Mi$m&`<zfE!v-8z!oxy3qWIDu#h9?#rYBB
z`T9V-g>tgCMJHk|I`eJ5M?-t2;{F<qCz9}!6dE_E^M#^yhw`?&`wr>}ui5H5FGpus
zuD%__QRAj1?jDVy(-TBQbp%O|OiGgMSe2VFCv0IK_N<wrx0*DVSR5bKDF?AipVH($
zz`+E^2Hk~2HGR@%M7;+Wu6HC;97cDdvUxQP5wAz7%)0F82OU!frFVKM9VvpmX-JUV
z2{#v)ih!{AY7>L3-8af9tgOgFJ<SCi=9#HYig%we-#?(<NpE-f946UZOzSNgCJN4H
z$Ayr$t<ck4+`ElU<;>H|7vOCi(hJ;842!rNx_b9c{OVG7Pw?j|8D{;)3J(rgFr)=B
zprE07=FY2x$c69aNBG;KdQvHH0DA|p?kgajhyf_JE>QD8`V6X*QshaQfisV_gFj*;
z%K*=%0Bk^h!FdlfnY5f;D3$4TE^P=;x90ZPR@vb<)!4x|>6E8GGj54a_%Tki{rmGw
zu5H*#YMO-uA~o$g#<;buGc%d%qNeF{gX!EQ5e3v=afR>P)oIN5SB(?rZ)*cgr%m$w
zwOIbv<Cgx=&JO6_l!wid5$_yUgN?Dwj7Znfkxaz;DB{-W4RLF4jTx?CkdA*Vv#RX6
zC+5|Gk(><Mwc#0D)_zVq>>FM0^U7SF$HiTnHh)AJ9OXqN@Jq;$>kZ_@Wf?I{oE+E7
zEUk!X4)_ltP}fEyFoZ7fSt=Yw+u8c*YCO4ruGFywd_tMnOLJ3$&v8Wq@3BRJ;i`Bp
z8tLyyd|CGrcCLK{Ps+HmBLYQ28LoJ)qZ?}#k$hIB=q)B%i$vXLjA#wr#(|;YjEROy
z({LeMtmr+hfOXvbweihB(sL|~&6d|{y9%?>A=xGYeu$JdRjf3t8-CiMYaATaKsf2%
zgM7xhbV`nBiMFm%s1z>F+t8q?+SFy$>#c5Ru7{q)?d7%DuQB!f{0d6->J}Crh+~@j
zJl>(;%vFV+)2F+Flb8Fv&`5P0IIYxA)PbN!87j{K5<Jy?{xN~Vp&)lG_{oi>+DH%^
zv)2wYi+O_D>%TjrI*mi3L7G$Z`DzhhHXyK_!Lh)%U+&zV!gzPx3v>TpT~`@ZN6=((
zcXxMp2@u@n;TGHp?iSpG26uM|JR}5ncM0xp4|_mxSn~bZJ$rU%=1fnY?&=@YH8oY;
zw{No@zd(5s2-`taq;hItPsXDQ(L&(B2kEz?Lp)j~zzg<X(KdaH&gu$l?)LF2%x4+7
zj{g*k(s_-EUV1+*sn9!=KXNT$i_nWuU-JD^Gqd4qiFQA^2kCTOxC<9L`qOi!7>g$k
zw?G)YQvu6W5L=tc7tH2f^o!x{j-D7Fl@rm_?v96ou|U!E_oLy!Z>syBU!G+jFWOhT
zUkC&I?|36Bw?*j}65fM=fqfiR!k^NO{c!^Fa$X2GRGAiNFEGLz2pi>QZRq-Ch_M_3
zU*P?Mwpg=}1Fyv^17DE+%idoO!epwnUUbdEq?VJnvbqBwjOT{y^u$YFXgx-7v=^Jc
z&N>uwRv~=G5g(-Ih;*J{k{j6LJj!<Q%064@ayI-@J%1LRKVWDfWPv2~<tDqrhK%!;
zS@0W9@jG(>+aLIE%-8zt*)NoQj}4C(W;d1|)I-l>LHalm;0;l6m3re;()*!j@!(L%
zqCvRhrCdAgTkYT*(y`754Juye0tz+CYIgv428T+}^1yo$CE?--WXn3_F~s3frS$;q
z4us$FpFbfdc-io%h$@9I->x_3OrZWwcs(<1fSZ5&TX^ZOsH)gKgH-JNKvN%jF@3@E
zp%?W+KAg~b&Z8G8Ae9eAUdbi3_WGyD4MMO5l_JH?c$JRbj5!OmLIz0Xow0qk={Qp|
z3?wS>-CQK#f~>=7ZryL3MDRVdUf>#^9M7Q~r6!TjJt@K}Im6MqJ&s_3OOtD=$7jkH
zJc`cj{zSp@^PYnOC<mnMat{N5hj2$u#3$MTl<Pv*mo=x~53u6v)oZ`I-veSV*emTm
zD*{l_klSoN+;7Ag>>h`!RZidcIGCVu98b8$wIdKfG6Q?o{rEtDd!b6x`_xsnCb_OX
zU}~Luuhn)H-DRnG_;+BZ|2z2ZT2>Tj9Y}ROehz_emL7cq6Y`+bf$6kUY6i``r(aLd
z<u3#2Xk3HMBueFUF9k;5Ku1g=`N5PbXkKcP<gk4Q=qvOI93Ed0EynMo%?W%88zI$4
z!9cAF5Z#5_-`YA9&7FbPiS|C`O<`2%$oyWJ*~a~fG=8POKzAH<6GgYX1-QfQRADuu
zFN&GSAK7D%LfEK)>r9E(pwe9*^BPX=UjKFzEgT?3ApG*UkCM;u?UuFN27)*hQc|So
zWzuB(?fRm9Odj>?>GZ>2@@v(=j(*jEMC^<@ggdmA0&ATJfT<-tyKVO7_^G|s=OLuH
z41S5qAJ4yDqWF&+wBUP>mGvb(41(V;oQsSR*ZpLY%pJvw>rTZO#L<d2f!7+F+#4eH
zMKJWdzL*4^HD6I!Spqu<W5l@Mi3>QfLXfQK2z{8`snw0v&<VN<78bvDP^O<3*uy{n
zK~n*aJ`=(-O4lu$d+p@PX)zK|6{5?vLL{I^6W(u`!V?=2MtUKG?H(MD+)szU!8W>H
z=^R63cFN(@XRUI>g6YHYE}BF6?NQ?sGQJLVdIYzKo3fh_eBehapU<x@hN{A9f0%DU
zb#LNzcF*3I=DO4!XrR`vWGgj9u1Pn2Exh*fk%)n_&>wpx^GG+MYdbLY){)(TQa-R9
z+HF`#nY8lCp2R0_lCFFC@%+8f5!1xn=kNW5c;`cf(LNd+-_<juHt8Kcaw-=t!UDb$
z9A4eez2a_iP?~xtXf6&yIZZH&YU^{GM#nrg3Oh)>3VCjBDIK^2JvL;2ar37J#tHEC
z;S$$K0;{9A?jcJ0GqgLT2>W)}1M*HQw{Nm!2FD}{yu<*5i+9!+_aLO3sQ7Jbaoj+G
zxA-~v<-a!lLeI`G@aPg`fw457xGx;ghg+GHc*&S~7^I>%ZhCRxWa1x<*34brMmK->
zL4Aqp+p588-Ch1Qw60rNQK0e4HQ-u3cSgS54Z-=^TYtojm-Q>V-3wBvd&uN=k#h*H
zlhpF$&$;anEX|?3>5(x+-C9K56_L~pjeocKDHV60!evqmtai<+J~%@H+-=c7kmw_o
zE?#^rR8JFT)Aw_5cHeqPt-#;A3ubsk(ZDWBLAhI7>;)otDe~MAxnnkT>+u4E4AS7>
zZF(Xi#eR}wm;P-hnRt=XfZUS^_>Kc{9rFAWULDj@txxGI{pZ8yAP2egb0<+pC#UD@
z4+GTw>a7Mgwtsfn{K+P~<NEB<`YIrZkg}HG_3hc^qSk8Re7O3uVzqH&B!;JTtNn*g
zI!Mfu8anLj=ROPKpJ`_>np9oN_A+euR8AJ`U{w$Kat~RS$;IdZeroTzn~NMfBVM)p
z+I`XX8e_o{k&$ub>HPHbF|_>wti$!NEIeZQv8;Nr#&&GuND;MFE}EY!{OZ~MW>j(g
zHE4v#Usf7P>|k|1u?5SttZf2=5Sj{HuLKg9>i<&S{H5IJD3L8JMN}(Pgeie;CW8o?
zGC^ogNZq0zbj(6RG9GUfeDcf6+_yeNKdn!(R1);B=B@`?sdZE9PX8!vFMM@iY@vhE
z0{+CaJ|Pa}ZkBPa0)b*%Ij@b8W$*TK6r+Y<3D&3c=vW7Kyn|o}bWkxwAmXw7#uF#w
zE@@&o{+L3T-mml^Wj15XW0%Nnh|5G98ks+8;>-aj#>bzH-}bhqrj7Iaw-g@|u6;?4
zaS%U23ZOi$v?Qf3LIDIQ<$b}?CT2uVBmHwQMW$4=CUufX8RBfS2prH7MVAlzp(uVF
zVaxST%G1Jl4735dugDq*p`<mm`P;KWe*!3Tt<Y*)zu5P*u!i8ni1<7}sn3hnlIm<c
za=`RwegGNtu^;Ut3#&1}`z5EMRI!1!t-(-Wx|}Rf{<YEL9!pB@->f<ksCPTtrss}I
zW2?vx%6QYWn2=WB3WT4=rzY%;48VNoq%}uMn?Rq@)Cx;(*;CisUc(i8dID@g`gMkY
zJ*0_H1{nQMcIOQl#Zxh?8itHJeRK3Eb0zGxrc-?J<?LhU*9_g1Kewu-K&yrNRKw*o
z>58M|qF7j8c5xLtZYoq<!d~@jR~IDGn3~6M^YMK-{R_CDcXsxW!1NI`x!sFj47(NG
zgyKdkQ=z9lB+fr*M$>IuVR*D7V4(a`^@oZTxk4Po_76H0jvjs7P#>#nVz-u3Jw>TC
z9u|+S0;+$fbR6{fblyJ@dFu6JsJ0jf;|5o<$8=CYW<|k0%%q@=GznQ0d*W5gniIUa
zhIx+iSZN>QFzeblDUsXEo0%>;F#-x01HIV_s&w4u4QgsnpANv~T(D!fQa)p@uo{I>
zu*iGDalwV#wA`I++@w8DQ6mEtClac7Jp#sgTJgb=cLz1DYMDq_eP?|}P~UMYGpW8^
zjRC0v%@(1Gd;%+vY4%ra^}W^i+%9YajoB+WAvr3rbu@~JQX;8g8#Y<Q#|G%(91bj$
zN`u*PI&``wP#n-a)BbkS<qxvt3=@&NVX{U@pe*EH@X6V+qgWIr!^l>OU8TS>vNhA@
z(P#cc4TC*{t-P&G*NodSus!aN#iPmWA=X4$dtvy^rXMTy!-Jv>o3{qC)Nq3shc)_l
z3~N#eO}6#}koM`UFcc6taDfHMGz2+j9VaPD4$B@$HOyU|5w2ND#+GxB>)Fe<_&^f2
zZkZSX?^^Y$nPzWwV%;NZsW+|L%yYRik)h;Utt^rRu0wa^HGs-Eq^K=GTsX^1!RH5d
znhjZfgGBtLDL1oxLP=#B&%mDhlt}P|$G*pQY8AAg1q3bRf-^u@&0(0G0uR~fq(Yp7
zlH}H;9$wyT?yrc$`ZuBUuYGpNLRh#dp(~A9s4+oAE~W5LYrR1q94?vF0t1H`u5%VQ
zF?Et&@PmkaYtYlYaJ$}6XTJKnUvIo!2rX(trs@|nSQ4LwxO^!eb8(j8ZYO_L?ubuY
z2<^=S3Cbbv87DPhpUMopdVy>i>1+4o;hh{fkk326TCaJa?pMhglhgI+odDrK;)D{A
zGPc@6Dreo;p)M7NL+eWS?lmhxHN&&Nhm)>Q9{r)C#S6$uaNBT5DTET!;9@!up^bXp
zy6@3=Jc$^*k)Xm{rLhb881v8St`d+b(!v6|3*fn1w;z%>Y?th}o#wR+)3@A}5>nxO
z;3E~_WuKgdDGzJP=KCvd^+G*I@&I_1(YePvcdz}^I_a7{18b_-AdL#0ofY&H@jbRf
zXAMLH`>o#Aox~nxoH{1FVxpg+RTa*1v=yV0bn1;Q69UOuqdrKQrwJSl=~7?iOD>px
zv{6o7P-Qp+1E|@F;T#_P+00aerK8oiSXRn;?$er>D=Q?+ikg+(k#2&ap0M~#MScuD
zl$7pYHV<tLQsM?-H&1QxF798dTj*zZGsATYqXwp9zwM5uy%>&e(LQe_b+0+Ru{nu0
zas}!jtm+3hjbl;B6{+PkF=rjZ`TmilJkL^;YqyeLbqH&sc28jT9WO2az}%i(XFf&U
z^NBbuvN?tb7uop0kFWA_x8Jlpzz?o=4s1{gj45f&&s3bzX!3#thOx~#W?;NkdZbtS
zXV*)YMjNtC7|BbpyYwsMQxGNj0b<C~0C;8V=I|0+npiSr&MzORfg6OdJXrawB4FAH
z{l1y<@uPYOD|@nr7nX?EXcBUgwGt_YZbYaOZglyzBigoq2a8VyLtxk;DGL2qL_{f6
zI3K6GZauXh!CG4Ar}eFyY!k<2@7*qKes?S7)xI6Y{H&__;6m3476>_%Q`S`CWR}Kh
z5H0$et$4=>FB-s8)2&*Tl;8EweBCPUv~R74_FeQ(&&qHsvg(wyylN#*#SYS-SMkeK
zOjgroA1dhy-y3TK_G2x@W;8$PDLgXoI7Sf=URw22P~{wW!q(@oN!Tsxg?T!s>?PG&
zCD~IwPjK?#Bbz4m-i!UpxCYp*Gc(=wg9cM*xBjr|@zK2HNQD1dBrq>g!5GxhJfSxX
zDGf2-Jf+9Kv|pp~(V2~GaGyV;TIXWF9E_&rc#P`NzbQ=l4hx=jyiSbe+*xs4;f{b<
zMnh<_21h|fwvGkWA~;;_zrrRQQ!W0=jDYMs$w0iKXn$i0jf^_{Upw?bE$1JTp`)ZM
zF&kr`?Y&)coETOEfq^I+i(1*Los5Jz61dD0oCKOV$w*8IVnQR~(c@>CmVy3^p~QFt
ze8|xWP3F#s`mq$I<sOwp_+g=RO5%=TOnpq^Yapq3HTOxS4#joQSfM>{DNLAKuDJyY
zR-|BOwE6TfwqLv`;$}n`5;i(Og1Y}E*Fp&pyZD9%E6mFh$5!?JN41BmaDuH@dr?G-
zs9fRf_U<euLR~1o_iJ3G!C`I$=$?q{oXnvAr*cPSX5{H1V~~RP=s%FtAZXimT)G?q
z_9==q5hn_`y-!h`x+{+DG^i0)b2Umao}k=zPn1_a7@C~)BHsqH*Q(tcM*qe+CQ+$e
zPNaBp;4bIBKGQ=|Z*|fynkB&RPG|8za!M^MNhp-cWDuz!iagyH{iiilzm<o?_v`78
zlMluol=uN=R0(zxRHIP&Wo^}oZAK$oM4#P%khYbuqg3VI1Plbs&jIz^<u9MwRI|RS
zBfnMS@TE%MQ-4>Z3LdNywV3lrKGIOs=`O9_+VH$<FT}2@mmV8Jui!iV1qH8gL#pcV
z=l(J1t22SKQ#^*_^SY%^)qUb<m%|tQsiMC<<8GtT0gx&@XaGo_Mh}&yUv%_YRP(Dj
zHk=G+wgR&`s#JjHeJMp1o|X5sBX6&4?8&w1nu+K`C`FwD;YK7fnpq|lA3S9@Xpxgb
z)x2}slydKWrxSNCkFlFyNLJ348}rzHzp>4-wuFMLF(M&}XKHo*Tc)#N<38|4%K>OC
zHbRYx2{C~WEXO$6$e>o!b7=)W0z`e3askt=sm?0s>xv>FeZE)G1-ghzMJHM6+d5*B
zn^Y2e_139DqXvOQL5H?Et*!?9?+Ph=W3&n@`+9Wj+Ci2EBcg~6QN}BAg-|XdF{}X|
zhiQ&klM%;>S`4trx7lU4e|~K0?5j!s9KUNbO85Ke`9&K?Yxe0*t#L^spxhdMsRTo@
z%o(>#^^<TFh7?n4UlKD*9qh)low#DHbL)4-THroXqi(K}XGKRWm!vtZj;?Dsd_Vvf
z+Ac&;y+<tvRQ%5#+_I4-J{?_@D<7g-4*Kn(WY&MpD7~Z_?8Li;`#fhZ_`lUAq}KM(
zSViN~%(6|<{CkhDphAx5Tv{cwatkbeS8vy<tmC8GDc}W3k;qp%!oF$iNunX;1X&!`
z3lqJ56{{mM{P!MRNi1sA*ZIWT<<CY(C(0%+J?z0HMnSUxHqomQ19*+V-Vr8cO%t@p
zFx@`eK;iKbVuG?!(yOe9vuond!E#7oD5PXPgnQEM-{|vvkyXrYOS!)|dHNrLR?FqL
z?ljJ3cm%1={WK23^F7W$LR4kHZ=dSPEuPdoTUkemG`U<XI-+M%3&Bxe$Es>X&|K_$
zxQokMy{DE8Q01ffcen5__d8^AbJfNMASDN3ox-_U*_VUMu}}KFLJKrp{=nBVc6>=$
z<6amPtO|N%-r7}|raEN2<xIRf`H7?){Zd&-QIB8id|7LYyWV*VXxsFkX8u{$dLLSx
zP~%h+<f5c?Y40qxrA=#Yzk=oy{#LLhp6z<uct4d>fUb!XQ+<NgzL|NdY>)^D48yat
z!NoZkG`YGs7&K<DHSX#kSk4v&>-@T`+Y}oL(2qQZ5<EorGGV=o?uggePrQtOlKlG-
zGcb!45uvZ4HZ<jtTgb1bFq?~_{%xz^K6nLg2wx<Hrl6kXhqRVGYZ#gR>e4n-iBD%_
zq;xtdZ@JY#>G}GfGzYBn#JI^WI+zX|0~&zAMx}OL%6WW_UiyB1tIMLQEzjk|zx@%K
zgw4K<$i|L0HW~+^C-f&nOgiMEU)GF9mVYP{xe?0PH=@tN^eGd`tdCbo=m5{IgO!zy
z!~UDU+{`ySj~sWn43{-Y@bd28H8!Q^*Tr;v8B)Bw5Dzw38872hH~BdV3+FSu{@9(+
zx`_Jx1-+8sEzK;&=kq_3@=K7ZHFbv4cDHAW_!zuMigJy=KAzUt%AJysUYI2poIy~8
z{rKUkr=d#A5+4oEE@;PE*><67v}bB&gFTiNx=lcu3+vZZ3i%sVlgF|Tdb(>F<pVzg
zL_Lle(_8H^QHf08UXTtP<hn;fk>XVsarf9ATXzG3j=3`rAjRDb_0PNzu+A{Ayvb69
zj<FZ%>dcjxzs0B}2(;<w=gL$gy*CjK${DupR%Hj&FoVt)KslA^U9e0K(xh@by=tAa
zgSJYjc`Dv$0AF=*=V@$oPk6nx{vmTgL`a`bKh}-eV~*+AWcjreysVgK{x{Xn5`=+W
zK5jzfak0~a)M^2M384ER(eLRwT;_S`r{BB^IyKXK-n7=e)2y#hLtevt{Nv{C#D3%E
zGw&NX(e=Uo-^3G)3sg;Wl8i=+>po(PZ{Y8@vYSwM1pfkzbNtQ*2QXX4Fz!qm`JS!2
zhld81+83b=!bl{O%nlE#s&+ce)DJT&rOBzgV;fbG14IKf(-bLCF|FLCN&RueR{Lij
z*qd3xl7EWHS;}M3%(AM;;eMD0!_z_x^-kI_%{rPAJ_)%_YV!^^^h*`j9r(Q6r$N<e
z>qg`#e;@zX)kV|KlRfuGlPZI(NwPSo*Cs2KMppM9)}mm!(v37OBR3|eDgle*a{*O<
zu3RIqm4egt`w^$IYl5e!TdZF{jd>LGzVv=dSs~%y_0$$H%{Jzc`L?M$%1Cw&jKdVH
zr^29LrYWr1yjvvjJFTNKk#0K3A}{uaa+D_mjoAR!JQwIz)MD5lZiJQI+t%$uZ9g-k
z?US7T8M7l7yUp`tIN#{)?&9fu@bPZr>?Vf1ZnNX|l9L4GVIzp7u7j4W!>pSU1qWsA
z!ETi&w>RjJEsgB*i{Gu~6?#J!(7R84GBU`9i0l~V5^*r}=T~oKIvFBKQfNz_p{6MA
z5TZ1uBYqwFIU7gLL**j+BsuRa`ESBrnShCrapS^tsE`q0fb!$j=9|<N^dI`5e(yQ1
zDa;1!%70M=`oAawBU1zxrg=e7E9K3W?3BF%zVNcN>jYLKap28MgUpBjATeDnRN2#t
zxu2AEZ&;UIg0%WOyHsRT-q#Ga?&hR7w9gT+@dMKNtzzQ4(QQ3s8Z53H8204kjMAB7
zfCh6bWCjH?3U)<8M)premRxD~+#grpvig$&?t5P2v{vE!*6l_t2iby&@G8sr@+pXQ
zoZ;^XY)06};3sxH!W#_*bL3BK_Jhhw$+A23RhJhn7NvEH8y4mKR{U83SBUDvpUGOC
zyrWe(nTvGQ-wROylG+DSKHd$qdRj?Z(cMWkt1b;p|D1TeUw93TP+qCDs)<r{0$y4?
zlc=}A$UeinbZ4E{q;_BZi_<ai1;z#QXf;dnJ{-ILZf}y#>%_%pwg4+H)g&Fo(Q4*#
zZwWAxM!B+no6e+<GnrmV!@4^jat$(o106279u=-Dbb<d8+BZhW=K+<VVDRMitEjvF
z<Ph-}_Pmy!q~O0Z{5Fkh^UB=G-2FYZ7(hBhN^zNBX((}&)0PFQDrhBr4Dyr4s(m7X
zR}Ai6KSo;ulbH|LjK_5g)Pk1IVp*F+KVxgHv;lr`o79=Ys?JsJjgfd`uOf9f!jYD`
z5#}N;Xajg+|6JB#1uW^H3Zy-_b5GGRWMr&M0*}qFS1hEY=z!}=I$pYyz)VU$gV%7n
zc22qA(>i&d(hr+^poNm{O*F<#&o_|F`cFpTB{gL!Uc>0)3#BjYNTU{Jb~e((f|b9G
zaWnd7a`F8ba&!#!BzzZAlkQd#&Tv;Ud>s<lmBjp`-#XB(X(tkfV|6!rxePR)ZZAX%
zgF<&(*yyC5_Z!ZxfP!)nYzt=!p+fIBr0@0fGH?EF!WFg&rSLrqyo&)rFD>B24;IK8
z)(x(}kX!ZQrg=^t92zcxq@YH%ONSA^iES6*dMUu39QPWp@E#dfY5K{EDq5r;le;Oe
z<u@qLGj(4N<Zw5jvbq||_?;$!sN06`(Hbs0ufia${&S1!)1U*i-SvXQ+zMfJ=ynOl
zJWadTX}+R+t8Eq(l*uao3m&Vlh;(=oKI6SC?6)Do8rn;7i2#?i9(`|*FH*b2pI;8K
zQ~lsk>K>C!u)^Dw-8MqBEpsq7$J6&Vd9S;;jC;5ls9D=k6m6+0-8STG3EOp;Z{P8K
z-B5~-T=xjjCoipqbdTch#tm|`WPo!X)bo-jZ7$?0wj#kayC0s1INClPYiTv;d<8fM
zZJ8B6hTOHtS2G7q`;scV@OP&|A4*mn#`J806m+PY(58rM=K!u{0D*aK4IPhT=nb&E
zX@k>A>J{K)+LgBtF733-uE3Ph%&H!lmgsX)F^Q2i%z39WZGS>3L8s#g?Y{EM4q?FO
zyEy`EeCIWIJ5a?Z!SZ3IJV9ffX&cj`SyHx-hl`0lBmsu5izP%;_}|{yiBrYD{ltCq
zP-Coxiv}{Qs$j;3_KboC6}{o{Q<SagD-0lJ`!vj!ys<NIP|PwKlmj8rch!v}u4Y?@
zZ`4!IKIUxKu!HV@<U=>0?E-!bhQ5baMgBtEzr;$w@<ETVmFOj~Jx<SV@W~L3m?^+{
z8-qpSrqvMg$w0cqa}zO-U63YOT;IOF4c-a#GPL&~ZQV>fd!5JRN?&}q#cy3ZZqD}c
z7VEZX+nU_gvYnYuQGpH*)wF&mA$fh6zq31KOnm;WbmvTX!#H9;R{r<+gsIl)1rdd~
z(*;BYgubAky|;K+SlK=XFa5q`EBy}E+X<vM1}SO#FfiNj92ByY!7rO^Pu9<~p<7D7
z=iL<60N<fL3BT^<@Mch!w*H<_J>dmb3@OwF58i6|qOx?tv3;T1+jV}{RPr}uqEoK9
ztIP;tKBX@*0~Zkq?<9R^tjyRSQB~&@QW@O8_~<V)aFAd%2IpOAio8E8Rhe@Y@rf#W
zM3gNHwHXmDW+Ne0#LtRuewI^j6elmpASGFr`#6VDAgg+A_GanMjMl>*x3vusp)#Op
zsNd3tXvP1V0VMq3%r+wiQj)@_{Su$reLoUnu$9K0lS@Mh<<9*VNMuPuOs$3j%99#O
z`L?a35~RvFySYK+UQt4bKfBbDd)cVb-umY-ov<>?*#CTI<guoD&#&e-zBi_mKsTTK
z8`>-4u3Ij3o5FKN@jc^gKF(-a!v{lRj`;l9WE!*#?A<8bfSo_cp3QqwPgffhHm~td
zJ%f@7{_CeUYofzO|8a=H6CVz-JKTR9Vm!dxAJwaUK#T0vMb_zgJYuZQ!{et4+l$xj
zW9qX3ChE1!Dl#C>t%DZV5T2@C9m??CX7GW~(~6(9ipm@B^h%v}`O*zQLJd9wn<40H
zFy_OlKw&=XS~8Q<2sFCP^wO13?hF@IEeK8)bgPb}*O0-;D3LrcrKnYEvs2Y2#)Eb{
z^~C$9CrLvtn#V0yX6(Diad}dM!G3BD>b&IWs_>|7-m8^ENSA-3yK;N?Z+B&%M0#b}
z1MxgC#k9)0;4f(YtjEURP+soQ^?5Sp-+c9q{`~5k2e?c?>pZWOuM?fAJKCE41hnFY
z$>l}4jw5SahbfNzELl$?b&+p97dS|3uhYwQ{en$n5FT&GLOVsoJmV6su_0&e$Kh_^
zMo7BEa?(;>u!m8_$8t{^1e&+LoC0Rf&Pc5Z8GwIgZmbRCI-Bfg?+h*T3$F|a@EOo7
zQ;(XSQ;Uzw<8B582^XKte93!&1wigcqM@DSYE;E{evXl^%jr|5W6>C4=<PmfK3ue_
zvaK$&{xVQZR8WHhlq7qcc$a;v5$Xf1)Jf`S&k9>a#s;xA@FcOTQnc77Sg;9HkPOy*
z3^%l5Jq|C>T*sHuJk3RS@q}Eil3BO%!o1<3oNE%yJrXjgH09<laB|v6vjI>t6=XyM
zSV@hQP4ff=p8o0<byLJRQGEX9eMVqjA$XH&s*aw-qx4crF3jRcH9&=xWSNQL(oiu#
z^7GNu@wiE;&rSDf9OyqU*5^hbXMz0@PqDz5S^o*Cq(>(7BZQMZO@!+u-?8&mVr6i>
z!hw5G^PnFnHC~y%nnxWZ#xfh;8ln#4WfmTW9@I+oCQiT@!T<bS=Bh-P(@Gn+w36<Z
zs`B^kZnN3fD6<qflU~g#M7LVHs;;rK>ix*^>cue)|Lg7~a<<1E5&9s{Al~9VW5~G9
ztZcftyvo{%CWWK#(=o||@@kOd`u19OCsBS-?0U=R^+1;^WYhffM&P7}-ZD@9qO~cq
znI&ML?{JXWr;ir-O9OB;zQw}SD<^z%W63@~+%Radwy%XR-L-fUmtd){(y_$+1EKfp
zSFDReYV4U+ZG3h+w<I^H)z4fM<H%D&DVg2wbpvhsWyYMjxHTHjyQRa9xjis}dHc#+
z$JlXHT<HE$ry!YSTWzD@K+bf&5X96(DtsD=#{7yZIYXgo3uSkn)!nCxS?m?u1?xZs
z%S;ynVvac}kF=bn)s`5WQaSg78mCtc`I-fBCwZc^`eqgHf}YYt0I)P80sB~FkTu|A
zk@=5$1sf>wq^F%y;Y?l<Em|o60HtoPPHs!ZHO<lR)WI`&n#8Brn%fF^l%Hnd@$k&V
zmj(g4rwJwp5!#O&0#Cu-;73|Bq{}E|p=M2j@2y8O#A`e}Ceu~Wib=Y1&8VMmpo_Dx
z>imUS?yx;bZOZ~)J|;LDQ|^1(+l=;KA1%Qf%qDh*3Ejg><UguA!xqahJr^1F#je|U
z)+7v|6D-l<vA)L`h|_C6=y_+8Sc+Z(?SAH*we^;v)nU8``@;#3$!C-%%88Y;RSL>9
zG`MxDhXqQap&Xcn;d@;AdO%NP!VVUAvAA}mQ1gjS*Q6xq_>PSy$|wdjC}%)yRBX~5
zm_M}wcrZXF(w&?c=B8>1-9qvC(1x_($C)$ZeyHMIx4Tgv^!b@AUQt*i_bAjeUl1-e
zht<fLZ?}Z-SK&wHDw!6llMEu?ONZshvGYYuegksuv3Xywm~DK7hc0Jw=uKQ_M3|m;
z%QZj_i^8mg6L!l2gitOA(WC50-I3=$OUI;zlFX`2+e1I;*@#5N)4NTk@BfgJcOxGo
z(UHsuwE;>P8OBsjNAs2KV^P<FO5w3npu&;%?1RhKJZa06B#|rFVsBDX+iX1BMc1gn
zPYgXPNQS<_9lt?Vktog(E^*h(l;%hrFbI5oEc|aFT%|0wTCP(3JU3q;HlcJ6gDx7}
zJ{U$Vc5yw%lAEQhdxC+>A#vZke&_CO1&kY9zP$MX0e1?4KZtG>hQ)9WZgloqUb$#X
zRIj_=RW6b5Arm#1DKR*t$dM2p)O)l8o|Q9j#1>Px0`@}3FT3YOvaif~+Yq5jwTxf1
zK++w)Hzppfvz|S_HFNxqf|vguvyBR5eCOEx>+`bMCLEBZdv@~xTfaoVdwsLJ_3`H&
zX7_pdSXsDt`6(g)!`{BKjcUn-YazTYs-JfLf+{o?Sctm?8VAjEoAR|#<##i2rYox=
z`zpGQK<bQS4}WK+w#sU?LY<8eB8Sq0g^A?wiqj0;Z{Mp?*l9;z%Ur2(EgD3m=M>!~
zl#x5mUirNRvFrF{&uL4{)aaYrSbhm{a)lWF9QBWvkWaQSf0AB<@TXBn5gsTI{|<YL
zp@3sRG~FMY3s`NTvB<r2zumm|!V%R>$U&SC7cf$uG|oITc-3T`IR0@%K>QXDwpiCN
zE)D$3pj3H9t;sAL_FcqZwnC1f{7d#OCD)rwQC*jyR(D*=vj}Zk*(tSewlbdXD@-=r
zx<)$w4F2S+#R_`bPMe!=R@`TK5T;w=3=w2_F_Yv^DF3sVP<%AHl+VhiZFo4?{)bO@
z>EmsEPpDNPzcu&8Dh;_;@wGXdH4ZFzEWJ_B$PmP!@ycPw!u48IRcS&!V*8x1Vf<~e
zXCh-znpAhn90FZ?gTz=Kggt}9UZv&;bYs8ZE}2QrL``+h^rxTwUII!Z2lRX*loS3~
z1JD$^LV_frb^LVOwO`3*5pCojOwH4T*xot|7l71a+%&{kv;QDydGjL|fF^=7S3Jg}
zVY3q(dw=X7pz9WPwu)NaR~JFdp+6Sg0!N^=ToCr@CP9wg0f}9t`RjZ^^5CKvi_b;g
zoCsrZJ*?<{56I&9^@G9WUA&yZ=>ak}u@i|Ybd^%O(lIp08)E^;;}+lb7R)zzK(PvC
z?W!yC)GY4QF~H39>g#dDeQfvOa?OEvuzcOYAB<KE_l@qCp{`^om{hd`TN4VM0O$Aj
zA)em_{O?lTTh)g-4>AhqiLyxBIzbM*-DTITHp^RM_?_CT2b2IxRSX^w4}0OH9*2qi
z`ySX(Urtml2#rh=J|-#cl#yB122J#btgl1GOd}i~36T%(CwZ$6^beao0YbcmnV%d1
zulwIB#8L|Ro0}tf_ff_}B;@Ua>Icj#1fIRX&{s?u9!()7&g$XfvSVTj-6dWk)@lt8
zn`seK8nB<!SC{uhFfCz5h@+kDD12w&vN?N}ARAFX_mN-kfB+fCXJr+YQ?P6}ggXjf
znfa(kQ=^BW%U<QzbpQ67?uGT|>um&I>y2zNxQ)LcZebM!mF18lr<=(m{2IIlu~=BO
zIh`xyawDh#O>Z{b{g$RgQxZ&HA@!4AUD4ntSftp`X^az?sN6rO{o5(HKky#Ytac6b
zhZES(Y+SViP<|wu(^$pFXpd1mKx?dLZAC@M<#-bXq#?TsA5Yq+p<W>lP`CQaf%TUw
zsi<Kc>6T3_<4EK=o&pZ@U#WSu4~xe3(Y$0!^XW;gKN#K2Su=@GxcEKA53R~3CVyEt
zmW{8k!)AWT<odms)SAlXW`}R#Xg#)Wq<HArHgRs4*qY4fX3d%@bi(EJA>>##vGL2|
z;zMWyHq$SY>;6M1oz2Y&-{Rs!$XM|(pl#yyL#WmQppbHBMXNB>B(;Lrimx=Zm=kBI
zJnU)qdFZ9AY`k+bHnuE>?p|eLbope^y>%%&bv9*we>2*LklJVNz{tr;MnfgpkN(i=
z4m7Ig-?>7lEU0|JduXl5$B$Da(x^8LWmaCEJ#>5?HnS4n7;|fTa#Dt{v5Z*QI9-W<
zGBY=?jM>(TEn%JfB<<UH>#h;z_)+s*sW8Uf@?XtPVp2VNjbke2$$w=Rps<;Zk1`hC
z`G0cl*b?_#;cN|yN&tT8<4qNWjcJ^=5i@R)4V=Q~c1}UH25Wk0?QBBE@<~9-2FADE
zCi_Vrz4-CH-;Ca~%w_z(%ENrH?5CT7#hb3pjNWSRM8q3fx|&z+r~Hg=7E2H}t5o!S
zLp{XJ$YEpyE?y<7kPfS$CXcQg3)$~O{H}2?{%j|{*yN&CGhNi~7lHlF97bGD!XOg)
zPPQeX*;nW{&shOv7L2(ayX%4lOpqUyIq`ixO@(FiCF6mGq4RYu4Lv`GloYPzO<;tC
z<LLl0$W>u04g-WykjdSeV1kVz0Ab1&@b(-S`u_f|st5^%1M&awr}e>{`ah2UXLqgt
j-N^suUj6SD2=V?8CRSBNSh#;xpgzv9k5t9(U+%vEI05h^

literal 0
HcmV?d00001

diff --git a/Solutions/Endpoint Threat Protection Essentials/Package/createUiDefinition.json b/Solutions/Endpoint Threat Protection Essentials/Package/createUiDefinition.json
index c6787580ef4..0db86f62ca5 100644
--- a/Solutions/Endpoint Threat Protection Essentials/Package/createUiDefinition.json	
+++ b/Solutions/Endpoint Threat Protection Essentials/Package/createUiDefinition.json	
@@ -142,7 +142,7 @@
                 "name": "analytic5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.\nRef: https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking.html"
+                  "text": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules."
                 }
               }
             ]
diff --git a/Solutions/Endpoint Threat Protection Essentials/Package/mainTemplate.json b/Solutions/Endpoint Threat Protection Essentials/Package/mainTemplate.json
index f4de266f841..ca7fc3f2933 100644
--- a/Solutions/Endpoint Threat Protection Essentials/Package/mainTemplate.json	
+++ b/Solutions/Endpoint Threat Protection Essentials/Package/mainTemplate.json	
@@ -33,7 +33,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "Endpoint Threat Protection Essentials",
-    "_solutionVersion": "3.0.4",
+    "_solutionVersion": "3.0.5",
     "solutionId": "azuresentinel.azure-sentinel-solution-endpointthreat",
     "_solutionId": "[variables('solutionId')]",
     "huntingQueryObject1": {
@@ -140,18 +140,18 @@
       "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','50cbf34a-4cdd-45d7-b3f5-8b53a1d0d14f','-', '1.0.3')))]"
     },
     "analyticRuleObject5": {
-      "analyticRuleVersion5": "1.0.3",
+      "analyticRuleVersion5": "1.0.4",
       "_analyticRulecontentId5": "e7470b35-0128-4508-bfc9-e01cfb3c2eb7",
       "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e7470b35-0128-4508-bfc9-e01cfb3c2eb7')]",
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e7470b35-0128-4508-bfc9-e01cfb3c2eb7')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e7470b35-0128-4508-bfc9-e01cfb3c2eb7','-', '1.0.3')))]"
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e7470b35-0128-4508-bfc9-e01cfb3c2eb7','-', '1.0.4')))]"
     },
     "analyticRuleObject6": {
-      "analyticRuleVersion6": "1.1.4",
+      "analyticRuleVersion6": "1.1.5",
       "_analyticRulecontentId6": "75bf9902-0789-47c1-a5d8-f57046aa72df",
       "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '75bf9902-0789-47c1-a5d8-f57046aa72df')]",
       "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('75bf9902-0789-47c1-a5d8-f57046aa72df')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','75bf9902-0789-47c1-a5d8-f57046aa72df','-', '1.1.4')))]"
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','75bf9902-0789-47c1-a5d8-f57046aa72df','-', '1.1.5')))]"
     },
     "analyticRuleObject7": {
       "analyticRuleVersion7": "1.0.4",
@@ -221,7 +221,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "BackupDeletion_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "BackupDeletion_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -306,7 +306,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Certutil-LOLBins_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "Certutil-LOLBins_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -391,7 +391,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "FileExecutionWithOneCharacterInTheName_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "FileExecutionWithOneCharacterInTheName_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -476,7 +476,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PersistViaIFEORegistryKey_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "PersistViaIFEORegistryKey_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -561,7 +561,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PotentialMicrosoftSecurityServicesTampering_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "PotentialMicrosoftSecurityServicesTampering_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -646,7 +646,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RemoteLoginPerformedwithWMI_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "RemoteLoginPerformedwithWMI_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -731,7 +731,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -816,7 +816,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ScheduledTaskCreationUpdateFromUserWritableDrectory_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "ScheduledTaskCreationUpdateFromUserWritableDrectory_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -901,7 +901,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SignedBinaryProxyExecutionRundll32_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "SignedBinaryProxyExecutionRundll32_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -986,7 +986,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "UnicodeObfuscationInCommandLine_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "UnicodeObfuscationInCommandLine_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -1071,7 +1071,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SuspiciousPowerShellCommandExecution_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "SuspiciousPowerShellCommandExecution_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
@@ -1156,7 +1156,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ASimProcess_CertutilLoLBins_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "ASimProcess_CertutilLoLBins_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
@@ -1241,7 +1241,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ASimProcess_WindowsSystemShutdownReboot_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "ASimProcess_WindowsSystemShutdownReboot_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
@@ -1326,7 +1326,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "DownloadOfNewFileUsingCurl_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "DownloadOfNewFileUsingCurl_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
@@ -1411,7 +1411,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "WindowsFirewallUpdateUsingNetsh_HuntingQueries Hunting Query with template version 3.0.4",
+        "description": "WindowsFirewallUpdateUsingNetsh_HuntingQueries Hunting Query with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
@@ -1496,7 +1496,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "base64_encoded_pefile_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "base64_encoded_pefile_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1524,28 +1524,28 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvents"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsForwardedEvents",
                     "dataTypes": [
                       "WindowsEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsForwardedEvents"
                   }
                 ],
                 "tactics": [
@@ -1561,8 +1561,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Account"
+                        "columnName": "Account",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -1570,16 +1570,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -1638,7 +1638,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "DumpingLSASSProcessIntoaFile_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "DumpingLSASSProcessIntoaFile_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1666,16 +1666,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -1691,16 +1691,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -1708,8 +1708,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "SourceImage"
+                        "columnName": "SourceImage",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -1768,7 +1768,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "execute_base64_decodedpayload_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "execute_base64_decodedpayload_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1796,28 +1796,28 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvents"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsForwardedEvents",
                     "dataTypes": [
                       "WindowsEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsForwardedEvents"
                   }
                 ],
                 "tactics": [
@@ -1833,8 +1833,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Account"
+                        "columnName": "Account",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -1842,16 +1842,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -1910,7 +1910,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "LateralMovementViaDCOM_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "LateralMovementViaDCOM_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -1938,16 +1938,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -1963,8 +1963,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "CommandLine"
+                        "columnName": "CommandLine",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -1972,16 +1972,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -1989,8 +1989,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -2049,7 +2049,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MacroInvokingShellBrowserWindowCOMObjects_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "MacroInvokingShellBrowserWindowCOMObjects_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2063,7 +2063,7 @@
               "kind": "Scheduled",
               "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.\nRef: https://blog.menasec.net/2019/02/threat-hunting-doc-with-macro-invoking.html",
+                "description": "This query detects a macro invoking ShellBrowserWindow COM Objects evade naive parent/child Office detection rules.",
                 "displayName": "Detecting Macro Invoking ShellBrowserWindow COM Objects",
                 "enabled": false,
                 "query": "Event\n | where EventLog =~ \"Microsoft-Windows-Sysmon/Operational\" and EventID==1\n | parse EventData with * 'Image\">' Image \"<\" * 'CommandLine\">' CommandLine \"<\" * 'ParentImage\">' ParentImage \"<\" *\n | where ParentImage has \"svchost.exe\" and Image has \"rundll32.exe\" and CommandLine has \"{c08afd90-f2a1-11d1-8455-00a0c91f3880}\"\n | parse EventData with * 'ProcessGuid\">' ProcessGuid \"<\" * 'Description\">' Description \"<\" * 'CurrentDirectory\">' CurrentDirectory \"<\" * 'User\">' User \"<\" * 'LogonGuid\">' LogonGuid \"<\" * 'ParentProcessGuid\">' ParentProcessGuid \"<\" * 'ParentImage\">' ParentImage \"<\" * 'ParentCommandLine\">' ParentCommandLine \"<\" * 'ParentUser\">' ParentUser \"<\" *\n | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated) by EventID, Computer, User, ParentImage, ParentProcessGuid, ParentCommandLine, ParentUser, Image, ProcessGuid, CommandLine, Description\n | extend HostName = iif(Computer has '.',substring(Computer,0,indexof(Computer,'.')),Computer) , DnsDomain = iif(Computer has '.',substring(Computer,indexof(Computer,'.')+1),'')\n",
@@ -2077,16 +2077,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -2102,8 +2102,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "CommandLine"
+                        "columnName": "CommandLine",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -2111,16 +2111,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2128,8 +2128,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -2188,7 +2188,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "malware_in_recyclebin_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "malware_in_recyclebin_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -2216,39 +2216,42 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvents"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsForwardedEvents",
                     "dataTypes": [
                       "WindowsEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsForwardedEvents"
                   }
                 ],
                 "tactics": [
                   "DefenseEvasion"
                 ],
+                "techniques": [
+                  "T1564"
+                ],
                 "entityMappings": [
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Account"
+                        "columnName": "Account",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -2256,16 +2259,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2324,7 +2327,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PotentialRemoteDesktopTunneling_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "PotentialRemoteDesktopTunneling_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -2352,16 +2355,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -2374,12 +2377,12 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Name"
+                        "columnName": "Name",
+                        "identifier": "Name"
                       },
                       {
-                        "identifier": "UPNSuffix",
-                        "columnName": "UPNSuffix"
+                        "columnName": "UPNSuffix",
+                        "identifier": "UPNSuffix"
                       }
                     ],
                     "entityType": "Account"
@@ -2387,16 +2390,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2404,8 +2407,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpAddress"
+                        "columnName": "IpAddress",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -2464,7 +2467,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RegistryPersistenceViaAppCertDLLModification_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "RegistryPersistenceViaAppCertDLLModification_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -2492,16 +2495,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -2517,8 +2520,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Key",
-                        "columnName": "TargetObject"
+                        "columnName": "TargetObject",
+                        "identifier": "Key"
                       }
                     ],
                     "entityType": "RegistryKey"
@@ -2526,16 +2529,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2594,7 +2597,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RegistryPersistenceViaAppInt_DLLsModification_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "RegistryPersistenceViaAppInt_DLLsModification_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -2622,16 +2625,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -2647,8 +2650,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Key",
-                        "columnName": "TargetObject"
+                        "columnName": "TargetObject",
+                        "identifier": "Key"
                       }
                     ],
                     "entityType": "RegistryKey"
@@ -2656,16 +2659,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2724,7 +2727,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SecurityEventLogCleared_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "SecurityEventLogCleared_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -2752,22 +2755,22 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsForwardedEvents",
                     "dataTypes": [
                       "WindowsEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsForwardedEvents"
                   }
                 ],
                 "tactics": [
@@ -2780,12 +2783,12 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Name"
+                        "columnName": "Name",
+                        "identifier": "Name"
                       },
                       {
-                        "identifier": "UPNSuffix",
-                        "columnName": "UPNSuffix"
+                        "columnName": "UPNSuffix",
+                        "identifier": "UPNSuffix"
                       }
                     ],
                     "entityType": "Account"
@@ -2793,16 +2796,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2861,7 +2864,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "WDigestDowngradeAttack_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "WDigestDowngradeAttack_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -2889,16 +2892,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -2911,8 +2914,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Key",
-                        "columnName": "TargetObject"
+                        "columnName": "TargetObject",
+                        "identifier": "Key"
                       }
                     ],
                     "entityType": "RegistryKey"
@@ -2920,16 +2923,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -2988,7 +2991,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "WindowsBinariesExecutedfromNon-DefaultDirectory_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "WindowsBinariesExecutedfromNon-DefaultDirectory_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -3016,16 +3019,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -3038,12 +3041,12 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Name"
+                        "columnName": "Name",
+                        "identifier": "Name"
                       },
                       {
-                        "identifier": "UPNSuffix",
-                        "columnName": "UPNSuffix"
+                        "columnName": "UPNSuffix",
+                        "identifier": "UPNSuffix"
                       }
                     ],
                     "entityType": "Account"
@@ -3051,16 +3054,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -3068,8 +3071,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "CommandLine"
+                        "columnName": "CommandLine",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -3128,7 +3131,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "WindowsBinariesLolbinsRenamed_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "WindowsBinariesLolbinsRenamed_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -3156,16 +3159,16 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "SecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "SecurityEvents"
                   },
                   {
-                    "connectorId": "WindowsSecurityEvents",
                     "dataTypes": [
                       "SecurityEvent"
-                    ]
+                    ],
+                    "connectorId": "WindowsSecurityEvents"
                   }
                 ],
                 "tactics": [
@@ -3178,8 +3181,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "CommandLine"
+                        "columnName": "CommandLine",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -3187,16 +3190,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "Computer"
+                        "columnName": "Computer",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "HostName"
+                        "columnName": "HostName",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DnsDomain"
+                        "columnName": "DnsDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -3204,8 +3207,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "User"
+                        "columnName": "User",
+                        "identifier": "Name"
                       }
                     ],
                     "entityType": "Account"
@@ -3264,7 +3267,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SuspiciousPowerShellCommandExecuted_AnalyticalRules Analytics Rule with template version 3.0.4",
+        "description": "SuspiciousPowerShellCommandExecuted_AnalyticalRules Analytics Rule with template version 3.0.5",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -3292,10 +3295,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "MicrosoftThreatProtection",
                     "dataTypes": [
                       "DeviceEvents"
-                    ]
+                    ],
+                    "connectorId": "MicrosoftThreatProtection"
                   }
                 ],
                 "tactics": [
@@ -3308,16 +3311,16 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "FullName",
-                        "columnName": "DeviceName"
+                        "columnName": "DeviceName",
+                        "identifier": "FullName"
                       },
                       {
-                        "identifier": "HostName",
-                        "columnName": "DvcHostname"
+                        "columnName": "DvcHostname",
+                        "identifier": "HostName"
                       },
                       {
-                        "identifier": "DnsDomain",
-                        "columnName": "DvcDomain"
+                        "columnName": "DvcDomain",
+                        "identifier": "DnsDomain"
                       }
                     ],
                     "entityType": "Host"
@@ -3325,8 +3328,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "LocalIP"
+                        "columnName": "LocalIP",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -3334,12 +3337,12 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "Username"
+                        "columnName": "Username",
+                        "identifier": "Name"
                       },
                       {
-                        "identifier": "UPNSuffix",
-                        "columnName": "UPNSuffix"
+                        "columnName": "UPNSuffix",
+                        "identifier": "UPNSuffix"
                       }
                     ],
                     "entityType": "Account"
@@ -3347,12 +3350,12 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "ProcessId",
-                        "columnName": "InitiatingProcessId"
+                        "columnName": "InitiatingProcessId",
+                        "identifier": "ProcessId"
                       },
                       {
-                        "identifier": "CommandLine",
-                        "columnName": "InitiatingProcessCommandLine"
+                        "columnName": "InitiatingProcessCommandLine",
+                        "identifier": "CommandLine"
                       }
                     ],
                     "entityType": "Process"
@@ -3414,7 +3417,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.4",
+        "version": "3.0.5",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Endpoint Threat Protection Essentials",
diff --git a/Solutions/Endpoint Threat Protection Essentials/ReleaseNotes.md b/Solutions/Endpoint Threat Protection Essentials/ReleaseNotes.md
index d97eb5dc01f..6fe076672e9 100644
--- a/Solutions/Endpoint Threat Protection Essentials/ReleaseNotes.md	
+++ b/Solutions/Endpoint Threat Protection Essentials/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                           |
 |-------------|--------------------------------|------------------------------------------------------------------------------|
+| 3.0.5       |     18-11-2024                 | Removed the broken URL in **Analytic Rule**                                      |
 | 3.0.4       |     10-06-2024                 | Added entityMappings and added missing AMA DC reference in **Analytical Rules** and **Hunting Queries**  |
 | 3.0.3       |     11-03-2024                 | Added few **Hunting Queries** to detect Endpoint Threats                     |
 | 3.0.2       |     21-02-2024                 | Tagged for dependent solutions for deployment                                |